jdev - 2020-03-14


  1. kikuchiyo has left

  2. moparisthebest has joined

  3. Жокир has left

  4. Жокир has joined

  5. Wojtek has joined

  6. Wojtek has left

  7. Жокир has left

  8. kikuchiyo has joined

  9. kikuchiyo has left

  10. Жокир has joined

  11. Жокир has left

  12. Жокир has joined

  13. moparisthebest has left

  14. cit has joined

  15. cit has left

  16. Жокир has left

  17. Жокир has joined

  18. Жокир has left

  19. Жокир has joined

  20. Жокир has left

  21. Жокир has joined

  22. Жокир has left

  23. Жокир has joined

  24. sonny has left

  25. Жокир has left

  26. Жокир has joined

  27. lovetox has joined

  28. wurstsalat has left

  29. clownsci has joined

  30. Жокир has left

  31. Жокир has joined

  32. paul has joined

  33. paul has left

  34. paul has joined

  35. Жокир has left

  36. Жокир has joined

  37. clownsci has left

  38. clownsci has joined

  39. clownsci has left

  40. clownsci has joined

  41. clownsci has left

  42. clownsci has joined

  43. clownsci has left

  44. clownsci has joined

  45. strar has left

  46. strar has joined

  47. clownsci has left

  48. clownsci has joined

  49. Жокир has left

  50. Жокир has joined

  51. clownsci has left

  52. clownsci has joined

  53. clownsci has left

  54. clownsci has joined

  55. Жокир has left

  56. asterix has joined

  57. clownsci has left

  58. clownsci has joined

  59. clownsci has left

  60. clownsci has joined

  61. lovetox

    im getting this error from an ejabberd on entering the wrong password

  62. lovetox

    The response provided by the client doesn't match the one we calculated

  63. lovetox

    seems to me like a awfully developer orientied text message

  64. wurstsalat has joined

  65. clownsci has left

  66. lovetox has left

  67. asterix has left

  68. asterix has joined

  69. clownsci has joined

  70. Жокир has joined

  71. paul has left

  72. paul has joined

  73. kikuchiyo has joined

  74. larma has left

  75. larma has joined

  76. clownsci has left

  77. lovetox has joined

  78. lovetox

    hm no sorry its prosody of course, ejabberd usually has pretty good error text

  79. Жокир has left

  80. Жокир has joined

  81. lovetox

    so is there consense what the text field of an error actually should contain?

  82. lovetox

    i know from history some server devs treat this like a debug string

  83. defanor

    I think providing such a message at all may be risky and unnecessary: as the RFC mentions, "In order to discourage directory harvest attacks, no differentiation is made between incorrect credentials and a nonexistent username.", while this points at incorrect credentials. Although even if it wasn't for a textual message, the number of challenges (with SCRAM, for instance) would give it up.

  84. aj has joined

  85. aj has left

  86. lovetox

    i think you misinterpret that security recommendation

  87. lovetox

    its not recommend to send a message like "Password wrong" which means Username is correct, and so you can harvest users

  88. lovetox

    but it does not mean you cant send a message like "Incorrect Credentials" or "Username or Password wrong"

  89. lovetox

    which is exactly what every service i encountered does

  90. lovetox

    ha !

  91. lovetox

    and prosody handles that wrong, its possible to harvest usernames with the prosody sasl impl

  92. defanor

    Indeed, I was talking about Prosody's message. A non-informative textual message should be fine.

  93. lovetox

    it aborts after <auth> if the username is no known

  94. lovetox

    it aborts after <auth> if the username is not known

  95. lovetox

    if it knows the username, it sends a challenge

  96. flow

    lovetox, i'd say that <text/> should be user exposable, while encouraging impls to put detailed debug messages into something like <debug-text/>

  97. lovetox

    flow iq allows only one child or not?

  98. flow

    so? subchild

  99. lovetox

    yeah k :)

  100. lovetox

    i also think it should be user exposable

  101. lovetox

    that does not mean that every user in the world must understand what that message means

  102. flow

    Only very few places in xmpp disallow stuffing another extension element somewhere

  103. lovetox

    but it should be something that a user can easily google or ask for

  104. flow

    yep

  105. debacle has joined

  106. flow

    but to not allienate the user, making to text not to technical may also be a good advise

  107. Жокир has left

  108. lovetox

    the standard is weird

  109. lovetox

    https://tools.ietf.org/html/rfc6120#section-6.5.10

  110. Жокир has joined

  111. lovetox

    so not-authorized is allowed to be sent in response to <auth> and <response>

  112. lovetox

    if i send it in repsonse to <auth> its evident that the username is not existent

  113. lovetox

    because thats the only thing i send in a auth

  114. flow

    but you don't have to send it right after auth

  115. flow

    also, it is sasl mechanism specific what is send in auth

  116. lovetox

    yeah but i doubt any sever impl, now does a random challenge

  117. lovetox

    for a non existent user

  118. lovetox

    to fake it

  119. lovetox

    yeah im talking about PLAIN, and SCRAm

  120. lovetox

    scram also puts a bit more in the auth, but nothing that would trigger a not-autorized if i do it wrong

  121. kikuchiyo has left

  122. Jeybe has joined

  123. lovetox has left

  124. lovetox has joined

  125. asterix has left

  126. asterix has joined

  127. Jeybe has left

  128. Jeybe has joined

  129. pulkomandy has left

  130. pulkomandy has joined

  131. debacle has left

  132. Жокир has left

  133. Жокир has joined

  134. Jeybe has left

  135. Jeybe has joined

  136. pulkomandy has left

  137. pulkomandy has joined

  138. Jeybe has left

  139. Jeybe has joined

  140. clownsci has joined

  141. pulkomandy has left

  142. clownsci has left

  143. pulkomandy has joined

  144. asterix has left

  145. asterix has joined

  146. pulkomandy has left

  147. Jeybe has left

  148. Jeybe has joined

  149. pulkomandy has joined

  150. Jeybe has left

  151. Jeybe has joined

  152. Jeybe has left

  153. Jeybe has joined

  154. pulkomandy has left

  155. pulkomandy has joined

  156. lovetox

    hm after auth was successful

  157. lovetox

    and there is a stream restart, is there a order of events

  158. lovetox

    like must the server first send the new stream header

  159. lovetox

    or does it not matter and i can fire it even if i didnt yet receive the server stream header

  160. Jeybe has left

  161. Jeybe has joined

  162. Jeybe has left

  163. Jeybe has joined

  164. pulkomandy has left

  165. Jeybe has left

  166. Jeybe has joined

  167. lovetox has left

  168. pulkomandy has joined

  169. Jeybe has left

  170. Jeybe has joined

  171. asterix has left

  172. asterix has joined

  173. Martin has left

  174. Martin has joined

  175. Jeybe has left

  176. Jeybe has joined

  177. pulkomandy has left

  178. pulkomandy has joined

  179. asterix has left

  180. asterix has joined

  181. asterix has left

  182. asterix has joined

  183. Jeybe has left

  184. Jeybe has joined

  185. pulkomandy has left

  186. pulkomandy has joined

  187. Martin has left

  188. Martin has joined

  189. pulkomandy has left

  190. pulkomandy has joined

  191. Martin has left

  192. Martin has joined

  193. lovetox has joined

  194. Жокир has left

  195. Жокир has joined

  196. Martin has left

  197. Martin has joined

  198. asterix has left

  199. asterix has joined

  200. Жокир has left

  201. Jeybe has left

  202. Jeybe has joined

  203. Jeybe has left

  204. Jeybe has joined

  205. rion has left

  206. rion has joined

  207. Jeybe has left

  208. Jeybe has joined

  209. pulkomandy has left

  210. pulkomandy has joined

  211. pulkomandy has left

  212. pulkomandy has joined

  213. Jeybe has left

  214. Jeybe has joined

  215. clownsci has joined

  216. Jeybe has left

  217. Jeybe has joined

  218. clownsci has left

  219. Jeybe has left

  220. Jeybe has joined

  221. moparisthebest has joined

  222. Jeybe has left

  223. Jeybe has joined

  224. Jeybe has left

  225. Jeybe has joined

  226. pulkomandy has left

  227. pulkomandy has joined

  228. Jeybe has left

  229. Jeybe has joined

  230. kikuchiyo has joined

  231. Jeybe has left

  232. Jeybe has joined

  233. Jeybe has left

  234. Jeybe has joined

  235. pulkomandy has left

  236. Jeybe has left

  237. Jeybe has joined

  238. pulkomandy has joined

  239. Martin has left

  240. Martin has joined

  241. pulkomandy has left

  242. pulkomandy has joined

  243. paul has left

  244. paul has joined

  245. asterix has left

  246. asterix has joined

  247. pulkomandy has left

  248. pulkomandy has joined

  249. Meta Bergman has left

  250. Meta Bergman has joined

  251. Jeybe has left

  252. Jeybe has joined

  253. asterix has left

  254. Jeybe has left

  255. Jeybe has joined

  256. asterix has joined

  257. Meta Bergman has left

  258. Meta Bergman has joined

  259. lovetox has left

  260. Jeybe has left

  261. Jeybe has joined

  262. Jeybe has left

  263. Jeybe has joined

  264. clownsci has joined

  265. Jeybe has left

  266. Jeybe has joined

  267. Jeybe has left

  268. asterix has left

  269. asterix has joined

  270. Jeybe has joined

  271. clownsci has left

  272. Jeybe has left

  273. Jeybe has joined

  274. Jeybe has left

  275. Jeybe has joined

  276. asterix has left

  277. asterix has joined

  278. Jeybe has left

  279. Jeybe has joined

  280. Martin has left

  281. Martin has joined

  282. Jeybe has left

  283. Jeybe has joined

  284. Martin has left

  285. Marc has left

  286. Marc has joined

  287. Martin has joined

  288. asterix has left

  289. asterix has joined

  290. Jeybe has left

  291. Jeybe has joined

  292. Jeybe has left

  293. Jeybe has joined

  294. Jeybe has left

  295. Jeybe has joined

  296. debacle has joined

  297. asterix has left

  298. asterix has joined

  299. Jeybe has left

  300. Jeybe has joined

  301. pulkomandy has left

  302. asterix has left

  303. asterix has joined

  304. kikuchiyo has left

  305. kikuchiyo has joined

  306. Jeybe has left

  307. pulkomandy has joined

  308. Jeybe has joined

  309. lovetox has joined

  310. kikuchiyo has left

  311. Jeybe has left

  312. Jeybe has joined

  313. goffi has joined

  314. kikuchiyo has joined

  315. strar has left

  316. strar has joined

  317. kikuchiyo has left

  318. Jeybe has left

  319. Jeybe has joined

  320. pulkomandy has left

  321. pulkomandy has joined

  322. kikuchiyo has joined

  323. pulkomandy has left

  324. pulkomandy has joined

  325. Jeybe has left

  326. Jeybe has joined

  327. clownsci has joined

  328. kikuchiyo has left

  329. Jeybe has left

  330. Jeybe has joined

  331. clownsci has left

  332. kikuchiyo has joined

  333. Jeybe has left

  334. Jeybe has joined

  335. kikuchiyo has left

  336. pulkomandy has left

  337. Jeybe has left

  338. Jeybe has joined

  339. pulkomandy has joined

  340. Jeybe has left

  341. Jeybe has joined

  342. pulkomandy has left

  343. Jeybe has left

  344. Jeybe has joined

  345. Jeybe has left

  346. Jeybe has joined

  347. kikuchiyo has joined

  348. paul has left

  349. pulkomandy has joined

  350. asterix has left

  351. asterix has joined

  352. Jeybe has left

  353. Jeybe has joined

  354. kikuchiyo has left

  355. paul has joined

  356. Jeybe has left

  357. Jeybe has joined

  358. kikuchiyo has joined

  359. Jeybe has left

  360. Jeybe has joined

  361. asterix has left

  362. asterix has joined

  363. kikuchiyo has left

  364. Jeybe has left

  365. Jeybe has joined

  366. Jeybe has left

  367. Jeybe has joined

  368. pulkomandy has left

  369. kikuchiyo has joined

  370. pulkomandy has joined

  371. kikuchiyo has left

  372. kikuchiyo has joined

  373. Jeybe has left

  374. Jeybe has joined

  375. kikuchiyo has left

  376. pulkomandy has left

  377. pulkomandy has joined

  378. kikuchiyo has joined

  379. Jeybe has left

  380. Jeybe has joined

  381. Jeybe has left

  382. Jeybe has joined

  383. kikuchiyo has left

  384. kikuchiyo has joined

  385. clownsci has joined

  386. clownsci has left

  387. Jeybe has left

  388. Jeybe has joined

  389. kikuchiyo has left

  390. Jeybe has left

  391. Jeybe has joined

  392. pulkomandy has left

  393. pulkomandy has joined

  394. Jeybe has left

  395. kikuchiyo has joined

  396. Jeybe has joined

  397. kikuchiyo has left

  398. Jeybe has left

  399. Jeybe has joined

  400. Jeybe has left

  401. Jeybe has joined

  402. kikuchiyo has joined

  403. Jeybe has left

  404. Jeybe has joined

  405. strar has left

  406. strar has joined

  407. Jeybe has left

  408. Jeybe has joined

  409. Жокир has joined

  410. clownsci has joined

  411. rion has left

  412. rion has joined

  413. Жокир has left

  414. Жокир has joined

  415. asterix has left

  416. asterix has joined

  417. asterix has left

  418. asterix has joined

  419. asterix has left

  420. asterix has joined

  421. clownsci has left

  422. Jeybe has left

  423. Жокир has left

  424. Жокир has joined

  425. Jeybe has joined

  426. paul has left

  427. Marc has left

  428. Marc has joined

  429. asterix has left

  430. Jeybe has left

  431. Jeybe has joined

  432. Жокир has left

  433. Жокир has joined

  434. Martin has left

  435. Martin has joined

  436. goffi has left

  437. lovetox has left

  438. kikuchiyo has left

  439. Marc has left

  440. Marc has joined

  441. kikuchiyo has joined

  442. Marc has left

  443. Marc has joined

  444. kikuchiyo has left

  445. raucao has joined

  446. raucao

    hi. i requested to get an account for the wiki a while back and was told to wait for someone with admin privileges...

  447. raucao

    just wanted to check in again

  448. pep.

    raucao, hey, you should stick around. Not everybody with rights is there everywhere, and they need your email iirc

  449. pep.

    Ge0rG, Guus ^

  450. raucao

    oh, could it that there's no message archive for this room?

  451. pep.

    There is yeah but I don't know if everybody reads everything :)

  452. pep.

    (I think there is?)

  453. raucao

    looks like i have a hole in my history from when i wasn't joined

  454. raucao

    unless there weren't any messages for 7 days

  455. raucao

    ah, seeing the log link in the topic now. never mind

  456. raucao

    yeah, looks like MAM is not working for me in this room

  457. raucao

    (dino.im)

  458. pep.

    dino doesn't support muc mam

  459. kikuchiyo has joined

  460. raucao

    are you sure about that? i'm using it daily in many rooms

  461. raucao

    what would even be the difference between muc mam and just mam?

  462. raucao

    is it a different XEP than https://xmpp.org/extensions/xep-0313.html ?

  463. Martin has left

  464. pep.

    muc mam is just mam on muc :)

  465. pep.

    And yes dino doesn't do that

  466. pep.

    it does normal muc history

  467. Martin has joined

  468. raucao

    certainly does not do "normal muc history". have that turned off in my rooms and using MAM

  469. raucao

    and dino works with it

  470. raucao

    unless i missed it not working for the last 12 months or so

  471. raucao

    normal history is just receiving a bunch of messages upon announcing presence, correct?

  472. pep.

    normal muc history is probably provided by your MAM module

  473. kikuchiyo has left

  474. raucao

    https://github.com/dino/dino/wiki/Supported-XEPs

  475. pep.

    MUC join is you sending a join presence, you receiving all other occupants' presences, your receive a self presence, then you receive historical messages if there is any, then subject, then live messages

  476. pep.

    Ask in dino@ if you want

  477. raucao

    ok, well. i just told you that it works in all of the other many rooms i'm using and that i noticed it only for this room just now

  478. raucao

    but i'll ask there then

  479. raucao

    actually, nothing to ask for. i'll just check it myself

  480. raucao

    they clearly state that MAM is supported ,and they also have it as an option in the room menu

  481. raucao

    pep., are you using dino daily, or where does that knowledge come from?

  482. pep.

    "Message history" in the room details is muc history, not MAM

  483. raucao

    it's not message history

  484. pep.

    it is.

  485. raucao

    it's literally message archiving

  486. larma

    raucao, pep. is right, dino doesn't do MAM in MUCs (dino dev here)

  487. larma

    though if you didn't recognize yet, MUC history isn't that bad it seems 🙂

  488. pep.

    raucao, sorry I'm not trying to play you

  489. raucao

    so it lets you enable it but doesn't do it?

  490. raucao

    that's very not great

  491. raucao

    https://xmpp.kosmos.org:5443/upload/791c7ed148e453f934ef56e1a4acb79a30845f0f/Eu5C2s84i7IGyDNlMGd1W6YYwrRb1TBxaHlih8MH/Screenshot_from_2020-03-14_18-34-54.png

  492. pep.

    raucao, enable?

  493. raucao

    the room options

  494. pep.

    that's not MAM

  495. raucao

    for room settings

  496. larma

    The MUC configuration form is send from the server and just displayed by dino

  497. pep.

    That's confusing settings

  498. raucao

    message archiving is not message archiving?

  499. pep.

    (not dino's choice)

  500. pep.

    raucao, message archiving here is MUC history

  501. raucao

    waaat

  502. raucao

    guys

  503. pep.

    Ah wait

  504. pep.

    No, message archiving is MAM here, you're correct

  505. raucao

    of course it is

  506. pep.

    That doesn't mean dino fetches it

  507. larma

    raucao, servers can add arbitrary settings there, dino just displays them without knowing what they mean

  508. raucao

    we don't allow normal history on our server

  509. Zash

    MUC history is something you get when you join, unless you actively opt-out.

  510. raucao

    yes, i realize that it's the room setting

  511. pep.

    That's just options your servers passes you

  512. raucao

    i know

  513. raucao

    still abysmal ux to show that and then not support it

  514. raucao

    no matter where it comes from

  515. raucao

    so it must be my phone that keeps track of history

  516. larma

    raucao, I do agree to some extend, but it's hard to do anything against that

  517. raucao

    and me being usually joined in the rooms i use

  518. raucao

    larma: what's so hard about implementing mam?

  519. raucao

    that's the right thing to do

  520. raucao

    if it does it for normal conversations anyway

  521. pep.

    raucao, "what's so hard about .." is probably not the way to do :p

  522. raucao

    that's a question in response to someone saying it

  523. raucao

    > but it's hard to do anything against that

  524. raucao

    that's a valid question

  525. raucao

    if someone says it's hard

  526. raucao

    i'm genuinely interested in improving the situation

  527. pep.

    it's slightly different then normal MAM, you have to target a MUC. You also have to special case MUC-PMs I guess

  528. raucao

    because i'm highly technical, so if i run into this, then many people will

  529. pep.

    And.. privacy concerns don't apply at the same points

  530. pep.

    Though I guess that should be solved when configuring the MUC..

  531. raucao

    there are no privacy concerns for local archives

  532. larma

    a) it's hard to implement MAM, especially with MUCs b) it's hard to filter room settings to not display settings that could be confusing because they don't affect dino

  533. pep.

    raucao, "local"?

  534. pep.

    muc mam is stored on the muc

  535. raucao

    yes, but your local history is stored locally

  536. raucao

    what you mean is already the room setting

  537. raucao

    so you can choose it per room

  538. Жокир has left

  539. Жокир has joined

  540. raucao

    larma: so it's not implemented at all? i understood what pep. said as it being implemented for 1:1 chats

  541. raucao

    and it's clearly listed in https://github.com/dino/dino/wiki/Supported-XEPs

  542. larma

    It is implemented for your local server which means it can and does fetch the history of 1:1 chats

  543. raucao

    so for MUCs it would have to ask the MUC server is the main difference, aside from slightly different message, due to sender being the muc jid, right?

  544. raucao

    i added a comment on https://github.com/dino/dino/wiki/Supported-XEPs

  545. raucao

    so it's clear for people looking at that

  546. raucao

    sry for being offtopic in here now. the conversations/dino setup works so well for me that i was certain it must have been implemented :)

  547. larma

    the complicated part about MAM is not fetching messages, it's about fetching the messages you need, keeping track which you already got etc

  548. raucao

    yes, but you already solved that

  549. raucao

    obviously

  550. larma

    it becomes more complicated if you have multiple data sources

  551. raucao

    you only have one, no? the muc server's source

  552. larma

    well for the sync process I have mine and all the MUCs I am joined to

  553. raucao

    yes, of course

  554. raucao

    but that's only one variable

  555. larma

    it's not *that* simple

  556. larma

    I am not saying we are not going to implement it

  557. larma

    it's on the todo for 0.2 😉

  558. raucao

    cool

  559. larma

    (but it took more than 3 years from 0.0 to 0.1, so not sure what that means)

  560. kikuchiyo has joined

  561. larma

    it's a requirement for reactions which is also planned for 0.2 😉

  562. raucao

    i would say it's a requirement for all usage of a modern chat app

  563. raucao

    message history is a basic feature, which users of other chat apps do expect IMO

  564. Jeybe has left

  565. Jeybe has joined

  566. raucao

    not just 20 messages "xmpp history", but i mean seamless archives with no holes

  567. larma

    you still have the local history, so it's not like things don't work properly

  568. raucao

    local history doesn't give you missing messages

  569. raucao

    to me it's broken

  570. larma

    it's just that if the server does not provide the necessary muc history to give you the missing messages that you have missing messages

  571. raucao

    no server will give you 1000 messages

  572. larma

    that's probably why you didn't even notice yet that there is no MAM in MUCs

  573. raucao

    especially not as default config

  574. raucao

    for normal history

  575. raucao

    because it's wildly inefficient

  576. larma

    you also usually don't look back 1000 messages in a history

  577. raucao

    no, but more than 20 for sure

  578. raucao

    the reason i didn't notice is that i usually don't leave rooms

  579. larma

    I am not saying it's perfect, but it's good enough for many

  580. larma

    well, if you leave a room you don't get its messages

  581. larma

    you are not supposed to

  582. raucao

    i think that's a very counterproductive opinion if you wants users to switch from telegram et al

  583. raucao

    but you're entitled to it, of course

  584. kikuchiyo has left

  585. larma

    if you leave a signal or whatsapp group and join again later, you won't be able to read the messages in between

  586. raucao

    i didn't say signal or whatsapp. those are usually not used with larger groups as chat channels

  587. raucao

    more like small group of friends

  588. larma

    same for IRC

  589. raucao

    hahaha

  590. larma

    or Matrix depending on channel configuration

  591. raucao

    saying it's as bad as IRC is not a good thing

  592. raucao

    discourse, slack, etc. are the competitors in this use case

  593. larma

    slack, the thing where you can only read the latest 5000 messages in the free version?

  594. raucao

    they all have seamless history, because otherwise you can't work with people properly

  595. raucao

    yes, that thing. people do pay for it. that should tell you that it's valuable to have the history

  596. raucao

    people literally pay money for chat history

  597. raucao

    it's hilarious, but that's proving how important it is for work

  598. raucao

    also gitter, mattermost, rocket.chat and all the other ones focused on public rooms

  599. raucao

    or work rooms

  600. larma

    I guess you miss my point. I am not saying we don't want to implement MAM in MUCs, just that there are many occations where it is not wanted the way you are envisioning it