-
Arc
btw dwd why is being sick prevent someone from attending a board meeting?
-
Arc
a few weeks ago i went, and i was vomiting all night and coming down from a fever from shingles
-
Arc
its not like meetings are physically stressful
-
Zash
I don't think we should be forcing people into things when they are sick
-
mathieui
Arc, looking at a computer when you’re very tired or have any kind of physical ailment is not a pleasure
-
Arc
Zash: i didnt say force, let them decide
-
Arc
http://www.sheut.net/Difference_Engine_-_Beige_With_Noodles.ogg
-
moparisthebest
Arc: you didn't see the council meeting earlier about bolding things
-
Zash
Link Mauve: Can't you just chmod a+r the xep84 node, like people want with omemo?
-
Arc
moparisthebest: ?
-
mathieui
https://lists.fosdem.org/pipermail/fosdem/2017-October/002627.html FYI, in addition to the usual RTC room, FOSDEM also has a "Decentralized Internet & Privacy" which is also relevant for XMPP
-
daniel
i just submitted a general 'what is xmpp and why do we need it' kind of talk to that devroom
-
daniel
Has anyone else submitted something to either that room or the realtime room?
-
Guus
(not that I'm aware of - It'd be nice if you could add your talk to our wiki page, so that we can keep track)
-
daniel
done
-
Guus
Thanks (I changed the table format a little for additional prettiness)
-
SamWhited
daniel: I submitted something about the compliance suites
-
jonasw
SamWhited, re XEP-0114, I think if it needs changing at all, it could be moved to Advanced Server or Advanced IM Server, but given that it’s the only way to add components, and components can bring great value, I think it should stay in the compliance suites.
-
SamWhited
*nods* I don't know that it's critical or anything either and could be convinced either way
-
jonasw
it’s very useful for sure
-
Kev
I'm not convinced it needs to be in the compliance suites, really.
-
Kev
I'm not going to cry that it is, but I don't see a need.
-
dwd
Kev, Depends what you see a Compliance Suite as being. I see the Basic stuff as being stuff you be surprised wasn't supported, and I think that covers XEP-0114.
-
Kev
I *think* if you use that as a metric, you can never remove anything from a compliance suite.
-
Kev
Because you would expect anyone implementing a new server to do all of Basic, and that makes it surprising that anything in Basic isn't implemented, which means it goes into Basic, and ...
-
Kev
Saying that, M-Link does have customers who use 114 still, so perhaps it really does belong in there.
-
dwd
Kev, I don't, to borrow your phrase, disagree.
-
dwd
Kev, But even Metre does XEP-0114, so I don't really see why it'd be contentious to include.
-
jonasw
+1
-
Kev
Yeah, I've changed my mind. It probably does belong in there, although I'd be low-F about it being removed.
-
Kev
It's moderately widely used and useful.
-
Guus
it makes for a nice tool to platform-independently add server-sided functionality. I've never quite got why it didn't take-off more.
-
jonasw
Guus, lack of auth and crypto
-
jonasw
requires you to have things on the same host basically
-
Guus
jonasw: "take off" as in developed further.
-
jonasw
ah
-
jonasw
then maybe because that’s still good enough for many people
-
Ge0rG
I think component support is much more important than avatars. But then again...
-
Guus
although you can do direct-tls easily
-
jonasw
Guus, with extra proxies?
-
Guus
?
-
jonasw
how’d you do direct-tls?
-
Guus
open a server-sided socket that immediately does TLS?
-
Guus
c2s 5223-like?
-
jonasw
sure, but that’s not specified, is it?
-
Guus
ah, no, not as far as I know
-
Guus
actually, wasn't there a follow-up xep somehwere?
-
dwd
jonasw, It has TLS, at least on most servers.
-
jonasw
dwd, maybe I missed that
-
dwd
jonasw, As for auth, yes. Failing issue, there. XEP-0225 tried to address that, but nobody used that.
-
dwd
jonasw, So XEP-0114's examples all use 0.9 - no version number, so no features. But in practise, if a component sends a version='1.0', then it gets features, usually including TLS.
-
jonasw
I admit that I’m not familiar with how components work that way
-
jonasw
I assumed that they only do what’s written in XEP-0114 :)
-
MattJ
Pretty sure Prosody only does what's in XEP-0114, but fippo had a patch for it
-
MattJ
Not really sure how I feel about it
-
dwd
I can't actually recall what Openfire does, despite having a look ages ago.
-
Zash
Is there a difference between 114 + features and 225?
-
Guus
I'm pretty sure that Openfire doesn't do much beyond 114 either.
-
dwd
Zash, Authentication is SASL. And the namespace is jabber:client.
-
jonasw
nice though, wouldn’t that allow multiplexing of component and client connections on the same port without magic?
-
dwd
jonasw, Yes, and I'm really not sure that's sensible either.
-
Zash
Abolish jabber:{client,server}! Single unified namespace!
-
Zash
The Real XMPP 2.0! :)
-
dwd
Zash, As with so many things, it's a solved problem now.
-
dwd
Zash, Well, except when I cock it up.
-
Zash
Hm?
-
Zash
Did you mean: "It's such a minor problem that nobody will ever bother fixing it"
-
dwd
Zash, I mean, no matter how big a problem it is when starting out, everyone has solved it now so there's little point in going through the effort of changing it now.
-
Flow
Does xep225 allow multiplexing multiple component domains over the same component connection?
-
zinid
Flow: yes
-
zinid
iirc :)
-
zinid
at least I remember something about it when I was implementing it
-
SamWhited
Doesn't everyone just ignore the namespace anyways? (I'm actually curious, I can't think why it matters but maybe stone people respect it)?
-
SamWhited
*some people
-
zinid
Flow: https://xmpp.org/extensions/xep-0225.html#bind
-
Zash
Ignore the namespace? What blasphemy is this?!
-
dwd
SamWhited, Openfire ignores and strips it, whereas Metre (and maybe others?) internally dispatch elements based on the namespace.
-
zinid
it cannot be ignored everywhere
-
zinid
in some places you need to know the namespace
-
dwd
SamWhited, Well, I say "maybe others", but M-Link dispatched based on the qualified name as a whole when I worked on it.
-
SamWhited
Makes sense; I do dispatch based on payload namespaces but not the stanza level ones, but I guess you could mix server/client handlers and use the stanza level ones too
-
Flow
zinid, hmm, ok, but it doesn't explicitly mention that multiple <bind/>s are allowed
-
Flow
or did I miss that?
-
zinid
Flow: "A component can send a subsequent bind request to bind another hostname (a server MUST support binding of multiple hostnames)."
-
dwd
Flow, Oh, multiple bind was another thing. Not sure where that ended up, but it was a terribly idea I thought.
-
Flow
ahh its in there
-
Flow
good
-
dwd
zinid, Oh, it stayed in there?
-
zinid
dwd: as you see :)
-
zinid
Section 4, example 4
-
Flow
dwd, what's wrong with it?
-
Ge0rG
It's a nice path for many security vulns
-
dwd
Flow, From a security standpoint, it makes lots of things awkward. We were talking about having it on C2S sessions more generally, which is worse.
-
zinid
actually a customer wanted this multiple binding, that's why we implemented xep-0225 in commercial version of ejabberd
-
MattJ
Multiple binding for c2s used to be standardized, possibly in the RFCs, I forget
-
dwd
MattJ, I thought we documented it and then abandoned. ProtoXEP perhaps, or possibly I-D?
-
MattJ
https://xmpp.org/extensions/xep-0193.html
-
dwd
All the way to Draft.
-
moparisthebest
I was confused by the whack API seemingly letting you bind a transport to multiple hostnames, I'd never heard of that before
-
moparisthebest
that explains it though
-
moparisthebest
uh, bind a component*
-
moparisthebest
hmm got my first xmpp spam that was just a link to pastebin.com
-
moparisthebest
good luck filtering that on keywords