jdev - 2023-06-28

  1. singpolyma

    selurvedu: yes, that's right. we had a long discussion about this in XSF room the other day. The XEP clearly says that a MUC must have room id and a service and that they are room@server but it's not written with MUST have localpart like you might expect

  2. selurvedu

    singpolyma, thanks for clarifying!

  3. Kev

    Although 2119 language is useful for clarity, text doesn't need to say MUST for it to be a requirement ;)

  4. nicoco

    selurvedu: there are notes about this at the bottom of https://wiki.xmpp.org/web/XEP-Remarks/XEP-0045:_Multi-User_Chat

  5. edhelas

    MattJ thanks for the mail on the ML about publish-options !

  6. MattJ


  7. selurvedu

    Kev, right

  8. selurvedu

    nicoco, it says "technically nothing prevents it", but it says nothing about Room ID being required by 0045, as discussed here.

  9. nicoco

    selurvedu: I didn't mean to get involved more than saying that there's a page on the wiki that mentions this ;-)

  10. selurvedu

    nicoco, thanks for letting me know ;)

  11. techmetx11

    hi jabber devs

  12. techmetx11

    does anyone think in-band registration should be deprecated for security reasons? (spammers)

  13. MattJ

    Yes and no

  14. techmetx11


  15. MattJ

    Unrestricted, unmonitored open IBR is a disaster

  16. techmetx11


  17. techmetx11

    i'm noticing that in MANY mucs today

  18. MattJ

    But IBR is just a protocol, and it doesn't have to be unrestricted, unmonitored, or even open

  19. techmetx11

    i do think IBR shouldn't be unrestricted

  20. MattJ

    I'm just preparing to submit a XEP proposal right now that would help automate defences against the current attacks

  21. Link Mauve

    techmetx11, at JabberFR, it is unrestricted and open, but monitored quite closely.

  22. Link Mauve

    And if you ever encounter a spammer from our servers (some always slip through), please report it to us. :)

  23. techmetx11

    Link Mauve: i registered an account at one of the reported XMPP servers that the current spammer was using (yax.im)

  24. techmetx11

    i was shocked how easy it was, just a name and password and "Registration successful"

  25. MattJ

    XMPP: "I was shocked how easy it was!"

  26. Zash

    PR the website!

  27. Link Mauve

    techmetx11, that’s to be expected, why would creating an account be hard?

  28. techmetx11

    Link Mauve: the problem is, if it's TOO unrestricted

  29. techmetx11

    you can't keep up

  30. techmetx11

    seriously the spammer rn, registers an account, uses it for only a few seconds, and stops using it to register another one

  31. Link Mauve

    Ah sorry, you probably know better than I do that I can’t keep up for the past six years.

  32. techmetx11

    sorry sorry

  33. MattJ

    techmetx11, if you see any further yax.im accounts involved in that (unlikely) please report them

  34. techmetx11

    you don't have to be sarcastic

  35. techmetx11

    Link Mauve: i wonder what you did?

  36. lissine

    tip: if someone decides to add email verification to the registration process, there are services online that provide temporary email addresses for free. (lookup "tempmail" or "10 minute mail") There probably is a blacklist of the domains used in email addresses somewhere though.

  37. Link Mauve

    That’s a secret~

  38. techmetx11

    ah i see

  39. techmetx11

    sorry if i'm rude and all, this has just been a problem

  40. msavoritias

    it has. but we cant just close public registrations. yet 😉

  41. moparisthebest

    Or just mailinator.com

  42. techmetx11

    Link Mauve: hopefully i wasn't too bad :P

  43. Kev

    I hold the unpopular opinion that IBR doesn't actually buy us anything, but I know I'm a minority of ~= 1 on that.

  44. qy

    Do any servers still allow anonymous login?

  45. moparisthebest

    Lots, but hopefully not with s2s enabled

    👍️ 1
  46. moparisthebest

    (lots == every web support chat for instance)

  47. Maranda


  48. qy

    I wondered if i could use it for crash reporting

  49. qy

    I guess not

  50. moparisthebest

    Sure, don't need s2s there

  51. qy

    But do need a server

  52. moparisthebest


  53. Zash

    Like Conversations does?

  54. Zash

    Except, opening a new c2s for it? Hmmm

  55. Zash

    There, https://logs.xmpp.org/ now defaults to _not_ showing joins and parts

  56. Zash

    Are y'all happy now?

  57. MattJ

    Never. But thanks :)

  58. Zash

    > 2 files changed, 43 insertions(+), 15 deletions(-)

  59. moparisthebest

    I could not be happier

  60. Zash

    I do wonder if this could just be a raw MAM query and some XSLT ...

  61. jonas’

    xslt is turing complete. so yes.

  62. moparisthebest

    Only if you enjoy pain

  63. Zash

    After doing stuff with OAuth2, JSON Schema, OpenAPI for a bit, some XSLT would be nice and relaxing

  64. Zash

    After doing stuff with OAuth2, JSON Schema, OpenAPI, k8s for a bit, some XSLT would be nice and relaxing

  65. Link Mauve

    Zash, a tiny cosmetic issue is that this website still creates links for days with no message at all, such as https://logs.xmpp.org/xsf/2020-03-22

  66. Zash

    Link Mauve, there's joins and parts on those, shush

  67. Link Mauve

    Hence cosmetic. :)

  68. Zash

    Liket this was a minor usability issue?

  69. Zash

    Like this was a minor usability issue?

  70. Link Mauve


  71. Zash

    Which has taken multiple failed attempts over sevral *years* to fix?

  72. Link Mauve

    Oh, I see.

  73. Zash

    So, yeah, maybe that can be fixed in some 7 years

  74. Zash


  75. Zash

    Link Mauve, it's fast and efficient becasue it just grabs an existing index of days that has any data at all

  76. Zash

    filtering out "empty" days would require actually looking at the data

  77. Link Mauve

    Yeah, I know mod_storage_xmlarchive’s structure. :)

  78. Zash

    Link Mauve, how about the lazy mode, where just assumes that *every* day has content? :)