jdev - 2023-08-25

Could SOAP be used instead of dbus for message passing?

or is it also xmpp directly?

i have heard that you can use also xmpp as dbus

also there is something called JOAP apparently

Oh no I had nearly forgotten about SOAP, I only have a vague memory of pain

MSavoritias (fae,ve): there are several ways to do RPC with XMPP. XML-RPC, ad hoc commands, or custom iqs. Of course soap is also possible but that's never been specced I think?

there is soap over xmpp

but yeah was just curious. I have heard horrible stories about SOAP

:P

Properly deployed soap is honestly fine. It's just that like all enterprise tech, most of the stuff in the wild was poorly deployed

(fine if what you want/need is RPC of course)

These days they've renamed it graphql which is the same thing again with all new tech

ah classic

so reading through XEP-0402, if i want to make a p2p client with that i basically have to "fake" a server in my library don't I?

For a P2P client you should just be running a whole server imho

Details are up to you

well i dont want to write a server and strap it to my library though :P

embedded prosody?

^

that still straps a server next to the client. which also has a library. seems like duplication of resources

instead i could have a library

just the library

XMPP s2s is p2p, so you want a server, you can write all this logic or use an existing server

s2s is server to server its in the name

but anyway. i will see for another xep i guess.

You could write a mod_client in Prosody, which would make it into a client on its own. :D

A client doesn't *have* to talk to a server over c2s it can do it's own thing there

But for P2P XMPP you definitely want something that talks s2s externally

> You could write a mod_client in Prosody, which would make it into a client on its own. :D I think this exists, sort of ↺

A few probably, at least mod_rest or whatever

I think the LAN p2p xep is basically this, but relaxes s2s security stuff quite a bit due to trusting the local network

But yeah, I think depending on need "a whole server" makes it sound more complex than it is. It's just an authenticated XML stream, same as c2s

The real question is what happens when you're offline

for offline messages? gnunet supports offline messages at the transport layer between 1:1 on a DHT like i2pbote to my undrestanding

in group chats its an issue yeah

I think the existing lan P2P xep was an interesting historical thing from the distant past where you didn't need encryption and could use local network discovery etc etc, but is pretty obsolete today

which needs to be solved anyway imo

Today you just run a server and keep all the good stuff

fair but thats not what i asked :)

but point taken i cant use 0402 it seems

> so reading through XEP-0402, if i want to make a p2p client with that i basically have to "fake" a server in my library don't I? I think it is :) whether you call it "fake" or not you need a "server" ↺

I think the LAN p2p is still useful, but only on a lan of course. It's fun at conferences for example

moparisthebest, nope i dont :)

I'm not sure stuff like 402 is interesting though. As you'd have multiple servers (one per client) now, not one per account

> I think the LAN p2p is still useful, but only on a lan of course. It's fun at conferences for example But why bother when it's even easier to just run a server ↺

singpolyma, not any more, because no one else is using it any more, because clients dropped support.

moparisthebest: I don't understand the difference

moparisthebest, and ask everyone at the conference to configure their credentials for your server?

To scan a qr code? Sure

> singpolyma, not any more, because no one else is using it any more, because clients dropped support. Clients drop support for lots of things, can always add it back ↺

Or pass it around via avahi or whatever, still way way easier than implementing that

So you're saying advertise real jid via avahi? IIRC the xep does have a provision for that. That requires internet and exposes your JID but you're correct neither of those is an obstacle for me generally

No I mean like, Snikket invite over avahi

In case they don't have a jid?

Or MUC-token-invite :-°

pep.: Yes

Definitely a needed thing

Maybe an invite token can also be stuffed in there somehow for an account to be created

(If needed)

That's kinda what Snikket already does, but yes

No, Snikket invites get you an account, period

I mean it puts new accounts into the same muc no?

If you have one already you can't use it

Yeah it does, the new account

Snikket invites get you a new account optionally + add a contact

If you use the xmpp URI version

Yes I agree though, it'd be nice to "here use this to join from your existing account or create a new one and join"

is https://xmpp.org/extensions/xep-0246.html advisable for implementation?

> XEP-0246: End-to-End XML Streams

i am asking because the serverless messaging is historical obviously

MSavoritias (fae,ve): what is serverless

https://xmpp.org/extensions/xep-0174.html

this ^

> is https://xmpp.org/extensions/xep-0246.html advisable for implementation? Hmm well you need to come up with a good way to authenticate the connections, if you are talking client-to-client they don't have ways to generate certs each other can trust yet ↺

Sharing public key hashes over OMEMO or similar would work

> well i dont want to write a server and strap it to my library though :P you could masquerade as a server and just not send client stanzas ever lol

> Sharing public key hashes over OMEMO or similar would work got it. thank you

>XMPP s2s is p2p thanks for the laugh

(genuinely laughed at that, its true but warping what p2p is supposed to entail)

>>XMPP s2s is p2p > thanks for the laugh It's not a joke, it's literally p2p ↺

its s2s, we're peers, they're servers

servers are peers

>Somebody who is, or something that is, at a level or of a value equal (to that of something else). ok strictly speaking, sure

And if the "server" protocol is spoken by a client it's literally p2p

Each server creates and maintains a connection to each and every other server, the exact definition of peer to peer ✏

moparisthebest, pretty sure jingle has ways to share TLS pubkey/cert fingerprints for stuff like this

well theres partial-mesh p2p as well thats mediated by something typically dht

Hmm server discovery via dht you say? Intriguing...

there is https://xmpp.org/extensions/xep-0247.html

for jingle p2p ^

> i am asking because the serverless messaging is historical obviously 0174 is finalised so i wouldnt say historical, just lack of support now because who the hell messes with mdns for messaging

agreed

anyone remember jingle nodes?

i could see it useful in an organisational setting but typically corporations will be hosting a server anyway, so most use cases even for that are kinda meh

> there is https://xmpp.org/extensions/xep-0247.html Rekt: > Note: It is STRONGLY RECOMMENDED to encrypt all end-to-end XML streams as described in Jingle-XTLS (currently located at <http://xmpp.org/extensions/inbox/jingle-xtls.html>). Those security flows are NOT described here. ↺

maybe when i go to my first DEF CON i'll advertise an xmpp ptr to their public wifi :>

> i could see it useful in an organisational setting but typically corporations will be hosting a server anyway, so most use cases even for that are kinda meh And few organizations have everyone in the same building on the same network ↺

yeah thats true subnetting is a hurdle; so there you go, many things that break the illusion of serverless in the context of that xep

Meanwhile, using Slack to talk to the person sitting at the desk next to you

moparisthebest, gnunet is already encrypted on the transport level ;)

plus i can probably use https://xmpp.org/extensions/xep-0396.html

for jingle omemo

zash: sorry to inform you but your browser is unsupported next month, we need to change random UI elements to confuse the hell out of you when you come back into the office

XTLS is one of those legendary things that were supposed to solve all problems, but somehow never got accepted?'

it seems interesting but tls is tied to DNS isnt it?

so useless to me

wait like, tls over xmpp? what the fuck

MSavoritias (fae,ve), incorrect

No, TLS is unrelated to DNS mostly

ah

will take a look then :)

man i still wish s/mime didnt fall on its face outside of business settings

i still want an s/mime certificate

so that means i can also use RFC 7590 potentially. nice :D

Is that raw public keys?

rfc 8823 already exists to issue s/mime over acme :<

> Hmm server discovery via dht you say? Intriguing... Now I can't stop thinking about this ↺

moparisthebest, lol i missed that message sorry

>> Hmm server discovery via dht you say? Intriguing... > Now I can't stop thinking about this +1

yeah lets just put dns inside the other protocol and call it something else and use kademlia thatll fix things :^)

> There is nothing in any of these standards that would > prevent me from including a 1 gigabit MPEG movie of me > playing with my cat as one of the RDN components of the DN > in my certificate. -- Bob Jueneman on IETF-PKIX

Not even X.509 is tied to DNS

oh man i could pipe this over irc

opal: https://www.bitlbee.org ?

nah the cat mpeg

Web PKI is why everything is tied to DNS, and why we can't have nice things like XMPP-only certificates

moparisthebest, i piped towel.blinkenlights.nl to irc before

>> Hmm server discovery via dht you say? Intriguing... > Now I can't stop thinking about this What's the advantage over DNS? ↺

> Sharing public key hashes over OMEMO or similar would work specifically this https://xmpp.org/extensions/xep-0250.html

but with omemo

>> Now I can't stop thinking about this > What's the advantage over DNS? Having thought about it for 2 minutes, it could be a solution for hosting XMPP servers securely without domain names or DNS without resorting to Tor ↺

Isn't it the same as using Tor?

tl;dr Tor .onion domains but over clearnet, pinned TLS without needing CAs or DNSSEC or DANE

>> What's the advantage over DNS? > Having thought about it for 2 minutes, it could be a solution for hosting XMPP servers securely without domain names or DNS without resorting to Tor Yes. Records will have similar advantage as a .torrent. It would be pretty cool

I would built atop an existing DHT or similar. Which in practise for this means ipfs or Tor probably ✏

ik tor is the first example to come to everyones head when thinking of "not dns" but it doesnt even use dht

^

>> Sharing public key hashes over OMEMO or similar would work > specifically this https://xmpp.org/extensions/xep-0250.html > > but with omemo i'm experiencing some terrible omemo bug with Profanity atm... to the point i'm for now only using Conversation so not too sure on this one.

Tor is great but the downside is it's a bit too slow for calls etc, doing something like this could give us the security of onion domains but over clearnet (and obviously lose the Privacy of Tor too)

lets take a step back, we're talking about dht to essentially share ip addresses, right? why not just compare it to bittorrent at this rate

profanity doesnt care about omemo afaik. they push fox OX more

profanity implements omemo and its one of the tui clients that does it reasonably well

moparisthebest: you don't need to send calls etc Traffic over Tor to use onion names

pray tell how "onion names" are useful in any way here

> lets take a step back, we're talking about dht to essentially share ip addresses, right? why not just compare it to bittorrent at this rate Basically yes, but they'd need signed etc ↺

> pray tell how "onion names" are useful in any way here You want to set up a server but don't own a domain name ↺

opal: p2p server naming if you don't want to use dns ✏

but then why not use GNS which is also backwards compatible with DNS

ok i dont think public-key hashes will help with supplanting dns

you have my pubkey, how are you gonna connect to me, lol

That's what onion names are good at :)

Getting a connection out of the key hash

There are other equivalent solutions of course

> you have my pubkey, how are you gonna connect to me, lol Getting your signed connection details from a dht ↺

i think you misunderstand that "onion names" are useless on their own, they leverage tor dirauths to actually look up the hidden service location within the tor network (well, its tunnels)

opal: that... Doesn't sound useless?

moparisthebest, i can sign an ip address without even mentioning any aspect of tor

singpolyma, tor's more centralised than you think, that's my point

Sure. I'm not sure if that matters or not

well we can add a dirauth bootstrap to xmpp and start a committee to ban bad nodes off the network if thats what youre after

DNS is also less centralized that some people think. It all depends on goals

i just think the tor metaphor is verrrrrrry naïve to use here

What metaphor?

comparing dht to tor in the first place

They're both semi centralized lookup services for keys to metadata that can allow a connection

look at its cousin, i2p, if you want something slightly closer to the goal here

I don't think we decided what the goal is

but then the i2p thing breaks when you start thinking about its use of pet names and hosts files :)

(i suppose you could call a JID a "pet name" and your roster your "hosts file" lol)

Anyway, my point was just that DNS can probably be made to work in most cases and when not there are a bunch of existing solutions depending on goals. I don't think we need to invent or spec anything

i mean, all this discussion is useful especially if we start talking about encrypted layer-3 transits such as cjdns, yggdrasil, even some vpn like dn42 or anonet

well the latter still require tls for transit encryption nvm

former two are perfect examples though, everyone can "directly" (i.e. no nat bullshit) connect to everyone else in the network, encrypted and verified by the ip address (pubkey) alone

If you have public-key-is-your-IP like cjdns you don't need DNS or TLS or discovery at all

yeah

well, discovery?

how do you know 202:8478:47ac:3fff:177c:a994:51e4:9c55 has any xmpp resources attached without either asking me or scanning the whole network

Because it's in the domainpart of a jid

oh youre saying i could just give you opal@[202:8478:47ac:3fff:177c:a994:51e4:9c55] and it'll suffice

Yes

gotcha

I assume cjdns sucks on mobile like most such things. Does anyone know?

i assume cjdns sucks but cjd is a cool guy :D

all p2p sucks on mobile

(i looked at the codebase back when node was still a requirement)

yggdrasil on mobile is usable

It's been like a decade since I touched that

at best, it sucks massive amounts of power

and this is why I'm firmly behind the federated client-server model :)

ygg is dormant unless you route, and typically youre chosen for routing if you have good access to two peers

That's another bonus point for DHT XMPP server discovery, it only eats battery during the discovery phase :)

yeah c2s is a good stopgap for the current internet

p2p things tend to be chatty, as does chat things

Well, all p2p is fake and semi centralized. If mobile leeches it can maybe work. I don't know how much that's been tried

lets just communicate telepathically, problems solved

moparisthebest: if leeching, yes

singpolyma, no no, these are not servers, they're "supernodes" and that's not centralization, they're called "bootstrap nodes" :)

The reason DHT burns power is if you make every mobile client a member of the DHT

Zash: ah, yes. The good old "bootstrap node" at irc.libera.chat ;)

lesson learned: turtles all the way

Speaking of Tor, interesting https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/

Did they just introduce TorCoin??

lol @ hidservs still suffering from DoS

also lol @ the DNMs and the reddit clone being "protected" by some stupid captcha and a script to drop circuits on failure

i'd say half of it is because they all run bloated dynamically-generated php websites, and the other half is tor's slow circuit-building process

oh man that was recent moparisthebest

yeah ive been hearing talk about PoW on the MLs on and off over the years

> Did they just introduce TorCoin?? looks like a one-time challenge which is honestly reasonable, just offloads cpu requirement to the client