xnyhpsTheir auth is a pile of stuff, including HTTP. Facebook too, btw.
Tobiasi thought FB was full on the MQTT train now
waqashas left
Jefhas left
Link Mauvehas joined
waqashas joined
Neustradamushas left
Neustradamushas joined
Lancehas joined
Neustradamushas left
Santiago26has left
Lancehas joined
Neustradamushas joined
jabberjockehas left
Lancehas joined
Tobiashas left
waqashas left
Lancehas joined
emchohas left
waqashas joined
Lancehas joined
Lancehas joined
Lancehas left
stpeterhas left
Tobiashas left
Lancehas joined
Lancehas left
waqashas left
Lancehas joined
Lancehas left
fippohttp://xmpp.org/2014/02/second-security-test-day/ <-- I don't get the 12.5% ... it's the percentage of servers that now requires encryption, right?
Simonhas joined
emchohas joined
emchohas left
emchohas joined
emchohas left
Link Mauvehas joined
emchohas joined
Lancehas joined
Alexhas joined
emchohas left
emchohas joined
Ge0rGfippo: I would suppose so... even though the wording in the blog post implies traffic, not servers
Lancehas joined
SimonStill getting over the WhatsApp price. (works out at $40/user)
Laurahas joined
Simonconsiders selling off users on my family XMPP server.
Jefhas joined
LauraJust wanted to share the meetup link for the London XMPPUK Meetup http://www.meetup.com/XMPP-UK-Meetup/
fippolaura: you should prod lloyd about showing webrtcish stuff and invite https://twitter.com/disruptivedean/status/436063951932379136 :-)
Laurafippo: Off to prod Lloyd
KevLaura: Thanks. I'd have thought a mail to some lists would probably be appropriate (unless you already have, and I missed it).
Zashhas joined
LauraI am talking to Lloyd about lists to send to. I managed the XMPPUK mailing list, but something tells me Lloys has others!
intosiNo doubt some lists we don't want to know about ;)
Lloydhas joined
KevLaura: Thanks.
Lloydaslso http://lanyrd.com/2014/xmppuk/
Lloydfippo: I'm probably not going to be able to attend this meetup. Will still be organising with Laura though.
Jefhas left
fippolloyd: you don't need to get dean bubley to that particular meetup, just convince him that the xmpp meetup is where the cool webrtc stuff happens in london :-)
SimonGet James Body there, and Dean Bubley will be in tow.
Lloydfippo: tweeted him about it. Thanks.
Ge0rGare there any known xmpp servers that break if a client does not set the from attribute on outgoing message or presence stanzas?
ralphmxnyhps: have you ever looked into cryptocat?
xnyhpsI've looked over it, yes. Why?
Ge0rGit's full of cats
ralphmxnyhps: wondering how well it was made, security-wise and overall
Ge0rGit's had a bunch of security issues in the past, but the developers promised to do it better
xnyhpsI only looked at it from the context of iq-spoofing, which they aren't vulnerable to, because they don't send any iqs except for IBR. I did report that the usage of an incrementing counter for iqs leaks information about yourself, and that was promptly fixed.
ralphmare they involved with the XSF?
xnyhpsDon't think so
ralphmI noticed they are working on a new protocol for groups, but it doesn't seem based on xmpp
xnyhpsGroups? You mean encrypted group chat?
Kevare there any known xmpp servers that break if a client does not set the from attribute on outgoing message or presence stanzas? Ge0rG @ 10:51
No, and clients should generally not do it, as it adds no value. The server has to overstamp it anyway.
Tobiasmultiparty OTR
xnyhpsThey have an implementation of mpOTR, yes, but even in the OTR community it is still controversial.
Ge0rGKev: I'm currently working on http://issues.igniterealtime.org/browse/SMACK-538 - and I have a report from one person running ancient ejabberd (2.1.5 forked) that forwards presences without adding the from field, making some clients on the other side crash
KevGe0rG: I wasn't aware that there was ever a server that broken.
KevIt's very clear in the RFC that the server has to do this.
Ge0rGKev: me neither. But I need to triangulate that to have a strong argument against adding from=ownJID for conservative compliance reasons.
KevThe strong argument is that if you get it slightly wrong, your server will start bouncing your messages, I think.
Ge0rGwhoops, that was the wrong SMACK issue. http://issues.igniterealtime.org/browse/SMACK-547 is right, sorry
xnyhpsHm. It was mentioned in the original Pidgin security issue that started the iq spoofing thing that the 'from' could be spoofed too, but I didn't investigate that.
Kevxnyhps: Spoofed in what way, though?
Ge0rGKev: as I read the spec, the server may not bounce if the from field is wrong
xnyhpsThey weren't specific.
KevServers either reject messages sent from the wrong JID, or overstamp the right one.
xnyhpsBut it was suggested they could override it to anything.
Kev(But I agree that just reading 8.1.2.1 implies that you can't bounce a client trying to spoof other addresses)
Ge0rGso both behaviors are technically "right"?
KevI think the two bits of the RFC aren't entirely consistent - but yes, I would expect either to be right.
KevIf a client starts trying to spoof 'from' addresses, it would seem sensible that a server can start rejecting the stanzas (or balefiring the user), to me.
Ge0rGThis is sensible indeed. Though it might be just caused by a client failing the IDNA nodeprep of its resource string, or forgetting to add a resource to its JID
KevWhich are good reasons for clients not to try to do this themselves, given that servers have to do it form them anyway.
Tobiashas joined
emchohas left
emchohas joined
emchohas left
Lancehas joined
fippolloyd: challenge accepted... :-p
fipposeven cameras + four headsets
Lloyd:)
Jefhas joined
Tobiashas joined
Tobiashas left
Tobiashas joined
Ge0rGJust got a user request for yaxim: "Please rebrand xmpp instant messaging to 'Xmpp Texting' To help people escape from mobile carrier sms texting extortion"
Ge0rGmaybe XMPP needs a new fresh look?
Zashhas joined
SimonXMPP Texting, XMPP IoT, XMPP Social, XMPP Video… All ™'d of course.
Simonhas left
Simonhas joined
intosiNaturally.
intosiA real Internet of XMPP, or IoX™
ralphmI'm still not sure about using 'XMPP' for branding.
Ge0rGralphm: what else? "Jabber"?
Ge0rGintosi: I like that. from ox to yaxs it is merely a small step
waqashas joined
ralphmGe0rG: Of course the Jabber trademark has some issues, but it can be licensed through the XSF.
ralphmGe0rG: I personally like it a lot, some in our community don't. I can see that.
Zashhas joined
Ge0rGralphm: to me, Jabber sounds old and un-snappy. Maybe it is because people often say "do not use that any more, use XMPP instead"
ralphmGe0rG: but there is a reason I had the Jabber bean bag made. As a word, leaving the TM things aside, Jabber is way better for branding than XMPP ever will.
Ge0rGralphm: +1
ralphmGe0rG: yeah, there is a lot of confusion around it
SimonDevelopers seem to talk about XMPP now. This is the discussion on Hackernews about WhatsApp - https://news.ycombinator.com/item?id=7266618 (Jabber: 1 XMPP: lots more)
Ge0rGthey also talk about threema there. and what not.
Simongoogles threema
ralphmSimon: yes. Developers is not the target audience for Whatsapp users.
Ge0rGralphm: we could reinforce the "Jabber" term by naming the compliance suite accordingly
Ge0rGI wish it were... hundreds of millions of developers all over the world!
ralphmXMPP — Jabber is exactly like HTTP — Web
ralphmGe0rG: oh, don't take me wrong, I think it is fine that devs talk about XMPP
ralphmAlso, the figure of hundreds of millions of developers would mean that roughly 5% of the entire worlds' population is a developer. That seems a bit too much.
Ge0rGralphm: sure. but a compliance badge would be something visible to end-users
Ge0rGralphm: do not stomp onto my dreams!
intosiralphm: but now that there are RasPi's, every kid is a developer again, right?
ralphmintosi: do the math
Ge0rGwith raspis, NAT and owncloud-everything, it is high time to mandate s2s-0198
intosiralphm: nah, it's more fun not doing it and imagining most kids around the world programming and creating stuff.
ralphmthere are roughly 2 million Pis sold in total
intosiralphm: don't spoil my dream with proper facts and reason, please ;)
Lancehas joined
emchohas joined
Lancehas joined
Marandahas joined
Simonhas left
bearhas joined
Simonhas joined
ralphmhttps://display.ik.nu/xmpp?max_items=20
ralphmsure is busy today
TobiasThe site's security certificate is not trusted! :D
ralphmTobias: I trust it
ralphmso that's false
Tobiashonest achmet trusts it too, i suppose
ralphmTobias: I suppose the question is, who do you trust (more): me or a random list of CAs?
Zashralphm: Get you some DNSEC & DANE :)
Tobiassurely the random list of CAs.... :)
Kevralphm: How can we trust that the list of CA's is cryptographically random?
Kev-'
TobiasKey Chain lists them in a rather sorted, not random fashion
intosiI trust that cert, but that might be because I also generated the key ;)
Tobiasintosi, are you sure it's the same key it was when you've generated it? :)
Simonhas left
intosiTobias: fairly sure, yes.
bearhas left
waqashas left
emchohas left
emchohas joined
ralphmKev: point.
Lancehas joined
waqashas joined
m&mhas joined
waqashas left
Lancehas joined
Zashhas left
Marandahas left
emchohas left
emchohas joined
waqashas joined
Zashhas joined
dwdSince the BBC has declared WhatsApp as an "incredibly useful" massaging service, should we ensure that everyone knows XMPP is a fully federated massaging service?
LloydI think there might be a link between WhatsApp and XMPP too
dwdRight, WhatsApp being like XMPP except less secure and generally screwed up.
Zash"If you think WhatsApp is good, wait till you see a Proper XMPP Client"
LloydNone of the advantages and more of the mistakes
Zashwhenever that happens
LloydWe need to get Laura to spam all the blog posts / news stories with XMPP-aganda
Ge0rGa massaging service is something I could need right now
Ge0rGhey dwd, you wanted to do some major yaxim rebasing! :D
intosiWhatsApp is to XMPP what fish fingers are to actual fish.
fippointonsi: tweet that!
intosiWill do :)
Ge0rGis the bad quality of fish fingers a widely-accepted fact among the tech community?
ralphmZash: I'm so good at waiting. Please make it happen.
ralphmintosi: WhatsApp is to XMPP what Chicken McNuggets™ are to chicken?
intosiSame thing, really.
ralphmI see a meme coming
intosiCut it up, batter it, deep fry, …, profit.
intosiWhere … probably is "let CMOT Dibbler convince people it's as good as saussage-in-a-bun"
ZashDeep-fried XMPP
Zashwut
ralphmintosi: if it was only cut/batter/deep fry, it wouldn't be so bad
ralphmin fact, I'd love using such a client
intosiCall it Kibbeling.
ralphmWOAH
ralphmthat's so cool on so many levels
intosi:)
intosiI know.
ralphmFor those that aren't Dutch speakers:
ralphmKibbeling is battered cob, but also the verb for, well, petty arguing
Zash:D
KevLooking at the IETF89 mail, there's no Early-Bird for Day passes, is that right?
emchohas left
ralphmKev: I don't think so
KevYou don't think it's right, or you don't think there's an early-bird for day passes?
ralphmOf course Jabber is also etymologically dutch
KevBut we don't hold that against it :)
emchohas joined
ralphmintosi: please make a great mobile client named Kibbeling
dwdKev, Are you an ISOC member?
KevI am not.
dwdKev, You could join ISOC, and the England Chapter (there's no Wales), and then turn up on Tuesday for free. :-)
KevOh. That sounds like a cunning wheeze. ISOC member get free day passes, or ... ?
dwdOn Tuesday.
KevIf only it was a day that's more useful to me...wait, no.
stpeterhas joined
Lancehas joined
Marandahas joined
dezanthas joined
m&mhas left
m&mhas joined
Lancehas joined
Tobiashas left
m&mhas left
m&mhas joined
m&mhas left
m&mhas joined
fsteinelhas joined
emchohas left
Emil Ivovhas joined
fsteinelhas left
Lancehas joined
Laurahas left
Lancehas joined
ralphmhas left
Tobiashas joined
Lancehas joined
Lancehas left
Emil Ivovhas left
Tobiashas left
Tobiashas joined
joakim erikssonhas joined
Marandahas left
joakim erikssonhas left
m&mhas left
emchohas joined
bearhas joined
Santiago26has joined
waqashas left
waqashas joined
jabberjockehas joined
Santiago26has left
emchohas left
emchohas joined
fippohttps://code.google.com/p/webrtc/issues/detail?id=2923#c3 -- i'm wondering if that makes me sad... but then, i don't think anyone every liked libjingle
KevNot the XMPP bits, I think.
KevI think lots of people like the bits that're going into webrtc.
KevI really do need to sort out webrtc/Jingle in Swift.
waqasDid we have any jingle-webrtc spec yet?
emchohas left
fippowaqas: we have all the bits required for voice/video. but the sdp mapping is in several specs
Emil Ivovhas joined
waqasSo if an XMPP client author wants to interop with other clients, what should they look at? Is other clients' code the best thing at the moment?
fippowaqas: test with swift?
waqasKev just said that still needs sorting out
fippooh, webrtc related?
waqasYes
fippohttps://github.com/legastero/jingle-interop-demos then -- the strophe is currently my preferred one
fippothat will change next month though
waqasThanks
waqasYou will have your own next month?
fipponah, i'll steal stanzas jingle module from lance then
fippoit looks like I need to update the interop demo thing to the proper 0338/0339 support though
waqasIs there anything special these clients expect from the server? Jingle Relay Nodes support or anything like that?
fippomod_turncredentials is nice but for localhost-test or in the same network things should just work
ralphmIt is interesting to read that people only now are starting to discover that Whatsapp is based on XMPP. And even though we might feel they messed it up royally, there are things to learn for us.
stpeterralphm: certainly
ralphmI'd love seeing a mostly exact clone of whatsapp using standard XMPP protocols. I.e. similar easy of set up, identical feature set (not more), similar UI features. But federated. I'm not sure yet how to do some things (like magically having all your friends there if they also run the same app), though. Would be good to do that exercise.
Marandahas joined
fipporalphm: get enough VC...
ralphmfippo: heh. well, at least maybe we could think about the feature set and if we can do that with existing protocol
ralphmfippo: and figuring out contacts in federation context seems hard. In the centralized case, you can simply look up phone numbers.
ZashDidn't someone do some research into privacy-aware "magically haivng all your friends there"
ralphmI think I am bit worked up on all the myths around XMPP.
XSF Discussion - 2014-02-20