-
moparisthebest
<ralphm> And indeed, maybe mod_block_strangers isn't the best approach. I can imagine various cases where you'd receive a message stanzas from a non-contact that you didn't direct presence to (bare or full). And didn't want it blocked.
-
moparisthebest
For example, jmp.chat
-
moparisthebest
Where you want messages from SMS non-contacts
-
moparisthebest
They have to constantly change their server and client recommendations because of this
-
fds
h
-
jonas’
moparisthebest, maybe talk to the server implementations about white-listing jmp.chat
-
jonas’
that’s a reasonable use-case
-
jonas’
and since you need to be registered with jmp.chat to receive messages from them (?) it is opt-in for each user fully and without extra config
-
jonas’
could be a config switch obviously for the admin to disable the whitelisting
-
jonas’
but I think by default it should be whitelisted
-
Ge0rG
What about > Also blocking messages from strangers, server-wide, is a very bad idea.
-
jonas’
true
-
winfried
Guus Ralphm maybe we should apply for this: https://www.forumstandaardisatie.nl/content/toetsen-van-standaarden
-
Guus
winfried: i quickly scanned: seems we're to late?
-
winfried
Guus: They have a continuous call and they accept twice a year. We missed the call for this autumn but can apply for the spring
-
winfried
And best prepare well for it...
-
Guus
kk
-
MattJ
Ge0rG + all: mailing list archives should be working again now
-
Ge0rG
MattJ: awesome, thanks!
-
Ge0rG
Are the numbers still the same?
-
MattJ
You mean did old URLs break? No, I sincerely hope not
-
jonas’
MattJ, https://mail.jabber.org/pipermail/members/2019-May/008986.html
-
jonas’
oh, that’s members
-
jonas’
but members should be public, no?
-
jonas’
(it was, at least)
-
jonas’
(I just grepped my xsf@ logs for a random mail.jabber.org link)
-
jonas’
(other links to standards@ seem to work)
-
ralphm
Yes, should be public
-
ralphm
In principle, mailman knows which lists should be
-
Ge0rG
jonas’: the evil thing about mailman silently renumbering is that all links still work, they just point to different mails
-
ralphm
Yes that's horrible
-
ralphm
At least for standards@ links archived by Google seem to match, with a quick sample
-
Ge0rG
ralphm: thanks for checking.
-
Ge0rG
I'm sure there are still broken links on the wiki, from our last silent renumbering.
-
ralphm
When was that? I have old links in my blog and haven't noticed issues
-
ralphm
2003-2005
-
Ge0rG
ralphm: I suppose around 2016, when the infra went belly up
-
ralphm
Ok
-
Ge0rG
ralphm: eg. https://wiki.xmpp.org/web/XEP-Remarks/XEP-0352:_Client_State_Indication leads into a 404
-
Ge0rG
https://wiki.xmpp.org/web/XEP-Remarks/XEP-0256:_Last_Activity_in_Presence has one 404 and one unrelated "XMPP or NodeJS" thread
-
Ge0rG
those two were the first hits of https://wiki.xmpp.org/web/index.php?search=mail.jabber.org&title=Special%3ASearch&go=Go
-
ralphm
Hmm
-
Ge0rG
I don't even dare going on
-
ralphm
Are you fixing them as you go?
-
Guus
Bear once provided me with server logs, that I grepped for frequent 404's
-
Guus
by no means a full fix, but I used it to fix the most high-impact ones.
-
Guus
maybe that can be repeated?
-
ralphm
Particularly in this case, there's context to find the new working URLs
-
Ge0rG
ralphm: nope. I have no idea where the links used to point to before
-
Ge0rG
and the 404s are kind of unexpected
-
Ge0rG
there used to be more wrong and less 404 links, IIRC
-
ralphm
Well, you have links with known months. Give the relatively low volume, you can choose suitable replacements.
-
ralphm
(just go up one level, scan for the XEP by number or name)
-
ralphm
E.g. the CSI one: https://mail.jabber.org/pipermail/standards/2014-August/029037.html
-
Ge0rG
Right.
-
MattJ
jonas’, oh, right
-
MattJ
I think that's part of my earlier attempts at a fix
-
MattJ
Apache was serving archives/private, and all the docs say to serve archive/public
-
moparisthebest
ralphm, Ge0rG, jonas’ : it's not just servers that block non-contacts either, also clients https://github.com/ChatSecure/ChatSecure-iOS/issues/844 pretty crappy situation
-
moparisthebest
and yea jmp.chat getting itself on a whitelist is probably doable, but kind of ruins the whole concept of an open federated system :/
-
moparisthebest
ditch whatsapp/telegram/$hotness_of_the_day and join XMPP and message anyone! (who doesn't happen to use a crippled client or server that they can't fix)
-
ralphm
Well, for what it is worth, once I disabled that module, I almost immediately got a bunch of spam. I understand it blocks certain users, but I am not affected by that, and that trumps not getting spam. YMMV
-
moparisthebest
and to be clear I think that's perfectly acceptable opt-in behavior, or even if it was on by default and you could opt-out
-
moparisthebest
just to have it hard-coded in clients, and server-wide in popular public servers where you can't disable it for your JID is bad bad
-
ralphm
Sure
-
MattJ
Agreed - a standard way to enable/disable it would be great
-
Zash
Magic blocking command-ish thing?
-
MattJ
Someone XEP it and we could implement it in Prosody in less than an hour
-
Ge0rG
Or, maybe, you know, a way to smartly block just the spam messages.
-
Ge0rG
Or, slightly less useful, a kind of captcha-on-first-contact
-
ralphm
Yeah, I don't believe in that.
-
ralphm
I'm tempted to say: my server will only ever forward anything (including presence subscription requests) to the client, if there is a matching outgoing presence request or approval.
-
ralphm
And then something to cover MUC/MIX.
-
Holger
... invitations.
-
ralphm
for MUC?
-
Holger
Yeah.
-
Holger
That's one of those things that typically fail with mod_block_strangers.
-
ralphm
I don't remember how MUC invitations work, but in MIX there is the inviter - channel - invitee triangle and in that case it would indeed only work if both people have eachother in their roster
-
ralphm
I'm not sure if that's a negative, depending on how hard you want to block spam
-
jonas’
ralphm, MUC has both ways
-
jonas’
with the MUC channel in between or without
-
ralphm
The big issue, of course, is needing some kind of out-of-band exchange of JIDs, or maybe phone number matching.
-
jonas’
with is required for rooms where members are not allowed to edit the member list, but are allowed to send invites.
-
ralphm
When we were implementing (only) MIX, I looked in detail at its mediated invites, and really like that model.
-
jonas’
mediated invites are not spoofable, which is nice, but the problem is with spam of those, yes
-
ralphm
Because it won't cause blockage of invites from 'unknown' entities like the room (the invite comes directly from the inviter to the invitee), so that blocking JIDs will also never cause you to be bothered by people via MIX channels.
-
ralphm
And then if you require a bidirectional relationship, that would block probably most spam.
-
ralphm
(at the expense of ease-of-use, probably)
-
jonas’
s/, probably//
-
jonas’
ralphm, what you describe does not sound like a mediated invite to me
-
ralphm
well, I suppose it is mediated in reverse. It requires the participation of the channel.
-
ralphm
I.e. someone can join the channel only if it got an invite that was approved by the channel, and it will only receive invites from non-blocked people.
-
jonas’
I don’t get this, do you have a link to the document for me to read?
-
ralphm
jonas’: https://xmpp.org/extensions/xep-0407.html#usecase-user-invite
-
jonas’
ralphm, ah, yes, that’s neat
-
jonas’
so there’s a token from the MIX involed✎ -
jonas’
so there’s a token from the MIX involved ✏
-
jonas’
but I could still spoof that
-
jonas’
ah, but that doesn’t matter because you’d be filtering non-roster contacts
-
ralphm
If you wanted you could implement a step where the invitee checks the invite with the channel, before showing the invite to the user.
-
Ge0rG
With three parties involved, you can't trust any one to represent the other.
-
Ge0rG
I've never blocked messages from strangers, and strangely I hardly receive any spam
-
ralphm
Ge0rG: maybe you are a natural anti-spam measure 🤣
-
Ge0rG
It used to be different.
-
jonas’
ralphm, that requires a way for the channel to say "yes, that token is valid" without joining
-
ralphm
Indeed
-
jonas’
ralphm, this is simply one of the occasions where Ge0rG did (does) what he was (is) preaching
-
Ge0rG
jonas’: if you are going to join anyway, and that join depends on the token being valid, you can just skip the round trip
-
Ge0rG
Clients are auto joining for years now.
-
jonas’
Ge0rG, the point is to validate the token to rule out dumb invite spam
-
ralphm
The point is that you may want to validate the invite before bothering the user
-
jonas’
unless you’re collaborating with the MIX service, you don’t have valid tokens to invite people
-
ralphm
In this scenario, you'd minimize spam.
-
ralphm
Also, implicitly the inviter does trust the channel
-
Ge0rG
Spammers would never collaborate with a MIX service
-
ralphm
So that's why I think it works
-
jonas’
if the spammers collaborate with the MIX service, the obvious solution is to punish the MIX service.
-
Ge0rG
> ralphm: there is a disapproved SPAM WG for that, in which you can become a member after signing an NDA with the blood of your first-born. That offer is still open, BTW, in case you are interested in not blocking strangers.
-
pep.
How much is invite spam a thing? I've never experienced it (I mean from spammers. I do get invite spam otherwise but from "legit" users)
-
Ge0rG
pep.: never got that so far
-
ralphm
It's been a long time since I got a bonfide invite
-
Ge0rG
Most invites I'm getting from myself as a shortcut to join a MUC on my mobile
-
ralphm
But I get multiple invites per week
-
Ge0rG
ralphm: do you happen to have xml?
-
ralphm
Not at the moment, but can hold on to it
-
ralphm
Next time
-
Ge0rG
ralphm: that would be great.
- Ge0rG is collecting samples
- ralphm nods
-
ralphm
Got a few from default.rs
-
wurstsalat
any updates regarding DOAP ? gajim does also provide one now
-
pep.
There's a PR awaiting, not sure what's blocking. I'd say editor's processing time
-
pep.
I'll have a look after we get together with jonas’
-
Ge0rG
Wiring a DOAP looks like a significant effort
-
Zash
copy an existing, edit the name, call it a day
-
wurstsalat
Just implement all the features, then you don't have to filter XEPs ;)
-
Ge0rG
wurstsalat: fewer features, less work.
-
wurstsalat
I see your point
-
pep.
Ge0rG: I'm sure somebody(tm) could PR a doap file for yaxim once it's deployed
-
pep.
Then you'd only have to update it
-
Ge0rG
pep.: I'd actually appreciate that
-
wurstsalat
Ge0rG, do you have a list of supported XEPs?
-
Ge0rG
wurstsalat: more or less, at https://yaxim.org/features/
-
jonas’
pep., the website is not editors realm
-
pep.
Ah
-
pep.
Board?
-
jonas’
I just happen to know a bit about pelican so I did a few things back then
-
jonas’
I don’t think there’s a formal team
-
jonas’
actually
-
jonas’
I have merge powers there, not sure why :)
-
jonas’
Guus and I do most of the reviews
-
pep.
Then we should submit that PR to board probably
-
wurstsalat
Ge0rG, Feb 1st, 2017 4:06 pm is sufficiently recent?
-
Ge0rG
wurstsalat: probably not, but it's the most recent I have ready.
-
wurstsalat
If nobody else volunteers I would compile a doap with this
-
Zash
Didn't someone make a ???? to doap thingymajigger?
-
wurstsalat
Ge0rG, there you go, an approximation ;) https://paste.gajim.org/view/22c58cfb
-
pep.
wurstsalat, 0077 "complete" "no forms support", hmm.
-
wurstsalat
That was me not parsing ;)
-
Ge0rG
Is that rdf file now licensed under gpl3?
-
Ge0rG
Should I also add the version tags for the specific XEPs?
-
pep.
yeah that'd be nice, maybe not required though(?)
-
Zash
disco#info to doap? or was this the project that needed the registries to be in order?
-
pep.
disco#info to doap could help a bit I guess.
-
Ge0rG
wurstsalat: Is that rdf file now licensed under gpl3?
-
lovetox
hm the tombstone thing where we redirect to another address on destruction of a muc
-
lovetox
if i disco such a muc, it has the new address inside <gone>new adress</gone> error condition
-
lovetox
is this somwhere specified ? or is this something people just do
-
Zash
XMPP core RFC
-
Zash
https://xmpp.org/rfcs/rfc6120.html#rfc.section.8.3.3.5
-
jonas’
I would’ve pasted that if I hadn’t accidentally Ctrl+Q
-
wurstsalat
Ge0rG: however you like
-
Zash
WTFPL?
-
wurstsalat
Tell me if I have to be specific ;)
-
lovetox
ok nice although weird that they add xmpp: into it
-
pep.
lovetox, it makes sense to be a valid URI I think
-
Zash
lovetox, handy if you ever wanna redirect to a wobsite or email or whatever I suppose
-
wurstsalat
lovetox: I thought gajim did that (but didn't check)
-
Ge0rG
wurstsalat: I'm not yet sure whether to bundle it with the source or with the website.
-
Ge0rG
Zash: I don't want to design the UX for that
-
Zash
Yes, convention for where to put the doap xml plz 🙂
-
pep.
Zash, wherever you want? You have to give a url to xmpp.org anyway
-
Zash
Ge0rG: "This MUC has now become an mailing list. GL;HF"
-
Ge0rG
Channel you are in is tombstoned, suddenly a "new email" editor appears
-
pep.
Somewhere not everybody has access would be better I guess :)
-
Zash
Ge0rG, show a link maybe?
-
jonas’
wurstsalat, "public domain"?
-
lovetox
Zash still weird, this makes parsing this much more complicated
-
jonas’
lovetox, don’t you need a URI parser anyways?
-
Zash
Life is complicated.
-
lovetox
i have one yes
-
pep.
And it's most likely always going to be another MUC.. (or MIX, maybe? someday)
-
Ge0rG
Just drop it at the OS URI handler. If you are lucky, the xmpp URI will get bounced to your running instance.
-
pep.
Or maybe an http url to logs? :P
-
Zash
Note that it's a generic stanza error, applicable to anything and everything.
-
Ge0rG
If you agree less lucky, you'll end up with a second client running, competing for your resource
-
Zash
Users, MUCs, pubsub nodes, entire servers etc
-
Ge0rG
Everything can be gone.
-
Ge0rG
Messages?
-
Zash
"The recipient or server can no longer be contacted at this address"
-
jonas’
https://http.cat/410
-
Zash
Hm, maybe that excludes pubsub nodes then
-
Ge0rG
Makes me think of the Moved XEP mess...
-
Zash
Are pubsub nodes recipients?
-
Zash
Moving is a mess
-
Zash
Cool URL^W JIDs don't change!
-
Ge0rG
I moved to the web. Feel free to subscribe to my blog rss
-
Ge0rG
Now imagine we had an URI scheme for individual messages.
-
Zash
Linking to a static website where you detail your shutdown seems like a thing you could do
-
Zash
Imagine if we had URIs in to/from for everything
-
Ge0rG
You could link to your last message, like a will
-
Ge0rG
Zash: heresy!
-
Zash
`<message to="mailto:jdoe@example.com" from="xmpp:me@example.net" type="normal"><subject>Buy!</subject><body>Lorem ipsum</body></message>`
-
Zash
Sure would have simplifed some bridging scenarios
-
wurstsalat
Ge0rG: poezio, dino, and gajim host the doap in their git repos (easiest I think)
-
wurstsalat
pep: the doap from poezio follows a different scheme though (I think Link Mauve updated it)
-
Ge0rG
wurstsalat: so I'd link to a raw file on github? Hmmm...
-
pep.
blame Link Mauve
-
pep.
(he knows better)
-
pep.
Ge0rG, yeah
-
Ge0rG
So be it, then!
-
linkmauve
wurstsalat, I think I updated all DOAP files I knew about when I improved the schema to have more consistent semantics.
-
linkmauve
I’ll have a look at some point, currently in Berlin and enjoying it too much to be too much on the computer. :D
-
linkmauve
debacle btw, I’m in Berlin atm.
-
Ge0rG
linkmauve: did you tell Holger?