-
imsxm15
Hello where can i find a list of public canal that I can add ?
-
Menel
Hi imsxm15, some are listed here: https://search.jabber.network
-
alom
Anybody know of an xmpp client for windows that has support for video/audio calls? I dont understand why this should be so hard to find... I found a Dino Windows version here but its not from the official Dino repositories so am hesitant to use it: https://github.com/LAGonauta/dino/releases
-
MattJ
alom, Dino for Windows or Movim (web)
-
alom
MattJ: Thanks this is also what I found. I want an installed client and not web. So it seems am left with an unofficial Dino version for windows. Well you dont seem to have any problem with it so I guess its fine👍 I was just worried it could be malware in disguise or simply not secure/buggy/lack of updates
-
edhelas
Movim is a progressive Web App, you can also "install" it on your OS :) /ads
-
alom
edhelas: Oh ok, thank you so much!😊👍
-
edhelas
Same on Android, and there's push notification and a few other "native" features that comes with it
-
alom
edhelas: Ok! Well I like conversations and cheogram on android so guess I will stick with that there🙂
-
edhelas
XMPP, the power of choice ✨
-
alom
edhelas: Right, nice one!😂😂
-
Daniel
xep-0333 is one of the widest implemented XEPs that currently is non-stable (deferred even). I intent to bring this to stable over the coming months. Here is my current proposal on how to achieve that: https://gultsch.de/files/xep-0333.html
-
Daniel
(tldr: remove everything but <displayed/>)
-
emus
Daniel: 👍 I wish we could have more statements like this on our media and show activity. But I would need help for formulation
-
Andrzej
Daniel, what is reasoning behind removing <received/>? I wonder as I preferred this approach over XEP-0184. I know that with 333 we are losing information that particular message was delivered but I’m not sure people actually expect that or rather expect if „last message” was received/displayed what we get with 333
-
Daniel
two reasons. a) I think for reliability tracking a lot of people prefer per message tracking b) 184 is widely deployed and realistically not going to go away
-
Andrzej
I didn’t see harm in having both in 333 as I’ve sent in clients <received/> from 333 and 184 in a single stanza (when it was possible)
-
Daniel
> I didn’t see harm in having both in 333 as I’ve sent in clients <received/> from 333 and 184 in a single stanza (when it was possible) right. Conversations does that. but when implemented that way you literally are just replicating 184
-
Andrzej
not really, I’ve did 333 only for „live” messages or for last message from the MAM archive if I recall
-
Andrzej
I did 184 for each message as I’ve had 184 implementation before and was hoping to deprecate it from my clients
-
Zash
How would you notice a message in the middle disapearing into the void then?
-
Zash
> (tldr: remove everything but <displayed/>) 👍
-
Andrzej
I’m aware that I wouldn’t get when some message would be lost
-
Andrzej
However, with 184 you may not get ack, if I’m correct, when it was sent to the user when he was offline and user’s client only relies on MAM to sync history (XEP-0184, 5.5). In this case you should assume that those messages were not delivered and that is also not good…
-
singpolyma
I agree that 0333 received never made sense to me, not sure where I would use that. I know probably no one is implementing acknowledged but it seems safe to keep and the semantics make sense?
-
MattJ
At the time '333 was discussed, acknowledged was certainly requested by some folk in certain industries where it's important
-
MattJ
Whether they ended up using it, I don't know
-
Zash
Today reactions may fill that role?✎ -
MattJ
I'm also in favour of not duplicating '184, I think the per-message receipts with per-conversation display markers is a good balance between the two models
-
Zash
Today reactions may fill that role (explicit ack)? ✏
-
singpolyma
Zash: reactions can be a hack for ack, but it doesn't have the same semantics so I'm loathe to consider it a full replacement
-
singpolyma
I honestly thing 184 per-message receipts and what make 0333 "up to" displayed markers work at all. Otherwise you have no idea what actually came before this?
-
singpolyma
I guess if all three links have sane sm on them you shouldn't need 184, but that's not where we live today
-
Daniel
> I honestly thing 184 per-message receipts and what make 0333 "up to" displayed markers work at all. Otherwise you have no idea what actually came before this? +1
-
moparisthebest
MattJ: I'm not clear at all which one the XSF uses, did you see https://opencollective.com/opensource/updates/regarding-the-announcement-to-dissolve-open-collective-foundation ?
-
singpolyma
XSF doesn't use any, XSF is its own
-
MattJ
^
-
singpolyma
you can use XSF instead of OCF
-
singpolyma
(if we let you)
-
MattJ
It's very confusing, but it does not affect the XSF or any of our projects
-
moparisthebest
MattJ, singpolyma: what's https://opencollective.com/xmpp
-
singpolyma
moparisthebest: that is the XSF
-
MattJ
opencollective.com != The Open Collective Foundation
-
MattJ
This is what's shutting down: https://opencollective.com/foundation
-
moparisthebest
You are right it's very confusing lol, but ok glad we aren't affected :)
-
MattJ
i.e. an alternative to the XSF
-
TheCoffeMaker
Don't know if here is the right place to share this, but I think u will find it interesting (from Meta): > "Taking the example of WhatsApp, third-party clients will connect to WhatsApp servers using our protocol (based on the Extensible Messaging and Presence Protocol – XMPP). The WhatsApp server will interface with a third-party server over HTTP in order to facilitate a variety of things including authenticating third-party users and push notifications." https://engineering.fb.com/2024/03/06/security/whatsapp-messenger-messaging-interoperability-eu/
-
singpolyma
xmpp for c2s, http for s2s
-
moparisthebest
"our protocol (based on...)" Gives me some pause, also why should my clients connect there instead of my server
-
moparisthebest
I assume because that gives them a bunch more data to sell
-
TheCoffeMaker
> I assume because that gives them a bunch more data to sell this ↺
-
singpolyma
> This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp haha, opted-in 🙃
-
emus
🙈
-
singpolyma
moparisthebest: well, I expect they won't let you connect from a server mostly due to e2ee preservation bs
-
MSavoritias fae.ve
also they dont want to bother with keeping up with standards
-
MSavoritias fae.ve
and dealing with spam/abuse from other servers
-
moparisthebest
"hi this is the XSF, we'd like to opt in for the entire public XMPP network, so just turn on S2S on your end kthx"
-
MSavoritias fae.ve
from what i have seen from my partner whatsapp has less spam than the federated xmpp network as it currently stands
-
MSavoritias fae.ve
so i would expect facebook and people that use whatsapp to object to that
-
singpolyma
meta products hide all the spam in a different ui place. I get lots on messenger but I never see it
-
moparisthebest
> from what i have seen from my partner whatsapp has less spam than the federated xmpp network as it currently stands MSavoritias fae.ve: are they in public channels? Do those even exist in WhatsApp? ↺
-
MSavoritias fae.ve
no idea
-
MSavoritias fae.ve
> meta products hide all the spam in a different ui place. I get lots on messenger but I never see it that sounds like the moderation panel from yesterday :D
-
singpolyma
> When a third-party user registers on WhatsApp or Messenger,
-
moparisthebest
100% of XMPP spam is on public channels though
-
MSavoritias fae.ve
i dont see why public channels have to make spam worse
-
MSavoritias fae.ve
if they do its a failure of moderation tools
-
singpolyma
moparisthebest: uh, most spam is 1:!✎ -
singpolyma
moparisthebest: uh, most spam is 1:1 ✏
-
moparisthebest
Not in XMPP in my experience
-
singpolyma
I don't think any meta product has public channels
-
MattJ
moparisthebest, Your experience is (surprise!) subjective :)
-
singpolyma
moparisthebest: it's just a statistical fact. spam on 1:! outnumbers MUC spam by over 100:1✎ -
singpolyma
moparisthebest: it's just a statistical fact. spam on 1:1 outnumbers MUC spam by over 100:1 ✏
-
moparisthebest
I get a ton of 1:1 spam with SMS and email
-
MSavoritias fae.ve
i have blocked sms from non contacts at this point
-
MSavoritias fae.ve
email is thing i want to delete at some point. if only for guix using email :/
-
singpolyma
despite all the caveats, this meta thing is still interesting. but someone(tm) is gonna have to actually try the process with them. I guess we'll start by seeing what the requirements docuement says
-
MattJ
moparisthebest, your JID is either on the spammers' lists or it isn't. If it isn't, you'll obviously get zero spam, and JIDs are not enumerable like phone numbers are.
-
moparisthebest
That's the strange part though, my jid is actually public on xmpp.org and years and years ago I got a bunch of 1:1 spam but not again
-
moparisthebest
Family/friends I have on XMPP have never seen spam
-
singpolyma
you're the lucky ones then :)
-
singpolyma
admittedly spam on xmpp is currently not very sophisticated
-
MSavoritias fae.ve
yeah i wish i was that lucky
-
MattJ
There are at least two different lists around - for each spam wave generally one set of users or a second set of users will receive the spam (from, we believe, different spammers)
-
MSavoritias fae.ve
its waves personally
-
MattJ
The wave that started a few weeks ago has been targeting user accounts that haven't been targeted for a long time, which is why everyone is suddenly caring about it again
-
moparisthebest
Is it only XSF members or are your family/friends also getting them?
-
MattJ
It's far from only XSF members
-
singpolyma
but more likely to get spam as a longer-time user of course than on a fresh jid
-
MattJ
My own family don't receive spam, but I've heard from people who do have that problem
-
singpolyma
I get spam to lots of jids that don't even exist but are email addresses, so they're sharing lists with someone
-
singpolyma
🍯
-
MattJ
🤫
-
moparisthebest
It's likely my family have never shared their JID with anyone but it's the same as their email and they have certainly shared that
-
MattJ
Maybe you have mod_block_strangers? or mod_firewall with the anti-spam ruleset in prosody-modules?
-
Daniel
> My own family don't receive spam, but I've heard from people who do have that problem Yes my family members receive spam and they never published their jid anywhere
-
Daniel
But it is the same address as their semi public email address
-
singpolyma
yeah. sharing jid spam with email spam lists is definitely happening some
-
moparisthebest
No blocking here except to the kid's JIDs, but then I'd get a message that someone spammed them and I haven't either
-
moparisthebest
You all need to be more explicit 🤣 you said "spam" and I thought we were just talking about MUC trolls, oops
-
singpolyma
nah, I honestly barely consider any of the MUC abuse we've seen as spam. I'm not sure any of it is even automated yet
-
singpolyma
whereas the 1:1 spam is clearly automated
-
MattJ
Yeah, same, when I say "spam" I'm generally referring to the mass 1:1 spam that resembles email spam
-
MattJ
Not MUCs, though we occasionally see manual MUC spam (which I also consider separate to flooding)
-
moparisthebest
Having not had 1:1 spam since 2016 or whatever I would never have imagined that's what you meant haha
-
TheCoffeMaker
none of my users are having spam issues... maybe it's linked to server's popularity and jid using simple words and not fantasy nick names picked by users
-
meson
> are they in public channels? Do those even exist in WhatsApp? afaik WhatsApp only knows private groups, they only become public if the invite link becomes publicly shared. The invite link can be invalidated at any time by the group admin however.
-
MSavoritias fae.ve
sounds like that invite xep that gets shared around
-
meson
Then there a read-only broadcast channels and so called "communities", which just bundle several related group chats together.✎ -
meson
Then there read-only broadcast channels and so called "communities", which just bundle several related group chats together. ✏
-
MattJ
TheCoffeMaker, it's not linked to server popularity - I am the only person on this domain and I receive spam
-
TheCoffeMaker
🙇️
-
MattJ
Again, JID == email though, so it's probably scraped that way
-
MattJ
While many XMPP services don't have JID == email
-
Trung
MattJ: perhaps you have a few enemies...
-
MattJ
Seeing how many JIDs are sending spam - thousands ;)
-
TheCoffeMaker
🤣️
-
Kev
> TheCoffeMaker, it's not linked to server popularity - I am the only person on this domain and I receive spam I'm sure you're just downplaying your popularity :)
-
MattJ
Hmm, no... someone voted "no" to me being an XSF member. So I have at least one enemy :P
-
moparisthebest
MattJ: also your JID is literally everywhere no? Unless it's a secret one :)
-
MattJ
moparisthebest, yeah, it's my everywhere JID. I have a separate JID for family, and that's spam-free of course.
-
TheCoffeMaker
> > TheCoffeMaker, it's not linked to server popularity - I am the only person on this domain and I receive spam > I'm sure you're just downplaying your popularity :) lol not intended at least
-
Daniel
I did some more minor adjustments to https://gultsch.de/files/xep-0333.html including adding some business rules and some design considerations that explain what happened to ack and received
-
Daniel
my goal here is to get this through last call as quickly as possible. so any feedback that helps achieve that is welcome
-
lovetox
You could mention occupant-id
-
lovetox
But not that important to this xep I guess
-
Daniel
lovetox, how does the occupant id relate to the xep?
-
lovetox
Attributing it to the right user
-
Daniel
fair enough. let's see if i can come up with something
-
lovetox
I would think just a note in security consideration?
-
lovetox
That the MUC xep does not on its own prevent forgety✎ -
lovetox
That the MUC xep does not on its own prevent forgery and if that's important occupant Id should be validated ✏
-
Zash
How much do you even need <markable> ?
-
Daniel
Not much. But 184 has it too
-
lovetox
In theory you save traffic
-
Daniel
By having it or by not having it?
-
lovetox
The idea is if it's not on the message the client is not interested in a marker
-
lovetox
So one less stanza to send
-
Daniel
Yeah I think it makes sense to have some signaling at least in 1:1
-
lovetox
But of course we use it also for read state sync so I'm sending it anyway for my other clients
-
Daniel
> But of course we use it also for read state sync so I'm sending it anyway for my other clients Not anymore with mds
-
MattJ
FWIW I think the MUC markers/RAI plugins for Prosody depend on <markable> in MUC
-
Daniel
>> But of course we use it also for read state sync so I'm sending it anyway for my other clients > Not anymore with mds https://gultsch.de/files/xep-mds.html
-
lovetox
Daniel: do we have some mitigation to endless growing pep node with that xep?
-
lovetox
I guess at some point someone will run into a server limit what happens then ?
-
lovetox
Which item will be dropped?
-
lovetox
I hope the oldest one
-
MattJ
Yes
-
Daniel
i don’t know. I was considering adding something along the lines of 'when a client deletes a chat it MAY delete the item' or so
-
Daniel
which doesn’t exactly fix the issue
-
Daniel
but at least points people in some direction
-
Daniel
however if the server deletes the oldest item this seems like relatively acceptable behaviour
-
pep.
> I hope the oldest one Wasn't that unspecified?
-
pep.
https://bpa.st/UFDA Date: Sun, 06 Oct 2019 14:12:44 +0200 on standards@
-
singpolyma
probably most people wont' get to 10k chats anyway so hopefully we can set limits high enough to not be an issue
-
Guus
> probably most people wont' get to 10k chats anyway so hopefully we can set limits high enough to not be an issue I've not read back for context, so I'm not sure if this is relevant, but: not all XMPP entities are human end-users.
-
Guus
I've been bitten before by limits that I never imagined would ever be hit.
-
Zash
Will this be relevant for those tho?
-
moparisthebest
> probably most people wont' get to 10k chats anyway so hopefully we can set limits high enough to not be an issue Challenge accepted ↺
-
singpolyma
Yeah I think non-human users mostly shouldn't need private PEP at all, especially not for this kind of thing
-
Guus
famous last words...
-
edhelas
I don't get how https://xmpp.org/extensions/xep-0474.html#hash is actually secure. If Eve (that is doing the MITM attack) can actually change the stanzas she can: 1. Change the SASL mechanisms list initially sent by the server 2. Calculate her own hash and replace the d= parameter in the base64 provided by the server 3. Also inject her own hash in the d= parameter provided by the client I'm missing something there 🤔
-
MattJ
edhelas: it depends on the existing mutual authentication of SCRAM. Eve does not have the user's credentials and cannot calculate the correct proof for the modified 'd' hash.
-
edhelas
Ah !
-
edhelas
> Hash S using the same hash mechanism as used for the SCRAM mechanism currently in use and encode the result using base64
-
edhelas
So this means that it's more than a simple sha* of the string, but the complete SCRAM flow applied to it (number of iterations...). So indeed it is unique.
-
MattJ
edhelas: no, just one iteration