-
marc0s
by any chance, do some of you will attend januscon.it later this month? I'm asking because as I read some emails/discussions around jingle/call-related stuff... Wondering if we can meet and have some drinks if that's the case :)
-
Daniel
marc0s, no. but let me know in case there is ever a more open source focused conference in italy. i'd love to go, maybe even give a talk
-
marc0s
Daniel, no that I'm aware of right now. Will ping you if I know of something. Not living in Italy, though :)
-
marc0s
i'm on the process of adding XEP-0402 support to stanzajs and was wondering how a client should actually determine how to store its bookmarks given the server supports both private storage and pep/pubsub. Any ideas/comments/warnings? :)
-
Daniel
xep 402 is only specified to work with pep
-
Daniel
but pep and publish options as well as private xml have features announcments on the account disco
-
marc0s
but, given that disco announcements offer all the options, what should a client use?
-
pep.
As not many clients (none?) use 402 yet, you probably also want to support the other pep bookmark thing?
-
pep.
(48?)
-
Daniel
what i do (but that's only for bookmarks 1); is to check if my server supports the conversion xep and if it does i use pep because it's more efficient. and if not i publish to private xml because that's more widely used
-
marc0s
that would be a safe route, yes
-
Daniel
i haven’t found a strategy to incorperate bookmarks 2 into the mix
-
Daniel
probably have the conversion xep also convert into bookmarks 2
-
Zash
Bookmarks Conversion 2: The seriousening
-
marc0s
I'm not fully aware of the XEP processes, but it does not sound crazy to me to make 411 take 402 into account
-
Ge0rG
I think that 402 should mandate backend-side conversion between all the stores.
-
Daniel
402 still lacks a lot of things
-
Daniel
it should probably also mention that the node needs to be configured
-
marc0s
should we then need Bookmarks 3: The Good One :)
-
Zash
Like I mentioned the other day, node item count limits will be fun
-
Ge0rG
Bookmarks: Revolution
-
marc0s
Zash, yep :)
-
Zash
XEP-0927: Bookmarks 2000: This time we finally got it right!
-
lovetox
im not convinced on 402, i think it makes the bookmark implementation alot more complex
-
lovetox
right now i request on start my bookmarks, i get all, and if another device changes one, i also get all, and thats it there are only these 2 things to think aobut, request, and notification
-
lovetox
with a items based approach, you suddenly have to think about stuff like, what if another device deletes on item? do i get a deletion notification once i come online? no .. what if a device adds 2 items while im offline, do i get 2 items when i come online? no .., so im back to requesting all bookmarks items on start anyway, this time with a more overhead as each bookmark is in its own item
-
jonas’
lovetox, and with one item, you have to think about: what if another device modifies/adds the same item at the same time, e.g. in response to an invite or something
-
jonas’
what if the modifications aren’t identical
-
lovetox
so it seems the only benefit is, that if a device adds a bookmark while im online, i get only one item instead of all
-
jonas’
or rather, what if two devices concurrently edit two different items
-
lovetox
i would consider this if i modify my bookmarks 50 times per hour
-
lovetox
but realisticly its probably 3 times a day
-
lovetox
jonas’, this is highly unlikely, server processes events in order
-
lovetox
invite means both clients modify the same item in the same way
-
Daniel
lovetox, i ran into problems with deleting multiple bookmarks in quick sucession
-
Daniel
meaning delete the second one while the first one is still in flight
-
lovetox
yes Daniel i can see the problem, especially with ejabberd
-
lovetox
as it notifys the issuing device with a pep notification
-
lovetox
if you take this notification serious, you add back the bookmark that you just deleted
-
Daniel
yes
-
lovetox
we should fix that in ejabberd though, prosody doesnt do this
-
Daniel
i'm not sure that ejabberd is broken in that regard?
-
lovetox
yes, if i issue a publish, and i get a result that it was ok
-
lovetox
i dont see a reason why i need a pep notification
-
lovetox
its not "broken"
-
lovetox
its just useless and leads to problems as we can see
-
jonas’
lovetox, yes, server processes events in order, but clients have latency to the server
-
Daniel
useless maybe. but i'm not willing to by that this is the cause of the problem
-
Daniel
this is just what makes you notice the problem
-
Daniel
*to buy
-
lovetox
i feel we just exchange some kind of problems with other kind of problems with 402
-
Daniel
i mean this is just the most obvious race. but as jonas’ pointed out there are other (unlikely?) races in there as well that involve multiple clients
-
Daniel
lovetox, what problems do you see with 402 aside from the upgrade path
-
lovetox
as i wrote above, it just mentions the benefit, that you can modify one item at a time, but it should have much more on implementation notes, probably because no one implemented it yet
-
lovetox
stuff like, if you start, you get the last bookmark item that was published
-
lovetox
probably should ignore it, until you requested all bookmarks
-
lovetox
stuff like node configuration
-
Daniel
lovetox, yes bookmarks 2 is not done yet. and you can just configure the node to not send the last item
-
Daniel
which i agree the xep should do
-
lovetox
whith what id do we publish, or does the server choose ids
-
lovetox
how do we make sure we dont overwrite items
-
Daniel
lovetox, the id is the jid. i think the xep says that
-
lovetox
ah kk, what i want to say is, i dont see a big problem with the xep, just it obviously was never implemented
-
lovetox
and my problems with bookmarks1 are not that big, that i jump into the cold water :)
-
Daniel
also the XEP needs to do something about max items
-
Daniel
so there are things in the xep that are underspecified a bit
-
Daniel
but fixing the race seems to be worth while to me
-
Daniel
also; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well
-
guus.der.kinderen
> also; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well Customers ask for this? As in, read-only bookmarks, shared be a group of people?
-
Daniel
guus.der.kinderen: well the ask for can we put people into group chats by default
-
Daniel
Like when they first open the app
-
Daniel
And bookmarks seems like one way of doing that
-
guus.der.kinderen
Openfire has a plugin for that. It doesn't do anything fancy, only injects additional bookmarks in a persons bookmarks collection.
-
guus.der.kinderen
Daniel: yeah that's what we use it for, by adding autojoin bookmarks
-
Daniel
guus.der.kinderen: yes and server side that seems less messy with bookmarks 2
-
guus.der.kinderen
It's pretty clean in any form. You simply add a list of shared entries to the personal list, and subtract that list while editing.
-
Daniel
You could then properly reject the deletion. Instead of having it just magically Reeapear
-
guus.der.kinderen
Right
-
guus.der.kinderen
Ok, gotta put the kid to bed. Afk.
-
lovetox
Daniel, do you send always set SNI ext, even for starttls?
-
Daniel
lovetox: why do you ask? I think I didn't but my last refractor yesterday might have accidentally set it
-
lovetox
im asking because i contemplate doing this
-
lovetox
gmail xmpp server mandates it
-
lovetox
it needs sni even on starttls
-
lovetox
and it would make my code less complex
-
Daniel
Oh right. Yes now that you mention it I think I did that
-
lovetox
i dont really care about gmail
-
Daniel
Well since yesterday my setup tls socket code is the same for starttls, direct tls and tor
-
Daniel
So it's not more code. Is what I wanted to say
-
Zash
I've been trying to make Prosodys certificate and TLS management code treat STARTTLS and TLS+SNI the same.
-
moparisthebest
Daniel, how are you doing DNS for tor ?
-
Daniel
moparisthebest: not at all. You have to specify the hostname
-
Daniel
(if your server doesn't a record to the same machine)
-
moparisthebest
hmm, then how do you know direct TLS or STARTTLS
-
lovetox
you dont
-
lovetox
you expect the server to offer stuff on the standard ports
-
Daniel
You can enter port 5223 or 443 and then it will assume that this is direct tls
-
Daniel
Which is debatable for 443 but who cares
-
moparisthebest
when you run a tor exit node you get to pick what outgoing ports you support, I feel like more might support 443, but I'm not sure
-
lovetox
also moparisthebest some servers have .onion adresses
-
moparisthebest
which you can put in DNS SRV records
-
lovetox
.onion adresses have DNS records?
-
Daniel
Yes. I was about to say. If you are serious about tor I'd recommend you put in the onion address in the hostname field
-
Daniel
That's what I would recommend to my users
-
moparisthebest
lovetox, no, but I can put a .onion in the SRV record for moparisthebest.com for example
-
lovetox
how does that help someone that wants connect to a server and only have the .onion adress?
-
lovetox
why would a hidden tor service, link itself to a non-hidden srv domain record
-
moparisthebest
why not?
-
lovetox
because you are not anonym anymore then
-
Zash
moparisthebest: someone like that would care about leaking the SRV lookup
-
moparisthebest
don't leak it, look it up over TOR
-
lovetox
anyway, to support TOR the server admin has to be aware of it
-
Daniel
How does that help when you can't do SRV over Tor?
-
lovetox
and a onion service even more so
-
Daniel
I mean even if you put the onion in dns how are you going to discover it?
-
Ge0rG
DoH to the rescue!
-
Daniel
No
-
moparisthebest
you can, do DoT or DoH to 1.1.1.1 or even regular DNS over TCP to port 53 of dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion
-
moparisthebest
(which cloudflare runs)
-
Daniel
So I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?
-
moparisthebest
maybe, you can hard-code a few, or run your own
-
lovetox
moparisthebest, if you are serious about TOR, you will *not* DNS anything
-
lovetox
you will just pass the onion adress to the tor proxy
-
lovetox
thats it
-
lovetox
the moment you involve cloudflare, this degrades TOR seriously
-
Daniel
Yeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server
-
moparisthebest
wouldn't it be nice if a user of regularservice.com that happened to have tor could just connect over it automatically without typing .onion addresses though?
-
Daniel
And maybe go read the privacy policy of your provider while you are at it
-
lovetox
moparisthebest, i dont think you get the idea of TOR
-
lovetox
the idea of TOR is that nobody but you yourself and your machine, knows where you gonna connect to
-
lovetox
this rules out asking anyone for any information regarding your connection target
-
lovetox
because then you leaked your intent
-
moparisthebest
I don't think so, after all HTTPS over tor asks for A records right?
-
moparisthebest
how is this different?
-
lovetox
im not a tor expert but im pretty sure the tor network makes the dns request
-
lovetox
not your machine
-
moparisthebest
the intent is my ISP doesn't know where I'm connecting to
-
moparisthebest
the built in tor DNS supports A and CNAME and nothing else though, asking an .onion address for SRV records is essentially the same
-
lovetox
Tor is not only to hide your intent from your ISP
-
moparisthebest
it *can* only be for that though?
-
lovetox
if that would be the case you would not need tor, just DoH
-
lovetox
and a proxy
-
moparisthebest
that sounds harder than tor, and also not as secure/the same
-
lovetox
if you make a dns request via tor, probably it routes it through the tor network
-
lovetox
means nobody in theory can trace it back to you
-
lovetox
not even cloudflare
-
lovetox
and thats the goal
-
lovetox
not exchaning your ISP for cloudflare trustwise
-
lovetox
its you trust no one
-
moparisthebest
and if you ask cloudflare's .onion for a SRV record they also can't trace it to you, right?
-
moparisthebest
in fact it never even crosses the clearnet for anyone
-
lovetox
yes, if we could ask a SRV record over the tor proxy this would work
-
lovetox
but it doesnt, because TOR just does not support SRV
-
moparisthebest
but asking an .onion is asking over the tor proxy
-
Daniel
lovetox: it does. If you ask cloud flare over tcp
-
lovetox
you propose to do the dns request yourself
-
Daniel
Yes
-
lovetox
yes that would work, never done anything like that though, so dont know how complex this is
-
moparisthebest
yes, just like DNS-over-TLS, DNS-over-HTTPS, and DNS-over-XMPP proposes
-
lovetox
but sounds complicated
-
Daniel
I'm already dining my normal dns requests myself✎ -
Daniel
I'm already doing my normal dns requests myself ✏
-
lovetox
i mean there are libraries and dns lookup tools
-
moparisthebest
it's annoying enough that you should probably just use a library
-
lovetox
you cant use them, so you have to implement the whole dns request protocl yourself
-
Daniel
It's not rocket science. But I won't bother any time soon
-
Daniel
Because > Yeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server
-
moparisthebest
asking an .onion should be as quick as possible, it's not going through any exit nodes anyhow
-
Daniel
And > So I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?
-
lovetox
moparisthebest, its not about quick, its about implementing another protocol
-
moparisthebest
time to expose an unbound port over a tor hidden address ran by conversations.im :D
-
moparisthebest
wait why can't you use existing dns lookup libraries/tools lovetox ?
-
moparisthebest
conversations uses minidns or something if I recall
-
lovetox
i just doubt they let you use them over a tor proxy
-
lovetox
but never used one
-
moparisthebest
it's just a socks5 proxy, they should...
-
lovetox
i know that i cant use python inbuilt one
-
Daniel
moparisthebest: fwiw minidns doesn't support dns over TLS or https
-
moparisthebest
you can just do regular TCP on an .onion though, or I can put in a PR to swap minidns out for https://github.com/moparisthebest/jDnsProxy lol (not really)
-
lovetox
moparisthebest, maybe you missed it, i already agreed with you that it is possible
-
lovetox
but as Daniel said, the people who want to use TOR are 1% of the users
-
lovetox
and they can take the 2 minutes to get the onion adress
-
lovetox
im not going to jump through hoops programming wise to save them those 2 minutes
-
moparisthebest
that's fair, I'd kind of like it to be seamless to have regular users connect over tor too, but other people probably disagree
-
Daniel
We are also only talking about the subset of tor users on providers that don't listen on the a record
-
moparisthebest
FYI this is the cloudflare .onion reference https://developers.cloudflare.com/1.1.1.1/fun-stuff/dns-over-tor/
-
moparisthebest
I'll be running a public, anonymous-login-supporting DNS-over-XMPP on clearnet and .onion whenever I get back around to finishing setting it up...
-
💋ᵐyᵃᵇᵃᵇᵉᶻ💋
?
-
tom
whoever 'jdev@muc.xmpp.org/💋ᵐyᵃᵇᵃᵇᵉᶻ💋' is please change your nic
-
tom
it's making my software freak out
-
tom
how did you even join this muc with that nick? It should be invalid
-
Zash
Why?
-
tom
because it's using invalid characters or encoding
-
Zash
It's UTF-8, but there are barely any other limits
-
mathieui
it’s valid
-
mathieui
ant it works here✎ -
mathieui
and it works here ✏
-
Zash
Valid UTF'8 that passes resourceprep and isn't entirely whitespace, so legal under those rules.
-
Zash
Altho, it does not pass Prosodys resourceprep if I recompile it without USPREP_ALLOW_UNASSIGNED, but I think it's using Unicode from 1997 or something then.