XSF Discussion - 2017-10-26


  1. Arc

    cloudflare is doing xmpp now?

  2. SamWhited

    no, I don't do anything related to XMPP anymore

  3. SamWhited

    I just gave a lunch-and-learn presentation

  4. Arc

    ah ok

  5. Arc

    seems i dont have a wiki account anymore

  6. Guus

    Arc: all accounts got lost during the crash earlier this year. We can create a new account for you.

  7. Arc

    Guus: cool, ArcRiley arcriley@gmail.com would be great

  8. Arc

    i just thought i already had one setup since the restore

  9. Guus

    Ge0rG appears to have beat me to the punch

  10. Guus

    There doesn't appear to be any other 'Arc' account

  11. Arc

    cool. and thanks Ge0rG

  12. Arc

    Guus: https://www.youtube.com/watch?v=o0oV8RzcXCI heh

  13. Arc

    you are in a car.

  14. Arc

    (needing to break the doors to a locked building, K9 reminds: you are in a car. cars can go through doors)

  15. Ge0rG

    Guus: sorry, I wasn't sure whether you were there.

  16. Guus

    I wasn't here :)

  17. Guus

    nor do I break into buildings using a car. :)

  18. Kev

    How do you do it?

  19. Guus

    Have you seen Mission Impossible, that scene where he drops in on a rope through a shaft?

  20. zinid

    > I don't do anything related to XMPP anymore I don't think it's acceptable for a council member though

  21. zinid

    that's why we lose reality and don't understand what users/customers want

  22. Ge0rG

    ralphm, SamWhited: it would be great to link your presentations from https://wiki.xmpp.org/web/SCAM/Material

  23. ralphm

    Ge0rG: do it

  24. Ge0rG

    ralphm: is there a timestamp / place-of-presentation for your slide deck? Also, why is it sometimes scrolling to the right and sometimes to the bottom?

  25. Ge0rG

    ...and sometimes diagonally?!

  26. zinid

    Ge0rG: that for you not to get bored

  27. Ge0rG

    Ah, a second attempt made me realize that it's a kind of chapter structure

  28. Guus

    good idea Ge0rG, thanks.

  29. Guus

    zinid: I think what Sam ment is that he's not doing anything related to XMPP in his day-job.

  30. zinid

    Guus: so he doesn't depend financially

  31. jonasw

    which is ... a good thing, right?

  32. Ge0rG

    I've always dreamed of getting paid for doing XMPP.

  33. Guus

    which is kind of irrelevant, I'd say.

  34. Guus

    Ge0rG: make it so!

  35. zinid

    I disagree here, it's a bad thing

  36. Ge0rG

    Yesterday I was in a pitch presentation for a large project tender, and had a list of my CVEs on a slide (some of which are very XMPP-related). the customer asked whether I collaborated on those and was really surprised that I was the one who actually researched them.

  37. zinid

    it's easy to say "hey, let's deprecate everything" when you're not responsible for anything

  38. Ge0rG

    zinid: I think that most people in here actually attempt to make XMPP better.

  39. zinid

    Ge0rG: well, then you need to try harder :) because xmpp is degrading

  40. Ge0rG

    And there are horrible things in XMPP that well deserve to get deprecated. I'm just not sure if XHTML-IM is one of them.

  41. jonasw

    zinid, you don’t need to do XMPP in your day-job to have incentive to make things right.

  42. zinid

    jonasw: but I still think that there are more incentives if you do that job

  43. Guus

    also, "not getting paid for anything" doesn't equal "not taking responsibility"

  44. Ge0rG

    zinid: actually, if you are getting paid for XMPP related work, this is adding bias to your opinion, making it potentially worse for XMPP.

  45. jonasw

    zinid, hm, that’s different for different people I suppose.

  46. Guus

    not getting paid to do something can also avoid being pressured into something that's commercially interesting, but affects the larger community badly.

  47. jonasw

    I’m more with Ge0rG on this

  48. Guus

    so, I think it's good to have a nice mix of people in here :)

  49. Ge0rG

    a MIX of people?

  50. zinid

    Ge0rG: bias is good actually, and we should rely on consensus

  51. Guus

    Ge0rG: d'oh!

  52. Ge0rG

    zinid: are you paid to say that?

  53. zinid

    Ge0rG: nice try ;)

  54. Kev

    I think you want interested, intelligent, knowledgeable and responsible people, and whether they're paid for XMPP or not isn't the most important thing.

  55. jonasw

    I agree

  56. Kev

    You can have a ludicrous bias with or without being paid.

  57. Kev

    And you can be disinterested or not particularly knowledgeable in XMPP despite being paid for it.

  58. Wiktor

    Maybe let's not take this too extremes but there is a difference when someone runs a business critical system on top of XMPP vs hobby projects. Not to say hobby projects are bad, I'm using them daily, but depending on XMPP also gives unique perspective that is not to be ignored.

  59. jonasw

    Wiktor, if you’re like me: I’m more invested in my hobby projects than in my dayjob.

  60. Wiktor

    Yeah, but do you want xmpp to be only hobbyists network?

  61. jonasw

    not necessarily, but the use-cases are the same, no matter who’s running the development, aren’t they?

  62. Zash

    Is it an either-or?

  63. Ge0rG

    jonasw: sorry to hear that. We are hiring :P

  64. jonasw

    Ge0rG, I know

  65. jonasw

    you have been taken into consideration, but I’m waiting for the offer of the local company ;-)

  66. Wiktor

    Zash: it is not but it's important to hear both sides, if you had hobbyists only in XSF that'd be dangerous IMO

  67. jonasw

    Wiktor, sure, but it shouldn’t in any way be a criteria for or against council membership.

  68. Wiktor

    jonasw: yes, definitely not, especially if Sam is already evangelizing XMPP, but I hope not everyone in the council is doing xmpp as a side project, that'd be... Almost like matrix! ;)

  69. zinid

    are there any guys in council who actually get paid?

  70. zinid

    ah, Kev

  71. Ge0rG

    zinid: paid for being on council? Or for working on XMPP?

  72. zinid

    working on xmpp

  73. Ge0rG

    I once got two days off for attending Summit, but it required some discussing with my boss.

  74. Wiktor

    zinid: you're not running for a member? you'd be a perfect 10th man ( https://movies.stackexchange.com/questions/12616/ )

  75. Ge0rG

    Wiktor: that sounds like emergency law or law of war.

  76. zinid

    lol, I don't know what membership gives me except some boring beuracracy stuff (like polling)

  77. Ge0rG

    zinid: it's like with political elections. If you don't vote, you have no right to complain about the people who got elected and their actions.

  78. Ge0rG

    Okay, Russia is probably different in that regard :>

  79. zinid

    lol

  80. zinid

    and it's so hard to elect a council in a more democratic way? why one would be a member for that?

  81. Wiktor

    Ge0rG: I've heard voices that software development is similar to warfighting: https://youtu.be/2u0sNRO-QKQ?t=34m32s

  82. Ge0rG

    ,oO( http://cdn2.spiegel.de/images/image-290455-galleryV9-gxvy-290455.jpg )

  83. zinid

    typical russian elections

  84. Guus

    > I think you want interested, intelligent, knowledgeable and responsible people

  85. Guus

    all feats combined in a person? *quietly revokes candidacy*

  86. Link Mauve

    “09:42:25 zinid> […] I don't think it's acceptable for a council member though”, I’m not doing anything XMPP-related at $dayjob either, it probably reduces the conflicts of interest, but I don’t think people who are doing it are bad either, it’s just different perspectives.

  87. Guus

    and it's good to have a mix of different perspectives.

  88. Zash

    This.

  89. Link Mauve

    “10:58:57 Wiktor> […] I hope not everyone in the council is doing xmpp as a side project, that'd be... Almost like matrix! ;)”, what do you mean by that? Just like jonasw I am generally more interested in my side projects (otherwise I’d do something else with my free time ^^), even though I have to be at work eight hours a day.

  90. Link Mauve

    “11:07:27 Ge0rG> zinid: it's like with political elections. If you don't vote, you have no right to complain about the people who got elected and their actions.”, I strongly disagree on this, when no choices are proposed to you, that’s not an election and you have full rights to complain before, during and after that simulacre.

  91. Kev

    > not necessarily, but the use-cases are the same, no matter who’s running the development, aren’t they? Very much not.

  92. Wiktor

    Link Mauve: I mean that for a healthy project you probably need some kind of push to a business success, it's like "analysis paralysis", sometimes you need to make things pragmatic. Don't get me wrong I also spend a lot of time polishing my side projects but the best approach is a balanced approach :)

  93. Kev

    zinid: Of the people currently on Council, at least three currently are paid for XMPP work, and one other was in the past.

  94. Zash

    Kev: Wouldn't it vary depending on what they are doing?

  95. Kev

    Zash: I don't think so. I think hobbyists don't tend to address some of the requirements that are not-fun, in the general case.

  96. Kev

    In principle a hobbyist might do such things, but it's not tremendously likely.

  97. zinid

    agreed, and we have examples for this

  98. zinid

    also, bussiness tends to make things faster because of financial pressure

  99. zinid

    for example we in p1 had push support since 2008 or so, while XSF still didn't produce anything meaningful

  100. Ge0rG

    ...to hack things together in a more or less working way

  101. Link Mauve

    zinid, from what I’ve seen, when there is pressure to make something, a business will abandon its principles and hack something which is most likely harmful to the long term.

  102. Kev

    I don't see why 'hack something in' and 'harmful long term' have to be linked.

  103. Zash

    Don't be evil.

  104. Link Mauve

    We’ve consciously done development that was going to be impossible to upstream next, just because a customer wanted it fast.

  105. Kev

    Hacking something in that's not long-term suitable is actually a good way of getting experience and feeding into a 'correct' fix.

  106. Link Mauve

    Kev, sure, but when we have the time we prototype something and then do it the correct way.

  107. Link Mauve

    Not spending time polishing the prototype.

  108. pep.

    Zash, No bullshit, since 1999

  109. Guus

    did anyone take minutes during yesterdays board meeting?

  110. Guus

    ah, Edwin fixed the logs

  111. Guus

    People, to get some feel of who's interested in joining us in Brussels for Summit 22 and/or FOSDEM, I'd appreciate if you guys sign up on the corresponding wiki pages: https://wiki.xmpp.org/web/Summit_22 and FOSDEM_2018

  112. Guus

    this will help SCAM to get an indication of the amount of people + required housing etc.

  113. Guus

    also, thoughts on content, please, share!

  114. Guus

    (copy and pasting is hard. Here's the proper FOSDEM 2018 wiki page link: https://wiki.xmpp.org/web/FOSDEM_2018 )

  115. Ge0rG

    It would be great to have a discussion of what's broken in XMPP, but I'm not sure I can attend

  116. Guus

    We'll do proper announcements on the mailing lists soon.

  117. Guus

    Ge0rG: in the interest of perception: let's have a discussion on fixes. :)

  118. Ge0rG

    Guus: we can't discuss fixes before having a consensus on the problems, right?

  119. Guus

    Sure. I'm just suggesting to word it differently. Starting off in a negative frame will likely hurt.

  120. Ge0rG

    Guus: "Making XMPP ready for the next decade"?

  121. Guus

    "You're an ass!" vs "You'd be more awesome if you'd ...."

  122. Ge0rG

    Though "Making XMPP ready for the last decade" would be technically more accurate.

  123. jonasw

    .oO(previous decade rather)

  124. Ge0rG

    jonasw: ✋

  125. Guus

    Guys, don't want to sound like anyone's dad (or project lead, or scrum master) but I think that funny-yet-negative remarks can annoy/upset some people - even while they're not intended to do so. Let's try to keep things on the + side of things.

  126. jonasw

    Guus, I agree

  127. Guus

    there's a distinct negative vibe that we really should try to get rid of.

  128. Guus

    I'm not blaming you guys specifically at all, but it's the little stuff like this that I think we can all improve on.

  129. Ge0rG

    Guus: your scrum dad attitude is much appreciated.

  130. Guus

    Thank you. I shall be organizing retrospectives soon.

  131. jonasw

    so I need to figure out whether I want to go to that summit

  132. jonasw

    I do want, in some way, but stress

  133. jonasw

    (would also be an excellent use for my remaining vacation day)

  134. Guus

    so you need to figure out how you can make it :)

  135. jonasw

    kindof

  136. Guus

    jonasw: some employers will cover some of the attendance, when asked

  137. jonasw

    Guus, I’m not *that* employed yet (just a student)

  138. Guus

    who's in charge of your vacation day budget then?

  139. Guus

    (apart from yourself :P )

  140. Guus

    attending stuff like this is an excellent way to improve various skills that can-be-defined-in-a-way-that-suits-your-vaction-day-decision-maker-best ;)

  141. Guus

    also: it's good fun :)

  142. Guus

    ugh, 13:30 and I still need to get started with work

  143. jonasw

    Guus, sure, employer, but I work like 8h/week due to being a student.

  144. jonasw

    I doubt that they would cover any conference based on that

  145. jonasw

    (which also means that vacation day == vacation week for me)

  146. Guus

    I see

  147. Ge0rG

    jonasw: you might get funding from your university.

  148. Ge0rG

    jonasw: depends on the budget situation of course, but it might be possible. At my former institute, that would probably have worked if I made a presentation there.

  149. jonasw

    Ge0rG, I’m not really close to any department, so that’d be kind of out-of-the-blue there

  150. jonasw

    funding also isn’t the issue for now, I need to figure out whether I want to stay at a hotel and all that

  151. jonasw

    I usually don’t want that

  152. Ge0rG has a large collection of hotel giveaway pens

  153. Guus

    jonasw: we'll likely arrange for a group discount, in which you'll have your own room, against a reduced price.

  154. jonasw

    as I said, budget is not necessarily an issue. the circumstances of a hotel (or other non-home accomodation, I really like my own bed) stay are.

  155. Guus

    jonasw: that, I cannot change :) If it's any comfort: last years hotel was pretty nice!

  156. Guus

    dwd, could you re-join open_chat? We've deployed that XMPP parse PR there

  157. vanitasvitae

    Looks like my xmpp-wiki account became victim to the death of the server. Who can I contact for a new account?

  158. Ge0rG

    vanitasvitae: me or Guus for example

  159. Ge0rG

    vanitasvitae: just say your anticipated user name and email address in here :)

  160. vanitasvitae

    Ah, I'll ask Guus, since he's in my roster :D

  161. jjrh

    Has anyone worked with broadsoft's UC (unified communications) platform? My understanding it it's all XMPP but finding much about it - like what XEP's they support - hasn't been easy

  162. jjrh

    actually this should probably be asked in operators - sorry

  163. Link Mauve

    Arc, arc, could you share the sources of your Prosody flyer with SCAM (and us)? I’d like to translate it to French and distribute it at an upcoming event.

  164. Arc

    youre referring to http://www.sheut.net/xmpp_guide_2017.pdf ?

  165. Link Mauve

    Yes, this one.

  166. Arc

    if so change the end to _1.svg and _2.svg for the two sides, tho im not certain that's the best source format

  167. Arc

    the pdf might be better

  168. Link Mauve

    Did you create it directly in SVG?

  169. Arc

    inkscape yea

  170. Arc

    then saved it to pdf, and used a command line tool to combine the two pages for printing

  171. Link Mauve

    Perfect, it works fine in Inkscape!

  172. jjrh

    maybe throw on https://check.messaging.one/index.php to test?

  173. jjrh

    oh I guess xmpp.net directs you there

  174. Arc

    we're less than an hour before GCI is announced

  175. Guus

    https://wiki.xmpp.org/web/SCAM/Material <-- Arc's pdf was already in there, but please, add source files if available.

  176. Arc

    its possible we wont be in this year, which frees up my winter considerably

  177. Guus

    did we even apply for GCI?

  178. Arc

    no but copyleft games did, and we always have XMPP tasks

  179. Guus

    ah, cool

  180. Arc

    Link Mauve: can you update your diecut sticker template for the new logo?

  181. Guus

    got to pick up the kids, ttyl

  182. Link Mauve

    Arc, which one?

  183. Guus

    Link Mauve, maybe delete it and use https://github.com/xsf/xmpp.org/blob/master/xmpp.org-theme/static/images/xmpp-logo.svg instead?

  184. Guus

    having a canonical version is good :)

  185. Link Mauve

    Right.

  186. Guus

    I'll update the SCAM repo (still points to your site)

  187. Arc

    Link Mauve: Die-cut logo (roughly 2x2 inch) Take an image of the logo, like the one on https://linkmauve.fr/svg/xmpp.svg

  188. Guus

    Arc: I just replaced that link

  189. Guus

    really got to pick up the kids now :)

  190. Guus

    later

  191. Link Mauve

    There, fixed. :)

  192. Link Mauve

    I also removed a duplicate for the gradient, it’s the same on both sides so it’s better to have only one.

  193. SamWhited

    Guus: if you still want them, I put the slides I used yesterday: https://bitbucket.org/SamWhited/xmpp-intro-slides/downloads/

  194. pep.

    Arc, your(?) http server does serve over tls :(

  195. pep.

    Arc, your(?) http server doesn't serve over tls :(

  196. Ge0rG

    SamWhited: just noticed a typo on your cloudflare_slides, "Mobile Considerations" is 0286 and not 0268 :)

  197. SamWhited

    oops, thanks

  198. SamWhited

    I should change those anyways; the XEPs I used were for the same presentation somewhere else, for more general things where people don't care about any specific XMPP thing I should probably just do big XEPs that are nice fancy features (Jingle, MAM, MUC, etc.)

  199. Arc

    pep.: sheut.net? no it doesnt

  200. Arc

    pep.: the server itself supports TLS and runs it for other domains, but not this one.

  201. Arc

    and we're NOT in GCI this year.

  202. Ge0rG

    Jingle and PubSub. The apogee of XMPP.

  203. pep.

    Arc, yeah I've noticed it doesn't

  204. Arc

    pep.: congrats, you noticed

  205. Arc

    why does it matter to you

  206. pep.

    Because there's a link and I wanted to click on it. *compulsive clicker*

  207. pep.

    But now that I know it doesn't support tls, there's still the link, but I can't see the other side. sadness

  208. Guus

    SamWhited: a link to your slides were already added to the SCAM repo

  209. SamWhited

    Oh, well that link is probably broken now unless you rehosted them somewhere

  210. Guus

    Can you update it please? I'm on mobile mow

  211. Guus

    Now

  212. Guus

    Link to the wiki based repo was posted earlier

  213. SamWhited

    I don't have any "earlier" because mcabber (unless it was very recently earlier) :(

  214. SamWhited

    found it though

  215. SamWhited

    oh, that was the right link anyways, it just didn't actually have up-to-date slides in it until just now

  216. Arc

    pep.: you have it set so you can only view TLS?

  217. Arc

    tisk, tisk

  218. Arc

    now I know how to keep you out of my links :-P

  219. pep.

    :(

  220. pep.

    I'm not sure I get what people have against TLS

  221. pep.

    Arc, I could if I wanted, I just filter them. (manually still, even if httpseverwhere helps, but only on the browser)

  222. Arc

    i dont have anything against TLS. its just not automatic, and I don't think every domain warrants it

  223. pep.

    I think every public domain should

  224. Arc

    well, feel free to do it on your own domains

  225. Arc

    i would rather spend the time I would otherwise spend maintaining TLS certs, writing code

  226. pep.

    I wouldn't mind taking time and helping you, but I'm sure you know how to do it already :)

  227. Arc

    that's not an obsession I have

  228. Link Mauve

    Arc, once it is setup, there is no maintainance.

  229. Arc

    if a domain has a xmpp server on it, it gets a TLS cert.

  230. Link Mauve

    And if a domain has an HTTP server on it, same, that way everyone is happy. :)

  231. pep.

    Arc, why would xmpp require a cert and not http

  232. Arc

    Link Mauve: that's complete bullshit. seriously. TLS certs expire. There's a duty to care that they don't expire, and to fix them when the scripts fail to perform as expected. Its a time investment I'm not going to put into every domain I have

  233. pep.

    Maybe you haven't heard of the new chap in town, let's encrypt

  234. Arc

    pep.: I use lets encrypt. it is not flawless, ive found my scripts for it break about once a year

  235. Zash

    It solves *all* problems!!

  236. pep.

    Zash, all!

  237. jonasw

    I've got monitoring set up for my domains, adding one with tls is O(1), but then again I'm an infrastructure nerd.

  238. Arc

    i just spent 3 days fixing a host of domains that it broke on, and because the domains were set to use https only, and because the certs were expired, letsencrypt couldn't renew them without reconfiguring the domains to non-https first

  239. pep.

    bootstrap is annoying indeed

  240. Arc

    if a domain has a login, or has anything private, sure. if it has xmpp, sure. those are valid reasons.

  241. jonasw

    I've never seen letsencrypt break though, with lego.

  242. pep.

    But you should serve on 80 and 443 anyway, you can redirect 80 to 443, but have /.well-known/acme-challenge go to whatever folder letsencrypt requires

  243. Arc

    pep.: again, this is your obsession, not mine.

  244. SamWhited

    If you're really this concerned about a little personal domain that someone else rusn I question the validity of your threat model.

  245. pep.

    SamWhited, it's just one part of it

  246. Arc

    sheut.net is my personal LAN domain. www.sheut.net <http://www.sheut.net> is used for sharing tiny files on non-indexed URLs

  247. Arc

    www.sheut.net <http://www.sheut.net> gives a 403 Forbidden

  248. Arc

    but if you really want to get into a infrastucture pissing contest, I'd love to get into it on IPv6 :-P

  249. pep.

    Sure, I have ip6 at home and at work as well

  250. Zash

    Something something self-hosting DNSSEC, mumble

  251. pep.

    But that's not the point here anyway

  252. Arc

    i dont host anything unless it has an ipv6 address

  253. Link Mauve

    Arc, it seems to work in IPv6 from here.

  254. Arc

    Link Mauve: i would expect as such, since its hosted by he.net

  255. Arc

    I have a VPN into he.net too, with native ipv6

  256. pep.

    You mean you have native ip6 _and_ the vpn?

  257. Arc

    i have native ipv6 at he.net and at home. but with the vpn i have layer 3 native ipv6 everywhere i go

  258. Arc

    if I'm at starbucks I have ipv6

  259. pep.

    Anyway, my concern about tls is that every one who enables it help "cover the tracks" (or however you want to call it) for any other concerned person.

  260. pep.

    Anyway, my concern about tls is that every one who enables it helps "cover the tracks" (or however you want to call it) for any other concerned person.

  261. Arc

    then dont load my links :-P

  262. Link Mauve

    Another reason is to avoid an evil MitM from seeing what we download, or even from tampering with them.

  263. pep.

    Arc, the thing is that it's not just about you

  264. Arc

    uh-huh. ok I'm done engaging in this conversation

  265. Arc

    im reading up on ALPN API callbacks in openssl this morning

  266. Ge0rG

    IT systems have fractal complexity.

  267. jjrh

    Arc, you have a 6in4 tunnel or you have a VPN that gives you a native v6 address?

  268. Arc

    jjrh: I have a layer 2 VPN into a native dual stack network running in my own server cabinet at he.net

  269. jjrh

    ah - nice :)

  270. Arc

    my home network is pretty awful, the owner *THINKS* he knows enough to do it, but the IPv4 LAN ip block is 192.169.0.0/16

  271. jjrh

    does that play nice on android?

  272. Arc

    there are currently 9 active devices on it, 2 of them are printers.

  273. Arc

    jjrh: yep. my phone is on it.

  274. jjrh

    I like the idea - might look into it myself. Make some things much easier

  275. Arc

    the biggest reason is being able to SSH into any system, from any of my systems, anywhere i happen to be

  276. Arc

    my car has native IPv6 wifi

  277. jjrh

    Yeah I would use sixxs for that (before it shutdown) haven't got around to configuring a HE tunnel for my laptop yet

  278. Arc

    jjrh: im not sure HE runs that service anymore, but I'm happy to offer a VPN operated on your own physical ARM microserver

  279. jjrh

    HE still runs their 6in4 tunnel

  280. Arc

    1 IPv4 address, /64 IPv6

  281. Arc

    ah cool.

  282. jjrh

    https://tunnelbroker.net/ yeah tunnel broker is still live - sixxs died last year

  283. Arc

    HE are good people, ive hosted with them for almost a decade now

  284. jjrh

    I still have a subnet from them before I had native v6 at home just haven't configured it for my laptop, and I don't believe the daemon (forget what HE uses - not aiccu) runs on android so a VPN I guess is my only option

  285. jjrh

    whats the VPN protocol you're using?

  286. Arc

    openvpn

  287. jjrh

    ah

  288. Arc

    bbiab need to drive

  289. Zash

    > If the UID contained within an <after> or <before> is not present in the archive, the server MUST return an item-not-found error Has this changed? I distinctly remember that you were to behave as if the ids were outside the range of the archive

  290. Zash

    And when did 'stable' appear?

  291. zinid

    > we can't discuss fixes before having a consensus on the problems, right? we can't reach an agreement on something we almost don't discuss

  292. Arc

    zinid: context would be good

  293. zinid

    Arc: what context? there are pending topics in the ML where Ge0rG provided some summary, but it's virtually not discussed

  294. zinid

    anyway, since we're done with xhtml-im ranting, can we discuss problems of push notifications finally?

  295. zinid

    some devs disagree there should be any pubsub, so the suggestion is to get rid of it

  296. Arc

    zinid: xhtml-im discussion will continue until the XEP is retired with prejudice. the topic has only gone to sleep for X weeks, it will reawaken

  297. Arc

    the webchat im working on does not, and will not support it.

  298. zinid

    Arc: I don't give a shit actually

  299. Arc

    there are simply too many surfaces to protect against

  300. zinid

    Arc: I care about other topics

  301. Arc

    ok so what topic are you referring to

  302. zinid

    Arc: I already said about the topic

  303. SamWhited

    I am preparing an email to gather requirements for a potential XHTML-IM replacement. Afterwards hopefully we can discuss how the alternative could also be safer.

  304. Arc

    SamWhited: we did a trial on that last year, it was very successful

  305. Arc

    media attachments

  306. ThurahT

    why are there cloudflare logos in the scam pdf slides? Is cloudfare a huge sponsor to the xsf?

  307. SamWhited

    I work there and I was the one giving the presentation

  308. Arc

    and giving it internally iirc

  309. ThurahT

    but cloudflare has nothing to do with the xsf in general?

  310. SamWhited

    not as far as I know

  311. ThurahT

    ah. Good.

  312. SamWhited

    but yah, putting the place paying for you to be at the conference on your slides is just habit (though in this case I wasn't anywhere, so kind of pointless I guess)

  313. ThurahT

    I see. Thanks for clarifying

  314. Arc

    SamWhited: im developing a handshake for an external authentication server, any advice?

  315. SamWhited

    Arc: I'm probably not the best person to ask about authentication servers, but sounds fun! :)

  316. Arc

    sending a client's connection info, TLS cert when available, and having it take over the SASL component

  317. Arc

    also in-band registration, when supported

  318. SamWhited

    That sounds cool; is this to use LDAP or some other directory thing?

  319. Arc

    the idea is its for anything

  320. Arc

    allow the service to implement any authentication they want without having to edit the xmpp server, or worse, write their own

  321. SamWhited

    Good idea

  322. Arc

    OAUTH2 for example, you'll commonly want a custom auth server, even if oauth2 is already available you'll want to customize it

  323. SamWhited

    How would you delegate to it? Do servers give you a way to plugin stream features that delegate to another service?

  324. Arc

    https://xmpp.org/extensions/xep-0077.html#redirect provides a simple way to send registering clients to a website url. that will need to be tightly linked to the authentication chosen.

  325. Arc

    SamWhited: im thinking when the server needs to auth for a user, it gives details to the auth server, which replies with the SASL mechanisms it supports. the existance of the auth server implies in-band registration and SASL are supported in the appropriate places

  326. Arc

    im not trying to make it a generic component

  327. Arc

    though on initial connection to the auth server it could reply back with a xmpp feature set it supports.

  328. Arc

    i want to keep it simple, tho. not to place undue burden on implementors