-
cc
cc
-
rion
fippo: now I realize who you are. nice to meet you! :-D
-
fippo
not very active anymore but hey, small world :-)
-
flow
fippo, you write that "Now transport-replace is difficult... XEP-0260 uses this in odd ways to fallback from s5b to ibb.", But when I look at the sequence diagram in xep260 § 3. I don't see any oddities, seems perfectly reasonable to use transport-replace(IBB) for the IBB fallback. I would expect that this can also be applied to fallback from ICE (xep371) to IBB, or am I wrong?
-
Ge0rG
is xmpp.net melting down currently?
-
Ge0rG
jonas’: can you kick it gently?
-
jonas’
I don’t have any power there
-
Zash
Ge0rG: Melting?
-
Ge0rG
Zash: I'm running into a 504 Gateway Time-out
-
Ge0rG
...when submitting 404.city s2s
-
Ge0rG
which my prosody also fails to connect to, apparently due to "connection closed"
-
fippo
flow: 0260 does a "try, determine failure, fallback" approach. ICE does the equivalent (even though not falling back to ibb) in parallel, potentially using a inferior transport (i.e. a relay) for some time. results in a better ux
-
Zash
works for me
-
Ge0rG
Zash: ah, it closes after/during TLS handshake
-
Ge0rG
hm. works from my desktop PC
-
Zash
Is that ejabberds way of telling you it doesn't like your cert?
-
Ge0rG
works with openssl s_client. doesn't work from prosody
-
Zash
https://xmpp.net/result.php?domain=404.city&type=server
-
Ge0rG
this is taking very long to load
-
Ge0rG
and also runs into the 504
-
rion
fippo: as @zinid said s5b has to be forgotten in favor of TURN/ICE
-
Zash
rion, why?
-
fippo
rion: well, ICE doesn't offer any ibb-fallback. Even though I would still be scared of any attempt to run a videochat over ibb :)
-
rion
Zash: it's mainstream now
-
Zash
And isn't it already forgotten in favor of HTTP upload?
-
Daniel
S5b meaning si file transfer or the jingle mechanism?
-
rion
Jingle allows to fallback from ice to ibb theoretically or to http or vice verca
-
Daniel
I don't see anything wrong with the jingle mechanism
-
fippo
zash: never declare a protocol obsolete, dead or forgotten. because what happens then is that people start using it
-
rion
Daniel: jingle is more or less fine but its s5b is not
-
Zash
fippo so dead == ready for enterprise deployment? 🙂
-
Daniel
rion: what's wrong with s5b?
-
rion
Daniel: read my remarks on wiki
-
Daniel
Link?
-
rion
https://wiki.xmpp.org/web/XEP-Remarks/XEP-0260:_Jingle_SOCKS5_Bytestreams_Transport_Method
-
rion
fippo: > ICE doesn't offer any ibb-fallback Do you mean ICE xep? I see transport-replace as more general purpose approach then transport specific. Currently in Psi I added kind of transport features. like if it's slow and/or reliable etc. And an application declares which features are compatible or preferable with it (still work in progress though). So jingle core mechanism can build kind of transports priority list from just compatible transports and do replace properly.
-
rion
IBB will never be selected for the RTP application :)
-
fippo
rion: more correctly, ice doesn't specify a candidate format for xmpp ibb. only udp and tcp transports
-
rion
fippo: in theory ibb allows to open substreams. so it can have one for RTP and one for RTCP. candidates are not needed.
-
flow
Daniel, TURN sould be used instead of (peseudo) socks5 proxies, no matter if legacy XMPP stream initiation, or jingle
-
flow
fippo, but from an XMPP jingle point-of-view, the jingle ICE transport chould be replaced with an IBB transport, no?
-
flow
fippo, Maybe I understand your statement wrong, so there is nothing odd with how xep260 specifies the fallback from S5B to IBB?
-
flow
(context for those who wonder: https://github.com/xsf/xeps/pull/793#issuecomment-505792574)
-
fippo
flow: i don't think this kind of scenario has seen much practical use otherwise the questions rion asked would have been asked earlier
-
flow
fippo, is that really so? If we consider a world with S5B replaced with TURN, and legacy SI replaced with Jingle, why not keep the door open for IBB fallback as last resort?
-
flow
I think the questions did not come up earlier because rion can be considered an early-adopter, at least of the FOSS community
-
fippo
flow: it ends up being a question of maintenance cost. ibb fallback is cool but do you need to implement it to be compliant?
-
ralphm
I think IBB for any kind of media transfer, real-time or not, results in unwanted pressure on servers' routing and interference with 'regular' stanzas. This starts hurting quickly with increasing numbers of users.
-
fippo
also IBB wreaks havoc with rate limiting mechanisms (i.e. jabberds karma)
-
ralphm
So although it might work, I'd explicitly strongly recommend against it.
-
flow
fippo, Isn't a transport-replace(IBB) replacing a previous ICE tranpsort compliant?
-
fippo
flow: it is. but do we have a spec saying "try transports in this order"?
-
flow
fippo, do we need one?
-
fippo
flow: how do you know whether ice is better than raw-udp or ibb?
-
ralphm
From XEP-0176: * In Jingle, lists of "preferred" candidates are typically sent in the Jingle session-initiate and session-accept messages, in a way that is consistent with the SDP offer / answer model described in RFC 3264 [5] and the process described in ICE-CORE. * Candidates can also be sent in separate transport-info messages either before sending the session-accept message (to expedite negotiation) or after media begins to flow (to find modify existing candidates, find superior candidates, or adjust to changing network conditions).
-
rion
btw fallback from S5B to IBB works perfectly in Psi. but it would be nice to have some recommendation in XEP. like if your file is bigger than 100kb please avoid the fallback to IBB. Or maybe even checking props via server disco about current speed limits, stanzas burst mode etc.
-
ralphm
I also would like the ability for a server to (ahem) "discourage" this beyond a certain size.
-
flow
fippo, I may be mistaken, but ICE would potentially include TURN as far as I can tell. So it appears to be the natural higher priority transport mechanism with IBB as fallback
-
flow
ralphm, I am not sure if xep176 is really important here, given that it xep371 is expected to supersede xep176
-
fippo
flow: but ibb is not part of ice (which has its internal rules/priorities) but a different transport
-
flow
fippo, I know, that's why I talking abut transport-replace(IBB), replacing the XMPP Jingle ICE transport with the XMPP Jingle IBB transport
-
ralphm
Well, hah, so far nobody's cared enough for XEP-0371 to move forward, but yes. I also don't think it changes the idea behind the quoted text.
-
fippo
flow: and we certainly agree that ice is better than ibb. but i don't see a spec for that
-
ralphm
And indeed I'd put IBB at priority 0, but the problem I see is that a server doesn't have an easy way to not want to support it.
-
fippo
ralphm: it can provide a terrible experience to any user that uses it? :-)
-
Zash
How complicated is ICE to implement for an XMPP server?
-
jonas’
STUN would be a good start
-
ralphm
fippo: as well as all other users
-
Zash
TURN STUN ICE so many acronyms!!!
-
rion
Zash: do you mean integrate with any existing turn server?
-
fippo
ralphm: I assume servers do provide rate limiting :-)
-
ralphm
Zash: you can use an existing TURN/STUN server. Like coturn.
-
rion
it's matter of providing proper authentication to turn. that's it
-
Zash
And now you doubled the complexity of the installation procedure.
-
ralphm
And then look at implementing Jingle Nodes
-
fippo
zash: in general you don't want that. IM servers have completly different deployment patterns (200ms latency due to centralization for the whole world) is ok but for turn servers you want them in many datacenters around the world
-
rion
fippo can tell a lot about turn auth :)
-
Zash
Auth stuff already exists afaik
-
ralphm
So indeed, don't reimplement a TURN server, but provide an easy way to use them (Jingle Nodes).
-
rion
Zash: yes. xmpp servers should tell turn server about auth keys.
-
fippo
zash: prosody even has a module for xep-0215 :-)
-
ralphm
I'm literally writing a blog post on how we did this at VEON.
-
rion
ralphm: waiting for a link :)
-
ralphm
rion: noted
-
Zash
fippo: Me, with my single user self-hosting in my basement, now need to deploy things to multiple data centers?
-
ralphm
What, no.
-
fippo
zash: send 1$ to twilio each month instead
-
ralphm
At VEON we had one in Russia and one for the rest of the world. As you scale up, you geographically (network wise) add more.
-
ralphm
Just run coturn next to prosody, and you'll be fine.
-
Zash
Is that going to work if it runs behind a NAT?
-
fippo
if you know your external ip that can be configured
-
ralphm
Also note that you don't provide TURN for others, it is for your (users) benefit. Your contacts should use their own.
-
ralphm
Zash: you need to be able to reach it, of course (single port), and for relaying you do need to open up additional ports so that your peer can connect to it.
-
ralphm
(typically a range of UDP ports)
-
ralphm
So, say you run this at home, you'd have your NAT pass on the traffic for that port range (udp, and 3478, udp and tcp).
-
rion
Is there any XEP like Last Message Correction but to delete a message including mam?
-
Zash
There's a proto-xep in the inbox I think
-
Zash
Inbox isn't rendered?
-
Zash
rion https://github.com/xsf/xeps/blob/master/inbox/message-retraction.xml
-
rion
thx.
-
rion
huh added almost 2 years ago. what's wrong with it?
-
moparisthebest
well Barbra Streisand tried it in 2003 and it didn't work out very well
-
Zash
Check standards archives and council logs from around that time?
-
Zash
Hm, was those logs lost in the crash?
-
rion
I see there is no notifications to other resources or muc participants about the retraction. So it's kind of incomplete
-
Zash
It should work the same as LMC?
-
rion
ah other resources will be notified with carbons.
-
rion
honestly I don't like the LMC idea. I'd prefer for changes to a message to be in place instead of a patch as it's for LMC.
-
dwd
moparisthebest, :-)
-
pep.
rion, what do you want to do exactly?
-
Zash
rion: It's not a patch, or do you mean that the old message is still in MAM for everyone? You know you can't really delete anything in an open system?
-
Zash
And that's probably why the retraction xep was not accepted.
-
Zash
You can't un-say something. Can't reverse time.
-
pep.
Does reversing time also reverse your actions?
-
rion
Just imagine I'm writing to my mistress something quite private and after sending a message I discover it's was a chat dialog with my wife! Fine, I can delete/correct the message. But fu** she can see the previous message from MAM. what??
-
Zash
Can't prevent clients from keeping the "deleted" message and sticking a blinking red border around it
-
pep.
rion, maybe she wouldn't be able to. Her client would
-
Zash
Same as if you say something to their face
-
Zash
Can't un-say something.
-
Zash
Stop trying to break the laws of physics and causality
-
rion
would be better if I could :)
-
Zash
You can't
-
Zash
Deal with it
-
rion
nooo!
-
Zash
Not in an open system.
-
pep.
Even then.. people take pictures of pictures nowadays..
-
rion
Zash: and yes I have to be honest with my wife..
-
pep.
good
-
pep.
Or you can claim plausible deniability
-
Zash
Claim temporary insanity
-
dwd
So it looks, to me, that message-deletion was almost accepted, but had its name changed as a result of council feedback - but I can't see it actually getting rejected.
-
pep.
Somebody not following up?
-
dwd
It was four years ago, though. But I think the general feel back then was that as long as we called it "retraction" and not "deletion", it'd be OK.
-
dwd
pep., Very hard to tell. I suspect it fell through the inter-council gap.
-
pep.
There was also a thread about something similar a few months ago iirc
-
dwd
pep., If by a few months ago, you mean 2016...
-
pep.
I'm not sure, I think it was by one of the russian fellows
-
pep.
Trying to copy signal or telegram or something like that
-
pep.
There was no XEP proposed, just a discussion
-
dwd
Oh, yeah, Andrew Nenakhov mentioned it I think.
-
ralphm
Even in Whatsapp, deleting a message at the remote party is a request, and if the remote app doesn't process it within (I think) 7 days, the request expires and the message stays.
-
Zash
How do you test TURN/STUN/STUFF/ICE?
-
Lance
Testing that connections work, or that candidates are generating?
-
Lance
There's https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ if you want to test candidate gathering is handing out the right things
-
Zash
Okay. It does something.
-
ralphm
Yay?
-
Zash
What's the state of XEP-0215 (client) implementations?
-
Zash
I see there was a version bump to :2 at some point
-
fippo
lance removed it from talky I think (boo lance!) and it seems jitsi uses :1
-
ralphm
Zash: were you trying to use it for discovering your TURN server?
-
Zash
ralphm: I'm wondering why I did this, what I can use it with.
-
ralphm
Well, you might want to look at XEP-0278 (Jingle Nodes), which besides discovery also handles authentication and requesting a channel.
-
ralphm
This is what we used in VEON, likely also because the author (Thiago) was one of the team members :-D
-
Lance
Talky will be getting 215 back soon. Have to finish writing patch for extdisco prosody mod first to generate service entries/credentials via an event instead of pulling from static config file
-
Zash
I went with https://modules.prosody.im/mod_turncredentials.html but it implements :1
-
Zash
Seems to magically Just Work tho
-
Yagiza
Daniel, is registration ID a local device ID?
-
lovetox
its a device ID
-
lovetox
im not sure what you mean by local
-
lovetox
you generate it for the user on first use
-
fippo
zash: sadly i don't remember why we bumped the namespace even
-
Lance
:2 added support for server pushing updated services/credentials to clients that had requested them
-
lovetox
where do you get the word registration ID from?
-
lovetox
lib signal?
-
Yagiza
lovetox, I mean that we have a local device ID, which we generated ourself and remote device IDs, generated by other devices, which we discover via PEP.
-
lovetox
yeah and libsignal has also something similar they call it registrationID
-
lovetox
in my lib i just set it to None and ignore it
-
Yagiza
lovetox, that's what my question was. If "registration ID" is local "device ID" in terms of libsignal-protocol.
-
lovetox
but maybe you can use that, if i look through the code its actually just a value stored in libsignals objects
-
lovetox
i dont see it doing somewhere something specific
-
Yagiza
lovetox, I need to specify it when calling session_pre_key_bundle_create() to create a pre key bundle.
-
lovetox
yes pass the device id there
-
Yagiza
lovetox, ok, thanx.
-
Yagiza
Well
-
Yagiza
What should be wrapped in <key/> elements? Serialized ciphertext_message?
-
lovetox
yes
-
Yagiza
And then I must deserialize it with signal_message_deserialize?
-
lovetox
maybe, in my python port of the lib this call loos like this PreKeyWhisperMessage(serialized=message)
-
lovetox
but yes you obviously have to deserialize it somehow
-
Yagiza
So, session_cipher is the only thing, which describes a session.
-
Yagiza
And I must use the only session_cipher for both encoding outgoing and decoding incoming messages?
-
lovetox
yes
-
lovetox
and as you before asked key element wraps the ciphertext serialized
-
lovetox
but of course you should not forget about base64 encoding it first
-
lovetox
signallib does not do this for you
-
ralphm
Lance: oh, right. But clients should already know when to update, cause of expiry. Is this for premature expiry, like a turn server restart?
-
Lance
:2 added expiration attribute too. It was for server restarts and forcing move to new instance, yes
-
Zash
https://cerdale.zash.se/upload/ylN-_jalmw_Dvpuh/xep-0215-diff.html
-
Zash
Gah, things detecting that stdout isn't a terminal and disabling color :(
-
Zash
https://cerdale.zash.se/upload/YxG91XYKo9S47ZSd/xep-0215-diff.html Now then?