XSF Discussion - 2019-09-06

  1. Neustradamus

    Where is the up-to-date memberbot source code?

  2. pep.

    Neustradamus, https://github.com/legastero/memberbot/network/members I think

  3. pep.

    Ah wait, it says archived

  4. pep.

    Link Mauve has a few patches on top, but it's the only fork apparently so..

  5. ralphm

    Hmm, maybe ask Lance when he wakes

  6. ralphm

    We could have him move it to our org

  7. ralphm

    Leaving forks intact

  8. Neustradamus

    Because there is a problem (I have auto capitalize the first letter of sentence in my client) and when we click on "yes" it is Yes, it does not work. There is no problem for "no" it is no.

  9. Seve

    Ah yeah, it only allows "Yes" as "Yes" haha :D

  10. Zash

    https://xmpp.org/extensions/inbox/buttons.xml !

  11. Neustradamus

    And this bug is not new.

  12. Ge0rG

    This is a bottomless pit. First you want "Yes", then you want "YES", then you want "true", then you want "1"...

  13. Ge0rG

    In the end, you end up with a YAML parser that interprets your answer as a sexagesimal number.

  14. Guus


  15. Zash

    "si", "ja", "SIR YES SIR!"

  16. Guus

    I mean: yes!

  17. Kev


  18. ralphm

    The age of an issue is not really relevant.

  19. Guus

    (but not having it case-sensitive would be a welcome improvement)

  20. Guus

    > "si", "ja", "SIR YES SIR!" Spanish, German/Dutch, American?

  21. Ge0rG

    Guus: xml:lang?

  22. ralphm


  23. linkmauve

    Thankfully Yes! will get interpreted as 1! which as everyone knows is equal to 1.

  24. Zash

    Motivate me or someone to fix up the buttons XEP

  25. Zash

    The return of the revenge of the unintended factorial!

  26. Ge0rG

    Zash: data forms!

  27. linkmauve

    Ad-hoc commands!

  28. ralphm


  29. Zash

    all of the above, plus jingle!

  30. Guus


  31. Seve


  32. Zash

    dataform in ad-hoc command over p2p-xmpp offered via jingle session in pep

  33. Seve

    Now I'm listening

  34. pep.

    Ge0rG, will you also allow me to have: はい, ええ, えー, いいえ, いえ, いいや, いや ? :P

  35. pep.

    or Guus ^ (dunno who was talking about it)

  36. Guus

    Blamimng Ge0rG for all of this works for me.

  37. Ge0rG

    "Say yes or no. Please pronounce it clearly, our speech analysis sucks."

  38. ralphm

    Also XEP-0132.

  39. linkmauve

    pep., with context dependent answer to actually pick no when you say はい to a negative question.

  40. pep.

    linkmauve, of course

  41. pep.

    That's what I expect from locale handling

  42. Ge0rG

    wasn't there a language where "no" actually means yes?

  43. Ge0rG

    Uh-oh, I hope I'm not triggering an army of SJWs now.

  44. linkmauve

    Ge0rG, that was the essence of my joke. :p

  45. Guus

    Polish, according to my Google-foo.

  46. pep.

    In Japanese you answer positively (Yes) to a negative question if you agree with the negation

  47. pep.

    But it's not just them, I actually also do that in french and english nowadays :x

  48. Ge0rG

    linkmauve: but I don't understand Japanese.

  49. linkmauve

    Ah, too bad.

  50. linkmauve

    pep., oh no.

  51. ralphm

    pep.: I do that a lot

  52. Ge0rG

    In German you have "ja", "nein" and "doch". When asked a negated question, you use the latter two

  53. pep.

    Ge0rG, yeah there's also « si » in french

  54. pep.

    ("doch" equivalent I guess)

  55. Ge0rG

    language is complicated. Let's go fishing.

  56. linkmauve

    Great, I now have a Pod which can do fishing.

  57. linkmauve

    It costed me 5000G and takes [3] space in memory.

  58. Guus

    Hey, this is interesting. We had someone trying to send s2s spam over a server using anonymous logins (we disallow s2s traffic for anonymous sessions). Now the intended recipient (that would not have received anything) is replying back with StopSpam Question subject messages containing a simple math problem.

  59. Ge0rG

    Guus: how does the recipient know?

  60. Guus


  61. Ge0rG

    maybe your s2s blocker is faulty?

  62. Ge0rG

    is the intended recipient on your own server?

  63. Guus

    Pretty sure it's not - I'm guessing that the recipient expected the spam to arrive, didn't, and is trying to make it come through with sending questions to de-block data.

  64. Guus

    which suggests recipient and sender are the same party.

  65. Guus

    no, they're on xmpp.jp.

  66. Zash


  67. Ge0rG

    Guus: I'm pretty sure this is not how the StopSpam thing works.

  68. Ge0rG

    Guus: maybe it reacts to presence, not to messages, and your s2s blocker only blocks the latter?

  69. Guus

    Can't rule out a bug

  70. Guus

    but it should

  71. Guus

    feel free to give it a test on igniterealtime.org

  72. Ge0rG

    Guus: is that the anon domain?

  73. Ge0rG

    I don't even know how to login to an anon domain

  74. Guus

    Ge0rG yes - Smack supports it, afaik

  75. Daniel

    So does Conversations

  76. Daniel

    Enter a random local part

  77. Guus

    it's a SASL mechanism

  78. Ge0rG

    Yay, let's crash yaxim!

  79. Guus

    Thanks for the minutes, Daniel

  80. Ge0rG

    Hm. It won't let me in.

  81. Ge0rG

    Because I try SCRAM-SHA1, which is advertised, and which obviously fails

  82. Ge0rG

    Daniel: doesn't work with Conversations either :(

  83. Daniel

    yes because of the same reason

  84. Ge0rG

    Guus: your server is broken :P

  85. Guus


  86. Guus

    the _spammers_ can get in... 😉

  87. Daniel

    i wonder if i should make it work with anon available && password.isEmpty()

  88. Daniel

    or something

  89. Guus

    Georg, what exactly happens?

  90. Guus

    wait, you guys expect anonymous to be the only SASL mechanism that's offered?

  91. Ge0rG

    Daniel: that would be the obvious hack

  92. Zash

    Things seem easier if anonymous users are namespaced onto another virtualhost

  93. Ge0rG

    Guus: Smack's highly complicated pluggable SASL mechanisms plug mechanism uses SCRAM-SHA1

  94. Ge0rG

    SCRAM-SHA1 fails

  95. Daniel

    > Things seem easier if anonymous users are namespaced onto another virtualhost Yes. Thats what I tested Conversations with

  96. Guus

    I think in Smack you explicitly tell 'anonymous' somehow

  97. Guus

    Ge0rG org.jivesoftware.smack.ConnectionConfiguration.Builder#performSaslAnonymousAuthentication

  98. Guus

    Unsure how the server could help you here.

  99. Zash

    Guus: Historical thing due to how Openfire didn't have virtual host support in the past?

  100. Guus

    Openfire does not and will not have virtual host support.

  101. Guus

    wait to complicated to put that in the existing code base. doesn't outweigh simply running two servers.

  102. Guus

    way to complicated to put that in the existing code base. doesn't outweigh simply running two servers.

  103. Ge0rG

    java.lang.IllegalArgumentException: Client State Indication not supported by server

  104. Ge0rG


  105. Ge0rG

    why is that even mandatory in the code?

  106. Guus

    CSI - the spec that doesn't have any sensible spec compliant benefits, right?

  107. Guus

    I think I've a plugin somewhere that will advertise the feature...

  108. Ge0rG

    Oh, it is not supposed to throw that kind of exception. This was only meant to ensure that the client is connected to the server.

  109. Ge0rG

    Guus: it would be great if messages got bounced back.

  110. Guus

    kindly elaborate

  111. Ge0rG

    Guus: if I send a message, and your server forbids the delivery of that message, it should reply with a message error

  112. Ge0rG

    But it doesn't look like an anon client is able to send messages or presence to yax.im

  113. Guus

    hmm, I'm guessing we didn't do that because we didn't want to make spammers wiser

  114. Guus

    which might be overkill

  115. Ge0rG

    Guus: you are also breaking things for users.

  116. Guus

    also, I'm not ruling out that this goes wrong in other places

  117. Ge0rG

    Guus: same thing with presence.

  118. Ge0rG

    But at least anon is breaking surprisingly few things.

  119. Guus

    hmm, you're onto something. The stanza bouncing rules are somewhat awkward.

  120. Ge0rG

    SENT: <iq id='1dfTY-60' type='set'><query xmlns='jabber:iq:roster'><item jid='georg@yax.im' name='Georg' subscription='none'></item></query></iq> RECV: <iq type="error" id="1dfTY-60" to="1qr03gr14@igniterealtime.org/1qr03gr14"> <query xmlns="jabber:iq:roster"><item jid="georg@yax.im" name="Georg" subscription="none"/></query> <error code="500" type="wait"><internal-server-error xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error> </iq>

  121. Ge0rG

    Guus: you might also want to fix that: wait/internal-server-error is definitively the wrong response

  122. Guus


  123. Guus

    this is just "omgwedidntanticipatethis"

  124. Guus

    oh, there's actually an attempt in the code to cause an 'unauthorized'

  125. Guus

    but that doesn't get processed properly

  126. Ge0rG

    here's another one!

  127. Ge0rG

    SENT: <presence to='openfire@conference.igniterealtime.org/Ge0rG' id='1dfTY-94' type='unavailable'></presence> RECV: <presence to="1qr03gr14@igniterealtime.org/1qr03gr14" id="1dfTY-94" type="error" from="openfire@conference.igniterealtime.org/Ge0rG"><error code="400" type="wait"><unexpected-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></presence>

  128. Guus

    getting a roster in an anonymous session, would 'not-authorized' be a suitable response?

  129. Guus

    technically, SASL happened...

  130. Guus

    not-allowed is documented to apply to _any entity_

  131. Guus


  132. Guus


  133. Ge0rG

    problems found in yaxim: 2 problems found in openfire: 3(?)

  134. Guus

    One down: https://github.com/igniterealtime/Openfire/pull/1472

  135. Ge0rG

    I still can't join the MUC, but it seems to be a yaxim bug

  136. Guus

    openfire@ is a private muc, I think. Try open_chat

  137. Neustradamus

    Guus: Smack has SCRAM-SHA-1 and SCRAM-SHA-1-PLUS? https://issues.igniterealtime.org/browse/SMACK-749

  138. Ge0rG

    Guus: if it's a private MUC, why did I get one message from it?

  139. Neustradamus

    Ignite Realtime products are not in the good category? -> https://github.com/scram-xmpp/info/issues/1

  140. Guus

    Neustradamus I would appreciate it if you stop following me around with the same question.

  141. Guus

    Ge0rG I'm unsure if it's private, or simply unlisted, or something else - it's not the regular room that I thought you ment to use, which would be open_chat

  142. Neustradamus

    I do a search and I have found: https://discourse.igniterealtime.org/t/saslerror-using-scram-sha-1-malformed-request/73391 and the ticket

  143. Ge0rG

    Guus: it was listed in disco#items

  144. Ge0rG

    Guus: looks like the room isn't sending a subject.

  145. Ge0rG

    Guus: https://xmpp.org/extensions/xep-0045.html#order

  146. Guus

    Ge0rG any pointers to the proper handling of undeliverable presence stanzas?

  147. Guus

    Openfire is dropping all of them silently

  148. Ge0rG

    Guus: send back... a presence error!

  149. Guus

    probably not always

  150. Ge0rG

    not on unavailable, I'd assume

  151. Ge0rG

    I'm not an expert in that field, sorry

  152. Guus

    Quickly scanning the RFC gives me more than that'd be a quick fix

  153. Ge0rG

    > After the room has optionally sent the discussion history to the new occupant, it SHALL send the current room subject. On some days, I hate XEP-0045

  154. Kev

    We'd bounce a stanza when it can't be delivered unless it's type=error or type=result.

  155. Ge0rG

    Wait, SHALL is a synonym to MUST. That makes my hate disappear.

  156. Ge0rG

    Guus: look, you are violating XEP-0045 there :D

  157. Ge0rG

    Kev: why don't you bounce type=result?

  158. Zash

    Relatedly, what do you do if you recieve a malformed error stanza?

  159. Kev

    Because you never reply to a result?

  160. Zash

    Yell "garbage in, garbage out!" and deliver it?

  161. Ge0rG

    Zash: define "malformed"

  162. Zash

    Actually, the issue I'm thinking of is with a malformed iq-reply, a disco#info response where all the <features> went into the top level stanza and the actual <{disco#info>query> payload is missing.

  163. Zash

    Thus, having more than 2 direct child tags, which is forbidden

  164. Zash

    Actually, type=reply can't have more than 1, but still

  165. lovetox

    Ge0rG, if you just discovered that, and now implement that you are only really joined if you receive the subject

  166. lovetox

    prepare for older ejabberd server that dont send empty subjects :)

  167. lovetox

    and in fact prosody didnt do this also once

  168. lovetox

    if you want to test old ejabberds jabber.ru is a good testing ground :)

  169. Ge0rG

    lovetox: I remember those issues, yeah. How do you "complete" a join then? On self-presence?

  170. Ge0rG

    Are there still servers that don't add 110?

  171. lovetox

    no a join is complete if you receive a subject

  172. lovetox

    i put a timer, when i receive self presence

  173. lovetox

    means joins on not compliant servers need longer, but not really my problem, they can upgrade their software

  174. pep.

    yeah because then you can't distinguish between muc history and normal delayed messages

  175. lovetox

    correctly !

  176. lovetox

    correct !

  177. lovetox

    and this is for another reason important

  178. lovetox

    servers dont validate delay timestamps on groupchat messages

  179. lovetox

    and if i receive a message with a timestamp by attr = muc jid that means i respect that timestamp as the true timestamp

  180. lovetox

    if i receive a message with a timestamp not set by the server, i save both timestamps, the one i received and one that is potentially set by a user

  181. lovetox

    and because servers dont validate the by attr in delay timestamps

  182. lovetox

    you cant just simply parse the by attr

  183. pep.

    Do you btw invert the trust model once you start seeing e2ee? :P

  184. lovetox

    you need the subject to determine if its a muc history message

  185. lovetox

    pep., what does that mean "invert the trust model"

  186. pep.

    Well here you rely on the server doing "the right thing" and users potentially being evil, from what I understand

  187. lovetox


  188. lovetox

    i dont see how that changes with e2e

  189. pep.

    In the e2ee world, people don't trust their server (otherwise there's little point)

  190. lovetox

    they trust the server with everything but keeping message content private

  191. pep.

    So in their view, I guess, the server would be the evil actor and they're be the ones to do the right thing

  192. pep.


  193. Guus

    > After the room has optionally sent the discussion history to the new occupant, it SHALL send the current room subject.

  194. Guus

    Ge0rG that doesn't say that a room MUST have a subject?

  195. pep.

    It can be empty

  196. lovetox

    yes Guus you should send a empty subject

  197. pep.

    But it must be

  198. Guus


  199. lovetox

    yes otherwise how do we differentiate between muc history and live messages?

  200. pep.

    <delay/> only happens in MUC history right? :P

  201. lovetox

    that you have in your implementation NULL for subject and consider this "not empty", i think is not really the point of the xep

  202. Zash

    Next up: Clients are technically allowed to send messages with subjects that are not the room subject, iff they also include a body.

  203. lovetox

    pep., delay happens when a client adds it

  204. pep.

    lovetox, that was a joke

  205. lovetox


  206. Ge0rG

    pep.: it was a very evil joke

  207. lovetox

    Zash, yeah also a good point, Gajim should interpret this correctly :)

  208. pep.

    Ge0rG, I guess that's what the XEP authors thought?

  209. pep.

    Or predicted, rather

  210. Ge0rG

    somebody remind me to send a PR to fix that place of the XEP

  211. pep.

    Ge0rG, That's also how poezio works anyway.. Remember that obnoxious grey color?

  212. Zash


  213. pep.

    Zash, this.

  214. Zash


  215. pep.

    on poezio

  216. pep.


  217. Zash

    Never seen that before

  218. pep.

    This comes from the fact that <delay/> is only used in MUC history (right?). Also why poezio doesn't do highlights when <delay/> is present

  219. pep.


  220. pep.

    Have you never noticed people enabling mod_delay for no reason and poezio becoming unreadable?

  221. Zash


  222. Ge0rG

    it's dark magenta on black in my theme

  223. Ge0rG

    and it suppresses highlights, which is evil.

  224. pep.


  225. Ge0rG

    What I says seems largely redundant.

  226. pep.

    It is indeed (evil). https://cerdale.zash.se/upload/L3qjPKnmAFR5iyoR/not-grey.png if somebody wants to tackle the issue

  227. pep.


  228. pep.

    https://lab.louiz.org/poezio/poezio/issues/3142 this

  229. Ge0rG

    > Opened 3 years ago by ge0rg

  230. Ge0rG

    Everything old is new again.

  231. pep.

    What is dead may never die

  232. Guus

    third PR gone into Openfire. Tx Ge0rG

  233. Ge0rG

    Guus: thanks!

  234. Guus

    Don't thank me yet: these were shot from the hip.

  235. Ge0rG

    Guus: deploy to igniterealtime, see what happens

  236. Ge0rG

    friday afternoon is the best time for that

  237. Guus

    Yeah, maybe

  238. Guus

    I should get back to work first 🙂

  239. Daniel

    Is fasten going to be used for the full qoute / reference use case?

  240. pep.

    Daniel, might even be called "Attach" in the end! See standards@

  241. Ge0rG


  242. pep.

    And yes

  243. pep.

    Or is reference going to be used for mentions etc. still?

  244. Guus

    Are we intentionally sending out repeated newsletter tweets? It is starting to get annoying.

  245. Daniel

    can we get an example in the XEP (for quoteing a message)

  246. Daniel

    Guus, that annoys me to

  247. Daniel

    not that i wouldn’t know how. it's just that i want it explicit that this xep is meant for that

  248. Guus

    nyco are you triggering these? Maybe cut down on the frequency?

  249. Ge0rG

    Guus: the worst thing is that the tweets lack actual content

  250. Ge0rG

    they look like a badly trained AI. Sorry.

  251. Ge0rG

    or maybe an attempt at SEO

  252. Zash

    Like the rest of Twitter? </troll>

  253. Daniel

    so references and old attaching are going to be obsoleted?

  254. jonas’

    Daniel, I don’t think so

  255. jonas’

    AAUI, Kev intends to rebase/adapt References to Fastening

  256. jonas’

    or revamp it at least

  257. jonas’

    Fastening and References serve different use-cases

  258. Kev

    References gets updated to use fastening once fastening's published, and the idea is that old attaching goes away, yes.

  259. Daniel

    and isn’t quoting referse fasting? if you consider the MAM playout you want the original message with the quote and not the quotes for the original message

  260. Daniel

    or maybe you want the later

  261. Daniel

    or maybe both

  262. jonas’

    Kev, humm, isn’t fastening supposed to be 1:N, i.e. a message can be fastened to at most one other message, but a message can have multiple messages fastened to it?

  263. jonas’

    how would that work with multiple mentions, for example?

  264. Ge0rG

    fasten your references!

  265. Daniel

    fwiw it is completely not obvious from reading the current XEP that this can (even remotely) be used for quoteing

  266. Daniel

    > that adds additional information to the context of a previous message. i'm really not sure that quoteing falls under that category

  267. ralphm

    jonas’: yes 1:N

  268. ralphm

    I don't think that quoting is a good use case for this. You might use references instead.

  269. ralphm

    I'll try to 'complete' my blog post with many examples this weekend.

  270. ralphm

    Including renderings

  271. ralphm

    (of fasten, references, and combinations thereof)

  272. Daniel

    ok. i’ll just wait then. because right now i can’t picture any of this

  273. Ge0rG

    Guus, pep.: I've been really blind regarding the no-subject-set thing. It's actually right there, in your face, in Example 42: https://xmpp.org/extensions/xep-0045.html#example-42

  274. jonas’

    relevant: https://issues.prosody.im/1053

  275. Guus

    > Guus, pep.: I've been really blind regarding the no-subject-set thing. It's actually right there, in your face, in Example 42: https://xmpp.org/extensions/xep-0045.html#example-42 I've seen that. I think Daryl just merged my PR that adds that.

  276. Zash

    While we're on the topic of Openfire bugs here, what's up with sending `</stream:stream>` unencrypted at the end of TLS connections?

  277. Guus


  278. Guus

    I fixed that earlier this week

  279. Guus

    At least during dialback

  280. Zash

    Heh, that explains why I just saw that just now.

  281. Guus

    Should not happen anymore on IgniteRealtime.org, if you care to test

  282. Zash

    Gotta be properly capitalized too? :)

  283. Guus

    No, that's autocorrect on my phone

  284. Guus

    > Heh, that explains why I just saw that just now. The problem has always been there, the fix is recent.

  285. Guus

    If you only saw a problem recently, then my fix made things unexpectedly worse...

  286. Zash

    I think I've pointed it out in the past

  287. Guus


  288. Guus

    Fyi, my current status:

  289. Zash

    Looks fixed indeed, normal "closed" message

  290. Guus


  291. Zash

    Good idea!

  292. Guus

    > Looks fixed indeed, normal "closed" message Good, tx

  293. Guus

    One of the benefits of having kids: making pancakes and pretending you do _them_ a favour.

  294. Zash

    Level 2: Teaching them to make pancakes

  295. Guus

    That's a trap

  296. Guus

    You'll have to clean up during the time that they are in training, but suck at flipping pancakes by throwing them in the air.

  297. Zash

    Cast iron.

  298. Guus


  299. Guus

    It is