XSF Discussion - 2017-12-09

iNPUT🐁: you are kicking Tobias from this MUC all the time :>

lol

even thoug you need to pass strict=False for the aioxmpp JID parser too -- it’s unassigned in unicode 3.2 :)

I remember that from my 🤖 abuse

robotface

I remember mostly my zalgo abuse

A zalgo nickname, that would be fun.

it was fun

/nick j̷̨͚͉͖̝͖̩͖̟͔̥̭̘̃̒̆̏͒͑̋́͆̇ͮ̄̽͋͆ͤo̴̵͂ͩ̉̌ͧ̒ͩ͗̉͒ͤ̐ͥ̚҉̢̪̫͔̳̹̖͙͠n̶̛͍̠͎̞̹͕̜̝̘̯̣̰̲̙̠̖̳̺ͨ̍̏̉̍͌̊ͧ̅̉̀͂͗ͦ̈̍͒̇̋ͅa̛̯̗̫̫͙̦̦̰̹͎͈͔͚͌̆ͦͫ͋̾̏ͭ̕͜͟s̸̴͓̥̰̳̱̻̗̣̳͕̭̜̪͕̙͐ͭ̃̌ͣ̃̑ͬͅͅw̷ͩ̐̅̄ͬ͊̾ͬ͛͘͜҉͔̘̯̪̜̥̰̲͉̩̖̩ͅ

poezio is confused by it

So I implemented resourceprep for nicknames in yaxim, but then I wasn't able to use emoji nicknames, so I removed that again.

:D

implement resourceprep, but ignore unassigned codepoints

Thats not how libidn works :(

:P

Okay, so I'm in a good mood. I will try to make AndroidStudio work with yaxim again.

goodbye to your good mood

Ah, another bit of XMPP trivia to dig out: is a user implicitly subscribed to themself? They can't add their own JID to the roster, but are they subscribed? Context: https://prosody.im/issues/1052

huh

> To take advantage of all the latest features (such as Instant Run), improvements and security fixes, we strongly recommend that you update the Android Gradle plugin to version 3.0.1 and Gradle to version 4.1. Yeah. Last time I said "yes" to that kind of dialog, it broke everything for me.

> Warning:The specified Android SDK Build Tools version (25.0.0) is ignored, as it is below the minimum supported version (26.0.2) for Android Gradle Plugin 3.0.1. Android SDK Build Tools 26.0.2 will be used. There goes my mood again.

(I’m not sure this is proper on-topic here)

also, you have been warned :)

It's not. But it's Saturday, and the XSF doesn't work on weekends.

it does not? oh. docker kill xmpp.net-frontend; docker rm xmpp.net-frontend :)

jonasw: if you are bored, you can also have a look at that self-roster vs self-presence thing ;)

I’m pretty sure I added meself to the roster before

yup, works instantly

jonasw: it's not allowed.

I just don't remember where it's written down.

ah indeed

it’s only pidgin which pretends that it works

Sorry Tobias!

great, whenever iNPUT🐁 writes, my input line acts up

.

iNPUT🐁: Tobias isn't there, because "Kicked: jid malformed: The source address is invalid: xsf@muc.xmpp.org/iNPUT🐁"

Ge0rG, for the purpose of mod_firewall, I’d suggest to treat self as both IN_ROSTER and SUBSCRIBED.

jonasw: yes. But what about rostermanager?

i don’- care

why would I need to care?

iNPUT🐁: wouldn't iNPUT🐁🐁 be a more correct nickname? :P

jonasw: because you just wrote the same thing I stated in the ticket, but in other words? :P

Ge0rG: I thought about that, but I'll just let Tobias back :P

you need to renick for that

and we need to purge your messages from the history probably

Whoops. yax.im's disk is full.

looks like I need better compression for the backups.

Killed another (single) spammer account, that was registered last night via direct TCP instead of SRV.

It's bad when you don't have IP address logs due to nasty NAT

hm, Kev, do you have a minute or two to give me a few tips on the nginx-php-thing?

I'm just about to go out for a jog, so not many. What's up?

so AFAICT, the config assumes that everything goes through a single app.php

this is not the case for this application, and I have no idea how to re-write the config properly. my attempts range from "it offers the php file for download" to "404"

The first of those sounds useful. App-on-demand or something.

this is what I’ve got now, nginx-wise: server { listen 8000; root /opt/installtree; location / { # try to serve file directly, fallback to app.php try_files $uri =404; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/run/php/php7.1-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param HTTP_PROXY ""; fastcgi_index index.php; internal; } error_log /var/log/nginx/rff_error.log; access_log /var/log/nginx/rff_access.log; }

it’s especially useful for secrets.php :)

(this one 404s)

(I haven’t touched the php-cgi-fpm-thing config yet)

That doesn't look immediately stupid.

\o/

Although I'm not much of a PHP person, and certainly not a running-PHP-in-webservers person.

You almost certainly don't need the location / block, though.

there are static files in the app which need to be served. are you sure? ✏

Oh. No, then :)

If you're at giving up stage, do you want to upload what you've got so far somewhere, and maybe someone can help? Maybe even me, although I'm going to struggle to find time over the next few days.

I’m at the massively-confused-stage

but sure

There must be *someone* here who's a PHP person.

even though I think we need an nginx-php-persion

https://github.com/horazont/xmppoke-frontend-docker there you all go

i'm not an nginx person. when i did php everyone was using apache

and there was this thing called lighttp which the kids today have never heard about

I have!

I personally only use apache, though :)

maybe somebody on members@ will step up :(

Is that a thing that ever happens in a volonteer based org?

Zash, I did step up

Received the email, crossing fingers to find someone

also, I tried the classic trick: put something up in the internet which is WRONG

maybe it helps :)

Sure, but rewriting the entire PHP thing from scratch is too much work.

:P

Zash, actually, I came to thinking that rewriting that thing in python would probably be much faster than trying to get this PHP thing to work

anyways, &-ing this for now

jonasw: great job so far!

thanks

> Ge0rG> Ah, another bit of XMPP trivia to dig out: is a user implicitly subscribed to themself?

are you still intereseted in an answer?

Flow: yes

Flow: it's for me and for https://prosody.im/issues/1052

Ge0rG, I think https://tools.ietf.org/html/rfc6121#section-4.2.2 answers it

Flow: it's related, but technically it doesn't say you are subscribed to yourself

Ge0rG, right, but you also didn't want to know if a roster query for your own JID would return an item, leave alone a subscription state

because you said that one can not be in its own roster. do you happen to have a link to where it's specified?

Flow: no link :(

Ge0rG, you may want to add that to https://wiki.xmpp.org/web/index.php?title=XEP_and_RFC_Remarks (or, but i'm not sure if it's a good fit, to the RFCs errata)

At least it's not restricted in https://xmpp.org/rfcs/rfc6121.html#sub-request-outbound

Maybe it was just a server implementation limitation

that’d also explain why pidgin fakes it.

or maybe not

I’d trust pidgin to ignore explicit errors in that regard...

Ah, https://xmpp.org/rfcs/rfc6121.html#roster-add-errors - > Interoperability Note: Some servers return a <not-allowed/> stanza error to the client if the value of the <item/> element's 'jid' attribute matches the bare JID <localpart@domainpart> of the user's account.

Ge0rG, so it is allowed, good to know

Flow: it's not forbidden in that single place, at least.

Jonasw, php-wise, what do you need?

Last time I looked, php 4 was just released

but I'm confident that together, we should be able to make something work :)

Guus, essentially, that docker container just 404s

and I have no idea why

which container?

could be nginx, could be php-fpm

oh, I thought you read that email

I did

but not close enough, probably :)

there’s a link to a github repo

ah, I missed that

ah, wife just assigned me chores :)

I'll be back in ~45 minutes

heh

that’s what I’d say too, if I was about to debug nginx-php-things

:)

jonasw, I'm tring to run your xmppoke-frontend-docker. composer.json is not in xmppoke-frontend, is it left as an exercice to the reader? :x

xnyhps, ^

what is a composer.json?

there’s no such thing

There are mentions of that in your Dockerfile

pep., the docker stuff expected some stuff which the frontend thing doesn’t do

yeah

ignore that

k

I need to strip that out

(that’s from kevins template which expects things I don’t know about adn which aren’t in xmppoke-frontend either, so I dropped that)

k

ah

composer.json is just python's requirements.txt's equivalent ✏

I don’t think there are any requirements

Ok, stripping that out

jonasw: that postgres instance is not in poker, is it?

Guus, no, it isn’t

didn’t proceed that far yet, I was about to use my local postgresql instance

that probably explains why my browser is timing out

uh, but you got the PHP stuff to work?

ah, yeah, php now complains

amazing!

care to make a PR?

well, I simply removed everythign I didn't understand and used the apache-based default

ah, so s/nginx/apache/?

let me show you, one sec

I didn't get that huge startup script - if there was anything important apart from the secrets in there, it's now missing.

I’m all in for simplicity

also, I _detest_ docker for its installation procedures.

messed up my entire setup :(

how that?

a) make it run b) make it right.

docker vs docker.io vs docker-ce vs docker-whatever?!

apt install docker.io docker-compose works for me :/

it complained about mismatched versions (I think your compose uses a version 3, while my executable didn't see beyond 2)

but, whatever. It now runs

`pacman -S docker`? :)

let me PR

Guus, thank you :)

I'm also having a look btw

PR done

I'm somewhat worried about having passwords in secrets.php - is that visible to end-users?

I sure hope not

but I’ll tackle that later

(I think modifying common.php to include from somewhere non-docrooty should be possible)

there’s also that huge patch from Holger which needs to be dissected

Guus, that can be hidden by the web server for a start, but yeah otherwise, it's meh

also, php's docker page suggests adding a php.ini, which we're not doing. might be another good improvement

but, lets first make it run

let’s give this a shot :)

Passwords should come in from envvars.

they do

jonasw, PHP should get them from envvars

pep., Guus made it so that they do

I see, right

yeah, that's what I did - I think the upstream code requires them to be in a file though

doesn’t matter in the end, I think

I mean this way it’s not even a problem if a user can downloda secrets.php

because the values aren’t in there

I’m still not happy how that thing compiles everything from source :/

well, if its interpreted....

Guus, if it’s interpreted, the values aren’t printed

ah, true.

neat

now waiting for my postgres to come up :)

I wonder if there's a way to change the docker-compose conf with args. To not have :80 used locally when testing. But that's a detail

https://sotecware.net/images/dont-puush-me/1_VdnTsM33q5rg2DBpWfM_XjS4EnHCjjS__RzU9QGsg.png

neat!

thanks a lot, Guus

hurray!

I think you did the hard work, jonasw :)

now I need to get some dependencies in order d)

Fatal error: Uncaught Error: Call to undefined function idn_to_utf8() in /var/www/html/result.php:25 Stack trace: #0 {main} thrown in /var/www/html/result.php on line 25

jonasw, that's where composer.json comes into play :P

I think that’s a PHP module

https://hub.docker.com/r/library/php/ <-- has some documentation on how to add extensions

need to figure out the extension name though

err, PHP

Add php7.1-intl to the apt line.

I think that'll do it.

intl

Oh, it's there already.

exactly

Hmm.

uhm

you’re looking at different files

No idea then, that should already be available.

Kev, guus essentially re-wrote everything

I'm looking at the dockerfile I sent over.

yeah

Kev, 7.2 with the PR

I shall leave you all to it then.

:)

I feel pleased I spent that time sorting out the files I sent over :p

Kev, sorry

I'm not invested in whatever I did

I basically punched it until something worked

Kev, if you can figure out why it didn’t work, I’m happy to go back to yours, because I’m still a bit uneasy with the PHP docker images.

'PHP docker images'?

https://hub.docker.com/r/library/php/

Not those ones that mount the source into the image?

I read somewhere that they provide the source as a tarball?

unsure

it runs. :)

jonasw, need me for anything else?

I don’t think so

thanks a lot

and one more apology towards Kev

yeha

I just queued the first test :)

now for the postgresql …

wat, jabber.org is weird. Pre-TLS, they only offer DIGEST-MD5. Post-TLS, they offer: CRAM-MD5, DIGEST-MD5, LOGIN, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS

Wat

Also, wat

I wonder whether it’s related to this: https://github.com/cyrusimap/cyrus-sasl/issues/379

<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls><mechanisms ... why???

Why offer SASL at all?

maybe the order isn’t fixed?

Does M-Link use Cyrus SASL?

dunno

-rfc 6331

Zash: Moving DIGEST-MD5 to Historic. A. Melnikov. July 2011. (Status: INFORMATIONAL) https://tools.ietf.org/html/rfc6331

Zash, is there an ETA for a 0.9 bugfix release?

I wanna put that in my release notes

or rather, if you aren’t planning on having such a thing soon, I’ll put that in there

Weeks ago

ha, okay

Waiting for MattJ to have time to tag+sign a tarball AFAIK

will the MUC fix be included?

Yes

thanks for the info :)

how about 0.10?

Pretty much the same answers

Except being the stable release, we'd also build .debs and such

Would it be possible to enforce default sizes for the avatars in XMPP ?