!NasysSDfxKxZBzJJoE:matrix.org

#matrix-spec

200 Members
Discussion of specific Matrix Spec Change proposals | https://matrix.org/docs/spec/proposals | SCT Board: https://github.com/orgs/matrix-org/projects/31 | Old design drafts: https://drive.google.com/drive/folders/0B4wHq8qP86r2ck15MHEwMmlNVUk 71 Servers

Load older messages


SenderMessageTime
17 Apr 2021
@jboi:jboi.nlJonathan
  1. define a series of imperative-declarative operations, e.g. "insert this value into array .users.ignored" or "set this value of ."im.vector.breadcrumbs" to [...] if value .lastedited is "<date>"", basically doing a lot to ensure that account_data edits are as predictable yet race-free as possible, atomic edits
08:41:07
@jboi:jboi.nlJonathan
  1. define an endpoint that lists account_data keys with 'sideffects', like rn it could be m.ignored_users, but in the future it might be a lot more, it might even be dependent on implementation, and so - for security, but also for discovery - it'd be useful if those side_effects are programmatically determinable with that endpoint
08:42:24
@jboi:jboi.nlJonathanjust an array of account_data keys that arent "just storage"08:42:33
@jboi:jboi.nlJonathan
In reply to @jboi:jboi.nl
  1. define an endpoint that lists account_data keys with 'sideffects', like rn it could be m.ignored_users, but in the future it might be a lot more, it might even be dependent on implementation, and so - for security, but also for discovery - it'd be useful if those side_effects are programmatically determinable with that endpoint
(for security, cuz bots might store "cookies" or account data with interactions, and it's possible those could clash with account data that has sideeffects and the like)
08:51:04
@tulir:maunium.nettulirwhy would you store anything in an account data event that you don't know about?08:54:22
@jboi:jboi.nlJonathanwym "dont know about"?08:55:54
@jboi:jboi.nlJonathanwhy set cookies? :P08:55:57
@tulir:maunium.nettulirhow would account data "clash" with anything?08:56:21
@jboi:jboi.nlJonathancuz some account_data keys would have "sideeffects"08:56:42
@jboi:jboi.nlJonathansuch as ignored users, or archived rooms08:56:49
@tulir:maunium.nettulir

if you want to ignore users, then you put something in m.ignored_users
if not, then you don't put anything in m.ignored_users

I don't see where any kind of clash comes in

08:56:59
@jboi:jboi.nlJonathanthe clash might be if its like08:57:45
@jboi:jboi.nlJonathan famedly brings out a modded homeserver, and then something/someone would wanna store to de.famedly.friends or whatever 08:58:12
@jboi:jboi.nlJonathanif the client doesnt know it deliberately causes "side effects", its effectively a CSRF, but on matrix08:58:37
@tulir:maunium.nettuliroh you mean the client allowing a 3rd party to set account data08:59:45
@jboi:jboi.nlJonathanyeh09:00:16
@deepbluev7:neko.devNicoImo if we get scoped access tokens, they should only allow access to namespaced account data keys or whitelisted ones09:00:24
@tulir:maunium.nettulir
In reply to @jboi:jboi.nl
yeh
that might depend on what the 3rd party is
09:01:32
@tulir:maunium.nettulirlike if it's a widget that wants to store configuration, probably easier to just limit it to using the source domain's namespace09:02:12
@jboi:jboi.nlJonathan shrug 09:03:57
@jboi:jboi.nlJonathanstill09:03:58
@jboi:jboi.nlJonathanits as much a security feature as it is a discovery feature09:04:10
@jboi:jboi.nlJonathanim just putting it in here for the idea09:04:15
@tulir:maunium.nettulirthe discoverability side is kind of useless: "de.famedly.friends has side-effects" doesn't tell you what it does09:07:43
@erkinalp:matrix.orgErkin Alpyou can't force everyone to open source their side effect code09:08:32
@deepbluev7:neko.devNicoAlso all account data has side effects, otherwise you wouldn't store it, would you?09:09:16
@deepbluev7:neko.devNicoIt just has less or more visible effects09:09:33
@tulir:maunium.nettulirthat too, most of the effects are just client-side rather than server-side09:13:03
@deepbluev7:neko.devNicoYeah, but a random client modifying those will still mess up stuff for the user09:13:40
@sapient_cogbag:tchncs.de⏣sapient_cogbag⏣[ⒶH⁺⚧★][they/them|ze/zem|xe/xem] changed their display name from ★⚧[H⁺]Ⓐ⏣sapient_cogbag⏣Ⓐ[H⁺]⚧★ [they/them | ze/zem | xe/xem] to ⏣sapient_cogbag⏣[ⒶH⁺⚧★][they/them|ze/zem|xe/xem].09:16:18

There are no newer messages yet.


Back to Room List