.@NSAGov, the webcam covers you're giving out have an interesting defect: the purple ones are transparent. 🤔 https://t.co/WUDXPJt9hs
https://twitter.com/EFF/status/1091449476613468160
Intosihas joined
Intosihas joined
Guushas left
sezuanhas left
Zash
Haha
luckyhas joined
goffihas joined
Intosihas joined
Intosihas joined
Kevhas left
Zashhas left
luckyhas left
luckyhas joined
melvohas left
debaclehas joined
Guushas left
winfriedhas left
flohas left
flohas joined
ossguyhas joined
flohas left
flohas joined
winfriedhas joined
goffihas joined
flohas left
goffihas joined
flohas joined
debaclehas left
Zashhas left
flohas left
flohas joined
Zashhas left
goffihas joined
alameyo66has left
alameyo66has joined
alameyohas left
alameyohas joined
Zashhas joined
flohas left
ralphmhas joined
Tobias
The fosdem shirt design looks kind of recycled this year
debaclehas joined
alameyohas left
dwdhas left
ossguyhas left
jjrhhas left
Zash
:)
winfriedhas joined
mathieui
It is quite crowded
Zash
It is
Zash
Someone was asking for link mauve earlier
jjrhhas joined
mathieui
They always do
vanitasvitaehas left
mathieui
Tell them to follow the cone hats
vanitasvitaehas joined
flohas joined
jonas’
is "follow the orange cones" the new "follow the white rabbit"?
Tobias
They are easy to find http://www.asset1.net/tv/pictures/movie/coneheads-1993/Coneheads-DI.jpg
there seems to be a long queue now at the design booth, most of them seem to be XMPP developers
Zashhas left
dwdhas joined
Danielhas joined
winfriedhas joined
Zashhas left
MattJhas joined
Danielhas left
debacle
can someone fix the year in https://xmpp.org/2019/01/the-xmpp-newsletter-31-january-2018/ please?
jonas’
on it
debacle
thanks! :)
jonas’
push’d
jonas’
will take 5 to 10 minutes to appear on the website
goffihas joined
Danielhas joined
dwdhas left
Syndacehas left
Syndacehas joined
sezuanhas left
sezuanhas joined
alameyohas joined
debaclehas left
luckyhas left
flohas joined
jjrhhas left
Tobiashas joined
Zashhas left
flohas left
flohas joined
luckyhas joined
Tobiashas left
MattJ
jonas’: er, but now the URL is broken
Zashhas joined
MattJ
And it was linked to from various places
Tobias
Why does the web need to be so complicated
Danielhas left
jonas’
derp
jonas’
MattJ, I don’t know of a way to fix that
jonas’
but I’ll see what I can do
Zash
Web!
MattJ
nginx redirect I guess
jonas’
I reverted the URL to the old version, but kept the title in tact
jonas’
that should minimize the impact for now
Seve/SouL
Appreciated jonas’ :)
Zashhas left
Zashhas joined
Danielhas joined
Kev
Talking about compression, as we were, I wonder what would happen if we were to (per-hop) introduce a <c /> stream element, whose job would be to hold attributes for a dictionary that you could later inject into stanza headers.
Roughly, yeah. Less smart because I'm less smart, but yeah.
Zash
Or FunXMPP but dynamic
Kev
FunXMPP's mostly about element name contraction isn't it?
melvohas joined
Kev
Well, yeah, ok, I guess it is like that but dynamic.
Zash
It's string substitution if I remember correctly
Kev
FunXMPP is more or less doing EXI with preexchanged schemas (in principle, not technically), right?
Kev
But with additional substitutions for things like common substrings.
Zash
Fixed dictionary simple compression something
Tobias
Fixed dict definitely limits the stuff that leaks
jjrhhas left
Zash
We could do that, I think eg ZStandard can
Kev
ISTM that the application can make reasonable dictionary-population guesses.
Kev
If you could get e.g. from='x' to='y' type='z' down to two bytes, that's not an insignificant win.
Kev
And you're pretty confident when you start a chat with someone in a desktop client, for example, that you'll be sending multiple stanzas with the same header.
Kev
I wonder how well it would compare to just plain old zlib though.
debaclehas joined
vanitasvitaehas left
Zash
I wanna test but training a dictionary needs a bunch of data
it will probably require a small nginx trick to have 2019 and 2018 work at the same time
flohas left
flohas joined
jonas’
debacle, where did you get that link?
Tobias
Zash: it's probably less training, rather seeing how good it works
jjrhhas left
debacle
jonas' from https://xmpp.org/blog.html
jonas’
nice
jonas’
I hate this hacked pelican
debacle
what is the difference to the non-hacked one?
jonas’
a non-hacked one wouldn’t be so awful to use
jonas’
and I can’t really test locally because we need an awfully old version due to hacks we do
jonas’
fix pushed
jjrh
Is there a fosdem xmpp channel?
Zash
Tobias: Building the dictionary needs data
jonas’
use base64 of randomness as a start
Kev
Random data are known to compress very well.
jonas’
Kev, base64 of random data
jonas’
compresses fairly well, actually, approximately 3/4 ratio
Zash
Extract the xep examples
Kev
It's not giving any value to know how an xmpp-specific compression mechanism would compress non-xmpp data, is it?
jonas’
that will probably make 'romeo' and 'juliet' compress to one bit or something ;)
jonas’
Kev, given that OMEMO, Avatars and other things are b64-encoded, I think it’s pretty XMPP-related actually.
Kev
You need real streams for it to be of any significant value, I think.
Zash
We don't want JIDs and user entered data to compress well, that's what leaks the worst
jonas’
start with base64 of random data, add in some xmpp keywords, see what happens
MattJ
jjrh: this room is generally the FOSDEM XMPP channel
jjrh
Ah okay
Tobias
Well. If you use zlib or zstandard with dict, common XMPP terms will compress everywhere
Zash
Ca zlib do a fixed dictionary? Don't think I've seen support for that
jonas’
> zdict is a predefined compression dictionary. This is a sequence of bytes (such as a bytes object) containing subsequences that are expected to occur frequently in the data that is to be compressed. Those subsequences that are expected to be most common should come at the end of the dictionary.
jonas’
(argument description in python zlib library)
jonas’
you’d still have to reset the dictionary after each stanza
flohas joined
Tobias
Zash, Kev, if you want some secure compression for XML it has to be XML aware, so it only compresses outer levels of stanzas
Zash
Fixed compression dictionary avoids most of the compression related attacks AFAIK
Tobias
With that would still compress dictionary terms in the bodys and inner stanzas, not?
vanitasvitaehas joined
Zash
I'm not sure if proper XML aware compression would be better enough to be worth the complexity
Zash
Eg EXI needs schemas right?
jonas’
Zash, EXI works better with schemas, but it doesn’t reqiure them
Zash
Or something that points out what's data and what's structure
Tobias
You can do something more stupid than EXI
Kev
I have no doubt I could manage more stupid than most things.
Tobias
Like only ompress at level 1 and leave the body levels alone
ralphmhas joined
jonas’
compressing the body with a fixed dictionary isn’t a problem, I think
Tobias
If you compress strict you might leak in band SVG
debacle
jonas' Now the link works. It looks strange, that the URL says "2018". But whatever. This is XMPP. We are pragmatic.
jjrhhas left
Tobias
-strict
alameyo66has left
jonas’
debacle, as the link with 2018 was out in the wild already when we spotted the mistake, we had to roll with that
debacle, yes, if I had +w to the nginx config, I could do that
vanitasvitaehas joined
vanitasvitae
Interesting, the Matrix guys also had issues with message ids. They solved their problems by using the hash of a message as the id.
debacle
jonas' I know that problem. I partly responsible for a Prosody server where I cannot write.
jonas’
vanitasvitae, I bet they had a lot of fun with that
debacle
If I send ten times "yes" to different questions...
Zash
Oh glob. Shall we tell them about c14n?
jonas’
(and we’d be totally lost because to hash XML you need to canonicalize it, which is a non-trivial operation)
Zash
"You don't need C14N with JSON!!!!" ?
vanitasvitae
debacle: not sure what'd happen then
jonas’
probably timestamp?
Kev
I think possibly that stanzas are mutable is more of an issue there than normalisation.
debacle
are both id and content encrypted? if only the content is enrypted, the id leaks the content.✎
jonas’
Kev, yes, that too
debacle
are both id and content encrypted? if only the content is encrypted, the id leaks the content. ✏
vanitasvitae
Maybe they added some random seed?
debacle
maybe
jonas’
if you add a nonce, you can also simply use a random ID.
jonas’
although, arguably, the hash makes it harder to deliberately create a collision that way
Zash
... blockchain?
Holger
They also reinvented spec versioning, SRV records, s2s cert checking (backwards incompatible), POSH, ...
jonas’
re-invent ALL THE THINGS
Zash
Should I be glad I'm at a different talk?
jonas’
yes
alameyohas left
debacle
Holger, you are in JanSON?
Holger
"You have one month to upgrade your servers."
Holger
If everyone does that, there will be totally no fragmentation at all!
Danielhas left
Holger
Yeah.
mathieui
and since most people use matrix.org you don’t have much choice
Danielhas joined
Kev
And people feel I'm going overboard on radically upgrading the network by adding some features that old clients can't use :p
vanitasvitae
The fingerprint solution and key backup stuff they have in place is *really* impressive!
Kev
TL;DR?
kinguhas left
vanitasvitae
Somehow they can sync the history to new devices
vanitasvitae
They backup keys to the server (optionally)
vanitasvitae
Well and they do cross signing
Kev
I'm going to assume they make 'put private keys in the cloud' somehow less stupid than it sounds :)
vanitasvitae
He oretty much rushed through all of this but I'll definitely have to look this up
jjrhhas left
jjrhhas joined
Danielhas left
intosihas joined
Kevhas left
alameyo66has joined
alameyohas joined
Danielhas joined
ossguyhas joined
intosihas left
intosihas joined
dwdhas joined
vanitasvitae
Yeah first of all its optional and secondly its encrypted with a password (basically what OX does as well
vanitasvitae
)
debacle
Isn't OX supposed to (optionally) store (encrypted) private PGP keys in a PEP node?
debacle
you were faster in typing
Zashhas left
vanitasvitae
:D
Zashhas left
goffihas left
Kev
Right, much less stupid :)
Kevhas left
intosihas left
intosihas joined
intosihas left
intosihas joined
Zashhas left
Zashhas left
winfriedhas left
ossguyhas left
MattJhas joined
mathieui
btw the "decentralized & privacy room" has a whiteboard "ideas for privacy & decentralization" that says "OTRv4 + matrix"
mathieui
kind of depressing
flohas left
flohas joined
Syndacehas joined
Syndacehas joined
Alexhas left
MattJ
"lol"
alameyo66has left
debaclehas left
Alexhas joined
intosihas left
mathieui
Also apparently xmpp dns is too tricky so nextcloud nihed their chat
MattJ
Yeah
jonas’
not to mention that SRV is entirely optional
winfriedhas joined
dwdhas left
Zashhas joined
mathieui
They did say that they did not want to run an xmpp server
mathieui
but then they apparently considered writing a matrix server for some reason, since a matrix developer had to advise against that
flohas joined
jonas’
wat
mathieui
idk
Danielhas left
winfriedhas joined
Zash
BOSH-only server anyone?
ralphmhas joined
flohas left
Zashhas left
flohas joined
winfriedhas joined
goffihas joined
goffihas joined
goffihas joined
kinguhas joined
Kevhas left
grumpyhas joined
alameyohas left
alameyohas joined
dwdhas joined
Danielhas joined
Danielhas left
Danielhas joined
luckyhas left
Zashhas left
goffihas left
dwdhas left
dwdhas joined
jjrhhas left
goffihas joined
jjrhhas joined
jjrhhas left
jjrhhas joined
alameyohas left
Zashhas left
dwdhas left
jjrhhas left
jjrhhas joined
jjrhhas left
jjrhhas joined
luckyhas joined
Kevhas left
jjrhhas left
MattJ
Someone raised "Why not XMPP?" during the ActivityPub panel discussion and got a round of applause
jonas’
<3
jonas’
thanks for the first bit of good news from FOSDEM :)
MattJ
Heh
Kev
What was the answer?
MattJ
Chris Webber: "XMPP is awesome, and more people should use it"
MattJ
"but $stuff"
MattJ
Pretty vague, to be honest... along the lines of "it wasn't clear how it would work, e.g. would you treat every user as a user? or would you act on the service?"
jjrhhas joined
goffihas joined
jjrhhas left
jjrhhas joined
jjrhhas left
jjrhhas joined
jjrhhas left
jjrhhas joined
sezuanhas left
Zashhas joined
Kev
Not the most useful of feedback.
Daniel
What was that panel called? And/or can someone give me a link to the schedule
Zash
Federated social room I think. Last talk
flohas left
flohas joined
mathieui
Fwiw it was "activitypub panel" on my schedule
Kevhas left
dwdhas joined
flohas left
flohas joined
flohas joined
flohas left
flohas joined
flohas left
flohas joined
edhelas
XMPP was doing social network before it was cool
flohas joined
flohas joined
flohas joined
flohas joined
dwdhas left
dwdhas joined
Vaulorhas left
Bartekhas joined
dwdhas left
dwdhas joined
goffihas joined
goffihas joined
flohas left
flohas joined
dwdhas left
dwdhas joined
goffihas joined
luckyhas left
Tobiashas joined
dwdhas left
flohas left
flohas joined
luckyhas joined
MattJ
@Thon lobby
flohas joined
flohas joined
flohas joined
Alexhas left
dwdhas joined
Zashhas left
Zashhas joined
Holgerhas left
winfriedhas left
winfriedhas joined
goffihas joined
Kevhas left
Alexhas joined
goffihas joined
MattJhas left
flohas left
flohas joined
flohas left
goffihas joined
flohas joined
sezuanhas left
flohas left
flohas joined
Vaulorhas left
luckyhas left
melvohas left
debaclehas joined
mathieuihas joined
melvohas joined
flowhas left
Holgerhas left
sezuanhas left
sezuanhas left
sezuanhas left
sezuanhas left
sezuanhas left
sezuanhas left
sezuanhas left
sezuanhas left
goffihas left
sezuanhas left
sezuanhas left
sezuanhas left
goffihas joined
dwdhas left
dwdhas joined
dwdhas left
goffihas joined
goffihas joined
pep.has joined
Zashhas left
flohas left
flohas joined
flohas left
flohas joined
Guushas left
Guushas joined
alameyohas joined
ossguyhas joined
alameyohas left
jjrhhas left
jjrhhas joined
alameyohas joined
Guushas left
Guushas joined
mathieui
https://connectycube.com/ I didn’t know about that thing