jdev - 2019-09-06

  1. Lance has left

  2. bent3n has joined

  3. bhaveshsgupta has left

  4. bhaveshsgupta has joined

  5. aj has joined

  6. Lance has joined

  7. bhaveshsgupta has left

  8. bhaveshsgupta has joined

  9. bhaveshsgupta has left

  10. bent3n has left

  11. bhaveshsgupta has joined

  12. bhaveshsgupta has left

  13. bhaveshsgupta has joined

  14. bhaveshsgupta has left

  15. bhaveshsgupta has joined

  16. bhaveshsgupta has left

  17. bhaveshsgupta has joined

  18. Lance has left

  19. bhaveshsgupta has left

  20. bhaveshsgupta has joined

  21. lksjdflksjdf has left

  22. bhaveshsgupta has left

  23. bhaveshsgupta has joined

  24. rion has left

  25. rion has joined

  26. bhaveshsgupta has left

  27. bhaveshsgupta has joined

  28. bhaveshsgupta has left

  29. bhaveshsgupta has joined

  30. Daniel has left

  31. bhaveshsgupta has left

  32. bhaveshsgupta has joined

  33. Daniel has joined

  34. aj has left

  35. wurstsalat has joined

  36. linkmauve has joined

  37. aj has joined

  38. bhaveshsgupta has left

  39. bhaveshsgupta has joined

  40. bhaveshsgupta has left

  41. bhaveshsgupta has joined

  42. bhaveshsgupta has left

  43. bhaveshsgupta has joined

  44. bhaveshsgupta has left

  45. bhaveshsgupta has joined

  46. bhaveshsgupta has left

  47. bhaveshsgupta has joined

  48. bhaveshsgupta has left

  49. bhaveshsgupta has joined

  50. bhaveshsgupta has left

  51. bhaveshsgupta has joined

  52. larma has left

  53. larma has joined

  54. bhaveshsgupta has left

  55. bhaveshsgupta has joined

  56. bhaveshsgupta has left

  57. bhaveshsgupta has joined

  58. Zash has left

  59. bhaveshsgupta has left

  60. bhaveshsgupta has joined

  61. Zash has joined

  62. bhaveshsgupta has left

  63. lksjdflksjdf has joined

  64. lksjdflksjdf has left

  65. marc0s

    by any chance, do some of you will attend januscon.it later this month? I'm asking because as I read some emails/discussions around jingle/call-related stuff... Wondering if we can meet and have some drinks if that's the case :)

  66. lksjdflksjdf has joined

  67. Daniel

    marc0s, no. but let me know in case there is ever a more open source focused conference in italy. i'd love to go, maybe even give a talk

  68. marc0s

    Daniel, no that I'm aware of right now. Will ping you if I know of something. Not living in Italy, though :)

  69. lovetox_ has joined

  70. bhaveshsgupta has joined

  71. bhaveshsgupta has left

  72. lovetox_ has left

  73. pep. has left

  74. lovetox has joined

  75. Zash has left

  76. Zash has joined

  77. Zash has left

  78. wurstsalat has left

  79. wurstsalat has joined

  80. aj has left

  81. pep. has joined

  82. Zash has joined

  83. bhaveshsgupta has joined

  84. aj has joined

  85. Daniel has left

  86. Daniel has joined

  87. Daniel has left

  88. Daniel has joined

  89. Lance has joined

  90. bhaveshsgupta has left

  91. bhaveshsgupta has joined

  92. aj has left

  93. aj has joined

  94. bhaveshsgupta has left

  95. bhaveshsgupta has joined

  96. larma has left

  97. larma has joined

  98. marc0s

    i'm on the process of adding XEP-0402 support to stanzajs and was wondering how a client should actually determine how to store its bookmarks given the server supports both private storage and pep/pubsub. Any ideas/comments/warnings? :)

  99. Daniel

    xep 402 is only specified to work with pep

  100. Daniel

    but pep and publish options as well as private xml have features announcments on the account disco

  101. bhaveshsgupta has left

  102. marc0s

    but, given that disco announcements offer all the options, what should a client use?

  103. gav has left

  104. pep.

    As not many clients (none?) use 402 yet, you probably also want to support the other pep bookmark thing?

  105. pep.


  106. bhaveshsgupta has joined

  107. Daniel

    what i do (but that's only for bookmarks 1); is to check if my server supports the conversion xep and if it does i use pep because it's more efficient. and if not i publish to private xml because that's more widely used

  108. marc0s

    that would be a safe route, yes

  109. Daniel

    i haven’t found a strategy to incorperate bookmarks 2 into the mix

  110. Daniel

    probably have the conversion xep also convert into bookmarks 2

  111. Zash

    Bookmarks Conversion 2: The seriousening

  112. marc0s

    I'm not fully aware of the XEP processes, but it does not sound crazy to me to make 411 take 402 into account

  113. Ge0rG

    I think that 402 should mandate backend-side conversion between all the stores.

  114. Daniel

    402 still lacks a lot of things

  115. Daniel

    it should probably also mention that the node needs to be configured

  116. marc0s

    should we then need Bookmarks 3: The Good One :)

  117. Zash

    Like I mentioned the other day, node item count limits will be fun

  118. Ge0rG

    Bookmarks: Revolution

  119. marc0s

    Zash, yep :)

  120. Zash

    XEP-0927: Bookmarks 2000: This time we finally got it right!

  121. Lance has left

  122. Lance has joined

  123. bhaveshsgupta has left

  124. Lance has left

  125. bhaveshsgupta has joined

  126. bhaveshsgupta has left

  127. bhaveshsgupta has joined

  128. aj has left

  129. jonas’ has left

  130. jonas’ has joined

  131. lovetox

    im not convinced on 402, i think it makes the bookmark implementation alot more complex

  132. lovetox

    right now i request on start my bookmarks, i get all, and if another device changes one, i also get all, and thats it there are only these 2 things to think aobut, request, and notification

  133. lovetox

    with a items based approach, you suddenly have to think about stuff like, what if another device deletes on item? do i get a deletion notification once i come online? no .. what if a device adds 2 items while im offline, do i get 2 items when i come online? no .., so im back to requesting all bookmarks items on start anyway, this time with a more overhead as each bookmark is in its own item

  134. jonas’

    lovetox, and with one item, you have to think about: what if another device modifies/adds the same item at the same time, e.g. in response to an invite or something

  135. jonas’

    what if the modifications aren’t identical

  136. lovetox

    so it seems the only benefit is, that if a device adds a bookmark while im online, i get only one item instead of all

  137. jonas’

    or rather, what if two devices concurrently edit two different items

  138. lovetox

    i would consider this if i modify my bookmarks 50 times per hour

  139. lovetox

    but realisticly its probably 3 times a day

  140. lovetox

    jonas’, this is highly unlikely, server processes events in order

  141. lovetox

    invite means both clients modify the same item in the same way

  142. Daniel

    lovetox, i ran into problems with deleting multiple bookmarks in quick sucession

  143. Daniel

    meaning delete the second one while the first one is still in flight

  144. lovetox

    yes Daniel i can see the problem, especially with ejabberd

  145. lovetox

    as it notifys the issuing device with a pep notification

  146. lovetox

    if you take this notification serious, you add back the bookmark that you just deleted

  147. Daniel


  148. lovetox

    we should fix that in ejabberd though, prosody doesnt do this

  149. Daniel

    i'm not sure that ejabberd is broken in that regard?

  150. lovetox

    yes, if i issue a publish, and i get a result that it was ok

  151. lovetox

    i dont see a reason why i need a pep notification

  152. lovetox

    its not "broken"

  153. lovetox

    its just useless and leads to problems as we can see

  154. jonas’

    lovetox, yes, server processes events in order, but clients have latency to the server

  155. Daniel

    useless maybe. but i'm not willing to by that this is the cause of the problem

  156. Daniel

    this is just what makes you notice the problem

  157. Daniel

    *to buy

  158. lovetox

    i feel we just exchange some kind of problems with other kind of problems with 402

  159. Daniel

    i mean this is just the most obvious race. but as jonas’ pointed out there are other (unlikely?) races in there as well that involve multiple clients

  160. Daniel

    lovetox, what problems do you see with 402 aside from the upgrade path

  161. bhaveshsgupta has left

  162. lovetox

    as i wrote above, it just mentions the benefit, that you can modify one item at a time, but it should have much more on implementation notes, probably because no one implemented it yet

  163. bhaveshsgupta has joined

  164. lovetox

    stuff like, if you start, you get the last bookmark item that was published

  165. lovetox

    probably should ignore it, until you requested all bookmarks

  166. lovetox

    stuff like node configuration

  167. Daniel

    lovetox, yes bookmarks 2 is not done yet. and you can just configure the node to not send the last item

  168. Daniel

    which i agree the xep should do

  169. lovetox

    whith what id do we publish, or does the server choose ids

  170. lovetox

    how do we make sure we dont overwrite items

  171. Daniel

    lovetox, the id is the jid. i think the xep says that

  172. lovetox

    ah kk, what i want to say is, i dont see a big problem with the xep, just it obviously was never implemented

  173. lovetox

    and my problems with bookmarks1 are not that big, that i jump into the cold water :)

  174. Daniel

    also the XEP needs to do something about max items

  175. Daniel

    so there are things in the xep that are underspecified a bit

  176. Daniel

    but fixing the race seems to be worth while to me

  177. Daniel

    also; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well

  178. vanitasvitae has left

  179. vanitasvitae has joined

  180. guus.der.kinderen

    > also; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well Customers ask for this? As in, read-only bookmarks, shared be a group of people?

  181. Daniel

    guus.der.kinderen: well the ask for can we put people into group chats by default

  182. Daniel

    Like when they first open the app

  183. Daniel

    And bookmarks seems like one way of doing that

  184. guus.der.kinderen

    Openfire has a plugin for that. It doesn't do anything fancy, only injects additional bookmarks in a persons bookmarks collection.

  185. guus.der.kinderen

    Daniel: yeah that's what we use it for, by adding autojoin bookmarks

  186. Daniel

    guus.der.kinderen: yes and server side that seems less messy with bookmarks 2

  187. guus.der.kinderen

    It's pretty clean in any form. You simply add a list of shared entries to the personal list, and subtract that list while editing.

  188. Daniel

    You could then properly reject the deletion. Instead of having it just magically Reeapear

  189. guus.der.kinderen


  190. guus.der.kinderen

    Ok, gotta put the kid to bed. Afk.

  191. bhaveshsgupta has left

  192. bhaveshsgupta has joined

  193. vanitasvitae has left

  194. vanitasvitae has joined

  195. linkmauve has left

  196. linkmauve has joined

  197. bhaveshsgupta has left

  198. bhaveshsgupta has joined

  199. lovetox

    Daniel, do you send always set SNI ext, even for starttls?

  200. Daniel

    lovetox: why do you ask? I think I didn't but my last refractor yesterday might have accidentally set it

  201. lovetox

    im asking because i contemplate doing this

  202. lovetox

    gmail xmpp server mandates it

  203. lovetox

    it needs sni even on starttls

  204. lovetox

    and it would make my code less complex

  205. Daniel

    Oh right. Yes now that you mention it I think I did that

  206. lovetox

    i dont really care about gmail

  207. bhaveshsgupta has left

  208. Daniel

    Well since yesterday my setup tls socket code is the same for starttls, direct tls and tor

  209. bhaveshsgupta has joined

  210. Daniel

    So it's not more code. Is what I wanted to say

  211. Zash

    I've been trying to make Prosodys certificate and TLS management code treat STARTTLS and TLS+SNI the same.

  212. moparisthebest

    Daniel, how are you doing DNS for tor ?

  213. Daniel

    moparisthebest: not at all. You have to specify the hostname

  214. Daniel

    (if your server doesn't a record to the same machine)

  215. moparisthebest

    hmm, then how do you know direct TLS or STARTTLS

  216. lovetox

    you dont

  217. lovetox

    you expect the server to offer stuff on the standard ports

  218. bhaveshsgupta has left

  219. Daniel

    You can enter port 5223 or 443 and then it will assume that this is direct tls

  220. Daniel

    Which is debatable for 443 but who cares

  221. moparisthebest

    when you run a tor exit node you get to pick what outgoing ports you support, I feel like more might support 443, but I'm not sure

  222. lovetox

    also moparisthebest some servers have .onion adresses

  223. bhaveshsgupta has joined

  224. moparisthebest

    which you can put in DNS SRV records

  225. lovetox

    .onion adresses have DNS records?

  226. Daniel

    Yes. I was about to say. If you are serious about tor I'd recommend you put in the onion address in the hostname field

  227. Daniel

    That's what I would recommend to my users

  228. moparisthebest

    lovetox, no, but I can put a .onion in the SRV record for moparisthebest.com for example

  229. lovetox

    how does that help someone that wants connect to a server and only have the .onion adress?

  230. lovetox

    why would a hidden tor service, link itself to a non-hidden srv domain record

  231. moparisthebest

    why not?

  232. lovetox

    because you are not anonym anymore then

  233. Zash

    moparisthebest: someone like that would care about leaking the SRV lookup

  234. moparisthebest

    don't leak it, look it up over TOR

  235. lovetox

    anyway, to support TOR the server admin has to be aware of it

  236. Daniel

    How does that help when you can't do SRV over Tor?

  237. lovetox

    and a onion service even more so

  238. Daniel

    I mean even if you put the onion in dns how are you going to discover it?

  239. Ge0rG

    DoH to the rescue!

  240. Daniel


  241. moparisthebest

    you can, do DoT or DoH to or even regular DNS over TCP to port 53 of dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion

  242. moparisthebest

    (which cloudflare runs)

  243. bhaveshsgupta has left

  244. Daniel

    So I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?

  245. moparisthebest

    maybe, you can hard-code a few, or run your own

  246. lovetox

    moparisthebest, if you are serious about TOR, you will *not* DNS anything

  247. lovetox

    you will just pass the onion adress to the tor proxy

  248. lovetox

    thats it

  249. lovetox

    the moment you involve cloudflare, this degrades TOR seriously

  250. Daniel

    Yeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server

  251. moparisthebest

    wouldn't it be nice if a user of regularservice.com that happened to have tor could just connect over it automatically without typing .onion addresses though?

  252. Daniel

    And maybe go read the privacy policy of your provider while you are at it

  253. lovetox

    moparisthebest, i dont think you get the idea of TOR

  254. lovetox

    the idea of TOR is that nobody but you yourself and your machine, knows where you gonna connect to

  255. lovetox

    this rules out asking anyone for any information regarding your connection target

  256. lovetox

    because then you leaked your intent

  257. moparisthebest

    I don't think so, after all HTTPS over tor asks for A records right?

  258. moparisthebest

    how is this different?

  259. lovetox

    im not a tor expert but im pretty sure the tor network makes the dns request

  260. lovetox

    not your machine

  261. moparisthebest

    the intent is my ISP doesn't know where I'm connecting to

  262. moparisthebest

    the built in tor DNS supports A and CNAME and nothing else though, asking an .onion address for SRV records is essentially the same

  263. bhaveshsgupta has joined

  264. lovetox

    Tor is not only to hide your intent from your ISP

  265. moparisthebest

    it *can* only be for that though?

  266. lovetox

    if that would be the case you would not need tor, just DoH

  267. lovetox

    and a proxy

  268. moparisthebest

    that sounds harder than tor, and also not as secure/the same

  269. lovetox

    if you make a dns request via tor, probably it routes it through the tor network

  270. lovetox

    means nobody in theory can trace it back to you

  271. lovetox

    not even cloudflare

  272. lovetox

    and thats the goal

  273. lovetox

    not exchaning your ISP for cloudflare trustwise

  274. lovetox

    its you trust no one

  275. moparisthebest

    and if you ask cloudflare's .onion for a SRV record they also can't trace it to you, right?

  276. moparisthebest

    in fact it never even crosses the clearnet for anyone

  277. lovetox

    yes, if we could ask a SRV record over the tor proxy this would work

  278. lovetox

    but it doesnt, because TOR just does not support SRV

  279. moparisthebest

    but asking an .onion is asking over the tor proxy

  280. Daniel

    lovetox: it does. If you ask cloud flare over tcp

  281. lovetox

    you propose to do the dns request yourself

  282. Daniel


  283. lovetox

    yes that would work, never done anything like that though, so dont know how complex this is

  284. moparisthebest

    yes, just like DNS-over-TLS, DNS-over-HTTPS, and DNS-over-XMPP proposes

  285. bhaveshsgupta has left

  286. lovetox

    but sounds complicated

  287. Daniel

    I'm already dining my normal dns requests myself

  288. Daniel

    I'm already doing my normal dns requests myself

  289. lovetox

    i mean there are libraries and dns lookup tools

  290. moparisthebest

    it's annoying enough that you should probably just use a library

  291. lovetox

    you cant use them, so you have to implement the whole dns request protocl yourself

  292. Daniel

    It's not rocket science. But I won't bother any time soon

  293. Daniel

    Because > Yeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server

  294. moparisthebest

    asking an .onion should be as quick as possible, it's not going through any exit nodes anyhow

  295. Daniel

    And > So I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?

  296. lovetox

    moparisthebest, its not about quick, its about implementing another protocol

  297. moparisthebest

    time to expose an unbound port over a tor hidden address ran by conversations.im :D

  298. bhaveshsgupta has joined

  299. moparisthebest

    wait why can't you use existing dns lookup libraries/tools lovetox ?

  300. moparisthebest

    conversations uses minidns or something if I recall

  301. lovetox

    i just doubt they let you use them over a tor proxy

  302. lovetox

    but never used one

  303. moparisthebest

    it's just a socks5 proxy, they should...

  304. lovetox

    i know that i cant use python inbuilt one

  305. Daniel

    moparisthebest: fwiw minidns doesn't support dns over TLS or https

  306. moparisthebest

    you can just do regular TCP on an .onion though, or I can put in a PR to swap minidns out for https://github.com/moparisthebest/jDnsProxy lol (not really)

  307. lovetox

    moparisthebest, maybe you missed it, i already agreed with you that it is possible

  308. lovetox

    but as Daniel said, the people who want to use TOR are 1% of the users

  309. lovetox

    and they can take the 2 minutes to get the onion adress

  310. lovetox

    im not going to jump through hoops programming wise to save them those 2 minutes

  311. moparisthebest

    that's fair, I'd kind of like it to be seamless to have regular users connect over tor too, but other people probably disagree

  312. Daniel

    We are also only talking about the subset of tor users on providers that don't listen on the a record

  313. moparisthebest

    FYI this is the cloudflare .onion reference https://developers.cloudflare.com/

  314. moparisthebest

    I'll be running a public, anonymous-login-supporting DNS-over-XMPP on clearnet and .onion whenever I get back around to finishing setting it up...

  315. linkmauve has left

  316. jrmu has left

  317. Lance has joined

  318. bhaveshsgupta has left

  319. bhaveshsgupta has joined

  320. bhaveshsgupta has left

  321. bhaveshsgupta has joined

  322. 💋ᵐyᵃᵇᵃᵇᵉᶻ💋 has joined

  323. 💋ᵐyᵃᵇᵃᵇᵉᶻ💋


  324. tom

    whoever 'jdev@muc.xmpp.org/💋ᵐyᵃᵇᵃᵇᵉᶻ💋' is please change your nic

  325. tom

    it's making my software freak out

  326. 💋ᵐyᵃᵇᵃᵇᵉᶻ💋 has left

  327. tom

    how did you even join this muc with that nick? It should be invalid

  328. Zash


  329. tom

    because it's using invalid characters or encoding

  330. Zash

    It's UTF-8, but there are barely any other limits

  331. mathieui

    it’s valid

  332. mathieui

    ant it works here

  333. mathieui

    and it works here

  334. Zash

    Valid UTF'8 that passes resourceprep and isn't entirely whitespace, so legal under those rules.

  335. Alex has left

  336. Zash

    Altho, it does not pass Prosodys resourceprep if I recompile it without USPREP_ALLOW_UNASSIGNED, but I think it's using Unicode from 1997 or something then.

  337. wurstsalat has left

  338. linkmauve has joined

  339. linkmauve has left

  340. aj has joined

  341. Lance has left