Hidiho! In the light of Push Notifications I wondered if it wouldn't make sense to add a <no-push xmlns="urn:xmpp:hints"/> to https://xmpp.org/extensions/xep-0334.html ?
rionhas left
Ge0rG
zeank: where should it be used, then?
nycohas joined
zeank
To not trigger a push on the server side
Tobias
and you want remote parties in control of that?
zeank
in certain cases, yes
zeank
Ok, I see a problem … they could control it all then :/
nicolas.veritehas left
Tobias
zeank, what cases are those?
zeank
in our scenario we exchange let's call it meta information between clients
zeank
as messages though
zeank
and we don't want to trigger a push for those
Kev
Servers need to not act on hints, because you almost never want a remote client being able to tell your server what to do about things like storing or copying or pushing.
zeank
typing notifications could be another
Tobias
why would servers trigger push notifications on body-less messages
ralphmhas left
blipphas joined
zeank
hm, fair point in our case all messages are body less because they are encrypted and have no body in general
zeank
it's a proprietary system
zeank
just thought it might be useful for others as well
zeank
@Kev so the whole XEP is wrong?
Ge0rG
I think we need a common ruleset for decisions about pushing, carbon-copying and MAM-archiving of messages.
Kev
zeank: I thought 334 said that they were just hints, and entities didn't have to honour them.
Ge0rG
Kev: the alternative would be to encode stateful processing rules in the server, right?
Kev
But if it really says that a remote client can choose whether my server puts things in my archive, then yes, it's of limited applicability (rather than wrong, as it might still be useful in closed systems), and we need to be very careful about anything depending on it.
zeank
yes, they are just "hints", but they are targeting the behaviour of the server, not sure how push and MAM are so different in this regard then
sonnyhas joined
kalkinhas left
Tobias
zeank, that proprietary system sounds interesting if it can encrypt even typing notifications, which OMEMO currently can't afaik :)
kalkinhas joined
zeank
we don't have typing notifications yet, just to be clear ;)
Tobiasis much less excited now
zeank
:p
Ge0rG
Kev: do you happen to have an idea how to make the desired functionality of hints secure and proper, in the context of the right trust boundaries?
Laurahas left
Laurahas joined
Kev
Ge0rG: Put the rules in the server not the remote client, is all I have.
mhterreshas joined
Holger
As for the copying of messages, doesn't XMPP core allow the sender to control this by addressing the full vs. bare JID and using certain message types?
Kev
What gets archived by the server is very clearly a server decision, not a remote client decision.
Kev
Holger: Not with carbons.
Tobias
right, but there are currently few sensible guidelines on that, not?
Ge0rG
Kev: "A message of type 'chat' is not eligible for carbon copies if it contains a body and the body starts with the verbatim string '?OTR'"
Holger
Yes then XEP-0280 breaks this, which is why we need hints for that :-)
zeank
:p
Ge0rG
Holger: actually, the remote party can only choose between "deliver to THIS resource" and "deliver to somebody implementation-defined"
Holger
Sure.
Ge0rG
and I really despise the last part of it.
Holger
I think the desired behavior is to be able to address either an individual device or the account.
Ge0rG
because you can't rely on it, but you need to for a proper notification implementation.
jonasw
we could all agree that "somebody implementation defined" is "nobody, but everyone interested gets a carbon copy" :)
jerehas joined
Ge0rG
jonasw: that makes sense if all your clients enable carbons and if you make no client-side semantic difference between "real" messages and carbons
Ge0rG
jonasw: but the latter will bite you in a multi-client context.
Ge0rG
e.g. in the "I have my phone on the desk and use my desktop" user story.
jonasw
Ge0rG: you need to solve that anyways, no matter if you CC everything or not
nicolas.veritehas joined
jonasw
because the user can switch at any point in time
Ge0rG
jonasw: yes, but you can use carbons as a hint
jonasw
for the former part: clients who cannot into CC are annoying anyways and they’re gambling on whether they get messages or not as-is
jonasw
Ge0rG: but you depend on the server implementation-defined mess if your peer always addresses the bare JID like your client does ;)
nicolas.veritehas left
jonasw
I’d rather use xep 84 as a hint actually.
Ge0rG
> clients who cannot into CC are annoying anyways
said the pidgin user
jonasw
yes, that means that I must know, Ge0rG.
Martinhas joined
narcodehas left
Martinhas left
Ge0rG
It's obviously getting complicated and complicated, on the client side. This is the opposite of the general idea of XMPP, but we could do something like this:
on received message:
if (message is carbon or sent to bare JID) and (we got presence/activity from another resource of our account recently):
delay notification by a 1-minute timer which is cancelled on activity from another client
Martinhas joined
Holger
Conversations does the "we got presence/activity from another resource" check.
Laurahas left
Ge0rG
Holger: Conversations does many things that are not codified. While this is good for Conversations users, it makes it harder for future client implementations
Holger
A better solution might be looking at the CSI state. Then again, at least desktop clients probably just don't have a good idea of whether they're currently active or not.
Ge0rG
What about just reading tea leaves?
Kev
I think 'implement Kev's upcoming read-sync XEP' might be a good approach ;)
Kev
I really need to write something there, though :/
Tobias
Ge0rG, that won't float well with coffee enthusiasts
Manchohas joined
Ge0rG
Tobias: they wouldn't even notice, if we provide centralized access to tea-leaves-entropy. Otherwise, we'd need to kindly ask the user to make a photograph.
blipphas left
blipphas joined
kaboomhas left
kaboomhas left
nycohas joined
kaboomhas left
kaboomhas left
kaboomhas left
goffihas joined
rionhas joined
efrithas joined
goffihas left
goffihas joined
jubalhhas joined
jubalhhas left
nycohas joined
Ge0rG
Kev: the read-sync sounds like a more explicit way to tell other clients that messages have been read. I'm not sure if it will also help in the notification-delay/prevention situation
Kev
Well, it helps, because it's an explicit way of knowing that a message doesn't need to be notified (or that a notification can be cleared), but it doesn't prevent you needing some logic somewhere about delaying notifications, indeed.
Kev
I think that's just the cost of doing business.
Ge0rG
Kev: will it be similar to chat state notifications?
Kev
Not particularly, no :)
kaboomhas left
efrithas joined
nicolas.veritehas joined
nicolas.veritehas left
Valerianhas left
Valerianhas joined
Valerianhas left
kaboomhas left
mhterreshas left
Guushas left
lloydwatkinhas joined
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
Ge0rG
Kev: why not?
Kev
Because CSN go to the other party, and read sync goes to your server, and from there to your clients?
Ge0rG
Hm. So it's an account-centric thing.
kaboomhas left
Kev
Yes.
jonasw
Kev: you could send CSN to your own bare JID :-)
jonasw
and let carbons do the rest
Ge0rG
jonasw: it would get reflected to yourself.
jonasw
exactly
Kev
jonasw: That doesn't work for saying which messages are read, though.
Ge0rG
there is no xmpp primitive to "send something to all the other clients of yours"
jonasw
Kev: yes, but isn’t there something for that already?
jonasw
Ge0rG: ah, that’s what you mean
jonasw
Ge0rG: well, we may need one
Ge0rG
one could use PEP
jonasw
ugh
Tobias
Ge0rG, with carbons there is, not?
jonasw
Tobias: all *other* clients
Ge0rG
Tobias: what'd be your destination JID? the server?
Tobias
Ge0rG, your own bare JID? :)
Ge0rG
message to "account-domain.xmpp" would get carboned to all other clients
Ge0rG
Tobias: no. you'd get the message twice
jonasw
on each resource (once as <sent/>, once as <received/>)
Ge0rG
Tobias: first the 'sent' carbon, then the delivered message/carbon
Ge0rG
except on the sending client, it would only get one copy
Tobias
Ge0rG, "at least once" semantic is easier than "exactly once"
Ge0rG
Tobias: but using the "most probably twice" semantics is just wrong.
Holger
What's wrong with PEP BTW?
jonasw
redundancy!
nicolas.veritehas joined
nicolas.veritehas left
suzyohas left
suzyohas joined
kaboomhas left
nycohas joined
kalkinhas left
kaboomhas left
kalkinhas joined
lskdjfhas joined
kaboomhas left
kaboomhas left
kaboomhas left
nycohas joined
kaboomhas left
Manchohas left
Alexhas joined
nicolas.veritehas joined
Alexhas left
Holgerhas left
nicolas.veritehas left
lskdjfhas left
Tobias
and that would be the last XMPP related fosdem talk tweeted about
kaboomhas left
Guus
which reminds me: we could use a new post for the blog. Anyone interested in writing one?
sonnyhas joined
sonnyhas joined
nicolas.veritehas joined
Ge0rG
Guus: what should it be about?
kaboomhas left
Tobias
Ge0rG, federal reserve, rainforest, and that sort of thing
Ge0rG
Tobias: xsf world domination plans? Because it's a greater challenge if we announce the plans in advance?
nicolas.veritehas left
Tobias
we already have a retracted XEP for that :P that should be enough of an announcement
kaboomhas left
kaboomhas left
kaboomhas left
Valerianhas joined
nycohas joined
Ge0rG
Retracted? People don't even care about experimental...
kaboomhas left
Guus
Ge0rG: I have no specific agenda, other than trying to help make sure that the blog gets regular updates. So far, I've reached out to Daniel for an OMEMO post, and Rikard for an IoT one.
Tobias
well..it's kind of hidde
Tobias
*hidden
kaboomhas left
Yagizahas left
Guus
If you have a good idea, feel free to submit something. You can easily add a blog post via a PR on the website, or send it to me by text, and I'd be happy to post on your behalf.
Tobias
Ge0rG could write about how snarky comments in open standards communities result in improved protocols ;)
Ge0rG
Guus: sounds good to me. I'm sure nobody wants ME to write a guest post.
Tobias
or more seriously, about his efforts on improving UX and usability
Guus
Ge0rG: guest? you're a member, right?
Ge0rG
Guus: right. But I'm not a regular contributor to the blog.
Ge0rG
Tobias: im sure that would get flagged immediately because of neutrality concerns.
Tobias
Ge0rG, a blog without regular posts doesn't have any regular contributors at all
Tobias
Ge0rG, we could neutralize it
Guus
Ge0rG: I wonder if anyone considers themselves a 'regular blogger' here. There's people that posted more than others, but that's more because of a lack of input by the others. :)
nicolas.veritehas joined
Ge0rG
Tobias: also, what would be the target audience? It seems that it's widely irrelevant to users, and there are two camps of developers: the ones who don't care, and the ones who have no time to improve
Tobias
yeah...try to channel that optimism into words for the blog post
nicolas.veritehas left
Guus
(no response, which presumably means he's drafting a post!)
Guuseyes dwd
Ge0rG
I feel a bit like Aragorn, having his motivational speech before the fight of helm's deep. Except there is no army. Actually, now that I think of it, it's probably more like Tyrion Lannister's "don't fight for your king" speech.
Guus
so, you're good with words...
Guus
Ge0rG: You might be making a bit to much of it :)
nycohas joined
Ge0rG
Guus: this is probably a sign that I'm overqualified ;)
Guus
Ge0rG: Perhaps. You should take this as a challange to see if you can lower yourself to our level!
Tobias
Ge0rG, it might result in more users demanding better usability for their clients, who knows
vurpohas left
Ge0rG
Tobias: quite seriously, I'm not sure how to frame the whole thing. "Here is this new set of ideas how to make XMPP better"?
vurpohas joined
vurpohas left
vurpohas joined
vurpohas left
Ge0rG
Tobias: the obvious question for the readers would be "why are they talking about it, instead of just doing it"
Guus
Ge0rG: perhaps frame the fact that we need a solution for a probem? "Clients look aweful, we could use an effort to stream line things. We've started doing that at xyz"
Guus
(but nicer)
vurpohas joined
Tobias
Ge0rG, well..it makes little sense talking here about it, as you already made your point and few new people come here
vurpohas left
Tobias
i think our blog has a wider target audience than this room
dwd
Also more tweetable.
Guus
Tobias: do you have access to pageview stats?
Tobias
no
vurpohas joined
Tobias
i'd also would like to have access to xmpp twitter account analytics...to see if all that tweeting increased out followers (it did, but how much)
Ge0rG
Guus: the next problem is: I'd really like to use specific examples of how things can be improved, namely conversations and (to a degree) yaxim. But then it'd result in something like https://yaxim.org/blog/2017/01/31/yaxim-0-dot-9-security-easy-xmpp/ and obviously violate XSF neutrality in a way that's hard to neutralize
vurpohas left
Guus
Ge0rG: I'd almost consider that a follow-up post. I'm not to bothered by the neutrality thing (but others disagree), but, referencing to Yaxim as an example should be fine I think - more so if you can reference another implementation too
vurpohas joined
vurpohas left
vurpohas joined
Ge0rG
I fear that even mentioning https://github.com/ge0rg/easy-xmpp-invitation which is really client-agnostic (except for the hardcoded list of yaxim+conversations) would be seen as a violation
Guus
There's always goign to be someone that sees something as a violation of something. If that stops people, nothign would get done.
jonasw
Guus: +1
Ge0rG
Guus: I just extrapolate the previous feedback I've received from XSF members to my public statements about the state of XMPP.
Ge0rG
Guus: if I disregard that, I can imagine writing a call-to-action post about Easy XMPP. And I'll try hard to make it as positive as possible
Guus
Ge0rG: you might generate more feedback than others here :)
Ge0rG
Guus: I'm not sure if the feedback I generate is of the right sort.
vurpohas left
vurpohas joined
Guus
Ge0rG: I'd love for you to draft a rough outline of a post. We can do a PR on that, and have some reviews.
Ge0rG
Guus: deal
Guus
awesome, thanks!
Guus
and again - I think it might be a good idea to smear this topic out over a couple of posts. One that describes the problem and the approach taken to start working on a fix - another one that describes a few of the fixes, and more that illustrate how individual implementations are now improved. Then, a final one where you claim victory.
danielhas left
Guus
Ge0rG: there might be a handful of posts and world dominition in this for you ;)
danielhas joined
Ge0rG
Guus: I don't aim for world domination
Ge0rG
Guus: all I want is a nice big yacht. :D
vurpohas left
vurpohas joined
Guus
Ge0rG: if you want, I can put you in contact with one of my Nigerian royal friends who badly need to transfer money out of the country? Supposedly, that's a win/win and risk-free.
Ge0rG
Guus: I think I'm already in negotiations with that person
jonasw
:)
Guus
Ge0rG: I am sure then that your ship will litererally and figuratively come in any minute now.
vurpohas left
Guus
Tobias: could you do a review of https://github.com/xsf/xmpp.org/pull/185 ?
Guus
I think it's ready to merge now (finally)
Tobias
will do this evening
vurpohas joined
Guus
Thanks
vurpohas left
vurpohas joined
jonasw
is my dynamic list generation code live already?
Guus
jonasw: I think so, yes.
jonasw
then we can start the attack on the quality of listed software, right?
Guus
I fixed the problem that prevented a bunch of commits to go live, after which the changes that were visible to me popped up.
jonasw
with requiring projects to re-request their listing and so on
Guus
jonasw: I see a blogpost in your immediate future :D
I’m super tired right now, not sure if writes to my task memory persist currently :)
Guus
no worries, I'll be here to haun...remind you.
Yagizahas joined
Yagizahas joined
Ge0rG
Guus: https://github.com/xsf/xmpp.org/pull/274 - I'm sure this will ignite a discussion.
vurpohas left
vurpohas joined
vurpohas left
intosihas left
vurpohas joined
suzyohas left
blipphas left
Yagizahas joined
intosihas joined
danielhas left
sonnyhas joined
danielhas joined
sonnyhas joined
kalkinhas left
kalkinhas joined
Yagizahas left
Flowhas joined
Alexhas joined
Guus
Thanks Ge0rG. I responded on github
Yagizahas joined
Ge0rG
Guus: the verbatim tldr will get out, but I'm used to make the first paragraph of long posts effectively a tldr
suzyohas joined
Guus
Ge0rG: that might be a sign that the text is to long for a blogpost :)
Guus
but, a matter of personal preference, probably
Guus
My main point is that I really dislike 'tl;dr'
Ge0rG
Guus: I'd say it is a sign of respect to the prospective reader. I tell them in a single paragraph if the remaining part worth reading.
Ge0rG
*is
Guus
personal preference. :)
Guus
go for it - it's your text.
Flowhas left
Ge0rG
Guus: thanks for your feedback. I'll update the pr when I find some more time
blipphas joined
Zashhas joined
Alexhas left
Alexhas joined
Alexhas left
uchas left
uchas joined
mimi89999has joined
Yagizahas left
mimi89999has joined
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
intosihas left
kaboomhas left
jonasw
Guus: you could call it "Abstract", is that better?
intosihas joined
Ge0rG
jonasw: what's wrong with an implicit "summary"
jonasw
I don’t know.
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
mimi89999has left
Alexhas joined
bjchas joined
mimi89999has left
bjchas left
bjchas joined
mimi89999has joined
mimi89999has left
mimi89999has left
mimi89999has left
kaboomhas left
bjchas left
bjchas joined
kaboomhas left
kaboomhas left
kaboomhas left
Valerianhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
winfriedhas left
kaboomhas left
kaboomhas left
dwd
So... The only point where mam:2 makes any difference is in the one place where the XML namespace is not used.
Holgerhas left
Holgerhas left
nycohas joined
nicolas.veritehas joined
dwd
... and this has no impact *at all* on MIX.
nicolas.veritehas left
kaboomhas left
lskdjfhas joined
mimi89999has joined
kaboomhas left
Holgerhas left
mimi89999has joined
mimi89999has left
jerehas joined
kaboomhas left
mimi89999has joined
kaboomhas left
Yagizahas joined
kaboomhas left
kaboomhas left
kaboomhas left
Yagizahas left
Alexhas left
Alexhas joined
Yagizahas joined
Tobiashas joined
Holgerhas left
Zashhas left
Zashhas joined
Manchohas left
Holgerhas left
Holgerhas left
Alexhas left
bearhas joined
waqashas joined
jerehas joined
Kev
Question, UX experts.
Valerianhas joined
Kev
Hypothetically if you were writing an XMPP client and wanted the experience when opening a chat from within a MUC to not suck (i.e. to open to the real JID instead of the room JID) in the usual case, how (if at all) would you protect it against spoofing on untrusted remote MUC services?
jerehas joined
lskdjfhas left
Ge0rG
Kev: you are talking about private chats?
dwd
Hypoethetically, if I were using an untrusted remote MUC service, how stupid would I be to be sending it messages anyway?
Kev
It depends on the trust, I think?
Ge0rG
with my UX hat: I'd just open a chat wit the bare JID advertised in the MUC.
with my security hat: what dwd said.
dwd
Kev, What are you trusting it to do and not do?
Kev
I mean, I may trust my inane discussions to something, but not want it to be able to lie about someone's real JID and have me spam a helpless person directly.
Ge0rG
Kev: this is the same security concerns I'm pondering about for some weeks already, in the context of mediated vs. direct MUC invitations
dwd
Kev, That's not a security concern.
Kev
Turning occupants into a DDoS probably is :)
dwd
Kev, That's a concern you might annoy someone, not a concern about leaking information.
Kev
I don't think I said anything about it being a concern leaking information, did I?
Kev
(Or even security)
dwd
Kev, Hardly; you're reliant on having users PM people. And if you're a remote MUC, you can spoof the PMs directly, causing people to get any responses.
Kev
You can't spoof the PM as being from my server, though.
dwd
Kev, No, but I can spoof them as being from you, via a MUC.
Kev
Yes. I'm thinking about people not in the room at all.
dwd
Kev, Who isn't in the room?
Kev
You annoy me, so I tell all jabber.org MUCs to say that every occupant's real JID is yours, and then you get spammed every time someone tries to send a PM.
dwd
Kev, That was you?
dwd
Kev, You git.
Kev
I do.
Kev
Although I don't tend to use it as a verb.
jonaswhas left
Kev
Regardless, this feels like it might not be ideal, to me.
dwd
Kev, True, that would be subversion.
Kev
Very good.
jonaswhas left
dwd
Kev, OK. So I think the "real-jid" issue here remains irrelevant. It's one case where a (popular) MUC service could abuse trust.
Kev
I'm pondering possible options being "Meh, you're in the MUC, you're showing some trust", "Do it if it's someone in your roster" (so you can probably work through the social issue if it gets spoofed), "do it if it's a local service". (where 'it' is opening to the real JID).
Ge0rG
Kev: I think the only sane solution to that is having MUC presence signed by the user's account key.
Kev
There's also revealing your own JID in the case that you're a moderator in a room.
dwd
Ge0rG, Seems fair.
Zash
How do you know what account key is the right one?
dwd
Kev, I think any of your options is fine.
Kev
Certainly the irritation of having PMs outside your normal flow is significant and I want to fix it.
dwd
Zash, By asking the MUC for the public key of its occupant of course. Duh!
Zash
MUC can't lie
SamWhited
MUC real-JID dial-back verification? When you want to verify a JID in a MUC you send them a token (through the MUC), and then they echo it back via their real-JID. I'm not sure this is necessary either, but it's fun to think about.
dwd
Zash, Evil-MUC-bit?
Ge0rG
Zash: you query the bare JID for a signed presence, or check your roster
Kev
SamWhited: Sure, but that only works if you've running over jidnssec, which no-one is :)
Ge0rG
Kev: may I point you to https://mail.jabber.org/pipermail/standards/2017-January/032021.html
SamWhited
Kev: jidnssec? Not sure if real thing or a joke I didn't get…
Tobias
it's a DNSSEC deployment joke
SamWhited
Oh, heh, right
Kev
SamWhited: It's a joke. You mentioned dialback, which is a fine thing to use for S2S as long as you have dnssec.
nicolas.veritehas joined
dwd
(And you also use TLS).
nicolas.veritehas left
Tobias
and .im domains can't do DNSSEC because people from the isle of man are afraid of locsk
Tobias
*locks
SamWhited
I think it works in this case though if you trust the s2s connection at all
SamWhited
(the s2s connection doesn't have to do dialback, I just used that name because they're echoing an HMAC or something back at you)
Kev
Yes, it's not a stupid idea.
SamWhited
You'd have to do it two ways though for mutual verification, so there's probably a better way
Ge0rG
SamWhited: like... distributed MUCs
Ge0rG
or maybe we need to replace JIDs with pubkey-based identities
SamWhited
Ge0rG: I'm assuming this was a question for a MUC implementation today, not for a future-widely-used-thing implementation.
ralphmhas left
Ge0rG
or we just ignore the problem and pretend it doesn't exist.
Zash
Let's build an elaborate PKI!
Zash
The world needs more of those
Ge0rG
Or we introduce a "security level slider" into our apps, ranging from "I don't care, just make it work" to "I'm ultraparanoid"
Kev
(And thanks all, BTW)
dwd
Ge0rG, Excellent. The world need more security options that users don't understand the implications of.
Ge0rG
Kev: so have you come to a conclusion how to do it?
Zash
Ge0rG: Key based identity would be interesting, but I don't think that's even XMPP 2, that's gotta be something completely new.
Ge0rG
dwd: most users don't understand the implications of any of the security options provided to them.
Kev
Ge0rG: I think the conclusion is "Meh, just do it"
Ge0rG
Zash: TOX maybe. It's got an "X" in it at least.
Ge0rG
Kev: this conclusion was also reached at the end of the lively security debate in the thread I pointed to.
Kev
FWIW, for mediated invitations, Swift shows it but warns that it could have been spoofed.
Kev
I can't remember if we replied to the thread or not.
Tobiashas left
Kev
But the whole mediated invite thing is horrid anyway and everyone needs to just use direct invites :)
Ge0rG
Kev: direct invites don't auto-add the receiver to the MUC affiliation
nicolas.veritehas joined
mimi89999has joined
Tobias
Ge0rG, jet fuel can't melt steel beams
Tobias
Ge0rG, i think setting up specific affiliations for participants is a quite rare use case
nicolas.veritehas left
nycohas left
Ge0rG
Tobias: I want to have a private group chat with my family members. Do you have an idea of the steps I have to perform to achieve that, client-side?
Ge0rG
Hint: none of them are described in 0045.
Kev
Ge0rG: You open Swift, you choose 'start chat' and drag all of them into it? :)
Tobias
just create a UUID MUC and invite the people you want to join
Ge0rG
Tobias: but I need to make that MUC invite-only and hidden.
Ge0rG
I think there are some forms to enable that.
Tobias
hidden yes, invite-only (why, who will know the JID?)
vurpohas left
Ge0rG
Tobias: and then I need to add all the folks into the affiliation
vurpohas joined
Tobiashas left
Ge0rG
Tobias: so you are using the JID as a password?
tim@boese-ban.dehas joined
Tobias
basically, yes
Ge0rG
Am I the only one who thinks this is significantly worse than following invites from a remote untrusted MUC?
Tobias
Ge0rG, what's your fear? people guessing the JID? that one of the participants leaks the JID?
Ge0rG
Tobias: accidental leaking of the JID
Tobias
how?
Ge0rG
Tobias: pastebinned client debug logs, server bugs
Tobias
what says the way you'd accidentially leak your JID wouldn't also leak the password if it were password protected?
Ge0rG
Tobias: JIDs are not generally considered "secret"
Ge0rG
Tobias: by violating that assumption, you are bringing your users one step closer to the abyss
Ge0rG
Tobias: leaking a password requires gross negligence
SamWhited
User probably shouldn't see or know that a JID exists (especially if it's really just a UUID), so I don't see why it matters.
Tobias
well...if you want to provide a true sense of security to your users you should do OMEMO in the MUC anyway
Ge0rG
Tobias: my point is that it's good to have additional guards
Ge0rG
and "closed affiliation" is one such
mimi89999has left
mimi89999has joined
Ge0rGhas left
vurpohas left
vurpohas joined
vurpohas left
vurpohas joined
Holger
Tobias: For OMEMO you want to have the group members affiliated with the room anyway, though :-)
Holger
And simply for listing the offline members of your group chat.
Holger
And because you want that anyway, you can just as well make the room members-only (since *this* step is simple).
Tobias
i wish there were a XEP for taht
Tobias
*that
Holger
For what?
Alexhas left
Ge0rG
Holger: for creating a members-only private MUC, I suppose
Ge0rG
I'm going to add that to yaxim soon, and write it down in the process. I'm interested in such an XEP as well
Ge0rG
Sufficiently interested to actually write it, if nobdy else *cough*daniel*cough* jumps in.
Ge0rG
https://wiki.xmpp.org/web/Easy_Group_Chats is the first iteration
Ge0rG
I've had another crazy idea: to use the "long description" of the MUC to store a link to an http-uploaded avatar
Holger
I think it's all in 0045 even though it wasn't written with that use-case in mind.
Ge0rG
Holger: you must be talking of https://xmpp.org/extensions/xep-0045.html#createroom-instant
Holger
(Except for an option to enable MUC MAM for servers who want to make this configurable.)
Holger
Ge0rG, no I wasn't suggesting an instant room. Maybe I'm missing something but what I have in mind is simply using a plain members-only room with MAM for private/presence-less group chat.
Ge0rG
Holger: and where is that written down in the XEP?
Ge0rG
I'm not quite sure what the use case of the 0045 "instant room" is, except for being comparably bad to instant soup.
Holger
Only the building blocks are there of course. It doesn't say "to create a private group chat, do this and that".
Ge0rG
Holger: but I want it to be in there.
Ge0rG
Holger: your statement is comparable to "all the building blocks for a group chat are in rfc 6120+21" :P
Holger
Ge0rG: I don't think that's comparable; 0045 adds protocol on top of the RFCs while my point is that you don't really need anything on top of 0045. But I see how a document explaining how to use 0045 to implement group chat would be useful.
SouLhas left
Ge0rG
Holger: I would even 1-up that and say that 0045 should contain it
Ge0rG
maybe the council will not be strictly opposed to adding a new informational section to 0045
And maybe #204 should be sorted out first as well :-)
Bunneh
Holger: XEP-0045: Define option name for enabling/disabling MAM #204
https://github.com/xsf/xeps/pull/204
suzyohas joined
Ge0rG
Holger: btw, being a server developer. Would you rather prefer more rules in 0280 clarifying what to do with [xep 0184] acks and [xep 0333] states, or have those two contain explicit <copy> hints?
Holger
I think adding more rules to 0280 modules is wrong.
Zash
+1
MattJ
+2
jonasw
https://xkcd.com/1810/ is sad.
intosi
+3
Alexhas joined
Ge0rG
case in point: 0184 does not mandate to use type=chat
Viniloxhas left
Holger
Indeed. I use local patches that add rules to fix such things :-/
Ge0rG
but Kev said that we shall not rely on remote clients telling us what to do
Holger
And I disagree, at least when it comes to addressing accounts vs. individual devices.
dwdhas left
SamWhited
Does anyone here have any idea how communication with IANA should work? I've been googling things like "IANA registration procedure" and "IANA expert review rules" and so far everyting is completely undocumented and worthless as usual… *grumble, grumble*
Zash
Email someone. ???, PROFIT!
SamWhited
I found one old document that explicitly said that IANA procedures were currently not documented, so I'm just about ready to assume taht's still right, everything is tribal knowledge, and then just start spamming people until someone updaets the registry.
Guus
hargh - the US went to/from DST?
intosi
Yup.
zeankhas left
SamWhited
Guus: Yup; be warned, everyone on this side of the pond is confused and grumpty today (actually, that's most days, but *more so* today)
Guus
Which explains why this meet is pretty empty...
intosi
They probably measure DST in furlongs per fortnight or something.
Guus
It's bad enough that we have DST in the first place - but everyone having a different date when it kicks in does not help either...
suzyohas left
intosi
DST: collectively tricking your employers into accepting it's okay to start and leave an hour earlier.
suzyohas joined
Lancehas joined
Ge0rG
on a slightly related note, I'd really love board meetings to be one hour earlier.
Alexhas left
Viniloxhas joined
nicolas.veritehas joined
nicolas.veritehas left
suzyohas joined
jubalhhas joined
suzyohas joined
bjchas joined
bjchas joined
jerehas left
jerehas joined
SamWhitedhas left
kalkinhas left
intosihas left
vurpohas left
vurpohas joined
SamWhited
Oh typical, and the IANA contact apparently doesn't work for Cisco anymore so the only email listed is broken.
nicolas.veritehas joined
kalkinhas joined
SamWhited
Found a personal email; let's try that.
nicolas.veritehas left
SamWhited
Oh no, matt already forwarded it. Convenient.
intosihas joined
vurpohas left
vurpohas joined
Alexhas joined
ralphmhas left
vurpohas left
vurpohas joined
Holgerhas left
intosihas left
Yagizahas left
Guushas left
blipphas left
blipphas joined
goffihas left
suzyohas left
mimi89999has left
ilmaisinhas joined
intosihas joined
mimi89999has left
Martinhas left
SamWhitedhas left
mimi89999has left
Guushas left
Steve Killehas left
Steve Killehas left
Steve Killehas joined
Guushas left
vurpohas left
vurpohas joined
jubalhhas left
jubalhhas joined
nycohas joined
SouLhas left
Zashhas left
rionhas left
Zashhas joined
Zashhas left
Zashhas left
Alexhas left
Alexhas joined
Valerianhas left
Alexhas left
Alexhas left
Alexhas left
SamWhitedhas left
Alexhas left
Valerianhas joined
intosihas left
Guushas left
Alexhas left
tim@boese-ban.dehas joined
tim@boese-ban.dehas joined
Valerianhas left
Guushas left
efrithas joined
Alexhas left
Valerianhas joined
goffihas joined
Guushas left
alhitihas joined
alhitihas left
Lancehas left
kalkinhas left
Alexhas left
Laurahas joined
Laurahas left
Neustradamushas left
danielhas left
Alexhas joined
nycohas joined
rionhas joined
Alexhas left
jonaswhas left
Ge0rGhas left
nicolas.veritehas joined
jubalhhas left
nicolas.veritehas left
Alexhas joined
suzyohas joined
Alexhas left
nicolas.veritehas joined
alhitihas joined
jubalhhas joined
alhitihas left
kaboomhas left
Manchohas left
kaboomhas left
Guushas left
suzyohas left
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
kalkinhas left
Valerianhas joined
nicolas.veritehas left
nycohas joined
uchas left
uchas joined
Ge0rGhas left
Valerianhas left
kaboomhas left
nycohas joined
jonaswhas left
nicolas.veritehas joined
Valerianhas joined
moparisthebesthas left
nicolas.veritehas left
rionhas left
rionhas joined
tim@boese-ban.dehas joined
tim@boese-ban.dehas joined
efrit
https://xkcd.com/1810/
suzyohas joined
moparisthebesthas joined
nycohas joined
rionhas left
rionhas joined
rionhas left
rionhas joined
kaboomhas left
SamWhitedhas left
kaboomhas left
lskdjfhas joined
lskdjfhas left
kaboomhas left
nycohas joined
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
nicolas.veritehas joined
Valerianhas left
kaboomhas left
kaboomhas left
kaboomhas left
kaboomhas left
rionhas left
SouLhas left
kaboomhas left
kaboomhas left
efrithas joined
nicolas.veritehas left
Manchohas left
kaboomhas left
Alexhas left
kaboomhas left
kaboomhas left
tim@boese-ban.dehas joined
tim@boese-ban.dehas joined
sezuanhas left
kaboomhas left
Alexhas joined
Alexhas left
suzyohas left
Manchohas left
nicolas.veritehas joined
intosihas joined
danielhas left
danielhas joined
sezuanhas left
kaboomhas left
SouLhas left
kaboomhas left
SouLhas left
kaboomhas left
kaboomhas left
waqashas left
kaboomhas left
jubalhhas left
Guushas left
Alexhas left
vurpohas left
vurpohas joined
winfriedhas left
jerehas left
Lancehas joined
sonnyhas joined
sonnyhas joined
Alexhas joined
nycohas joined
Tobiashas joined
Lancehas left
efrithas joined
nicolas.veritehas left
sezuanhas left
nycohas joined
nicolas.veritehas joined
Alexhas left
intosihas left
nicolas.veritehas left
kaboomhas left
kaboomhas left
vurpohas left
vurpohas joined
vurpohas left
vurpohas joined
vurpohas left
efrithas joined
nycohas joined
vurpohas joined
Manchohas left
moparisthebesthas joined
Manchohas left
nicolas.veritehas joined
sonnyhas left
sonnyhas joined
moparisthebest
SamWhited: sorry, I can't help but feel this is all my fault :-)