jdev - 2023-06-06

Ofrom is necessary if you support MUC history , when I remember correctly

If you only support MAM the it's not necessary

the reason is that the only way for a MUC to make a real jid known is via presence

problem is, if a user joins a muc and requests MUC history, the users that generated that history may not be joined anymore

so how would the MUC make the real jid known

in come XEP 0033

when i think about it now, the same thing is probably true for a MAM history request anyway

ah no MAM has its own mechanism to make the real jid known

via `<x xmlns='http://jabber.org/protocol/muc#user'>' ✏

so i think i remember correctly, ofrom is necessary for all servers that offer MUC History, and all clients who implement MUC History

on that note, i dont know why clients still bother with MUC History

Gajim removed it since years

Nice 🙂

trollge dei paithiyam ✏

hari, we've moved on from that incident. Can we help you?

Hello MattJ can you explain how client and component connecting in xmpp?

They both connect to the server. Client connections usually happen over a TCP+TLS stream or over websockets.

Components usually connect to the server over a local connection from the same machine

I have a component named `hari.abc.org` in xmpp server, how can i send a stanza as a anonymous user to that server component?

<message to="hari.abc.org"><body>Hello world</body><message>

to="anything@hari.abc.org" will also work

How to send stanza from that server to that `anything@hari.abc.org` (client)?

singpolyma so based on what lovetox said I'm not planning to merge that PR

Also because it really change how the messages are handled and introduces a few DB requests that will slow things down

hari: you said hari.abc.org is your component, so the client address must be something else

When your component receives a stanza, it will have a 'from' address on the stanza, you just send your reply to that address

Okay, thank you MattJ

edhelas: ok. I will have to prioritize a small fork probably then. Thanks for letting me know

The performances with your patch will probably not be good at all, it add one, maybe two SQL requests for each messages received.

If that is the concern I'm certainly happy to try figuring out how to improve it

edhelas: the extra query is to load the contact associated with the message, right? That's the main offender?

Hello MattJ ,it sends stanza to the server itself .No stanza sent to the client.

What type of stanza?

Message stanza

Are you sending to a bare JID (user@example.org) or a full JID (user@example.org/resource)?

full jid

Then it should work fine, if the client is connected

You are sending to exactly the same JID you received the message from?

` this.xmpp.on("stanza", async (data) => { const message = xml( "message", { type: "chat", from: "hari.abc.org", to: data.attrs.from }, xml("body", {}, "Hello People") ); await this.xmpp.send(message); } ` Like this

hari: i'm assuming the JSON object gets serialized to <message type="chat" from="hari.abc.org" to=[data.attrs.from]><body>Hello People</body></message>

hari: you can enable debug logging (it looks like you are using xmpp.js? It has a debug mode you can enable), then you will see the exact XML sent/received

If it looks correct, you should next investigate your server logs to see what happens next to the message

about the <x> which was added for PMs. Is there any reason why the MUC Server can not add this tag ?

How does your server know it's a PM then?

Before it reaches the MUC

ah because of MAM?

yes its true that my server would not know it

but this is no argument why the MUC server does not enforce that at least the other side knows it

Well it could if it kept track of MUC joins, which is possible but extra work.

maybe i misunderstand how PMs work

i thought PMs are sent "over" the MUC server

You → your server → MUC → recipients server → recipient

its a chat message to a full jid

The MUC can't enforce things on the left side of tha

I don't see why it (and the XEP) couldn't enforce it on messages coming out tho.

exactly and when i address a chat message with a full JID to a MUC server, what would it be other than a PM?

ah

i think i misunderstood your answer

> Well it could if it kept track of MUC joins, which is possible but extra work.

you meant my server

obviously the MUC server keeps track

Sure

But I don't know if servers actively keep track of MUC joins

i dont care about the left side

The minimum required is to keep track of directed presence.

if a user uses a client who does not add the X, maybe this client does not need it, and has no use for it

but that does not mean that others on the right side dont need it

MAM and Carbons could be confused, on both sides of the MUC

sure, there are arguments for the sending client to add it, we dont need to discuss this

but there are clients out there who will never get updated, because legacy

Would it not be sensibel for the MUC server to add the <x> if it is missing, and the MUC server knows that its a PM

Yes, it would.

thanks

Me, in 2014, apparently agreed as well: https://hg.prosody.im/0.10/rev/09151d26560a ✏

so you are saying prosody does this already

yes

great, one off the list ✏

But now I'm uncertain what happens if it's already there

Ah, been there, done that: https://issues.prosody.im/1427

the whole occupant-id XEP is a bit optimistic isnt it

> The occupant identifier MUST be generated such that it is stable. This means that if a user joins the same room a second time, the occupant identifier MUST be the same as was assigned the first time

> One way to ensure these properties is to generate a private secret key

so something that can be easily lost

Something like `HMAC(room.random, occupant.real_bare_jid)`

As easily lost as the room configuration 🤷️

In Prosody the room secret is basically a hidden config option ✏

so you are saying, if a server operator would lose this key

no ..

> One way

the problem is the client will never know if this key was lost

You could just as well be lazy and make the room JID the key

even if the room config is lost, and all rooms are wiped, if they are recreated, the client will never know

Why do you need to know that?

because then all my assumptions which i base on occupant-id are out of the window

obviously we have it to identify persons across nick changes and in anonymous rooms

how this could be solved in my opinion is, if a value is placed in the room disco info which is also generated by this key

as long as this value does not change i know the server operator did not lose his key

hmm but what if the key is lost and a new one is generated

all occupant ids would then need to be different

so probably not *that* bad

the only bad thing would be if a occupant-id now points at another user

which is hopefully nearly impossible

the only place i would notice is, if real jids are visible

if i plan ahead and simply assume that a real jid per groupchat can in the end have multiple occupant-ids

i should be fine

or i simply never try to match real jids with occupant-ids, then im just oblivious to the fact that it changed

if you have real jids, do you really need occupant-ids ever?

no, but if you have both one could imagine methods like, get_contact_from_occupant_id()

and that contact would have a real jid

or something in that realm, hard to say for what we will need the occupant id in the future

for now lets count what we can do with it

retract a message, track nick name changes

hm maybe im overthinking this

no we dont need it for message retraction

for what do i need the occupant-id ..

ah indeed message retraction

for retractions and such that happens in the MAM logs

ah because its not moderation

if you do not observe the event directly (with all the presence info)

its user retractions

ah yeah

for moderation you might at most want to have a way to select the user even if they try to avoid you by changing nickname

e.g if you select a message and have an action to ban the user from there

in the moderation case i have the real jid anyway

ah, right, most likely

also in the lmc case i could check the occupant id

last time we talked about some other xep that was beeing rewritten

becasue it misses occupant id

do you remember what that was?

LMC in MAM, or live correction of a message you got from MAM, that was the original use case, right?

dunno, check logs of here?

search for the win

it was Mentions

of course in a anonymous room you want to use something more stable then the nick

hm, yeah

occupant-id really should have been the resource slot instead of nickname :/

do moderators always have the real jid?

admins at least

not sure about moderators

If you could use occupant-id for administrative actions, then there's less need for them to see real JIDs

moderators can see the real jid

> but MUST include the new occupant's full JID only in the presence notifications it sends to occupants with a role of "moderator" and not to non-moderator occupants.

the problem is the member list, you will always need the real jid for that

so not worth it to hide it for other tasks ..

perhaps we should invent a new way to get the member list, with a single command instead of one per affiliation

IIRC there's been wishes for that before

I think JID forwarding is a configurable property of a MUC room, no?

cf. muc#roomconfig_whois

yes it is, but fyi this does not apply to all occupants

only to ones with specific roles ✏

e.g. admins/owners/moderators can always see your JID

you can set muc#roomconfig_whois to anyone, to allow anyone™ to receive the same info (if that is of interest, for instance, for cybersecurity reasons)

yes, we talk about the cases where people explicitly not do this

maintaining certain features without having a stable identifier is tricky

thats why occupant-id was invented

(as there is no way to enforce adherence to nick-name-policies, and it is easy to pretend to be some-one else)

Peter Waher, let me tell you about https://xmpp.org/extensions/xep-0045.html#register

acutally why was user retraction not made with MUC support

and https://xmpp.org/extensions/xep-0045.html#reservednick

meaning, the MUC validates if a retraction comes from the right user

and only forwards the retraction if it is

lovetox, because then all the MUC implementations must implement it?

and nobody can use it until then

nothing prevents that enforcement from being added, does it?

so now all servers need implement occupant id, and nobody can use it till then

occupant-id is pretty easy tho, and useful for many things

not true in a non-anon case we can already use it

"Zash> if you have real jids, do you really need occupant-ids ever?" Yeah, not to have 36 ways to do the same thing

2 == 36? ok

Zash [21:55]: > perhaps we should invent a new way to get the member list, with a single command instead of one per affiliation https://xmpp.org/extensions/xep-0463.html

"Zash> If you could use occupant-id for administrative actions, then there's less need for them to see real JIDs" < this.

you're mixing hypothetical future possibilities with current states

> If

I was just reading logs and replying to that without reading the live feed

You're misinterpreting :)

s/this/I want this too/

Mixing threads is confusing without threading ;)

MattJ, there are too many XEPs!!!!1!!eleventy. I didn't know this one returned the initial state.

I know services where it's not possible to start a thread on a threaded message, so this certainly would have been useless :P

I wonder if affiliations results should contain the occupant-id too

i would not open that box

Why not

as said, the XEP says "MUST provide a stable-id"

but we know because we are humans, that this will not be possible always

So we deal with it and it's fine?

you could plan for it, but if you dont really have a use case

Wait what's "it" here?

mapping jids to occupant ids

whats nicer with occupant ids is, that there are included in messages

not like real jids, where you need to map nicknames, to precenses

and find the real jid that way

Yeah fwiw I think the resource was a mistake

i guess everybody knows that, but nothing we can do about it now

We can progressively replace it :)

It's not like MUC stopped evolving

That would be nice. For stuff to evolve :D

Evolve or die (and be replaced by MIX)!

Heh. I can get behind that :P ✏

meh

Or we could do Groupchat 3.0!

MUX? MAX? MUC reloaded?

did someone implement MIX and found something bad designed?

for me cost/benefit is still not there

there is some pains with MUC, but there are not that bad that i implement a whole new protocol

Yeah, I think it's not "bad" so much as it's very complex and not backwards compatible with few advantages

its probably better designed, but for the enduser very little changes probably

does prosody have some MIX support?

Not that I know of.

Just minimix heh

We have been too busy fixing other stuff to think about MIX and MUC anyway

and so much OAuth 2.0

Yep. But from what i have read at some point either MUC will need some serious revisit or MIX will need to be fixed/implemented

The main architectural thing is that in MUC, it is clients that join the chat, while in MIX it is the user, thus it doesn't matter if the client goes offline or stuff. But we can sorta emulate that with affiliations and addons, plus we already have MUC implemented and deployed.

does MIX allow the 20.000 user room use case?

lovetox: that use case the only issue is presence really, right?

With 20 people actually active?

singpolyma, yes

Presence is optional in MIX (and MUC) so presumably yes.

I've seen some say they fix that by disabling presence in big mucs

But can a human being really keep track of that many people? IIRC Dunbar says we can remember about 3000 people.

i dont need to know who is in the room

question is if some things break down if i have no presence at all

i guess not if all messages have a occupant-id ^^

20.000 participants you neither see nor hear from? That's probably fine :) ✏

At that point why not just poll MAM ?

Then you can skip the entering part

and all the parts

for example currently a admin could not ban a user if presence is disabled

IIRC there was an idea for optimization where you only send presence if someone says sometihng

Then if someone says some shit, admins get presence and can use that to kickban

also you can have no avatars

but i guess MUCs could inject some kind of avatar hash into each message

Send presence before you send a message

Yeah

i mean we could work around all those issues, and at the end we would probably land at something like MIX :D

And then we can add MIX the protocol on top of that MUC codebase!

And then phase out the MUC protocol bits

Current MUC avatars only barely work anyway and rely on stuff we'd like to deprecate (like vcard-temp)

After that any from-scratch implementation could be MIX from the start

singpolyma, so much this

Should do a new protocol that just uses pubsub ;)

load mod_pep onto the MUC, ???, PROFIT!

(srsly, if someone wrote some glue to hook up permissions with the MUC, then it should mostly work)

Zash: oh, I meant if we want to replace muc with something. PEP on the muc I want but that's not useful for avatars really

Yep. I am starting to mess around with a xmpp library myself and the choice was basically: MUC with a bunch of workarounds that make into MIX. Or MIX.

singpolyma, each MUC room gets a pubsub service, users could publish avatars there (% permissions)

Zash: gross

and then you could get away from the presence and vcard-temp requirements

singpolyma, why? it'd be kinda half-way to MIX

We can already do pep avatar with muc iq. We "just" need a way to advertise it

That requires an occupant and presence

I don't want to upload my avatar to every muc I join and have them all store it. Easy to get out of sync and very redundant

Zash: why presence?

I can do muc iq without presence

i think this is already solved in prosody or not?

singpolyma, if you are offline, iq routing does not work

even the subset that gets redirected to the bare JID (which is an undocumented hack)

You mean not joined to muc? Sure, of course

could work if your nick was registered I guess

and needing a client to be joined is the big weakness of MUC

What is the undocumented hack btw? Based on namespace?

Yes

if namespace == vcard-temp then stanza.attr.to = barejid

IIRC ejabberd did it by handling vcard-temp to full JIDs :/

Makes sense. MUC iq is gross for sure. But it works well enough for this kind of thing. Unlike Muji where it's totally broken

and if on the other hand is a server which does avatar conversion, then the request goes to your PEP or not?

so in a way you can already request participants PEP in the MUC

> and needing a client to be joined is the big weakness of MUC Depends on use case I guess. It's also a big strength ✏ ↺

s/weakness/trade-off/ wrt MIX

Sure. You really want to see who is currently in the group though, especially with small groups. And big public rooms you don't want to hang around to everyone you've ever seen.

Either could be done either way, with various differences and something something

Don't you use affiliations anyway?

For which part? I use affiliations for some stuff yes

Here's a question: does it *ever* makes sense to route a MUC iq to full jid? What's the use case that would actually work for? BoB maybe, anything else?

(i know Muji is using it, but it pretty much doesn't work there...)

singpolyma, disco#info, version query, dunno

probably mostly things that are privacy nightmares

I guess it's semi fine for those. There are cases where it'll break but maybe not in ways that matter

hey i have a nice addition for MUC Moderation XEP

add request to delete all messages from a user with a certain occupant id

can do that in the client pretty easily, no?

no

also not a reason to do it there only because you *can*

the server can do it better and with much less stanzas

you can only moderate what you saw as a client

(which granted will be enough most of the the time)

but it may not be all

further i think its not the nicest thing to send for example 100 retraction stanzas at once

uhh thinking about LMC retraction is probably tricky

if a message was corrected 3 times

and i didnt store all 3 ids

a retraction can have unwanted consequences

retraction of the middle LMC?

no of the last for example

thanks for the fresh nightmare material! :)

usually the user want to remove the message that he sees

but i think clients dont store the old corrected message ids anymore

hmm ... maybe i should not allow in Gajim to retract corrected messages

or think about it a bit more

in MUC i think you are save if the server replaces with a tombstone that only removes the body?

or maybe this is simply something the receiving client has to take correctly care of