-
lbocquet
Hi all, there is a problem, impossible to edit the new pad: https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung
-
pep.
I think it's on purpose for this link
-
pep.
What's the issue
-
lbocquet
On https://yopad.eu/p/xmpp-newsletter-365days -> https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung Here: "<emus> We have a new online pad, please only use the new one from now :-) https://pad.nixnet.services/oHnY_ZvLT8SoFyCqlC2ung" But it is locked by xsfcommteam.
-
pep.
And is there anything you want to correct? What's the issue with it?
-
lbocquet
It is locked by xsfcommteam, we can not edit.
-
pep.
What do you want to edit?
-
emus
ouh, maybe i put the published link
-
emus
lbocquet: thx
-
emus
https://jabbers.one:5281/upload/gMg4IrRrw_c324umaxy4qTTN/20230204_121616948_80f3..jpg
-
emus
have you tried selectingvthe pencil?✎ -
nicola
I see the file content here https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung
-
emus
have you tried selecting the pencil? ✏
-
emus
lbocquet:
-
nicola
Indeed, although I click on the pencil, I cannot write because the file results locked
-
nicola
https://share.nicfab.chat/upload/StiHsGUC45IS1cZ0yc81rhw4/sshot_2023-02-04_12.21.57.jpg
-
lbocquet
I understand, we must to click on "Publish" https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung/publish to open a new window and after click on the pen to edit...✎ -
nicola
> I understand, we must to click on "Publish" https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung/publish to open a new window and after click on the pen to edit... It doesnβt work
-
lbocquet
I understand, on https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung, we must to click on "Publish" https://pad.nixnet.services/oHnY_ZvLT8SoFyCqIC2ung/publish to open a new window and after click on the pen to edit... ✏
-
emus
I will check in a few minutes when I arrive at fosdem
-
ralphm
Hi
-
emus
Hello
-
pep.
https://indieweb.social/@joinjabber/109807298904396408 < https://joinjabber.org overhaul !
-
Licaon_Kter
pep.: nice design, but at migrate.modernxmpp.org runs in your browser, right MattJ? So _"Please be aware that it currently requires your user-credentials to function, so giving those to an external service might be problematic for you."_ is FUD✎ -
Licaon_Kter
pep.: nice design, but at migrate.modernxmpp.org runs in your browser, right MattJ? So _"Please be aware that it currently requires your user-credentials to function, so giving those to an external service might be problematic for you."_ is FUD :) ✏
-
Licaon_Kter
Here https://joinjabber.org/docs/servers/#migrating-accounts
-
pep.
It's never really clear to the user what happens tbh.. Unless they're tech-savvy. But sure we'll change that
-
Licaon_Kter
The site, once opened, says as much.
-
Licaon_Kter
Yes, a matter of trust.
-
pep.
So it's not FUD is it? :P
-
Licaon_Kter
:)
-
pep.
We'll try to make it slightly less alarmist, but we're keeping the bulk of it
-
pep.
(just discussed in the JJ room)
-
Licaon_Kter
pep.: danke/merci :)
-
MattJ
I don't really know what to do about that. Yes, I made it safe, but no, I don't want to train users that it's okay to enter your XMPP credentials in any random web form
-
MattJ
But it's just an in-browser XMPP client. It's no different to signing into Converse.js, xmpp-web or any other JS web client
-
Licaon_Kter
Yes, MattJ I was thinking about that. Not sure how to train/explain that sometimes it can be safe but most of times it's not Β―\_(γ)_/Β―
-
pep.
Yeah. Also why I wouldn't want to propose a web client with account login
-
pep.
But, but..
-
MattJ
Okay, so you would also warn users away from web clients, I was going to asj✎ -
MattJ
Okay, so you would also warn users away from web clients, I was going to ask ✏
-
pep.
I mean I wouldn't want to personally host that
-
MattJ
Because?
-
pep.
I don't know. Many people use web clients and are happy with them. Look at Mastodon..
-
MattJ
It's a HTML file. Would it be better if people downloaded it and ran it from file://?
-
pep.
Even though really here you're using the client of the service hosting you
-
pep.
MattJ, for security purposes, definitly. For convenience no that would be terrible :P
-
MattJ
(I don't think that actually works in modern browsers though)
-
MattJ
Why is it better for security purposes? π
-
pep.
hmm, you're right it may not be. It's the same issue.
-
MattJ
Whether you load the code from the server or from your disk, it is the same code, right
-
pep.
Though.. you may only have to check the file once
-
pep.
Whether when it's served to you it can be different every single time
-
MattJ
Okay, tell the users to check the source before they use it. And every app they install π
-
MattJ
Sorry, I don't have good answers
-
pep.
I don't either
-
MattJ
And neither does anyone, really
-
MattJ
Signed web apps would be nice
-
MSavoritias (fae,ve)
except the browser is completely controlled by the developer and has an always on internet connection
-
MSavoritias (fae,ve)
compared to local apps which dont have to have an internet connection and you can customize/override behavior
-
MSavoritias (fae,ve)
also at least you have the option to check the source locally. Thats why non-browser stuff should be reccomended most of the time
-
MSavoritias (fae,ve)
i wish we had migration built into the clients
-
pep.
It's like one could also host Movim locally :-Β°
-
MSavoritias (fae,ve)
yeah which would be better than in a remote data center
-
MSavoritias (fae,ve)
but not sure if its doable
-
MattJ
Running Movim locally is absolutely doable
-
MSavoritias (fae,ve)
with docker whatever yeah
-
MSavoritias (fae,ve)
without it Im not sure if any person that starts to self host would be able to do it
-
pep.
Anyway, re the original sentence on the website, I think I'd want to make the user aware that they're giving away credentials and that there's no good way to make sure it's safe. But no clue how to do that without sounding alarmist of not scaring away many of them or the opposite, encouraging them to do so..
-
MattJ
Well, do you want them to use it or not? π
-
MattJ
I don't think having a thing saying it's there but don't use it is really going to achieve anything other than confusion
-
pep.
Sure, but why would they trust me when I tell them "this one is ok" "this one isn't", and what if I'm wrong
-
MattJ
"Trust no-one"
-
Licaon_Kter
Wait so what about, hold on, _Migrate the Electron App_? Only 144Mb /jk✎ -
Licaon_Kter
Wait so what about, hold on, _Migrate - the Electron App_? Only 144Mb /jk ✏
-
pep.
MattJ, which I know isn't also the best answer. Users be even more confused.
-
MattJ
Even with a hypothetical Electron app, it changes practically nothing from a security perspectice✎ -
MattJ
Even with a hypothetical Electron app, it changes practically nothing from a security perspective ✏
-
MSavoritias (fae,ve)
yeah
-
MattJ
I don't have an opinion on whether you should link to it. I wrote it as a prototype, and last resort for people who don't have any other way to get/migrate their data. I hope it serves the needs of people who require it. I know it's secure, but I don't know any magical way to prove that to users, so... it just is what it is π
-
MattJ
If someone wants to wrap it in Electron, Tauri, or similar... go ahead. And/or pester client devs to implement the same thing into clients directly.
-
pep.
Best would be for operators themselves to host it
-
MattJ
I guess, yes
-
MSavoritias (fae,ve)
agreed
-
MattJ
Thankfully it couldn't be easier to do π
-
pep.
(I don't understand ^)
-
MattJ
I mean that it is extremely easy to do
-
MattJ
So there are no barriers to operators hosting it
-
pep.
Yeah no, apart from them actually hosting it
-
singpolyma
MSavoritias (fae,ve): I run movim locally with just php. No docker, no web server or reverse proxy
-
singpolyma
You do need postgres installed but I apt install postgres on my workstation always anyway
-
pep.
I liked when sqlite was a thing
-
singpolyma
Sqlite is a thing. It's like the most popular thing in tech news the last year or so it seems
-
pep.
I mean for movim
-
singpolyma
But I wouldn't want to use it when I have a choice