Thursday, March 02, 2017
xsf@muc.xmpp.org
March
Mon Tue Wed Thu Fri Sat Sun
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 28 29 30 31    
             
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

[00:01:01] *** Tobias shows as "away"
[00:02:47] *** Guus has joined the room
[00:03:11] <Ge0rG> Damn, you've got me. I type my gpg password rather often. I can look up the other things for mutt tomorrow if you are interested
[00:03:33] <Zash> I'd rather know how to not quit mutt by accident all the time
[00:04:36] *** winfried has left the room
[00:04:59] *** waqas has joined the room
[00:04:59] <Ge0rG> Unbind the Q key
[00:05:25] <Zash> Whos brilliant idea was it to put quit and 'go back' on the same key anyways?
[00:06:07] *** Mancho has left the room
[00:07:59] <Ge0rG> Zash: it's a sensible idea in general. Except when you want to "leave" a limit filter
[00:08:21] *** waqas has left the room
[00:17:07] *** kalkin shows as "online"
[00:26:20] *** Holger shows as "online" and his status message is "I'm available"
[00:40:22] *** moparisthebest has left the room
[00:49:10] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[00:56:52] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[01:03:32] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[01:03:43] *** moparisthebest has joined the room
[01:06:08] *** moparisthebest has left the room
[01:06:33] *** moparisthebest has joined the room
[01:09:32] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[01:12:05] *** moparisthebest has left the room
[01:14:54] *** moparisthebest has joined the room
[01:15:04] *** jere has joined the room
[01:18:18] *** waqas has joined the room
[01:20:02] *** nicolas.verite has joined the room
[01:30:38] *** bra shows as "online"
[01:32:49] *** jere has left the room
[01:33:01] *** jere has joined the room
[01:33:50] *** jere has left the room
[01:34:04] *** jere has joined the room
[01:34:39] *** jere has left the room
[01:34:45] *** jere has joined the room
[01:40:11] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[01:44:32] *** Yagiza has joined the room
[01:45:04] *** Yagiza shows as "online" and his status message is "Доступен"
[01:46:25] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[01:46:27] *** Tobias shows as "away"
[01:46:28] *** Tobias shows as "away"
[01:46:40] *** nicolas.verite has left the room
[01:46:57] *** nicolas.verite has joined the room
[01:48:54] *** moparisthebest has joined the room
[01:50:11] *** sonny shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[01:50:25] *** jere has left the room
[01:57:24] *** kaboom has left the room
[02:06:24] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[02:09:08] *** Guus has left the room
[02:10:05] *** Guus has joined the room
[02:10:39] *** bra shows as "online"
[02:20:57] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[02:21:47] *** bra shows as "online"
[02:23:25] *** sonny shows as "online"
[02:26:17] *** moparisthebest has left the room
[02:26:24] *** moparisthebest has joined the room
[02:27:24] *** vurpo has left the room
[02:27:28] *** vurpo has joined the room
[02:40:57] *** Lance has joined the room
[02:40:57] *** Lance shows as "online"
[03:03:43] *** Yagiza has left the room
[03:03:44] *** Yagiza has joined the room
[03:03:55] *** Yagiza shows as "online" and his status message is "Доступен"
[03:08:26] *** Lance has left the room
[03:11:01] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[03:13:07] *** Yagiza shows as "away" and his status message is "Автостатус из-за бездействия более чем 10 минут"
[03:17:58] *** nicolas.verite has left the room
[03:30:15] *** narcode shows as "away"
[03:31:01] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[03:42:55] <SamWhited> I have my password saved in a GPG'ed file; mutt unlocks GPG on start to get the password, which also keeps the GPG agent unlocked for 15 minutes or whatever, which works pretty well.
[03:43:07] *** SamWhited has left the room
[03:43:27] *** xnyhps shows as "away" and his status message is "Away"
[03:49:22] *** waqas has left the room
[03:56:58] *** nicolas.verite has joined the room
[04:03:19] *** Kev has left the room
[04:04:52] <Ge0rG> Zash: for incoming mail, you can set pop_pass and imap_pass in imap, or even bind a key to a macro like "cimaps://user@domain:password@server/INBOX\n"
[04:08:33] <Zash> https://tools.ietf.org/html/rfc6778 and https://tools.ietf.org/html/rfc7017
[04:09:22] <Ge0rG> That's so meta.
[04:10:44] <Zash> https://trac.tools.ietf.org/group/tools/trac/wiki/Imap
[04:11:46] <Ge0rG> Zash: you might want to tell the XSF why you are pasting all the URLs in here.
[04:13:39] *** sonny has left the room
[04:16:23] <Zash> Ge0rG: I'm sleep-pasting URLs I think
[04:17:09] <Ge0rG> Zash: time to get coffee, then.
[04:17:28] <Ge0rG> I've had my first coffee of the day at 0430 local time.
[04:18:42] <Zash> Anyways, the IETF seems to have gone through the process of figuring out better ways to access mailing list archives, so I'm trying to nudge people towards looking at the work they did.
[04:30:14] *** Mancho has joined the room
[04:32:53] <Ge0rG> Zash: I'm not sure how IMAP is going to help in that regard. It sounds to me like a mix of NNTP nostalgia and nerd cred.
[04:33:17] <Ge0rG> Zash: I'd like to have a feature where you can search the ML by affected XEPs. So a kind of tagging.
[04:33:40] <Ge0rG> And people write the craziest things into the Subject:, so you can't just /~s XEP-0123
[04:33:55] *** nicolas.verite has left the room
[04:33:59] <Ge0rG> if we could add XEP-xxxx tags post-factum, it would be great.
[04:37:33] <Zash> Makes archives predating your subscription accessible.
[04:38:29] <Ge0rG> Zash: last time I needed that (and it was to correctly reply-to to a mail), I just downloaded the .mbox. I think that the number of people who care about that, outside the IETF, is small.
[04:39:10] <Ge0rG> Zash: and the set of people who fail to import an .mbox into their MUA, but manage to connect to an anon IMAP is probably very small.
[04:41:18] *** moparisthebest has joined the room
[04:42:29] *** SamWhited shows as "online"
[04:44:34] *** Guus has left the room
[04:44:48] <Zash> The underlying point is to look at what a similar organization did about pretty much the same problem.
[04:46:43] <Ge0rG> Okay, I can buy into that
[04:47:43] *** waqas has joined the room
[04:48:07] <Zash> They did end up with a pretty nice search thingy.
[04:51:15] *** Guus has joined the room
[04:51:43] *** Zash shows as "online"
[05:02:10] <Ge0rG> Zash: I hope you don't mean "connect with imap, use your MUA search" approach
[05:05:04] <Zash> Ge0rG: https://mailarchive.ietf.org/arch/
[05:06:06] <Ge0rG> Zash: it looks like a web MUA to me. I searched for "xmpp" and wasn't impressed with the results too much
[05:06:12] <Ge0rG> OTOH, it looks like a MUA.
[05:11:49] *** Zash has left the room
[05:12:32] <Ge0rG> Oh Android. If you register your app as an Intent handler, older versions use "{handler_title}" as the display text, and newer versions use "Open with {handler_title}". I'm pretty sure I'm not the only one to find "Open with Add contact" a strange wording.
[05:14:52] *Ge0rG isn't awake either, yet. Just misread the last members@ thread as "XSF Bored Meeting Minutes".
[05:23:25] *** nicolas.verite has joined the room
[05:25:53] *** xnyhps shows as "away" and his status message is "Away"
[05:25:53] *** xnyhps shows as "online"
[05:27:22] *** waqas has left the room
[05:29:02] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[05:32:32] *** Ge0rG has left the room
[05:32:33] *** Ge0rG shows as "online"
[05:35:02] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[05:39:09] *** Lance has joined the room
[05:39:10] *** Lance shows as "online"
[05:41:02] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[05:49:39] *** Lance has left the room
[05:49:52] *** Ge0rG has left the room
[05:49:52] *** Ge0rG shows as "online"
[05:49:57] *** suzyo has joined the room
[06:03:59] *** Ge0rG has left the room
[06:06:05] *** Tobias shows as "online"
[06:06:07] *** Guus has left the room
[06:06:10] *** xnyhps shows as "online"
[06:06:12] *** xnyhps shows as "online"
[06:06:15] *** Guus has joined the room
[06:06:25] *** nicolas.verite has left the room
[06:07:07] *** Ge0rG shows as "online"
[06:09:49] *** xnyhps shows as "online"
[06:10:56] *** xnyhps shows as "online"
[06:14:15] *** Ge0rG has left the room
[06:14:15] *** Ge0rG shows as "online"
[06:18:56] *** xnyhps shows as "online"
[06:19:52] *** nicolas.verite has joined the room
[06:19:53] *** Tobias shows as "away"
[06:20:10] *** xnyhps shows as "online"
[06:20:46] *** Yagiza shows as "online" and his status message is "Доступен"
[06:21:40] *** goffi has joined the room
[06:22:56] *** Valerian has joined the room
[06:27:18] *** Tobias shows as "online"
[06:30:46] *** Yagiza shows as "away" and his status message is "Автостатус из-за бездействия более чем 10 минут"
[06:33:04] *** xnyhps shows as "online"
[06:33:38] *** suzyo has left the room
[06:35:09] *** SamWhited has left the room
[06:37:08] *** xnyhps shows as "away" and his status message is "Away"
[06:38:00] *** Tobias shows as "away"
[06:43:15] *** nyco has left the room
[06:43:17] *** nyco shows as "online"
[06:43:24] *** nicolas.verite has left the room
[06:43:57] *** xnyhps has left the room
[06:44:01] *** xnyhps shows as "online"
[06:45:14] *** nyco has left the room
[06:45:18] *** nyco shows as "online"
[06:47:46] *** nyco shows as "online"
[06:51:12] *** nyco has left the room
[06:51:17] *** nyco shows as "online"
[06:57:35] *** Ge0rG has left the room
[06:57:37] *** Ge0rG shows as "online"
[06:57:55] *** xnyhps has left the room
[06:58:00] *** xnyhps shows as "online"
[07:04:05] *** arc shows as "away" and his status message is "I'm not here right now"
[07:04:06] *** arc shows as "online"
[07:07:05] *** Steve Kille shows as "online" and his status message is "At Home"
[07:09:08] *** arc shows as "online"
[07:10:34] *** nicolas.verite has joined the room
[07:14:49] *** tim@boese-ban.de shows as "online"
[07:14:55] *** Flow has joined the room
[07:15:06] *** jubalh has joined the room
[07:15:52] *** jonasw shows as "online"
[07:17:37] *** kalkin has left the room
[07:17:48] *** efrit has joined the room
[07:20:06] *** Yagiza shows as "online" and his status message is "Доступен"
[07:21:22] *** kalkin shows as "online"
[07:31:18] *** Flow has left the room
[07:31:32] *** Tobias shows as "online"
[07:32:04] *** mimi89999 has joined the room
[07:32:11] <jonasw> ah, that ietf-mailarchive-thing is nice
[07:32:22] <jonasw> seen it a couple of times
[07:35:34] *** xnyhps has left the room
[07:35:36] *** xnyhps shows as "online"
[07:37:34] *** xnyhps has left the room
[07:37:36] *** xnyhps shows as "online"
[07:39:04] *** xnyhps has left the room
[07:39:11] *** xnyhps shows as "online"
[07:41:47] *** Tobias shows as "away"
[07:41:57] *** suzyo has joined the room
[07:45:28] *** Kev has joined the room
[07:47:24] *** Ge0rG has left the room
[07:47:26] *** Ge0rG shows as "online"
[07:50:41] *** bra shows as "online"
[07:51:40] *** Ge0rG has left the room
[07:51:42] *** Ge0rG shows as "online"
[07:53:22] *** dwd shows as "online"
[07:55:03] *** Steve Kille shows as "away" and his status message is "At Home"
[07:56:23] *** vurpo has left the room
[07:56:25] *** vurpo has joined the room
[07:56:48] *** sezuan shows as "online"
[07:57:16] *** Ge0rG has left the room
[07:57:20] *** Ge0rG shows as "online"
[07:57:59] *** winfried has left the room
[07:58:03] *** winfried has joined the room
[07:58:16] *** Mancho shows as "online"
[08:04:57] *** Valerian has left the room
[08:05:26] *** Steve Kille shows as "online" and his status message is "At Home"
[08:05:50] *** Guus has left the room
[08:06:37] *** Guus has joined the room
[08:08:43] *** Tobias shows as "online"
[08:09:53] <jonasw> I’m starting the writeup of the XEP-115 (Entity Capabilities) replacement. I have a few questions:
1. I would like to acknowledge waqas work and the work of the authors of XEP-115. How do I do that appropriately? The XEP-Template doesn’t have an acknowledgements section, but seeing that XEP-115 (and others) have one, I assume that’s an appropriate way to do it. Correct?
2. In the examples I will need a namespace. Where will I source it from? Should I use a namespace under my own control and the editor will choose a different one when the XEP is accepted as experimental?
[08:10:36] <Kev> Is this a replacement of 115, or an update to 115?
[08:11:52] <daniel> jonasw: there is no formal way for acknowledgements. Most authors just dedicate an entire section to it
[08:12:42] <jonasw> Kev: replacement, you can probably work your way from http://logs.xmpp.org/xsf/2017-02-28/#19:49:01 upwards to see the discussion around that.
[08:13:43] <Kev> Just re-using 115 seems appropriate to me, you're not in need of drastically changing the protocol, are you?
[08:15:04] <Kev> (I note that other things like pubsub have dependencies on 115, so if you write a whole new XEP you're looking at patching a *lot* of XEPs to update those dependencies)
[08:16:21] <daniel> That's probably true
[08:16:42] <jonasw> interesting point, noone seems to have thought about that the other day
[08:17:00] <jonasw> a namespace bump for 115 would be less intrusive probably
[08:17:31] *** uc has joined the room
[08:17:51] *** daniel has left the room
[08:17:52] <Kev> A namespace bump, if needed, or maybe a backwards-compatible update (if possible) seem reasonable to me. But keep in mind it's not coffee-o'clock yet, and I don't even drink coffee.
[08:17:56] *** jubalh has joined the room
[08:18:03] *** daniel has joined the room
[08:18:32] <jonasw> backwards-compatible won’t happen. the algorithm (and I’m not talking about sha1 or something) is broken and in need of fixing for eight years.
[08:18:59] <Kev> I'm not utterly convinced that means it can't happen (forwards-compatible can't happen, certainly), but I'm not convinced it can, either.
[08:19:36] *** Valerian has joined the room
[08:19:59] <jonasw> i should probably announce coffee-o-clock now.
[08:20:07] *** Steve Kille shows as "online" and his status message is "At Home"
[08:20:08] *** Steve Kille shows as "online" and his status message is "At Home"
[08:20:36] *** Tobias shows as "online"
[08:20:40] *** Tobias shows as "online"
[08:20:56] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[08:21:48] <jonasw> in my opinion, xep 60 doesn’t have a dependency on 115, but on 30. it’s just worded badly.
[08:22:44] <jonasw> or rather, "in my reading" than "in my opinion"
[08:24:22] <jonasw> from the amount new work I’m doing for it, an update to 115 feels more appropriate than a new xep, too
[08:24:33] *** Flow has joined the room
[08:25:20] *** Tobias shows as "away"
[08:25:52] *** vurpo has left the room
[08:25:56] *** vurpo has joined the room
[08:29:47] <Flow> Kev, Steve Kille: Would MIX be interested in an atomic CAS for PubSub. For example to race-free replace the subject/topic/... of a node. I'm considering writing a CAS add-on XEP for PubSub.
[08:30:21] <jonasw> what is CAS?
[08:30:25] *Flow always wonders why there is no CAS for PubSub
[08:30:33] <jonasw> (I only know Computer Algebra System, which I assume you don’t mean)
[08:30:39] <Flow> jonasw: compare-and-swap
[08:30:42] <jonasw> ah!
[08:30:45] <jonasw> makes sense.
[08:30:54] *jonasw officially announces coffee-o-clock!
[08:30:56] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[08:31:14] <jonasw> (or rather, tea-o-clock)
[08:31:54] *Ge0rG had two cups of coffee yet. Time to get a new one.
[08:32:17] <jonasw> Flow: I feel that CAS will be hard to implement server-side. when do two XML subtrees compare equal?
[08:32:28] <Flow> jonasw: by node id
[08:32:34] <Flow> err item id
[08:32:38] <Tobias> CAS?
[08:32:39] <jonasw> okay
[08:32:44] <Tobias> ah..nvm
[08:33:24] <jonasw> Flow: CAS would be useful for data storage in PEP nodes, too
[08:33:37] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[08:33:40] <Flow> jonasw: It would be useful everywhere where PubSub/PEP is used
[08:33:51] <jonasw> mostly everywhere :)
[08:33:54] <jonasw> but yes.
[08:34:15] <Flow> and where you want to avoid accidentially deleting existing data because of a race condition
[08:35:46] *** Steve Kille has left the room
[08:36:28] *** Steve Kille has left the room
[08:37:00] <jonasw> there are usecases where you add data instead of replacing by item id :)
[08:37:31] <Tobias> I wonder why 115 didn't just use Canonical XML standard for c14n of disco to later hash it https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/
[08:37:37] *** Steve Kille has joined the room
[08:37:39] *** Steve Kille shows as "away" and his status message is "At Home"
[08:37:50] *** Steve Kille shows as "online" and his status message is "At Home"
[08:38:19] <jonasw> Tobias: I was wondering about that, too, but I think canonical XML is strict with the relative ordering of elements
[08:39:57] *** Steve Kille shows as "online" and his status message is "Hampton"
[08:39:59] *** Steve Kille shows as "online" and his status message is "Hampton"
[08:40:39] <jonasw> also I‘m not sure how many xml libs support c14n; considering that there are *still* some in use which don’t do namespaces properly
[08:40:56] <Tobias> could be, yeah
[08:42:42] <Tobias> jonasw, you're aware of this thread, right? https://mail.jabber.org/pipermail/standards/2011-August/025011.html
[08:44:26] <jonasw> not yet
[08:44:37] <Flow> jonasw: which usecases are that?
[08:44:58] <jonasw> Flow: microblogging-ish :)
[08:45:24] <Flow> ahh right
[08:45:29] <Tobias> jonasw, it discusses a lot issues with current XEP-0115, that should be solved in a new version
[08:45:34] <jonasw> Tobias: thanks!
[08:45:37] <jonasw> I’m looking into it
[08:45:48] <Flow> jonasw: Also https://wiki.xmpp.org/web/XEP-Remarks/XEP-0115:_Entity_Capabilities
[08:46:00] <jonasw> I was also planning to ask standards@ for input when I have a first draft
[08:46:56] *** Yagiza shows as "away" and his status message is "Автостатус из-за бездействия более чем 10 минут"
[08:47:01] <Tobias> Flow, what? the IANA has two registries for hash names?
[08:47:40] <Flow> Tobias: Yep
[08:47:50] <jonasw> that’s a good point; the one we currently use doesn’t list sha3 for example
[08:48:05] <Flow> I discovered that when searching for a registry for ISR-SASL2
[08:48:11] <Tobias> Flow, einmal mit profis :P
[08:48:37] <Flow> Tobias: Hehe, to be fair, that could happen to the XSF too :)
[08:48:56] <Tobias> Flow, nah...we'll only ever have XEP-0300, which can be updated relatively easy
[08:49:07] <Tobias> i think IANA stuff requires lots of time and process
[08:49:20] <Flow> If someone knows if and whom we should tell about this within the IETF/IANA, then please do so/tell me.
[08:49:46] <Flow> Link Mauve: BTW, SASL2?
[08:50:57] *** Steve Kille has left the room
[08:52:33] *** Martin has joined the room
[08:52:59] *** Tobias shows as "online"
[08:53:02] *** Tobias shows as "online"
[08:53:37] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[08:57:28] *** mhterres has joined the room
[09:01:38] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:03:07] <jonasw> does anyone know the rationale for querying a specific disco-node containing the hash in the verification procedure xep 115?
[09:05:15] <Tobias> jonasw, what exactly do you mean?
[09:05:45] <jonasw> example 3 here: https://xmpp.org/extensions/xep-0115.html#discover
[09:06:06] <jonasw> node='http://code.google.com/p/exodus#QgayPKawpkPSDYmwT/WM94uAlu0=' instead of simply querying without node.
is the idea to avoid races with changing capabilities?
[09:06:08] *** dwd shows as "online"
[09:06:14] *** Flow shows as "online"
[09:06:25] *** jubalh has left the room
[09:06:35] <jonasw> hm, it mentions "backwards-compatibility"
[09:06:49] <jonasw> for avoiding races it seems helpful, why was it abandoned?
[09:06:58] <jonasw> (even though races wouldn’t be harmful here)
[09:08:02] <Flow> jonasw: so that you get the result of that very same hash?
[09:08:10] <jonasw> yes
[09:08:14] *** vurpo has left the room
[09:08:14] <Flow> that approach seems sensible to me
[09:08:15] <Tobias> could also help with server side caching i suppose
[09:08:17] *** vurpo has joined the room
[09:08:25] *** nicolas.verite has left the room
[09:08:36] <jonasw> Flow: I don’t like the approach though, from an implementers point of view
[09:08:39] <Flow> e.g. Smack also responds to the last 10 hashes
[09:09:01] <Flow> jonasw: I do like the approach from an implementers point of view
[09:09:14] <Tobias> Flow, you keep a history what sets of features the last 10 smack releases supported?
[09:09:36] <Flow> Tobias: No, disco features are dynamic, not tied to a smack release
[09:09:50] <jonasw> Flow: there is no harm in a race here, because if you get a race with an unknown hash (if you know the hash, you don’t care) you simply get the updated disco#info and discard the hash.
[09:09:52] <Flow> so the last 10 features of the connection
[09:09:55] <Tobias> that yoo, yeah
[09:10:47] <Flow> jonasw: true, no race here, but it helps with other things, like tobias said, server side caching, and I think it's the cleaner approach
[09:10:54] <jonasw> how does it help with server-side caching?
[09:11:08] <Flow> jonasw: The server can cache the response
[09:11:27] <jonasw> hm okay
[09:11:31] <Flow> and send it instead of forwarding the request to the queried client
[09:11:35] <Tobias> jonasw, the server doesn't need to forward the IQ to the to-JID if it knows the from-JID just wants the disco#info for a hash
[09:11:39] <jonasw> makes sense
[09:11:43] <Tobias> it could reply directly
[09:12:28] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:12:29] <jonasw> seems like using a different format for these nodes would be great though: '{ecaps2-namespace}#{hash-algo}.{hash-value}' or something along those lines to make it easily recognizable
[09:13:26] *** dwd shows as "online"
[09:13:26] <jonasw> right now a server needs to track the 'node' exported in <{caps}c/> to know whether a disco-node is a caps hash
[09:13:26] *** Valerian has left the room
[09:13:27] *** Valerian has joined the room
[09:13:30] *** Valerian has left the room
[09:13:30] <jonasw> *belongs to a caps hash
[09:16:18] *** Holger shows as "online" and his status message is "I'm available"
[09:20:41] *** Guus shows as "online"
[09:27:10] <jonasw> is there an element I can use to link to another section in a XEP?
[09:27:21] <jonasw> except <link url='#anchor'/>
[09:27:34] *** Valerian has joined the room
[09:28:59] <dwd> IANA has *no* registry for hash names. IANA has several protocol registries to cover parameters for hashes, some of these are strings.
[09:29:51] <jonasw> dwd: that makes sense and explains the odd titles for those registries.
[09:30:26] <Flow> like "Named Information Hash Algorithm Registry"
[09:30:38] <dwd> We co-opted one for our purposes in XEP-0300, but it's originally for PKIX, so it contains OIDs as well.
[09:30:59] *** jubalh has joined the room
[09:31:00] <dwd> Maybe we should also allow urn:oid:2.16.840.1.101.3.4.2.1 for SHA-256?
[09:31:09] <jonasw> no
[09:31:12] <jonasw> no no no no
[09:31:13] <Tobias> dwd, although that one hasn't been updated since 2000something
[09:31:16] *** kalkin has left the room
[09:31:20] <jonasw> oids are a mess.
[09:31:22] *** ralphm shows as "online"
[09:32:03] <dwd> jonasw, How can you say that? They're terribly convenient stable identifiers. Even if Surevine only has one OID arc (Isode has two - snazzy).
[09:32:05] <jonasw> ugh, the names in xep-0300 are longer than some base64-encoded hash values themselves…
[09:32:28] <Tobias> jonasw, what names?
[09:32:31] <jonasw> dwd: as long as you don’t need to parse them semantically, it’s fine probably, like urns
[09:32:37] <jonasw> Tobias: <var>
<name>urn:xmpp:hash-function-text-names:md5</name>
<desc>Support for the MD5 hashing algorithm</desc>
<doc>XEP-0300</doc>
</var>
[09:32:53] <Tobias> yeah...that's so people don't used md5 :P
[09:33:10] <dwd> jonasw, Oh, the feature names.
[09:33:12] <Tobias> jokingly
[09:33:34] <jonasw> well, close.
>>> len(base64.b64encode(hashlib.sha256().digest()).decode("ascii"))
44
>>> len("urn:xmpp:hash-function-text-names:sha-256")
41
[09:34:02] <dwd> jonasw, Well, that's a reason to use SHA3-512, then.
[09:34:35] <jonasw> my python cannot into sha3
[09:34:58] <jonasw> hm, 3.6 can’t either…
[09:35:20] <Tobias> #sad
[09:35:34] <jonasw> but that looks like a configuration problem; it also doesn’t have BLAKE2b512 which is available in 3.5 here
[09:36:26] <mathieui> jonasw, 3.6 can do sha3 just fine
[09:36:29] <jonasw> Tobias: did you mean <sad/>?
[09:36:41] <jonasw> mathieui: yes, it appears to be a problem with my python3.6.0a3 probably sourced from debian/experimental
[09:36:43] <Tobias> jonasw, nah..i mean the trumpish hashtag sad ;)
[09:37:06] *** kalkin shows as "online"
[09:37:10] <Tobias> jonasw, so 3.6 doesn't have blake2 but 3.5 has?
[09:37:13] <jonasw> Tobias: or rather xep-14 <x xmlns="jabber:x:tone">sad</x>? :>
[09:37:25] <jonasw> Tobias: as I said: it’s most likely an issue with my local setup, the documentation says it is there:
[09:37:28] <jonasw> https://docs.python.org/3/library/hashlib.html
[09:37:47] <mathieui> Tobias, 3.6 has blake2 as well
[09:38:03] <Tobias> nice
[09:38:29] <jonasw> meh, short names for the functions in xep-0300 would be great
[09:38:33] <jonasw> or am I just missing those?
[09:38:46] <dwd> jonasw, The long names are only used in the disco#info, right?
[09:38:51] <jonasw> dwd: it apperas so
[09:39:04] <dwd> jonasw, The actual use in protocol are short names, like "md5".
[09:39:26] <jonasw> dwd: but there doesn’t seem to be a registry or source to refer to on which short name to use for which function.
[09:39:28] *** Piotr Nosek has joined the room
[09:39:36] <Tobias> jonasw, table 1 has short hash function names
[09:39:50] <jonasw> for some, yes.
[09:40:08] <Tobias> see the sentence before the table
[09:40:11] <jonasw> it is lacking sha3-{224,384} for example
[09:40:15] <jonasw> even including that sentence
[09:40:35] <Tobias> well yeah..didn't see much sense in those intermediate values
[09:40:49] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[09:41:15] <jonasw> fair point
[09:41:27] <jonasw> re-using 0300 makes a lot of sense
[09:41:47] <Tobias> the standard should probably be 256bit ones, and if you need more security, might as well go to 512 bit then
[09:41:53] *** bra shows as "online"
[09:43:07] <jonasw> hm, would making new hash functions mandatory trigger a bump on the <hash/> element…?
[09:43:11] <jonasw> that sounds like a *lot* of fallout.
[09:44:52] <Flow> jonasw: why should it trigger a (namespace?) bump?
[09:45:15] *** sonny shows as "online"
[09:45:26] <jonasw> Flow: I don’t know. I’m asking.
[09:47:48] <Guus> *couch*Flow logo*couch*
[09:49:58] *** Tobias shows as "online"
[09:52:50] *** Piotr Nosek shows as "away" and his status message is "Away"
[09:52:57] *** Piotr Nosek shows as "online"
[09:58:19] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[09:59:21] *** Tobias shows as "away"
[10:00:56] *** mhterres shows as "away" and his status message is "I'm not here right now"
[10:00:56] *** mhterres shows as "away" and his status message is "I'm not here right now"
[10:02:11] *** mhterres shows as "away" and his status message is "I'm not here right now"
[10:02:11] *** mhterres shows as "online"
[10:11:06] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[10:14:44] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[10:14:47] *** tim@boese-ban.de shows as "online"
[10:14:57] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[10:15:01] *** tim@boese-ban.de shows as "online"
[10:16:10] *** Mancho has left the room
[10:16:49] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:17:06] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[10:17:48] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[10:17:51] *** tim@boese-ban.de shows as "online"
[10:18:40] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:20:38] *** dwd shows as "online"
[10:20:57] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[10:22:27] *** Yagiza shows as "online" and his status message is "Доступен"
[10:22:29] *** Mancho shows as "online"
[10:22:51] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[10:22:52] *** ralphm shows as "online"
[10:23:30] *** Mancho has left the room
[10:23:43] *** Mancho shows as "online"
[10:23:43] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[10:24:18] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:25:14] *** Tobias shows as "online"
[10:25:27] *** Tobias shows as "away"
[10:26:10] *** Alex has joined the room
[10:26:50] *** Flow shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:29:10] *** sonny shows as "online"
[10:29:36] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:29:49] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[10:29:51] *** ralphm shows as "online"
[10:30:43] *** tim@boese-ban.de shows as "online"
[10:31:08] *** dwd shows as "online"
[10:31:41] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:33:07] *** Yagiza shows as "away" and his status message is "Автостатус из-за бездействия более чем 10 минут"
[10:34:19] *** bra shows as "online"
[10:35:34] *** Yagiza shows as "online" and his status message is "Доступен"
[10:35:38] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:37:47] *** Holger shows as "online" and his status message is "I'm available"
[10:40:04] *** sonny shows as "online"
[10:40:37] *** ralphm shows as "online"
[10:42:24] *** Kev shows as "away"
[10:43:56] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[10:43:57] *** ralphm shows as "online"
[10:44:36] *** vurpo has left the room
[10:44:40] *** vurpo has joined the room
[10:45:47] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:49:30] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:49:55] *** ralphm shows as "online"
[10:52:32] <jonasw> Kev: out of curiousity, what software are you talking about in your mail from 09:57+01:00?
[10:53:27] <Tobias> i just assumed that mail was some weird welsh humor :)
[10:56:17] <dwd> jonasw, I suspect it's mailman...
[10:56:46] <Guus> as we're all here: Does any more need to be discussed regarding https://github.com/xsf/xmpp.org/pull/269 ?
[10:56:54] <Guus> or rather: my merging of it?
[10:56:54] <Tobias> dwd, a new version of mailmain you mean?
[10:57:00] *** Flow shows as "online"
[10:57:10] <Tobias> or the current mailman?
[10:57:25] <dwd> Tobias, No, I think it's just whatever we're using now. I suspect there might - might - be sarcasm at play here.
[10:57:35] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:57:50] <jonasw> Guus: FWIW, github has a review feature, and it may make sense to have one or two eyes confirm that they took a close look on the changes, possibly leaving comments.
[10:58:04] <Tobias> dwd, never seen him use that before though
[10:58:04] *** Yagiza has left the room
[10:58:22] <dwd> Tobias, No, it's unusual in those who are cursed by not being English.
[10:58:58] <Tobias> dwd, you misspelled 'blessed' there
[10:59:19] <jonasw> I had to change my editors dictionary to en_US (from en_GB) to write XEPs :<
[10:59:30] *** sonny shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:59:35] <dwd> What? Why?
[10:59:45] <jonasw> because XEP-0134 (or -0001?) says so.
[11:00:00] <dwd> Sounds like a candidate for a PR, then. :-)
[11:00:07] <jonasw> https://xmpp.org/extensions/xep-0143.html#nt-idp1712848
[11:00:07] *** ralphm shows as "online"
[11:01:17] *** sonny has left the room
[11:01:19] *** sonny shows as "online"
[11:01:49] <Guus> jonasw: I don't disagree, but as far as I know, that feature is not used by XSF. We could, sure. I don't feel that there's a need for it here (the consequences of missing something in a PR review are very unlikely to be catastrophic for our website, and I prefer a continuous release cycle), but I accept that others think differently.
[11:02:24] <jonasw> Guus: it’s really low-entrance-barrier though (if you’re a github user), and I don’t mean that it should be *mandatory*.
[11:03:09] <Guus> jonasw: I'm using it for other projects. Not knowing when to use it appears to be my problem. :) I thought your PR was fine.
[11:03:56] <jonasw> have you checked I didn’t slip in a
try:
shutil.rmtree("/")
except:
pass
in? :)
[11:03:56] <Guus> I am assuming that you thought so, because you PR'ed it in the first place.
[11:04:20] <jonasw> I’m new in the XSF, my word shouldn’t count a thing when I add code to servers.
[11:04:26] *** kaboom has joined the room
[11:04:47] *** Holger shows as "away" and his status message is "I'm away"
[11:04:48] *** Holger shows as "online" and his status message is "I'm available"
[11:05:09] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:05:34] <Guus> Oh, you could have slipped in things. I recognized your name, I glanced at the code, I ran it locally, it had the desired effect and did not delete my root partition. That combined made merging the PR an acceptible risk for me.
[11:05:47] <jonasw> :-)
[11:06:00] *** Kev shows as "online"
[11:07:12] <jonasw> I’m just saying that I completely understand the point of people asking for thorough reviews. I would do the same if it was my infrastructure.
[11:07:46] <Guus> Who am I to object to thorough reviews?
[11:08:21] <Guus> I think mine was thorough enough by my standards, but I am fully aware that others have different standards.
[11:08:31] <Kev> I think there's a significant difference between 'updating text on the website', which I'm fine with people generally having access to do. And "running code on our servers", for which most people don't have rights.
[11:08:47] <Tobias> Guus, i agree though that i should probably have left a note in the PR that I was planning to review it soonish
[11:09:14] <Kev> Running code that people thought was fine, but wasn't sensibly vetted caused us to not take part in GSoC last year, and huge amounts of wasted effort for me in the process, not to mention the downtime of the server so the XSF couldn't fulfil its primary purpose for a day.
[11:09:31] <dwd> FWIW, the pelicanconf.py file (the only one, as I understand it, that is executed on the server) looks perfectly safe to me and adequately simple.
[11:10:05] <dwd> It also looks clearly bounded, in as much as I can solve the halting problem in my head.
[11:10:23] <Tobias> dwd, as far as I know https://github.com/xsf/xmpp.org/blob/master/buildCompleteWebsite.sh is run to build the whole website on the server
[11:10:32] <Kev> I think the more crises someone has been through with production servers, the less blazé they get about deployment :)
[11:10:36] <Tobias> because pelican has very limited capabilities
[11:11:09] <Kev> Anyway, I don't object to the PR based on the description, I just don't want any code deployed on XSF servers that hasn't been reviewed by iteam.
[11:11:09] <jonasw> Tobias: it can do anything python can if you put it in the pelicanconf :>
[11:11:12] <Guus> Kev: I've been a production herding developer, professionally, for 10+ years.
[11:11:39] <Kev> Guus: And how many times has pushing something without checking it caused a day's worth of downtime for you? ;)
[11:11:45] *** ralphm shows as "online"
[11:11:50] <Tobias> jonasw, probably
[11:11:55] <Guus> including websites that have significant amount of views (millions, monthly)
[11:12:15] <Guus> Kev: I did check.
[11:12:18] <dwd> Kev, I think you may mean blasé, rather than blazé.
[11:12:32] *** sonny shows as "online"
[11:12:32] <Kev> dwd: I very much do.
[11:12:39] *** sonny shows as "online"
[11:12:52] <dwd> Although there's an argument for either.
[11:12:54] <Kev> Guus: Then I have no objection. Your original comment didn't mention that you'd reviewed the code, just run it locally.
[11:13:33] <dwd> jonasw, So, not threading, then? :-)
[11:13:35] <Kev> Well, I still have an objection in principle, because I think the server admins should get to review the code too, but I'm happy in this instance if you've reviewed the code.
[11:14:53] <Guus> Kev: I'm pretty sure I did not review it up to your standards. I'm also not worried by that.
[11:15:04] <jonasw> dwd: depends on the specific python implementation and the specific task. Python can very much thread in the sense that C extensions which are called from python code from different threads may in fact run in parallel. It is just pure python code which, on CPython at least, isn’t run in parallel. :)
[11:15:13] *** Tobias shows as "online"
[11:15:28] <dwd> Kev, This is build-time code, incidentally, not runtime code. So I'd hold it to lower standards.
[11:15:43] <Kev> jonasw: "Python can totally thread, as long as you code in C instead of Python"? :)
[11:15:48] <dwd> jonasw, Yeah, I'm only too aware...
[11:16:01] <jonasw> Kev: pretty much
[11:16:42] <Kev> dwd: When it's run on the server, I'm not sure the standards need to be much lower. If it's malicious, same effect, if it manages to resource-starve and bring down the server, same effect. There are some runtime cases (resource-heavy, but not resource-starving) that don't apply, but the standard's still pretty high.
[11:17:45] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:17:46] <jonasw> actually, this is why in the organisations I use pelican, the build system and the contents are separate repositories. The build system repository has strict review requirements, content lesser so.
[11:18:00] <jonasw> (although, fun fact: pelican lets you write to arbitrary files from the content files alone :-))
[11:18:10] <jonasw> (well, the current master branch doesn’t anymore)
[11:18:29] *** ralphm shows as "online"
[11:19:24] <Tobias> jonasw, templates probably still can though, right?
[11:19:47] <jonasw> not sure about that, but I don’t consider templates content.
[11:19:50] <Kev> Anyway, my opinion isn't going to matter for long. My new games PC has just arrived, and Cath is going to kill me as soon as she gets home and sees the den.
[11:20:32] <Tobias> heh :)
[11:22:04] <Guus> You have time for a games PC? *envy*
[11:23:26] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:23:39] <Kev> Sure. It just sits there, it doesn't need much time.
[11:23:46] <Kev> Now playing games, that would take more time...
[11:24:17] <jonasw> I would like to re-ask my question now that more people are active. When writing a new XEP, in the examples and specification I will need a namespace. Where will I source it from? Should I use a namespace under my own control and the editor will choose a different one when the XEP is accepted as experimental?
[11:24:42] <Guus> which of both is what will get you killed later today?
[11:25:02] *** dwd shows as "online"
[11:25:03] <Kev> jonasw: It's easiest for the Editors if you use an appropriate NS from the start, although technically IIRC the Editors should pick one.
[11:25:13] <jonasw> okay
[11:25:34] <Kev> Stripping out your NS to replace it with an xmpp one at publication time is mostly busy-work.
[11:25:47] <Kev> And while the other Editors are much less lazy than me, stil ... :)
[11:25:50] <jonasw> ack
[11:25:55] *** Tobias shows as "away"
[11:26:08] <jonasw> just wanted to make sure that I don’t overstep any boundaries by suggesting a namespace from the xmpp-urn-namespace
[11:26:22] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:27:50] *** sonny shows as "online"
[11:27:56] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:29:30] <Kev> jonasw: It's slightly tweaking the process, but it's the sensible thing to do, and what everyone else does.
[11:30:07] <Kev> Guus: The mess, and that I'm not intending getting rid of my old games PC, but running both in parallel both run the risk of death-by-spouse.
[11:30:16] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:32:16] <Guus> Kev: in which case, I am glad I had the chance to meet you in person at FOSDEM, before your premature death.
[11:33:40] <jonasw> is there any precendent to form arbitrary (i.e. entity controlled) disco#info nodes from an urn:xmpp:-namespace? so for http://… namespaces it’s obvious to use # as a separator, is there any precedent what to use with urn:xmpp:-namespaces?
[11:34:18] *** Tobias shows as "online"
[11:34:29] <Kev> I'm afraid I'm too stupid to understand the question.
[11:35:22] *** dwd shows as "online"
[11:35:29] <Tobias> jonasw, so you want to have dynamic namespaces, not previously defined in a XEP or registry?
[11:35:41] <jonasw> not namespaces, but disco#info node names
[11:35:52] <jonasw> nah, I’m too stupid to formulate it clearly. see in https://xmpp.org/extensions/xep-0115.html#discover
<query xmlns='http://jabber.org/protocol/disco#info'
node='http://code.google.com/p/exodus#QgayPKawpkPSDYmwT/WM94uAlu0='/>
the node there is composed of a URL base and a hash value.
[11:36:53] <jonasw> I don’t see the point of using some client-provided string as a prefix so I would like to use the namespace of the XEP as prefix. what kind of separator makes sense between the prefix and the hash info? Is there a precedent for that?
[11:37:56] *** Flow shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:38:13] <jonasw> ah yes, it appears so
[11:38:13] *** Flow shows as "online"
[11:38:22] <jonasw> xep 290 also uses #
[11:38:27] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:40:39] *** ralphm shows as "online"
[11:42:14] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:43:53] *** kalkin has left the room
[11:44:31] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:46:23] *** kalkin shows as "online"
[11:48:35] *** Valerian has left the room
[11:48:35] *** kaboom has left the room
[11:48:38] *** Valerian has joined the room
[11:50:05] *** Zash has joined the room
[11:51:08] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[11:51:44] *** Yagiza has joined the room
[11:52:14] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:53:26] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[11:54:30] *** Flow shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:55:12] *** Valerian has left the room
[11:55:12] *** Valerian has joined the room
[11:58:15] *** vurpo has left the room
[11:58:19] *** vurpo has joined the room
[11:58:56] *** Tobias shows as "away"
[11:59:21] *** kalkin has left the room
[11:59:39] *** kalkin shows as "online"
[12:00:39] *** Guus has left the room
[12:01:16] *** Guus shows as "online"
[12:02:02] *** kaboom has joined the room
[12:03:27] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[12:04:35] *** kaboom has left the room
[12:04:35] *** kaboom has joined the room
[12:05:23] *** kaboom has left the room
[12:05:23] *** kaboom has joined the room
[12:06:18] *** Martin shows as "away" and his status message is "Away"
[12:08:14] *** kaboom has left the room
[12:08:29] *** tim@boese-ban.de shows as "online"
[12:10:26] *** Valerian has left the room
[12:10:27] *** Valerian has joined the room
[12:11:06] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[12:11:31] *** Valerian has left the room
[12:15:35] *** vurpo has left the room
[12:15:36] *** vurpo has joined the room
[12:16:26] *** Martin shows as "away" and his status message is "Away"
[12:17:34] *** kalkin has left the room
[12:17:46] *** Zash shows as "online"
[12:19:37] *** Guus has left the room
[12:20:59] *** Flow shows as "online"
[12:21:38] *** Guus shows as "online"
[12:26:13] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:29:13] *** bra shows as "online"
[12:30:26] *** kalkin shows as "online"
[12:33:41] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[12:36:13] *** Flow shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:36:41] *** Flow shows as "online"
[12:37:23] *** nicolas.verite has joined the room
[12:42:20] *** suzyo has left the room
[12:42:25] *** nicolas.verite has left the room
[12:42:35] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[12:42:39] *** Alex shows as "online"
[12:43:01] *** sezuan has left the room
[12:44:11] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:45:30] *** nicolas.verite has joined the room
[12:47:57] *** sezuan shows as "online"
[12:48:44] *** Holger shows as "online" and his status message is "I'm available"
[12:49:28] *** Zash shows as "online"
[12:49:31] *** Zash shows as "online"
[12:49:55] *** Flow shows as "online"
[12:50:00] *** dwd shows as "online"
[12:52:03] *** Guus has left the room
[12:52:39] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[12:52:47] *** Martin shows as "away" and his status message is "Away"
[12:52:51] *** Guus shows as "online"
[12:56:31] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:57:27] *** Martin shows as "away" and his status message is "Away"
[12:57:31] *** Martin shows as "online"
[12:58:01] *** Valerian has joined the room
[12:58:59] *** Flow shows as "online"
[13:02:36] *** suzyo has joined the room
[13:04:57] *** nicolas.verite has left the room
[13:05:01] *** nicolas.verite has joined the room
[13:07:39] *** kaboom has joined the room
[13:07:43] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:08:28] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[13:09:24] *** Yagiza has left the room
[13:10:29] *** Flow shows as "online"
[13:10:57] *** MattJ shows as "online"
[13:12:39] *** Alex shows as "xa" and his status message is "Auto-Status (untätig)"
[13:14:24] *** ThurahT shows as "away"
[13:14:24] *** ThurahT shows as "online"
[13:15:37] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:16:54] *** Yagiza has joined the room
[13:17:06] *** Yagiza shows as "online" and his status message is "Hataraite imasu (работаю)"
[13:17:22] *** nicolas.verite has left the room
[13:17:25] *** Flow shows as "online"
[13:19:03] *** intosi has joined the room
[13:20:26] *** intosi has left the room
[13:20:27] *** intosi has joined the room
[13:21:08] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:21:08] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:21:37] *** Alex shows as "online"
[13:22:17] *** daniel has left the room
[13:22:28] *** daniel has joined the room
[13:28:21] *** Mancho has left the room
[13:28:30] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[13:33:35] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:33:35] *** mhterres shows as "online"
[13:36:40] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:39:22] *** sonny shows as "online"
[13:41:22] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:42:33] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:42:33] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:43:23] *** Tobias shows as "online"
[13:44:40] *** dwd shows as "online"
[13:45:23] *** nicolas.verite has joined the room
[13:45:29] *** jubalh has joined the room
[13:45:59] *** jubalh has left the room
[13:51:06] *** Tobias shows as "away"
[13:51:07] *** Steve Kille shows as "away" and his status message is "Hampton"
[13:51:11] *** Steve Kille shows as "online" and his status message is "Hampton"
[13:53:10] *** bra shows as "online"
[13:53:37] *** daniel has left the room
[13:54:06] *** daniel has joined the room
[13:54:33] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[13:56:33] *** mhterres shows as "away" and his status message is "I'm not here right now"
[13:56:33] *** mhterres shows as "online"
[13:59:00] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:59:05] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:59:36] *** daniel has left the room
[14:00:35] *** ralphm shows as "online"
[14:00:58] *** Piotr Nosek shows as "away" and his status message is "Away"
[14:01:59] *** mhterres shows as "away" and his status message is "I'm not here right now"
[14:01:59] *** mhterres shows as "away" and his status message is "I'm not here right now"
[14:02:16] *** sezuan has left the room
[14:02:34] *** sezuan shows as "online"
[14:05:08] *** sezuan has left the room
[14:05:12] *** sezuan shows as "online"
[14:05:43] *** sezuan has left the room
[14:06:12] *** sezuan shows as "online"
[14:07:06] *** sezuan has left the room
[14:07:30] *** sonny shows as "online"
[14:07:40] *** sezuan shows as "online"
[14:08:40] *** narcode shows as "online"
[14:09:08] *** Piotr Nosek shows as "online"
[14:14:13] *** ThurahT shows as "away"
[14:14:13] *** ThurahT shows as "away"
[14:14:35] *** mhterres shows as "away" and his status message is "I'm not here right now"
[14:14:35] *** mhterres shows as "online"
[14:19:19] *** jonasw shows as "away" and his status message is "I'm not here right now"
[14:19:19] *** jonasw shows as "away" and his status message is "I'm not here right now"
[14:19:34] *** kalkin has left the room
[14:20:34] *** jonasw shows as "away" and his status message is "I'm not here right now"
[14:20:34] *** jonasw shows as "online"
[14:20:48] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:21:36] *** Tobias shows as "online"
[14:22:26] *** dwd shows as "online"
[14:22:58] *** Steve Kille shows as "away" and his status message is "Hampton"
[14:25:19] *** xnyhps shows as "away" and his status message is "Away"
[14:27:32] *** Kev shows as "away"
[14:27:51] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[14:28:14] *** Zash has left the room
[14:28:34] *** moparisthebest shows as "online"
[14:29:04] *** bra shows as "online"
[14:29:05] *** sonny shows as "online"
[14:29:24] *** sonny has left the room
[14:29:24] *** sonny shows as "online"
[14:29:26] *** sonny shows as "online"
[14:29:26] *** sonny shows as "online"
[14:29:28] *** moparisthebest has left the room
[14:29:35] *** moparisthebest shows as "online"
[14:30:54] *** Tobias shows as "away"
[14:32:31] *** ThurahT shows as "away"
[14:32:31] *** ThurahT shows as "online"
[14:32:47] *** jonasw has left the room
[14:33:03] *** Martin shows as "online"
[14:33:03] *** Martin shows as "away" and his status message is "Away"
[14:34:10] *** daniel has joined the room
[14:35:22] *** Alex has left the room
[14:36:06] *** kalkin shows as "online"
[14:36:35] *** sezuan has left the room
[14:36:36] *** sonny shows as "online"
[14:36:39] *** sezuan shows as "online"
[14:37:39] *** Martin shows as "away" and his status message is "Away"
[14:37:43] *** Martin shows as "online"
[14:39:40] *** daniel has left the room
[14:40:03] *** Tobias shows as "away"
[14:40:20] *** Steve Kille shows as "online" and his status message is "Hampton"
[14:43:13] *** Kev shows as "online"
[14:43:45] *** sezuan has left the room
[14:43:51] *** sezuan shows as "online"
[14:44:30] *** sezuan has left the room
[14:44:48] *** sezuan shows as "online"
[14:47:00] *** SamWhited shows as "online"
[14:47:15] *** Guus has left the room
[14:47:37] *** Guus shows as "online"
[14:48:21] *** Valerian shows as "away" and his status message is "Away"
[14:50:30] *** sezuan has left the room
[14:50:42] *** daniel has joined the room
[14:51:01] *** sezuan shows as "online"
[14:54:53] *** Tobias shows as "online"
[14:55:13] *** suzyo has left the room
[14:56:07] *** jubalh has joined the room
[14:58:20] *** Valerian shows as "away" and his status message is "Away"
[15:00:29] *** pep. has left the room
[15:00:40] *** pep. shows as "online"
[15:00:45] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:04:30] *** suzyo has joined the room
[15:04:35] *** Flow shows as "online"
[15:05:14] *** ThurahT shows as "away"
[15:05:15] *** ThurahT shows as "away"
[15:06:13] *** Piotr Nosek has left the room
[15:09:44] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:10:03] *** jonasw shows as "online"
[15:11:09] *** Flow shows as "online"
[15:13:09] *** arc shows as "online"
[15:13:09] <arc> the argument that won me over on not allowing clients to dictate their resource was that of distributed hosting routing
[15:13:19] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[15:14:08] <Tobias> you mean clustering?
[15:14:25] *** bra shows as "online"
[15:16:00] <arc> sure, whatever term you want to have for a @server hosted by multiple servers. and sorry i completely misread the conversation above, so that statement was kinda out of the blue
[15:16:20] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:17:05] <Ge0rG> I'm still not convinced of that clustering use case. "Google does it this way" doesn't cut it for me.
[15:17:19] <arc> Ge0rG: we're going to need it for IoT
[15:17:26] *** dwd shows as "online"
[15:17:35] <Kev> Ge0rG: Well, I guess it'd be interesting if you could explain how you solved it in your clustered server, to persuade the other clustered server vendors that it's easy?
[15:18:02] <Ge0rG> Kev: wait, let me fire up a bunch of dockers.
[15:18:37] <arc> right now prosody can effectively handle 40k concurrent users on an average AWS instance last i ran the brute force test. in order to scale to the size that some of these IoT manufacturers want you need multiple servers, ideally geographically distributed
[15:19:17] *** nicolas.verite has left the room
[15:19:22] <Ge0rG> arc: what about running different per-region domains?
[15:19:49] *** Zash shows as "away"
[15:19:51] <arc> the last sit-down I had with an IoT manufacturer they said 10m units is what they consider base level, and any solution they consider should be able to scale to ten times that
[15:20:51] *** lskdjf has joined the room
[15:20:58] <Ge0rG> are there any xmpp installations handling north of 1m connections? I only remember WhatsApp's we-are-awesome post in that regard.
[15:21:15] <Tobias> really wonder if all those IoT devices need permanent connections
[15:21:21] <SamWhited> per-region domains is changing the security model. Also, it means if I live in the US, but I travel to China, I'm still connecting to my server in the US (or whatever domain I registered on). We were talking about single domains, multiple-domains is a completely different thing.
[15:21:25] <Ge0rG> Tobias: of course they do!
[15:21:33] <arc> Tobias: for receiving input, yes. though they're not very active.
[15:21:40] <SamWhited> Ge0rG: I can't give exact figures (and don't know them anyways), but I'm pretty sure we (HipChat) are.
[15:21:56] <SamWhited> (and we also use the server-assigned-resource-part-for-routing solution, FWIW)
[15:21:56] <MattJ> FWIW Prosody's clustering will use the resource for internal routing purposes
[15:21:57] <arc> in one case a device wanted to send a "heartbeat" with 12 bytes of data every 6 seconds (1/10th of a minute)
[15:22:14] <Ge0rG> arc: that's a very intensive use case
[15:22:32] <arc> Ge0rG: yes, and each device having a retail price of around $15
[15:22:45] <arc> that's the future we face and have to plan for
[15:22:50] <Kev> I like that Arc has such a high opinion of our maths that he had to explain that 6 seconds was 1/10 of a minute :D
[15:22:56] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:23:13] <arc> Kev: sorry i haven't had my tea yet lol
[15:24:10] <jonasw> tea <3
[15:24:23] <Guus> I for one wonder how many seconds 2/10 of a minute is.
[15:24:32] <arc> I will readily admit that a 100m service blitzed my brain out. I mean, sure we can toss around big numbers like its nothing, but that's actually some significant engineering challenges.
[15:24:39] *** lskdjf has left the room
[15:24:39] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[15:24:55] <Kev> arc: It undoubtedly is.
[15:25:20] <arc> at that rate you need dedicated S2S routers. and questions like where are the heartbeats routing to
[15:25:22] <Ge0rG> I could also imagine that a 100m IoT deployment has different requirements than a public chat service
[15:25:33] *** Valerian shows as "away" and his status message is "Away"
[15:25:33] *** Valerian shows as "online"
[15:26:08] *** dwd shows as "online"
[15:26:15] <Ge0rG> (and also probably different sysop challenges, where having a resource string as a debug tag is less useful)
[15:27:30] <arc> absolutely. from the EXI side those stanzas are extremely small. as long as the 12 bytes of data are encoded in int or float attributes within their custom schema, the whole stanza could be around 16 bytes. and since the devices will be communicating with a finite number of other devices, mostly on the same LAN..
[15:27:56] *** MattJ shows as "away"
[15:28:11] *** MattJ shows as "online"
[15:28:32] <arc> my recommendation was embed their XMPP server in their 802.15.4 to wifi gateway module, to keep a majority of the traffic local and reduce their service end traffic as a first point. which i think is what they're doing
[15:28:34] <MattJ> Ge0rG, client-provided debug tags aren't guaranteed to be unique, I'm really unconvinced by your argument
[15:29:31] <SamWhited> I've also come to the conclusion that agreeing to compromise on that basis was a mistake… if you were using the resource part as a debug tag you were using a quick hack; if that's a thing we want, we need a real solution, we don't need to make a part of the JID more complicated just so someone can see sometihng in existing logs.
[15:30:01] <SamWhited> Adding stuff to the JID that isn't related to routing is changing the purpose of JIDs, and that feels like a bad idea.
[15:31:15] <Ge0rG> MattJ: a properly implemented client can provide sufficient uniqueness.
[15:31:36] <MattJ> Ge0rG, you're not a server developer, clearly :)
[15:31:54] <SamWhited> As a general rule of thumb I don't think we should ever have to rely on a "properly implemented" client.
[15:31:58] <MattJ> Indeed
[15:31:58] <arc> SamWhited: from the EXI side it doesn't matter. the entire JID is one string in the string table. i think having a human readable (aka designed for the UI) resource after the # makes some sense. though, that could also be done through pep
[15:32:12] <Ge0rG> MattJ: but I know a little bit about client development
[15:32:20] <jonasw> at this point I tend to agree with SamWhited. for debugging, there really should be something else, like an additional optional stream header which can be used for debugging, or a stream feature to attach a debug identifier to a stream or use <identity/> as soon as it’s available.
[15:32:39] <MattJ> Ge0rG, it's a nice idea, for you, with your client. But in the real world, on a real server, we can't depend on every client being Yaxim
[15:32:50] <arc> wouldn't this make sense to attach to PEP?
[15:32:55] <MattJ> I totally get why you want a debug tag, and let's do that. But I think it's separate to the resource
[15:33:01] <SamWhited> Or just some form of fingerprint the server constructs (so that the client doesn't have to do anythihng), eg. maybe it queries the client for its disco#info, and then hashes that along with the JID and any other info it can get and uses that to track sessions
[15:33:05] <MattJ> arc, no, because PEP is per user, not per client
[15:33:25] *** Holger shows as "online" and his status message is "I'm available"
[15:33:38] <arc> MattJ: couldn't the PEP .. sorry still early .. list a resource to human readable lookup?
[15:33:40] <jonasw> SamWhited: for a single session, a server can just roll a random number.
[15:33:44] <Ge0rG> MattJ: let me rephrase your suggestion: let's create a nice perfect future debug tag sometime in the remote future, and remove the existing and working debug tag right now.
[15:33:44] *** Zash shows as "online"
[15:33:56] <SamWhited> jonasw: ah, yah, I guess this is about tracking clients, not sessions. oops.
[15:34:18] <SamWhited> The existing and working debug tag that breaks more critical parts of the system and makes everything more complicated.
[15:34:27] *** sezuan has left the room
[15:34:27] *** sezuan has left the room
[15:34:37] <jonasw> for clients use <identity/> as soon as its available and log it to associate the identity with the session nonce in the logs.
[15:34:46] <jonasw> identity + bare jid probably
[15:34:47] <SamWhited> And requires that clients do a specific thing which they may or may not actually do.
[15:34:47] <MattJ> Ge0rG, given that you're currently the only person I've seen suggesting that the resource string can and should be used this way, I don't think we're anywhere near your ideal being reality either
[15:35:23] *** sezuan has joined the room
[15:35:40] <MattJ> i.e. other clients don't use the resource this way, you do. You'll update to use the debug tag, they won't
[15:35:49] <SamWhited> I remember at summit people complained that identity couldn't be used for this, but I don't remember why? What jonasw suggested sounds sensible, and works today.
[15:35:58] <jonasw> I see that the resource is *currently* a nice way to track a client in debug logs; but BIND 2.0 won’t be there tomorrow. There’s plenty of time for server devs to adapt. This could easily be part of the UX considerations for sysops in BIND 2.0
[15:36:06] <jonasw> (s/BIND/Bind/?)
[15:36:31] *** Kev shows as "away"
[15:36:43] <MattJ> I'd be fine (and glad) to include some kind of unique client identifier in bind2
[15:36:44] <Ge0rG> MattJ: I don't know how many sysops of public servers are active in this MUC
[15:36:49] <jonasw> or even include a "debug identifier" in Bind 2.0 which is never ever exposed to anything but server logs. although I think a stream header would be nicer because it allows tracking even before authentication succeeded.
[15:37:03] <jonasw> ha, MattJ beat me to it
[15:37:05] <MattJ> and with bind1 clients, use their provided resource as a cookie, and then use something else for the actual resource
[15:37:05] *** sezuan shows as "online"
[15:37:24] <Zash> What is it with you and writing lots of text while I'm out on a walk?
[15:37:26] <MattJ> (sorry, cookie == debug tag in my mind)
[15:37:33] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:37:39] <jonasw> MattJ: makes sense
[15:37:45] *SamWhited nods
[15:37:49] <jonasw> sounds like a very useful way forward
[15:37:49] <MattJ> Zash, you should take your phone, to make sure you never miss a message!
[15:38:09] <Zash> I did, for photos of all the snsow
[15:38:13] <Zash> I did, for photos of all the snow
[15:38:16] <Ge0rG> MattJ: I want to be able to easily grep my logs for certain things, and to get all traffic exchanged with a given client instance (including re-auth and 0198 resumption)
[15:38:23] <jonasw> (this discussion also pins me to a chair in a waiting room where I wanted to leave 20 minutes ago, but whatever)
[15:38:28] <arc> phone? he should have always wear Glass so this room is constantly flowing above his eyeball
[15:38:33] *** ralphm shows as "online"
[15:38:42] <Ge0rG> MattJ: or to get all traffic exchanged with a certain client software.
[15:38:54] <Tobias> Zash, how much ❄?
[15:38:54] <jonasw> Ge0rG: I think you actually want structured logs
[15:39:17] <MattJ> I want to submit pull requests to all other clients to change their default resource string to "yaximXYZ"
[15:39:18] <jonasw> cramming all those criteria in a single string isn’t doing any good
[15:39:19] <Zash> My position on resource selection is that the rules in xmpp-core are fine and don't need changing.
[15:39:54] <Zash> I agree with SamWhited that something else ought to be used for this kind of tracking and debugging.
[15:40:03] *** mhterres shows as "away" and his status message is "I'm not here right now"
[15:40:03] *** mhterres shows as "away" and his status message is "I'm not here right now"
[15:40:09] *** mhterres shows as "away" and his status message is "I'm not here right now"
[15:40:09] *** mhterres shows as "online"
[15:40:13] *** jonasw shows as "online"
[15:40:30] <Zash> Ge0rG: Would it satisfy you if we returned the log tag in the handshake somehow?
[15:40:33] <Ge0rG> Zash: the rules in xmpp-core are sufficient indeed. As long as the server doesn't override what the client sends ;)
[15:41:05] <arc> the more i think about it, the less i think about this as an issue of debugging, but more of the use case where you want your contacts to be able to specifically reach you on your laptop vs phone vs whatever
[15:41:23] <arc> that was brought up at the summit, i dont remember by who
[15:41:24] <SamWhited> The rules in xmpp-core would be fine, except that if you let clients "set" a thing, they're going to stop reading the RFC at that point and assume that's the JID they get. In my mind the rules should be "the server sets the resource part, it's opaque to clients, and the clients get no say in it"
[15:41:24] <Zash> arc: That is doable via disco#info
[15:41:34] <jonasw> Ge0rG: what about the following:
1. bind 2.0 allows for a "debug tag"
2. servers are strongly encouraged (via UX considerations in the bind 2.0 xep) to include that debug tag to every log message related to that client
?
[15:42:01] <Zash> SamWhited: The client gets to make a suggestion, but the server decides. Similar to how extensions and stuff work in TLS.
[15:42:03] <SamWhited> Because it's for *routing* which is strictly a server concern.
[15:42:31] <SamWhited> Zash: Yah, I wouldn't mind that, except it seems to be a source of bugs because clients don't actually pay attention to the servers decision
[15:42:43] <SamWhited> Or at least, that's what it sounded like at summit.
[15:42:48] <arc> SamWhited: most client authors AFAICT don't write to the rfc, they use it as a rough guide and really write to a server
[15:42:51] <Ge0rG> SamWhited: there is still no consensus on whether that _routing_ info should be persistent for a given client instance or not.
[15:43:11] <Zash> arc: And that's how we get "but it works in Internet Explorer".
[15:43:12] <SamWhited> Ge0rG: Sure, but that's orthogonal (and probably up to the server / service)
[15:43:21] <SamWhited> arc: Indeed :(
[15:43:37] <Ge0rG> SamWhited: actually it's related, because the client is the only one that knows its identity on a reconnect
[15:43:39] <jonasw> there should be a way to pain to those who do that, arc
[15:44:16] <Zash> Ge0rG: Have you thought about my suggestion of including a namespaced attribute on the stream header? That's greppable in logs, which gives you the sessions log tag, which you can then grep for.
[15:44:34] <arc> jonasw: a network testing script which tests a client or service for compliance
[15:44:41] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[15:44:54] <arc> starting with "fun" things like sending <stream:stream version="2.0">
[15:45:09] <Zash> Are there any security issues with using the stream ID as tag in logging?
[15:45:10] <SamWhited> Ge0rG: Ah, yah, fair enough, I guess you can't really separate that from the clients control.
[15:45:28] <arc> and using custom prefixes.
[15:45:35] <Ge0rG> Zash: I want to reduce the number of IDs, not increase it.
[15:46:17] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:46:26] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:46:36] <arc> just basically go through the RFC for every MUST and SHOULD, write a test for that case, and MUSTs show up as red, while SHOULD appears in yellow - any client failing to (eg) accept a different resource than requested by the server would show up this way
[15:46:55] <arc> and if you provide it, and its something client authors can find, they will almost certainly use it.
[15:46:55] <Ge0rG> Sorry, I'm in a meeting currently, and I'm heavily sleep-deprived. Can't focus on the discussion here.
[15:47:02] *** Flow shows as "online"
[15:47:16] <Zash> arc: FWIW I don't think the client needs to know its own resource in that many cases.
[15:47:59] <arc> sure but can you think of a case where a client not understanding its resource correctly would cause a fault that you could test for on the server side?
[15:48:42] *** dwd shows as "online"
[15:49:17] <Zash> Strip out the 'to' attribute on everything you send, see how the client reacts.
[15:49:42] <jonasw> as a client, I don’t care about the to a server sends me
[15:49:56] <arc> yea isnt it legal to do that?
[15:50:27] <Zash> No 'to' attribute is supposed to be semantically equivalent to to=full JID
[15:50:36] <arc> i mean i guess you could test an iq ping addressed to nobody, to the client by a random resource, to the client's requested resource, and to the client's given resource
[15:50:43] <Zash> Or the bare JID in the other direction
[15:52:23] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:52:34] <arc> replying to a ping that's misaddressed should at least be a warning, tho in that case it'd often be hard to say whether it was understanding its resource correctly or not
[15:52:35] *** ralphm shows as "online"
[15:52:53] <arc> but if it only replied to its requested resource but not its given resource..
[15:52:58] <Zash> Isn't that an error on the servers part?
[15:53:08] *** jonasw has left the room
[15:53:23] <arc> Zash: test servers must send bad data. thats the point.
[15:53:54] *** vurpo has left the room
[15:53:55] *** vurpo has joined the room
[15:53:57] <Zash> There's been a bunch of security issues related to not validating the 'from' on certain stanzas, like roster requests and such.
[15:54:12] *** jonasw shows as "online"
[15:54:15] *** jonasw shows as "online"
[15:54:32] <arc> the point of a test suite isnt to test whether a client behaves correctly with typical data to a properly functioning xmpp server. the point is to test whether it behaves according to the RFC, so in many cases the client would - i assume - need to close the connection and reconnect.
[15:54:37] <jonasw> yeah, but from is not to
[15:55:02] <arc> or send an <iq type='error'> or etc
[15:55:34] *** Alex has joined the room
[15:56:04] <arc> i mean i above proposed one of the first tests would be <stream:stream version='2.0'> to check that the client is actually parsing the stream version according to the RFC. it should reject the connection, right there
[15:58:13] <Zash> arc: https://modules.prosody.im/mod_conformance_restricted.html may be of interest to you
[15:59:23] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:00:40] *** jonasw shows as "online"
[16:00:48] <arc> Zash: i'll look at it
[16:00:57] <arc> but does it send intentionally bad data to test?
[16:01:19] <arc> I have a utf8 test suite I'd *love* to see how both clients and servers respond to
[16:01:24] <Zash> Yes, sends XML things forbidden by the RFC
[16:01:24] <jonasw> sending PIs is bad data i guess :-)
[16:02:00] *** jonasw shows as "online"
[16:02:03] *** jonasw shows as "online"
[16:02:03] *** Martin shows as "away" and his status message is "Away"
[16:02:21] <jonasw> damn i need tobunload csi
[16:02:36] <jonasw> *to unload
[16:02:38] *** jonasw has left the room
[16:02:56] *** narcode shows as "away"
[16:02:57] <arc> Zash: have you tested for UTF-8? what happens when NULL is in the middle of a stanza, say in the <message><body>? or ending a <message><body> with a chr(148) followed by </body>
[16:03:00] <Zash> arc: Have we had the conversation about IDNA versions and PRECIS and how the only reasonable thing to do is crawl down under ones desk and cry?
[16:03:21] <arc> Zash: no but it sounds like a conversation id love to have ;-)
[16:03:42] <SamWhited> Heh, this is true.
[16:04:02] <Ge0rG> arc: yay! please tell me if Unicode Robot Face (🤖 U+1F916) is a legal resource character
[16:04:04] <SamWhited> and Unicode, and UTF-8, and natural languages
[16:04:30] <arc> Ge0rG: I don't know but i'd love to find out!
[16:04:41] <SamWhited> I'm almost certain it is; I can go check if you really want.
[16:05:02] <arc> i discovered that GNU Screen has some deep UTF8 issues, as does Synergy
[16:05:04] *** vurpo has left the room
[16:05:08] *** vurpo has joined the room
[16:05:15] <arc> I started digging in and found lower level libraries were at fault
[16:05:39] <arc> GNU Screen only handles 1 and 2 byte unicode
[16:05:51] <arc> internally it was using UCS2
[16:06:10] *** xnyhps has left the room
[16:06:15] *** xnyhps shows as "online"
[16:06:38] <Zash> Like how MySQL has something called "utf8" which only supports up to 3 byte UTF-8 sequences?
[16:08:03] <arc> heh
[16:08:04] <SamWhited> Yup, it's valid
[16:08:24] <arc> i think SamWhited cheated
[16:08:34] <Zash> arc: GNU libidn and IBM ICU behave differently when given Unicode outside of Unicode 3.something or whatever was state of the art at the time. One accepts. One rejects. Much fun.
[16:08:45] <SamWhited> https://gist.github.com/SamWhited/cc6fd0a9c0a1559c71f828f6b6c8b729#file-validjid-go
[16:09:04] <SamWhited> That JID implementation is using a very well tested PRECIS implementation that's built with Unicode 9
[16:09:21] <arc> Mr Miller *IS* in the DC area, we're setting up a time for coffee
[16:09:23] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:10:13] <MattJ> ^5
[16:11:15] *** mimi89999 has joined the room
[16:12:03] *** Martin shows as "away" and his status message is "Away"
[16:13:20] *** Homer J has joined the room
[16:13:20] *** Homer J shows as "online"
[16:14:15] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[16:16:45] *** Homer J has left the room
[16:20:17] *** Homer J has joined the room
[16:20:18] *** Homer J shows as "online"
[16:20:19] *** Homer J has left the room
[16:21:23] *** ralphm shows as "online"
[16:21:33] *** Homer J has joined the room
[16:21:33] *** Homer J shows as "online"
[16:21:37] *** Homer J has left the room
[16:22:59] <Ge0rG> Now I wish I could have Robot Face as a sRVname SAN in a LE cert
[16:24:50] *** bjc has joined the room
[16:26:28] <Zash> Ge0rG: Nice things, they are unobtainable.
[16:27:21] <Ge0rG> Zash: like Unobtainium?
[16:27:32] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[16:27:43] *** Holger shows as "online" and his status message is "I'm available"
[16:28:21] <SamWhited> Oh no, Unobtanium is much more attainable than nice things.
[16:28:30] <Ge0rG> Bummer.
[16:28:43] <Ge0rG> BTW, why is the Board Meeting over now?
[16:29:01] <Zash> It was the board meeting to end all board meetings
[16:29:14] *** jubalh has left the room
[16:30:08] <Ge0rG> Zash: I think it only ended three of them.
[16:33:18] *** lskdjf has joined the room
[16:33:31] *** lskdjf has left the room
[16:33:38] *** lskdjf has joined the room
[16:36:30] *** lskdjf has left the room
[16:36:53] *** Tobias shows as "away"
[16:36:57] *** lskdjf has joined the room
[16:37:00] *** Tobias shows as "online"
[16:39:45] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:42:24] *** moparisthebest shows as "online"
[16:45:40] *** jubalh has joined the room
[16:47:00] *** Zash shows as "away"
[16:47:49] *** bjc shows as "away" and his status message is "Away"
[16:48:25] *** Zash shows as "online"
[16:49:01] *** Tobias shows as "online"
[16:49:45] *** sonny shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:50:46] <arc> lol
[16:50:56] *** nicolas.verite has joined the room
[16:51:03] *** nicolas.verite has left the room
[16:51:40] <arc> so today's joy on the FLOSS Foundations mailing list is the announcement of the new Open Fashion Foundation, quote, "to disrupt fashion industry with lessons learned from computing industry."
[16:51:45] *** lskdjf has left the room
[16:52:19] <Zash> Aaaawhat who let this override browser shortcuts?!
[16:52:19] <SamWhited> So they're going to spend all their time adding new features to cloths and ignoring the fact that the cloths are unraveling and falling off?
[16:52:38] *Zash throws things at LE's discuss thing
[16:52:51] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[16:52:56] <arc> SamWhited: lol
[16:54:00] <arc> this is one I won't even be synical about. Its just a pure bundle of joy that someone out there has made FOSS licensed fashion a personal mission in their life
[16:54:22] <SamWhited> ahem, yes, sorry about that. I mean, "good for them" :)
[16:54:54] <arc> can you imagine a fashion show hosted by this organization?
[16:55:58] <Zash> The latest in beard and ribs fashion?
[16:57:19] <arc> "This piece by Manuel Debrough, available under the Apache 2.0 license from github..."
[16:57:55] *** xnyhps has left the room
[16:57:59] *** xnyhps shows as "online"
[16:58:02] <arc> Zash: oh no, dollars to donuts I'm willing to bet a fabulous gay man is behind this.
[16:58:29] <SamWhited> heh, I have a bit of a guilty pleasure in that I really enjoy fashion stuff (even though I know nothing about it, which is probably obvious if you've ever seen the way I dress), so that actually sounds pretty nifty
[16:58:41] *** Mancho shows as "online"
[16:58:41] <SamWhited> But I do enjoy seeing the things people come up with
[16:58:56] <arc> actually I can see them trying to QueerEye geek's tshirt and jeans
[16:59:13] <SamWhited> aww yeah, I'm gonna be fashionable for once
[17:00:03] *** Tobias shows as "away"
[17:00:06] <arc> the rugby club I started 4 years ago in DC just raised over $2500 in one night hosting a drag show.
[17:00:08] *** Steve Kille shows as "away" and his status message is "Hampton"
[17:01:18] <arc> https://goo.gl/photos/XEKE5peqYG2b4gfb7
[17:01:50] *** Steve Kille shows as "online" and his status message is "Hampton"
[17:02:35] *** Valerian has left the room
[17:03:37] <arc> when I mentioned this on IRC, one of my friends with the Gnome foundation immediately said they needed to run a drag show, and had people volunteering. The thought of that alone is priceless.
[17:04:06] *** Tobias shows as "online"
[17:04:11] <arc> so yea I can see a geek fashion show, especially in san francisco
[17:04:32] <arc> they could raise thousands for charity too
[17:05:42] <dwd> I can see "designer-stained t-shirts" and "artful crumpling" becoming a thing.
[17:06:27] <SamWhited> Hah, indeed. I'm going to start a new line: "morning coffee spill"
[17:06:41] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[17:06:56] *** suzyo has left the room
[17:07:09] *** suzyo has joined the room
[17:07:37] <dwd> "Bob wears jeans (model's own) and a t-shirt (free from some conference)"
[17:07:58] <arc> dwd: have you ever watched queer eye?
[17:08:05] *** nicolas.verite has joined the room
[17:08:12] *** nicolas.verite has left the room
[17:10:39] <dwd> arc, Can't say I have.
[17:11:02] <moparisthebest> gah I hate that, I have jeans with holes worn in them by myself by working before that was in fashion, and now I don't want to wear them for fear of people thinking I'm trying to be fashionable...
[17:11:54] <arc> https://www.youtube.com/watch?v=g5dZ4QG7dW0 most of the men they makeover are shaggy geeks. they turn them metro. in almost every case the man starts with tshirt and jeans, and they end up posh with a new haircut, product, etc - also with their house/office made over.
[17:11:57] <SamWhited> hipster moparisthebest was into jeans and t-shirt's before they got all popular
[17:12:15] <moparisthebest> :(
[17:12:22] <dwd> moparisthebest, You're way older than I thought, then. I recall holes in jeans being fashionable, and that was when my mum bought me clothes.
[17:12:49] *** xnyhps has left the room
[17:12:54] <moparisthebest> I seriously still wear the same jeans and t-shirts I wore when I was 18 and stuff, my wife tries to throw them away all the time lol
[17:13:01] <dwd> arc, See, I don't need that. I *can* dress up. I just usually *don't*.
[17:13:11] <moparisthebest> dwd, oh maybe it went out of style and back in, or I just didn't know about it, I'm 31 :P
[17:13:15] *** xnyhps shows as "online"
[17:13:15] <arc> https://youtu.be/g5dZ4QG7dW0?t=11m25s is where they bring this one guy to buy fashonable denim to replace his "jeans"
[17:13:20] *** Tobias shows as "away"
[17:14:38] <arc> dwd: nor I. but its a great visual
[17:14:42] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[17:15:26] <arc> this is more like my husband and I: https://www.youtube.com/watch?v=kbf_nFtA8YQ
[17:16:05] <dwd> moparisthebest, Yeah, I'll be 43 soon, and I suspect my mother was telling me ripped jeans should just be replaced at about the time you were born, then...
[17:16:07] *** ilmaisin shows as "online"
[17:19:31] *** intosi shows as "online"
[17:19:31] *** Tobias shows as "away"
[17:19:38] <arc> its funny, i have a tshirt and jeans policy - and have gotten a lot more traction with it than otherwise.
[17:19:45] *** vurpo has left the room
[17:19:47] *** vurpo has joined the room
[17:20:00] <arc> also the beard. the bigger the beard, the more they think you know. John "Maddog" Hall taught me that trick
[17:21:10] *** intosi shows as "online"
[17:22:19] *** Valerian has joined the room
[17:22:46] *** Steve Kille shows as "away" and his status message is "Hampton"
[17:24:01] *** ilmaisin shows as "away"
[17:24:33] *** Tobias shows as "online"
[17:26:27] *** Tobias shows as "online"
[17:28:01] *** jubalh has left the room
[17:28:33] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:30:46] *** mhterres has left the room
[17:31:12] *** Steve Kille shows as "online" and his status message is "Hampton"
[17:34:32] *** intosi shows as "online"
[17:34:35] *** Valerian has left the room
[17:34:35] *** intosi shows as "away" and his status message is "Away"
[17:34:57] *** Tobias shows as "away"
[17:36:19] *** Yagiza has left the room
[17:36:38] *** intosi shows as "away" and his status message is "Away"
[17:36:38] *** intosi has left the room
[17:37:12] *** arc shows as "away" and his status message is "I'm not here right now"
[17:37:12] *** arc shows as "away" and his status message is "I'm not here right now"
[17:38:32] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[17:38:42] *** bjc shows as "away" and his status message is "Away"
[17:38:45] *** kalkin has left the room
[17:39:26] *** kalkin shows as "online"
[17:40:50] *** intosi has joined the room
[17:41:35] *** Guus has left the room
[17:42:22] *** Guus shows as "online"
[17:42:45] *** jonasw shows as "online"
[17:46:03] *** kaboom has left the room
[17:46:26] *** uc has left the room
[17:46:46] <jonasw> that’s some unexpected backlog
[17:48:22] <Ge0rG> so much text, so laggy connection.
[17:48:48] <jonasw> Ge0rG: barely worth it if you’re not into fashion. most likely not worth it on your 30% loss link there.
[17:49:02] *** winfried shows as "away" and his status message is "Occupied by my other life, might take a while"
[17:49:34] <Ge0rG> the link already feels like 20%. Looks like it's improving. I even have sub-second latency.
[17:49:40] *** Steve Kille shows as "online" and his status message is "Hampton"
[17:49:41] *** Steve Kille shows as "online" and his status message is "Hampton"
[17:50:25] *** bjc shows as "away" and his status message is "Away"
[17:51:31] *** intosi shows as "away" and his status message is "Away"
[17:51:31] *** intosi has left the room
[17:51:34] <Ge0rG> Maybe I should fire up Gajim to see how it behaves with MSN and high-latency links.
[17:51:57] *** jubalh has joined the room
[17:52:17] *** winfried has left the room
[17:52:20] *** winfried shows as "online"
[17:52:43] *** ralphm shows as "online"
[17:54:52] *** bjc shows as "away" and his status message is "Away"
[17:55:21] *** Guus has left the room
[17:55:23] *** nicolas.verite has joined the room
[17:55:26] *** mimi89999 has joined the room
[17:56:28] *** Guus shows as "online"
[17:59:29] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:59:46] *** vurpo has left the room
[18:00:35] *** vurpo has joined the room
[18:04:19] *** jere has joined the room
[18:05:26] *** Steve Kille has left the room
[18:06:13] *** Steve Kille has left the room
[18:06:59] *** vurpo has left the room
[18:08:01] *** vurpo has joined the room
[18:09:29] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[18:10:56] *** Ge0rG has left the room
[18:10:58] *** Ge0rG shows as "online"
[18:14:13] *** Steve Kille has joined the room
[18:14:14] *** Steve Kille shows as "online" and his status message is "Hampton"
[18:14:20] *** Steve Kille shows as "online" and his status message is "At Home"
[18:14:37] *** peter has joined the room
[18:15:25] *** bjc shows as "away" and his status message is "Away"
[18:15:33] *** Steve Kille shows as "online" and his status message is "At Home"
[18:15:34] *** Steve Kille shows as "online" and his status message is "At Home"
[18:17:27] *** ralphm shows as "online"
[18:22:22] *** vurpo has left the room
[18:22:31] *** vurpo has joined the room
[18:23:15] *** Ge0rG has left the room
[18:23:16] *** Ge0rG shows as "online"
[18:23:47] *** bjc shows as "away" and his status message is "Away"
[18:25:56] *** dwd shows as "online"
[18:26:30] *** arc shows as "away" and his status message is "I'm not here right now"
[18:26:30] *** arc shows as "online"
[18:27:17] <arc> heh
[18:27:24] *** intosi has joined the room
[18:27:34] <arc> If I have the joy of reading about Open Fashion Foundation today so should all of you ;-)
[18:29:38] *** uc has joined the room
[18:30:23] <jonasw> is there a section in a usual XEP where I can put notes on alternative variants I considered but eventually decided against? much like PEPs have, for example here: <https://www.python.org/dev/peps/pep-0448/#variations>?
otherwise I might add a Design Considerations section…
[18:30:52] *** Steve Kille has left the room
[18:31:27] <Ge0rG> jonasw: +1 for Design Considerations
[18:31:32] <moparisthebest> that sounds right to me
[18:32:22] <Zash> # requirements
it needs to do the thing
# discussion
we could do something, but that has these problems
we colud do something else, which seems pretty good, so the rest of the spec is about this
[18:32:31] <Ge0rG> I think that every XEP should contain its rationale.
[18:32:35] <Zash> +1
[18:32:38] <jonasw> yESSSSss
[18:33:34] <jonasw> Zash: hm, PEPs do it differently: requirements, then spec, then other variants. I actually like that, because when I implement something, I don’t need to read the other variants. If I want to know why the other variants were rejected, I can skip to that section. thoughts?
[18:34:22] <Zash> No it should start with the schema! :)
[18:34:44] <jonasw> ah, I wish one could rely on schemas in XEPs.
[18:34:59] <moparisthebest> my ideal documentation would just start with already written code :)
[18:35:09] <jonasw> moparisthebest: no.
[18:35:10] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:35:17] <moparisthebest> in the language I'm using
[18:35:25] <moparisthebest> and it has to magically know that beforehand
[18:35:31] <moparisthebest> yea I'm joking sorry :)
[18:35:36] <jonasw> :-)
[18:35:45] <moparisthebest> I agree with you about that PEP order jonasw
[18:35:54] <Zash> Language Specification: What the code does is correct. EOF
[18:36:09] <moparisthebest> right :)
[18:36:10] <jonasw> :D
[18:36:29] <moparisthebest> if you think you found a bug you are mistaken, it's actually a feature
[18:36:41] <jonasw> #php
[18:37:18] <moparisthebest> and it's apparantly worked for xep115 for 10 years right?
[18:37:32] <Zash> Is fine, don't worry
[18:37:47] *** kaboom has joined the room
[18:38:04] <moparisthebest> ... why did I automatically read what Zash just said with a russian accent?
[18:38:31] <jonasw> https://www.youtube.com/watch?v=rp8hvyjZWHs (Trust me, i’m an engineer !)
[18:38:33] *** narcode shows as "online"
[18:40:04] *** efrit has joined the room
[18:40:51] *** kaboom has left the room
[18:40:52] *** kaboom has joined the room
[18:41:03] <Ge0rG> Hm. I need to youtube-dl that so I can watch it. ETA: 12:51
[18:41:09] *** bjc shows as "away" and his status message is "Away"
[18:41:13] *** bjc shows as "away" and his status message is "Away"
[18:41:33] <jonasw> don’t.
[18:41:39] <moparisthebest> some of those things are actually awesome
[18:41:46] <moparisthebest> the backhoe rowing the boat for example
[18:42:59] <Ge0rG> jonasw: alternatively, you could stream it to the MUC with libcaca and LMC.
[18:43:15] <jonasw> Ge0rG: my client cannot into LMC
[18:43:53] <Ge0rG> I'm sure mathieui would be glad to provide a video streaming plugin for poezio :D
[18:44:51] <jonasw> Tobias: you mentioned earlier that a server could cache xep115 responses for those specific disco#info nodes.
[18:44:56] *** MattJ shows as "away"
[18:44:58] <jonasw> I wonder whether that’s a great idea after all.
[18:45:10] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[18:45:18] <jonasw> I was wondering whether it has any privacy implications for a client.
[18:45:29] <jonasw> (on behalf of whom the server is answering)
[18:46:09] <Zash> jonasw: You may be able to guess that the server has seen a disco#info before through timing
[18:46:33] *** kalkin has left the room
[18:46:40] <jonasw> Zash: well, yes, but lets assume that a server has seen that disco isn’t revealing anything, for example because all servers use the capsdb.
[18:47:00] *** Tobias shows as "online"
[18:47:02] *** Tobias shows as "online"
[18:47:57] *** MattJ shows as "online"
[18:47:59] <jonasw> I wonder whether it would be okay for a server to reply on behalf of a client if the client is not actually online. While that would prevent any unintended presence leaks if the server answers for a resource which would by itself not have answered to that specific asker, it has the downside that stuff may be confused if a server answers a request for a resource which isn’t even online.
[18:48:50] <Tobias> jonasw, as long as you have not an extremely user specific client feature set, that shouldn't be a an issue
[18:49:01] *** kalkin shows as "online"
[18:49:27] <SamWhited> I don't think it's a problem because it's generally up to the server to enforce permissions / decide who can query what anyways, not the client.
[18:49:35] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:49:44] <SamWhited> So your server SHOULD be taking precautions to prevent presence from leaking anyhow
[18:49:50] <SamWhited> (or whatever is being queried)
[18:51:09] *** vurpo has left the room
[18:51:14] *** vurpo has joined the room
[18:51:15] *** bjc shows as "away" and his status message is "Away"
[18:51:16] *** bjc shows as "away" and his status message is "Away"
[18:51:41] *** Steve Kille shows as "away" and his status message is "At Home"
[18:52:07] *** ralphm shows as "online"
[18:52:11] *** sonny shows as "online"
[18:52:22] *** nicolas.verite has left the room
[18:53:44] *** intosi shows as "away" and his status message is "Away"
[18:54:26] *** intosi shows as "away" and his status message is "Away"
[18:54:26] *** intosi has left the room
[18:56:30] *** vurpo has left the room
[18:56:35] *** vurpo has joined the room
[18:57:13] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:58:48] *** vurpo has left the room
[18:58:53] *** vurpo has joined the room
[18:59:47] *** vurpo has left the room
[19:01:06] *** vurpo has joined the room
[19:01:19] *** bjc shows as "away" and his status message is "Away"
[19:01:22] *** bjc shows as "away" and his status message is "Away"
[19:01:35] *** kaboom has left the room
[19:01:56] *** kaboom has joined the room
[19:02:10] *** jere has left the room
[19:02:33] *** jere has joined the room
[19:02:52] *** vurpo has left the room
[19:02:57] *** vurpo has joined the room
[19:03:18] *** kaboom has left the room
[19:03:35] *** kaboom has joined the room
[19:04:00] *** Holger shows as "online" and his status message is "I'm available"
[19:04:11] *** vurpo has left the room
[19:04:16] *** vurpo has joined the room
[19:05:01] *** Lance has joined the room
[19:05:03] *** Lance shows as "online"
[19:05:48] *** vurpo has left the room
[19:06:10] *** vurpo has joined the room
[19:06:36] *** vurpo has left the room
[19:06:41] *** vurpo has joined the room
[19:07:13] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[19:08:01] *** Steve Kille shows as "online" and his status message is "At Home"
[19:08:25] <jonasw> what are the criteria for an xsd to appear here? <https://xmpp.org/schemas/>
[19:08:34] <Ge0rG> NoooOooOOOooo!
[download] 87.6% of 3.35MiB at 45.18KiB/s ETA 00:09ERROR: unable to download video data: [Errno 104] Connection reset by peer
[19:08:41] <jonasw> Ge0rG: youtube-dl can resume :)
[19:08:45] <MattJ> Ge0rG, it supports resum...
[19:08:47] <MattJ> :)
[19:09:02] <MattJ> I should know. Are you using my wifi by any chance? :)
[19:09:19] <Zash> MattJ: You have wifi?!
[19:09:40] <MattJ> Too many complaints from "smart"phone users in the house to resist any longer
[19:09:50] <Ge0rG> MattJ: free WiFi on a rowded train, moving at 200km/h
[19:09:58] <Ge0rG> MattJ: free WiFi on a crowded train, moving at 200km/h
[19:13:12] <moparisthebest> kind of amazing that works at all
[19:14:54] *** bjc has left the room
[19:15:08] *** SouL has joined the room
[19:15:30] *** Lance shows as "away"
[19:17:51] *** daniel has left the room
[19:18:02] *** daniel has joined the room
[19:18:08] *** kalkin has left the room
[19:19:07] *** kalkin shows as "online"
[19:19:08] *** kalkin shows as "online"
[19:19:13] *** kaboom has left the room
[19:19:38] *** peter shows as "away" and his status message is "Auto Status (idle)"
[19:19:54] *** kaboom has joined the room
[19:22:43] <arc> jonasw: https://youtu.be/rp8hvyjZWHs?t=2m37s has got to be the best hack I've seen in a long time
[19:23:08] *** dwd shows as "online"
[19:23:31] <jonasw> :D
[19:23:39] *** Steve Kille shows as "away" and his status message is "At Home"
[19:24:17] <moparisthebest> arc, the rowing backhoe? yea that impressed me the most
[19:24:35] <arc> yea..
[19:24:39] *** peter shows as "online"
[19:25:01] <moparisthebest> there is no arguing with that one, boat motor breaks, have a backhoe on board, it's ingenious
[19:25:52] <arc> i thought my use of a toilet fill valve in a bucket for plant watering was good
[19:25:53] <Zash> I don't usually have a backhoe on board
[19:26:04] <arc> this is a whole new level
[19:26:16] <dwd> Zash, So what do you do if your motor breaks?
[19:26:28] *** ThurahT shows as "away"
[19:26:28] *** ThurahT shows as "online"
[19:26:48] <moparisthebest> probably something boring like an oar
[19:27:47] <Zash> I guess I would have to convert it into a putt putt boat
[19:28:37] <Zash> I would also have to get a boat and a motor...
[19:28:51] <arc> what if you had a car onboard and could get it up on jacks
[19:29:26] <moparisthebest> change out the wheels for paddles like an old river boat?
[19:29:28] <dwd> arc, If he doesn't even have a boat he's got worse problems.
[19:30:02] *** Tobias shows as "away"
[19:30:03] *** Tobias shows as "away"
[19:30:19] *** narcode has left the room
[19:31:47] *** narcode has joined the room
[19:32:08] *** Lance shows as "online"
[19:32:31] <SamWhited> arc: Like this (sort of)? https://www.youtube.com/watch?v=dyBl9vf8Td0
[19:32:49] <arc> thats true. Zash how will you hack up a boat to start with?
[19:34:04] <Zash> But why would I have a boat? Not really a water person.
[19:34:52] <Zash> I'd rather have cabin in the woods and some potatoes. Backhoe would come in handy then.
[19:35:14] <arc> Oh, I *really* doubt that you want to have cabin in the woods
[19:35:44] *** ThurahT shows as "away"
[19:35:45] *** ThurahT shows as "away"
[19:36:06] *** Tobias shows as "online"
[19:37:00] <arc> https://www.youtube.com/watch?v=NsIilFNNmkY
[19:37:03] *** ThurahT shows as "away"
[19:37:03] *** ThurahT shows as "online"
[19:37:03] <ThurahT> true, there are nicer things than a portal to a demi-god-demon
[19:39:22] *** daniel has left the room
[19:39:35] *** daniel has joined the room
[19:40:25] <Zash> Can't be worse than the mosquitoes
[19:41:02] <arc> i'll take mosquitos over the horrific monsters they send to kill you
[19:41:17] <arc> and what rises if EVERYONE fails
[19:41:37] <moparisthebest> I think I'd prefer the things I could kill with guns
[19:42:14] <arc> I think the scene of the japanese school children circling around and dispelling the demon is the best
[19:44:21] <arc> https://www.youtube.com/watch?v=IIE8Fq4Zm1E
[19:45:10] <arc> "The spirit of the demon will now live in the happy frog!" ... "How hard is it to kill a group of 9 year olds?"
[19:45:18] *** efrit has joined the room
[19:45:18] <moparisthebest> this has been an odd day in the xsf, went from talking about fashion, to boats rowed by backhoes, to demons in cabins in the woods
[19:45:32] <arc> blame me.
[19:45:37] <moparisthebest> with some xmpp sprinkled in :)
[19:45:59] <arc> yea there's XMPP involved, that's all that matters. That means we can charge lunch to the corporate card right?
[19:46:23] *** Alex has left the room
[19:47:21] *Ge0rG blames arc.
[19:47:24] <arc> after all the work I did I realized this morning that the hash function isnt likely all that useful for embedded systems, and in 95%+ of the cases won't even get included in the binary
[19:47:40] <arc> embedded xmpp is unlikely to include text xml.
[19:47:46] *** xnyhps shows as "away" and his status message is "Away"
[19:47:47] <Ge0rG> It ain't no fun with the lags.
[19:47:50] *** xnyhps shows as "online"
[19:48:32] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[19:48:42] <arc> the hash function is used pretty much, if not entirely exclusively for hashing text strings in order to find a cooresponding match on the string table
[19:49:11] *** ThurahT shows as "away"
[19:49:11] *** ThurahT shows as "away"
[19:49:11] <arc> anyone else have a problem that you dig too deep into a problem that you lose sight of the big picture?
[19:49:28] <SamWhited> oh yes… frequently.
[19:50:11] *** efrit has joined the room
[19:50:31] *** jubalh has left the room
[19:51:32] *** peter has left the room
[19:51:37] <Ge0rG> When I dig too deep into a problem I always encounter sub problems to which there is no documented solution on the Internets, but often many people having the same issue.
[19:51:55] <MattJ> Don't get me started, today has been one of those
[19:51:56] <arc> i hate that.
[19:52:25] <Zash> I still got some glibc in my eye from yesterday.
[19:52:26] <arc> or you dig deep enough that you realize its a problem caused by the language you're using that can't be fixed, just.. worked around
[19:52:31] <MattJ> e.g. the moment when I realised (after putting log statements all over the place) that the testing tool I was using was broken, and connecting to the wrong server
[19:52:37] *** Kev shows as "online"
[19:52:42] <MattJ> (in production)
[19:52:55] <Zash> Why isn't getrandom() in glibc until like the latest bleeding edge version nobody has?
[19:53:02] <MattJ> and the rabbit hole just goes deeper
[19:53:39] <MattJ> and now I'm just looking for some utility that will read lines from stdin and send them somewhere as UDP packets
[19:54:00] <MattJ> and trying to pretend I don't need to write my own
[19:54:09] <Zash> netcat
[19:54:28] <MattJ> netcat failed on the "line" part
[19:54:29] <arc> my first "in office" job had two charming things; 1) a ban on coffee in the office (only green tea, because of management philosophy hogwash), and 2) "Eat Me" cookies in a sealed container in the break room for when you get trapped too deep in a rabbit hole
[19:55:46] *** jubalh has joined the room
[19:56:28] <arc> it took me far too long to realize the reference
[19:56:42] <Zash> hah
[19:57:48] *** Holger shows as "online" and his status message is "I'm available"
[19:58:34] *** goffi has left the room
[19:58:46] <arc> a also found that for every schema i could think of, bitpacked EXI is better, faster, and smaller binary than compressed EXI
[19:59:24] <arc> i didnt expect that.
[19:59:32] <moparisthebest> that's just a type of compression though isn't it?
[19:59:47] <Zash> What's compressed EXI?
[19:59:48] <moparisthebest> like it'd probably be equally susceptible to CRIME / BREACH type attacks?
[19:59:49] <arc> I guess you could call bitpacking a form ofcompression..
[20:00:06] <arc> Zash: so there's 4 modes for EXI; bitpacked, simple byte-aligned, pre-compression, and compression.
[20:00:29] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[20:00:34] <arc> byte-aligned is essentially the same as bitpacked but always padded to byte alignment, obviously
[20:00:34] <Zash> Can you explain them in terms of ASN.1 encoding schemes? :)
[20:00:57] <arc> compression is pre-compression plus DEFLATE
[20:00:57] <Zash> (that was a fun rabbit hole too)
[20:01:30] <moparisthebest> so which ones are secure under encryption? only pre-compression?
[20:01:49] <arc> pre-compression is byte-aligned, but with similar types of data grouped together on the stream. so eg all int values are together, all string values together, etc
[20:02:04] <arc> i wouldn't propose to know the answer to that moparisthebest
[20:02:04] <jonasw> MattJ: socat READLINE: UDP:?
[20:02:34] <moparisthebest> arc, probably should have someone figure it out before starting to use/promote it though?
[20:02:36] <arc> but the idea with pre-compression is that some form of compression will be applied on, eg, the TLS layer
[20:02:39] <MattJ> jonasw, I saw that, but READLINE seems to actually involve the readline library, i.e. it's intended for human input, not piping from another program
[20:02:50] <jonasw> MattJ: and STDIN doesn’t do the trick? :/
[20:02:58] <jonasw> *STDIO
[20:03:10] <moparisthebest> arc, I think most if not all TLS libs removed support for TLS level compression because it's woefully insecure
[20:03:25] <arc> moparisthebest: i can *barely* hold enough of the EXI specification in my head to work on it. i don't have room for encryption on top of it.
[20:03:37] <Ge0rG> New personal record. Sigh: 64 bytes from 141.44.1.1: icmp_seq=9 ttl=53 time=377539 ms
[20:03:40] <MattJ> jonasw, only if they split on lines (which I see no indication of)
[20:03:46] <jonasw> meh
[20:04:02] <moparisthebest> arc, and you shouldn't have to consider it at all as long as you don't do anything that makes it insecure, compression being one of those things
[20:04:03] <Ge0rG> MattJ: I'd write a small loop with scapy.py
[20:04:10] <MattJ> I found a utility, it just needs the correct command-line arguments
[20:04:11] <arc> but i would assume if you consider compression insecure, eg DEFLATE, Brotli, etc, then you would prefer bitpacked over all options
[20:04:13] <MattJ> lua -e'u=require"socket".udp() for line in io.lines() do u:sendto(line, os.getenv"HOST",os.getenv"PORT") end'
[20:04:27] <jonasw> python3 -c 'import socket; s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM); while True: s.write(s.stdin.readline().rstrip("\n"))'?
[20:04:30] <jonasw> heh
[20:04:34] <MattJ> Lua wints ;)
[20:04:39] <MattJ> Lua wins ;)
[20:05:07] <arc> at this point my primary concerns are the size of the embedded image. cutting text-domain XML out reduces the binary size of the library in about half. removing compression library is a pretty big win too.
[20:05:14] <jonasw> moparisthebest: CRIME and BEAST are based on the fact that the packet size changes depending on previously sent content, I doubt that this is the case with bit-packed, from the sound of the name :)
[20:05:19] <jonasw> but I haven’t looked into it, at all
[20:05:29] <arc> wolfssl is pretty small
[20:05:50] <jonasw> soo… now I have that xep-ecaps2.xml here, let’s check out xep-0001.xml on what I need to do next.
[20:05:53] <moparisthebest> arc, well compression is insecure because if an attacker can add the string "ar" to the payload and the size doesn't increase, then add the string "arc" and it still doesn't change, and build up from there, it can figure out what's under the encryption
[20:06:02] <moparisthebest> so if bit packing works in a similar way, it's equally insecure
[20:06:22] <Zash> jonasw: Print it on paper, fold a paper airplane and aim for SamWhited :)
[20:06:31] <moparisthebest> right jonasw I don't know either, just saying it's probably something that should be determined
[20:06:46] <arc> moparisthebest: hmm. no i don't think so. so the only way you could reverse engineer it would be exploiting the string table.
[20:06:52] <moparisthebest> like it'd be another useless thing to work on if it was proven as insecure as compression arc , idk
[20:06:59] <jonasw> moparisthebest: it also probably does not matter much for IoT-thing <-> gatewaything.
[20:07:08] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[20:07:22] <moparisthebest> yea it's pretty obvious security doesn't matter when it comes to IoT haha
[20:07:35] <jonasw> like Ge0rG quoted yesterday: "The S in IoT is for security"
[20:07:47] <SamWhited> It would actually be pretty awesome if XEPs were submitted that way…
[20:08:23] <arc> moparisthebest: ok, so string values are stored in the string table. this refers to whole strings only, but eg a JID you're communicating with would be added to the string table and referenced by id.
[20:08:25] <SamWhited> Please change the font to OCR-A or something first so I can scan it back in though.
[20:08:26] <jonasw> SamWhited: because you would not have to do any work, as paper planes don’t travel several thousand km?
[20:08:43] <SamWhited> jonasw: Says you; that just means you're not building a big enough paper airplane!
[20:08:55] <jonasw> SamWhited: we could also try XMPP over RFC 1149
[20:09:07] <SamWhited> heh, indeed
[20:09:33] <SamWhited> My favorite part is that there are Errata for that one.
[20:09:40] <jonasw> there was an actual implementation
[20:09:50] <moparisthebest> ok arc so the full payload size would increase with the strings you added, say "arc" would increase it 3 bytes, *unless* that FULL string was already in there, then it wouldn't decrease at all? if I understood you correctly
[20:10:15] *** jubalh shows as "online"
[20:10:22] <moparisthebest> that at least would not let you incrementally guess strings like 'a' then 'ar' then 'arc' etc etc
[20:10:32] <arc> moparisthebest: so if you can send a string value containing a 3rd party JID that you want to know if that agent is already communicating with, AND you know the schema being used, then you can determine whether that agent has communicated with that JID already.
[20:10:45] <moparisthebest> like you I don't know enough to say without a doubt that makes BREACH or CRIME not a problem, but it seems better to me...
[20:10:53] <arc> moparisthebest: yes. I do not recall a method for partial or combined strings
[20:10:57] <jonasw> assuming you can observe the network traffic between those entities, which may only be within the local wifi
[20:11:02] <Ge0rG> RFC1149 would be faster than my current link.
[20:11:08] <arc> i'm still loading the spec back into my head. but i remember that as a fault.
[20:11:33] <arc> one of my criticisms of EXI actually is the lack of a "list" type
[20:11:39] <moparisthebest> I'd feel better if someone like xnyhps said they'd reviewed it and it looked good to them :)
[20:12:02] <SamWhited> eeew, I just decided I should actually print EXI and read it… but it goes on forever.
[20:12:37] <arc> this comes up in some XML schemas such as SVG, where paths are made of collections of floats, ints, and characters separated by spaces
[20:13:08] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[20:13:08] <Zash> Hm, I should look at what a printer costs
[20:13:09] *** xnyhps shows as "online"
[20:13:11] <arc> SamWhited: yea its not light reading. I recommend https://www.w3.org/TR/exi-primer/ to start with
[20:13:18] <SamWhited> arc: Thanks
[20:13:25] <jonasw> is there an email-adress where XEPs are supposed to go? the http://xmpp.org/xmpp-protocols/xmpp-extensions/submitting-a-xep/ page linked in XEP-1 404s
[20:13:28] *** xnyhps shows as "online"
[20:13:36] <arc> that gives a very nice overview without sucking you into the details
[20:13:47] <SamWhited> jonasw: You can submit a PR on GitHub
[20:13:49] <jonasw> Zash: nothing, just "google" for one and ask the owner kindly to send you the printouts :)
[20:14:06] <Ge0rG> jonasw: you can make a PR of the XEP in inbox/
[20:14:08] <jonasw> SamWhited: which puts my xep in the inbox/ dir?
[20:14:09] <jonasw> right
[20:14:13] <SamWhited> jonasw: Yup
[20:14:14] *** xnyhps shows as "online"
[20:14:20] <arc> you're younger than me, you might be able to handle it better, but ive had to segmentize the details so i dont get overwhelmed. its a lot to hold in your head at once
[20:14:29] *** nicolas.verite has joined the room
[20:14:38] <SamWhited> oh I doubt that; if you can't hold the entire spec in your head I doubt I have any chance
[20:14:54] <arc> that's flattering but I doubt its true. age wears down your memory
[20:15:08] <SamWhited> jonasw: See the other XEPs in there for naming, I *think* you don't want it to start with xep- for reasons that I can't remember… something, something tooling.
[20:15:11] <arc> I'm turning 38.
[20:15:15] *** nicolas.verite has left the room
[20:15:39] <jonasw> yeah, figured that much
[20:15:46] *** daniel shows as "online"
[20:16:04] <moparisthebest> speaking of the inbox, some of those things are *ancient*, does or should it ever be cleaned out?
[20:16:43] *** xnyhps shows as "online"
[20:17:06] <jonasw> am I the only one *always* falling for the delay github has with showing the "you have pushed to branch X n minutes ago, do you want to pull request?", hitting F5, seeing it appear before the page has reloaded, click compare & pull request and then the page reloads and you’re back to square one?
[20:17:10] <SamWhited> I think the editor readme says it never gets cleaned out. We don't want to break old pages.
[20:17:28] <SamWhited> Oh yah, I do that all the time
[20:17:35] *** daniel has left the room
[20:17:54] <moparisthebest> break pages? do they get rendered?
[20:17:58] *** daniel shows as "online"
[20:18:16] <moparisthebest> or you just mean links to the xml ?
[20:18:37] <SamWhited> moparisthebest: they get rendered on the site, just like actual XEPs
[20:19:00] <moparisthebest> I didn't know that
[20:19:26] <jonasw> SamWhited: https://github.com/xsf/xeps/pull/440 consider yourself paperplaned
also: https://www.youtube.com/watch?v=Co452wJ-3Lg (Long Distance Calling - Black Paper Planes) (Music)
[20:19:34] <moparisthebest> https://xmpp.org/extensions/inbox/
[20:19:36] <moparisthebest> awesome
[20:19:51] <SamWhited> moparisthebest: Also, ¿Porque no los dos?
[20:20:08] <SamWhited> (I couldn't find the adorable little girl gif to send, so you just get text)
[20:20:44] <arc> given the current status of IoT I think I might actually focus for a few weeks on *just* the schema compiler and get a XEP out for it. the one thing im missing for the XEP is a definition for the schema of the schema
[20:21:00] <SamWhited> > the schema of the schema
[20:21:03] <SamWhited> I'm so sorry…
[20:21:07] <jonasw> that meta
[20:21:15] <jonasw> arc: schemas like in XML Schemas for XEPs?
[20:21:27] <jonasw> how are you going to deal with the mostly incorrect or inaccurate schemas out here in XEPs?
[20:21:40] <jonasw> well, probably not mostly.
[20:21:50] <jonasw> but they’re not normative, I’ve been told once.
[20:21:56] <arc> yea, in order for a client to transfer to the server the schema that it wants to use, which the server doesnt already have, it needs to be able to dump the EXI-encoded schema to the server. and that needs to be defined since every client and server needs to be able to understand it
[20:22:26] *** xnyhps shows as "online"
[20:22:42] *** Ge0rG shows as "online"
[20:22:54] *** xnyhps shows as "online"
[20:23:08] <arc> so the EXI schema for the EXI schema needs to be defined in the XEP
[20:23:15] <jonasw> that’s meta.
[20:23:25] <arc> its why I havent touched the XEP yet.
[20:23:36] <arc> but it needs to happen, and sooner the better
[20:23:39] *jonasw hands arc a large bag of tea.
[20:24:53] <moparisthebest> sounds like he needs something harder to me
[20:25:13] <arc> i havent written a line of code in a month. i'm up for it.
[20:25:15] <moparisthebest> maybe 160+ proof
[20:25:19] <jonasw> there are too many movies showing that coke doesn’t end well.
[20:25:20] <jonasw> oh
[20:25:22] <jonasw> nevermind.
[20:25:23] <Zash> 160+ proof tea?
[20:25:28] <arc> oh I have a copeous amount of cannabis
[20:25:39] *** nyco shows as "online"
[20:25:46] *** nicolas.verite has joined the room
[20:25:57] <arc> there's a "Balmer limit" to cannabis too, though.
[20:26:18] <jonasw> heh
[20:26:49] <arc> er "Ballmer Peak" https://xkcd.com/323/
[20:26:53] <jonasw> :D
[20:26:56] <dwd> jonasw, That your protoxep? ecaps2?
[20:27:04] <jonasw> dwd yes
[20:27:20] <arc> though its more a cliff. more is better, to a point, and then rapid degeneration. its around the point that you start feeling like time is on a bungee chord
[20:27:30] <dwd> jonasw, I think you win the prize for using every obscure separator character in the ASCII subset.
[20:27:38] <jonasw> dwd: thanks :D
[20:28:11] <jonasw> they were barely enough, I was worried I’d also need EOT
[20:28:15] <dwd> jonasw, Can those appear in XML?
[20:28:22] <jonasw> dwd: no.
[20:28:36] <jonasw> XML forbids control characters except htab, newline and carriage return
[20:28:47] <jonasw> (those between 0x00 and 0x20 at least)
[20:28:57] <Ge0rG> Hm. Thereis an IoT thread going on with me in Cc. I wonder who deemed me so important and why.
[20:29:22] <dwd> jonasw, Perfect. Nicely done.
[20:29:30] <jonasw> dwd: thanks! :)
[20:29:34] <arc> Ge0rG: you are the chosen one for IoT. you must lead the way, because everyone knows nobody else knows it
[20:29:51] <dwd> arc, IoT is different and special from everything else.
[20:30:19] <Ge0rG> arc: this must be a SCAM.
[20:30:27] *** jubalh has left the room
[20:31:16] <arc> I'm humored by these IoT "Meetups" full of VCs who think IoT means a standalone device that communicates solely with their service, like a modern wifi-connected thermometer that you can control with your phone through their online service
[20:32:10] *** mimi89999 has left the room
[20:32:48] <Zash> jonasw: "Cabability"
[20:33:00] *** Flow has joined the room
[20:33:04] <arc> in that ideology things like protocol standards don't matter. they mostly use a HTTP ReST API between the device an their service
[20:33:06] <dwd> arc, The sad thing is that most of these devices are going that way.
[20:33:12] *** goffi has joined the room
[20:33:19] <jonasw> Zash: that’s only because you cannot use entities in <dt>! thanks, fixed locally, waiting for more of these stupid typos before I push another commit.
[20:33:43] <arc> dwd: only because of the novelty of it. we need to catch up to steer course
[20:33:46] <dwd> arc, And worse, those that aren't suffer - my iKettle, for instance, is controlled locally, but people want to integrate - and they have to integrate via cloud services now.
[20:34:07] <Zash> dwd: Like the e-reader thing requiring an account with some online service to display text?
[20:34:08] *** mimi89999 has joined the room
[20:34:13] *** mimi89999 shows as "online"
[20:34:18] <arc> why does your .. what i assume is a water kettle.. need remote access?
[20:35:05] <arc> that's my other IoT rant that I won't get into. not everything needs a chip in it. bloody Target selling basketballs with a chip in it to count bounces and report them to your phone via bluetooth
[20:35:11] <dwd> arc, So I can set it to boil from my desk, and - more importantly - so I get a notification on my smartwatch when it does.
[20:35:14] <arc> my basketball does not need bluetooth.
[20:35:38] <dwd> arc, I understand. You're wanting it to use zigbee instead?
[20:35:48] <arc> dwd: lol
[20:35:54] <jonasw> +1
[20:36:03] <arc> dwd: you're doing well roleplaying an IoT VC!
[20:36:28] <dwd> arc, I'm just like a VC, except without the money.
[20:36:40] <arc> oh so you're homeless? ;-)
[20:36:42] <Zash> dwd: My water boiler has this amazing wireless notification protocol called "loud click and the sound of boiling water slowly fading away"
[20:36:55] <moparisthebest> a basketball with a bounce counting chip?
[20:37:02] <SamWhited> mine makes a sort of loud whistling noise when the water is ready
[20:37:04] <dwd> Zash, Well. I can actually hear the kettle from my desk, in fairness.
[20:37:08] <moparisthebest> I'd think you were joking if I didn't know better
[20:37:09] <xnyhps> moparisthebest: I didn't read much of the backlog, but the DEFLATE option for EXI very likely is vulnerable, without, probably.
[20:37:13] <Zash> Weren't there baseballs with accelerometers in them to measure how hard they got hit?
[20:37:15] <SamWhited> it sounds vaguely like air being forced through a small round opening
[20:37:17] <moparisthebest> maybe I will move to a cabin in the woods like Zash :)
[20:37:30] <jonasw> Zash: uh, I once had an oven which had the protocol of "if you don’t take care the water boils over the pots edge and flows down the sides into the oven tripping the RCA and thus cutting of your power"
[20:37:32] <arc> we have a bluetooth enabled pressure cooker. it has a bluetooth range of maybe 8 feet, 10 if you're lucky. the app you need to communicate with it has basically a clone of the physical interface on the machine
[20:37:51] <moparisthebest> xnyhps, yea any compression like deflate/brotli/etc would be, the question was whether the 'bitpacking' optimization without compression would be
[20:38:09] <moparisthebest> or, without what we normally call compression
[20:38:13] <moparisthebest> I suck at wording
[20:38:39] <Zash> moparisthebest: Call it PER
[20:39:16] *** Ge0rG shows as "online"
[20:39:18] <arc> xnyhps: DEFLATE only or newer methods like Brotli too
[20:39:20] <dwd> moparisthebest, EXI in bitpacking mode doesn't have back-references, which is the basic issue.
[20:39:50] *** Mancho has left the room
[20:39:52] <arc> but there is the string table, which I think would argue could have issues, and that's in all modes.
[20:39:59] *** Mancho shows as "online"
[20:40:54] <arc> your own JID, for example, will be on the string table. so if someone could send you a jid as an attribute value, i believe it could under specific conditions, confirm if that is your JID or not.
[20:41:09] <Zash> jonasw: 'the i;octet' intentional or typo?
[20:41:29] <arc> or if your device is communicating with a server, and they know which IP you're communicating with but not the specific hostname..
[20:41:31] <dwd> Zash, ACAP Comparator. Not a typo.
[20:41:58] <jonasw> Zash: that’s how it’s called. not my idea :/
[20:42:00] *dwd got his ACAP server compiling again the other day because someone actually wanted to use it.
[20:42:21] <Lance> jonasw: ^5 on the XEP, this looks awesome
[20:42:27] <jonasw> Lance: thanks
[20:42:36] *** SouL has joined the room
[20:42:52] *** SouL has joined the room
[20:42:52] *** SouL shows as "away" and his status message is "Zzz..."
[20:42:58] <arc> but given what moparisthebest described earlier I think that's a lot less of a security risk, since you couldn't pull out substrings to progressively reverse engineer, and the specific conditions are more difficult to otherwise achieve
[20:43:16] <Zash> jonasw, dwd: Well it could also have been an artifact of the conversion to epub I did
[20:43:30] <moparisthebest> right I think you couldn't progressivly build up by guessing 1 character at a time that way arc
[20:43:35] <dwd> Zash, RFC 4790, now, extracted from ACAP. My mistake, I'm behind the times.
[20:43:47] <xnyhps> If you're not compressing the password anyway, the thread model becomes rather vague.
[20:43:55] <moparisthebest> which again sounds better/more secure to me, but probably not as secure as not being able to guess at all? I'm sure someone could come up with an attack
[20:44:18] <xnyhps> Finding out someone's JID requires quite a lot of access for not that much information.
[20:44:22] <arc> yea no the string table refers to whole qnames and string values
[20:44:43] <xnyhps> Or who someone is talking to, etc.
[20:45:00] <arc> yea its not exposing, say, integer values coming from a sensor
[20:45:16] <dwd> Surely you'd need to address things to them? So at best, you're able to try to guess if someone who you already know by IP address, who is also in a chatroom with you, is the Jid you think they are?
[20:45:59] *** Steve Kille shows as "online" and his status message is "At Home"
[20:46:09] <xnyhps> dwd: Yeah, and you probably have much easier ways to do that.
[20:46:10] <arc> well it only confirms that they're a JID in your string table. it wouldnt expose, necessarily, if they were that JID vs had talked to that JID
[20:46:35] *** jere has left the room
[20:46:48] <arc> EXI doesn't "understand" XMPP beyond the schema you provide it.
[20:47:26] <arc> i think it might be possible under certain conditions for an IoT vendor to craft an insecure schema tho
[20:47:40] <arc> for example sensor data should be fixed length
[20:48:05] <dwd> TBH, I don't think that the use of deflate in XMPP is a general problem anyway. In extremely high-risk cases, perhaps, and if you're dumb enough to use PLAIN and TLS compression.
[20:48:12] <arc> in that way EXI is more secure than text xml in that integer should be a fixed length, where a string representing an integer is not
[20:48:17] *** nyco shows as "online"
[20:48:22] *** nicolas.verite has left the room
[20:49:07] <jonasw> Zash: do you have a diff of xep 369 from 0.8 to 0.8.1 from your fancy difftool at hand?
[20:49:23] <arc> for security any XEP for sensor data, it should be actually put in the security section that float and integer values should be zero-padded to their maximum value to decrease risk of data leakage
[20:49:48] <jonasw> zero-padded to their maximum value? how does zero-padding to maximum value work?
[20:50:32] <arc> if all the stanzas from a device are the same except being X length, X+1, X+2, X+3, etc based on the scale of a specific integer value, you can determine whether that value is 0-9, 10-99, 100-999, etc
[20:50:38] <Zash> Don't EXI basically work like if you were to generate optimal C structs for all the things, then send that down the wire?
[20:50:49] <arc> so if the maximum value is, say, 255, it should send as '001' '002' etc
[20:51:09] <jonasw> arc: wait, leading zeros are encoded?
[20:51:26] <arc> jonasw: for text xml
[20:51:29] <moparisthebest> if it's a string it has to be
[20:51:43] <arc> what i was saying is this is a weakness in text XML that EXI doesn't have
[20:51:43] <moparisthebest> but even if not most things send integers in a set number of bytes
[20:52:13] <arc> sure, but eg, a light sensor could flip between 0 and 100, and that would make it obvious what the state was
[20:52:26] <jonasw> ah I thought you were talking about EXI already, of which I assumed that it encodes it as binary integer
[20:52:33] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[20:52:38] <arc> people do not generally encode 0 as <light value="000"/>
[20:52:51] <arc> yea it encodes as a binary integer
[20:53:03] <jonasw> is it a variable-width encoding?
[20:53:20] <arc> i would have to look that up again, i havent touched that part in awhile
[20:53:34] <arc> i know you can constrain the range of most values
[20:53:34] <jonasw> that would have the same issue then, and it cannot be worked around with leading zeros
[20:54:42] <arc> well i don't believe its variable width per value, i think its only variable width by schema. if the schema says the integer value of a given attribute is 0 to 127, it'll do the right thing.
[20:55:04] <arc> i havent touched that since november tho, id have to read up on it again
[20:55:12] *** kaboom has left the room
[20:55:17] <jonasw> no worries
[20:55:26] *** kaboom has joined the room
[20:55:46] <arc> but im like 98% certain that an integer, float, etc value is fixed width from stanza to stanza
[20:55:55] <moparisthebest> the question is if an integer can be 0 to 65535, it obviously encodes 60000 as 2 bytes, but does it encode 120 as 1 byte or 2 ?
[20:56:00] *** kaboom has left the room
[20:56:06] <moparisthebest> that'd be a type of compression too
[20:56:09] *** kaboom has joined the room
[20:56:12] <arc> i believe that if an integer is a short it will always be a short.
[20:56:18] <moparisthebest> could leak something, idk
[20:56:28] <arc> you're right it could. but i dont think it does that.
[20:56:33] <moparisthebest> that's how everything I can remember seeing works yea
[20:56:56] *** kaboom has left the room
[20:56:58] *** xnyhps shows as "online"
[20:57:03] <arc> and when we draft EXI 2.0 that is something that should be definitely put on the table as a concern
[20:57:37] *** waqas has joined the room
[20:57:50] <moparisthebest> in general it seems like most things pre-2013 kind of took security as an after thought and might need to be revisted today
[20:58:31] <arc> so far the only thing I would like to add to EXI is being able to encode a delineator-separated sequence like is used in SVG
[20:58:38] <arc> if we had that, the SVG world would be all over it
[20:59:00] <arc> being able to encode paths more efficiently would be a major breakthrough.
[20:59:06] <Zash> jonasw: You happen to know which revisions that correspond to?
[20:59:40] *** xnyhps shows as "online"
[20:59:45] <jonasw> Zash: nevermind, I diffed it locally
[20:59:56] <arc> my initial interest in EXI came from getting tired of hearing about why X chat system doesn't use XMPP, but a binary protocol, for efficiency on mobile / etc
[21:00:08] <arc> and the same is true for SVG vs proprietary vector formats
[21:00:15] <jonasw> I’m going to bring up the <feature xmlns="…" /> stuff on standards@ again.
[21:01:04] *** winfried has left the room
[21:01:13] *** Steve Kille shows as "away" and his status message is "At Home"
[21:01:23] <moparisthebest> my complaint about SVG is that most things just arbitrarily execute javascript from them
[21:01:28] <moparisthebest> not a great security feature
[21:02:18] *** xnyhps shows as "away" and his status message is "Away"
[21:02:24] <Ge0rG> I wish I'd get some more insight from The Elders on carbonated body-less normal messages...
[21:02:33] <arc> moparisthebest: the same is true for XHTML-IM
[21:02:52] <moparisthebest> yep arc
[21:03:17] *** xnyhps shows as "away" and his status message is "Away"
[21:03:23] <jonasw> script content is not allowed in XHTML-IM…
[21:03:39] <moparisthebest> but like on my discourse instance I enabled common image format uploads, for example png, jpg, gif, and svg
[21:03:48] <jonasw> (reminds me, I wanted to polish up my XSLT which strips off anything not allowed as per xep 71)
[21:03:57] <moparisthebest> then, luckily it was a friend, uploaded an svg with some XSS javascript to steal cookies and showed me :)
[21:04:20] <jonasw> are there any xslt/xhtml wizards here?
[21:04:43] <moparisthebest> I'd assume this is where the xslt wizards live :) not me though
[21:05:10] <Lance> jonasw: stuff like <a href="javascript:alert(1)"> can still exist even without allowing <script> elements
[21:05:24] <jonasw> Lance: haven’t thought of hrefs, good point
[21:05:33] *** nicolas.verite has joined the room
[21:05:49] <jonasw> but that is usually easily filtered depending on the webview used
[21:05:52] <dwd> Lance, Dependsing on CSP.
[21:05:55] <moparisthebest> a blacklist would be a never ending hole
[21:05:57] *** nicolas.verite has left the room
[21:06:06] <jonasw> moparisthebest: that’s why I’m using the whitelist from the XEP.
[21:06:28] <dwd> moparisthebest, No, I mean Content Security Policy stuff would prevent inline javascript from working.
[21:06:30] <moparisthebest> I'm not positive you can do that kind of thing with xslt
[21:07:07] <moparisthebest> yea dwd, not sure how you get/set that with something like xhtml-im
[21:07:19] <moparisthebest> surely if there was a handy .noJavascript() method they would have called it
[21:07:46] <arc> XSLT could do it. You shouldn't do this with XSLT.
[21:07:59] <arc> no matter how hard you try it will always leave a hole
[21:08:02] <jonasw> arc: what exactly?
[21:08:11] <arc> jonasw: filtering XML/HTML
[21:08:17] <jonasw> hm
[21:08:23] <jonasw> how else are you going to do it?
[21:08:44] <jonasw> also, I think that this should be pretty sound:
https://github.com/horazont/aioxmpp/blob/devel/data/xhtml-im-sanitise.xsl
(leaving aside the @href issue)
[21:09:01] <arc> I'm in the camp for saying XHTML-IM shouldn't be supported
[21:09:07] <arc> I wasn't. now I am.
[21:09:12] <moparisthebest> I agree
[21:09:15] <jonasw> arc: I also do not like XHTML-IM.
[21:09:28] <jonasw> but then again, there are people who want rich text in their IM clients.
[21:09:39] <Zash> BBcode
[21:09:41] <moparisthebest> you can have rich text without html
[21:09:49] <jonasw> moparisthebest: is there a XEP for that?
[21:09:57] <moparisthebest> not that I know of :)
[21:09:58] <arc> https://plus.google.com/+ArcRiley/posts/BXpPxYRcRim
[21:10:09] <moparisthebest> someone was advocating markdown somewhat recently
[21:10:16] <jonasw> (actually, a body type="text/markdown" or type="text/rst" would be great; just make sure your markdown/rst doesn’t pass through HTML…)
[21:10:59] <moparisthebest> right :) or it starts all over
[21:10:59] *** bjc has joined the room
[21:11:08] <Zash> Wasn't Markdown is defined as a HTML superset?
[21:11:13] <jonasw> yes, Zash
[21:11:19] <arc> i dont think thats still a complete solution.
[21:11:25] <Zash> Nice things, you can't have them
[21:11:35] <arc> the <a href="javascript:"> links will leak through
[21:11:40] <moparisthebest> well as Zash said bbcode it is then
[21:11:43] <Lance> plus the issues with multiple flavors of markdown, etc
[21:11:47] <moparisthebest> I'm sure there are plenty of libraries already ready to use
[21:11:49] <moparisthebest> in php...
[21:11:56] <jonasw> gah, bbcode is annoying too.
[21:12:00] <Zash> There can be only one! (And it is pandoc)
[21:12:03] *Zash <3 pandoc
[21:12:24] <moparisthebest> as the saying goes annoying or insecure pick one
[21:12:32] <moparisthebest> I probably just made that saying up
[21:12:39] <arc> Lance: btw one thing i love is the stream framing from websockets? the added overhead for jabber:client namespaces is completely eliminated in EXI
[21:12:45] *** vurpo has left the room
[21:12:50] *** vurpo has joined the room
[21:13:06] <Lance> yes!
[21:13:30] <arc> if back then when that was being vexed over, if someone had said "in 5 years that won't be an issue anyway because EXI" it would have made the decision much easier
[21:13:39] <Flow> jonasw: I do think that xep115 has hash agility, and signalling the caps using a second hash algo wouldn't require a ns bump
[21:13:50] <moparisthebest> re: markdown only one markdown I know has a defined spec, http://commonmark.org/
[21:14:06] <arc> good lord, i cant even use libxml2 anymore. its just painful.
[21:14:18] <jonasw> Flow: there was some mailing list post where people discussed otherwise, in the thread Tobias linked I think
[21:14:39] *** nicolas.verite has joined the room
[21:15:09] <arc> schema-based xml coding makes so much more sense
[21:15:49] <moparisthebest> so I think if you mandated commonmark with the exception of no support for http://spec.commonmark.org/0.27/#html-blocks it might be easier, would need more thought
[21:15:50] <Flow> nothing prevents clients from using a second hash mech, as long as they still send the mandatory to implement one
[21:16:00] *** mimi89999 has left the room
[21:16:01] *** Holger shows as "online" and his status message is "I'm available"
[21:16:20] <Zash> Flow: You mean sending multiple <c> elements?
[21:16:22] *** mimi89999 shows as "online"
[21:16:50] <Flow> Zash: yep
[21:17:39] <Zash> Flow: Doesn't fix the algorithm for producing the hash tho
[21:17:50] <Flow> Zash: Right
[21:17:53] *** goffi has left the room
[21:19:03] <Flow> But I don't aggree with the statement that the change of the hash function of xep115 requires a namespace bump in ecaps2
[21:19:29] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:19:31] <Flow> jonasw: Any particular reason for going with a new xep instead of updating xep115?
[21:19:54] <jonasw> Flow: I asked here, and people suggested that a clean new xep is the better way to go.
[21:20:17] *** arc shows as "away" and his status message is "I'm not here right now"
[21:20:17] *** arc shows as "away" and his status message is "I'm not here right now"
[21:20:48] <Flow> jonasw: i see
[21:20:50] <Lance> IIRC, it was so we could flag 115 as obsoleted by the new one
[21:21:11] <Kev> jonasw: Well, I think I suggested that a new XEP was the wrong way to go, and updating 115 was preferable :)
[21:21:13] *** nicolas.verite has left the room
[21:21:14] <Lance> as an encouragement to devs to upgrade
[21:21:18] <jonasw> Flow: to be clear, I’m happy to drop -xxxx and merge the changes into 115 if council prefers that.
[21:21:31] <Ge0rG> also to prevent people from doing some compat with the old stuff badly.
[21:21:55] *** Tobias has left the room
[21:22:06] *** Tobias shows as "online"
[21:22:18] <jonasw> but considering that it were council people who suggested to go with a new xep, I followed that suggestion.
[21:23:46] <Flow> pfff, council people are not always right ;)
[21:24:04] <Lance> not even close :)
[21:24:28] <jonasw> Flow: they’re, from my understanding, those who decide whether a patch to XEP-115 will be accepted though.
[21:24:29] <Kev> I think it led to the wrong outcome in this case, but I can't fault the logic of taking advice from Council in general.
[21:24:58] *** Steve Kille shows as "online" and his status message is "At Home"
[21:25:28] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:25:45] <Flow> Sure, asking for feedback is always a good idea.
[21:26:07] <SamWhited> It seems like a good idea to me to go with a new XEP in this case just to encourage people not to try and have backwards compatibility with the old one (which rather defeats the purpose of having a new one), but I don't feel strongly about it and could be convinced either way.
[21:26:37] <jonasw> in any case, I’m off for tonight. may read the backlog if highlighted
[21:26:40] <SamWhited> defeats the purpose in this case, I mean, since it's a security issue. Backwards compatibility is sometimes a good idea.
[21:26:46] <Kev> SamWhited: 115 is a core dependency of a *lot* of XEPs. I don't think replacing it is warranted in this case.
[21:27:23] <SamWhited> yah, that is tricky, not sure what to do about that. Either way tough we'd have to solve that problem and I suspect the two will have to coexist for a while.
[21:27:29] *** jonasw has left the room
[21:27:33] <Flow> Kev: The question is: Is xep115 is dependency or xep115 *and* the current namespace of xep115?
[21:27:47] <Kev> Well, at least for the dependency, it's straightforward, as the dependency is just on the latest version of 115.
[21:27:54] *** bjc shows as "away" and his status message is "Away"
[21:27:56] *** bjc shows as "away" and his status message is "Away"
[21:28:01] <Kev> Whether it should be or not is another matter, of course.
[21:29:09] <Flow> This is a fundamental question as we will find ourselves in the situation more and more in the future. For example with the XEPs depending on xep300
[21:29:19] <Lance> Yeah, aside from PEP, most of the "dependency" for these XEPs is just the fact that it optimizes the true dependency on disco#info
[21:29:29] *** sonny shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[21:29:30] <Zash> Do we need a BCP kind of thing?
[21:29:45] *** nicolas.verite has joined the room
[21:29:50] <Flow> Do we want to update all consumers of xep300 if it receives an incompatible update?
[21:30:25] <Flow> Or do we want to sepcify a dependency as xep number *and* "namespace", and update the consumers one after another?
[21:31:45] <Flow> Lance: Well said. I hate that some XEPs give you the impression that xep115 is an alternative to xep30
[21:32:06] <Flow> Zash: BCP?
[21:32:26] <Zash> Flow: IETF thing, like a pointer to the latest RFC on some specific topic.
[21:32:37] <Lance> Best Current Practices
[21:32:41] <Flow> ahh berst current practice
[21:32:52] <Zash> Flow: RFCs never change, but a BCP may be changed to point to a new RFC
[21:33:06] <Flow> isn't the the opposite what XEP do?
[21:33:29] <Flow> i.e., they do change, so we need a pointer to a fixed revision of a xep
[21:33:30] *** Mancho shows as "online"
[21:33:31] *** kalkin has left the room
[21:33:48] <Flow> (which we have in our attic btw)
[21:34:20] <Zash> Final XEPs are probably the closest to how RFCs work
[21:34:27] *** sonny shows as "online"
[21:34:29] <Flow> true
[21:34:41] *** uc has left the room
[21:35:00] *** uc has joined the room
[21:35:27] <Flow> ahh, enough DNSSEC fun for today. I follow jonasw to the realm of sweet dreams where everthing is like it should be
[21:35:28] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[21:35:44] *** arc shows as "away" and his status message is "I'm not here right now"
[21:35:44] *** arc shows as "online"
[21:35:49] *** nicolas.verite has left the room
[21:36:00] <arc> its too bad SRV records don't allow additional information
[21:36:02] <Ge0rG> Flow: and dreem of jumping and colliding SHA1eep?
[21:37:11] <Lance> arc: what kind of additional info?
[21:37:30] <arc> i havent touch DNS resolution in awhile, can you send a single request for multiple SRV records?
[21:37:40] *** Mancho has left the room
[21:37:41] <arc> Lance: for example, the server capability, protocol version, etc
[21:37:54] <Zash> arc: Multiple how?
[21:37:55] <moparisthebest> with the same name sure
[21:37:56] <Lance> arc: whether or not to start with EXI, hrm?
[21:37:57] *** bjc shows as "away" and his status message is "Away"
[21:37:59] *** bjc shows as "away" and his status message is "Away"
[21:38:07] <arc> Lance: yes, or TLS, or etc
[21:38:13] <moparisthebest> I suppose that'd be what TXT records are for arc
[21:38:15] <arc> yes I know there's a XEP for TLS
[21:38:22] <moparisthebest> or encode TLS or not TLS in the name like I did haha
[21:38:34] <moparisthebest> that would easily explode though if you try to encode more
[21:38:47] <arc> moparisthebest: yes, but doesnt that require multiple lookups? or can the two alternative names be requested at once?
[21:39:08] <moparisthebest> now we have _xmpp-client, and _xmpps-client, we don't want _xmppse-client and _xmppe-client for exi for example too, probably
[21:39:11] <Zash> _xmpp{s,}-{client-server}{,-exi}._tcp
[21:39:22] <arc> yea. so.. part of EXI is the first byte of an EXI stream is never a valid text unicode string by any enconding
[21:39:26] <moparisthebest> yea arc that's 2 seperate lookups
[21:39:49] *** jonasw shows as "online"
[21:40:02] <arc> one way is SRV records. the other way is to just punch EXI at the server, and it either responds with EXI or not
[21:40:09] <moparisthebest> arc, uh what about ALPN I think that neatly solves your problem?
[21:40:16] <arc> ALPN?
[21:40:31] <moparisthebest> tls extension, tells it the protocol(s) you'd like to speak
[21:40:38] <moparisthebest> Application Layer Protocol Negotiation ?
[21:40:43] <moparisthebest> http2 uses it
[21:40:52] <arc> oh, yes that could work
[21:40:57] *** Flow has left the room
[21:41:10] <arc> ive seen this before, just forgot about it
[21:41:18] *** nicolas.verite has joined the room
[21:41:24] <moparisthebest> xep-0368 uses it too, but optionally
[21:41:32] *** nicolas.verite has left the room
[21:41:57] *** Mancho has left the room
[21:42:06] *** Mancho shows as "online"
[21:42:37] <arc> yea i saw this mentioned somewhere about http2 awhile ago. so, what does the payload look like
[21:43:04] <Zash> A text string in a TLS extension
[21:43:21] <Ge0rG> a byte array.
[21:43:44] <Ge0rG> because text strings are imPRECISe
[21:43:57] *** Steve Kille shows as "away" and his status message is "At Home"
[21:44:08] <arc> ok so we could define a meaning for that which is extensible to other things
[21:44:13] <moparisthebest> yea Ge0rG is more correct it's a precisely defined sequence of bytes
[21:44:32] <arc> the key is it must be possible to use EXI without support for text XML
[21:44:50] <moparisthebest> so basically an EXI xep could depend on xmpps-* records from xep-0368, and send it's own custom ALPN protocol sequence
[21:45:09] <moparisthebest> or optionally, both xmpp-client and xmpp-exi-client or whatever
[21:45:17] <moparisthebest> and server would say I can speak X
[21:45:31] <moparisthebest> at which point you'd proceed or try next SRV record
[21:45:37] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:45:46] *** Mancho has left the room
[21:46:04] <arc> i *hope* that server support would be well deployed before its an issue
[21:47:07] <arc> oh interesting. it doesnt look like Contiki OS supports ALPN
[21:47:08] <Lance> arc: also, once the EXI XEP is decent, I'd be happy to help with making a proper xmpp-exi websocket binary subprotocol
[21:47:37] <arc> Lance: absolutely. but lets get a javascript library for it first ;-)
[21:48:21] <arc> from the times its been brought up i think the right path is to kill 0322 and start fresh. the one up there is utter nonsense from an implementers point of view
[21:49:17] *** sonny shows as "online"
[21:49:21] <arc> 50% of the document is re-implementing EXI header format in a less compact form
[21:50:07] <arc> and it doesn't even really get into how to handle a "pure" EXI stream (not starting with text XML)
[21:50:08] *** nicolas.verite has joined the room
[21:51:43] *** sezuan has left the room
[21:51:46] *** sezuan shows as "online"
[21:51:51] *** Steve Kille shows as "online" and his status message is "At Home"
[21:52:41] <arc> the mechanism I think is best is this:
1) Client sends EXI header with <open> framing. in the header, the schemaId field contains a hash identifier for the schema it wants to use, generally in sha256: URI format, but this allows future hash values to be used
[21:53:32] <arc> 2) if server doesn't already have that schema, it responds with EXI header for a "default" stream using the schema-schema, and gives an error that the requested schema must be provided
[21:54:25] *** kalkin shows as "online"
[21:55:36] <arc> 3) if client receives such an error, it will restart its EXI stream with the same schema and transfer that schema
4) server responds with the hash as it understands it wishes the client to use in the future (generally, sha256: URI)
5) stream restarts (or continues after step 1, if server responded with the EXI header for the same schema) normally
[21:56:41] <arc> the error-restart method should only be needed after a server is wiped, upgraded, or the first time a client of a specific version connects to it. sha256 is suggested to minimize this (large servers will already have the schema on file) but can be boosted in the future
[21:57:09] *** Lance shows as "away"
[21:57:53] <arc> it otherwise uses the same framing as websocket.
[22:00:10] <arc> vs XEP 0322 it removes the issues with asking the server to download schemas from a HTTP resource (eg, using XMPP servers to multiply ddos attacks on webservices), removes the need for a text XML parser, reduces handshakes to initiate a typical connection, and removes redundant negotiation
[22:00:16] *** Lance shows as "online"
[22:01:59] <moparisthebest> so it just sends a hash of the schema it wants to use?
[22:02:08] <moparisthebest> no other info about it?
[22:02:33] <arc> yes in the EXI header field for schemaId. i believe the hash URI standard allows for length too
[22:03:18] <moparisthebest> I was going to ask what stops a malicious client from uploading a 10gb schema
[22:03:30] <arc> if the hash isnt known by the server, it asks the client to transfer the whole thing, and then the server gives the client a URI to refer to that schema in the future - which might be a newer hash
[22:03:52] <arc> moparisthebest: the server should cut it off at some point obviously. schema should never be anywhere near that big, especially EXI encoded.
[22:04:20] <arc> i mean you could make the same claim for what stops a client from sending a 10g <stream:stream opening element with a gazillion attributes
[22:04:26] <moparisthebest> that is true
[22:04:55] <moparisthebest> I wonder what current servers do with that hehe
[22:05:02] <moparisthebest> or clients
[22:05:26] <arc> with EXI? the few experimental ones use XEP 0322
[22:05:42] <arc> i am not aware of EXI being used in production anywhere tho
[22:05:53] <arc> the only complete implementation of EXI I'm aware of is written in Java
[22:05:57] *** nicolas.verite has left the room
[22:06:08] <arc> my libexi will be #2.
[22:06:11] <moparisthebest> oh I meant I wonder what current servers or clients do with 10 gigabyte <stream:stream xml
[22:06:20] <arc> oh, that's a good question
[22:06:30] <moparisthebest> evil me wants to try it out
[22:06:36] <arc> I'm willing to bet at least one will catch on fire
[22:06:38] <moparisthebest> not at a production server of course other than mine :)
[22:07:23] <moparisthebest> I'm guessing some are protected by a naive "no xml will contain > 10m so that's my buffer size"
[22:07:34] <moparisthebest> or similar, but yea, testing time
[22:08:05] <arc> well id bet actually that expat or libxml2 will dutifully attempt to parse it regardless.
[22:08:14] <SamWhited> What is realistically the biggest packet size a server should expect? Not more than a couple of kilobytes surely?
[22:08:39] <arc> SamWhited: with HTTP over XMPP it could be more. isnt there a way for a MTU to be set?
[22:08:45] <Kev> Given the minimum maximum stanza size is 10k, no, a bit more than that.
[22:08:51] <Kev> Depending what you mean by 'packet'.
[22:09:07] <arc> i assume stanza
[22:10:11] <SamWhited> yah, I don't know what I meant by packet… "start stream tag or any second level element" I suppose
[22:10:51] <arc> amount of data in the XML parser which is not yet returned to the client?
[22:10:51] <arc> er, application
[22:10:55] *** Tobias shows as "online"
[22:10:57] *** Tobias shows as "online"
[22:11:13] <arc> moparisthebest: this is a good secure case to note
[22:12:44] <arc> another issue servers might want to look out for is flooding it with new schemas. an LRU cache should be used to keep the number of schema from being pushed out of control by an attacker
[22:13:01] *** daniel has left the room
[22:13:30] *** daniel shows as "online"
[22:13:38] <moparisthebest> it might or might not matter, but it could be a bit racy
[22:13:53] <moparisthebest> like if 10000 iot devices all connect at the same time, request the same hash, server doesn't have it
[22:13:54] <arc> yea disk size. but you can flood that with logs too
[22:13:59] <moparisthebest> I guess they all simultaneously upload it?
[22:14:28] *** nicolas.verite has joined the room
[22:14:31] <arc> that sounds like a crazy race condition
[22:14:53] <arc> actually no, that'd almost never happen because each one has to be provisioned right?
[22:15:21] <moparisthebest> it seems like it'd happen when you reboot the server or something though
[22:15:24] <arc> i mean almost never happen that two try to send in the same schema at once. and one would hope the server can handle that well
[22:15:40] <arc> oh, true. or upgrade it such that it wants to wipe the cache
[22:15:56] <moparisthebest> maybe something like that
[22:16:18] <moparisthebest> maybe you block the others while a few are uploading or something?
[22:16:25] <moparisthebest> servers might be able to do something smartly
[22:16:39] <arc> if a server policy is to, eg, use a SHA512 for added security because the operator considers SHA256 weak, even if it "has" the schema on disk it would need clients to transmit it in order to give it the hash that it wants
[22:17:02] <arc> the schema shouldnt be large. thats why EXI encoding too.
[22:17:10] <moparisthebest> I kind of assumed once a schema is uploaded the server would store it along with *all* the hashes
[22:17:21] <arc> it could do that too.
[22:17:33] <moparisthebest> anyway I'm off here for the day :) have a good one
[22:17:55] *** ThurahT shows as "away"
[22:17:55] *** ThurahT shows as "online"
[22:18:04] <arc> so if a newer client asks for a sha512: right off the bat the server can respond "correctly"
[22:19:24] <arc> all the server MUST do is return the schemaId it would like the client to refer to this schema with in the future. it SHOULD return with a hash URL, and it SHOULD record and handle any hash URL by any method the server considers secure
[22:19:39] *** Steve Kille shows as "away" and his status message is "At Home"
[22:20:10] <arc> so that clients connecting to the server for the first time using the same schema as another client of the same model, can do so without having to send the schema first.
[22:20:34] <moparisthebest> any reason it just wouldn't always use the hash?
[22:20:46] <arc> #futurehash
[22:20:46] <moparisthebest> that seems like the only way you could be safe knowing you were both talking about the same thing
[22:21:25] <arc> allow the server to support future hash mechanisms without clients needing to understand them
[22:22:54] <arc> a client sends a sha256: URI. the server responds to uploading it with a sha512: uri. client records and uses what the server gave it. the sha256: URI the client started with a guess. if sha512: were to become a new standard every client could use it.
[22:23:33] <arc> otherwise a client connecting to a server for the first time would just start with the default schema and send the schema in order to get the identifier. which could become a bit much.
[22:23:59] *** Zash has left the room
[22:24:00] <arc> in 2017 i think we all consider sha256 strong. 2020 who knows
[22:24:04] *** nicolas.verite has left the room
[22:24:10] *** Zash has joined the room
[22:24:34] <arc> this is just me spitballing though.
[22:24:43] *** Zash has joined the room
[22:25:00] *** ThurahT shows as "away"
[22:25:00] *** ThurahT shows as "away"
[22:25:14] <moparisthebest> so maybe a server MUST respond with a hash, it MUST respond with the hash in the same algorithm the client sent unless it doesn't understand that algorithm, in which case it MUST respond with the hash in the 'strongest' algorithm the server supports as decided by the server
[22:25:40] *** Tobias shows as "online"
[22:27:01] <arc> that has some odd implications too. the hash itself is added weight for every connection. if 256 is considered enough, it should use 256.
[22:28:27] <arc> 802.15.4 devices have an effective MTU of around 100 bytes, and over 6lowpan packet fragmentation can cause real connectivity issues. its best to keep the EXI-encoded stanza payload under 100 bytes
[22:29:40] *** nicolas.verite has joined the room
[22:29:59] <arc> the exi header with a sha256 uri consumes almost 100 bytes by itself, iirc
[22:30:10] <arc> if its just <open> though its fine
[22:31:10] <arc> i imagine #futurehash is more likely to be used over 802.11ah or similar newer, low-power protocol though which isnt necessarily subjected to the same constraints
[22:32:31] *** kalkin has left the room
[22:35:44] *** Tobias shows as "away"
[22:37:32] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[22:38:04] <arc> in some cities right now, every bus is driving around with a 802.15.4 transceiver in a weather-proof plastic shell and a tiny solar cell glued to the top of the bus, rechargable battery, recording and sending realtime air quality data through a makeshift mesh network using, IIRC, some MQTT-based protocol
[22:38:58] *** Kev shows as "away"
[22:40:09] <arc> since they use 2.4ghz the buses are regularly delinked from the mesh network due to excessive frame collisions and inability to return pings, so restarting a stream on reconnect while under pressure is a real thing
[22:40:42] <arc> fragmentation multiplies the problem in those cases.
[22:45:58] *** kalkin shows as "online"
[22:46:24] *** arc shows as "away" and his status message is "I'm not here right now"
[22:46:24] *** arc shows as "away" and his status message is "I'm not here right now"
[22:46:41] *** ralphm shows as "online"
[22:47:18] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[22:47:24] *** ralphm shows as "online"
[22:47:33] *** nicolas.verite has left the room
[22:47:47] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[22:49:34] *** intosi has joined the room
[22:52:01] *** SouL has joined the room
[22:53:47] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[22:55:07] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:58:58] *** intosi shows as "away" and his status message is "Away"
[22:58:58] *** intosi has left the room
[23:03:26] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[23:05:07] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[23:06:15] *** jere has joined the room
[23:06:31] *** SamWhited has left the room
[23:07:07] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[23:08:07] *** suzyo has left the room
[23:11:28] *** bjc shows as "away" and his status message is "Away"
[23:11:30] *** moparisthebest has left the room
[23:11:40] *** moparisthebest shows as "online"
[23:17:21] *** arc shows as "away" and his status message is "I'm not here right now"
[23:17:21] *** arc shows as "online"
[23:18:33] *** Holger shows as "online" and his status message is "I'm available"
[23:18:48] *** dwd shows as "online"
[23:30:15] *** waqas has left the room
[23:35:29] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[23:41:29] *** devnull shows as "xa" and his status message is "Auto Status (idle)"
[23:44:48] *** bjc shows as "away" and his status message is "Away"
[23:46:35] *** waqas has joined the room
[23:49:20] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[23:50:05] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:52:13] *** sonny shows as "online"
[23:53:49] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[23:53:51] *** Holger shows as "online" and his status message is "I'm available"
[23:56:10] *** Zash has left the room
[23:57:16] *** devnull shows as "away" and his status message is "Auto Status (idle)"
[23:57:19] *** sonny shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:57:44] *** devnull shows as "chat" and his status message is ""I hope it does, he thought, see clearly, because I can't any longer these days see into myself. I see only murk. Murk outside; murk inside. I hope, for everyone's sake, the scanners do better. ""
[23:58:13] *** nicolas.verite has joined the room
[23:58:32] *** Lance shows as "away"
[23:59:35] *** Lance shows as "online"