Dez. 6, 2018

Links (128)

Kategorien: Links
Tagged: Chrome Mastodon Federation federated Orgasmus Sex JavaScript Minesweeper Game Gender Studies Scholarship Corruption Flatpak Security Knuth Donald Knuth Tic-Tac-Toe Populismus Überwachungsstaat ISP Schweden Internetprovider Zensur Elsevier Sci-Hub Google Tracking machine learning maschinelles Lernen Versagen Failure Elefanten Evolution CheeseMaster Käse Spiel Therapie DeinTherapeut twitter Psychologie Psychotherapie VPP Verbande Psychologischer Psychotherapeutinnen und Psychotherapeuten Urknall Physik Astronomie DLR

0 Kommentare

Sept. 8, 2018

Converse.js with prosody

Since the latest release (4.0.0), converse.js supports OMEMO. With OMEMO and MAM (server-side message archive to show older chatlogs), it seems to be now a really nice client for everyday usage.

But deploying it isn't as easy as one might think. Here a short summary of what I needed to do to get BOSH and HTTP file upload working together with an own prosody XMPP server.

By default the prosody BOSH (Jabber over HTTP) server listens on port 5280 and 5281 for unencrypted respectively TLS connections.
When converse.js is installed on a web server, the website at port 80 (HTTP) / 443 (HTTPS) is considered as another origin by the browser, so it will not allow access to the BOSH server.
The BOSH server can allow such an access by setting a cross-origin resource sharing header (CORS).

The problem is, that setting the header is not yet implemented in prosody.

To fix this, here is an easy patch for the net/http/server.lua file from prosody:

To allow access from any website, change the line

headers = { date = date_header, connection = response_conn_header };


headers = { date = date_header, connection = response_conn_header, 
            access_control_allow_origin = "*" };

This solves the problem to access the BOSH server, but HTTP file upload will still have problems.

HTTP file upload uses the PUT method on the server, with the new filename, which does not exist, yet.
A CORS-request by the browser before the upload results in an error 404 (File not found) and fails even when the correct header is set, so no upload is attempted.
This means the cross-origin header solution does not allow for working file transfers.

To solve the problem, we can use a reverse proxy to have the BOSH and HTTP-upload URLs on the same domain (and port) as the converse.js installation.
The patch for sending the cross-origin resource sharing header above is no longer needed with this solution, as everything will now run on the same domain and port.

For nginx, I use the following reverse proxy configuration for the vHost CONVERSE_DOMAIN at which converse.js is hosted:

location ^~ /http-bind {
    proxy_pass "https://PROSODY_SERVER:5281/http-bind";
    proxy_http_version 1.1;
    proxy_set_header Host JABBER_DOMAIN;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
    tcp_nodelay on; 
# HTTP-Upload
location ^~ /upload {
    proxy_pass "https://PROSODY_SERVER:5281/upload";
    proxy_http_version 1.1;
    proxy_set_header Host JABBER_DOMAIN;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
    tcp_nodelay on; 

where JABBER_DOMAIN needs to be the appropriate vHost in prosody, i.e. the part after the @ in the jabber IDs, and PROSODY_SERVER is the IP or hostname where nginx can access the prosody server.

In prosody, the following configuration is needed

# Consider internal non-https connections as external https connections
consider_bosh_secure = true;
# Allow requests from other domains than the @server part of the jabber IDs
cross_domain_bosh = true;
# Base URL used to generate HTTP-upload URLs
http_external_url = "https://CONVERSE_DOMAIN/"

This configuration makes prosody accept connections from nginx, even when the internal connection does not use HTTPS and sets the base URL which is used to construct URLs for file uploads to the external address of the reverse proxy.

You can now firewall the prosody HTTP-server, as BOSH and HTTP file upload should only need access to the nginx HTTP server.

Kategorien: Technik Software Tipps
Tagged: prosody converse.js converse nginx reverse proxy OMEMO MAM Jabber

0 Kommentare

Aug. 30, 2018

Program to blacklist artists on Spotify

Spotify seems not to allow to blacklist artists or songs by design (at least they reject the feature request in their forum), which means that these songs of these artists are added to radio streams even when you disliked them before.

But if you are using Mopidy (e.g. to use Spotify on a raspberry pi or just to have a nice web interface), you can use its MPD interface to remove blacklisted artists from the playlist as soon as they are added using this short python program:

#!/usr/bin/env python
# Licence: This code snippet is public domain

from mpd import MPDClient import time

blacklist = ["artist1", "artist2", "artist3"]

client = MPDClient() client.connect("localhost", 6600)

while True: time.sleep(10) for item in client.playlistinfo(): if item['artist'] in blacklist: client.deleteid(item['id'])

The program checks every 10 seconds if a song from a blacklisted artist in the playlist and then deletes it.

Kategorien: OpenSource Kurz bemerkt Software
Tagged: Spotify Songs music MPD Mopidy Blacklist

0 Kommentare

Aug. 26, 2018

Links (127)

Kategorien: Links
Tagged: Plastic Injection Molding Coinhive pr0gramm Reynholm Industries Facebook Wahlen Sealand Abuse Mail Domains random 2FA SPAM HTTPS Anti-Vaxxers TLS SSL Prison Experiment Stanford QWERTY Keyboard Datenschleuder Dataleak parabolic mirror Intel Mangement Engine ME Messenger Conversations XMPP Jabber iPhone iPhone X Animal Crossing Manspreading dezentral Signal Signal Messenger twitter 1970 calculator battery Battery API W3C Schule Lektüre Schulbücher Exploit RCE

0 Kommentare

März 11, 2018

Links (126)

Kategorien: Links
Tagged: OSM Open Street Map Diversity Illusion Code of Conduct CoC Friends Family Fakes Tanenbaum Minix Intel Intel ME Jealous Girlfrend Unfaithful Guy Meme Shutterstock Firefox Addons Bitcoin Papier Bleistift Rechnen Rosa Genderpricing Gender twitter Tiere Time Travel Meltdown 2017 Headlines The Expert 7 Perpendicular Lines indogermanisch Genus Ponzicoin Ponzi Scheme AfD Mond Dating Passwords Vero Vero-App Doom Admin DRM E-Books

0 Kommentare