Lazy Admin

Lazy Admin

lazyadmin@zotadel.net

A group...for lazy admins

Hubzilla Know How

Mario Vavti

Tue, 12 Nov 2019 23:23:13 +0100

If you do not care about your site content being crawled by search engines, you can set system.noscript_content = 0.
This will prevent the channel page content being rendered twice and make your channel page load in half of the time.

!!Lazy Admin !!Hubzilla Support Forum

poVoq

Wed, 13 Nov 2019 15:56:23 +0100

Any chance to have that in the settings menu as well? Seems like a fairly common setting one might want to enable on a public hub.

Alex

Thu, 23 Jan 2020 11:31:59 +0100

util/config system.noscript_content 0

Lazy Admin

Tue, 13 Aug 2019 10:52:04 +0200

Mario Vavti wrote the following post Tue, 13 Aug 2019 10:28:48 +0200

Hubzilla 4.4 Released!
Another exciting release with new additions, some bug fixes and overall improvements.

The calendar app now has clickable week/day numbers. Clicking the number will open the appropriate week/day view. Events can easily be adjusted by using the drag and drop functionality. It is now possible to enter the date and time in different formats if this method of setting the event start and end time is preferred. Opengraph meta has been added to the channel pages. Search engines will now hopefully provide better infos about channels.

The twitter addon has been improved to better render posts. The pubcrawl addon, which provides the activitypub protocol, has received new features (thread completion, delete activity) and some bug fixes. The queueworker addon has been refactored for better efficiency. Also the photocache addon has been improved.

Under the hood, besides numerous bugfixes, we started the first little steps towards making zot6 the primary protocol for Hubzilla.

A detailed changelog can be found here.

THANK YOU! to all contributors and everybody who is supporting Hubzilla in other ways.

If you like what we do, please consider to donate at https://salt.bountysource.com/teams/hubzilla

Upgrade info
In case you attended the RC testing, remember to git checkout master your repositories prior to the upgrade.

1. Execute util/udall from the web root (this will execute git pull for all repositories).
2. There are several DB updates which could take some time (depending on DB size) to complete. Please be patient. If updates fail due to server timeout, you will need to apply the failed updates manually.
3. Install the upgrade info addon if you have not done so yet (optional). This will show some info about the upgrade to your community members.

!zotlabs.org | Hubzilla Announcements !Hubzilla Support Forum

Lazy Admin

Sun, 03 Feb 2019 15:43:03 +0100

Mario Vavti wrote the following post Sun, 03 Feb 2019 15:20:37 +0100

Hubzilla 3.8.9 Released!
Fixes:

Fix typos in mod oep

Fix page jumping when liking collapsed/expanded post

Fix failure to import mail in mod import

Fix wrong channel count in mod new_channel

Fix diaspora addon regression

Remove deprecated diaspora addon endpoint

Fix wrong function call in gallery addon

Please update ASAP!

!Hubzilla Announcements !Hubzilla Support Forum

Lazy Admin

Sat, 15 Dec 2018 10:33:22 +0100

Mario Vavti wrote the following post Fri, 14 Dec 2018 22:03:08 +0100

Hubzilla 3.8.7 Released!
Changes:

Fix issue with linkdropper in comment area

Fix regression with app ordering

Fix return if readImnageBlob() throws an exception

Introduce photo_view_filter hook

Fix home notifications not expanding in certain situations

Fix for dark schema

Fix total identities restriction

Fix article page title not updating if article has no title

Gallery: the gallery app will now act as the full-size photo viewer in /photos if installed

Please update ASAP!

!Hubzilla Announcements !Hubzilla Support Forum

source code

ivan zlax

Wed, 05 Dec 2018 12:55:01 +0100

I repost old article, as in one of the threads it is necessary to identify the terminology. I hope someone else may find this interesting.

ivan zlax wrote the following post Wed, 12 Nov 2014 06:01:00 +0100

source code

There is no government, no industrial-military complex, no economic system, no mass media that can ever reduce us to puppets and robots as thoroughly as the biological and enviornmnetal dictatorships have – F.M. Esfandiary (FM-2030), Upwingers

Hello friends! In this post, I will tell you about a model that someone can possibly find an effective instrument of social interaction. And in order to get used to this model, we must first discuss some concepts related to the field of information technology.

The computer software is:
A program (from Greek programma, “a written public notice”) – in computer science, this is a set of instructions intended for execution by a machine. In general, we call a program some application provided with a user interface.
A process – typically, this means a program that lacks any graphical user interface, while repeatedly accessing the physical memory and hardware resources, and performs some operations in the background mode.
An operation system – a computer’s main program that defines the scope and the procedures for running all other programs and processes.

Hereon, we need to consider the following two kinds of operation systems:
A proprietary system (from Medieval Latin proprietarius, “owner of property”) – this is a system developed and distributed by a specific proprietor (e.g., Apple or Microsoft). The source code of a proprietary system is sealed and inaccessible to anyone, except for the proprietor itself.
An open-source system – it is available for public access, does not belong to anyone, has all its source code accessible and open to change.

It is also worth mentioning that there are two levels in an operation system:
The user level – this includes a conventional desktop, end-user applications, the input and output of data via the graphical interface. A user is allowed to install, run and restrict the access to resources for programs to which he or she has access.
The core, kernel (heart) level – this level is unavailable to a user, it typically lacks any visual representation and hosts a multitude of system processes. In proprietary systems, only the owner has access to the core level, while in open-source systems this may be a special user granted with extended authority, named Root. We have almost finished explaining the terminology by now…

So, in proprietary systems, background processes that consume the processor resources and physical memory are called “Services”:

Meanwhile, in the proprietary systems users do not have access to the core services. A user cannot reduce the consumption of resources, release the memory or disable a system service; only the proprietor can gain the access to core services.

Now, in the open-source systems, the background processes that consume the processor resources and the physical memory are called “Daemons”:

If a user of an open-source system knows the Root password (of a super-user), he or she becomes enabled to kill/freeze any daemon, limit its consumption of resources and memory, and even reassemble the core with applying to it the necessary custom settings.

And finally, let’s take a look at an effective model:

Replace the “computer software” at the beginning of this post with “bio-computer software” and read the article anew. Next, try to answer the following questions:

-    are you authorized to command the core of your biocomputer?
-    is the source-code of your system open, or is it locked by a proprietor behind seven seals?
-    how many services/daemons must be attended by your biological hardware every day? Do their actions cost you memory and resources?
-    who is the specific proprietor of your services: parents, professors, priests, officers, mates, or somebody else?
-    would you like to obtain the Root password enabling you to personally exercise control over your own heart daemons, or would you rather like to continue relying upon the proprietor services?

Links:
J.C. Lilly. Programming and Metaprogramming in the Human Biocomputer
R.A. Wilson. Discussion How to Brain-Wash Friends & Robotize People

ODD# V/(a)/1,v;24Afm3180
#odd #science #erisian #timespace #biocomputer #programming #metaprogramming #opensource #software #bioware #future #infosec
original post@wp

ivan zlax wrote the following post Wed, 12 Nov 2014 06:00:00 +0100

Ни одно правительство, ни один военно-промышленный комплекс, ни одна экономическая система, ни одно средство массовой информации никогда не сможет низвести нас до уровня марионеток и роботов так, как это делает диктат биологии и окружающей среды. – Ф.М. Исфэндайри (FM-2030), «Верхнее крыло»

Привет друзья! В этом сообщение у вас есть возможность ознакомиться с моделью, которая для кого-то может стать эффективным инструментом социального взаимодействия. Но для усвоения этой модели потребуется сначала зафиксироваться и растолковать несколько понятий из сферы информационных технологий.

Программное обеспечение электронно-вычислительных машин это:
Программа — происходит от греческого «предписание», в компьютерах это последовательность инструкций, предназначенных для исполнения устройством управления. Как правило, под программой подразумевают какое-нибудь приложение с пользовательским интерфейсом.
Процесс (process) — чаще всего обозначает программу, не имеющую графического пользовательского интерфейса, но при этом постоянно использующую память и ресурсы аппаратного обеспечения, выполняющую какие-то действия в фоновом режиме.
Операционная система (operating system) — главная программа на компьютере, в рамках и по правилам которой работают все остальные программы и процессы.

Далее, стоит отметить, что есть два типа операционных систем:
Проприетарная система (proprietary software) — происходит от латинского «собственность», это система разрабатываемая и распространяемая каким-нибудь собственником (например, Apple или Microsoft). Исходный код проприетарной системы закрыт и доступен только собственнику, у пользователя нет доступа к исходному коду.
Открытая система (open-source software) — находится в публичном доступе, никому не принадлежит, весь ее исходный код открыт и доступен для изменения.

Также, стоит отметить, что есть два уровня в операционной системе:
Пользовательский уровень — это привычный рабочий стол, все эти приложения, ввод и вывод данных через графический интерфейс, пользователь может устанавливать, запускать или ограничивать потребление ресурсов программ, к которым у него есть доступ.
Уровень ядра, сердца (kernel, core) — это недоступный пользователю уровень, как правило, без графического представления, на котором работают множество системных процессов.
В проприетарных системах к уровню ядра имеет доступ только собственник, а в открытых системах специальный пользователь с расширенными правами по имени Корень (root). Осталось совсем немного терминологии…

Посмотрите, в проприетарных системах фоновые процессы, потребляющие ресурсы процессора и оперативную память называются «Службы»:

Вот только в проприетарных системах у пользователя нет доступа к службам ядра. Пользователь не может понизить потребление ресурсов, освободить память или отключить системную службу, к службам ядра может получить доступ только собственник.

А теперь посмотрите, в открытых системах фоновые процессы, потребляющие ресурсы процессора и оперативную память называются «Демоны»:

Если пользователь открытой системы знает пароль Корня (супер-пользователя), то он может прибить/заморозить любого демона, ограничить ему потребление ресурсов и памяти, да и вообще может пересобрать ядро с необходимыми ему параметрами.

И вот, наконец, пришло время для эффективной модели:
Замените фразу «Программное обеспечение электронно-вычислительных машин» в начале этого сообщения на «Программное обеспечение био-компьютеров» и перечитайте всё это ещё раз. И после этого попробуйте ответить на вопросы:

-    имеется ли у вас доступ к управлению ядром вашего биокомпьютера?
-    исходный код вашей системы открыт или находится за семью печатями у собственника?
-    как много служб/демонов ежеденевно приходится обслуживать вашему биологическому аппаратному обеспечению, ограничивает ли их работа вашу память и ресурсы?
-    кто конкретно является собственниками ваших служб: родители, профессора, священники, офицеры, супруг или может кто-то ещё?
-    хотели бы вы получить корень-пароль для самостоятельного управления своими собственными сердечными демонами или предпочтете довериться службам собственника?

Дополнительные материалы по теме:
Д. Лилли. Программирование и метапрограммирование человеческого биокомпьютера
Р.А. Уилсон. Как промывать мозги друзьям и роботизировать людей
ODD# V/(a)/1,v;24Afm3180
#odd #science #erisian #timespace #biocomputer #programming #metaprogramming #opensource #software #bioware #future #infosec
original post@lj

!Lazy Admin

english russian

needfulthings

Wed, 05 Dec 2018 14:20:28 +0100 from Diaspora

To what conclusions do you expect the answers of such questions should lead? Substituting current (isolated) software architectures with biological units (and their interactions) is worse than comparing apples with oranges.

ivan zlax

Wed, 05 Dec 2018 14:44:57 +0100

@needfulthings, this is stylization. With this text i am imitating style of popular writer Robert Anton Wilson. He, in turn, also used a popular educational technique - questions for fasten material at the end of a article.

In sum, i just use modern information technology concepts about open and proprietary programs, into the Programming and Metaprogramming in the Human Biocomputer Model by J.C. Lilly, which i refer to at the end, of course. This is where my creative ends. Minor modernization of a fairly old scientific model.

needfulthings

Wed, 05 Dec 2018 14:59:30 +0100 from Diaspora

Despite my confusion you succeeded in making me curious :) I will have a look at both docs for better understanding.

New Cache ATtacks on TLS Implementations

ivan zlax

Tue, 04 Dec 2018 09:41:40 +0100

https://www.cryptologie.net/article/461/the-9-lives-of-bleichenbachers-cat-new-cache-attacks-on-tls-implementations/
https://web.archive.org/web/20120204040056/http://www.bell-labs.com/user/bleichen/papers/pkcs.ps

At CRYPTO’98, Bleichenbacher published his seminal paper which described a padding oracle attack against RSA implementations that follow the PKCS #1 v1.5 standard.

View PDF

Over the last twenty years researchers and implementors had spent a huge amount of effort in developing and deploying numerous mitigation techniques which were supposed to plug all the possible sources of Bleichenbacher-like leakages. However, as we show in this paper most implementations are still vulnerable to several novel types of attack based on leakage from various microarchitectural side channels: Out of nine popular implementations of TLS that we tested, we were able to break the security of seven implementations with practical proof-of-concept attacks. We demonstrate the feasibility of using those Cache-like ATacks (CATs) to perform a downgrade attack against any TLS connection to a vulnerable server, using a BEAST-like Man in the Browser attack. The main difficulty we face is how to perform the thousands of oracle queries required before the browser’s imposed timeout (which is 30 seconds for almost all browsers, with the exception of Firefox which can be tricked into extending this period). The attack seems to be inherently sequential (due to its use of adaptive chosen ciphertext queries), but we describe a new way to parallelize Bleichenbacher-like padding attacks by exploiting any available number of TLS servers that share the same public key certificate. With this improvement, we could demonstrate the feasibility of a downgrade attack which could recover all the 2048 bits of the RSA plaintext (including the premaster secret value, which suffices to establish a secure connection) from five available TLS servers in under 30 seconds.
This sequential-to-parallel transformation of such attacks can be of independent interest, speeding up and facilitating other side channel attacks on RSA implementations.

Linux.org.ru: Новости wrote the following post Tue, 04 Dec 2018 08:56:35 +0100

CAT - атака на TLS по сторонним каналам
CAT - атака на TLS по сторонним каналам

Международной группой исследователей была разработана новая схема атаки для перехвата закрытых ключей TLS. Исследователи из Израиля, Австралии и США модифицировали старый метод атаки на RSA (Padding Oracle attack), предложенной Даниэлем Блейхенбахером (Daniel Bleichenbacher) два десятилетия назад.

CAT предполагает параллельное применение нескольких атак Padding Oracle (расшифровку шифрованного текста для восстановления открытого текста путем отправки нескольких манипулируемых зашифрованных текстов), что в результате позволяет извлечь закрытые ключи шифрования при соединении, защищенном протоколом TLS. Основное отличие заключается в том, что для ее осуществления атаки нужно иметь доступ к уязвимой системе (с помощью уязвимого или вредоносного ПО).

В теории, с помощью данного способа злоумышленник может похитить токен аутентификации для доступа к учетной записи пользователя (например, в Gmail) и перехватить соединения или контроль над аккаунтом. За прошедшие годы разработчики реализовывали различные меры защиты от атак, но как оказалось, их можно обойти с помощью информации, полученной в атаках по сторонним каналам на кэш. С помощью сочетания атаки FLUSH+RELOAD(атака на кэш, когда отслеживается доступ к данным в совместно используемых страницах памяти), Browser Exploit Against SSL/TLS (BEAST) и предсказания переходов исследователям удалось понизить версии реализаций TLS в семи из девяти популярных библиотек (OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, GnuTLS). Атаки же на BearSSL и BoringSSL не дали результата. Уязвимости получили идентификаторы CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869 и CVE-2018-16870.

PDF с описанием атаки

Оригинальная новость от одного из авторов

openssl, tls

!Lazy Admin
#infosec #software #opensource #future #past #tls

english russian

Lazy Admin

Mon, 03 Dec 2018 12:39:43 +0100

Mario Vavti wrote the following post Mon, 03 Dec 2018 12:32:15 +0100

Hubzilla 3.8.6 Released!
Changes:

Prevent incompatible export files (osada/zap) from being imported

Catch exception if readImageBlob() receives bogus data

Streamline PDF previews

Allow notification filtering by name or address

Fix too restrictive attached photo permissions

Update ES translation

Use flex for the default template

Do not store serialized pconfig value received via to Module/Pconfig.php

Update jquery-file-upload lib and move to composer

Update imagesloaded lib and move to composer

Fix activitypub tag notifications

Fix call to undefined function in PConfig

Fix typo which prevented propagation of comments to zot6 (dev)

Activitypub: add support for pterotype (wordpress plugin)

Openstreetmap: check validity of lat+lon before rendering a map

Please update ASAP!

!Hubzilla Announcements !Hubzilla Support Forum

Lazy Admin

Mon, 19 Nov 2018 18:20:36 +0100

Mario Vavti wrote the following post Mon, 19 Nov 2018 11:33:12 +0100

Hubzilla 3.8.5 Released!
Fixes:

Fix pconfig SQL install schemas

Fix delayed publication of posts in combination with channel clones

Fix issue where photo filesize was not updated in the DB when a photo was edited

Fix issue where the original photo size was not set correct in the DB

Fix delivery issue in zot_fetch()

Fix typo in channel reputation addon

Important: new installs with version 3.8.4 require manual interaction by the hub admin.

Due to a missing entry in the SQL install schema it is required to execute the following SQL
for MySQL installations:

ALTER TABLE pconfig ADD updated datetime NOT NULL DEFAULT '0001-01-01 00:00:00';

ALTER TABLE pconfig ADD INDEX pconfig_updated (updated);

for PostgreSQL installations:

ALTER TABLE pconfig ADD updated timestamp NOT NULL DEFAULT '0001-01-01 00:00:00';

CREATE INDEX 'pconfig_updated_idx' on pconfig ('updated');

Those steps are only required if you did a new install with Hubzilla version 3.8.4!

We are sorry for the inconvenience!

Please update ASAP!

!Hubzilla Announcements !Hubzilla Support Forum

Lazy Admin

Wed, 14 Nov 2018 18:32:50 +0100

Mario Vavti wrote the following post Wed, 14 Nov 2018 11:38:31 +0100

Hubzilla 3.8.4 Released!
Changes:

Fix xss issue (thanks to Eduardo)

Implement hook in enotify to be used by superblock

Various css fixes

Improve photo cache handling

Provide function hz_syslog() to log to syslog

Fix request_target in z_post_url()

Fix plural handling for various languages

Some preparatory work for zot6

Fix warning in gallery addon

Fix date issue on xchan photo update in diaspora and pubcrawl addons

Fix typos in startpage addon

Improve activitypub addressing

Fix taxonomy in activitypub direct messages

Fix syntax error in diaspora addon

New e-learning addon flashcards

Remove DNS check for database connection during installation

Implement timestamps for pconfig

This release includes security fixes.
Please update ASAP!

!Hubzilla Announcements !Hubzilla Support Forum

cURL-7.62 HEADS UP!

Mario Vavti

Wed, 07 Nov 2018 15:10:13 +0100

We are seeing issues with the last cURL release in combination with Hubzilla.
There is a open bugreport here to track this issue: https://framagit.org/hubzilla/core/issues/1291

The recommended workaround for now is to stick to version 7.61.1 until the issue is resolved.

!Lazy Admin !Hubzilla Support Forum

show all 27 comments

Wed, 07 Nov 2018 15:59:14 +0100

The issues seems related to Curl being built with HTTP/2 support. If you can disable HTTP/2, then it appears to work. For FreeBSD users, recompile curl and deselect the HTTP2 option. YMMV

Wed, 07 Nov 2018 16:01:27 +0100

The issues seem related to Curl being built with HTTP/2 support.

Maybe but we never was affected before 7.62

Mario Vavti

Wed, 07 Nov 2018 17:45:26 +0100

Possibly related to this commit?
https://curl.haxx.se/mail/lib-2018-07/0027.html

Mario Vavti

Wed, 07 Nov 2018 17:51:32 +0100

Maybe there is no need to recompile if we set the curl option CURLOPT_HTTP_VERSION to CURL_HTTP_VERSION_1_1

Wed, 07 Nov 2018 18:10:57 +0100

Maybe, but where is CURLOPT_HTTP_VERSION defined in the Hubzilla code?

Wed, 07 Nov 2018 18:17:54 +0100

As far we have this issue with only PHP 7.2 + cURL 7.62 combination so I believe we no need to fix Hubzilla code.

phani (Hubzilla)

Wed, 07 Nov 2018 19:50:22 +0100

i'm using PHP 7.2 but cURL is still at 7.58. i hope nothing requires cURL == 7.62 when that comes up...

Mario Vavti

Wed, 07 Nov 2018 21:22:13 +0100

CURLOPT_HTTP_VERSION this a curl specific constant iirc.

The question is if the actual issue is in curl, php or hubzilla.

The only thing i am sure of is that curl issues are a pita to debug...

@phani (Hubzilla) don't worry...

Wed, 07 Nov 2018 23:54:44 +0100

I've managed to debug them in the past by logging on specific or predetermined urls.

Harald Eilertsen

Thu, 08 Nov 2018 13:07:57 +0100

I can confirm the issue on php 5.6 as well. I'll try setting the env var when I get back to the office.

Harald Eilertsen

Thu, 08 Nov 2018 16:45:35 +0100

Added env CURLOPT_HTTP_VERSION=CURL_HTTP_VERSION_1_1; to my nginx config, but does not seem to make any difference...

Mario Vavti

Thu, 08 Nov 2018 16:54:26 +0100 last edited: Thu, 08 Nov 2018 16:55:25 +0100

Those are curl options. See here: https://secure.php.net/manual/en/function.curl-setopt.php

Thu, 08 Nov 2018 17:10:11 +0100

@Mario @M. Dent
How about to add system variable [system][curl_http_version_2] with default 0 as 'HTTP/2 switched off'?

Mario Vavti

Thu, 08 Nov 2018 18:18:56 +0100

Sure... If it works at all with this option set...

Thu, 08 Nov 2018 18:36:33 +0100

Sure... If it works at all with this option set...

I did grep over Hubzilla code and found that cURL used in few places and modules.
May be will be a good idea to have system-wide cURL default options.

Mario Vavti

Thu, 08 Nov 2018 18:43:01 +0100

IIRC there need to be different options in different places under different conditions...

Thu, 08 Nov 2018 20:33:34 +0100

This is a completely separate dev task I've started on (literally "just started on" a few days ago), but my plan is to move curl into an object and turn the options into a CURLOPT array and move the $recursion argument to the end, and drop the binary flag on get (no longer needed).

Then CURL::get($url,$opts{,$recursion}) and CURL::post($url,$data,$opts{,$recursion}) will both set meaningful defaults and acts the same as it does now but something in $opts can over-ride the defaults. The only place it gets messy is a couple of custom options which set more than one CURLOPT for a particular task or aren't exactly related to CURLOPT (such as proxy settings). We can't be enumerating every possible CURLOPT so we will only provide over-ride logic for those we are defaulting and then set the whole array without even looking at it.

In this scenario,CURL::post() could be implemented completely using CURL::get() with a couple of additional arguments and avoid a lot of code duplication like there is now.

We can certainly manually set the http version now and offer an over-ride mechanism. Anyway keep this in mind. I won't be able to touch it until Zot6 is stable.

Mario Vavti

Sun, 11 Nov 2018 15:19:07 +0100

I did some testing and setting curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); in z_fetch_url() and z_post_url() seems to fix the issues i have been seeing so far.

But - cURL is not only used in our code. We also use libraries that use cURL. That means that there is some potential that other things will break also and there is no way to set this option globally...

Looking at cURL issues i don't get the feeling that this will be fixed anytime soon if it's a cURL issue at all. See https://github.com/curl/curl/issues/3253#issuecomment-437626311

Suggestions?

Bob Mottram 🔧 ☕ ✅

Sun, 11 Nov 2018 15:24:45 +0100 from ActivityPub

@mario I had a breakage related to curl and http/2 earlier.

Is there something going on with curl?

Manuel en todon.nl ? ?

Sun, 11 Nov 2018 15:32:35 +0100 from ActivityPub

@mario
An ignorant question, Mario: couldn't you cut the Gordian knot and use an alternative? I think of something like wget... I'm sorry for my daring ☺

Mario Vavti

Sun, 11 Nov 2018 15:33:39 +0100

@Bob Mottram 🔧 ☕ ✅ cURL is making http/2 requests by default since version 7.62
Prior to this version the default was http/1.1

Mario Vavti

Sun, 11 Nov 2018 15:37:30 +0100

@Manuel en todon.nl 📰 📚 cURL is a library, wget is a commandline tool. So that is no alternative (and i am not aware of any actually)...

Bob Mottram 🔧 ☕ ✅

Sun, 11 Nov 2018 15:39:40 +0100 from ActivityPub

@mario Is there a way to stop that, other than using an older version? This could wreck a lot of stuff.

Sun, 11 Nov 2018 15:39:51 +0100

We can try a dirty trick with curl_setopt overide somewere in boot.php.

rename_function('curl_setopt', 'std_curl_setopt');
override_function(curl_setopt', '$ch, $arr', 'return hz_curl_setopt($ch, $arr);');

function hz_curl_setopt($ch, $arr) {
    // Override received options how it will required
}

Mario Vavti

Sun, 11 Nov 2018 15:49:37 +0100

@Bob Mottram 🔧 ☕ ✅ basically one can force cURL to use http/1.1 with an option.

Manuel

Sun, 11 Nov 2018 16:43:40 +0100

Now I see you! My mastodon comments don't, naturally, because I don't have the plugin enabled. I was scared, who would help me with my problems hubzillians with jazz in the background?

Klaus

Tue, 13 Nov 2018 13:58:40 +0100

Guzzle is used by many PHP projects. By default it also uses cURL, but can also operate on different HTTP handlers. Most projects use Guzzle for PSR-7 response and request interfaces.
I think Sabre had its own http protocol handler library, but I have no idea in which state this library is. As far as I know Guzzle is far more popular, but I am not sure it will solve the problem.