XSF Discussion - 2020-03-28


  1. emus

    For the Berlin Sprint I created a little open-mind question. As it is made online now, everyone can particiate. Feel free to state your visions on XMPP for the next years: https://yourpart.eu/p/xmpp-2020-berlin

  2. emus

    > por que todos hablan español? No español todo, just making fun

  3. MattJ

    Daniel, would it be terrible if XEP-0333 said (along the lines of) "In a MUC, use ids in this order of preference: stanza-id, origin-id, @id." ?

  4. MattJ

    I'd like a world where the MUC itself is able to track read status of users, and I can achieve that today while only aiming for compat with Converse.js (which doesn't use origin-id in markers)

  5. MattJ

    But then it loses compat with Conversations

  6. Daniel

    MattJ: yeah I guess that be OK

  7. MattJ

    Not sure how best to keep backwards-compatibility, but I'll have a think about it all

  8. MattJ

    I really think we need an informational XEP on IDs in general anyway

  9. Daniel

    having an either-or situtation is also bad on the parsing end

  10. MattJ

    I just realised markers in MUC aren't at all specified anyway

  11. Ge0rG

    MattJ: we need to introduce a new unified ID that removes all the drawbacks of pre-existing ID schemes

  12. MattJ

    Good idea

  13. Ge0rG

    It shall be called "message ID"

  14. MattJ

    Perfect

  15. MattJ

    Can it also be used on presence?

  16. lovetox

    MattJ, so you plan that a client references a stanza-id in its read marker?

  17. MattJ

    In a MUC, yes

  18. lovetox

    ok and the message-id is bad why?

  19. MattJ

    You mean the id attribute?

  20. lovetox

    yes, not Ge0rG new thing :d

  21. MattJ

    ;)

  22. MattJ

    Because it is optional, and not guaranteed to be unique

  23. MattJ

    If two users send id='foo' and both add <markable/> nobody can know what <received id='foo'/> means

  24. lovetox

    hm indeed

  25. Ge0rG

    MattJ [15:16]: > Can it also be used on presence? Yes, but the name shall remain the same.

  26. lovetox

    why not just adding a new MUC feature that lets the MUC add the message-id?

  27. pep.

    MattJ, tbh others are just as optional. You need to implement the XEPs :)

  28. lovetox

    and sidestep all the problems

  29. MattJ

    It can do that now, if it wants (if it doesn't advertise muc#stable-id)

  30. MattJ

    Conversations bypasses this by using origin-id instead

  31. MattJ

    Now the MUC /could/ rewrite the origin-id, but that would be very bad :)

  32. lovetox

    hm MattJ stable-id does only mean the MUC has to reflect the user chosen id

  33. lovetox

    exactly the opposite of what we want

  34. MattJ

    Oh, but you mean it might send a different id to other occupants? Right

  35. MattJ

    I think everything is simpler if we just say stanza-id should be used

  36. lovetox

    yes and just disable markers if MAM is not activated

  37. MattJ

    Works for me :)

  38. lovetox

    or fall back to message-id

  39. lovetox

    i already save message-id and stanza-id

  40. lovetox

    i somehow beeing reluctant to add a third database field for origin-id

  41. lovetox

    every client that uses origin-id should set the message-id accordingly

  42. MattJ

    I agree (though the XEP still doesn't say that :( )

  43. lovetox

    yeah but thats not a big problem, really thats a nice to have thing a read marker

  44. lovetox

    if it does not work perfectly because there are malicious clients in some MUCs

  45. lovetox

    i dont really care ..

  46. Maranda

    🤔

  47. Neustradamus

    When there are S2S TLS problems, and when an user@xmpp.tld try to join a mucroom@conference.xmpp.tld, it is not possible and the XMPP client has not an error. Can you add new informations to inform XMPP client?

  48. rion

    Neustradamus: of course we can, but how do you think it should work?

  49. Neustradamus

    When there are S2S TLS problems, and when an user@xmpp1.tld try to join a mucroom@conference.xmpp2.tld, it is not possible and the XMPP client has not an error. Can you add new informations to inform XMPP client?

  50. rion

    oh I thought it's Psi channel, but the question is anyway valid :)

  51. Neustradamus

    I have created: https://github.com/xsf/xeps/issues/916 Note: https://github.com/xsf/rfcs/issues not updated since several years.

  52. Ge0rG

    Neustradamus: the server on xmpp1.tld will create a presence error response to the user

  53. Neustradamus

    Ge0rG: For example an user@jabber.org -> muc@muc.xmpp.org The log on muc.xmpp.org: - User has joined - User has left Client has not error and the client always tries but it has already failed.

  54. vanitasvitae

    > The log on muc.xmpp.org: > - User has joined > - User has left I'd assume that this means that there are no real s2s issues?

  55. vanitasvitae

    I mean, apparently the users server can reach the muc service

  56. MattJ

    Probably it means the s2s is one way

  57. vanitasvitae

    ah that may be

  58. MattJ

    So server1 sees no issue, server2 is unable to send an error back to the user because it can't establish a connection

  59. vanitasvitae

    Right

  60. vanitasvitae

    So server1 should probably return some timeout error to the client?

  61. MattJ

    server1 is not performing any operation, the connection server1->server2 succeeds

  62. MattJ

    at the MUC level, the client could implement a timeout

  63. vanitasvitae

    #MIXWhen?

  64. MattJ

    :)

  65. Ge0rG

    MattJ: shouldn't server2 close the incoming connection when dialback fails?

  66. MattJ

    MIX doesn't solve this

  67. MattJ

    Ge0rG, there is no dialback, auth happened via TLS

  68. jonas’

    MIX has its own share of fun failure modes when s2s fails :)

  69. Daniel

    #198s2sWhen?

  70. Ge0rG

    jonas’: it also has all the previously existing failure modes

  71. Ge0rG

    MattJ: so we can't do anything against asymmetric s2s?

  72. pep.

    does 198s2s even help with this? it's not like server2->server1 was even a thing to start with

  73. pep.

    Daniel, I'd say bidi rather

  74. Zash

    https://xmpp.org/extensions/xep-0288.xml !

  75. MattJ

    server2 could only accept the connection if it can make a return one

  76. MattJ

    Some people think bidi is the solution

  77. MattJ

    bidi just makes it worse IMHO

  78. MattJ

    It just moves the failure to some other point in time

  79. jonas’

    MattJ, accept as in accept(2)?

  80. jonas’

    MattJ, bidi would make the failure more discoverable though

  81. pep.

    I'd say possibly less(?)

  82. MattJ

    jonas’, no, it would make a return connection before informing the incoming stream that it is authenticated

  83. jonas’

    either it succeeds (server1->server2) or it fails (server2->server1). There’s no half-open state anymore.

  84. Zash

    With bidi you either get a working connection or not. No half-failuers.

  85. MattJ

    jonas’, it makes it less discoverable

  86. pep.

    No half failures, but then you're not seeing server2->server1 fails

  87. MattJ

    In this case, let's assume you have bidi. Joining the MUC will work!

  88. jonas’

    pep., the sender of stanzas from server2 sees it though

  89. MattJ

    and then later when the s2s connection closes for whatever reason, it fails

  90. pep.

    jonas’, assuming they initiate the connection

  91. jonas’

    pep., if they don’t, there’s nothing which gets lost.

  92. jonas’

    MattJ, sure, you drop out of the room. That’s discoverable.

  93. pep.

    Sure, but I get why MattJ is saying "moves the failure to a later time"

  94. MattJ

    My preference would be not being able to join the room with a broken setup

  95. pep.

    I do think no half-failures is better

  96. jonas’

    BIDI provides a *consistent* view across the system at any point in time, which I think is valuable.

  97. MattJ

    Instead of pretending it's not broken

  98. Zash

    MattJ, you know what gets you that? Dialback.

  99. MattJ

    I will not be convinced that "It fails when I send messages to you, unless you sent a message to me first within the past N minutes" is a world I want to live in

  100. jonas’

    MattJ, I slightly prefer that world over "I can send messages to you always, but you can’t send messages to me at all"

  101. MattJ

    But that one is so simple

  102. MattJ

    You can send messages out? Ok, outgoing connections work

  103. MattJ

    You can't receive messages in? Ok, your firewall or DNS or cert is messed up

  104. MattJ

    With bidi, how do you even debug that?

  105. MattJ

    Without a hack to disable bidi on the server for testing

  106. Zash

    By looking at your server logs?

  107. MattJ

    Yeah, that's not the world I want to live in (telling people to look at server logs)

  108. MattJ

    But I think you miss my point

  109. MattJ

    If bidi is enabled, I test outgoing, and there is no way to test incoming without force-closing the outgoing connection

  110. MattJ

    It will just appear like it works anyway

  111. MattJ

    Until later, when it randomly doesn't (but you won't know, because by then nobody will be able to contact you)

  112. Zash

    Well. Trade-offs be that.

  113. Zash

    Thing that could be done.. relax the requirement for error replies to be sent on a stream in the proper direction.

  114. Zash

    Hm, but that doesn't fix MUC

  115. Zash

    Tool that tests your DNS and connectivity from the outside and gives you a green checkmark?

  116. jonas’

    like xmpp.net?

  117. jonas’

    how useful would it be if there was a public HTTP API endpoint which would try to establish an S2S connection to a given domain and report the results?

  118. jonas’

    more of a "yes/no" type result, not full cipherlist

  119. Zash

    So useful I almost made this already :)

  120. jonas’

    what if I told you all I need to do is open a port in my firewall?

  121. Zash

    Hm, I did have a thing like this but it was hooked up to a DANE-only server for testing your DANE validation stuff.

  122. jonas’

    `curl io.sotecware.net:9604/probe\?module=s2s_normal\&target=xmpp:muc.xmpp.org`

  123. jonas’

    (now with IPv6)

  124. Zash

    Hol up what

  125. Zash

    > Secure s2sin_unauthed connection from blackbox@zash.se to zash.se failed.

  126. jonas’

    that sounds wrong

  127. jonas’

    but my prober agrees

  128. Zash

    Verily

  129. Zash

    I'm surprised Prosody don't reject the @ in the stream.

  130. jonas’

    so I take it that I should spin up a second instance of this and expose it to the world?

  131. jonas’

    maybe behind a reverse proxy on the search.jabber.network domain

  132. !XSF_Martin

    jonas’: What's this good for? Checking if the MUC component is reachable by muclumbus?

  133. jonas’

    !XSF_Martin, I could see integration in tools like `prosodyctl check`

  134. !XSF_Martin

    Hmm, but not every prosody instance will have the MUC component reachable from external I guess.

  135. jonas’

    !XSF_Martin, in that case, don’t probe the MUC component but something else ;)

  136. jonas’

    !XSF_Martin, it’s not specfic to MUC at all

  137. !XSF_Martin

    Yeah, but would prosodyctl know if you have SRV records for you MUC component?

  138. jonas’

    yes, it already checks that

  139. jonas’

    (IIRC)

  140. !XSF_Martin

    Ok

  141. Zash

    `prosodyctl check dns` already checks everything, but it naturally can't test that it really works from the outside

  142. jonas’

    the tool is also 100% unrelated to search.jabber.network

  143. Zash

    probe.jabber.network? poke.?

  144. !XSF_Martin

    Hmm, chat.mdosch.de is probably cached because it's listed at s.j.o but holy crap, connecting to mdosch.de takes ages

  145. jonas’

    Zash, bikeshedding!

  146. !XSF_Martin

    martin@schlepptop ~ % curl -6 io.sotecware.net:9604/probe\?module=s2s_normal\&target=xmpp:chat.mdosch.de # HELP probe_duration_seconds Returns how long the probe took to complete in seconds # TYPE probe_duration_seconds gauge probe_duration_seconds 0.527403685 # HELP probe_success Displays whether or not the probe was a success # TYPE probe_success gauge probe_success 0 martin@schlepptop ~ % curl -6 io.sotecware.net:9604/probe\?module=s2s_normal\&target=xmpp:mdosch.de # HELP probe_duration_seconds Returns how long the probe took to complete in seconds # TYPE probe_duration_seconds gauge probe_duration_seconds 4.191193315 # HELP probe_success Displays whether or not the probe was a success # TYPE probe_success gauge probe_success 0

  147. jonas’

    !XSF_Martin, it doesn’t cache anything

  148. jonas’

    it’s a fresh connection every time

  149. jonas’

    it’s, again, 100% unrelated to search.jabber.network

  150. jonas’

    (except that it runs on the same box)

  151. jonas’

    also, note that both probes fail

  152. Zash

    jonas’, how far does it go with the s2s?

  153. !XSF_Martin

    Ugh, I thought returning 0 is SUCCESS

  154. jonas’

    Zash, good question!

  155. jonas’

    Zash, I think it only does STARTTLS

  156. pep.

    !XSF_Martin, using integers as bools do this to you yeah :P

  157. Zash

    jonas’: But it doesn't provide a certificate, and also the wrong stream name.

  158. jonas’

    pep., floats, not integers

  159. pep.

    sure

  160. jonas’

    ;>

  161. !XSF_Martin

    >probe_duration_seconds 8.2175e-05

  162. Zash

    And why the heck does nameprep allow '@' ?

  163. jonas’

    Zash, no, it doesn’t provide a certificate (it also doesn’t start authentication). Wrong stream name being?

  164. jonas’

    uh, was that blackbox@zash.se from me?

  165. Zash

    jonas’, blackbox@ name of thing you probe

  166. Zash

    jonas’: Yes

  167. jonas’

    uh

  168. jonas’

    how did that happen :)

  169. !XSF_Martin

    >Mar 28 19:43:09 s2sin5628b6007350 info Incoming s2s stream blackbox@chat.mdosch.de->chat.mdosch.de closed: Your server's certificate could not be validated

  170. !XSF_Martin

    Zash: jonas’: This? ^

  171. Zash

    That

  172. Zash

    jonas’, do you see stream errors? Prosody trunk should be sending nicer descriptions there :)

  173. jonas’

    hah: https://github.com/horazont/prometheus-xmpp-blackbox-exporter/blob/master/prober/dial.go#L82

  174. jonas’

    hm, so this is going to break now that dialback is going to be phased out?

  175. Zash

    That can't possibly have worked with dialback already

  176. jonas’

    I use it all the time

  177. jonas’

    also, the curl command I pasted earlier also returns with success

  178. Zash

    Because it gets past the TLS and then you simply don't authenticate?

  179. Zash

    Whereas my and !XSF_Martin's servers abort the connection at that stage for not having a valid certificate (none at all in this case)

  180. jonas’

    away for tonight

  181. !XSF_Martin

    We didn't target at scaring you away.

  182. !XSF_Martin

    But enjoy your evening jonas’. Bye. :)

  183. jonas’ contemplates whether to leave that port open

  184. Zash

    On a tangental topic, I set up something like badssl.com for xmpp: https://badxmpp.eu/

  185. pep.

    fancy

  186. !XSF_Martin

    The bulb should look bad, so let it wear a hoody!

  187. !XSF_Martin

    😃

  188. jonas’

    Zash, nice!

  189. Zash

    Sent a longer announcement to jdev@

  190. moparisthebest

    Zash: oooh been wanting to set up something like that for awhile, specifically to test various srv fallback behavior in both c2s and s2s

  191. moparisthebest

    Not the same but related I guess

  192. Zash

    moparisthebest: I want to expand weird SRV setups, just haven't gotten that far yet. If you want to help and/or suggest specific SRV setups that'd be cool.

  193. moparisthebest

    Zash: for starters, I've seen many give up if only the TCP connection succeeds, but something else is wrong, even if the certificate is wrong, that should still trigger fallback to the next record

  194. Zash

    Yeah. There's one thing already that's just pointed at a http port. A SRV setup with [ http, normal xmpp ] would be interesting.

  195. moparisthebest

    yep, or a xmpps-client with [ https, xmpps ] which is what happens in practice if something requires ALPN but the client doesn't send it, dino fails here

  196. moparisthebest

    I still have deep on my list to write a, maybe informational, xep with guidelines about when to continue SRV fallback and when to abort