XSF Discussion - 2019-04-12


  1. waqas

    jonas’: XSLT isn't the only thing that's turing complete. I believe CSS is too. I think SVG might be. PDFs certainly are.

  2. Neustradamus

    https://matrix.org/blog/2019/04/11/security-incident/

  3. moparisthebest

    > However, if you use server-side encryption key backup (the default in Riot these days) or take manual key backups, you’ll be okay.

  4. moparisthebest

    Say what now

  5. moparisthebest

    Is that e2e where the server holds your key? Am I missing something???

  6. waqas

    moparisthebest: Search for "What is Key Backup?" on this page: https://webcache.googleusercontent.com/search?q=cache:4nsVLi1uc0AJ:https://about.riot.im/help+

  7. waqas

    If I'm reading that right, it means keys are encrypted via a password and stored on Riot's servers

  8. moparisthebest

    So then your chats are simply encrypted with a password and not a key? Why still pass keys around?

  9. Arc

    ugh. i am so over debating xmpp vs matrix.

  10. Arc

    or whatever new hotness is out

  11. Ge0rG

    https://upload.yax.im/upload/Y1CNWHyhNHs01sU8/Screenshot_20190412-074154_Firefox.jpg

  12. Ge0rG

    This is not how it's supposed to be, is it?

  13. jonas’

    waqas, CSS is turing complete? how that?

  14. waqas

    https://lemire.me/blog/2011/03/08/breaking-news-htmlcss-is-turing-complete/ — whether that's actually correct, I'll leave as an exercise for you

  15. edhelas

    https://github.com/matrix-org/matrix.org/issues/358

  16. edhelas

    ouch

  17. Ge0rG

    edhelas: there's a box full! https://github.com/matrix-org/matrix.org/issues/created_by/matrixnotorg

  18. Guus

    Yeah, it's pretty sad.

  19. Arc

    thanks for cheering me up

  20. Guus

    hi Arc!

  21. Guus

    how've you been?

  22. Ge0rG

    Everybody: harden your XMPP servers!

  23. Seve

    +1

  24. Seve

    Is a good warning for the rest of us

  25. dwd

    Oh, my.

  26. Arc

    Guus: great. I applied to add MIX to Prosody for a gsoc project

  27. Arc

    so that's a thing :-)

  28. Guus

    I've noticed 🙂

  29. Arc

    ive been reading up on MIX

  30. Seve

    And still alive?

  31. Seve jokes

  32. Arc

    actually Im liking what im seeing.

  33. Seve

    Nice.

  34. Arc

    MIX looks pretty clean, overall.

  35. Arc

    I haven't exactly grokked how jingle is intended to work over it..

  36. dwd

    Arc, It mostly is, but there's some details that are off, and it's still a fork-lift.

  37. Arc

    dwd: sure. thats expected. but I assume that changes that happen from this point will be minor and easily trackable

  38. Arc

    vs earlier when there was legitimate concern (and retrospectively, prophetic) that MIX would undergo an almost complete rewrite

  39. Ge0rG

    speaking of forklifts... is anyone working on IM-NG?

  40. dwd

    Arc, Maybe... I certainly think implementing it will shake a lot out. I'd like to see ESL and Andrew Nenakhov put their ideas on the table and see if we could merge in some of their experiences.

  41. Arc

    you mean the new serverless E2E decentralized chat system running on blockchain that some gen-z'er "invented"?

  42. dwd

    Arc, No, Erlang Solutions have a MUC-lite (I think) over XMPP in Mongoose IM. Andrew Nenakhov is Xabber, and other something similar-but-different.

  43. Arc

    ah ok.

  44. dwd

    Arc, Both, AFAIK, run without the home server being aware, so less fork-lifty. I think the user's home server being aware is very useful, but I'm worried about it being mandatory.

  45. Arc

    yea I was concerned to learn that the users XMPP server needed to be updated. that's concerning.

  46. dwd

    "benefits from" I think is a winner. "needs" is a blocker.

  47. Arc

    hmm.

  48. Arc

    well I'm happy to grab a pitchfork.

  49. Arc

    i mean, er, to start some heavy lifting, not in a frankenstein sense with torches

  50. Arc

    (I reserve the option to switch the meaning of that lol)

  51. Ge0rG

    dwd: have all the "needs" issues been sorted out? I've stopped taking care at some point, after repeating my arguments didn't lead to the results I hoped for.

  52. Guus

    hehe

  53. Arc

    but seriously I love the concept behind MIX and have been wanting to work on it for awhile.

  54. Arc

    all the better to be paid for the work

  55. dwd

    Ge0rG, I genuinely don't remember your arguments.

  56. Ge0rG

    dwd: me neither. There were things about making it possible to expose a MUC-style API and about who's storing the authoritative MAM archive

  57. Ge0rG

    also things like putting MIXes into the roster.

  58. dwd

    Ge0rG, The MUC interop was sorted. MAM cropped up recently, it's currently meant to be on the user's server sometimes and sometimes the MAM itself.

  59. Arc

    KISS

  60. dwd

    Ge0rG, And I think it's still a special roster thing.

  61. Ge0rG

    sometimes is the best kind of specification.

  62. Ge0rG

    dwd: special roster things require user server support to work.

  63. Ge0rG

    and break all the pre-mix clients.

  64. Ge0rG

    But I've made that argument, repeatedly, years ago.

  65. dwd

    Ge0rG, That's the smallest part of the server support, really.

  66. dwd

    Ge0rG, FWIW, Andrew Nenakhov's thing in Xabber also puts group chats into the roster. That alone doesn't strike me as a terrible thing, as long as they behave mostly like other roster entries.

  67. Ge0rG

    dwd: if it is such a small part, I'm sure we can figure out an alternative approach that is not a "needed" in your above sense.

  68. dwd

    Ge0rG, Yes, sure. Or we can ensure that on a naive server you can plonk a MIX into the roster without ill-effect to your server or other clients.

  69. Arc

    here's the crux of it - if there's sorting to be done for client, or client's server capabilities that are needed, lets get it sorted now. because the longer we mosh on it the longer it'll take to get that software updated.

  70. Arc

    Ge0rG: how does MIX break pre-mix clients? Wouldn't you just not be able to use MIX unless it had a muc-mirror setup?

  71. Guus

    dwd whenever I try to send messages to your JID, I'm getting "Sorry, an error occurred: <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>"

  72. dwd

    Guus, My abuse filtering is working perfectly? ;-)

  73. Seve

    Haha

  74. Ge0rG

    dwd: yes. This would be great. But the put-it-in-roster approach essentially guarantees that MIX elements get exposed to pre-MIX clients, and I'm not sure you can test them all for brekage

  75. Guus

    it probably is.

  76. dwd

    Guus, More seriously, that and many other things are on my todo list.

  77. Guus

    still, I'd like to abuse you.

  78. Ge0rG

    Arc: when a client goes online, its presence-available gets sent to the MIX, so the client will be probably automatically subscribed to all MIX traffic

  79. Guus

    Can I have a quick chat in private? 🙂

  80. Guus

    (also: how?)

  81. Ge0rG

    Guus: MUC-PMs!

  82. dwd

    Guus, I have sent messages to your other account.

  83. Guus

    oh, is that enabled here? we disabled it on ignite for abuse

  84. Ge0rG

    Guus: you disabled yourself for abuse?

  85. Guus

    ... no?

  86. Guus

    (maybe I should)