im getting this error from an ejabberd on entering the wrong password
lovetox
The response provided by the client doesn't match the one we calculated
lovetox
seems to me like a awfully developer orientied text message
wurstsalathas joined
clownscihas left
lovetoxhas left
asterixhas left
asterixhas joined
clownscihas joined
Жокирhas joined
paulhas left
paulhas joined
kikuchiyohas joined
larmahas left
larmahas joined
clownscihas left
lovetoxhas joined
lovetox
hm no sorry its prosody of course, ejabberd usually has pretty good error text
Жокирhas left
Жокирhas joined
lovetox
so is there consense what the text field of an error actually should contain?
lovetox
i know from history some server devs treat this like a debug string
defanor
I think providing such a message at all may be risky and unnecessary: as the RFC mentions, "In order to discourage directory harvest attacks, no differentiation is made between incorrect credentials and a nonexistent username.", while this points at incorrect credentials. Although even if it wasn't for a textual message, the number of challenges (with SCRAM, for instance) would give it up.
ajhas joined
ajhas left
lovetox
i think you misinterpret that security recommendation
lovetox
its not recommend to send a message like "Password wrong" which means Username is correct, and so you can harvest users
lovetox
but it does not mean you cant send a message like "Incorrect Credentials" or "Username or Password wrong"
lovetox
which is exactly what every service i encountered does
lovetox
ha !
lovetox
and prosody handles that wrong, its possible to harvest usernames with the prosody sasl impl
defanor
Indeed, I was talking about Prosody's message. A non-informative textual message should be fine.
lovetox
it aborts after <auth> if the username is no known✎
lovetox
it aborts after <auth> if the username is not known ✏
lovetox
if it knows the username, it sends a challenge
flow
lovetox, i'd say that <text/> should be user exposable, while encouraging impls to put detailed debug messages into something like <debug-text/>
lovetox
flow iq allows only one child or not?
flow
so? subchild
lovetox
yeah k :)
lovetox
i also think it should be user exposable
lovetox
that does not mean that every user in the world must understand what that message means
flow
Only very few places in xmpp disallow stuffing another extension element somewhere
lovetox
but it should be something that a user can easily google or ask for
flow
yep
debaclehas joined
flow
but to not allienate the user, making to text not to technical may also be a good advise
so not-authorized is allowed to be sent in response to <auth> and <response>
lovetox
if i send it in repsonse to <auth> its evident that the username is not existent
lovetox
because thats the only thing i send in a auth
flow
but you don't have to send it right after auth
flow
also, it is sasl mechanism specific what is send in auth
lovetox
yeah but i doubt any sever impl, now does a random challenge
lovetox
for a non existent user
lovetox
to fake it
lovetox
yeah im talking about PLAIN, and SCRAm
lovetox
scram also puts a bit more in the auth, but nothing that would trigger a not-autorized if i do it wrong
kikuchiyohas left
Jeybehas joined
lovetoxhas left
lovetoxhas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
debaclehas left
Жокирhas left
Жокирhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
Jeybehas left
Jeybehas joined
clownscihas joined
pulkomandyhas left
clownscihas left
pulkomandyhas joined
asterixhas left
asterixhas joined
pulkomandyhas left
Jeybehas left
Jeybehas joined
pulkomandyhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
lovetox
hm after auth was successful
lovetox
and there is a stream restart, is there a order of events
lovetox
like must the server first send the new stream header
lovetox
or does it not matter and i can fire it even if i didnt yet receive the server stream header
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
Jeybehas left
Jeybehas joined
lovetoxhas left
pulkomandyhas joined
Jeybehas left
Jeybehas joined
asterixhas left
asterixhas joined
Martinhas left
Martinhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
Martinhas left
Martinhas joined
pulkomandyhas left
pulkomandyhas joined
Martinhas left
Martinhas joined
lovetoxhas joined
Жокирhas left
Жокирhas joined
Martinhas left
Martinhas joined
asterixhas left
asterixhas joined
Жокирhas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
rionhas left
rionhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
pulkomandyhas left
pulkomandyhas joined
Jeybehas left
Jeybehas joined
clownscihas joined
Jeybehas left
Jeybehas joined
clownscihas left
Jeybehas left
Jeybehas joined
moparisthebesthas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
Jeybehas left
Jeybehas joined
kikuchiyohas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
Jeybehas left
Jeybehas joined
pulkomandyhas joined
Martinhas left
Martinhas joined
pulkomandyhas left
pulkomandyhas joined
paulhas left
paulhas joined
asterixhas left
asterixhas joined
pulkomandyhas left
pulkomandyhas joined
Meta Bergmanhas left
Meta Bergmanhas joined
Jeybehas left
Jeybehas joined
asterixhas left
Jeybehas left
Jeybehas joined
asterixhas joined
Meta Bergmanhas left
Meta Bergmanhas joined
lovetoxhas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
clownscihas joined
Jeybehas left
Jeybehas joined
Jeybehas left
asterixhas left
asterixhas joined
Jeybehas joined
clownscihas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
Martinhas left
Martinhas joined
Jeybehas left
Jeybehas joined
Martinhas left
Marchas left
Marchas joined
Martinhas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
debaclehas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
asterixhas left
asterixhas joined
kikuchiyohas left
kikuchiyohas joined
Jeybehas left
pulkomandyhas joined
Jeybehas joined
lovetoxhas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
goffihas joined
kikuchiyohas joined
strarhas left
strarhas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas joined
pulkomandyhas left
pulkomandyhas joined
Jeybehas left
Jeybehas joined
clownscihas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
clownscihas left
kikuchiyohas joined
Jeybehas left
Jeybehas joined
kikuchiyohas left
pulkomandyhas left
Jeybehas left
Jeybehas joined
pulkomandyhas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
kikuchiyohas joined
paulhas left
pulkomandyhas joined
asterixhas left
asterixhas joined
Jeybehas left
Jeybehas joined
kikuchiyohas left
paulhas joined
Jeybehas left
Jeybehas joined
kikuchiyohas joined
Jeybehas left
Jeybehas joined
asterixhas left
asterixhas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
pulkomandyhas left
kikuchiyohas joined
pulkomandyhas joined
kikuchiyohas left
kikuchiyohas joined
Jeybehas left
Jeybehas joined
kikuchiyohas left
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
kikuchiyohas left
kikuchiyohas joined
clownscihas joined
clownscihas left
Jeybehas left
Jeybehas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
pulkomandyhas left
pulkomandyhas joined
Jeybehas left
kikuchiyohas joined
Jeybehas joined
kikuchiyohas left
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
kikuchiyohas joined
Jeybehas left
Jeybehas joined
strarhas left
strarhas joined
Jeybehas left
Jeybehas joined
Жокирhas joined
clownscihas joined
rionhas left
rionhas joined
Жокирhas left
Жокирhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
clownscihas left
Jeybehas left
Жокирhas left
Жокирhas joined
Jeybehas joined
paulhas left
Marchas left
Marchas joined
asterixhas left
Jeybehas left
Jeybehas joined
Жокирhas left
Жокирhas joined
Martinhas left
Martinhas joined
goffihas left
lovetoxhas left
kikuchiyohas left
Marchas left
Marchas joined
kikuchiyohas joined
Marchas left
Marchas joined
kikuchiyohas left
raucaohas joined
raucao
hi. i requested to get an account for the wiki a while back and was told to wait for someone with admin privileges...
raucao
just wanted to check in again
pep.
raucao, hey, you should stick around. Not everybody with rights is there everywhere, and they need your email iirc
pep.
Ge0rG, Guus ^
raucao
oh, could it that there's no message archive for this room?
pep.
There is yeah but I don't know if everybody reads everything :)
pep.
(I think there is?)
raucao
looks like i have a hole in my history from when i wasn't joined
raucao
unless there weren't any messages for 7 days
raucao
ah, seeing the log link in the topic now. never mind
raucao
yeah, looks like MAM is not working for me in this room
raucao
(dino.im)
pep.
dino doesn't support muc mam
kikuchiyohas joined
raucao
are you sure about that? i'm using it daily in many rooms
raucao
what would even be the difference between muc mam and just mam?
raucao
is it a different XEP than https://xmpp.org/extensions/xep-0313.html ?
Martinhas left
pep.
muc mam is just mam on muc :)
pep.
And yes dino doesn't do that
pep.
it does normal muc history
Martinhas joined
raucao
certainly does not do "normal muc history". have that turned off in my rooms and using MAM
raucao
and dino works with it
raucao
unless i missed it not working for the last 12 months or so
raucao
normal history is just receiving a bunch of messages upon announcing presence, correct?
pep.
normal muc history is probably provided by your MAM module
kikuchiyohas left
raucao
https://github.com/dino/dino/wiki/Supported-XEPs
pep.
MUC join is you sending a join presence, you receiving all other occupants' presences, your receive a self presence, then you receive historical messages if there is any, then subject, then live messages
pep.
Ask in dino@ if you want
raucao
ok, well. i just told you that it works in all of the other many rooms i'm using and that i noticed it only for this room just now
raucao
but i'll ask there then
raucao
actually, nothing to ask for. i'll just check it myself
raucao
they clearly state that MAM is supported ,and they also have it as an option in the room menu
raucao
pep., are you using dino daily, or where does that knowledge come from?
pep.
"Message history" in the room details is muc history, not MAM
raucao
it's not message history
pep.
it is.
raucao
it's literally message archiving
larma
raucao, pep. is right, dino doesn't do MAM in MUCs (dino dev here)
larma
though if you didn't recognize yet, MUC history isn't that bad it seems 🙂
The MUC configuration form is send from the server and just displayed by dino
pep.
That's confusing settings
raucao
message archiving is not message archiving?
pep.
(not dino's choice)
pep.
raucao, message archiving here is MUC history
raucao
waaat
raucao
guys
pep.
Ah wait
pep.
No, message archiving is MAM here, you're correct
raucao
of course it is
pep.
That doesn't mean dino fetches it
larma
raucao, servers can add arbitrary settings there, dino just displays them without knowing what they mean
raucao
we don't allow normal history on our server
Zash
MUC history is something you get when you join, unless you actively opt-out.
raucao
yes, i realize that it's the room setting
pep.
That's just options your servers passes you
raucao
i know
raucao
still abysmal ux to show that and then not support it
raucao
no matter where it comes from
raucao
so it must be my phone that keeps track of history
larma
raucao, I do agree to some extend, but it's hard to do anything against that
raucao
and me being usually joined in the rooms i use
raucao
larma: what's so hard about implementing mam?
raucao
that's the right thing to do
raucao
if it does it for normal conversations anyway
pep.
raucao, "what's so hard about .." is probably not the way to do :p
raucao
that's a question in response to someone saying it
raucao
> but it's hard to do anything against that
raucao
that's a valid question
raucao
if someone says it's hard
raucao
i'm genuinely interested in improving the situation
pep.
it's slightly different then normal MAM, you have to target a MUC. You also have to special case MUC-PMs I guess
raucao
because i'm highly technical, so if i run into this, then many people will
pep.
And.. privacy concerns don't apply at the same points
pep.
Though I guess that should be solved when configuring the MUC..
raucao
there are no privacy concerns for local archives
larma
a) it's hard to implement MAM, especially with MUCs
b) it's hard to filter room settings to not display settings that could be confusing because they don't affect dino
pep.
raucao, "local"?
pep.
muc mam is stored on the muc
raucao
yes, but your local history is stored locally
raucao
what you mean is already the room setting
raucao
so you can choose it per room
Жокирhas left
Жокирhas joined
raucao
larma: so it's not implemented at all? i understood what pep. said as it being implemented for 1:1 chats
raucao
and it's clearly listed in https://github.com/dino/dino/wiki/Supported-XEPs
larma
It is implemented for your local server which means it can and does fetch the history of 1:1 chats
raucao
so for MUCs it would have to ask the MUC server is the main difference, aside from slightly different message, due to sender being the muc jid, right?
raucao
i added a comment on https://github.com/dino/dino/wiki/Supported-XEPs
raucao
so it's clear for people looking at that
raucao
sry for being offtopic in here now. the conversations/dino setup works so well for me that i was certain it must have been implemented :)
larma
the complicated part about MAM is not fetching messages, it's about fetching the messages you need, keeping track which you already got etc
raucao
yes, but you already solved that
raucao
obviously
larma
it becomes more complicated if you have multiple data sources
raucao
you only have one, no? the muc server's source
larma
well for the sync process I have mine and all the MUCs I am joined to
raucao
yes, of course
raucao
but that's only one variable
larma
it's not *that* simple
larma
I am not saying we are not going to implement it
larma
it's on the todo for 0.2 😉
raucao
cool
larma
(but it took more than 3 years from 0.0 to 0.1, so not sure what that means)
kikuchiyohas joined
larma
it's a requirement for reactions which is also planned for 0.2 😉
raucao
i would say it's a requirement for all usage of a modern chat app
raucao
message history is a basic feature, which users of other chat apps do expect IMO
Jeybehas left
Jeybehas joined
raucao
not just 20 messages "xmpp history", but i mean seamless archives with no holes
larma
you still have the local history, so it's not like things don't work properly
raucao
local history doesn't give you missing messages
raucao
to me it's broken
larma
it's just that if the server does not provide the necessary muc history to give you the missing messages that you have missing messages
raucao
no server will give you 1000 messages
larma
that's probably why you didn't even notice yet that there is no MAM in MUCs
raucao
especially not as default config
raucao
for normal history
raucao
because it's wildly inefficient
larma
you also usually don't look back 1000 messages in a history
raucao
no, but more than 20 for sure
raucao
the reason i didn't notice is that i usually don't leave rooms
larma
I am not saying it's perfect, but it's good enough for many
larma
well, if you leave a room you don't get its messages
larma
you are not supposed to
raucao
i think that's a very counterproductive opinion if you wants users to switch from telegram et al
raucao
but you're entitled to it, of course
kikuchiyohas left
larma
if you leave a signal or whatsapp group and join again later, you won't be able to read the messages in between
raucao
i didn't say signal or whatsapp. those are usually not used with larger groups as chat channels
raucao
more like small group of friends
larma
same for IRC
raucao
hahaha
larma
or Matrix depending on channel configuration
raucao
saying it's as bad as IRC is not a good thing
raucao
discourse, slack, etc. are the competitors in this use case
larma
slack, the thing where you can only read the latest 5000 messages in the free version?
raucao
they all have seamless history, because otherwise you can't work with people properly
raucao
yes, that thing. people do pay for it. that should tell you that it's valuable to have the history
raucao
people literally pay money for chat history
raucao
it's hilarious, but that's proving how important it is for work
raucao
also gitter, mattermost, rocket.chat and all the other ones focused on public rooms
raucao
or work rooms
larma
I guess you miss my point. I am not saying we don't want to implement MAM in MUCs, just that there are many occations where it is not wanted the way you are envisioning it