Friday, October 13, 2017
xsf@muc.xmpp.org
October
Mon Tue Wed Thu Fri Sat Sun
            1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
         
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

[00:00:06] *** Guus has joined the room
[00:03:47] *** Guus has left the room
[00:03:51] *** Guus has joined the room
[00:07:23] *** intosi has joined the room
[00:08:23] *** Guus has left the room
[00:08:26] *** Guus has joined the room
[00:09:31] *** Guus has left the room
[00:09:35] *** Guus has joined the room
[00:12:24] *** Guus has left the room
[00:12:29] *** Guus has joined the room
[00:17:16] *** daniel has left the room
[00:18:35] *** Guus has left the room
[00:21:31] *** dwd has left the room
[00:27:26] *** Zash has left the room
[00:27:33] *** Zash has joined the room
[00:33:08] *** jere has left the room
[00:33:20] *** jere has joined the room
[00:35:39] *** xnyhps shows as "away" and his status message is "Away"
[00:37:08] *** nyco has left the room
[00:37:12] *** nyco shows as "online"
[00:38:15] *** Zash has left the room
[00:39:10] *** jjrh has left the room
[00:41:11] *** Zash has joined the room
[00:41:13] *** jjrh shows as "online"
[00:47:53] *** efrit has joined the room
[00:49:33] *** jjrh has left the room
[00:50:03] *** jjrh shows as "online"
[00:50:42] *** intosi has joined the room
[00:51:22] *** Guus has joined the room
[00:52:00] *** jjrh has left the room
[00:52:17] *** jjrh shows as "online"
[00:54:54] *** jjrh has left the room
[00:55:01] *** jjrh shows as "online"
[00:57:27] *** moparisthebest has joined the room
[00:57:28] <moparisthebest> What if we replace xhtml-im with bbcode!!!
[01:00:36] *** jjrh has left the room
[01:00:41] *** jjrh shows as "online"
[01:02:48] *** moparisthebest has left the room
[01:03:27] *** moparisthebest has joined the room
[01:03:27] <moparisthebest> Think of all the php implementations at our disposal
[01:04:09] *** andrey.g has joined the room
[01:07:02] *** matlag has left the room
[01:10:14] *** jjrh has left the room
[01:10:29] *** jjrh shows as "online"
[01:11:18] *** ralphm shows as "online"
[01:12:11] *** jjrh has left the room
[01:12:16] *** jjrh shows as "online"
[01:18:05] *** jjrh has left the room
[01:18:20] *** jjrh shows as "online"
[01:22:02] *** Guus has left the room
[01:24:12] *** jjrh has left the room
[01:24:14] *** jjrh shows as "online"
[01:24:23] *** Valerian has joined the room
[01:29:27] *** jjrh has left the room
[01:29:36] *** jjrh shows as "online"
[01:29:58] *** jjrh has left the room
[01:31:42] *** jjrh shows as "online"
[01:32:44] *** jjrh has left the room
[01:32:52] *** jjrh shows as "online"
[01:34:24] *** Guus has joined the room
[01:40:11] *** SamWhited shows as "online"
[01:40:30] *** Guus has left the room
[01:41:52] *** jjrh has left the room
[01:42:22] *** alacer has joined the room
[01:43:21] *** jjrh shows as "online"
[01:43:38] *** Guus has joined the room
[01:45:20] *** jjrh has left the room
[01:45:33] *** jjrh shows as "online"
[01:48:58] *** jjrh has left the room
[01:49:24] *** jjrh shows as "online"
[01:56:03] *** alacer has left the room
[02:00:19] *** intosi has left the room
[02:00:31] *** Syndace has joined the room
[02:01:03] *** mimi89999 shows as "online"
[02:02:03] *** jjrh has left the room
[02:02:21] *** alacer has joined the room
[02:02:37] *** jjrh shows as "online"
[02:06:31] *** Ge0rG has left the room
[02:06:31] *** Ge0rG shows as "away"
[02:13:43] *** daniel has joined the room
[02:14:09] *** Guus has left the room
[02:16:17] *** Guus has joined the room
[02:16:26] *** jjrh has left the room
[02:17:40] *** jjrh shows as "online"
[02:18:05] *** jjrh has left the room
[02:18:48] *** jjrh shows as "online"
[02:26:40] *** SamWhited has left the room
[02:28:51] *** jjrh has left the room
[02:30:20] *** jjrh shows as "online"
[02:31:39] *** alacer has left the room
[02:42:22] *** alacer has joined the room
[02:46:59] *** la|r|ma has joined the room
[02:49:40] *** lskdjf has joined the room
[02:49:52] *** Guus has left the room
[02:51:09] *** Guus has joined the room
[03:03:17] *** lskdjf shows as "online"
[03:05:15] *** lskdjf has left the room
[03:06:33] *** jjrh has left the room
[03:06:35] *** jjrh shows as "online"
[03:07:30] *** alacer has left the room
[03:08:04] *** SamWhited shows as "online"
[03:14:00] *** Zash has left the room
[03:17:53] *** lskdjf has joined the room
[03:19:30] *** uc has joined the room
[03:20:04] *** efrit has left the room
[03:22:21] *** alacer has joined the room
[03:23:35] *** tux has left the room
[03:23:35] *** tux has joined the room
[03:31:46] *** daniel has left the room
[03:42:19] *** Valerian has left the room
[03:46:28] *** matlag shows as "online"
[03:46:59] *** SamWhited has left the room
[04:03:09] *** uc shows as "online"
[04:04:34] *** alacer has left the room
[04:10:09] *** mimi89999 shows as "online"
[04:16:19] *** la|r|ma has left the room
[04:16:24] *** la|r|ma has joined the room
[04:19:47] *** Valerian has joined the room
[04:22:59] *** xnyhps shows as "away" and his status message is "Away"
[04:23:02] *** xnyhps shows as "online"
[04:25:10] *** xnyhps shows as "online"
[04:25:21] *** xnyhps shows as "online"
[04:29:46] *** Zash has joined the room
[04:29:48] *** Zash shows as "away"
[04:31:39] *** xnyhps shows as "online"
[04:32:09] *** xnyhps shows as "online"
[04:35:03] *** SamWhited shows as "online"
[04:40:25] *** McKael shows as "online"
[04:43:21] *** alacer has joined the room
[04:55:06] *** uc shows as "online"
[04:55:33] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[04:56:53] *** jere has left the room
[05:01:17] *** xnyhps shows as "online"
[05:01:36] *** xnyhps shows as "online"
[05:03:15] *** goffi has joined the room
[05:04:49] *** Valerian has left the room
[05:07:16] *** alacer has left the room
[05:08:23] *** xnyhps shows as "online"
[05:08:33] *** xnyhps shows as "online"
[05:08:56] *** alacer has joined the room
[05:11:06] *** xnyhps shows as "online"
[05:12:07] *** xnyhps shows as "online"
[05:19:42] *** Guus has left the room
[05:22:23] *** Flow has joined the room
[05:29:22] *** xnyhps shows as "online"
[05:30:22] *** xnyhps shows as "online"
[05:32:22] *** alacer has joined the room
[05:35:36] *** Tobias shows as "online"
[05:35:39] *** Tobias shows as "online"
[05:38:35] *** dwd shows as "online"
[05:38:57] *** Flow has left the room
[05:41:02] *** dwd shows as "online"
[05:49:14] *** xnyhps shows as "online"
[05:53:08] *** emxp has joined the room
[05:53:15] *** xnyhps shows as "online"
[05:53:49] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[05:55:49] *** dwd has left the room
[05:55:53] *** dwd shows as "online"
[05:56:54] *** dwd has left the room
[05:56:56] *** xnyhps shows as "online"
[05:56:58] *** dwd shows as "online"
[05:57:28] *** xnyhps shows as "online"
[05:58:28] *** la|r|ma has left the room
[05:58:31] *** la|r|ma has joined the room
[06:00:29] *** dwd has left the room
[06:00:32] *** dwd shows as "online"
[06:01:29] *** Flow has joined the room
[06:01:55] *** zinid shows as "dnd"
[06:02:26] *** SamWhited has left the room
[06:02:40] *** ralphm has left the room
[06:03:29] *** ralphm shows as "online"
[06:03:49] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[06:03:53] *** uc has joined the room
[06:04:57] *** xnyhps shows as "online"
[06:05:22] *** Flow has joined the room
[06:05:34] *** xnyhps shows as "online"
[06:06:30] *** dwd has left the room
[06:08:17] *** xnyhps shows as "online"
[06:08:28] *** xnyhps shows as "online"
[06:08:28] *** uc shows as "online"
[06:09:04] *** jonasw shows as "online"
[06:10:56] <jonasw> moparisthebest, loool
[06:11:53] <Zash> I do wonder if we should revive the <font> tag as replacement for the style attr
[06:12:16] <jonasw> I don’t believe in font styling, but people seem to think differently
[06:12:21] *** alacer has joined the room
[06:12:25] <jonasw> it’s the number one reason I block inbound formatting
[06:12:26] <Zash> Way easier to sanitize <font color="name | #hexhex">
[06:12:59] <jonasw> if we start to go down the route to revive parts of deprecated HTML, we can go down Sams route of inventing our own markup all the way
[06:13:01] <Zash> jonasw: People want stickers!!
[06:13:12] <jonasw> people don’t know what’s good for them!
[06:13:18] <Zash> People want the silliest things!
[06:13:22] *** sonny has joined the room
[06:13:27] <Zash> Do we give it to them or do they go elsewhere?
[06:13:40] *** xnyhps shows as "online"
[06:13:41] <Zash> Nice things, none shall have them!
[06:13:51] *** Flow has joined the room
[06:13:53] <Zash> Only shiny, silly things
[06:14:03] <edhelas> stickers are possible with XMPP
[06:14:13] <jonasw> SIMS + a repository of stickers yes
[06:14:20] <Zash> Sure they are, since literally forever
[06:14:37] <edhelas> non, with Bits Of Binary as well
[06:14:39] <Zash> Peoples reasons for XMPP suckage don't need match reality
[06:14:45] <jonasw> edhelas, do stickers fit into BOB?
[06:14:56] <Zash> Make them fit
[06:15:00] <jonasw> Zash, they sure match the reality of actual implementations :)
[06:15:03] *** xnyhps shows as "online"
[06:15:03] <edhelas> well 20kb-30kb is enough for most of them
[06:15:17] <jonasw> 30kB * 4 / 3 = 40kiB stanza
[06:15:19] <Zash> That's well within the 10M stanza limit, even if base64'd
[06:15:21] <edhelas> also BOB use some hash, so they are transfered only once
[06:15:26] <jonasw> there’s a 10MiB stanza limit? :)
[06:15:48] <Zash> In Prosody, IIRC inspired by some recommendation for minimal limit somewhere
[06:15:48] <edhelas> Movim implement stickers using BOB :)
[06:16:30] <edhelas> https://github.com/movim/movim/tree/master/app/widgets/Stickers/stickers
[06:16:47] <jonasw> 7.5 MiB data limit -- that’s well sufficient for avatars
[06:17:15] <edhelas> jonasw at one moment people will ask for high-def-animated-with-sound stickers
[06:17:19] <jonasw> I recall that people said that PEP avatars are not feasible due to (among others) stanza size limit?
[06:18:13] *** Flow has left the room
[06:18:48] <Zash> Here we go. Why can't I have my browser plugin that lets me link directly to sections?
[06:19:51] *** Kev has joined the room
[06:19:52] *** Kev shows as "online"
[06:20:02] <Zash> https://xmpp.org/rfcs/rfc6120.html#security-dos
> A deployed server's maximum stanza size MUST NOT be smaller than 10000 bytes
[06:20:07] *** xnyhps shows as "online"
[06:20:08] <Zash> Wait that's ~10k
[06:20:13] <jonasw> :D
[06:20:38] *** Steve Kille has joined the room
[06:20:41] *** Steve Kille shows as "online" and his status message is "Shurdington"
[06:21:36] *** dwd shows as "online"
[06:21:47] <zinid> and there is no way to check what limit is applied on the server :)
[06:21:55] <zinid> we need a XEP
[06:21:56] <Zash> Path MTU discovery!
[06:22:06] <Zash> Now with eXtensibility! :D
[06:22:45] <Zash> MattJ: How did we end up with 10M then?
[06:23:28] *** dwd has left the room
[06:23:31] *** dwd shows as "online"
[06:23:48] *** emxp has joined the room
[06:24:08] <Zash> I suppose you could survey peoples vCards and multiply the maximum size by some number out of a hat and call it a day.
[06:25:04] <jonasw> Zash, it’s not impossible that I complained a few years ago when my fiancees avatar wouldn’t upload and that made pidgin fail to connect or something. I remotely recall there to be such a problem.
[06:25:21] *** xnyhps shows as "away" and his status message is "Away"
[06:26:14] <Zash> jonasw: Not the thing where data goes into a buffer that the network stack isn't paying attention to?
[06:26:14] <jonasw> back in the days of google code
[06:26:52] <jonasw> not sure, I think it was some limit thing
[06:27:13] <Zash> Hm
[06:33:30] *** dwd has left the room
[06:34:14] *** dwd shows as "online"
[06:36:09] *** dwd shows as "online"
[06:36:57] *** dwd has left the room
[06:37:00] *** dwd shows as "online"
[06:37:39] *** goffi has left the room
[06:37:40] *** uc shows as "online"
[06:38:31] *** dwd has left the room
[06:38:34] *** dwd shows as "online"
[06:39:13] *** stefandxm shows as "online" and his status message is "Available"
[06:42:43] *** dwd has left the room
[06:42:46] *** dwd shows as "online"
[06:43:58] *** Flow has joined the room
[06:46:10] *** dwd has left the room
[06:46:13] *** dwd shows as "online"
[06:46:51] *** vanitasvitae has joined the room
[06:48:30] *** dwd has left the room
[06:49:20] *** stefandxm shows as "away" and his status message is "Available"
[06:50:00] *** stefandxm shows as "online" and his status message is "Available"
[06:51:24] *** winfried has joined the room
[06:51:51] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[06:54:04] <Zash> Hey, how do browsers deal with namespaces?
[06:54:33] <Zash> Like, if I stupidly insert some random XML tree into my DOM, and there's like a <p xmlns="not xhtml" onclick="evil();"> in there, what happens?
[06:54:38] *** ralphm shows as "online"
[06:54:45] <jonasw> Zash, horribly
[06:54:50] <jonasw> they don’t care a lot
[06:55:00] <jonasw> and as always, it depends
[06:55:10] <Zash> So a thing that sanitizes the xhtml-im namespace but lets anything else thorugh would be useless?
[06:55:16] <jonasw> I can imagine that this kind of stuff works because it is hared between XML and SVG handling
[06:55:22] <jonasw> maybe
[06:55:24] <jonasw> I wouldn’t rely on it
[06:55:34] <jonasw> there are funny bugs in browsers with prefixes, too
[06:57:34] *** dwd shows as "online"
[06:57:46] *** moparisthebest has joined the room
[06:59:25] *** ralphm shows as "online"
[07:01:51] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[07:09:34] *** stefandxm shows as "away" and his status message is "Available"
[07:14:26] *** la|r|ma shows as "online"
[07:15:48] *** jonasw shows as "away"
[07:26:05] *** ralphm shows as "online"
[07:26:17] *** uc has left the room
[07:32:01] *** Tobias shows as "away"
[07:32:05] *** Tobias shows as "away"
[07:32:20] *** Tobias shows as "online"
[07:33:30] *** dwd has left the room
[07:36:50] *** ralphm shows as "online"
[07:41:14] *** stefandxm has left the room
[07:49:52] *** ralphm has left the room
[07:53:13] *** ralphm shows as "online"
[07:54:35] *** lskdjf has joined the room
[07:59:45] *** stefandxm has joined the room
[07:59:47] *** stefandxm shows as "online" and his status message is "Available"
[08:00:35] *** Ge0rG has left the room
[08:00:35] *** Ge0rG shows as "online"
[08:00:35] *** Ge0rG has left the room
[08:00:35] *** Ge0rG shows as "away"
[08:00:45] *** Steve Kille has left the room
[08:01:11] *** nyco has left the room
[08:01:14] *** nyco shows as "online"
[08:01:31] *** Tobias shows as "away"
[08:02:47] *** jubalh has joined the room
[08:06:42] *** ralphm has left the room
[08:07:07] *** Steve Kille has joined the room
[08:07:21] *** Steve Kille shows as "online" and his status message is "Shurdington"
[08:10:58] *** Tobias shows as "online"
[08:11:52] *** McKael shows as "online"
[08:15:16] *** stefandxm shows as "away" and his status message is "Available"
[08:15:21] *** jonasw shows as "online"
[08:18:58] *** tux has joined the room
[08:21:39] *** stefandxm shows as "online" and his status message is "Available"
[08:23:45] *** Steve Kille shows as "away" and his status message is "Shurdington"
[08:23:58] *** ThurahT has left the room
[08:24:18] *** ThurahT has joined the room
[08:26:03] *** Steve Kille shows as "online" and his status message is "Shurdington"
[08:26:17] <jonasw> Kev, +1 to your XHTML-IM mail
[08:26:33] <jonasw> you brought to the point what I tried to convey in a few paragraphs of prose elsewhere.
[08:26:49] <Kev> I don't have the attention span to write TL;DR mails :)
[08:26:50] <Ge0rG> Ha, I tried to make the same point yesterday.
[08:26:56] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[08:27:17] <Ge0rG> Let's see if different framings are going to convince the public
[08:27:24] <jonasw> itym the council.
[08:29:17] *** dwd shows as "online"
[08:29:41] <zinid> guys, what is the agreement on pubsub in push?
[08:30:09] *** uc shows as "online"
[08:30:30] *** goffi has joined the room
[08:30:33] <Kev> I don't think the move towards something markdownish is actually stupid, FWIW, and I think it's much much easier to sanitise something that you can write your own parser/serialiser for, than XHTML-IM. So I don't think this is a bad direction. It is much easier for diligent devs to get it right. I'm just not sure I buy the argument that it's going to suddenly make anyone who wants to dump things into a DOM unsanitised safe.
[08:31:20] <Ge0rG> I like markdown, but it's impossible to write a parser for that.
[08:31:52] *** ralphm shows as "online"
[08:31:55] <jonasw> I agree with Ge0rG
[08:32:07] <jonasw> writing your own markdown parser is a mess, and will yield 1000 different implementations
[08:32:24] <jonasw> (this holds for all text-based markups, I’m afraid)
[08:32:38] *** Steve Kille shows as "online" and his status message is "Shurdington"
[08:32:44] <Ge0rG> It's even less possible to sanitize markdown.
[08:32:47] <Kev> Well, we can go with a binary markup if you want, and then base64 it to get it into the stream, but I don't think it helps :p
[08:33:20] *Kev preempts Dave suggesting ASN.1 encoding of markup.
[08:33:50] *** Guus has joined the room
[08:33:51] <Ge0rG> Kev: it's already impossible to write correct markdown _text_, which is rendered in the same way everywhere. How are you going to write a parser?
[08:34:09] <jonasw> Kev, I sense buffer overflows there.
[08:34:30] <Zash> This is the appropriate reaction: https://pics.zash.se/4c840479.jpeg
[08:34:31] <jonasw> using an XML-based markup makes much more sense to me.
[08:34:31] *** Steve Kille has left the room
[08:34:46] <Kev> Ge0rG: That isn't the hard part. Tedious, but not hard, we just need to spec it. And by 'we', I mean that dwd has volunteered, so yay.
[08:34:46] <zinid> where to vote for asn.1? :)
[08:35:42] <Ge0rG> BER or DER?
[08:35:48] <jonasw> hasn’t BER failed?
[08:35:56] <Zash> Is server-side cleaning of xhtml-im sane, or would that just let broken clients be broken and then get hacked by evil servers?
[08:36:03] <Zash> XER
[08:36:06] <Ge0rG> Zash: yes.
[08:37:14] <Kev> Abstract Syntax Notation 71.
[08:37:38] <jonasw> from what I’ve heard, the general sentiment is that clients need to trust the server anyways to some extent...
[08:37:57] <Zash> Yes, trust the server, the server is good.
[08:37:59] <jonasw> but I guess it’d break e2ee
[08:38:24] <Zash> E2EE is just marketing fluff, did't we establish that?
[08:38:24] <zinid> jonasw: +1, I can't understand what's the point in building client-server architecture where there is no trust to server?
[08:38:37] <jonasw> Zash, I won’t get into that argument.
[08:38:45] <zinid> better off using p2p directly
[08:38:46] *** Zash shows as "away"
[08:38:58] <jonasw> I’m torn on the e2ee thing. I don’t want certain stuff I discuss with people plaintext on my server in some MAM.
[08:39:05] <jonasw> zinid, p2p doesn’t scale
[08:39:26] <Zash> p2p doesn't scale *on mobile*
[08:39:33] <zinid> jonasw: I wouldn't say that, there are some research going on
[08:39:33] <Ge0rG> I really don't get why people hate ASN.1
[08:39:59] <zinid> Ge0rG: because it generates lots of boilerplate code for mainstream languages such as C++ or Java
[08:40:11] <zinid> for example, in Erlang it's great
[08:40:23] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[08:40:33] <jonasw> not rather because ~every ASN.1 parser is broken somehow?
[08:40:38] *** Steve Kille has left the room
[08:40:55] <zinid> jonasw: but we have PKIX working?
[08:41:06] *** Steve Kille has joined the room
[08:41:11] <jonasw> sure, take a look how secure the PKIX libraries are
[08:41:11] *** Steve Kille shows as "online" and his status message is "Shurdington"
[08:41:13] <Ge0rG> Every browser contains an ASN.1 decoder. We could leverage that and replace JSON, once and for all.
[08:41:35] <Zash> Ge0rG: Call it "binary JSON with schemas and namespaces"
[08:41:49] <Zash> Make a fancy website on whatever is the hip TLD today.
[08:41:54] <Ge0rG> Zash: yeah, marketing is crucial.
[08:42:01] <Ge0rG> .io?
[08:42:05] <zinid> jonasw: I think that's the problem of the language you're using
[08:42:22] *** McKael shows as "online"
[08:42:31] <jonasw> zinid, excellent, let’s ignore issues because they only occur in a single language.
[08:42:40] <jonasw> then we can stay with XHTML-IM, because javascript/DOM is the actual issue.
[08:43:09] <zinid> jonasw: well, we ignore? and what do we have as a result?
[08:43:42] <zinid> ASN.1 was a standard and now there are tons of implementation with 0 interop
[08:44:26] <edhelas> the XHTML-IM problem can be extended to Pubsub as well, with the usage of Atom
[08:44:31] <dwd> Kev, I volunteered to document a "snippets" design, which - I think - covers most of the use cases outside of *bold* /italic/ _underline_ and `preformat`.
[08:44:36] <Ge0rG> maybe we need a subset of ASN.1 that is easy to understand and to implement. Let's call it ASN.0. Or maybe ASNdown.
[08:44:56] <zinid> Ge0rG: I would rather use protobuff, frankly
[08:45:08] <zinid> but it's not a standard
[08:45:11] <dwd> zinid, FWIW, I've not come across any of these incompatible ASN.1 implementations, and I've used many of them.
[08:45:26] <Kev> dwd: I had completely misunderstood, I thought you'd volunteered to write the thing that's like markdown spec, sorry.
[08:45:33] <dwd> zinid, After all, when I worked at Isode, M-Link had about 6 in the code.
[08:45:52] <edhelas> but I'd say, maybe we can just add modules on servers to checkup the content of messages when they detect the xhtml-im namespace
[08:46:25] <edhelas> it's basically applying a schema and check if it fits
[08:46:29] <dwd> Kev, I can probably do that too. But I have a pair of XEPs and a I-D in my pipeline, and adding another one is pushing things enough. (Oh, and I'm trying to shepherd Ash through updateing '314 *and* writing another).
[08:47:13] <zinid> dwd: well I'm not talking about incompatible implementations, I think jonasw said that :)
[08:47:17] <dwd> edhelas, Really? So I can strip tables then?
[08:47:24] <jonasw> zinid, nope, I did not mention incompatibilities.
[08:48:07] <dwd> zinid, Then I misunderstood: [09:47:59] ‎zinid‎: ASN.1 was a standard and now there are tons of implementation with 0 interop
[08:48:32] <zinid> dwd: I mean there are now: thrift, protobuff, several json serializers, etc
[08:48:52] <Ge0rG> but those are all not ASN.1?
[08:49:04] <zinid> yes, but they do the same
[08:49:38] <zinid> encode/decode lang structures into/from wire format
[08:50:12] <Ge0rG> It's funny how SQL injection is still a thing in 2017. And XSS.
[08:50:12] *** stefandxm shows as "away" and his status message is "Available"
[08:50:23] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[08:51:05] *** Wiktor shows as "online"
[08:51:39] *** Guus has left the room
[08:52:07] *** dwd shows as "online"
[08:52:55] *** Guus has joined the room
[08:56:49] <Kev> When I keep talking about markdownish, to be clear, I'm talking about something that is clearly and comprehensively specced, presumably by us. I am not suggesting it's ok to say "use markdown", and then just have everyone pick their own, subtly incompatible, library.
[08:57:25] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[08:59:24] *** Tobias shows as "online"
[08:59:30] *** ralphm shows as "online"
[08:59:30] *** Tobias shows as "online"
[09:02:03] *** ralphm shows as "online"
[09:03:30] *** dwd has left the room
[09:04:00] <Ge0rG> Kev: I'm not sure that makes a difference. If it is sufficiently similar to markdown, people will just plug their own markdown library in and end up wth full HTML support.
[09:06:40] *** Zash shows as "online"
[09:07:46] *** Kev shows as "away"
[09:08:31] *** Alex has joined the room
[09:08:35] *** Kev shows as "online"
[09:09:58] <Kev> Ge0rG: I'd really like the discussion to move away from "People will do what's easy, not what the spec says", and instead try to work out how to have a spec that a reasonable person is likely to implement without significant issue. XHTML-IM, as it stands right now, is not the latter thing.
[09:11:07] *** la|r|ma has joined the room
[09:11:12] <jonasw> Kev, I’d like your opinion on a (possibly audited) JS reference implementation of a sanitiser.
[09:12:46] <Kev> I think it's a different question to whether XHTML-IM is sane. I don't think "It's near impossible to get right, but we've already done it, so use our implementation (or port it)" is the right thing to do.
[09:13:06] <Kev> If we get to the stage that we *do* have a sane spec, then a reference implementation could be helpful, but at that point is also probably not as necessary.
[09:13:34] <jonasw> I think that XHTML-IM is easy to get right, once we drop @style.
[09:13:52] <jonasw> (you’re gonna have the problem of sanitizing URLs in any markup which supports URLs)
[09:20:53] <Ge0rG> Kev: I'm not sure that it's actually possible for a reasonable person to implement a secure web application.
[09:20:54] <zinid> I'm lost, what is required to be sanitized? URLs?
[09:21:29] <Ge0rG> Kev: and I think that XHTML-IM is mostly a strawman here.
[09:22:06] <zinid> xhtml-im doesn't define scripting, so there should no be XSS, no?
(I'm not a web developer)
[09:23:51] <Ge0rG> zinid: the problem is that it's insanely hard to sanitize user-controlled strings in a web application. And even more so if those strings contain HTML markup.
[09:24:28] <Ge0rG> zinid: change your nickname to `<script src=.../>` and there is a good chance some client will actually load and execute that.
[09:24:37] <zinid> I know about web application, but this is mostly due to script execution
[09:24:40] *** winfried has joined the room
[09:24:40] *** winfried shows as "xa" and his status message is "Auto Status (idle)"
[09:24:50] *** winfried shows as "online"
[09:24:54] <zinid> yes, your example is also about scripting :)
[09:25:00] <Ge0rG> zinid: yes, but there are so many ways to include scripts.
[09:25:12] <Ge0rG> and developers need to know and filter them all.
[09:25:23] <zinid> but xmpp client should not execute scripts?
[09:25:43] <Ge0rG> zinid: should not, no. but if the client is running in the browser, the browser well might do
[09:25:53] <zinid> ah
[09:25:57] <jonasw> zinid, the fact that XHTML-IM doesn’t define scripting does not prevent (a) maliciuos entities to include <script>...</script> and (b) stupid clients to embed the XHTML from the message unsanitised into the browsers DOM
[09:26:20] <zinid> jonasw: yes, got it
[09:27:45] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[09:28:23] *** Kev shows as "online"
[09:28:26] *** Kev shows as "online"
[09:29:05] <zinid> but don't we have the same problem with markdown? how is markdown processed? web clients can pretty much insert <script/> from markdown into DOM as well
[09:30:05] <zinid> and the same for raw messages (i.e. <body/>)
[09:30:26] <Ge0rG> zinid: that's a very valid point, made multiple times by now.
[09:30:36] <zinid> ah, ok
[09:30:42] <zinid> sorry, TL;DR :D
[09:32:34] <Ge0rG> yeah, that is a common problem :>
[09:36:15] *** ralphm shows as "online"
[09:37:05] *** dwd shows as "online"
[09:37:36] *** Kev shows as "away"
[09:42:12] *** Kev shows as "away"
[09:42:14] *** Kev shows as "online"
[09:45:47] *** winfried shows as "away" and his status message is "Auto Status (idle)"
[09:50:52] *** uc shows as "online"
[09:52:14] *** Kev shows as "away"
[09:52:16] *** Kev shows as "online"
[09:54:30] *** dwd has left the room
[09:55:35] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:58:07] *** ralphm shows as "online"
[10:02:15] *** Kev shows as "away"
[10:02:17] *** Kev shows as "online"
[10:03:14] *** winfried shows as "online"
[10:05:11] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:05:49] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:06:49] *** dwd shows as "online"
[10:08:19] *** ralphm shows as "online"
[10:08:52] <pep.> Ge0rG> Kev: I'm not sure that it's actually possible for a reasonable person to implement a secure web application. < +1
[10:09:07] *** tux has joined the room
[10:09:27] <pep.> "Markdown is not HTML so people will have to write their own parser" what? (*me just read the ml thread*)
[10:09:33] *** Syndace shows as "online"
[10:09:58] <pep.> Or rather, people can't drop that into innerHTML. Don't worry they'll find ways
[10:10:00] <Ge0rG> I mean: I'm a professional IT security specialist, and I don't know all the ways that you can inject code into a web app from user input.
[10:11:43] *** Steve Kille shows as "online" and his status message is "Shurdington"
[10:11:43] *** Steve Kille shows as "online" and his status message is "Shurdington"
[10:13:20] <pep.> I'm not even sure how to contribute to that thread. People hear "We need to deprecate XHTML-IM" and already it's "I know $NEW_FANCY_MARKUP that we can use". We're just going in circles.
[10:13:39] *** Kev shows as "online"
[10:13:45] *** dwd shows as "online"
[10:15:07] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:17:42] *** uc shows as "online"
[10:18:13] <pep.> Kev> Ge0rG: I'd really like the discussion to move away from "People will do what's easy, not what the spec says" < That's exactly what's happening at the moment with XHTML-IM.
[10:18:21] <pep.> And that's what sam is ranting about
[10:19:05] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:19:22] <pep.> If it their implementation were compliant there would be no such issue. (Or we could fix the XEP to answer these issues)
[10:19:45] <Syndace> Can you deprecate a XEP, modify it and then make it draft again?
[10:19:49] <pep.> If it their implementation was compliant there would be no such issue. (Or we could fix the XEP to answer these issues)
[10:20:10] <pep.> Under a different name/number? dunno. That would be silly anyway
[10:20:32] <pep.> Might as well reinstate the original XEP
[10:20:41] <Syndace> No under same name and number
[10:21:06] <mathieui> Syndace, https://xmpp.org/extensions/xep-0001.html#approval-std
[10:21:20] <Syndace> Okay thanks
[10:22:10] *** Kev shows as "away"
[10:25:07] *** dwd shows as "online"
[10:25:07] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:26:10] *** ralphm shows as "online"
[10:26:22] <pep.> Anybody can post to standards@ right?
[10:26:46] *** winfried shows as "away" and his status message is "Auto Status (idle)"
[10:27:34] *** Steve Kille has left the room
[10:32:01] *** jubalh has joined the room
[10:32:32] *** uc shows as "online"
[10:32:55] <jonasw> pep., must be subscribed, but subscription is open
[10:33:13] <pep.> I get the emails, so I did that iirc
[10:33:15] <jonasw> your mail got through
[10:33:26] <jonasw> the list has some delay, in the order of a few minutes
[10:33:31] <pep.> Yeah I saw it/them come back :)
[10:33:39] <pep.> Yeah I saw it/them go through :)
[10:34:01] <pep.> Why do my first emails have to be hate mails :(
[10:34:16] <jonasw> it’s not hate, it’s constructive discussion (for now)
[10:37:14] <Kev> Uhm.
[10:37:17] <pep.> https://www.mail-archive.com/standards@xmpp.org/msg17919.html I like goffi's position here
[10:37:27] *** Holger shows as "online" and his status message is "I'm available"
[10:37:37] <Kev> Wasn't the first of those mails "We have to consider people who ignore the spec" and the second mail "Changing the spec will fix it"?
[10:38:11] <Kev> I think as long as your position involves the "stupid people" argument, there is no way to find a solution to injecting markup, but there is certainly no way for xhtml-im markup.
[10:38:23] <pep.> I'm not of the opinion that changing the spec would fix the issue. It might help a bit
[10:38:41] <Kev> Jonas said we should change the spec, you said you strongly agree...
[10:39:18] <jonasw> sure, because @style is hard to validate right. everything else can be done.
[10:39:35] <pep.> Well, that would help yes.
[10:39:55] <jonasw> (even @style can be done, but I don’t think we should be asking people to do that)
[10:40:32] <pep.> Kev, also look at my second sentence. "the issue is not here"
[10:41:39] <Kev> jonasw: Yes, and that's fine if you agree with my premise that we should be catering to people who want to do the right thing, not to people who ignore the spec and inject HTML directly. If you want to go along with my premise there, then changing the sanitisation rules can help. But if you're on the premise that people will ignore the spec, no amount of changing the spec will help with that.
[10:42:23] <jonasw> Kev, I still believe that a working reference implementation will help against people ignoring the spec.
[10:42:42] <jonasw> (and a reference implementation would benefit from getting rid of @style, which is my argument there)
[10:42:46] <Syndace> I don't even think in a open source environment you have to care about stupid people. If you stumple across an implementation that allows for XSS you open an issue and point them to the reference sanitizer and everything is fine.
[10:43:17] <Syndace> If someone writes new client code for fun that only he and his friends use then whatever
[10:43:18] <jonasw> I prefer to try to prevent security issues before they happen.
[10:43:23] <Syndace> Yeah sure
[10:44:02] <Kev> jonasw: I think you're agreeing with my argument, and disagreeing with pep's, that we should be making this easy for people who want to do the right thing.
[10:44:14] <jonasw> yes, we definitely agree on that.
[10:44:22] <jonasw> I don’t agree that inventing our own markup will help with that.
[10:44:23] <pep.> Kev, but the issue at hand is people not doing things right, am I wrong?
[10:44:39] <jonasw> it will just open another can of worms, be it security issues or interop issues.
[10:44:47] <jonasw> (or probably a mix of both)
[10:44:50] <Alex> server plugins could strip out java script and other malicious tags
[10:45:06] <jonasw> Alex, that has been proposed, and Zash even drafted an implementation of that for prosody.
[10:45:10] <jonasw> I don’t feel that clients should rely on that in any way.
[10:45:11] <Kev> Alex: I'm not convinced by that argument, really.
[10:45:27] <jonasw> (but it’d be an interesting tool to detect malicious parties)
[10:46:12] <Alex> I have done this before, the XHTML XEP lists the allowed tags, any other tag I ignored in the parser
[10:46:28] <pep.> Kev, if it's to make things more straightforward for people who follow the spec, I'm all in, and I agree with jonasw. But that's not how I read SamWhited's email.
[10:46:37] <jonasw> I also firmly believe that obsoleting XHTML-IM without a replacement which has deployment will achieve nothing, except closing a door for us on fixing things there. See Private XML support.
[10:46:46] *** winfried shows as "xa" and his status message is "Auto Status (idle)"
[10:46:59] <Alex> jonasw: agreed on that
[10:47:15] <Alex> we really need modern markup to compete with Slack and others these days
[10:47:25] <jonasw> I will implement XHTML-IM in my client over the next weeks, no matter the XEP status.
[10:47:31] <jonasw> simply to gain interoperability
[10:47:34] <Alex> othereise its a step backwards
[10:47:35] <jonasw> and I assume that others will do the same
[10:47:45] <jonasw> and if they don’t then we’ll end up with a bunch of incompatible tacked-on markups
[10:47:56] <jonasw> e.g. clients (not people!) putting markdown in <body/>
[10:48:26] <jonasw> (we already have that to some extent with clients interpreting *foo* and /bar/ and such)
[10:48:46] *** mimi89999 shows as "online"
[10:49:24] <pep.> I see *foo*, _bar_ etc. as historical, coming from IRC. Not sure where IRC got that first though
[10:49:34] <jonasw> pep., agreed
[10:49:54] *** winfried shows as "online"
[10:49:55] <jonasw> even though there are clients which interpret ">", which I haven’t seen used much in IRC except in the last few years.
[10:50:37] <pep.> Right, they're all implementing their own markup, using <body>, which is meh
[10:51:15] <jonasw> much meh
[10:51:56] *** ralphm shows as "online"
[10:52:40] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[10:52:53] <pep.> I often rage against Conversations translating ">" at the beginning of a message. It breaks stuff like "><", and messages with a single ">" don't make sense anymore (got this case on prosody@ the other day)
[10:53:34] <pep.> I often rage against Conversations converting ">" at the beginning of a message. It breaks stuff like "><", and messages with a single ">" don't make sense anymore (got this case on prosody@ the other day)
[10:53:46] *** uc shows as "online"
[10:54:08] <Holger> >< works though.
[10:54:30] *** dwd has left the room
[10:55:12] <zinid> Alex:
> we really need modern markup to compete with Slack and others these days
Do we really want to compete? I just doubt that this is the goal of XSF
[10:55:16] <pep.> Ah it works now indeed. I haven'T checked in a while
[10:56:26] <dwd> zinid, I think we should be competitive with things like Slack, yes.
[10:57:06] <Alex> zinid: I see many people switching to Slack these days. There is no reason why you can do the same with XMPP. But we lack of modern client and features these days
[10:58:22] *** jonasw shows as "online"
[10:58:44] <pep.> Alex, I think we have most tools to start implementing. I would rather wait and see if UAs ask for more
[10:58:51] *** jonasw has left the room
[10:59:04] <pep.> Maybe push them to implement such things if you really want
[11:00:55] <zinid> dwd: only like Slack? really, what userbase do XSF target? because from what I see currently it's producing specs for nerds (like e2ee)
[11:01:48] *** winfried shows as "away" and his status message is "Auto Status (idle)"
[11:03:57] <dwd> zinid, Well, not only like Slack. And I don't entirely disagree with your assertions there.
[11:04:13] <dwd> zinid, ALthough not all nerds focus on the threat model that OMEMO does.
[11:05:03] <pep.> zinid, I think most nerds have their own servers, and e2ee is possibly of less important there
[11:05:12] <pep.> But I don't disagree with your assertions either :)
[11:05:15] *** Zash shows as "online"
[11:06:12] <zinid> I just think maybe it's better to define the target userbase?
[11:06:29] <zinid> I mean if this is nerds, then I'm fine and we should go in this direction
[11:06:41] <zinid> I don't think we can produce a protocol for every person on the planet
[11:06:55] <dwd> zinid, Scalability would be an issue, for sure.
[11:07:01] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:07:21] *** Zash has left the room
[11:07:26] <Alex> the strenght of XMPP was the we always covered a huge variety of use cases an users
[11:07:42] <pep.> zinid, protocol maybe, but for the end-users I don't think the protocol really matters anyway.
[11:07:51] <zinid> dwd: yes, but if we try to resolve scalability issues we will end up with SIP :)
[11:07:59] <pep.> Or rather, for *most end-users, non-tech that is
[11:08:01] <zinid> there is sip p2p rfc already
[11:08:03] <dwd> zinid, Oh, I do hope not.
[11:08:32] <zinid> dwd: well, if you strip shit from sip, it's usable and can be used as building block
[11:08:46] <Zash> zinid: the one that also works for xmpp?
[11:08:59] *** jubalh has joined the room
[11:09:42] <zinid> hehe, ok, I didn't want to go into SIP vs XMPP debate :)
[11:10:39] <dwd> zinid, That's not a debate, it's a bloodbath. ;-)
[11:11:35] <dwd> zinid, But anyway, I think we have a set of existing target communities, and I agree that defining these would be of benefit to us as protocol designers - however you implied there can only be one, which I think I take issue with.
[11:11:51] *** jere has joined the room
[11:12:41] *** ralphm shows as "online"
[11:13:23] <Alex> the target communities also changed over the last 10+ years. I like this discussion of defining it
[11:14:56] <zinid> dwd: well, their can be several, but I don't think "regular user" class intersects a lot with "nerds" class (intersection is a very basic functionality)
[11:15:44] <zinid> I mean, take a look:
1) a girl spending most of the time in instagram and so on
2) a nerd who lives with console
[11:15:49] <zinid> how can we target both?
[11:16:16] <dwd> zinid, I think the amount of intersection between the sets is actually something we'd need to find out. I suspect it's not nearly as small as you might think.
[11:16:49] <zinid> maybe, would be great to understand though at least for making the priorities
[11:16:49] <Alex> extensions, give teh nerd a console client without XHTML, and the girl a client where she can like messages, have hundreds of emoticons and share images and glyphys
[11:17:59] <zinid> Alex: sounds great in theory, but does it work in practice?
[11:18:35] <Zash> Jack of all trades
[11:18:52] <Alex> yes it does, I am doing XMPP stuff for close to 15 years now, and have customers which do all that with XMPP with great sucess
[11:20:03] <Zash> It does show that a bunch of us are more or less doing stuff for ourselves. Nothing wrong with that.
[11:20:56] <Holger> Zash: Nothing wrong with targetting ourselves if we clarify that. Then I can give up trying to sell XMPP to others and then having to explain why stuff breaks.
[11:21:02] <Zash> Optimally we'd get instagramming teens into software and standards development
[11:21:22] <zinid> nothing wrong of course, the problem I have is that we constantly speak about how to fight with Slack without even defining the target
[11:21:48] *** winfried shows as "xa" and his status message is "Auto Status (idle)"
[11:22:04] <Zash> And if the target is everything then it's a lot of work
[11:22:23] <zinid> yes, 300+ XEPs for sure :)
[11:22:31] <zinid> yet another 300 I mean :)
[11:22:43] <Alex> I think case studies and small tutorials on our webpages would help
[11:22:51] <Zash> Only? Gotta break that initial zero ;)
[11:23:24] <Holger> I think it's a vicious circle. XMPP's niche is mostly nerds, so there's few other users complaining about our stuff, so we concentrate on the nerd stuff because that's more fun to implement.
[11:23:55] <Zash> Holger: Typical in most FOSS circles
[11:24:14] <Alex> you wanna build something liek Slack, hey this iw what you need, extensions A+B+C+D
you wanna build a military grade client, then this is what you need, extensions X+Y+Z
[11:24:40] <Zash> Alex: Sounds good
[11:24:41] <zinid> Holger: +1
[11:24:43] <Holger> Zash: Yes but elsewhere there target audience is more obvious.
[11:24:48] <Holger> s/there/the
[11:25:07] <dwd> Alex, In my experience, the Military and similar markets actually want something Slack-like anyway.
[11:25:23] <Holger> Zash: If you build a tiling window manager, you won't break stuff for non-geeks.
[11:25:49] *** lskdjf shows as "online"
[11:25:54] <Alex> you wanna build something like whats app do that
you wanna build machine 2 amchien communications do this
you need build a system for realtime stick exchange do this
you wanna build the next Uber (geoLoc) to that
[11:26:01] <dwd> Alex, I mean, they want labelling, sure, but don't think they don't care about emoji support.
[11:26:04] <Holger> And a large part of FOSS projects is building server/infrastructure stuff ...
[11:27:17] <Ge0rG> Alex: that sounds like a compliance suite.
[11:27:39] <zinid> Alex: ok, let me rephrase maybe: who will write the XEPs for Slack audience? Hell, does anyone even know what Slack audience want? :)
[11:28:06] <Alex> I suck at typing today, so need a client which supports XEP-0308 :-)
[11:28:09] <dwd> zinid, I've used Slack, and I can tell you that Slack themselves don't have a clue.
[11:28:22] <Ge0rG> there is a commercial market for corporate (or government) slack-like things self-hosted with data retention, archival, LDAP integration and other enterprisey requirements.
[11:28:30] <zinid> we can start doing this, but we will eventually end up working on JET and OMEMO :D
[11:29:01] *** dwd shows as "online"
[11:29:23] <zinid> dwd: yes, maybe :)
[11:29:36] <Ge0rG> zinid: we don't need to target the nerd audience. They will come to us voluntarily.
[11:29:52] <zinid> Ge0rG: but we do this
[11:29:59] <zinid> JET and OMEMO for whom?
[11:30:14] <zinid> a girl from instagram never heard about e2e
[11:30:34] <Alex> Ge0rG: yes, we had a compliance suite before at the XSF for servers and client, but somehow died
[11:30:35] <Ge0rG> IMO, there are two target groups we should focus on, five years ago:
- Slack-like on-premise / hosted services with a good web and mobile UX
- slightly nerdy normal users (see Conversations' success)
[11:31:02] *** stefandxm shows as "online" and his status message is "Available"
[11:31:10] <Ge0rG> Alex: the current one is defining "mobile" and "IM" use cases. I'm pretty sure that "Slack" would make a good "Multimedia Chat" one or somesuch
[11:31:55] <Ge0rG> Alex: actually, there is not much specification missing to pull off a Slack-like thing, it's only a lack of dev power to make a proper web client and a one-button easy-deployment server.
[11:32:10] <Ge0rG> okay, web client _and_ mobile client
[11:32:42] <Ge0rG> Give me a dozen competent developers, a year and a time machine so I can start in 2012, and I can pull it off.
[11:33:04] <dwd> Ge0rG, Actually, Openfire has the latter, for sure. You can install webchat clients just by push-button after Openfire itself is installed.
[11:33:33] <Ge0rG> dwd: will Openfire come with AD/LDAP integration and all the Enterprisey checklist features?
[11:33:50] <dwd> Ge0rG, It has had AD integration for a decade or something.
[11:33:52] <Ge0rG> And will it scale to (tens) thousands of users?
[11:34:22] <dwd> Ge0rG, It doesn't scale as well as some servers. Chokes around 20k users or so, I think, until you do clustering.
[11:34:40] <edhelas> what about ejabberd ?
[11:35:09] <dwd> edhelas, I think that has LDAP integration, I don't know about Active Directory SSO (ie, GSSAPI).
[11:35:16] <zinid> edhelas: https://blog.process-one.net/ejabberd-massive-scalability-1node-2-million-concurrent-users/
[11:35:17] <Ge0rG> dwd: is it possible to buy an Openfire appliance / virtual machine with around-the-clock tech support?
[11:35:17] <zinid> :)
[11:35:32] <Ge0rG> dwd: but we are getting off-topic here.
[11:36:33] <Ge0rG> There is a German startup, selling enterprise mobile messaging <https://www.teamwire.eu/> - they provide cloud-hosted and on-premise solutions, and ask something like 3€/month/user for a WhatsApp-like experience. And they don't even have federation.
[11:36:52] <Alex> zinid: there is hosted.im if you need that
[11:36:56] <Ge0rG> But they have a sustainable business for something like five years now.
[11:37:22] *** jubalh shows as "online"
[11:37:24] <dwd> Ge0rG, Sure. We do have a dearth of clients running on Apple-favloured systems.
[11:37:25] <Ge0rG> The problem is: nobody will buy an XMPP-based IM solution if the UI isn't Slack-like
[11:37:28] <zinid> Alex: me? :) now, thanks, I have my own domain
[11:37:54] *** ralphm shows as "online"
[11:38:00] <Ge0rG> dwd: business clients running openfire on Apple? Or XMPP clients running on macOS?
[11:38:08] <Ge0rG> or iOS?
[11:38:32] <edhelas> Ge0rG what is "slack like" for you ?
[11:38:33] <zinid> damn, last time I checked slack I didn't understand what its buzz is about
[11:38:45] *** ralphm shows as "online"
[11:39:17] <dwd> Ge0rG, Yes.
[11:39:21] <Ge0rG> edhelas: easy to use private messages, channels, markup, some integration with websites / web services
[11:39:33] <dwd> zinid, It introduces millenials to IRC.
[11:39:44] <Ge0rG> edhelas: synchronization across all devices. proper push notifications
[11:39:52] *** valo has joined the room
[11:40:02] <dwd> zinid, That is, pretty much, it. It's IRC with emojis and working file sharing.
[11:40:18] <Ge0rG> I actually like Slack. It's easy to use.
[11:40:33] <zinid> dwd: then what is a problem to build slack-like using existing XEPs? am I missing something?
[11:41:03] <Ge0rG> zinid: lack of developers
[11:41:05] <dwd> zinid, No, we're not missing much to build something Slack-like, but federating and with security.
[11:41:39] *** stefandxm shows as "away" and his status message is "Available"
[11:41:41] <edhelas> I already have a couple of Movim users that deployed it in their business on top of a XMPP server
[11:41:59] <edhelas> you add some bots to integrate with github/jira and you're good no ?
[11:42:06] <dwd> I do think that our absolute neutrality does handicap us from showcasing good clients, which in turn reduces the appeal of the platform as a whole.
[11:42:07] <zinid> Ge0rG: that's true
[11:42:28] <zinid> dwd: so the problem is nobody wants to use XMPP for their apps, ok, we go in circles now :)
[11:43:19] <dwd> zinid, Well, sorta. I think people look at the first client or two they see and assume that the UX they encounter is due to restrictions in XMPP.
[11:44:19] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:44:27] <Alex> GitHubs Gitter is another example, also getting quite popular these days
[11:45:22] <Ge0rG> dwd [13:46]:
> I do think that our absolute neutrality does handicap us from showcasing good clients, which in turn reduces the appeal of the platform as a whole.
Very sad, and very true.
[11:45:59] <edhelas> I was thinking of creating a page that showcase those "good clients" actually
[11:46:15] <edhelas> if it's a project that is not officially pushed by the XSF, it could work no ?
[11:46:17] <zinid> what good clients? I still use Tkabber...
[11:46:23] *** mimi89999 shows as "online"
[11:46:30] <zinid> conversations maybe
[11:46:31] <dwd> zinid, Nerd. :-P
[11:46:57] <edhelas> zinid Dino looks very promissing
[11:47:02] <zinid> dwd: but what to use? swift lacks of features, dino is crashing, gajim is buggy (tracebacks are the friends)
[11:48:18] <dwd> zinid, I wonder if - and I know this sounds silly - the XSF should have an awards thing for Best XMPP Client for XYZ Platform, etc? Would that help highlight and motivate?
[11:49:11] <zinid> dwd: no, Durov puts 1M$/month in telegram for instance, I think other major IM players do the same
[11:49:21] <zinid> so if the price will be 1M$ then maybe :)
[11:49:37] <zinid> s/price/award
[11:49:44] *** jubalh has left the room
[11:49:57] *** jubalh has joined the room
[11:50:16] *** jubalh has left the room
[11:50:22] *** jubalh has joined the room
[11:51:35] <Ge0rG> You don't need that much for developing a client or two
[11:52:15] <zinid> Ge0rG: yes, I understand the most of the money goes into adv, but still there is a lot of guys working on a client
[11:53:04] <jonasw> dwd, awards are not so cool
[11:53:05] *** Steve Kille shows as "away" and his status message is "Shurdington"
[11:53:11] <jonasw> the issue with awards is that only one wins
[11:53:28] <jonasw> or let me put it this way: it would require well thought out terms for people to participate
[11:53:52] <jonasw> also I’m afraid it might just re-enforce already well-funded (in which way ever) clients
[11:54:05] *** lumi has joined the room
[11:54:10] *** mimi89999 shows as "online"
[11:54:16] <Ge0rG> dwd: we really need to revive the Jabber Software Foundation
[11:54:19] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:54:21] <Alex> putting good software projects under an umbrella like Apache does could help
[11:54:32] *** Steve Kille shows as "online" and his status message is "Shurdington"
[11:54:54] <Alex> Ge0rG: same idea :-)
[11:55:33] <pep.> edhelas, arguably there is no good clients, it's all shapes of bad :)
[11:56:31] <Alex> Pandion was this client for windows in the early days of Jabber/XMPP
[11:56:46] *** Zash has left the room
[11:58:01] *** Zash shows as "online"
[11:59:23] *** dwd has left the room
[11:59:26] *** dwd shows as "online"
[12:00:03] <zinid> Ge0rG: what will JSF do?
[12:00:21] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:00:43] <pep.> marketing? promotion of clients? and the XSF do standards? (wild guess)
[12:01:05] <zinid> marketing = $$$
[12:01:37] *** dwd has left the room
[12:01:41] *** dwd shows as "online"
[12:02:00] <Alex> $$$ could be raised easily, when there is good software
[12:02:23] <Zash> Alex: wrong, when there is good marketing
[12:02:26] <zinid> Alex: no
[12:02:39] <Alex> Zash: both
[12:02:48] <Kev> OK. I have a strong position on XSF Neutrality, because I don't see a way to do things fairly. So perhaps it'd help to persuade people like me that the XSF can do this stuff if someone came up with a concrete proposal of how the XSF could do recommended clients/servers etc., and do it fairly.
[12:03:10] <zinid> Alex: tons of Conversations user don't even pay for it
[12:03:54] *** ralphm shows as "online"
[12:06:22] *** jubalh has left the room
[12:06:32] <Alex> zinid: its not easy, but doable
[12:07:03] *** jubalh has joined the room
[12:07:24] *** valo has joined the room
[12:09:30] *** dwd has left the room
[12:10:20] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:11:34] *** ThurahT shows as "away"
[12:11:35] *** ThurahT shows as "online"
[12:12:39] *** dwd shows as "online"
[12:13:04] *** jonasw shows as "online"
[12:14:06] *** Tobias shows as "away"
[12:14:13] *** dwd shows as "online"
[12:14:37] *** dwd has left the room
[12:14:41] *** dwd shows as "online"
[12:15:08] *** dwd has left the room
[12:15:15] *** dwd shows as "online"
[12:15:22] *** Tobias shows as "online"
[12:17:00] *** edhelas has left the room
[12:17:00] *** nyco has left the room
[12:17:10] *** edhelas has joined the room
[12:17:30] *** matlag has left the room
[12:17:35] *** ThurahT shows as "away"
[12:17:37] *** ThurahT shows as "away"
[12:17:39] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:17:51] *** dwd shows as "online"
[12:19:33] *** jonasw has left the room
[12:20:33] *** winfried has joined the room
[12:22:42] *** ThurahT shows as "away"
[12:22:45] *** ThurahT shows as "online"
[12:24:30] *** dwd has left the room
[12:25:22] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:26:14] *** Tobias shows as "away"
[12:28:45] *** ThurahT shows as "away"
[12:28:47] *** ThurahT shows as "away"
[12:29:01] *** ThurahT shows as "away"
[12:29:04] *** ThurahT shows as "online"
[12:29:23] *** lumi shows as "away" and his status message is "(Idle 10 min)"
[12:30:20] *** Steve Kille shows as "away" and his status message is "Shurdington"
[12:30:35] *** lumi shows as "online"
[12:31:29] *** dwd shows as "online"
[12:32:32] *** Tobias shows as "online"
[12:35:04] *** ThurahT shows as "away"
[12:35:06] *** ThurahT shows as "away"
[12:35:23] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:39:25] *** dwd shows as "online"
[12:40:33] *** emxp has left the room
[12:42:23] *** jubalh has left the room
[12:42:30] *** dwd has left the room
[12:42:34] *** Tobias shows as "away"
[12:44:25] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:44:41] *** Steve Kille shows as "online" and his status message is "Shurdington"
[12:44:42] *** ralphm shows as "online"
[12:46:01] *** xnyhps shows as "away" and his status message is "Away"
[12:47:00] *** xnyhps shows as "away" and his status message is "Away"
[12:47:09] *** Alex shows as "away" and his status message is "Auto Status (idle)"
[12:47:14] *** Alex shows as "online"
[12:50:36] *** stefandxm has left the room
[12:50:40] *** stefandxm has joined the room
[12:50:41] *** stefandxm shows as "away" and his status message is "Available"
[12:51:31] *** jere has left the room
[12:54:25] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:55:06] *** jere has joined the room
[12:57:14] *** Alex shows as "away" and his status message is "Auto Status (idle)"
[13:00:10] *** Guus has left the room
[13:00:31] *** Steve Kille shows as "away" and his status message is "Shurdington"
[13:00:50] *** intosi has joined the room
[13:00:57] *** jere has left the room
[13:01:02] *** jere has joined the room
[13:01:06] *** dwd shows as "online"
[13:02:48] *** Guus has joined the room
[13:03:15] *** alacer has joined the room
[13:06:22] *** Tobias shows as "online"
[13:07:11] *** Alex shows as "online"
[13:12:22] *** Alex has left the room
[13:14:58] <SamWhited> Catching up… fwiw, I don't have a "position" that we should do markdown that likes like plain text in <body>. I have a position that we should deprecate XHTML-IM and then we should take the time top write a good replacement considering the pros and cons of both approaches. Tentatively I suspect that doing it in the body makes sense, but I'm not pushing for that.
[13:16:16] *** alacer has left the room
[13:16:42] <SamWhited> Similarly, this started because I've tried an XHTML-IM impl that was broken … again. So it's hardly a strawman for "other xss'". If I thought other xss' were caused by a poor spec, I would probably try to obsolete that too.
[13:16:46] *** alacer has joined the room
[13:17:22] *** ralphm shows as "online"
[13:17:58] *** dwd shows as "online"
[13:18:05] <SamWhited> Alex: we have a council vote to advance them next week! https://xmpp.org/extensions/xep-0387.html
[13:18:26] <SamWhited> Or already did and it's waiting on list votes, I forget.
[13:18:33] <jonasw> SamWhited, good luck trying to obsolete .innerHTML and others :)
[13:18:56] <Kev> I think Council just approved an LC on 387, and so vote to advance should be the week after, shouldn't it?
[13:19:00] <SamWhited> jonasw: exactly, that's why I'm focusing on xhtml-im instead :)
[13:19:09] <jonasw> I think the LC needs to be announced properly on the ML first
[13:19:14] <jonasw> some editor should do that *cough*
[13:19:14] <SamWhited> Ah yah, that sounds tight
[13:19:18] <SamWhited> Right, even
[13:19:20] <jonasw> I can see if I can get around to do that this weekend
[13:19:21] <Kev> Oh, right. The two weeks don't start until that's announced.
[13:20:29] <Zash> SamWhited: How is "The Web" handling that? Because it's not just XMPP clients having that problem, right?
[13:21:20] *** emxp has joined the room
[13:22:10] <SamWhited> Zash: by not sending raw html around and trusting that developers can implement a white list properly or will do so at all.
[13:22:19] *** uc shows as "online"
[13:23:18] <jonasw> Zash, have you looked at the web? it’s injections everywhere.
[13:23:23] *** Tobias shows as "away"
[13:23:36] <Zash> I looked at the web recently. It said "It is inherently impossible to make a secure web thing."
[13:23:41] *** dwd has left the room
[13:23:45] *** dwd shows as "online"
[13:24:46] <SamWhited> I assumed we were talking about transmitting formatting over instant messages, but yes, generally it's injections everywhere. I just still fail to see what other problems that aren't xhtml-im have to do with xhtml-im.
[13:24:56] *** dwd has left the room
[13:25:00] *** dwd shows as "online"
[13:28:13] <Zash> I'm thinking, what are other standards orgs or such doing about equivalent injection issues?
[13:28:49] <Zash> I'm assuming here that there's some overlap between xhtml-im and web apps
[13:29:01] <SamWhited> Ah, yah… good idea, someone else must do this.
[13:29:26] <Zash> More like "has someone done something already that we can steal?"
[13:30:16] <pep.> SamWhited, for me deprecating xhtml-im is just delaying the same kind of issues with another more or less similar XEP. You're complaining about a range of UAs that are either 1. not following the XEP, 2. Not doing their job correctly. I don't think you can't fix 1., and if you see 2. please report it. If you do and and still get no reply, then I don't think we can't do anything either.
[13:30:34] <pep.> Replacing XHTML-IM won't fix this
[13:30:56] <Zash> The XMPP thing to do is to turn it into XML on the wire. But people will fail at that, whatever we do.
[13:31:22] <SamWhited> pep.: it won't fix that, you're right. I am not arguing that a new thing will make developers never have any security issues ever again.
[13:31:32] <pep.> Right
[13:31:34] *** Steve Kille shows as "online" and his status message is "Shurdington"
[13:32:58] <SamWhited> I am arguing that I have never seen an xhtmlim impl that worked the first time and that it is especially easy to get wrong. We *can* make something where the default naive implementation does not commonly lead to badness.
[13:33:20] <SamWhited> This is the best you can do in any security issue.
[13:33:30] *** dwd has left the room
[13:33:55] <mathieui> SamWhited, would bringing up the poezio xhtmlim impl be trollong?
[13:34:03] <mathieui> SamWhited, would bringing up the poezio xhtmlim impl be trolling?
[13:34:12] <pep.> goffi also has an implementation iirc
[13:34:20] <jonasw> doesn’t movim have XHTML-IM support?
[13:34:24] <pep.> no
[13:34:39] <SamWhited> mathieui: sorry, I didn't include it here because phone, but yes, on the emails I think I specifically said "web based"
[13:34:43] <SamWhited> :)
[13:34:46] <jonasw> I thought they talked about that (at least partial support, I think they strip @style, but maybe I’m confusing things)
[13:34:48] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[13:34:52] <mathieui> that makes sense, np
[13:35:06] <pep.> SamWhited, libervia is a web client.
[13:35:22] <mathieui> and everything that brings in a webview in a client application too
[13:36:04] <pep.> jonasw, no, edhelas doesn't want xhtml-im for some reason
[13:36:08] <SamWhited> Right, "things that actually have a javascript engine"
[13:36:37] <SamWhited> Getting of the bus… may be slow to respond.
[13:36:46] <pep.> SamWhited, also please don't merge markup in <body> :(
[13:36:50] <SamWhited> Off… I hate phones.
[13:38:25] <jonasw> who doesn’t
[13:40:27] *** Flow has joined the room
[13:45:59] *** winfried has joined the room
[13:48:55] *** ralphm shows as "online"
[13:49:23] *** lovetox has joined the room
[13:50:58] *** Guus shows as "online"
[13:52:23] *** Steve Kille shows as "away" and his status message is "Shurdington"
[13:52:43] <SamWhited> I give up. Why does everyone think I want to push an alternative format? I will probably volunteer to write one if xhtml-im gets deprecated, but I am not pushing for markdown or whatever in body. I haven't done any research yet.
[13:53:21] <jonasw> I personally do not think that, but we are going to need an alternative, and the alternatives all look bad.
[13:54:11] *** uc shows as "online"
[13:54:15] *** SamWhited shows as "online"
[13:56:00] *** Flow has joined the room
[13:57:11] <Ge0rG> We won't improve our situation by deprecating XHTML-IM without an alternative, and I still don't believe we will be able to come up with an idiot-proof alternative.
[13:57:45] <Kev> And if we're not striving for idiot-proof, we should assess whether XHTML-IM can be suitably improved.
[13:57:51] <Zash> If you do, the universe will spawn a better idiot.
[14:02:15] <Zash> Having an official safe JS reference implementation does sound somewhat promising tho.
[14:02:32] <Zash> And and a bigger better security considerations section
[14:02:50] <Kev> And blacklisting style.
[14:02:52] *** Flow has joined the room
[14:03:41] <Zash> What about the teends that crave colorful messages?
[14:03:45] *** Alex has joined the room
[14:03:55] *** Alex shows as "online"
[14:04:04] <Zash> Bunch of predefined classes?
[14:04:44] <Kev> If we allow style, I'm not at all sure how even a reasonably diligent implementor avoids issues.
[14:05:28] <Zash> Instead of <span style="color:red">, there would be <span class="fg-red">
[14:06:59] <jonasw> classes seem like not a good idea either
[14:07:08] <jonasw> hm
[14:07:13] <jonasw> it needs sanitization at least
[14:07:20] <jonasw> to avoid that some attacker abusse your clients classes
[14:07:20] <Zash> Do they?
[14:07:39] <Zash> Hrm
[14:07:42] <jonasw> but they’re much easier to sanitise than @style
[14:07:54] <jonasw> (split by " ", make a set, check that only things starting with xhtml-im- are in there or so)
[14:08:40] <jonasw> alternatively (but Sam will shoot me for that), xhtml-im:color="..."
[14:08:51] <Zash> howaboutno
[14:09:00] <jonasw> why not?
[14:09:26] <jonasw> (hm, still needs sanitisation to prevent injection attacks)
[14:09:35] <jonasw> so using @class and defining a set of classes seems most safe for now
[14:09:44] *mathieui shoots jonasw
[14:11:00] <Ge0rG> we should only allow one value for color, which is an integer between `0` and `359` on the XEP-0392 color wheel.
[14:12:46] *** stefandxm has left the room
[14:12:47] <SamWhited> Amusingly, I just sent a short reply to one of Kev's messages that included the example: *<script>alert(123)<script;>* and FastMail rendered that as bold.
[14:13:00] <Zash> Why not hold a public poll where people can suggest names for them
[14:14:12] <Zash> SamWhited: /nick <script>alert("everyhing is broken");</script>
[14:14:47] <Zash> Especially my typing
[14:14:53] <Ge0rG> what happens if you add unquoted HTML to the <body> text?
[14:15:23] *** lumi has left the room
[14:15:25] *** Tobias shows as "online"
[14:15:37] <Zash> What happens when you encrypt unquoted HTML in OTR?
[14:15:45] <jonasw> Ge0rG, you mean, like, <body><b>foo</b></body>?
[14:16:55] <Zash> Interesting how <b> isn't in xhtml-im
[14:17:09] *** lumi has joined the room
[14:19:19] <jonasw> s/b/strong/
[14:19:28] <pep.> Zash, jonasw, reference implementation, and tests also maybe
[14:19:49] <pep.> Although I'd like to have more than just JS, because it's not just a web issue and it's not just an xhtml-im issue
[14:20:29] <pep.> Basically we need a reference client? :)
[14:20:35] <mathieui> 16:20:06 Zash> What happens when you encrypt unquoted HTML in OTR? → let’s not talk about OTR
[14:20:37] <Zash> jonasw: IIRC <b> was added back into html because nobody cares about semantics
[14:21:13] *** efrit has joined the room
[14:21:26] <Zash> And nobody is going to fix all the web that uses it
[14:21:36] <Ge0rG> jonasw: yeah
[14:22:29] *** alacer has joined the room
[14:23:44] *** jonasw shows as "online"
[14:25:46] <jonasw> Ge0rG: depends; web clients might joyfully let themselves being XSSed
[14:27:13] *** Kev shows as "away"
[14:27:16] *** jonasw has left the room
[14:27:28] *** jonasw shows as "online"
[14:27:32] *** Tobias shows as "away"
[14:27:58] <mathieui> but they do even without xhtml-im
[14:28:17] *** Tobias shows as "online"
[14:28:58] *** jere has left the room
[14:29:05] *** jere has joined the room
[14:29:11] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:30:05] *** ralphm shows as "online"
[14:30:45] <SamWhited> > but they do even without xhtml-im

I still can't figure out what the argument is there. Other XSS's aren't related to XHTML-IM… what point are people trying to make when they say that "there are other XSS's too"? If it's obvious to everyone else I apologize, but I'm honestly asking. There is some implied ending to that statement that I don't understand.
[14:31:09] *** Syndace has left the room
[14:31:21] <pep.> That XHTML-IM is not the issue, there's a deeper issue
[14:31:55] <SamWhited> Yes, XSS is a deeper issue, but you can't fix XSS on the web. You can not recommend a spec that actively encourages them though.
[14:32:17] <SamWhited> Is that what people are suggesting though? XSS is the underlying issue so there's no point in trying to prevent a subset of them?
[14:32:29] *** alacer has joined the room
[14:32:56] *** dwd shows as "online"
[14:33:19] *** Kev shows as "online"
[14:33:19] <pep.> You can try and improve XEPs all you want, that won't prevent clients from having bugs. I agree XHTML-IM could be improved to try and make people aware of it, but in the end it's mostly reporting bugs to clients
[14:34:19] <SamWhited> You won't prevent it, but you can certainly make it less likely that those bugs are catastrophic security issues.
[14:34:33] *** jonasw has left the room
[14:34:40] *** jonasw shows as "online"
[14:35:03] <pep.> Do you have specific examples of these issues btw? And I suppose you also reported them
[14:35:20] *** jonasw has left the room
[14:35:31] *** jonasw shows as "online"
[14:36:00] <SamWhited> Yes, I reported them. I won't go into the most recent one because it's not fixed yet as far as I know, but literally *every* XHTML-IM impl I've tried that was tied to an environment where JavaScript could be executed was either vulnerable at first, or had been vulnerable in the past (there was a CVE or issue about it or something)
[14:36:57] <SamWhited> HipChat for instance tried to do things right, but had a handful of bugs in their whitelisting (and I'm sure you could easily find more).
[14:37:39] <SamWhited> With XHTML-IM almost *any* simple bug leads to a security issue. We can absolutely write a spec where not every single simple logic issue allows a script to be executed.
[14:39:40] *** Guus has left the room
[14:39:46] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:43:06] *** dwd shows as "online"
[14:46:03] *** sonny has joined the room
[14:47:13] *** sonny has left the room
[14:47:16] *** sonny has joined the room
[14:51:11] *** uc shows as "online"
[14:51:50] *** Syndace shows as "online"
[14:52:00] *** sonny has left the room
[14:52:02] *** sonny has joined the room
[14:58:07] *** sonny has left the room
[14:58:10] *** sonny has joined the room
[14:59:57] *** Steve Kille shows as "online" and his status message is "Shurdington"
[15:00:03] *** tux has joined the room
[15:00:52] *** stefandxm has joined the room
[15:00:53] *** stefandxm shows as "away" and his status message is "Available"
[15:01:49] *** ralphm shows as "online"
[15:03:04] <dwd> SamWhited, Quite. The problem with XHTML-IM is that the obvious implementation is the most dangerous one, and insatead you more or less have to add an HTML protocol break in to make it safe.
[15:03:54] <dwd> SamWhited, In fact, edhelas suggested doing so in the server (and I thought of doing so in Metre), but the problem there is that XHTML-IM is often silently extended anyway.
[15:05:03] <SamWhited> dwd: Indeed. HipChat in theory does things right on the client (whitelist of elements and attributes, don't stick things straight into the DOM), *and* it has server side filtering. Despite that I've found at least two injections in that implementation (both of which are fixed now).
[15:07:06] <jonasw> what’s an "HTML protocol break"?
[15:07:19] *** sonny has joined the room
[15:07:34] *** zinid shows as "online"
[15:11:19] *** stefandxm shows as "online" and his status message is "Available"
[15:12:29] *** alacer has joined the room
[15:12:31] *** ralphm shows as "online"
[15:13:10] *** tux has left the room
[15:17:06] *** Guus shows as "online"
[15:17:42] *** jubalh has joined the room
[15:19:22] *** Kev has left the room
[15:21:42] <Zash> jonasw: <bold> mebbe
[15:21:54] <Zash> Or markdown
[15:22:02] *** Valerian has joined the room
[15:22:44] <dwd> jonasw, A protocol break is a security programming technique where you extract out the information into a different, fixed, form and then reconstitute it entirely from scratch. Means that, in our case, a bit of Javascript has no place in the intermediate form so cannot pass through.
[15:23:35] <Zash> dwd: And is that even possible while still being XML?
[15:25:36] <dwd> Zash, No, you wouldn't do it with XML, you'd do it with something else. Real protocol breaks would break up all the XMPP traffic into an intermediate form (JSON, maybe) and ship it across a wire to the other side, which then puts it back together. Obviously that's a little overkill for XHTML-IM.
[15:26:41] <jonasw> You’re saying we can’t use XML for markup, at all.
[15:27:29] <Zash> jonasw: Yes. But we should, but we can't. Nice things and unavailability
[15:28:13] <jonasw> That’s depressing.
[15:29:17] *** waqas has joined the room
[15:30:12] <pep.> Who ever thought web clients would be a good thing :x
[15:30:46] *** efrit has left the room
[15:30:59] <SamWhited> What is the advantage to doing an XML based markup? I'm not convinced that we can't do it, but I do think a non-XML based thing (which I'm assuming means "in the <body>") has a few nice advantages (single source of truth, better fallback behavior, etc.)
[15:31:15] <dwd> jonasw, No, I'm not. Just that you can't copy it direct to output without very havey mangling.
[15:31:40] <dwd> jonasw, And the level of safety we're talking about in the mangling negates the advantage of it being XML in the first place, IMO.
[15:31:48] *** jere has joined the room
[15:32:29] *** alacer has joined the room
[15:32:39] *** intosi has joined the room
[15:32:43] <Zash> dwd: people will find a way to lazily search and replace that lets trough evil stuff
[15:33:05] <dwd> jonasw, I mean, two XMPP servers talking across a heavily secured boundary have all their traffic mangled out, and then back into, XML. It's not the XML itself that's the problem, it's that you cannot do a direct copy and guarantee safety.
[15:33:24] *** ralphm shows as "online"
[15:33:31] <jonasw> SamWhited, whatever we do, not in <body/>.
[15:33:59] <waqas> I agree with everything SamWhited said. Not a single client that I reviewed has gotten xhtml-im secure.
[15:34:03] <SamWhited> jonasw: what is the advantage of not doing it in the <body/>
[15:34:07] <jonasw> dwd, so, I like your HTML protocol break argument. Indeed, based on that argumentation, I think a something-not-XML-based-but-still-structural representation of the semantics of XHTML-IM would make sense.
[15:34:15] *** dwd shows as "online"
[15:34:33] <Zash> <body type='html'><script....
[15:34:36] <SamWhited> thanks waqas; you're running for council next term right?
[15:34:40] <jonasw> SamWhited, doing it in the body ties us to poor plaintext-ish markups like Markdown, Creole or reStructuredText. Those are not extensible, the implementations often vary or are poor in other ways and such.
[15:35:16] <waqas> As part of my research I'd written a library that implements XHTML-IM protcol break: https://github.com/zeen/xhtml-im.js — it makes an XML DOM to an HTML DOM with a strict whitelist of elements, attributes and possible attribute values.
[15:35:21] <Zash> The xep talks about rtf. Do that
[15:35:29] *** stefandxm has left the room
[15:35:30] <jonasw> waqas: :-O
[15:35:35] <waqas> I need to npm-ify it, to make it easier to use and add docs.
[15:35:49] <jonasw> waqas, that sounds like the reference implementation I wanted to see in XEP-0071 which everybody can use.
[15:36:09] <SamWhited> Ooh nifty, that's nice to have, thanks
[15:36:27] <Zash> So, let's pay for an audit?
[15:36:34] <SamWhited> actually I forgot, I think you sent this to me and challenged me to break it a while back and I never did.
[15:36:39] <SamWhited> never tried, I mean.
[15:36:44] <jonasw> waqas, except that I think it also gets the "replace invalid tags with their children thing" wrong
[15:36:57] <jonasw> (i.e. doesn’t implement it)
[15:37:15] <Zash> jonasw: let's kill that plz
[15:37:16] <waqas> It discards anything invalid first and foremost
[15:37:38] <waqas> i.e., it avoids all positives, but may have false-positives for certain attribute values
[15:37:48] <waqas> And the unknown element case
[15:37:55] <jonasw> Zash, I think it’s a nice-to-have for extensibility.
[15:38:08] <jonasw> (but I see how it’s hard to implement in anything which isn’t XSLT)
[15:38:13] *** dwd has left the room
[15:38:17] *** dwd shows as "online"
[15:38:50] <Zash> jonasw: you can extend the <message>, it's probably safer
[15:39:29] <jonasw> Zash, how’d you extend <message/> with HTML-<video/> elements?
[15:40:00] <SamWhited> jonasw: why is a plain text protocol not extensible? If I want to add /italics/ later, what is stopping me?
[15:40:24] <SamWhited> for that matter, why are "plaintext-ish markups" poor?
[15:40:30] <dwd> SamWhited, It still amuses me that the word italics in your message is rendered in italics for me.
[15:40:36] <jonasw> SamWhited, that clients which don’t know that /italics/ is italics won’t escape it
[15:40:39] <SamWhited> See, there we go, it works already!
[15:41:06] <Zash> Let's talk about /etc/foobar/
[15:41:08] <SamWhited> jonasw: Right, and we have a lovely fallback behavior, they still see the exact same message it just looks like someone added /emphasis/ in a different way
[15:41:09] <waqas> Extensibility is a secondary concern, that we should be thoughtful about. Security is the primary concern. I'm not sure the 'include the children' approach is always correct in HTML.
[15:41:12] <pep.> Zash, :D
[15:41:15] <jonasw> so my /path/to/some/file will render italics on your new client supporting italics even though it shouldn’t
[15:41:19] <dwd> Zash, Not italics.
[15:41:23] <SamWhited> Zash: Yah, I don't know about the specifics of using /, just an example.
[15:41:35] <jonasw> SamWhited, it’ll work for anything
[15:41:36] *** Syndace has left the room
[15:41:40] <pep.> +1
[15:41:43] <SamWhited> *sigh* so pick a different character, it was an example.
[15:41:44] <dwd> So /this is italics/ but yet /etc/passwd is not.
[15:41:56] *** dwd has left the room
[15:41:57] <jonasw> SamWhited, I challenge you, which one which doesn’t look super odd when seen without support?
[15:41:58] <dwd> I mean, right now, in Gajim, this is the actual case.
[15:42:05] <waqas> dwd: Machine learning!
[15:42:09] *** dwd shows as "online"
[15:42:11] <jonasw> dwd, what if I want to have only a part of a word in italics?
[15:42:17] <SamWhited> jonasw: That doesn't look odd to me, _emphasis_, /emphasis/, and *emphasis* all look relatively nice.
[15:42:30] *** dwd has left the room
[15:42:47] <SamWhited> we're diving into specifics that don't matter though. The question is "why isn't it extensible" which you argued was a problem. Implementation details are not relavant at this point.
[15:42:47] <dwd> SamWhited, And they all worked in Gajim. They show the markup, mind, as well as the effect. But they work.
[15:43:00] *** Flow has joined the room
[15:43:09] <jonasw> SamWhited, but that’s exactly why it isn’t extensible.
[15:43:22] <SamWhited> dwd: Oh that's interesting, I've noticed a few web things (not IM) that keep showing the markup and the effect recently and liked it, I wanted to try it in an IM client. Didn't realize gajim already did it.
[15:43:25] <jonasw> You are re-defining things which previously were normal characters as meta-characters when extending it.
[15:43:32] <jonasw> That simply breaks, always.
[15:43:38] <jonasw> anyways, I gotta go for now.
[15:43:38] *** jonasw has left the room
[15:43:39] *** jonasw shows as "away"
[15:43:40] <SamWhited> jonasw: ahh, I see. That's fair.
[15:43:56] <SamWhited> I still think it doesn't matter as far as deprecating XHTML-IM, mind. The security concern comes first like waqas said.
[15:44:04] <SamWhited> But it's a fair argument if we're discussing alternatives.
[15:44:16] *** Steve Kille has left the room
[15:45:20] <SamWhited> A fair argument that I would love to consider in parallel to deprecating XHTML-IM ;)
[15:45:51] <pep.> So you're going to deprecate XHTML-IM, to then try and find a replacement, that is possibly just XHTML-IM 2.0.
[15:46:35] <Zash> XHTML-IM 2.0, now 200% more security considerations
[15:46:38] <pep.> :)
[15:47:02] <SamWhited> pep. yes. I certainly hope we don't come up with something that's just as bad, but we *know* XHTML-IM causes problems, it has been for years, so let's stop recommending new implementations of it. Keep in mind that people will still implement it for compatibility, and all existing implementations won't go away. It just means we don't advertise it as the way to do things.
[15:47:09] *** jonasw shows as "online"
[15:47:34] <jonasw> SamWhited, thanks for seeing my point, that has driven me crazy ;-)
[15:47:38] <pep.> So that doesn't find things at all, deprecating it. Fixing the XEP might be a better option?
[15:47:44] *** Guus has left the room
[15:47:46] <pep.> So that doesn't fix things at all, deprecating it. Fixing the XEP might be a better option?
[15:47:59] <SamWhited> pep. we can't fix it without a rewrite, the basic idea is fundamentally broken.
[15:48:05] <pep.> If there is anything to fix
[15:48:06] <jonasw> SamWhited, given the arguments from dwd about protocol breaks and such, I agree that we should do other things. at this point, I’m in favour of something like some simple JSON-based markup or so.
[15:48:09] <SamWhited> At least, I don't think we can, if you have a proposal I'd love to be proven wrong.
[15:48:28] <jonasw> but I’m out of the discussion for now, I’ll write a list to standards@
[15:48:29] *** jonasw shows as "away"
[15:49:07] <SamWhited> jonasw: thanks, I look forward to reading it.
[15:49:08] *** Flow has joined the room
[15:49:12] <pep.> SamWhited, no I don't see how what you want to fix can be fixed, and I don't know if we have to worry about this to then come up with something as bad
[15:49:19] *** uc shows as "online"
[15:49:46] <SamWhited> I don't think we'll come up with something as bad. I'm reasonably sure most of us understand the problem.
[15:49:53] <dwd> Zash, Incidentally, `/etc/passwd` works in most IM-based Markdown variants as an escape pattern that also switches to monospaced "code" layout. But not in Gajim.
[15:50:15] <pep.> dwd, that doesn't change jonasw's point
[15:50:30] <pep.> And I agree with him
[15:50:40] <pep.> If you want to do something else please don't use <body>
[15:51:45] <Zash> dwd: Markdown is a html superset. You are doomed.
[15:52:19] <dwd> pep., Oh, I'm somewhat open either way, there.
[15:52:22] <SamWhited> I wonder if there's a middle ground, body and a hint about the type of markdown being supported. <body>this is *bold*!</body><formatting version="0.2"/>
[15:52:25] *** Kev shows as "online"
[15:52:26] *** Kev shows as "online"
[15:52:30] *** alacer has joined the room
[15:52:50] <dwd> Zash, I'm not proposing using *full* markdown. That would indeed be insane - nobody needs headers and things in IM messages.
[15:52:51] <pep.> SamWhited, so you'd include all different versions?
[15:53:19] <SamWhited> pep. you'd just give a hint about what the version of the spec was, then the client could implement all or nothing depending on if it understands the version attribute. I'm not sure this is a good idea mind, just spit balling.
[15:53:25] *** mimi89999 has left the room
[15:53:30] <Zash> dwd: markdown libs are going to pass through html by default
[15:53:36] <Zash> Same problem
[15:54:02] *** mimi89999 shows as "online"
[15:54:03] *** jonasw shows as "online"
[15:54:22] *** ralphm shows as "online"
[15:54:26] <Zash> SamWhited: I have this vague feeling that I've seen that proposal before
[15:55:08] <SamWhited> Like dwd, I'm rather open to either thing though. I do have a vague sense that doing it in body fixes a lot of little problems, but it has the downside that jonasw pointed out. I'm not sure which is the best tradeoff.
[15:55:11] <dwd> Zash, Well, I'm not actually sure most of them do, anymore. And in any case, there are loads of cut-down ones. But I'm merely hinting at a direction rather than wanting to compare it with XHTML-IM. It is, as SamWhited says, more a matter of agreeing we need to deprecate XHTML-IM and wondering what the functionality might be replaced with.
[15:55:35] <pep.> SamWhited, right. I don't think this fixes the issue. If the client doesn't handle *foo*, it'll leave the markup here, which is meh, and for each new version you'll just be defining more and more new meta-characters that weren't before. I'm not sure that addresses our issue
[15:55:58] <pep.> (As you just said ^)
[15:55:59] *** jonasw shows as "away"
[15:56:47] *** Valerian has left the room
[15:57:05] <SamWhited> I'm pretty okay with leaving the markup there; it may not be ideal, but it's a better fallback behavior than XHTML-IM right now (where the message just doesn't show up if you don't also include a plaintext body, eg. most HipChat extensions)
[15:57:59] <pep.> Well then HipChat is not compliant?
[15:58:05] <pep.> They should follow the XEP
[15:58:13] <dwd> pep., Do you seriously think that anyone using any Internet-based communications medium for the past two decades would be surprised to see *bold* things expressed as such?
[15:58:48] <pep.> dwd, not us no, but I'm pretty sure you don't want to target only us nerds with this
[15:59:11] *** jonasw shows as "online"
[15:59:15] *** jonasw shows as "away"
[15:59:23] <SamWhited> I'm pretty sure that everybody would understand *emphasis*.
[15:59:25] <dwd> pep., No, not just us. Any Twitter user, for example. Probably any Facebook user too.
[15:59:46] <pep.> Also, you will never be able to have any breaking change
[16:01:27] <Zash> Should it be about styling or semantics ? ?
[16:01:42] <pep.> I'd prefer it to be semantics
[16:02:01] <pep.> But I suppose Slack or Facebook users don't care
[16:02:09] *** mimi89999 has left the room
[16:02:21] *** mimi89999 shows as "online"
[16:02:44] <SamWhited> That's an interesting distinction. I think a replacement should just deal with text styling. If you want an image you have sims or something, and the client can decide if and how it wants to display that (maybe with an information XEP about displaying media in clients for guidance).
[16:03:09] <SamWhited> and the XML-based SIMS or OOB or whatever gives the client the semantic meaning of whatever the non-text resource is.
[16:03:18] *** jonasw shows as "online"
[16:03:59] *** jonasw shows as "away"
[16:08:42] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:18:42] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:19:14] *** Ge0rG has left the room
[16:19:14] *** Ge0rG shows as "away"
[16:19:14] *** Ge0rG has left the room
[16:19:14] *** Ge0rG shows as "online"
[16:20:23] *** dwd shows as "online"
[16:22:23] *** dwd shows as "online"
[16:23:05] *** Syndace shows as "online"
[16:28:43] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:28:48] *** Zash has left the room
[16:30:27] *** ralphm shows as "online"
[16:32:45] *** Valerian has joined the room
[16:35:27] *** mimi89999 has left the room
[16:35:27] *** uc has left the room
[16:35:27] *** uc has left the room
[16:35:27] *** mimi89999 has left the room
[16:36:53] *** mimi89999 has joined the room
[16:37:22] *** mimi89999 shows as "online"
[16:37:25] *** uc has joined the room
[16:38:43] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:39:47] *** intosi has joined the room
[16:42:25] *** ralphm has left the room
[16:43:58] *** mimi89999 has left the room
[16:43:58] *** uc has left the room
[16:43:58] *** mimi89999 has left the room
[16:44:31] *** xnyhps shows as "away" and his status message is "Away"
[16:44:33] *** xnyhps shows as "online"
[16:44:44] *** Guus shows as "online"
[16:45:18] *** mimi89999 has joined the room
[16:45:52] *** mimi89999 shows as "online"
[16:46:07] *** uc has joined the room
[16:46:37] <Zash> Someone mentioned push and publish-options being invalid?
[16:46:53] <Zash> https://xmpp.org/extensions/xep-0223.html#example-1 has the same issue?
[16:47:26] <zinid> Zash: yes, #persist_items is not registered within XEP-0060
[16:47:51] <zinid> only #access_model is registered
[16:50:22] *** Kev has left the room
[16:50:28] *** stefandxm has joined the room
[16:50:29] *** stefandxm shows as "online" and his status message is "Available"
[16:50:53] <Zash> https://xmpp.org/extensions/xep-0222.html#example-5
[16:51:10] <zinid> ah, right :)
[16:51:11] <zinid> even more
[16:51:38] <Zash> Maybe one should do a `grep publish-options xeps/xep-????.xml`
[16:52:54] <zinid> sure, PRs are welcome, I'm told
[16:53:19] *** xnyhps shows as "online"
[16:53:45] <zinid> but it seems like we just copy attributes from #node_config to #publish-options
[16:53:58] <zinid> what's the point? why not using #node_config data form directly?
[16:54:48] <Zash> It seems like at the time, people thought that was what it was
[16:55:08] <Zash> Like how you can create+configure a node in a single step, but this would be publish+configure (and maybe autocreate)
[16:55:29] <Zash> Seems like it'd be weird if you have many clients disagreeing on the options
[16:56:25] *** dwd has left the room
[16:56:29] *** dwd shows as "online"
[16:58:29] *** xnyhps shows as "away" and his status message is "Away"
[16:58:39] *** valo has joined the room
[17:01:26] *** Flow has left the room
[17:06:27] *** stefandxm has left the room
[17:06:30] *** dwd has left the room
[17:06:55] <Zash> Oh look at what fun issue I'm having. My xep-0071.epub had unescaped HTML like <body/> passed through, breaking things.
[17:07:23] <zinid> irony :D
[17:07:27] *** Ge0rG has left the room
[17:07:27] *** Ge0rG shows as "online"
[17:07:27] *** Ge0rG has left the room
[17:07:27] *** Ge0rG shows as "away"
[17:07:38] <mathieui> Zash, nice
[17:07:44] <Zash> > The root element for including XHTML content within XMPP stanzas is
>
> .
[17:07:50] <Zash> Good job pandoc
[17:09:18] <Zash> > The raw HTML is passed through unchanged in HTML, [bunch of formats], EPUB, Markdown, [even more]
[17:10:51] <Zash> Maybe I should just generate JSON. That'll solve all problems.
[17:10:57] *** uc shows as "online"
[17:11:29] <Zash> {"blocks":[{"t":"Plain","c":[{"t":"Str","c":"The"},{"t":"Space"},{"t":"Str","c":"root"},{"t":"Space"},{"t":"Str","c":"element"},{"t":"Space"},{"t":"Str","c":"for"},{"t":"Space"},{"t":"Str","c":"including"},{"t":"Space"},{"t":"Str","c":"XHTML"},{"t":"Space"},{"t":"Str","c":"content"},{"t":"Space"},{"t":"Str","c":"within"},{"t":"Space"},{"t":"Str","c":"XMPP"},{"t":"Space"},{"t":"Str","c":"stanzas"},{"t":"Space"},{"t":"Str","c":"is"}]},{"t":"RawBlock","c":["html","<html/>"]},{"t":"Para","c":[{"t":"Str","c":"."}]}],"pandoc-api-version":[1,17,0,4],"meta":{}}
[17:15:02] *** Flow has joined the room
[17:15:02] *** winfried has joined the room
[17:16:18] *** ralphm shows as "online"
[17:21:13] *** mimi89999 has left the room
[17:22:50] *** mimi89999 shows as "online"
[17:24:12] *** Steve Kille has joined the room
[17:24:16] *** Steve Kille shows as "online" and his status message is "Shurdington"
[17:24:19] *** dwd shows as "online"
[17:24:22] *** Steve Kille shows as "online" and his status message is "Trains Home"
[17:26:32] <dwd> Zash, Just looks like smiley faces to me.
[17:27:10] <Zash> dwd: Please don't use JSON as a markup language. Altho maybe that's the reason it's the only choice.
[17:27:12] *** Steve Kille has left the room
[17:27:13] *** Steve Kille has joined the room
[17:27:15] *** Steve Kille shows as "online" and his status message is "Trains Home"
[17:27:28] <dwd> Zash, I wasn't going to suggest JSON at all.
[17:30:19] *** dwd shows as "online"
[17:30:39] *** dwd has left the room
[17:30:43] *** dwd shows as "online"
[17:36:38] *** uc shows as "online"
[17:38:29] *** Guus has left the room
[17:40:03] *** Guus shows as "online"
[17:41:40] *** Flow has left the room
[17:42:30] *** dwd has left the room
[17:43:43] *** Tobias shows as "away"
[17:45:13] *** Guus has left the room
[17:48:46] *** xnyhps shows as "away" and his status message is "Away"
[17:48:48] *** xnyhps shows as "online"
[17:51:24] *** ralphm shows as "online"
[17:51:53] *** dwd has left the room
[17:52:10] *** efrit has joined the room
[17:53:19] *** Steve Kille has left the room
[17:54:39] *** Tobias shows as "online"
[17:54:48] *** dwd shows as "online"
[17:55:02] *** dwd has left the room
[17:55:20] *** dwd shows as "online"
[18:03:29] *** lumi shows as "away" and his status message is "(Idle 10 min)"
[18:05:01] *** lumi shows as "online"
[18:05:31] *** Alex shows as "away" and his status message is "Auto Status (idle)"
[18:05:36] *** Alex shows as "online"
[18:06:31] *** Steve Kille has joined the room
[18:07:09] *** ralphm shows as "online"
[18:10:13] *** Alex has left the room
[18:14:04] *** Alex has joined the room
[18:14:31] *** Alex has left the room
[18:15:49] *** Tobias shows as "away"
[18:16:03] *** ralphm has left the room
[18:17:52] *** Alex has joined the room
[18:19:01] *** Alex has left the room
[18:19:25] *** stefandxm has joined the room
[18:19:26] *** stefandxm shows as "online" and his status message is "Available"
[18:19:46] *** Alex has joined the room
[18:21:01] *** Alex has left the room
[18:21:13] <Zash> Forget about XHTML-IM and markdown, let's do this https://www.oasis-open.org/committees/download.php/60/HM.Primary-Base-Spec-1.0.html
[18:21:20] *** MattJ shows as "away"
[18:21:33] *** jubalh has joined the room
[18:22:00] *** MattJ shows as "online"
[18:22:18] *** Steve Kille has left the room
[18:23:31] *** edhelas has left the room
[18:23:50] *** edhelas has joined the room
[18:23:55] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:24:04] <SamWhited> Embedded SVG, but the version of the spec that didn't end up making it through where it had functionality to open sockets.
[18:24:13] <SamWhited> Done.
[18:24:23] *** dwd shows as "online"
[18:25:01] *** Valerian has left the room
[18:25:07] *** Valerian has joined the room
[18:25:20] *** xnyhps shows as "online"
[18:25:54] *** alacer has joined the room
[18:27:30] *** ralphm shows as "online"
[18:27:51] *** xnyhps shows as "online"
[18:33:05] *** dwd shows as "online"
[18:34:13] *** efrit has left the room
[18:35:06] *** xnyhps shows as "online"
[18:35:13] *** xnyhps shows as "online"
[18:35:29] *** jubalh shows as "online"
[18:36:41] *** stefandxm has left the room
[18:37:09] *** xnyhps shows as "online"
[18:37:42] *** Valerian has left the room
[18:37:43] *** Valerian has joined the room
[18:38:09] *** stefandxm has joined the room
[18:38:10] *** stefandxm shows as "online" and his status message is "Available"
[18:40:30] *** xnyhps shows as "online"
[18:45:17] *** xnyhps shows as "online"
[18:47:13] *** xnyhps shows as "online"
[18:47:18] *** Tobias shows as "online"
[18:49:40] *** xnyhps shows as "online"
[18:49:55] *** xnyhps shows as "online"
[18:51:27] *** xnyhps shows as "online"
[18:52:13] *** xnyhps shows as "online"
[18:53:17] *** xnyhps shows as "online"
[18:53:52] *** xnyhps shows as "online"
[18:55:16] *** xnyhps shows as "online"
[18:55:49] *** xnyhps shows as "online"
[18:57:27] *** xnyhps shows as "online"
[18:57:49] *** xnyhps shows as "online"
[18:58:36] *** dwd has left the room
[18:58:38] *** dwd shows as "online"
[18:59:06] *** xnyhps shows as "online"
[18:59:58] *** xnyhps shows as "online"
[19:01:03] *** jubalh shows as "online"
[19:01:51] *** Kev shows as "online"
[19:01:51] *** Kev shows as "online"
[19:02:09] *** Steve Kille has joined the room
[19:02:12] *** Steve Kille shows as "online" and his status message is "Trains Home"
[19:03:06] *** xnyhps shows as "online"
[19:03:51] *** xnyhps shows as "online"
[19:05:40] *** stefandxm shows as "away" and his status message is "Available"
[19:06:30] *** dwd has left the room
[19:08:51] *** jubalh has left the room
[19:09:05] *** emxp has joined the room
[19:10:08] *** Flow has joined the room
[19:12:09] *** valo has joined the room
[19:12:16] *** dwd shows as "online"
[19:13:57] *** xnyhps shows as "online"
[19:14:38] *** xnyhps shows as "online"
[19:15:19] *** Flow has left the room
[19:15:40] *** xnyhps shows as "online"
[19:15:45] *** xnyhps shows as "online"
[19:17:44] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[19:18:57] *** Steve Kille has left the room
[19:19:30] *** dwd shows as "online"
[19:20:17] *** dwd has left the room
[19:21:11] *** xnyhps shows as "online"
[19:21:52] *** xnyhps shows as "online"
[19:25:09] *** ralphm shows as "online"
[19:25:10] *** Guus shows as "online"
[19:25:19] *** dwd has left the room
[19:25:21] *** dwd shows as "online"
[19:26:20] *** dwd has left the room
[19:26:23] *** dwd shows as "online"
[19:26:32] *** xnyhps shows as "online"
[19:27:23] *** xnyhps shows as "online"
[19:29:25] *** xnyhps shows as "online"
[19:30:06] *** xnyhps shows as "online"
[19:31:32] *** xnyhps shows as "online"
[19:32:50] *** xnyhps shows as "online"
[19:34:40] *** SamWhited has left the room
[19:34:47] *** SamWhited shows as "online"
[19:34:55] *** SamWhited shows as "online"
[19:35:08] *** xnyhps shows as "online"
[19:35:18] *** Zash shows as "online"
[19:35:22] *** Zash shows as "dnd"
[19:36:30] *** dwd has left the room
[19:36:49] *** xnyhps shows as "online"
[19:36:59] *** alacer has left the room
[19:43:31] *** alacer has joined the room
[19:45:30] *** goffi shows as "online"
[19:46:41] *** stefandxm shows as "online" and his status message is "Available"
[19:46:49] *** ralphm shows as "online"
[19:47:17] *** xnyhps shows as "online"
[19:47:56] *** emxp has joined the room
[19:48:01] *** xnyhps shows as "online"
[19:49:13] *** xnyhps shows as "online"
[19:49:23] *** xnyhps shows as "online"
[19:52:56] *** Syndace has left the room
[19:52:59] *** Syndace shows as "online"
[19:55:33] *** Kev shows as "away"
[19:55:44] *** xnyhps shows as "online"
[19:55:49] *** xnyhps shows as "online"
[19:57:31] *** alacer has left the room
[19:57:39] *** alacer has joined the room
[20:00:06] *** Kev shows as "online"
[20:02:23] *** xnyhps shows as "online"
[20:02:54] *** Valerian has left the room
[20:04:49] *** xnyhps shows as "online"
[20:05:04] *** alacer has left the room
[20:07:42] *** Steve Kille has joined the room
[20:07:43] *** Steve Kille shows as "away" and his status message is "Trains Home"
[20:08:52] *** Steve Kille shows as "away" and his status message is "Trains Home"
[20:08:52] *** Steve Kille shows as "away" and his status message is "Trains Home"
[20:14:13] *** ralphm shows as "online"
[20:14:46] *** jubalh has joined the room
[20:16:13] *** goffi has left the room
[20:17:36] *** alacer has joined the room
[20:19:04] *** winfried shows as "away" and his status message is "Auto Status (idle)"
[20:22:10] *** Steve Kille has left the room
[20:23:54] *** xnyhps shows as "online"
[20:25:44] *** ralphm has left the room
[20:29:06] *** zinid has left the room
[20:29:09] *** xnyhps shows as "away" and his status message is "Away"
[20:30:17] *** McKael shows as "online"
[20:31:59] <Syndace> I really don't get why all examples of XEP-0030: Service Discovery error responses contain the query element mirrored from the request. To me it is as confusing as it looks useless. If a client does not support disco at all it won't know that it has to mirror the query element anyway, so why is it mirrored in all examples and do I really have to mirror it in my implementation? I did not find a MUST or REQUIRED about this in the specification. Do people mirror it? Do people rely on it to exist in error stanzas?
[20:33:12] <Zash> Syndace: I believe that's technically allowed by the specifications, but rarely used.
[20:34:37] <zinid> It's useful for debugging sometimes
[20:34:40] <Syndace> Zash: So, I can ignore it as being historical? Is there any reason it might be helpfull that I'm missing?
[20:35:11] <Syndace> zinid, okay I can see that, it's easier than matching ids of outgoing and incoming iqs.
[20:36:33] <zinid> I mean when you dump xml on server: you see what exactly your server is replying to with error
[20:37:47] <zinid> Syndace: but there is no requirement in the RFC
[20:37:50] *** xnyhps shows as "away" and his status message is "Away"
[20:37:54] *** xnyhps shows as "online"
[20:38:38] <Syndace> Okay got it, thanks :)
[20:39:04] *** winfried shows as "xa" and his status message is "Auto Status (idle)"
[20:41:07] *** xnyhps shows as "online"
[20:44:39] *** dwd shows as "online"
[20:45:02] *** ralphm shows as "online"
[20:45:33] *** Valerian has joined the room
[20:46:13] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[20:46:44] *** xnyhps shows as "away" and his status message is "Away"
[20:47:39] *** jubalh has joined the room
[20:48:07] *** jubalh shows as "online"
[20:54:24] *** Flow has joined the room
[20:55:12] *** dwd has left the room
[20:55:13] *** dwd shows as "online"
[21:01:26] *** edhelas shows as "online"
[21:02:11] *** edhelas has left the room
[21:02:37] *** alacer has joined the room
[21:05:49] *** Alex has joined the room
[21:06:29] *** dwd has left the room
[21:07:32] *** winfried shows as "online"
[21:07:42] *** edhelas has left the room
[21:09:02] *** edhelas has joined the room
[21:10:41] *** edhelas has left the room
[21:11:06] *** edhelas has joined the room
[21:11:14] *** edhelas has left the room
[21:11:34] *** edhelas has joined the room
[21:12:20] *** stefandxm shows as "away" and his status message is "Available"
[21:13:40] *** Ge0rG shows as "online"
[21:16:12] *** Kev has left the room
[21:17:30] *** ralphm shows as "online"
[21:17:41] *** Alex shows as "online"
[21:19:30] *** stefandxm shows as "online" and his status message is "Available"
[21:24:37] *** edhelas has left the room
[21:24:51] *** edhelas has joined the room
[21:25:03] *** edhelas has left the room
[21:25:19] *** edhelas has joined the room
[21:26:04] *** edhelas has left the room
[21:26:25] *** edhelas has joined the room
[21:27:03] *** Ge0rG has left the room
[21:27:03] *** Ge0rG shows as "online"
[21:37:36] *** alacer has joined the room
[21:37:37] *** xnyhps shows as "away" and his status message is "Away"
[21:40:21] *** Syndace has left the room
[21:43:42] *** Ge0rG has left the room
[21:43:42] *** Ge0rG shows as "online"
[21:47:31] *** alacer has left the room
[21:49:21] *** Syndace shows as "online"
[21:50:46] *** McKael shows as "online"
[21:53:19] *** daniel has joined the room
[21:57:19] *** Ge0rG has left the room
[21:57:21] *** Ge0rG shows as "online"
[21:57:28] *** stefandxm shows as "away" and his status message is "Available"
[21:57:36] *** alacer has joined the room
[22:02:05] *** Steve Kille shows as "online" and his status message is "Trains Home"
[22:02:48] *** stefandxm shows as "online" and his status message is "Available"
[22:03:01] *** Steve Kille shows as "online" and his status message is "At Home"
[22:05:48] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[22:11:54] *** lovetox has left the room
[22:14:14] *** McKael shows as "online"
[22:15:56] *** waqas has left the room
[22:17:21] *** daniel has left the room
[22:22:36] *** Steve Kille shows as "away" and his status message is "At Home"
[22:24:25] *** emxp has left the room
[22:24:28] *** emxp has joined the room
[22:25:52] *** Ge0rG has left the room
[22:25:52] *** Ge0rG shows as "online"
[22:29:17] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[22:33:14] *** jubalh has left the room
[22:36:51] *** McKael shows as "online"
[22:40:47] *** Ge0rG has left the room
[22:40:47] *** Ge0rG shows as "online"
[22:41:21] *** emxp has left the room
[22:41:22] *** emxp has joined the room
[22:41:28] *** dwd shows as "online"
[22:43:41] *** efrit has joined the room
[22:44:12] *** Syndace has left the room
[22:45:07] *** daniel has joined the room
[22:46:40] *** SamWhited has left the room
[22:50:24] *** daniel has left the room
[22:50:31] *** daniel has joined the room
[22:51:18] *** Valerian has left the room
[22:51:24] *** Valerian has joined the room
[22:51:54] *** McKael shows as "away" and his status message is "Auto-away (idle)"
[22:55:47] *** Ge0rG has left the room
[22:55:47] *** Ge0rG shows as "online"
[22:57:38] *** alacer has joined the room
[22:59:04] *** Alex has left the room
[22:59:40] *** Tobias has left the room
[22:59:47] *** Tobias has joined the room
[23:00:44] *** Zash shows as "online"
[23:03:59] *** Guus has left the room
[23:08:24] *** Zash has left the room
[23:08:24] *** sonny has joined the room
[23:09:03] *** Valerian has left the room
[23:09:28] *** daniel shows as "online"
[23:09:33] *** stefandxm shows as "away" and his status message is "Available"
[23:10:47] *** Ge0rG has left the room
[23:10:50] *** Ge0rG shows as "online"
[23:12:56] *** emxp has joined the room
[23:16:45] *** jere has joined the room
[23:18:29] *** dwd has left the room
[23:20:33] *** Syndace has joined the room
[23:25:48] *** Ge0rG has left the room
[23:25:48] *** Ge0rG shows as "online"
[23:27:05] *** Valerian has joined the room
[23:31:22] *** SamWhited shows as "online"
[23:38:04] *** Guus shows as "online"
[23:41:05] *** Ge0rG has left the room
[23:41:05] *** Ge0rG shows as "online"
[23:43:01] *** daniel has left the room
[23:43:06] *** daniel shows as "online"
[23:57:37] *** alacer has joined the room