XSF Discussion - 2020-03-15

so, completely unrelated to recent events, if I wanted to set up a reliable group video chat thing for friends&family, what would I do?

The only non-skype thing I have experience with is jitsi meet

Only ever used the hosted version though

Daniel, what’s the experience?

I expect the hosted one to get into certain difficulties soon

I'm using Nextcloud + Nextcloud Talk. The maximum people I tested it with was four.

nextcloud I already have

maybe I should re-evaluate setting up jitsi on my private prosody

Works super good on mobile (Android)

can you use the jitsi meet app with a self-hosted instance yet?

One time I couldn't get it to work but when we tried Skype afterwards it didn't really work either. (network issues on the other end I belive) but when it did work it was always ok

hm, I can’t find any documentation on how to set it up so far

seems like I should take notes

> nextcloud I already have Not good enough for you? You can send links and so, without an account.

Seve, I’d prefer to go with XMPP before trying Nextcloud Talk

though I *do* wonder how well such a videobridge/jitsi thing will work behind a NAT (on the server side.):/

I do run out of IP addresses

though I can probably argue for that being of shared value

wasn't one of the STUN things silently using google servers?

jonas’: There's a docker thing for jitsi meet that's not too complicated to get running

I agree, but anyway you don't have integration with IM clients anyway... Quite annoying

Zash, I don’t have docker on my servers

Seve, I can live with it requiring some kind of special client for now ✏

okay, let’s use the "broadcast" address of the network. what could possibly go wrong

jonas’: other boxes not finding the default gateway any more? ;)

Ge0rG, they’re statically configured :>

jonas’: static ARP?

no

just static routes

I’m already using the "network address" on one of the boxes with no issues so far

OTOH, there was a sysctl in linux a loooong time ago to ignore packets to your IP address sent to ethernet broadcast, because it uncloaked promiscous mode devices

Ge0rG, the gateway has static routes for each of the "funny" /32 addresses as onlink routes on the interface. all boxes already have static routes to the /32 of the gateway, because it’s not even part of the /29 they’re in

IPv4 is expensive

and I’m not going to pay 1 EUR / month for an address I’m not going to use

I'm still wondering how jitsi videobridge integrates with an existing prosody.

I’m figuring that out right now

jonas’: will you blog it? :D

I may

I'm interested in learning the steps needed to run my own videobridge on debian + proper prosody

me too!

jonas’: so write them down as you do, pretty-please :)

will do

ugh

identities: category='component' type='conference' [en] 'JitsiVideobridge'

so there’s that ✏

it is *very* opinionated about which (sub-)domain names you use :/

Ge0rG, https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md

this seems accurate AFAICT so far

it also means I have to start over

though that doesn’t use debian packages

I love how they tell you to forward the port 4443, which isn’t even bound to by jvb

I seem to have a working jitsi meet

TIL: jitsi-meet will make a room non-anonymous when it joins

so you’ll want a dedicated conference domain

*sigh*

I briefly looked at setting up jitsi-meet with existing prosody and quickly decided my own https://appr.tc/ instance would be easier, currently working on docker container that just spins it all up

what’s that?

the link you gave is incredibly non-descriptive ;)

the main thing jitsi meet is missing is I can't just send people a link, it won't work in a mobile browser

don't they have a mobile app?

but yeah I get the point of "not just send a link" on mobile

https://github.com/webrtc/apprtc / https://github.com/Piasy/WebRTC-Docker (this docker container isn't very suitable, runs 3 different http servers on different ports etc...)

vanitasvitae, yep they do, so now I have to send a link, plus a link to my custom compiled jitsi meet app? meh

I thought the main thing Jitsi Meet was missing is that it doesn't make noise and show popups

vanitasvitae: hitsi has, also on fdroid

I think you can set the instance

right?

oh, possibly, still that's a pretty large hurdle compared to "click this link"

"moparisthebest> the main thing jitsi meet is missing is I can't just send people a link, it won't work in a mobile browser" Yes you can? I do that all the time

I just tested it yesterday and it wouldn't work in a mobile browser, am I holding it wrong?

waiting for DNS to propagate to be able to test >.>

If they use a browser then the instance might redirect them to downloading an app on mobile, but you can certainly remove that

"click this link" is apparently completely useless, gotta show a popup with "someone's calling, [answer]"

I just tried on https://meet.jit.si/

moparisthebest, what device

On mobile it might annoy you indeed

I never have an issue on desktop

firefox mobile on lineageos (android 9) on a samsung galaxy GS5

oh yea, it works great on desktop

at this second I'm after minimal setup that *just works* on all browsers including mobile

appr.tc fits that bill, jitsi meet doesn't, I couldn't find anything else that might

Is that self-hosted?

*that* instance is hosted by evil google, but it can be self hosted

just checked the jitsi app. Setting my own instance was super easy

it is so sad that I had far better video quality when switching from wifi to mobile 🙁

#developingInternetCountryThings

vanitasvitae same here

someone mother’s wifi?

no. Fiber.

no, mine 🙁

hm, so jitsi-meet

I got it set up, but it’s rather different than what I expected

I wonder if it 'optimizes' the connection because of NAT and mulitple hops in my meshed wifi or something

AFAICT, I now got an open relay for WebRTC traffic

I expected it to be configurable in such a way that at least the host needs to authentiacte against my existing domain

jonas’ you can protect things with accounts etc - not sure how sturdy that is though.

most of the time that's handled by secrets and hmac jonas’

but yeah, the default install allows anyone to use it.

hm

appr.tc / coturn supports it out of the box like https://github.com/Piasy/WebRTC-Docker/blob/master/apprtc-server/ice.js#L5 + https://github.com/Piasy/WebRTC-Docker/blob/master/apprtc-server/turnserver.conf#L7

jonas’, yeah I've done that in the past, you can use xmpp auth

pep., interesting

moparisthebest, what?

moparisthebest, you seem to have missed the point

it's still semi-open, just time limited, but you should be able to do something similar with xmpp

jonas’, I'm saying you don't need coturn to do anything but authenticate an hmac, not contact your xmpp server/db, then it's just making the xmpp bit that hands out the secret do that

moparisthebest, I’m not using coturn though

I’ve got a jitsi-meet setup

jitsi-meet doesn't use coturn?

nope

nevermind then, but surprising

I was surprised, too

but they only need 10000/udp and 443/tcp, and those are bound directly to the Java process

ugh

ok, so the jitsi-meet doesn’t work at all.

I don’t even see it trying to send traffic to the bridge

and p2p seems to fail too

hm, no public support MUC either?

Oh is that why we get so many Jitsi Meet questions in the Prosody room?

probably.

meh

They are very active on their discourse instance - but that seems to be having trouble today.

also, discourse is unusable to me

also, I got used to IM community support

fwiw: if you want to spin up basic functionality without jumping through any hoops: install Openfire plus its ofMeet plugin. It'll give you limited features, and is outdated by at least a year - but you can set it up in 2 minutes.

I showed that in last years' XSF summit.

I specifically do not want that, I want it to integrate in my existing setup

totally understandable. Just wanting to give people some options that in these times are looking for a quick fix.

doing a separate install will give you better features, more performance, etc, etc.

I also don’t get how this is supposed to even work without any traffic to the videobridge

I’m wondering whether it gets confused about the A record for the domain not pointing to the videobridge

I didnt' read the backlog

or about having both a private and a public IPv4

but basically, the web app will talk to the video bridge over UDP or TCP

it doesn’t

zero traffic to that IP

I think on port 10000 UDP with a fallback to 443 TCP with a fallback to 4443 TCP if 443 can't be bound to by the process.

well, for 1-on-1 conversations, the webapp defaults to peer-to-peer

aha!

that’s a bit of information which is interesting

add a third participant to force things over the videobridge

and what if p2p fails for whatever reason?

unsure

where do I get a third participant now

note thta I've been out of the loop for 12 months too.

new incognito tab.

smart!

been there done that _a lot_ 😃

oh, look at this traffic

ta-daaaah.

ok, off to prepare dinner.

poke me if you need more help

lots of inbound traffic on the videobridge, but no outbound

nat weirdness?

no, nevermind ✏

you can configure it to ... ok.

ICE negotiation can take some time

my SSH session with tcpdump just died

so I see lots of inbound traffic, but virtually no outbound traffic on the videobridge

tcpdump will be pretty verbose with webrtc data 😃

approximately 1:10, maybe 1:20

maybe this:

you want to prevent the device of each end-user to have to process the raw data of all participants - which would not scale, and bring commercial laptops to their knees fast. the JVB will therefor accept all inbound data, process that, and push an optimized stream back out.

there's webrtc mumbojumbo for this that I fail to remember, but that's the gist of it.

iirc, you upload three video stream (thumbnail, medium and full resolution, somesuch), but participants are only interesting in one (depending on who's talking, etc)

so there's a lot of room for optimization there.

Guus, right, however, the data currently transmitted from my device would barely suffice for audio

(take all of this with a grain of salt - I'm far from an expert and I've not engaged with the devs for months)

most certainly not for three clients

did you mute video?

I disabled video to make tcpdump less verbose

yeah

maaaybe it's not actually sending data then?

yes, but why ;)

because you muted it?

but I didn’t mute audio

do you hear audio?

no

I don’t see any outbound traffic on my machine for the audio which is suggested should be going out by the VU-meter bars in my avatar thumbnail thing

then I don't know 🙂

as I said, got to prepare dinner

also it show bitrate etc as N/A when I hover over my avatar

also: covid update from government in a couple of minutes

yeah, good luck and have fun

tx

that n/a bitrate was always there - confused me a lot

oh, maybe it uses (or tries to use) P2P for audio always?

but this is pretty much where my knowledge ends too

it’s a *video*bridge after all

don't think so, but maybe.

ok, I'm out.

bon appetite

Poke Dele when he's in here - he's familiar with Jitsi.

tx

okay, it’s not a purely local issue -- using meet.jit.si gives me a nice audio feedback loop instantly :)

okay, so apparently, jitsi-meet wants that it runs on the same hostname as it advertises

this is stupid

Oh yeah, I remember it being very picky about names of the various parts.

can’t do that on my infra without doing nasty things

like having two network namespaces with the same hostname

or installing third-party packages on the main box

I appreciate the reassurance my "this looks too complicated" was correct :/

it’s too undocumented mostly

A/V is complex, all those simple WebRTC apps are a golang-esque simplification which don’t hold in edge cases (non-web, for example)

here simplify is a good thing, I can send a link over xmpp or sms or anything, and anyone with a web browser can click it and have it work

not "here's a link that will work in a desktop browser, but if you are on mobile, please find a way to install this jitsi meet app, and also go into settings and change the default hostname, and maybe then it might work"

you realize that sounds insane right?

moparisthebest, all depends on your usecase

installing the app was trivial

even for me on f-droid

it takes a full URL nowadays, so no need to change the hostname

how's the iOS app?

now I also need to know what os my contact is currently on?

I don’t care about iOS

why doesn't it *just work* in a mobile browser too?

on my phone it probably wouldn’t work, even if they tried, because it already OOMs when you open two or three normal broswer tabs at once.

using a dedicated app without the javascript bloat is a much saner way

But does it ring?

my phone is 6 years old and I can run hundreds of tabs in firefox mobile *and* this video/audio webrtc thing ¯\_(ツ)_/¯

moparisthebest, good for you!