BigBlueButton-DE - Public Room Timeline

	BigBlueButton-DE	362 Members
	Austauschkanal für BBB-Installation, Betrieb, Nutzung etc.	106 Servers

Load older messages

Sender	Message	Time
12 Apr 2024
Jan Kessler	Und es hängt an den BBB Paketen.	07:33:19
danimo	Kann sein dass auf dem Weg zum bbb install server neuerdings irgendwo ICMP weggefirewalled wird.	07:33:42
danimo	Wenn du dann aus der Uni aus irgend einem Grund (VPN?) nicht mit 1500 kommst, knallts. Kann auch auf dem Weg passieren. Aber eingrenzen würde erstmal helfen	07:34:12
Jan Kessler	Ist ohne VPN	07:34:41
Jan Kessler	* Ist ohne VPN. Aber könnte am Web-Proxy hängen... Jedenfalls danke für die Rückmeldung.	07:38:16
15 Apr 2024
Daniel S. (Uni FFM)	wenn ich Audio- und Videoausfälle gemeldet bekomme, in welchem Log würde ich da fündig werden	10:21:58
Daniel S. (Uni FFM)	Apr 15 12:06:52 bbb-18-2 systemd_start_frontend.sh[124923]: 2024-04-15T10:06:52.954Z frontend-2 [error] : Exception while invoking method userShareWebcam Error: Match error: Expected string, got undefined	10:32:15
Daniel S. (Uni FFM)	das hab ich gefunden	10:32:19
Timo Nogueira Brockmeyer	Gleich um 15 Uhr: Das deutschsprachige BBB Adopter's Meeting Raum: https://bbb-community.uni-osnabrueck.de/rooms/adopters (3.0.0-dev) Agenda: https://hedgedoc.uni-osnabrueck.de/bbb-adopters	12:23:25
defnull	You may want to wait before upgrading to Greenlight 3.3.3, the fix needs a fix.	20:50:08
defnull	Maybe I was wrong this time, I'll check again tomorrow	22:18:31
16 Apr 2024
defnull	Okay, so, here is some background: Some regulations require that all uploads to web applications must be checked for viruses before they are distributed to other users, and that malicious uploads are blocked immediately with an error message. The usual test case is uploading a EICAR test file and checking if the application returns an error message. If not, then you fail the compliance test. This has nothing to do with actual security, this is really just compliance and security theater. But Greenlight and BBB both added support for virus scans for user content (sponsored by people that are also here) because of this, and the GL-3.3.3 release seems to be part of that effort. The new GL-3.3.3 patch uploads the original image and checks it, but does not include a check for the downsized/cropped image (generated on the client) that is then actually persisted and used by GL. What I did not see: the virus scan for the final image was already there, deep down in the User model. It was enough for security (if you really think virus-scanning images improves security), but it did not tick the compliance checkbox because it would not generate an error message when uploading an EICAR test file. The browser would generate a new image (without any EICAR strings in its metadata) and upload that, and for the 'pen tester' that would look like a successful upload of a malicious file. So, the GL-3.3.3 release really fixes the issue, but the issue was not a security issue. Just a missing error message that normal users should never see in the first place.	07:08:08
defnull	* Okay, so, here is some background: Some regulations require that all uploads to web applications must be checked for viruses before they are distributed to other users, and that malicious uploads are blocked immediately with an error message. The usual test case is uploading a EICAR test file and checking if the application returns an error message. If not, then you fail the compliance test. This has nothing to do with actual security, this is really just compliance and security theater. But Greenlight and BBB both added support for virus scans for user content (sponsored by people that are also here) because of this, and the GL-3.3.3 release seems to be part of that effort. The new GL-3.3.3 patch uploads the original image and checks it, but does not include a check for the downsized/cropped image (generated on the client) that is then actually persisted and used by GL. What I did not see: the virus scan for the final image was already there, deep down in the User model. It was enough for security (if you really think virus-scanning images improves security), but it did not tick the compliance checkbox because it would not generate an error message when uploading an EICAR test file. The browser would generate a new image (without any EICAR strings in its metadata) and upload that, and for the 'pen tester' that would look like a successful upload of a malicious file. So, the GL-3.3.3 release really fixes the issue, but the issue was not a security issue. Just a missing error message that normal users should never see in the first place.	07:09:42
defnull	* Okay, so, here is some background: Some regulations require that all uploads to web applications must be checked for viruses before they are distributed to other users, and that malicious uploads are blocked immediately with an error message. The usual test case is uploading a EICAR test file and checking if the application returns an error message. If not, then you fail the compliance test. This has nothing to do with actual security, this is really just compliance and security theater. But Greenlight and BBB both added support for virus scans for user content (sponsored by people that are also here) because of this, and the GL-3.3.3 release seems to be part of that effort. The new GL-3.3.3 patch uploads the original image, checks it, and then throws it away. The patch does not include a check for the downsized/cropped/centered image (generated on the client) that is actually persisted and used by GL. What I did not see: the virus scan for the final image was already there, deep down in the User model. It was enough for security (if you really think virus-scanning images improves security), but it did not tick the compliance checkbox because it would not generate an error message when uploading an EICAR test file. The browser would generate a new image (without any EICAR strings in its metadata) and upload that, and for the 'pen tester' that would look like a successful upload of a malicious file. So, the GL-3.3.3 release really fixes the issue, but the issue was not a security issue. Just a missing error message that normal users should never see in the first place.	07:12:26
defnull	I cannot stress enough how stupid this is. I mean the regulation and the way compliance is tested, not GL or BBB. They just do what is required by the regulation. Just to comply to some brain-dead pen-test, we now upload an additional file that we do not need or want, and that may actually be malicious (e.g. bad metadata, corrupted payload that triggers image library bugs), feed it to a a virus scanner that probably does not even scan for this kind of payload, and then throw it away. Just to generate an error message so the tester can check a checkbox.	07:21:55
defnull	All this nonsense because those pen-tests do not test for actual security, they run a set of standard test cases against all input fields they can find, and that's it. Same with network scans. They run a port scan and let software generate a report. If you are lucky and did not hire the cheapest 'security' contractor on the market, an actual human looks over the results and filters out obvious false positives, but you still end up with tons of work to fix security issues that do not exists. Lots of money wasted for a simple `nmap` scan.	07:30:47
defnull	</rant>	07:30:54
	@jbonk:chat.virtuos.uni-osnabrueck.de left the room.	07:59:06
17 Apr 2024
Daniel S. (Uni FFM)	In reply to @dschekli:matrix.server.uni-frankfurt.de wenn ich Audio- und Videoausfälle gemeldet bekomme, in welchem Log würde ich da fündig werden ich habe hierzu noch folgendes gefunden, was genau auf die Ausfallzeit des Users passt: Apr 15 12:07:29 bbb-18-2 bbb-webrtc-sfu[124801]: {"level":40,"time":"2024-04-15T10:07:29.088Z","pid":124801,"hostname":"bbb-18-2","mod":"video","userId":"w_bcs7hibckcch","roomId":"26257","internalMeetingId":"148b4820e3890739128037492a52e1bf8df5087f-1713171322319","streamName":"08dac737-7385-4f81-b1f0-d263c3fd1d5ew_bcs7hibckcch_7130d9aa0425703c926a87d69c3a6e9cb50731df6bb83088e8fd9e4492b03abe-share","mediaId":"e46e2f4b-b00b-4ebb-a59b-db3c4a0e74f5","status":"MEDIA_STARTED","role":"share","cameraId":"w_bcs7hibckcch_7130d9aa0425703c926a87d69c3a6e9cb50731df6bb83088e8fd9e4492b03abe","connectionId":"08dac737-7385-4f81-b1f0-d263c3fd1d5e","sessionId":"w_bcs7hibckcch-w_bcs7hibckcch_7130d9aa0425703c926a87d69c3a6e9cb50731df6bb83088e8fd9e4492b03abe-share","msg":"Shutting down stale video session"} Apr 15 12:07:30 bbb-18-2 bbb-webrtc-sfu[124798]: {"level":50,"time":"2024-04-15T10:07:30.024Z","pid":124798,"hostname":"bbb-18-2","mod":"core","elementId":"ce658475-5a77-4219-b700-aa6fe8775acb","type":"WebRtcEndpoint","routerId":"39bedf63-31ff-4d65-a61e-7a92abe94995/roomId:26257","transportId":"fe376de6-68d3-43ad-a6fc-2e34fc130ad0","iceState":"disconnected","msg":"mediasoup: transport ICE state failed"} Apr 15 12:07:40 bbb-18-2 bbb-webrtc-sfu[124617]: {"level":50,"time":"2024-04-15T10:07:39.811Z","pid":124617,"hostname":"bbb-18-2","mod":"sfu","connectionId":"de1f6254-34eb-4b1e-ba75-f2e0ded26fa4","msg":"Terminating websocket: heartbeat failure"} Apr 15 12:07:45 bbb-18-2 bbb-webrtc-sfu[124617]: {"level":50,"time":"2024-04-15T10:07:45.436Z","pid":124617,"hostname":"bbb-18-2","mod":"sfu","connectionId":"a643d16d-b60f-4941-99df-c0d21fd62c51","msg":"Terminating websocket: heartbeat failure"} Apr 15 12:07:46 bbb-18-2 bbb-webrtc-sfu[124617]: {"level":50,"time":"2024-04-15T10:07:46.522Z","pid":124617,"hostname":"bbb-18-2","mod":"sfu","connectionId":"08dac737-7385-4f81-b1f0-d263c3fd1d5e","msg":"Terminating websocket: heartbeat failure"} Apr 15 12:09:16 bbb-18-2 bbb-webrtc-sfu[124798]: {"level":40,"time":"2024-04-15T10:09:15.425Z","pid":124798,"hostname":"bbb-18-2","mod":"core","elementId":"3c4bf173-a98c-4954-a2ed-29d66b0f1d8d","msg":"FS: SIP.js UA disconnected"} weiß irgendjemand, wo das her kommt?	13:37:00
defnull	Sieht nach massiven Verbindungsproblemen des Nutzers aus, wenn sogar die (tcp) WebSocket Verbindung stirbt.	13:38:58
Daniel S. (Uni FFM)	also eher Netzwerkprobleme auf seiner/unserer Seite	13:39:33
defnull	Im Zweifel ist das immer die Erklärung	13:39:52
defnull	* Im Zweifel ist das immer die Erklärung, besonders wnen nur eine Person im Meeting die Probleme hat	13:40:03
defnull	* Im Zweifel ist das immer die Erklärung, besonders wenn nur eine Person im Meeting die Probleme hat	13:40:10
Daniel S. (Uni FFM)	er meinte es passiert mehreren	13:40:18
Daniel S. (Uni FFM)	in die Zeit fällt auch ein Apr 16 12:07:26 bbb-18-2 bbb-webrtc-sfu[154080]: (node:154080) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 DisconnectAllClientsSysMsg52fd2379bcfbc49d93f894333b3c1ee688ac2645-1713256462782 listeners added to [BigBlueButtonGW]. Use emitter.setMaxListeners() to increase limit Apr 16 12:07:26 bbb-18-2 bbb-webrtc-sfu[154080]: (node:154080) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 RecordingStatusChangedEvtMsg52fd2379bcfbc49d93f894333b3c1ee688ac2645-1713256462782 listeners added to [BigBlueButtonGW]. Use emitter.setMaxListeners() to increase limit	13:41:49
David Siegfried	Eine Frage zu Gl3: Wenn ich von 2 auf 3 gehen möchte und LDAP genutzt habe, dann kann ich die Migration doch vergessen oder?	19:48:26
David Siegfried	Sprich Nutzer loggt sich über Keycloack an und hat seine altern Räume?	19:48:57
David Siegfried	* Sprich Nutzer loggt sich über Keycloak an und hat seine altern Räume?	19:49:09
Daniel S. (Uni FFM)	Authentifiziert ihr bei gl3 nicht mehr mit LDAP?	19:55:23

Show newer messages

Back to Room ListRoom Version: 5