-
123
Hi everyone
-
123
I'll like to create a jabber account
-
123
Can someone please tell me how to do that?
-
jonas’
step 1: find a provider
-
lovetox
jonas’, and where do we find a list of servers?
-
Zash
Search the web for "public xmpp servers" ?
-
lovetox
really?
-
lovetox
that leads me to a list maintained by jabber.at
-
lovetox
https://list.jabber.at/
-
lovetox
which is better than nothing i guess
-
lovetox
but this is the only result on the first page that would be helpfull
-
lovetox
now jabber.network, shows you randomly servers, not sure though if its clear to a user that this are compliant servers
-
lovetox
this shows me that its good to have a small maintained list of servers within Gajim that i offer registration for
-
Link Mauve
lovetox, have a look at the lists Dino and Kaidan and wiki.xmpp.org have independently been trying to come up with.
-
lovetox
hm if a server does not use 0156, does that mean i cant connect to it via webclient?
-
Link Mauve
You could if you were to have a fallback BOSH proxy configured as an open relay.
-
lovetox
so this means no
-
lovetox
then i dont get why the compliance tester lists those providers as 100% compliant
-
lovetox
using a webclient with your provider is a basic use case i think many people have
-
lovetox
so it seems it really was not in the compliance XEPs before but it is now for 2020
-
lovetox
not sure how this was missed in the years before
-
lovetox
when all BOSH xeps where there for compliance, but no way to discover the bosh service
-
Link Mauve
lovetox, another possibility is the service having a sanctioned web client which hardcodes their BOSH or WebSocket endpoint.
-
Link Mauve
XEP-0156 “just” allows the user to use any web client of their choice.
-
Link Mauve
lovetox, you can direct that request to Daniel, I think he’s the one maintaining the Conversations compliance tester.
-
jonas’
it is the *Conversations* compliance tester
-
jonas’
why would Conversations care about BOSH
-
Ge0rG
If only we had an *XMPP* Compliance Tester.
-
jonas’
if only
-
Ge0rG
I once performed all the relevant set operations on CS2020 vs CCT
-
Zash
Isn't it weird to run tests on deployments when compliance is supposed to apply to implementations?
-
Ge0rG
but then I only wrote the results into the xsf@ MUC
-
Ge0rG
Zash: no
-
Ge0rG
Zash: are you only asking this because it's prohivitively complicated to set up a prosody to be 100% compliant?
-
Zash
"prohivitively" yet everyone seems to manage
-
Zash
Also, see Snikket
-
lovetox
it makes total sense
-
Zash
I'm asking because something being in an compliance suite doesn't mean everyone absolutely needs it in their deployment
-
lovetox
why would i want to know if prosody x.x is theoretically complicant if i enable the right modules and do the right configuration
-
Ge0rG
Zash: that's actually a great example... https://compliance.conversations.im/server/snikket.chat/ --> 94%
-
lovetox
As a End User i dont even care what software runs on the server
-
Zash
Case in point, your private server doesn't /really/ need 157
-
Ge0rG
Zash: I know that you are happy with the XMPP of 2006 and you don't need all the extra modules.
-
Ge0rG
snikket.chat is not "your private server".
-
lovetox
haha, from the snikket homepage: Secure communication on snikket.chat
-
Ge0rG
It has a dozen or two of users who maybe just happened to be in Brussels on a certain day.
-
Zash
It's not a public server afaik
-
lovetox
Firefox: Your connection is not secure
-
Link Mauve
Ge0rG, the one dropping it from 100% to 94% is actually XEP-0368, aka direct TLS.
-
Ge0rG
Direct TLS SRV records.
-
Link Mauve
It only lowers the amount of roundtrips by one on a connection.
-
Ge0rG
Which are undergoing Last Call right now
-
Link Mauve
That’s really not something that is absolutely mandatory.
-
Link Mauve
Ge0rG, not CFE?
-
Ge0rG
Link Mauve: unless you can't parallelize SRV lookups, in which case it adds another rtt
-
Ge0rG
Link Mauve: sorry, CFE
-
Link Mauve
Are there SRV implementations which can’t do that? /o\
-
Ge0rG
Link Mauve: yes
-
Holger
Isn't it more about circumventing firewalls doing deep packet inspection?
-
Zash
Good resolvers will give you A/AAAA when you ask for SRV
-
Holger
Then again ALPN ...
-
Ge0rG
Link Mauve: because the useful API abstraction is "open me a secure socket to $service on $domain"
-
Zash
Holger: No, it's whatever you want it to be
-
Link Mauve
Holger, you can do that with WebSocket or BOSH with probably a lot more success rate in the wild.
-
Link Mauve
Ge0rG, so case in point, a deployment doesn’t need 0368.
-
Ge0rG
Link Mauve: no, but then it will add one more RTT on clients that support 0368
-
Ge0rG
because clients that care about RTTs will first try the direct tls srv
-
Link Mauve
Ge0rG, implement SASL2 and Bind2 and you’ll get a wildly more reduced RTT.
-
Link Mauve
Ge0rG, then they don’t respect the XEP, since it says to mix them and to obey the SRV order.
-
Ge0rG
Link Mauve: see the CFE discussion
-
Link Mauve
I’ve read it yes.
-
lovetox
Ge0rG, its only tried if there is a record
-
Ge0rG
lovetox: but checking for the record is an extra RTT
-
lovetox
yes but that does not depend what the server has deployed or not
-
Ge0rG
lovetox: yes, it's added alone by the fact that the client supports 0368
-
lovetox
yes
-
Ge0rG
so, if the server has deployed 0368, you have one RTT less than without
-
lovetox
ture✎ -
Ge0rG
if the client first checks for 0368, then doesn't receive a record and does STARTTLS, it's one RTT more than without
- lovetox
-
lovetox
true ✏
-
lovetox
only if it cant ask in records in parralel✎ -
lovetox
only if it cant ask records in parralel ✏
-
Ge0rG
lovetox: which was claimed as very complicated on standards@ in the CFE
-
lovetox
but either way i think this does not matter at all
-
lovetox
one roundtrip more or less
-
lovetox
if you then join 20 MUCs, and are forced to receive a few hundred presences
-
Ge0rG
you can pipeline presences, though
-
lovetox
hm itś not very complicated just adds complexity for not much gain
-
Ge0rG
it's complex and complicated.
-
lovetox
is not everything a pipeline in xmpp?! dont know what you mean by that
-
lovetox
if you mean to manually delay or queue joins
-
lovetox
i dont think this makes much sense
-
Ge0rG
lovetox: you authenticate (several RTTs), attempt to restart 0198 (one RTT), bind (one RTT), and then you can send all the joining presences
-
lovetox
as a server can not send you stuff in parallel anyway
-
lovetox
so in requesting 20 joins at once, this is already a queue
-
Ge0rG
and then you'll get a long stream of presences back
-
lovetox
yeah and? i would not want to delay that process even further with delaying joins
-
Ge0rG
not what I said
-
lovetox
what my argument was this takes much more time, than one asking for one more srv record
-
lovetox
like magnitueds more
-
Ge0rG
lovetox: let me tell you about mobile connectivity on Deutsche Bahn
-
lovetox
i think i have to leave now :D
-
Ge0rG
if you have multi-second RTTs, they soon add up into your "connect to server" timeout
-
Zash
SASL2 would let you do auth + bind in one fewer roundtrip
-
Zash
is the idea at least
-
Zash
A Resume198-or-Bind operation?
-
Ge0rG
also what about 0198 auto-resume
-
Ge0rG
Zash: I've been asking for that for years
-
Ge0rG
in the context of MAM - https://mail.jabber.org/pipermail/standards/2017-January/032016.html
-
lovetox
from a library view this random extension thing in bookmarks is a bit work
-
lovetox
the easy way is i give the client a list of all the child nodes of the extension node
-
Ge0rG
I'd be glad already if clients stopped butchering my *mandatory* bookmark elements
-
lovetox
its harder if i want to give some abstraction over the extension elements to the client
-
lovetox
because then i have to mix xml lib objects, with some structs i create
-
lovetox
hm i could split it into known extensions and unknown
-
lovetox
or maybe this is so crazy custom that i simply should not care as library
-
lovetox
and the client just has to operate on the xml lib object
-
lovetox
hm what my lib is missing a way to compare xml objects