XSF Discussion - 2022-03-17


  1. adiaholic has left
  2. adiaholic has joined
  3. gooya has left
  4. gooya has joined
  5. adiaholic has left
  6. jcbrand has joined
  7. neshtaxmpp has left
  8. neshtaxmpp has joined
  9. alo has left
  10. alo has joined
  11. djorz has joined
  12. adiaholic has joined
  13. Menel has left
  14. alo has left
  15. alo has joined
  16. adiaholic has left
  17. jcbrand has left
  18. neshtaxmpp has left
  19. neshtaxmpp has joined
  20. karoshi has left
  21. adiaholic has joined
  22. antranigv has joined
  23. tykayn has left
  24. debacle has left
  25. alo has left
  26. alo has joined
  27. neshtaxmpp has left
  28. adiaholic has left
  29. neshtaxmpp has joined
  30. antranigv has left
  31. neshtaxmpp has left
  32. neshtaxmpp has joined
  33. neshtaxmpp has left
  34. neshtaxmpp has joined
  35. adiaholic has joined
  36. neshtaxmpp has left
  37. neshtaxmpp has joined
  38. adiaholic has left
  39. antranigv has joined
  40. adiaholic has joined
  41. djorz has left
  42. adiaholic has left
  43. antranigv has left
  44. adiaholic has joined
  45. gooya has left
  46. gooya has joined
  47. adiaholic has left
  48. adiaholic has joined
  49. neshtaxmpp has left
  50. neshtaxmpp has joined
  51. alo has left
  52. neshtaxmpp has left
  53. neshtaxmpp has joined
  54. neshtaxmpp has left
  55. neshtaxmpp has joined
  56. gooya has left
  57. neshtaxmpp has left
  58. gooya has joined
  59. neshtaxmpp has joined
  60. neshtaxmpp has left
  61. adiaholic has left
  62. adiaholic has joined
  63. neshtaxmpp has joined
  64. neshtaxmpp has left
  65. neshtaxmpp has joined
  66. gooya has left
  67. neshtaxmpp has left
  68. gooya has joined
  69. jgart has joined
  70. neshtaxmpp has joined
  71. Matthew has left
  72. Rixon 👁🗨 has left
  73. uhoreg has left
  74. homebeach has left
  75. Half-Shot has left
  76. Half-Shot has joined
  77. Matthew has joined
  78. Rixon 👁🗨 has joined
  79. uhoreg has joined
  80. homebeach has joined
  81. adiaholic has left
  82. adiaholic has joined
  83. Kev has left
  84. Steve Kille has left
  85. Steve Kille has joined
  86. Kev has joined
  87. neshtaxmpp has left
  88. neshtaxmpp has joined
  89. yushyin has left
  90. antranigv has joined
  91. neshtaxmpp has left
  92. yushyin has joined
  93. neshtaxmpp has joined
  94. adiaholic has left
  95. adiaholic has joined
  96. nuron has left
  97. yushyin has left
  98. antranigv has left
  99. nuron has joined
  100. adiaholic has left
  101. neshtaxmpp has left
  102. neshtaxmpp has joined
  103. adiaholic has joined
  104. yushyin has joined
  105. karoshi has joined
  106. yushyin has left
  107. adiaholic has left
  108. Calvin has left
  109. adiaholic has joined
  110. Yagiza has joined
  111. neshtaxmpp has left
  112. neshtaxmpp has joined
  113. վարյա has left
  114. վարյա has joined
  115. adiaholic has left
  116. neshtaxmpp has left
  117. neshtaxmpp has joined
  118. adiaholic has joined
  119. neshtaxmpp has left
  120. neshtaxmpp has joined
  121. adiaholic has left
  122. neshtaxmpp has left
  123. neshtaxmpp has joined
  124. jcbrand has joined
  125. neshtaxmpp has left
  126. neshtaxmpp has joined
  127. neshtaxmpp has left
  128. neshtaxmpp has joined
  129. moparisthebest this is roughly going to be my proposal for either extending XEP-0156 or making a new XEP, it supports secure delegation without DNSSEC, pinning public keys, encrypted-client-hello, additional connection methods like QUIC etc, the advice would be to grab this host-meta file first and if any of these methods exist (or a flag or something) to never do SRV/POSH/etc, thoughts/feedback/hate welcome: https://github.com/moparisthebest/xmpp-proxy/blob/master/contrib/host-meta/xep-0156-proposed.json
  130. gooya has left
  131. xnamed has left
  132. harry837374884 has left
  133. harry837374884 has joined
  134. neshtaxmpp has left
  135. neshtaxmpp has joined
  136. antranigv has joined
  137. adiaholic has joined
  138. neshtaxmpp has left
  139. neshtaxmpp has joined
  140. uhoreg has left
  141. homebeach has left
  142. Rixon 👁🗨 has left
  143. Matthew has left
  144. Half-Shot has left
  145. Half-Shot has joined
  146. Matthew has joined
  147. Rixon 👁🗨 has joined
  148. uhoreg has joined
  149. homebeach has joined
  150. BASSGOD has left
  151. adiaholic has left
  152. adiaholic has joined
  153. jcbrand has left
  154. antranigv has left
  155. rafasaurus has left
  156. yushyin has joined
  157. rafasaurus has joined
  158. adiaholic has left
  159. neshtaxmpp has left
  160. ti_gj06 has joined
  161. adiaholic has joined
  162. yushyin has left
  163. BASSGOD has joined
  164. adiaholic has left
  165. neshtaxmpp has joined
  166. neshtaxmpp has left
  167. neshtaxmpp has joined
  168. adiaholic has joined
  169. yushyin has joined
  170. neshtaxmpp has left
  171. yushyin has left
  172. վարյա has left
  173. adiaholic has left
  174. neshtaxmpp has joined
  175. adiaholic has joined
  176. uhoreg has left
  177. homebeach has left
  178. Rixon 👁🗨 has left
  179. Matthew has left
  180. Half-Shot has left
  181. Half-Shot has joined
  182. Matthew has joined
  183. Rixon 👁🗨 has joined
  184. uhoreg has joined
  185. homebeach has joined
  186. neshtaxmpp has left
  187. lskdjf has left
  188. adiaholic has left
  189. pasdesushi has joined
  190. adiaholic has joined
  191. lskdjf has joined
  192. marc0s has left
  193. marc0s has joined
  194. norkki has joined
  195. norkki has left
  196. adiaholic has left
  197. Daniel has left
  198. Daniel has joined
  199. Tobias has joined
  200. neshtaxmpp has joined
  201. yushyin has joined
  202. adiaholic has joined
  203. me9 has joined
  204. Tobias has left
  205. adiaholic has left
  206. uhoreg has left
  207. homebeach has left
  208. Rixon 👁🗨 has left
  209. Matthew has left
  210. Half-Shot has left
  211. Half-Shot has joined
  212. Matthew has joined
  213. Rixon 👁🗨 has joined
  214. uhoreg has joined
  215. homebeach has joined
  216. rion has left
  217. Tobias has joined
  218. rion has joined
  219. վարյա has joined
  220. neshtaxmpp has left
  221. lskdjf has left
  222. rubi has left
  223. adiaholic has joined
  224. fhtest has joined
  225. Tobias has left
  226. Tobias has joined
  227. me9 has left
  228. Ingolf has joined
  229. jcbrand has joined
  230. Menel has joined
  231. millesimus has left
  232. jgart has left
  233. emus has joined
  234. wurstsalat has joined
  235. msavoritias has joined
  236. pasdesushi has left
  237. fhtest has left
  238. mh has left
  239. xecks has left
  240. xecks has joined
  241. mh has joined
  242. վարյա has left
  243. վարյա has joined
  244. mjk has joined
  245. Ingolf has left
  246. MattJ moparisthebest: looks good! My initial comments would be: I think a TTL would be better than "expires" - most people will not be dynamically generating these as they are served, and a TTL allows more reasonable caching without additional work.
  247. MattJ Also I'm unsure about allowing arbitrary ALPN strings here. I'd lean towards keeping those out of it and just making clear which of the standard strings should be used.
  248. jonas’ +1 for ttl
  249. yushyin has left
  250. yushyin has joined
  251. Alex has joined
  252. վարյա has left
  253. BASSGOD has left
  254. ti_gj06 has left
  255. Menel has left
  256. moparisthebest has left
  257. mh has left
  258. adiaholic has left
  259. Ingolf has joined
  260. վարյա has joined
  261. Daniel has left
  262. adiaholic has joined
  263. Daniel has joined
  264. rubi has joined
  265. mh has joined
  266. atomicwatch has joined
  267. վարյա has left
  268. վարյա has joined
  269. uhoreg has left
  270. homebeach has left
  271. Half-Shot has left
  272. Rixon 👁🗨 has left
  273. Matthew has left
  274. Half-Shot has joined
  275. Matthew has joined
  276. Rixon 👁🗨 has joined
  277. uhoreg has joined
  278. homebeach has joined
  279. millesimus has joined
  280. mh has left
  281. վարյա has left
  282. mh has joined
  283. վարյա has joined
  284. Fishbowler has left
  285. Fishbowler has joined
  286. wladmis has joined
  287. վարյա has left
  288. վարյա has joined
  289. restive_monk has left
  290. վարյա has left
  291. վարյա has joined
  292. Maranda has left
  293. Mjolnir Archon has left
  294. brunrobe has left
  295. Link Mauve moparisthebest, do you plan on forking RFC6415 as well?
  296. Link Mauve Because while these extensions could be added to XRD just fine by using different namespaces, JRD doesn’t define extensibility at all.
  297. վարյա has left
  298. վարյա has joined
  299. rafasaurus has left
  300. brunrobe has joined
  301. restive_monk has joined
  302. ti_gj06 has joined
  303. uhoreg has left
  304. homebeach has left
  305. Half-Shot has left
  306. Rixon 👁🗨 has left
  307. Matthew has left
  308. Fishbowler has left
  309. Fishbowler has joined
  310. uhoreg has joined
  311. wladmis has left
  312. Rixon 👁🗨 has joined
  313. Matthew has joined
  314. Half-Shot has joined
  315. վարյա has left
  316. վարյա has joined
  317. homebeach has joined
  318. neshtaxmpp has joined
  319. վարյա has left
  320. վարյա has joined
  321. Neustradamus has joined
  322. wladmis has joined
  323. Maranda has joined
  324. Mjolnir Archon has joined
  325. վարյա has left
  326. վարյա has joined
  327. adiaholic has left
  328. adiaholic has joined
  329. վարյա has left
  330. վարյա has joined
  331. վարյա has left
  332. վարյա has joined
  333. վարյա has left
  334. վարյա has joined
  335. ti_gj06 has left
  336. adiaholic has left
  337. adiaholic has joined
  338. rion has left
  339. moparisthebest has joined
  340. adiaholic has left
  341. Steve Kille has left
  342. tykayn has joined
  343. adiaholic has joined
  344. վարյա has left
  345. վարյա has joined
  346. Steve Kille has joined
  347. Steve Kille has left
  348. Steve Kille has joined
  349. rafasaurus has joined
  350. վարյա has left
  351. վարյա has joined
  352. վարյա has left
  353. վարյա has joined
  354. goffi has joined
  355. moparisthebest has left
  356. debacle has joined
  357. վարյա has left
  358. վարյա has joined
  359. վարյա has left
  360. վարյա has joined
  361. pasdesushi has joined
  362. ti_gj06 has joined
  363. վարյա has left
  364. վարյա has joined
  365. Titi has joined
  366. mjk > thoughts/feedback/hate welcome I hate JSON. Also, can my OCD suggest changing "ips" to "addrs" or something? If that's not in some spec already
  367. mh has left
  368. Zash I hate JSON _and_ HTTPS and *especially* the movement towards everything being HTTPS and JSON
  369. MattJ Zash, you could suggest putting this all in DNS instead, to which we can remind you that DNS is over HTTP these days ;)
  370. mjk Lesser of the evils, I guess? The alternative is no nice things, aiui
  371. mjk (Until dnssec becomes a thing)
  372. Zash I have DNSSEC. Your argument is invalid!
  373. Zash I also have a local recursive resolver, no HTTPS involved!!
  374. Holger Zash, you're just ahead of time, in 20 years everyone will hate it "I'd use Matrix just fine BUT WTF JSON?!".
  375. Zash That's the same as being 20 years behind? Dang time loops!
  376. mjk :)
  377. tykayn has left
  378. mjk _It's all happened before_
  379. Holger That's how IT works, no? "WTF STARTTLS?! Direct TLS on 5223 is the thing!"
  380. վարյա has left
  381. վարյա has joined
  382. Zash All this has happened before. All of it will happen again, and again, and again
  383. emus > Holger escribió: > That's how IT works, no? "WTF STARTTLS?! Direct TLS on 5223 is the thing!" I would like to laugh but I lack the knowledge 😅
  384. Zash Holger: Can't wait for "WTF TCP? Encrypted IP is the thing!"
  385. Zash Unfortunately I fear between here and there it'll be 20 layers of protocols
  386. emus 🙁
  387. mjk Yea, encrypted IP over json over http/4 over udp
  388. Zash and http/4 will be over http/3 over quic over tls 1.3 over tls 1.2 over udp over ....
  389. mjk It's all over
  390. mjk all the way down
  391. fhtest has joined
  392. mjk emus: I think people used to hate on direct TLS before, just don't really recall why
  393. mjk Additional ports required? Routing is complicated?
  394. southerntofu can't wait for CJDNS over XMPP over DNS over HTTPS i guess
  395. Zash Additional ports or IPs required unless you implement SNI
  396. Zash SNI moves concepts around in the stack in an uncomfortable way
  397. mjk Ah, right, there once wasn't sni
  398. Zash And then ALPN makes it worse
  399. Zash In Prosody, this meant code that previously only needed to care about connections on ports now needs to know about application level concepts like virtualhosts
  400. tykayn has joined
  401. mjk But then mobile became a thing and suddenly everyone needs to connect over port 443 because stupid furewalls
  402. Zash That's not mobile
  403. mjk Web?
  404. Zash Yes. Because of web. That's why we can't have nice things!
  405. mjk The full circle
  406. Zash And because corporate firewalls blocking everything else for silly reasons, and people wanting to evade their corporate policies.
  407. Zash So now the port number has moved into TLS, and became an array of strings handled by OpenSSL. How does _that_ make you feel?
  408. southerntofu so how about building community networks to answer some of these needs?
  409. mjk Ironically, certain state-level firewalls started blocking quic over 443 and _only_ 443
  410. southerntofu Zash, i was doing SSLH some time ago... i much prefer having that standardized than relying on weird parsing rules :D
  411. Rixon 👁🗨 has left
  412. Half-Shot has left
  413. Matthew has left
  414. uhoreg has left
  415. homebeach has left
  416. վարյա has left
  417. uhoreg has joined
  418. Half-Shot has joined
  419. Matthew has joined
  420. Rixon 👁🗨 has joined
  421. homebeach has joined
  422. վարյա has joined
  423. ti_gj06 has left
  424. Zash If only we could have had a sane routable IPsec-ish thing.
  425. Wojtek has joined
  426. southerntofu though to be fair i i would much prefer a secure DNS (GNS maybe?) and/or crypto-secure routing (CJDNS/Tor)
  427. millesimus has left
  428. rafasaurus has left
  429. mh has joined
  430. rafasaurus has joined
  431. millesimus has joined
  432. papatutuwawa has joined
  433. gooya has joined
  434. վարյա has left
  435. MattJ southerntofu, the point is that sslh shouldn't be necessary
  436. TheCoffeMaker has left
  437. MattJ Nor hacky parsing rules
  438. southerntofu thanks to ALPN or thanks to overzealous firewalls disappearing?
  439. djorz has joined
  440. TheCoffeMaker has joined
  441. intosi has left
  442. intosi has joined
  443. MattJ I read your message as "I like ALPN because it makes multiplexing multiple protocols on a single port easier", but multiplexing is only a response to stupid firewalls
  444. southerntofu ah yes it just made my life easier i'm not saying it's a good solution, "community networks" sounds much saner to me that working around filtered networks :p
  445. MattJ Zash's point is that the port number used to serve the purpose that ALPN now is
  446. southerntofu fair
  447. վարյա has joined
  448. Zash and if we wanted to secure that, putting the security between IP and TCP would have magic't everything, but we can't because middleboxxen
  449. MattJ Now we live in a world where we have wasted space in the IP packet because it will eventually be hard-coded to '443'
  450. Zash in the TCP*
  451. Zash IP doesn't have ports, only addreses
  452. fhtest has left
  453. APach has left
  454. Wojtek has left
  455. southerntofu who needs 50k ports when you have many more IPv6 on every ISP-provided subnets? /s
  456. wladmis has left
  457. wladmis has joined
  458. Zash YES, One IPv6 address per application!
  459. Kev Wouldn't it be better to always use just one hostname/IP, and to include what host and service you want in the TLS negotiation? You can do away with DNS completely that way, and we don't need to get DNSSEC universally deployed.
  460. antranigv has joined
  461. Kev So you always just connect to https://8.8.8.8 and you're done.
  462. intosi has left
  463. southerntofu isn't that what SNI is about?
  464. MattJ Hello Cloudflare
  465. jonas’ Hello Matt
  466. jonas’ oh, we're not in the erlang movie? sorry.
  467. Wojtek has joined
  468. atomicwatch has left
  469. pasdesushi has left
  470. wladmis has left
  471. wladmis has joined
  472. antranigv has left
  473. intosi has joined
  474. pasdesushi has joined
  475. mjk > So now the port number has moved into TLS, and became an array of strings handled by OpenSSL. How does _that_ make you feel? It makes me sad... that I miss all the fun by not developing server software :p
  476. mathieui mjk: it is never too late
  477. djorz has left
  478. Wojtek has left
  479. mjk I dipped my toe once, actually. Though the effort back then was spent not on multiplexing services on one addr:port but on figuring out why a sync filesystem operation in an async callback deadlocked my server 🙄
  480. moparisthebest has joined
  481. southerntofu deadlocks are teh worst kind of locks
  482. mjk lol
  483. southerntofu doorlock? just pwn it in case of need. deadlock? you're screwed
  484. TheCoffeMaker has left
  485. southerntofu i'd much rather drill through doorlocks than debug deadlocks thank you very much :D
  486. mjk true
  487. xnamed has joined
  488. mjk the culprit turned out to be ~windows~ an alpha-quality library
  489. TheCoffeMaker has joined
  490. southerntofu always happy to point the finger at windows, trying to hide all those NFS/SSHFS deadlocks under the carpet
  491. mjk aren't we all
  492. southerntofu (seriously though why are networked filesystems so bad? SFTP/SCP works fine but NFS/SSHFS using a desktop environment is teh worst when there's bad network conditions)
  493. Link Mauve southerntofu, this probably comes from the Unix abstraction of files, which defaults to blocking reads.
  494. mjk ...and doing filesystem in the ui thread
  495. Link Mauve If the file system layer isn’t able to provide the data requested by the process, it will block the read() syscall.
  496. southerntofu soooo just try to get "random people" using network shares when it will freeze or otherwise hinder their file browsing experience
  497. southerntofu (last time i tried i learnt that it's perfectly reasonable for nautilus to become unresponsive even to SIGKILL when a networked file system has entered a weird state)
  498. southerntofu (i mean i find that curious but the non-technical user was (understandably) more than frustrated)
  499. mjk at least cifs driver has the option to error out instead of blocking on network problems :)
  500. Link Mauve Yes, being blocked in a syscall means the process won’t ever get scheduled, and thus can’t react to signals.
  501. southerntofu and won't ever return to life even when the network interruption was just a few seconds... great state of things! /s :D
  502. djorz has joined
  503. Link Mauve No, if the fs obtains the data, it should resume and finish the syscall.
  504. southerntofu that's a big "if" apparently...
  505. Link Mauve southerntofu, the issue here is applications’ assumption that reading a file will finish in reasonable time, and thus can avoid async by using blocking syscalls.
  506. southerntofu "should" <-- yes and we should have peace and prosperity for all on this planet, but well..
  507. Link Mauve southerntofu, if you encounter an issue in a driver, please file a bug against it.
  508. antranigv has joined
  509. Link Mauve Same for any other piece of software really. :)
  510. southerntofu i sure try! but i'm not always ready to spend hours trying to debug something, especially when it's not on my machine :P
  511. mjk and we all lived on topic ever after...
  512. Link Mauve Oops, sorry!
  513. southerntofu my bad
  514. mjk or my, we'll never know!
  515. southerntofu let's go back to extremely straightforward federation or whatever XSF stands for ;)
  516. intosi has left
  517. Rixon 👁🗨 has left
  518. Half-Shot has left
  519. Matthew has left
  520. uhoreg has left
  521. homebeach has left
  522. uhoreg has joined
  523. Half-Shot has joined
  524. Matthew has joined
  525. Rixon 👁🗨 has joined
  526. homebeach has joined
  527. antranigv has left
  528. djorz has left
  529. intosi has joined
  530. adiaholic has left
  531. adiaholic has joined
  532. nuron has left
  533. atomicwatch has joined
  534. nuron has joined
  535. ti_gj06 has joined
  536. adiaholic has left
  537. adiaholic has joined
  538. djorz has joined
  539. fhtest has joined
  540. atomicwatch has left
  541. moparisthebest has left
  542. goffi has left
  543. gooya has left
  544. gooya has joined
  545. Rixon 👁🗨 has left
  546. Half-Shot has left
  547. Matthew has left
  548. uhoreg has left
  549. homebeach has left
  550. djorz has left
  551. david has left
  552. APach has joined
  553. atomicwatch has joined
  554. Calvin has joined
  555. uhoreg has joined
  556. Half-Shot has joined
  557. Matthew has joined
  558. homebeach has joined
  559. antranigv has joined
  560. floretta has joined
  561. lskdjf has joined
  562. Fishbowler has left
  563. Fishbowler has joined
  564. Menel has joined
  565. adiaholic has left
  566. fhtest has left
  567. Link Mauve has left
  568. Link Mauve has joined
  569. moparisthebest has joined
  570. papatutuwawa has left
  571. Menel has left
  572. xecks has left
  573. djorz has joined
  574. xecks has joined
  575. Link Mauve has left
  576. Link Mauve has joined
  577. neshtaxmpp has left
  578. neshtaxmpp has joined
  579. Half-Shot has left
  580. homebeach has left
  581. Matthew has left
  582. uhoreg has left
  583. uhoreg has joined
  584. Half-Shot has joined
  585. Matthew has joined
  586. homebeach has joined
  587. moparisthebest thanks for the feedback all, let me see if I can address it: 1. MattJ, jonas’ , I agree expires is strange, I didn't add that though, that's in the RFC, seems reasonable to add an xmpp-specific TTL to be used instead though...1 2. MattJ , https-svc has arbitrary alpn strings... I agree it's a bit strange in the context of xmpp because we are already saying it's directtls or quic outside of that, hmmmmm 3. Link Mauve , I mean xep-0156 "extended" the json format without forking RFC6415, seems fine to me? 4. mjk , Zash , well the alternative is https-svc DNS records, except they can only be used for https so we'd have to fork our own that then would never get widespread deployment enough to use them and also lack of DNSSEC, fwiw this makes me sad too if I missed something please bring it up again...
  588. xnamed has left
  589. iink has joined
  590. Link Mauve moparisthebest, XEP-0156 as it currently is doesn’t extend the RFC, it just describes two @rel values to mean BOSH and WebSocket endpoints respectively.
  591. restive_monk has left
  592. iink has left
  593. xnamed has joined
  594. moparisthebest Link Mauve, RFC6415 says these two things about JRD: > as extensibility is beyond the scope of this specification. > The conversion of any other element is left undefined. I don't interpret either one of those as "you can't add anything" do you?
  595. վարյա has left
  596. վարյա has joined
  597. վարյա has left
  598. վարյա has joined
  599. iink has joined
  600. Link Mauve moparisthebest, given JSON has no concept of namespaces, I would be extremely wary of conflicts here.
  601. moparisthebest I don't think I care, why would anyone be trying to process a rel="..." it didn't understand ?
  602. moparisthebest every json deserializer I've seen explicitly ignores unknown fields for this reason right?
  603. Link Mauve Do they now?
  604. moparisthebest serde_json does
  605. moparisthebest fun fact, the XML in RFC6415 is actually invalid per the XSD, go ahead and try to validate it https://code.moparisthebest.com/moparisthebest/xmpp-proxy/src/branch/master/contrib/host-meta
  606. moparisthebest (could use github.com instead but it's down right now LOL)
  607. karoshi has left
  608. karoshi has joined
  609. Link Mauve You should poke people to create an errata.
  610. restive_monk has joined
  611. BASSGOD has joined
  612. xnamed has left
  613. xnamed has joined
  614. վարյա has left
  615. վարյա has joined
  616. adiaholic has joined
  617. arc has joined
  618. arc But isn't it more fun to leave it as it is?
  619. moparisthebest it's like an easter egg!
  620. iink has left
  621. iink has joined
  622. floretta has left
  623. iink has left
  624. jgart has joined
  625. iink has joined
  626. iink has left
  627. adiaholic has left
  628. վարյա has left
  629. adiaholic has joined
  630. iink has joined
  631. floretta has joined
  632. iink has left
  633. neshtaxmpp has left
  634. neshtaxmpp has joined
  635. iink has joined
  636. Wojtek has joined
  637. iink has left
  638. mdosch has left
  639. ti_gj06 has left
  640. arc If you find it, you win a prize!
  641. iink has joined
  642. rafasaurus has left
  643. millesimus has left
  644. iink has left
  645. iink has joined
  646. arc has left
  647. arc has joined
  648. rafasaurus has joined
  649. millesimus has joined
  650. adiaholic has left
  651. mdosch has joined
  652. arc has left
  653. arc has joined
  654. arc has left
  655. arc has joined
  656. adiaholic has joined
  657. Titi has left
  658. Titi has joined
  659. Menel has joined
  660. adiaholic has left
  661. arc has left
  662. arc has joined
  663. atomicwatch has left
  664. arc has left
  665. arc has joined
  666. վարյա has joined
  667. adiaholic has joined
  668. Daniel has left
  669. ti_gj06 has joined
  670. arc has left
  671. harry837374884 has left
  672. harry837374884 has joined
  673. arc has joined
  674. mjk has left
  675. mjk has joined
  676. arc has left
  677. arc has joined
  678. arc has left
  679. arc has joined
  680. arc has left
  681. arc has joined
  682. Half-Shot has left
  683. homebeach has left
  684. Matthew has left
  685. uhoreg has left
  686. uhoreg has joined
  687. Half-Shot has joined
  688. Matthew has joined
  689. homebeach has joined
  690. rafasaurus has left
  691. վարյա has left
  692. iink has left
  693. Daniel has joined
  694. iink has joined
  695. wgreenhouse has left
  696. վարյա has joined
  697. Guus I believe that Dave has encoded various invitations for drinks in XEPs.
  698. Titi has left
  699. rafasaurus has joined
  700. adiaholic has left
  701. Wojtek has left
  702. Wojtek has joined
  703. վարյա has left
  704. վարյա has joined
  705. rafasaurus has left
  706. L29Ah has left
  707. adiaholic has joined
  708. restive_monk has left
  709. wgreenhouse has joined
  710. djorz has left
  711. alex11 has joined
  712. restive_monk has joined
  713. atomicwatch has joined
  714. wgreenhouse has left
  715. djorz has joined
  716. rafasaurus has joined
  717. Guus has left
  718. Guus has joined
  719. Titi has joined
  720. adiaholic has left
  721. arc has left
  722. arc has joined
  723. arc That is a great rumor to spread
  724. alex11 has left
  725. arc People might actually read them!
  726. APach has left
  727. arc has left
  728. arc has joined
  729. restive_monk has left
  730. krauq has left
  731. restive_monk has joined
  732. pasdesushi has left
  733. krauq has joined
  734. adiaholic has joined
  735. arc Meeting time, who's here?
  736. ralphm Based in fact, I'm sure.
  737. ralphm bangs gavel
  738. ralphm 0. Welcome!
  739. ralphm Who do we have
  740. arc Here
  741. ralphm For some reason you feel closer this week :D
  742. me9 has joined
  743. arc has left
  744. arc has joined
  745. jcbrand Hi
  746. adiaholic has left
  747. arc Its 10:00 a.m. this week, so I am more awake
  748. arc has left
  749. ralphm Nice
  750. arc has joined
  751. ralphm Any items for today?
  752. arc has left
  753. arc has joined
  754. arc has left
  755. arc has joined
  756. arc Not that I'm aware of
  757. arc has left
  758. ralphm The only thing that was raised to me was a message from emus about GSoC financials, but I don't think Board has to be involved and that he can do this directly with Peter.
  759. arc has joined
  760. wgreenhouse has joined
  761. MattJ o/
  762. arc has left
  763. arc has joined
  764. arc I agree
  765. ralphm hey MattJ, you got anything?
  766. arc has left
  767. MattJ I don't think so, no
  768. arc has joined
  769. ralphm Easy peasy.
  770. MattJ (I mean, only covid... :) )
  771. ralphm Ow. Be well, sir!
  772. ralphm 1. Date of Next
  773. ralphm +1W
  774. ralphm 2. Close
  775. ralphm Thanks all!
  776. MattJ wfm, thanks!
  777. ralphm bangs gavel
  778. arc has left
  779. arc has joined
  780. ralphm As you were!
  781. arc has left
  782. arc has joined
  783. rafasaurus has left
  784. rafasaurus has joined
  785. millesimus has left
  786. arc Hey so does daylight savings happen in Europe next week?
  787. adiaholic has joined
  788. wgreenhouse has left
  789. mjk > thanks for the feedback all, let me see if I can address it: > 1. MattJ, jonas’ , I agree expires is strange, I didn't add that though, that's in the RFC, seems reasonable to add an xmpp-specific TTL to be used instead though...1 > 2. MattJ , https-svc has arbitrary alpn strings... I agree it's a bit strange in the context of xmpp because we are already saying it's directtls or quic outside of that, hmmmmm > 3. Link Mauve , I mean xep-0156 "extended" the json format without forking RFC6415, seems fine to me? > 4. mjk , Zash , well the alternative is https-svc DNS records, except they can only be used for https so we'd have to fork our own that then would never get widespread deployment enough to use them and also lack of DNSSEC, fwiw t > if I missed something please bring it up again...
  790. Zash arc: I think so. Last Sunday in March afaik
  791. mjk .
  792. arc has left
  793. arc has joined
  794. arc That should be clearly mentioned at the end of the meeting, if we're adjusting meeting time relative to UTC
  795. mjk moparisthebest: > if I missed something please bring it up again... The "ips" field! It lists IP addresses, not internet protocols! "addr(esse)s" plz :)
  796. Titi has left
  797. arc Google calendar says time remains the same for next week
  798. arc has left
  799. Half-Shot has left
  800. homebeach has left
  801. Matthew has left
  802. uhoreg has left
  803. uhoreg has joined
  804. Half-Shot has joined
  805. Matthew has joined
  806. homebeach has joined
  807. arc has joined
  808. moparisthebest mjk: ah sorry thanks, https-svc has these too but calls them "ip4hint" and "ip6hint" ...
  809. mjk Hmm
  810. debacle has left
  811. MattJ I always find "address" to be ambiguous - does it accept an IP address, hostname? or both?
  812. MattJ We have a few of those "slots" in XEPs
  813. emus > ralphm escribió: > The only thing that was raised to me was a message from emus about GSoC financials, but I don't think Board has to be involved and that he can do this directly with Peter. I was still not able to find a working contact. Thats a general issue with IDs in the wiki. foreigners seem to be blocked
  814. ralphm arc: indeed, DST change in Europe is on March 27 this year.
  815. millesimus has joined
  816. emus Maybe someone can send him my a message and to contact me
  817. ralphm I sent you his e-mail address
  818. L29Ah has joined
  819. rafasaurus has left
  820. rafasaurus has joined
  821. moparisthebest mjk, https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html#section-7.4 sorry it's "ipv4hint" and "ipv6hint"
  822. moparisthebest is there a reason to differentiate between v4 and v6 ? I'm wildly guessing they do in DNS because everything is binary and with a defined length, in json seems like you could just look at them
  823. homebeach has left
  824. Matthew has left
  825. Half-Shot has left
  826. uhoreg has left
  827. uhoreg has joined
  828. Half-Shot has joined
  829. Matthew has joined
  830. homebeach has joined
  831. Kev has left
  832. Kev has joined
  833. millesimus has left
  834. millesimus has joined
  835. wgreenhouse has joined
  836. djorz has left
  837. marc0s has left
  838. marc0s has joined
  839. lukasf has left
  840. adiaholic has left
  841. emus ralphm: thx
  842. wgreenhouse has left
  843. flow has left
  844. adiaholic has joined
  845. flow has joined
  846. rion has joined
  847. Steve Kille has left
  848. wgreenhouse has joined
  849. Steve Kille has joined
  850. L29Ah has left
  851. wgreenhouse has left
  852. restive_monk has left
  853. harry837374884 has left
  854. goffi has joined
  855. mjk > in json seems like you could just look at them Yeah, the mixed bag seemed fine to me as is
  856. Kev has left
  857. Daniel has left
  858. harry837374884 has joined
  859. Kev has joined
  860. Daniel has joined
  861. mjk MattJ: > I always find "address" to be ambiguous - does it accept an IP address, hostname? or both? To me, addresses, if referring to hostnames, are more of a user-facing term, whereas addresses at protocol level seem unambiguously referring to numeric things. But maybe just me ¯\_(ツ)_/¯
  862. iink has left
  863. Wojtek has left
  864. iink has joined
  865. mjk Anyway, "iphints" sounds more-or-less fine to me too :)
  866. moparisthebest Https-svc calls them hints because you might look up the domain name otherwise later and I'm explicitly not supporting that
  867. iink has left
  868. moparisthebest Here it's "you should connect directly to these IPs and nothing else"
  869. moparisthebest Maybe "ipdemands" hehe
  870. iink has joined
  871. pasdesushi has joined
  872. Paganini has left
  873. brunrobe has left
  874. Mjolnir Archon has left
  875. Maranda has left
  876. wgreenhouse has joined
  877. Mjolnir Archon has joined
  878. Maranda has joined
  879. brunrobe has joined
  880. floretta has left
  881. Paganini has joined
  882. jcbrand has left
  883. ti_gj06 has left
  884. wgreenhouse has left
  885. arc has left
  886. arc has joined
  887. wgreenhouse has joined
  888. harry837374884 has left
  889. harry837374884 has joined
  890. floretta has joined
  891. atomicwatch has left
  892. atomicwatch has joined
  893. djorz has joined
  894. wgreenhouse has left
  895. flow has left
  896. mjk "ipaddrs" it is, and sorry for all the bikeshedding
  897. moparisthebest "connectables"
  898. moparisthebest make no one happy... :)
  899. mjk "endpoints", if we were to be deliberately ambiguous, but sound modern and jsony!
  900. lukasf has joined
  901. L29Ah has joined
  902. wgreenhouse has joined
  903. Ingolf has left
  904. restive_monk has joined
  905. wgreenhouse has left
  906. Yagiza has left
  907. wgreenhouse has joined
  908. ti_gj06 has joined
  909. wladmis has left
  910. wladmis has joined
  911. restive_monk has left
  912. wgreenhouse has left
  913. wgreenhouse has joined
  914. wgreenhouse has left
  915. wgreenhouse has joined
  916. restive_monk has joined
  917. Titi has joined
  918. wgreenhouse has left
  919. restive_monk has left
  920. eevvoor has left
  921. eevvoor has joined
  922. wladmis has left
  923. wladmis has joined
  924. Kev has left
  925. qy Say, mod_onions allows tor federation, but only for servers that enable it. Why not iterate that, and have a way to hop to a tor-enabled server and then on to the target?
  926. L29Ah has left
  927. qy Because: > Come to think of it (from talking to wgreenhouse about briar earlier), if you just package prosody with mod_onions, tor, and a client, you got a free p2p chat app
  928. Titi has left
  929. Kev has joined
  930. bean has joined
  931. moparisthebest MattJ, Zash how does that check incoming s2s? is https://hg.prosody.im/prosody-modules/file/824b0d7fa883/mod_onions/mod_onions.lua#l268 called? if so it's wrong :/
  932. moparisthebest qy, seamless secure federation between .onion servers and public net servers is an explicit near-future goal for xmpp-proxy, as well as documenting best practices for .onion federation which I don't think has been done before
  933. qy Neat
  934. restive_monk has joined
  935. moparisthebest both handling .onion JIDs and public servers with .onion endpoints in SRV or whatever, which... are subtely different
  936. Sam I've thought about writing an informational XEP about that a handful of times, but don't have enough experience with it. I'd love to see one written up.
  937. moparisthebest I don't know about anyone else but I can never work out the fine details until I write the code, so that has to come first for me :P
  938. qy I don't even know how this would theoretically work, but i'm sure it could
  939. MattJ moparisthebest, I've been assured by multiple people in the past that it's not wrong. But I've never used nor worked on that module.
  940. moparisthebest from what I've thought about so far, my plan is requiring all .onion domains to have a TLS certificate, *any* TLS certificate (ignore names, expiration date, everything), when connecting *to* one (as a client, or s2s-out), just accept it if you are connecting to a .onion the tricky part is s2s *in*, where you get handed a cert and told an .onion is connected to you, my proposal there is to make an *outgoing* connection to the .onion, and trust the certificate only if the incoming one is exactly the same as the one you got making the outgoing connection
  941. MattJ Looks like it hasn't changed at all for years
  942. moparisthebest MattJ, that's fine for outgoing, but is it ran for incoming?
  943. moparisthebest incoming as in sasl external authentication
  944. guus.der.kinderen has joined
  945. wgreenhouse has joined
  946. MattJ It would apply to both, unless there's a reason it doesn't
  947. MattJ Not a helpful statement, I know
  948. Daniel has left
  949. moparisthebest if so, that means anyone can connect to a prosody server with that loaded, present *any* certificate, claim to be from "bob.onion" and start spamming your users
  950. MattJ That's how it would read, yes
  951. moparisthebest you'd never get responses back I guess, unless you could trick it into bidi
  952. mjk Seems so, yes, unless there's some other check that the connection is coming from localhost
  953. djorz has left
  954. moparisthebest that sounds like an awesome spam tool :D
  955. moparisthebest anyone have a public server with that loaded that wants to give me permission to poke at it ? :)
  956. Tobias has left
  957. Zash Hello, I just came by to say: You got it all wrong. Now back to watching comedy! Bye
  958. Tobias has joined
  959. mjk > some other check that the connection is coming from localhost Wait no, that's stupid too. With all the nginxes and sslhes
  960. moparisthebest well, good :)
  961. qy > moparisthebest wrote: > from what I've thought about so far, my plan is requiring all .onion domains to have a TLS certificate, *any* TLS certificate (ignore names, expiration date, everything), when connecting *to* one (as a client, or s2s-out), just accept it if you are connecting to a .onion > the tricky part is s2s *in*, where you get handed a cert and told an .onion is connected to you, my proposal there is to make an *outgoing* connection to the .onion, and trust the certificate only if the incoming one is exactly the same as the one you got making the outgoing connection So really, just shifting from name-based routing to cryptokey routing
  962. վարյա has left
  963. վարյա has joined
  964. qy > Zash wrote: > Hello, I just came by to say: You got it all wrong. Now back to watching comedy! Bye Thanks fermat
  965. alacer has joined
  966. wgreenhouse has left
  967. moparisthebest qy, I mean it's still name-based, you just need TLS to validate incoming connections
  968. moparisthebest .onion only provides authenticity when you are connecting *to* it
  969. qy Right, yeah
  970. jcbrand has joined
  971. mjk If only Tor provided a virtual interface where incoming onion connections would be coming from something like 10.x.x.x, and the reverse lookup would yield the onion name...
  972. qy Why specifically TLS, though? Any asymmetric key would do, a TLS tunnel is superfluous over tor
  973. qy mjk: That is doable actually
  974. qy TRANSPort
  975. moparisthebest qy, "when you have a hammer everything looks like a nail"
  976. mjk qy: it is, just not the default conf
  977. qy Lol
  978. BASSGOD has left
  979. moparisthebest mjk, qy, tor doesn't even have a concept of "making an outgoing connection from a .onion domain" does it?
  980. qy Not as i'm aware
  981. iink has left
  982. mjk Hmm right
  983. moparisthebest another secure thing to do would be to do dialback over tor
  984. moparisthebest but... who wants to do that
  985. mjk goes back to the drawing board
  986. moparisthebest I feel like the already documented "same cert" hack is the best+easiest, and works with anything that provides outgoing-authenticity, onionv2, onvionv3, i2p, what else?
  987. qy In my mind anyway, the hard part is clearnet->onion routing. A fresh prosody knows nothing about remote servers that can marshall over to tor, until an incoming connection _from_ tor
  988. qy So without mod_onions you can't make that iteration
  989. Sam Was this for onion->onion S2S connections? I wonder if you could just use onion service client authorization and tell the XMPP server to use the same keypair as the service. You'd then validate that they match the descriptor of the onion service when you connect to it (or if you've already connected to it and it's dialing you back), no TLS certs involved?
  990. Titi has joined
  991. moparisthebest near-term xmpp-proxy will have a config box for you to put the socks5 server+port of your local tor daemon
  992. moparisthebest future xmpp-proxy will (optionally) bundle tor's new rust library and just handle it itself
  993. moparisthebest tor is being rewritten in rust with the explicit goal of being an easily embeddable library, it just isn't there yet
  994. iink has joined
  995. qy Well that would simplify a lot, just shove tor into prosody :p
  996. moparisthebest "problem solved" :)
  997. qy _dusts hands_
  998. wgreenhouse has joined
  999. Daniel has joined
  1000. mjk Are there Rust libraries for generating Lua bindings? :3
  1001. moparisthebest all bindings are C, you can generate C libraries from Rust, and use them from Lua
  1002. Link Mauve mjk, yes, see the mlua crate for instance.
  1003. mjk Can't rust expose 'extern "C"' functions?
  1004. moparisthebest yes that's what I mean
  1005. mjk Aha
  1006. mjk Then I'm content
  1007. Kev has left
  1008. Zash (So FTR: `return true` just means "validation has completed", but it doesn't record the certificate validation results, so they stay unknown and it'll probably go do Dialback)
  1009. Kev has joined
  1010. Link Mauve mlua is more pleasant to use than the C Lua API though.
  1011. moparisthebest Zash, ah right!, no session.secure = true, thanks!
  1012. BASSGOD has joined
  1013. moparisthebest so prosody mod_onions requires dialback then
  1014. Zash Rather it's _not_ setting the certificate chain and identity validation properties like https://hg.prosody.im/trunk/file/0.12.0/plugins/mod_s2s_auth_certs.lua
  1015. mjk > mlua is more pleasant to use than the C Lua API though. Anything is more pleasant than keeping half the stack in your head..
  1016. ti_gj06 has left
  1017. MattJ Pushed a comment to mod_onions, thanks Zash
  1018. Ingolf has joined
  1019. MattJ I know this isn't the first time you've explained it, but hopefully now it can be the last ;)
  1020. moparisthebest haha thanks :) mini heart attack averted
  1021. ti_gj06 has joined
  1022. wgreenhouse has left
  1023. arc has left
  1024. arc has joined
  1025. arc has left
  1026. arc has joined
  1027. L29Ah has joined
  1028. jcbrand has left
  1029. wgreenhouse has joined
  1030. lukasf has left
  1031. arc has left
  1032. arc has joined
  1033. arc has left
  1034. arc has joined
  1035. lukasf has joined
  1036. wgreenhouse has left
  1037. wladmis has left
  1038. wladmis has joined
  1039. L29Ah has left
  1040. me9 has left
  1041. guus.der.kinderen has left
  1042. djorz has joined
  1043. վարյա has left
  1044. wgreenhouse has joined
  1045. druthid has left
  1046. druthid has joined
  1047. վարյա has joined
  1048. restive_monk has left
  1049. wgreenhouse has left
  1050. BASSGOD has left
  1051. iink@xmpp.is has joined
  1052. wgreenhouse has joined
  1053. iink@xmpp.is has left
  1054. Titi has left
  1055. goffi has left
  1056. BASSGOD has joined
  1057. L29Ah has joined
  1058. wgreenhouse has left
  1059. BASSGOD has left
  1060. BASSGOD has joined
  1061. alacer has left
  1062. iink has left
  1063. msavoritias has left
  1064. emus A new post on GSoC to promote our ideas again: https://fosstodon.org/@xmpp/107974022090404224 https://twitter.com/xmpp/status/1504571740650934283
  1065. Apollo has joined
  1066. Apollo has left
  1067. Apollo has joined
  1068. wgreenhouse has joined
  1069. Titi has joined
  1070. Apollo has left
  1071. atomicwatch has left
  1072. Tobias has left
  1073. Tobias has joined
  1074. xecks has left
  1075. mjk has left
  1076. restive_monk has joined
  1077. antranigv has left
  1078. mjk has joined
  1079. arc has left
  1080. arc has joined
  1081. xecks has joined
  1082. neshtaxmpp has left
  1083. neshtaxmpp has joined
  1084. Kev has left
  1085. Kev has joined
  1086. pasdesushi has left
  1087. neshtaxmpp has left
  1088. neshtaxmpp has joined
  1089. Tobias has left
  1090. mjk has left
  1091. floretta has left
  1092. floretta has joined
  1093. Titi has left
  1094. bean has left
  1095. ti_gj06 has left
  1096. debacle has joined
  1097. jcbrand has joined
  1098. intosi has left
  1099. intosi has joined
  1100. Alex has left
  1101. Ingolf has left
  1102. intosi has left
  1103. Ingolf has joined
  1104. intosi has joined
  1105. restive_monk has left
  1106. intosi has left
  1107. me9 has joined
  1108. Friendly Resident Cynic has left
  1109. Friendly Resident Cynic has joined
  1110. alex11 has joined
  1111. restive_monk has joined
  1112. antranigv has joined
  1113. arc has left
  1114. arc has joined
  1115. intosi has joined
  1116. adiaholic has left
  1117. adiaholic has joined
  1118. antranigv has left
  1119. djorz has left
  1120. djorz has joined
  1121. Kev has left
  1122. Kev has joined
  1123. Half-Shot has left
  1124. homebeach has left
  1125. Matthew has left
  1126. uhoreg has left
  1127. uhoreg has joined
  1128. Half-Shot has joined
  1129. Matthew has joined
  1130. homebeach has joined
  1131. djorz has left
  1132. intosi has left
  1133. Menel has left
  1134. me9 has left
  1135. Thilo Molitor has left
  1136. Thilo Molitor has joined
  1137. BASSGOD has left
  1138. neshtaxmpp has left
  1139. neshtaxmpp has joined
  1140. BASSGOD has joined
  1141. wurstsalat has left
  1142. Vaulor has left
  1143. neshtaxmpp has left
  1144. neshtaxmpp has joined
  1145. djorz has joined