jonasw: yes, but unfortunately sending emails that claim were authored by you but really aren't is also what spammers do. Even for my little domain I get multiple attempts every single day (thanks dmarcanalyzer.com)
Zash
Do they?
Zash
ITYM scammers
Ge0rG
spammers as well
jonasw
Wiktor, I’m not saying DMARC/DKIM isn’t a good tool for transactional providers like paypal or amazon or so
jonasw
but it shouldn’t be applied to private email.
Zash
SPF is good enough for the rest of us, or something
stefandxmhas joined
Ge0rGhas left
zinidhas left
Wiktor
Zash: are you sure SPF is not just placebo? Maybe just remove it altogether...
Ge0rGhas left
Wiktor
Did you designate mailing list as allowed sender in you SPF record?
Zash
No, because I'm not the one sending those, the mailing list is.
jonasw
(spamassassin agrees)
Wiktor
Look at fail and forwarding here https://en.m.wikipedia.org/wiki/Sender_Policy_Framework
jonasw
sure, but a mailinglist isn’t forwarding
Wiktor
Fail is similar to dmarc reject but doesn't work in practice as far as I know
Ge0rGhas left
Zash
Why aren't mailing lists just designed to forward all posts as attachments?
Zash
Think Carbons
jonasw
Zash, probably because UI for those is bad
Zash
Let's make MUCarbons!
Ge0rG
We could use them to populate MUC history on 1:1 upgrades!
stefandxmhas left
jonasw
mmm Ge0rG, a pity you reported those vulnerabilities. that could’ve been useful now!
Zash
Eg
Wiktor
Zash: thats one of solutions to dmarc problem actually, mentioned in the FAQ I linked previously
Where is the bigger list of xmpp libraries nowadays?
stefandxm
the one on xmpp.org is very short
stefandxm
(and does not list license)
mathieui
stefandxm, on the github of the xmpp website, in the json source files
stefandxm
so it is not deployed?
mathieui
the xmpp.org list only lists the ones maintained enough that the maintainers care to update the xmpp.org file once a year
mathieui
it is
stefandxm
i am talking about the old list that had tones of more clients
stefandxm
j-dev list i guess
jonasw
stefandxm, those clients didn’t bother to tell us they still exist
jonasw
or they don’t know
stefandxm
the ones you knew exist lol
jonasw
if you’re missing any specifically, please point them at https://xmpp.org/2017/03/new-xmpp-software-listing-rules/
mathieui
jonasw, plz accept my pull request tho :p
jonasw
mathieui, I can’t
mathieui
damn
jonasw
I don’t have the power
jonasw
but we should ping Guus now that he’s back from the GSoC meetup
stefandxm
ok so its no more then
stefandxm
now the list is mostly commercial libraries
stefandxm
if thats what xmpp.org wants then this is fine i guess
jonasw
stefandxm, which do you miss?
mathieui
stefandxm, this is not what xmpp.org wants
stefandxm
i will have to compile my own list :)
mathieui
xmpp.org aims to have relevant software listings
stefandxm
but now it doesnt
jonasw
stefandxm, instead of compiling your own list, notify the projects. apparently a post to jdev@ is not enough. so please let them know about https://xmpp.org/2017/03/new-xmpp-software-listing-rules/
stefandxm
but it had before
Ge0rG
stefandxm: the problem with clients was that the official list contained software that's unmaintained for years or even decades, leading to user frustration
mathieui
and broken libraries untouched since 2005 are not part of what I would call a relevant list
stefandxm
georg, and now you have no list
stefandxm
programmers are not stupid
jonasw
any list which doesn’t include pidgin is a good list.
stefandxm
they can easily see when a library was updated
jonasw
stefandxm, libraries, maybe, clients, not so much
mathieui
although, I agree on the lack of a license field
stefandxm
anyhow. i understand i cannot rely on xmpp.org to do this because you dont care about the real life scenario :)
jonasw
stefandxm, you still didn’t tell me which ones you miss.
stefandxm
lets just say there are no C libraries
Ge0rG
stefandxm: if programmers are not stupid, they probably can bother enough to send a PR once a year.
and the most commonly used js library is not listed
Kev
Thankfully, programmers aren't stupid, so they can easily view the full list in the source, irrespective of whether they've been abandoned.
jonasw
off the top of my head I wouldn’t know which of the four libstrophe-forks is still recent or maintained
stefandxm
libstrophe is not listed either
stefandxm
and i hate libstrophe
jonasw
I know
stefandxm
still it can be patched
stefandxm
to be decent
stefandxm
anyhow. i am not arguing about what library is good or not
stefandxm
but now the list is simply not usefull for beginners to xmpp
stefandxm
too bad. the old one was :)
Ge0rG
stefandxm: so you would say an outdated unmaintained list of broken libraries is more useful than a short list of maintained ones?
mathieui
stefandxm, https://github.com/xsf/xmpp.org/blob/master/data/libraries.json you still have the full list if you look for it
stefandxm
georg, yes.
stefandxm
mathieui, i cannot send a list to a github json file in a tutorial to xmpp
stefandxm
i will just have to make my own list. wich will be even less maintained
jonasw
stefandxm, in the time you complained here, you could’ve given a list of things you miss and we can contact the projects.
Kev
Ah. A special type of programmer who's not stupid and can easily sift through libraries to tell the quality of them, but is unable to read a json list. I know the type.
jonasw
but you "obviously" don’t care about a good central listing either if you don’t :-)
stefandxm
i do, but it wont work with the new "rules"
jonasw
Kev, I know right? JSON is annoying to read.
stefandxm
i have made two libraries myself and i dont want to inform xsf about it every year
jonasw
xpath -e '...' :-)
stefandxm
so i doubt many other libraries i know about will either
mathieui
Kev, a json list is quite unpleasant though, I can agree on that
jonasw
stefandxm, your choice
Kev
mathieui: Of course, it should be XML. Everyone would agree on that ;)
Ge0rG
Kev: is that the same type of developer who can securely parse markdown, but not XHTML-IM?
mathieui
:)
stefandxm
if you make stuff a job only proffesionals will do it
stefandxm
since i make free clients for no money i dont want to spend money on talking to xsf about it
stefandxm
its quite simple
stefandxm
and i guess most people think the same, since the list is so small now
Ge0rG
stefandxm: I must have forgotten the part about paying the XSF to accept PRs in my announcement.
Guus
someone mentioned me?
stefandxm
georg, who said anything about paying?
mathieui
"spend money"
stefandxm
ah right lol
stefandxm
time of course
Ge0rGhas left
stefandxm
money is time tho ;-)
jonasw
Guus, yeah, there are software listing PRs pending
jonasw
I don’t have access to the big merge button
mathieui
stefandxm, it’s swapping the value of 1 byte in a json file once a year, and clicking a link
stefandxm
mathieui, doesnt matter
Ge0rG
stefandxm: so your argument is: it is better for dozens of developers to spend hours on evaluating XMPP libraries than on you to invest 10 minutes into marketing your library?
stefandxm
for anyone in here it makes sense. for everyone not even knowing about this channel it does not make sense
Guus
jonasw: want to have that power?
stefandxm
most xmpp develoeprs dont use xmpp.org
jonasw
Guus, dare to give it to me? :)
Guus
(I'll happily merge myself, but I'd like others to be able)
Guus
the gsoc trip kinda threw off any planning that I had :)
jonasw
Guus, I’m willing to handle those PRs
mathieui
stefandxm, but then they don’t care about it then
mathieui
also, you dongt even have to be the author to submit a library✎
mathieui
also, you don’t even have to be the author to submit a library ✏
stefandxm
i think what made xmpp big was the compatibility with many different libraries and people being able to start easily. now xmpp.org has taken responsibility to list clients (used by Wikipedia) but at the same time it removes known libraries
Ge0rG
stefandxm: I admit that the reduction of libraries is a side effect of my push to only have relevant _clients_ listed. But still, your arguments are getting less and less convincing.
stefandxm
and why would al ibrary have to be updated more often than the protocol
stefandxm
makes no sense either
jonasw
nobody says it should be updated
jonasw
it should be maintained
jonasw
which are two different things
mathieui
stefandxm, because software is never finished
stefandxm
open source libraries doesnt get old or insecure because they are not being updated
stefandxm
mathieui, so?
Ge0rG
stefandxm: a good library needs to implement all the XEPs with a useful API. There have been many new XEPs in the last year.
stefandxm
LOL
stefandxm
all xeps!!
stefandxm
why even have XEPs then
Guus
jonasw: try now.
stefandxm
lets just make XMPP a full blown monolithic beast!
stefandxm
ok, i will stop talking about this now. this only makes me sad
Ge0rG
stefandxm: you sound like Evgeny now.
Kev
I'm sorry, this channel has temporarily exceeded its quota of hyperbole. Please try again later.
mathieui
stefandxm, the "update date" stuff is essentially saying "yes, that library is still usable and someone, somewhere, cares enough about it to make a pull request"
jonasw
Guus, boom
jonasw
nice :)
stefandxm
mathieui, make it two pages then
stefandxm
one with updated info an one without
stefandxm
or have a parameter or what not
jonasw
stefandxm, PRs welcome
stefandxm
no i will not make PRs
stefandxm
the list is already there
jonasw
we’re also just doing this in our freetime :P
Kev
> the list is already there
Great, we're done.
stefandxm
thats my point
stefandxm
deploy it
stefandxm
as-is
jonasw
uh, we could link to the JSON file :-)
mathieui
and I say that as someone who missed the original announcement and made a pull request this week, after 7 months of not being listed
stefandxm
now you complain you dont have time but still you want everyone else to take time to fulfill your silly procedure
jonasw
stefandxm, that "silly procedure" also takes our time. It’s not as if only others have to do work here.
jonasw
we don’t do this for fun, we really think it’s a good idea, for the reasons mentioned here already
stefandxm
lol
Ge0rG
jonasw: thanks for covering my ass in my evil plan to drive the XSF down with bureaucratic processes everywhere!
jonasw
Ge0rG, admit it, you’re just sick of your job and want to spin off a Jabber consulting business ;P
Ge0rG
Which reminds me to apply for Board, Council and iteam.
jonasw
you don’t need to apply for iteam, do you?
mathieui
you only have to ask, afaik
jonasw
well, and board needs to approve you etc.
mathieui
(and thanks jonasw for merging)
jonasw
np
jonasw
Guus, can you cancel the currently running build in favour of the most recent one? https://hub.docker.com/r/xmppxsf/xmpp.org/builds/
jonasw
it triggered one build for each PR, which is a waste of time :)
Guus
done
Guus
I'm not paying attention here, unless I'm called by name (I've got to catch up on a number of things at work)
jonasw
fine :)
jonasw
thanks
Guus
sure thing
Ge0rGhas left
lskdjfhas joined
la|r|mahas joined
Guushas left
Kevhas left
Guushas left
tuxhas left
tuxhas left
Ge0rGhas left
jerehas joined
ralphmhas left
Ge0rGhas left
Guushas left
Guushas left
danielhas left
jubalhhas joined
Ge0rGhas left
ralphmhas joined
Alexhas joined
Syndacehas left
Syndacehas joined
jubalhhas left
jubalhhas joined
tim@boese-ban.dehas joined
Ge0rGhas left
danielhas left
jubalhhas left
Alexhas left
ralphmhas left
Alexhas joined
Alexhas left
blablahas joined
Ge0rGhas left
Tobiashas left
Ge0rGhas left
ralphmhas left
danielhas joined
dwdhas left
zinidhas left
dwdhas left
Ge0rGhas left
Alexhas joined
ralphmhas left
sonnyhas left
sonnyhas joined
jerehas left
zinid
Ge0rG:
> you sound like Evgeny now
Wanna next round of compliments from me?
Ge0rG
zinid: any time you want :P
Ge0rGhas left
jjrhhas left
jjrhhas left
Kevhas left
zinid
Ge0rG: just get a life, nerd
Guus
http://bash.org/?23396
Ge0rGhas left
jerehas joined
jonasw
it’s been years since I saw a bash.org link
sonnyhas left
sonnyhas joined
jerehas left
jerehas joined
pep.has left
Ge0rGhas left
Kevhas joined
danielhas left
danielhas joined
moretti.giuseppehas joined
Ge0rGhas left
Ge0rG
zinid: I'm sure you can do better than that!
jonasw
whatever, can you take that to a query please ;-)
Ge0rG
jonasw: no. MUC-PMs are broken.
Ge0rGhas left
Ge0rGhas left
jjrhhas left
Ge0rGhas left
danielhas left
Ge0rGhas left
jerehas left
jjrhhas left
Ge0rGhas left
efrithas joined
sonnyhas left
sonnyhas joined
ralphmhas left
Wiktorhas left
Ge0rGhas left
lumihas joined
uchas left
Ge0rGhas left
pep.has left
dwdhas left
valohas left
Tobias
dwd, ping council
jonaswhas left
jonaswhas joined
stefandxmhas left
danielhas left
Ge0rGhas left
lskdjfhas left
Valerianhas joined
pep.has joined
Ge0rGhas left
danielhas left
Valerianhas left
Ge0rGhas left
Valerianhas joined
efrithas left
jubalhhas joined
Guushas left
jubalhhas left
jubalhhas joined
ralphmhas left
Guushas left
Ge0rGhas left
Guushas joined
MattJ
ping board
Guus
https://github.com/xsf/xmpp.org/pull/376 shall be merged unless objectuons are raised.
nycohas left
sonnyhas left
sonnyhas joined
Ge0rGhas left
jubalhhas joined
waqashas joined
Kev
.
Kev
Arc is having issues with his server connecting to xmpp.org at the moment.
Archas joined
archas joined
arc
Hmm
Arc
finally
archas left
Archas left
Archas joined
Arc
I had to add muc.xmpp.org to s2s_insecure_domains
archas joined
Flowhas left
Zash
-certinfo muc.xmpp.org
Bunneh
Zash: muc.xmpp.org has a valid certificate issued by Let's Encrypt Authority X3
Zash
-expires muc.xmpp.org
Bunneh
Zash: muc.xmpp.org has a certificate that expires in 3 days and 7 hours
archas left
Archas left
archas joined
archas left
Archas joined
Flowhas joined
Arc
nope. it was something totally stupid on my end
archas joined
Arc
server had a hard reset, failed to save clock on save, so the server believed it was jan 3 and thus every cert it received was invalid
SamWhited
Arc: is the JID sending me requests you? Did you get a new one?
Ge0rGhas left
Arc
i renewed my certs a few days ago
Arc
my certs should be fine. it was a server date issue.
Steve Killehas left
stefandxmhas joined
Arc
thankfully it doesnt look like i missed a board meeting since nobody else showed up
Kev
Matt did. But that was it.
Guus
Kev: please sort out tweetdeck
Kev
Ah yeah, that dropped off my inbox when I was ill. Let me put a todo in for tomorrow morning.
Ge0rGhas left
lumihas left
Steve Killehas left
Guus
Thanks
stefandxmhas left
nycohas left
valohas joined
jubalhhas joined
danielhas left
Ge0rGhas left
jjrhhas left
sonnyhas left
sonnyhas joined
ralphmhas left
jjrhhas left
lskdjfhas joined
jjrhhas left
Ge0rGhas left
lumihas joined
jubalhhas left
jerehas joined
jjrhhas left
jjrhhas left
Syndace
My two cents about the library/client list on xmpp.org:
First of all, my respect for staying calm throughout the discussion, I got mad just passively reading it.
Second, while it is not a perfect indicator for a project being maintained or not, checking for commits in the last year to guess whether a project is active does sound like an idea. At least for projects hosted on github an automatic script could check for commits in the last year and set that flag in the json file.
(sorry if I bring up something that was considered before)
Ge0rGhas left
stefandxmhas joined
jonasw
Syndace, actually, that hasn’t been suggested before, interesting idea
jonasw
the issue would be where to run such code
jonasw
it’d be unfortunate to run that during the website build; it would have to be somewhat automated
Kev
It was discussed at the summit using 'last commit'.
jonasw
I didn’t know that
Kev
But it presupposes that a) source is publicly available and b) a project with no merged commits isn't maintained.
Kev
I think 'author is willing to ping github once a year' is a better metric for whether a project's still cared for.
Kev
It's all heuristics, of course.
jubalhhas joined
Syndace
Kev, it is not meant as a replacement to the current pr way of doing it but as an addition to maybe grab a few projects with lazy devs/devs that don't know about the list
Kev
Ah. I misunderstood. That doesn't seem unreasonable :)
jonasw
leaves the question how would that code run automatically and periodically
Kev
Probably doesn't need to be run automatically.
jonasw
fair enough
jonasw
Syndace, do you happen to volunteer to code something like that up?
Valerianhas left
jonasw
maybe add an optional git_url field for projects which want to link to a website but still have a proper git repository.
Syndace
Yeah sure :) I hope github has an api but i guess it does
ha! Thanks for the googleing. Gonna script it tomorrow.
About when and how to run the script: I could just let my raspi run it once a week ^^
pep.
Flow, I already said that on list iirc, but "The situation BMH tries to improve is the following: I do have a bunch of data formatted using a markup language, say CommonMark, that I want to send over XMPP to an XMPP client. Because there is no converter from CommonMark to XHTML-IM(-NEXT) and since I don't want to write one [..]" This is really meh.
"I don't want to write a converter so I'll write my implementation in a way that all clients have to implement one themselves"
Wiktor
Syndace: nothing like a good ol' cron... :)
stefandxmhas left
jerehas left
jerehas joined
Guus
Syndace, jonasw: why automate this? Seems like more work than manually supplying/maintaining a couple of entries.
jonasw
Guus, automation is good, and I think it’s trivial to do
Guus
Meh. Don't care much either way 😃
Syndace
pep. I think the (important) part you might be missing is that it does not hurt if neither the server nor the client understand the format. It is cool if a client happens to understand the format but if it does not it is still a human readable text message. For XHTML-IM the Server MUST understand the format.
Flow
pep., The important point is that you still want to stuff CommonMark into <body/>, even if you convert to XHTML-IM
Flow
for maximum interoperablitiy
Syndace
I don't care, I could also run it manually once a month :D
jonasw
Syndace, I think it hurts, in fact.
jonasw
it encourages putting non-plaintext content in <body/>. This is a slippery slope.
jonasw
Flow, I strongly disagree with that.
Syndace
jonasw, CommonMarkup is in fact plaintext
pep.
I also disagree with putting that in <body/>
jonasw
<body/> is plaintext, it should only ever be plaintext. Markups are not plaintext, even if they are CommonMark or Markdown.
Guushas left
Syndace
They are not plaintext? Oh..
jonasw
Syndace, no, it’s not. It abuses some characters in certain combinations as meta-characters to imply emphasis and other styling. That’s a markup which disguises as plaintext. It happens to be human-readable in many cases.
Syndace
I can see reading
#### small-heading
is not so much fun
Guushas joined
pep.
You skipped what jonasw just said?
jonasw
Syndace, they are plaintext in the sense that they only use printables, but that also applies to XML and nobody would claim XML to be "plaintext" :-)
Syndace
pep.: No, I get it. Even though it is plaintext it is not fun to read it as plaintext
pep.
k
pep.
We're not talking about emotions though
danielhas left
lskdjfhas left
ralphmhas left
lskdjfhas left
mimi89999has left
Flowenjoys reading CommonMark in plain text
Flow
but YMMV
lskdjfhas left
Flow
What do clients use these days to embed image-urls into a message (e.g. for stickers)?
jonasw
Flow, OOB
jonasw
(not for stickers, but http_upload)
jonasw
I hope that transition to SIMS happens at some point
Flow
jonasw, ty
jubalhhas joined
uchas joined
lskdjfhas joined
uchas joined
uchas joined
lskdjfhas joined
lskdjfhas left
lskdjfhas left
lskdjfhas joined
lskdjfhas left
goffihas left
Guushas left
goffihas joined
stefandxmhas joined
Guushas joined
dwdhas left
Tobiashas joined
Guushas left
lskdjfhas left
jubalhhas left
jubalhhas joined
dwdhas left
Guushas joined
jonasw
Flow, ugh. sorry. (mail follows)
Guushas left
Guushas joined
stefandxmhas left
lskdjfhas left
lskdjfhas left
lskdjfhas left
jubalhhas joined
efrithas joined
lskdjfhas left
danielhas left
Valerianhas left
Valerianhas joined
lumihas joined
SouLhas left
jerehas joined
jjrhhas left
dwdhas left
Valerianhas left
Valerianhas joined
jjrhhas left
jjrhhas left
dwdhas left
dwdhas left
edhelashas left
dwdhas left
lskdjfhas left
Archas left
lskdjfhas joined
goffihas left
lskdjfhas left
lskdjfhas left
Alexhas left
Alexhas joined
Neustradamushas left
Holgerhas left
stefandxmhas joined
lskdjfhas left
lskdjfhas left
lskdjfhas left
efrithas left
Holgerhas left
lskdjfhas left
lskdjfhas left
lskdjfhas left
lskdjfhas left
jubalhhas joined
jubalhhas left
lskdjfhas left
lskdjfhas joined
Neustradamushas left
Ge0rGhas joined
lskdjfhas left
lskdjfhas left
pep.
Flow, you see my messages on the list now? :-°
pep.
I'll still get reports but at least I changed my DMARC policy while I figure something out (if there is anything to figure out)