Gajim - 2023-10-13

gajim did not rejoin when the server restarted this time

do you still want logs and what parts do you want? Is it sufficient to grep for the muc address?

I'll try to get back to my MR in the next few days.

cal0pteryx: can you confirm issue #11638? mp3's work fine though. "Mike Yellow" had reported the same in this chat in August.

meson: in some days I can check

Alright, no rush!

Philipp Hörist pushed 2 commits to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *0efdbac7* < https://dev.gajim.org/gajim/gajim/-/commit/0efdbac7fa5994700ba316bf397bfce7b2d1ef58 > feat: Hint that a contact is a bot in the chat banner *504ebff1* < https://dev.gajim.org/gajim/gajim/-/commit/504ebff13f327dbc2600dc0774fdfddb4d83f43e > fix: Caps: Add disco info to cache after query

lovetox: are you interested in logs around the disconnect from the biboumi bridge/muc?

just look if you receive a presence when the server goes offline

if there is no presence that tells you there is a shutdown, then its expected that Gajim does not know about it

we get a presence from my nickname at the given irc chat with <status>Ping timeout: 272 seconds</status>

but if gajim gets no notice of a shutdown, how does gajim give me the message "You have been removed from the group chat: System shutdown"?

yes thats the presence

its a code in the presence, which has that meaning

and afterwards you should see gajim trying to send a presence every 10 seconds, to that room to rejoin

and there you can check what the server returns

and for how long he returns it

> and afterwards you should see gajim trying to send a presence every 10 seconds, to that room to rejoin will the log explicitly say that it sends a presence message?

you will see the xml

to the muc

it should be 2-10 seconds after the shutdown presence

this is of course under the assumption that only the muc was shutdown

and not the whole server

if the whole server was shutdown, then its like a simple reconnect

and on reconnect to the server all bookmarks are joined

I'm not seeing the xml of a presence sent

so you should see that and potential errors on join

I might just get the log ready and send it

is it enough to grep for the internal account name like conversations.im123?

can you net send me simply the whole log from the point where the shutdown presence is received

probably not

André pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *2f010a60* < https://dev.gajim.org/gajim/gajim/-/commit/2f010a60208499e62f167c4cdd8a58754e271af3 > cfix: Flatpak: Fix runtime version Somehow it didn't make it into 5964c85ca7ecc93ab6e18ba54272e475205f7b39

I'm curious has there been any progress in getting open graph working ? My friends complain that links like WxXJOqqNFVM, 0K9NM08S0IA, 2xjmelFwJow are not compelling things to click on. So, until I get better friends I was wondering if there's some way to automatically turn links into clickable thumbnail+title+descriptions

if you dont plan to programm it yourself, then no there is no way

why are you sending weird links though?

tubeyoube, modondodon, any other such site

shodan: can you give an example link?

Here is an excerpt from my friend and I's private group chat

https://chat.domn.net:5443/upload/500b07a7efeff7dd5a382d5bf3fa0d30cec686c6/UtSlIqX8yu20NJi0xYCB2gHIu1nd4XVjtKPJZiG4/157ebedf-fa50-499c-a758-4cadb84ba943.png

shodan: you make it sound like og data make links secure, but they are controlled by the remote site

All excellent videos that I curated for my friends on the topic they asked me about

Why does a title and thumbnail need security ?

Maybe I misunderstood you. You said it's not compelling

I thought because they don't trust it

Yes, they don't trust that it's interesting. Which is hard to argue, 2xjmelFwJow does not look interesting.

Here is what that link should have looked like

ah, I thought you meant trust as in malicious links

https://chat.domn.net:5443/upload/500b07a7efeff7dd5a382d5bf3fa0d30cec686c6/I7oBJCNR1ceVkVuBeuRVjQPzL7CwoaDlRCxEz2lX/a878fd38-2bee-4007-a993-988d4f33567b.png

Yes this feature needs a proxy that gathers the data, this was often discussed but no server module was written till now

Couldn't the client do the opengraph metadata gathering. Presumably, the posting client has already accessed the URL and could just post them opengraph data along with the link. That would work independant of the server or receiving client

I will try to demonstrate

https://chat.domn.net:5443/upload/500b07a7efeff7dd5a382d5bf3fa0d30cec686c6/7jitTY88VQR8wJl2idZ0Zg3xyVg7ljR25tbM667v/55a17aa4-d77c-4434-905d-1f1a3c346aa7.png

Why Israel was attacked

https://www.youtube.com/watch?v=2xjmelFwJow

So, something like this. But preferable as a single message containing image+text+link

And clicking the image should open the link in a browser, not the thumbnail in an image editor

having the client gather it, would be a serious privacy issue

as anyone could post a link to some site and the clients would all connect, so the person posting the link would have the IP addresses of all people in the chat

there are some chat-bots that can do what you want. but I agree a server module for it would be nice

I agree, the current big tech way, of having each receiving client gather the opengraph metadata is a bad idea. The sending client should just do this gathering and post it as offline data in-band.

Basically what I just manually did, but my client does it automatically.

that might be another idea, yes

Facebook used to do it this way. You would paste an URL, it would grab the opengraph and pre-fill your send textbox with it. You could then modify it. But they have removed this feature, since they don't want users changing the titles.

Personally, I would like to change this data, since for example this very same link. Uses the opengraph description for advertising instead of description

example

https://chat.domn.net:5443/upload/500b07a7efeff7dd5a382d5bf3fa0d30cec686c6/vvkFBTpUSegnkY64wpfE9XLMFH5Opi49pXSP89du/c341dd4e-98d4-4826-aa6e-830a1e3861a0.png

https://www.mysk.blog/2020/10/25/link-previews/

^ different approaches regarding link previews compared

There is an open issue for gajim

Nobody worked on it so far.

"approach 1" seems like the way to go. I don't believe "leaking IP address" is a sane objection, but approach 1 sidesteps this problem entirely. I don't see any upside for approach 2 & 3. and like the articles states, approach 3 is incompatible with end to end encryption. Approach 2 depends on the receiving client having the capability to create previews. And then you're handing over the presentation to a 3rd party website and the receiving client's. As the sender, I want to be in control of how the data is presented to others (that means, I don't want 3rd parties inserting ads in there, or changing descriptions after the fact)

leaking IPs is a serious objection, why would you think this isn't an issue?

if you think privacy is no concern, why use XMPP at all?

> if you think privacy is no concern, why use XMPP at all? I often ask the same question

Your IP address is never private. The XMPP server knows it, the other servers near your xmpp server can see it. Every router and servers between you and your xmpp server knows it. And even if the hacker group known as 4chan, knew of your IP address, there isn't anything they could do with it. Your IP address is assigned dynamically by your ISP, so that only your ISP can positively identity which account payer is using which IP address. Your inbound ports are closed because your router uses NAT, which blocks all inbound ports by default. And all of this is assuming your ISP is not using CGNAT, in which case, "your" IP address is also in use by thousands of other people. If you actually care not to have your IP address known, only a proper vpn, like TOR, has any hopes of obscuring your identity and only if you take all precautions necessary to maintaining this level of stealth

The only reason we need XMPP is that no one, to my knowledge, has managed to make a useful and reliable peer-to-peer instant messaging app

And "approach 1" sidesteps the issue entirely

Knowledge of what your IP address is =/= successfully timing attack you with sending a link that associates your ip with a MUC

there is a *huge* difference between your ISP and your trusted XMPP server knowing your IP, and some random chat group participant knowing it

and it doxxes your approximate location and in many countries you can trivially get your name and exact address with it

and shitty CGNAT is really no reason, as that is fake internet and should be fraud to sell as "internet" ✏

> Your IP address is never private. The XMPP server knows it, the other servers near your xmpp server can see it. Every router and servers between you and your xmpp server knows it. > And even if the hacker group known as 4chan, knew of your IP address, there isn't anything they could do with it. > Your IP address is assigned dynamically by your ISP, so that only your ISP can positively identity which account payer is using which IP address. > Your inbound ports are closed because your router uses NAT, which blocks all inbound ports by default. > And all of this is assuming your ISP is not using CGNAT, in which case, "your" IP address is also in use by thousands of other people. > If you actually care not to have your IP address known, only a proper vpn, like TOR, has any hopes of obscuring your identity and only if you take all precautions necessary to maintaining this level of stealth kek you capitalized Tor, you didnt read their website lel also Tor isn't a vpn lol

I agree CGNAT is crippled internet, the folks at the IETF back in 1992(?) thought the same of all NAT and hated the idea. -> https://youtu.be/GLrfqtf4txw?si=sXUnqUByeG0jlX2B&t=352 TOR is called TOR by normal people, and it functions like a VPN for all intents and purposes of what VPN means in common parlance. The real internet will come back when IPv4 finally dies and NAT is abolished thanks to IPv6

And again, in the context of "approach 1" for link preview distribution, this is all moot

another idea is to have a darknet be the mainstream internet, and bring back anonymity and privacy