-
Kev
pep.: he's still doing stuff, as he's always been.
-
ralphm
What I mean he doesn't frequent this room, which I thought was what pep. was asking.
-
pep.
yeah
-
eevvoor
flow why not XMPP for activists? which alternative is there?
-
eevvoor
Of course I would use XMPP if I would like to protect myself.
-
eevvoor
By the why, activists already use(d) mail :D. Snowden did, and DeltaChat popped up for activist usecase. ^^
-
jonas’
all the metadata
-
Ge0rG
It's too hard to use properly if your life depends on it
-
pep.
That's because "we know". I'm sure others "who know" in other protocols would have other concerns about their solutions :x
-
ralphm
Indeed, other protocols have other issues
-
eevvoor
until now I cannot see a better protocol than XMPP. Thus I would use it despite my concerns.
-
eevvoor
There exists no perfect solution until now.
-
eevvoor
Anyhow, you can always use your life if your an activist.✎ -
eevvoor
Anyhow, you can always loose your life if your an activist. ✏
-
eevvoor
The enemy comes from all directions. I was always surprised when they appeared.
-
eevvoor
:D
-
ralphm
I do think that you'd want full control over your server.
-
Ge0rG
https://mail.jabber.org/pipermail/standards/2017-August/033123.html is a 401?!
-
pep.
Fun
-
ralphm
intosi, Kev, MattJ?
-
Kev
That'll probably be because of the OS upgrade at a guess.
-
Kev
I believe a strict reading of 612[01] would lead to a server rejecting a stanza of <message from='...' to='...'><body un-namespaced-attribute="blah>...</body></message> because of the attribute. I'm currently looking at a patch to M-Link to enforce this. Anyone see issues with enforcing that?
-
Guus
https://opensource.wearespindle.com/ seems interesting
-
jonas’
Kev, I’m not so sure servers restricting the content of stanzas being routed is a good thing
-
Kev
It is what 6120 says though - that no entity should be sending out syntactically invalid stanzas.
-
flow
Kev, a pointer to the relevant parts of the RFCs would be good idea…
-
ralphm
Kev: do you mean unknown namespace prefixes, or unknown attributes without one?
-
Kev
And I suspect you would expect the server to be e.g. bouncing other types of invalid syntax - like message type="nope", for example.
-
Kev
ralphm: Unknown attributes without one.
-
jonas’
Kev, content vs. headers
-
ralphm
I don't see how that's a syntax violation.
-
flow
well message type="nope" is valid IIRC
-
jonas’
that, too
-
flow
although I would not recommend it
-
Zash
Huh
-
Kev
flow: no, 6121 enumerates the allowed types.
-
Kev
(And 'nope' isn't one of them✎ -
jonas’
Kev, and entities which see an unknown type must (or SHOULD?) treat it as normal✎ -
Kev
(And 'nope' isn't one of them) ✏
-
jonas’
Kev, and entities which see an unknown type must (or SHOULD?) treat it as "normal" ✏
-
Kev
jonas’: No, that's not right.
-
Kev
An entity that chooses not to implement support for all the defined types should treat any of the defined types that it doesn't have explicit support for as the default.
-
Zash
Server rejecting `<message><body foo="bar">blah</body></message>` seems totally fine to me.
-
Kev
Not that it should accept ones with an invalid type.
-
jonas’
Kev, right, I misread that
-
ralphm
type='nope' is *not* invalid for Core?
-
Kev
ralphm: 6120 references 6121 for its rules.
-
ralphm
for IM purposes, yes
-
flow
I always read If an application receives a message with no 'type' attribute or the application does not understand the value of the 'type' attribute provided, it MUST consider the message to be of type "normal" (i.e., "normal" is the default). as "nope" become "normal"
-
jonas’
flow, above the enumeration, there is "type MUST have one of those values"
-
Kev
flow: You should read the stuff a paragraph or so before as well, which explains it further.
-
ralphm
6120 without 6121 is a valid use case. Even XEP-0060 doesn't inherently depend on 6121
-
jonas’
Kev, I’m inclined to say, aside from @to and @from, the server should leave routed stanzas alone.
-
flow
Well it says something about "if included" the type MUST be one of the following ;)
-
jonas’
flow, yes
-
jonas’
so it’s either one of the defined ones, or absent. absent defaults to normal.
-
Kev
ralphm: That's a good point, thanks.
-
ralphm
however, 6120 does have a schema with a restricted list of values
-
flow
I think the RFC could be better writen/more clear about that, but I am happy to hear that there appears to be a common ground that "type" sould not carry custom values
-
jonas’
(non-normative schema?)
-
jonas’
flow, MUST NOT ;)
-
Kev
jonas’: Incidentally (I'd previously missed this) it's OPTIONAL whether a server does the validation.
-
ralphm
But type on stanza aside, the earlier example is about unknown attributes on the body element. I think that's totally valid. If servers would block that, it might be a problem for forward compatibility.
-
flow
Kev, I still miss the part in the RFC which forbids additional custom unqualified attributes in <body/>
-
Kev
ralphm: What about the other cases, like an iq that has three payloads? I had previously believed that a server should be not allowing those through, but as of about 3 minutes ago I no longer think that.
-
flow
(FWIW, I would be happy if such a part exists)
-
Kev
flow: "There are no attributes defined for the <body/> element, with the exception of the 'xml:lang' attribute." is the text in question. I think reading that to say that there are no further attributes allowed in the default namespace would be reasonable. But I was sufficiently unsure as to bring it up here :)
-
ralphm
I don't know, think that 8.2.3 ad 5 is pretty convincingly a MUST.
-
ralphm
and to me 'not defined' does definitely not mean 'not allowed'
-
ralphm
Otherwise the whole idea of ignore what you don't know about, goes out the window.
-
ralphm
And rejecting unknown stanza type values is arguably of a different order than unknown attributes.
-
Kev
Well, we've always assumed that 'what you don't know about' will be namespaced.
-
Kev
But this is all getting a lot muddier than I'd thought it would when I added a ticket for validating syntax.
-
ralphm
Kev: I haven't and there are many specs where new attributes, all not namespaced, were added.
-
jonas’
which?
-
ralphm
pubsub is one
-
Kev
I couldn't immediately think of any when I was trying earlier, but thought someone else might be able to, thus asking heer.
-
Kev
What does pubsub add?
-
ralphm
I mean new attributes compared to earlier versions of the spec
-
ralphm
e.g. the publisher attribute
-
Kev
Ah. That's somewhat different.
-
ralphm
why?
-
Kev
They're not adding attributes to RFC-defined elements.
-
ralphm
So what if we at some point have a cis and add an attribute to body?
-
ralphm
We'd have a mess of older servers that just won't route?
-
Kev
I think the argument against blocking the attributes is strong.
-
ralphm
I missed the argument?
-
Kev
You just made one aspect of it :)
-
Kev
But we'd also have to not to anything in cis that was illegal in bis, unless we negotiated cis.
-
Kev
Because validation is allowed under bis.
-
ralphm
So where is the part that says you can't have other attributes?
-
Kev
There isn't one. There is one that say they're not defined, and another that says you're allowed to validate.
-
ralphm
The text you quoted doesn't convince me and is not in Core.
-
Kev
So it's a little wooly.
-
Kev
It's not, but it's referenced from core saying "the rules for this are in -im", or somesuch.
-
Kev
I'm sold on not blocking the attributes, though.
-
ralphm
wooly indeed
-
ralphm
I was kinda curious about the threat model, though.
-
Kev
So, different question.
-
Kev
Given than 6120 clearly says that servers are allowed to validate syntax, what /would/ be fair game for validation.
-
Kev
It seems to be saying you're allowed to validate explicitly against the 6120 schema.
-
ralphm
Well, at the very least defined attributes and their values, and indeed things like number of child elements in iq
-
jonas’
Kev, @to, @from (including stringprep!), @type on all stanzas, presence of @id on IQs(?), number of children in IQs, structure of the <error/> child if present
-
ralphm
I think the schema in 6120 is reasonable to check against
-
Kev
Oh, this gets messy. If I'm reading it right, the schema is more restrictive than the text, but is normative.
-
ralphm
how is the schema more restrictive?
-
Kev
Ah, no, this is stream errors, not stanza errors, ignore.
-
jonas’
if the schema is normative: absence of any unspecified jabber:client/jabber:server namespaced children
-
jonas’
that would show those folks who think they can just drop their XML in there
-
Kev
Ah, interesting, so message types are defined in the 6120 schema. Making them restricted even for non-IM.
-
ralphm
jonas’: I think the schema language had no way to express this
-
jonas’
ralphm, I’m pretty sure that anything which isn’t allowed explicitly in the schema is forbidden?
-
Kev
Including undefined attributes? :)
-
ralphm
jonas’: why?
-
jonas’
that’s how XML schema works?
-
ralphm
Kev: on the type values and schema, I mentioned that earlier
-
Kev
Sorry Ralph, I can't quite parse what you're saying there. Are you saying you /do/ think that the schema in 6120 restricts undefined attributes on defined elements, and therefore e.g. rejecting ...<body blah='eee'>... is 'ok'?
-
ralphm
No. I think that checking what's in the schema is fair game, but I don't think we should disallow what's not mentioned
-
ralphm
Is that more clear?
-
Kev
That's clear, ta. But isn't that not how schemas work?
-
Kev
Unless the schema defines an extension point (which it does all over the place for namespaced child elements), you're not allowed to extend it.
-
ralphm
Hence not normative, IMO
-
Kev
It's explicitly normative for 6120, though.
-
ralphm
Hmm
-
Kev
Because it says that you're allowed to validate against it and reject what doesn't match.
-
ralphm
Then I was wrong.
-
ralphm
And I'm unsure if you can add even namespaced attributes to body
-
Kev
Indeed, I think you can't.
-
Kev
Which I was /not/ expecting.
-
Kev
There's also a question of what 6120 says you can do, and what is sensible to do.
-
ralphm
Right. But on the other hand a much simpler processing model
-
ralphm
Personally, I'd hate seeing new attributes of any kind on elements defined in these schemas
-
Kev
I also think the schema is more restrictive than the text, on allowable stanza errors. IIRC (haven't double checked, but read it earlier) you're allowed your own stanza error elements, but in the schema you have to choose one of the 6120 defined ones.
-
ralphm
But up till now thought it might be ok
-
Kev
At least if I'm reading the schema correctly (not my speciality
-
Kev
).✎ -
Kev
). ✏
-
ralphm
Ooh, that needs an erratum
-
Kev
I also haven't checked the errata. Maybe I should.
-
ralphm
Application specific conditions should definitely be allowed.
-
Kev
Yeah. But a server is allowed to drop stanzas that contain them :D
-
ralphm
I'm not sure if <sequence/> disallows other namespaced elements
-
ralphm
But I think we should have this explicit.
-
Maranda
https://www.arcgames.com/en/forums/startrekonline/#/discussion/1250600/xmpp-sunset 😭 wiki to rectify soon
-
ralphm
It doesn't say they don't use XMPP going forward, does it?
-
ralphm
Just that they have issues with their c2s causing spam etc.
-
Maranda
They're dropping
-
Maranda
Support on sept. 19th
-
ralphm
Yeah I read it
-
ralphm
I agree just running XMPP internally isn't so interesting
-
Ge0rG
Spam is killing xmpp everywhere. Sigh..
-
ralphm
Lot of negative, insightful, responses
-
ralphm
“This is a feature that enhances many peoples' gameplay, a feature that larger fleets and chat channels are absolutely dependent on, and terminating it demonstrates that Cryptic is shockingly out of touch with the way the players who spend money on their game play it. Don't remove XMPP. Take it out of beta and monetize it instead. Charge $10 or $25 for access if you have to.”
-
Ge0rG
> So that excuse doesn't make sense. Indeed, that looks like an excuse.
-
ralphm
By the way it is for all arcgames properties
-
Maranda
Yes
-
ralphm
Ge0rG: if Google can use that excuse, anyone can
-
Ge0rG
ralphm: it didn't make sense back when Google used it.
-
ralphm
My point
-
Maranda
They chat system platform is shared across all games originally from Cryptic afair✎ -
Maranda
Their chat system platform is shared across all games originally from Cryptic afair ✏
-
Maranda
Yes
-
Maranda
> Don't remove XMPP. Take it out of beta and monetize it instead. Charge $10 or $25 for access if you have to.” It's a beta that lasts from 10 years
-
Seve
Not tested enough? :D
-
Seve
That's sad though :(
-
Maranda
Perfect World never expanded or finalised it when they took Cryptic Studios assets
-
Maranda
Seve: indeed
-
jonas’
Alex, memberbot does not reply to me
-
Ge0rG
jonas’: can you ping it?
-
jonas’
oh dear
-
jonas’
now it does
-
jonas’
it also appears to have restarted
-
Ge0rG
jonas’: it will restart your "session" if you send presence unavailable or somesuch
-
jonas’
voted \o/
-
Alex
👍
-
jonas’
now that bitbucket is sunsetting mercurial, do we need to take action for anything related to xmppoke? or is that fully migrated to github?
-
Guus
jonas’: I think that is all here now, but I'd love for someone with access to the deployment to verify that. https://github.com/xmpp-observatory
-
Ge0rG
mail.jabber.org is still Forbidden.
-
ralphm
Kev said there's been an upgrade, and I think nobody's actually looked into it yet
-
Ge0rG
So did anything happen on the send-presence vs. fetch-MAM vs. receive-offline-messages vs. delete-all-offline-messages front?