diff options
| author |  Joey Hess <joey@kitenet.net> | 2012-11-05 17:47:25 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-11-05 17:47:25 -0400 |
| commit | 8ce7c0d0dc4b95a28c6f4fb4e770522bdd2524e2 (patch) | |
| tree | cccaa43eecabea711a3a9fd9bbd854cf5c018100 | |
| parent | a4667e3e8cb7fae50b0c2cb8bc1a46df0b289b6c (diff) | |
blog for the day
| -rw-r--r-- | doc/design/assistant/blog/day_123__xmpp_insanity.mdwn | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/design/assistant/blog/day_123__xmpp_insanity.mdwn b/doc/design/assistant/blog/day_123__xmpp_insanity.mdwn new file mode 100644 index 000000000..bfbc30669 --- /dev/null +++ b/doc/design/assistant/blog/day_123__xmpp_insanity.mdwn @@ -0,0 +1,49 @@ +Spent about 5 hours the other night in XMPP hell. At every turn Google Talk +exhibited behavior that may meet the letter of the XMPP spec (or not), but +varies between highly annoying and insane. + +By "insane", I mean this: If a presence message is directed from one client +to another client belonging to that same user, randomly leaking that message +out to other users who are subscribed is just a security hole waiting to +happen. + +Anyway, I came out of that with a collection of hacks that worked, but I +didn't like. I was using directed presence for buddy-to-buddy pairing, and +an IQ message hack for client-to-client pairing. + +Today I got chat messages working instead, for both sorts of pairing. These +chat messages have an empty body, which *should* prevent clients from +displaying them, but they're sent directed to only git-annex clients +anyway. + +---- + +And XMPP pairing 100% works now! Of course, it doesn't know how to git pull +over XMPP yet, but everything else works. + +Here's a real `.git/config` generated by the assistant after XMPP pairing. + + [remote "joey"] + url = + fetch = +refs/heads/*:refs/remotes/joey/* + annex-uuid = 14f5e93e-1ed0-11e2-aa1c-f7a45e662d39 + annex-xmppaddress = joey@kitenet.net + +---- + +Fixed a typo that led to an infinite loop when adding a ssh git repo with the +assistant. Only occurred when an absolute directory was specified, which +is why I didn't notice it before. + +---- + +Security fix: Added a `GIT_ANNEX_SHELL_DIRECTORY` environment variable that +locks down git-annex-shell to operating in only a single directory. The +assistant sets that in ssh `authorized_keys` lines it creates. This +prevents someone you pair with from being able to access any other git or +git-annex repositories you may have. + +---- + +Next up, more craziness. But tomorrow is Nov 6th, so you in the US already +knew that.. |