-
şişio
XMPP>Matrix
-
deuill
Matrix *does* have a stronger product apparatus though, which I guess is what people mean when they say that XMPP is "almost dead".
-
Zash
Indeed, our hype machine is severely underfunded.
-
jonas’
which hype machine
-
şişio
Xmpp is still alive everything is active
-
şişio
Only Matrix is new
-
şişio
Both of them safe but ı prefer XMPP
-
şişio
Why dead?
-
şişio
What is a product apparatus
-
şişio
User?
-
Zash
Marketing department.
-
şişio
This is true
-
şişio
But still Matrix hasn't got tor option
-
Zash
Why not?
-
Sam
I'm glad that's useful for you, but most people don't need/want a Tor option, so it doesn't help XMPP much.
-
Sam
From a user perspective I don't think we really have any great feature that makes us look better than Matrix, unfortunately.
-
Zash
I don't see why Tor would not work with either.
-
şişio
> Sam wrote: > I'm glad that's useful for you, but most people don't need/want a Tor option, so it doesn't help XMPP much. I need a tor. condition
-
moparisthebest
"working servers" isn't a great feature that looks better than Matrix ?
-
Sam
Yes, but most people don't. It might attract a small number of people, but not enough to keep the network alive.
-
şişio
> Zash wrote: > I don't see why Tor would not work with either. Sometimes I have to turn off the tor
-
Sam
moparisthebest: no. the users don't know or care about the differences. Only devs do.
-
Zash
Sam: Resource efficiency is one thing we seem to be winning at.
-
moparisthebest
users usually care if the server is down/working or not
-
deuill
Anecdotally, I✎ -
Sam
Sure, but they do a good enough job keeping it up. Alternatively: tons of tiny servers run by individuals who don't have backups and what not also go down even if they use lower resources.
-
Zash
If the "instant" part of Instant Messaging ever becomes hip again, we'll have a slight edge there too.
-
Sam
I don't disagree with you, but I don't think a marketing pitch that says "our servers are slimmer!" Is goingn to be very effective.
-
moparisthebest
how about "our stuff actually works"
-
deuill
Anecdotally, I've been told by at least one person that use Conversations or Siskin isn't as good as Viber/Facebook Messenger/etc. because it doesn't have stickers/GIFs. ✏
-
Sam
From a users perspective matrix works great.
-
Zash
Sam: I'm basing this on observed fediverse chatter.
-
Sam
Zash: then you've already selected a tiny subset of people that mostly don't represent the broader internet.
-
Sam
Again, not disagreeing with any of this, it's jut not something we can market. deuill is more on the right track.
-
deuill
So I'll agree with Sam's perspective that people are at the very least willing to put up with at least some jank if the features are there.
-
Zash
I almost typed out that it was probably biased. There'll be bias anywhere you go tho.
-
mdosch
> From a users perspective matrix works great. From a user perspective I found their client slow and laggy, on mobile it also devoured my battery. Also those annoying (cross signing?) pop ups. When I wanted to join a fosem talk, I wanted to join that talk and not click away a lot of pop ups first.
-
Zash
deuill, true.
-
deuill
I mean the IETF discussion isn't about stickers or GIFs, obviously, but maybe it is about having a cohesive product?
-
Zash
Users don't care about protocol. As MattJ wrote in some presentation way back, users care about cat pictures and talking to their friends.
-
mdosch
I still don't get why their clients get so much praise. I like conversations, gajim, dino and profanity a lot more.
-
şişio
XMPP is not dead!
-
Zash
IETF needs something to support their protocol development work, for meetings etc.
-
deuill
"It's just resting:✎ -
deuill
"It's just resting" ✏
-
deuill
I jest I jest
-
Zash
As long as someone is running some XMPP software, it's not dead.
-
DebXWoody
we are also developing software :-)
-
moparisthebest
gah I saw the perfect meme representing this on the fediverse months ago but can't find it
-
moparisthebest
it was like this one https://i.kym-cdn.com/entries/icons/original/000/033/984/cover4.jpg but top was "matrix sucks" and the crying guy saying how it was so great etc, then bottom said "xmpp sucks" and an xmpp user saying "I know"
-
Zash
I too remember seeing this.
-
emus
> Zash escribió: > Indeed, our hype machine is severely underfunded. Yes, I should start more hyping
-
şişio
You need money?
-
şişio
Or XSF
-
şişio
Matrix and XMPP serve the same role
-
şişio
That's the future of XMPP, but Matrix more
-
wgreenhouse
şişio: re Matrix + Tor, I don't think that's a real problem; element is a web app and runs fine in tor browser
-
wgreenhouse
whether they can _federate_ over tor idk
-
şişio
> wgreenhouse wrote: > şişio: re Matrix + Tor, I don't think that's a real problem; element is a web app and runs fine in tor browser > whether they can _federate_ over tor idk Mobile?
-
wgreenhouse
şişio: yes, element in mobile tor browser works fine
-
wgreenhouse
also orbotting their official app which is just a webview anyway
-
şişio
It's a little impractical.
-
wgreenhouse
şişio: sure, but in principle works. it's not an issue of the protocol not working over tor. "protocols not products" ;)
-
wgreenhouse
I consider xmpp more privacy-preserving, but it's untrue to say matrix can't be used with tor
-
şişio
😀😀
-
şişio
Switching between data, mobile and wifi. Sometimes it doesn't work. therefore
-
şişio
But we know both of them safe messenger
-
Link Mauve
qrpnxz, I have friends who defintely use a domain which starts with a digit, and it’s been working fine forever, so your parser should be fixed for real-world use-cases even if some interpretations of some RFCs might lead to you disallow it.
-
qrpnxz
bro that convo is ages ago and we already concluded that
-
şişio
> qrpnxz wrote: > bro that convo is ages ago and we already concluded that What is the result
-
Link Mauve
I’m still backlogging.
-
qrpnxz
literally weeks ago not looking to rehash it, but yes numbers are ok: 404.city, 4chan.org, 2ch, 8chan, 37signals.com, etc.
-
Zash
42elks
-
Zash
And thank glob the .42 TLD doesn't exist.
-
qrpnxz
y'know, google actually has TLD `google`, but it doesn't route straight to google.com. I wonder if that's actually impossible to do or what.
-
jonas’
A/AAAA records on TLDs are … frowned upon
-
jonas’
as are MX records
-
jonas’
the `io.` TLD once had some
-
Zash
Also frowned upon, answering `192.0.2.123. IN A` queries, like my previous ISP used to do.
-
moparisthebest
so frowned upon dnsmasq has an option to transform those back to NXDOMAIN
-
deuill
Anything you think can't happen in DNS has already happened
-
qrpnxz
xd
-
deuill
NS that does horizontal referral to itself, paths that don't resolve based on which of the many NS you end up going through, and more.
-
mathieui
Zash: you mean the .42 tld died rather
-
Zash
The .42 tld is not real, it can't hurt you
-
moparisthebest
wait that was an actual TLD ? yikes
-
qrpnxz
no harm
-
moparisthebest
seems super harmful, is 192.168.1.42 an IPv4 or a domain name :)
-
jonas’
moparisthebest, easy, IPv4. a domain name would have a trailing dot :-X
-
Zash
There's some words in an RFC somewhere, hold on
-
qrpnxz
moparisthebest, oh right yeah xd
-
Zash
> `domainpart = IP-literal / IPv4address / ifqdn` > the "IPv4address" and "IP-literal" rules are defined in RFCs 3986 and 6874, > respectively, and the first-match-wins (a.k.a. "greedy") algorithm described > in Appendix B of RFC 3986 applies to the matching process
-
qrpnxz
even for hostnames this is the case, so that would indeed be read as an ipv4
-
qrpnxz
and again no harm except to the fool who made it
-
Zash
I would like to hope that this means "if it looks like an IP address then it is an IP address"
-
qrpnxz
i assert so
-
qrpnxz
and as jonas said if they wanted it to be interpreted as a domain name they would need a trailing dot. Though that would not be able to be used as a jid, which wants that dot stripped.
-
Zash
Let's just not go there, stop anyone from registering {0..255}. as a TLD and then live happily ever after.
-
qrpnxz
unless "enforcements" means to just strip it yourself, not always to reject it
-
qrpnxz
then you could use it
-
jonas’
good thing that IPv6 uses colons
-
moparisthebest
is 192.168.1.0x7F an IP address
-
jonas’
moparisthebest, SHUSH
-
Zash
jonas’, and is enclosed in []
-
jonas’
Zash, sometimes
-
jonas’
(in XMPP, yes)✎ -
qrpnxz
no way
-
moparisthebest
I swear I just read a vulnerability regarding hex and octal in ip addresses...
-
jonas’
(in XMPP always) ✏
-
jonas’
moparisthebest, also fun is e.g. `10.1` as IPv4
-
jonas’
or `10.257`
-
qrpnxz
which side is implied
-
jonas’
or just `2130706433`
-
qrpnxz
are you getting this from rfc 3986
-
jonas’
I’m getting this from reality, no idea if that’s in any standard
-
jonas’
$ ping -c1 2130706433 PING 2130706433 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.073 ms
-
qrpnxz
idk wym by reality
-
jonas’
see above ^ :)
-
Zash
https://daniel.haxx.se/blog/2021/04/19/curl-those-funny-ipv4-addresses/
-
qrpnxz
just because ping accepts it doesn't make it a valid serialization of an ipv4 addr
-
jonas’
qrpnxz, I never said it was, I said reality, not standard or validity :)
-
moparisthebest
qrpnxz, welcome to the internet where if enough tools accept it as valid, it's valid, regardless of what RFCs say
-
qrpnxz
yeah but that's not helpful, i'm also talking about reality, but reality of a specific thing
-
Zash
moparisthebest, which makes it scary that curl now supports it...
-
jonas’
you’re talking about the theory of a standard, which unfortunately rarely matches the reality :)
-
jonas’
the difference is real and needs to be acknowledged when writing software :)
-
moparisthebest
ah there we go, that curl blog post has all the links to the vulnerabilities I mentioned, nice!
-
qrpnxz
the case that many tools accept something is not the case that all compliant tools must accept something, which is the only thing i'm interested in
-
Zash
Prosody (release versions) will not federate with bare IP addresses and we haven't had all that much complaints about it, so you can certainly get away with _only_ supporting domain names.
-
jonas’
I (aioxmpp client library dev) had a bunch of folks wanting to talk to IP addresses and it makes for all kinds of trouble
-
jonas’
so that’s the flipside of that reality coin
-
moparisthebest
qrpnxz, unless of course you want interop with any of those other tools
-
qrpnxz
i have no problem federating with ip addresses so long they have a certificate or even as a special case you can give them credentials
-
qrpnxz
moparisthebest, all the tools give you ip addresses in the correct form.
-
moparisthebest
a recent example is I was sending a perfectly valid stream header and ejabberd wouldn't accept it
-
moparisthebest
now you could wave your fist at the air and refuse to federate with any ejabberd in the wild
-
moparisthebest
.... or send the stream header they expect
-
qrpnxz
stick it to them
-
jonas’
reminds me of this: Jun 01 13:05:05 s2sin55562e999090 debug Received invalid XML (parser error: not-well-formed: unexpected '<?xml' token in text node (expected one of: Text, '<', '</')) 532 bytes: "<?xml version=\'1.0\'?><stream:stream xml:lang=\'en\' to=\'dreckshal.de\' xmlns:db=\'jabber:server:dialback\' version=\'1.0\' xmlns=\'jabber:server\' from=\'search.chinwag.im\' xmlns:stream=\'http://etherx.jabber.org/streams\'><?xml version=\'1.0\'?><stream:stream xml:lang=\'en\' to=\'dreckshal.de\' xmlns:db=\'jabber:serv"
-
Zash
Outch, owie, my eyes
-
qrpnxz
wut
-
jonas’
qrpnxz, and then what? there’ll still be many (and not small) domains in the wild running such software, so you’re faced with the choice of being correct and being interoperable
-
qrpnxz
yes
-
qrpnxz
wait, is ejabberd expecting an invalid header or a valid one
-
Zash
FTR: Next Prosody major version will support IP address federation, but good luck getting certs for those.
-
jonas’
qrpnxz, it is expecting a valid one, but not accepting all valid ones
-
qrpnxz
ah, then i'd send the valid one they expect, but let them know
-
moparisthebest
qrpnxz, oops not stream header, stream features https://github.com/moparisthebest/xmpp-proxy/blob/master/src/tls.rs#L183
-
moparisthebest
I did let them know, but even if I sent a patch, that doesn't magically deploy it everywhere
-
şişio
Is there a difference in Matrix and XMPP from a security perspective
-
qrpnxz
moparisthebest, you better be defining that stream prefix
-
jonas’
qrpnxz, `xmlns:stream` is already defined on the stream header
-
jonas’
şişio, this is not the XMPP vs. Matrix room, sorry
-
moparisthebest
qrpnxz, yep it's of course defined, they should be identical per XML+XMPP rules, but ejabberd only accepts the second and not the first, prosody accepts both
-
qrpnxz
are you just guessing, i'm asking about moparis' code
-
qrpnxz
ol right good
-
moparisthebest
I think Holger said that's just some old code hard-coding it the second way, but regardless, can't fix everything at once even if you want
-
moparisthebest
sometimes you have to go with the status quo instead of the spec :)
-
qrpnxz
i thought that ejabberd was supposed to be the respectable paid super-server, not garbage
-
moparisthebest
it is a great server, everything has bugs
-
jonas’
~all men must die~ every software has bugs
-
Zash
it has gotten way better over the years
-
Holger
ejabberd sometimes has more historical baggage than others due to being older.
-
qrpnxz
i
-
qrpnxz
c
-
moparisthebest
I almost said "everything has bugs and legacy code" but I realized "legacy code" is often either bug free or bug riddled :)
-
şişio
> jonas’ wrote: > qrpnxz, `xmlns:stream` is already defined on the stream header > şişio, this is not the XMPP vs. Matrix room, sorry 👍
-
Zash
legacy code has so many bugs nobody wants to touch it, or so few bugs nobody needs to touch it? 🙂
-
qrpnxz
lol
-
moparisthebest
or both at the same time
-
Zash
ah yes, "it works, don't touch it"
-
moparisthebest
I don't want to seem like I'm picking on ejabberd either, try sending a stream header without version= set to prosody and you'll be in for a fun time too :)
-
moparisthebest
(RFC says to set it, you might expect a server to reject something without it, but that's not what happens)
-
jonas’
moparisthebest, haha, yeah, I found that quirky handling while writing xmppstream.rs :D
-
moparisthebest
jonas’, did you do the right thing and rm -rf it :D
-
jonas’
moparisthebest, no, I’m drop-in-replacing, not rewriting :)
-
jonas’
(the handling is outside xmppstream.lua)
-
moparisthebest
ah, fair
-
jonas’
(amusing was, I found it because aioxmpp rejected the resulting response stream header after xmppstream.rs did emit a nil version because I left that one out at first)
-
moparisthebest
I found it because I'm writing all this TLS code, and using a prosody module to hijack all outgoing connections to go through my proxy, and every prosody server I tried to negotiate with rejected my TLS negotiation, even though it looked fine
-
qrpnxz
total sadnes✎ -
qrpnxz
total sadness ✏
-
moparisthebest
finally determined the prosody module didn't set version= and prosody rejects even successful TLS if version= is not sent :D
-
moparisthebest
but I spent like a week debugging my TLS code on and off lol
-
qrpnxz
🍹️
-
Sam
Reminder that the Office Hours start in 15 minutes! Today's presentation is a demo of ad-hoc commands and forms in Mellium and some discussion about the relevant XEPs. https://socialcoop.meet.coop/sam-pku-dud-niv
-
Sam
And we're starting!
-
şişio
> Sam wrote: > And we're starting! Thanks, Sam!
-
lovetox
Sam, was it recorded?
-
eevvoor
lovetox, yes.
-
eevvoor
But it is difficult to get it out of BBB, as fasr as I know. Let's see whether Sam fiddles his rec aout of BBB :D.
-
Zash
It's been done before
-
Sam
yah, I don't know if it's worth putting this one up or not though, I'll go back through and see when BBB finishes processing it
-
lovetox
i was interested in it because i spent quite some time on the forms GUI in Gajim
-
lovetox
and wondered about the problems you encountered with the spec
-
Zash
I wish I had remembered that adhoc demo module earlier.
-
emus
Hello everyone, please check if your clients / applications / projects are placed and updated here: https://xmpp.org/software/clients.html
-
deuill
Also might need to blur out your phone number before you post this on the Internet Sam, heh
-
Sam
lovetox: video uploading https://youtu.be/C2oyAfJeqno
-
Sam
Sorry for the long rambling look at code; I'll skip that next time and just do the demo and call it done.
-
Sam
If you were there but left when we originally started the recording, the stuff that happened afterwards where Zash pointed out a cool module we could use to demo it starts at around 27:48 https://youtu.be/C2oyAfJeqno?t=1668
-
Sam
stopped the recording, even.