Hey, you are editing the pad both at the bottom and at the top.
mathieui
I did at the top since Tobias added day2 at the top
Tobias
i thought reading it top to bottom, folks would notice it :)
jcbrandhas left
Thanoshas joined
olihas joined
Ge0rG
I left my earpiece at home, so I can't listen in without offending the cow-orkers
pep.
Ge0rG, takeaways for <moved/> is, "offline servers" support as a separate XEP, not in the scope of our first draft. I think it's reasonable. We can still support scheduled shutdowns
jcbrandhas left
Ge0rG
pep.: any insights on the best protocol to use for embedding <moved/>? PEP? Messages? Presence? All of the above?
Ge0rG
I've heard there are unmaintained servers without persistent PEP
Ge0rG
Oh, also PEP access model: public --> potential for spam; roster --> your contacts lose access once one of the clients has completed the "moved" game
jcbrandhas left
pep.
<error type='cancel'><gone/></error>
jcbrandhas left
jcbrandhas left
pep.
And we'd have a mechanism (IBR?) to be able to set the tombstone on your account
pep.
So the old server can even only send that gone error to your contacts
Ge0rG
so this won't work on today's unmaintained servers, but only on tomorrow's ones, which support moved?
intosihas left
intosihas joined
pep.
Indeed. But as you said that doesn't work on today's server without persistent PEP
jonas’
today’s servers have persistent pep
jonas’
(mostly)
Ge0rG
pep.: backward compatibility is the toughest piece of any protocol
Ge0rG
jonas’: you might be biased by only looking at the *popular* servers.
Thanoshas left
pep.
Ge0rG, ok, so I still don't know how to answer that.
pep.
And I guess you don't either
pep.
I guess we can have both PEP and <gone/> tbh
Ge0rG
pep.: maybe a <message><moved> to all contacts in addition?
Zash
<message to=everyone type=chat><moved to="newjid"/><body>Hey, I'm moving to a new account, please add me there: newjid</body></message>
Thanoshas joined
pep.
yeah backwards compatibility through natural languages in <body/>
Ge0rG
Zash: https://op-co.de/tmp/xep-0283.html#message
Ge0rG
pep.: ^
Zash
Ge0rG: Exactly :)
Ge0rG
> The <body/> MUST NOT contain information unrelated to the account move. This allows a receiving client that understands the <moved/> element to discard the <body/> and use an appropriate internal presentation format.
pep.
heh, TIL of that document
Ge0rG
pep.: ouch. sorry. Should have mentioned that earlier.
Ge0rG
I've stopped short of introducing PEP
Ge0rG
It's not even git-commited yet, just a stash in my $HOME
Thanoshas left
Thanoshas joined
Zash
Delay tags can/are scoped by the delaying entity
Thanoshas left
edhelashas joined
edhelas
hello people
edhelas
sorry to ask again, what is the url of the webex meeting already ?
jonas’
edhelas, https://cs.co/rudy maybe?
jonas’
I don’t know for sure, I’m not listening in today
Ge0rG
yes, https://cs.co/rudy works
Ge0rG
it even had an XML snapshot slide a bit back
edhelas
okay :) I'm in, but no video
edhelas
let's try on chrome
Ge0rG
edhelas: there is no video, AFAICS
Thanoshas joined
edhelas
oh ok
Ge0rG
but maybe there is and my firefox is too old
ralphm
Huh? Three is
ralphm
There
edhelas
tried with chrome/firefox, no video
Thanoshas left
ralphm
Weird
vanitasvitaehas left
edhelas
oh actually I have the video stream of goffi now :)
edhelas
so it's definitly an issue with the cameras in the room
MattJ
Kev, room in the schedule for a very brief demo from me?
Syndacehas left
edhelas
if there's still room left I can also do a demo :p
edhelas
would it be possible to list Moya on the XMPP website ?
MattJ
edhelas, I think you can submit a PR
MattJ
or Daniel :)
Daniel
i'm just a consultant/contractor for Moya. I don’t have decision power
edhelas
can you share the screen ?
Daniel
oh never mind. i missunderstood that question
pep.
edhelas, it's supposed to be
Ge0rG
I can't see anything.
pep.
ralphm, ^
Ge0rG
audio works, but no video/screen sharing
MattJ
Ge0rG, https://jmp.chat/
Ge0rG
MattJ: I never completed their onboarding, so I wanted to see it in action at least remotely.
Ge0rG
Daniel's presentation worked.
edhelas
yes I can confirm, like Ge0rG
jjrhhas left
hantuhas left
jjrhhas left
ossguy
https://gitlab.com/ossguy/sgx-catapult
Ge0rG
ossguy: do you happen to have a video of what you've shown right now?
ossguy
yes, I did a similar demo at DebConf that was recorded - let me get you the link a minute...
flohas joined
ossguy
Ge0rG: it starts at 29:40 in https://saimei.ftp.acc.umu.se/pub/debian-meetings/2017/debconf17/live-demos.vp8.webm
ossguy
(not sure if there's an easy way to add that time offset as a # thing in the URL)
Holgerhas left
Holgerhas left
Ge0rG
ossguy: thanks, I'll watch it when I'm off my metered mobile connection.
ossguy
you're very welcome
Kevhas left
Ge0rG
VIDEO!!!1!
edhelas
VIDEO §§§
edhelas
annndd it's gone
mathieui
blame Link Mauve
Ge0rG
Whatever you guys did, do it again please.
edhelas
the video only turns on when Link Mauve is filmed
Zash
works now?
mathieui
note how he made his "slides" in tmux tabs
Ge0rG
We had Link Mauve's screen, then Link Mauve's face, and now it's gone again
edhelas
> Video is not currently available due to low bandwidth or local computer conditions (such as CPU or RAM use). Video will resume automatically when conditions improve.
Ge0rG
no video any more
edhelas
I'm sure I have the bandwidth for it
mathieui
edhelas, rust is too powerful for your computer
Zash
"worksforme" / ralphm
pep.
https://gitlab.com/xmpp-rs/xmpp-parsers/
edhelas
mathieui :(
jjrh
https://wiki.xmpp.org/web/Summit_23#Show-and-tell has some of the links
ralphm
Sorry people, I don't know why it (sometimes?) doesn't work for you, but I've been constantly connected to the stream on my laptop, too, and see no issues there.
edhelas
ralphm you're stealling all our bandwidth !
Ge0rG
There is *at least* one writer thread *cough*cough*
vanitasvitae: as I said, Planet Jabber is about People Doing Jabber/XMPP stuff. It is not about Posts About Jabber/XMPP.
flow
ralphm, I think there is maybe a desire to change that
Ge0rG
99.9% of current spam can be blocked by some easy heuristics and blocking of URLs from non-subscribers
ralphm
flow: there's also Planet Jabber News which includes software update feeds
Ge0rG
if the audio wasn't so bad, I'd contribute some insights too
Ge0rG
Maybe we can pay the spammers *more* to not send any spam any more! 😁
Seve/SouL
:)
Zash
What could go wrong
Ge0rG
Zash: Cobras
pep.
We need to hire a hitman
Seve/SouL
Thanks for explaining MattJ
flow
Hmm, the discussion is dereailed it appears, was interersting to hear what Link Mauve explained, but right now I don't know where we are heading to
pep.
Spammers might be listening in this room, we need not to reveal our secrets
Ge0rG
*raise hand* my spam solution isn't blocking all messages from foreigners
Tobias
Ge0rG, alright...will proxy it
Daniel
flow, i think a lot of people don’t know how spammers or spim work. so getting everyone on the same page (ie how does the threat vector look like exactly) is certainly valuable
dwd
pep. Good point. Maybe we should lay some false trails. How about I suggest that the spammers are easy to spot because they use plaintext whereas everyone else uses XHTML-IM?
Tobias
Ge0rG, Link Mauve is explaining things in more detail
Ge0rG
Tobias: Link Mauve is very quiet, so I'm missing out random fragments
pep.
dwd, sounds good to me
flow
Daniel, true, but given the limited time I think it would be benficial to focus on what actually works regarding spam prevention
Ge0rGraises hand
singpolymahas left
dwd
pep., Maybe a XEP that has a new element: <this-is-not-a-spam xmlns='urn:xmpp:spam:0'/> that we pretend we check for?
Tobias
Ge0rG, next time i'll bring a megaphone
Daniel
right. but to work out the solutions it is importants to understand how the problem actually looks like
flow
Ge0rG, you need to tell Tobias to raise his hand for you :->
Daniel
for example the information that there are only ~3 spamming services is interesting
Tobias
Ge0rG, it's up
Daniel
also the information that spammers can read
Daniel
which apparently people weren’t aware of
Tobias
Ge0rG, are you on audio? if not just write what you want proxied
Ge0rG
Tobias: I'm on audio, just need to unmute myself and surprise you all with my voice
Tobias
alright
intosi
We could ask spimmers to use https://xmpp.org/extensions/xep-0076.html
Ge0rG
https://github.com/JabberSPAM/blacklist re what Link Mauve is saying
Tobias
Ge0rG, PING
Seve/SouL
Yes Ge0rG
flow
So according to https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt, the current size of the problematic services is 1
flow
Doesn't look so bad
Guus
😛
Daniel
flow, there is a due processes to get on that list and off that list
(but thanks Guus for summit organization anyway I guess)
Guus
You're welcome 🙂
Ge0rG
Some clients will block incoming messages/subscription requests until a captcha is solved
Ge0rG
Like https://github.com/redsolution/xabber-android/issues/851
Tobias
In case people remember stuff from the spam discussion that's missing on https://etherpad.wikimedia.org/p/XMPP_Summit_2019_Day1 , please add it
Ge0rG
With the current level of sophistication of the spammers, there is NO NEED for captchas
intosi
Ge0rG: interesting observation.
Ge0rG
Tobias: *raises hand* sometimes spam accounts are created, then not logging in for multiple weeks, then wake up and spam
Daniel
yes.
mathieui
often, yes
Daniel
but i don’t think it matters to the pattern of suddenly sending messages to 1000s of people
Tobias
Ge0rG, it's up
mathieui
+1
Daniel
that pattern should be blocked regardless of how old the account is
singpolymahas joined
jjrhhas left
Ge0rG
less-than-secret example from the firewall:
```
# outgoing messages to non-contacts need to be full-body-searched.
KIND: message
TYPE: chat|normal|headline
NOT SUBSCRIBED?
JUMP_CHAIN=user/bodycheck
```
Ge0rG
from a fast skim of the rules, the only thing that's not coming from the message is the mutual subscription status
Tobias
maybe the Rspamd protocol documentation can also provide some helpful input✎
singpolyma
so the antispam server doesn't need the whole roster, just a boolean basically about the relationship between from and to
Zash
none/to/from/both
Tobias
maybe the Rspamd protocol documentation can also provide some helpful input https://www.rspamd.com/doc/architecture/protocol.html ✏
Ge0rG
Zash: the relevant question is: did the recipient authorize the sender before
singpolyma
would the blacklist being public be as problematic as the rules? I would think probably not?
Ge0rG
singpolyma: the blacklist doesn't contain any black magic.
mathieui
yet.
Ge0rG
There are various public blacklists already
flow
Ge0rG, that sounds like it could be feasiable to just put additional metainformation in the message send to the spam indendification service, versus the spam identification service asking for additional information from the xmpp server
Ge0rG
I've only created my own one because none of the earlier ones had a due process
Ge0rG
flow: yes.
Ge0rG
flow: just a metadata flag
singpolyma
for sure. due process is a good thing that can help us from becoming like email
Ge0rG
singpolyma: I wanted to be a _good_ RBL
flow
Ge0rG, question is, will there be more metadata in the future? Probably, but then we question is "How much?"
Seve/SouL
Did I hear correctly :)
Ge0rG
Tobias: jonas’ provided measurements from compression with different flushing aggressivity
jonas’' data on XMPP compression: https://github.com/horazont/aioxmpp/issues/249
Ge0rG
aioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
JabberCat startup (lots of mucs, lots of avatars), sync flush: 36% rx, 12% tx
Ge0rG
(the percentage being the ratio of bytes saved; tx is from client to server, rx is from server to client)
singpolyma
so even full flush after every staza could be worth it *if* that is safe in your context
winfried
EXI!
Ge0rG
you save 20% of traffic, but add some proper CPU load
Ge0rG
also RAM
singpolyma
for sure
Zash
something something ROI
mathieui
Ge0rG, which might be something of interest using a smartphone over an edge channel
Zash
As a server dev, I'm happy avoding the additional memory usage of compression
Ge0rGraises hand: an approach that's maybe worth exploring is a pre-created "official" compression dictionary, containing all the relevant stanzas and namespaces. like http/brotli
Ge0rG
Tobias: ^
singpolyma
winfried: is there data on EXI vs compression similar to those numbers above?
Ge0rG
damn, toolate
Tobias
Ge0rG, sorry. we moved to the next item
debacle
Ge0rG in some cases compression actually reduces CPU load, because there is less data to TLS encrypt
Ge0rG
debacle: I know
Ge0rG
Is there somebody good at painting? We still need XMPP Compliance Badges
winfried
singpolyma: some years ago there were some japanese guys, who did metrics on EXI, it worked quite well
Seve/SouL
Yes! A lot of people!
Seve/SouL
Somebody writing that donw? Just to know what can we improve in the future for Summits and so on
dwd
Kev's writing this stuff down, yes.
Ge0rG
I wish for a working A/V and *especially* better audio, and it would be great if it would work over XMPP
Tobias
Seve/SouL, see etherpad
alameyo
https://ctftime.org/writeup/12913 here is kind of compression oracle attack - it was created as hacking challenge but you can get the idea
Seve/SouL
He has a point though :)
dwd
Seve/SouL, Who?
Ge0rG
Video worked and broke down synchronously for me and edhelas, so it must be on Cisco's end
Seve/SouL
dwd, working on the agenda before Summit (I don't know him unfortunately)
Tobias
what's at the top of the board?
Zash
"agenda before reading"
MattJ
Looks like "AGENDA FUR BY REAPING"
Zash
for?
Tobias
something in between i bet,...ta
Zash
Having the agenda prior to the summit so you can read up on XEPs and whatnot
MattJ
Ah
Seve/SouL
I had that experience last year, couldn't have maybe an exact opinion on something
dwd
That was suggested by Piotr of Erlang Solutions.
Seve/SouL
Ah I see, thanks dwd
Seve/SouL
What did happen to think about this information for new people attending?
Zash
Seve/SouL: What do you mean?
Seve/SouL
Zash, just curious about if this topic popped up because somebody did something wrong by mistake... Or something like that (Writing how the Summit works, I mean.) Anyway, I may have understood it in a different way, audio is ok but of course not real life.
Zash
Seve/SouL: No, we want to remember what was done well, so it's not forgotten and can repeated next year
Seve/SouL
Ok perfect, great
Seve/SouL
Thank you Zash
Zash
Seve/SouL: Assuming I understood your question
Bartekhas left
flow
Secretary: Add ProtoXEP SEX to the XSF Summit 2020 agenda
flow
Secretary: Vote for "ProtoXEP SEX" as agenda item
Zash
/invite Secretary
flow
Secretary: Add XEP-1234 as recommended read for the "ProtoXEP SEX" agenda item