What's the current state of XMPP and OpenID Connect? My web search returned that ejabberd is still considering if and how to implement and Prosody has experimental alpha-stage support via a module. I couldn't find anything conclusive in regards to XMPP clients. What's with Gajim(?) and Conversations? Or other clients? Are there any web clients supporting OIDC?
#jabber #xmpp #oidc #openidconnect
New weather statement... right after those 12 hours of ice storm, we'll get wind gusts to up to 70 km/h. RIP trees
"Software engineers should be a little bit cynical" by Sean Goedecke seangoedecke.com/a-little-bit-…
I agree with just about everything Sean Goedecke writes, but I'm also glad I don't work in big tech anymore. I was okay at playing politics but I just didn't like it.
Tonight at 6 PM Eastern, sonic synergy goes live for our year in review.
We unpack all the cool stuff we were involved in throughout 2025 and send the year off in our irreverent yet thoughtful way.
So join us for our unique brand of crazy conversation and say 1 last hurrah for 2025.
Extremely NSFW, and not for everyone.
Proudly powered by your calls and messages to (833) 452-4452.
„Jeden ersten Sonntag auf die gute Seite wechseln!“ am militärisch klingenden „di.day“, aber die „gute Seite“ hat die digitale Barrierefreiheit vergessen und eine für viele Menschen unbenutzbare Website hingestellt. Ohne Überschriftenauszeichnung, ohne Navigationsbeschriftunng, ohne Alternativtexte.
Nur einmal dazugehören und mitmachen können… is‘ das so schwierig? #39c3
Hi everyone, I wanna tell you about a really cool #trans person I’ve learned about recently - Wendy Carlos. (Thread: 1/3)
Carlos was born in 1939 and is currently 86 years old. She helped develop the first ever commercial #synthesizer, Moog, in 1964. She created the scores for iconic movies including A Clockwork Orange (1971), The Shining (1980), and Tron (1982). She even won three #Grammy awards in 1970 for her album Switched-On Bach. (First trans woman to ever win one!)
She was also one of the first public figures to disclose that she underwent a feminizing gender-affirming surgery (she got the procedure in 1972, went public in 1979).
#transHistory #transgender #history #music #musicHistory #funFacts
History of trans musician Wendy Carlos (2/3)
I learned about this incredible woman after coming across an old video with her on YouTube the other week (see part 3 of the thread for link).
And I thought it’s important to share given that trans history is being actively erased from public consciousness these days, and right-wing politicians / pundits are trying to claim that trans people are invading and ruining culture. In reality, people like Carlos have been here this whole time, creating the very culture that these jerks claim is being ruined by “woke”.
This is also telling. Carlos said about the public’s reaction to her transition, back in the 80s:
"The public turned out to be amazingly tolerant or, if you wish, indifferent ... There had never been any need of this charade to have taken place. It had proven a monstrous waste of years of my life."
#trans #synthesizer #Grammy #transHistory #transgender #history #music #musicHistory #funFacts
History of trans musician Wendy Carlos (3/3)
And here is the video where I first came across Carlos.
Two bits of context here:
1. This is one of the most impressive explainers of how electronic music works and the different wavelengths that go into turning electric signals into sound that I’ve ever seen (and I studied physics for 2 years in university, so I had at least some background on this.) youtu.be/4SBDH5uhs4Q?si=kll8Uv…
2. At this point, Carlos had started hormone therapy but was not public about her transition. So she’d put on fake sideburns, a wig, and try to appear more masculine.
#trans #synthesizer #Grammy #transHistory #transgender #history #music #musicHistory #funFacts
Wendy Carlos interview on PBS' NOVA in 1989: https://www.youtube.com/watch?v=1EtH5E1N91YNote: the BBC has posted a longer version available here: https://www...YouTube
Closed this "critical" one. Only three to go...
## Summary: This report describes a state‑level security invariant violation in libcurl where credential‑ or key‑related state may persist or be re‑applied across logical trust boundaries...HackerOne
I legitimately don’t understand why people do this. I guess the same reason people pot rage bait stuff on the internet?
Yeesh.
I just notice this fabulous message from my #Linux desktop machine:
Message from syslogd@scotland at Dec 28 09:44:22 ...
kernel:[250578.582144] Dazed and confused, but trying to continue
I know how it feels.
“This is totally the World Juniors” says woman trying to trick her boyfriend into watching Heated Rivalry
thebeaverton.com/2025/12/this-…
SUDBURY, ON - Local girlfriend Ashlynn Timbers is currently monitoring her boyfriend as he watches the program she told him was the World Juniors Hockey Tournament, but is in fact the steamy gay romance sensation Heated Rivalry.Ian MacIntyre (The Beaverton)
When Big Tech clouds fail, are censored, or collude with the (US) government, which would you choose for private messaging?
#privacy #security #decentralization #securemessaging #matrix #xmpp #simplex #deltachat #signal #poll #polls #askfedi
Experience perfectly smooth nails with the EDJY Fingernail Cutter. Crafted with a precision single blade, EDJY provides effortless cutting and a built-in collection system for easy cleanup.EDJY
reshared this
reshared this
Love the production on this, and a great message as well. youtu.be/4-YwUaCSUBA
The official lyric video for Debbii Dawson's 'Downer'.Stream Debbii's new single 'Too Strange for the Circus' now: https://found.ee/Debbii_TooStrangeForTheCi...YouTube
In a world that appears ever more divided, ever more angry, ever more willing to embrace the obvious annihilistic option we refuse to give up on the premise that most #people are #decent. That most people #care deeply.
Maybe we can #unite over #bees.
Do the right thing for once.
Make the good choice.
Maybe?
Please share this thread far and wide.
#repost
We know you care.
Show us.
Show one another.
Show the bees you care.
It’s okay to care.
It’s more fulfilling than hate.
14/14 Part 1/2
More natural than vitriol
More infectious than Covid.
More godly than prayer.
More active than hope.
More powerful than greed.
Don’t be afraid to care.
Deeply.
You’ll find you’re not alone.
Promise.
Thanks for your time.
I’ll shut up now…
14/14 Part 2/2
Cory's rousing #enshitification talk mentioned how capital always imagined the web as a kind of interactive cableTV, a series of walled gardens, reminded me of this text of mine from 2013, one of many on how the internet cam to be centralized. #39c3
public.monster/~dmytri/scratch…
1/3
Scratch-off the Facebook logo, and you’ll find the CompuServ logo underneath.Dmytri Kleiner
A more in-depth look at the forces of counterantidisintermediation, not nearly as catchy a term as enshitification, but key to understanding it underlying logic
public.monster/~dmytri/mr-peel…
#enshitification #39c3
2/3
An essay on platform capitalism, anti-disintermediation, and the colonization of cyberspace by Dmytri Kleiner.~dmytri
And the underlying Penny Bags vulnerability of why federated alternatives struggle to displace platform monopolies.
#enshitification #39c3
3/3
In the Netherlands we had a weird law introduced a while ago: to fight sodas the government introduced a tax on all drinks, with the exception of dairy (because, you know, lobby). For some reason it was exceptionally difficult to make a distinction between sodas and fruit juice, so they got swept up in the tax.
The food industry retaliated by adding trace amounts of milk to their fruit drinks. After all, there’s no legal distinction between a milk drink with added fruit flavor or a fruit juice with added milk.
So we got this kind of nonsense: fruit juice “with a twist of dairy” to avoid the tax. Dutch innovation at its best I guess.
Do they sell these in other countries though?
#GNOME Foundation supports the infrastructure for a lot of foundational technologies that are widely used.
If you are a company or individual, consider donating to the GNOME Foundation so we can help make the infrastructure sustainable of this software. donate.gnome.org/
#Linux #OpenSource #FOSS
We've amended our prior toot as the idea behind was not being well communicated.
We appreciate our community members feedback.
Do you want help with using Mastodon or the wider Fediverse?
Please feel free to ask if you have any questions about using this place! There's no such thing as a silly question, it's fine to ask about anything however simple.
I'm especially keen to help new or non-technical people on here 🙂 And yes I am a human being, I don't use AIs!
(Alternatively, you can browse my website at fedi.tips which has lots of easy-to-understand help and advice.)
#FediTips #Mastodon #Fediverse
An unofficial guide to using Mastodon and the Fediversefedi.tips
There's a new FREE Thirteenth Doctor audio story releasing this week, it joins 9 other free stories released by Big Finish! Find out more in TARDIS Guide Weekly!
tardis.guide/b/WRi?utm_source=…
Free Thirteenth Doctor Audio!TARDIS guide admin (TARDIS Guide)
@JEkis Before doing all of this, make sure that you uninstall whatsapp that you installed from microsoft store.
First download this zip file:
drive.google.com/uc?id=12Z3kjH…
Enable developer mode in windows.
Extract the wa folder from inside the zip file you downloaded to c:\.
Open powershell and enter this command.
Add-AppxPackage -Register "C:\WA\AppxManifest.xml"
RE: mastodon.n6.io/@graham/1157896…
Great presenter too! :)
I just found an interesting video segment on PBS about the old Eureka A4 Braille computer, featuring it singing, playing music, and more. youtube.com/watch?v=84C5SFRh81…The Computer Chronicles - Computers and the Disabled (1992)
Special thanks to archive.org for hosting these episodes. Downloads of all these episodes and more can be found at: http://archive.org/details/computerchroni...YouTube
Peter Vágner reshared this.
Morgen beginnen die „3 Tage der Pyromanen“. Ab 5.00 Uhr stehen sie Schlange vor den Geschäften und werden ihre Gehälter oder Transferleistungen in knallende und rauchende Objekte investieren, um dem „Gott der kleinen Penisse“ zu huldigen und ihre paarungswilligen weiblichen Pendants zu beeindrucken.
Die #39c3-Principles-Infobeamerfolie spricht von physical & psychological circumstances — physischen und psychologischen „Umständen“.
Hier der Reninder, dass wir dafür ein Wort haben. Es ist „disability“ oder „Behinderung“. Es ist kein böses Wort. Lassen wir doch einfach die ewigen Euphemismen für und in diesem Fall auch ganz besonders der Individualisierung von solchen Problemen sein.
![Steps To Reproduce:
[add details for how we can reproduce the issue]](https://fedi.ml/photo/preview/640/742280 "Steps To Reproduce:
[add details for how we can reproduce the issue]")
Daniel Gultsch
in reply to Fluchtkapsel • • •the answer depends a bit on what you are trying to achieve. Authenticate against a third party? Throw the password away and log in with a session cookie? Give access to third parties to data on the XMPP server?
We do the session tokens with FAST.
Prosody has some support for giving third parties access to (scoped) data on the XMPP server and clients (Conversations and Gajim) aren't involved here.
Fluchtkapsel
in reply to Daniel Gultsch • • •Daniel Gultsch
in reply to Fluchtkapsel • • •Authenticating with oauth with a third party is not currently available. @mattj probably has the most insights into what steps we made into that direction yet.
Part of the problem is that we loose nice security features like channel binding by using web stuff.
Fluchtkapsel
in reply to Daniel Gultsch • • •Daniel Gultsch
in reply to Fluchtkapsel • • •@mattj Channel Binding ensures that client and server are in the same TLS session by mixing in unique stuff from the session into the password handshake. This is basically MITM protection for the TLS layer.
For more information the search keywords would be: SASL, SCRAM and Channel binding. The XEP is just negotiation and boring wrt the security aspects.
Daniel Gultsch
in reply to Daniel Gultsch • • •@mattj there is also this talk in German that explains my motivation behind my push towards channel binding:
gultsch.video/w/qzRh2nLk7EXdmq…
Daniel Gultsch
2023-12-16 15:57:35
Fluchtkapsel
in reply to Daniel Gultsch • • •@daniel @mattj Ach, das war das Meetup, wo ich kommen wollte, aber leider krank war. 😄
Back to English: For a few years now I want to get some contact again to XMPP because the IM landscape is too dependent on Big Tech, and Matrix … well, it has its use-case, I guess. I'd rather onboard non-tech people to XMPP than to Matrix.
I understand your intention re channel binding. I heard of the jabber.ru case. I'm still not entirely sure, though, OIDC would block channel binding. AFAIU it's the SCRAM part that might get disrupted because there's no password involved in authentication anymore, just a token (or two?). The connection between client and server would be untouched, though.
muppeth
in reply to Daniel Gultsch • • •@daniel @mattj Sure but if someone already uses external auth, being able to add xmpp to the stack would bring extra security features like global 2FA.
Here is my use case. I use LDAP for authentication and currently in the process of adding keycloak for oidc. XMPP at this point needs to stay with LDAP only, while it would be an added feature for me if it would support openid
Daniel Gultsch
in reply to muppeth • • •@muppeth @mattj Sticking with LDAP would at least on paper leave the door open for channel binding.
2FA could be added to XMPP w/o involving web stack stuff.
I'm not fundamentally opposed to oauth. I'm just pointing out that the use case of oauth is convenience rather than added security. If we implement it wrong me might even loose security (channel binding).