BTW, whom should I approach about the administration of jabber.org and xmpp.org the Jabber servers?
jonasw
stpeter maybe?
jonasw
xmpp.org is iteam
jonasw
xmpp.org isn’t a public server in any way though
jonasw
AFAIK
Kev
Iteam for xmpp.org. Peter for jabber.org. Although you can always approach me and see if I can help.
Ge0rG
Maybe I should just make it (more) public now.
jonasw
your manifesto?
Ge0rG
Kev: I'm working on a Public Servers Anti-Spam manifesto - https://gist.github.com/ge0rg/2e4accf6950821ca45f743fdf587c08e - I'd like to get some feedback from large public servers' admins to create a consensus that can be signed off
mathieui
if only the third item was possible
Ge0rG
mathieui: monitoring registrations from TOR?
mathieui
yes
Ge0rG
mathieui: it is possible, at least on prosody
Kev
I think it's millions of users, FWIW, although not all active.
Kev
jabber.org has millions of registered users on its own.
mathieui
well, if "monitoring" consists of adding one log line to the prosody debug file, then sure, it’s possible
mathieui
but also useless
Ge0rG
mathieui: you can have a script grep your log
moparisthebest
And do what
moparisthebest
Xmpp over tor is perfectly legitimate
jonasw
moparisthebest, treat the accounts with more scrunity until it’s clear they’re not abusers?
jonasw
limit resource usage etc.
mathieui
moparisthebest, it’s perfectly legitimate but mass account creation is not
jonasw
protecting public servers against tor-helped abuse is also perfectly legitimate :)
moparisthebest
jonasw: sounds hard for a script but sounds ok
mathieui
also from my homemade statistics we’ve got around 1000 registrations for one legitimate user from those ips
Ge0rG
> protecting public servers against tor-helped abuse is also perfectly legitimate :)
We really need to differentiate here. There _are_ legitimate use cases for Tor
jonasw
Ge0rG, that’s why I’m saying "tor-helped abuse" and not "tor itself"
mathieui
yeah, it’s not about banning Tor at all (hell, I run a relay myself)
moparisthebest
So will there be a public list of servers that should be blocked or will that be up to individual servers to determine
jonasw
I suggested to run a public DNS block list
jonasw
but Ge0rG was against the name I proposed :)
moparisthebest
That would be ideal, but then someone has to manage it
jerehas joined
jonasw
I wanted to try that
moparisthebest
The reason it's ideal is because large servers have enough info to determine bad domains, small servers do not
jonasw
yes
moparisthebest
And I'm biased, I'm the only one on my server to get spam :)
lumihas joined
waqashas joined
Ge0rG
jonasw: I was not opposed to you actually running it, but you might give it a better name, like xmpp-rbl
jonasw
I know
jonasw
RBL doesn’t seem to be a reasonable name though
jonasw
because it won’t be real-time or blackhole, will it?
Kev
Is there any reason for it to be DNS-based for XMPP?
jonasw
Kev, exploiting existing cache infrastructures and speed?
Kev
But you're talking about running your own, aren't you?
jonasw
what does that have to do with anything?
jonasw
with existing cache infrastructtures, I mean global and local resolvers
Kev
"Exploiting existing infrastructure" and "bringing your own new infrastructure" don't seem compatible.
jonasw
DNS is also easily replicated
Kev
Anyway, I don't have a particular reason it needs to not be DNS.
Ge0rG
jabber.org doesn't have offline storage :(
Kev
It doesn't?
Ge0rG
Nope.
Kev
I don't remember that being disabled.
Ge0rG
At least I get `503 - cancel: Service unavailable` when messaging stpeter
Kev
I just tested on myself, and it worked.
Ge0rG
I never was able to message stpeter when he wasn't online.
jonasw
subscribed?
Ge0rG
yep
Ge0rGhas left
dwdhas joined
lumihas left
jjrhhas left
SamWhitedhas joined
SamWhited
syn?
Ge0rG
syn ack
SamWhitedhas left
SamWhited
syn?
SamWhited
wow, took a,long time to send but apparently I can connect for free on Delta flights' terrible wifi.
Ge0rG
SamWhited: your `syn?` was delivered twice.
mathieui
yeah
mathieui
I have that from time to time with conversations
SamWhited
odd
Holger
SM resume fails so Conversations resends to fail on the safe side?
SamWhited
They claim to only allow Whatsapp, Facebook, and sonething else for free but I can use my server and jmp.chat's SI. server, this is rather nice.
SamWhited
SIP, even.
Ge0rG
Holger: shouldn't it wait for the MUC sync to complete before re-sending?
Ge0rG
SamWhited: maybe they are only blocking HTTP(S) ;)
Holger
(SM resume fails and the server doesn't include the 'h' attribute with the <failed/> response, that is ...)
jonasw
Ge0rG, this muc is anonymous, isn’t it?
jonasw
so there’s no point in syncing
Holger
Ge0rG: How would that help?
Ge0rG
jonasw: right, all bets are off.
jonasw
Holger, if you received the history in a non-anon muc you could be sure whether your message got delivered :)
Ge0rG
personally, I just ignore impersonation attacks and sync away.
Holger
jonasw: Hm with some proper ID (origin-id?) I guess so, yes.
lskdjfhas joined
zinidhas joined
Syndacehas left
Syndacehas joined
Kevhas left
Guushas left
tim@boese-ban.dehas left
SamWhitedhas joined
la|r|mahas left
la|r|mahas joined
Guushas left
jjrhhas left
jjrhhas left
jjrhhas left
hanneshas joined
lovetoxhas joined
SamWhitedhas joined
zinidhas left
mimi89999has joined
lskdjfhas joined
lskdjfhas joined
dwdhas left
dwdhas left
hanneshas left
hanneshas joined
lumihas joined
tuxhas left
goffihas left
Lancehas joined
Lancehas left
efrithas joined
jerehas left
jerehas joined
efrithas left
efrithas joined
Kevhas left
hanneshas left
hanneshas joined
suzyohas joined
danielhas left
danielhas joined
remkohas left
Lancehas joined
jjrhhas left
jjrhhas left
SouLhas joined
SouLhas joined
suzyohas joined
@Alacerhas left
waqashas left
@Alacerhas joined
jjrhhas left
ralphmhas left
remkohas left
jjrhhas left
efrithas left
Steve Killehas left
jjrhhas left
dwdhas left
suzyohas joined
Steve Killehas left
dwdhas joined
Steve Killehas joined
jjrhhas left
uchas joined
dwdhas left
hanneshas left
la|r|mahas joined
hanneshas joined
Steve Killehas left
jjrhhas left
Syndacehas left
ralphmhas left
danielhas left
jerehas joined
jerehas joined
dwdhas joined
Syndacehas joined
jerehas left
jerehas joined
zinidhas joined
hanneshas left
hanneshas joined
Tobiashas joined
remkohas left
Tobiashas joined
hanneshas left
hanneshas joined
jerehas joined
jerehas joined
waqashas joined
lskdjfhas left
lskdjfhas left
andrey.ghas left
goffihas joined
Lancehas joined
lskdjfhas joined
jjrhhas left
jjrhhas left
mimi89999has joined
jjrhhas left
la|r|mahas left
lskdjfhas left
hanneshas left
valohas joined
hanneshas joined
danielhas left
lskdjfhas joined
lskdjfhas left
lskdjfhas left
lskdjfhas left
ralphmhas left
lskdjfhas left
lskdjfhas left
dwdhas left
danielhas left
dwdhas left
Alexhas left
intosihas left
Lancehas joined
dwdhas left
dwdhas left
SamWhitedhas left
Alexhas joined
SouLhas joined
ralphmhas left
ralphmhas joined
ralphmhas left
ralphmhas joined
zinidhas left
ralphmhas joined
dwdhas joined
goffihas left
Alexhas left
hanneshas left
hanneshas joined
Alexhas joined
Lancehas left
dwdhas left
andrey.ghas joined
dwdhas joined
marc
Ge0rG, how did our discussion of user invitation URI end? Do we need the "ibr" query parameter?
dwdhas left
danielhas left
valohas joined
dwdhas joined
Ge0rG
marc: yes
marc
Ge0rG, in what case?
marc
I remeber I agreed that we don't need an action parameter :)
lskdjfhas joined
Ge0rG
marc: the ibr parameter indicates that the preauth token can be used in an IBR request to the server
marc
Ge0rG, but the authority part of the URI already indicates it
Ge0rG
marc: wait, we are talking of account invitation?
Ge0rG
marc: we need a good glossary
marc
Ge0rG, no, "account creation" uses the "register" action query :)
Ge0rG
marc: so how does the contact invitation indicate ibr?
xmpp:inviter@example.com?preauth=TOKEN for client-side PARS
moparisthebest
did you mean https for the first one marc ?
Ge0rG
marc: so which one of those?
marc
Okay, wait
marc
Account creation: xmpp://newuser@example.com/inviter@example.com?register;preauth=TOKEN
User invitation: xmpp://example.com/inviter@example.com?preauth=TOKEN
Client-side PARS: xmpp:inviter@example.com?preauth=TOKEN
marc
moparisthebest, no
Ge0rG
xmpp:inviter@example.com?preauth=TOKEN;ibr is a perfect match for both second and third use case
marc
Ge0rG, no
Ge0rG
And the account invitation doesn't need the inviter URL
marc
The authority part can indicate the domain to create an account
moparisthebest
not really sure the need for all the different urls but I'll just shut up until I see xep :P
marc
moparisthebest, no, just ask
moparisthebest
well what do each of those do?
Ge0rG
marc: you are making it too complicated
moparisthebest
and why are there more than one format if all have to be handled by xmpp client?
marc
moparisthebest, 1: create an account, 2: invite a user and give the choice to register on the server 3: PARS
Ge0rG
marc: stop adding edge cases. If the inviter and invitee domains differ, this is not our use case any more
moparisthebest
hmm how is 1 different than 2 ?
moparisthebest
like how would you get link #1
marc
moparisthebest, #1 is more or like admin stuff
moparisthebest
so why isn't it the same?
marc
Ge0rG, don't get why this makes it more complicated than using an additional "ibr" parameter
moparisthebest
I still don't see any reason for more than 1 url
moparisthebest
whatever it may be
moparisthebest
it looks like all those have exactly the same info in slightly different formats, why?
marc
moparisthebest, no, they don't
marc
moparisthebest, because they are different? ;)
moparisthebest
what is different
moparisthebest
what info do they have?
moparisthebest
bet you wish you would have just let me wait for xep now lol
moparisthebest
you can go back to ignoring me if you want I don't mind :)
marc
moparisthebest, #1: contains the new account JID (newuser@example.com)
marc
moparisthebest, #2 contains the domain for IBR (example.com)
moparisthebest
do they not all contain domain for IBR ?
Ge0rG
marc: just completely delete #2
moparisthebest
so looks like 1 & 2 are same except extra useless 'register' and optional account name
marc
Ge0rG, we already agreed on it ;)
Ge0rG
marc: on deleting it
Ge0rG
And implementing the same functionality in #3
marc
And IIRC you liked the idea of different domains
moparisthebest
what does 'register' get you?
marc
moparisthebest, indicates account registration
moparisthebest
doesn't newuser@ indicate that?
marc
moparisthebest, no, because newuser is optional :P
moparisthebest
So what does it do differently
marc
moparisthebest, as I said, you could have xmpp://example.com/inviter@example.com?register;preauth=TOKEN
marc
But don't tell Ge0rG :D
danielhas left
Ge0rG
marc: that won't work if the invitee already has an account!
moparisthebest
marc: point being you have to check if they have an account or not already so I think it's useless
moparisthebesthas joined
moparisthebest
And how do you validate it meh
ralphmhas joined
marc
Ge0rG, don't get your point
marc
Ge0rG, you're talking about #1, right?
Ge0rG
marc: no, #2
marc
Ge0rG, okay, what's the problem if the invitee already has an account?
marc
Why doesn't it work? You just show an dialog to add via the PARS token
marc
And show a short button or whatever that the invitee can also create an account on the server
Ge0rG
marc: because you need a #3 link for that to work
marc
s/short/small
marc
Ge0rG, why?
marc
Ge0rG, if the server doesn't support this XEP the client can generate #3 itself
marc
As fallback, the user doesn't even notice it
la|r|mahas left
marc
The same applies if the server doesn't allow IBR for invitation
marc
It just sends #3
marc
(This is what you describe as server-side PARS in your XEP)
jjrhhas left
Ge0rG
marc: if the server allows ibr and generates the link, I still want it to be in #3 format, because that's most widely supported
Ge0rGhas left
Ge0rG
marc: if the server allows ibr and generates the link, I still want it to be in #3 format, because that's most widely supported
marc
Ge0rG, if these clients are implemented correctly it is even backward compatible ;)
marc
Ge0rG, #2 is backward compatible to #3 if you parse the URI properly IMO
Ge0rG
marc: no, it's something different
marc
Ge0rG, if you correctly parse the #3 URI you would extract the JID from the "path" component
marc
The same for #2
bluelinerhas joined
marc
Ge0rG, in #3 the authority part is empty and the JID in the "path" component
Ge0rG
marc: except that #2 has completely weird semantics with a host as the authority
Ge0rG
marc: just leave it away, please
marc
Ge0rG, that's the sematinc of XMPP URIs
marc
Ge0rG, xmpp:///inviter@example.com?preauth=TOKEN if no domain is provided
Ge0rG
"this URI points to a jabber server."
Ge0rG
marc: xmpp:inviter@domain;preauth;ibr is an invitation to a user JID, with the hint that you can register on that domain
marc
Ge0rG, but you can not provide a good argument why that's a better solution ;)
ralphmhas joined
Ge0rG
marc: I've provided multiple good arguments multiple times already
marc
Ge0rG, both are backward compatible
Ge0rG
marc: I'm on my mobile client right now, and I really don't want to repeat them all
Ge0rG
marc: there are no clients supporting #2 dnd it has the wrong semantics
marc
Ge0rG, #1 has the same wrong semantic then?
Ge0rG
marc: #1 is sharing an account on a server
marc
Ge0rG, okay, what about xmpp://example.com?register;preauth=TOKEN (#1 without specified username)?
Ge0rG
marc: I still think we could completely cover most situations with just #3, but #1 adds some value
Ge0rG
marc: nope! Use #3
marc
Ge0rG, I'm talking about #1 scenario
marc
Ge0rG, is this URI correct?
marc
for #1 scenario...
marc
No trick question ;) I'll use "ibr" for user invitation
dwdhas left
Ge0rG
marc: if you don't supply a username, just skip the authority completely
marc
Hm, I don't know but we agree on the following:
User invitation: xmpp:inviter@example.com?preauth=TOKEN;ibr
User invitation (without IBR, server-side PARS) xmpp:inviter@example.com?preauth=TOKEN
marc
If the server doesn't support this XEP the client generates #2 itself
marc
Okay?
Ge0rG
marc: yes
marc
Ge0rG, okay, I'll adapt the XEP accordingly
Flow
marc, is the (proto)xep online somewhere?
Ge0rG
marc: that is exactly what we agreed about, plus account invitation with xmpp://invitee@domain with a token