-
Guus
> I will execute the random selection then on the next Euro Millions draw which is this Friday, November 24th 2017.
-
Guus
longest drumroll ever?
-
Alex
;-)
-
dwd
Guus, If I thought we'd have got there in time, I'd have suggested the UK lottery draw last night.
-
Ge0rG
that would've been very close.
-
Ge0rG
BTW, sorting people by their name is an inherently unfair process.
-
Guus
dwd: oh, the timing doesn't matter much. I'm just glad we were able to come up with a way to resolve this in the first place.
-
mathieui
Ge0rG, maybe hash the name + the date and then sort the hashes?
-
Guus
Why are we grouping people by name?
-
Ge0rG
2648f46ed83b89a922e3a74aa5500dee: that's an awesome idea.
-
dwd
Ge0rG, I don't think it makes any difference how people are ordered, the point is that the order must be decided upon and fixed in advance.
-
Ge0rG
dwd: you are absolutely right, in the context of the tie resolution
-
Guus
we're basically ordering them in a circle, not in a prioritized queue.
-
Ge0rG
my remark was rather related to the typical ordering of studens in a class, when the teacher decides whom to ask for homework
-
dwd
Ge0rG, For voting, the memberbot randomizes the order each time you vote, as well. We've run into that one before, as you can tell...
-
Ge0rG
dwd: right. It confused me the first time I mistyped my vote and had to recast, but it's logical.
-
Ge0rG
dwd: I'm also pretty sure I read about it on the ML
-
Guus
Ge0rG: my best friends mum used this for job application. Uses her maiden name normally, but used her husbands family name "Aa" to put herself quite literally on the top of the stack :)
-
Ge0rG
Guus: was the name really "Aa"?
-
Ge0rG
that's like all the "1-2-3 plumbing" and "aaa services" in the yellow pages.
-
dwd
Guus, 'My surname? Yes, it's "a". Lowercase.'
-
Guus
the family name uses https://en.wikipedia.org/wiki/Tussenvoegsel, but otherwise, yes, Aa (and in the Netherlands, we don't use tussenvoegsels for ordering names).
-
Guus
dwd: just for kicks, we once looked up to see if his family really was amongst the first in the phonebook. Turns out that there really are people with "A" for a surname.
-
Guus
naturally, I've declared my friend a loser and moved on.
-
Ge0rG
Tussenvoegsel is a very interesting word.
-
Guus
Yeah, filling out (some) Dutch names in international forms is fun.
-
Ge0rG
it's also fun to be called Georg Lukas. People make witty remarks about lightsabres, darthvaders etc. all the time
-
Guus
I'm always annoyed when things like address book applications list my family ("der Kinderen") under "d" instead of "k"
-
Guus
Yeah, double wammy with your last name also being a common first name.
-
dwd
Guus, So I now learn that you are meneer Der Kinderen but Guus der Kinderen. And you're collated under "K" in Dutch, but "D" in Belgian.
-
Guus
dwd, that's correct.
-
Ge0rG
Guus: yeah, that too. "What's your name?" -- "Lukas" -- "So what's your last name?"
-
Alex
we can formalize the tie resolution process in a XEP or other document, to have it in file when it happens again, also ties which involve more than 2 applicants
-
Guus
Alex: we can, but do we need to put in the effort? It worked out pretty well this time, without the added documentation.
-
Alex
Guus: agreed
-
dwd
Alex, Ideally, we'd publish the algorithm in the run-up to an election, so we could crank it through quickly.
-
dwd
Alex, But in fairness, it's happened twice in XSF history, so maybe Guus has a better idea.
-
Guus
not sure if "not doing anything else" qualifies as an "idea"
-
mathieui
I like how the hash discussion for 0392 oscillates between "not too old stuff, it will get deprecated and removed" and "not too recent stuff, it won’t be available in java"
-
Zash
For a use case where md5 would be fine
-
mathieui
indeed
-
Zash
Or like crc32
-
dwd
I think it's reliant on low collision, so MD5 is probably the right level.
-
mathieui
the worry is more that md5 is deprecated in many places, and may be removed somewhen
-
dwd
Predictable collision is fine. Even a second preimage attack wouldn't be a problem.
-
dwd
mathieui, Doubtful. MD5 is used in a lot more places than just crypto. But if people are worried, SHA-1 will be with us forever, basically.
-
mathieui
yeah
-
dwd
Although I like the fact is says "SHA-1 ... as defined by zlib".
-
Zash
dwd: Will it?
-
Zash
git was mentioned on the mailing list, but I think both git and hg are looking at phasing it out
-
Flow
Zash, git is looking into phasing out sha1, hg is looking into phasing out itself ;-)
-
Zash
2/10 would not be trolled again
-
vanitasvitae
Just read the ejabberd release post. That made me thinking, is there a link type "share via xmpp", which clients can open and which carries a predefined body, so the user only has to select a recipient?
-
MattJ
vanitasvitae, https://xmpp.org/extensions/xep-0147.html#actions-message
-
MattJ
I think the "select a recipient" part is trickier though
-
Zash
Has Firefox killed that social plugin architecture they had?
-
Zash
Wherein you had installed some pice of JS that would handle "share this" events.
-
MattJ
you could do that in Javascript (sorry Zash)
-
waqas
Unfortunately I doubt it
-
Zash
MattJ: This was 100% pure JS only plugins
-
Zash
You could have a sidebar and share options.
-
Link Mauve
Hmm, XEP-0277 doesn’t say anything about a sharing URI, the closest is https://xmpp.org/extensions/xep-0277.html#location
-
vanitasvitae
Yeah, looks like thr recipient is always fix.
-
MattJ
Ha, just read the ejabberd release post. They stole our certificate configuration approach ;)
-
Zash
Huh?
-
Zash
MattJ: The one we talked about but haven't gotten around to implement yet?
-
MattJ
"Introductin certfiles option": "The option is supposed to replace existing options ‘c2s_certfile’, ‘s2s_certfile’ and ‘domain_certfile’. The option accepts a list of file paths (optionally with wildcards “*”) containing either PEM certificates or PEM private keys. At startup, ejabberd sorts the certificates, finds matching private keys and rebuilds full certificates chains which can be used by fast_tls driver."
-
MattJ
ignore my typo
-
Zash
We just pick something based on file names
-
Zash
"just"
-
dwd
Zash, It's in hardware on a load of Intel CPUs, and in use in a zillion places as a general hash. It's not very good at it, actually, but it's there.
-
Zash
Wait, {xep 313} says WHAT?
-
Bunneh
Zash: Message Archive Management (Standards Track, Proposed, 2017-02-22) See: https://xmpp.org/extensions/xep-0313.html
-
Flow
doesn't look like xep277 registers 'node' the querytype, it's even missing in xep277 § 11. Or am I missing something?
-
Flow
arg, node even clashes with https://xmpp.org/extensions/xep-0050.html#registrar-querytypes
-
Link Mauve
Flow, hmm, it should be at the ?pubsub query type: https://xmpp.org/extensions/xep-0060.html#registrar-querytypes
-
Link Mauve
That’s where it’s registered.
-
Flow
Link Mauve, then there is a '?pubsub' missing in xep277 § 2.1?
-
Link Mauve
Seems so.
-
Flow
Link Mauve, https://github.com/xsf/xeps/pull/545
-
Link Mauve
edhelas, goffi, ^
-
goffi
Flow: this would be a bad idea: 1) the URI is without "pubsub" action in XEP-0060 (the URI is not specific to microblog) 2) we have already tons of URI in the wild without the "pubsub" action 3) the "node" variable is enough to know that it's a pubsub URI (but even if it's not used for something else, it could be, so that's not great I agree)
-
goffi
and if we were adding and action, I would prefer to have "blog" or "microblog" instead of "pubsub", this would avoid retrieving items to know what's the node is about.
-
goffi
an action*
-
goffi
https://xmpp.org/extensions/xep-0060.html#impl-uri
-
goffi
(final standard)
-
goffi
oups draft sorry
-
jonasw
Zash, crc32 doesn’t work
-
goffi
"node" is used actually, I've missed the comment abose. That's unfortunate, XEP-0060 should have used an action but it didn't. Anyway command use an action, so we can still differenciate.
-
jonasw
you need a few hundred bytes of random input before crc32 starts to work as a proper mixing function
-
jonasw
(tried that)
-
jonasw
at which point it seemed to me that SHA-1 is a more sensible alternative, than something home-brew based on a crc32 variant
-
jonasw
dwd, yes, the incorrect reference to zlib will be going away soon, when I can comfortably type again
-
Zash
Crypto hashes does come with all that random pre-input data, so sure.
-
jonasw
exactly
-
jonasw
so crc32 isn’t quite sufficient by itself
-
jonasw
md5 would probably be fine, too
-
Neustradamus
Good to see discussions/changes on XEP-0277!
-
Flow
goffi, ahh that thing can come without an action. i've changed the PR https://github.com/xsf/xeps/pull/545
-
MattJ
Grr, MIX
-
Zash
Grrr?
-
MattJ
I kinda assumed it didn't use type=groupchat
-
waqas
Yeah
-
Zash
I kinda assumed it would
-
MattJ
The semantics are so different, isn't a MIX joined from your bare JID?
-
MattJ
Why would you want groupchat routing rules on that?
-
Zash
MattJ: They don't matter because the server needs to be MIX-aware
-
Zash
I assume
-
MattJ
I confess I'm way behind on MIX
-
MattJ
All I'm saying is, I was surprised by this
-
Zash
I'll be basing all my MIX-related statements of what I overheard while people were gathered around a whiteboard drawing it up a few years ago
-
Zash
While intoshi, ralphm and I were cutting up XEP 60 into pieces