jdev - 2021-04-19


  1. gutuning has left
  2. gutuning has joined
  3. mac has joined
  4. stpeter has left
  5. stpeter has joined
  6. DebXWoody has joined
  7. DebXWoody has left
  8. stpeter has left
  9. gutuning has left
  10. gutuning has joined
  11. nicoco has left
  12. nicoco has joined
  13. Syndace has left
  14. Syndace has joined
  15. Kiwi has left
  16. nicoco has left
  17. nicoco has joined
  18. Sam Thanks; I got curious and gave it a shot so I want to steal your tests and also see if you're doing anything XML-wise that I don't know about and need to fix
  19. gutuning has left
  20. lovetox has left
  21. mac has left
  22. floretta has left
  23. esil has joined
  24. gutuning has joined
  25. floretta has joined
  26. SouL has left
  27. selurvedu has left
  28. gutuning has left
  29. gutuning has joined
  30. Yagizа has joined
  31. Ge0rG has left
  32. Ge0rG has joined
  33. Vaulor has left
  34. Vaulor has joined
  35. nicoco has left
  36. nicoco has joined
  37. gutuning has left
  38. gutuning has joined
  39. moparisthebest Sam, is your implementation public? I'm equally curious :)
  40. mikeye has left
  41. nicoco has left
  42. nicoco has joined
  43. SouL has joined
  44. asterix has left
  45. asterix has joined
  46. selurvedu has joined
  47. DebXWoody has joined
  48. Syndace has left
  49. Syndace has joined
  50. lovetox has joined
  51. belong has joined
  52. mac has joined
  53. gutuning has left
  54. mac has left
  55. mac has joined
  56. gutuning has joined
  57. oibalos has joined
  58. nicoco has left
  59. nicoco has joined
  60. wurstsalat has joined
  61. nicoco has left
  62. nicoco has joined
  63. belong has left
  64. nicoco has left
  65. nicoco has joined
  66. nicoco has left
  67. nicoco has joined
  68. Alex has joined
  69. belong has joined
  70. Syndace has left
  71. Syndace has joined
  72. nicoco has left
  73. nicoco has joined
  74. mikeye has joined
  75. omighty has joined
  76. Kev has left
  77. Kev has joined
  78. floretta has left
  79. Sam has left
  80. goffi has joined
  81. pulkomandy has left
  82. pulkomandy has joined
  83. Syndace has left
  84. Syndace has joined
  85. kikuchiyo has left
  86. mikeye has left
  87. mac has left
  88. mikeye has joined
  89. Sam has joined
  90. marmistrz has joined
  91. mikeye has left
  92. serge90 has left
  93. tiaod has left
  94. tiaod has joined
  95. debacle has joined
  96. gutuning has left
  97. gutuning has joined
  98. lovetox has left
  99. kikuchiyo has joined
  100. mikeye has joined
  101. floretta has joined
  102. lovetox has joined
  103. selurvedu has left
  104. selurvedu has joined
  105. Ge0rG has left
  106. Ge0rG has joined
  107. gutuning has left
  108. gutuning has joined
  109. gutuning has left
  110. FireFly has left
  111. FireFly has joined
  112. asterix has left
  113. asterix has joined
  114. floretta has left
  115. FireFly has left
  116. FireFly has joined
  117. FireFly has left
  118. FireFly has joined
  119. serge90 has joined
  120. serge90 has left
  121. serge90 has joined
  122. Kiwi has joined
  123. mikeye has left
  124. gutuning has joined
  125. floretta has joined
  126. marmistrz has left
  127. Wojtek has joined
  128. kikuchiyo has left
  129. marmistrz has joined
  130. alacer has joined
  131. alacer has left
  132. gutuning has left
  133. gutuning has joined
  134. Sam I'll push it up somewhere
  135. marmistrz has left
  136. Kev has left
  137. Kev has joined
  138. Kev has left
  139. Kev has joined
  140. Sam moparisthebest: https://pkg.go.dev/mellium.im/xml
  141. gutuning has left
  142. Sam It's a bit different from yours, right now it only splits a byte stream on possible XML tokens. It may split out things that are invalid, but I don't believe it will ever split something that should be valid incorrectly. Later maybe I'll add a higher level thing that actually parses tokens, expands self-closing tags, etc.
  143. Kev has left
  144. Kev has joined
  145. marmistrz has joined
  146. Sam Although I should also say that I wouldn't use this as the basis for the actual parser probably. You wouldn't want a parser to consume a giant chunk of text where right at the beginning it could have realized it was invalid, you'd want to error as soon as possible, so it would copy some of the splitters work but not use it exactly because the parser can error, the splitter can't.
  147. gutuning has joined
  148. asterix has left
  149. asterix has joined
  150. marmistrz has left
  151. marmistrz has joined
  152. stpeter has joined
  153. lovetox has left
  154. Freddy has left
  155. lovetox has joined
  156. Kev has left
  157. Kev has joined
  158. Freddy has joined
  159. stpeter has left
  160. stpeter has joined
  161. stpeter has left
  162. defanor has joined
  163. stpeter has joined
  164. gutuning has left
  165. gutuning has joined
  166. marmistrz has left
  167. lovetox_ has joined
  168. lovetox_ has left
  169. marmistrz has joined
  170. paul has left
  171. Wojtek has left
  172. kikuchiyo has joined
  173. lovetox has left
  174. belong has left
  175. lovetox has joined
  176. nicoco has left
  177. nicoco has joined
  178. belong has joined
  179. SJM has joined
  180. gutuning has left
  181. gutuning has joined
  182. fade123 has left
  183. pulkomandy has left
  184. pulkomandy has joined
  185. fade123 has joined
  186. mac has joined
  187. pulkomandy has left
  188. pulkomandy has joined
  189. fade123 has left
  190. paul has joined
  191. Kev has left
  192. Kev has joined
  193. floretta has left
  194. Ge0rG has left
  195. asterix has left
  196. asterix has joined
  197. Ge0rG has joined
  198. Kev has left
  199. Kev has joined
  200. floretta has joined
  201. oibalos has left
  202. gutuning has left
  203. gutuning has joined
  204. asterix has left
  205. asterix has joined
  206. gutuning has left
  207. gutuning has joined
  208. Alex has left
  209. mac has left
  210. oibalos has joined
  211. nicoco has left
  212. nicoco has joined
  213. nicoco has left
  214. nicoco has joined
  215. Alex has joined
  216. asterix has left
  217. asterix has joined
  218. nicoco has left
  219. nicoco has joined
  220. Kev has left
  221. Kev has joined
  222. Kev has left
  223. Kev has joined
  224. Kev has left
  225. Kev has joined
  226. paul has left
  227. paul has joined
  228. Ge0rG has left
  229. Ge0rG has joined
  230. Ge0rG has left
  231. Ge0rG has joined
  232. Ge0rG has left
  233. Ge0rG has joined
  234. Ge0rG has left
  235. Ge0rG has joined
  236. selurvedu has left
  237. selurvedu has joined
  238. gutuning has left
  239. lovetox hm i just read an article on hackernews, and in a comment someone mentioned this protocol for contact discovery
  240. lovetox https://contact-discovery.github.io/
  241. Kiwi has left
  242. floretta has left
  243. lovetox which the authors claim is privacy friendly and scaleable
  244. lovetox i guess only phone clients care about that
  245. Zash From the prominence and frequency of the word 'mobile', sure sounds like it'll be about phone numbers, yeah.
  246. Zash Probably way harder if you include other identifiers.
  247. paul has left
  248. paul has joined
  249. paul has left
  250. paul has joined
  251. gutuning has joined
  252. mathieui the protocols they propose do not seem to be linked to phone numbers though
  253. mathieui from a quick look, it’s bloom filters with crypto sprinkled on top, which is nice for the purpose of not sending your address book to the server, and also the enumeration attacks they found
  254. mathieui not really much help for discovery in a federated setting as far as I understand it
  255. Zash Not the same problem I guess
  256. mathieui (both client and server need to know the phone numbers of the dataset)
  257. Zash Wasn't there cryptomagic that let you query an encrypted database? I definitely saw a video presentation about that once.
  258. mathieui I mean, it *can* be useful if implemented to find contacts on a server, by e.g. querying phone numbers or emails against whatever is in the vcard
  259. mathieui but I don’t see it going much further than this
  260. gutuning has left
  261. Zash As in, no federation?
  262. Zash So the solution is to centralize it, like Matrix with their Identity Server stuff.
  263. Zash Not totally unlike the Quicksy directory
  264. lovetox_ has joined
  265. mathieui Zash, well, except worse
  266. mathieui that’s "Private Set Intersection", what you get as a result, is "which elements are in both of these sets"
  267. mathieui that does not help you resolve a JID from another element
  268. mathieui (but I like the idea though, did not know about it)
  269. floretta has joined
  270. lovetox_ has left
  271. mathieui (I would happy to be proven wrong about the uses for xmpp contact discovery, I’m not a cryptographer :p)
  272. Zash What if...
  273. Zash You do that, but p2p
  274. mathieui Error: not enough information
  275. Zash As in, ask your contacts if they have the JIDs of anyone in your phonebook
  276. Zash Assuming PSI lets you do that without leaking
  277. mathieui that could work
  278. mathieui it does not leak info, as far as I can tell
  279. pulkomandy I'm more confortable sending my contact list to Google or some other supposedly big evil company than sending them to all my contacts
  280. mathieui but there needs to be a negociation and quite a bit of computation involved
  281. tiaod has left
  282. mathieui pulkomandy, the contact does not know your contact list :p
  283. mathieui that is kind of the point
  284. Kiwi has joined
  285. Zash Tho they would, by necessity, get the intersection of the contact lists?
  286. mathieui I believe they do not know what is in the intersection as well, but I would need to read one more paper for that
  287. Zash Hm, is it useful then?
  288. mathieui ah, apparently they do know about the intersection
  289. mathieui which is obviously a big no for p2p then
  290. Zash obviously?
  291. Zash Is "hey can you give me the JIDs of our mutual contacts" a bad thing?
  292. mathieui well, it leaks your social graph, which is not necessarily what people would want to share
  293. mathieui even with contacts
  294. pulkomandy especially with contacts I'd say?
  295. mathieui pulkomandy, I tend to appreciate my contacts :p
  296. Zash Eh, can't think of anything better than the stuff Snikket is doing then.
  297. pulkomandy but not everyone has an easy life like that :) good for you if you can
  298. mathieui also you still have the issue of "the numbers matched, here are the JIDs", and the JID part is not cryptographically secure so anyone could like
  299. mathieui send whatever JID
  300. mathieui (if some contacts matches)
  301. mathieui which is yet another attack
  302. Zash Eh, just put your JID in your $socialnetwork profile and call it a day.
  303. pulkomandy yes, I think I'm going to stay at "automatically discovering contacts is bad for your privacy or that of your contacts and it's better to not do it"
  304. omighty has left
  305. mathieui pulkomandy, well, the privacy solution would be to have one address book per "mobile application of the week" + this PSI protocol
  306. mathieui (for centralized messengers of course)
  307. mac has joined
  308. Zash Where's the optimal balance between uploading your phonebook to the cloud, and staring at an empty contact list?
  309. mathieui Zash, potato farming
  310. Zash true fact
  311. omighty has joined
  312. MattJ Any scheme you come up with has to defend against an actor claiming to have every phone number in their address book
  313. MattJ Because if they do that, they get all registered JIDs
  314. Yagizа has left
  315. MattJ A centralized service can add limits, a decentralized one typically can't
  316. Zash Snikket Circle stuff FTW
  317. jonas’ I hear the limits worked really well for signal
  318. MattJ Snikket FTW
  319. jonas’ +1
  320. jonas’ (say all the folks involved with snikket)
  321. MattJ :)
  322. Zash NO BIAS, I PROMISE!
  323. MattJ Invites and JID sharing are a more polite way of doing the same thing as automatic contact discovery anyway
  324. mathieui yes.
  325. jonas’ and a more manual, to be fair
  326. mathieui It is ethically better but still a higher level of entry
  327. mathieui MattJ, I haven’t looked at that stuff too much, but is there a way to reply to an invite with "I already have an account at ***@example.com, I am adding you now" in some kind of protocol-y way?
  328. Zash Well if you wanna do the dark engagement and addiction building things...
  329. mathieui that’s probably not a very common use case
  330. jonas’ mathieui, it won’t work with circles at least
  331. jonas’ as those don’t federate well at this time
  332. jonas’ I don’t have a good idea how to span circles across services yet
  333. Zash There's that pre-authed contact invites with optional IBR support
  334. MattJ mathieui: yes, the invite token has two dimensions - one is to register an account, the other is a preauthed roster subscription
  335. jonas’ yep, that one exists, but it doesn’t support circles.
  336. MattJ That's fine, circles are for users within a single service
  337. jonas’ mmhm
  338. MattJ Maybe we can change that one day, but they're not everything
  339. jonas’ yes
  340. jonas’ I’d like to be able to span them, but they’re already really good as is
  341. DebXWoody has left
  342. mathieui has left
  343. asterix has left
  344. asterix has joined
  345. mathieui has joined
  346. Kev has left
  347. Kev has joined
  348. Kev has left
  349. mac has left
  350. Kev has joined
  351. DebXWoody has joined
  352. pulkomandy let's just offer new XMPP users a set of business cards with their JID on it (and a qrcode or something) then they can choose who they share it with? sometimes low-tech solutions are good
  353. Kev has left
  354. DebXWoody has left
  355. Kev has joined
  356. pulkomandy (or maybe qrcode isn't lowtech. but fitting a JID in a barcode is hard)
  357. Zash We had those "Hello, my JID is" stickers....
  358. mac has joined
  359. gutuning has joined
  360. DebXWoody has joined
  361. DebXWoody has left
  362. mac has left
  363. lovetox_ has joined
  364. omighty has left
  365. lovetox_ has left
  366. lovetox_ has joined
  367. lovetox_ has left
  368. omighty has joined
  369. Kev has left
  370. Kev has joined
  371. marmistrz has left
  372. Sam Reminder that tomorrow is the XMPP Office Hours! This week I'm giving an intro to XMPP for new XMPP developers. However, if you're an experienced dev I'd love feedback! https://wiki.xmpp.org/web/XMPP_Office_Hours
  373. gutuning has left
  374. lovetox_ has joined
  375. lovetox_ has left
  376. marmistrz has joined
  377. lovetox_ has joined
  378. lovetox_ has left
  379. kikuchiyo has left
  380. gutuning has joined
  381. goffi has left
  382. lovetox has left
  383. lovetox has joined
  384. mac has joined
  385. stpeter has left
  386. stpeter has joined
  387. Syndace has left
  388. Syndace has joined
  389. belong has left
  390. marmistrz has left
  391. asterix has left
  392. asterix has joined
  393. gutuning has left
  394. gutuning has joined
  395. oibalos has left
  396. omighty has left
  397. Syndace has left
  398. Syndace has joined
  399. fade123 has joined
  400. Syndace has left
  401. Syndace has joined
  402. Alex has left
  403. wurstsalat has left
  404. esil has left
  405. SouL has left
  406. gutuning has left
  407. gutuning has joined
  408. Syndace has left
  409. Syndace has joined
  410. asterix has left
  411. asterix has joined
  412. DebXWoody has joined
  413. DebXWoody has left
  414. Sam wow, that's a lot of messaging clients: https://wiki.archlinux.org/index.php/List_of_applications#Instant_messaging_clients
  415. gutuning has left
  416. Syndace has left
  417. Syndace has joined
  418. tiaod has joined
  419. mac has left
  420. Kev has left
  421. Kev has joined
  422. mac has joined
  423. mac has left
  424. mac has joined