-
kingu
I didnt see a XMPP table next to the matrix one
-
kingu
an*
-
Zash
Bit early then tho
-
Tobias
.@NSAGov, the webcam covers you're giving out have an interesting defect: the purple ones are transparent. 🤔 https://t.co/WUDXPJt9hs https://twitter.com/EFF/status/1091449476613468160
-
Zash
Haha
-
Tobias
The fosdem shirt design looks kind of recycled this year
-
Zash
:)
-
mathieui
It is quite crowded
-
Zash
It is
-
Zash
Someone was asking for link mauve earlier
-
mathieui
They always do
-
mathieui
Tell them to follow the cone hats
-
jonas’
is "follow the orange cones" the new "follow the white rabbit"?
-
Tobias
They are easy to find http://www.asset1.net/tv/pictures/movie/coneheads-1993/Coneheads-DI.jpg
-
mathieui
https://upload.mathieui.net/upload/zFzyHccvRhopyFOU/RK_cNYYKTPOQg3tTPaF_Rw.jpg
-
mathieui
Nice
-
jonas’
awesome
-
debacle
there seems to be a long queue now at the design booth, most of them seem to be XMPP developers
-
debacle
can someone fix the year in https://xmpp.org/2019/01/the-xmpp-newsletter-31-january-2018/ please?
-
jonas’
on it
-
debacle
thanks! :)
-
jonas’
push’d
-
jonas’
will take 5 to 10 minutes to appear on the website
-
MattJ
jonas’: er, but now the URL is broken
-
MattJ
And it was linked to from various places
-
Tobias
Why does the web need to be so complicated
-
jonas’
derp
-
jonas’
MattJ, I don’t know of a way to fix that
-
jonas’
but I’ll see what I can do
-
Zash
Web!
-
MattJ
nginx redirect I guess
-
jonas’
I reverted the URL to the old version, but kept the title in tact
-
jonas’
that should minimize the impact for now
-
Seve/SouL
Appreciated jonas’ :)
-
Kev
Talking about compression, as we were, I wonder what would happen if we were to (per-hop) introduce a <c /> stream element, whose job would be to hold attributes for a dictionary that you could later inject into stanza headers.
-
Kev
<c c='1' to='some.jids.get.quite.long@and.maybe.domains.get.pretty.long.too/' from='blah@blah.lit' type='chat'/> <message id='uhestuh' c='1'><body>Hi!</body></message>
-
Kev
Or whatever
-
Zash
HPACK but X?
-
Kev
Roughly, yeah. Less smart because I'm less smart, but yeah.
-
Zash
Or FunXMPP but dynamic
-
Kev
FunXMPP's mostly about element name contraction isn't it?
-
Kev
Well, yeah, ok, I guess it is like that but dynamic.
-
Zash
It's string substitution if I remember correctly
-
Kev
FunXMPP is more or less doing EXI with preexchanged schemas (in principle, not technically), right?
-
Kev
But with additional substitutions for things like common substrings.
-
Zash
Fixed dictionary simple compression something
-
Tobias
Fixed dict definitely limits the stuff that leaks
-
Zash
We could do that, I think eg ZStandard can
-
Kev
ISTM that the application can make reasonable dictionary-population guesses.
-
Kev
If you could get e.g. from='x' to='y' type='z' down to two bytes, that's not an insignificant win.
-
Kev
And you're pretty confident when you start a chat with someone in a desktop client, for example, that you'll be sending multiple stanzas with the same header.
-
Kev
I wonder how well it would compare to just plain old zlib though.
-
Zash
I wanna test but training a dictionary needs a bunch of data
-
debacle
https://xmpp.org/2019/01/the-xmpp-newsletter-31-january-2019 404s
-
mathieui
debacle, but 2018 works with the correct title
-
mathieui
it will probably require a small nginx trick to have 2019 and 2018 work at the same time
-
jonas’
debacle, where did you get that link?
-
Tobias
Zash: it's probably less training, rather seeing how good it works
-
debacle
jonas' from https://xmpp.org/blog.html
-
jonas’
nice
-
jonas’
I hate this hacked pelican
-
debacle
what is the difference to the non-hacked one?
-
jonas’
a non-hacked one wouldn’t be so awful to use
-
jonas’
and I can’t really test locally because we need an awfully old version due to hacks we do
-
jonas’
fix pushed
-
jjrh
Is there a fosdem xmpp channel?
-
Zash
Tobias: Building the dictionary needs data
-
jonas’
use base64 of randomness as a start
-
Kev
Random data are known to compress very well.
-
jonas’
Kev, base64 of random data
-
jonas’
compresses fairly well, actually, approximately 3/4 ratio
-
Zash
Extract the xep examples
-
Kev
It's not giving any value to know how an xmpp-specific compression mechanism would compress non-xmpp data, is it?
-
jonas’
that will probably make 'romeo' and 'juliet' compress to one bit or something ;)
-
jonas’
Kev, given that OMEMO, Avatars and other things are b64-encoded, I think it’s pretty XMPP-related actually.
-
Kev
You need real streams for it to be of any significant value, I think.
-
Zash
We don't want JIDs and user entered data to compress well, that's what leaks the worst
-
jonas’
start with base64 of random data, add in some xmpp keywords, see what happens
-
MattJ
jjrh: this room is generally the FOSDEM XMPP channel
-
jjrh
Ah okay
-
Tobias
Well. If you use zlib or zstandard with dict, common XMPP terms will compress everywhere
-
Zash
Ca zlib do a fixed dictionary? Don't think I've seen support for that
-
jonas’
> zdict is a predefined compression dictionary. This is a sequence of bytes (such as a bytes object) containing subsequences that are expected to occur frequently in the data that is to be compressed. Those subsequences that are expected to be most common should come at the end of the dictionary.
-
jonas’
(argument description in python zlib library)
-
jonas’
you’d still have to reset the dictionary after each stanza
-
Tobias
Zash, Kev, if you want some secure compression for XML it has to be XML aware, so it only compresses outer levels of stanzas
-
Zash
Fixed compression dictionary avoids most of the compression related attacks AFAIK
-
Tobias
With that would still compress dictionary terms in the bodys and inner stanzas, not?
-
Zash
I'm not sure if proper XML aware compression would be better enough to be worth the complexity
-
Zash
Eg EXI needs schemas right?
-
jonas’
Zash, EXI works better with schemas, but it doesn’t reqiure them
-
Zash
Or something that points out what's data and what's structure
-
Tobias
You can do something more stupid than EXI
-
Kev
I have no doubt I could manage more stupid than most things.
-
Tobias
Like only ompress at level 1 and leave the body levels alone
-
jonas’
compressing the body with a fixed dictionary isn’t a problem, I think
-
Tobias
If you compress strict you might leak in band SVG
-
debacle
jonas' Now the link works. It looks strange, that the URL says "2018". But whatever. This is XMPP. We are pragmatic.
-
Tobias
-strict
-
jonas’
debacle, as the link with 2018 was out in the wild already when we spotted the mistake, we had to roll with that
-
debacle
you could have a forward from 2018 to 2019✎ -
debacle
you can have a forward from 2018 to 2019 ✏
-
debacle
only ten lines in Apache (or a half in Nginx)✎ -
debacle
only ten lines in Apache (or a half in Nginx) ✏
-
jonas’
debacle, yes, if I had +w to the nginx config, I could do that
-
vanitasvitae
Interesting, the Matrix guys also had issues with message ids. They solved their problems by using the hash of a message as the id.
-
debacle
jonas' I know that problem. I partly responsible for a Prosody server where I cannot write.
-
jonas’
vanitasvitae, I bet they had a lot of fun with that
-
debacle
If I send ten times "yes" to different questions...
-
Zash
Oh glob. Shall we tell them about c14n?
-
jonas’
(and we’d be totally lost because to hash XML you need to canonicalize it, which is a non-trivial operation)
-
Zash
"You don't need C14N with JSON!!!!" ?
-
vanitasvitae
debacle: not sure what'd happen then
-
jonas’
probably timestamp?
-
Kev
I think possibly that stanzas are mutable is more of an issue there than normalisation.
-
debacle
are both id and content encrypted? if only the content is enrypted, the id leaks the content.✎ -
jonas’
Kev, yes, that too
-
debacle
are both id and content encrypted? if only the content is encrypted, the id leaks the content. ✏
-
vanitasvitae
Maybe they added some random seed?
-
debacle
maybe
-
jonas’
if you add a nonce, you can also simply use a random ID.
-
jonas’
although, arguably, the hash makes it harder to deliberately create a collision that way
-
Zash
... blockchain?
-
Holger
They also reinvented spec versioning, SRV records, s2s cert checking (backwards incompatible), POSH, ...
-
jonas’
re-invent ALL THE THINGS
-
Zash
Should I be glad I'm at a different talk?
-
jonas’
yes
-
debacle
Holger, you are in JanSON?
-
Holger
"You have one month to upgrade your servers."
-
Holger
If everyone does that, there will be totally no fragmentation at all!
-
Holger
Yeah.
-
mathieui
and since most people use matrix.org you don’t have much choice
-
Kev
And people feel I'm going overboard on radically upgrading the network by adding some features that old clients can't use :p
-
vanitasvitae
The fingerprint solution and key backup stuff they have in place is *really* impressive!
-
Kev
TL;DR?
-
vanitasvitae
Somehow they can sync the history to new devices
-
vanitasvitae
They backup keys to the server (optionally)
-
vanitasvitae
Well and they do cross signing
-
Kev
I'm going to assume they make 'put private keys in the cloud' somehow less stupid than it sounds :)
-
vanitasvitae
He oretty much rushed through all of this but I'll definitely have to look this up
-
vanitasvitae
Yeah first of all its optional and secondly its encrypted with a password (basically what OX does as well
-
vanitasvitae
)
-
debacle
Isn't OX supposed to (optionally) store (encrypted) private PGP keys in a PEP node?
-
debacle
you were faster in typing
-
vanitasvitae
:D
-
Kev
Right, much less stupid :)
-
mathieui
btw the "decentralized & privacy room" has a whiteboard "ideas for privacy & decentralization" that says "OTRv4 + matrix"
-
mathieui
kind of depressing
-
MattJ
"lol"
-
mathieui
Also apparently xmpp dns is too tricky so nextcloud nihed their chat
-
MattJ
Yeah
-
jonas’
not to mention that SRV is entirely optional
-
mathieui
They did say that they did not want to run an xmpp server
-
mathieui
but then they apparently considered writing a matrix server for some reason, since a matrix developer had to advise against that
-
jonas’
wat
-
mathieui
idk
-
Zash
BOSH-only server anyone?
-
MattJ
Someone raised "Why not XMPP?" during the ActivityPub panel discussion and got a round of applause
-
jonas’
<3
-
jonas’
thanks for the first bit of good news from FOSDEM :)
-
MattJ
Heh
-
Kev
What was the answer?
-
MattJ
Chris Webber: "XMPP is awesome, and more people should use it"
-
MattJ
"but $stuff"
-
MattJ
Pretty vague, to be honest... along the lines of "it wasn't clear how it would work, e.g. would you treat every user as a user? or would you act on the service?"
-
Kev
Not the most useful of feedback.
-
Daniel
What was that panel called? And/or can someone give me a link to the schedule
-
Zash
Federated social room I think. Last talk
-
mathieui
Fwiw it was "activitypub panel" on my schedule
-
edhelas
XMPP was doing social network before it was cool
-
MattJ
@Thon lobby
-
mathieui
https://connectycube.com/ I didn’t know about that thing
-
Tobias
Is that using XMPP?
-
mathieui
apparently
-
mathieui
https://twitter.com/ConnectyCube
-
mathieui
XMPP & webrtc
-
debacle
they even mention OMEMO support
-
Tobias
True