Their auth is a pile of stuff, including HTTP. Facebook too, btw.
Tobias
i thought FB was full on the MQTT train now
waqashas left
Jefhas left
Link Mauvehas joined
waqashas joined
Neustradamushas left
Neustradamushas joined
Lancehas joined
Neustradamushas left
Santiago26has left
Lancehas joined
Neustradamushas joined
jabberjockehas left
Lancehas joined
Tobiashas left
waqashas left
Lancehas joined
emchohas left
waqashas joined
Lancehas joined
Lancehas joined
Lancehas left
stpeterhas left
Tobiashas left
Lancehas joined
Lancehas left
waqashas left
Lancehas joined
Lancehas left
fippo
http://xmpp.org/2014/02/second-security-test-day/ <-- I don't get the 12.5% ... it's the percentage of servers that now requires encryption, right?
Simonhas joined
emchohas joined
emchohas left
emchohas joined
emchohas left
Link Mauvehas joined
emchohas joined
Lancehas joined
Alexhas joined
emchohas left
emchohas joined
Ge0rG
fippo: I would suppose so... even though the wording in the blog post implies traffic, not servers
Lancehas joined
Simon
Still getting over the WhatsApp price. (works out at $40/user)
Laurahas joined
Simonconsiders selling off users on my family XMPP server.
Jefhas joined
Laura
Just wanted to share the meetup link for the London XMPPUK Meetup http://www.meetup.com/XMPP-UK-Meetup/
fippo
laura: you should prod lloyd about showing webrtcish stuff and invite https://twitter.com/disruptivedean/status/436063951932379136 :-)
Laura
fippo: Off to prod Lloyd
Kev
Laura: Thanks. I'd have thought a mail to some lists would probably be appropriate (unless you already have, and I missed it).
Zashhas joined
Laura
I am talking to Lloyd about lists to send to. I managed the XMPPUK mailing list, but something tells me Lloys has others!
intosi
No doubt some lists we don't want to know about ;)
Lloydhas joined
Kev
Laura: Thanks.
Lloyd
aslso http://lanyrd.com/2014/xmppuk/
Lloyd
fippo: I'm probably not going to be able to attend this meetup. Will still be organising with Laura though.
Jefhas left
fippo
lloyd: you don't need to get dean bubley to that particular meetup, just convince him that the xmpp meetup is where the cool webrtc stuff happens in london :-)
Simon
Get James Body there, and Dean Bubley will be in tow.
Lloyd
fippo: tweeted him about it. Thanks.
Ge0rG
are there any known xmpp servers that break if a client does not set the from attribute on outgoing message or presence stanzas?
ralphm
xnyhps: have you ever looked into cryptocat?
xnyhps
I've looked over it, yes. Why?
Ge0rG
it's full of cats
ralphm
xnyhps: wondering how well it was made, security-wise and overall
Ge0rG
it's had a bunch of security issues in the past, but the developers promised to do it better
xnyhps
I only looked at it from the context of iq-spoofing, which they aren't vulnerable to, because they don't send any iqs except for IBR. I did report that the usage of an incrementing counter for iqs leaks information about yourself, and that was promptly fixed.
ralphm
are they involved with the XSF?
xnyhps
Don't think so
ralphm
I noticed they are working on a new protocol for groups, but it doesn't seem based on xmpp
xnyhps
Groups? You mean encrypted group chat?
Kev
are there any known xmpp servers that break if a client does not set the from attribute on outgoing message or presence stanzas? Ge0rG @ 10:51
No, and clients should generally not do it, as it adds no value. The server has to overstamp it anyway.
Tobias
multiparty OTR
xnyhps
They have an implementation of mpOTR, yes, but even in the OTR community it is still controversial.
Ge0rG
Kev: I'm currently working on http://issues.igniterealtime.org/browse/SMACK-538 - and I have a report from one person running ancient ejabberd (2.1.5 forked) that forwards presences without adding the from field, making some clients on the other side crash
Kev
Ge0rG: I wasn't aware that there was ever a server that broken.
Kev
It's very clear in the RFC that the server has to do this.
Ge0rG
Kev: me neither. But I need to triangulate that to have a strong argument against adding from=ownJID for conservative compliance reasons.
Kev
The strong argument is that if you get it slightly wrong, your server will start bouncing your messages, I think.
Ge0rG
whoops, that was the wrong SMACK issue. http://issues.igniterealtime.org/browse/SMACK-547 is right, sorry
xnyhps
Hm. It was mentioned in the original Pidgin security issue that started the iq spoofing thing that the 'from' could be spoofed too, but I didn't investigate that.
Kev
xnyhps: Spoofed in what way, though?
Ge0rG
Kev: as I read the spec, the server may not bounce if the from field is wrong
xnyhps
They weren't specific.
Kev
Servers either reject messages sent from the wrong JID, or overstamp the right one.
xnyhps
But it was suggested they could override it to anything.
(But I agree that just reading 8.1.2.1 implies that you can't bounce a client trying to spoof other addresses)
Ge0rG
so both behaviors are technically "right"?
Kev
I think the two bits of the RFC aren't entirely consistent - but yes, I would expect either to be right.
Kev
If a client starts trying to spoof 'from' addresses, it would seem sensible that a server can start rejecting the stanzas (or balefiring the user), to me.
Ge0rG
This is sensible indeed. Though it might be just caused by a client failing the IDNA nodeprep of its resource string, or forgetting to add a resource to its JID
Kev
Which are good reasons for clients not to try to do this themselves, given that servers have to do it form them anyway.
Tobiashas joined
emchohas left
emchohas joined
emchohas left
Lancehas joined
fippo
lloyd: challenge accepted... :-p
fippo
seven cameras + four headsets
Lloyd
:)
Jefhas joined
Tobiashas joined
Tobiashas left
Tobiashas joined
Ge0rG
Just got a user request for yaxim: "Please rebrand xmpp instant messaging to 'Xmpp Texting' To help people escape from mobile carrier sms texting extortion"
Ge0rG
maybe XMPP needs a new fresh look?
Zashhas joined
Simon
XMPP Texting, XMPP IoT, XMPP Social, XMPP Video… All ™'d of course.
Simonhas left
Simonhas joined
intosi
Naturally.
intosi
A real Internet of XMPP, or IoX™
ralphm
I'm still not sure about using 'XMPP' for branding.
Ge0rG
ralphm: what else? "Jabber"?
Ge0rG
intosi: I like that. from ox to yaxs it is merely a small step
waqashas joined
ralphm
Ge0rG: Of course the Jabber trademark has some issues, but it can be licensed through the XSF.
ralphm
Ge0rG: I personally like it a lot, some in our community don't. I can see that.
Zashhas joined
Ge0rG
ralphm: to me, Jabber sounds old and un-snappy. Maybe it is because people often say "do not use that any more, use XMPP instead"
ralphm
Ge0rG: but there is a reason I had the Jabber bean bag made. As a word, leaving the TM things aside, Jabber is way better for branding than XMPP ever will.
Ge0rG
ralphm: +1
ralphm
Ge0rG: yeah, there is a lot of confusion around it
Simon
Developers seem to talk about XMPP now. This is the discussion on Hackernews about WhatsApp - https://news.ycombinator.com/item?id=7266618 (Jabber: 1 XMPP: lots more)
Ge0rG
they also talk about threema there. and what not.
Simongoogles threema
ralphm
Simon: yes. Developers is not the target audience for Whatsapp users.
Ge0rG
ralphm: we could reinforce the "Jabber" term by naming the compliance suite accordingly
Ge0rG
I wish it were... hundreds of millions of developers all over the world!
ralphm
XMPP — Jabber is exactly like HTTP — Web
ralphm
Ge0rG: oh, don't take me wrong, I think it is fine that devs talk about XMPP
ralphm
Also, the figure of hundreds of millions of developers would mean that roughly 5% of the entire worlds' population is a developer. That seems a bit too much.
Ge0rG
ralphm: sure. but a compliance badge would be something visible to end-users
Ge0rG
ralphm: do not stomp onto my dreams!
intosi
ralphm: but now that there are RasPi's, every kid is a developer again, right?
ralphm
intosi: do the math
Ge0rG
with raspis, NAT and owncloud-everything, it is high time to mandate s2s-0198
intosi
ralphm: nah, it's more fun not doing it and imagining most kids around the world programming and creating stuff.
ralphm
there are roughly 2 million Pis sold in total
intosi
ralphm: don't spoil my dream with proper facts and reason, please ;)
Lancehas joined
emchohas joined
Lancehas joined
Marandahas joined
Simonhas left
bearhas joined
Simonhas joined
ralphm
https://display.ik.nu/xmpp?max_items=20
ralphm
sure is busy today
Tobias
The site's security certificate is not trusted! :D
ralphm
Tobias: I trust it
ralphm
so that's false
Tobias
honest achmet trusts it too, i suppose
ralphm
Tobias: I suppose the question is, who do you trust (more): me or a random list of CAs?
Zash
ralphm: Get you some DNSEC & DANE :)
Tobias
surely the random list of CAs.... :)
Kev
ralphm: How can we trust that the list of CA's is cryptographically random?
Kev
-'
Tobias
Key Chain lists them in a rather sorted, not random fashion
intosi
I trust that cert, but that might be because I also generated the key ;)
Tobias
intosi, are you sure it's the same key it was when you've generated it? :)
Simonhas left
intosi
Tobias: fairly sure, yes.
bearhas left
waqashas left
emchohas left
emchohas joined
ralphm
Kev: point.
Lancehas joined
waqashas joined
m&mhas joined
waqashas left
Lancehas joined
Zashhas left
Marandahas left
emchohas left
emchohas joined
waqashas joined
Zashhas joined
dwd
Since the BBC has declared WhatsApp as an "incredibly useful" massaging service, should we ensure that everyone knows XMPP is a fully federated massaging service?
Lloyd
I think there might be a link between WhatsApp and XMPP too
dwd
Right, WhatsApp being like XMPP except less secure and generally screwed up.
Zash
"If you think WhatsApp is good, wait till you see a Proper XMPP Client"
Lloyd
None of the advantages and more of the mistakes
Zash
whenever that happens
Lloyd
We need to get Laura to spam all the blog posts / news stories with XMPP-aganda
Ge0rG
a massaging service is something I could need right now
Ge0rG
hey dwd, you wanted to do some major yaxim rebasing! :D
intosi
WhatsApp is to XMPP what fish fingers are to actual fish.
fippo
intonsi: tweet that!
intosi
Will do :)
Ge0rG
is the bad quality of fish fingers a widely-accepted fact among the tech community?
ralphm
Zash: I'm so good at waiting. Please make it happen.
intosi: WhatsApp is to XMPP what Chicken McNuggets™ are to chicken?
intosi
Same thing, really.
ralphm
I see a meme coming
intosi
Cut it up, batter it, deep fry, …, profit.
intosi
Where … probably is "let CMOT Dibbler convince people it's as good as saussage-in-a-bun"
Zash
Deep-fried XMPP
Zash
wut
ralphm
intosi: if it was only cut/batter/deep fry, it wouldn't be so bad
ralphm
in fact, I'd love using such a client
intosi
Call it Kibbeling.
ralphm
WOAH
ralphm
that's so cool on so many levels
intosi
:)
intosi
I know.
ralphm
For those that aren't Dutch speakers:
ralphm
Kibbeling is battered cob, but also the verb for, well, petty arguing
Zash
:D
Kev
Looking at the IETF89 mail, there's no Early-Bird for Day passes, is that right?
emchohas left
ralphm
Kev: I don't think so
Kev
You don't think it's right, or you don't think there's an early-bird for day passes?
ralphm
Of course Jabber is also etymologically dutch
Kev
But we don't hold that against it :)
emchohas joined
ralphm
intosi: please make a great mobile client named Kibbeling
dwd
Kev, Are you an ISOC member?
Kev
I am not.
dwd
Kev, You could join ISOC, and the England Chapter (there's no Wales), and then turn up on Tuesday for free. :-)
Kev
Oh. That sounds like a cunning wheeze. ISOC member get free day passes, or ... ?
dwd
On Tuesday.
Kev
If only it was a day that's more useful to me...wait, no.
stpeterhas joined
Lancehas joined
Marandahas joined
dezanthas joined
m&mhas left
m&mhas joined
Lancehas joined
Tobiashas left
m&mhas left
m&mhas joined
m&mhas left
m&mhas joined
fsteinelhas joined
emchohas left
Emil Ivovhas joined
fsteinelhas left
Lancehas joined
Laurahas left
Lancehas joined
ralphmhas left
Tobiashas joined
Lancehas joined
Lancehas left
Emil Ivovhas left
Tobiashas left
Tobiashas joined
joakim erikssonhas joined
Marandahas left
joakim erikssonhas left
m&mhas left
emchohas joined
bearhas joined
Santiago26has joined
waqashas left
waqashas joined
jabberjockehas joined
Santiago26has left
emchohas left
emchohas joined
fippo
https://code.google.com/p/webrtc/issues/detail?id=2923#c3 -- i'm wondering if that makes me sad... but then, i don't think anyone every liked libjingle
Kev
Not the XMPP bits, I think.
Kev
I think lots of people like the bits that're going into webrtc.
Kev
I really do need to sort out webrtc/Jingle in Swift.
waqas
Did we have any jingle-webrtc spec yet?
emchohas left
fippo
waqas: we have all the bits required for voice/video. but the sdp mapping is in several specs
Emil Ivovhas joined
waqas
So if an XMPP client author wants to interop with other clients, what should they look at? Is other clients' code the best thing at the moment?
fippo
waqas: test with swift?
waqas
Kev just said that still needs sorting out
fippo
oh, webrtc related?
waqas
Yes
fippo
https://github.com/legastero/jingle-interop-demos then -- the strophe is currently my preferred one
fippo
that will change next month though
waqas
Thanks
waqas
You will have your own next month?
fippo
nah, i'll steal stanzas jingle module from lance then
fippo
it looks like I need to update the interop demo thing to the proper 0338/0339 support though
waqas
Is there anything special these clients expect from the server? Jingle Relay Nodes support or anything like that?
fippo
mod_turncredentials is nice but for localhost-test or in the same network things should just work
It is interesting to read that people only now are starting to discover that Whatsapp is based on XMPP. And even though we might feel they messed it up royally, there are things to learn for us.
stpeter
ralphm: certainly
ralphm
I'd love seeing a mostly exact clone of whatsapp using standard XMPP protocols. I.e. similar easy of set up, identical feature set (not more), similar UI features. But federated. I'm not sure yet how to do some things (like magically having all your friends there if they also run the same app), though. Would be good to do that exercise.
Marandahas joined
fippo
ralphm: get enough VC...
ralphm
fippo: heh. well, at least maybe we could think about the feature set and if we can do that with existing protocol
ralphm
fippo: and figuring out contacts in federation context seems hard. In the centralized case, you can simply look up phone numbers.
Zash
Didn't someone do some research into privacy-aware "magically haivng all your friends there"
ralphm
I think I am bit worked up on all the myths around XMPP.