jdev - 2023-11-06

  1. meson

    singpolyma: certwatch only tries to connect to the ipv6 address for me, which isn't working. Could it be changed so that it tries both ipv4 and ipv6 and give appropriate reports/errors accordingly?

  2. Zash

    Eyeballs of happyness?

  3. bodqhrohro

    Zash: yes.

  4. lovetox

    i dont see any limitations in the pubsub spec which type a pubsub event needs to have

  5. lovetox

    or did i miss it? So a pubsub event could have "chat" or "groupchat"

  6. jonas’

    I think it's configurable per node

  7. jonas’

    <field var='pubsub#notification_type' type='list-single' label='Specify the delivery style for notifications'> <option label='Messages of type normal'> <value>normal</value> </option> <option label='Messages of type headline'> <value>headline</value> </option> </field>

  8. jonas’

    but according to the form spec only to normal or headline

  9. lovetox

    thats just an example though is it?

  10. lovetox

    its not actually mentioned somewhere which types are allowed

  11. jonas’

    no, that's the registered form

  12. jonas’

    I assume that's normative

  13. lovetox

    ah i see

  14. lovetox

    great

  15. mac

    do i need otp bot

  16. mac

    i need help

  17. singpolyma

    meson: it tres both and fails if either fails

  18. singpolyma

    > or did i miss it? So a pubsub event could have "chat" or "groupchat" Groupchat would be pretty odd, but chat is a normal option for some fallback moduler

  19. singpolyma

    > or did i miss it? So a pubsub event could have "chat" or "groupchat" Groupchat would be pretty odd, but chat is a normal option for some fallback modules

  20. meson

    singpolyma: Yeah I noticed that :-/

  21. meson

    singpolyma, I have now removed the redundant AAAA record as I don't use it currently as a workaround

  22. singpolyma

    Yeah, if the v6 is broken that is the correct solution

  23. meson

    Alright, thanks for your service :)

  24. lovetox

    do you think i can get away as a client in todays ecosystem with simply not supporting START TLS?

  25. Zash

    Based on https://compliance.conversations.im/test/xep0368/ I'd say no.

  26. Zash

    Especially when that's a self-selected sample of servers from people who are more likely to want get the 100% score

  27. Zash

    So one might venture a guess that the real figure is lower

  28. singpolyma

    direct tls still isn't default anywhere so I expect most small servers don't have it as well, for example most snikket instances probably don't set the SRV record for themselves

  29. Zash

    Tho you could do the browser way and slap scary warnings on it and gradually phase it out, but meh.

  30. pep.

    Start removing the green check for start tls?

  31. pep.

    fwiw I still haven't bothered on my own setup..

  32. lovetox

    i my mind, if anybody is half serious about operating an xmpp server he needs to adpat the default config

  33. lovetox

    for example i doubt server have per default websocket support, which means if the operator does not add it, webclients will not be able to use it

  34. Zash

    Haha, ports 5223 and 5270 are registered to other things

  35. lovetox

    i think server operators dont add direct tls, maybe because its simply not necessary for anything ..

  36. lovetox

    nothing breaks if you dont offer direct tls

  37. moparisthebest

    443 should be the default for direct TLS anyway

  38. moparisthebest

    Multiplexing is what ALPN is for

  39. Zash

    No

  40. singpolyma

    > for example i doubt server have per default websocket support, which means if the operator does not add it, webclients will not be able to use it IMO most servers should not have nonstandard stuff like websockets added, but maybe that's just my grumpiness about websocket protocol showing ;)

  41. pep.

    singpolyma, I think it's actually useful, so that people can use web clients that do 0156

  42. lovetox

    whats non standard about it?

  43. moparisthebest

    singpolyma: I about got webtransport integrated last night but both available crates are missing something so it'll be a bit longer :)

  44. singpolyma

    > whats non standard about it? It only exists for browsers, no other client would eve want it, it doesn't discover over DNS, etc etc

  45. singpolyma

    moparisthebest: what's missing?

  46. moparisthebest

    I'll spec clients and servers over that soon and everything can talk http3 over udp port 443 including browsers lol

  47. singpolyma

    I wouldn't do it on 443 but I know you want everything there so obviously you can if needed ;)

  48. moparisthebest

    The most mature one won't let me have access to the certs to do sasl external

  49. moparisthebest

    The other had something in the way but it was late, I'll look again soon

  50. singpolyma

    Can't your existing quic stuff handle that part?

  51. moparisthebest

    It didn't let me have access to any quic internals was the problem

  52. pep.

    singpolyma, actually gajim does/did WS

  53. moparisthebest

    gajim does WS last I looked, that's what I used to test xmpp-proxy's impl

  54. singpolyma

    > It didn't let me have access to any quic internals was the problem Oh, it tried to do everything? Yeah, ideally you just need a shim to do the handshake then transition to the regular quic codepath

  55. moparisthebest

    Yes, the other one looked more like that, gonna poke at it next, was much simpler

  56. moparisthebest

    Oh right I remember now, it did just do the handshake over QUIC, but only supports doing it or not, when I want to sniff to support both webtransport and regular quic on the same port

  57. moparisthebest

    The way I support starttls, direct TLS, and websocket on the same TCP port

  58. singpolyma

    There is no regular quic anymore, this is the way now ;)

  59. moparisthebest

    That's solvable I think, but only by touching the library