Wednesday, February 14, 2018
xsf@muc.xmpp.org
February
Mon Tue Wed Thu Fri Sat Sun
      1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
       
             
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

[00:02:20] *** lovetox shows as "online"
[00:06:01] *** Guus has left the room
[00:06:05] *** Guus shows as "online"
[00:06:09] *** tux has left the room
[00:06:10] *** tux has joined the room
[00:06:34] *** Tobias shows as "online"
[00:06:40] *** Tobias shows as "online"
[00:10:36] *** Guus has left the room
[00:10:36] *** Guus shows as "online"
[00:11:12] *** la|r|ma has left the room
[00:11:15] *** la|r|ma shows as "online"
[00:13:31] *** Tobias has left the room
[00:14:49] *** la|r|ma has left the room
[00:14:50] *** la|r|ma shows as "online"
[00:14:59] *** lskdjf has left the room
[00:15:00] *** lskdjf shows as "online"
[00:16:10] *** Guus has left the room
[00:23:40] *** moparisthebest has left the room
[00:27:46] *** ralphm has joined the room
[00:29:41] *** waqas has left the room
[00:38:05] *** blabla has left the room
[00:38:41] *** stefandxm shows as "away" and his status message is "Available"
[00:43:02] *** Tobias shows as "away"
[00:43:07] *** Tobias shows as "away"
[00:45:02] *** lovetox has left the room
[00:52:20] *** Guus shows as "online"
[00:53:26] *** lskdjf has left the room
[00:53:30] *** lskdjf has joined the room
[01:00:00] *** jjrh has left the room
[01:01:50] *** Guus has left the room
[01:01:50] *** Guus shows as "online"
[01:01:56] *** jjrh shows as "online"
[01:04:47] *** jjrh has left the room
[01:04:50] *** jjrh shows as "online"
[01:05:51] *** jjrh has left the room
[01:06:08] *** jjrh shows as "online"
[01:10:10] *** Guus has left the room
[01:10:46] *** Tobias shows as "away"
[01:10:51] *** Tobias shows as "away"
[01:19:26] *** Tobias has left the room
[01:26:00] *** Zash shows as "online"
[01:34:38] *** jjrh has left the room
[01:34:42] *** jjrh shows as "online"
[01:35:09] *** nyco has left the room
[01:35:41] *** nyco shows as "online"
[01:47:08] *** Tobias shows as "away"
[01:47:15] *** Tobias shows as "away"
[01:49:28] *** SamWhited shows as "online"
[01:50:23] *** la|r|ma shows as "online"
[01:53:13] *** la|r|ma shows as "online"
[01:53:35] *** Dave Cridland has left the room
[01:54:23] *** la|r|ma has left the room
[01:54:27] *** la|r|ma shows as "online"
[01:54:30] *** Tobias has left the room
[01:57:15] *** Dave Cridland shows as "online"
[01:59:15] *** tux has left the room
[01:59:16] *** tux has joined the room
[02:14:20] *** waqas has joined the room
[02:14:20] *** waqas has left the room
[02:16:02] *** la|r|ma has left the room
[02:21:17] *** Dave Cridland has left the room
[02:21:18] *** Dave Cridland shows as "online"
[02:22:48] *** matlag shows as "online"
[02:23:12] *** bra shows as "online"
[02:24:15] *** Tobias shows as "away"
[02:24:21] *** Tobias shows as "away"
[02:31:19] *** Tobias has left the room
[02:35:51] *** Dave Cridland has left the room
[02:35:52] *** Dave Cridland shows as "online"
[02:35:54] *** Dave Cridland has left the room
[02:35:59] *** Dave Cridland shows as "online"
[02:39:55] *** SamWhited has left the room
[02:51:19] *** lskdjf shows as "online"
[02:54:29] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[03:00:23] *** Tobias shows as "away"
[03:00:28] *** Tobias shows as "away"
[03:01:25] *** rion has joined the room
[03:05:05] *** @Alacer has left the room
[03:05:08] *** @Alacer has joined the room
[03:08:55] *** moparisthebest shows as "online"
[03:09:38] *** la|r|ma shows as "online"
[03:13:48] *** la|r|ma has left the room
[03:13:52] *** la|r|ma shows as "online"
[03:14:29] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[03:16:19] *** efrit has left the room
[03:28:20] *** Tobias shows as "away"
[03:28:26] *** Tobias shows as "away"
[03:34:22] *** la|r|ma has left the room
[03:35:39] *** Tobias has left the room
[03:37:53] *** lskdjf has left the room
[03:45:46] *** hannes has left the room
[03:45:46] *** hannes has joined the room
[03:49:23] *** rion shows as "online"
[03:50:28] *** andy has joined the room
[03:53:16] *** vanitasvitae has left the room
[03:53:50] *** Dave Cridland has left the room
[03:58:04] *** Dave Cridland shows as "online"
[04:05:20] *** Tobias shows as "away"
[04:05:25] *** Tobias shows as "away"
[04:08:26] *** moparisthebest has left the room
[04:08:26] *** moparisthebest has left the room
[04:08:44] *** moparisthebest has joined the room
[04:11:49] *** moparisthebest shows as "online"
[04:19:50] *** moparisthebest has left the room
[04:22:29] *** moparisthebest shows as "online"
[04:30:34] *** uc has left the room
[04:30:44] *** uc has joined the room
[04:42:01] *** Tobias shows as "away"
[04:42:06] *** Tobias shows as "away"
[04:45:04] *** andy has left the room
[04:52:06] *** andy has joined the room
[05:09:54] *** matlag has left the room
[05:10:49] *** rion has left the room
[05:28:04] *** Tobias shows as "away"
[05:28:09] *** Tobias shows as "away"
[05:37:59] *** suzyo has joined the room
[05:40:14] *** hannes has left the room
[05:41:11] *** andy has left the room
[05:43:02] *** hannes has joined the room
[06:09:18] *** moparisthebest has left the room
[06:11:08] *** moparisthebest has joined the room
[06:17:38] *** goffi has joined the room
[06:20:49] *** Dave Cridland has left the room
[06:20:50] *** Dave Cridland shows as "online"
[06:20:50] *** Dave Cridland has left the room
[06:21:00] *** Dave Cridland shows as "online"
[06:21:22] *** MattJ shows as "online"
[06:22:32] *** Tobias shows as "away"
[06:22:37] *** Tobias shows as "away"
[06:24:07] *** andy has joined the room
[06:34:31] *** Guus shows as "online"
[06:34:38] *** Dave Cridland shows as "online"
[06:34:38] *** dwd shows as "online"
[06:38:21] *** suzyo has joined the room
[06:38:34] *** Dave Cridland has left the room
[06:38:35] *** Dave Cridland shows as "online"
[06:38:50] *** Dave Cridland has left the room
[06:38:56] *** Dave Cridland shows as "online"
[06:41:27] *** Tobias shows as "away"
[06:41:33] *** Tobias shows as "away"
[06:43:26] *** jonasw shows as "online"
[06:43:32] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[06:43:32] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[06:43:38] *** nyco has left the room
[06:43:40] *** Dave Cridland shows as "online"
[06:44:12] *** dwd shows as "online"
[06:44:21] *** nyco shows as "online"
[06:44:55] <jonasw> Flow, there was the argument that identities may be localized.
[06:46:55] *** Dave Cridland has left the room
[06:47:25] *** Dave Cridland shows as "online"
[06:47:35] *** Dave Cridland has left the room
[06:48:17] *** Dave Cridland shows as "online"
[06:49:03] *** SaltyBones has left the room
[06:52:57] *** andy has left the room
[06:53:24] *** SaltyBones has joined the room
[06:59:10] *** Dave Cridland has left the room
[06:59:12] *** Dave Cridland shows as "online"
[06:59:54] *** Dave Cridland has left the room
[07:00:03] *** Dave Cridland shows as "online"
[07:03:22] *** suzyo has left the room
[07:04:46] *** Tobias shows as "online"
[07:04:54] *** Tobias shows as "online"
[07:08:30] *** Steve Kille shows as "online" and his status message is "At Home"
[07:08:48] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[07:08:48] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[07:09:07] *** SaltyBones shows as "online"
[07:10:15] *** stefandxm shows as "online" and his status message is "Available"
[07:12:08] *** suzyo has joined the room
[07:15:43] *** moparisthebest has left the room
[07:17:47] <Seve> I changed my email address. Does anyone know who should I get in touch with to subscribe myself with my new email address, please?
[07:18:48] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[07:18:48] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[07:19:26] *** moparisthebest has joined the room
[07:20:34] *** daniel has left the room
[07:20:40] <jonasw> Seve, to all lists but members@, you can manage that yourself
[07:20:43] *** daniel has joined the room
[07:20:48] <jonasw> I’m not sure if you can change your email address for members@ yourself
[07:21:11] <jonasw> you could try checking the options at https://mail.jabber.org/mailman/options/members/your.old@email.address
[07:21:12] <Seve> Ohh
[07:21:14] *** Tobias shows as "away"
[07:21:17] <jonasw> (note the email address in the URL)
[07:21:18] <Seve> Sorry!
[07:21:28] <Seve> I forgot to mention that I want to subscribe to members@, yes.
[07:21:36] <jonasw> ha ok
[07:21:57] <jonasw> I don’t know who’s responsible for this, but somebody from iteam will do
[07:22:07] *** andy has joined the room
[07:22:17] <jonasw> the two I have in mind aren’t here right now though
[07:25:07] *** daniel has left the room
[07:25:17] *** daniel has joined the room
[07:27:47] *** andy has left the room
[07:28:47] *** stefandxm shows as "away" and his status message is "Available"
[07:30:00] *** Tobias shows as "online"
[07:30:46] *** Dave Cridland shows as "online"
[07:30:46] *** dwd shows as "online"
[07:31:26] *** daniel shows as "online"
[07:32:05] *** andy has joined the room
[07:32:45] *** ralphm has joined the room
[07:38:04] *** andy has left the room
[07:41:28] *** Guus has left the room
[07:41:40] *** Guus shows as "online"
[07:42:05] *** andy has joined the room
[07:45:03] *** Steve Kille shows as "away" and his status message is "At Home"
[07:46:10] *** Guus has left the room
[07:47:19] *** remko has joined the room
[07:47:20] *** remko shows as "online"
[07:48:05] *** andy has left the room
[07:48:42] *** rion shows as "online"
[07:49:04] *** rion has left the room
[07:49:19] *** daniel has left the room
[07:49:20] *** daniel shows as "online"
[07:49:59] *** Tobias shows as "away"
[07:50:32] *** Tobias shows as "online"
[07:50:43] *** rion has left the room
[07:54:02] *** Dave Cridland has left the room
[07:54:04] *** Dave Cridland shows as "online"
[07:56:05] *** jubalh has joined the room
[07:56:42] *** tim@boese-ban.de has joined the room
[07:58:45] *** Dave Cridland has left the room
[07:58:53] *** Dave Cridland shows as "online"
[08:01:22] *** Steve Kille shows as "online" and his status message is "At Home"
[08:02:43] *** Seve shows as "online" and his status message is "At work"
[08:03:54] *** SaltyBones has left the room
[08:04:26] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[08:04:36] *** Dave Cridland has left the room
[08:04:39] *** Dave Cridland shows as "online"
[08:04:44] *** Dave Cridland has left the room
[08:05:04] *** Dave Cridland shows as "online"
[08:05:46] *** moparisthebest has left the room
[08:06:00] *** andy has joined the room
[08:08:25] <Ge0rG> I'd like to propose a new marketing slogan: *XMPP - as popular as the Metric system in the USA*
[08:10:24] <jonasw> :<
[08:11:11] <Ge0rG> jonasw: it could be worse, e.g. "XMPP - as popular as the Measles"
[08:11:29] *** andy has left the room
[08:11:39] <jonasw> :<
[08:12:55] *** Fabian has joined the room
[08:13:36] *** Fabian has left the room
[08:14:26] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[08:14:30] *** moparisthebest has joined the room
[08:14:39] *** Alex has joined the room
[08:17:06] *** Dave Cridland has left the room
[08:17:07] *** Dave Cridland shows as "online"
[08:17:54] *** Guus shows as "online"
[08:18:19] *** hannes has left the room
[08:18:44] *** Guus has left the room
[08:18:45] *** Guus shows as "online"
[08:18:46] *** andy has joined the room
[08:18:48] *** Dave Cridland has left the room
[08:18:51] *** Dave Cridland shows as "online"
[08:19:18] *** blabla shows as "online"
[08:24:43] *** Steve Kille shows as "away" and his status message is "At Home"
[08:25:22] *** Steve Kille shows as "online" and his status message is "At Home"
[08:25:51] *** Fabian has joined the room
[08:27:28] *** SaltyBones shows as "online"
[08:31:10] *** Guus has left the room
[08:31:12] *** bra shows as "online"
[08:31:44] *** rion has joined the room
[08:32:38] *** Fabian shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[08:33:02] *** Fabian shows as "online"
[08:34:15] *** remko shows as "away"
[08:35:12] *** tim@boese-ban.de shows as "online"
[08:37:15] *** tux has left the room
[08:37:17] *** tux has joined the room
[08:38:18] *** andy has left the room
[08:39:29] *** Steve Kille has left the room
[08:40:04] *** mimi89999 shows as "online"
[08:41:13] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[08:43:04] *** Alex has left the room
[08:43:26] *** Alex has joined the room
[08:43:31] *** Steve Kille has joined the room
[08:43:33] *** Steve Kille shows as "away" and his status message is "At Home"
[08:43:44] *** Steve Kille shows as "online" and his status message is "At Home"
[08:44:23] *** Steve Kille shows as "online" and his status message is "Hampton"
[08:44:46] *** remko shows as "online"
[08:46:53] *** Fabian has left the room
[08:52:04] *** MattJ shows as "away"
[08:56:27] *** andy has joined the room
[09:01:13] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[09:02:24] *** andy has left the room
[09:03:36] *** Dave Cridland has left the room
[09:03:48] *** Dave Cridland shows as "online"
[09:04:19] *** tim@boese-ban.de has left the room
[09:04:50] *** tim@boese-ban.de has joined the room
[09:06:14] *** Dave Cridland has left the room
[09:06:32] *** Dave Cridland shows as "online"
[09:07:56] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:07:56] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:09:28] *** Dave Cridland has left the room
[09:09:36] *** Dave Cridland shows as "online"
[09:12:07] *** jubalh has joined the room
[09:13:25] *** marc has joined the room
[09:13:43] *** Dave Cridland has left the room
[09:14:09] *** blabla shows as "online"
[09:14:18] *** blabla shows as "online"
[09:15:12] *** stefandxm shows as "online" and his status message is "Available"
[09:15:53] *** Martin has joined the room
[09:16:35] *** rion has left the room
[09:16:39] *** rion has joined the room
[09:17:01] *** rion has left the room
[09:17:02] *** rion has joined the room
[09:17:56] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[09:18:12] *** Dave Cridland shows as "online"
[09:18:17] *** intosi has joined the room
[09:18:22] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[09:18:35] *** rion has left the room
[09:18:46] *** Kev has joined the room
[09:18:49] *** Kev shows as "online"
[09:18:50] *** Fabian has joined the room
[09:19:44] *** Dave Cridland shows as "online"
[09:19:44] *** dwd shows as "online"
[09:20:07] *** Tobias shows as "online"
[09:20:19] *** Tobias shows as "online"
[09:23:11] *** Dave Cridland has left the room
[09:23:24] *** Alex has left the room
[09:23:43] *** Alex has joined the room
[09:23:51] *** Fabian has left the room
[09:25:32] *** Dave Cridland shows as "online"
[09:27:13] <jonasw> oh my god
[09:27:17] <jonasw> I’m just reading XEP-0013
[09:27:32] <jonasw> why did it seem like a good idea to use disco#info for the number of messages?
[09:28:55] *** tux shows as "online"
[09:30:46] <Kev> -13 is pretty old, we've got a lot of best-practice knowledge that's built up since then.
[09:30:46] <Bunneh> Kev: I'll remember that.
[09:30:56] <jonasw> -13
[09:30:56] <Bunneh> jonasw: pretty old, we've got a lot of best-practice knowledge that's built up since then.
[09:30:58] <Kev> What the smeg?
[09:30:58] <jonasw> hah!
[09:32:58] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[09:33:11] *** ralphm has joined the room
[09:36:18] <Tobias> :D
[09:39:21] *** jubalh has left the room
[09:39:31] *** Fabian has joined the room
[09:40:34] *** tim@boese-ban.de shows as "online"
[09:40:34] *** marc has left the room
[09:41:56] *** Kev shows as "away"
[09:43:07] *** Martin shows as "online"
[09:43:10] *** Martin shows as "away" and his status message is "Away"
[09:44:47] *** Fabian has left the room
[09:44:48] *** Fabian has joined the room
[09:44:50] *** Fabian shows as "online"
[09:46:27] *** mimi89999 shows as "online"
[09:46:29] *** Kev shows as "online"
[09:47:45] *** MattJ shows as "online"
[09:48:41] *** jubalh has joined the room
[09:49:35] *** jubalh has left the room
[09:49:50] *** jubalh has joined the room
[09:53:40] *** Fabian shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[09:54:23] *** tux shows as "xa" and his status message is "Gone for Food"
[09:58:05] *** jubalh has left the room
[09:58:09] *** Neustradamus shows as "away"
[09:58:25] <Flow> jonasw, ok, so why an extra hash for localized identities?
[09:58:37] *** Fabian has left the room
[09:59:02] <jonasw> Flow, separating them so that entities can profit from their cache for features and forms
[09:59:11] <jonasw> (also, there are precedents for quickly-changing forms)
[09:59:21] *** Neustradamus has left the room
[09:59:25] <jonasw> (e.g. the number of users in a MUC in its disco#info)
[09:59:43] *** Syndace has joined the room
[09:59:58] <SaltyBones> What does "localized" in this context mean? "translated"?
[10:00:01] <jonasw> in such a quickly-changing-form-case it would be profitable if entities could opt-out of the forms hash to indicate that it is quickly changing and must always be considered stale.
[10:00:06] <Flow> that sounds like an argument for an extra hash for forms
[10:00:19] <jonasw> yes
[10:00:27] *** jubalh has joined the room
[10:00:30] <jonasw> question is if separation of identities makes sense, too.
[10:00:34] <Flow> but I still don't see the advantage of an extra hash for localized identities
[10:00:52] <Flow> given that the identities will not frequently change
[10:00:55] <jonasw> I don’t see it either, necessarily
[10:01:16] <Flow> SaltyBones, yep, usually it's about the xml:lang attribute
[10:02:00] <Flow> are there many other popular precedents for quickly changing forms?
[10:02:13] <jonasw> Flow, I don’t know, honestly
[10:02:20] <jonasw> that’s why I *wish* there was more feedback on this on-list
[10:03:07] <Flow> I was going to write yesterday, but then figured that I possibly don't know what it is really about
[10:03:16] <jonasw> so I need to make it clearer?
[10:04:27] <Flow> jonasw, dunno, it appears you also don't know an example where extra hashes for identities, feature and/or forms are beneficial
[10:04:33] *** lumi has joined the room
[10:05:02] <jonasw> for forms, the MUC case is rather beneficial; the current workaround which is used is that the form wtih the numebr of users is not included when answering disco#info for a caps node
[10:05:03] <Flow> besides when protocols come into play that put dynamic information into e.g. features
[10:05:04] <jonasw> which is bad
[10:05:40] <jonasw> and in many cases, entities might not be interested in the form data, which is almost alwyas supplementary
[10:05:58] <jonasw> thus making them miss the cache because of uninteresting form data is not totally great
[10:06:53] <jonasw> (for example, entities which put OS version into the disco#info data; you’d then build a cache where each release of every operating system on which the client runs is held, which is kind of not very useful to have in the first place)
[10:07:09] <jonasw> I’m not sure there’s a strong argument for separating identities, but separating forms seems appealing to me
[10:07:48] <jonasw> I hoped that zinid would comment on this since he told me about the MUC forms use case.
[10:11:12] <Flow> hmm I see/saw caps mostly as an instrument to discover the caps of a remote "client". I can't even tell from the top of my head if caps works with xep45: Do you get a presence from the MUCs bare JID?
[10:12:14] <Flow> If ecaps2 is missing something, then it is possibly a mechanism for clients to annouce their features even if they are offline (e.g. via PEP)
[10:12:52] <SaltyBones> XEPs should mandate a list of intended use-cases.
[10:13:22] <Flow> SaltyBones, don't they?
[10:13:40] <jonasw> Flow, recent developments make you get a presence from the bare MUC jid on join, yes
[10:13:45] <jonasw> that’s a result of summit
[10:14:07] <Flow> jonasw, is that xep45 change live already?
[10:14:19] <jonasw> it is being developed and evaluated against client implementations
[10:15:18] *** Steve Kille shows as "away" and his status message is "Hampton"
[10:16:12] <Flow> jonasw, ok, i guess it's part of the multi nick sharing initiative
[10:16:39] *** daniel has left the room
[10:16:41] *** daniel shows as "online"
[10:17:24] <jonasw> Flow, no, it’s part of the avatars for MUCs initiative :)
[10:17:39] *** Kev shows as "away"
[10:17:46] <jonasw> and knowing the disco#info of a MUC is probably useful
[10:17:57] <Flow> from what I know till now, I don't feel that it is worth separating the hashes. Instead we should consider adding a best practice to xep30 that disco#info results are supposed to be not short-living
[10:18:19] <jonasw> Flow, how are you suggesting to fix the xep45 use-case then?
[10:18:29] <jonasw> also, short-living isn’t the same as high-cardinality, whihc is also an issue
[10:18:33] <jonasw> (as in the OS Version case)
[10:19:06] *** Martin shows as "away" and his status message is "Away"
[10:19:10] <Flow> jonasw, the os version case is not xep92?
[10:20:07] <Flow> but yes, you are right, it's not the same, i'm not sure if high-cardinality is an issue and if it needs fixing
[10:20:12] *** marc has joined the room
[10:20:45] *** moparisthebest has joined the room
[10:21:08] <jonasw> softwareinfo
[10:21:10] <Flow> same is true for xep45, I possibly could live with an cold caps cache every time an occupant leaves or joins
[10:21:15] <jonasw> hm, we could test that, we have a huge repository of caps data
[10:21:18] <jonasw> I think I’ll do that :)
[10:21:32] <Flow> jonasw, sorry, softwareinfo?
[10:21:44] <jonasw> https://xmpp.org/extensions/xep-0232.html
[10:21:45] <jonasw> that one
[10:21:48] <jonasw> I had to google the namespace myself
[10:22:15] *** pep. shows as "online"
[10:23:32] <Flow> uh, i forgot that we have an update to xep92, would be great if there where a pointer from xep92 to it's possible successor
[10:24:01] <jonasw> Flow, the issue is that caps cache should be persistable; defeating that because we’re spamming the databases with pointless updates/minor differences is kinda sad.
[10:24:26] <jonasw> but sure, I’ll run a test on the capsdb
[10:24:31] <Flow> jonasw, but is it an issue?
[10:24:33] <jonasw> it’s a bit dated, but probably a good source of a first estimate
[10:24:44] *** stefandxm shows as "away" and his status message is "Available"
[10:24:46] <jonasw> Flow, that’s what I’m going to find out
[10:25:08] *** andy has joined the room
[10:25:20] *** ralphm has joined the room
[10:25:30] <Flow> hmm not sure if xep232 is really an improvement over xep92
[10:27:13] *** intosi shows as "online"
[10:27:43] *** intosi shows as "online"
[10:31:00] *** andy has left the room
[10:36:10] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:36:10] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:38:32] <marc> Ge0rG: how do you implement "pending XMPP URIs"? E.g. you add a contact but don't have an account set up yet and show the corresponding dialog after account setup. IIRC you do this in yaxim
[10:39:23] *** rion has joined the room
[10:41:46] *** stefandxm has left the room
[10:42:08] <Ge0rG> marc: I'm keeping the Intent and re-firing its handler after account creation
[10:43:51] <SaltyBones> what does that mean? you can add people who don't have an account??
[10:44:20] <marc> Ge0rG: what if multiple activities are involved before you can re-fire it? Do you pass it to all the activities?
[10:44:23] <jonasw> SaltyBones, XEP-0401
[10:44:38] <SaltyBones> -xep-0401
[10:44:47] <daniel> > Ge0rG: how do you implement "pending XMPP URIs"? E.g. you add a contact but don't have an account set up yet and show the corresponding dialog after account setup. IIRC you do this in yaxim
Conversations does that as well
[10:44:48] *SaltyBones kicks Bunneh.
[10:44:55] <Ge0rG> marc: the only flow allowed is "main activity [optional: prefs activity ->] main activity"
[10:45:02] <jonasw> SaltyBones, -xep 0401
[10:45:14] <jonasw> SaltyBones, {xep 0401}
[10:45:16] <Bunneh> SaltyBones: Easy User Onboarding (Standards Track, Experimental, 2018-01-25)
See: https://xmpp.org/extensions/xep-0401.html
[10:45:18] *SaltyBones pours a bucket of water on Bunneh.
[10:45:18] <jonasw> there we go
[10:45:20] <marc> daniel: really? What version?
[10:45:29] <daniel> Not with the entire uri though. Just the jid. But that could be changed
[10:45:38] <daniel> marc: dunno. Maybe 1.23.0
[10:45:50] <Ge0rG> Bunneh is b0rked
[10:46:10] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:46:10] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:46:17] <marc> Ah okay, because I need the full URI
[10:47:31] <daniel> yeah changing that is probably fairly easy
[10:48:53] <marc> Okay, I'll take a look
[10:49:15] <SaltyBones> marc, did you write this XEP?
[10:49:32] <SaltyBones> Anyway, good stuff.
[10:49:41] *** nyco has left the room
[10:49:47] <SaltyBones> And of course as always thanks to Ge0rG for all his efforts in this direction!
[10:52:30] <marc> SaltyBones, Ge0rG also did lots of stuff
[10:52:30] <marc> SaltyBones: yes
[10:53:49] *** jonasw shows as "away"
[10:54:30] *** lumi shows as "away" and his status message is "(Idle 10 min)"
[10:55:46] <Ge0rG> SaltyBones: 🙇
[10:57:24] *** rion has left the room
[10:57:49] *** daniel has left the room
[10:58:14] *** Dave Cridland shows as "online"
[10:58:48] *** dwd shows as "online"
[10:59:17] *** Dave Cridland has left the room
[11:00:36] *** Dave Cridland shows as "online"
[11:02:38] *** daniel shows as "online"
[11:04:18] *** lumi shows as "online"
[11:06:49] *** ralphm has joined the room
[11:07:03] *** Steve Kille has left the room
[11:07:10] *** tux shows as "online"
[11:08:33] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[11:09:29] *** lumi has left the room
[11:11:25] *** nyco shows as "online"
[11:11:58] <Ge0rG> So I've installed kaidan, and it is _very_ basic
[11:12:17] <Seve> it is
[11:14:23] *** blabla has left the room
[11:14:44] *** marc has left the room
[11:16:46] *** Holger shows as "online" and his status message is "I'm available"
[11:16:46] *** Holger shows as "online" and his status message is "I'm available"
[11:17:48] *** Martin shows as "away" and his status message is "Away"
[11:17:52] *** Martin shows as "online"
[11:18:33] *** tim@boese-ban.de shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[11:18:53] *** jubalh has left the room
[11:18:55] <daniel> seems to be a pattern
[11:19:16] <Ge0rG> The CADT pattern.
[11:19:21] *** remko shows as "away"
[11:19:55] <Ge0rG> Oh, I've installed 0.2.3 from their repo, github has 0.3.2
[11:20:38] <Seve> Well, it is relatively new, so...
[11:22:11] <Ge0rG> https://github.com/KaidanIM/packages/issues/1 :|
[11:23:06] <Ge0rG> Seve: 0.3 was a significant change
[11:23:29] *** rion has joined the room
[11:23:47] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[11:23:51] *** Alex shows as "online"
[11:23:56] <Ge0rG> also half a year of development between the releases.
[11:24:00] *** jjrh has left the room
[11:24:05] *** jjrh shows as "online"
[11:24:08] <Ge0rG> So Kaidan reflects the general status of XMPP very well.
[11:24:38] *** jjrh has left the room
[11:24:41] <MattJ> 6 months between releases is not long, or what are you saying? :)
[11:24:56] *** nyco has left the room
[11:25:03] <Ge0rG> MattJ: I'm saying that having 6 months old DEBs on their own repo is really bad.
[11:27:57] *** jjrh shows as "online"
[11:28:55] *** Ge0rG shows as "online"
[11:28:57] *** Ge0rG shows as "online"
[11:28:59] *** Ge0rG shows as "online"
[11:29:00] *** Ge0rG has left the room
[11:29:01] *** Ge0rG shows as "online"
[11:29:02] *** Ge0rG has left the room
[11:29:03] *** Ge0rG shows as "online"
[11:29:03] *** Ge0rG has left the room
[11:29:07] *** Ge0rG shows as "online"
[11:29:08] *** Ge0rG has left the room
[11:29:09] *** Ge0rG shows as "online"
[11:29:09] *** Ge0rG has left the room
[11:29:11] *** Ge0rG shows as "online"
[11:29:11] *** Ge0rG has left the room
[11:29:13] *** Ge0rG shows as "online"
[11:29:13] *** Ge0rG has left the room
[11:29:19] *** jubalh has joined the room
[11:32:28] *** jubalh has left the room
[11:32:32] *** jonasw shows as "online"
[11:32:46] *** jubalh has joined the room
[11:32:52] *** Guus shows as "online"
[11:33:46] *** jubalh has left the room
[11:33:51] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[11:34:23] *** jubalh has joined the room
[11:36:13] *** Alex shows as "online"
[11:37:02] *** nyco shows as "online"
[11:38:42] *** marc has joined the room
[11:40:10] *** Guus has left the room
[11:41:25] *** tim@boese-ban.de shows as "online"
[11:42:32] *** Steve Kille has joined the room
[11:42:37] *** Steve Kille shows as "online" and his status message is "Hampton"
[11:42:49] <SaltyBones> You can deploy QT to iOS?
[11:44:08] *** Dave Cridland has left the room
[11:44:18] *** Dave Cridland shows as "online"
[11:44:41] <Tobias> Some Qt pars, yes
[11:44:42] *** daniel shows as "online"
[11:44:49] <Tobias> Qt Quick GUIs you can
[11:44:59] *** daniel has left the room
[11:45:16] *** daniel shows as "online"
[11:45:25] *** Kev shows as "online"
[11:46:08] <SaltyBones> Does GTK have something similar?
[11:46:20] <Tobias> no clue
[11:47:43] *** stefandxm has joined the room
[11:47:44] *** stefandxm shows as "away" and his status message is "Available"
[11:47:57] *** suzyo has joined the room
[11:49:22] *** daniel has left the room
[11:49:28] <SaltyBones> Tobias, this https://doc.qt.io/qt-5/qtquick-index.html ?
[11:49:36] *** matlag shows as "online"
[11:49:52] <Tobias> yes...that stuff works across desktop and ios/android platforms
[11:50:00] <SaltyBones> huh...nice
[11:50:01] <jonasw> "works"
[11:50:06] <SaltyBones> oh...
[11:50:30] <jonasw> it lacks quite a few things/controls, it is a pain to use with C++ and I think you’ve got to do accessibility quite all by yourself
[11:50:38] <jonasw> but I haven’t looked deeply into the last part
[11:51:09] *** jjrh has left the room
[11:51:12] *** jjrh shows as "online"
[11:51:29] *** tim@boese-ban.de shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[11:51:49] *** jjrh has left the room
[11:52:27] *** Dave Cridland has left the room
[11:53:41] *** Dave Cridland shows as "online"
[11:54:22] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:54:41] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:55:01] *** Dave Cridland has left the room
[11:56:19] *** Dave Cridland shows as "online"
[11:56:44] *** ralphm has joined the room
[11:57:13] *** Kev shows as "away"
[11:57:22] *** Dave Cridland shows as "online"
[11:57:28] *** dwd shows as "online"
[11:58:21] *** tim@boese-ban.de shows as "online"
[11:59:17] *** Dave Cridland has left the room
[11:59:57] *** Dave Cridland shows as "online"
[12:01:13] *** jjrh shows as "online"
[12:01:56] *** Dave Cridland has left the room
[12:02:17] *** Kev shows as "online"
[12:02:29] *** remko shows as "online"
[12:02:38] *** Dave Cridland shows as "online"
[12:03:19] *** Dave Cridland has left the room
[12:03:38] *** Dave Cridland shows as "online"
[12:04:31] *** Dave Cridland has left the room
[12:05:18] *** stefandxm has left the room
[12:05:35] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:05:52] *** Dave Cridland shows as "online"
[12:06:06] *** Dave Cridland has left the room
[12:06:34] *** Dave Cridland shows as "online"
[12:06:46] *** Dave Cridland has left the room
[12:06:57] *** Dave Cridland shows as "online"
[12:06:59] *** Dave Cridland has left the room
[12:07:31] *** Dave Cridland shows as "online"
[12:07:35] *** intosi shows as "away" and his status message is "Away"
[12:07:39] *** Dave Cridland has left the room
[12:08:02] *** Dave Cridland shows as "online"
[12:08:34] *** blabla shows as "online"
[12:08:41] *** Dave Cridland has left the room
[12:08:57] *** Dave Cridland shows as "online"
[12:10:04] <dwd> Gosh, Gloox. There's a blast from the past.
[12:10:12] *** ralphm shows as "online"
[12:11:31] *** Dave Cridland has left the room
[12:12:00] *** Dave Cridland shows as "online"
[12:12:41] *** Dave Cridland has left the room
[12:12:47] *** Kev shows as "away"
[12:12:49] *** Dave Cridland shows as "online"
[12:14:22] <MattJ> Indeed
[12:15:20] *** Tobias shows as "away"
[12:15:26] *** jubalh has left the room
[12:15:35] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:15:38] *** Dave Cridland has left the room
[12:15:41] *** jubalh has joined the room
[12:16:18] *** Dave Cridland shows as "online"
[12:17:17] *** Dave Cridland has left the room
[12:17:25] *** Dave Cridland shows as "online"
[12:17:37] *** intosi shows as "away" and his status message is "Away"
[12:17:53] *** ralphm shows as "online"
[12:18:28] *** Dave Cridland has left the room
[12:19:03] *** Dave Cridland shows as "online"
[12:20:22] *** nyco has left the room
[12:20:25] *** Dave Cridland has left the room
[12:20:31] *** Steve Kille shows as "away" and his status message is "Hampton"
[12:21:12] *** Dave Cridland shows as "online"
[12:21:27] *** la|r|ma has joined the room
[12:21:35] *** nyco shows as "online"
[12:22:35] *** Dave Cridland has left the room
[12:22:50] *** lskdjf has joined the room
[12:23:52] *** Dave Cridland shows as "online"
[12:25:17] *** Dave Cridland has left the room
[12:25:26] *** Dave Cridland shows as "online"
[12:27:35] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:27:39] *** vanitasvitae shows as "online"
[12:27:48] *** vanitasvitae has left the room
[12:27:54] *** vanitasvitae shows as "online"
[12:28:31] *** Dave Cridland has left the room
[12:28:43] *** Dave Cridland shows as "online"
[12:29:06] *** Dave Cridland has left the room
[12:29:15] *** Dave Cridland shows as "online"
[12:30:32] *** Dave Cridland has left the room
[12:30:36] *** ralphm shows as "online"
[12:31:24] *** Dave Cridland shows as "online"
[12:32:41] *** Dave Cridland has left the room
[12:33:35] *** Dave Cridland shows as "online"
[12:34:03] *** Dave Cridland has left the room
[12:34:13] *** Dave Cridland shows as "online"
[12:36:18] *** jubalh has left the room
[12:36:22] *** jubalh has joined the room
[12:36:31] *** jubalh has left the room
[12:37:35] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:39:08] *** Dave Cridland has left the room
[12:39:21] *** Dave Cridland shows as "online"
[12:42:45] *** intosi shows as "away" and his status message is "Away"
[12:45:44] *** Dave Cridland has left the room
[12:45:54] *** Dave Cridland shows as "online"
[12:48:24] *** Dave Cridland has left the room
[12:48:42] *** Dave Cridland shows as "online"
[12:51:37] *** vanitasvitae has left the room
[12:51:42] *** Dave Cridland has left the room
[12:51:57] *** vanitasvitae shows as "online"
[12:52:10] *** Dave Cridland shows as "online"
[12:55:19] *** Dave Cridland has left the room
[12:55:38] *** suzyo has joined the room
[12:55:41] *** Martin shows as "online"
[12:55:55] *** Martin shows as "away" and his status message is "Away"
[12:56:08] *** Dave Cridland shows as "online"
[12:56:28] *** marc has left the room
[12:57:08] *** Martin shows as "away" and his status message is "Away"
[12:57:29] *** Martin shows as "online"
[13:00:00] *** Alex has joined the room
[13:01:05] *** ralphm shows as "online"
[13:01:42] *** marc has joined the room
[13:02:00] *** jonasw shows as "away"
[13:04:14] *** vanitasvitae has left the room
[13:06:11] *** Dave Cridland has left the room
[13:06:21] *** Dave Cridland shows as "online"
[13:08:41] *** Dave Cridland has left the room
[13:09:31] *** jere has joined the room
[13:09:43] *** Dave Cridland shows as "online"
[13:09:45] *** jonasw shows as "online"
[13:11:24] *** jubalh has joined the room
[13:12:17] *** jubalh has left the room
[13:14:31] *** marc has left the room
[13:16:55] <Ge0rG> jonasw: I think the impact from http upload might be comparable to dns rebinding attacks
[13:17:47] *** Dave Cridland has left the room
[13:17:51] <jonasw> Ge0rG, the local servers thing is a point
[13:18:23] <jonasw> so I’d suggest to add a reference to CWE-918 in the security considerations and write that clients need to treat themselves as HTTP Proxies w.r.t. security considerations
[13:18:30] <jonasw> maybe we can find HTTP documents which elaborate on those
[13:18:38] <Ge0rG> jonasw: with newlines, the attacker can forge any payload to the http post
[13:18:40] *** lskdjf shows as "online"
[13:18:45] *** lskdjf shows as "online"
[13:18:46] <jonasw> daniel, ^
[13:18:56] <jonasw> Ge0rG, but we agreed to reject newlines.
[13:19:00] *** Dave Cridland shows as "online"
[13:19:19] <Ge0rG> jonasw: I'm not saying it's impossible without newlines
[13:19:21] <daniel> Yes the newline thing doesn't need debating anymore
[13:20:00] *** Dave Cridland has left the room
[13:20:05] <Ge0rG> daniel: good luck finding out what is "on the LAN"
[13:20:09] *** Dave Cridland shows as "online"
[13:20:29] <daniel> Ge0rG: any of the reserved IP ranges I mean
[13:21:03] <Ge0rG> Gets you into trouble in enterprise deployments
[13:21:17] <jonasw> Ge0rG, "unless the server is in a LAN"
[13:21:41] <jonasw> that’s by the way similar to the application boundary enforcement NoScript does by default…
[13:21:46] <jonasw> nightmare
[13:21:47] <Ge0rG> jonasw: yay for complex filtering rules!
[13:21:54] *** Dave Cridland has left the room
[13:21:57] <jonasw> Ge0rG, that wasn’t my idea
[13:22:13] <jonasw> Ge0rG, do you have a better solution, considering that some services will need headers for authn?
[13:22:20] <jonasw> (and authz)
[13:22:27] <jonasw> and we can’t predict the header names reasonably?
[13:23:03] <daniel> By the way the exploiting your plastic router scenario is kinda independent of the header discussion
[13:23:16] <daniel> Those are usually exploited by get parameters anyway
[13:23:32] *** Alex has joined the room
[13:24:04] *** Dave Cridland shows as "online"
[13:24:15] <Ge0rG> daniel: indeed. Having PUT instead of POST does us a favor here.
[13:24:42] <Ge0rG> daniel: besides, it's easier to exploit things via POST than via GET, but most browsers block cross-origin-POST
[13:25:05] <Ge0rG> And then, the HTTPS certificate requirement should effectively protect typical LAN routers.
[13:25:10] <Flow> Ge0rG, why is PUT different from POST in this case?
[13:25:11] <daniel> Ge0rG, assuming your $10 router distinguishes between the different methods :-)
[13:25:11] <Ge0rG> but those are all mitigations
[13:25:19] <Ge0rG> daniel: touché
[13:25:26] *** Dave Cridland has left the room
[13:25:28] <MattJ> "Let's use HTTP because it's simple"
[13:25:30] *MattJ ducks
[13:25:44] <Ge0rG> Flow: most HTTP appliances use POST for form submission, not PUT
[13:25:45] <Flow> yeah, XMPP is way simpler
[13:25:51] <jonasw> Ge0rG, browsers don’t block cross-origin post unconditionally; I know that you can cross-origin POST with a <form/> for example
[13:25:51] *Flow ducks
[13:26:00] <Ge0rG> stop it now! I'm just reading Jingle-FT and it's gruesome.
[13:26:45] <Ge0rG> jonasw: good point. Does that make all HTTP POST endpoints exploitable?
[13:26:57] <jonasw> Ge0rG, that’s why we have CSRF tokens
[13:27:07] <Ge0rG> I love those.
[13:27:13] <Ge0rG> Let's add an CSRF token to HTTP-Upload.
[13:27:35] *** Alex has left the room
[13:27:46] *** Kev shows as "online"
[13:27:47] *** Tobias shows as "online"
[13:28:15] *** Fabian has joined the room
[13:28:41] <Flow> I whish we had a magic marker which tells us when ge0rg is serious nor not
[13:28:55] <Ge0rG> Flow: I wish I had such a marker myself.
[13:28:57] *** bra shows as "online"
[13:29:11] *** intosi shows as "away" and his status message is "Away"
[13:29:14] *** intosi shows as "online"
[13:30:12] *** Dave Cridland shows as "online"
[13:30:24] <SaltyBones> what is the original document you guys are discussing?
[13:30:31] <Ge0rG> SaltyBones: XEP-0363
[13:30:42] <SaltyBones> -{XEP 0363}
[13:30:45] <Flow> -xep363
[13:30:47] <Ge0rG> SaltyBones: also https://mail.jabber.org/pipermail/standards/2017-November/033936.html
[13:30:54] <Flow> hmm
[13:30:58] *** Steve Kille shows as "online" and his status message is "Hampton"
[13:30:58] <Flow> -xep-0363
[13:31:04] <MattJ> -xep 363
[13:31:04] <Bunneh> MattJ: HTTP File Upload (Standards Track, Proposed, 2017-12-03)
See: https://xmpp.org/extensions/xep-0363.html
[13:31:20] <Tobias> Ge0rG, what's your issue with Jingle FT?
[13:32:57] *** Dave Cridland has left the room
[13:33:05] <Ge0rG> Tobias: it's an overengineered horrible mess
[13:33:34] <Ge0rG> Tobias: I can only hope that all of the complexity comes from the domain and not from Jingle-FT itself.
[13:33:54] <Tobias> Ge0rG, in what way? what bit is in there that's not needed to get peer-to-peer file transfer working in all cases
[13:34:31] <Tobias> the complexity likely comes from the problem domain
[13:34:37] <Tobias> WebRTC is similarly complex
[13:35:12] <Ge0rG> Tobias: except WebRTC also has proper NAT traversal and e2ee ;)
[13:35:33] <Flow> I think both Jingle and WebRTC have room for improvement when it comes to reducing the complexity. But I doubt that it's going to happen, because their deployment reached the critical mass
[13:35:42] *** Dave Cridland shows as "online"
[13:35:55] <Flow> Ge0rG, Jingle has E2EE too (not sure what the current state of the xep is)
[13:36:03] <jonasw> "Experimental"
[13:36:05] <Ge0rG> Flow: "horrrible"
[13:36:10] <Tobias> WebRTC has decent e2ee? I thought it's e2ee was MITM-able
[13:36:14] <Ge0rG> or maybe "abandoned"
[13:36:17] *** stefandxm has joined the room
[13:36:18] *** stefandxm shows as "away" and his status message is "Available"
[13:36:22] *** la|r|ma shows as "online"
[13:36:30] *** la|r|ma shows as "online"
[13:37:08] *** marc has joined the room
[13:38:14] *** Fabian shows as "xa" and his status message is " (Nicht verfügbar wegen Untätigkeit seit mehr als 15 Minuten)"
[13:38:34] *** andy has joined the room
[13:39:14] <marc> It has E2EE if the signaling channel is protected
[13:40:24] <Ge0rG> marc: ITYM if the server is trusted.
[13:41:46] <SaltyBones> Maybe this is controversial but I think 0363 should NOT allow "unlimited other headers" at most it should allow one or two specific ones but imho none would be more appropriate.
[13:42:01] <jonasw> SaltyBones, but there are services which require headers
[13:42:15] <jonasw> integration with those services was the goal of the update which introduced headers
[13:44:18] *** Dave Cridland has left the room
[13:44:20] <SaltyBones> Why doesn't the server just take the data and the put it wherever it belongs?
[13:44:29] <Ge0rG> HTTP-Upload headers are the XHTML-IM of this year's compliance suite.
[13:44:39] <Ge0rG> SaltyBones: because traffic and scalability
[13:45:15] <jonasw> Ge0rG, you’re exaggerating
[13:46:25] *** Dave Cridland shows as "online"
[13:47:01] <Tobias> Ge0rG, what's your opinion on XEP-0385?
[13:47:12] *** rion has left the room
[13:47:13] <SamWhited> For once I disagree about the complexity. The trade off seems justified here, without the headers you can't have auth or signed URLs
[13:47:23] <marc> Ge0rG: not exactly, you could use OMEMO to protect the credentials
[13:47:26] *** rion has joined the room
[13:47:32] *** jubalh has joined the room
[13:48:03] <SaltyBones> So, why doesn't the server simply communicate the URL it passed to the client to whoever actually gets the data?
[13:48:19] *SaltyBones should really stop talking.
[13:48:22] *** Steve Kille shows as "away" and his status message is "Hampton"
[13:48:43] *** Kev shows as "away"
[13:48:44] <Ge0rG> SamWhited: I'm only slightly serious, but I'd like to hear your input on how a malicious server could abuse http-upload to wreak havoc
[13:48:45] *** jubalh shows as "online"
[13:48:50] <Ge0rG> a malicious xmpp server
[13:49:22] *** jubalh has left the room
[13:49:43] *** Dave Cridland has left the room
[13:51:43] <SamWhited> I want to make sure that a client can't upload unlimited stuff, but the http server is on another host and knows nothing about the xmpp server. How can I do that without some way for the client to also communicate with the http server? I could maybe shove one or two things in the path, but that's going to get ugly quick
[13:52:13] *** Dave Cridland shows as "online"
[13:52:25] <SamWhited> mostly I just want to use s3 directly though, which requires auth headers.
[13:52:28] <Ge0rG> SamWhited: so instead you opt for making the client a generic protocol proxy?
[13:52:37] *** stefandxm has left the room
[13:53:10] <jonasw> (a generic XMPP->HTTP proxy)
[13:53:12] <SamWhited> It's nothing close to that, it has to support http to do a post anyways, so you're just telling it how to structure its request
[13:53:25] <jonasw> SamWhited, this is exactly what proxying is
[13:53:36] *** Dave Cridland has left the room
[13:53:47] <jonasw> I was flabbergasted when Ge0rG said that first, but I think he’s right.
[13:53:57] *** Martin has left the room
[13:54:01] *** Dave Cridland shows as "online"
[13:54:09] <jonasw> in the end what the client is here is a proxy supporting PUT with arbitrary headers to an arbitrary HTTP(S) host with an arbitrary URL
[13:54:29] <jonasw> the only thing the server can’t control is Content-* and the body
[13:55:30] <SamWhited> this sounds dangerously close to a semantic argument, so sure, it's a simple proxy without the complex body bits. that seems fine.
[13:56:23] <Ge0rG> SamWhited: I'd argue that we have a whitelist of HTTP headers that the module is allowed to override/set.
[13:57:36] <SaltyBones> SamWhited, isn't that impossible? The client has to request a slot from the XMPP server and must include the filesize and the receiving host must validate that filesize. They have to communicate, right?
[13:58:30] <Ge0rG> SaltyBones: they don't *have to*, the HTTP server can be independent
[13:58:33] <jonasw> SamWhited, SaltyBones, mod_http_upload_external for prosody essentially includes an HMAC of the content size and file name into the PUT URL query which is verified by the peer.
[13:58:50] <jonasw> but other, already existing things require HTTP headers to dot hat
[13:58:54] <jonasw> but other, already existing things require HTTP headers to do that
[13:59:19] <SamWhited> Ge0rG: what benefit would a white list provide?
[13:59:58] <Ge0rG> SamWhited: we would severely limit what a malicious server can do via the client-proxy.
[14:00:18] <SamWhited> SaltyBones: upload servers often need things at point of upload, eg a bearer token.
[14:00:57] <SamWhited> Ge0rG: I see, that seems fair.
[14:01:24] <Ge0rG> SamWhited: have a look at http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html#host for how to abuse an HTTP proxy to access non-HTTP protocols
[14:03:38] <Ge0rG> Seems like nobody is reading my emails :>
[14:03:43] <SamWhited> I'm reasonably sure this isn't actually a problem here, but I'd be interested in trying to come up with a POC. Will read that when I get to my desk
[14:04:23] *** Dave Cridland has left the room
[14:04:51] <Ge0rG> SamWhited: tl;dr: if you can inject raw multi-line text into requests to custom ports, you can own many text-based protocols.
[14:05:23] <SamWhited> oh, well yah, headers have to be sanitized
[14:05:29] *** Dave Cridland shows as "online"
[14:05:53] <Ge0rG> I'm pretty sure that SMTP looks sufficiently close to HTTP to be able to send an email just by passing a long list of custom headers ;)
[14:06:08] <jonasw> I’m not so sure
[14:06:14] <jonasw> or does SMTP use colons everywhere?
[14:06:27] <Ge0rG> jonasw:
MAIL FROM: foo
RCPT TO: bar
[14:06:31] <jonasw> ew
[14:06:36] <jonasw> but can you add spaces to HTTP header names?
[14:06:45] <Ge0rG> jonasw: it depends™
[14:06:45] <daniel> Ge0rG: but you can't pass a data and a dot
[14:06:49] <daniel> As mentioned earlier
[14:06:50] <SamWhited> it also uses mime like headers, yah. But that's an easy fix.
[14:07:22] <SamWhited> That being said, I agree it's going to be a problem.
[14:08:46] <SamWhited> Actually, no I don't. I need to be at my desk to test this, but I'd be suprised if most http libraries allowed invalid requests that way.
[14:11:42] *** jere has left the room
[14:11:48] *** jere has joined the room
[14:12:05] *** Steve Kille shows as "online" and his status message is "Hampton"
[14:13:36] *** ralphm shows as "online"
[14:14:05] *** Kev shows as "online"
[14:14:10] <SamWhited> The attack vector here relies on the users server or a component being malicios too, but part of xmpps security model is that you have to trust your server, so it botheers me less, though if we can mitigate it without too much trouble that seems fine.
[14:14:35] <SamWhited> /thinking-out-loud
[14:15:32] <SamWhited> spling is herd
[14:15:40] <Ge0rG> SamWhited: I tend to agree with what you say, but having such a reverse proxy in a corporate network will surely ring some compliance bells.
[14:16:32] <SamWhited> I doubt it, but I'lk ask our compliance person when I get to the office
[14:16:54] *** andy has left the room
[14:17:09] <SaltyBones> Who are these people who want to put their http upload data on a different machine but cannot be bothered to give it an interface which can check urls with HMACs and why should we care about them? :p
[14:17:28] <Ge0rG> SamWhited: I'm also not sure that all http libraries properly sanitize headers.
[14:17:46] <Ge0rG> SaltyBones: amazon cloud was called out
[14:17:59] <SamWhited> We didn't use it at HipChat for this reason if you need a real world example.
[14:18:46] <SamWhited> Also S3 gives you 5 gigs of free storage or something, but the bandwidth to proxy it is not free.
[14:19:27] *** Dave Cridland has left the room
[14:20:10] <SamWhited> Well, in all fairness I'm not sure that it would fit HipChats use case anyways, but it was immediately discounted because there was no control over requests
[14:20:46] *** Guus shows as "online"
[14:20:57] <SaltyBones> and they wanted total control or would some kind of "provide this token" have been sufficient?
[14:22:06] *** Dave Cridland shows as "online"
[14:22:19] <jonasw> SaltyBones, headers, obviously, because the server had full control over the URL all the time
[14:23:28] <SamWhited> We needed the ability to set auth headers, I think. Can't remember if we needed other stuff for signing or not, seems like that didn't end up making it to the final thing.
[14:23:40] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[14:24:37] *** Kev shows as "away"
[14:24:54] <Ge0rG> SamWhited: so can we agree on a whitelist of "Authorization" and "Cookie"?
[14:25:00] <Ge0rG> and _maybe_ "X-*"
[14:25:02] <jonasw> Ge0rG, also, what is the issue we’re seeing here by the way?
[14:25:26] <jonasw> the only real issue is with network boundaries, isn’t it?
[14:25:32] *** Dave Cridland has left the room
[14:25:39] <jonasw> and the possibility for the malicious XMPP server to disguise itself behind the HTTP upload-ing clients
[14:25:47] <jonasw> otherwise the XMPP server could carry out the attacks themselves
[14:25:51] *** Dave Cridland shows as "online"
[14:25:51] <jonasw> and with much more precision
[14:25:57] <Ge0rG> jonasw: yes.
[14:26:14] *** jubalh has joined the room
[14:26:21] <SamWhited> maybe… if it's not actually a problem a white list seems like it will just be ignored by half of clients and end up causing interoperability problems. We should try to prove that it is, or is not, a problem first in my mind.
[14:26:35] <jonasw> so if there is stuff which breaks from unauthenticated plaintext being sent, I’d be inclined to argue that the stuff which breaks is at fault
[14:26:43] *** jubalh has left the room
[14:26:48] <jonasw> +1 SamWhited
[14:26:57] <SamWhited> I still think trusting the server is okay too.
[14:27:12] <jonasw> that too
[14:27:24] <jonasw> (even though the server might be in an entirely different trust domain than the network the client is on)
[14:27:47] <Ge0rG> SamWhited: if we make it a closed whitelist, we can just provide according xmpp elements for each header name
[14:27:54] <Ge0rG> SamWhited: so that clients can't make dumb errors.
[14:28:07] <jonasw> Ge0rG, for all X-* headers? ;-)
[14:28:20] <jonasw> (blanket-allowing X-* is a bad idea though, IMO)
[14:28:21] <Ge0rG> jonasw: this is why I wrote "closed" :P
[14:28:21] *** Guus has left the room
[14:28:22] *** Guus shows as "online"
[14:29:19] <Ge0rG> jonasw: yes, blanket-allowing X-* is bad. But less bad than blanket-allowing *.
[14:29:28] *** Fabian shows as "online"
[14:31:15] *** bra shows as "online"
[14:31:33] <MattJ> A whitelist makes the feature next to pointless, if the point was to allow arbitrary 3rd-party upload protocols
[14:31:45] <jonasw> that
[14:31:47] <SamWhited> Agreed.
[14:32:01] <jonasw> Ge0rG, I’d argue that an overly-open whitelist is worse than "*"
[14:32:18] <Ge0rG> A blacklist is worthless as well, due to the complexities and lack of standardization of HTTP.
[14:32:42] <SamWhited> Also agree.
[14:33:09] <MattJ> If we're really worried, we can solve it by just ("just") having the client enforce the same same-origin policies a browser would
[14:33:29] <jonasw> MattJ, you mean "none"?
[14:33:35] <Ge0rG> MattJ: awesome idea. because same-origin works so well on HTTP already?
[14:33:38] <jonasw> POST/PUT can be sent cross-domain
[14:33:42] *** ralphm shows as "online"
[14:33:42] <MattJ> Ge0rG, imagine a world without it
[14:33:50] <MattJ> jonasw, since when?
[14:34:06] <jonasw> MattJ, at least with <form/>
[14:34:29] *** Dave Cridland has left the room
[14:34:53] <Ge0rG> MattJ: a world without cross-origin scripting? It would be great!
[14:34:57] <MattJ> jonasw, ah, but you can't send custom headers that way, at least
[14:35:26] <Ge0rG> so we need to disable custom headers in 0363. QED.
[14:35:37] <jonasw> MattJ, true
[14:35:42] <MattJ> for not-same-origin?
[14:35:52] <jonasw> not-same-origin will ~always be the case with s3, won’t it?
[14:35:57] <MattJ> CNAME
[14:35:59] *** Dave Cridland shows as "online"
[14:36:02] <jonasw> does that work?
[14:36:04] <jonasw> with Host header etc.?
[14:36:05] *** Fabian has left the room
[14:36:15] <jonasw> .oO(CNAME and set Host header. bazinga)
[14:36:16] <MattJ> Yes, you can serve any domain from S3 with the right configuration and DNS records
[14:36:19] <Ge0rG> the problem with CNAME will be one of HTTPS certificate validation
[14:36:48] <MattJ> Amazon handles this for you, not an issue
[14:37:20] <jonasw> MattJ, amazon maybe, but $non-amazon-cloud-provider object storage?
[14:37:26] <jonasw> do we want to pin people to amazon with that rule?
[14:37:43] <SaltyBones> I'm in no way an expert on the matter but https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy clearly says "Cross-origin writes are typically allowed" and https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest has a function "XMLHttpRequest.setRequestHeader()"
[14:37:51] <MattJ> You're not pinning them to Amazon - any provider can use Let's Encrypt for example, if you point a CNAME at them
[14:37:54] *** la|r|ma shows as "online"
[14:37:59] *** la|r|ma shows as "online"
[14:38:07] <jonasw> MattJ, yes, but I bet not many do
[14:38:31] <MattJ> jonasw, this is not a protocol problem
[14:38:42] <jonasw> MattJ, yes, but .....
[14:38:46] <MattJ> Delegating to a third-party is something people (rightly) want to do. It can be done.
[14:38:47] <jonasw> do we need to make it harder for people?
[14:38:48] <SaltyBones> So it seems to me, like what we are trying to prevent, can be accomplished with JS in a w ebsite...
[14:38:59] <MattJ> They don't have to do this, it's optional
[14:39:03] <SamWhited> hmm, this seems sensible at first glance. It does limit what you can do with the upload, but it does seem desirable from a security standpoint and the drawbacks aren't that severe. It moves the place you define trust to DNS, which is how xmpp does things anyways.
[14:39:15] *** Dave Cridland has left the room
[14:39:17] <daniel> but same origin doesn't protect you if your own server is bad
[14:39:30] <jonasw> hmm
[14:39:31] <daniel> they could just point a cname to 192.168. something
[14:39:32] <SamWhited> you have to trust your own server anyways
[14:39:42] *** Dave Cridland shows as "online"
[14:39:44] <jonasw> SamWhited, in that case the whole discussion is moot and we can just allow arbitrary headers!
[14:39:50] <jonasw> daniel, +1
[14:39:51] <daniel> SamWhited, the entire debate is about not trusting your server
[14:40:10] *** Guus has left the room
[14:40:42] <SaltyBones> Can somebody tell me why what we are trying to prevent is NOT something that JS on websites can do?
[14:41:04] <SaltyBones> In other words, something that is "somebody elses problem".
[14:41:08] <Ge0rG> daniel: pointing a cname to 192.168.x.x won't give you a valid certificate.
[14:41:48] <Ge0rG> SaltyBones: modern browsers will use CORS to prevent cross-origin POST/PUT
[14:42:35] <Ge0rG> SaltyBones: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
> Additionally, for HTTP request methods that can cause side-effects on server's data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request method
[14:42:50] *** Dave Cridland has left the room
[14:42:51] *** Dave Cridland shows as "online"
[14:43:11] *** Dave Cridland has left the room
[14:43:28] <SaltyBones> Ge0rG, CORS is a way so circumvent the SOP and the SOP is what I quoted above as not protecting you against cross origin writes...where is the error?
[14:43:46] <jonasw> SaltyBones, because you read "typically" as "always"?
[14:44:08] <SaltyBones> jonasw, but this is enforced in the browser not per site, right?
[14:44:46] <jonasw> SaltyBones, https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests
> In particular, a request is preflighted if any of the following conditions is true:
> * If the request uses any of the following methods:
> * PUT
[14:44:46] <MattJ> It's enforced in the browser. In our discussion, the XMPP client is in the place of the browser
[14:44:51] <jonasw> I think that is pretty clear
[14:45:01] *** Guus shows as "online"
[14:45:18] <jonasw> so SaltyBones, if e.g. your plastic router instructs the browser to reject cross-origin POST requests, it would be safe with modern browsers.
[14:45:25] <jonasw> but it would not be safe against HTTP-Upload
[14:45:26] <Ge0rG> MattJ: so we need to mandate the XMPP client do an HTTP OPTIONS call to the server and to check CORS
[14:45:36] *** uc has joined the room
[14:45:37] <jonasw> Ge0rG, noooooooooooooooooo
[14:45:56] <MattJ> > 13:19:49 MattJ> "Let's use HTTP because it's simple"
[14:45:59] *** Dave Cridland shows as "online"
[14:46:02] <Ge0rG> I'll -1 the XEP until this is mandated, or until I'm kicked out of Council.
[14:46:16] *MattJ -1's Ge0rG
[14:46:25] *jonasw -1's HTTP
[14:46:31] <jonasw> I think that’s the right course of action anyways.
[14:46:36] *MattJ first performs an OPTIONS request to verify he's allowed to -1 Ge0rG
[14:46:44] <Ge0rG> MattJ: you are not.
[14:46:56] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:47:04] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:47:08] *** Guus has left the room
[14:47:08] *** Guus shows as "online"
[14:47:12] <intosi> 303 Pull the other one
[14:47:26] *** Dave Cridland has left the room
[14:47:28] <jonasw> Ge0rG, what about my "if a thing breaks by unauthenticated plaintext, it is that things fault"?
[14:47:47] *** Dave Cridland shows as "online"
[14:48:11] *** Dave Cridland has left the room
[14:48:19] *** Dave Cridland shows as "online"
[14:48:22] *** Alex has joined the room
[14:48:33] <Ge0rG> jonasw: talk to a BigCorp CSO and explain that to them, and how their "trusted core network consisting of the datacenter and the office network" must be fixed yesterday.
[14:48:52] *** Alex has left the room
[14:48:52] <jonasw> SamWhited, my feeling is that "trust your serevr" is not applicable here, because this is a different level of privilegue. I trust my XMPP server to handle my IM, but I wouldn’t trust it with remote code execution on my client. Likewise, I’m not sure I’d trust it with "arbitrary" network access.
[14:49:05] *** Dave Cridland has left the room
[14:49:05] *** Dave Cridland shows as "online"
[14:49:10] <jonasw> Ge0rG, why the hell would you allow people to run XMPP clients in your trusted core network?
[14:49:13] *** valo has joined the room
[14:49:39] <jonasw> or any not thoroughly audited software for that matter
[14:49:52] <jonasw> if it’s so crucial to your operations and there’s no additional layer of authentication except being in that network.
[14:49:53] <Ge0rG> jonasw: because Gajim portable and Direct-TLS on :443
[14:50:12] <jonasw> don’t allow removable drives?
[14:50:41] <Ge0rG> don't allow The Internet?
[14:50:50] <jonasw> on the same note, why would you allow people to accsss the intenet at all from that network. you’re doing it very wrong in that case.
[14:50:52] <jonasw> yeah
[14:50:57] <SamWhited> You're alreadytrusting that by virtue of connecting to a thing in an srv record.
[14:51:24] <jonasw> SamWhited, but it can’t control what contents I send there, except for its domain name
[14:51:28] <jonasw> and even that it can’t really controll
[14:51:44] <jonasw> while HTTP Upload does let it control a substantial part of the content I send
[14:52:17] <SamWhited> fair
[14:53:48] *** Dave Cridland shows as "online"
[14:53:48] *** dwd shows as "online"
[14:54:25] <jonasw> so, strawman proposal: what about we make a disco#info form or something which tells the client which headers will be used by a given upload service. They can then decide whether to use that service at all (before showing in the UI that an upload would be possible, thus improving UX in the "no, that’s not okay" use case). And then clients can keep their own whitelist, while we recommend a whitelist in the XEP which contains Authentication, Cookie, Cookie2 (maybe?), and whatever S3 needs
[14:54:28] *** Dave Cridland has left the room
[14:54:59] <Ge0rG> jonasw: please don't.
[14:55:00] <jonasw> mention the trade-offs clearly in the security considerations, too
[14:55:03] <jonasw> Ge0rG, why not?
[14:55:15] <Ge0rG> jonasw: the client can't decide that, and the user even less so.
[14:55:26] <jonasw> how can we decide what the client can’t decide?
[14:56:00] <Ge0rG> jonasw: the client can't decide anything.
[14:58:08] *** daniel has left the room
[14:58:10] *** Guus has left the room
[14:58:42] *** Dave Cridland shows as "online"
[14:59:29] *** SamWhited shows as "online"
[15:00:02] *** Kev shows as "online"
[15:01:58] <Flow> Ge0rG, it's hard to follow your arguments when you don't provide an explaination
[15:02:10] *** Guus shows as "online"
[15:02:20] *** Dave Cridland has left the room
[15:02:27] <jonasw> I’m fine with allowing any header then, I think. Most havoc can be wreaked (on the web side, which is why we have CORS etc.) due to cookies
[15:02:32] <jonasw> and existing sessions
[15:02:45] <jonasw> which isn’t applicable here
[15:02:47] <Ge0rG> Flow: which argument do you want explained?
[15:03:57] <Flow> Ge0rG, why can't the client decide which headers to use or not?
[15:04:16] *** Dave Cridland shows as "online"
[15:05:44] <Ge0rG> Flow: because client developers are already incapable to securely implement IQs, Carbons and XHTML-IM. I'm a full-time IT security consultant and I have a hard time figuring out which HTTP headers might have malicious side-effects.
[15:05:58] *** andy has joined the room
[15:06:05] *** Dave Cridland has left the room
[15:06:06] <Ge0rG> Flow: a client doesn't know if it runs in a "secure network" of some sort
[15:06:14] <Flow> got it, thanks
[15:06:34] *** daniel shows as "online"
[15:06:57] *** Ge0rG shows as "online"
[15:06:58] *** Ge0rG has left the room
[15:06:59] *** Ge0rG shows as "online"
[15:07:00] *** Ge0rG has left the room
[15:07:24] *** Dave Cridland shows as "online"
[15:07:34] <daniel> Ge0rG, could you name one header that can cause bad side effects? (something that couldn't be done with the URL)
[15:08:59] <daniel> (assuming the headers are stripped of \n which I already agreed to)
[15:09:00] <Ge0rG> daniel: sending a mismatching `Host` header will confuse middleboxes.
[15:09:07] *** Steve Kille shows as "away" and his status message is "Hampton"
[15:09:22] *** jubalh has joined the room
[15:10:09] *** Dave Cridland has left the room
[15:10:10] *** Guus has left the room
[15:10:11] <Ge0rG> a `Connection` header might at least confuse the server, causing a small DoS
[15:11:13] <daniel> a middle box that mitm https?
[15:11:35] *** Seve/SouL has joined the room
[15:11:43] <Ge0rG> daniel: yes, that's a common setup at BigCorps
[15:11:53] *** Dave Cridland shows as "online"
[15:12:04] *** daniel has left the room
[15:12:05] <Ge0rG> We could also require an Origin header to be set to the HTTP-Upload component name, cf. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Origin
[15:12:31] <Ge0rG> But this is less strong than any enforced filtering
[15:14:25] *** Dave Cridland has left the room
[15:15:03] *** daniel shows as "online"
[15:15:13] *** Dave Cridland shows as "online"
[15:15:28] <jonasw> Ge0rG, that concurs with my argument "do not let the server override any header you’re setting yourself"
[15:15:42] <pep.> Let me jump in an propose a jingle-ft component on the server to counter http-upload :-°
[15:15:43] <jonasw> both Connection and Host would typically be set by the client (one due to how the lib works, one from the URL)
[15:15:43] *** Tobias shows as "away"
[15:15:47] *pep. is waiting for the stick
[15:15:52] <jonasw> pep., do it
[15:16:16] <Ge0rG> jonasw: "typically"
[15:16:20] <daniel> > Ge0rG, that concurs with my argument "do not let the server override any header you’re setting yourself"
that by the way i'm fine with and i'm actually implemting this in Conversations right now
[15:16:38] <Ge0rG> jonasw: do you know from memory which HTTP headers are set by your favorite http client library? And which of those can't be overridden?
[15:16:55] <pep.> jonasw, I wish I had the knowledge and time for it, but yeah I've heard ideas here and there about this already
[15:16:58] *** Dave Cridland has left the room
[15:17:00] <Ge0rG> jonasw, daniel: so what you are doing is the blacklist approach.
[15:17:06] *** Guus shows as "online"
[15:17:12] <daniel> in that case yes
[15:17:23] <daniel> although it is not a fixed blacklist
[15:17:48] *** Ge0rG shows as "online"
[15:17:49] *** Ge0rG has left the room
[15:17:50] *** Ge0rG shows as "online"
[15:17:51] *** Ge0rG has left the room
[15:19:08] <SaltyBones> Proposal: We ditch alls this in favor of something that ONLY supports what amazon s3 does
[15:19:22] <SaltyBones> Which hopefully should be easy to tighten...
[15:19:53] <SaltyBones> This gives people the option to 1. Use S3 2. Use their XMPP server 3. Emulate one of two API
[15:21:33] *** intosi has left the room
[15:21:34] *** intosi has joined the room
[15:21:45] *** Dave Cridland shows as "online"
[15:22:18] *** Kev shows as "away"
[15:22:18] *** Kev shows as "online"
[15:22:54] *** Dave Cridland has left the room
[15:23:19] <MattJ> Except that I wanted to experiment with using Dropbox/NextCloud/etc. as upload services
[15:23:23] <MattJ> and neither mimic S3
[15:23:25] *** Ge0rG shows as "online"
[15:24:01] *** andy has left the room
[15:24:35] *** stefandxm has joined the room
[15:24:36] *** stefandxm shows as "away" and his status message is "Available"
[15:25:00] <daniel> MattJ, maybe do your expirments and see what headers they require? probably most of them will just use authorize anyway?
[15:25:23] <daniel> in which case instead of allowing header we could just allow authorize or something
[15:25:34] <SamWhited> I really want to try Joyents blob file storage with the Content-MD5 header.
[15:25:54] <SamWhited> Also allowing the server to set the durability-level header which indicates the number of backups in different regions that are required.
[15:26:02] *** Steve Kille shows as "online" and his status message is "Hampton"
[15:26:19] *** Dave Cridland shows as "online"
[15:26:22] *** moparisthebest has joined the room
[15:26:25] <Ge0rG> SamWhited: that sounds like a _very special_ special case.
[15:26:47] <daniel> SamWhited, that sounds a bit dangerous to give the client control over that?
[15:27:27] <MattJ> daniel, I don't know about Dropbox, but NextCloud is either basic auth (if you don't mind sharing credentials with your server) or cookies
[15:27:50] <SamWhited> Not especially; they could cost me a tiny bit more money by having the max replication factor all the time, or not have backups of their own files
[15:27:55] *** moparisthebest shows as "online"
[15:27:59] <SamWhited> But yah, fair enough, that's a special case.
[15:28:08] <daniel> MattJ, then maybe authorize and cookie
[15:28:27] <Holger> FWIW, being able to set an X-ejabberd-something header would be very useful for me.
[15:28:39] <Ge0rG> daniel: I could live with `Authorization` and `Cookie` being the only whitelisted headers.
[15:28:50] <Holger> (Or without the "X-", IIRC today's youth dislikes that?)
[15:28:56] <Ge0rG> Holger: what for?
[15:29:20] <Holger> Ge0rG: Mapping the HTTP request to a virtual host (configuration).
[15:29:23] <MattJ> Dropbox is also Authorization it seems
[15:29:29] <daniel> the thing is that i wasn't the one who wanted headers in there in the first place
[15:29:36] <Ge0rG> Holger: you are doing it wrong.
[15:29:36] *** Dave Cridland has left the room
[15:29:44] <daniel> so it's hard for me to argue for either one side
[15:29:44] <Holger> Ge0rG: How to do it right?
[15:29:51] *** Dave Cridland shows as "online"
[15:30:00] <Ge0rG> Holger: use the Host header to route to virtual hosts? :P
[15:30:04] <Holger> No.
[15:30:08] <Holger> Or well.
[15:30:11] *** Dave Cridland has left the room
[15:30:19] *** Ge0rG shows as "online"
[15:30:20] *** Dave Cridland shows as "online"
[15:30:29] *Dave Cridland is just thinking this is definitely more complex than the Security Considerations of the XEP makes out.
[15:30:50] *** Dave Cridland has left the room
[15:31:14] *** Dave Cridland shows as "online"
[15:31:30] *** Dave Cridland has left the room
[15:31:31] *** Dave Cridland shows as "online"
[15:31:37] *** Dave Cridland has left the room
[15:31:41] *** Dave Cridland shows as "online"
[15:31:48] <daniel> I mean if we white list only cookie and auth you could set a cookie Holger
[15:31:50] <Ge0rG> Holger: on your own infrastructure you could also `PUT https://yourserver.com/yourxmppdomain/random/random.jpg`
[15:31:51] *** jubalh has left the room
[15:31:58] <daniel> If you don't want to use the vhost
[15:32:06] <Holger> Ge0rG: That works if you have an 1:1 mapping between HTTP 'Host' and virtual hosts of course, but admins will spam your tracker if you impose such restrictions.
[15:32:07] <daniel> Or what Ge0rG said
[15:32:19] <Holger> Yes I suggest such things in the docs.
[15:32:21] *** Guus has left the room
[15:32:22] *** Guus shows as "online"
[15:32:30] <Holger> Still tracker spam :-)
[15:32:33] <SamWhited> I'm not sure the whitelist really works; as soon as we do that most signing schemes break. Eg. Joyents requires Host, Amazon's requires that you specify headers to sign up front, I think and has a handful that it always requires.
[15:32:51] <Holger> daniel: Yes I could probably abuse Auth/Cookie headers.
[15:32:53] *** Dave Cridland has left the room
[15:33:16] <SamWhited> And if we're really worried about invalid headers from a malicious server, having any headers at all is a problem (though as I said, I'm not convinced we should be worried about that)
[15:33:17] <Holger> I'm just saying that I doubt we'll come up with all possible use cases in here.
[15:33:24] <daniel> > I'm not sure the whitelist really works; as soon as we do that most signing schemes break. Eg. Joyents requires Host, Amazon's requires that you specify headers to sign up front, I think and has a handful that it always requires.
Can you find out what exactly it requires?
[15:33:45] <SamWhited> Yah, just a moment, I hate looking at the S3 docs (which are terrible) so I was being lazy and looked up Joyents instead.
[15:34:34] *** jonasw shows as "away"
[15:35:01] <Holger> So the idea now is to cope with a few services that are popular today and just hope for the best that the next one will use the same headers?
[15:35:21] *** intosi shows as "online"
[15:35:26] *** Alex has joined the room
[15:35:34] *** Dave Cridland shows as "online"
[15:36:43] <SamWhited> a bunch of x-amz- headers, otherwise I'm having trouble finding info.
[15:36:47] <SamWhited> But what Holger said.
[15:37:07] <Ge0rG> So it's ["Cookie", "Authorization", "X-*"]
[15:37:24] <Holger> ...
[15:37:37] *** Dave Cridland has left the room
[15:37:48] <SamWhited> I'm still not sure what problem we think we're solving with this.
[15:38:11] <SamWhited> Amazon also does Host and User-Agent at least, I think
[15:38:27] <SamWhited> Although User-Agent makes no sense to me, so maybe this is wrong
[15:38:33] <daniel> SamWhited, the user agent has to be set to something specific?
[15:38:34] <SamWhited> I'm reading this page, and being confused: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
[15:38:46] <SaltyBones> SamWhited, the problem we are trying to solve is that we are currently giving the server the possibility to trigger arbitrary HTTP requests from the client.
[15:38:51] <daniel> oh signed
[15:38:53] <daniel> i get it
[15:39:22] <SamWhited> SaltyBones: that is not a problem description. Why is that bad?
[15:40:01] <SamWhited> I know we've been through this, but I'm just not sure that it's actually a problem and am trying to figure out if it would really cause any security issue.
[15:40:04] <SaltyBones> SamWhited, I'm not convinced that it is but Ge0rG's link does suggest otherwise.
[15:40:05] <Ge0rG> SamWhited: that signature needs to contain the content md5. I can't see how you can make a client generate that header.
[15:40:20] *** Dave Cridland shows as "online"
[15:40:25] *** intosi shows as "away" and his status message is "Away"
[15:40:50] <Dave Cridland> [[ 20 minutes until Council, BTW ]]
[15:41:02] <SamWhited> Does it? I know I've made amazon work before, but yah that doesn't seem like it can be supported easily without additional modifications
[15:41:42] <SamWhited> SaltyBones: his link was about malicious invalid headers, right? (I lost it, sorry, no search in any of my clients) This doesn't solve that (again, if it's actually a problem in our case)
[15:42:00] *** stefandxm has left the room
[15:42:11] <Ge0rG> SamWhited: the signature also depends on YourSecretAccessKeyID, which I'm sure you don't want to leak to the client.
[15:42:11] <MattJ> https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
[15:42:14] *** andy has joined the room
[15:42:27] <Ge0rG> SamWhited: so either the xmpp server needs to have the MD5 in advance or you are doomed.
[15:42:29] <SamWhited> Ge0rG: that's fine, you can generate one per request
[15:42:44] *** intosi shows as "away" and his status message is "Away"
[15:42:44] *** intosi has left the room
[15:42:45] <SamWhited> But yah, MD5 is a problem. It might not always be required though, because I know I've made this work before
[15:42:46] *** intosi has joined the room
[15:42:57] *** Dave Cridland has left the room
[15:43:10] *** Guus has left the room
[15:43:21] *** Dave Cridland shows as "online"
[15:46:58] *** suzyo has joined the room
[15:47:54] *** Dave Cridland has left the room
[15:48:06] *** lskdjf shows as "online"
[15:48:09] *** waqas has joined the room
[15:49:49] *** Dave Cridland shows as "online"
[15:52:00] *** pep. has left the room
[15:52:09] *** pep. shows as "online"
[15:52:21] *** tux has left the room
[15:52:23] <MattJ> SamWhited, I think it's optional, in that I think if you don't provide the header you just put an empty string in the string-to-sign
[15:52:36] <Dave Cridland> By the way, if anyone wants to take some minutes for the Council meeting (in a few minutes from now), that'd be tremendously useful.
[15:52:42] *** Dave Cridland has left the room
[15:52:49] *** Ge0rG shows as "online"
[15:52:49] *** Ge0rG has left the room
[15:52:52] *** Dave Cridland shows as "online"
[15:53:00] *** blabla has left the room
[15:53:06] *** andy has left the room
[15:53:15] *** vanitasvitae has left the room
[15:53:49] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[15:54:04] <MattJ> SamWhited, and at this point... it looks like S3 allows putting everything into the query string? :)
[15:54:33] *** vanitasvitae has joined the room
[15:54:39] *** Ge0rG shows as "online"
[15:54:39] *** Ge0rG has left the room
[15:56:16] *** Ge0rG shows as "online"
[15:56:16] *** Ge0rG has left the room
[15:56:18] *** Ge0rG shows as "online"
[15:56:19] *** Ge0rG has left the room
[15:56:20] *** Ge0rG shows as "online"
[15:56:20] *** Ge0rG has left the room
[15:56:22] *** Ge0rG shows as "online"
[15:56:22] *** Ge0rG has left the room
[15:56:23] *** Ge0rG shows as "online"
[15:56:24] *** Ge0rG has left the room
[15:56:25] *** Ge0rG shows as "online"
[15:56:26] *** Ge0rG has left the room
[15:56:27] *** Ge0rG shows as "online"
[15:56:27] *** Ge0rG has left the room
[15:56:33] <SamWhited> That's useful, I didn't realize that. I would prefer not to put auth in the query string either way though.
[15:57:00] *** Ge0rG shows as "online"
[15:57:00] *** Ge0rG has left the room
[15:57:02] *** Ge0rG shows as "online"
[15:57:07] *** Ge0rG shows as "online"
[15:57:07] *** Ge0rG has left the room
[15:57:09] *** Ge0rG shows as "online"
[15:57:09] <SaltyBones> Why?
[15:57:09] *** Ge0rG has left the room
[15:57:10] *** jubalh has joined the room
[15:57:11] *** Ge0rG shows as "online"
[15:57:11] *** Ge0rG has left the room
[15:57:54] <SamWhited> Because it's generally accepted best practice that you don't. Things log URLs and it's acceptable to do so, they don't generally log headers (because that's generally where you put things you don't want logged like this)
[15:59:23] *** tux has joined the room
[16:00:41] *** Dave Cridland has left the room
[16:01:01] *** Dave Cridland shows as "online"
[16:01:01] <Dave Cridland> [[ Council time over in council@muc.xmpp.org ]]
[16:01:57] <goffi> pep.: I have a server side jingle-ft component
[16:02:51] *** Tobias shows as "online"
[16:03:15] <pep.> goffi, !
[16:03:27] <pep.> Is it in a working state
[16:03:37] *** Guus shows as "online"
[16:03:37] <goffi> I'm currently working on it, but it's already working yes
[16:04:05] <pep.> Also, there's no XEP for that right? Or how much is it covered by the current XEP?
[16:04:16] <goffi> the XEP is jingle FT
[16:04:32] <goffi> instead of sending to an other client, I send to the component
[16:04:33] *** bra shows as "online"
[16:04:35] <goffi> nothing else to do
[16:04:40] *** tux has joined the room
[16:04:50] *** Dave Cridland has left the room
[16:04:53] <SaltyBones> and then the server offers it via httpupload or again jingle?
[16:05:02] *** Dave Cridland shows as "online"
[16:05:04] <pep.> Sure but then you can do things with your component you can't do with clients
[16:05:29] <pep.> You can use your component to proxy the transfer, to retry when the other contact is back online etc.
[16:05:50] <pep.> Or just serve the file
[16:05:54] <SaltyBones> I'm not complaining just trying to figure out what's happening. :)
[16:06:02] <goffi> SaltyBones: I'm on this part currently, implementing XEP-0329, but I'm not happy with it, I plan to write a feedback on standard@ about that
[16:06:03] <pep.> SaltyBones, jingle
[16:06:11] <pep.> I hope
[16:06:22] <pep.> I don't see the point of http-upload here
[16:06:55] <pep.> It's not unfeasible though, the component could serve via http as well
[16:07:00] <goffi> I'm saying that since HTTP upload is on the table. The only interest is has, is that it's easy to implement when jingle is not yet implemented in a library
[16:07:25] <goffi> but once you have jingle, it's more easy to do this way.
[16:08:13] *** Dave Cridland has left the room
[16:08:15] *** andy has joined the room
[16:08:50] *** blabla shows as "online"
[16:08:57] *** tux shows as "online"
[16:09:27] *** Dave Cridland shows as "online"
[16:09:38] <goffi> and with namespace delegation, you can even send fileto your bare jid, you don't even need to find the component. I've not done it yet, but it's in my TODO
[16:10:01] *** jjrh has left the room
[16:10:04] *** jjrh shows as "online"
[16:11:46] *** Dave Cridland has left the room
[16:12:23] *** remko shows as "away"
[16:12:24] *** Kev shows as "away"
[16:12:45] *** blabla has left the room
[16:12:45] *** blabla has left the room
[16:13:10] *** blabla has joined the room
[16:13:26] *** blabla shows as "online"
[16:13:28] *** Dave Cridland shows as "online"
[16:14:18] *** jubalh has left the room
[16:15:31] *** Ge0rG shows as "online"
[16:15:42] *** Ge0rG shows as "online"
[16:15:53] *** Ge0rG has left the room
[16:16:21] *** Ge0rG shows as "online"
[16:16:24] *** Ge0rG shows as "online"
[16:16:31] *** Dave Cridland has left the room
[16:16:46] *** Dave Cridland shows as "online"
[16:19:13] *** jubalh has joined the room
[16:19:21] *** jubalh has left the room
[16:19:44] *** Dave Cridland has left the room
[16:20:41] *** Steve Kille shows as "away" and his status message is "Hampton"
[16:21:31] *** remko shows as "online"
[16:21:48] *** Guus has left the room
[16:21:48] *** Guus shows as "online"
[16:22:13] *** tux shows as "online"
[16:22:40] *** Dave Cridland shows as "online"
[16:25:10] *** Guus has left the room
[16:25:45] *** Dave Cridland has left the room
[16:25:55] *** efrit has joined the room
[16:26:03] *** ralphm shows as "online"
[16:27:38] *** Dave Cridland shows as "online"
[16:27:56] *** jjrh has left the room
[16:28:01] *** jjrh shows as "online"
[16:29:44] *** jjrh has left the room
[16:30:01] *** jubalh has joined the room
[16:30:39] *** jjrh shows as "online"
[16:30:49] *** Holger shows as "away" and his status message is "I'm away"
[16:30:57] *** Dave Cridland has left the room
[16:31:32] *** remko shows as "away"
[16:33:16] *** Dave Cridland shows as "online"
[16:36:38] *** Dave Cridland has left the room
[16:37:20] *** Dave Cridland shows as "online"
[16:37:23] *** lumi has joined the room
[16:38:04] *** la|r|ma shows as "online"
[16:38:13] *** Steve Kille shows as "online" and his status message is "Hampton"
[16:38:16] *** Kev shows as "online"
[16:40:25] *** Kev has left the room
[16:40:44] *** Dave Cridland has left the room
[16:41:20] *** jubalh has left the room
[16:41:48] *** blabla has left the room
[16:41:49] *** Dave Cridland shows as "online"
[16:41:52] *** blabla shows as "online"
[16:43:15] *** SaltyBones has left the room
[16:44:12] *** rion has left the room
[16:45:56] *** Dave Cridland has left the room
[16:47:04] *** Guus shows as "online"
[16:47:34] *** jjrh has left the room
[16:47:37] *** jjrh shows as "online"
[16:47:43] *** blabla has left the room
[16:47:47] *** blabla shows as "online"
[16:47:52] *** Dave Cridland shows as "online"
[16:49:01] *** Dave Cridland has left the room
[16:49:10] *** Dave Cridland shows as "online"
[16:49:22] *** tim@boese-ban.de has left the room
[16:50:33] *** Dave Cridland has left the room
[16:51:03] *** Dave Cridland shows as "online"
[16:51:14] *** andy has left the room
[16:55:26] *** Dave Cridland has left the room
[16:56:22] *** ralphm shows as "online"
[16:56:42] *** Dave Cridland shows as "online"
[16:59:34] *** Ge0rG has left the room
[16:59:54] *** mimi89999 shows as "online"
[17:00:28] *** Dave Cridland has left the room
[17:02:11] *** Dave Cridland shows as "online"
[17:07:05] *** blabla has left the room
[17:08:36] *** Guus has left the room
[17:08:36] *** Guus shows as "online"
[17:08:56] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:09:14] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:10:19] *** efrit has left the room
[17:10:29] *** efrit has joined the room
[17:10:56] *** Guus has left the room
[17:10:56] *** Guus shows as "online"
[17:11:40] *** Guus has left the room
[17:11:41] *** Guus shows as "online"
[17:12:38] *** stefandxm has joined the room
[17:12:39] *** stefandxm shows as "away" and his status message is "Available"
[17:15:06] *** Dave Cridland shows as "online"
[17:15:06] *** dwd shows as "online"
[17:16:21] *** Dave Cridland has left the room
[17:17:22] *** Dave Cridland shows as "online"
[17:18:16] *** lovetox has joined the room
[17:19:10] *** Guus has left the room
[17:21:16] *** pep. has left the room
[17:21:19] *** pep. shows as "online"
[17:21:52] *** SaltyBones shows as "online"
[17:22:54] *** Dave Cridland has left the room
[17:23:09] *** Kev has joined the room
[17:23:46] *** Dave Cridland shows as "online"
[17:24:42] *** jubalh has joined the room
[17:26:57] *** jonasw shows as "online"
[17:28:01] *** lskdjf shows as "online"
[17:28:28] *** Dave Cridland has left the room
[17:28:44] *** Dave Cridland shows as "online"
[17:29:26] *** stefandxm has left the room
[17:33:41] *** Dave Cridland has left the room
[17:35:03] *** Dave Cridland shows as "online"
[17:35:08] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:35:08] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:36:24] *** dwd shows as "online"
[17:36:24] *** Dave Cridland shows as "online"
[17:36:27] *** ralphm shows as "online"
[17:38:30] *** andy has joined the room
[17:40:18] *** Dave Cridland has left the room
[17:41:23] *** Dave Cridland shows as "online"
[17:41:48] <SaltyBones> message-id question: why can't we use a counter
[17:42:50] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:42:50] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:43:23] <SaltyBones> I have heard: 1. State keeping is impossible, 2. Attacks based on guessing the id but I'm not convinced that either is a real thing.
[17:43:48] *** la|r|ma has left the room
[17:43:49] *** la|r|ma shows as "online"
[17:43:51] *** Dave Cridland has left the room
[17:44:26] *** Dave Cridland shows as "online"
[17:44:43] <SamWhited> State keeping is very difficult if you have a cluster. Your counter has to be centralized and atomic, which rather defeats the purpose of having a cluster.
[17:45:24] *** lskdjf shows as "online"
[17:45:56] <SaltyBones> can I PM you for discussion? I don't want to spam this channel all the time :)
[17:46:14] <SamWhited> Message me directly please (sam@samwhited.com); none of my clients handle PMs well.
[17:46:27] <SamWhited> Though this is probably good discussion and I don't think you'd be spamming this channel :)
[17:47:09] *** lovetox shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:48:23] *** SamWhited shows as "online"
[17:48:38] *** Dave Cridland has left the room
[17:49:05] *** lovetox shows as "online"
[17:49:16] *** ralphm shows as "online"
[17:49:19] *** Dave Cridland shows as "online"
[17:50:42] *** jere has left the room
[17:50:48] *** jere has joined the room
[17:52:21] *** Guus shows as "online"
[17:52:25] *** Dave Cridland has left the room
[17:52:50] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[17:52:50] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[17:52:51] *** Dave Cridland shows as "online"
[17:52:52] *** intosi shows as "online"
[17:54:14] *** andy has left the room
[17:54:22] *** intosi shows as "online"
[17:54:22] *** Kev shows as "online"
[17:55:08] *** Dave Cridland has left the room
[17:56:13] *** pep. has left the room
[17:56:23] *** pep. shows as "online"
[17:56:55] *** Kev shows as "away"
[17:56:55] *** Kev shows as "online"
[17:57:34] *** Dave Cridland shows as "online"
[17:59:36] *** @Alacer has left the room
[17:59:36] *** waqas has left the room
[17:59:38] *** @Alacer has joined the room
[17:59:39] *** @Alacer has left the room
[17:59:44] *** @Alacer has joined the room
[18:00:32] *** Dave Cridland has left the room
[18:01:58] *** Kev has left the room
[18:03:08] *** jere has joined the room
[18:03:16] *** Dave Cridland shows as "online"
[18:03:34] *** Steve Kille has left the room
[18:04:14] *** Dave Cridland has left the room
[18:04:55] *** Dave Cridland shows as "online"
[18:07:38] *** Dave Cridland has left the room
[18:07:59] *** jjrh has left the room
[18:09:37] *** blabla has joined the room
[18:10:11] *** Dave Cridland shows as "online"
[18:11:47] *** Dave Cridland has left the room
[18:12:02] *** Steve Kille has joined the room
[18:12:10] *** Steve Kille shows as "online" and his status message is "At Home"
[18:12:44] *** Dave Cridland shows as "online"
[18:14:31] *** andy has joined the room
[18:15:24] *** Dave Cridland has left the room
[18:16:41] <jonasw> yeah
[18:16:46] <jonasw> I’d prefer such discussions here too
[18:16:52] <jonasw> most of the time they’re insightful
[18:17:15] *** Dave Cridland shows as "online"
[18:18:40] *** Dave Cridland has left the room
[18:20:21] *** ralphm shows as "online"
[18:21:25] *** waqas has joined the room
[18:22:25] *** intosi has left the room
[18:23:19] *** Dave Cridland shows as "online"
[18:25:23] *** andy has left the room
[18:26:41] *** Dave Cridland has left the room
[18:28:49] *** Dave Cridland shows as "online"
[18:29:01] <moparisthebest> SaltyBones, state keeping client side is impossible too
[18:29:05] *** andy has joined the room
[18:29:10] <moparisthebest> see: vm snapshots
[18:29:27] <moparisthebest> (server side also)
[18:30:31] *** Dave Cridland has left the room
[18:30:35] *** ralphm shows as "online"
[18:30:58] *** Dave Cridland shows as "online"
[18:34:23] *** Dave Cridland has left the room
[18:34:42] *** Dave Cridland shows as "online"
[18:34:50] *** andy has left the room
[18:36:49] *** Dave Cridland has left the room
[18:36:50] *** jjrh shows as "online"
[18:37:13] *** jjrh has left the room
[18:37:16] *** jjrh shows as "online"
[18:39:12] *** andy has joined the room
[18:39:48] *** Guus has left the room
[18:39:49] *** Guus shows as "online"
[18:40:51] *** Dave Cridland shows as "online"
[18:41:36] *** jjrh has left the room
[18:41:40] *** jjrh shows as "online"
[18:42:15] *** Dave Cridland has left the room
[18:43:17] *** lskdjf has left the room
[18:45:03] *** andy has left the room
[18:45:07] *** Dave Cridland shows as "online"
[18:45:16] *** la|r|ma has left the room
[18:45:48] *** Steve Kille shows as "away" and his status message is "At Home"
[18:48:15] *** jonasw shows as "away"
[18:48:16] *** jonasw shows as "online"
[18:48:22] *** jonasw shows as "away"
[18:49:21] *** andy has joined the room
[18:49:32] *** Dave Cridland has left the room
[18:49:54] *** Dave Cridland shows as "online"
[18:51:50] *** rion has joined the room
[18:52:10] *** Guus has left the room
[18:52:22] *** Dave Cridland has left the room
[18:54:46] *** jjrh has left the room
[18:54:49] *** jjrh shows as "online"
[18:54:59] *** jjrh has left the room
[18:55:03] *** jjrh shows as "online"
[18:55:04] *** Dave Cridland shows as "online"
[18:55:36] *** Seve/SouL has left the room
[18:55:43] *** Seve/SouL has joined the room
[18:56:11] *** Seve/SouL has left the room
[18:56:13] *** Seve/SouL has joined the room
[18:57:37] *** Dave Cridland has left the room
[18:57:49] *** Steve Kille shows as "online" and his status message is "At Home"
[18:58:52] *** Dave Cridland shows as "online"
[18:59:30] *** jjrh has left the room
[19:00:55] *** stefandxm has joined the room
[19:00:55] *** stefandxm shows as "away" and his status message is "Available"
[19:01:20] *** jjrh shows as "online"
[19:02:22] *** ralphm shows as "online"
[19:02:42] *** Guus shows as "online"
[19:02:52] *** Dave Cridland has left the room
[19:02:55] *** Syndace has left the room
[19:03:06] *** Dave Cridland shows as "online"
[19:03:07] *** Syndace has joined the room
[19:03:31] *** rion has left the room
[19:03:47] *** rion has joined the room
[19:03:54] *** Dave Cridland has left the room
[19:04:26] *** Dave Cridland shows as "online"
[19:04:49] *** efrit has left the room
[19:04:53] *** Dave Cridland has left the room
[19:05:02] *** Dave Cridland shows as "online"
[19:06:48] *** Guus has left the room
[19:06:55] *** Guus shows as "online"
[19:07:42] *** Dave Cridland has left the room
[19:07:54] *** Dave Cridland shows as "online"
[19:10:02] *** Dave Cridland has left the room
[19:10:11] *** Dave Cridland shows as "online"
[19:10:21] *** efrit has joined the room
[19:10:33] *** lskdjf has joined the room
[19:11:15] *** rion has left the room
[19:13:23] *** Dave Cridland has left the room
[19:13:51] *** Dave Cridland shows as "online"
[19:15:43] *** Steve Kille shows as "away" and his status message is "At Home"
[19:17:05] *** Dave Cridland has left the room
[19:18:26] *** stefandxm has left the room
[19:19:20] *** Dave Cridland shows as "online"
[19:19:45] *** Holger shows as "online" and his status message is "I'm available"
[19:22:59] *** Dave Cridland has left the room
[19:23:29] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[19:23:52] *** Dave Cridland has left the room
[19:24:19] *** Dave Cridland shows as "online"
[19:24:21] *** Dave Cridland shows as "online"
[19:24:48] *** Guus has left the room
[19:26:15] *** bra shows as "online"
[19:28:02] *** Dave Cridland has left the room
[19:28:10] *** Guus shows as "online"
[19:28:33] *** Dave Cridland shows as "online"
[19:28:39] *** Guus has left the room
[19:28:39] *** Guus shows as "online"
[19:30:50] *** Dave Cridland has left the room
[19:33:42] *** Dave Cridland shows as "online"
[19:35:14] *** Dave Cridland has left the room
[19:35:15] *** Dave Cridland shows as "online"
[19:35:48] *** Dave Cridland has left the room
[19:36:28] *** Dave Cridland shows as "online"
[19:37:10] *** Guus has left the room
[19:37:14] *** Dave Cridland has left the room
[19:37:38] <Ge0rG> We could also discuss why MUC-PMs are still broken in some clients :>
[19:37:53] *** Dave Cridland shows as "online"
[19:39:22] <SamWhited> They're just broken in general whichever model you take for them. There are tradeoffs both ways.
[19:39:44] *** Dave Cridland has left the room
[19:39:53] *** Dave Cridland shows as "online"
[19:41:07] <Ge0rG> They are broken in poezio, but it seems that once you explain to a reasonable developer how to implement them, they magically start working.
[19:41:23] *** Holger shows as "online"
[19:41:29] <Ge0rG> At least it's a problem that's easier to solve than MUC reflection matching
[19:41:57] *** efrit has left the room
[19:42:07] *** efrit has joined the room
[19:42:12] <Guus> Ge0rG: are they more broken than UI's not being aware to check if PMs are permitted in the room?
[19:42:20] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[19:43:04] *** nyco has left the room
[19:43:37] *** nyco shows as "online"
[19:43:54] *** lskdjf shows as "online"
[19:43:55] *** Dave Cridland has left the room
[19:44:04] *** Dave Cridland shows as "online"
[19:44:09] <SamWhited> Guus: you either have what Conversations / Mcabber do where they're mixed in with room traffic and you constantly accidentally send things you meant to be a PM to the room, or they're separate conversations in which case they look like 1:1's except a lot of stuff you'd expect to work just doesn't because they're actually MUCs.
[19:44:14] *** Dave Cridland shows as "online"
[19:44:14] *** dwd shows as "online"
[19:44:43] <SamWhited> Also if they're mixed in with the room it's just hard to follow a conversation by PMs if there's also room chatter going on.
[19:44:46] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[19:44:54] *** Alex shows as "online"
[19:45:05] *** blabla shows as "online"
[19:45:12] *** la|r|ma shows as "online"
[19:47:01] *** Neustradamus shows as "away"
[19:47:38] *** Dave Cridland has left the room
[19:48:47] *** Dave Cridland shows as "online"
[19:51:45] *** Dave Cridland has left the room
[19:52:27] <Ge0rG> Guus: that should be solved by properly augmenting outgoing messages with their error bounces
[19:52:57] <Ge0rG> SamWhited: I think that daniel's take at integrating PMs into the MUC is a conscious effort to make them unusable ;)
[19:53:37] <Ge0rG> Besides of not working when you are not in the room, and most clients getting MUC-PM Carbons wrong, my experience is that they work just like normal messages, except you don't know the actual JID of the receiver.
[19:53:48] <SamWhited> Ge0rG: as opposed to having them being separate conversations? That's almost as unusable, just for different reasons. Especially since if the person changes their nickname it immediately breaks everything and makes the world a confusing place.
[19:54:24] *** Dave Cridland shows as "online"
[19:54:26] *** Holger shows as "online"
[19:54:27] <daniel> > Besides of not working when you are not in the room,
or the recipient.
but yes not working messages. pretty minor
[19:54:30] <Ge0rG> SamWhited: a smart client would probably implement nick change tracking, but that doesn't work well for history.
[19:54:37] *** Holger has left the room
[19:54:49] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[19:55:06] <Ge0rG> SamWhited: but as opposed to nickname wars from the IRC days, people have pretty constant nicknames today.
[19:55:15] <daniel> it's almost perfect. expect. you know. messages don't work if the recipient drives through a tunnel
[19:55:22] *** Holger shows as "online"
[19:56:11] <SamWhited> Right; MUC PMs in general are just a bad experience, no matter how you slice it.
[19:56:49] *** Dave Cridland has left the room
[19:56:55] <Ge0rG> I don't know. My experience with them has been better than with some MUCs, and even better than with direct messages in some corner cases
[19:57:09] *** Dave Cridland shows as "online"
[19:57:10] <daniel> and yes. making the UX bad in Conversations and 'hiding' it behind a long press is an attempt to guide people to send regular messages
[19:57:32] <Ge0rG> daniel: except people botch it all the time and send private things in public by accident
[19:57:33] *** blabla has left the room
[19:57:56] <Ge0rG> daniel: it's okay to hide them, but please don't make them easy to mis-use
[19:58:09] *** andy has left the room
[19:58:31] *** bra shows as "online"
[19:59:13] *** Dave Cridland has left the room
[19:59:16] *** Dave Cridland has left the room
[20:00:12] *** Holger has left the room
[20:00:23] *** Holger has left the room
[20:00:25] *** jonasw shows as "online"
[20:00:57] *** Dave Cridland shows as "online"
[20:01:06] *** ralphm shows as "online"
[20:01:23] *** Neustradamus has left the room
[20:01:38] *** Neustradamus has joined the room
[20:02:25] *** Dave Cridland shows as "online"
[20:03:16] *** marc has left the room
[20:04:50] *** marc has joined the room
[20:05:35] <Ge0rG> I think that with always on clients and some self-presence checking code they can be made to work pretty well. Bonus points if you keep outgoing PMs stored until the nickname comes back online
[20:05:57] <daniel> Lol sure. But why?
[20:06:21] *** Dave Cridland has left the room
[20:06:27] <jonasw> Ge0rG, so I can steal that nicknames PMs?
[20:06:27] <jonasw> sweet
[20:06:29] <daniel> The serve no purpose besides annoying me when people think that I help them faster if they pm me
[20:07:26] <Ge0rG> jonasw: how do you know that I'm me?
[20:07:37] <jonasw> Ge0rG, I could’ve established that during the conversation.
[20:07:41] *** blabla has joined the room
[20:07:51] <Ge0rG> (besides of the obvious one, me being the only person who cares about PMs)
[20:07:53] *** Dave Cridland shows as "online"
[20:08:32] *** bra shows as "away" and his status message is "Автостатус (неактивен)"
[20:08:52] <daniel> > Bonus points if you keep outgoing PMs stored until the nickname comes back online
Until you are both online at the same time
[20:09:01] <Ge0rG> jonasw: I could have left the conversation and been replaced by Mallory at any moment in time during our dialog
[20:09:34] *** Dave Cridland has left the room
[20:09:42] <Ge0rG> daniel: you can't see their presence if you are offline 😛
[20:10:05] <daniel> Pretty cool feature these PMs
[20:10:27] <jonasw> Ge0rG, not with a client which reasonably checks identity
[20:10:39] *** Guus shows as "online"
[20:10:45] <jonasw> i.e. either uses the real JID if available or assumes the worst :>
[20:10:49] <Ge0rG> daniel: so you are annoyed because your client is popular? Note taken.
[20:10:50] <daniel> And I could even have four conversations with four different Ge0rGs in four different mucs
[20:11:02] <daniel> And I wouldn't even know if it's the same Ge0rG
[20:11:07] <daniel> Pretty fucking awesome
[20:11:13] *** Dave Cridland shows as "online"
[20:11:34] <daniel> Plus the regular conversation with the real Ge0rG if have
[20:11:45] <jonasw> I like what pidgin does (yes, really)
[20:11:47] <Ge0rG> jonasw: daniel: now you are arguing against anonymous MUCs
[20:11:52] <jonasw> if it knows the real JID, it’ll just make a conversation with that
[20:12:18] <daniel> jonasw: execute code remotely?
[20:12:20] <jonasw> completely circumventing the MUC. and your privacy if real JIDs are only visible to mods, I guess.
[20:12:25] <jonasw> daniel, hah.
[20:12:27] <Ge0rG> jonasw [21:11]:
> I like what pidgin does (yes, really)
Who are you and what have you done to jonasw?
[20:13:22] *** Dave Cridland has left the room
[20:14:01] <Holger> > now you are arguing against anonymous MUCs

Go go go!
[20:14:49] *** Alex shows as "xa" and his status message is "Auto-Status (untätig)"
[20:15:06] <Holger> Once we ditched anon MUCs, there's clearly no point anymore in keeping MUC PMs, is there?
[20:15:26] *** Dave Cridland shows as "online"
[20:15:37] <jonasw> we might need to solve the SPIM issue first.
[20:15:47] <jonasw> or also ditch public MUCs in general. and even then I’m not convinced that this is a good idea.
[20:15:48] <Zash> Solve you say?
[20:15:56] <daniel> maybe we need a small protocol where you can ask someone for their real jid . or give them your real jid. sort of like an invite to chat 1:1. and the other person can accept or decline
[20:15:57] <jonasw> Zash, yes.
[20:16:00] <Ge0rG> Holger: tell that to the people who created MIX proxy JIDs.
[20:16:08] <Holger> jonasw: Yes my suggestion is ditching public MUCs.
[20:16:14] <jonasw> Holger, hm.
[20:16:25] <daniel> so clients could render that as Ge0rG (georg@domain.tld) wants to talk to. is that cool?
[20:16:31] <jonasw> Holger, what IM system would you propose as support channel for, say, prosody, then?
[20:16:34] *** Dave Cridland has left the room
[20:16:36] <Holger> jonasw: Or keep them the half-broken way we have them now. That's good enough for the few of us who use them.
[20:16:45] <Holger> jonasw: IRC.
[20:16:51] <jonasw> ugh
[20:16:58] <Holger> Ok, Matrix :-)
[20:17:02] <jonasw> Holger, okay, if we agree on that, we could "just" solve that with UX
[20:17:18] <SamWhited> Maybe we ditch anonymous mucs, and then if you need to be anonymous your server could issue you with some sort of temporary JID that you could use. Some sort of "burner" jid, maybe. (actually, there were reasons this wasn't ideal, but I forget what they were every time this conversation happens)
[20:17:21] *** Dave Cridland shows as "online"
[20:18:30] <Ge0rG> SamWhited: didn't you even write a strawman xep for that?
[20:18:45] <Ge0rG> BTW, was MIX even mentioned at the summit?
[20:18:54] <Seve> Heh..
[20:18:55] <Holger> Or just register an anon JID manually if you need that.
[20:19:03] <SamWhited> -xep 0383
[20:19:03] <Bunneh> SamWhited: Burner JIDs (Standards Track, Deferred, 2017-01-28)
See: https://xmpp.org/extensions/xep-0383.html
[20:19:06] <Holger> Like email users do.
[20:19:11] <Ge0rG> Or has everybody sane finally reached the conclusion that MIX is dead?
[20:19:13] *** Dave Cridland has left the room
[20:19:22] <jonasw> Holger, right, because our multi-account story does work so well ;)
[20:19:25] <SamWhited> -xep 0389
[20:19:25] <Bunneh> SamWhited: Extensible In-Band Registration (Standards Track, Experimental, 2017-03-16)
See: https://xmpp.org/extensions/xep-0389.html
[20:20:10] <Holger> jonasw: Rather than investing time in fixing PMs we should fix that multi-account story!
[20:20:14] <Ge0rG> SamWhited: the only problem with burner JIDs is that they are free and nobody can block them
[20:21:05] *** andy has joined the room
[20:21:11] *** Dave Cridland shows as "online"
[20:21:22] <jonasw> Holger, I tend to agree
[20:21:33] <Ge0rG> So all we need to do is a PoW attached to creating them!
[20:21:51] <jonasw> I’ll... just ... stop following that discussion at this point.
[20:22:12] <SamWhited> Ge0rG: yah, there needs to be some better policy or access control around them, but there didn't seem to be enough interest for that to be developed.
[20:22:17] <Ge0rG> Do I hear blockchain m
[20:22:29] *** Guus has left the room
[20:22:29] *** Guus shows as "online"
[20:22:46] <SamWhited> But it's no different than people running their own server that they could add tons of JIDs on really, and public servers can certainly rate limit since it requires authentication to get a burner JID
[20:23:21] <SamWhited> Servers could even say that burner JIDs aren't allowed to federate, so they could only be used for MUCs on that server (in which case you could also allow them with SASL-ANONYMOUS)
[20:24:19] *** Dave Cridland has left the room
[20:24:58] *** Dave Cridland shows as "online"
[20:25:19] <Ge0rG> SamWhited: now this is a really useful idea. I'm running a non federated anonymous server for support MUC purposes on my domain.
[20:25:58] <SamWhited> Ge0rG: yah, I do the same, that could be a burner JID service as well and just don't allow burner JIDs to send to stuff on other domains to prevent spam.
[20:26:08] <jonasw> daniel, IIRC, when zinid announced that he was working on the MUC bare-presence thing, you asked whether it’d include disco#info caps. Why did you ask for that? Which part of a MUCs disco#info do you need?
[20:26:35] <Ge0rG> SamWhited: I'd say your last proposal is sufficient to kick all that proxy JID stuff from MIX.
[20:26:41] *** ralphm shows as "online"
[20:26:47] *** Dave Cridland has left the room
[20:26:57] <SamWhited> Ge0rG: there was some reason that it wasn't that I think I ended up being convinced by, but I can't remember what it was.
[20:27:03] *** efrit has left the room
[20:27:23] <SamWhited> But I would love it if we just ignored anonymous MUC and that was handled out of band, by my proposal or something else.
[20:27:59] <SamWhited> Anonymous identities are useful for more than just chat rooms, so it doesn't make much sense to me that it should be part of the groupchat spec and only useable there.
[20:28:33] *** bra shows as "xa" and his status message is "Автостатус (неактивен)"
[20:28:35] <daniel> jonasw: mhhh I guess I don't really *need* it. I think I always query the muc anyway to get a response and avoid server not found et al. But I do work with the non anonymous, members only feature
[20:28:52] *** Dave Cridland shows as "online"
[20:28:56] *** efrit has joined the room
[20:29:06] <daniel> And the form field that tells me if users are allowed to write pms and set the subject
[20:29:15] <jonasw> daniel, okay, so you essentially need the Form :/
[20:29:50] <daniel> Which currently doesn't provide the information I need anyway on ejabberd...
[20:30:21] <Ge0rG> daniel: you should write an xep (or a new section for 45) on how to properly create a private MUC
[20:30:37] *** goffi has left the room
[20:31:18] <daniel> jonasw: yes. I'm aware of ejabberd putting in the member count though... Which makes that difficult...
[20:31:23] *** Dave Cridland has left the room
[20:31:41] *** Dave Cridland shows as "online"
[20:31:41] *** Dave Cridland has left the room
[20:31:50] <jonasw> daniel, so that use-case wouldn’t profit from splitting the caps hash into identities+features and forms
[20:31:51] <jonasw> pity
[20:31:55] <daniel> Other than that a lot of my conferences are configured the same. And having a caps hash would actually minimize the traffic a bit
[20:31:58] *** Dave Cridland shows as "online"
[20:32:38] <jonasw> daniel, but only if the occupant count isn’t in there
[20:32:44] <daniel> Yes
[20:33:05] <jonasw> and if it isn’t, it probably doesn’t matter a lot if we split the hashes because MUCs generally don’t have a very diverse feature set I assume
[20:33:13] <Ge0rG> I'm displaying the occupant count in MUC invitations... 🤔
[20:33:21] *** andy has left the room
[20:33:25] <jjrh> Is there not a way to set a MUC to show everyones full JID?
[20:33:35] <daniel> jjrh: yes
[20:33:41] *** remko shows as "online"
[20:33:48] <jonasw> "yes there is a way%
[20:33:50] <jonasw> "yes there is a way"
[20:34:03] *** remko has left the room
[20:34:10] *** Guus has left the room
[20:34:23] <Ge0rG> https://upload.yax.im/upload/7Cr3yYVohs6RrCxg/1518640458381643013676.jpg
[20:34:38] *** Dave Cridland has left the room
[20:35:23] *** Holger has left the room
[20:35:25] *** Holger shows as "online"
[20:35:46] *** Tobias shows as "online"
[20:35:52] *** Dave Cridland shows as "online"
[20:36:02] *** Tobias shows as "online"
[20:37:06] <jjrh> Because this issue is more of a annoyance in 'trusted' places - aka internal chat where there is no reason I shouldn't know you're JID and when I click your name in group chat (as a lazy way to send a PM vs going to my roster) it should do the right thing.
[20:37:27] <daniel> jonasw: fwiw the split of what muc puts into features and the form is pretty weird and confusing anyway
[20:37:36] *** Dave Cridland has left the room
[20:37:37] *** Dave Cridland shows as "online"
[20:37:40] *** Dave Cridland has left the room
[20:37:43] *** Dave Cridland has left the room
[20:37:48] *** Dave Cridland shows as "online"
[20:38:18] <daniel> And the naming of the features as well
[20:38:45] *** Dave Cridland shows as "online"
[20:40:45] *** Dave Cridland has left the room
[20:41:10] *** Dave Cridland has left the room
[20:41:11] *** Dave Cridland shows as "online"
[20:41:24] *** Dave Cridland has left the room
[20:41:29] *** Dave Cridland shows as "online"
[20:42:21] *** Dave Cridland shows as "online"
[20:43:07] <moparisthebest> I quite like that burner jid thing
[20:43:19] <moparisthebest> what were the downsides again SamWhited ? (or whoever)
[20:44:07] *** Dave Cridland has left the room
[20:44:53] *** ralphm shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[20:44:54] <SamWhited> I wish someone would remind me, but I do remember being convinced that it wouldn't work for MIX ¯\_(ツ)_/¯
[20:45:22] *** Alex shows as "online"
[20:45:23] *** Alex has left the room
[20:46:19] *** Dave Cridland shows as "online"
[20:47:08] <jjrh> beh i'm dumb, I didn't know showing jids was a option in room configuration that probably solves /my/ issue at least.
[20:47:33] *** Dave Cridland has left the room
[20:48:14] *** Dave Cridland has left the room
[20:48:19] *** Dave Cridland shows as "online"
[20:49:02] *** Dave Cridland shows as "online"
[20:49:13] *** stefandxm has joined the room
[20:49:14] *** stefandxm shows as "away" and his status message is "Available"
[20:49:28] *** jjrh has left the room
[20:49:55] *** jjrh shows as "online"
[20:51:43] *** Dave Cridland has left the room
[20:52:14] *** Dave Cridland shows as "online"
[20:52:37] *** Dave Cridland has left the room
[20:52:54] *** Dave Cridland shows as "online"
[20:54:19] <moparisthebest> SamWhited, oh, because burner JIDs aren't shared across devices?
[20:54:27] <moparisthebest> which basically means multi-device can't work
[20:54:39] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[20:54:53] *** ralphm shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[20:55:38] <moparisthebest> so what if you essentially just solved the alias problem while you are at it?
[20:55:42] *** Dave Cridland has left the room
[20:56:42] <moparisthebest> a XEP that gives 'burner JIDs', except rather than being extra logins, the server just delivers all messages to that JID to your account, and you can also send things as that JID, same connection
[20:57:08] <moparisthebest> it would be a bit complicated, but would solve the alias problem *and* the anonymous muc/mix/future mux/whatever problem
[20:57:58] *** Dave Cridland shows as "online"
[21:00:07] *** Dave Cridland has left the room
[21:01:07] <jonasw> if multi-device doesn’t work, I’d be pretty unhappy wtih that
[21:02:19] *** lovetox shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:03:16] *** Dave Cridland shows as "online"
[21:04:35] *** Syndace has left the room
[21:04:42] *** Syndace has joined the room
[21:05:36] *** jonasw shows as "away"
[21:06:00] *** Dave Cridland has left the room
[21:06:52] *** lovetox shows as "online"
[21:07:02] *** stefandxm has left the room
[21:07:42] *** Holger shows as "online" and his status message is "I'm available"
[21:08:39] *** Dave Cridland shows as "online"
[21:09:30] *** ralphm shows as "online"
[21:12:55] *** efrit has left the room
[21:13:22] *** Dave Cridland has left the room
[21:13:34] *** Dave Cridland shows as "online"
[21:15:48] *** lovetox shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:15:49] *** Dave Cridland has left the room
[21:16:54] *** Dave Cridland shows as "online"
[21:16:56] *** lovetox shows as "online"
[21:18:11] *** Dave Cridland has left the room
[21:20:21] *** Dave Cridland shows as "online"
[21:21:34] *** daniel has left the room
[21:21:40] *** daniel shows as "online"
[21:22:11] *** daniel has left the room
[21:23:13] *** daniel has left the room
[21:23:25] *** Dave Cridland has left the room
[21:24:27] *** daniel has joined the room
[21:26:03] *** Dave Cridland shows as "online"
[21:27:33] *** Dave Cridland has left the room
[21:27:46] *** Guus shows as "online"
[21:27:50] *** Dave Cridland shows as "online"
[21:30:02] *** bra has left the room
[21:30:58] *** Dave Cridland has left the room
[21:31:17] *** Syndace has left the room
[21:31:21] *** Syndace has joined the room
[21:33:26] *** Dave Cridland shows as "online"
[21:35:52] *** andy has joined the room
[21:37:15] *** Dave Cridland has left the room
[21:37:56] *** Dave Cridland shows as "online"
[21:40:25] *** intosi has joined the room
[21:43:04] *** Dave Cridland has left the room
[21:43:28] *** Dave Cridland shows as "online"
[21:47:33] *** jubalh has joined the room
[21:47:42] *** daniel has left the room
[21:48:03] *** Dave Cridland has left the room
[21:49:11] <SamWhited> yah, that's probably it; multidevice seems like a must. I actually had it that way originally before someone reminded me that SASL provides an authorization identity; mixing the two streams felt *really* dangerous to me though.
[21:49:16] *** andy has left the room
[21:49:22] *** Dave Cridland shows as "online"
[21:49:34] <SamWhited> The server could always issue the same burner JID to all of your devices though.
[21:52:36] *** Dave Cridland has left the room
[21:53:06] *** daniel has joined the room
[21:54:29] *** Alex has left the room
[21:54:36] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:54:36] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[21:55:02] *** Dave Cridland shows as "online"
[21:56:28] *** Dave Cridland shows as "online"
[21:56:28] *** dwd shows as "online"
[21:57:07] *** Alex has joined the room
[21:57:32] *** Dave Cridland has left the room
[21:58:01] *** Dave Cridland shows as "online"
[22:00:25] *** valo has left the room
[22:00:29] *** valo has joined the room
[22:01:38] *** Dave Cridland has left the room
[22:02:36] *** daniel has left the room
[22:02:56] *** Dave Cridland shows as "online"
[22:03:02] *** daniel has joined the room
[22:06:24] *** Dave Cridland has left the room
[22:08:07] *** Dave Cridland shows as "online"
[22:09:06] *** ralphm shows as "online"
[22:09:15] *** Tobias has left the room
[22:10:09] *** Tobias shows as "online"
[22:13:03] *** SamWhited has left the room
[22:15:32] *** jubalh has left the room
[22:25:32] *** Dave Cridland has left the room
[22:26:07] *** lovetox shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:27:13] *** Dave Cridland shows as "online"
[22:27:51] *** intosi shows as "online"
[22:29:10] *** MattJ shows as "away"
[22:31:39] *** Dave Cridland has left the room
[22:32:11] *** Dave Cridland shows as "online"
[22:33:02] *** intosi shows as "away" and his status message is "Away"
[22:33:03] <Ge0rG> Burner could work as a jabber transport as well.
[22:34:49] <SamWhited> Ge0rG: I didn't understand that?
[22:35:59] *** Dave Cridland has left the room
[22:36:06] *** lovetox shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[22:37:19] *** intosi shows as "away" and his status message is "Away"
[22:37:29] *** stefandxm has joined the room
[22:37:29] *** stefandxm shows as "away" and his status message is "Available"
[22:37:30] *** Dave Cridland shows as "online"
[22:37:44] *** andy has joined the room
[22:39:04] *** Dave Cridland has left the room
[22:39:12] *** lovetox shows as "online"
[22:39:39] <Ge0rG> SamWhited: implement it as an xmpp 2 xmpp transport...
[22:41:02] <Ge0rG> Would give us roster control and the ability to unsubscribe and obtain a new identity
[22:41:19] <SamWhited> I don't think a second JID would help you with that, you still need the client and server to speak the protocol. I suspect I'm missing something though
[22:41:24] *** Holger shows as "away" and his status message is "Auto-away (idle)"
[22:41:37] *** Dave Cridland shows as "online"
[22:41:44] <SamWhited> oh, not 'xmpp2 to xmpp transport'
[22:42:34] <SamWhited> I am still not sure how it helps or what use an xmpp to xmpp transport is though
[22:43:43] <SamWhited> Different identities in your roster I'll grant, although merging rosters is weird UI wise
[22:45:10] *** andy has left the room
[22:45:40] *** Dave Cridland has left the room
[22:45:45] <SaltyBones> I postulate that all of this is caused by people wanting to use the same software for private chats and anonymous public chats. There is surprisingly little overlap in terms of both functionality and UI.
[22:46:11] *** Dave Cridland shows as "online"
[22:46:40] <SamWhited> I tend to agree
[22:47:00] *** intosi shows as "away" and his status message is "Away"
[22:48:06] <SaltyBones> Also, people don't understand how any of this works anyway. If we completey drop anonymous JIDs it will be strictly better because nobody even understand what the benefits are or when they apply so they cannot make use of them. :p
[22:48:09] *** blabla shows as "online"
[22:48:16] *** blabla shows as "online"
[22:48:18] <Zash> More or less public chats are what we use XMPP for ourselves. Don't underestimate that use case.
[22:48:18] *** intosi shows as "away" and his status message is "Away"
[22:48:44] <SaltyBones> Zash, what do you mean by more or less public chats?
[22:48:55] <Zash> SaltyBones: This very room for example.
[22:49:07] <SaltyBones> This room could have JIDs of everybody and nobody would care...
[22:49:59] <Zash> I would, I'm not entirely comfortable with random people being able to contact me out of band just becasue I join a room.
[22:50:15] <Zash> Not that my JID is secret
[22:50:22] <SaltyBones> That's imho a matter of spam handling
[22:50:38] *** stefandxm shows as "online" and his status message is "Available"
[22:54:28] *** moparisthebest shows as "online"
[22:54:33] *** blabla has left the room
[22:57:25] *** Dave Cridland has left the room
[22:57:27] *** Tobias shows as "online"
[22:57:33] *** Tobias shows as "online"
[22:58:27] *** Dave Cridland shows as "online"
[22:58:30] *** intosi shows as "away" and his status message is "Away"
[22:58:43] *** lskdjf shows as "online"
[22:59:07] <Zash> I don't mean because of spam
[22:59:45] *** SaltyBones has left the room
[23:00:57] *** Dave Cridland has left the room
[23:01:11] <SamWhited> I can see anonymity being useful, I just don't think it makes sense to lump it in with grouochat.
[23:01:30] <SamWhited> groupchat, even.
[23:02:13] <Zash> In the prosody support room, the intention is for people to ask the room, so that someone who has time and will can reply and help. Sometimes they instead go directly to PM someone, which can create some amount of stress over not being able to shift the work to others.
[23:02:48] <jjrh> While I set everyone to who may discover JID's, clicking someones name still creates a message in the context of the MUC instead of a direct message. This is with Gajim but i'm guessing this is a issue with other clients.
[23:03:48] *** Steve Kille shows as "online" and his status message is "At Home"
[23:03:50] *** Dave Cridland shows as "online"
[23:04:41] <SaltyBones> Zash: so you re saying it is already as bad as if there were no anonymous IDs? ;)
[23:06:43] *** Dave Cridland has left the room
[23:08:50] *** Dave Cridland shows as "online"
[23:09:51] *** stefandxm shows as "away" and his status message is "Available"
[23:11:57] *** Dave Cridland has left the room
[23:12:18] <jjrh> Zash, it's not just stress - chances are the answer is probably useful to others. :)
[23:12:43] <Zash> That too
[23:12:44] *** Dave Cridland shows as "online"
[23:14:15] <jjrh> MUC message threads in a smart UI would be really cool on high volume channels where multiple questions/discussions are going on at the same time.
[23:14:41] <Zash> There was a client that did that, IIRC. Vacuum-IM perhaps?
[23:15:10] <Zash> There was one (mabye the same) that did #hashtags that let you filter on that as well.
[23:15:22] *** stefandxm shows as "online" and his status message is "Available"
[23:15:28] *** had-hoc has joined the room
[23:18:58] *** Steve Kille shows as "away" and his status message is "At Home"
[23:22:08] *** nyco has left the room
[23:25:15] *** SaltyBones has left the room
[23:25:17] *** SaltyBones has joined the room
[23:26:13] *** Dave Cridland has left the room
[23:26:22] *** Dave Cridland shows as "online"
[23:27:55] *** had-hoc has joined the room
[23:28:12] *** Dave Cridland has left the room
[23:28:47] *** Guus has left the room
[23:28:55] *** Guus shows as "online"
[23:29:22] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:29:22] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:29:25] *** marc shows as "online"
[23:29:32] *** Dave Cridland shows as "online"
[23:29:40] *** Dave Cridland has left the room
[23:30:12] *** Dave Cridland shows as "online"
[23:31:01] *** vanitasvitae shows as "online"
[23:32:01] *** Dave Cridland has left the room
[23:33:33] *** Dave Cridland shows as "online"
[23:34:08] *** Tobias shows as "online"
[23:34:14] *** Tobias shows as "online"
[23:34:29] *** Dave Cridland has left the room
[23:36:11] *** Dave Cridland shows as "online"
[23:36:37] *** Dave Cridland has left the room
[23:36:50] *** Dave Cridland shows as "online"
[23:39:22] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[23:39:22] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[23:39:27] *** Dave Cridland has left the room
[23:39:48] *** Dave Cridland shows as "online"
[23:43:33] *** efrit has joined the room
[23:43:33] *** Dave Cridland has left the room
[23:44:17] *** Dave Cridland shows as "online"
[23:46:35] *** stefandxm shows as "away" and his status message is "Available"
[23:51:48] *** Guus has left the room
[23:53:01] *** vanitasvitae shows as "online"
[23:54:19] *** Guus shows as "online"
[23:55:48] *** mathieui has joined the room
[23:57:09] *** lovetox has left the room
[23:57:10] *** efrit has left the room
[23:57:20] *** efrit has joined the room
[23:58:59] *** SamWhited shows as "online"
[23:59:38] *** waqas has left the room