XMPP Summit - 2020-01-31

Might not make the 9:30 train...

The others are meeting at 9:00 in the hotel lobby....

ok we just missed this train..

I made it

ETA 10:20

K

Most people just this minute arrived, so getting drinks and setting up stuff, I doubt we'll get much into anything before you get here

But we need your power!

Do we have a pad for day 2?

Or is https://etherpad.wikimedia.org/p/XMPPSummit24Day1 being reused?

Let's make a new one, but link both to each other?

sure

They probably won't live here permanently, we can move them over to the wiki at the end

yeah

Are you opening a new one or should I?

Go for it

https://etherpad.wikimedia.org/p/XMPPSummit24Day2

is there anyone (trying to) join remotely?

Guus: I'm trying now

It should be up and running.

sorry I had an emergency, trying now

yes it's fine

I'm in

<hacker voice> I'm in

Yes hello

Oh you did hear me!

to be sure, IM NG was the next iteration of "Message Routing", right?

Like, the plans to ditch full jid routing from last years summit?

vanitasvitae, correct

alright.

And the reason for wanting IM NG is exactly?

https://xmpp.org/extensions/xep-0409.html is the initial proposal

What does it solve?

ah, thanks

The routing rules in RFC 6121 were made before Carbons, MAM, etc.

vanitasvitae, several things

We layered Carbons and MAM on top of them to try to fix the gaps with e.g. having multiple devices, sometimes offline

1. if you have IM-NG, clients are kind of responsible for declaring if their message needs to be broadcast and archived (by sending to bare JID), and servers are left with less to guess

2. it removes some "undefined behaviour" wiggle-room from RFC 6121 regarding handling of bare and full-JID messages. specifically, full-JID messages will never be re-routed to a different full-JID under IM-NG, and bare JID messages will always be received by all (online + MAM-capable) resources

They solved 80% of the problems, and added complexity for servers (and clients) that have to handle all the interactions between these different things

alright, thanks for the clarification 😉

IM-NG is essentially and XMPP 2.0 thing without throwing away all the good bits

It will make life easier for developers

Yeah. Just listen to how much easier this is.

I can tell 😛

Just YOLO flag day it!!!eleven

(I'm a bit lost around that re minutes)

Yeah, me too 😀

So basically the discussion is about uncertain rules for routing of error messages, right?

Like, edge case handling?

You're welcome to speak aloud. More voices would be useful here I think.

The current rules are not uncertain - error messages for e.g. delivery errors simply go to the sending device only

makes sense to me.

I'd appreciate if somebody(tm) with a bit more understanding of the situation could have a look at minutes on this topic

The reason it's complex is purely because we need backwards compatibility with all the existing clients and servers

Once we phase out Carbons and the various hacks around it, things will be a lot simpler

*shocked*

6121 SP2

Service Pack 2 ?

"Redstone Update"

Something unstable you probably don't want to start using for the first year?

Strange, today there are so many people named "Angie" around...

Kev keeps repeating "I am Angie too" for some reason...

Pretty sure he is lying

The internet is asking if there are any plans to "secure metadata".

I guess apart from e2ee there is maybe the sender-less messaging on the agenda, right?

I've been to Froscon already, it's open to non german, and very nice meeting

(and nice food)

I found it less community oriented and more business focussed than FOSDEM.

vanitasvitae, my personal opinion is "no" - there are other solutions that already do a better job at hiding metadata

They make a certain set of compromises to achieve that

I think we can, besides taking care of the low hanging fruits right now, only start consider securing metadata after the majority of messages exchanged in xmpp is encrypted. One step after another

flow, and how will the server know where to deliver messages, presence?

MattJ, I am not sure if I expressed myself where well as I think you may misunderstood me

*very well

*after the majority of the payload of messages exchange in xmpp

you could at least hide the recipient from the sending server

vanitasvitae, and how would it know where to deliver to?

https://xmpp.org/extensions/xep-0430.html https://xmpp.org/extensions/xep-0386.html https://xmpp.org/extensions/xep-0388.html https://xmpp.org/extensions/xep-0198.html

well, it obviously has to know the domain jid, but not the exact recipient

better than nothing

😛

vanitasvitae, which goes against the "it's good to run your own server" model that I'm pushing for :)

I think it is not productive to put much effort into metadata encryption while we do not even encrypt a majority of the payload

because you'll never guess who a message to the domain "matthewwild.co.uk" may be destined for!

😛

You /can/ hide metadata, but it requires a drastically different protocol architecture to achieve that (e.g. something like a gossip protocol)

Also if you are afraid that metadata is an issue, then you probably should not use XMPP at all. That said, if we can protected metadata easily, we sure should consider it.

You could do onion routing over XMPP, of course.

You can *already* do XMPP over onion routing

Yes, the other way aorund.

So a hyper onion?

I think you lay every other protocol over xmpp, like vuvuzela.io, how interoperable that would/could be is another question

https://upload.bouah.net/upload/9-alObjSJAkgMdDF/R-XEUGHJTb6uBMfnLNL5Yg.jpg

this is day2 topics

oh MattJ did it already :p

Wait no

Missing the pink dots!

And now something totally different... Sunday morning I will be presenting on the XMPP extensions. What extensions do you think I definitely should mention to the Fosdem audience?

What kind of extensions are you presenting? What's the goal?

Funny XEPs? Unused XEPs? Useful XEPs?

(And what for)

Compliance Suite 2020 😉

Yeah I was gonna say

My goal is that I discovered that developers considering XMPP find the idea of a modulair standard hard to grasp, so I want to do 2 things: explain how the extensions work (as process, idea, not technically) and I want to mention some nice examples on the way.

Compliance suite will definetly be mentioned, because it is a good starting point for many usecases

winfried, there are three things that people who vaguely know XMPP are concerned about: 1) too many XEPs 2) stuck in the past 3) fragmentation (different clients implement different XEPs)

So answers are: 1) C Suites / deprecation of old XEPs 2) new XEPs are being submitted and implemented almost every week 3) C Suites aim to solve this

(of which 3) is definitely a feature of XMPP.. just that these people don't get it :x)

Sorry mismatching parentheses

winfried, heh, someone just linked to your talk in a different MUC :)

I'd also point out that even if you do some centralized service, XMPP is a good choice as there is already a tried and tested codebase + implementations and building on top of that with custom stuff is very easy.

Not that I'd suggest doing centralized stuff, but still

many devs want to

MattJ: good points, I'll make the C-suites more dominant in my talk

MattJ: what MUC?

winfried, conversations@conference.siacs.eu

MattJ: thanks, can't join... ;-)

vanitasvitae: yeah, I would also like to mention some specific usecases, like real time text (which is very useful for communication with deaf people)

yeah nice idea

So this is your chance to upvote your great but very specialist XEP for a great exotic usecase ;-)

vanitasvitae, I've thought about the "hiding metadata" thing a bit, the problem being it's only easy 1 way (hiding the recipient from your own server), hiding your JID from the recipients server requires something totally different and much harder, and then there is the roster problem :'(

I still think it's likely worth doing

moparisthebest: it would be quite trival to make an onion routing component for XMPP and turn the XMPP network in a onion routing system....

that might be the way to go to solve both ways the same, then you just have to hide the roster from your own server and you've got yourself a complete system :)

Coffee break after this?

Is there any reason why we should give up the possibility to implement bind2 or sasl2 indepentently from each other?

coffee!!!

If someone knows how to get fresh air into this room, please make it flow

(ha ha?)

yes, it stinks

yeah flow, go for it!

I have opened the window in my office, does that help?

You have to also open the <stream/>

Could you take some of the fresh air and publish it to pep. please?

Are the "IC" trains any different to the "S" trains for my train ticket I bought at the station machine?

since the ticket machine doesn’t let you choose between the two i always assumed the same ticket is fine for both

Ta.

Any plans for evening?

Sleeeeeeeeep

Food as well. There will also be drink, I suspect.

Movim has its own sticker sets already

goffi, bundled? hosted somewhere?

Initially I think it was shared with BoB, but I'm not sure nowadays, maybe SIMS

yes, goffi based on XHTML-IM?

nyco: Initially, but I think it's SIMS now

not sure, to be checked with edhelas

But does it have a sticker store?

also about file size and directories, we have already all that with Jingle, I have a component doing this for file sharing

and themed emojis for announcers

No, Movim ships them and it’s AFAIK not extensible.

Zash: no store I think they are bundled with the software

He sponsored the drawing of the packs it ships.

most of those problems are the same as with avatar

so it would be nice to have some kind of factorisation there

(different sizes, image formats, etc)

A Security Consideration would be that sticker sets are external data, so the processing must be secure

Yes. Also either leaking your ip or your jid everywhere

That's why having your server copy them over might be interesting

I think that we actually need a server side HTTP proxy that user can request with some kind of identifier, instead of something specific to stickers or anything else.

I think mastodon-ish-things have something similar

I get the impression other protocols don't really care about leaking private data all over the place

well, centralized systems dont have this issue at all

(not saying XMPP should be like that, the opposite)

About (X)HTML, please take into account that Movim and SàT are doing blogging, and we already manage a large set of HTML (i.e. not only XHTML-IM). We should probably have a XEP describing good security practive with that.

I think immutable sets and and copying the set to your own server is the way to go

but happy to discuss that later/on list

for privacy yes

for flexibility no 😀

I don't get everything that MattJ is saying :-/

Intosi: > Food as well. There will also be drink, I suspect. At hotel or other place? Just arrived to Brussels

goffi, the words or the meaning?

goffi : 3rd point, he forgot :)

Server-provided stickers would be awesome. Well-known/discoverable pubsub node for sticker collection which lists pubsub nodes containing individual stickers?

MattJ: I don't get all the words ^^.

Are we willing to do a XHML only for IM, or something also used for blogging?

goffi, my words were saying that 1) clients need to sanitize stuff already anyway 2) XHTML-IM v1 was harder to sanitize because it allows and heavily uses CSS

oh no, here comes markdown again :(

MattJ: OK, thx

Mardown is not a wire format, it's handy and should be use in client, but we should use a real wire format for sharing the content.

Markdown*

oh dear

message markup all over again?

what goffi says is true

goffi, why is XHTML better as a wire format than, say, CommonMark ?

what's wrong with https://xmpp.org/extensions/xep-0394.html? I really love this one?

Regarding stickers: The internet notes that Zom (the XMPP version) also supported stickers and may be worth a look.

moparisthebest: well, first it's XML, and XMPP is XML

that's probably not a reason

goffi: agreed on 394.

but I don't say that XHTML-IM is necessarily the best way, I really love XEP-0394, it clean, elegant, and extensible

it's*, sorry for the typos

you still need some specialized parser/display logic to display both XHTML and CommonMark, neither of which comes by default with XML or XMPP

moparisthebest: is this an encumbrance?

:D

Does anybody takes blogging into consideration, as there are only 2 clients with blogging, I have the feeling it's always ignored.

so we want something like message styling but make it explict that message styling is being used?

*.*

Just for the record, here are the complains I've made about markdown in the past (cc moparisthebest): https://mail.jabber.org/pipermail/standards/2017-October/033592.html

goffi, those are all correct as a criticism against "markdown" because it's not specified, but "CommonMark" is specified

goffi, I don't like 394 for what larma just said. It's leaving 393-like info in body without saying that these characters can be removed

And then we're back to parsing body

https://lab.louiz.org/poezio/poezio/issues/3455#note_7769 < what Link Mauve is talking about

pep., `<span start="9" end="15" fallback="*"><emphasis/></span>`

^ solves the issue of knowing if it's fallback or not

pep.: I don't get what is left in body with XEP-0394? it's all in <markup> isn't it?

no

the original message in in <body>

<markup> only contains markers where certain formatting starts and ends

vanitasvitae: yes the message in <body> and markup in <markup>, that's the point

okay, I only followed with half an eye, maybe I missed something 😛

goffi, the problem is that you may want to have fallback (using 393) in <body> but not display that when 394 is supported

pep.: vanitasvitae: I was meaning what markup is left in the <body>?

larma: why do I want a fallback as long as the message body is visible by everybody? Compatible client add style, not others, what's wrong with that?

whenever you send the same thing in 2 different formats/languages/whatever that opens up all those security issues that aren't practically solvable :/

moparisthebest: that's an issue with legacy XHTML-IM I agree, but not with XEP-0394, the message content is only in <body>, or am I missing something?

Sorry I'm not taking much notes atm as I'm taking part in the discussion actively :x

yep that's right goffi

no worries pep., and thanks a lot (and to the other) for those notes, it helps a log to understand when you're not there.

goffi, the "formatting" might be an emphasize that is required to transfer the message

loosing this emphasizing might change the message in some cases

Sorry to insist about blogging, but I think we need a XEP to explain best practices to sanitize HTML, and probably a different markup for IM

larma: yes, but in this case fallback can cause trouble too, be can go far with that.

goffi, that's why it's complicated 😉

larma, true, like if I'm quoting hitler I likely would not like anyone to think I said it directly instead :/

OK so we're talking only about IM markup there, I wanted to be sure, thanks

thx goffi

(blogging is part of XMPP, even if not IM)

the issue also with markdown, is that there are billions of more or less (in)compatible parser, and developer will use the available one

so rendering may be different because markdown_js is not exactly the same as markdown_rust or markdown_js

goffi, and that's not an issue if you specify CommonMark, right?

https://commonmark.org/ that one

i think we can at least make some improvements to the current situation by having clients that use 393 make it explicit that they are doing this

moparisthebest: if you are 100% sure that all libs used are commonmark compatible, I guess this would not be an issue, but I highly doubt that we'll have something rendered identically everywhere.

goffi, so like HTML then? :D

Daniel: yes please make it explicit, that one of the main issue I have with XEP-0393

i mean that's a very easy fix

goffi, that's not enough to me, saying explicitely you do 393

moparisthebest: We have only 2 HTML rendered left, so it's not an issue anymore ;)

that has no huge side effects

renderer*

Parts of your message could not be markup

maybe 3 with servp

servo

goffi, I'm saying there are plenty of HTML parsers/renderers, and none render quite the same

even though HTML is a standard, same situation with CommonMark

393 just documents what all XMPP/IRC/email clients have been doing since forever, it never removes characters, it's fine as-is imho

pep.: I agree with that, and I was thinking that putting everything in <body> was not necessary anymore with OMEMO now that we have XEP-0420

moparisthebest: Again, I'm not saying that (X)HTML is the best option, I'm pushing more for XEP-0394

also to clarify cramming CommonMark in <body> without any indication would be awful I think everyone agrees, but as far as a specified transport, it's just as valid as XHTML or any other standard

I just need XHTML for blogging (specially when importing external sources like RSS/Atom).

also CommonMark doesn't solve any problems with regard to sanitization, it's a XHTML super-set, so all sanitization rules still apply (any valid XHTML is valid CommonMark)

goffi, agreed, putting everything in body is not a requirement for future work

I think Marking up messages is a non-problem 😛

We should do like with stickers: a syntax server where everybody can upload a syntax parser in a home made language, so everybody can use it favorite one :D

😀

markup as a service

Thanks a lot for the video which was pretty good this year, and live report on etherpad, here and activityPub

Just upload and download webasm binaries goffi ? :D

moparisthebest: great :)

Secure! Flexible! Trustworthy!

Pick only the middle one

so not commonmark or anything like it?

sounds like a plan!

And in 5 years everybody wants to do BBCode again

markup fallback is going to be tricky

except with XEP-0394

But then maybe clients will finally understand that they have to translate the input :p

The internet notes "I think it is important to announce to a client that the text is markdown styled. Similar to how OMEMO messages are announced as such. "

goffi, 394 + fallback yes, still the same issue

goffi, '394 is meh though. I’d prefer to go back to a restricted XHTML-IM subset.

394 isn't bad, but yet-another markup format that no one uses etc etc, specify something like CommonMark where all the hard work is done and call it a day

the big difference with XEP-0394 is that markup is separated from body content and meaning, no other solution offers that.

so if you don't support it, you still have the plain text body, without having to clean it yourself or to use any kind of fallback.

which has it's own set of problems

moparisthebest: which ones exactly? I still don't get what's wrong with that.

> we should kill all $race_here because they are worthless subhumans

except your client doesn't support 394, so it's not rendered like a quote

it's rendered like I said it

that's... less than ideal

I'm stuck outside, nothing at the front, can somebody open? :p

all good

moparisthebest: well you have usually have context, and you'll have this issue with any markup fallback

it's possibly less of an issue if you just display raw CommonMark ? :/

maybe raw CommonMark in <body> with a flag stating it's CommonMark, then if it is, you can safely parse/display it as intended, and if not the fallback is just to display it directly?

moparisthebest: you're going with XEP-0393 then

there is no perfect solution here I think

seing that we're all arguing with that for years, I guess the perfect solution if it exists is not obvious :)

I just suspect there can never be a perfect solution here: 1. same message, multiple formats/languages - no way to tell if they are different 2. standard non-plaintext format (XHTML/CommonMark/394) - if not supported, plaintext fallback could change meaning or be unreadable for any number of reasons 3. no plaintext fallback - well, no plaintext fallback :)

I *think* that about covers all the options?

Why did you italicize 'think'?

did I? :)

Oh, you're right, it's underlined in my other client

j/k of course :)

bold for me haha

man if we can solve "derive meaning from text messages" we'll really have it made

I guess we do have a standard already to transfer thoughts/intent/meaning over XMPP https://xmpp.org/extensions/xep-0183.html

Oh, I forgot to trade the taxi receipt for money today, shall we do that at fosdem tomorrow? ✏

In the past I think I just emailed them to Guus or something

ah right I'll do that as well

ok thanks, will do that

I'm somewhat unhappy to see that people just post fotos of other summit participants on social media. I would have expected to be in an environment where people would at least ask beforehand...

I can see arguments both ways on that. I would expect the summit itself to be public, and in the record.

the video stream was public

Don't you need permission to publish pictures from people in the picture?

do we need an opinion from a lawyer in every jurisdiction again?

Yes

At least in the EU it should be somewhat unified.

Also see the "Note Well" thing the IETF does.

> Don't you need permission to publish pictures from people in the picture? In germany you don't have the right on your picture anymore when you attend public events like concerts, summits and so on. I guess it's more or less the same in other European countries.

I don't think anyone would object if you attended the summit wearing a facemask, if you want your privacy