@sam @danwentzel and poor of the communism. both equally bloodthirsty, one using race as an excuse for violence another the "class" (which is even more stupid). it's not the wealth which makes people evil. red comissars were so enthusiastic to kill people that "class" definition became totally bogus.
ruff
boosted
Hello from #Kyiv where heating and hot water is currently off (in the district where we are staying) and it's -4 degrees outside. Ukrainians are leading a life with restrictions that are *currently* unimaginable in the West, yet they do it stoically because they know that there's no alternative to resisting the Russian fascist invasion.
Meanwhile too many in the West seem unable to even bring the tiniest "sacrifice" eg of not spreading hateful and often racist lies on social media. Or to sanction Russia in a meaningful way that might also involve personal discomfort.
@GossiTheDog what makes you think those views and subscribers are legit and not "ai slop"?
@davep and the conclusion is - "there is no threat from russia, it's all warmongering, better to die from russian bullet then fight back". so then what do you expect from security servicves? come to newspapers and tell that russia is preparing for the war? they told that already. and reaction is stated above.
@jolla uh? curiouser and curiouser
@marcel_kolaja @theron29 ach jo takže 10cm pardon
@theron29
mezi sloupy
@marcel_kolaja
@marcel_kolaja
2m koloběžkám,
1.5m na kola,
1m pro návštěvníky
25cm chodcům
Ne, děkuji
@kevinrothrock the author of Idiocracy didn't realize just how infinte human stupidity is. You don't need all the complex machinery to drive people stupid, just need to give them a chance.
@dcz
$ ls -lrt /
insgesamt 28
drwxr-xr-x 1 root root 14 20. Okt 2014 srv
it's btrfs so no lost+found
on my older laptop I have arch down from 2012 but I'm not using it much (only for network repair as it has physical ethernet port a huge battery) as 'tis bit bulky
@Monal I can submit an MR/PR tru dat, but on my experience i can hardly imagine someone actually being openminded enough to accept such a merge. I can try to justify cb-data atrrubute being introduced but sending optional attributes... well will see. Anyway, thanks for a good discussion and your new fixes.
@Monal Ok then to make it mandatory to implement for sasl2 - i.e. could be used for rfc sasl optionally but for sasl2 mandatory hence client must always send h= when using sasl2. having sasl auth section protected is good regardles of the mech used. Protecting it without server supporting plus could also have merits as a generic downgrade protection.
But yes optional use for rfc with client sending it invalidates the protection as it is sufficient to strip it to emulate client lack of support.
@Monal my problem right now is i can't make monal working with sasl scram provided via dovecot backend.
Your recent changes should be able to unlock it (if i don't send plus ssdp is not mandatory hence I can still use scram). So I guess for now it should solve my immediate problem. If i want to use PLUS - I will need to use local credentials hence local SCRAM implementation where i can inject h= attribute. So this is also ok.
Only hypothetical future case where dovecot would support cb is a nogo
@Monal might be the better solution would be to merge ssdp into sasl2 - if client tries to use it server knows client must be sending h=xxx back and if it is missed or modified then it's indication of mitm.
btw recent dovecot backend (v1.3+) claims to support binding, although I don't see backend protocol options which would allow using it - eg a way to send cb-data to be included into c= attribute. So likely will be limited to native connections.
Joined Nov 2019
