XSF Discussion - 2017-11-09


  1. Arc

    btw dwd why is being sick prevent someone from attending a board meeting?

  2. Arc

    a few weeks ago i went, and i was vomiting all night and coming down from a fever from shingles

  3. Arc

    its not like meetings are physically stressful

  4. Zash

    I don't think we should be forcing people into things when they are sick

  5. mathieui

    Arc, looking at a computer when you’re very tired or have any kind of physical ailment is not a pleasure

  6. Arc

    Zash: i didnt say force, let them decide

  7. Arc

    http://www.sheut.net/Difference_Engine_-_Beige_With_Noodles.ogg

  8. moparisthebest

    Arc: you didn't see the council meeting earlier about bolding things

  9. Zash

    Link Mauve: Can't you just chmod a+r the xep84 node, like people want with omemo?

  10. Arc

    moparisthebest: ?

  11. mathieui

    https://lists.fosdem.org/pipermail/fosdem/2017-October/002627.html FYI, in addition to the usual RTC room, FOSDEM also has a "Decentralized Internet & Privacy" which is also relevant for XMPP

  12. daniel

    i just submitted a general 'what is xmpp and why do we need it' kind of talk to that devroom

  13. daniel

    Has anyone else submitted something to either that room or the realtime room?

  14. Guus

    (not that I'm aware of - It'd be nice if you could add your talk to our wiki page, so that we can keep track)

  15. daniel

    done

  16. Guus

    Thanks (I changed the table format a little for additional prettiness)

  17. SamWhited

    daniel: I submitted something about the compliance suites

  18. jonasw

    SamWhited, re XEP-0114, I think if it needs changing at all, it could be moved to Advanced Server or Advanced IM Server, but given that it’s the only way to add components, and components can bring great value, I think it should stay in the compliance suites.

  19. SamWhited

    *nods* I don't know that it's critical or anything either and could be convinced either way

  20. jonasw

    it’s very useful for sure

  21. Kev

    I'm not convinced it needs to be in the compliance suites, really.

  22. Kev

    I'm not going to cry that it is, but I don't see a need.

  23. dwd

    Kev, Depends what you see a Compliance Suite as being. I see the Basic stuff as being stuff you be surprised wasn't supported, and I think that covers XEP-0114.

  24. Kev

    I *think* if you use that as a metric, you can never remove anything from a compliance suite.

  25. Kev

    Because you would expect anyone implementing a new server to do all of Basic, and that makes it surprising that anything in Basic isn't implemented, which means it goes into Basic, and ...

  26. Kev

    Saying that, M-Link does have customers who use 114 still, so perhaps it really does belong in there.

  27. dwd

    Kev, I don't, to borrow your phrase, disagree.

  28. dwd

    Kev, But even Metre does XEP-0114, so I don't really see why it'd be contentious to include.

  29. jonasw

    +1

  30. Kev

    Yeah, I've changed my mind. It probably does belong in there, although I'd be low-F about it being removed.

  31. Kev

    It's moderately widely used and useful.

  32. Guus

    it makes for a nice tool to platform-independently add server-sided functionality. I've never quite got why it didn't take-off more.

  33. jonasw

    Guus, lack of auth and crypto

  34. jonasw

    requires you to have things on the same host basically

  35. Guus

    jonasw: "take off" as in developed further.

  36. jonasw

    ah

  37. jonasw

    then maybe because that’s still good enough for many people

  38. Ge0rG

    I think component support is much more important than avatars. But then again...

  39. Guus

    although you can do direct-tls easily

  40. jonasw

    Guus, with extra proxies?

  41. Guus

    ?

  42. jonasw

    how’d you do direct-tls?

  43. Guus

    open a server-sided socket that immediately does TLS?

  44. Guus

    c2s 5223-like?

  45. jonasw

    sure, but that’s not specified, is it?

  46. Guus

    ah, no, not as far as I know

  47. Guus

    actually, wasn't there a follow-up xep somehwere?

  48. dwd

    jonasw, It has TLS, at least on most servers.

  49. jonasw

    dwd, maybe I missed that

  50. dwd

    jonasw, As for auth, yes. Failing issue, there. XEP-0225 tried to address that, but nobody used that.

  51. dwd

    jonasw, So XEP-0114's examples all use 0.9 - no version number, so no features. But in practise, if a component sends a version='1.0', then it gets features, usually including TLS.

  52. jonasw

    I admit that I’m not familiar with how components work that way

  53. jonasw

    I assumed that they only do what’s written in XEP-0114 :)

  54. MattJ

    Pretty sure Prosody only does what's in XEP-0114, but fippo had a patch for it

  55. MattJ

    Not really sure how I feel about it

  56. dwd

    I can't actually recall what Openfire does, despite having a look ages ago.

  57. Zash

    Is there a difference between 114 + features and 225?

  58. Guus

    I'm pretty sure that Openfire doesn't do much beyond 114 either.

  59. dwd

    Zash, Authentication is SASL. And the namespace is jabber:client.

  60. jonasw

    nice though, wouldn’t that allow multiplexing of component and client connections on the same port without magic?

  61. dwd

    jonasw, Yes, and I'm really not sure that's sensible either.

  62. Zash

    Abolish jabber:{client,server}! Single unified namespace!

  63. Zash

    The Real XMPP 2.0! :)

  64. dwd

    Zash, As with so many things, it's a solved problem now.

  65. dwd

    Zash, Well, except when I cock it up.

  66. Zash

    Hm?

  67. Zash

    Did you mean: "It's such a minor problem that nobody will ever bother fixing it"

  68. dwd

    Zash, I mean, no matter how big a problem it is when starting out, everyone has solved it now so there's little point in going through the effort of changing it now.

  69. Flow

    Does xep225 allow multiplexing multiple component domains over the same component connection?

  70. zinid

    Flow: yes

  71. zinid

    iirc :)

  72. zinid

    at least I remember something about it when I was implementing it

  73. SamWhited

    Doesn't everyone just ignore the namespace anyways? (I'm actually curious, I can't think why it matters but maybe stone people respect it)?

  74. SamWhited

    *some people

  75. zinid

    Flow: https://xmpp.org/extensions/xep-0225.html#bind

  76. Zash

    Ignore the namespace? What blasphemy is this?!

  77. dwd

    SamWhited, Openfire ignores and strips it, whereas Metre (and maybe others?) internally dispatch elements based on the namespace.

  78. zinid

    it cannot be ignored everywhere

  79. zinid

    in some places you need to know the namespace

  80. dwd

    SamWhited, Well, I say "maybe others", but M-Link dispatched based on the qualified name as a whole when I worked on it.

  81. SamWhited

    Makes sense; I do dispatch based on payload namespaces but not the stanza level ones, but I guess you could mix server/client handlers and use the stanza level ones too

  82. Flow

    zinid, hmm, ok, but it doesn't explicitly mention that multiple <bind/>s are allowed

  83. Flow

    or did I miss that?

  84. zinid

    Flow: "A component can send a subsequent bind request to bind another hostname (a server MUST support binding of multiple hostnames)."

  85. dwd

    Flow, Oh, multiple bind was another thing. Not sure where that ended up, but it was a terribly idea I thought.

  86. Flow

    ahh its in there

  87. Flow

    good

  88. dwd

    zinid, Oh, it stayed in there?

  89. zinid

    dwd: as you see :)

  90. zinid

    Section 4, example 4

  91. Flow

    dwd, what's wrong with it?

  92. Ge0rG

    It's a nice path for many security vulns

  93. dwd

    Flow, From a security standpoint, it makes lots of things awkward. We were talking about having it on C2S sessions more generally, which is worse.

  94. zinid

    actually a customer wanted this multiple binding, that's why we implemented xep-0225 in commercial version of ejabberd

  95. MattJ

    Multiple binding for c2s used to be standardized, possibly in the RFCs, I forget

  96. dwd

    MattJ, I thought we documented it and then abandoned. ProtoXEP perhaps, or possibly I-D?

  97. MattJ

    https://xmpp.org/extensions/xep-0193.html

  98. dwd

    All the way to Draft.

  99. moparisthebest

    I was confused by the whack API seemingly letting you bind a transport to multiple hostnames, I'd never heard of that before

  100. moparisthebest

    that explains it though

  101. moparisthebest

    uh, bind a component*

  102. moparisthebest

    hmm got my first xmpp spam that was just a link to pastebin.com

  103. moparisthebest

    good luck filtering that on keywords