XSF Discussion - 2017-12-09


  1. Ge0rG

    iNPUT🐁: you are kicking Tobias from this MUC all the time :>

  2. jonasw

    lol

  3. jonasw

    even thoug you need to pass strict=False for the aioxmpp JID parser too -- it’s unassigned in unicode 3.2 :)

  4. Ge0rG

    I remember that from my 🤖 abuse

  5. jonasw

    robotface

  6. jonasw

    I remember mostly my zalgo abuse

  7. Ge0rG

    A zalgo nickname, that would be fun.

  8. jonasw

    it was fun

  9. jonasw

    /nick j̷̨͚͉͖̝͖̩͖̟͔̥̭̘̃̒̆̏͒͑̋́͆̇ͮ̄̽͋͆ͤo̴̵͂ͩ̉̌ͧ̒ͩ͗̉͒ͤ̐ͥ̚҉̢̪̫͔̳̹̖͙͠n̶̛͍̠͎̞̹͕̜̝̘̯̣̰̲̙̠̖̳̺ͨ̍̏̉̍͌̊ͧ̅̉̀͂͗ͦ̈̍͒̇̋ͅa̛̯̗̫̫͙̦̦̰̹͎͈͔͚͌̆ͦͫ͋̾̏ͭ̕͜͟s̸̴͓̥̰̳̱̻̗̣̳͕̭̜̪͕̙͐ͭ̃̌ͣ̃̑ͬͅͅw̷ͩ̐̅̄ͬ͊̾ͬ͛͘͜҉͔̘̯̪̜̥̰̲͉̩̖̩ͅ

  10. jonasw

    poezio is confused by it

  11. Ge0rG

    So I implemented resourceprep for nicknames in yaxim, but then I wasn't able to use emoji nicknames, so I removed that again.

  12. jonasw

    :D

  13. jonasw

    implement resourceprep, but ignore unassigned codepoints

  14. Ge0rG

    Thats not how libidn works :(

  15. jonasw

    :P

  16. Ge0rG

    Okay, so I'm in a good mood. I will try to make AndroidStudio work with yaxim again.

  17. jonasw

    goodbye to your good mood

  18. Ge0rG

    Ah, another bit of XMPP trivia to dig out: is a user implicitly subscribed to themself? They can't add their own JID to the roster, but are they subscribed? Context: https://prosody.im/issues/1052

  19. jonasw

    huh

  20. Ge0rG

    > To take advantage of all the latest features (such as Instant Run), improvements and security fixes, we strongly recommend that you update the Android Gradle plugin to version 3.0.1 and Gradle to version 4.1. Yeah. Last time I said "yes" to that kind of dialog, it broke everything for me.

  21. Ge0rG

    > Warning:The specified Android SDK Build Tools version (25.0.0) is ignored, as it is below the minimum supported version (26.0.2) for Android Gradle Plugin 3.0.1. Android SDK Build Tools 26.0.2 will be used. There goes my mood again.

  22. jonasw

    (I’m not sure this is proper on-topic here)

  23. jonasw

    also, you have been warned :)

  24. Ge0rG

    It's not. But it's Saturday, and the XSF doesn't work on weekends.

  25. jonasw

    it does not? oh. docker kill xmpp.net-frontend; docker rm xmpp.net-frontend :)

  26. Ge0rG

    jonasw: if you are bored, you can also have a look at that self-roster vs self-presence thing ;)

  27. jonasw

    I’m pretty sure I added meself to the roster before

  28. jonasw

    yup, works instantly

  29. Ge0rG

    jonasw: it's not allowed.

  30. Ge0rG

    I just don't remember where it's written down.

  31. jonasw

    ah indeed

  32. jonasw

    it’s only pidgin which pretends that it works

  33. iNPUT🐁

    Sorry Tobias!

  34. jonasw

    great, whenever iNPUT🐁 writes, my input line acts up

  35. jonasw

    .

  36. Ge0rG

    iNPUT🐁: Tobias isn't there, because "Kicked: jid malformed: The source address is invalid: xsf@muc.xmpp.org/iNPUT🐁"

  37. jonasw

    Ge0rG, for the purpose of mod_firewall, I’d suggest to treat self as both IN_ROSTER and SUBSCRIBED.

  38. Ge0rG

    jonasw: yes. But what about rostermanager?

  39. jonasw

    i don’- care

  40. jonasw

    why would I need to care?

  41. Ge0rG

    iNPUT🐁: wouldn't iNPUT🐁🐁 be a more correct nickname? :P

  42. Ge0rG

    jonasw: because you just wrote the same thing I stated in the ticket, but in other words? :P

  43. iNPUT🐁

    Ge0rG: I thought about that, but I'll just let Tobias back :P

  44. jonasw

    you need to renick for that

  45. jonasw

    and we need to purge your messages from the history probably

  46. Ge0rG

    Whoops. yax.im's disk is full.

  47. Ge0rG

    looks like I need better compression for the backups.

  48. Ge0rG

    Killed another (single) spammer account, that was registered last night via direct TCP instead of SRV.

  49. Ge0rG

    It's bad when you don't have IP address logs due to nasty NAT

  50. jonasw

    hm, Kev, do you have a minute or two to give me a few tips on the nginx-php-thing?

  51. Kev

    I'm just about to go out for a jog, so not many. What's up?

  52. jonasw

    so AFAICT, the config assumes that everything goes through a single app.php

  53. jonasw

    this is not the case for this application, and I have no idea how to re-write the config properly. my attempts range from "it offers the php file for download" to "404"

  54. Kev

    The first of those sounds useful. App-on-demand or something.

  55. jonasw

    this is what I’ve got now, nginx-wise: server { listen 8000; root /opt/installtree; location / { # try to serve file directly, fallback to app.php try_files $uri =404; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/run/php/php7.1-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param HTTP_PROXY ""; fastcgi_index index.php; internal; } error_log /var/log/nginx/rff_error.log; access_log /var/log/nginx/rff_access.log; }

  56. jonasw

    it’s especially useful for secrets.php :)

  57. jonasw

    (this one 404s)

  58. jonasw

    (I haven’t touched the php-cgi-fpm-thing config yet)

  59. Kev

    That doesn't look immediately stupid.

  60. jonasw

    \o/

  61. Kev

    Although I'm not much of a PHP person, and certainly not a running-PHP-in-webservers person.

  62. Kev

    You almost certainly don't need the location / block, though.

  63. jonasw

    there are static files in the app which need to be served. are you sureS

  64. jonasw

    there are static files in the app which need to be served. are you sure?

  65. Kev

    Oh. No, then :)

  66. Kev

    If you're at giving up stage, do you want to upload what you've got so far somewhere, and maybe someone can help? Maybe even me, although I'm going to struggle to find time over the next few days.

  67. jonasw

    I’m at the massively-confused-stage

  68. jonasw

    but sure

  69. Kev

    There must be *someone* here who's a PHP person.

  70. jonasw glances at daniel

  71. jonasw

    even though I think we need an nginx-php-persion

  72. jonasw

    https://github.com/horazont/xmppoke-frontend-docker there you all go

  73. daniel

    i'm not an nginx person. when i did php everyone was using apache

  74. daniel

    and there was this thing called lighttp which the kids today have never heard about

  75. jonasw

    I have!

  76. jonasw

    I personally only use apache, though :)

  77. jonasw

    maybe somebody on members@ will step up :(

  78. Zash

    Is that a thing that ever happens in a volonteer based org?

  79. jonasw

    Zash, I did step up

  80. SouL

    Received the email, crossing fingers to find someone

  81. jonasw

    also, I tried the classic trick: put something up in the internet which is WRONG

  82. jonasw

    maybe it helps :)

  83. Zash

    Sure, but rewriting the entire PHP thing from scratch is too much work.

  84. Zash

    :P

  85. jonasw

    Zash, actually, I came to thinking that rewriting that thing in python would probably be much faster than trying to get this PHP thing to work

  86. jonasw

    anyways, &-ing this for now

  87. Ge0rG

    jonasw: great job so far!

  88. jonasw

    thanks

  89. Flow

    > Ge0rG> Ah, another bit of XMPP trivia to dig out: is a user implicitly subscribed to themself?

  90. Flow

    are you still intereseted in an answer?

  91. Ge0rG

    Flow: yes

  92. Ge0rG

    Flow: it's for me and for https://prosody.im/issues/1052

  93. Flow

    Ge0rG, I think https://tools.ietf.org/html/rfc6121#section-4.2.2 answers it

  94. Ge0rG

    Flow: it's related, but technically it doesn't say you are subscribed to yourself

  95. Flow

    Ge0rG, right, but you also didn't want to know if a roster query for your own JID would return an item, leave alone a subscription state

  96. Flow

    because you said that one can not be in its own roster. do you happen to have a link to where it's specified?

  97. Ge0rG

    Flow: no link :(

  98. Flow

    Ge0rG, you may want to add that to https://wiki.xmpp.org/web/index.php?title=XEP_and_RFC_Remarks (or, but i'm not sure if it's a good fit, to the RFCs errata)

  99. Ge0rG

    At least it's not restricted in https://xmpp.org/rfcs/rfc6121.html#sub-request-outbound

  100. Ge0rG

    Maybe it was just a server implementation limitation

  101. jonasw

    that’d also explain why pidgin fakes it.

  102. jonasw

    or maybe not

  103. jonasw

    I’d trust pidgin to ignore explicit errors in that regard...

  104. Ge0rG

    Ah, https://xmpp.org/rfcs/rfc6121.html#roster-add-errors - > Interoperability Note: Some servers return a <not-allowed/> stanza error to the client if the value of the <item/> element's 'jid' attribute matches the bare JID <localpart@domainpart> of the user's account.

  105. Flow

    Ge0rG, so it is allowed, good to know

  106. Ge0rG

    Flow: it's not forbidden in that single place, at least.

  107. Guus

    Jonasw, php-wise, what do you need?

  108. Guus

    Last time I looked, php 4 was just released

  109. Guus

    but I'm confident that together, we should be able to make something work :)

  110. jonasw

    Guus, essentially, that docker container just 404s

  111. jonasw

    and I have no idea why

  112. Guus

    which container?

  113. jonasw

    could be nginx, could be php-fpm

  114. jonasw

    oh, I thought you read that email

  115. Guus

    I did

  116. Guus

    but not close enough, probably :)

  117. jonasw

    there’s a link to a github repo

  118. Guus

    ah, I missed that

  119. Guus

    ah, wife just assigned me chores :)

  120. Guus

    I'll be back in ~45 minutes

  121. jonasw

    heh

  122. jonasw

    that’s what I’d say too, if I was about to debug nginx-php-things

  123. jonasw

    :)

  124. pep.

    jonasw, I'm tring to run your xmppoke-frontend-docker. composer.json is not in xmppoke-frontend, is it left as an exercice to the reader? :x

  125. pep.

    xnyhps, ^

  126. jonasw

    what is a composer.json?

  127. jonasw

    there’s no such thing

  128. pep.

    There are mentions of that in your Dockerfile

  129. jonasw

    pep., the docker stuff expected some stuff which the frontend thing doesn’t do

  130. jonasw

    yeah

  131. jonasw

    ignore that

  132. pep.

    k

  133. jonasw

    I need to strip that out

  134. jonasw

    (that’s from kevins template which expects things I don’t know about adn which aren’t in xmppoke-frontend either, so I dropped that)

  135. pep.

    k

  136. pep.

    composer.json is just python's requirements.txt equivalent

  137. jonasw

    ah

  138. pep.

    composer.json is just python's requirements.txt's equivalent

  139. jonasw

    I don’t think there are any requirements

  140. pep.

    Ok, stripping that out

  141. Guus

    jonasw: that postgres instance is not in poker, is it?

  142. jonasw

    Guus, no, it isn’t

  143. jonasw

    didn’t proceed that far yet, I was about to use my local postgresql instance

  144. Guus

    that probably explains why my browser is timing out

  145. jonasw

    uh, but you got the PHP stuff to work?

  146. Guus

    ah, yeah, php now complains

  147. jonasw

    amazing!

  148. jonasw

    care to make a PR?

  149. Guus

    well, I simply removed everythign I didn't understand and used the apache-based default

  150. jonasw

    ah, so s/nginx/apache/?

  151. Guus

    let me show you, one sec

  152. Guus

    I didn't get that huge startup script - if there was anything important apart from the secrets in there, it's now missing.

  153. jonasw

    I’m all in for simplicity

  154. Guus

    also, I _detest_ docker for its installation procedures.

  155. Guus

    messed up my entire setup :(

  156. jonasw

    how that?

  157. Guus

    a) make it run b) make it right.

  158. Guus

    docker vs docker.io vs docker-ce vs docker-whatever?!

  159. jonasw

    apt install docker.io docker-compose works for me :/

  160. Guus

    it complained about mismatched versions (I think your compose uses a version 3, while my executable didn't see beyond 2)

  161. Guus

    but, whatever. It now runs

  162. pep.

    `pacman -S docker`? :)

  163. Guus

    let me PR

  164. jonasw

    Guus, thank you :)

  165. pep.

    I'm also having a look btw

  166. Guus

    PR done

  167. Guus

    I'm somewhat worried about having passwords in secrets.php - is that visible to end-users?

  168. jonasw

    I sure hope not

  169. jonasw

    but I’ll tackle that later

  170. jonasw

    (I think modifying common.php to include from somewhere non-docrooty should be possible)

  171. jonasw

    there’s also that huge patch from Holger which needs to be dissected

  172. pep.

    Guus, that can be hidden by the web server for a start, but yeah otherwise, it's meh

  173. Guus

    also, php's docker page suggests adding a php.ini, which we're not doing. might be another good improvement

  174. Guus

    but, lets first make it run

  175. jonasw

    let’s give this a shot :)

  176. Kev

    Passwords should come in from envvars.

  177. jonasw

    they do

  178. pep.

    jonasw, PHP should get them from envvars

  179. jonasw

    pep., Guus made it so that they do

  180. pep.

    I see, right

  181. Guus

    yeah, that's what I did - I think the upstream code requires them to be in a file though

  182. jonasw

    doesn’t matter in the end, I think

  183. jonasw

    I mean this way it’s not even a problem if a user can downloda secrets.php

  184. jonasw

    because the values aren’t in there

  185. jonasw

    I’m still not happy how that thing compiles everything from source :/

  186. Guus

    well, if its interpreted....

  187. jonasw

    Guus, if it’s interpreted, the values aren’t printed

  188. Guus

    ah, true.

  189. jonasw

    neat

  190. jonasw

    now waiting for my postgres to come up :)

  191. pep.

    I wonder if there's a way to change the docker-compose conf with args. To not have :80 used locally when testing. But that's a detail

  192. jonasw

    https://sotecware.net/images/dont-puush-me/1_VdnTsM33q5rg2DBpWfM_XjS4EnHCjjS__RzU9QGsg.png

  193. jonasw

    neat!

  194. jonasw

    thanks a lot, Guus

  195. Guus

    hurray!

  196. Guus

    I think you did the hard work, jonasw :)

  197. jonasw

    now I need to get some dependencies in order d)

  198. jonasw

    Fatal error: Uncaught Error: Call to undefined function idn_to_utf8() in /var/www/html/result.php:25 Stack trace: #0 {main} thrown in /var/www/html/result.php on line 25

  199. pep.

    jonasw, that's where composer.json comes into play :P

  200. jonasw

    I think that’s a PHP module

  201. Guus

    https://hub.docker.com/r/library/php/ <-- has some documentation on how to add extensions

  202. jonasw

    need to figure out the extension name though

  203. pep.

    err, PHP

  204. Kev

    Add php7.1-intl to the apt line.

  205. Kev

    I think that'll do it.

  206. Guus

    intl

  207. Kev

    Oh, it's there already.

  208. Guus

    exactly

  209. Kev

    Hmm.

  210. jonasw

    uhm

  211. jonasw

    you’re looking at different files

  212. Kev

    No idea then, that should already be available.

  213. jonasw

    Kev, guus essentially re-wrote everything

  214. Kev

    I'm looking at the dockerfile I sent over.

  215. jonasw

    yeah

  216. pep.

    Kev, 7.2 with the PR

  217. Kev

    I shall leave you all to it then.

  218. jonasw

    :)

  219. Kev

    I feel pleased I spent that time sorting out the files I sent over :p

  220. jonasw

    Kev, sorry

  221. Guus

    I'm not invested in whatever I did

  222. Guus

    I basically punched it until something worked

  223. jonasw

    Kev, if you can figure out why it didn’t work, I’m happy to go back to yours, because I’m still a bit uneasy with the PHP docker images.

  224. Kev

    'PHP docker images'?

  225. jonasw

    https://hub.docker.com/r/library/php/

  226. Kev

    Not those ones that mount the source into the image?

  227. Guus

    I read somewhere that they provide the source as a tarball?

  228. Guus

    unsure

  229. Guus

    it runs. :)

  230. Guus

    jonasw, need me for anything else?

  231. jonasw

    I don’t think so

  232. jonasw

    thanks a lot

  233. jonasw

    and one more apology towards Kev

  234. Guus wanders off

  235. jonasw

    yeha

  236. jonasw

    I just queued the first test :)

  237. jonasw

    now for the postgresql …

  238. jonasw

    wat, jabber.org is weird. Pre-TLS, they only offer DIGEST-MD5. Post-TLS, they offer: CRAM-MD5, DIGEST-MD5, LOGIN, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS

  239. Zash

    Wat

  240. Zash

    Also, wat

  241. jonasw

    I wonder whether it’s related to this: https://github.com/cyrusimap/cyrus-sasl/issues/379

  242. Zash

    <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls><mechanisms ... why???

  243. Zash

    Why offer SASL at all?

  244. jonasw

    maybe the order isn’t fixed?

  245. Zash

    Does M-Link use Cyrus SASL?

  246. jonasw

    dunno

  247. Zash

    -rfc 6331

  248. Bunneh

    Zash: Moving DIGEST-MD5 to Historic. A. Melnikov. July 2011. (Status: INFORMATIONAL) https://tools.ietf.org/html/rfc6331

  249. jonasw

    Zash, is there an ETA for a 0.9 bugfix release?

  250. jonasw

    I wanna put that in my release notes

  251. jonasw

    or rather, if you aren’t planning on having such a thing soon, I’ll put that in there

  252. Zash

    Weeks ago

  253. jonasw

    ha, okay

  254. Zash

    Waiting for MattJ to have time to tag+sign a tarball AFAIK

  255. jonasw

    will the MUC fix be included?

  256. Zash

    Yes

  257. jonasw

    thanks for the info :)

  258. jonasw

    how about 0.10?

  259. Zash

    Pretty much the same answers

  260. Zash

    Except being the stable release, we'd also build .debs and such

  261. edhelas

    Would it be possible to enforce default sizes for the avatars in XMPP ?