marc0sby any chance, do some of you will attend januscon.it later this month? I'm asking because as I read some emails/discussions around jingle/call-related stuff... Wondering if we can meet and have some drinks if that's the case :)
Danielmarc0s, no. but let me know in case there is ever a more open source focused conference in italy. i'd love to go, maybe even give a talk
marc0sDaniel, no that I'm aware of right now. Will ping you if I know of something. Not living in Italy, though :)
marc0si'm on the process of adding XEP-0402 support to stanzajs and was wondering how a client should actually determine how to store its bookmarks given the server supports both private storage and pep/pubsub. Any ideas/comments/warnings? :)
Danielxep 402 is only specified to work with pep
Danielbut pep and publish options as well as private xml have features announcments on the account disco
marc0sbut, given that disco announcements offer all the options, what should a client use?
pep.As not many clients (none?) use 402 yet, you probably also want to support the other pep bookmark thing?
Danielwhat i do (but that's only for bookmarks 1); is to check if my server supports the conversion xep and if it does i use pep because it's more efficient. and if not i publish to private xml because that's more widely used
marc0sthat would be a safe route, yes
Danieli haven’t found a strategy to incorperate bookmarks 2 into the mix
Danielprobably have the conversion xep also convert into bookmarks 2
ZashBookmarks Conversion 2: The seriousening
marc0sI'm not fully aware of the XEP processes, but it does not sound crazy to me to make 411 take 402 into account
Ge0rGI think that 402 should mandate backend-side conversion between all the stores.
Daniel402 still lacks a lot of things
Danielit should probably also mention that the node needs to be configured
marc0sshould we then need Bookmarks 3: The Good One :)
ZashLike I mentioned the other day, node item count limits will be fun
marc0sZash, yep :)
ZashXEP-0927: Bookmarks 2000: This time we finally got it right!
lovetoxim not convinced on 402, i think it makes the bookmark implementation alot more complex
lovetoxright now i request on start my bookmarks, i get all, and if another device changes one, i also get all, and thats it there are only these 2 things to think aobut, request, and notification
lovetoxwith a items based approach, you suddenly have to think about stuff like, what if another device deletes on item? do i get a deletion notification once i come online? no .. what if a device adds 2 items while im offline, do i get 2 items when i come online? no .., so im back to requesting all bookmarks items on start anyway, this time with a more overhead as each bookmark is in its own item
jonas’lovetox, and with one item, you have to think about: what if another device modifies/adds the same item at the same time, e.g. in response to an invite or something
jonas’what if the modifications aren’t identical
lovetoxso it seems the only benefit is, that if a device adds a bookmark while im online, i get only one item instead of all
jonas’or rather, what if two devices concurrently edit two different items
lovetoxi would consider this if i modify my bookmarks 50 times per hour
lovetoxbut realisticly its probably 3 times a day
lovetoxjonas’, this is highly unlikely, server processes events in order
lovetoxinvite means both clients modify the same item in the same way
Daniellovetox, i ran into problems with deleting multiple bookmarks in quick sucession
Danielmeaning delete the second one while the first one is still in flight
lovetoxyes Daniel i can see the problem, especially with ejabberd
lovetoxas it notifys the issuing device with a pep notification
lovetoxif you take this notification serious, you add back the bookmark that you just deleted
lovetoxwe should fix that in ejabberd though, prosody doesnt do this
Danieli'm not sure that ejabberd is broken in that regard?
lovetoxyes, if i issue a publish, and i get a result that it was ok
lovetoxi dont see a reason why i need a pep notification
lovetoxits not "broken"
lovetoxits just useless and leads to problems as we can see
jonas’lovetox, yes, server processes events in order, but clients have latency to the server
Danieluseless maybe. but i'm not willing to by that this is the cause of the problem
Danielthis is just what makes you notice the problem
lovetoxi feel we just exchange some kind of problems with other kind of problems with 402
Danieli mean this is just the most obvious race. but as jonas’ pointed out there are other (unlikely?) races in there as well that involve multiple clients
Daniellovetox, what problems do you see with 402 aside from the upgrade path
lovetoxas i wrote above, it just mentions the benefit, that you can modify one item at a time, but it should have much more on implementation notes, probably because no one implemented it yet
lovetoxstuff like, if you start, you get the last bookmark item that was published
lovetoxprobably should ignore it, until you requested all bookmarks
lovetoxstuff like node configuration
Daniellovetox, yes bookmarks 2 is not done yet. and you can just configure the node to not send the last item
Danielwhich i agree the xep should do
lovetoxwhith what id do we publish, or does the server choose ids
lovetoxhow do we make sure we dont overwrite items
Daniellovetox, the id is the jid. i think the xep says that
lovetoxah kk, what i want to say is, i dont see a big problem with the xep, just it obviously was never implemented
lovetoxand my problems with bookmarks1 are not that big, that i jump into the cold water :)
Danielalso the XEP needs to do something about max items
Danielso there are things in the xep that are underspecified a bit
Danielbut fixing the race seems to be worth while to me
Danielalso; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well
guus.der.kinderen> also; if you ever wanted to do something like shared bookmarks on the server side (which customers ask about all the time) having multiple items that the server can modify or inject without editing xml seems like a big benefit to me as well
Customers ask for this? As in, read-only bookmarks, shared be a group of people?
Danielguus.der.kinderen: well the ask for can we put people into group chats by default
DanielLike when they first open the app
DanielAnd bookmarks seems like one way of doing that
guus.der.kinderenOpenfire has a plugin for that. It doesn't do anything fancy, only injects additional bookmarks in a persons bookmarks collection.
guus.der.kinderenDaniel: yeah that's what we use it for, by adding autojoin bookmarks
Danielguus.der.kinderen: yes and server side that seems less messy with bookmarks 2
guus.der.kinderenIt's pretty clean in any form. You simply add a list of shared entries to the personal list, and subtract that list while editing.
DanielYou could then properly reject the deletion. Instead of having it just magically Reeapear
guus.der.kinderenOk, gotta put the kid to bed. Afk.
lovetoxDaniel, do you send always set SNI ext, even for starttls?
Daniellovetox: why do you ask? I think I didn't but my last refractor yesterday might have accidentally set it
lovetoxim asking because i contemplate doing this
lovetoxgmail xmpp server mandates it
lovetoxit needs sni even on starttls
lovetoxand it would make my code less complex
DanielOh right. Yes now that you mention it I think I did that
lovetoxi dont really care about gmail
DanielWell since yesterday my setup tls socket code is the same for starttls, direct tls and tor
DanielSo it's not more code. Is what I wanted to say
ZashI've been trying to make Prosodys certificate and TLS management code treat STARTTLS and TLS+SNI the same.
moparisthebestDaniel, how are you doing DNS for tor ?
Danielmoparisthebest: not at all. You have to specify the hostname
Daniel(if your server doesn't a record to the same machine)
moparisthebesthmm, then how do you know direct TLS or STARTTLS
lovetoxyou expect the server to offer stuff on the standard ports
DanielYou can enter port 5223 or 443 and then it will assume that this is direct tls
DanielWhich is debatable for 443 but who cares
moparisthebestwhen you run a tor exit node you get to pick what outgoing ports you support, I feel like more might support 443, but I'm not sure
lovetoxalso moparisthebest some servers have .onion adresses
moparisthebestwhich you can put in DNS SRV records
lovetox.onion adresses have DNS records?
DanielYes. I was about to say. If you are serious about tor I'd recommend you put in the onion address in the hostname field
DanielThat's what I would recommend to my users
moparisthebestlovetox, no, but I can put a .onion in the SRV record for moparisthebest.com for example
lovetoxhow does that help someone that wants connect to a server and only have the .onion adress?
lovetoxwhy would a hidden tor service, link itself to a non-hidden srv domain record
lovetoxbecause you are not anonym anymore then
Zashmoparisthebest: someone like that would care about leaking the SRV lookup
moparisthebestdon't leak it, look it up over TOR
lovetoxanyway, to support TOR the server admin has to be aware of it
DanielHow does that help when you can't do SRV over Tor?
lovetoxand a onion service even more so
DanielI mean even if you put the onion in dns how are you going to discover it?
Ge0rGDoH to the rescue!
moparisthebestyou can, do DoT or DoH to 18.104.22.168 or even regular DNS over TCP to port 53 of dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion
moparisthebest(which cloudflare runs)
DanielSo I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?
moparisthebestmaybe, you can hard-code a few, or run your own
lovetoxmoparisthebest, if you are serious about TOR, you will *not* DNS anything
lovetoxyou will just pass the onion adress to the tor proxy
lovetoxthe moment you involve cloudflare, this degrades TOR seriously
DanielYeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server
moparisthebestwouldn't it be nice if a user of regularservice.com that happened to have tor could just connect over it automatically without typing .onion addresses though?
lovetoxmoparisthebest, i dont think you get the idea of TOR
lovetoxthe idea of TOR is that nobody but you yourself and your machine, knows where you gonna connect to
lovetoxthis rules out asking anyone for any information regarding your connection target
lovetoxbecause then you leaked your intent
moparisthebestI don't think so, after all HTTPS over tor asks for A records right?
moparisthebesthow is this different?
lovetoxim not a tor expert but im pretty sure the tor network makes the dns request
lovetoxnot your machine
moparisthebestthe intent is my ISP doesn't know where I'm connecting to
moparisthebestthe built in tor DNS supports A and CNAME and nothing else though, asking an .onion address for SRV records is essentially the same
lovetoxTor is not only to hide your intent from your ISP
moparisthebestit *can* only be for that though?
lovetoxif that would be the case you would not need tor, just DoH
lovetoxand a proxy
moparisthebestthat sounds harder than tor, and also not as secure/the same
lovetoxif you make a dns request via tor, probably it routes it through the tor network
lovetoxmeans nobody in theory can trace it back to you
lovetoxnot even cloudflare
lovetoxand thats the goal
lovetoxnot exchaning your ISP for cloudflare trustwise
lovetoxits you trust no one
moparisthebestand if you ask cloudflare's .onion for a SRV record they also can't trace it to you, right?
moparisthebestin fact it never even crosses the clearnet for anyone
lovetoxyes, if we could ask a SRV record over the tor proxy this would work
lovetoxbut it doesnt, because TOR just does not support SRV
moparisthebestbut asking an .onion is asking over the tor proxy
Daniellovetox: it does. If you ask cloud flare over tcp
lovetoxyou propose to do the dns request yourself
lovetoxyes that would work, never done anything like that though, so dont know how complex this is
moparisthebestyes, just like DNS-over-TLS, DNS-over-HTTPS, and DNS-over-XMPP proposes
lovetoxbut sounds complicated
DanielI'm already dining my normal dns requests myself
DanielI'm already doing my normal dns requests myself
lovetoxi mean there are libraries and dns lookup tools
moparisthebestit's annoying enough that you should probably just use a library
lovetoxyou cant use them, so you have to implement the whole dns request protocl yourself
DanielIt's not rocket science. But I won't bother any time soon
> Yeah if you want to use Tor take 3 minutes to figure out the histename / onion address of your server
moparisthebestasking an .onion should be as quick as possible, it's not going through any exit nodes anyhow
> So I should hard code cloud flare ips in my app? Is cloud flare still going to exist tomorrow?
lovetoxmoparisthebest, its not about quick, its about implementing another protocol
moparisthebesttime to expose an unbound port over a tor hidden address ran by conversations.im :D
moparisthebestwait why can't you use existing dns lookup libraries/tools lovetox ?
moparisthebestconversations uses minidns or something if I recall
lovetoxi just doubt they let you use them over a tor proxy
lovetoxbut never used one
moparisthebestit's just a socks5 proxy, they should...
lovetoxi know that i cant use python inbuilt one
Danielmoparisthebest: fwiw minidns doesn't support dns over TLS or https
moparisthebestyou can just do regular TCP on an .onion though, or I can put in a PR to swap minidns out for https://github.com/moparisthebest/jDnsProxy lol (not really)
lovetoxmoparisthebest, maybe you missed it, i already agreed with you that it is possible
lovetoxbut as Daniel said, the people who want to use TOR are 1% of the users
lovetoxand they can take the 2 minutes to get the onion adress
lovetoxim not going to jump through hoops programming wise to save them those 2 minutes
moparisthebestthat's fair, I'd kind of like it to be seamless to have regular users connect over tor too, but other people probably disagree
DanielWe are also only talking about the subset of tor users on providers that don't listen on the a record
moparisthebestFYI this is the cloudflare .onion reference https://developers.cloudflare.com/22.214.171.124/fun-stuff/dns-over-tor/
moparisthebestI'll be running a public, anonymous-login-supporting DNS-over-XMPP on clearnet and .onion whenever I get back around to finishing setting it up...
tomwhoever 'firstname.lastname@example.org/💋ᵐyᵃᵇᵃᵇᵉᶻ💋' is please change your nic
tomit's making my software freak out
tomhow did you even join this muc with that nick? It should be invalid
tombecause it's using invalid characters or encoding
ZashIt's UTF-8, but there are barely any other limits
mathieuiant it works here
mathieuiand it works here
ZashValid UTF'8 that passes resourceprep and isn't entirely whitespace, so legal under those rules.
ZashAltho, it does not pass Prosodys resourceprep if I recompile it without USPREP_ALLOW_UNASSIGNED, but I think it's using Unicode from 1997 or something then.