XSF Discussion - 2022-03-17


  1. adiaholic has left

  2. adiaholic has joined

  3. gooya has left

  4. gooya has joined

  5. adiaholic has left

  6. jcbrand has joined

  7. neshtaxmpp has left

  8. neshtaxmpp has joined

  9. alo has left

  10. alo has joined

  11. djorz has joined

  12. adiaholic has joined

  13. Menel has left

  14. alo has left

  15. alo has joined

  16. adiaholic has left

  17. jcbrand has left

  18. neshtaxmpp has left

  19. neshtaxmpp has joined

  20. karoshi has left

  21. adiaholic has joined

  22. antranigv has joined

  23. tykayn has left

  24. debacle has left

  25. alo has left

  26. alo has joined

  27. neshtaxmpp has left

  28. adiaholic has left

  29. neshtaxmpp has joined

  30. antranigv has left

  31. neshtaxmpp has left

  32. neshtaxmpp has joined

  33. neshtaxmpp has left

  34. neshtaxmpp has joined

  35. adiaholic has joined

  36. neshtaxmpp has left

  37. neshtaxmpp has joined

  38. adiaholic has left

  39. antranigv has joined

  40. adiaholic has joined

  41. djorz has left

  42. adiaholic has left

  43. antranigv has left

  44. adiaholic has joined

  45. gooya has left

  46. gooya has joined

  47. adiaholic has left

  48. adiaholic has joined

  49. neshtaxmpp has left

  50. neshtaxmpp has joined

  51. alo has left

  52. neshtaxmpp has left

  53. neshtaxmpp has joined

  54. neshtaxmpp has left

  55. neshtaxmpp has joined

  56. gooya has left

  57. neshtaxmpp has left

  58. gooya has joined

  59. neshtaxmpp has joined

  60. neshtaxmpp has left

  61. adiaholic has left

  62. adiaholic has joined

  63. neshtaxmpp has joined

  64. neshtaxmpp has left

  65. neshtaxmpp has joined

  66. gooya has left

  67. neshtaxmpp has left

  68. gooya has joined

  69. jgart has joined

  70. neshtaxmpp has joined

  71. Matthew has left

  72. Rixon 👁🗨 has left

  73. uhoreg has left

  74. homebeach has left

  75. Half-Shot has left

  76. Half-Shot has joined

  77. Matthew has joined

  78. Rixon 👁🗨 has joined

  79. uhoreg has joined

  80. homebeach has joined

  81. adiaholic has left

  82. adiaholic has joined

  83. Kev has left

  84. Steve Kille has left

  85. Steve Kille has joined

  86. Kev has joined

  87. neshtaxmpp has left

  88. neshtaxmpp has joined

  89. yushyin has left

  90. antranigv has joined

  91. neshtaxmpp has left

  92. yushyin has joined

  93. neshtaxmpp has joined

  94. adiaholic has left

  95. adiaholic has joined

  96. nuron has left

  97. yushyin has left

  98. antranigv has left

  99. nuron has joined

  100. adiaholic has left

  101. neshtaxmpp has left

  102. neshtaxmpp has joined

  103. adiaholic has joined

  104. yushyin has joined

  105. karoshi has joined

  106. yushyin has left

  107. adiaholic has left

  108. Calvin has left

  109. adiaholic has joined

  110. Yagiza has joined

  111. neshtaxmpp has left

  112. neshtaxmpp has joined

  113. վարյա has left

  114. վարյա has joined

  115. adiaholic has left

  116. neshtaxmpp has left

  117. neshtaxmpp has joined

  118. adiaholic has joined

  119. neshtaxmpp has left

  120. neshtaxmpp has joined

  121. adiaholic has left

  122. neshtaxmpp has left

  123. neshtaxmpp has joined

  124. jcbrand has joined

  125. neshtaxmpp has left

  126. neshtaxmpp has joined

  127. neshtaxmpp has left

  128. neshtaxmpp has joined

  129. moparisthebest

    this is roughly going to be my proposal for either extending XEP-0156 or making a new XEP, it supports secure delegation without DNSSEC, pinning public keys, encrypted-client-hello, additional connection methods like QUIC etc, the advice would be to grab this host-meta file first and if any of these methods exist (or a flag or something) to never do SRV/POSH/etc, thoughts/feedback/hate welcome: https://github.com/moparisthebest/xmpp-proxy/blob/master/contrib/host-meta/xep-0156-proposed.json

  130. gooya has left

  131. xnamed has left

  132. harry837374884 has left

  133. harry837374884 has joined

  134. neshtaxmpp has left

  135. neshtaxmpp has joined

  136. antranigv has joined

  137. adiaholic has joined

  138. neshtaxmpp has left

  139. neshtaxmpp has joined

  140. uhoreg has left

  141. homebeach has left

  142. Rixon 👁🗨 has left

  143. Matthew has left

  144. Half-Shot has left

  145. Half-Shot has joined

  146. Matthew has joined

  147. Rixon 👁🗨 has joined

  148. uhoreg has joined

  149. homebeach has joined

  150. BASSGOD has left

  151. adiaholic has left

  152. adiaholic has joined

  153. jcbrand has left

  154. antranigv has left

  155. rafasaurus has left

  156. yushyin has joined

  157. rafasaurus has joined

  158. adiaholic has left

  159. neshtaxmpp has left

  160. ti_gj06 has joined

  161. adiaholic has joined

  162. yushyin has left

  163. BASSGOD has joined

  164. adiaholic has left

  165. neshtaxmpp has joined

  166. neshtaxmpp has left

  167. neshtaxmpp has joined

  168. adiaholic has joined

  169. yushyin has joined

  170. neshtaxmpp has left

  171. yushyin has left

  172. վարյա has left

  173. adiaholic has left

  174. neshtaxmpp has joined

  175. adiaholic has joined

  176. uhoreg has left

  177. homebeach has left

  178. Rixon 👁🗨 has left

  179. Matthew has left

  180. Half-Shot has left

  181. Half-Shot has joined

  182. Matthew has joined

  183. Rixon 👁🗨 has joined

  184. uhoreg has joined

  185. homebeach has joined

  186. neshtaxmpp has left

  187. lskdjf has left

  188. adiaholic has left

  189. pasdesushi has joined

  190. adiaholic has joined

  191. lskdjf has joined

  192. marc0s has left

  193. marc0s has joined

  194. norkki has joined

  195. norkki has left

  196. adiaholic has left

  197. Daniel has left

  198. Daniel has joined

  199. Tobias has joined

  200. neshtaxmpp has joined

  201. yushyin has joined

  202. adiaholic has joined

  203. me9 has joined

  204. Tobias has left

  205. adiaholic has left

  206. uhoreg has left

  207. homebeach has left

  208. Rixon 👁🗨 has left

  209. Matthew has left

  210. Half-Shot has left

  211. Half-Shot has joined

  212. Matthew has joined

  213. Rixon 👁🗨 has joined

  214. uhoreg has joined

  215. homebeach has joined

  216. rion has left

  217. Tobias has joined

  218. rion has joined

  219. վարյա has joined

  220. neshtaxmpp has left

  221. lskdjf has left

  222. rubi has left

  223. adiaholic has joined

  224. fhtest has joined

  225. Tobias has left

  226. Tobias has joined

  227. me9 has left

  228. Ingolf has joined

  229. jcbrand has joined

  230. Menel has joined

  231. millesimus has left

  232. jgart has left

  233. emus has joined

  234. wurstsalat has joined

  235. msavoritias has joined

  236. pasdesushi has left

  237. fhtest has left

  238. mh has left

  239. xecks has left

  240. xecks has joined

  241. mh has joined

  242. վարյա has left

  243. վարյա has joined

  244. mjk has joined

  245. Ingolf has left

  246. MattJ

    moparisthebest: looks good! My initial comments would be: I think a TTL would be better than "expires" - most people will not be dynamically generating these as they are served, and a TTL allows more reasonable caching without additional work.

  247. MattJ

    Also I'm unsure about allowing arbitrary ALPN strings here. I'd lean towards keeping those out of it and just making clear which of the standard strings should be used.

  248. jonas’

    +1 for ttl

  249. yushyin has left

  250. yushyin has joined

  251. Alex has joined

  252. վարյա has left

  253. BASSGOD has left

  254. ti_gj06 has left

  255. Menel has left

  256. moparisthebest has left

  257. mh has left

  258. adiaholic has left

  259. Ingolf has joined

  260. վարյա has joined

  261. Daniel has left

  262. adiaholic has joined

  263. Daniel has joined

  264. rubi has joined

  265. mh has joined

  266. atomicwatch has joined

  267. վարյա has left

  268. վարյա has joined

  269. uhoreg has left

  270. homebeach has left

  271. Half-Shot has left

  272. Rixon 👁🗨 has left

  273. Matthew has left

  274. Half-Shot has joined

  275. Matthew has joined

  276. Rixon 👁🗨 has joined

  277. uhoreg has joined

  278. homebeach has joined

  279. millesimus has joined

  280. mh has left

  281. վարյա has left

  282. mh has joined

  283. վարյա has joined

  284. Fishbowler has left

  285. Fishbowler has joined

  286. wladmis has joined

  287. վարյա has left

  288. վարյա has joined

  289. restive_monk has left

  290. վարյա has left

  291. վարյա has joined

  292. Maranda has left

  293. Mjolnir Archon has left

  294. brunrobe has left

  295. Link Mauve

    moparisthebest, do you plan on forking RFC6415 as well?

  296. Link Mauve

    Because while these extensions could be added to XRD just fine by using different namespaces, JRD doesn’t define extensibility at all.

  297. վարյա has left

  298. վարյա has joined

  299. rafasaurus has left

  300. brunrobe has joined

  301. restive_monk has joined

  302. ti_gj06 has joined

  303. uhoreg has left

  304. homebeach has left

  305. Half-Shot has left

  306. Rixon 👁🗨 has left

  307. Matthew has left

  308. Fishbowler has left

  309. Fishbowler has joined

  310. uhoreg has joined

  311. wladmis has left

  312. Rixon 👁🗨 has joined

  313. Matthew has joined

  314. Half-Shot has joined

  315. վարյա has left

  316. վարյա has joined

  317. homebeach has joined

  318. neshtaxmpp has joined

  319. վարյա has left

  320. վարյա has joined

  321. Neustradamus has joined

  322. wladmis has joined

  323. Maranda has joined

  324. Mjolnir Archon has joined

  325. վարյա has left

  326. վարյա has joined

  327. adiaholic has left

  328. adiaholic has joined

  329. վարյա has left

  330. վարյա has joined

  331. վարյա has left

  332. վարյա has joined

  333. վարյա has left

  334. վարյա has joined

  335. ti_gj06 has left

  336. adiaholic has left

  337. adiaholic has joined

  338. rion has left

  339. moparisthebest has joined

  340. adiaholic has left

  341. Steve Kille has left

  342. tykayn has joined

  343. adiaholic has joined

  344. վարյա has left

  345. վարյա has joined

  346. Steve Kille has joined

  347. Steve Kille has left

  348. Steve Kille has joined

  349. rafasaurus has joined

  350. վարյա has left

  351. վարյա has joined

  352. վարյա has left

  353. վարյա has joined

  354. goffi has joined

  355. moparisthebest has left

  356. debacle has joined

  357. վարյա has left

  358. վարյա has joined

  359. վարյա has left

  360. վարյա has joined

  361. pasdesushi has joined

  362. ti_gj06 has joined

  363. վարյա has left

  364. վարյա has joined

  365. Titi has joined

  366. mjk

    > thoughts/feedback/hate welcome I hate JSON. Also, can my OCD suggest changing "ips" to "addrs" or something? If that's not in some spec already

  367. mh has left

  368. Zash

    I hate JSON _and_ HTTPS and *especially* the movement towards everything being HTTPS and JSON

  369. MattJ

    Zash, you could suggest putting this all in DNS instead, to which we can remind you that DNS is over HTTP these days ;)

  370. mjk

    Lesser of the evils, I guess? The alternative is no nice things, aiui

  371. mjk

    (Until dnssec becomes a thing)

  372. Zash

    I have DNSSEC. Your argument is invalid!

  373. Zash

    I also have a local recursive resolver, no HTTPS involved!!

  374. Holger

    Zash, you're just ahead of time, in 20 years everyone will hate it "I'd use Matrix just fine BUT WTF JSON?!".

  375. Zash

    That's the same as being 20 years behind? Dang time loops!

  376. mjk

    :)

  377. tykayn has left

  378. mjk

    _It's all happened before_

  379. Holger

    That's how IT works, no? "WTF STARTTLS?! Direct TLS on 5223 is the thing!"

  380. վարյա has left

  381. վարյա has joined

  382. Zash

    All this has happened before. All of it will happen again, and again, and again

  383. emus

    > Holger escribió: > That's how IT works, no? "WTF STARTTLS?! Direct TLS on 5223 is the thing!" I would like to laugh but I lack the knowledge 😅

  384. Zash

    Holger: Can't wait for "WTF TCP? Encrypted IP is the thing!"

  385. Zash

    Unfortunately I fear between here and there it'll be 20 layers of protocols

  386. emus

    🙁

  387. mjk

    Yea, encrypted IP over json over http/4 over udp

  388. Zash

    and http/4 will be over http/3 over quic over tls 1.3 over tls 1.2 over udp over ....

  389. mjk

    It's all over

  390. mjk

    all the way down

  391. fhtest has joined

  392. mjk

    emus: I think people used to hate on direct TLS before, just don't really recall why

  393. mjk

    Additional ports required? Routing is complicated?

  394. southerntofu

    can't wait for CJDNS over XMPP over DNS over HTTPS i guess

  395. Zash

    Additional ports or IPs required unless you implement SNI

  396. Zash

    SNI moves concepts around in the stack in an uncomfortable way

  397. mjk

    Ah, right, there once wasn't sni

  398. Zash

    And then ALPN makes it worse

  399. Zash

    In Prosody, this meant code that previously only needed to care about connections on ports now needs to know about application level concepts like virtualhosts

  400. tykayn has joined

  401. mjk

    But then mobile became a thing and suddenly everyone needs to connect over port 443 because stupid furewalls

  402. Zash

    That's not mobile

  403. mjk

    Web?

  404. Zash

    Yes. Because of web. That's why we can't have nice things!

  405. mjk

    The full circle

  406. Zash

    And because corporate firewalls blocking everything else for silly reasons, and people wanting to evade their corporate policies.

  407. Zash

    So now the port number has moved into TLS, and became an array of strings handled by OpenSSL. How does _that_ make you feel?

  408. southerntofu

    so how about building community networks to answer some of these needs?

  409. mjk

    Ironically, certain state-level firewalls started blocking quic over 443 and _only_ 443

  410. southerntofu

    Zash, i was doing SSLH some time ago... i much prefer having that standardized than relying on weird parsing rules :D

  411. Rixon 👁🗨 has left

  412. Half-Shot has left

  413. Matthew has left

  414. uhoreg has left

  415. homebeach has left

  416. վարյա has left

  417. uhoreg has joined

  418. Half-Shot has joined

  419. Matthew has joined

  420. Rixon 👁🗨 has joined

  421. homebeach has joined

  422. վարյա has joined

  423. ti_gj06 has left

  424. Zash

    If only we could have had a sane routable IPsec-ish thing.

  425. Wojtek has joined

  426. southerntofu

    though to be fair i i would much prefer a secure DNS (GNS maybe?) and/or crypto-secure routing (CJDNS/Tor)

  427. millesimus has left

  428. rafasaurus has left

  429. mh has joined

  430. rafasaurus has joined

  431. millesimus has joined

  432. papatutuwawa has joined

  433. gooya has joined

  434. վարյա has left

  435. MattJ

    southerntofu, the point is that sslh shouldn't be necessary

  436. TheCoffeMaker has left

  437. MattJ

    Nor hacky parsing rules

  438. southerntofu

    thanks to ALPN or thanks to overzealous firewalls disappearing?

  439. djorz has joined

  440. TheCoffeMaker has joined

  441. intosi has left

  442. intosi has joined

  443. MattJ

    I read your message as "I like ALPN because it makes multiplexing multiple protocols on a single port easier", but multiplexing is only a response to stupid firewalls

  444. southerntofu

    ah yes it just made my life easier i'm not saying it's a good solution, "community networks" sounds much saner to me that working around filtered networks :p

  445. MattJ

    Zash's point is that the port number used to serve the purpose that ALPN now is

  446. southerntofu

    fair

  447. վարյա has joined

  448. Zash

    and if we wanted to secure that, putting the security between IP and TCP would have magic't everything, but we can't because middleboxxen

  449. MattJ

    Now we live in a world where we have wasted space in the IP packet because it will eventually be hard-coded to '443'

  450. Zash

    in the TCP*

  451. Zash

    IP doesn't have ports, only addreses

  452. fhtest has left

  453. APach has left

  454. Wojtek has left

  455. southerntofu

    who needs 50k ports when you have many more IPv6 on every ISP-provided subnets? /s

  456. wladmis has left

  457. wladmis has joined

  458. Zash

    YES, One IPv6 address per application!

  459. Kev

    Wouldn't it be better to always use just one hostname/IP, and to include what host and service you want in the TLS negotiation? You can do away with DNS completely that way, and we don't need to get DNSSEC universally deployed.

  460. antranigv has joined

  461. Kev

    So you always just connect to https://8.8.8.8 and you're done.

  462. intosi has left

  463. southerntofu

    isn't that what SNI is about?

  464. MattJ

    Hello Cloudflare

  465. jonas’

    Hello Matt

  466. jonas’

    oh, we're not in the erlang movie? sorry.

  467. Wojtek has joined

  468. atomicwatch has left

  469. pasdesushi has left

  470. wladmis has left

  471. wladmis has joined

  472. antranigv has left

  473. intosi has joined

  474. pasdesushi has joined

  475. mjk

    > So now the port number has moved into TLS, and became an array of strings handled by OpenSSL. How does _that_ make you feel? It makes me sad... that I miss all the fun by not developing server software :p

  476. mathieui

    mjk: it is never too late

  477. djorz has left

  478. Wojtek has left

  479. mjk

    I dipped my toe once, actually. Though the effort back then was spent not on multiplexing services on one addr:port but on figuring out why a sync filesystem operation in an async callback deadlocked my server 🙄

  480. moparisthebest has joined

  481. southerntofu

    deadlocks are teh worst kind of locks

  482. mjk

    lol

  483. southerntofu

    doorlock? just pwn it in case of need. deadlock? you're screwed

  484. TheCoffeMaker has left

  485. southerntofu

    i'd much rather drill through doorlocks than debug deadlocks thank you very much :D

  486. mjk

    true

  487. xnamed has joined

  488. mjk

    the culprit turned out to be ~windows~ an alpha-quality library

  489. TheCoffeMaker has joined

  490. southerntofu always happy to point the finger at windows, trying to hide all those NFS/SSHFS deadlocks under the carpet

  491. mjk

    aren't we all

  492. southerntofu

    (seriously though why are networked filesystems so bad? SFTP/SCP works fine but NFS/SSHFS using a desktop environment is teh worst when there's bad network conditions)

  493. Link Mauve

    southerntofu, this probably comes from the Unix abstraction of files, which defaults to blocking reads.

  494. mjk

    ...and doing filesystem in the ui thread

  495. Link Mauve

    If the file system layer isn’t able to provide the data requested by the process, it will block the read() syscall.

  496. southerntofu

    soooo just try to get "random people" using network shares when it will freeze or otherwise hinder their file browsing experience

  497. southerntofu

    (last time i tried i learnt that it's perfectly reasonable for nautilus to become unresponsive even to SIGKILL when a networked file system has entered a weird state)

  498. southerntofu

    (i mean i find that curious but the non-technical user was (understandably) more than frustrated)

  499. mjk

    at least cifs driver has the option to error out instead of blocking on network problems :)

  500. Link Mauve

    Yes, being blocked in a syscall means the process won’t ever get scheduled, and thus can’t react to signals.

  501. southerntofu

    and won't ever return to life even when the network interruption was just a few seconds... great state of things! /s :D

  502. djorz has joined

  503. Link Mauve

    No, if the fs obtains the data, it should resume and finish the syscall.

  504. southerntofu

    that's a big "if" apparently...

  505. Link Mauve

    southerntofu, the issue here is applications’ assumption that reading a file will finish in reasonable time, and thus can avoid async by using blocking syscalls.

  506. southerntofu

    "should" <-- yes and we should have peace and prosperity for all on this planet, but well..

  507. Link Mauve

    southerntofu, if you encounter an issue in a driver, please file a bug against it.

  508. antranigv has joined

  509. Link Mauve

    Same for any other piece of software really. :)

  510. southerntofu

    i sure try! but i'm not always ready to spend hours trying to debug something, especially when it's not on my machine :P

  511. mjk

    and we all lived on topic ever after...

  512. Link Mauve

    Oops, sorry!

  513. southerntofu

    my bad

  514. mjk

    or my, we'll never know!

  515. southerntofu

    let's go back to extremely straightforward federation or whatever XSF stands for ;)

  516. intosi has left

  517. Rixon 👁🗨 has left

  518. Half-Shot has left

  519. Matthew has left

  520. uhoreg has left

  521. homebeach has left

  522. uhoreg has joined

  523. Half-Shot has joined

  524. Matthew has joined

  525. Rixon 👁🗨 has joined

  526. homebeach has joined

  527. antranigv has left

  528. djorz has left

  529. intosi has joined

  530. adiaholic has left

  531. adiaholic has joined

  532. nuron has left

  533. atomicwatch has joined

  534. nuron has joined

  535. ti_gj06 has joined

  536. adiaholic has left

  537. adiaholic has joined

  538. djorz has joined

  539. fhtest has joined

  540. atomicwatch has left

  541. moparisthebest has left

  542. goffi has left

  543. gooya has left

  544. gooya has joined

  545. Rixon 👁🗨 has left

  546. Half-Shot has left

  547. Matthew has left

  548. uhoreg has left

  549. homebeach has left

  550. djorz has left

  551. david has left

  552. APach has joined

  553. atomicwatch has joined

  554. Calvin has joined

  555. uhoreg has joined

  556. Half-Shot has joined

  557. Matthew has joined

  558. homebeach has joined

  559. antranigv has joined

  560. floretta has joined

  561. lskdjf has joined

  562. Fishbowler has left

  563. Fishbowler has joined

  564. Menel has joined

  565. adiaholic has left

  566. fhtest has left

  567. Link Mauve has left

  568. Link Mauve has joined

  569. moparisthebest has joined

  570. papatutuwawa has left

  571. Menel has left

  572. xecks has left

  573. djorz has joined

  574. xecks has joined

  575. Link Mauve has left

  576. Link Mauve has joined

  577. neshtaxmpp has left

  578. neshtaxmpp has joined

  579. Half-Shot has left

  580. homebeach has left

  581. Matthew has left

  582. uhoreg has left

  583. uhoreg has joined

  584. Half-Shot has joined

  585. Matthew has joined

  586. homebeach has joined

  587. moparisthebest

    thanks for the feedback all, let me see if I can address it: 1. MattJ, jonas’ , I agree expires is strange, I didn't add that though, that's in the RFC, seems reasonable to add an xmpp-specific TTL to be used instead though...1 2. MattJ , https-svc has arbitrary alpn strings... I agree it's a bit strange in the context of xmpp because we are already saying it's directtls or quic outside of that, hmmmmm 3. Link Mauve , I mean xep-0156 "extended" the json format without forking RFC6415, seems fine to me? 4. mjk , Zash , well the alternative is https-svc DNS records, except they can only be used for https so we'd have to fork our own that then would never get widespread deployment enough to use them and also lack of DNSSEC, fwiw this makes me sad too if I missed something please bring it up again...

  588. xnamed has left

  589. iink has joined

  590. Link Mauve

    moparisthebest, XEP-0156 as it currently is doesn’t extend the RFC, it just describes two @rel values to mean BOSH and WebSocket endpoints respectively.

  591. restive_monk has left

  592. iink has left

  593. xnamed has joined

  594. moparisthebest

    Link Mauve, RFC6415 says these two things about JRD: > as extensibility is beyond the scope of this specification. > The conversion of any other element is left undefined. I don't interpret either one of those as "you can't add anything" do you?

  595. վարյա has left

  596. վարյա has joined

  597. վարյա has left

  598. վարյա has joined

  599. iink has joined

  600. Link Mauve

    moparisthebest, given JSON has no concept of namespaces, I would be extremely wary of conflicts here.

  601. moparisthebest

    I don't think I care, why would anyone be trying to process a rel="..." it didn't understand ?

  602. moparisthebest

    every json deserializer I've seen explicitly ignores unknown fields for this reason right?

  603. Link Mauve

    Do they now?

  604. moparisthebest

    serde_json does

  605. moparisthebest

    fun fact, the XML in RFC6415 is actually invalid per the XSD, go ahead and try to validate it https://code.moparisthebest.com/moparisthebest/xmpp-proxy/src/branch/master/contrib/host-meta

  606. moparisthebest

    (could use github.com instead but it's down right now LOL)

  607. karoshi has left

  608. karoshi has joined

  609. Link Mauve

    You should poke people to create an errata.

  610. restive_monk has joined

  611. BASSGOD has joined

  612. xnamed has left

  613. xnamed has joined

  614. վարյա has left

  615. վարյա has joined

  616. adiaholic has joined

  617. arc has joined

  618. arc

    But isn't it more fun to leave it as it is?

  619. moparisthebest

    it's like an easter egg!

  620. iink has left

  621. iink has joined

  622. floretta has left

  623. iink has left

  624. jgart has joined

  625. iink has joined

  626. iink has left

  627. adiaholic has left

  628. վարյա has left

  629. adiaholic has joined

  630. iink has joined

  631. floretta has joined

  632. iink has left

  633. neshtaxmpp has left

  634. neshtaxmpp has joined

  635. iink has joined

  636. Wojtek has joined

  637. iink has left

  638. mdosch has left

  639. ti_gj06 has left

  640. arc

    If you find it, you win a prize!

  641. iink has joined

  642. rafasaurus has left

  643. millesimus has left

  644. iink has left

  645. iink has joined

  646. arc has left

  647. arc has joined

  648. rafasaurus has joined

  649. millesimus has joined

  650. adiaholic has left

  651. mdosch has joined

  652. arc has left

  653. arc has joined

  654. arc has left

  655. arc has joined

  656. adiaholic has joined

  657. Titi has left

  658. Titi has joined

  659. Menel has joined

  660. adiaholic has left

  661. arc has left

  662. arc has joined

  663. atomicwatch has left

  664. arc has left

  665. arc has joined

  666. վարյա has joined

  667. adiaholic has joined

  668. Daniel has left

  669. ti_gj06 has joined

  670. arc has left

  671. harry837374884 has left

  672. harry837374884 has joined

  673. arc has joined

  674. mjk has left

  675. mjk has joined

  676. arc has left

  677. arc has joined

  678. arc has left

  679. arc has joined

  680. arc has left

  681. arc has joined

  682. Half-Shot has left

  683. homebeach has left

  684. Matthew has left

  685. uhoreg has left

  686. uhoreg has joined

  687. Half-Shot has joined

  688. Matthew has joined

  689. homebeach has joined

  690. rafasaurus has left

  691. վարյա has left

  692. iink has left

  693. Daniel has joined

  694. iink has joined

  695. wgreenhouse has left

  696. վարյա has joined

  697. Guus

    I believe that Dave has encoded various invitations for drinks in XEPs.

  698. Titi has left

  699. rafasaurus has joined

  700. adiaholic has left

  701. Wojtek has left

  702. Wojtek has joined

  703. վարյա has left

  704. վարյա has joined

  705. rafasaurus has left

  706. L29Ah has left

  707. adiaholic has joined

  708. restive_monk has left

  709. wgreenhouse has joined

  710. djorz has left

  711. alex11 has joined

  712. restive_monk has joined

  713. atomicwatch has joined

  714. wgreenhouse has left

  715. djorz has joined

  716. rafasaurus has joined

  717. Guus has left

  718. Guus has joined

  719. Titi has joined

  720. adiaholic has left

  721. arc has left

  722. arc has joined

  723. arc

    That is a great rumor to spread

  724. alex11 has left

  725. arc

    People might actually read them!

  726. APach has left

  727. arc has left

  728. arc has joined

  729. restive_monk has left

  730. krauq has left

  731. restive_monk has joined

  732. pasdesushi has left

  733. krauq has joined

  734. adiaholic has joined

  735. arc

    Meeting time, who's here?

  736. ralphm

    Based in fact, I'm sure.

  737. ralphm bangs gavel

  738. ralphm

    0. Welcome!

  739. ralphm

    Who do we have

  740. arc

    Here

  741. ralphm

    For some reason you feel closer this week :D

  742. me9 has joined

  743. arc has left

  744. arc has joined

  745. jcbrand

    Hi

  746. adiaholic has left

  747. arc

    Its 10:00 a.m. this week, so I am more awake

  748. arc has left

  749. ralphm

    Nice

  750. arc has joined

  751. ralphm

    Any items for today?

  752. arc has left

  753. arc has joined

  754. arc has left

  755. arc has joined

  756. arc

    Not that I'm aware of

  757. arc has left

  758. ralphm

    The only thing that was raised to me was a message from emus about GSoC financials, but I don't think Board has to be involved and that he can do this directly with Peter.

  759. arc has joined

  760. wgreenhouse has joined

  761. MattJ

    o/

  762. arc has left

  763. arc has joined

  764. arc

    I agree

  765. ralphm

    hey MattJ, you got anything?

  766. arc has left

  767. MattJ

    I don't think so, no

  768. arc has joined

  769. ralphm

    Easy peasy.

  770. MattJ

    (I mean, only covid... :) )

  771. ralphm

    Ow. Be well, sir!

  772. ralphm

    1. Date of Next

  773. ralphm

    +1W

  774. ralphm

    2. Close

  775. ralphm

    Thanks all!

  776. MattJ

    wfm, thanks!

  777. ralphm bangs gavel

  778. arc has left

  779. arc has joined

  780. ralphm

    As you were!

  781. arc has left

  782. arc has joined

  783. rafasaurus has left

  784. rafasaurus has joined

  785. millesimus has left

  786. arc

    Hey so does daylight savings happen in Europe next week?

  787. adiaholic has joined

  788. wgreenhouse has left

  789. mjk

    > thanks for the feedback all, let me see if I can address it: > 1. MattJ, jonas’ , I agree expires is strange, I didn't add that though, that's in the RFC, seems reasonable to add an xmpp-specific TTL to be used instead though...1 > 2. MattJ , https-svc has arbitrary alpn strings... I agree it's a bit strange in the context of xmpp because we are already saying it's directtls or quic outside of that, hmmmmm > 3. Link Mauve , I mean xep-0156 "extended" the json format without forking RFC6415, seems fine to me? > 4. mjk , Zash , well the alternative is https-svc DNS records, except they can only be used for https so we'd have to fork our own that then would never get widespread deployment enough to use them and also lack of DNSSEC, fwiw t > if I missed something please bring it up again...

  790. Zash

    arc: I think so. Last Sunday in March afaik

  791. mjk

    .

  792. arc has left

  793. arc has joined

  794. arc

    That should be clearly mentioned at the end of the meeting, if we're adjusting meeting time relative to UTC

  795. mjk

    moparisthebest: > if I missed something please bring it up again... The "ips" field! It lists IP addresses, not internet protocols! "addr(esse)s" plz :)

  796. Titi has left

  797. arc

    Google calendar says time remains the same for next week

  798. arc has left

  799. Half-Shot has left

  800. homebeach has left

  801. Matthew has left

  802. uhoreg has left

  803. uhoreg has joined

  804. Half-Shot has joined

  805. Matthew has joined

  806. homebeach has joined

  807. arc has joined

  808. moparisthebest

    mjk: ah sorry thanks, https-svc has these too but calls them "ip4hint" and "ip6hint" ...

  809. mjk

    Hmm

  810. debacle has left

  811. MattJ

    I always find "address" to be ambiguous - does it accept an IP address, hostname? or both?

  812. MattJ

    We have a few of those "slots" in XEPs

  813. emus

    > ralphm escribió: > The only thing that was raised to me was a message from emus about GSoC financials, but I don't think Board has to be involved and that he can do this directly with Peter. I was still not able to find a working contact. Thats a general issue with IDs in the wiki. foreigners seem to be blocked

  814. ralphm

    arc: indeed, DST change in Europe is on March 27 this year.

  815. millesimus has joined

  816. emus

    Maybe someone can send him my a message and to contact me

  817. ralphm

    I sent you his e-mail address

  818. L29Ah has joined

  819. rafasaurus has left

  820. rafasaurus has joined

  821. moparisthebest

    mjk, https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html#section-7.4 sorry it's "ipv4hint" and "ipv6hint"

  822. moparisthebest

    is there a reason to differentiate between v4 and v6 ? I'm wildly guessing they do in DNS because everything is binary and with a defined length, in json seems like you could just look at them

  823. homebeach has left

  824. Matthew has left

  825. Half-Shot has left

  826. uhoreg has left

  827. uhoreg has joined

  828. Half-Shot has joined

  829. Matthew has joined

  830. homebeach has joined

  831. Kev has left

  832. Kev has joined

  833. millesimus has left

  834. millesimus has joined

  835. wgreenhouse has joined

  836. djorz has left

  837. marc0s has left

  838. marc0s has joined

  839. lukasf has left

  840. adiaholic has left

  841. emus

    ralphm: thx

  842. wgreenhouse has left

  843. flow has left

  844. adiaholic has joined

  845. flow has joined

  846. rion has joined

  847. Steve Kille has left

  848. wgreenhouse has joined

  849. Steve Kille has joined

  850. L29Ah has left

  851. wgreenhouse has left

  852. restive_monk has left

  853. harry837374884 has left

  854. goffi has joined

  855. mjk

    > in json seems like you could just look at them Yeah, the mixed bag seemed fine to me as is

  856. Kev has left

  857. Daniel has left

  858. harry837374884 has joined

  859. Kev has joined

  860. Daniel has joined

  861. mjk

    MattJ: > I always find "address" to be ambiguous - does it accept an IP address, hostname? or both? To me, addresses, if referring to hostnames, are more of a user-facing term, whereas addresses at protocol level seem unambiguously referring to numeric things. But maybe just me ¯\_(ツ)_/¯

  862. iink has left

  863. Wojtek has left

  864. iink has joined

  865. mjk

    Anyway, "iphints" sounds more-or-less fine to me too :)

  866. moparisthebest

    Https-svc calls them hints because you might look up the domain name otherwise later and I'm explicitly not supporting that

  867. iink has left

  868. moparisthebest

    Here it's "you should connect directly to these IPs and nothing else"

  869. moparisthebest

    Maybe "ipdemands" hehe

  870. iink has joined

  871. pasdesushi has joined

  872. Paganini has left

  873. brunrobe has left

  874. Mjolnir Archon has left

  875. Maranda has left

  876. wgreenhouse has joined

  877. Mjolnir Archon has joined

  878. Maranda has joined

  879. brunrobe has joined

  880. floretta has left

  881. Paganini has joined

  882. jcbrand has left

  883. ti_gj06 has left

  884. wgreenhouse has left

  885. arc has left

  886. arc has joined

  887. wgreenhouse has joined

  888. harry837374884 has left

  889. harry837374884 has joined

  890. floretta has joined

  891. atomicwatch has left

  892. atomicwatch has joined

  893. djorz has joined

  894. wgreenhouse has left

  895. flow has left

  896. mjk

    "ipaddrs" it is, and sorry for all the bikeshedding

  897. moparisthebest

    "connectables"

  898. moparisthebest

    make no one happy... :)

  899. mjk

    "endpoints", if we were to be deliberately ambiguous, but sound modern and jsony!

  900. lukasf has joined

  901. L29Ah has joined

  902. wgreenhouse has joined

  903. Ingolf has left

  904. restive_monk has joined

  905. wgreenhouse has left

  906. Yagiza has left

  907. wgreenhouse has joined

  908. ti_gj06 has joined

  909. wladmis has left

  910. wladmis has joined

  911. restive_monk has left

  912. wgreenhouse has left

  913. wgreenhouse has joined

  914. wgreenhouse has left

  915. wgreenhouse has joined

  916. restive_monk has joined

  917. Titi has joined

  918. wgreenhouse has left

  919. restive_monk has left

  920. eevvoor has left

  921. eevvoor has joined

  922. wladmis has left

  923. wladmis has joined

  924. Kev has left

  925. qy

    Say, mod_onions allows tor federation, but only for servers that enable it. Why not iterate that, and have a way to hop to a tor-enabled server and then on to the target?

  926. L29Ah has left

  927. qy

    Because: > Come to think of it (from talking to wgreenhouse about briar earlier), if you just package prosody with mod_onions, tor, and a client, you got a free p2p chat app

  928. Titi has left

  929. Kev has joined

  930. bean has joined

  931. moparisthebest

    MattJ, Zash how does that check incoming s2s? is https://hg.prosody.im/prosody-modules/file/824b0d7fa883/mod_onions/mod_onions.lua#l268 called? if so it's wrong :/

  932. moparisthebest

    qy, seamless secure federation between .onion servers and public net servers is an explicit near-future goal for xmpp-proxy, as well as documenting best practices for .onion federation which I don't think has been done before

  933. qy

    Neat

  934. restive_monk has joined

  935. moparisthebest

    both handling .onion JIDs and public servers with .onion endpoints in SRV or whatever, which... are subtely different

  936. Sam

    I've thought about writing an informational XEP about that a handful of times, but don't have enough experience with it. I'd love to see one written up.

  937. moparisthebest

    I don't know about anyone else but I can never work out the fine details until I write the code, so that has to come first for me :P

  938. qy

    I don't even know how this would theoretically work, but i'm sure it could

  939. MattJ

    moparisthebest, I've been assured by multiple people in the past that it's not wrong. But I've never used nor worked on that module.

  940. moparisthebest

    from what I've thought about so far, my plan is requiring all .onion domains to have a TLS certificate, *any* TLS certificate (ignore names, expiration date, everything), when connecting *to* one (as a client, or s2s-out), just accept it if you are connecting to a .onion the tricky part is s2s *in*, where you get handed a cert and told an .onion is connected to you, my proposal there is to make an *outgoing* connection to the .onion, and trust the certificate only if the incoming one is exactly the same as the one you got making the outgoing connection

  941. MattJ

    Looks like it hasn't changed at all for years

  942. moparisthebest

    MattJ, that's fine for outgoing, but is it ran for incoming?

  943. moparisthebest

    incoming as in sasl external authentication

  944. guus.der.kinderen has joined

  945. wgreenhouse has joined

  946. MattJ

    It would apply to both, unless there's a reason it doesn't

  947. MattJ

    Not a helpful statement, I know

  948. Daniel has left

  949. moparisthebest

    if so, that means anyone can connect to a prosody server with that loaded, present *any* certificate, claim to be from "bob.onion" and start spamming your users

  950. MattJ

    That's how it would read, yes

  951. moparisthebest

    you'd never get responses back I guess, unless you could trick it into bidi

  952. mjk

    Seems so, yes, unless there's some other check that the connection is coming from localhost

  953. djorz has left

  954. moparisthebest

    that sounds like an awesome spam tool :D

  955. moparisthebest

    anyone have a public server with that loaded that wants to give me permission to poke at it ? :)

  956. Tobias has left

  957. Zash

    Hello, I just came by to say: You got it all wrong. Now back to watching comedy! Bye

  958. Tobias has joined

  959. mjk

    > some other check that the connection is coming from localhost Wait no, that's stupid too. With all the nginxes and sslhes

  960. moparisthebest

    well, good :)

  961. qy

    > moparisthebest wrote: > from what I've thought about so far, my plan is requiring all .onion domains to have a TLS certificate, *any* TLS certificate (ignore names, expiration date, everything), when connecting *to* one (as a client, or s2s-out), just accept it if you are connecting to a .onion > the tricky part is s2s *in*, where you get handed a cert and told an .onion is connected to you, my proposal there is to make an *outgoing* connection to the .onion, and trust the certificate only if the incoming one is exactly the same as the one you got making the outgoing connection So really, just shifting from name-based routing to cryptokey routing

  962. վարյա has left

  963. վարյա has joined

  964. qy

    > Zash wrote: > Hello, I just came by to say: You got it all wrong. Now back to watching comedy! Bye Thanks fermat

  965. alacer has joined

  966. wgreenhouse has left

  967. moparisthebest

    qy, I mean it's still name-based, you just need TLS to validate incoming connections

  968. moparisthebest

    .onion only provides authenticity when you are connecting *to* it

  969. qy

    Right, yeah

  970. jcbrand has joined

  971. mjk

    If only Tor provided a virtual interface where incoming onion connections would be coming from something like 10.x.x.x, and the reverse lookup would yield the onion name...

  972. qy

    Why specifically TLS, though? Any asymmetric key would do, a TLS tunnel is superfluous over tor

  973. qy

    mjk: That is doable actually

  974. qy

    TRANSPort

  975. moparisthebest

    qy, "when you have a hammer everything looks like a nail"

  976. mjk

    qy: it is, just not the default conf

  977. qy

    Lol

  978. BASSGOD has left

  979. moparisthebest

    mjk, qy, tor doesn't even have a concept of "making an outgoing connection from a .onion domain" does it?

  980. qy

    Not as i'm aware

  981. iink has left

  982. mjk

    Hmm right

  983. moparisthebest

    another secure thing to do would be to do dialback over tor

  984. moparisthebest

    but... who wants to do that

  985. mjk goes back to the drawing board

  986. moparisthebest

    I feel like the already documented "same cert" hack is the best+easiest, and works with anything that provides outgoing-authenticity, onionv2, onvionv3, i2p, what else?

  987. qy

    In my mind anyway, the hard part is clearnet->onion routing. A fresh prosody knows nothing about remote servers that can marshall over to tor, until an incoming connection _from_ tor

  988. qy

    So without mod_onions you can't make that iteration

  989. Sam

    Was this for onion->onion S2S connections? I wonder if you could just use onion service client authorization and tell the XMPP server to use the same keypair as the service. You'd then validate that they match the descriptor of the onion service when you connect to it (or if you've already connected to it and it's dialing you back), no TLS certs involved?

  990. Titi has joined

  991. moparisthebest

    near-term xmpp-proxy will have a config box for you to put the socks5 server+port of your local tor daemon

  992. moparisthebest

    future xmpp-proxy will (optionally) bundle tor's new rust library and just handle it itself

  993. moparisthebest

    tor is being rewritten in rust with the explicit goal of being an easily embeddable library, it just isn't there yet

  994. iink has joined

  995. qy

    Well that would simplify a lot, just shove tor into prosody :p

  996. moparisthebest

    "problem solved" :)

  997. qy

    _dusts hands_

  998. wgreenhouse has joined

  999. Daniel has joined

  1000. mjk

    Are there Rust libraries for generating Lua bindings? :3

  1001. moparisthebest

    all bindings are C, you can generate C libraries from Rust, and use them from Lua

  1002. Link Mauve

    mjk, yes, see the mlua crate for instance.

  1003. mjk

    Can't rust expose 'extern "C"' functions?

  1004. moparisthebest

    yes that's what I mean

  1005. mjk

    Aha

  1006. mjk

    Then I'm content

  1007. Kev has left

  1008. Zash

    (So FTR: `return true` just means "validation has completed", but it doesn't record the certificate validation results, so they stay unknown and it'll probably go do Dialback)

  1009. Kev has joined

  1010. Link Mauve

    mlua is more pleasant to use than the C Lua API though.

  1011. moparisthebest

    Zash, ah right!, no session.secure = true, thanks!

  1012. BASSGOD has joined

  1013. moparisthebest

    so prosody mod_onions requires dialback then

  1014. Zash

    Rather it's _not_ setting the certificate chain and identity validation properties like https://hg.prosody.im/trunk/file/0.12.0/plugins/mod_s2s_auth_certs.lua

  1015. mjk

    > mlua is more pleasant to use than the C Lua API though. Anything is more pleasant than keeping half the stack in your head..

  1016. ti_gj06 has left

  1017. MattJ

    Pushed a comment to mod_onions, thanks Zash

  1018. Ingolf has joined

  1019. MattJ

    I know this isn't the first time you've explained it, but hopefully now it can be the last ;)

  1020. moparisthebest

    haha thanks :) mini heart attack averted

  1021. ti_gj06 has joined

  1022. wgreenhouse has left

  1023. arc has left

  1024. arc has joined

  1025. arc has left

  1026. arc has joined

  1027. L29Ah has joined

  1028. jcbrand has left

  1029. wgreenhouse has joined

  1030. lukasf has left

  1031. arc has left

  1032. arc has joined

  1033. arc has left

  1034. arc has joined

  1035. lukasf has joined

  1036. wgreenhouse has left

  1037. wladmis has left

  1038. wladmis has joined

  1039. L29Ah has left

  1040. me9 has left

  1041. guus.der.kinderen has left

  1042. djorz has joined

  1043. վարյա has left

  1044. wgreenhouse has joined

  1045. druthid has left

  1046. druthid has joined

  1047. վարյա has joined

  1048. restive_monk has left

  1049. wgreenhouse has left

  1050. BASSGOD has left

  1051. iink@xmpp.is has joined

  1052. wgreenhouse has joined

  1053. iink@xmpp.is has left

  1054. Titi has left

  1055. goffi has left

  1056. BASSGOD has joined

  1057. L29Ah has joined

  1058. wgreenhouse has left

  1059. BASSGOD has left

  1060. BASSGOD has joined

  1061. alacer has left

  1062. iink has left

  1063. msavoritias has left

  1064. emus

    A new post on GSoC to promote our ideas again: https://fosstodon.org/@xmpp/107974022090404224 https://twitter.com/xmpp/status/1504571740650934283

  1065. Apollo has joined

  1066. Apollo has left

  1067. Apollo has joined

  1068. wgreenhouse has joined

  1069. Titi has joined

  1070. Apollo has left

  1071. atomicwatch has left

  1072. Tobias has left

  1073. Tobias has joined

  1074. xecks has left

  1075. mjk has left

  1076. restive_monk has joined

  1077. antranigv has left

  1078. mjk has joined

  1079. arc has left

  1080. arc has joined

  1081. xecks has joined

  1082. neshtaxmpp has left

  1083. neshtaxmpp has joined

  1084. Kev has left

  1085. Kev has joined

  1086. pasdesushi has left

  1087. neshtaxmpp has left

  1088. neshtaxmpp has joined

  1089. Tobias has left

  1090. mjk has left

  1091. floretta has left

  1092. floretta has joined

  1093. Titi has left

  1094. bean has left

  1095. ti_gj06 has left

  1096. debacle has joined

  1097. jcbrand has joined

  1098. intosi has left

  1099. intosi has joined

  1100. Alex has left

  1101. Ingolf has left

  1102. intosi has left

  1103. Ingolf has joined

  1104. intosi has joined

  1105. restive_monk has left

  1106. intosi has left

  1107. me9 has joined

  1108. Friendly Resident Cynic has left

  1109. Friendly Resident Cynic has joined

  1110. alex11 has joined

  1111. restive_monk has joined

  1112. antranigv has joined

  1113. arc has left

  1114. arc has joined

  1115. intosi has joined

  1116. adiaholic has left

  1117. adiaholic has joined

  1118. antranigv has left

  1119. djorz has left

  1120. djorz has joined

  1121. Kev has left

  1122. Kev has joined

  1123. Half-Shot has left

  1124. homebeach has left

  1125. Matthew has left

  1126. uhoreg has left

  1127. uhoreg has joined

  1128. Half-Shot has joined

  1129. Matthew has joined

  1130. homebeach has joined

  1131. djorz has left

  1132. intosi has left

  1133. Menel has left

  1134. me9 has left

  1135. Thilo Molitor has left

  1136. Thilo Molitor has joined

  1137. BASSGOD has left

  1138. neshtaxmpp has left

  1139. neshtaxmpp has joined

  1140. BASSGOD has joined

  1141. wurstsalat has left

  1142. Vaulor has left

  1143. neshtaxmpp has left

  1144. neshtaxmpp has joined

  1145. djorz has joined