XSF Discussion - 2021-05-24

Wait a second, I was told a single monolithic spec avoided this: > The Conduit Matrix server (although not yet feature complete) is about 100x lighter on CPU than the server that runs matrix.org. > The developer is now being funded to work on it full time. It's usable for private non-federated servers already (federation is not advised currently, because it is unearthing spec non-compliance issues in various other Matrix servers and clients), which have not yet been fixed.

Did you ever use xmpp.com? Searx lead me to https://www.xmpp.com/extensions/xep-0371.html but the cert is invalid.

are there any de facto standard ports for xmpps? Or just some common ones that you suggest?

The standard is 5222 for client and 5269 for server to server. These ports every server and client will try automatically. ✏

for xmpps

not xmpp

Ah, overread that.

np easy to miss

I think its not really standardized, but maybe someone will correct me. People use 5223. You just advertise it where you want.

so for i've only found one server with an xmpps record

Many have them

yeah 404.city has _xmpps-client on 5223

https://compliance.conversations.im/old/

Everyone that is green for srv for tls

looks like xmpp.jp has both xmpp and xmpps on 5269 for server. I wonder how they do that. Try a handshake and if it fails try a normal connection? Seems like a waste of time lol

thx for list

ah that might not be that bad tbh. Maybe i'll do that we'll see

i think you actually know if it's trying to be TLS or XML on the first byte even

Doesn't really matter, since non other server supports it

Direct TLS is for c2s

haha no

XMPP really good and safe

I like it

aTalk fdroid app hasnt got new aTalk version

I writed

I never heard of the aTalk App. Who is the dev behind it? ✏

https://github.com/cmeng-git/atalk-android

> https://github.com/cmeng-git/atalk-android How do I download it?

Usually you won't build it yourself but install it from Google Play or Fdroid.

> Usually you won't build it yourself but install it from Google Play or Fdroid. Fdroid doesn't have a new version

Fdroid has problems to build it, it seems nit easy to get it right with the dependencys

Hmm okay

qrpnxz, xep-368 direct tls is most valuable on port 443 due to crap firewalls, the most popular way servers multiplex is with sslh or nginx or something https://wiki.xmpp.org/web/Tech_pages/XEP-0368

agreed

I even suggest ignoring spec and hard-coding 443 as the fallback default for it , just don't tell certain people or they'll have a heart attack https://github.com/moparisthebest/xmpp-proxy/blob/master/src/srv.rs#L122

Depending on your socket and TLS library, you can check if the first byte is '<' or \27 (iirc) and decide plain/direct tls on that

checking for < is too risk, I would just check for w/e magic byte tls uses, and if it's not that then start trying to parse xml

qrpnxz, I check first 3 bytes to decide TLS or not https://github.com/moparisthebest/xmpp-proxy/blob/master/src/tls.rs#L145

it probably is fine to just check if the first is 0x16

moparisthebest: Good job. You crashed my Dino 🙁

Some byte followed by two bytes representing the SSL version

moparisthebest, 0x16 is already not valid xml, so i'd try tls just based on that

yes, I'll probably change it

and not that i'm super against checking a couple more bytes, but in Go it's gonna be trivial to unread one byte, but not anymore than that.

in rust idk

lol thx for putting the rfc and section in the comments, i've been doing that as well xD

yea if you scroll up a bit you'll see that I discovered it's almost impossible to read > 1 in rust too, and I resorted to hacks, and lamented that I should probably only check 0x16 only :P

I'm assuming you're using bufio in which case it's trivial to do either

but 1 byte is good enough either way

bufio can only unread one byte

ah but you can peek more than that

https://pkg.go.dev/bufio#Reader.Peek

lol

be carefuly though, looks similar to rust's API and it'll let you just spin forever waiting for 3 bytes that'll never come

no worries i'm using timeouts

but thx

yah, the read will indeed spin, but if you haven't set timeouts that's a problem either way

you could also not have xmpp and xmpps on the same port then you don't have to this check :)

it'd be interesting to have both a webpage and xmpp server on the same port tho. I don't know how HTTP/2 requests start however

ALPN?

alpn gives away it's xmpp

I thought we had arrived in the promised land of encrypted handshakes?

best not to use HTTP/2 actually. ``` implementations that support HTTP/2 over TLS MUST use protocol negotiation in TLS [TLS-ALPN]. ``` And if ALPN is used, XEP-0368 says to set it for xmpp.

so you'd wanna do http 1.1, check that request looks like an http request or not, if it doesn't you start parsing xml.

first 3-4 bytes should suffice for the request method

Uppercase ASCII letter

IIRC

i'll check but probably

Prosodys mod_net_multiplex does ^[A-Z] → http for example.

> so you'd wanna do http 1.1, check that request looks like an http request or not, if it doesn't you start parsing xml. After decades of developing Internet technology, we ended up with pure elegance.

😁️

Isn’t checking for < sufficient to know it’s XML?

Honestly doing [GHPDCOT] on the first byte should be good enough

Whether you preamble or not, that’ll be the first char.

Kev, no because it doesn't have to start like that

it could start with whitespace

We allow that?

i can recheck

HTCPCP?

but afaik yes

I had in my head that we didn’t, for some reason.

yeah i don't see any such restriction, but if you find it let me know

Whitespace before `<?xml?>` is forbidden, I think. Expat rejects it at least.

ik other parser don't but that you SHOULD put it at the start for file type detection

Seems to be just fine with whitespace before `<stream:stream ...` tho

The multiplex thing checks for a bunch more anyways

oh that's nice, XML 1.1 actually requires the xml decl. XML 1.0 only recommends it

XMPP is XML 1.0 tho

qrpnxz: don't forget SNI which you can abuse too, all of my TLS services work over port 443 using sslh

SNI?

Personally it feels extremely redundant, since XMPP is always XML and UTF-8 and I think everything else you can say with <?xml?> is forbidden

xmpp might not always use xml 1.0

Server Name Indication, what the HTTP world invented instead of telling which host (and thus cert) is expected prior to TLS.

it will because almost no one implements 1.1 and at this point no one ever will

qrpnxz, like imap.example.org goes to dovecot and smtp.example.org goes to postfix etc etc

i plan to, it's not that different either, just adds internationalization stuff

and there is no negotiation for xml 1.1 meaning... it'll never happen

Wouldn't the "modern" way be to add some ALPN XMPP 2.0 thing then? (not serious, but if it happens it'll probably turn out something like that)

Negotiation would be "what decl does the client send?" no?

not that it matters, just cirious

curious too

sure, but then what, you've got client1 <-> server1 <-> server2 <-> client2 and each of those 3 links can be XML 1.0 or 1.1 now ? do the servers automagically convert or... what's the advantage

hmm, actually xml 1.1 is not just internalization. Looking at the grammar to answer the whitespace question, it actually cleans up some other crap in the standard. Btw, if there is an xmldecl, it indeed has to be the very first thing in the document. If we were using xml 1.1 which requires the xmldecl, that means that you would indeed reliable detect an xml document.

i guess you could check for `<?xml ` then sometimes you'd know for sure if it's XML, but not always.

> I think everything else you can say with <?xml?> is forbidden Zash, you're also allowed to say `standalone="yes"` :)

What sense does that make in XMPP?

it must be a standalone document for xmpp, so you aren't allowed to say `standalone="no"`

So what's the point?

Explicit > implicit?

just informing you there's one more thing that's not forbidden :)

My point is that there's a bunch of things you can say where you only have one choice, where saying nothing means the same thing.

Which makes it feel like a waste of bytes.

ah yeah i wouldn't bother sending encoding or standalone attributes

i'd send xmldecl to help detection tho

> mdosch wrote: > https://github.com/cmeng-git/atalk-android is it better than conversation/blabber?

better meaning: "to have more features" ✏

Try it and compare?

old version on fdroid

I found the XMPP tunnel

https://theta.eu.org/xmpp/upload/GQEMe1jq_9IuZ66Q/cStIxtEhQbyjL98TA7nudg.jpg

Test

Good

If I add myself, I'll have a notebook.

Right?

No one can see

your server admin, unless you encrypt

Gajim does not allow me to add myself to my own roster. Or the Server does not allow this.

eevvoor, if you have 2+ devices online, gajim shows your own contact (but that's buggy at the moment). 1.4 will have this more prominent

Forbidden by some specification or something

Or was it hysterical raisins?

wurstsalat, it does work for me without bugs. I meant the exact same jid does not work. ;-) ✏

You're already implicitly subscribed to your own presence tho

yeay but şişio‎ asked for "writing" to yourself, not mere presence ✏

Don't need presence or roster entry to write to anyone, especially not yourself

> moparisthebest wrote: > your server admin, unless you encrypt How? I dont understand

omemo, pgp etc

I send myself messages all the time

If I encrypt it, no one can see it, so there'll be a notebook.

> I wrote: > If I encrypt it, no one can see it, so there'll be a notebook. Right?

yes şişio‎

I can't get old messages in new session on Xmpp

Test

that is normal şişio‎.

Only new messages will be received.