-
jonasw
Wiktor, sure, but that’s what mailing lists do.
-
Wiktor
jonasw: yes, but unfortunately sending emails that claim were authored by you but really aren't is also what spammers do. Even for my little domain I get multiple attempts every single day (thanks dmarcanalyzer.com)
-
Zash
Do they?
-
Zash
ITYM scammers
-
Ge0rG
spammers as well
-
jonasw
Wiktor, I’m not saying DMARC/DKIM isn’t a good tool for transactional providers like paypal or amazon or so
-
jonasw
but it shouldn’t be applied to private email.
-
Zash
SPF is good enough for the rest of us, or something
-
Wiktor
Zash: are you sure SPF is not just placebo? Maybe just remove it altogether...
-
Wiktor
Did you designate mailing list as allowed sender in you SPF record?
-
Zash
No, because I'm not the one sending those, the mailing list is.
-
jonasw
(spamassassin agrees)
-
Wiktor
Look at fail and forwarding here https://en.m.wikipedia.org/wiki/Sender_Policy_Framework
-
jonasw
sure, but a mailinglist isn’t forwarding
-
Wiktor
Fail is similar to dmarc reject but doesn't work in practice as far as I know
-
Zash
Why aren't mailing lists just designed to forward all posts as attachments?
-
Zash
Think Carbons
-
jonasw
Zash, probably because UI for those is bad
-
Zash
Let's make MUCarbons!
-
Ge0rG
We could use them to populate MUC history on 1:1 upgrades!
-
jonasw
mmm Ge0rG, a pity you reported those vulnerabilities. that could’ve been useful now!
-
Zash
Eg
-
Wiktor
Zash: thats one of solutions to dmarc problem actually, mentioned in the FAQ I linked previously
-
jonasw
(one of those solutions which break UX)
-
Wiktor
Sorry I'm not mobile can't look it up now
-
Ge0rG
jonasw: https://mail.jabber.org/pipermail/standards/2016-December/031750.html
-
jonasw
heh
-
Ge0rG
pep., Zash: maybe interesting for you as well ^
-
pep.
Ge0rG, thanks
-
stefandxm
Where is the bigger list of xmpp libraries nowadays?
-
stefandxm
the one on xmpp.org is very short
-
stefandxm
(and does not list license)
-
mathieui
stefandxm, on the github of the xmpp website, in the json source files
-
stefandxm
so it is not deployed?
-
mathieui
the xmpp.org list only lists the ones maintained enough that the maintainers care to update the xmpp.org file once a year
-
mathieui
it is
-
stefandxm
i am talking about the old list that had tones of more clients
-
stefandxm
j-dev list i guess
-
jonasw
stefandxm, those clients didn’t bother to tell us they still exist
-
jonasw
or they don’t know
-
stefandxm
the ones you knew exist lol
-
jonasw
if you’re missing any specifically, please point them at https://xmpp.org/2017/03/new-xmpp-software-listing-rules/
-
mathieui
jonasw, plz accept my pull request tho :p
-
jonasw
mathieui, I can’t
-
mathieui
damn
-
jonasw
I don’t have the power
-
jonasw
but we should ping Guus now that he’s back from the GSoC meetup
-
stefandxm
ok so its no more then
-
stefandxm
now the list is mostly commercial libraries
-
stefandxm
if thats what xmpp.org wants then this is fine i guess
-
jonasw
stefandxm, which do you miss?
-
mathieui
stefandxm, this is not what xmpp.org wants
-
stefandxm
i will have to compile my own list :)
-
mathieui
xmpp.org aims to have relevant software listings
-
stefandxm
but now it doesnt
-
jonasw
stefandxm, instead of compiling your own list, notify the projects. apparently a post to jdev@ is not enough. so please let them know about https://xmpp.org/2017/03/new-xmpp-software-listing-rules/
-
stefandxm
but it had before
-
Ge0rG
stefandxm: the problem with clients was that the official list contained software that's unmaintained for years or even decades, leading to user frustration
-
mathieui
and broken libraries untouched since 2005 are not part of what I would call a relevant list
-
stefandxm
georg, and now you have no list
-
stefandxm
programmers are not stupid
-
jonasw
any list which doesn’t include pidgin is a good list.
-
stefandxm
they can easily see when a library was updated
-
jonasw
stefandxm, libraries, maybe, clients, not so much
-
mathieui
although, I agree on the lack of a license field
-
stefandxm
anyhow. i understand i cannot rely on xmpp.org to do this because you dont care about the real life scenario :)
-
jonasw
stefandxm, you still didn’t tell me which ones you miss.
-
stefandxm
lets just say there are no C libraries
-
Ge0rG
stefandxm: if programmers are not stupid, they probably can bother enough to send a PR once a year.
-
stefandxm
no free c# libraries
-
jonasw
stefandxm, that’s not very spicific✎ -
jonasw
stefandxm, that’s not very specific ✏
-
stefandxm
and the most commonly used js library is not listed
-
Kev
Thankfully, programmers aren't stupid, so they can easily view the full list in the source, irrespective of whether they've been abandoned.
-
jonasw
off the top of my head I wouldn’t know which of the four libstrophe-forks is still recent or maintained
-
stefandxm
libstrophe is not listed either
-
stefandxm
and i hate libstrophe
-
jonasw
I know
-
stefandxm
still it can be patched
-
stefandxm
to be decent
-
stefandxm
anyhow. i am not arguing about what library is good or not
-
stefandxm
but now the list is simply not usefull for beginners to xmpp
-
stefandxm
too bad. the old one was :)
-
Ge0rG
stefandxm: so you would say an outdated unmaintained list of broken libraries is more useful than a short list of maintained ones?
-
mathieui
stefandxm, https://github.com/xsf/xmpp.org/blob/master/data/libraries.json you still have the full list if you look for it
-
stefandxm
georg, yes.
-
stefandxm
mathieui, i cannot send a list to a github json file in a tutorial to xmpp
-
stefandxm
i will just have to make my own list. wich will be even less maintained
-
jonasw
stefandxm, in the time you complained here, you could’ve given a list of things you miss and we can contact the projects.
-
Kev
Ah. A special type of programmer who's not stupid and can easily sift through libraries to tell the quality of them, but is unable to read a json list. I know the type.
-
jonasw
but you "obviously" don’t care about a good central listing either if you don’t :-)
-
stefandxm
i do, but it wont work with the new "rules"
-
jonasw
Kev, I know right? JSON is annoying to read.
-
stefandxm
i have made two libraries myself and i dont want to inform xsf about it every year
-
jonasw
xpath -e '...' :-)
-
stefandxm
so i doubt many other libraries i know about will either
-
mathieui
Kev, a json list is quite unpleasant though, I can agree on that
-
jonasw
stefandxm, your choice
-
Kev
mathieui: Of course, it should be XML. Everyone would agree on that ;)
-
Ge0rG
Kev: is that the same type of developer who can securely parse markdown, but not XHTML-IM?
-
mathieui
:)
-
stefandxm
if you make stuff a job only proffesionals will do it
-
stefandxm
since i make free clients for no money i dont want to spend money on talking to xsf about it
-
stefandxm
its quite simple
-
stefandxm
and i guess most people think the same, since the list is so small now
-
Ge0rG
stefandxm: I must have forgotten the part about paying the XSF to accept PRs in my announcement.
-
Guus
someone mentioned me?
-
stefandxm
georg, who said anything about paying?
-
mathieui
"spend money"
-
stefandxm
ah right lol
-
stefandxm
time of course
-
stefandxm
money is time tho ;-)
-
jonasw
Guus, yeah, there are software listing PRs pending
-
jonasw
I don’t have access to the big merge button
-
mathieui
stefandxm, it’s swapping the value of 1 byte in a json file once a year, and clicking a link
-
stefandxm
mathieui, doesnt matter
-
Ge0rG
stefandxm: so your argument is: it is better for dozens of developers to spend hours on evaluating XMPP libraries than on you to invest 10 minutes into marketing your library?
-
stefandxm
for anyone in here it makes sense. for everyone not even knowing about this channel it does not make sense
-
Guus
jonasw: want to have that power?
-
stefandxm
most xmpp develoeprs dont use xmpp.org
-
jonasw
Guus, dare to give it to me? :)
-
Guus
(I'll happily merge myself, but I'd like others to be able)
-
Guus
the gsoc trip kinda threw off any planning that I had :)
-
jonasw
Guus, I’m willing to handle those PRs
-
mathieui
stefandxm, but then they don’t care about it then
-
mathieui
also, you dongt even have to be the author to submit a library✎ -
mathieui
also, you don’t even have to be the author to submit a library ✏
-
stefandxm
i think what made xmpp big was the compatibility with many different libraries and people being able to start easily. now xmpp.org has taken responsibility to list clients (used by Wikipedia) but at the same time it removes known libraries
-
Ge0rG
stefandxm: I admit that the reduction of libraries is a side effect of my push to only have relevant _clients_ listed. But still, your arguments are getting less and less convincing.
-
stefandxm
and why would al ibrary have to be updated more often than the protocol
-
stefandxm
makes no sense either
-
jonasw
nobody says it should be updated
-
jonasw
it should be maintained
-
jonasw
which are two different things
-
mathieui
stefandxm, because software is never finished
-
stefandxm
open source libraries doesnt get old or insecure because they are not being updated
-
stefandxm
mathieui, so?
-
Ge0rG
stefandxm: a good library needs to implement all the XEPs with a useful API. There have been many new XEPs in the last year.
-
stefandxm
LOL
-
stefandxm
all xeps!!
-
stefandxm
why even have XEPs then
-
Guus
jonasw: try now.
-
stefandxm
lets just make XMPP a full blown monolithic beast!
-
stefandxm
ok, i will stop talking about this now. this only makes me sad
-
Ge0rG
stefandxm: you sound like Evgeny now.
-
Kev
I'm sorry, this channel has temporarily exceeded its quota of hyperbole. Please try again later.
-
mathieui
stefandxm, the "update date" stuff is essentially saying "yes, that library is still usable and someone, somewhere, cares enough about it to make a pull request"
-
jonasw
Guus, boom
-
jonasw
nice :)
-
stefandxm
mathieui, make it two pages then
-
stefandxm
one with updated info an one without
-
stefandxm
or have a parameter or what not
-
jonasw
stefandxm, PRs welcome
-
stefandxm
no i will not make PRs
-
stefandxm
the list is already there
-
jonasw
we’re also just doing this in our freetime :P
-
Kev
> the list is already there Great, we're done.
-
stefandxm
thats my point
-
stefandxm
deploy it
-
stefandxm
as-is
-
jonasw
uh, we could link to the JSON file :-)
-
mathieui
and I say that as someone who missed the original announcement and made a pull request this week, after 7 months of not being listed
-
stefandxm
now you complain you dont have time but still you want everyone else to take time to fulfill your silly procedure
-
jonasw
stefandxm, that "silly procedure" also takes our time. It’s not as if only others have to do work here.
-
jonasw
we don’t do this for fun, we really think it’s a good idea, for the reasons mentioned here already
-
stefandxm
lol
-
Ge0rG
jonasw: thanks for covering my ass in my evil plan to drive the XSF down with bureaucratic processes everywhere!
-
jonasw
Ge0rG, admit it, you’re just sick of your job and want to spin off a Jabber consulting business ;P
-
Ge0rG
Which reminds me to apply for Board, Council and iteam.
-
jonasw
you don’t need to apply for iteam, do you?
-
mathieui
you only have to ask, afaik
-
jonasw
well, and board needs to approve you etc.
-
mathieui
(and thanks jonasw for merging)
-
jonasw
np
-
jonasw
Guus, can you cancel the currently running build in favour of the most recent one? https://hub.docker.com/r/xmppxsf/xmpp.org/builds/
-
jonasw
it triggered one build for each PR, which is a waste of time :)
-
Guus
done
-
Guus
I'm not paying attention here, unless I'm called by name (I've got to catch up on a number of things at work)
-
jonasw
fine :)
-
jonasw
thanks
-
Guus
sure thing
-
zinid
Ge0rG: > you sound like Evgeny now Wanna next round of compliments from me?
-
Ge0rG
zinid: any time you want :P
-
zinid
Ge0rG: just get a life, nerd
-
Guus
http://bash.org/?23396
-
jonasw
it’s been years since I saw a bash.org link
-
Ge0rG
zinid: I'm sure you can do better than that!
-
jonasw
whatever, can you take that to a query please ;-)
-
Ge0rG
jonasw: no. MUC-PMs are broken.
-
Tobias
dwd, ping council
-
MattJ
ping board
-
Guus
https://github.com/xsf/xmpp.org/pull/376 shall be merged unless objectuons are raised.
-
Kev
.
-
Kev
Arc is having issues with his server connecting to xmpp.org at the moment.
-
arc
Hmm
-
Arc
finally
-
Arc
I had to add muc.xmpp.org to s2s_insecure_domains
-
Zash
-certinfo muc.xmpp.org
-
Bunneh
Zash: muc.xmpp.org has a valid certificate issued by Let's Encrypt Authority X3
-
Zash
-expires muc.xmpp.org
-
Bunneh
Zash: muc.xmpp.org has a certificate that expires in 3 days and 7 hours
-
Arc
nope. it was something totally stupid on my end
-
Arc
server had a hard reset, failed to save clock on save, so the server believed it was jan 3 and thus every cert it received was invalid
-
SamWhited
Arc: is the JID sending me requests you? Did you get a new one?
-
Arc
i renewed my certs a few days ago
-
Arc
my certs should be fine. it was a server date issue.
-
Arc
thankfully it doesnt look like i missed a board meeting since nobody else showed up
-
Kev
Matt did. But that was it.
-
Guus
Kev: please sort out tweetdeck
-
Kev
Ah yeah, that dropped off my inbox when I was ill. Let me put a todo in for tomorrow morning.
-
Guus
Thanks
-
Syndace
My two cents about the library/client list on xmpp.org: First of all, my respect for staying calm throughout the discussion, I got mad just passively reading it. Second, while it is not a perfect indicator for a project being maintained or not, checking for commits in the last year to guess whether a project is active does sound like an idea. At least for projects hosted on github an automatic script could check for commits in the last year and set that flag in the json file. (sorry if I bring up something that was considered before)
-
jonasw
Syndace, actually, that hasn’t been suggested before, interesting idea
-
jonasw
the issue would be where to run such code
-
jonasw
it’d be unfortunate to run that during the website build; it would have to be somewhat automated
-
Kev
It was discussed at the summit using 'last commit'.
-
jonasw
I didn’t know that
-
Kev
But it presupposes that a) source is publicly available and b) a project with no merged commits isn't maintained.
-
Kev
I think 'author is willing to ping github once a year' is a better metric for whether a project's still cared for.
-
Kev
It's all heuristics, of course.
-
Syndace
Kev, it is not meant as a replacement to the current pr way of doing it but as an addition to maybe grab a few projects with lazy devs/devs that don't know about the list
-
Kev
Ah. I misunderstood. That doesn't seem unreasonable :)
-
jonasw
leaves the question how would that code run automatically and periodically
-
Kev
Probably doesn't need to be run automatically.
-
jonasw
fair enough
-
jonasw
Syndace, do you happen to volunteer to code something like that up?
-
jonasw
maybe add an optional git_url field for projects which want to link to a website but still have a proper git repository.
-
Syndace
Yeah sure :) I hope github has an api but i guess it does
-
Wiktor
Syndace: https://developer.github.com/v3/repos/commits/#list-commits-on-a-repository
-
Syndace
ha! Thanks for the googleing. Gonna script it tomorrow. About when and how to run the script: I could just let my raspi run it once a week ^^
-
pep.
Flow, I already said that on list iirc, but "The situation BMH tries to improve is the following: I do have a bunch of data formatted using a markup language, say CommonMark, that I want to send over XMPP to an XMPP client. Because there is no converter from CommonMark to XHTML-IM(-NEXT) and since I don't want to write one [..]" This is really meh. "I don't want to write a converter so I'll write my implementation in a way that all clients have to implement one themselves"
-
Wiktor
Syndace: nothing like a good ol' cron... :)
-
Guus
Syndace, jonasw: why automate this? Seems like more work than manually supplying/maintaining a couple of entries.
-
jonasw
Guus, automation is good, and I think it’s trivial to do
-
Guus
Meh. Don't care much either way 😃
-
Syndace
pep. I think the (important) part you might be missing is that it does not hurt if neither the server nor the client understand the format. It is cool if a client happens to understand the format but if it does not it is still a human readable text message. For XHTML-IM the Server MUST understand the format.
-
Flow
pep., The important point is that you still want to stuff CommonMark into <body/>, even if you convert to XHTML-IM
-
Flow
for maximum interoperablitiy
-
Syndace
I don't care, I could also run it manually once a month :D
-
jonasw
Syndace, I think it hurts, in fact.
-
jonasw
it encourages putting non-plaintext content in <body/>. This is a slippery slope.
-
jonasw
Flow, I strongly disagree with that.
-
Syndace
jonasw, CommonMarkup is in fact plaintext
-
pep.
I also disagree with putting that in <body/>
-
jonasw
<body/> is plaintext, it should only ever be plaintext. Markups are not plaintext, even if they are CommonMark or Markdown.
-
Syndace
They are not plaintext? Oh..
-
jonasw
Syndace, no, it’s not. It abuses some characters in certain combinations as meta-characters to imply emphasis and other styling. That’s a markup which disguises as plaintext. It happens to be human-readable in many cases.
-
Syndace
I can see reading #### small-heading is not so much fun
-
pep.
You skipped what jonasw just said?
-
jonasw
Syndace, they are plaintext in the sense that they only use printables, but that also applies to XML and nobody would claim XML to be "plaintext" :-)
-
Syndace
pep.: No, I get it. Even though it is plaintext it is not fun to read it as plaintext
-
pep.
k
-
pep.
We're not talking about emotions though
- Flow enjoys reading CommonMark in plain text
-
Flow
but YMMV
-
Flow
What do clients use these days to embed image-urls into a message (e.g. for stickers)?
-
jonasw
Flow, OOB
-
jonasw
(not for stickers, but http_upload)
-
jonasw
I hope that transition to SIMS happens at some point
-
Flow
jonasw, ty
-
jonasw
Flow, ugh. sorry. (mail follows)
-
pep.
Flow, you see my messages on the list now? :-°
-
pep.
I'll still get reports but at least I changed my DMARC policy while I figure something out (if there is anything to figure out)