XMPP is federated, similar to email, which means different domains can connect to each other. Back in the early days, when a server initiated a connection to a server, the initiating server could be reasonably sure it connected to the right place as it resolved the DNS records (remember, it’s 1999). But the receiving server has no guarantee on whether the incoming connection was actually from the domain it claimed.

To deal with the logjam attack, I was looking for a set of all “common” Diffie-Hellman parameters to update xmpp.net, yet I wasn’t able to find those easily. Even just searching for the hexadecimal representation of commonly encounted primes often didn’t lead to the document they were specified. Here I’m documenting those that I found and where they are from.

As you can see, the layout of this blog has changed. I was updating this blog so little, every time I did Ruby had broken everything (or so it felt like). I don’t like the idea of having to learn Ruby or gem to blog, so I’ve decided to switch to something else.

Lets start with a simple example in php:

setlocale(LC_ALL, "nl_NL.UTF-8");

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $_GET["url"]);

curl_exec($ch);

This code is broken, can you tell how?

It’s a week until the XMPP Summit in Brussels, which I won’t be able to attend. How­ever, I do have some thoughts about two of the subjects that are on the agenda that I wanted to share.

Carbons/MAM and e2e-encryption seem to be moving in two completely opposite directions: MAM wants to store messages server-side, while e2e protocols like OTR want to ensure those stored messages are useless. But I don’t think they’d have to be mutually exclusive. I think it would be possible to find a solution that unifies the two concepts.