-
MattJ
Might not make the 9:30 train...
-
winfried
The others are meeting at 9:00 in the hotel lobby....
-
pep.
ok we just missed this train..
-
MattJ
I made it
-
pep.
ETA 10:20
-
MattJ
K
-
MattJ
Most people just this minute arrived, so getting drinks and setting up stuff, I doubt we'll get much into anything before you get here
-
Holger
But we need your power!
-
vanitasvitae
Do we have a pad for day 2?
-
vanitasvitae
Or is https://etherpad.wikimedia.org/p/XMPPSummit24Day1 being reused?
-
MattJ
Let's make a new one, but link both to each other?
-
vanitasvitae
sure
-
MattJ
They probably won't live here permanently, we can move them over to the wiki at the end
-
vanitasvitae
yeah
-
vanitasvitae
Are you opening a new one or should I?
-
MattJ
Go for it
-
vanitasvitae
https://etherpad.wikimedia.org/p/XMPPSummit24Day2
-
Guus
is there anyone (trying to) join remotely?
-
goffi
Guus: I'm trying now
-
Guus
It should be up and running.
-
goffi
sorry I had an emergency, trying now
-
goffi
yes it's fine
-
goffi
I'm in
-
Zash
<hacker voice> I'm in
-
Zash
Yes hello
-
pep.
Oh you did hear me!
-
vanitasvitae
to be sure, IM NG was the next iteration of "Message Routing", right?
-
vanitasvitae
Like, the plans to ditch full jid routing from last years summit?
-
MattJ
vanitasvitae, correct
-
vanitasvitae
alright.
-
vanitasvitae
And the reason for wanting IM NG is exactly?
-
MattJ
https://xmpp.org/extensions/xep-0409.html is the initial proposal
-
vanitasvitae
What does it solve?
-
vanitasvitae
ah, thanks
-
MattJ
The routing rules in RFC 6121 were made before Carbons, MAM, etc.
-
jonas’
vanitasvitae, several things
-
MattJ
We layered Carbons and MAM on top of them to try to fix the gaps with e.g. having multiple devices, sometimes offline
-
jonas’
1. if you have IM-NG, clients are kind of responsible for declaring if their message needs to be broadcast and archived (by sending to bare JID), and servers are left with less to guess
-
jonas’
2. it removes some "undefined behaviour" wiggle-room from RFC 6121 regarding handling of bare and full-JID messages. specifically, full-JID messages will never be re-routed to a different full-JID under IM-NG, and bare JID messages will always be received by all (online + MAM-capable) resources
-
MattJ
They solved 80% of the problems, and added complexity for servers (and clients) that have to handle all the interactions between these different things
-
vanitasvitae
alright, thanks for the clarification 😉
-
MattJ
IM-NG is essentially and XMPP 2.0 thing without throwing away all the good bits
-
MattJ
It will make life easier for developers
-
dwd@dave.cridland.net
Yeah. Just listen to how much easier this is.
-
vanitasvitae
I can tell 😛
-
Zash
Just YOLO flag day it!!!eleven
-
pep.
(I'm a bit lost around that re minutes)
-
vanitasvitae
Yeah, me too 😀
-
vanitasvitae
So basically the discussion is about uncertain rules for routing of error messages, right?
-
vanitasvitae
Like, edge case handling?
-
dwd@dave.cridland.net
You're welcome to speak aloud. More voices would be useful here I think.
-
MattJ
The current rules are not uncertain - error messages for e.g. delivery errors simply go to the sending device only
-
vanitasvitae
makes sense to me.
-
pep.
I'd appreciate if somebody(tm) with a bit more understanding of the situation could have a look at minutes on this topic
-
MattJ
The reason it's complex is purely because we need backwards compatibility with all the existing clients and servers
-
MattJ
Once we phase out Carbons and the various hacks around it, things will be a lot simpler
-
pep.
*shocked*
-
Intosi
6121 SP2
-
pep.
Service Pack 2 ?
-
vanitasvitae
"Redstone Update"
-
larma
Something unstable you probably don't want to start using for the first year?
-
vanitasvitae
Strange, today there are so many people named "Angie" around...
-
vanitasvitae
Kev keeps repeating "I am Angie too" for some reason...
-
vanitasvitae
Pretty sure he is lying
- Kev sighs
- Intosi inserts GIPHY of Picard facepalm
-
vanitasvitae
The internet is asking if there are any plans to "secure metadata".
-
vanitasvitae
I guess apart from e2ee there is maybe the sender-less messaging on the agenda, right?
-
goffi
I've been to Froscon already, it's open to non german, and very nice meeting
-
goffi
(and nice food)
-
vanitasvitae
I found it less community oriented and more business focussed than FOSDEM.
-
MattJ
vanitasvitae, my personal opinion is "no" - there are other solutions that already do a better job at hiding metadata
-
MattJ
They make a certain set of compromises to achieve that
-
flow
I think we can, besides taking care of the low hanging fruits right now, only start consider securing metadata after the majority of messages exchanged in xmpp is encrypted. One step after another
-
MattJ
flow, and how will the server know where to deliver messages, presence?
-
flow
MattJ, I am not sure if I expressed myself where well as I think you may misunderstood me
-
flow
*very well
-
flow
*after the majority of the payload of messages exchange in xmpp
-
vanitasvitae
you could at least hide the recipient from the sending server
-
MattJ
vanitasvitae, and how would it know where to deliver to?
-
Kev
https://xmpp.org/extensions/xep-0430.html https://xmpp.org/extensions/xep-0386.html https://xmpp.org/extensions/xep-0388.html https://xmpp.org/extensions/xep-0198.html
-
vanitasvitae
well, it obviously has to know the domain jid, but not the exact recipient
-
vanitasvitae
better than nothing
-
vanitasvitae
😛
-
MattJ
vanitasvitae, which goes against the "it's good to run your own server" model that I'm pushing for :)
-
flow
I think it is not productive to put much effort into metadata encryption while we do not even encrypt a majority of the payload
-
MattJ
because you'll never guess who a message to the domain "matthewwild.co.uk" may be destined for!
-
vanitasvitae
😛
-
MattJ
You /can/ hide metadata, but it requires a drastically different protocol architecture to achieve that (e.g. something like a gossip protocol)
-
flow
Also if you are afraid that metadata is an issue, then you probably should not use XMPP at all. That said, if we can protected metadata easily, we sure should consider it.
-
dwd@dave.cridland.net
You could do onion routing over XMPP, of course.
-
MattJ
You can *already* do XMPP over onion routing
-
dwd@dave.cridland.net
Yes, the other way aorund.
-
Intosi
So a hyper onion?
-
flow
I think you lay every other protocol over xmpp, like vuvuzela.io, how interoperable that would/could be is another question
-
pep.
https://upload.bouah.net/upload/9-alObjSJAkgMdDF/R-XEUGHJTb6uBMfnLNL5Yg.jpg
-
pep.
this is day2 topics
-
pep.
oh MattJ did it already :p
-
pep.
Wait no
-
pep.
Missing the pink dots!
-
winfried
And now something totally different... Sunday morning I will be presenting on the XMPP extensions. What extensions do you think I definitely should mention to the Fosdem audience?
-
pep.
What kind of extensions are you presenting? What's the goal?
-
pep.
Funny XEPs? Unused XEPs? Useful XEPs?
-
pep.
(And what for)
-
vanitasvitae
Compliance Suite 2020 😉
-
pep.
Yeah I was gonna say
-
winfried
My goal is that I discovered that developers considering XMPP find the idea of a modulair standard hard to grasp, so I want to do 2 things: explain how the extensions work (as process, idea, not technically) and I want to mention some nice examples on the way.
-
winfried
Compliance suite will definetly be mentioned, because it is a good starting point for many usecases
-
MattJ
winfried, there are three things that people who vaguely know XMPP are concerned about: 1) too many XEPs 2) stuck in the past 3) fragmentation (different clients implement different XEPs)
-
MattJ
So answers are: 1) C Suites / deprecation of old XEPs 2) new XEPs are being submitted and implemented almost every week 3) C Suites aim to solve this
-
pep.
(of which 3) is definitely a feature of XMPP.. just that these people don't get it :x)
-
pep.
Sorry mismatching parentheses
-
MattJ
winfried, heh, someone just linked to your talk in a different MUC :)
-
vanitasvitae
I'd also point out that even if you do some centralized service, XMPP is a good choice as there is already a tried and tested codebase + implementations and building on top of that with custom stuff is very easy.
-
vanitasvitae
Not that I'd suggest doing centralized stuff, but still
-
vanitasvitae
many devs want to
-
winfried
MattJ: good points, I'll make the C-suites more dominant in my talk
-
winfried
MattJ: what MUC?
-
MattJ
winfried, conversations@conference.siacs.eu
-
winfried
MattJ: thanks, can't join... ;-)
-
winfried
vanitasvitae: yeah, I would also like to mention some specific usecases, like real time text (which is very useful for communication with deaf people)
-
vanitasvitae
yeah nice idea
-
winfried
So this is your chance to upvote your great but very specialist XEP for a great exotic usecase ;-)
-
moparisthebest
vanitasvitae, I've thought about the "hiding metadata" thing a bit, the problem being it's only easy 1 way (hiding the recipient from your own server), hiding your JID from the recipients server requires something totally different and much harder, and then there is the roster problem :'(
-
moparisthebest
I still think it's likely worth doing
-
winfried
moparisthebest: it would be quite trival to make an onion routing component for XMPP and turn the XMPP network in a onion routing system....
-
moparisthebest
that might be the way to go to solve both ways the same, then you just have to hide the roster from your own server and you've got yourself a complete system :)
-
vanitasvitae
Coffee break after this?
-
flow
Is there any reason why we should give up the possibility to implement bind2 or sasl2 indepentently from each other?
-
vanitasvitae
coffee!!!
-
Syndace
If someone knows how to get fresh air into this room, please make it flow
-
pep.
(ha ha?)
-
nyco
yes, it stinks
-
vanitasvitae
yeah flow, go for it!
-
flow
I have opened the window in my office, does that help?
-
vanitasvitae
You have to also open the <stream/>
-
Kev
Could you take some of the fresh air and publish it to pep. please?
-
Kev
Are the "IC" trains any different to the "S" trains for my train ticket I bought at the station machine?
-
Daniel
since the ticket machine doesn’t let you choose between the two i always assumed the same ticket is fine for both
-
Kev
Ta.
-
jabberjocke
Any plans for evening?
-
MattJ
Sleeeeeeeeep
-
Intosi
Food as well. There will also be drink, I suspect.
-
goffi
Movim has its own sticker sets already
-
MattJ
goffi, bundled? hosted somewhere?
-
goffi
Initially I think it was shared with BoB, but I'm not sure nowadays, maybe SIMS
-
nyco
yes, goffi based on XHTML-IM?
-
goffi
nyco: Initially, but I think it's SIMS now
-
goffi
not sure, to be checked with edhelas
-
Zash
But does it have a sticker store?
-
goffi
also about file size and directories, we have already all that with Jingle, I have a component doing this for file sharing
-
nyco
and themed emojis for announcers
-
Link Mauve
No, Movim ships them and it’s AFAIK not extensible.
-
goffi
Zash: no store I think they are bundled with the software
-
Link Mauve
He sponsored the drawing of the packs it ships.
-
goffi
most of those problems are the same as with avatar
-
goffi
so it would be nice to have some kind of factorisation there
-
goffi
(different sizes, image formats, etc)
-
vanitasvitae
A Security Consideration would be that sticker sets are external data, so the processing must be secure
-
Daniel
Yes. Also either leaking your ip or your jid everywhere
-
Daniel
That's why having your server copy them over might be interesting
-
goffi
I think that we actually need a server side HTTP proxy that user can request with some kind of identifier, instead of something specific to stickers or anything else.
-
jonas’
I think mastodon-ish-things have something similar
-
moparisthebest
I get the impression other protocols don't really care about leaking private data all over the place
-
vanitasvitae
well, centralized systems dont have this issue at all
-
moparisthebest
(not saying XMPP should be like that, the opposite)
-
goffi
About (X)HTML, please take into account that Movim and SàT are doing blogging, and we already manage a large set of HTML (i.e. not only XHTML-IM). We should probably have a XEP describing good security practive with that.
-
Syndace
I think immutable sets and and copying the set to your own server is the way to go
-
Syndace
but happy to discuss that later/on list
-
vanitasvitae
for privacy yes
-
vanitasvitae
for flexibility no 😀
-
goffi
I don't get everything that MattJ is saying :-/
-
jabberjocke
Intosi: > Food as well. There will also be drink, I suspect. At hotel or other place? Just arrived to Brussels
-
MattJ
goffi, the words or the meaning?
-
nyco
goffi : 3rd point, he forgot :)
-
ivucica
Server-provided stickers would be awesome. Well-known/discoverable pubsub node for sticker collection which lists pubsub nodes containing individual stickers?
-
goffi
MattJ: I don't get all the words ^^.
-
goffi
Are we willing to do a XHML only for IM, or something also used for blogging?
-
MattJ
goffi, my words were saying that 1) clients need to sanitize stuff already anyway 2) XHTML-IM v1 was harder to sanitize because it allows and heavily uses CSS
-
goffi
oh no, here comes markdown again :(
-
goffi
MattJ: OK, thx
-
goffi
Mardown is not a wire format, it's handy and should be use in client, but we should use a real wire format for sharing the content.
-
goffi
Markdown*
-
jonas’
oh dear
-
jonas’
message markup all over again?
-
jonas’
what goffi says is true
-
moparisthebest
goffi, why is XHTML better as a wire format than, say, CommonMark ?
-
goffi
what's wrong with https://xmpp.org/extensions/xep-0394.html? I really love this one?
-
vanitasvitae
Regarding stickers: The internet notes that Zom (the XMPP version) also supported stickers and may be worth a look.
-
goffi
moparisthebest: well, first it's XML, and XMPP is XML
-
moparisthebest
that's probably not a reason
-
Intosi
goffi: agreed on 394.
-
goffi
but I don't say that XHTML-IM is necessarily the best way, I really love XEP-0394, it clean, elegant, and extensible
-
goffi
it's*, sorry for the typos
-
moparisthebest
you still need some specialized parser/display logic to display both XHTML and CommonMark, neither of which comes by default with XML or XMPP
-
Daniel
moparisthebest: is this an encumbrance?
-
moparisthebest
:D
-
goffi
Does anybody takes blogging into consideration, as there are only 2 clients with blogging, I have the feeling it's always ignored.
-
Daniel
so we want something like message styling but make it explict that message styling is being used?
-
vanitasvitae
*.*
-
goffi
Just for the record, here are the complains I've made about markdown in the past (cc moparisthebest): https://mail.jabber.org/pipermail/standards/2017-October/033592.html
-
moparisthebest
goffi, those are all correct as a criticism against "markdown" because it's not specified, but "CommonMark" is specified
-
pep.
goffi, I don't like 394 for what larma just said. It's leaving 393-like info in body without saying that these characters can be removed
-
pep.
And then we're back to parsing body
-
pep.
https://lab.louiz.org/poezio/poezio/issues/3455#note_7769 < what Link Mauve is talking about
-
larma
pep., `<span start="9" end="15" fallback="*"><emphasis/></span>`
-
larma
^ solves the issue of knowing if it's fallback or not
-
goffi
pep.: I don't get what is left in body with XEP-0394? it's all in <markup> isn't it?
-
vanitasvitae
no
-
vanitasvitae
the original message in in <body>
-
vanitasvitae
<markup> only contains markers where certain formatting starts and ends
-
goffi
vanitasvitae: yes the message in <body> and markup in <markup>, that's the point
-
vanitasvitae
okay, I only followed with half an eye, maybe I missed something 😛
-
larma
goffi, the problem is that you may want to have fallback (using 393) in <body> but not display that when 394 is supported
-
goffi
pep.: vanitasvitae: I was meaning what markup is left in the <body>?
-
goffi
larma: why do I want a fallback as long as the message body is visible by everybody? Compatible client add style, not others, what's wrong with that?
-
moparisthebest
whenever you send the same thing in 2 different formats/languages/whatever that opens up all those security issues that aren't practically solvable :/
-
goffi
moparisthebest: that's an issue with legacy XHTML-IM I agree, but not with XEP-0394, the message content is only in <body>, or am I missing something?
-
pep.
Sorry I'm not taking much notes atm as I'm taking part in the discussion actively :x
-
moparisthebest
yep that's right goffi
-
goffi
no worries pep., and thanks a lot (and to the other) for those notes, it helps a log to understand when you're not there.
-
larma
goffi, the "formatting" might be an emphasize that is required to transfer the message
-
larma
loosing this emphasizing might change the message in some cases
-
goffi
Sorry to insist about blogging, but I think we need a XEP to explain best practices to sanitize HTML, and probably a different markup for IM
-
goffi
larma: yes, but in this case fallback can cause trouble too, be can go far with that.
-
larma
goffi, that's why it's complicated 😉
-
moparisthebest
larma, true, like if I'm quoting hitler I likely would not like anyone to think I said it directly instead :/
-
goffi
OK so we're talking only about IM markup there, I wanted to be sure, thanks
-
nyco
thx goffi
-
goffi
(blogging is part of XMPP, even if not IM)
-
goffi
the issue also with markdown, is that there are billions of more or less (in)compatible parser, and developer will use the available one
-
goffi
so rendering may be different because markdown_js is not exactly the same as markdown_rust or markdown_js
-
moparisthebest
goffi, and that's not an issue if you specify CommonMark, right?
-
moparisthebest
https://commonmark.org/ that one
-
Daniel
i think we can at least make some improvements to the current situation by having clients that use 393 make it explicit that they are doing this
-
goffi
moparisthebest: if you are 100% sure that all libs used are commonmark compatible, I guess this would not be an issue, but I highly doubt that we'll have something rendered identically everywhere.
-
moparisthebest
goffi, so like HTML then? :D
-
goffi
Daniel: yes please make it explicit, that one of the main issue I have with XEP-0393
-
Daniel
i mean that's a very easy fix
-
pep.
goffi, that's not enough to me, saying explicitely you do 393
-
goffi
moparisthebest: We have only 2 HTML rendered left, so it's not an issue anymore ;)
-
Daniel
that has no huge side effects
-
goffi
renderer*
-
pep.
Parts of your message could not be markup
-
goffi
maybe 3 with servp
-
goffi
servo
-
moparisthebest
goffi, I'm saying there are plenty of HTML parsers/renderers, and none render quite the same
-
moparisthebest
even though HTML is a standard, same situation with CommonMark
-
moparisthebest
393 just documents what all XMPP/IRC/email clients have been doing since forever, it never removes characters, it's fine as-is imho
-
goffi
pep.: I agree with that, and I was thinking that putting everything in <body> was not necessary anymore with OMEMO now that we have XEP-0420
-
goffi
moparisthebest: Again, I'm not saying that (X)HTML is the best option, I'm pushing more for XEP-0394
-
moparisthebest
also to clarify cramming CommonMark in <body> without any indication would be awful I think everyone agrees, but as far as a specified transport, it's just as valid as XHTML or any other standard
-
goffi
I just need XHTML for blogging (specially when importing external sources like RSS/Atom).
-
moparisthebest
also CommonMark doesn't solve any problems with regard to sanitization, it's a XHTML super-set, so all sanitization rules still apply (any valid XHTML is valid CommonMark)
-
pep.
goffi, agreed, putting everything in body is not a requirement for future work
-
vanitasvitae
I think Marking up messages is a non-problem 😛
-
goffi
We should do like with stickers: a syntax server where everybody can upload a syntax parser in a home made language, so everybody can use it favorite one :D
-
vanitasvitae
😀
-
vanitasvitae
markup as a service
-
goffi
Thanks a lot for the video which was pretty good this year, and live report on etherpad, here and activityPub
-
moparisthebest
Just upload and download webasm binaries goffi ? :D
-
goffi
moparisthebest: great :)
-
moparisthebest
Secure! Flexible! Trustworthy!
-
moparisthebest
Pick only the middle one
-
jonas’
so not commonmark or anything like it?
-
jonas’
sounds like a plan!
-
pep.
And in 5 years everybody wants to do BBCode again
-
pep.
markup fallback is going to be tricky
-
goffi
except with XEP-0394
-
pep.
But then maybe clients will finally understand that they have to translate the input :p
-
vanitasvitae
The internet notes "I think it is important to announce to a client that the text is markdown styled. Similar to how OMEMO messages are announced as such. "
-
pep.
goffi, 394 + fallback yes, still the same issue
-
jonas’
goffi, '394 is meh though. I’d prefer to go back to a restricted XHTML-IM subset.
-
moparisthebest
394 isn't bad, but yet-another markup format that no one uses etc etc, specify something like CommonMark where all the hard work is done and call it a day
-
goffi
the big difference with XEP-0394 is that markup is separated from body content and meaning, no other solution offers that.
-
goffi
so if you don't support it, you still have the plain text body, without having to clean it yourself or to use any kind of fallback.
-
moparisthebest
which has it's own set of problems
-
goffi
moparisthebest: which ones exactly? I still don't get what's wrong with that.
-
moparisthebest
> we should kill all $race_here because they are worthless subhumans
-
moparisthebest
except your client doesn't support 394, so it's not rendered like a quote
-
moparisthebest
it's rendered like I said it
-
moparisthebest
that's... less than ideal
-
pep.
I'm stuck outside, nothing at the front, can somebody open? :p
-
pep.
all good
-
goffi
moparisthebest: well you have usually have context, and you'll have this issue with any markup fallback
-
moparisthebest
it's possibly less of an issue if you just display raw CommonMark ? :/
-
moparisthebest
maybe raw CommonMark in <body> with a flag stating it's CommonMark, then if it is, you can safely parse/display it as intended, and if not the fallback is just to display it directly?
-
goffi
moparisthebest: you're going with XEP-0393 then
-
moparisthebest
there is no perfect solution here I think
-
goffi
seing that we're all arguing with that for years, I guess the perfect solution if it exists is not obvious :)
-
moparisthebest
I just suspect there can never be a perfect solution here: 1. same message, multiple formats/languages - no way to tell if they are different 2. standard non-plaintext format (XHTML/CommonMark/394) - if not supported, plaintext fallback could change meaning or be unreadable for any number of reasons 3. no plaintext fallback - well, no plaintext fallback :)
-
moparisthebest
I *think* that about covers all the options?
-
MattJ
Why did you italicize 'think'?
-
moparisthebest
did I? :)
-
MattJ
Oh, you're right, it's underlined in my other client
-
MattJ
j/k of course :)
-
moparisthebest
bold for me haha
-
moparisthebest
man if we can solve "derive meaning from text messages" we'll really have it made
-
moparisthebest
I guess we do have a standard already to transfer thoughts/intent/meaning over XMPP https://xmpp.org/extensions/xep-0183.html
-
Syndace
Oh, I forgot trading the taxi receipt for money today, shall we do that at fosdem tomorrow?✎ -
Syndace
Oh, I forgot to trade the taxi receipt for money today, shall we do that at fosdem tomorrow? ✏
-
Daniel
In the past I think I just emailed them to Guus or something
-
pep.
ah right I'll do that as well
-
Syndace
ok thanks, will do that
-
lsdlfjljuie
I'm somewhat unhappy to see that people just post fotos of other summit participants on social media. I would have expected to be in an environment where people would at least ask beforehand...
-
dwd
I can see arguments both ways on that. I would expect the summit itself to be public, and in the record.
-
moparisthebest
the video stream was public
-
zash
Don't you need permission to publish pictures from people in the picture?
-
moparisthebest
do we need an opinion from a lawyer in every jurisdiction again?
-
zash
Yes
-
zash
At least in the EU it should be somewhat unified.
-
zash
Also see the "Note Well" thing the IETF does.
-
Martin
> Don't you need permission to publish pictures from people in the picture? In germany you don't have the right on your picture anymore when you attend public events like concerts, summits and so on. I guess it's more or less the same in other European countries.
-
moparisthebest
I don't think anyone would object if you attended the summit wearing a facemask, if you want your privacy