ara4n

Mini proposal for fixing aliases

Problem

m.room.aliases tries to be a list of possible aliases for a given room; useful for discovering alternative routes into a room (for those already in the room), and for educating users about how Matrix works by illustrating multiple aliases per room. It also helps give a perception of the size of the network (look how many people found it useful to set an alias for this room!).

ara4n

We consider three attackers:

1. A malicious third party trying to discover the identity server mappings in the homeserver.

The malicious third party scenario can only be protected against by rate limiting lookups, given otherwise it looks identical to legitimate traffic.

2. An attacker who has stolen an IS db

In theory the 3PIDs could be stored hashed with a static salt to protect a stolen DB. This has been descoped from this MSC, and is largely an orthogonal problem. XXX: is this the right thing to have done?

3. A compromised or malicious identity server, who may be trying to determine the contents of a user's addressbook (including non-Matrix users)

ara4n

I once wrote one of these before for @NegativeMjark but I think I lost it. So here's another.

All you need to know is:

• $foo is a scalar (i.e. a single dimensional variable)
• @foo is an array. $foo[n] is the element of an array.
• %foo is a hash. $foo{'moo'} aka $foo{moo} is the value in the hash for key 'foo'.
• \ is the reference operator. it returns a scalar which points to the address of the variable (like & in C).
• (1, 2, 3) is a list. (an array is a variable which contains a list).
• [1, 2, 3] (rarely: \(1,2,3)) is a reference to a list - aka arrayref
• $foo->[n] gives an element of an arrayref

ara4n

<html>
<script src="https://cdn.jsdelivr.net/npm/preact/dist/preact.min.js"></script>
<script type="text/javascript">

const h = preact.h;

class Timeline extends preact.Component {
    render() {
        return ( // we manually convert JSX into h() to avoid depending on babel or similar
            h('ol', null,

ara4n

<html>

<style type="text/css">
#timeline ol {
    list-style: none;
}

.sender {
    float: left;
    width: 200px;

ara4n

<html>

<style type="text/css">
#timeline {
    list-style: none;
}

.sender {
    float: left;
    width: 200px;

ara4n

random interesting factoid:

lazyloading reduces most of my accounts initial sync by about 4-5x
i was wondering about ways to shrink further (short of paginated sync)
and so tried expressing it as CBOR
doing something like:

perl -MJSON::XS -MCBOR::XS -MFile::Slurp -e '$z=read_file(\*STDIN); print encode_cbor(decode_json($z));'

turns out for @matthew2's initial sync, this reduces 4.5MB of JSON to 3.7MB of CBOR.

ara4n

# Moving subtitles 4 seconds into the future:

cat subs.txt | perl -ne 'sub fix { $t=$_[0]*60*1000 + $_[1]*1000 + $_[2]; $t+=4000; return sprintf("%02d:%02d.%03d", int($t/(60*1000)), int($t/1000) % 60, $t % 1000); } if (/^0:(..):(..).(...),0:(..):(..).(...)$/) { $a=fix($1,$2,$3); $b=fix($4,$5,$6); print "0:$a,0:$b\n" } else { print $_ }' > subs2.txt

ara4n

@matthew:matrix.org

Riot/Web (Chrome, new MBP)
Device ID:	QEOYHMYOKQ
Device key:	fHP8 sbsK KgNy dwgS Smtr ipQA Y21+ 8eC9 UIXB 0ut/ BOk

Riot/iOS (iPhone 7+)
Device ID:      KONWLQRIIC
Device key:     4/A4 1wrI xZX3 GSiY pME1 aZqP 7iGs ifi9 79UC oNyL JO8

ara4n

#!/usr/bin/env python

# see https://docs.google.com/document/d/1m4VTRqclB3JEMZBjbr4t5cvIMQUNSGxy6rYN4YtopIk/edit#heading=h.92ptkhvsmxtd

def recognised(type):
    # a smart client who understands indexed types will strip off any indexing:
    # import re
    # type = re.sub(r'\.\d+$', '', type)

    # a typical smart client: