XSF Discussion - 2022-11-24

  1. emus

    edhelas: let us know your feedback.once your have reviewed!

  2. jonas’

    feedback.once would be a great domain name for throwaway accounts

  3. jonas’

    I also would not want to run it

  4. Alastair Hogge

    😂🤣😂🤣 that is a great idea

  5. emus

    ^^ my onscreen keyboard has a narrow spacebar :-)

  6. edhelas

    emus Looks interesting, I just asked a small question MattJ regarding the fundraising restrictions, I currently have a Patreon

  7. emus


  8. edhelas

    I have another small question related to MUC

  9. edhelas

    If I receive a chat message from a MUC and that I am considered disconnected, should I guess that I'm still connected ?

  10. edhelas

    (it's a bit like a reversed Shrödinger :p)

  11. flow

    hmm good question, I wonder if there is a "Am I still joined" query clients could perform

  12. Ge0rG

    edhelas: the matrix bridge used to ignore presence-unavailable sent to it.

  13. Ge0rG

    edhelas: I documented the ways in https://xmpp.org/extensions/xep-0410.html#selfpresencecheck

  14. Ge0rG

    meanwhile, we got GC 1.0 joins banned from most server implementations! \o/

  15. edhelas

    I have the issue with biboumi actually, I'll have to investigate the logs, but looks like I receive some disconnection presence, but still be connected behind

  16. Ge0rG

    edhelas: biboumi also has configurable persistent rooms, so it stays joined even if you disconnect from the bridge, and it used to have issues with multiple clients connected at the same time

  17. Ge0rG

    edhelas: maybe there are also issues with Carbons of messages on your end

  18. Daniel

    Is ```foo@bar ``` trailing space a valid jid?

  19. Zash

    Is tripple backquotes used as span valid?

  20. singpolyma

    No. Spaces not allowed in domainpart

  21. Zash

    Spaces are allowed in nameprep, but not in DNS. HAVE FUN!

  22. Zash

    As in, IDNA will be unhappy about spaces

  23. Daniel

    What about unqualified hostname ie text labels that can be resolved on a local network?

  24. Daniel

    What about unqualified hostnames ie text labels that can be resolved on a local network?

  25. Zash

    Which RFCs are you thinking of? The dejure or defacto ones? :)

  26. Fishbowler

    RFC-7622 says it needs to be a valid FQDN or IP address, but couches that FQDN isn't a properly defined term. It also refers to RFC-5890, which does get specific about character sets, but I've not properly parsed them.

  27. Daniel

    I'm reading 7622

  28. Zash

    https://www.rfc-editor.org/rfc/rfc3491#section-5 note the absense of 'Table C.1.1' which is the one containing regular space https://www.rfc-editor.org/rfc/rfc3454#appendix-C

  29. Zash

    Daniel, > The domainpart for every XMPP service MUST be a fully qualified > domain name (FQDN), an IPv4 address, an IPv6 address, or an > *unqualified hostname* (i.e., a text label that is resolvable on a > local network).

  30. Zash


  31. flow

    s/FQDN/DNS name/

  32. flow

    also https://www.rfc-editor.org/errata/eid5769

  33. Zash

    7622 points to IDNA2008 which points to STRINGPREP which defines nameprep which does not forbid 0x20 in its output.

  34. Daniel

    So it's a valid jid?

  35. flow

    at least we can not come up (yet) with something that forbids "bar " as domainpart

  36. flow

    if leading and trailing spaces in domainpart are sensible is another question (I want to say, no)

  37. Zash

    You can't look up such a domain in DNS tho, because something somewhere in IDNA2008 forbids that

  38. Zash

    Suddenly too dizzy for reading RFCs.

  39. Zash

    And still waiting for https://unicode-org.atlassian.net/browse/ICU-11981 for Prosody :/

  40. Daniel

    We've asked a dozen xmpp libraries if a single space is a valid xmpp address and here are the results. 🥁

  41. flow

    jxmpp's string-testframework only reports rocks-xmpp-precis rejecting "foo@bar " as jid

  42. flow

    that said, simply always trim user-provided JID strings and hope for the best when encountering them over the wire

  43. flow

    and I think there must be somting prevting whitespace in U-labels

  44. flow

    the protocol laywer in me wants to find out, but first SIGFOOD

  45. Zash

    Catch 22: Must have energy to make food. Must have food to have energy.

  46. flow

    so U+0020 is IDNA2008 disallowed

  47. flow


  48. flow

    which makes it invalid in U-labels

  49. flow

    assuming a domainpart can be either (A) a DNS name, (B) an IP address or (c) a "hostname"

  50. flow

    we just established that spaces are not allowed in (A)

  51. flow

    no production of IP addresses allows spaces, so it's also not (C)

  52. flow

    no production of IP addresses allows spaces, so it's also not (B)

  53. flow

    which only leaves C, but since hostnames are often modelled after DNS names, it should be also safe to say that spaces are there not allowed

  54. Zash

    I would imagine a "hostname" to be a single U-label or somesuch

  55. flow

    I think most Unixes allow hostname to be longer than DNS labels are allowed to be

  56. flow

    But every sane person would choose a hostname that qualifies as U-label (if not A-label)

  57. mjk

    7622's ABNF says > domainpart = IP-literal / IPv4address / ifqdn > ifqdn = 1*1023(domainbyte) > ; a "domainbyte" is a byte used to represent a > ; UTF-8 encoded Unicode code point that can be > ; contained in a string that conforms to RFC 5890 so, whatever the _meaning_ of "ifqdn" is, I think it's pretty clear that it only allows IDNA chars

  58. mjk

    but I dunno if ABNF comments are normative ;)

  59. mjk

    but I dunno if comments in ABNF are normative ;)

  60. Ge0rG

    flow [19:32]: > But every sane person would choose a hostname that qualifies as U-label (if not A-label) Are you calling pentesters insane?

  61. Zash

    Or regular old QA testers?

  62. Ge0rG

    And once we are through U+20, there is the non breaking space and the invisible space as well!

  63. Zash

    those are forbidden for real tho

  64. Ge0rG

    Nobody forbade space because it's so obviously wrong?

  65. mjk


  66. moparisthebest

    There's "forbidden" and there's "technically allowed but so likely to cause issues everywhere no one should do it"

  67. moparisthebest

    I recall once dealing with a poor lady who's email was something like "Mary.O'Brien@domain.com" and you wouldn't believe the problems she had

  68. moparisthebest

    On the other hand she found many a SQL injection vulnerability...

  69. Zash

    Thank glob we have stricter rules for addresses than email :9

  70. Zash

    Thank glob we have stricter rules for addresses than email :)

  71. singpolyma

    Has there ever been a proposal for a disco feature to say "doesn't expect chats"?

  72. Zash

    Not that I can recall.

  73. Zash

    Some complain that the baseline feature set of XMPP is too sparse, and here I too wish basic messaging was opt-in too. :)

  74. Zash

    singpolyma, what's your use case?

  75. singpolyma

    Zash: being able as a client to default to something other than chat ui for contacts that don't take chats, which includes most but not all components

  76. Zash

    It would be good, but does it make sense to advertise negative features?

  77. Zash

    I note that Converse.js won't show a message input box if you open a chat with a host jid (without localpart), which made it awkward when I made a chat interface for pubsub

  78. singpolyma

    Zash: yeah, I'd like to avoid "just assuming" for exactly that kind of reason

  79. singpolyma

    I can't really think of another negative feature that makes sense

  80. singpolyma

    It's basically a UI hint

  81. Zash

    Explicit > implicit