jdev - 2022-12-02


  1. MattJ

    Hey yarmo, welcome :)

  2. yarmo

    Hey folks! I was having some problems with performing vCard retrieval requests and I was hoping to get some advice here :) I'm sure the problem is between chair and computer

  3. yarmo

    I tested the following with a 404.city account. I set some vCard data years ago and have recently changed it. I'm trying to fetch this data. If I do a vcard-temp request as per https://xmpp.org/extensions/xep-0054.html#sect-idm46197103143648, I get the old data back. I don't understand why, this could be an issue with 404.city, I'm not sure. If I do a vcard4 request as per https://xmpp.org/extensions/xep-0292.html#self-iq-retrieval, I get "no module is handling this". Makes sense since XEP-0292 is deferred. I can get the correct updated vCard data through pubsub but this requires a presence subscription. So far so good. But then, how does something like mov.im fetch vcard data? When I visit my public page on mov.im, it has the updated data so somehow it can fetch the vcard4 data without needing a pubsub subscription. Or am I thinking about this wrong?

  4. MattJ

    If you publish new vcard data (including getting a response saying it was successful) and then you fetch it back and it's still the old data, it's a server bug

  5. MattJ

    The deferral of XEP-0292 (or any experimental XEP) is not a good indicator of much, other than the document hasn't been updated for a while. Various projects are moving over to XEP-0292, and we've been discussing some updates to the XEP that will cause it to leave the "deferred" state

  6. MattJ

    In particular I think we're mostly all agreed that the dedicated iq protocol there should be removed, and you should just fetch the vcard using a normal pubsub item fetch (there's no reason to have two methods for the same thing)

  7. MattJ

    and that leads me to the final thing about whether you need a subscription: you don't, necessarily

  8. MattJ

    One reason behind pushing XEP-0292 forward is that the vcard-temp XEP didn't really discuss much about who should be able to access a user's vcard

  9. Zash

    One of the benefits of vcard4, or specifically about storing it in pubsub, is that it allows for more flexible permissions, giving users control over who their profile is shared witnh.

  10. Zash

    One of the benefits of vcard4, or specifically about storing it in pubsub, is that it allows for more flexible permissions, giving users control over who their profile is shared with.

  11. MattJ

    However with XEP-0292 this is explicitly configurable, as pubsub has access control built in

  12. Zash

    IIRC both XEP-0054 and XEP-0292 says all vcards must always be public for the world, which is one of the things that ought to be changed.

  13. MattJ

    I think most people don't want/expect their vcard to be completely public. From a privacy perspective, profiles should be opt-in, at the very least.

  14. Sam

    (it does not say that you can't return different vcards to different people in the world though; but yah, that's a lot of client complexity that pubsub already handles)

  15. MattJ

    Sam, the vcard is returned by the server, and there is no protocol for the client to select what should be returned to who - so while things could be selectively disclosed, that would be up to the server implementation/deployment

  16. Zash

    Pubsub (in the PEP profile used for vcard4 here) defaults to only allowing access to contacts, which is reasonable, but explains your presence subscription requirement.

  17. Sam

    oh, right, been ages since I've looked at that; ignore me.

  18. yarmo

    Agreed it's imperative that sharing vcard data is/becomes opt-in.

  19. yarmo

    So maybe this is a dumb question, but how does mov.im get my vcard data then?

  20. MattJ

    edhelas, what spec(s) does Movim use for vCards?

  21. edhelas

    The pep based one

  22. yarmo

    vcard-temp or vcard4-over-xmpp?

  23. Zash

    vcard-temp is not PEP/PubSub

  24. MattJ

    The PEP one would be vcard4-over-xmpp (XEP-0292)

  25. yarmo

    I did a little bit of movim codebase digging but I'll guess I'll need to go in again :)

  26. Zash

    Tho it gets fuzzy if you have the server convert between them. Dunno if ejabberd has this, but Prosody does.

  27. yarmo

    So just for my understanding: vcard4-over-xmpp through pubsub should require a presence subscription. Movim uses vcard4-over-xmpp, but without needing a presence subscription from the profile it's showing (I don't recall having to accept a movim-related subscription)

  28. Zash

    yarmo, are you talking about you logging in with Movim into your own account and seeing your own vcard?

  29. yarmo

    No no, without logging in

  30. Zash

    where and when exactly?

  31. Zash

    (tho here edhelas probably knows more than me)

  32. yarmo

    I can open https://mov.im/?contact/yarmo%40404.city without being logged in and it will show me my vcard data

  33. yarmo

    (I

  34. yarmo

    (I'm only putting public data in there)

  35. Zash

    It could be using the vcard-temp data, which is public.

  36. yarmo

    It must be. So then I must be doing something wrong, because if I request vcard-temp data, it's outdated, must be a problem in my request, I'll investigate

  37. MattJ

    When I request your vcard-temp, I don't get what shows on mov.im

  38. yarmo

    Yeah, you get the "This is an OpenPGP proof..." data, correct?

  39. MattJ

    Yep

  40. yarmo

    I'm so confused

  41. Zash

    Caches? Uh

  42. MattJ

    and when I request your vCard4 from PEP I get a <presence-subscription-required> error

  43. MattJ

    I think we'll have to wait for edhelas to explain where this data is coming from on mov.im

  44. edhelas

    yarmo you decided to put your profile public

  45. edhelas

    https://upload.movim.eu/files/9d94237298995552fa13436420195fbca436dce7/Z1fM6Xf1elNS/image.png

  46. edhelas

    I see that the value is true in the DB

  47. yarmo

    Ok, I think I understand it now. I was still logged in on mov.im in a different browser. So while I wasn't using that browser session, mov.im still uses that session to sync my data. Once I logged out, mov.im's data was getting stale, not showing updated vCard data

  48. yarmo

    Would this make sense?

  49. edhelas

    It's from the cached data yes

  50. yarmo

    Thanks, this solves something that has confused me for a while

  51. yarmo

    Now I'll need to talk to 404.city and ask why their vcard-temp data is years old

  52. Zash

    Set by an old client and Modern™ clients don't look at it or let you edit it?

  53. Zash

    I also note that vcard4-in-pubsub requires nothing of the server, it's just another piece of data stored in pubsub. You can put anything there.

  54. Zash

    (nothing beyond existing pubsub/pep services which are part of xmpp baseline requirements)

  55. MattJ

    Zash, it's not like Prosody (or ejabberd, I think) ever validated vcard-temp contents :)

  56. Zash

    MattJ, true. But you can't just create another datatype under a different namespace at will, not the way PEP lets you.

  57. yarmo

    Sorry to bother again, but it's not just 404.city 🤔 Take this account on the movim.eu instance: https://mov.im/?contact/danie_vdm@movim.eu and look at the little bio in the top right. If you fetch its vcard-temp data, it's different.

  58. MattJ

    Well, we've established that the data shown on mov.im is not necessarily indicative of anything (it's served from a cache, and from PEP, not vcard-temp)

  59. lovetox

    yarmo, some clients moved away from vcard-temp

  60. lovetox

    means old data is stored there, but not used by anyone, until you log in with some client who uses it

  61. lovetox

    im pretty sure movim uses vcard4

  62. Zash

    One day in the future, we'll may simply disable all the vcard-temp modules

  63. Zash

    In the mean time, it's painful transition time.

  64. lovetox

    as for example Gajim, if you edit your vcard on Gajim or Movim, we will only update the Vcard4, the vcard-temp stays old

  65. yarmo

    I understand. Right, so it's not simply a cache issue. vcard-temp data will never be updated again, all clients now update vcard4 data. Ok, that makes sense

  66. Zash

    Getting away from the "temporary" vcard spec is going to take some time, you will likely see both for a while.

  67. Zash

    temporary since 2002...