Chat log from the meeting on 2022-12-27

From OpenSimulator

Revision as of 14:22, 27 December 2022 by Tampa (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
[10:52] Lyr.Lobo Hello and Happy Holidays *Grins*
[10:52] Orbert Tatham: Hey, Happy Holidays back to you
[10:52] Lyr.Lobo grins
[10:53] Orbert Tatham: How was your Christmas?
[10:53] Lyr.Lobo I had a lovely, relaxing Christmas *chuckles*  My idea of a grand one
[10:53] Orbert Tatham: Me too
[10:53] Lyr.Lobo I was sad to hear of the loss of Veritas... she spoke at OSCC on Dec 11th and came to our party for the holiday
[10:54] Lyr.Lobo she died in a fire trying to save her pets :(  in the Boston area
[10:54] Lyr.Lobo such a lovely lady
[10:54] Orbert Tatham: Ouch
[10:54] Orbert Tatham: Was the fire tied to this weather?
[10:54] Lyr.Lobo Veritas McMaster - an artist who worked with Nyx Breen, a museum curator. He posted it in Opensimworld
[10:55] Lyr.Lobo not sure... it broke out on the top floor of their building
[10:55] Lyr.Lobo multi family dwelling
[10:55] Lyr.Lobo and she ran in to save her cockatoo Sophie and two other pets. :(
[10:55] Lyr.Lobo it was 10 degrees in Boston on Christmas Eve early morning when it happened
[10:56] Lyr.Lobo sorry to bring such sad news, but I still cannot quite believe it. :(
[10:56] Lyr.Lobo so yes, the holiday was lovely, but my heart hurts for her loss
[10:56] Orbert Tatham: Understood
[10:56] Lyr.Lobo and how was your holiday?
[10:56] Lyr.Lobo here, we had negative temperatures...
[10:56] Orbert Tatham: There is always a story like that every year, it is extra painful when it was someone you know
[10:56] Lyr.Lobo and snow *grins*
[10:57] Lyr.Lobo oh i am sorry
[10:57] Orbert Tatham: I think we were above zero, but not by much
[10:57] Lyr.Lobo Hi Jamie
[10:57] Lyr.Lobo Great to see y ou
[10:57] Jamie.Jordan Hi everybody
[10:57] Orbert Tatham: Jamie
[10:58] Jamie.Jordan Hi Lyr
[10:58] Lyr.Lobo grins
[10:58] Lyr.Lobo i always like to wait to see who has which chair regularly speaking *winks*
[10:58] Lyr.Lobo I miss Bill. He and I came from the same area, but I left long ago
[11:00] Orbert Tatham: Lyr, you might appreciate my favorite blurb from the windup to this Christmas: "All I want for Christmas is sleep..."
[11:00] Lyr.Lobo chuckes
[11:00] Motoko.Karu hihi everyone... merry belated christmas
[11:00] Lyr.Lobo heard that
[11:00] Vincent Sylvester: Have to see if there even is a meeting today, neither Ubit not Andrew seem to have awoken from the christmas food coma yet
[11:01] Lyr.Lobo I work for 5 universities and conduct research on Sundays. Sleep is a joy
[11:01] Orbert Tatham: Andrew was the one that said we were supposed to have one
[11:01] Lyr.Lobo yes, I remember him saying that
[11:01] Lyr.Lobo and Ubit too
[11:03] Lyr.Lobo Hehe Kayaker
[11:03] Lyr.Lobo great to see you
[11:03] Lyr.Lobo Thank you for the cool gift you give to nature
[11:03] Kayaker Magic: Hehe? What have I done now?
[11:03] Lyr.Lobo laughs
[11:03] Lyr.Lobo I'm a the sound effects
[11:03] Kayaker Magic: Ah, the teleport tone.
[11:03] Lyr.Lobo well i was thinking also of the decorations you noted in nature
[11:04] Lyr.Lobo i geocache, or used to, and loved leaving little gifts for others to enjoy
[11:04] Lyr.Lobo hmm, is this someone's seat?
[11:04] Lyr.Lobo eyes the drink and grins
[11:05] Ubit.Umarov hi
[11:05] Kayaker Magic: Only one of the seats has someone's name on it.
[11:05] Lyr.Lobo yes
[11:05] Vincent Sylvester: A wild Ubit appears
[11:05] Orbert Tatham: I don't think there is such a thing as a tame Ubit
[11:05] Lyr.Lobo Hello Motoko *grins*
[11:06] Motoko.Karu heya lyr ^_^
[11:06] Lyr.Lobo great to see  you
[11:06] Vincent Sylvester: Must be a fairy type, those are very effective against bug types iirc
[11:06] Lyr.Lobo laughs
[11:07] Ubit.Umarov tame Ubit? yeah,,, keep dreaming
[11:07] Ubit.Umarov :p
[11:07] Lyr.Lobo Hi Selby!
[11:07] Vincent Sylvester: Queue up Steppenwolf lol
[11:07] Lyr.Lobo Born to be wild....
[11:07] Ubit.Umarov :)
[11:08] Orbert Tatham: When it comes to dealing with bugs, my favorite helper is a Praying Mantis - watch them torture the bugs to death as they eat...
[11:08] Vincent Sylvester: Kinky
[11:08] Ubit.Umarov ok, and on the mantis subject...
[11:08] Lyr.Lobo and hard on the spouse
[11:08] Ubit.Umarov i did accept a patch dunring last week :)
[11:09] Ubit.Umarov applied it to dotnet and jsut a few minutes ago to master also
[11:10] Cuga.Rajal my mantis is making a mess of my bug
[11:10] Ubit.Umarov had no change to really compare that to SL since its a LSL function, but sees working
[11:10] Vincent Sylvester: It's weird with animations, AO and the like it can quite annoying to work with
[11:11] Vincent Sylvester: Add to that viewer AO...
[11:11] Ubit.Umarov
[11:11] Ubit.Umarov this is not abotu viewer AO, but abotu server side AO
[11:11] Ubit.Umarov even about...
[11:12] Vincent Sylvester: Sit being weird has been a theme for a decade now
[11:12] Ubit.Umarov as i said  one of this days ill need to review/test this at SL
[11:12] Vincent Sylvester: Finally seeing the light at the end of the tunnel I think
[11:13] Ubit.Umarov only now ppl are looking to server side AO; finally realizing that pure scripted ones are bad
[11:14] Ubit.Umarov i also replaced native libraries for bullet on apple silicon
[11:14] Ubit.Umarov using a single "universal" file, provided by cuga.Rajal
[11:14] Cuga.Rajal oh did you update with the "new" universal?
[11:14] Ubit.Umarov :)
[11:14] Cuga.Rajal great
[11:15] Ubit.Umarov ofc that is only on dtonet6  branch
[11:15] Ubit.Umarov master does nto support apple Si
[11:15] Cuga.Rajal that brings parity for Mac Bullet with other arch's
[11:15] Cuga.Rajal Mac was missing a patch that others had
[11:15] Cuga.Rajal I guess that means you can close out this mantis:
[11:16] Michael.Christopher thank you cuga
[11:16] Ubit.Umarov yeah i forgot to post my commit on that mantis :)
[11:17] Ubit.Umarov hm think those where the code changes during last week
[11:17] Ubit.Umarov ahh thin i added a bug on master
[11:17] Kayaker Magic: New bugs for old!
[11:18] Ubit.Umarov just was able to repo it
[11:18] Ubit.Umarov seems i broke mysql inventory
[11:18] Ubit.Umarov coff coff coff
[11:18] Ubit.Umarov
[11:19] Ubit.Umarov well that code i did commit was on my disk for ages and working fine on my local grid
[11:19] Ubit.Umarov so guess i forgot to commit a little thing somewhere
[11:20] Ubit.Umarov that code should speedup move inv items and delete ( that is also a move )
[11:20] Cuga.Rajal that must be a new issue cuz I dont see it from an update on the 23rd or 24th
[11:21] Selby.Evans Hi, Lyr
[11:21] Ubit.Umarov well it is on a fresh standalone usng mysql
[11:21] Michael.Christopher hey!
[11:21] Ubit.Umarov as i said, i just managed to repo it
[11:21] Cuga.Rajal oh, mine's not fresh, maybe thats why I don't see it
[11:21] Cuga.Rajal so recommend not updating till thats fixed?
[11:21] Ubit.Umarov so can only tell that the code is not finding original item folder in order to to the move :)
[11:22] Ubit.Umarov this is on master!!
[11:22] Ubit.Umarov i did not commit that code to dotnet6
[11:22] Cuga.Rajal ohh not on dotnet?
[11:22] Ubit.Umarov (still =
[11:22] Cuga.Rajal got it thx
[11:22] Ubit.Umarov (still)
[11:23] Ubit.Umarov i fact i didn't wanted to commit it to master either :p
[11:23] Ubit.Umarov but doing the commit of other change it all went up :)
[11:23] Cuga.Rajal oopsy daisy
[11:24] Ubit.Umarov so.. at this moment master is a bit... broken :p
[11:24] Lyr.Lobo waves to MC
[11:24] Cuga.Rajal I can give a short update on Bullet, also have a short discussion on the AuthenticationService
[11:25] Cuga.Rajal at some point
[11:25] Ubit.Umarov oh that auth noise mantis
[11:25] Cuga.Rajal yes
[11:25] Cuga.Rajal
[11:26] Ubit.Umarov whispers: well region will sent 2 requests, one only having avatar UUID
[11:26] Michael.Christopher sorry im still finishing up xmas gifts O.o
[11:26] Cuga.Rajal evaluating it has gotten messy
[11:26] Cuga.Rajal 3 requests in my case
[11:26] Ubit.Umarov bc UUID is the real identifier, ful name is not
[11:27] Cuga.Rajal perhaps, but it breaks external authenticators that rely on name/grid info
[11:27] Ubit.Umarov on a TP our inter regions protocol does sent a QUERY message, and that only as UUID )
[11:27] Ubit.Umarov even has..
[11:27] Ubit.Umarov so that is the first one you see with no name
[11:28] Cuga.Rajal When I was testing the external authenticator feature in September, I was only seeing one HTTP request
[11:28] Cuga.Rajal I never saw 3 until the new version of FS
[11:28] Ubit.Umarov if you seem more that those 2, then possible it is viewer retry
[11:28] Cuga.Rajal that 1 request had name, grid and uuid
[11:29] Ubit.Umarov for some odd reasons viewers to retry HTTP requests, even having previus one open
[11:29] Cuga.Rajal New FS sends 3 requesys with forst 2 without name/grid
[11:29] Cuga.Rajal causes a lot of borking
[11:29] Cuga.Rajal when using a URI-bnased authentication module
[11:30] Ubit.Umarov well issue is that auth assumed that we did sent full name wll the time
[11:30] Cuga.Rajal I described some of the details in that mantis
[11:30] Ubit.Umarov and we do not
[11:30] Ubit.Umarov as i said, avatar ID is its UUID
[11:30] Ubit.Umarov the QUERY has no avatar name, and should also call auth
[11:30] Cuga.Rajal yes and no
[11:31] Cuga.Rajal you cant have an external authentication module based on name and grid
[11:31] Cuga.Rajal if you ignore name and grid
[11:31] Ubit.Umarov we never send frid
[11:31] Cuga.Rajal my proiposal is for OS Authentication Service NOT to pass along the HTTP requests to the authenticator URL UNLESS it has all 3 data
[11:31] Ubit.Umarov we never send grid...
[11:31] Cuga.Rajal you do
[11:31] Ubit.Umarov well we may on the full name
[11:31] Cuga.Rajal no
[11:32] Cuga.Rajal As it's currently implemented, the HTTP request sends the fields firstName and surName
[11:32] Cuga.Rajal BUT
[11:32] Cuga.Rajal in actual use, firstName is first.last
[11:32] Cuga.Rajal and surName is grid name
[11:32] Ubit.Umarov i just said that
[11:32] Cuga.Rajal has been that way for a long time
[11:33] Cuga.Rajal and all external authentication modules assume that
[11:33] Ubit.Umarov we may send it as part of name, not as a explicti filed
[11:33] Ubit.Umarov field..
[11:33] Cuga.Rajal correct, but you *are* sending first.last and grid name
[11:33] Ubit.Umarov and again.. we send that only on the "second" messages, when sender region actually sends avatar information
[11:34] Cuga.Rajal in the fields prodided byt he API
[11:34] Ubit.Umarov well most part of it..
[11:34] Cuga.Rajal and external authentication modules expect that data as a basis to do authenticatioon
[11:34] Ubit.Umarov ( there is a extra contact to send even more avatar data, like attachments )
[11:34] Ubit.Umarov No..
[11:34] Ubit.Umarov that one does expect
[11:35] Ubit.Umarov no idea why that is a issue now, bc our code does those 2 things since at least 0.8.2
[11:35] Ubit.Umarov ( older that i did check)
[11:35] Cuga.Rajal Theres been no change to OS code for this
[11:35] Cuga.Rajal it always worked
[11:35] Cuga.Rajal what broke was new behasvior od FS
[11:35] Cuga.Rajal of*
[11:36] Cuga.Rajal the new FS borks it completely
[11:36] Ubit.Umarov dunno as i said os always ddi called external jsut UUID once
[11:36] Cuga.Rajal and I'm proposing a change to accomodate the new FS
[11:36] Vincent Sylvester: Eh...
[11:36] Ubit.Umarov fs guess is just doing one of its silly retry on opened http
[11:37] Cuga.Rajal yes and its breakoing authentication modules, that's what I',m trying to say
[11:37] Vincent Sylvester: There is something funky going on with that
[11:37] Cuga.Rajal yes
[11:37] Vincent Sylvester: I been seeing some strange behavior with texture loading as well, something internal to FS that went a bit sideways
[11:37] Ubit.Umarov Oppps
[11:37] Cuga.Rajal the details are kind of complex, all documented in the mantis
[11:38] Ubit.Umarov i forgot to turn the meeting log on :)
[11:38] Vincent Sylvester: Don't think that's strictly something OpenSim broke
[11:38] Vincent Sylvester: I'll post it manually don't worry
[11:38] Ubit.Umarov ty
[11:39] Ubit.Umarov did you checked another viewer or a older fs?
[11:39] Cuga.Rajal I need to do that next
[11:40] Cuga.Rajal I'll update the mantis to comfirm the change in FS behavior, but I have it in the Apache logs
[11:40] Cuga.Rajal documented
[11:40] Ubit.Umarov well as i said.. you should always get at least one request with empty full name
[11:40] Cuga.Rajal the test I need to make is on the same version of the sim with diff versions of FS
[11:40] Cuga.Rajal I'll post results of that
[11:40] Ubit.Umarov ok
[11:40] Vincent Sylvester: Did you also switch to a single region setup?
[11:41] Cuga.Rajal I suggest a work-around by changing the behavior of the AuthModule
[11:41] Cuga.Rajal we can discuss that more in the mantis
[11:41] Ubit.Umarov no idea why opensim made query, not sending full name
[11:41] Cuga.Rajal its a messy issue
[11:41] Ubit.Umarov or even why opensim even has a query
[11:41] Cuga.Rajal I suspect it is the result of unexpected issues on FS
[11:42] Vincent Sylvester: Question some concept or protocols is a dangerous bottomless rabbit hole to fall into
[11:42] Ubit.Umarov guess to avoid sending a lot of data of the next message, for a avatar that is refused
[11:42] Cuga.Rajal yeah, I dont know about the OS internals, I've only captured whats going on with the HTTP requests
[11:43] Ubit Umarov: but that is actually we do not do full http POST protocol
[11:43] Cuga.Rajal it seems if OS can filter the incoming FS TP request and only HTTP the one with name, grid and uuid, that will solve problem
[11:43] Ubit Umarov: that has a EXPECT CONTINUE option for that
[11:43] Ubit Umarov: i already told that is not fs
[11:44] Ubit Umarov: it is opensim tp protocol
[11:44] Ubit Umarov: the first message for tp only has UUID
[11:44] Cuga.Rajal in terms of the HTTP connections, thats where I feel the problem lies
[11:44] Ubit Umarov: that is opensim side, and since ever
[11:44] Cuga.Rajal what used to work fine now isnt working with FS weirdness
[11:45] Cuga.Rajal so we can blame FS and never fix it or we can add a work-around
[11:45] Cuga.Rajal is there any reason that the HTTP request from Auth Services should include uuid only? My understanding is NO
[11:46] Vincent.Sylvester Add a workaround for every weirdness just adds bloat long term, be nicer to figure out why this started cause we had no code changes on that
[11:46] Cuga.Rajal I agree Vincent
[11:46] Ubit Umarov: we born that way
[11:46] Michael.Christopher yes
[11:46] Ubit Umarov: what can i say :)
[11:46] Cuga.Rajal but an issue seriuos enough to break all external authentication modules is big enough to act on inho
[11:46] Ubit Umarov: even for opensim HG was a hack added later
[11:47] Vincent.Sylvester There is something with hg and http that has gotten weird, I noticed that with texture loading, which shouldn't even really be http, but there is stuff in that pipe and it blocks out the udp ones
[11:47] Ubit Umarov: only HG may consider full name as a identifier
[11:47] Cuga.Rajal that makes sense
[11:47] Ubit Umarov: on any grid the only valid identifier for a avatar, or the main one is its UUID
[11:47] Vincent.Sylvester Something changed in FS and I have a suspicion it's that damn profile change to http that messed that entire pipeline up
[11:47] Cuga.Rajal the problem is only for inbound HG TP
[11:48] Ubit Umarov: n fact should be also on the entire HG
[11:48] Cuga.Rajal the authentication module problem, that is
[11:48] Ubit Umarov: since UUID has "unique" somewhere on its definition
[11:48] Ubit Umarov: ;)
[11:48] Vincent.Sylvester Awfully convenient that shows up around the same time huh
[11:48] Vincent.Sylvester Give Beq a poke, but probably will be a month before that gets anywhere. In the meantime test other viewers
[11:49] Ubit Umarov: do not bother Beq on this for now
[11:49] Ubit Umarov: i say again OPENSIM always sends at least ONE request with no user name
[11:49] Ubit Umarov: oyu need to handle that..
[11:50] Ubit Umarov: once oyu do it, any possible Fs repeat i just useless noise
[11:50] Cuga.Rajal was never that way in Sept
[11:51] Vincent.Sylvester Never assume you get correct data, always validate and only accept the stuff that fits protocol, don't try to parse without checking... *looks at inventory* yeah...
[11:51] Cuga.Rajal I don't know what FS is actually doing, I only know whats happening with the HTTP requests between the OS Auth module and the Auth URI... It used to be ONE request with all 3 fields
[11:51] Cuga.Rajal you said it was due to FS but I never confirmed, though it is a sensible explanation
[11:52] Cuga.Rajal I am mainly concerned with the HTTP requests coming from the Auth Module
[11:52] Ubit Umarov: .....
[11:52] Vincent.Sylvester It's something with changes to http that were made recently, which were around the same time the profile stuff changed at SL to http, so the shoe kinda fits that something broke in there
[11:52] Ubit Umarov:  We may be called before there is a presence or a client.
            // Fake AgentCircuitData to keep IAuthorizationModule smiling
            if (client == null)
                aCircuit = new AgentCircuitData();
                aCircuit.AgentID = agentID;
                aCircuit.firstname = String.Empty;
                aCircuit.lastname = String.Empty;

                if (!AuthorizeUser(aCircuit, false, out reason))
                    //m_log.DebugFormat("[SCENE]: Denying access for {0}", agentID);
                    return false;
[11:52] Ubit Umarov: ....
[11:52] Ubit Umarov: this is from 0.8.2 source
[11:53] Ubit Umarov: public bool QueryAccess(UUID agentID, string agentHomeURI, bool viaTeleport, Vector3 position, List<UUID> features, out string reason)
[11:53] Cuga.Rajal I believe you
[11:53] Cuga.Rajal the isseu  might be specific to the external auth module, not how OS handles requests directly from viewer
[11:53] Ubit Umarov: as i said  robust/ server to server TP query request as no avatar name
[11:54] Vincent.Sylvester I suspect prep work for profile changes altered http code causing more extensive retries perhaps to make sure that heavy profile call actually makes it through, same thing happening with textures being forced into http when they should be exclusive udp
[11:54] Vincent.Sylvester Something with http getting really aggressive in a way
[11:54] Ubit Umarov: you will not have is, IF
[11:54] Ubit Umarov: the avatar is already a child presence on the region
[11:55] Ubit Umarov: is the region was already in view range
[11:55] Ubit Umarov: in that case the region already knows the avatar name, so does send it
[11:56] Cuga.Rajal the regions Im testing on have no adjoining regions, and HG TP requests are across grids
[11:56] Ubit Umarov: ok
[11:56] Vincent.Sylvester But you have similar noise in datasnapshot module for search, if there is no data to parse it sends malformed xml, if you don't check for that and attempt to parse it you get error logs. Only handle data that's proper, discard the rest
[11:57] Vincent.Sylvester Yeah that was the other thing, two other tickets talking about auth service being weird in multi region setups, that might be something to look at
[11:58] Ubit Umarov: carefull.. ther is another auth service, unrelated to this..
[11:58] Ubit Umarov: :)
[11:58] Cuga.Rajal I'm starting to think that while it's normal for viewers to send TP requests with uuid only in some cases, these should be filtered out from being sent by the Authorization Module when configured to use an external URI. Is this reasonable?
[11:59] Ubit Umarov whispers: Man AGAIN?
[11:59] Ubit Umarov: i already told that its OPENSIM who sends UUID only things
[11:59] Vincent.Sylvester That's an if that can be on any code though
[12:00] Ubit Umarov: viwers at most may just repeat requests bc their silly http retry on a timeout
[12:01] Cuga.Rajal So is is reasonable to have the Authentication Module not send any HTTP requests with only uuid and handle thos only internally?
[12:01] Cuga.Rajal that would solve problem
[12:01] Vincent.Sylvester If your external module gets data that doesn't work for it, just ignore that data
[12:02] Cuga.Rajal I tried that and that doesnt work
[12:02] Michael.Christopher The auth module is one i'm already looking at, but  I may have to head out early - anyone have any other topics to ask about before I head out?
[12:02] Cuga.Rajal that would be ideal if worked
[12:02] Cuga.Rajal Vincent I can explain why that isnt working
[12:02] Ubit Umarov: bad thing on that, is that it would need to send accept answer on UUID Only things, that it actually could not test
[12:03] Ubit Umarov: BUT
[12:03] Cuga.Rajal the notes in the mantis explain also
[12:03] Lyr.Lobo Great to see  you, MC
[12:03] Michael.Christopher you too!
[12:03] Michael.Christopher I'll see you all later, happy new years!
[12:04] Orbert.Tatham Same to you
[12:04] Cuga.Rajal woukdl it be useful for me to explain why iglring the requests doesnt work?
[12:04] Vincent.Sylvester If you have one request you need to answer for the system to work, but only another request that actually sends you the data you need, then you need some form of caching or I guess straight up logging to a database and process the entries there
[12:05] Vincent.Sylvester First "part" of the request filled in once the rest comes through, course yeah problem with setting a wait on that and needing to reply to the requests
[12:05] Cuga.Rajal The 3 HTTP requests, which come from the OS Auth Service (not directly from the viewer) have 2 requests with uuid only and 3rd request with all 3 fields
[12:06] Cuga.Rajal If I return false/reject on the 1st request, bc it didnt send their name data, OS sends that back and the viewer doesn;t send the 2 other requests, But, nobody can TP in
[12:06] Cuga.Rajal so broken
[12:07] Selby.Evans bye all
[12:07] Lyr.Lobo bye Selby
[12:07] Ubit Umarov: cya selby.Evans
[12:07] Orbert.Tatham Peace Selby
[12:07] Ubit Umarov: happy
[12:07] Ubit Umarov: new yeaer
[12:07] Cuga.Rajal if I send true/allowed with uuid-only request, it sends 2nd and 3rd request
[12:07] Lyr.Lobo Happy New Year
[12:07] Cuga.Rajal this leads to things breaking
[12:07] Cuga.Rajal Vince do you want to hear these details?
[12:08] Cuga.Rajal or are we wrapping up
[12:08] Vincent.Sylvester And the rejection can't happen after those requests are sent?
[12:08] Cuga.Rajal or moving on :)
[12:08] Lyr.Lobo great details
[12:08] Kayaker Magic: Wrapping or not, I need to run. RL calls.
[12:08] Lyr.Lobo bye Kayaker
[12:08] Orbert.Tatham Peace, Kayaker
[12:08] Kayaker Magic: Buy all!
[12:08] Ubit Umarov: happy new year kayaker
[12:08] Ubit Umarov: :)
[12:08] Cuga.Rajal I'll continue with Vince and Ubit... happy new year to thise who need to go
[12:09] Cuga.Rajal so what happens is....
[12:09] Orbert.Tatham Before I vanish - Is this supposed to happen again next week?
[12:09] Ubit Umarov: he always tells to buy bit does not give the $$
[12:09] Orbert.Tatham As in the meeting
[12:09] Cuga.Rajal 1st requerst with just uuid comes in, default is set to true/allow
[12:09] Cuga.Rajal so the inbound TP process begins its sequence at that time
[12:09] Ubit Umarov: yes we have this every week
[12:10] Orbert.Tatham See you later, then
[12:10] Lyr.Lobo bye Orbert!
[12:10] Lyr.Lobo Happy New Year
[12:10] Cuga.Rajal 2nd uuid-only request comes in, returns true, the inbound TP process continues, but does not restart. It began when the 1st request was alllowed
[12:10] Jamie.Jordan Have a great week yall
[12:11] Cuga.Rajal 3rd HTTP request comes in with name, grid, uuid. Returns false
[12:11] Lyr.Lobo bye Jamie
[12:11] Cuga.Rajal after TP rocess already initialted
[12:11] Cuga.Rajal a message appears that they are not authorized, and the partially-complete TP process stops
[12:11] Cuga.Rajal leaving their veiwer borked until they quit and restart
[12:12] Cuga.Rajal if they authenticate and are allowed, their attempts to TP are borked until they quit and restart viewer
[12:12] Cuga.Rajal Thats where I am at now
[12:12] Vincent.Sylvester Yeah so you want to reject immediately to prevent the tp processing, meaning the problem is that you need to decide on the first request, which doesn't have enough data for your module, correct?
[12:13] Cuga.Rajal You can;t reject immediately bc then no more HTTP requests are sent
[12:13] Cuga.Rajal the 2rd and 3rd HTTP requests never happen
[12:13] Cuga.Rajal and nobody can HG TP inbound
[12:13] Cuga.Rajal so you cant reject first HTTP request wi uuid only
[12:14] Cuga.Rajal the fact that 3 HTTP requests are sent to the authenticator is the problem
[12:14] Cuga.Rajal with 1sdt two only having uuid
[12:15] Vincent.Sylvester And you need the third because it holds data you need?
[12:15] Cuga.Rajal well, yes, but really you only want one
[12:15] Cuga.Rajal with all 3 data sets
[12:15] Cuga.Rajal 3 requests is a no win situation
[12:15] Cuga.Rajal again, I'm not talking about the raw requests sent by the viewer
[12:16] Vincent.Sylvester The first will send you a uuid, but no name, so you only know the uuid of the user, the IP and probably port of the region they are coming from
[12:16] Cuga.Rajal Im taking about the HTTP requests sent from the OS auth service to the module
[12:16] Cuga.Rajal ist and 2nd request is uuid only in the XML payload
[12:17] Cuga.Rajal I can detect IP but shouldnt have to use that
[12:17] Cuga.Rajal auth is done on name and grid
[12:17] Cuga.Rajal before new version of FS it was always just one HTTP request with all 3 data sets
[12:18] Cuga.Rajal I will retest with old version on new simulator to make sure
[12:18] Cuga.Rajal but I believe Ubit that no code changed :)
[12:19] Vincent.Sylvester I have to look, but I think auth based on uuid is enough for such a module, given if the system finds a local user with the same uuid I think it rejects that teleport
[12:19] Cuga.Rajal I don;t know if the profile stuff affects this
[12:19] Ubit Umarov: no vicent
[12:19] Cuga.Rajal Yes it is possible to authorize on uuid alone but that is not the way it was ever done on the external modules
[12:20] Ubit Umarov: for that the registration page needs to ask the uuid also
[12:20] Ubit Umarov: and store it on db
[12:20] Cuga.Rajal what registration page?
[12:20] Cuga.Rajal none of the external auth mpodule I have seen asked for uuid
[12:20] Cuga.Rajal a;ll asked for name and grid
[12:20] Ubit Umarov: the one where ppl go ask for access to that grid
[12:21] Cuga.Rajal and mine, it forces name and grid to one actually used to prevent abuse
[12:21] Ubit Umarov: telling that accetps grdp(??) blablabla things
[12:21] Cuga.Rajal a feature that has always been needed
[12:21] Cuga.Rajal name@grid is what is being authenticated
[12:22] Cuga.Rajal when they are fillin gin the form we want to lock in their name#grid so they can't abuse the form
[12:22] Cuga.Rajal only possible if that data is transmitted in the XML payload
[12:22] Cuga.Rajal and it was always sent until this 3-request thing started
[12:23] Cuga.Rajal When you went to the OSCC after-party and they made you sig a web form
[12:23] Ubit Umarov: you also never see that if user is a grid god :)
[12:23] Cuga.Rajal they needed you ani name and grid
[12:23] Cuga.Rajal same reason
[12:24] Lyr.Lobo last year, we did...did we do that for the AvaCon party on the staff grid?
[12:24] Cuga.Rajal yes
[12:24] Cuga.Rajal and previous years too
[12:24] Lyr.Lobo ah, good to know *smiles*
[12:24] Lyr.Lobo yes, on Francogrid
[12:24] Lyr.Lobo the Dream Rave did last year
[12:24] Lyr.Lobo but not in prior years for me
[12:24] Cuga.Rajal I;m bringing that up bc it is an exampke that explains why we have to authenbticate on name & grid
[12:24] Lyr.Lobo yes
[12:25] Cuga.Rajal those authentication modules are now broken as I understand it
[12:25] Vincent.Sylvester I find those hg auth, gdpr things silly in the first place, but it's an interesting issue. Do test other viewers though see if they behave the same. If FS is alone it might be the profile stuff, that's the only relation to http as of late so it might have changed underlying code that is also used by this part
[12:25] Lyr.Lobo nods
[12:25] Cuga.Rajal my mantis is trying to capture what is going on, determone the cause, and recommend a solution
[12:25] Cuga.Rajal it is a messay one
[12:26] Lyr.Lobo yes
[12:26] Lyr.Lobo last year, it did not work well for a few of the attendees to the Francogrid party
[12:26] Vincent.Sylvester I did have one other thing I wanted to mention, but I think I'll do some more local testing on that report next week with more data
[12:26] Lyr.Lobo did not realize it was a block for this year
[12:27] Cuga.Rajal This year didn't use an authenticator
[12:27] Lyr.Lobo right
[12:27] Cuga.Rajal so this issue is complex and takes some time to get your head around it
[12:27] Lyr.Lobo and an important one
[12:27] Cuga.Rajal hopefully this discussion is helpful in understanding the cause
[12:27] Cuga.Rajal and finding a solution
[12:28] Lyr.Lobo yes *smiles*
[12:28] Cuga.Rajal
[12:28] Cuga.Rajal I tried to see if a bug was filed for FS doing this but couldn;t find anything
[12:29] Lyr.Lobo while you report it on macOS, it is not exclusive to it, right?
[12:29] Cuga.Rajal I have not tested it on other platforms of the *srever* but it is the same code
[12:29] Cuga.Rajal in theory shouldn;t matter
[12:29] Lyr.Lobo nods
[12:29] Vincent.Sylvester Easiest solution on OpenSim end likely to find the first request, add data to that, so you can ignore the subsequent repeats, not sure if that works though
[12:29] Cuga.Rajal the cleint SW, yes, Windows/Mac FS had same issue
[12:30] Cuga.Rajal @V - theres no place to get the data to fill in
[12:30] Cuga.Rajal just don;t forward the requests with missing data to the authentication module
[12:31] Cuga.Rajal don't send HTTP to external auth URI that is
[12:31] Cuga.Rajal only send the HTTP request that has full XML payload
[12:31] Ubit Umarov: well spec those was as it is... username optional
[12:31] Cuga.Rajal but I dont know how easy/hard this change would be to implement
[12:32] Ubit Umarov: no idea why.. but code is there for ages doing that
[12:32] Cuga.Rajal that is the only way I can think of to solve problem
[12:32] Cuga.Rajal that and FS fixing their stuff :)
[12:32] Ubit Umarov: forget fs grrr
[12:33] Lyr.Lobo smiles
[12:33] Cuga.Rajal so amyway, thats all the back story on that mantis
[12:34] Cuga.Rajal were theere any other deets you wanted to know more about?
[12:34] Ubit Umarov: a easy fix is to just return accetp to any req with a vaid uuid but no name
[12:34] Cuga.Rajal the problem is
[12:34] Ubit Umarov: opensim will send one with name later..
[12:34] Ubit Umarov: ugly.. waste..  but.. well
[12:34] Ubit Umarov: will work...
[12:34] Cuga.Rajal thats what I did, and what happens is the 1st 2 requests are true/accept, and the 3rd is false/reject
[12:35] Ubit Umarov: so, you send banc a 204
[12:35] Cuga.Rajal this leaves the clent in a borked state, they have to restart viewer to TP in again
[12:35] Cuga.Rajal the 204 was a workaround, but it was basically the same effect as sending true/allowed
[12:35] Ubit Umarov: 204 will make region refuse it i guess
[12:36] Cuga.Rajal since that is what the default is set to
[12:36] Cuga.Rajal 204 withh cause the default response, same as if malformed XML
[12:37] Cuga.Rajal I thought it weas a solution but is just breaks in a better way..
[12:38] Ubit Umarov: 204 is not part of that protocol
[12:38] Lyr.Lobo Ubit, the same thing happens at Virtual Harmony. We configured as 18+ grids there and have the same problem, but we're using an earlier release of Opensim
[12:38] Ubit Umarov: hmm? what happens?
[12:38] Lyr.Lobo We freeze and restart the viewer
[12:38] Cuga.Rajal I think this sending of true/approve on empty requests and then false/reject on 3rd request is the source of a lot of problems prople are having now with external auth modules
[12:39] Cuga.Rajal it borks the voewer until it is restarted
[12:39] Ubit Umarov: who do use th 18+?
[12:39] Vincent.Sylvester Curious to what happens when you send it a 307 with a retry header, does it request again or just fail
[12:39] Ubit Umarov: set the age flag on dbs externaly ?
[12:40] Lyr.Lobo good question for Spinoza. But when we hg between them, we freeze after the first teleport
[12:40] Lyr.Lobo i thought it was our config
[12:40] Cuga.Rajal It seems that if the response does not send the exact XML expected (including the 204 option) the auth service condiders it a failed response, and uses the default setting for failed resposes
[12:41] Cuga.Rajal I expect the 307 will be the same
[12:41] Ubit Umarov: where did oyu got the 204?
[12:41] Cuga.Rajal default is allow/true so the TP process starts, gets part way, then stops. Causing viewer to be borked until restarting
[12:41] Ubit Umarov: that is just handle as a error
[12:41] Ubit Umarov: there is not 204 ont hat
[12:42] Cuga.Rajal I tried sending the 204 as an experiment to see if it could fool the server into not proceeding with true/false
[12:43] Cuga.Rajal but after looking at theOS console I see that it didnt do anything differently from just sending a true/allowed
[12:43] Cuga.Rajal since that was the default for malformed responses
[12:43] Cuga.Rajal so the 204 is not a solution
[12:43] Ubit Umarov: [12:43:24] (You): code only wants 200, 404 and 401
[12:43:29] (You): from what i see
[12:43] Ubit Umarov: i mean only looks..
[12:43] Cuga.Rajal if the server doesnt get the XML in the response it expects, it considers it a failed response, period
[12:44] Cuga.Rajal HTTP hears dont seem to change that
[12:44] Ubit Umarov: rest is just a generic error
[12:44] Cuga.Rajal headers*
[12:44] Cuga.Rajal the 3rd response -
[12:45] Cuga.Rajal if they are already authenticated, the 3rd request with all XML gets a true/allowed and the HG TP continues
[12:45] Cuga.Rajal same result as 1st two
[12:45] Cuga.Rajal if they are not authenticated, the 3rd response is false/reject and they can get the custom error message from the module
[12:46] Cuga.Rajal but, their viewer has already started part of the login process
[12:46] Cuga.Rajal invisible to the end user, but the viewer can not log in to that grid (after they authenticate) until they restart the viewer
[12:47] Cuga.Rajal I think thats whats happening with Lyr's people too
[12:47] Cuga.Rajal its the resut of how OS starts the TP process before the 3rd request and then stops the TP process
[12:47] Ubit Umarov: Lyr is other code path
[12:48] Lyr.Lobo yes
[12:48] Cuga.Rajal likely same issue in both code paths
[12:48] Cuga.Rajal you said that code for that hasn;t changed in ages
[12:48] Cuga.Rajal comon issue
[12:48] Lyr.Lobo I don't experience this problem when traveling on my OSCC avatar
[12:48] Cuga.Rajal and not our fault :), but one we need to solve
[12:48] Vincent.Sylvester Be a whole lot easier to just let them in, stick them into a jail region and then auth them there, only let them teleport elsewhere when authed and kick em out after 5 minutes...
[12:49] Cuga.Rajal easier for the programmer
[12:49] Cuga.Rajal harder for the grid owner and for the people TPing
[12:49] Ubit Umarov: wel may be refusing the avatar a bit later and not killing on viewer the way they need now
[12:50] Cuga.Rajal and more importantly a change from how people depend on it working in the past
[12:50] Vincent.Sylvester Well you can teleport people via console as well, so once authed you can teleport them from there automatically
[12:50] Vincent.Sylvester Though yeah easier with auth module
[12:50] Vincent.Sylvester OpenSim code hasn't changed on that in some time though so it's something external somewhere
[12:50] Cuga.Rajal I agree we shouldnt add code every time FS does something stupid
[12:51] Cuga.Rajal we need to fond out if this is a FS bug or if it's here to stay
[12:51] Ubit Umarov: well they merged ll code for mfa
[12:51] Cuga.Rajal if permanent, perhaps a change is needed to keep up previous functionality
[12:51] Ubit Umarov: but guess still ok for us
[12:51] Vincent.Sylvester I'm not a gambling man, but I'd bet it's something in FS that changed http when that whole profile thing switched to that, it's caused some really weird texture loading into http when that's turned off explicitly
[12:52] Vincent.Sylvester So something in there is overly active for no reason
[12:52] Ubit Umarov: but think that mfa code is totally out for opensim
[12:54] Cuga.Rajal How hard would it be to change OS auth service not to pass HTTP requests that are uuid only? Still handle then properly, just don;t pass then to the external authenticator.
[12:54] Ubit Umarov: to be correct that auth should send a correctly formated xml
[12:54] Ubit Umarov: with  private bool m_isAuthorized;
        private string m_message;
[12:54] Ubit Umarov: filled
[12:55] Cuga.Rajal I can do that instead of the 204, but it doesn;t solve the problem
[12:55] Vincent.Sylvester OpenSim is KISS or at least tries to be, so trying to avoid adding checks for things that shouldn't even be a thing in the first place
[12:55] Vincent.Sylvester Like viewers borking inventory
[12:55] Ubit Umarov: as i said oyu cna only work around the issue, sending true, if the uuid is valid and no name
[12:56] Ubit Umarov: if second refuse does freze viewer.. well other issue
[12:56] Cuga.Rajal as it stands, HG TP authorixation modules at best leave latest FS viewers borked after they are rejected and the voewers have to be restarted. Can we at least agree that needs to be fixed?
[12:57] Ubit Umarov: viewers restart is cool :P
[12:57] Cuga.Rajal or do we announce that name-based authenticators are no longer supported
[12:57] Ubit Umarov: well several grids do have their own working
[12:58] Vincent.Sylvester People do, to the detriment of us all, still change their names
[12:58] Vincent.Sylvester Wouldn't go by that for auth, even in combo with grid url
[12:58] Cuga.Rajal they can re-authenticate :)
[12:58] Vincent.Sylvester I mean spoofing wise
[12:58] Vincent.Sylvester Always assume malice
[12:59] Vincent.Sylvester I'd go by uuid, IP and then name and grid, cause uuid many don't fiddle with so easily and IP they might not be able to at all
[12:59] Cuga.Rajal I wonder if they are still working for those not yet authenticated
[13:00] Vincent.Sylvester Always assume people will spoof and do whatever to trick you, because they will
[13:00] Cuga.Rajal IP changes for dialups all the time
[13:00] Lyr.Lobo Cuga, did you experience the problem prior to two weeks ago?
[13:00] Cuga.Rajal there was a gap in my testing
[13:01] Cuga.Rajal Dodnt have the problem in Sept and Oct. Discovered the issue in Dec
[13:01] Cuga.Rajal I'm guessing it is due to new version of FS
[13:01] Cuga.Rajal thats what other developers' concensus is
[13:01] Lyr.Lobo ah then not related to my problem. As Ubit noted, I had earlier
[13:02] Cuga.Rajal ok
[13:02] Vincent.Sylvester Pinpointing it to the viewer or even specific version of that or ruling it out probably a good step now
[13:02] Vincent.Sylvester Leave the brainache for later heh
[13:03] Cuga.Rajal I will retest on an older FS and post the results to the mantis
[13:03] Lyr.Lobo grins and nods
[13:03] Lyr.Lobo great, Cuga
[13:03] Cuga.Rajal thanks for taking a look Vincent
[13:03] Cuga.Rajal its a messy issue and not easy to explai
[13:04] Lyr.Lobo no worries here. I have a background in software engineering and testing
[13:04] Lyr.Lobo love this stuff
[13:04] Vincent.Sylvester I'm trying to make sense of how it even gets to sending three, to my brain this should only ever produce two
[13:04] Vincent.Sylvester Might need a night of sleep for that to make sense
[13:05] Cuga.Rajal I have no idea why more than 1 is being sent on my grid. I have 2 regions but they are not adjoining and very far apart
[13:05] Cuga.Rajal I could turn one off to see if it makes a diff, if thats useful
[13:05] Vincent.Sylvester If it's a standalone that might not matter, it may just make a child agent regardless in a standalone setup
[13:06] Cuga.Rajal yeah its a standalong HG
[13:06] Motoko.Karu        .•*♥´¨`•BRB •´¨`♥*•.
[13:06] Vincent.Sylvester Standalone has some internal skips to do some bypassing on connectors and such
[13:06] Vincent.Sylvester Well some at least
[13:06] Vincent.Sylvester It's weird
[13:07] Vincent.Sylvester Also doesn't really help either since this does mean it could break like this in a grid setup as well
[13:07] Vincent.Sylvester We can't detect at that point if the auth is root or child either so that's no easy fix option
[13:08] Vincent.Sylvester To me it smells of viewer given the timing with the profile changes being http related and seeing stuff in the http texture pipe when that's turned off is just too close together
[13:09] Vincent.Sylvester I went back from hg the other day and found it tried to fetch http textures causing some of the textures to go blank
[13:09] Vincent.Sylvester As in blank, not gray as in loading, but blank
[13:09] Cuga.Rajal like the default when the uuid isnt found
[13:10] Cuga.Rajal white
[13:10] Vincent.Sylvester That concerns me a bit, since that's not happened before with hg like this
[13:10] Ubit Umarov: ops
[13:10] Ubit Umarov: wrong btn
[13:10] Vincent.Sylvester It starting with new viewer version that made http changes, coincidence I think not
[13:11] Cuga.Rajal prolly right
[13:11] Vincent.Sylvester I'm sure eventually Beq will sort that out, but yeah her todolist probably as long as mine lately
[13:11] Cuga.Rajal I can see how the inbound HG TP issue is part of a bigger problem
[13:11] Cuga.Rajal and how that makes resolving this one hard
[13:12] Cuga.Rajal bc you want to address it globally the right way
[13:12] Cuga.Rajal which is the roght thing to do
[13:12] Vincent.Sylvester It would not surprise me if it's a library change or something to the http parts of the viewer unearthing bad code elsewhere
[13:12] Vincent.Sylvester After that whole viewer object cache I have a healthy distrust of that
[13:13] Vincent.Sylvester You never know until you try to break it
[13:14] Cuga.Rajal in the case of the external auth module the fix might be simpler, without needing to address bigger issues
[13:14] Cuga.Rajal but I agree, hate adding code just as workaround for FS problem
[13:15] Cuga.Rajal so we'll let this simmer for a bit :)
[13:15] Vincent.Sylvester Same thing with inventory. I tried Kirsten viewer about a year ago and bricked my inventory, because it sets the wrong inventory data
[13:15] Vincent.Sylvester Easy to add a check in there, but every if you add slows things down as well
[13:15] Vincent.Sylvester Not by much, but depending on what it is it will make it slow very quickly
[13:16] Lyr.Lobo smiles an dnods
[13:16] Cuga.Rajal this would only slow down inbound TPs by some milliseconds ... :)
[13:18] Cuga.Rajal I should head out soon..
[13:18] Lyr.Lobo in a jet, that could cause the brakes to fail, but here, probably fine
[13:18] Vincent.Sylvester It's best if all parts adhere to agreed standards and protocols as best as possible, workarounds can quickly devolve into madness, so yeah let's investigate some more, might yield to positive fixes elsewhere if it's really a viewer issue
[13:18] Lyr.Lobo Happy New Year, Cuga
[13:18] Cuga.Rajal Thanks!
[13:19] Lyr.Lobo great recommendation
Personal tools
About This Wiki