Ge0rGThat reminds me of the jabber trademark license fee... Is it still a thing for commercial applications?
danielhas left
danielhas joined
arcI do not believe so, any evidence to the contrary appears to be a mistake. But you should reach out to PSA for that
arcI'm excited to pull in a whole new group of XMPP enthusiasts to the XSF
archttp://www.sensei-iot.org/ over 100 members to this IoT working group
arcand its all XMPP
arcWilliam (the man I met with today) is extremely interested in discussing IoT security issues and cross protocol gateways using XMPP as a core standard for interop
mimi89999has joined
archow this man, who knows PSA, Michael Holden, Rikard, Peter Waher, and others, has been working with and promoting XMPP for 5 years or more, and has never been invited to join the XSF is beyond me
danielhas left
danielhas joined
fippoarc: the xsf is not something where you need an invite to join
Manchohas left
Tobiaseven more scary, you have to candidate and be voted in...think of all the campaigning involved
arcfippo: no its not, but you do need to know you can join.
arcive been taking an active approach to reaching out to xmpp library developers trying to grow the xsf membership for the last year, and we've had at least a handful of new members join that way who've been working with XMPP for years
arcin many foundations that FOSS devs are used to working around, membership is not so easy. often you do need an invite and often an onerous process to join. joining the Python Software Foundation, for example, has always been a painless but undocumented process which boils down to "what, she isn't already a member? we should add her to the list"
tim@boese-ban.dehas left
nicolas.veritehas joined
Tobiaswhat do you get from joining the PSF?
arcthe ability to vote and invite to the posh free annual member dinner at PyCon
tim@boese-ban.dehas joined
danielhas left
danielhas joined
arcand being able to join the members-only list, which boils down to about the same as the XSF
Tobiasah..ok
nicolas.veritehas left
arcI was an officer for the PSF before I was a member, I became a member when a board member asked me at pycon if i was coming to the member luncheon and I told him I wasn't a member. He brought me to the luncheon, and I became a member
arcyour first annual meeting with the PSF (which is the luncheon or dinner) you stand up to introduce yourself. and its done.
arcthere are several developers with python-dev (aka they have commit/push rights to Python itself) who are not yet PSF members due nobody noticing that they're not members yet.
Valerianhas joined
arcanyway - so thoughts on this proposed "httpx" URI scheme for http over xmpp?
Valerianhas left
Valerianhas joined
Valerianhas left
Lancehas joined
dwdhas left
arci guess it boils down to whether XMPP is considered a proxy service or a primary protocol
Valerianhas joined
sezuanhas left
efrithas joined
Valerianhas left
Lancehas left
intosihas joined
intosihas left
intosihas joined
sezuanhas left
nicolas.veritehas joined
Flowhas joined
Valerianhas joined
jerehas left
jerehas joined
Valerianhas left
goffihas left
xnyhpshas left
nicolas.veritehas left
xnyhpshas left
jerehas left
efrithas joined
nicolas.veritehas joined
jonaswarc: why would one want to do http over xmpp?
jonaswI only heard people *joking* about that.
Ge0rGjonasw: so that you can tunnel HTTP over BOSH.
Valerianhas joined
sezuanhas left
jonaswarc: I’m sure there are usecases, but which are they?
danielhas left
danielhas left
blipphas left
danielhas left
Valerianhas left
blipphas joined
danielhas left
danielhas left
danielhas left
danielhas left
intosihas left
danielhas left
Manchohas left
mimi89999has joined
danielhas left
Lancehas joined
danielhas left
Valerianhas joined
kaboomhas joined
pep.has left
Lancehas left
Ge0rGIn band http upload?
Ge0rGjonasw: we should write up something for next month.
kaboomhas left
Guushas left
Guushas joined
vurpohas left
vurpohas joined
Manchohas left
jonaswGe0rG: XEP-0363 over XEP-0332?
sezuanhas left
sezuanhas left
kalkinhas left
Guushas left
Guushas joined
jubalhhas joined
Valerianhas left
jubalhhas left
Ge0rGjonasw: Yeah, I'm sure we can add some more layers to the stack... WebSockets, serverless, mdns, json/rest...
jonaswI’d rather work on something productive at the moment.
jonaswalso, my april 1st thing (if I get around to do it) will be on mtr-tiny
jubalhhas joined
jerehas joined
waqashas joined
jubalhhas left
vurpohas left
vurpohas joined
ooihhas joined
uchas left
kaboomhas joined
jubalhhas joined
Guushas left
Guushas joined
Lancehas joined
Zashhas joined
Ge0rGjonasw: I'd like to proof read it, if that's okay for you
jonaswGe0rG: what? what I do with mtr-tiny?
jubalhhas left
Ge0rGjonasw: Yeah, that one
kaboomhas left
Guushas left
Guushas joined
jerehas joined
moparisthebestHmm HTTP over xmpp using xep368 over tls on port 443...
moparisthebestWhat's the point? :/
Guushas left
Guushas joined
Lancehas left
vurpohas left
vurpohas joined
vurpohas left
vurpohas joined
kaboomhas joined
jerehas joined
nicolas.veritehas left
arcjonasw: to hide your IP address
jonaswarc: you can use a generic HTTP proxy for that
ZashFor when you don't have Tor, but do have XMPP?
arcjonasw: that would be a fine solution too, especially if there was a manner for your xmpp server to provision it
arcand if Tor was more widely deployed that could work too
Guushas left
arci want to close the IP leak tho with shared URLs
blipphas left
Guushas joined
arcbtw moparisthebest i did a quick and dirty test late last night, exi compressed offers not much in the way of actual compression when used for xmpp due to flushes for stanzas
arcthere would be a few cases that it would such as some pubsub payloads
blipphas joined
Zashhas left
Zashhas left
Zashhas joined
kaboomhas left
arcso a lot of the values for a reasonable client's schema has a lot of low values; 01, 02, 04.. compression does pack those values together, but it doesnt save nearly as much as bitpacked does
moparisthebesthas left
arcand text messages are too small to save a ton unless a dictionary is pre-applied
moparisthebesthas joined
danielhas left
arcthere are some bitpacking schemes you can use to compress latin text down tho
ZashHeh, dictionary based on xml:lang? heeeheh
Zashhas left
Zashhas left
Zashhas joined
moparisthebestZstd has an interesting dictionary thing built in too, but if compression can't be secure I don't see why it matters much
kaboomhas joined
moparisthebestLike secure wouldn't matter on a private LAN, but bandwidth isn't an issue there either
sonnyhas left
ZashTrade-offs everywhere
moparisthebestYup but this tradeoff at least seems basically clear cut
moparisthebestCompression or encryption, pick one
jonaswmoparisthebest: it’s not that clear cut
ZashMemory vs security more like
jonaswin cases where an attacker cannot inject input into your output…
Zashvs compression ratio
Guushas left
Guushas joined
ZashHaving a compression dictionary per (to, from) would probably be secure and get good compression ratio, but you have to keep a ton of compression streams in memory
ZashCompressing each stanza in their own state, or doing a full flush between each stanza is probably secure and don't use too much memory, but you don't get that great compression ratio
moparisthebestjonasw: it's basically clear cut, since it's so hard to impossible to make sure attacker controlled input isn't in there, the only secure thing to do is no compression
Manchohas left
moparisthebestEspecially at the protocol level
Tobiaswouldn't EXI allow us compression of some contents and not of others..so we could exclude security relevant info from compression
moparisthebestLike maybe doing what Zash says is secure, but as a server or client you can't tell if the other end is doing it that way
moparisthebestSo the only secure thing to do is not support compression
ZashYou speak like security is absolute. It is not.
Tobiasmoparisthebest, at some level you got to trust the software on the other end, you don't know if the other end of your TLS connection is dumping the cleartext somewhere
moparisthebestTobias: sounds like exis bitpacking without compression makes size smaller while still retaining security
moparisthebestMaybe :-)
vurpohas left
vurpohas joined
vurpohas left
vurpohas joined
arcwell, if my memory and what i just re-read is sane, then in the schema you can define alternative character-restricted CH event types for chat messages
jubalhhas joined
arcfor example, you could offer a latin + extended latin + common emoticons CH type that may still be 6 or 7 bits in size, in which case it'll only use that number of bits in bitpacked
arci do *not* want to write the regular expressions for that though.
arcthankfully that'll be up to each client.
jonaswthat doesn’t sound crazy at all
arci think you would want at least 3 different format options; common latin-based language, 2-byte unicode, and full unicode
jonaswand what happens if a client gets send content which doesn’t fit that CH type?
arcjonasw: the server would use a different CH type.
jonaswah okay
ZashHuffman code all the text?
jonaswso there can be multiple :)
arcor, if no type is available according to the schema the client requested, then the message would not be delivered
arci do believe so, yes.
archonestly ive stayed the hell away from CH encoding because the regex parser scares the shit out of me
arci need to do it. one of these days, and soon.
nycohas left
nycohas joined
arcthere are one of three outcomes from such an effort;
1) I finish it and afterward find myself wiser, more self-confident, and appreciating the effort I put in
2) I finish it, but at the cost of whatever sanity I have left
3) I don't finish it, decide to change professions, and end up working at a starbucks
sonnyhas left
blipphas left
SamWhitedarc: starbucks? Aren't you moving to Portland? You'll have your choice of much better coffee shops there!
arcSamWhited: lol
ZashThere's a 4th option, move into the woods and become a potato farmer.
arcI tried that already. I got really, really bored.
arcthere's 8 acres of land in New Hampshire owned by a monastic society I founded about a decade ago
arcthe last I heard there's still 3 people living there.
arctry a git clone on a dialup modem...
arcbut since its a church, its not required to file with the IRS - only updating its information with the state every 5 years. its exempt from paying property taxes, so the land is effectively perpetual
Alexhas joined
arcin 2020 ill just have to make sure an online form gets filed with the state as a keep-alive.
jubalhhas left
ZashProbably not too hard/expensive to get fiber. 3G/4G coverage might be good enough too.
arcto get there you need to drive down what looks like a driveway, but is a public gravel road, with utility poles that have telephone but no electric. there is only a weak GSM 2G cell service at best (often no signal), no cable, and its too far out for DSL. the only power on the land is 2 solar panels mounted to the roof of a yurt.
ZashThe word "here" was missing in that sentence.
ZashSmall village I lived in in like ~2000 had fiber.
ZashThen I moved into the city. Got worthless cable with download caps.
ZashLocal hackerspace only got fiber now and it's pretty central.
arcoh they have decent cable internet there, but nowhere near the land. we got the land cheap as hell because there's absolutely nothing near it. there's an adjoining 118 acre plot, and an adjoining 270 acre plot, both of which are owned by family trusts and are never used
sonnyhas left
blipphas joined
arcits overlooking a lake, and on the other side of the lake there is cable service with 100m business class available. if i moved back at any point, I'd buy a tiny shed with a microwave beam from the other side of the lake, and upgrade the solar capacity
jonasw:D
SamWhitedhas thought about doing something similar a few times.
arcbut right now the monastery survives on having virtually no expenses. they have a vegetable garden that sells at the local farmers market, and have bulk supplies delivered down the 4 mile dirt road, and the telephone bill.. but that's about it.
arcSamWhited: I can literally tell you everything about incorporating a monastery. ;-)
SamWhitedI meant getting a tiny shed with Solar (which works very well in Texas) and then getting a Fiber line as far out of the city as Google will run it and doing microwave or something to get it to me.
arcah, yea. thats more sane.
arcif you ever lose your mind and need to completely escape i can help there too lol
SamWhitedDon't tempt me; I'm dangerously close to that again already!
Tobiashas joined
waqashas left
boothj5has joined
arcif i did it again id make it a lot more tech focused and closer to a city, a place for techies to retire, or at least retreat to, but without being completely cut off.
arcDestiny in Vermont (about 30 miles from the monastery) is a much better model. 200+ acres, permanent kitchen building, sewage, off the grid but good cell service.
Zasharc: Let me tell you about the church of Kopimism
archeh a friend is incorporating a church of cannabis right now with a similar vibe
jonaswI read cannibals at the first attempt.
jonaswthat was way more disturbing.
arcjonasw: i like the world you live in. :-)
jerehas joined
sezuanhas left
SamWhitedhas left
arcno the monastery is associated with Quakers, "Monastic Friends", and is effectively stable with people who just want to retire and live on the land away from technology. we had more technically minded people involved early on, but i didnt understand an important property of group building back then - the early form an organization takes will determine who will remain involved with it, and thus who will shape its future.
Alexhas left
arcthe people there, and by design they're the same people who make decisions for the organization, don't want to grow the monastery or develop it in any way. they just want to live their lives in quiet reflection.
danielhas left
sonnyhas left
boothj5has left
nicolas.veritehas joined
jubalhhas joined
efrithas joined
SamWhitedhas left
ooihhas left
ooihhas joined
mimi89999has left
blipphas left
blipphas joined
Zashhas left
efrithas joined
jubalhhas left
blipphas left
blipphas joined
winfriedhas left
winfriedhas joined
SouLhas left
kalkinhas left
SouLhas joined
kaboomhas left
Guushas left
Guushas joined
Guushas left
Guushas joined
efrithas joined
efrithas left
efrithas joined
Lancehas joined
mimi89999has joined
ooihhas left
jonaswhas left
ooihhas joined
ooihhas left
uchas joined
pep.has left
pep.has joined
pep.has joined
pep.has left
pep.has joined
pep.has left
uchas left
uchas joined
pep.has joined
pep.has left
pep.has left
pep.has joined
jerehas joined
Lancehas left
pep.has left
pep.has joined
archas left
archas left
Guushas left
Guushas joined
kalkinhas left
archas left
Alexhas joined
Alexhas left
devnullhas left
devnullhas joined
jerehas joined
danielhas left
Zashhas joined
moparisthebesthas joined
jubalhhas joined
Guushas left
Guushas joined
nycohas joined
nycohas joined
nicolas.veritehas left
vurpohas left
vurpohas joined
kalkinhas left
nycohas left
nycohas joined
Lancehas joined
nicolas.veritehas joined
Lancehas left
efrithas joined
nicolas.veritehas left
jubalhhas left
jubalhhas joined
mimi89999has left
mimi89999has joined
jubalhhas left
nycohas joined
nicolas.veritehas joined
devnullhas left
Guushas left
Guushas joined
devnullhas joined
Zashhas joined
suzyohas left
efrithas joined
nycohas left
nycohas joined
nicolas.veritehas left
nycohas joined
nycohas joined
nycohas joined
nycohas joined
nicolas.veritehas joined
danielhas left
jerehas joined
waqashas joined
archas left
archas left
nicolas.veritehas left
vurpohas left
vurpohas joined
nicolas.veritehas joined
nicolas.veritehas left
nycohas left
nycohas joined
nicolas.veritehas joined
vurpohas left
vurpohas joined
Zashhas joined
xnyhpshas left
xnyhpshas left
kaboomhas joined
Tobiashas joined
arcive learned a lot about how to form a successful new org through many, many mistakes.
XSF Discussion - 2017-03-04