XSF Discussion - 2017-03-16

Am I the only one to be baffled by the Yes-Yes-Yes-No-Yes order of questions in the Last Call emails, every single time?

yes you are

Tobias: how can you know? :D

aww...multi-client support in major IM apps, "WhatsApp is open on another computer or browser. Click “Use Here” to use WhatsApp in this window."

Tobias: And you have also stored-XSS vulnerabilities in WhatsAppWeb ✏

what web app doesn'T have XSS vulnerabilities, that's their feature, isn't it?

Last time I audited a web app, I was able to type HTML/JavaScript right into the "Send message to admin" input box. Instant root!

jonasw, am I missing something or does xmpp.org already show the data based on your JSON system?

no, I think it does

https://github.com/xsf/xmpp.org/pull/278 cc @ Ge0rG (who wants to write the announcement mail for software developers) A bit of manual cannot hurt for the renewal thing.

jonasw, nice..and expiration also works as soon as last_renewed is set

there is also that deadline hardcoded in pelicanconf.py, we should adapt this once the mail is sent out

after that deadline anything without renewal disappears magically

https://github.com/xsf/xmpp.org/blob/master/pelicanconf.py#L58

so yeah...an annoucement mail would be nice to tell people to create PRs that set the last_renewed value for their project to a value in the past and that after a months or so, all entries without a last_renewed set will be removed

we can set this to date_of_mail + 1 month when the mail is sent out.

no need to modify the last renewal of projects for us.

ah, nevermind, I misunderstood you. disregard the last one, it was unrelated.

(true, but unrelated)

jonasw, could the config also be relative? like today - 13 months or so

not sure what you mean

https://op-co.de/tmp/deprecation-mail.txt draft email with PR link

there are two reasons to kick an entry from the list in the code (aside from date parsing issues): 1. if they have no renewal timestamp set, they are kicked after the date in STRICT_RENEWAL_DEADLINE has passed 2. if they *have* a renewal timestamp set, they are kicked if it is more than ENTRY_LIFETIME in the past (currently set to 365 days)

jonasw, ahh..so it does more than I thought :) good

jonasw: ENTRY_LIFETIME should be ~13 months to provide for a grace period

it does everything that was asked I think :-)

Ge0rG: fine with me. make a PR ;-)

right...I thought we'd just delete projects with no date set after the deadline, but your STRICT_RENEWAL_DEADLINE config already does this :)

does this = has the same effect

jonasw: -ETOOMANYPENDINGPRS

Ge0rG: your email footnotes have two times [2] in them

jonasw: damn off-by-ones. Fixed.

Ge0rG: it might be better to link to the commit rather than to the PR

the PR does a lot of unrelated stuff

it might be even better to link to the README

(and we can update the readme with a link to the example commit once the branch is merged)

jonasw: but I did link to the commit. It was just relative to the PR and not in the xsf repo.

argh

I cannot read urls

sorry

jonasw, right...maybe we should add a section to https://xmpp.org/software/ how authors can add new software and update the date

jonasw: URLTLDR

Tobias: might be wise, yes

Tobias: maybe we should add it to some README and link it from https://xmpp.org/software/

why not have the readme at https://xmpp.org/software/ ?

https://github.com/xsf/xmpp.org/pull/278/commits/73cd247e4af6624e60ac29bf33c3f4bf46677786#diff-ac579daf3602a0a4ea57b5fdd7f73dd8 like this readme?

Tobias: because it’s long and technical. If we want normal users to use the software directory there, we shouldn’t have that information on it

yeah..that what you linked to looks qutie long..linking to it sounds sensible

I thought I’d rather make it too detailed than too shallow.

Yay. I've been reading 0369 for the last two hours, and I only managed to get to 6.1.6

Ge0rG: you are in luck! it appears that prefer hidden is going to be broken out of that XEP. so less to read next time ;-)

(which I think is a good idea, I also thought that might make sense to break out into an add-on)

jonasw: yeah, I actually had three remarked about prefer-hidden that I already deleted.

:)

Ge0rG, you should order the audiobook version read by helen mirren

thanks for going through it :)

there is one? :-O Tobias

there should be one

Tobias: but I want the one read by Morgan Freeman('s German lipsync voice).

https://youtu.be/zmeF2rzsZSU?t=2m19s :)

Ge0rG, you mean Nelson Mandela?

jonasw, but yeah..nice work you did there...thanks :)

no problem :-)

you’re welcome

(I need to get used to using "you’re welcome" in en locales)

de nada

resolved my XMPP action items for today.

When is the next council meeting due?

Ge0rG, they usually happen on a weekly basis

So "yesterday"

Ge0rG, which reminds me to write up minutes for yesterdays meeting...nothing is more exciting than yesterday news

Tobias: was there an exciting discussion of #436?

Tobias: XEP-0045: Add <x/> tag to MUC-PMs #436 https://github.com/xsf/xeps/pull/436

i don't remember discussions about that

It looks like my train is arriving. I'm looking forward to read minutes.

http://logs.xmpp.org/council/2017-03-15/

shoo shooo

huh

is there any update on my protoxep?

(I’m not familiar with the process, so please don’t mind me asking.)

ah

I am too stupid to search

jonasw, it's awaiting votes...council members have two weeks to vote

ah, I see

didn’t know that "two weeks" detail

Ge0rG: It was mentioned last week http://logs.xmpp.org/council/2017-03-08/#16:32:52 (and then on the list) but maybe you mean a follow-up discussion?

Holger: yes. I've done what was asked from me and hoped it would get discussed again

Ah ok.

Looks like adding things to the PR wasn't enough. Need to bother someone to add it to trello.

Ge0rG, yup..what's not in trello isn't discussed :)

mail to council@?

Tobias: can you add it please?

sure

Ge0rG, seems there are pending votes on https://trello.com/c/wF37u9DJ/169-vote-on-approve-xep-0045-changes-proposed-by-georg

one of which is mine...will review that now then :)

Tobias: it might need a revote (is that a thing), because I changed the PR based on council feedback

Ge0rG, i'll put it on the agenda to discuss this next meeting

Tobias: thanks very much! Is there anything I can do to accelerate the process, so that there is no more 1-week latency in the feedback loop?

Or even 2-week in this case

Ge0rG, get dwd to vote on it

Ge0rG: have you sent the deprecation announce already?

jonasw: to board? Yes.

with the link to the commit?

jonasw: yes

hm, then I’ll make sure that the commit ID doesn’t change :)

seems i already voted on Ge0rG's PR, just forgot to mark it in Trello...now reviewing caps2

jonasw: it has a todo note

Ge0rG: what has?

jonasw: the URL

ah okay

Tobias, dwd: > <Tobias> Dave Cridland, well..p1 implemented it [MIX] too, not? > <Dave Cridland> Tobias, They implementing grouchat over pubsub; not quite the same thing. They implemented both.

(Well, an early revision of MIX.)

Holger, That's actually the one I was referring to. The thing they said was early MIX was a brief discussion; it didn't, for example, handle <presence/> or <message/> stanzas in the traditional way, a design feature that lasted all of a week or so and was contentious at the time.

Yeah whatever, just wanted to clarify that there's two totally unrelated pieces of code, so you were both right :-)

Oh.

Sorry you were referring to mod_mix, finally got that now.

While at it, personally I think if there's any chance to move non-essential functionality out of the core MIX spec into separate XEPs, that should be strongly considered.

Holger, I agree. I'm not sure what remains to be removed.

I can totally see use cases for anonymous chat, but they don't seem to be the common me, so it would be nice if implenting that would be optional (esp. on the client side_.

*implementing

Holger, indeed...it's quite an amount to review

To be honest I'm not sure that MIX should even attempt to compete with use-cases that MUC already covers

but maybe it's too early in the morning to be so controversial

which use-cases does MUC actually cover?

Holger, Anonymity seems very fundamental to operations, though.

Holger, And crucial where it arises.

jonasw, Being shit on mobile?

No, seriously, MUC covers >90% of what anyone needs for pure synchronous ephemeral chat. I don't think it's hard to make MIX cover that, too, but I think MIX can and should spread its wings wider, at least in potential.

dwd, because?

(to your comment about mobile)

dwd: +1

MattJ, The tie between your session and your participation, WRT mobile. It can be worked around to some degree, though, but it's a bit of a pain.

Right

Maybe it is a bit of a pain, but here comes a whole new spec that isn't exactly trivial either

MattJ, I suspect that most servers will find it *easier* to implement than we have done do far in Openfire.

MattJ, Due to the architecture, we couldn't reuse any of the MAM code, nor PubSub code, nor even the MUC code.

Not that any of that code is bad, it's just either in the wrong place, or highly focussed to what it does.

like the s2s code? :)

Tobias, The S2S code is just very old, basically. We've updated it a considerable amount over the past few years, including fixing a bunch of security issues.

Tobias, The MUC code, and the pubsub code, both have near-complete, all-options, implementations of '45 and '60 respectively, with full clustering.

Tobias, Sure - I've not fixed the issue you found yet. It's a hang-up of Openfire originally assuming that x.domain.example could always be reached at domain.example; that assumption has entered code in a large number of cases.

no-one is arguing that that s2s bug should be fixed, Tobias. Daytime jobs and all.. :)

Guus, dwd, yeah i know..just nitpicking :)

interop problems are annoying

you should simply switch to Openfire and be done. :)

Guus, and you are 100% sure that openfire would not have that issue :P

(I'm somewhat in a defiant optimistic mood now that it turns out i'm not living in the newest populist-governed country)

Tobias, Actually yes, because the assumption operates bidirectionally.

Guus, As you should be.

dwd, i wonder if there could be a security issue there

Tobias, Actually, I suspect this case is due to authenticating domains individually rather than authorizing as domain-pairs. So no security issue.

dwd, didn't you propose some standard for that once? bidi or dwd?

Tobias: yes.

also, what he said

(eww, lag)

Tobias, No. Those still operate on pairs.

but it was a practice gtalk was doing right? reusing a s2s connection for all their domains?

Tobias, That's different... Piggybacking is fine. But you still have to authorize pair-wise.

ok

hey, are you aware? https://www.erlang-solutions.com/blog/21-xmpp-use-cases-and-the-best-ways-to-achieve-them.html sorry, looks like a shameful ad...

it is interesting, as we discussed that many many times

how to read the massive amounts of XEPs

how to triage the massive amounts of infos that are behind each XEP

do it give ideas on how to present our XEP list or feature list?

Wow, a burst of discussion. I think that the fact it takes multiple hours to read and understand MIX might indeed mean we won't see IM MIXes any time soon.

While MUC is really broken in some regards, it can be fixed with a bunch of undocumented hacks.

it's all a matter of having the right abstraction in your software...and if you then already have pubsub and MAM in place, i don't think MIX is that mich work, at least a minimal version

Tobias: I've tried to read the XEP (admittedly I also did some light editing along the way), and I managed to read ~40% in 2 hours.

Tobias: if you have the right abstractions in your software, it still takes multiple hours to understand how to stack them

sure

I'm not sure if it would help to refactor the XEP into "Client Developers Read This", and the same for Server Devs and Service Devs.

mostly it covers so many things...i mean user experiences like whatsapp group chats, doesn't require 4 different affilations/roles, etc.

Tobias: yes, it attempts to be everything to everyone.

If history is repeating itself, we'll have a MIX-Light in five years that is a one-man-show slim rework of MIX, similar to what MAM is to Message Archiving, PEP is to PubSub and Blocking Command is to Privacy Lists.

...and http-upload is to Jingle FT

Tobias: btw, you intended to update https://wiki.xmpp.org/web/XEP_and_RFC_Remarks/RFC_6121:_XMPP-IM with that one corner case you were talking about yesterday

somewhere I have a tab open about that, yes

that makes three rows of tabs, right?

chrome can't do mulit rows

but there's a nice plugin that removes duplicate tabs :)

Amazon Smile is donating 10% of purchases to your chosen charity today

so if you've selected XMPP as your charity on smile.amazon.com be sure to make purchases ;-)

if you’re in the US

Arc: XMPP is a charity?

Ge0rG, sure...feeding the hungry in africa

Xenophobics' Money for Poor People?

I'm sure it's a SCAM.

Ge0rG, they probably delegated the chairity part to paypal..they are experts at this

Super Cool Automatic Messenger?

I should put MIX onto dave.cridland.net, shouldn't I? Are any [other] client developers wanting to play?

dwd: yes

not this month, but yes

jonasw, What library?

aioxmpp

jonasw, Ah, heh. We nearly put MIX support into that, before deciding to base our test suite around Java instead.

aw pity

jonasw, We have partial implementation, so far, only in stanza.io. I'm awaiting confirmation that'll all be offered upstream (I can't imagine why not).

dwd: any chance you can have a look at https://trello.com/c/wF37u9DJ/169-vote-on-approve-xep-0045-changes-proposed-by-georg and maybe provide feedback if action is required from my side, regarding repairing the MUC protocol?

Ge0rG, btw: just added the text to the wiki page

Tobias: thanks. Any ideas on how to fix that? Let server push a presence change to the other clients?

with full to and from attributes, yeah

Ge0rG, FWIW, I'm a little uncomfortable with "SHOULD" here, given you're adding a normative requirement post-facto. But I suppose this is probably as good as it gets, so I'm not going to block.

Tobias: I also noticed some multi client weirdness when *accepting* a subscription request, have you looked into that as well?

Ge0rG, with accepting clients should receive a roster push, not?

Ge0rG, also...i thought you were planning to replace the SHOULD with a MAY?

"TLDR either change the wording to MAY or add a sentence that implementations MUST NOT rely on it." <--- regarding that

dwd: thanks for the feedback. I think that we should be able to change our specifications over time, or we will end up with multiple generations of imperfect XEPs attempting to solve the same problem, evolving over the years

Tobias: I added the sentence

Ge0rG, I don't disagree. I don't think that ought to involve simply declaring everything non-conformant. I don't see much of an option in this case, but that doesn't mean I'm happy with it.

dwd: IMHO, this approach has two benefits. First, it provides a clear path for new implementors to do the right thing. Second, it provides a bit of leverage to get existing implementations fixed.

Ge0rG, But they weren't broken...

Ge0rG, Not from a standards point of view.

Ge0rG, The actual protocol seems fine. My concern is with establishing the case that conformance isn't acheivable, or important.

dwd: they were compliant to an imperfect specification. One *could* consider this as broken

Ge0rG, Nothing is perfect. What we want is interoperable.

Ge0rG, And if things aren't interoperable, I'd rather they weren't despite following the specification rather than because they didn't.

Ge0rG, To put it another way, the pattern of declaring existing conformant implementations non-conformant isn't a pattern I'd like to see continue.

dwd: the two largest server implementations already exhibit the new behavior.

Ge0rG, That's irrelevant.

Ge0rG, I'm not saying the protocol change is bad - I've explicitly said it seems the right solution.

Ge0rG, I'm saying the choice of how the change has been made is not something I want to see ever again.

dwd: I don't see a better way to change MUC, except for a hard fork. And I think we all agree that that would not really be better.

TBH, I'd like to also add more explicit words to 0045 regarding repeated join presences from the same full JID, and also do another take on the message ID stability for reflected messages.

Ge0rG, I agree this is the best of a bad bunch. I'm just saying that introducing new normative requirements to an existing specification is a problem.

Ge0rG, For repeated joins: I think there's consensus on the approach now, but it's not clear that we could put this in as anything more than an implementation note nonetheless. But Openfire, M-Link, and possibly others do it the "right" way.

Ge0rG, For message id stability, there's really no chance. I've changed my mind on that one over the years, but there's no universally-agreed "right" way. It is, however, "fixed" in MIX.

Ge0rG, Mind you, a note saying that implementations differ on message id stability would be good if you want to pen one.

dwd: my reading of rfc 2119 is more flexible, and I tend to accept "this was not part of the XEP when I implemented it" as a valid exception to a SHOULD.

Ge0rG, But that would suggest nobody would ever need to implement it... Which I don't think you really mean.

dwd: to be frank, as a relative newcomer to XMPP, this kind of stance is annoying. If there is a consensus on how something should be done, that should be written in the XEPs. Yes, during the transition period, some implementations won’t get it right. If that’s any better, we can make it a MAY first and after a year or so make it a SHOULD. But if you only make it an implementation note, I as a developer *cannot* at all rely on that behaviour, and it doesn’t look as if I ever can, so it is often useless to me.

dwd: MAY is completely optional. SHOULD at least provides direction in how to do it best

As far as I'm aware there was only ever one implementation that rewrote ids on messages, and it tripped up everyone when it appeared

jonasw, I get that. The protocol can and should change. And if the specification says "SHOULD", you really should be able to rely on it. If we abuse that by introducing *new* normative languages into *existing* protocol, you can't.

dwd, Ge0rG: at the same time, when such changes are made, it is important to keep a hint on that this was changed "recently" inside the text. The list of versions below is not really discoverable, and finding important changes among the long list of changes is often hard (if the list of changes is even complete). Otherwise, one might be confused by implementation which do not handle this correctly; although that can be mitigated by making that (nothing) -> MAY -> SHOULD transition.

dwd: what about that MAY -> SHOULD transition?

new implementations will see where the journey is going and there is something to point existing implementations to to achieve change

MattJ: I think daniel mentioned some gateways (Slack?) which did that, too

jonasw, I don't think introducing new normative requirements to existing protocol is *ever* the ideal path. I think we want to add new *protocol*, and then add this to the requirements for a given compliance level.

jonasw: Spec versions (by protocol) should be interoperable.

If I see feature X offered, I should know that I will interoperate with it if I implement the spec.

Not that I might or might not interoperate with it based on the age of the implementation.

okay, can we add a <feature/> then?

Or that I might not interoperate with it next week.

that would work for "I am not rewriting message IDs" for example

Where we want to break things such that that isn't true, we do it by changing the negotiated feature (by our faux-versioning scheme).

jonasw, Sure, and we can certainly do that.

The issue here is that we're trying to avoid bumping the namespace version in MUC for obvious reasons.

Kev, We can also add new features.

dwd: Different issue if you're adding a new feature, in a sense :)

But yes.

Kev, MAM's recent :1 -> :2 transition could have done that, and it's somewhat frustrating that it hasn't.

Kev, But behavioural differences can be expressed as a new feature almost always.

dwd: If thre's a better way, you could suggest rolling back to :1 with additional features.

Given I doubt anyone implements :2 (and if it's true that it just needs new features, that might be smart).

Prosody implements :2

Maybe we should entirely abandon the version bumping thing for new features and only use it for breaking changes.

and iirc Conversations (but not 100% sure)

Oh. 0.10 or something?

Or are we on 0.11 now?

0.10

Ge0rG: +1

MattJ, The MAM protocol itself is entirely unchanged on the wire. When used with MIX, nothing changes at all. Aside from everything, due to bumping the namespace/

Ge0rG, Well, of course. That was *always* the intent.

Ge0rG, See XEP-0053, §4, point 2.

Yes, new features that don't break the existing stuff should be by additional feature negotiation, not by bumping the namespace.

dwd: so it would be perfectly OK with you if I added the stable ID thing into MUC with an additional feature?

Ge0rG, You can't. :-) Otherwise I would have suggested it.

dwd: what's wrong with it?

Ge0rG, But you've done this by - quite rightly - allowing either clients or servers to add the PM marker.

Ge0rG, You could have a feature that indicated the server would do this for you. Perhaps you should.

dwd: I'm not talking about <x>, I'm talking about keeping the message ID on reflection

The thing you can't do is say that servers SHOULD or MUST implement such a new feature. The point of upgrades-through-features is that they might not happen :)

Ge0rG, Oh that. Yes, sure.

No reason a server can't advertise a feature saying "I'll keep ids stable".

dwd: though I could imagine adding a <feature> for <x> as well, I'm just not sure what that would give in that specific case.

What you can't then do is say servers SHOULD or MUST implement this.

Kev: as I wrote earlier, I consider "SHOULD" to be the appropriate wording for such things, because it indicates the purpose and intent of our Great Master Plan. Foregoing that for the sake of backwards compatibility to the year 2002 is just not right

Kev: It's the right thing to RECOMMEND server implementations to do these awesome new things nobody thought of in 2002, and to have a <feature> advertising that.

Kev: actually, those two are almost completely orthogonal aspects of a protocol change.

(at least in my eyes)

I know you consider that. I just don't think that's the appropriate reading of SHOULD.

Ge0rG, And I strongly believe you to be wrong. Not because recommending people implement something new is wrong, but because RECOMMENDing people do something new is wrong.

^

RFC 2119 does not provide approrpiate wording to go with the time.

Ge0rG, You can strongly encourage. You can advise. But if you RECOMMEND, you are changing the past.

I think Dave's spot on here.

dwd: I see what you mean.

Ge0rG, You *can*, though, say that for XMPP Server 2018 conformance, your new thing is REQUIRED.

"Server implementations created in the year 2017 or later SHOULD add an <x> tag to PMs. All other implementations are strongly encouraged to do so."

Ge0rG: Which isn't needed for interop. So just go with 'strongly recommended' and MAY :)

Ge0rG, Sorta. We have XEPs specifically designed to do what you want. I RECOMMEND you help work on those. ;-)

It doesn't matter whether it's a new implementation that doesn't do it or an old one, an entity has to cope regardless.

Sorry, 'strongly suggested', senior moment.

I'm still not really convinced though. IMO our main goal is to have clear normative language that corresponds to the state of affairs as it is now, if only to attract new people to XMPP and to make implementors' lives as easy as possible. I'm okay with changing the past to achieve that, and people who feel betrayed by that can still dig up the old version of the XEP as their motivation to violate the new RECOMMENDation.

If you implement the current version of a spec, and get weird interop problems with something else that looks like it's the same version, you've had your life made difficult, not easier.

really, sentences like this are frightening in a network protocol specification: "The following is a suggested set of rules a server MAY use, or it MAY use its own; in either case it SHOULD follow the general intent of these rules."

Terrifying. I can scarcely sleep at night.

Kev: everybody has their own nightmares, I suppose.

Kev: re "get weird interop problems with something else", my reading of SHOULD in 2119 is that no other party may actually rely on it anyway, because you might always have a reason not to follow the RECOMMENDation

I read it the other way: if you break a SHOULD, you have to deal with potential interop problems from that

What MattJ says.

Otherwise SHOULD is no different to MAY.

So there is nothing in between SHOULD and MAY that conveys "do it this way, but if you don't then the others have to cope with it"

isn't MUST the word where breaking it makes interop problems happen?

I suppose this actually was a wise design decision on behalf of the Elders of the Internet

moparisthebest: No, SHOULD is.

Ge0rG: If others have to cope with it, it's MAY.

then how do MUST and SHOULD differ Kev ?

From an interoperability point of view - which is what 2119 language cares about

moparisthebest: For SHOULD, you might understand how one can not implement it without affecting interop.

Kev: yes, on re-reading 2119 this became apparent to me now. Thanks to you and Dave and Matt for being patient with me

But generally, in a spec a SHOULD should be matched with 'except when...'

So effectively I MUST NOT change the normative language of an XEP without either making it conditional on a new feature or bumping the namespace.

SHOULD NOT, except where you can mitigate interop considerations in some manner, yes.

:)

Kev: heh :P

yea I need to re-read 2119 it's been too long, thanks :)

However, the question remains what is the most elegant way to convey a new intent (like in the case of <x/>) and to make it a SHOULD eventually

ralphm: Ping, reminder to create me a trello board and add me to the XSF organization if possible

and check if the board board and the council board belong to the XSF org

the board board does, the council board doesn't; we should probably fix that.

right

board the board board?

I can fix the Council Board once Ralph makes me as XSF admin.

Kev: looking right now

Kev: do you already have an Trello identifier?

SamWhited: you, too?

ralphm: yup, it's just my name, same as my nick

I think I'm already on the board trello, but not in the organization so it shows up in my "Personal boards"

and now?

yup, that did it

Excellent; I can create an editor board now too. Thanks.

SamWhited: who owns the Council board, and can he/she initiate a transfer or something?

ralphm: Let me check; I think it's Kev.

Kev, Lance, and Tobias are admins; not sure if that's the same as owner or not.

There should be a 'change team' in the setting of the board

Hmm. I'm not the owner of the Board board. Only bear and Laura.

eh, admin

Even though I am admin of the team, I cannot change that

Board board appears to already be on the team, I think?

I've nudged Laura, but she seems to be busy.

oh, you just want to be an admin; nevermind, makes sense.

SamWhited: it is either a documentation bug, or an implementation bug. I filed a ticket.

hello…

Laura, ralphm was after the Trello board ownership.

Yeah, so it turns out I am admin of the team, not the Board Meetings board.

The trello Board board?

yes

Fixed

Laura: thanks! ✏

Does MAM on MIX archive the outgoing message or the incoming one?

dwd: You mean pre-or-post unspecified munging, or something else?

That.

What you get out should be what would be sent to you.

So if you had a pastebin running, I'd expect to get the munged URL from MAM, not the paste that I submitted.

So is the from attribute set to the MIX on the forwarded message? Does it have <jid/>? (That's what I thought... But the only example is 52 and shows the opposite).

Kev: yes

I will sort the text

dwd: The from is always the MIX for MIX messages isn't it?

Kev, Yes. See Example 52.

by looks right to me, and from looks like a typo.

Is that consistent with your reading?

Yup. Ta.

Are the to/from attributes even needed in MIX-MAM?

Zash: Not really needed, but it's how MAM works, so there doesn't seem huge value removing them.

The <jid xmlns='urn:xmpp:mix:0'>coven+123456@mix.shakespeare.example</jid>, which is always the proxy JID, needs to be in the archived messages to say who it's really from.

That's 123456#coven@mix... now, of course :)

Steve Kille, Kev: what about using 12345%coven@mix? It might be more in line with existing transports, that encode transported IDs by replacing @ with %

Ge0rG: That was exactly my motivation for *not* using it (same as \), I didn't want any confusion when conflating it with existing stuff.

Not that I'd oppose "#", it's also used by transport JIDs (e.g. for irc: `#channel%irc.server.net@irc-transport.xmpp`)

Can we have non-numeric proxy jidlets, too? (As in, in the examples - I assume it's legal)

Kev: that's a great point

Ge0rG: Yeah. I realised that, but it seems like the least bad option from what Steve and I discussed earlier. I'm not tied to the octothorp, other than loving the name.

what about using UUIDs? *ducks&runs*

dwd: That'd probably be sensible.

Ge0rG: What, 123456<uid>coven@mix...? :)

Kev: I had to look up into the example to determine what an octothorp is.

Ah, 'hashtag' to you youngsters.

Kev: no, `#<uuid>+<uuid>@uuid.server.xmpp/<uuid>/<uuid>`

BRÄDGÅRD

Kev: I'm part of the generation that associates "#" with channels, actually

Kev: so having `#channel` in the JID rings a bell with me

Well, Twitter hashtags came from IRC. IRC users started using them to associate messages informally, them actually being a 'thing' came later.

personally, I liked '+' and was surprised by its demise.

I thought it was meant as an inverse channel?

Ge0rG: I liked it, but + in local parts has a definite semantic from email. I felt that reversing the semantic would be confusing.

But your arguments about proxypart coming first seemed compelling.

yay!

So, changing the separator seemed sensible.

Kev: I'm not sure if we are going to expose the proxy JIDs at all to non-tech users, and we are going to realize it's not an email anyway

End users are probably less likely to recognise the + notation than devs. It was confusing devs that I was worried about.

So my vote goes to '+', with '%' a remote second.

+ isn't really an email standard anyway, iirc sendmail used +, and qmail or something used -

I have my postfix configured to accept +, -, or . as that seperator :)

what about using a slug of the user's nickname to create the proxy JIDlet?

What if they change it?

Zash: keep it as-is. Also if somebody tries to collide, obviously, use a different JIDlet

Ge0rG: I think we leave choice of proxy JID parts up to the service.

So if they wanted to do that, they could.

Kev: but we could RECOMMEND something. It's not too late! :D

I'd also like to say that I don't think structured data belongs in jid parts, but I haven't manged to read all of MIX yet so I don't know if there's a good enough reason.

Zash: pseudonymity combined with routability.

Zash: I agree, in principle, but it also doesn't seem harmful, and is beneficial in this case.

Zash: the MIX needs to provide JIDs for all resources of all participants, in a way that prevents you from obtaining their real identity

Right, the Council Trello board is now in the XSF org.

ralphm: Thanks for the team stuff.

Yey! Thanks Kev and ralphm

I just discovered that Trello has "due dates". I haven't used this before. ♡

Guus: you wanted me to write a blogpost. I cannot recall what it was about

how about the meaning of life

42?

jonasw: anything xmpp related? :)

Guus: I cannot recall.

ah, it was pretty obvious, actually: http://logs.xmpp.org/xsf/2017-03-13/#11:59:19

oh right

Was there someone asking why the mam:2 namespace bump was needed?

IIRC MattJ said things about security considerations that sounded reasonable. Integration with stanza-ids, and stuff.

I think dwd was arguing that we should have had a "stanza-ids-are-mam-ids" feature instead of bumping the main namespace

There were some other changes though (though not as many as I originally had in the doc when we decided to bump the namespace)

I couldn't *find* any other changes... Might well have been textual ones.