-
arc
Or twelve easy payments of $59!
-
Ge0rG
That reminds me of the jabber trademark license fee... Is it still a thing for commercial applications?
-
arc
I do not believe so, any evidence to the contrary appears to be a mistake. But you should reach out to PSA for that
-
arc
I'm excited to pull in a whole new group of XMPP enthusiasts to the XSF
-
arc
http://www.sensei-iot.org/ over 100 members to this IoT working group
-
arc
and its all XMPP
-
arc
William (the man I met with today) is extremely interested in discussing IoT security issues and cross protocol gateways using XMPP as a core standard for interop
-
arc
how this man, who knows PSA, Michael Holden, Rikard, Peter Waher, and others, has been working with and promoting XMPP for 5 years or more, and has never been invited to join the XSF is beyond me
-
fippo
arc: the xsf is not something where you need an invite to join
-
Tobias
even more scary, you have to candidate and be voted in...think of all the campaigning involved
-
arc
fippo: no its not, but you do need to know you can join.
-
arc
ive been taking an active approach to reaching out to xmpp library developers trying to grow the xsf membership for the last year, and we've had at least a handful of new members join that way who've been working with XMPP for years
-
arc
in many foundations that FOSS devs are used to working around, membership is not so easy. often you do need an invite and often an onerous process to join. joining the Python Software Foundation, for example, has always been a painless but undocumented process which boils down to "what, she isn't already a member? we should add her to the list"
-
Tobias
what do you get from joining the PSF?
-
arc
the ability to vote and invite to the posh free annual member dinner at PyCon
-
arc
and being able to join the members-only list, which boils down to about the same as the XSF
-
Tobias
ah..ok
-
arc
I was an officer for the PSF before I was a member, I became a member when a board member asked me at pycon if i was coming to the member luncheon and I told him I wasn't a member. He brought me to the luncheon, and I became a member
-
arc
your first annual meeting with the PSF (which is the luncheon or dinner) you stand up to introduce yourself. and its done.
-
arc
there are several developers with python-dev (aka they have commit/push rights to Python itself) who are not yet PSF members due nobody noticing that they're not members yet.
-
arc
anyway - so thoughts on this proposed "httpx" URI scheme for http over xmpp?
-
arc
i guess it boils down to whether XMPP is considered a proxy service or a primary protocol
-
jonasw
arc: why would one want to do http over xmpp?
-
jonasw
I only heard people *joking* about that.
-
Ge0rG
jonasw: so that you can tunnel HTTP over BOSH.
-
jonasw
arc: I’m sure there are usecases, but which are they?
-
Ge0rG
In band http upload?
-
Ge0rG
jonasw: we should write up something for next month.
-
jonasw
Ge0rG: XEP-0363 over XEP-0332?
-
Ge0rG
jonasw: Yeah, I'm sure we can add some more layers to the stack... WebSockets, serverless, mdns, json/rest...
-
jonasw
I’d rather work on something productive at the moment.
-
jonasw
also, my april 1st thing (if I get around to do it) will be on mtr-tiny
-
Ge0rG
jonasw: I'd like to proof read it, if that's okay for you
-
jonasw
Ge0rG: what? what I do with mtr-tiny?
-
Ge0rG
jonasw: Yeah, that one
-
moparisthebest
Hmm HTTP over xmpp using xep368 over tls on port 443...
-
moparisthebest
What's the point? :/
-
arc
jonasw: to hide your IP address
-
jonasw
arc: you can use a generic HTTP proxy for that
-
Zash
For when you don't have Tor, but do have XMPP?
-
arc
jonasw: that would be a fine solution too, especially if there was a manner for your xmpp server to provision it
-
arc
and if Tor was more widely deployed that could work too
-
arc
i want to close the IP leak tho with shared URLs
-
arc
btw moparisthebest i did a quick and dirty test late last night, exi compressed offers not much in the way of actual compression when used for xmpp due to flushes for stanzas
-
arc
there would be a few cases that it would such as some pubsub payloads
-
arc
so a lot of the values for a reasonable client's schema has a lot of low values; 01, 02, 04.. compression does pack those values together, but it doesnt save nearly as much as bitpacked does
-
arc
and text messages are too small to save a ton unless a dictionary is pre-applied
-
arc
there are some bitpacking schemes you can use to compress latin text down tho
-
Zash
Heh, dictionary based on xml:lang? heeeheh
-
moparisthebest
Zstd has an interesting dictionary thing built in too, but if compression can't be secure I don't see why it matters much
-
moparisthebest
Like secure wouldn't matter on a private LAN, but bandwidth isn't an issue there either
-
Zash
Trade-offs everywhere
-
moparisthebest
Yup but this tradeoff at least seems basically clear cut
-
moparisthebest
Compression or encryption, pick one
-
jonasw
moparisthebest: it’s not that clear cut
-
Zash
Memory vs security more like
-
jonasw
in cases where an attacker cannot inject input into your output…
-
Zash
vs compression ratio
-
Zash
Having a compression dictionary per (to, from) would probably be secure and get good compression ratio, but you have to keep a ton of compression streams in memory
-
Zash
Compressing each stanza in their own state, or doing a full flush between each stanza is probably secure and don't use too much memory, but you don't get that great compression ratio
-
moparisthebest
jonasw: it's basically clear cut, since it's so hard to impossible to make sure attacker controlled input isn't in there, the only secure thing to do is no compression
-
moparisthebest
Especially at the protocol level
-
Tobias
wouldn't EXI allow us compression of some contents and not of others..so we could exclude security relevant info from compression
-
moparisthebest
Like maybe doing what Zash says is secure, but as a server or client you can't tell if the other end is doing it that way
-
moparisthebest
So the only secure thing to do is not support compression
-
Zash
You speak like security is absolute. It is not.
-
Tobias
moparisthebest, at some level you got to trust the software on the other end, you don't know if the other end of your TLS connection is dumping the cleartext somewhere
-
moparisthebest
Tobias: sounds like exis bitpacking without compression makes size smaller while still retaining security
-
moparisthebest
Maybe :-)
-
arc
well, if my memory and what i just re-read is sane, then in the schema you can define alternative character-restricted CH event types for chat messages
-
arc
for example, you could offer a latin + extended latin + common emoticons CH type that may still be 6 or 7 bits in size, in which case it'll only use that number of bits in bitpacked
-
arc
i do *not* want to write the regular expressions for that though.
-
arc
thankfully that'll be up to each client.
-
jonasw
that doesn’t sound crazy at all
-
arc
i think you would want at least 3 different format options; common latin-based language, 2-byte unicode, and full unicode
-
jonasw
and what happens if a client gets send content which doesn’t fit that CH type?
-
arc
jonasw: the server would use a different CH type.
-
jonasw
ah okay
-
Zash
Huffman code all the text?
-
jonasw
so there can be multiple :)
-
arc
or, if no type is available according to the schema the client requested, then the message would not be delivered
-
arc
i do believe so, yes.
-
arc
honestly ive stayed the hell away from CH encoding because the regex parser scares the shit out of me
-
arc
i need to do it. one of these days, and soon.
-
arc
there are one of three outcomes from such an effort; 1) I finish it and afterward find myself wiser, more self-confident, and appreciating the effort I put in 2) I finish it, but at the cost of whatever sanity I have left 3) I don't finish it, decide to change professions, and end up working at a starbucks
-
SamWhited
arc: starbucks? Aren't you moving to Portland? You'll have your choice of much better coffee shops there!
-
arc
SamWhited: lol
-
Zash
There's a 4th option, move into the woods and become a potato farmer.
-
arc
I tried that already. I got really, really bored.
-
arc
there's 8 acres of land in New Hampshire owned by a monastic society I founded about a decade ago
-
arc
the last I heard there's still 3 people living there.
-
arc
try a git clone on a dialup modem...
-
arc
but since its a church, its not required to file with the IRS - only updating its information with the state every 5 years. its exempt from paying property taxes, so the land is effectively perpetual
-
arc
in 2020 ill just have to make sure an online form gets filed with the state as a keep-alive.
-
Zash
Probably not too hard/expensive to get fiber. 3G/4G coverage might be good enough too.
-
arc
to get there you need to drive down what looks like a driveway, but is a public gravel road, with utility poles that have telephone but no electric. there is only a weak GSM 2G cell service at best (often no signal), no cable, and its too far out for DSL. the only power on the land is 2 solar panels mounted to the roof of a yurt.
-
Zash
The word "here" was missing in that sentence.
-
Zash
Small village I lived in in like ~2000 had fiber.
-
Zash
Then I moved into the city. Got worthless cable with download caps.
-
Zash
Local hackerspace only got fiber now and it's pretty central.
-
arc
oh they have decent cable internet there, but nowhere near the land. we got the land cheap as hell because there's absolutely nothing near it. there's an adjoining 118 acre plot, and an adjoining 270 acre plot, both of which are owned by family trusts and are never used
-
arc
its overlooking a lake, and on the other side of the lake there is cable service with 100m business class available. if i moved back at any point, I'd buy a tiny shed with a microwave beam from the other side of the lake, and upgrade the solar capacity
-
jonasw
:D
- SamWhited has thought about doing something similar a few times.
-
arc
but right now the monastery survives on having virtually no expenses. they have a vegetable garden that sells at the local farmers market, and have bulk supplies delivered down the 4 mile dirt road, and the telephone bill.. but that's about it.
-
arc
SamWhited: I can literally tell you everything about incorporating a monastery. ;-)
-
SamWhited
I meant getting a tiny shed with Solar (which works very well in Texas) and then getting a Fiber line as far out of the city as Google will run it and doing microwave or something to get it to me.
-
arc
ah, yea. thats more sane.
-
arc
if you ever lose your mind and need to completely escape i can help there too lol
-
SamWhited
Don't tempt me; I'm dangerously close to that again already!
-
arc
if i did it again id make it a lot more tech focused and closer to a city, a place for techies to retire, or at least retreat to, but without being completely cut off.
-
arc
Destiny in Vermont (about 30 miles from the monastery) is a much better model. 200+ acres, permanent kitchen building, sewage, off the grid but good cell service.
-
Zash
arc: Let me tell you about the church of Kopimism
-
Zash
https://en.wikipedia.org/wiki/Missionary_Church_of_Kopimism
-
arc
heh a friend is incorporating a church of cannabis right now with a similar vibe
-
jonasw
I read cannibals at the first attempt.
-
jonasw
that was way more disturbing.
-
arc
jonasw: i like the world you live in. :-)
-
arc
no the monastery is associated with Quakers, "Monastic Friends", and is effectively stable with people who just want to retire and live on the land away from technology. we had more technically minded people involved early on, but i didnt understand an important property of group building back then - the early form an organization takes will determine who will remain involved with it, and thus who will shape its future.
-
arc
the people there, and by design they're the same people who make decisions for the organization, don't want to grow the monastery or develop it in any way. they just want to live their lives in quiet reflection.
-
arc
ive learned a lot about how to form a successful new org through many, many mistakes.