XMPP Summit - 2019-02-02

I didnt see a XMPP table next to the matrix one

an*

Bit early then tho

.@NSAGov, the webcam covers you're giving out have an interesting defect: the purple ones are transparent. 🤔 https://t.co/WUDXPJt9hs https://twitter.com/EFF/status/1091449476613468160

Haha

The fosdem shirt design looks kind of recycled this year

:)

It is quite crowded

It is

Someone was asking for link mauve earlier

They always do

Tell them to follow the cone hats

is "follow the orange cones" the new "follow the white rabbit"?

They are easy to find http://www.asset1.net/tv/pictures/movie/coneheads-1993/Coneheads-DI.jpg

https://upload.mathieui.net/upload/zFzyHccvRhopyFOU/RK_cNYYKTPOQg3tTPaF_Rw.jpg

Nice

awesome

there seems to be a long queue now at the design booth, most of them seem to be XMPP developers

can someone fix the year in https://xmpp.org/2019/01/the-xmpp-newsletter-31-january-2018/ please?

on it

thanks! :)

push’d

will take 5 to 10 minutes to appear on the website

jonas’: er, but now the URL is broken

And it was linked to from various places

Why does the web need to be so complicated

derp

MattJ, I don’t know of a way to fix that

but I’ll see what I can do

Web!

nginx redirect I guess

I reverted the URL to the old version, but kept the title in tact

that should minimize the impact for now

Appreciated jonas’ :)

Talking about compression, as we were, I wonder what would happen if we were to (per-hop) introduce a <c /> stream element, whose job would be to hold attributes for a dictionary that you could later inject into stanza headers.

<c c='1' to='some.jids.get.quite.long@and.maybe.domains.get.pretty.long.too/' from='blah@blah.lit' type='chat'/> <message id='uhestuh' c='1'><body>Hi!</body></message>

Or whatever

HPACK but X?

Roughly, yeah. Less smart because I'm less smart, but yeah.

Or FunXMPP but dynamic

FunXMPP's mostly about element name contraction isn't it?

Well, yeah, ok, I guess it is like that but dynamic.

It's string substitution if I remember correctly

FunXMPP is more or less doing EXI with preexchanged schemas (in principle, not technically), right?

But with additional substitutions for things like common substrings.

Fixed dictionary simple compression something

Fixed dict definitely limits the stuff that leaks

We could do that, I think eg ZStandard can

ISTM that the application can make reasonable dictionary-population guesses.

If you could get e.g. from='x' to='y' type='z' down to two bytes, that's not an insignificant win.

And you're pretty confident when you start a chat with someone in a desktop client, for example, that you'll be sending multiple stanzas with the same header.

I wonder how well it would compare to just plain old zlib though.

I wanna test but training a dictionary needs a bunch of data

https://xmpp.org/2019/01/the-xmpp-newsletter-31-january-2019 404s

debacle, but 2018 works with the correct title

it will probably require a small nginx trick to have 2019 and 2018 work at the same time

debacle, where did you get that link?

Zash: it's probably less training, rather seeing how good it works

jonas' from https://xmpp.org/blog.html

nice

I hate this hacked pelican

what is the difference to the non-hacked one?

a non-hacked one wouldn’t be so awful to use

and I can’t really test locally because we need an awfully old version due to hacks we do

fix pushed

Is there a fosdem xmpp channel?

Tobias: Building the dictionary needs data

use base64 of randomness as a start

Random data are known to compress very well.

Kev, base64 of random data

compresses fairly well, actually, approximately 3/4 ratio

Extract the xep examples

It's not giving any value to know how an xmpp-specific compression mechanism would compress non-xmpp data, is it?

that will probably make 'romeo' and 'juliet' compress to one bit or something ;)

Kev, given that OMEMO, Avatars and other things are b64-encoded, I think it’s pretty XMPP-related actually.

You need real streams for it to be of any significant value, I think.

We don't want JIDs and user entered data to compress well, that's what leaks the worst

start with base64 of random data, add in some xmpp keywords, see what happens

jjrh: this room is generally the FOSDEM XMPP channel

Ah okay

Well. If you use zlib or zstandard with dict, common XMPP terms will compress everywhere

Ca zlib do a fixed dictionary? Don't think I've seen support for that

> zdict is a predefined compression dictionary. This is a sequence of bytes (such as a bytes object) containing subsequences that are expected to occur frequently in the data that is to be compressed. Those subsequences that are expected to be most common should come at the end of the dictionary.

(argument description in python zlib library)

you’d still have to reset the dictionary after each stanza

Zash, Kev, if you want some secure compression for XML it has to be XML aware, so it only compresses outer levels of stanzas

Fixed compression dictionary avoids most of the compression related attacks AFAIK

With that would still compress dictionary terms in the bodys and inner stanzas, not?

I'm not sure if proper XML aware compression would be better enough to be worth the complexity

Eg EXI needs schemas right?

Zash, EXI works better with schemas, but it doesn’t reqiure them

Or something that points out what's data and what's structure

You can do something more stupid than EXI

I have no doubt I could manage more stupid than most things.

Like only ompress at level 1 and leave the body levels alone

compressing the body with a fixed dictionary isn’t a problem, I think

If you compress strict you might leak in band SVG

jonas' Now the link works. It looks strange, that the URL says "2018". But whatever. This is XMPP. We are pragmatic.

-strict

debacle, as the link with 2018 was out in the wild already when we spotted the mistake, we had to roll with that

you can have a forward from 2018 to 2019 ✏

only ten lines in Apache (or a half in Nginx) ✏

debacle, yes, if I had +w to the nginx config, I could do that

Interesting, the Matrix guys also had issues with message ids. They solved their problems by using the hash of a message as the id.

jonas' I know that problem. I partly responsible for a Prosody server where I cannot write.

vanitasvitae, I bet they had a lot of fun with that

If I send ten times "yes" to different questions...

Oh glob. Shall we tell them about c14n?

(and we’d be totally lost because to hash XML you need to canonicalize it, which is a non-trivial operation)

"You don't need C14N with JSON!!!!" ?

debacle: not sure what'd happen then

probably timestamp?

I think possibly that stanzas are mutable is more of an issue there than normalisation.

Kev, yes, that too

are both id and content encrypted? if only the content is encrypted, the id leaks the content. ✏

Maybe they added some random seed?

maybe

if you add a nonce, you can also simply use a random ID.

although, arguably, the hash makes it harder to deliberately create a collision that way

... blockchain?

They also reinvented spec versioning, SRV records, s2s cert checking (backwards incompatible), POSH, ...

re-invent ALL THE THINGS

Should I be glad I'm at a different talk?

yes

Holger, you are in JanSON?

"You have one month to upgrade your servers."

If everyone does that, there will be totally no fragmentation at all!

Yeah.

and since most people use matrix.org you don’t have much choice

And people feel I'm going overboard on radically upgrading the network by adding some features that old clients can't use :p

The fingerprint solution and key backup stuff they have in place is *really* impressive!

TL;DR?

Somehow they can sync the history to new devices

They backup keys to the server (optionally)

Well and they do cross signing

I'm going to assume they make 'put private keys in the cloud' somehow less stupid than it sounds :)

He oretty much rushed through all of this but I'll definitely have to look this up

Yeah first of all its optional and secondly its encrypted with a password (basically what OX does as well

)

Isn't OX supposed to (optionally) store (encrypted) private PGP keys in a PEP node?

you were faster in typing

:D

Right, much less stupid :)

btw the "decentralized & privacy room" has a whiteboard "ideas for privacy & decentralization" that says "OTRv4 + matrix"

kind of depressing

"lol"

Also apparently xmpp dns is too tricky so nextcloud nihed their chat

Yeah

not to mention that SRV is entirely optional

They did say that they did not want to run an xmpp server

but then they apparently considered writing a matrix server for some reason, since a matrix developer had to advise against that

wat

idk

BOSH-only server anyone?

Someone raised "Why not XMPP?" during the ActivityPub panel discussion and got a round of applause

<3

thanks for the first bit of good news from FOSDEM :)

Heh

What was the answer?

Chris Webber: "XMPP is awesome, and more people should use it"

"but $stuff"

Pretty vague, to be honest... along the lines of "it wasn't clear how it would work, e.g. would you treat every user as a user? or would you act on the service?"

Not the most useful of feedback.

What was that panel called? And/or can someone give me a link to the schedule

Federated social room I think. Last talk

Fwiw it was "activitypub panel" on my schedule

XMPP was doing social network before it was cool

@Thon lobby

https://connectycube.com/ I didn’t know about that thing

Is that using XMPP?

apparently

https://twitter.com/ConnectyCube

XMPP & webrtc

they even mention OMEMO support

True