jonaswSamWhited, you might want to update https://wiki.xmpp.org/web/Sam_Whited_for_Council_2017#Better_recommendations
Steve Killehas joined
archas left
archas joined
Kevjonasw: Actually, the deadline for applications has passed, so we shouldn't be editing our applications really.
jonaswKev, I know. I just wanted to point it out for Sam to judge, given that the content is obviously deprecated and the thing which is deprecated has changed before the deadline
GuusHappy to see that we at least have a full complement of candidates. I was worried there for a bit.
jonaswKev, also, MattJs application for board is still null
KevDon't think that's true.
jonaswKev, then at least it’s not properly linked
KevHave you tried clicking it? :)
Guusthere's a page for Matt, but the link shows red for me. Some weird caching issue in mediawiki that I though was fixed.
jonaswno. stupid caches.
jonaswthe three issues in computer science. Cache invalidation and Off-by-one errors.
GuusI like how 50% of the applications were made on the day of the deadline.
jonaswI don’t like that.
Guusyou're right, it's not ideal, but it's funny to see how procrastination is at work each time. At least, I'm hoping that it's just that.
jonaswI too do hope that
intosiUsually is for me when I'm late at putting up my reapplication ;)
jonaswis there a summary on how the voting for Board & Council works for those who find the Bylaws hard to read?
jonaswis it that you vote for each individual yes/no and each individual has to be elected by majority to be part of that group?
jonaswif so, what happens if n>m (where m being the size of the group) individuals get elected?
sonnyhas joined
Ge0rGhas left
Ge0rGhas joined
jcbrandhas joined
GuusI'm just hoping that procrastination combined with wiki account loss didn't prevent people from applying.
Guusjonasw: I don't know, not do I think your explanation was clearer than the bylaws 😉
jonaswI’m sorry :P
goffiGuus: I was considering applying but I gave up as I've already too much work and I can't take any more engement this year.
gofficommitment*
Kevjonasw: Top five, basically.
jonaswtop five with respect to what?
jonaswdo we get one yes/no vote per candidate?
KevISTR we pick (up to) our chosen five, those count as yes, others count as no.
Guusistr istr istr
GuusI...
Guusit stands to reason?
Ge0rGhas left
Ge0rGhas joined
Guusgoffi: totally understandable. I'm just hoping that there we not people that did want to apply, but ended up missing the deadline because the forgot about / were not aware of the loss of wiki accounts
Guus(we had a couple of requests tonight to recreate accounts, which made me wonder)
KevI seem to recall
ralphmhas left
jonaswGuus, I’m confident that those people would step up if that was the only reason
jonaswin which case I’m sure that we could extend the period retrospectively since this was an issue outside of their control
danielhas left
jcbrandhas left
brahas left
GuusI kind of disagree with the 'outside of their control' classification, but would be in favor of accepting late candidacies.
KevIf anyone had said they needed an account, and didn't get one, yesterday that'd be one thing, but if anyone comes in today and says they want to apply, they obviously missed it.
GuusThere's the "ah, I couldn't sign up and was confident that requesting a new account wouldn't get me a new account before the deadline" argument. If we would be extending the deadline (which I don't think we are), there's not much reason to accept one type, but not another.
KevI suggest we stop debating what to do in a situation we don't have :)
jonasw:)
jonaswit’s monday morning, don’t judge people for a desire to distract themselves with irrelevant scenarios
edhelasKev +1
edhelasby the way, is there people that are interested to come to T-DOSE this month ? https://wiki.xmpp.org/web/T-DOSE_2017
GuusI'll be at T-Dose! :)
Guuslet me put out a tweet for that event
Ge0rGhas left
brahas joined
Guusedhelas: we should prepare for some demos and the like. Thoughts?
thomas_has left
dwdhas joined
Guusedhelas: would you mind drafting a blogpost that announces our presence there?
edhelasI don't have much time for that atm sorry
goffiGuus: by the may, I need to recreate account too
goffino that you're talking about it :p
thomas_has joined
danielhas left
goffinow*
Guusgoffi: desired nickname and email address please
Ge0rGIt looks like we finally have a situation where wiki account creation is almost instant.
danielhas left
goffiGuus: answered in P.V.
edhelasGe0rG API over XMPP MUC
jonaswXML-RPC!
goffiad-hoc commands
goffithat works great
goffiI love this XEP
edhelasif only it was more user friendly
goffiwhy would it not be ? It's a client thing to make is user friendly
Ge0rGhas left
danielhas left
marchas joined
dwdhas left
dwdhas joined
@Alacerhas left
Alexhas joined
@Alacerhas joined
danielhas left
tim@boese-ban.dehas left
tim@boese-ban.dehas left
danielhas left
Ge0rGhas left
tim@boese-ban.dehas joined
tuxhas joined
edhelashttp://www.t-dose.org/node/1063
danielhas left
jcbrandhas joined
jcbrandhas left
jcbrandhas joined
Ge0rGhas left
Guushas left
danielhas left
danielhas left
Ge0rGhas left
Tobiashas joined
Alexhas left
Guushas left
ThurahThas joined
Ge0rGhas left
jcbrandhas left
ThurahThas left
ThurahThas joined
danielhas left
jcbrandhas joined
Ge0rGhas left
lskdjfhas joined
la|r|mahas joined
nycohas left
ralphmhas joined
Alexhas joined
Alexhas left
Ge0rGhas left
jubalhhas joined
jcbrandhas left
jcbrandhas joined
HolgerGuus: Got the account email, thank you.
GuusHolger: yw
efrithas joined
Ge0rGhas left
Alexhas joined
efrithas left
jcbrandhas left
Ge0rGhas left
danielhas left
jerehas left
jerehas joined
Ge0rGhas left
danielhas left
sonnyhas joined
jerehas left
jerehas joined
Ge0rGhas left
ralphmhas left
@Alacerhas left
@Alacerhas joined
Holgerhas left
jcbrandhas joined
jcbrandhas left
jcbrandhas joined
Ge0rGhas left
lumihas joined
zinidhas left
vanitasvitaehas joined
Valerianhas joined
sonnyhas joined
jcbrandhas left
Ge0rGhas left
danielhas left
valohas joined
Ge0rGhas left
Alexhas left
jerehas joined
nycohas joined
jcbrandhas left
Ge0rGhas left
danielhas left
Valerianhas left
Ge0rGhas left
jcbrandhas joined
Alexhas joined
nycohas left
nycohas joined
Alexhas left
Alexhas joined
Tobiashas left
Ge0rGhas left
jcbrandhas left
jcbrandhas joined
Ge0rGhas left
pep.has left
Valerianhas joined
Ge0rGhas left
jcbrandhas left
ralphmhas left
lskdjfhas left
danielhas left
lovetoxhas joined
jcbrandhas joined
Ge0rGhas left
jerehas joined
danielhas left
Tobiashas joined
bjchas left
Valerianhas left
danielhas left
danielhas left
Ge0rGhas left
ralphmhas joined
danielhas left
Ge0rGhas left
danielhas left
Ge0rGhas left
danielhas left
lskdjfhas left
danielhas left
zinidhas left
Alexhas left
danielhas left
ralphmhas joined
danielhas left
Alexhas left
Ge0rGhas left
Kevhas left
bjchas joined
Alexhas left
danielhas left
Valerianhas joined
Ge0rGhas left
Steve Killehas left
danielhas left
danielhas left
Holgerhas left
Alexhas joined
danielhas left
ralphmhas left
Ge0rGhas left
danielhas left
Holgerhas left
danielhas left
lovetoxhas left
lovetoxhas joined
Ge0rGhas left
nycohas left
nycohas joined
jjrhhas left
Valerianhas left
jjrhhas left
jcbrandhas left
jjrhhas left
jubalhhas left
Tobiashas left
jubalhhas left
lovetoxhas left
Ge0rGhas left
ralphmhas left
danielhas left
tuxhas left
Valerianhas joined
Ge0rGhas left
lovetoxhas left
lovetoxhas joined
jubalhhas left
efrithas joined
lskdjfhas joined
Guushas left
jubalhhas joined
Ge0rGhas left
Guushas left
nycohas left
nycohas joined
la|r|mahas joined
zinidisn't it easier to add <subscribe/> to MUC XEP instead of writing this MIX stuff?
goffihas left
GuusIt's certainly easier to write that, yes.
Ge0rGZash: tell us about minimix
nycohas left
nycohas joined
zinidGuus: so what's the problem? we can create those pusbus nodes inside a muc room
Ge0rGhas left
zinid*pubsub :)
moparisthebestha I like pusbus better we should rename it
zinidno objection
Ge0rGI vote for pup-soup. 🐶🍲
intosihas left
danielhas left
Ge0rGhas left
zinidalso, assuming a user's server should know about MIX is a bad idea
Guushas left
zinidanother issue:
> To achieve this, the client will query the user's own MAM archive using Message Archive Management (XEP-0313) [3], with the query filtered by the channel JID.
> The only exception to this is when a user wishes to access message history in the channel prior to when the user joined the channel. To achieve this, the client will use MAM to retrieve message history directly from the MAM Archive of the MUX channel.
zinidwhy a client cannot request mam archive from MIX channel right away?
Ge0rGzinid: you should read up the previous discussions on standards@
zinidwhich ones?
Ge0rGthe ones on MIX
zinidthere are tons of them
Ge0rGYes.
zinidno thanks
Kevhas left
goffihas joined
Valerianhas left
zinidI just did some search and didn't find any relevant info inside those discussions
Ge0rGhas left
archas left
Ge0rGhas left
archas joined
archas left
archas joined
waqashas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
Steve Killehas left
Steve Killehas left
Ge0rGhas left
ralphmhas left
Steve Killehas joined
archas left
Ge0rGhas left
archas joined
efrithas left
danielhas left
bjchas left
ralphmhas joined
Valerianhas joined
marchas left
Ge0rGhas left
Ge0rGhas left
danielhas left
Alexmemberbot is up and council for the board & council election
jonaswAlex, thanks :)
jonasweven though I assume it’s up and running, and not up and council :-)
Tobiashas joined
jonaswAlex, you included ralphms application despite it being late?
marchas left
jonasw(I’m not saying that we should not, but I think that some people have strong opinions on that)
Alexyes I did
Ge0rGhas left
efrithas joined
marchas joined
tim@boese-ban.dehas left
thomas_has left
McKaelhas left
thomas_has joined
Archas joined
Arc"""Your problem is so terrible, I worry that, if I help you, I risk drawing the attention of whatever god of technology inflicted it on you."""
jonasw:D
Guusplease don't walk in the sea.
Guusinto*
Ge0rGhas left
ArcI LOL'd so hard reading that
ZashArc: That sounds like how helping people with old code makes you the maintainer.
GuusYeah, I get funny looks whenever reading his book
jonaswThe What-If book?
Guusyeah
Guushe might have more, unsure :)
ZashIs that from What-If?
jonaswno
Guusxkcd
jonaswit’s todays xkcd, Zash
ZashBunneh: xkcd
BunnehThermostat
https://xkcd.com/1912/
jonaswGuus, I learnt in that book that I both want and totally not want a wall with the periodic table of elements :-)
GuusI learnt from that book that I snort when snickering
jonasw:D
Arcim digging through my old code with mod_xmpp now, doing a major overhaul. its actually not terrible, just a bit ... spaghettified
Arci was actually closing in on a "good" solution but was one step away. instead of chopping up stanzas by the outside, i needed to chop them from the inside.
jonaswwhat’s mod_xmpp?
Guus"not terrible"
Guus(just a bit spaghettified)
Arcjonasw: it started as an Apache module to do XMPP over Websockets proxying to an xmpp server over C2S
jonaswah
ArcGuus: i know I'm not unique in, when you work on code you havent touched by a year, you start hating your younger self
GuusArc: I totally bypass that by simply forgetting that I touched that code. As long as I don't use git blame, I can hate the random anonymous dev that did that terrible thing.
Archeh
GuusOr, as one of my code-workers used to say: "I must've been drunk."
jonaswGuus, +1 for "I must’ve been drunk."
Arcor high.
jonaswit’s extra funny since I don’t drink alcohol or so at all.
Guus... that you remember ...
jonaswright.
marchas left
jonaswI also find that this varies greatly by language.
Arcso, I'm looking at chopping up the XML stream by the inner part of the stanza, and parsing/serializing the outer part of the stanza. does that seem sane?
jonaswI’m not sure what "chopping" means and why you need to do it
jonasw(also, jdev@ maybe)
Arcobviously open to edge cases, but I'm still using expat with this, and I'll move to libexi in a later version meaning it'll do a full parse->serialize during the process
Arcjonasw: outer part, eg, <message from="" to="" id="">, vs inside part eg <body xmlns=""> etc
jonaswI guessed that much -- what kind of chopping?
Arcoh man, i havent been in jdev in forever
jonasw(I may be missing context on how websockets work)
Ge0rGhas left
Arcjonasw: its semi related to websockets.. chopping actually in regard to APR bucket brigades. so Apache operates streams as a linked list of buffers. when the expat parser hits certain markers, I record the point, and then can recreate/remove part of the stream, then grab the buffer until a certain termination point, passing that along verbatim
jonaswokay, what
Arcone of the bugs in mod_xmpp has always been that, contrary to spec, it hasn't included xmlns="jabber:client" with every stanza
jonaswhuh, is that a MUST or SHOULD?
Guusdidn't you get all that from 'spaghettified code', jonasw? ;)
Guusnamespace can be either on the stream or on each stanza, iirc
jonaswmy personal style of test-driven development (which is much less strict than what people probably usually advocate, I don’t know, I’m self-taught) has stopped me from writing spaghettified code
Arcits a MUST because XMPP over WebSockets isn't within a root <stream:stream> element anymore. each stanza is a whole and complete XML document
Arcmost javascript code implementing xmpp over websockets doesn't test for the xmlns="jabber:client"
ZashI'm not so sure that doing that wrapping thing was the best idea
jonaswbecause I’m pretty sure that aioxmpp doesn’t include xmlns="..." on each stanza
Guusah, websockets
jonaswArc, most javascript code doesn’t give a f..thing about namespaces.
jonaswand if you try to do, you run into all kinds of funny browser bugs.
Guusit's annoying to have to move stanzas from a c2s stream to a s2s stream, for the difference in namespace
jonaswGuus, I agree that using different namespaces there was a weird choice
ZashAll that because nobody wanted to write a SAX parser for browsers
jonaswasm.js + libxml2?
jonaswor libexpat
Guusoff to watch some House of Cards, for board election winning tips.
Zashjonasw: but now it's set in stone forever and ever
jonaswZash, until XMPP 2.0 comes around or so...
Zashmaybe a "just plain XMPP over websockets, no fancy framing" spec?
jonaswwouldn’t that break due to lack of SAX parsers?
Arci dont think the namespace actually breaks anything in javascript
Zashjonasw: I mean as a separate thing
jubalhhas joined
jonaswmore separate things?
Arcbut yea in WebSockets the second example in guus's URL, "prefix-free canonicalization", is what websockets stanzas SHOULD look like.
ZashThe current XMPP-over-WS RFC is basically "XMPP over WS for the Web"
jonaswZash, is there a use-case for WB not over the Web?
jonaswZash, is there a use-case for WB not for the Web?
Georghas joined
jonaswZash, is there a use-case for WebSockets not for the Web?
jonaswdamnit
Georghas left
ZashThe dark future where only port 443 can be used?
jonaswZash, don’t support that dark future
jonasw(and don’t walk into the sea)
ZashAnd where you can't tunnel whatever over TLS on 443?
ZashI don't
ZashIt's of course inevitable tho :(
jonaswZash, stop saying that
jonaswyou make me sad
jonaswI don’t want to be sad.
Arcin that particular example, xmpp connect might actually be faster than starttls
jonaswArc, even faster than XEP-0386?
Arcjonasw: no, because you have the HTTP upgrade handshake
jonaswwait that number is wrong
Arci know what you mean tho
Arcand i love it.
jonaswXEP-0368 (SRV records for XMPP over TLS)
ArcI mean its a bit rough around the edges, i wish it wasnt needed, that xmpp were to default over TLS
jcbrandhas joined
Arczash is right tho, there's already networks that block all communication that's not on an "approved" protocol on its "accepted" port
ArcHTTPS must be accepted.
jonaswArc, I’m not sure pushing that fight further up in the ISO/OSI layers will help
Arcwe've had some form of XMPP over HTTP proxy to deal with those kinds of networks
ZashIt's all just moving negotiation around the layers
jonaswArc, at some point, either breaking of TLS by those firewalls will becmoe standard or other means of guessing the type of traffic will be used.
Arcat some point those firewalls will also include ALPN sniffing
ZashArc: Implying that they don't already?
Arcpoint
waqashas left
Arci still have a WRT54GL router setup exclusively to proxy all IP traffic over HTTPS because most school districts have only 80 and 443 open, and block *MOST* websites on both. Luckily I own an IP address not currently included in any blocking blacklist
Arcthe DC Public Library system was setup similarly. good luck getting a video conference to work
McKaelhas joined
Arcit was otherwise impossible to do after school programming
Kevhas left
Ge0rGhas left
moparisthebest> jonasw: Zash, is there a use-case for WebSockets not for the Web?
moparisthebestfor a brief period my work mitm'd all TLS and I had to tunnel TLS over websocket over mitm'd TLS
moparisthebestluckily I did not write a XEP :P
ArcGuus: also man, given the attendance record for the last board, i dont think you have much to worry about. really.
Arcwe clearly need new, energized blood
Arc(even if its me that's out the door for next year)
GuusI'm not worried either way, just wanted to make a House of Cards reference.
Archeh
Guusbecause i think that's hillarious.
Guusthere.
Arcwell, no HoC reference is complete without accusations of gay rape
moparisthebestmight be nice to link to https://wiki.xmpp.org/web/Board_and_Council_Elections_2017 in topic
waqashas joined
waqashas left
ArcI pledge that I only sexually harass men when asked to by women who feel harassed by those same men. :-P
ArcPyCon before the CoC was a very dark time.
Ge0rGhas left
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
jubalhhas joined
Ge0rGhas left
Archey Kev how solid is MIX at this point?
moparisthebestpretty solid if you mean too dense to read :P
Arcis there a reference implementation yet?
Arcmoparisthebest: did you ever see or read my presentation on xmpp microservices?
zinidArc: I read your EXI xep
moparisthebestno, got a link to read?
Arczinid: that's impossible, i havent written it yet
zinidmoparisthebest: just read his EXI xep to get the idea ;)
Arcthe only exi xep that exists now is garbage
GuusArc: there's a MIX implementation for Openfire being worked on by Surevine - not sure in what state of completeness it is.
danielhas left
moparisthebestI'm not positive EXI has a purpose outside tiny embedded devices really
Arcthe XEP as it stands does not sync the grammar to be used, it relies on the server taking several schemas and compiling a grammar itself, which depending on implementation may or may not match
moparisthebestlike mobile phones handle XML just fine
Arcmoparisthebest: yes, it absolutely does. the problem is imlementation
ZashOr lack thereof?
moparisthebestwhy would a phone app want to implement something other than XML though is the question?
Arcof course it does. mobile devices can handle XML, but the overhead is immense. to say "hi" takes 200+ bytes
zinidArc: ah, you're not the author, ok
moparisthebestcertainly no memory or speed reasons anymore
moparisthebestin a world where node.js is a thing, what's 200+ bytes?
moparisthebesta hello world webpage is ~4mb
ZashBunneh: do #'<message to="arc@example.com" type="chat"><body>hi</body></message>'
BunnehZash: 67
zinidArc: but EXI is a terrible way to fix this issue, at least current XEP is pure shit
zinidabstracting from XML is a way to go
Steve Killehas left
Arczinid: yes, it absolutely is. which is why i dont want to fix it. i want to write a new one
Zashzinid: Separation of the data and its encoding?
zinidZash: yeah...
Arcwhat I'm missing is a manner for the client to transmit the grammar to the server when the server doesn't already have it. there isnt a standard encoding for this, and it must be implementation agnostic
moparisthebestand sounds like a nightmare security-wise, probably
Arci dont think so. why would it?
zinidwhy would you need to transfer schemas? do you know any asn.1-base implementation transfering asn.1 definitions?
jonaswI wonder if EXI grammars can be used to create exponential costs (they can contain regexes, right?)
Arcthe current XEP does something, security wise, awful in having the server fetch grammar files from arbitrary HTTP URLs. that's begging to be used as a DDoS amplication attack
moparisthebestI vaguely recall discussing this before, I think you said the server would cache these or whatever
moparisthebestor does the client transfer all it's going to use every session?
moparisthebestbecause then you don't save bytes
FlowArc, is it so important to do that? I've heard that EXI works reasonably efficient even when not used in schema-informed mode
jonaswmoparisthebest, I think the grammars would be keyed by a cryptographic hash sum
ZashWhat if each party says which namespaces they have schemas of, and then you fall back to some inefficient generic encoding for everything not in the union of known schemasq
Zashs/q$/?/g
ArcFlow: reasonably is relative. you have to transmit all your string tables
ArcZash: aka non-strict encoding.
moparisthebestso can evil client fill up that cache and/or boot out other in-use ones?
Arcmoparisthebest: SHA256 should reasonably cover this, unless you think SHA256 is weak. and the server could have a finite cache.
moparisthebestmy point is EXI seems possibly useful in a iot network of trusted super low resource clients or whatever
moparisthebestand useless for desktop or modern phones
moparisthebest(which are now, indistinguishable resource-wise, right?)
Arcyou cannot trust iot devices. thats where terrible iot security comes from.
jerehas left
jerehas joined
moparisthebestso can't I just evict your useful grammar files by sending you a load of useless ones?
Flowmoparisthebest, mobile devices may have similar computing power than desktops, but they have other constraints too
moparisthebesteven if you do everything correctly and sha256 is secure
ZashLRU cache?
Guushas left
Arcyea
jonaswmoparisthebest, use a very limited per-account cache, plus a global cache for shasums which are used by multiple accounts.
jonaswin the worst case the global cache is filled with garbage, but the account-local caches for well-behaving accounts will still work as they should.
moparisthebestjonasw, so then I just connect 2 evil clients and still evict from global?
Zashmoparisthebest: Think of EXI as better compression that is safe from https://blog.thijsalkema.de/blog/2014/08/07/https-attacks-and-xmpp-2-crime-and-breach/
FlowZash, are you 100% sure that EXI isn't vulnerable to similar form of attacks?
moparisthebestah yea I think we talked about that too and weren't entirely sure it was safe in all modes
Arcregex btw is an argument against transmitting schemas, its primarily used when defining constrained character sets, and the regex in question isn't a full regex implementation but rather a list of character ranges
ZashFlow: I'm not 100% sure of anything
Zashs/safe/safer/ probably
moparisthebestin fact I think Arc said it was vulnerable in some modes
moparisthebestit's been awhile
Arcmoparisthebest: there's vulnerabilities in all XML libraries.
Ge0rGhas left
FlowZash, ok, let me rephrase: Do you expect that EXI is not vulnerable to similar things like CRIME/BREACH?
moparisthebestArc, sorry I meant vulnerable agaist crime-like compression attacks
ZashFlow: I expect that kind of attack to not be effective against something that roughtly boils down to byte-packing of Enum-like fields
SamWhitedhas left
Arcwell EXI includes the option for including DEFLATE
Arcthere are 4 modes; bitpacked, byte aligned, pre-compression, and DEFLATE
Arcthe client chooses.
Archonestly ive found bitpacked to work the best in almost every case
Arcin bitpacked mode there's no huffman table or similar to exploit. it doesn't compress text really at all, only XML structure.
bjchas left
efrithas left
Arcif there's a potential attack on DEFLATE i'd be personally satisfied in including it in a Security section of the XEP with an advisement against using it.
ZashIf you make sure that any fields that an attacker can put stuff into are treated as text then it should be more resistant
Arc*nod*
bjchas joined
ArcI believe I remember seeing a case of ascii-only 6-bit encoding, and UTF32, intermixed.
Guushas left
Arcbut that's about the only text compression you're going to find
Zash5 bits should be enough for everyone! :)
Arcuntil its not. :-P
Arcinsert unicode emoticon.
moparisthebestI wonder size-wise how it compares to that xml->json thing, was that a xep?
FlowArc: It the wrong usage of DEFLATE that opens the side-channel. If the attacked endpoint performs a full flush, i.e. drops the dictionary, on every "channel" change, then it should be safe
ArcFlow: interesting. well, that's something we could address. XML fragments are included, i honestly dont remember how compression was supported.
ZashFlow: I think that should have had a protocol break
Arci remember i talked to sam a lot about using framing with it, and each stanza a full and complete xml document
FlowZash, why?
ZashFlow: How does one end know that the other end is doing it Right?
efrithas joined
danielhas left
sonnyhas joined
moparisthebestyep, no way to tell, no way for server configs to forbid insecure clients
Arcthe core of the argument for mobile comes down to this tho, the reason Google dropped XMPP support, according to one of the guys on the Hangouts team, was the massive bandwidth and processing overhead of XML vs binary.
moparisthebestso XML was an engineering problem google couldn't tackle?
ZashArc: Is that why they pushed for HTTP/2 to be binary?
moparisthebestbecause marketing sounds far more likely
Arcmoparisthebest: XML has a very high processing overhead, and bandwidth overhead, and those are things that can't be just "tackled"
danielhas left
Arcremember when i accidentally crashed gtalk?
ZashText based protocols do have other valuable properties tho
moparisthebestgoogle engineers didn't know about EXI or some other encoding?
FlowZash, the other end being the other end of the stream or the xmpp communication?
ZashFlow: Yes
Zash:D
moparisthebestI just find it hard to believe the reason wasn't "we want to lock people into our walled garden"
FlowI'm not sure if in the c2s case, the client needs to know that the server also does full flushes on channel changes
FlowIsn't it possibly sufficent if the client does the right thing?
Arcthat was due to an optimization in their UTF8 to protobufs handling. a shortcut was taken, the message i sent jumped their double null termination and propigated.
ZashFlow: How do I, the server, know that you do the right thing if the protocol is identical?
FlowZash, you don't, but do you care as server if, for the example, the client authenticated your TLS cert?
Arc𐑓𐑳𐑒 𐑿
Arcthat exact message was all it took.
ZashFlow: just <method>zlib-but-better</method> is what I mean
Zash-demoji Arc> 𐑓𐑳𐑒 𐑿
BunnehZash: Arc> 𐑓𐑳𐑒 𐑿
Ge0rGhas left
McKaelhas left
ZashArc: hexdump?
Arcnot emoji zash. its shavian https://en.wikipedia.org/wiki/Shavian_alphabet
FlowZash, sure why not, but you could also do the better part as client with <method>zlib</method>
FlowThe client has the incentive to do the right thing, the server doesn't really care, that is what I mean :)
ZashFlow: You think the server should you just let you shoot yourself in the foot? :)
Arcit reads "F-U-K YEW" which is what I wrote in jdev several years ago, when gtalk was brand new, to a google dev who argued that there's "no difference between characters and bytes, thats why we use UTF8"
zinidhas left
jonaswwhat
FlowZash, the server will happily route my root password in <body/> to your JID, won't it?
Arcwhatever optimizations they used, the space there caused their parser to jump the terminating null plus the two "safety nulls" they had in the protobuff reader and cause every gtalk server processing it to crash
ZashFlow: You think the server should just let old non-fixed versions shoot themselves in the foot?
Arcgoogle devs found it as the last message in the queue in every affected server, and they "decoded" the phonetic english
jonasw"safety nulls"
jonaswamazing
FlowZash, valid point. So you prosody implement zlib-but-better?
Arcthis was a long, long time ago, but yes. their "optimized" xml/utf8 decoder had two "safety nulls" to ensure that this wouldn't happen. they didnt expect 4-byte unicode
Flows/you/would?
jonaswnobody does expect 4byte unicode (*glances at mysql*)
Arcone of the guys from the gtalk team shared that bit with me a long time after it happened.
Flowas mod_compression_safe ;)
ZashFlow: Maybe, if it get's properly XEP'd, but no promises
jcbrandhas left
Ge0rGhas left
Arcanyway the biggest issue for EXI right now is *how* to communicate the grammar.
FlowWasn't there even a TLS compression extension for CRIME or something?
FlowArc, bytestreams?
FlowOr what exactly is the issue? That there is no mechanism defined?
ZashDoes it really need to be communicated at all?
FlowMy question exactly
ArcFlow: no, no XML schema or otherwise that Ive ever seen.
ArcFlow: the gains for it are huge, especially for initial connection.
danielhas left
FlowI'm sorry but I don't follow. It is not required to exchange grammar to the other endpoint for EXI do work, but it would improve things, right?
edhelasregarding the Styling XEP proposal, XMPP is a "protocol", this means it has to stay in the backend on my app, telling it what is received and what to send, XMPP is NOT a protocol that enforce how my app should look like, with Markdow, if I want to display my messages without formating I'd have to remove manually all those ugly ~ and *
ArcFlow: EXI uses a lot less code to implement. so yes, text XML vs EXI
FlowMaybe I'm a bit inflexible, but I can't think how a XMPP client/library/server would work with pure non-XML EXI exclusively
jonaswFlow, _xmppexi-server._tcp SRV :-)
jonaswFlow, _xmppexi-client._tcp SRV :-)
FlowIt sure is possible
Zashjonasw!
jonaswZash!
Zashjonasw: I was just typing that
ArcFlow: client connects and sends a EXI header, specifying the schemaId as sha256, if server doesn't support it it'll respond with a default EXI grammar specifying this, client sends a new header to transmit the grammar
Arcit adds a handshake if its unsupported
Arcthe grammar can be informed by a schema but includes weights. I might be wrong, and i'd love to be wrong, but I am not aware of an implementation-independent way to specify weighted options in an EXI schema
Arcthe grammar is a tree
Ge0rGhas left
Arcthe tree is scoped by where you are, and the options available at each point. more common options use fewer bits, or even only one bit. eg, end element is commonly transmitted with the first bit
Arcin non-strict encoding there are options at every step, even for elements which have no attributes, child elements, or content
Arctho that can be transmitted with a single bit, end-element, or "other"
jubalhhas joined
efrithas left
Arcive skimmed a few other EXI libraries for other languages and they all represent this slightly differently.
Steve Killehas left
moparisthebestjust, if _xmppexi-client._tcp becomes a thing make it '368 style direct-tls please :)
Arcmoparisthebest: you have my whole-hearted agreement there
Steve Killehas left
Ge0rGhas left
Steve Killehas left
ralphmhas left
Steve Killehas left
uchas joined
moparisthebesthas joined
Ge0rGhas left
Steve Killehas left
ArcI do not like the idea, tho, of having to invent a XML schema to represent the grammar. because that has to be documented, and it'd be complex.
danielhas left
archas left
jerehas joined
archas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
Steve Killehas left
archas left
archas joined
Ge0rGhas left
jubalhhas joined
goffiedhelas: please post your remark on the @standard. The worst with the current proposal, is that you can't even know if you have to remove those ugly ~ and *
Ge0rGhas left
Valerianhas left
Valerianhas joined
Valerianhas left
jubalhhas joined
moparisthebestYou can choose
Steve Killehas left
moparisthebestIt basically describes what most clients do anyway
jerehas joined
ZashWhich "most clients"?
moparisthebestThunderbird, Gmail?, Hexchat, every IRC client I've *ever* used, people writing text from the beginning of writing text when nothing parsed that except people, gajim
Ge0rGhas left
moparisthebestI'm missing a ton surely
moparisthebestPoint is, parsed or not, it's well understood by anyone reading it
ZashIf everyone understands it already, then do we need to do anything?
Steve Killehas left
danielhas left
moparisthebestNope that's the beauty of it
moparisthebestYou don't have to do anything
danielhas left
archas left
bjchas left
goffiwould be fun to post "ls `date +%Y-%m-%d`-*.xml" in a shell@ MUC room with some of client using this XEP some others not using it.
archas joined
Zashgoffi: I recently learned about `date -uI`
goffiZash: easier to remember :)
danielhas left
Zashoui
Ge0rGhas left
moparisthebestgoffi: so highlight but keep characters?
danielmoparisthebest: that's probably for the best
Kevhas left
SamWhitedI think keeping the characters vs. hiding them is a client decision FWIW, but I really like keeping them (eg. use https://simplemde.com/ for a while, it's very pleasant)
Kevhas joined
Kevhas left
goffilet's add one more different way of rendering
danielI just changed my implementation to keep the characters bit display them with 50% opacity
daniel*but
moparisthebestGajim keeps them
moparisthebestHave to check others...
danielYes I'm starting to think that keeping them is for the better. And maybe the xep should specify that (the characters have to be kept)
SamWhitedI would be happy to change that to say that you SHOULD keep them, I only didn't do that because I assumed people would complain if I did.
danielI guess you can never fully avoid false positives
goffidaniel: yes, by properly marking when you use a rich syntax and when you are not
danielIf we decide to keep them we should specify if the style should include the keyword
danielI opt for not
danielBecause it looks better
SamWhiteddaniel: I'm not sure what you mean, do you just want to make eg. the * bold but not the word?
moparisthebestgoffi: then rewrite all e2e xeps, carbons, and come up with some nightmare to check if the content sent 2 different ways matches in content meaning
moparisthebestOr, keep. It. Simple.
danielSamWhited, if *bold* will render to <b>*bold*</b> or *<b>bold</b>*
danieland i think the later looks better
edhelas:')
Zash<b>*bold</b>*
SamWhiteddaniel: Ah, right. Tentatively I *think* I agree with you.
moparisthebestGood compromise
edhelaswe all agree that next to the type="markdown" content we will have an unformated classic <body> tag ?
moparisthebestI think gajim bolds the asterisks too, not on it now though
danielespecially if you then go and display the * with 60% opacity
danielmoparisthebest, yes it does
danielthis is just coming from my personal preference on what i think looks better. not what other clients do
moparisthebestI think it actually doesn't matter but the xep should recommend
SamWhitededhelas: no, I think that's exactly what many people here are trying to avoid
edhelassic…
edhelascan I also invent my own markup for Post content published in Pubsub ? like in Microblog then ?
edhelassomething that is like Markdown but with my own personnal syntax
goffimoparisthebest: no all e2e XEP, OTR and OMEMO, and we already complained about that before. OX is done the right way.
edhelasthen people can embed videos and centered texts, but without using XML
goffimoparisthebest: and you'll have to rewrite RFCs if you don't want different contents.
danielhas left
edhelasI'm half serious here, or you go full Markdown or you do nothing, because I don't think developpers with love to write their own parsers again
Ge0rGhas left
goffibut at least if the XEP mention a MUST (and not a SHOULD) keep formatting characteres, I would be more OK, as I could safely just ignore it.
moparisthebestgoffi: so I'll just use the clients that implement ox then, oh wait that's none...
danielhas left
danieli can get on board with a MUST. i like strict XEPs anyway
goffidaniel: with a MUST I don't see any issue right now (beside your pasted code being ugly on some client, but that's their choice)
jubalhhas left
danieljust updated Conversations master in case someone wants to see how this looks like
goffiactually forcing formatting characteres would not work with escaping. So this would mean removing escaping
jubalhhas joined
moparisthebestI think daniel already said that and I agree
moparisthebestRemoving escaping that is
SamWhitedYah, removing escaping seems fine to me
SamWhitedI'll add that to my TODO list assuming no serious counterpoints are brought up in the list discussion
goffiI've mentionned this in a new message, I'm done with standard@ flooding for today :)
Ge0rGhas left
goffior we are already tomorrow, I can flood again
goffioh*
goffi(this joke only work in CET timezone)
lovetoxhas left
archas left
archas joined
brahas left
efrithas joined
@Alacerhas left
Ge0rGhas left
Steve Killehas left
McKaelhas joined
SamWhitedhas left
Valerianhas joined
Steve Killehas left
jjrhhas left
jjrhhas left
Ge0rGhas left
jjrhhas left
jjrhhas left
Steve Killehas left
ArcSamWhited: your XEP looks good to me
danielhas left
bjchas joined
Steve Killehas left
thomas_has left
Ge0rGhas left
Steve Killehas left
jjrhhas left
jerehas left
jerehas joined
goffihas left
jjrhhas left
Ge0rGhas left
SamWhitedArc: thanks! Any oddities you find, things that aren't clear, etc. please let me know!
XSF Discussion - 2017-11-06