Arc(needing to break the doors to a locked building, K9 reminds: you are in a car. cars can go through doors)
Ge0rGGuus: sorry, I wasn't sure whether you were there.
GuusI wasn't here :)
Guusnor do I break into buildings using a car. :)
waqashas left
KevHow do you do it?
Ge0rGhas left
GuusHave you seen Mission Impossible, that scene where he drops in on a rope through a shaft?
intosihas joined
archas left
archas joined
danielhas left
danielhas joined
Tobiashas left
archas left
archas joined
Archas left
alacerhas joined
danielhas left
archas left
archas joined
archas left
archas joined
Ge0rGhas left
archas left
archas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
Ge0rGhas left
archas left
archas joined
ThurahThas left
Ge0rGhas left
ThurahThas joined
Ge0rGhas left
lskdjfhas joined
la|r|mahas joined
lovetoxhas joined
Ge0rGhas left
ralphmhas joined
dwdhas left
danielhas left
zinid> I don't do anything related to XMPP anymore
I don't think it's acceptable for a council member though
zinidthat's why we lose reality and don't understand what users/customers want
Ge0rGralphm, SamWhited: it would be great to link your presentations from https://wiki.xmpp.org/web/SCAM/Material
ralphmGe0rG: do it
jubalhhas joined
Ge0rGhas left
Ge0rGralphm: is there a timestamp / place-of-presentation for your slide deck? Also, why is it sometimes scrolling to the right and sometimes to the bottom?
Ge0rG...and sometimes diagonally?!
zinidGe0rG: that for you not to get bored
Ge0rGAh, a second attempt made me realize that it's a kind of chapter structure
dwdhas left
la|r|mahas left
la|r|mahas joined
Guusgood idea Ge0rG, thanks.
Guuszinid: I think what Sam ment is that he's not doing anything related to XMPP in his day-job.
alacerhas joined
zinidGuus: so he doesn't depend financially
jonaswwhich is ... a good thing, right?
Ge0rGI've always dreamed of getting paid for doing XMPP.
Guuswhich is kind of irrelevant, I'd say.
Ge0rGhas left
GuusGe0rG: make it so!
zinidI disagree here, it's a bad thing
Ge0rGYesterday I was in a pitch presentation for a large project tender, and had a list of my CVEs on a slide (some of which are very XMPP-related). the customer asked whether I collaborated on those and was really surprised that I was the one who actually researched them.
zinidit's easy to say "hey, let's deprecate everything" when you're not responsible for anything
Ge0rGzinid: I think that most people in here actually attempt to make XMPP better.
zinidGe0rG: well, then you need to try harder :) because xmpp is degrading
Ge0rGAnd there are horrible things in XMPP that well deserve to get deprecated. I'm just not sure if XHTML-IM is one of them.
jonaswzinid, you don’t need to do XMPP in your day-job to have incentive to make things right.
zinidjonasw: but I still think that there are more incentives if you do that job
Ge0rGzinid: actually, if you are getting paid for XMPP related work, this is adding bias to your opinion, making it potentially worse for XMPP.
jonaswzinid, hm, that’s different for different people I suppose.
Guusnot getting paid to do something can also avoid being pressured into something that's commercially interesting, but affects the larger community badly.
jonaswI’m more with Ge0rG on this
Guusso, I think it's good to have a nice mix of people in here :)
Ge0rGa MIX of people?
zinidGe0rG: bias is good actually, and we should rely on consensus
GuusGe0rG: d'oh!
Kevhas left
la|r|mahas left
Ge0rGzinid: are you paid to say that?
zinidGe0rG: nice try ;)
Ge0rGhas left
stefandxmhas left
la|r|mahas left
Ge0rGhas left
Ge0rGhas left
alacerhas joined
KevI think you want interested, intelligent, knowledgeable and responsible people, and whether they're paid for XMPP or not isn't the most important thing.
jonaswI agree
KevYou can have a ludicrous bias with or without being paid.
KevAnd you can be disinterested or not particularly knowledgeable in XMPP despite being paid for it.
WiktorMaybe let's not take this too extremes but there is a difference when someone runs a business critical system on top of XMPP vs hobby projects. Not to say hobby projects are bad, I'm using them daily, but depending on XMPP also gives unique perspective that is not to be ignored.
jonaswWiktor, if you’re like me: I’m more invested in my hobby projects than in my dayjob.
WiktorYeah, but do you want xmpp to be only hobbyists network?
jonaswnot necessarily, but the use-cases are the same, no matter who’s running the development, aren’t they?
ZashIs it an either-or?
Ge0rGjonasw: sorry to hear that. We are hiring :P
jonaswGe0rG, I know
jonaswyou have been taken into consideration, but I’m waiting for the offer of the local company ;-)
WiktorZash: it is not but it's important to hear both sides, if you had hobbyists only in XSF that'd be dangerous IMO
jonaswWiktor, sure, but it shouldn’t in any way be a criteria for or against council membership.
la|r|mahas left
Wiktorjonasw: yes, definitely not, especially if Sam is already evangelizing XMPP, but I hope not everyone in the council is doing xmpp as a side project, that'd be... Almost like matrix! ;)
zinidare there any guys in council who actually get paid?
zinidah, Kev
Ge0rGzinid: paid for being on council? Or for working on XMPP?
zinidworking on xmpp
Ge0rGI once got two days off for attending Summit, but it required some discussing with my boss.
Wiktorzinid: you're not running for a member? you'd be a perfect 10th man ( https://movies.stackexchange.com/questions/12616/ )
Ge0rGWiktor: that sounds like emergency law or law of war.
zinidlol, I don't know what membership gives me except some boring beuracracy stuff (like polling)
Ge0rGzinid: it's like with political elections. If you don't vote, you have no right to complain about the people who got elected and their actions.
Ge0rGOkay, Russia is probably different in that regard :>
zinidlol
zinidand it's so hard to elect a council in a more democratic way? why one would be a member for that?
WiktorGe0rG: I've heard voices that software development is similar to warfighting: https://youtu.be/2u0sNRO-QKQ?t=34m32s
Guus> I think you want interested, intelligent, knowledgeable and responsible people
Guusall feats combined in a person? *quietly revokes candidacy*
Link Mauve“09:42:25 zinid> […] I don't think it's acceptable for a council member though”, I’m not doing anything XMPP-related at $dayjob either, it probably reduces the conflicts of interest, but I don’t think people who are doing it are bad either, it’s just different perspectives.
Guusand it's good to have a mix of different perspectives.
ZashThis.
Link Mauve“10:58:57 Wiktor> […] I hope not everyone in the council is doing xmpp as a side project, that'd be... Almost like matrix! ;)”, what do you mean by that? Just like jonasw I am generally more interested in my side projects (otherwise I’d do something else with my free time ^^), even though I have to be at work eight hours a day.
Link Mauve“11:07:27 Ge0rG> zinid: it's like with political elections. If you don't vote, you have no right to complain about the people who got elected and their actions.”, I strongly disagree on this, when no choices are proposed to you, that’s not an election and you have full rights to complain before, during and after that simulacre.
Kev> not necessarily, but the use-cases are the same, no matter who’s running the development, aren’t they?
Very much not.
WiktorLink Mauve: I mean that for a healthy project you probably need some kind of push to a business success, it's like "analysis paralysis", sometimes you need to make things pragmatic. Don't get me wrong I also spend a lot of time polishing my side projects but the best approach is a balanced approach :)
Kevzinid: Of the people currently on Council, at least three currently are paid for XMPP work, and one other was in the past.
ZashKev: Wouldn't it vary depending on what they are doing?
KevZash: I don't think so. I think hobbyists don't tend to address some of the requirements that are not-fun, in the general case.
archas left
archas joined
KevIn principle a hobbyist might do such things, but it's not tremendously likely.
zinidagreed, and we have examples for this
lumihas joined
zinidalso, bussiness tends to make things faster because of financial pressure
zinidfor example we in p1 had push support since 2008 or so, while XSF still didn't produce anything meaningful
Ge0rG...to hack things together in a more or less working way
Link Mauvezinid, from what I’ve seen, when there is pressure to make something, a business will abandon its principles and hack something which is most likely harmful to the long term.
KevI don't see why 'hack something in' and 'harmful long term' have to be linked.
ZashDon't be evil.
Link MauveWe’ve consciously done development that was going to be impossible to upstream next, just because a customer wanted it fast.
KevHacking something in that's not long-term suitable is actually a good way of getting experience and feeding into a 'correct' fix.
Link MauveKev, sure, but when we have the time we prototype something and then do it the correct way.
Link MauveNot spending time polishing the prototype.
pep.Zash, No bullshit, since 1999
mimi89999has joined
mimi89999has joined
Kevhas left
Guusdid anyone take minutes during yesterdays board meeting?
Guusah, Edwin fixed the logs
mimi89999has joined
mimi89999has joined
efrithas joined
Steve Killehas joined
stefandxmhas joined
ralphmhas left
sonnyhas joined
sonnyhas joined
GuusPeople, to get some feel of who's interested in joining us in Brussels for Summit 22 and/or FOSDEM, I'd appreciate if you guys sign up on the corresponding wiki pages: https://wiki.xmpp.org/web/Summit_22 and FOSDEM_2018
Guusthis will help SCAM to get an indication of the amount of people + required housing etc.
Guusalso, thoughts on content, please, share!
alacerhas joined
Guus(copy and pasting is hard. Here's the proper FOSDEM 2018 wiki page link: https://wiki.xmpp.org/web/FOSDEM_2018 )
Ge0rGIt would be great to have a discussion of what's broken in XMPP, but I'm not sure I can attend
GuusWe'll do proper announcements on the mailing lists soon.
GuusGe0rG: in the interest of perception: let's have a discussion on fixes. :)
Ge0rGGuus: we can't discuss fixes before having a consensus on the problems, right?
Steve Killehas left
stefandxmhas left
GuusSure. I'm just suggesting to word it differently. Starting off in a negative frame will likely hurt.
edhelashas left
Ge0rGGuus: "Making XMPP ready for the next decade"?
Guus"You're an ass!" vs "You'd be more awesome if you'd ...."
Ge0rGThough "Making XMPP ready for the last decade" would be technically more accurate.
jonasw.oO(previous decade rather)
Ge0rGjonasw: ✋
GuusGuys, don't want to sound like anyone's dad (or project lead, or scrum master) but I think that funny-yet-negative remarks can annoy/upset some people - even while they're not intended to do so. Let's try to keep things on the + side of things.
jonaswGuus, I agree
Guusthere's a distinct negative vibe that we really should try to get rid of.
GuusI'm not blaming you guys specifically at all, but it's the little stuff like this that I think we can all improve on.
Ge0rGGuus: your scrum dad attitude is much appreciated.
GuusThank you. I shall be organizing retrospectives soon.
jonaswso I need to figure out whether I want to go to that summit
jonaswI do want, in some way, but stress
efrithas left
jonasw(would also be an excellent use for my remaining vacation day)
Guusso you need to figure out how you can make it :)
jonaswkindof
tuxhas joined
Guusjonasw: some employers will cover some of the attendance, when asked
jonaswGuus, I’m not *that* employed yet (just a student)
Guuswho's in charge of your vacation day budget then?
Guus(apart from yourself :P )
Kevhas left
mimi89999has joined
Guusattending stuff like this is an excellent way to improve various skills that can-be-defined-in-a-way-that-suits-your-vaction-day-decision-maker-best ;)
Guusalso: it's good fun :)
Guusugh, 13:30 and I still need to get started with work
jonaswGuus, sure, employer, but I work like 8h/week due to being a student.
jonaswI doubt that they would cover any conference based on that
jonasw(which also means that vacation day == vacation week for me)
GuusI see
efrithas joined
sonnyhas joined
sonnyhas joined
alacerhas joined
Ge0rGjonasw: you might get funding from your university.
Ge0rGjonasw: depends on the budget situation of course, but it might be possible. At my former institute, that would probably have worked if I made a presentation there.
jonaswGe0rG, I’m not really close to any department, so that’d be kind of out-of-the-blue there
jonaswfunding also isn’t the issue for now, I need to figure out whether I want to stay at a hotel and all that
jonaswI usually don’t want that
Ge0rGhas a large collection of hotel giveaway pens
mimi89999has joined
Guusjonasw: we'll likely arrange for a group discount, in which you'll have your own room, against a reduced price.
jonaswas I said, budget is not necessarily an issue. the circumstances of a hotel (or other non-home accomodation, I really like my own bed) stay are.
Guusjonasw: that, I cannot change :) If it's any comfort: last years hotel was pretty nice!
intosihas left
jcbrandhas joined
danielhas left
la|r|mahas left
efrithas left
la|r|mahas joined
la|r|mahas left
stefandxmhas joined
Guushas joined
Guushas joined
waqashas joined
intosihas joined
stefandxmhas left
danielhas left
Guushas joined
lskdjfhas joined
intosihas left
intosihas joined
vanitasvitaehas left
vanitasvitaehas left
Guusdwd, could you re-join open_chat? We've deployed that XMPP parse PR there
danielhas left
danielhas left
jcbrandhas left
jcbrandhas joined
danielhas left
jcbrandhas left
sonnyhas joined
jcbrandhas joined
stefandxmhas joined
Guushas left
danielhas left
Guushas left
jjrhhas left
Guushas joined
Guushas left
Guushas joined
Guushas left
Guushas joined
matlaghas joined
vanitasvitaeLooks like my xmpp-wiki account became victim to the death of the server. Who can I contact for a new account?
danielhas left
Archas joined
jjrhhas left
jjrhhas left
danielhas left
Ge0rGvanitasvitae: me or Guus for example
Ge0rGvanitasvitae: just say your anticipated user name and email address in here :)
vanitasvitaeAh, I'll ask Guus, since he's in my roster :D
jerehas joined
jjrhhas left
danielhas left
intosihas left
jerehas left
jerehas joined
intosihas joined
waqashas left
dwdhas left
dwdhas left
jjrhHas anyone worked with broadsoft's UC (unified communications) platform? My understanding it it's all XMPP but finding much about it - like what XEP's they support - hasn't been easy
sonnyhas joined
dwdhas left
jjrhactually this should probably be asked in operators - sorry
Link MauveArc, arc, could you share the sources of your Prosody flyer with SCAM (and us)? I’d like to translate it to French and distribute it at an upcoming event.
jcbrandhas left
Valerianhas joined
lskdjfhas joined
Arcyoure referring to http://www.sheut.net/xmpp_guide_2017.pdf ?
jubalhhas left
Link MauveYes, this one.
Arcif so change the end to _1.svg and _2.svg for the two sides, tho im not certain that's the best source format
Arcthe pdf might be better
iiro.laihohas joined
Link MauveDid you create it directly in SVG?
Arcinkscape yea
Arcthen saved it to pdf, and used a command line tool to combine the two pages for printing
Link MauvePerfect, it works fine in Inkscape!
jjrhmaybe throw on https://check.messaging.one/index.php to test?
jjrhoh I guess xmpp.net directs you there
Arcwe're less than an hour before GCI is announced
Guushttps://wiki.xmpp.org/web/SCAM/Material <-- Arc's pdf was already in there, but please, add source files if available.
Arcits possible we wont be in this year, which frees up my winter considerably
Guusdid we even apply for GCI?
Arcno but copyleft games did, and we always have XMPP tasks
Guusah, cool
ArcLink Mauve: can you update your diecut sticker template for the new logo?
Guusgot to pick up the kids, ttyl
Link MauveArc, which one?
GuusLink Mauve, maybe delete it and use https://github.com/xsf/xmpp.org/blob/master/xmpp.org-theme/static/images/xmpp-logo.svg instead?
Guushaving a canonical version is good :)
Link MauveRight.
GuusI'll update the SCAM repo (still points to your site)
ArcLink Mauve: Die-cut logo (roughly 2x2 inch)
Take an image of the logo, like the one on https://linkmauve.fr/svg/xmpp.svg
GuusArc: I just replaced that link
Guusreally got to pick up the kids now :)
Guuslater
stefandxmhas left
efrithas joined
Guushas left
Link MauveThere, fixed. :)
Link MauveI also removed a duplicate for the gradient, it’s the same on both sides so it’s better to have only one.
SamWhitedGuus: if you still want them, I put the slides I used yesterday: https://bitbucket.org/SamWhited/xmpp-intro-slides/downloads/
jubalhhas joined
iiro.laihohas left
pep.Arc, your(?) http server does serve over tls :(
pep.Arc, your(?) http server doesn't serve over tls :(
iiro.laihohas joined
iiro.laihohas left
iiro.laihohas joined
dwdhas left
dwdhas left
dwdhas left
vanitasvitaehas left
Wiktorhas joined
Ge0rGSamWhited: just noticed a typo on your cloudflare_slides, "Mobile Considerations" is 0286 and not 0268 :)
dwdhas left
SamWhitedoops, thanks
jubalhhas left
SamWhitedI should change those anyways; the XEPs I used were for the same presentation somewhere else, for more general things where people don't care about any specific XMPP thing I should probably just do big XEPs that are nice fancy features (Jingle, MAM, MUC, etc.)
waqashas joined
jubalhhas joined
jubalhhas left
Arcpep.: sheut.net? no it doesnt
Arcpep.: the server itself supports TLS and runs it for other domains, but not this one.
Arcand we're NOT in GCI this year.
Ge0rGJingle and PubSub. The apogee of XMPP.
pep.Arc, yeah I've noticed it doesn't
Arcpep.: congrats, you noticed
Arcwhy does it matter to you
pep.Because there's a link and I wanted to click on it. *compulsive clicker*
pep.But now that I know it doesn't support tls, there's still the link, but I can't see the other side. sadness
Guushas left
danielhas left
GuusSamWhited: a link to your slides were already added to the SCAM repo
SamWhitedOh, well that link is probably broken now unless you rehosted them somewhere
iiro.laihohas left
jjrhhas left
waqashas left
waqashas joined
GuusCan you update it please? I'm on mobile mow
GuusNow
jjrhhas left
GuusLink to the wiki based repo was posted earlier
SamWhitedI don't have any "earlier" because mcabber (unless it was very recently earlier) :(
SamWhitedfound it though
SamWhitedoh, that was the right link anyways, it just didn't actually have up-to-date slides in it until just now
iiro.laihohas left
Valerianhas left
Arcpep.: you have it set so you can only view TLS?
Arctisk, tisk
Arcnow I know how to keep you out of my links :-P
pep.:(
pep.I'm not sure I get what people have against TLS
pep.Arc, I could if I wanted, I just filter them. (manually still, even if httpseverwhere helps, but only on the browser)
Arci dont have anything against TLS. its just not automatic, and I don't think every domain warrants it
pep.I think every public domain should
Arcwell, feel free to do it on your own domains
Arci would rather spend the time I would otherwise spend maintaining TLS certs, writing code
pep.I wouldn't mind taking time and helping you, but I'm sure you know how to do it already :)
Arcthat's not an obsession I have
jjrhhas left
Link MauveArc, once it is setup, there is no maintainance.
Arcif a domain has a xmpp server on it, it gets a TLS cert.
Link MauveAnd if a domain has an HTTP server on it, same, that way everyone is happy. :)
pep.Arc, why would xmpp require a cert and not http
ArcLink Mauve: that's complete bullshit. seriously. TLS certs expire. There's a duty to care that they don't expire, and to fix them when the scripts fail to perform as expected. Its a time investment I'm not going to put into every domain I have
pep.Maybe you haven't heard of the new chap in town, let's encrypt
Arcpep.: I use lets encrypt. it is not flawless, ive found my scripts for it break about once a year
ZashIt solves *all* problems!!
pep.Zash, all!
jonaswI've got monitoring set up for my domains, adding one with tls is O(1), but then again I'm an infrastructure nerd.
Arci just spent 3 days fixing a host of domains that it broke on, and because the domains were set to use https only, and because the certs were expired, letsencrypt couldn't renew them without reconfiguring the domains to non-https first
pep.bootstrap is annoying indeed
Arcif a domain has a login, or has anything private, sure. if it has xmpp, sure. those are valid reasons.
jonaswI've never seen letsencrypt break though, with lego.
stefandxmhas joined
pep.But you should serve on 80 and 443 anyway, you can redirect 80 to 443, but have /.well-known/acme-challenge go to whatever folder letsencrypt requires
Arcpep.: again, this is your obsession, not mine.
SamWhitedIf you're really this concerned about a little personal domain that someone else rusn I question the validity of your threat model.
pep.SamWhited, it's just one part of it
efrithas left
Arcsheut.net is my personal LAN domain. www.sheut.net <http://www.sheut.net> is used for sharing tiny files on non-indexed URLs
Arcwww.sheut.net <http://www.sheut.net> gives a 403 Forbidden
la|r|mahas joined
Arcbut if you really want to get into a infrastucture pissing contest, I'd love to get into it on IPv6 :-P
Arci dont host anything unless it has an ipv6 address
efrithas joined
Link MauveArc, it seems to work in IPv6 from here.
ArcLink Mauve: i would expect as such, since its hosted by he.net
ArcI have a VPN into he.net too, with native ipv6
pep.You mean you have native ip6 _and_ the vpn?
Arci have native ipv6 at he.net and at home. but with the vpn i have layer 3 native ipv6 everywhere i go
Arcif I'm at starbucks I have ipv6
pep.Anyway, my concern about tls is that every one who enables it help "cover the tracks" (or however you want to call it) for any other concerned person.
pep.Anyway, my concern about tls is that every one who enables it helps "cover the tracks" (or however you want to call it) for any other concerned person.
Arcthen dont load my links :-P
Link MauveAnother reason is to avoid an evil MitM from seeing what we download, or even from tampering with them.
efrithas left
pep.Arc, the thing is that it's not just about you
Arcuh-huh. ok I'm done engaging in this conversation
Arcim reading up on ALPN API callbacks in openssl this morning
Ge0rGIT systems have fractal complexity.
jjrhArc, you have a 6in4 tunnel or you have a VPN that gives you a native v6 address?
Arcjjrh: I have a layer 2 VPN into a native dual stack network running in my own server cabinet at he.net
jjrhah - nice :)
Arcmy home network is pretty awful, the owner *THINKS* he knows enough to do it, but the IPv4 LAN ip block is 192.169.0.0/16
jjrhdoes that play nice on android?
Arcthere are currently 9 active devices on it, 2 of them are printers.
Arcjjrh: yep. my phone is on it.
jjrhI like the idea - might look into it myself. Make some things much easier
Arcthe biggest reason is being able to SSH into any system, from any of my systems, anywhere i happen to be
stefandxmhas left
Arcmy car has native IPv6 wifi
jjrhYeah I would use sixxs for that (before it shutdown) haven't got around to configuring a HE tunnel for my laptop yet
sonnyhas joined
Arcjjrh: im not sure HE runs that service anymore, but I'm happy to offer a VPN operated on your own physical ARM microserver
jjrhHE still runs their 6in4 tunnel
Arc1 IPv4 address, /64 IPv6
Arcah cool.
jjrhhttps://tunnelbroker.net/ yeah tunnel broker is still live - sixxs died last year
ArcHE are good people, ive hosted with them for almost a decade now
efrithas joined
jjrhI still have a subnet from them before I had native v6 at home just haven't configured it for my laptop, and I don't believe the daemon (forget what HE uses - not aiccu) runs on android so a VPN I guess is my only option
jjrhwhats the VPN protocol you're using?
Arcopenvpn
jjrhah
Arcbbiab need to drive
efrithas left
jubalhhas joined
Archas left
jerehas joined
waqashas left
waqashas joined
jubalhhas left
vanitasvitaehas left
la|r|mahas left
jjrhhas left
jjrhhas left
Archas joined
lskdjfhas joined
jjrhhas left
Valerianhas left
Valerianhas joined
jjrhhas left
archas left
archas joined
jonaswhas left
ralphmhas joined
danielhas left
Archas left
dwdhas left
Ge0rGhas left
dwdhas left
jjrhhas left
uchas left
uchas joined
archas left
Archas joined
stefandxmhas joined
archas joined
dwdhas left
dwdhas left
Archas left
stefandxmhas left
uchas left
mimi89999has left
mimi89999has joined
uchas joined
mimi89999has joined
mimi89999has joined
Zash> If the UID contained within an <after> or <before> is not present in the archive, the server MUST return an item-not-found error
Has this changed? I distinctly remember that you were to behave as if the ids were outside the range of the archive
archas left
Archas joined
Archas left
Archas joined
ZashAnd when did 'stable' appear?
zinid> we can't discuss fixes before having a consensus on the problems, right?
we can't reach an agreement on something we almost don't discuss
Arczinid: context would be good
zinidArc: what context? there are pending topics in the ML where Ge0rG provided some summary, but it's virtually not discussed
archas joined
danielhas left
zinidanyway, since we're done with xhtml-im ranting, can we discuss problems of push notifications finally?
zinidsome devs disagree there should be any pubsub, so the suggestion is to get rid of it
archas left
archas joined
archas left
dwdhas left
Arczinid: xhtml-im discussion will continue until the XEP is retired with prejudice. the topic has only gone to sleep for X weeks, it will reawaken
Arcthe webchat im working on does not, and will not support it.
zinidArc: I don't give a shit actually
Arcthere are simply too many surfaces to protect against
zinidArc: I care about other topics
Arcok so what topic are you referring to
archas joined
SouLhas left
dwdhas left
zinidArc: I already said about the topic
waqashas left
SamWhitedI am preparing an email to gather requirements for a potential XHTML-IM replacement. Afterwards hopefully we can discuss how the alternative could also be safer.
Valerianhas left
sonnyhas left
sonnyhas joined
ArcSamWhited: we did a trial on that last year, it was very successful
Arcmedia attachments
sonnyhas joined
ThurahTwhy are there cloudflare logos in the scam pdf slides? Is cloudfare a huge sponsor to the xsf?
sonnyhas joined
sonnyhas left
sonnyhas joined
SamWhitedI work there and I was the one giving the presentation
Arcand giving it internally iirc
ThurahTbut cloudflare has nothing to do with the xsf in general?
SamWhitednot as far as I know
ThurahTah. Good.
Guushas left
SamWhitedbut yah, putting the place paying for you to be at the conference on your slides is just habit (though in this case I wasn't anywhere, so kind of pointless I guess)
ThurahTI see. Thanks for clarifying
Valerianhas joined
jjrhhas left
jjrhhas left
waqashas joined
jjrhhas left
ArcSamWhited: im developing a handshake for an external authentication server, any advice?
SamWhitedArc: I'm probably not the best person to ask about authentication servers, but sounds fun! :)
Arcsending a client's connection info, TLS cert when available, and having it take over the SASL component
waqashas left
Arcalso in-band registration, when supported
SamWhitedThat sounds cool; is this to use LDAP or some other directory thing?
Guushas left
waqashas joined
Arcthe idea is its for anything
Arcallow the service to implement any authentication they want without having to edit the xmpp server, or worse, write their own
SamWhitedGood idea
ArcOAUTH2 for example, you'll commonly want a custom auth server, even if oauth2 is already available you'll want to customize it
SamWhitedHow would you delegate to it? Do servers give you a way to plugin stream features that delegate to another service?
Archttps://xmpp.org/extensions/xep-0077.html#redirect provides a simple way to send registering clients to a website url. that will need to be tightly linked to the authentication chosen.
ArcSamWhited: im thinking when the server needs to auth for a user, it gives details to the auth server, which replies with the SASL mechanisms it supports. the existance of the auth server implies in-band registration and SASL are supported in the appropriate places
Arcim not trying to make it a generic component
Guushas left
Arcthough on initial connection to the auth server it could reply back with a xmpp feature set it supports.
Arci want to keep it simple, tho. not to place undue burden on implementors
XSF Discussion - 2017-10-26