jdev - 2024-07-10


  1. learning xmpp

    hello why is xmpp more secure compared to like signal or threema or simple x ?

  2. singpolyma

    learning xmpp: more secure than signal is a matter of opinion, but you do get control over the server side and client side in a way that signal mostly does not

  3. singpolyma

    Though signal is being more lenient with third party clients these days

  4. MattJ

    There is no such thing as "more secure", because security cannot be measured. Once you have a metric to compare, we can discuss it :)

  5. learning xmpp

    singpolyma: which 3rd party clients tho?

  6. learning xmpp

    MattJ: well if you had choice to use 1 or other purely for security and anonymity what would u use

  7. learning xmpp

    And why

  8. moparisthebest

    learning xmpp, you need a threat model first

  9. moparisthebest

    security and anonymity against what/whom

  10. learning xmpp

    > learning xmpp, you need a threat model first Let's say highest possible

  11. moparisthebest

    that's... not a threat model

  12. moparisthebest

    learning xmpp, https://blog.jmp.chat/b/2022-privacy-threat-modelling might help

  13. learning xmpp

    moparisthebest: let's say all

  14. learning xmpp

    Estranged friends or lovers? The other people at the airport or coffee shop? Local police? Local SUV owners? Federal agencies? Data brokers? The list of people who may want to know more about you than you want

  15. MattJ

    Quit the internet

  16. learning xmpp

    MattJ: lol

  17. learning xmpp

    Your rude my friend haha

  18. MattJ

    That's a joke, but also not. If you don't want anyone to see anything and don't trust anyone, you can't use the internet.

  19. MattJ

    What XMPP or any other service/protocol does at that point is of little concern

  20. moparisthebest

    All of the things you listed have different answers

  21. learning xmpp

    > That's a joke, but also not. If you don't want anyone to see anything and don't trust anyone, you can't use the internet. Well if you had to lol

  22. learning xmpp

    > All of the things you listed have different answers Well let's say highest security concern

  23. learning xmpp

    Also issue is xmpp not quantum resilient ? W

  24. moparisthebest

    It's as quantum resistant as TLS

  25. moparisthebest

    But quantum computers may never happen

  26. taba

    > hello why is xmpp more secure compared to like signal or threema or simple x ? learning xmpp: signal? locked me out of my account for 2 days because it wouldn't send me sms (garbage). threema? a word you made up on the spot. not real simple x? venture capitalist shit with money coming fron people who expect even more money back

  27. learning xmpp

    Threema u google it lol before u embarrass ur self taba

  28. taba

    oh my zoodness i feel so friggin ashamed of myself

  29. taba

    first 4 words on wikipedia toxigoosy > Threema is a *paid*

  30. cal0pteryx

    taba: criticising services is fine, just leave the cursing elsewhere please

  31. taba

    > shit this?

  32. wrath

    > learning xmpp: signal? locked me out of my account for 2 days because it wouldn't send me sms (garbage). > threema? a word you made up on the spot. not real > simple x? venture capitalist shit with money coming fron people who expect even more money back Isn't Simplex the company that makes fire alarms lol?

  33. taba

    https://simplex.chat/

  34. wrath

    Huh, this actually seems cool. Is it open source?

  35. wrath

    If it's open source then I think whether it's VC funded doesn't really matter as long as the community forks it when the company goes south

  36. learning xmpp

    > Huh, this actually seems cool. Is it open source? Yes its

  37. taba

    > If it's open source then I think whether it's VC funded doesn't really matter as long as the community forks it when the company goes south maybe

  38. taba

    but look at matrix

  39. wrath

    > maybe If you want to see an example of where this doesn't hold up, look at Matrix- but that's more because it's so complex and overengineered that no community would actually want to maintain it

  40. moparisthebest

    > If it's open source then I think whether it's VC funded doesn't really matter as long as the community forks it when the company goes south wrath: it's always open source until it's not, see signal lol

  41. moparisthebest

    Open source code doesn't matter at all, open federated protocol with multiple implementations is what matters

  42. wrath

    There was a fork called Molly. Pretty interesting what was being done on that front but I never used it because my family uses SMS

  43. wrath

    Isn't signal basically bankrupt at this point anyways?

  44. learning xmpp

    So answer my question haha

  45. wrath

    What question

  46. learning xmpp

    Also issue is xmpp not quantum resilient ?

  47. wrath

    No

  48. wrath

    But that's not XMPP's job

  49. learning xmpp

    What's xmpp job

  50. wrath

    that's your E2EE algorithm's job

  51. wrath

    OMEMO is quantum resistant and many XMPP clients support it

  52. learning xmpp

    Xmpp + omemo ?

  53. wrath

    Chances are your client does

  54. wrath

    Yes

  55. moparisthebest

    TLS has quantum resistant extensions and therefore yes XMPP is quantum resistant

  56. taba

    pribably only gajim works with my server with post-quentun tls

  57. taba

    for now...

  58. taba

    learning xmpp: https://eylenburg.github.io/im_comparison.htm > Use on multiple devices > Can link desktop & mobile app, but mobile app must be running and be on the same local network.

  59. taba

    learning xmpp: https://eylenburg.github.io/im_comparison.htm > Use on multiple devices? > Can link desktop & mobile app, but mobile app must be running and be on the same local network.

  60. taba

    L

  61. rom1dep

    > quantum resilient 😂

  62. pulkomandy

    hello, I'm starting to implement MUC private messages in Renga, I notice that conversations shows them inline in the group chat. In IRC you can either do that or open a separate window, with differences at the protocol level. Is there something similar in XMPP? I was thinking of using type="chat" to open a separate window and type="normal" to have the message inline in the corresponding groupchat, do existing implementations do something like this? is it a good idea? is there some other way to do this that I don't know of?

  63. yvo

    it depends on the client how pms are shown, pulkomandy

  64. yvo

    I am not aware about a flag for that.

  65. singpolyma

    It's entirely up to you. The protocol doesn't specify UI

  66. Zash

    Don't think type=normal is specified in relation to MUC

  67. moparisthebest

    But the Conversations way is clearly the wrong way as it's easy to send to the channel when you don't mean to and also miss important PMs in a deluge of normal messages, change my mind 🤣

  68. singpolyma

    Zash: How do you mean? Surely a MUC will still pass it like any other stanza sent to a full jid?

  69. singpolyma

    moparisthebest: making the UX for PMs is bad is good because people shouldn't use PMs

  70. Zash

    what does 'pass it' mean here?

  71. singpolyma

    Zash: forward it on to the jids behind that nickname

  72. moparisthebest

    Then don't implement it, don't implement it poorly

  73. Zash

    Congratulations, XEP-0045 just grew a bit

  74. Zash

    I thought PM behavior was only for type=chat

  75. singpolyma

    It's also for <iq> so I'm not sure why type of message would be a limit

  76. Thilo Molitor

    Monal does not implement MUC PMs for exact that reason (poor UX, messages can get lost etc.)

  77. Zash

    > The message type SHOULD be "chat" and MUST NOT be "groupchat", but MAY be left unspecified (i.e., a normal message).

  78. singpolyma

    Thilo Molitor: do you at least show *something* incoming PMs though?

  79. wgreenhouse

    pulkomandy: IRC doesn't have MUC PMs of which I'm aware, so I'm not sure what you mean

  80. Zash

    singpolyma, at least in Prosody, iq stanzas take a completely different route in the code than messages, so I expected a check for type==chat, but apparently it's just some fallthough so should be fine with type=normal|nil

  81. singpolyma

    > pulkomandy: IRC doesn't have MUC PMs of which I'm aware, so I'm not sure what you mean True. I'm not aware of any protocol other than XMPP with this

  82. moparisthebest

    IRC only has non-anonymous MUCs

  83. pulkomandy

    IRC has PRIVMSG and NOTICE commands for private messages, in some clients I used, receiving one will open a separate chat window with that user, the other will be show inline in a channel (like Conversations does)

  84. singpolyma

    pulkomandy: privmsg in IRC isn't in a channel context so inline UX wouldn't even be possible I think

  85. Thilo Molitor

    I respond to incoming PMs with an error message, so the sender knows they did not get through...

  86. pulkomandy

    singpolyma: mh, yes, I think "notice" messages just end up in whatever chat is currently focused in mIRC for example, so the UX is possible, but not great

  87. pulkomandy

    anyway, OK, seems like a bad idea so I will implement separate chat windows and see how to make that work in my UX

  88. singpolyma

    Thilo Molitor: ah, ok

  89. lovetox

    i also want to burn PMs

  90. lovetox

    but sad story is, its too useful and it has very very valid use cases

  91. wgreenhouse

    mainly, in a public MUC, "what is your jid"

  92. singpolyma

    I've recently added a button just to send your jid to someone in public muc

  93. singpolyma

    Uses pm under the hood of course, but I'd like to slowly transition to this being the only use of it

  94. taba

    when will xmpp be on par with irc in terms of feature completeness

  95. taba

    This person attempted to retract a previous message, but it's unsupported by your client.