XMPP Service Operators - 2023-05-30

“draugr.de” HTTP File upload is not available now?

☭Mike Yellow: what error do you see?

It shows not support when checking server information. ✏

Oh. It was my fault.

☭Mike Yellow: do tell more

I am playing XEP-0016.

Maybe it causes.

It does causes.

☭Mike Yellow: explain

We want a white list function instead of black list function (XEP-0191), only XEP-0016 can do that. But XEP-0016 is a little complex.

If I am not experienced at it, it will bring unexpected result to me.

The XEP-0016 seems developer-focused but not user-focused.

It is “deprecated”. Gajim and Prosody removed that function. I am using Psi and Ejabberd MUC server to test it.

I think famous people would need it. For them, even “Add me to contact” requests will bother them.

cursed

> cursed I do not understand.

English is not my first language.

Your understanding is not required, ☭Mike Yellow - it was an off-hand comment without much in the way of merit.

OK.

I just need to add “upload.draugr.de” to the white list, then it solved.

> We want a white list function instead of black list function (XEP-0191), only XEP-0016 can do that. But XEP-0016 is a little complex. You should pick a server with mod_block_strangers then. But I told you already and you still insist on using a deprecated module. Once the clients/servers still supporting it make a cleanup and remove it you will have to move to block strangers anyway.

But whitelists and mod_block_strangers have huge usability issues as people can not get in touch with you before you whitelist them, so they have to reach out out of band, e.g. by email, and ask you to whitelist them or add you to the roster.

I've put in a feature request for mod_block_strangers to add a list of exceptions. It just depends on the devs to act on it. I made the change to my own Prosody server (only 5 lines of Lua), and it seems to work well so far.

I wanted the feature for my personal account (which I might use with mobile clients at some point), but not for listed server contacts.

Brian: mod_block_strangers is a community module, as Prosody developers we neither maintain nor recommend it. We can commit patches sent to us, or give you access to commit them yourself.

https://www.openssl.org/news/secadv/20230530.txt upgrade your servers now, immediately if openssl 3

If less then 3... Well server devs need to say if `OBJ_obj2txt()` is called directly :/

It's "only" a DOS not an rce or data leak this time thankfully

MattJ, I mentioned in the request that I'd be happy to make the change available. Just not sure where to send it. I have zero experience with Mercurial.

Brian: What are you changing? Disclaimer: I strongly dislike mod_block_strangers, especially if it spams me with cpatchas.

Martin, The change involves a list of exceptions to the "block strangers" logic, so I can add listed server contacts to that and they aren't required to add anyone to their roster to receive messages.

That's a good change, it would be especially good for ejabberd which spams you with captchas if you report spam to the 0157 contact. ✏

Not sure where captchas come into that, but I haven't seen any of those yet. Granted, I've only been working with Prosody for about a week and a half now.

Before that, it had been years since I did anything with XMPP.

Brian: https://github.com/processone/ejabberd/issues/2644#issuecomment-750015784 Ejabberd asks you to solve a captcha and they do so periodically once you wrote to someone on a block strangers server. So if you made the mistake to contact someone on a ejabberd server with this module you get spammed with captcha requests. Unfortunately there is no field in disco info for this to check beforehand so you don't know whether it's OK to write to a person on this server or not, so you have to keep in mind which servers have it enabled or just add the JID to the blocklist to get rid of the captcha spam.

I don't know whether prosodys mod_block_strangers also asks you to solve a captcha, so far I only had bad experiences with ejabberds, see my comment in the linked issue.

But seems I'm the only one having this issue as nobody else complained and it got removed from their roadmap two years ago. 😕

Ah, I see... I wonder if that was a recent change, because I don't recall dealing with captchas at all when I had an XMPP server before, and that was Ejabberd. With Prosody, that module simply blocks... it doesn't doesn't do that kind of thing.

You don't have to deal with it if you run it. People trying to contact you have to deal with it. 😄 ✏

Well, relatively recent... it's probably been around 10 years at least. Yeah, I get what you mean, and I didn't hear anything about them then.

Like the person I tried to contact didn't hear of me as I gave up and just blocked them to get rid of the captcha spam. 🤣

But enough bashing, I just strongly dislike how this module breaks the xmpp experience.

So, yeah... if I knew where to send the change for the Prosody module, I'd happily do it.

> Brian: mod_block_strangers is a community module, as Prosody developers we neither maintain nor recommend it. We can commit patches sent to us, or give you access to commit them yourself. Just get in touch with the devs.

I sent mine in here but my patch haven't been merged? xmpp:prosody@conference.prosody.im?join

Better send an email as things vet easily lost in a chat.

Done.

Hopefully, anyway :-)

> You should pick a server with mod_block_strangers then. But I told you already and you still insist on using a deprecated module. Once the clients/servers still supporting it make a cleanup and remove it you will have to move to block strangers anyway. > But whitelists and mod_block_strangers have huge usability issues as people can not get in touch with you before you whitelist them, so they have to reach out out of band, e.g. by email, and ask you to whitelist them or add you to the roster. We know that.