-
marc
Anyone an idea how we can make "xmpp:?message;body=BODY" XMPP URIs legal? It seems that some RFC doesn't allow empty JID in XMPP URI...
-
jonasw
marc, what’d you use them for?
-
marc
jonasw, share a message
-
marc
Do you know these social share buttons on YouTube, Wordpress etc?
-
marc
That would be a use case
-
jonasw
ah, I see
-
marc
You click on it, the XMPP client pops up and let you decide the contact you want to share the message with
-
jonasw
if the RFC doesn’t allow for it, we need to extend the RFC I guess
-
jonasw
although I’m not sure if the URI RFC allows it :/
-
marc
It does
-
marc
At least I'm pretty sure
-
jonasw
implement it, the RFC can follow :)
-
marc
I'll double check if that possible in general URIs
-
marc
jonasw, I have an implementation for Conversations
-
marc
It needs some restructuring but PoC works fine
-
jonasw
python urllib at least accepts xmpp:?
-
jonasw
which RFC specifies xmpp: again?
-
marc
jonasw, https://tools.ietf.org/html/rfc3986#section-3 "The scheme and path components are required, though the path may be empty (no characters)."
-
marc
https://tools.ietf.org/html/rfc5122#section-2.2
-
marc
So URIs allow it
-
marc
We need to change XMPP URI RFC :)
-
marc
Of course, we could use an ugly hack like "xmpp:share?message;body=BODY"
-
marc
But I don't like it
-
jonasw
I think it allows it
-
jonasw
but I may be mistaken
-
jonasw
the rule we’re expanding in this case is: xmppiri = "xmpp" ":" ihierxmpp, ihierxmpp = ipathxmpp, ipathxmpp = ihost
-
jonasw
ihost is defined in: https://tools.ietf.org/html/rfc3987#section-2.2
-
jonasw
as: ihost = *( iunreserved / pct-encoded / sub-delims )
-
jonasw
the asterisk is defined in: https://tools.ietf.org/html/rfc2234
-
jonasw
as: The operator "*" preceding an element indicates repetition. The full form is: <a>*<b>element where <a> and <b> are optional decimal values, indicating at least <a> and at most <b> occurrences of element. Default values are 0 and infinity so that *<element> allows any number, including zero; 1*<element> requires at least one; 3*3<element> allows exactly 3 and 1*2<element> allows one or two.
-
jonasw
this means that *( foo ) is zero or more of foo
-
jonasw
in this case it means that ihost can be empty
-
jonasw
thus it is legal to have an empty JID *as per the grammar*
-
jonasw
I haven’t checked the text yet :)
-
jonasw
the same holds for the URI interpretation, but without the leading "i"
-
marc
Mhm okay
-
jonasw
it might be an oversight that the grammar allows it, but it’s useful in this case :)
-
marc
Maybe I need to read this document thoroughly, there is also something like "xmpp://guest@example.com/support@example.com?message"
-
jonasw
yeah
-
Ge0rG
marc: I've been pondering about the invitation workflow some more, and I think it should go like this: 1. you request an invitation token from your server via ad-hoc 2. you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band 3a. the invitee performs IBR with the invitation token 3b. the invitee already has an account and performs PARS with the invitation token
-
marc
Ge0rG, what is you@yourserver? The JID of the inviter?
-
Ge0rG
marc: correct
-
marc
Ge0rG, the client still must provide the possiblity to create an account even if you already have one
-
Ge0rG
marc: in theory, yes. But I'm pretty sure the power users will figure it out anyway, and the regular users will only get confused
-
marc
Ge0rG, if you already have one you'll probably know what to do if the client provides you a dialog so it shouldn't be a problem, right?
-
jonasw
marc, FWIW, if you really want that feature, I’d hide it at the bottom of the screen
-
jonasw
like websites hide the "continue without" button when asking for your phone number :)
-
marc
jonasw, maybe I want to give a user the possibility to join _my_ server
-
marc
I think that feature is not unreasonable
-
jonasw
marc, I doubt that many users care a lot of about that.
-
Ge0rG
the default flow should be as easy as possible.
-
marc
yes, the default user has no account :P
-
marc
-> the default user will not be confronted with a dialog
-
marc
Ge0rG, I'm not sure about the ?roster action
-
Ge0rG
marc: I don't care about the action too much
-
Ge0rG
marc: but there will be a dialog, either account creation or add-contact
-
jonasw
s/roster/invite/?
-
marc
Ge0rG, Yes, if you already have an account there should be an "add-contact" dialog with an option to create an account
-
marc
(instead of just use an existing account)
-
daniel
> you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band shouldn't that be xmpp://you@yourserver or something
-
Ge0rG
marc: if the client supports multiple accounts. which is arguably a power-user feature that makes UX complicated
-
jonasw
daniel, are you asking because of the semantic difference between xmpp:// and xmpp:?
-
daniel
jonasw, yes
-
Ge0rG
daniel: no, :// would be an account reference, : is a contact reference
-
marc
daniel, no
-
marc
I had the same idea
-
marc
but the authority is to indicate the account to use
-
daniel
oh i thought you was I
-
daniel
like you the proposed username for me
-
Ge0rG
daniel: you could do something like xmpp://proposed_invitee_jid@server/inviter@server
-
marc
Ge0rG, why does it lead to a complicated UI? Just a small button "Create account" in the bottom left/right corner
-
daniel
Ge0rG, yeah i thought that's what this thing was trying to do. never mind
-
Ge0rG
marc: the complicated UI arises when you have multiple accounts
-
Ge0rG
marc: now you need a notion of a default account, or ask the user on every interaction which account to use
-
daniel
marc, have you considered what communication method I would use to send you the url?
-
daniel
becasue gmail for example doesn't make xmpp uris clickable
-
daniel
neither does the sms app
-
marc
Ge0rG, you already have to ask the user what account to use
-
marc
daniel, we use an invitation url
-
Ge0rG
daniel: I would love to anchor that onto the easy-xmpp-invite mechanism
-
daniel
marc, like an https url?
-
marc
daniel, yes
-
Ge0rG
marc: that's exactly my point, it's a UX nightmare.
-
daniel
why are you discussing xmpp uri schemes then?
-
marc
daniel, that's an other topic ;)
-
Ge0rG
it's all interrelated.
-
daniel
only that xmpp uris are mostly worthless
-
daniel
when it comes to easy onboarding
-
marc
Yes
-
edhelas
was difficult to figure out those xmpp uris as well for me
-
Ge0rG
daniel: right, so I've made easy-xmpp-invitation.
-
Ge0rG
daniel: which allows to bridge xmpp: URIs over https.
-
daniel
edhelas, it's not that they are difficult. but you can't click them
-
jonasw
daniel, you can make any URL clickable on a website -> win
-
Ge0rG
jonasw: but it won't magically work.
-
marc
Ge0rG, I don't get what's the problem with multiple accounts. We already have clients that support multiple accounts.
-
marc
And there is almost no additional work for the UI
-
Ge0rG
marc: I'm not saying that implementing multiple accounts is a problem, I'm saying that having multiple accounts on the same client is a UX nightmare
-
Ge0rG
marc: imagine a user accidentally clicking the "create account" button and ending up with two accounts - one for all their friends and one for you
-
Ge0rG
and users have very large fingers.
-
marc
Ge0rG, yes, that needs to be solved by the UI nicely :D
-
marc
That's why the preferred option is to add the contact via PARS if an account is available
-
marc
But creating a XEP just for user invitation to a server if the user doesn't already have an account limits the possibilities...
-
Ge0rG
marc: right, which is why the whole thing is also technically a bit more complex
-
marc
Ge0rG, my problem at the moment is that I'm not sure how to integrate both XEPs properly
-
marc
In a way that both do not depend on each other and can be implemented independetly
-
Ge0rG
marc: you need to have four specifications: - token generation (PARS uses a client-side approach, you go with ad-hoc. specify that) - token transmission (basically a new xmpp: URI parameter) - use of the token in account creation (IBR payload / data forms) - use of the token in PARS (just reference PARS and say that the token must be usable as `preauth=` for PARS as well)
-
marc
Ge0rG, yes, but the tokens need to be the same if both is used
-
Ge0rG
the server needs to store the token in some kind of table anyway, where it will also contain the inviter's JID
-
Ge0rG
marc: I think that re-using this token for server-side PARS shouldn't hurt
-
Ge0rG
marc: so your specification means a server must implement PARS
-
Ge0rG
marc: or, alternatively, you need to add two tokens to the URL
-
Ge0rG
Actually, I would be okay with extending PARS accordingly.
-
Ge0rG
So that it covers both use cases.
-
marc
two token keys with the same token, like invite=TOKEN;preauth=TOKEN ?
-
marc
Such that the clients know that both is supported?
-
Ge0rG
marc: yes, like that.
-
Ge0rG
marc: or maybe invite_and_preauth=TOKEN ;)
-
Ge0rG
I like short URIs
-
marc
Ge0rG, No!
-
marc
:D
-
Ge0rG
marc: I would go for `invite=TOKEN` and "A server offering this feature MUST also accept the token as a <preauth token> for an inbound roster subscription to the inviter."
-
marc
So implementing user-invitation requires implementation of PARS, right?
-
Ge0rG
marc: not technically, but if you want to provide a good UX then yes
-
marc
Ge0rG, Yes, for nice UX I would prefer it this way
-
marc
Ge0rG, your statement sounds like a requirement
-
Ge0rG
marc: you could go with two separate token parameters, then you have explicit separation between PARS and IBR. But then who is responsible for adding PARS to the URI? The server on ad-hoc? The inviter's client?
-
marc
Ge0rG, the server if it supports PARS?
-
Ge0rG
marc: in the ad-hoc response?
-
jonasw
Ge0rG, for breveity, the URI could also be ?invite=TOKEN;preauth=, with the empty preauth signifying that the token shall be re-used
-
Ge0rG
jonasw: then you are breaking existing PARS clients :P
-
jonasw
then turn it the other way round :)
-
jonasw
preauth=TOKEN;invite=
-
Ge0rG
jonasw: the more I think about it, the more I want to merge both functions into one XEP
-
jonasw
I agree
-
marc
Ge0rG, yes, in the ad-hoc response
-
marc
Ge0rG, are there any PARS clients out there? :D
-
Ge0rG
marc: there is yaxim
-
marc
Ge0rG, ah okay
-
jonasw
it’s on the to-do for jabbercat
-
marc
Ge0rG, well, I like your idea of combining both "features" but they should not be depend on each other IMO
-
Ge0rG
marc: that depends on your goal
-
Ge0rG
marc: if your goal is to make as little as possible, then you are right. If your goal is to provide a just-works™ onboarding experience, you need both.
-
marc
The combination of both would make on-boarding really nice
-
marc
Ge0rG, of course, providing both should be recommended for public servers
-
Ge0rG
marc: I'm all in for small self-contained XEPs. But if you separate these two, you have a bunch of additional client-side logic to add to compensate for the lack
-
Ge0rG
on the inviter's client: "oh, ad-hoc didn't give me a PARS token. I need to add one to the URI myself. Wait, the https:// URI is not a scheme I know, I can't do that!?"
-
Ge0rG
on the invitee's client, I need to cover all four combinations of features
-
Ge0rG
none / invite / pars / invite+pars
-
marc
Ge0rG, no, the server just adds the PARS token and returns it
-
Ge0rG
marc: but the server doesn't support PARS, only the client.
-
Ge0rG
I've designed PARS as a client-only protocol because server developers are lazy.
-
marc
Ge0rG, ah okay, didn't thought about that use case
-
Ge0rG
And server operators are even lazier.
-
jonasw
yeah, server developers aren’t that lazy
-
marc
Ge0rG, that's a good point... hm...
-
Ge0rG
marc: you implement your nice new server-side XEP. Then it takes weeks to months for it to get merged upstream. Then you need to wait for the next server software release. Then that release needs to be distro-packaged. Then you realize that most server operators never upgrade.
-
marc
Ge0rG, well, that's true for all server-side XEPs
-
Ge0rG
marc: true
-
marc
Ge0rG, should be implement everything on the client side?
-
Ge0rG
marc: now you know why PARS can be implemented 100% client-side
-
marc
s/be/we
-
jonasw
Ge0rG, I think it might be not /that/ bad
-
Ge0rG
marc: Daniel's compliance tester is a good thing to make server operators aware.
-
jonasw
we’ve seen quite quick adoption of things since conversations compliance checker
-
jonasw
right
-
Ge0rG
jonasw: especially private PEP.
-
jonasw
so if somebody builds a prosody module which does that, even if it only supports things in-memory, that’ll already be a major plus
-
jonasw
Ge0rG, yes, we have. A lot of work is going into that :)
-
Ge0rG
you can't force server developers to do work by showing a red square on some website
-
jonasw
but operators
-
marc
Ge0rG, to solve this issue we need an "official" public server list on the (xmpp.org?) website
-
jonasw
to solve that problem we need massive funding for developers.
-
marc
which shows only servers with a special set of XEPs
-
Ge0rG
jonasw: how many servers are there in the compliance checker? ~120? yax.im has >1000 of s2s connections.
-
Ge0rG
marc: we can't even come up with that official set of XEPs.
-
daniel
Ge0rG: divide that number by 4
-
daniel
Because in and out and conferences
-
Ge0rG
marc: but yes, we need an official compliance checker, and maybe some kind of Badge Of Compliance that we can issue. Do you volunteer?
-
Ge0rG
daniel: `Total: 1112 outgoing, 1079 incoming connections` - not sure how many MUCs there are, but cant' imagine it's 50%
-
marc
Ge0rG, let me first finish my URI handling in Conversations and the user-invitation XEP ;)
-
jonasw
Ge0rG, depends on what you want to check, the aioxmpp end-to-end test suite might be a good start :)
-
marc
Ge0rG, but I think that's really important
-
Ge0rG
marc: what's important?
-
marc
Ge0rG, some official server list
-
Ge0rG
marc: xmpp.net had a semi-official one.
-
Ge0rG
but now it's down and needs work to bring up again.
-
jonasw
yeah, about that xmpp.net thing, Kev, I’m still hoping for your Dockerfile :)
-
marc
if you have created an account on a server which doesn't support, let's say HTTP upload, and file transfer in group chats doesn work this user will be annoyed and probably will never use / recommand XMPP
-
Kev
jonasw: Let me sort that out now.
-
jonasw
Kev, that’d be lovely
-
jonasw
I’m tempted to sink my weekend into getting xmpp.net up&running again
-
Ge0rG
!praise jonasw
-
jonasw
(and then people wonder why jabbercat isn’t making progress)
-
Guus
!praise jonasw
-
jonasw
hold yer horser
-
jonasw
save the praise for when I’m done
-
jonasw
I might easily get fed up by PHP
-
Kev
What is jabbercat, BTW?
-
Guus
(by the way, why isn't jabbercat making progress?)
-
jonasw
Kev, https://github.com/jabbercat/jabbercat, TL;DR: new Qt5 Desktop Client
-
Kev
Because we don't have a Qt5 Desktop client already? :)
-
Ge0rG
it's a very promising early alpha
-
marc
Ge0rG, to speed things up "we" should decide how we implement PARS and user-invitation
-
jonasw
Kev, frankly, when I started, I didn’t know / forgot about Swift & co.
-
Ge0rG
The Swift bug tracking situation is not optimal. I've submitted a bunch of things and I have no clue whether they got fixed or not.
-
Ge0rG
(except for the wontfix ones)
-
Ge0rG
marc: let me help you with that. We integrate account creation into PARS.
-
marc
Ge0rG, okay, and what's the protocol flow then?
-
Ge0rG
marc: ad-hoc -> xmpp: URI with optional https: URI -> out-of-band -> IBR/PARS request
-
marc
Ge0rG, so the server generates / appends an additional PARS token if enabled?
-
Ge0rG
marc: if the server doesn't provide an https: URI, the client can either pass on xmpp: or use its own landing page (eg. https://yax.im/i/)
-
Ge0rG
marc: there is no "if enabled"
-
Ge0rG
and there is only one token, that can be used for both
-
Ge0rG
No, that won't work for closed-registration servers.
-
marc
Yeah, that's somehow my problem ;)
-
Kev
Ge0rG: Nothing is optimal :)
-
jonasw
Ge0rG, why?
-
Ge0rG
jonasw: the xmpp: URI needs an indicator whether registration is allowed.
-
jonasw
Ge0rG, ;allow-register?
-
marc
Because that means that somebody may propose just an other XEP for it...
-
Ge0rG
we could go with `xmpp://server/inviter@server;preauth=TOKEN` - `server` is explicitly telling us the domain where to register, the inviter JID is present and a token that can be used for either.
-
Ge0rG
But that will break most current clients that support xmpp:
-
Ge0rG
should we provide means for the server to specify a different domain from the inviter's?
-
jonasw
Ge0rG, will it though?
-
marc
Ge0rG, yes we should, I also had this idea :)
-
Ge0rG
jonasw: when you open an xmpp://foo.bar/user@foo.bar link, I'm pretty sure unexpected things will happen.
-
marc
yes, I think the XmppUri parser in Conversations is broken
-
jonasw
I’m pretty sure I’ll get "unknown protocol" because I don’t have an application which supports XMPP URIs at all
-
Ge0rG
the URI parser on android is broken as well
-
marc
At least it doesn't support the authority part properly AFAIK
-
Ge0rG
What about: > If the server allows In-Band-Registration with the preauth token, it SHOULD add an `ibr` parameter. If the IBR domain is different from the inviter's service domain, the server should set the value of the `ibr` parameter to the domain name.
-
Ge0rG
So we would end up with: `xmpp:georg@legacy.yax.im?preauth=TOKEN;ibr=yax.im`
-
marc
Ge0rG, should we really avoid using XMPP URI properly just because some clients don't implement the parser properly?
-
Ge0rG
marc: we are using the URI properly.
-
Ge0rG
marc: the primary goal of the URI is to add a contact, not to register with the server
-
jonasw
are we? wouldn’t xmpp://yax.im/georg@legacy.yax.im be more correct?
-
marc
What about xmpp://server/inviter@server;preauth=token` then?
-
Ge0rG
See above.
-
marc
I think jonasw is right
-
Ge0rG
marc: so your goal is to force the invitee to register with your server?
-
marc
Ge0rG, yes, at least it would be nice if we have an option for this use case
-
Kev
jonasw: How do you want this tarball?
-
marc
Ge0rG, because I'm pretty sure my server has nice XEPs enabled ;)
-
jonasw
Kev, deep fried
-
jonasw
Kev, mailto:jonas@wielicki.name
-
Ge0rG
marc: maybe we have different goals, then? I want to give out a link that allows the receiver to add me as a contact, and to create an account on the way if required
-
jonasw
I just wish this was all working before end of year :D
-
Ge0rG
marc: if you want to "entice" the receiver to re-register on a different server, I don't agree.
-
Kev
jonasw: This is stuff for running up a symfony-based PHP thing, so you might want to trim some of the bits out - e.g. I have no idea if the frontend needs to install depedencies with composer. There might or might not need to be crontasks, trim that out if not, and you might or might not need to populate an environment file of some sort.
-
Ge0rG
marc: but in that case, the xmpp://server/inviter@server would be semantically correct.
-
jonasw
Kev, thank you very much
-
marc
Ge0rG, don't get me wrong, my intention is to make easy onboarding....
-
jonasw
gotta head out now for lunch, will take a look later :)
-
Ge0rG
marc: right. And onboarding without having to create an account is easier :P
-
jonasw
FWIW, marc, I think we shouldn’t encourage non-power users to have multiple accounts.
-
Ge0rG
what jonasw said.
-
jonasw
it should be there if they need and want it, but we shouldn’t make it the default path for the unthinking chicken installing debian :)
-
jonasw
(hitting enter / the big button on each step)
-
jonasw
(this is not to insult our users, just making a reference to the old joke that even a chicken can install debian by simply hitting on the Enter key repeatedly)
-
jonasw
(and I think that it should be that easy to use XMPP)
-
marc
I agree, but to me it looks like we miss some useful feature in the XEP then
-
Ge0rG
marc: what would that useful feature be?
-
marc
Ge0rG, somebody is on a shitty server? :D
-
Ge0rG
marc: this is not a feature of the XEP
-
marc
well, it's user invitation
-
Ge0rG
marc: what about having a "server quality index" display in all clients, that can estimate how good the current server is, and how good the proposed one? :P
-
Ge0rG
marc: well. You can have the "Create new account on [ibr server]" button in the add-contact UI; and then you write into your invitation mail to click that button :P
-
marc
Ge0rG, if we don't have this feature there is no way to invite a user to a non-public server
-
Ge0rG
marc: my point is, what if you are on a shitty server and I'm not?
-
Ge0rG
marc: by non-public you mean non-federated?
-
marc
Ge0rG, no, just a server where only registered users can invite somebody
-
marc
Ge0rG, I think there are some reasons to join a specific server even if an user has already an account, privacy/trust etc.
-
Ge0rG
marc: to invite a user to a non-federated server, the correct URI would be indeed `xmpp://server/inviter@server?ibr;preauth=TOKEN`
-
marc
This wouldn't be possible and IMO that's not good if we have the chance the include this
-
marc
Ge0rG, non-federated server is not the correct term
-
marc
Just because a server doesn't allow public registration it can still be federated...
-
Ge0rG
marc: if it allows federation, there is no need to force non-power-users to create a second account
-
marc
Ge0rG, even if the user is a "power-user", how to easily invite the user? via a web-interface / shell just because the XEP doesn't support this feature?
-
jonasw
I think you two are misunderstanding eaxh other
-
marc
:D
-
jonasw
Ge0rG wants to keep the account creation, but not as default
-
jonasw
and away
-
marc
Well, I'm fine with that :)
-
marc
It shouldn't be the default but it should be _possible_
-
marc
And, maybe that's the controversal part (?!), PARS should be optional
-
marc
Hm, maybe that's not too important
-
marc
I don't know
-
Ge0rG
marc: why do you think PARS should be optional?
-
marc
Ge0rG, just thought about it
-
marc
Doesn't make sense
-
Ge0rG
marc: :)
-
marc
:)
-
marc
Okay, sounds good to me
-
Ge0rG
marc: anticipated UI: +-----------------------+ | Invitation from Georg | | | | JID: [georg@yax.im ] | | Name: [Georg ] | | | | [ ADD CONTACT ] | | | | [create yax.im accnt] | +-----------------------+
-
Ge0rG
marc: the first button is prominent, the second button is toned down, like "skip registration" would be
-
marc
Ge0rG, +1
-
Flow
Ge0rG, so JID and Name are editable text fields?
-
Ge0rG
Flow: the JID is visible but not editable, the name is editable
-
Ge0rG
Flow: one might want to add a roster group selector as well.
-
Flow
Hmm, how about "Invitation from Georg (georg@yaxim)" then?
-
marc
Ge0rG, if we agree on the possiblity of predefines usernames (optional) we're almost done :D
-
Ge0rG
marc: please don't.
-
Flow
and why is there a [create yax.im account] button?
-
Ge0rG
Flow: what's wrong with the above? You can reuse your regular "add contact" dialog and just disable JID editing
-
marc
Ge0rG, but it allows me as admin to create an account for an user
-
marc
As I said, optional, server-side option, maybe for admins only etc.
-
marc
Not useful for public servers
-
Flow
Ge0rG, ok, if that is the idea. But I would proably go for a specialized UI
-
Ge0rG
marc: if you already created an account, you should use xmpp://user@server?preauth=TOKEN
-
Ge0rG
Flow: [create yax.im account] is for power-users who want to have an account on the same server as the inviter.
-
marc
Ge0rG, well the user still has to specify the password
-
marc
So ibr is still correct I think
-
Ge0rG
marc: I think this is a completely different use case.
-
Flow
Ge0rG, but UX usually means to hide operating elements for power useres
-
Ge0rG
Flow: tell that to marc
-
Flow
will do
-
marc
:D
-
Flow
good thing a protocol can't require how the UI looks like
-
Ge0rG
Flow: actually that's a bad thing, in most cases.
-
Flow
Ge0rG, require or suggest? ;)
-
Ge0rG
Except when protocol designers try to create a UI :P
-
Ge0rG
But yeah, I think that hiding the account creation behind an "Advanced..." button would be good.
-
marc
Ge0rG, sounds good
-
Ge0rG
marc: we really do need a way to "export" an account to a new device, or to one-click register, but I think this is a (slightly) different use case
-
marc
Ge0rG, just let me know what's the big difference between "you have the option to create an account or add the contact to your roster" and "you have the option to create an account with full JID or add the contact to your roster"?
-
Ge0rG
marc: what you are looking for is, as an admin, to pre-create an account and give the user enough info to just configure a password.
-
marc
Ge0rG, yes
-
Ge0rG
marc: what I'm looking for is to add a contact, and to create a user-defined account if required.
-
marc
Ge0rG, do you really think it's worth making an extra XEP for that?
-
Ge0rG
marc: if you pre-created an account, you want your invitee to use that.
-
Ge0rG
marc: I only want to give the invitee the option to create an account themselves
-
marc
Ge0rG, what's the down-side of allowing this optional feature?
-
Ge0rG
marc: because this optional feature must be implemented by all clients
-
marc
okay, that's a reason
-
Ge0rG
marc: every time you add an option to a protocol, you double the number of possible situations
-
marc
But the code is very small
-
marc
Ge0rG, I know I've implemented it in conversations
-
marc
You just have to check if that's a full JID or just the server name
-
Ge0rG
marc: so with optional inviter name, optional invitee JID, optional https:// URL, and the option to already have an account we are at sixteen different cases already.
-
marc
In the latter case you have to fix the server name in the JID text entry
-
Ge0rG
marc: I see two different, but related use cases: 1. you want to onboard someone to a pre-registered account on your server. Use `xmpp://user@server?preauth=TOKEN` 2. you want to add a contact. Use PARS with an `ibr` option.
-
Ge0rG
marc: both options can share wire protocol✎ -
Ge0rG
marc: both use cases can share wire protocol ✏
-
marc
yes
-
Ge0rG
marc: and I think they also can share an XEP
-
marc
Ge0rG, yes, me too that's why I'm so stubborn about it :D
-
Ge0rG
marc: it just doesn't make sense to map both use cases onto the same UI
-
marc
Ge0rG, on what side? inviter, invitee, both?
-
Ge0rG
marc: invitee
-
marc
Ge0rG, I'm fine with that
-
Ge0rG
marc: for the inviter, the admin use case can be mapped to some ad-hoc command without explicit client-side UI
-
Ge0rG
the user-inviting-user case should have a "Create invitation" UI
-
marc
Ge0rG, My demo showed the admin version
-
marc
Ge0rG, just imagine that a normal user would get the qr code directly
-
Ge0rG
marc: it's nice that you added the admin version into Conversatios, but that's quite some overkill
-
marc
Without the possibility to choose a username
-
marc
Ge0rG, actually that's all done automatically
-
marc
Because the server responds a form with the possiblity to choose a username
-
marc
There is no additional logic for this admin feature
-
marc
Since the UI is generated automatically by the form
-
marc
So I don't think that's overkill
-
marc
It's like generateUserInput(form);
-
Ge0rG
marc: okay, so if you are an admin, you get a data form for username / display name?
-
marc
Ge0rG, exactly
-
Ge0rG
marc: I think there is no need to XEPify that.
-
marc
username might still be optional but you get the possibility
-
Ge0rG
marc: we should XEPify the ad-hoc command name. And to a normal user, it should return a PARS;ibr link.
-
marc
Ge0rG, maybe not, but it would prevent user/admin defined behaviour...
-
Ge0rG
marc: if you are an admin, it might return a PARS;ibr link or a data form asking for a username
-
marc
Yes
-
marc
That's my idea
-
Ge0rG
marc: if you leave out the username, it will return a PARS;ibr link. If you enter one, it will return an onboarding link of `xmpp://user@server;preauth=TOKEN`
-
marc
Ge0rG, looks good to me
-
Ge0rG
marc: so what needs to be XEPified is: ad-hoc command name; URI formats for both use cases; (approximate) client behavior for both use cases; wire-format for IBR
-
Ge0rG
+; dependency on PARS
-
Ge0rG
marc: what I really like about the admin use-case is that it finally allows to register on a server using a one-time-token
-
marc
Ge0rG, yes!
-
Ge0rG
There used to be an Easy_Account_Creation page on the wiki
-
pep.
Finally caught up with all your messages! Good to know you're getting somewhere :)
-
marc
:D
-
marc
I think we should re-use ?register action, right?
-
pep.
iiuc, that means as a server admin I'll be able to issue registration tokens right? and have IBR wait for that token
-
marc
pep., yes
-
Ge0rG
marc: you mean https://xmpp.org/registrar/querytypes.html#register
-
marc
Yes
-
Ge0rG
marc: do you want me to write the XEP?
-
pep.
Obviously as a server admin I should be able to allow more people to issue tokens. Allowing everybody to issue these is not really smart though, right?
-
marc
Ge0rG, we can work together on it
-
marc
pep., You can specify a set of people which are allowed to generate tokens or something like that
-
pep.
yeah
-
marc
But that really depends on your service
-
Ge0rG
pep.: you could disable generic IBR and use this mechanism to allow all your users to invite other users.
-
marc
exactly
-
pep.
Ge0rG, I guess I could. Or have a blacklist rather than whitelist
-
Ge0rG
pep.: how is that supposed to work?
-
Ge0rG
marc: there is also https://xmpp.org/extensions/attic/xep-0235-0.3.html
-
marc
Ge0rG, if you're fine with token expiration I think an other topic which need to be disucussed is how we handle/limit the number of invitations
-
pep.
Maybe it's not worth it, I have never been target of spam so you know better. But if a spammer gets one than it's similar to open IBR again
-
Ge0rG
Eh, https://xmpp.org/extensions/xep-0235.html
-
Ge0rG
marc: I think that is absolutely out-of-scope
-
pep.
They'd be able to generate tokens etc.
-
pep.
You can traceback where it came from though
-
marc
Ge0rG, we should at least define an error for that
-
Ge0rG
pep.: right, one could easily kick the spammer and all of their friends.
-
marc
Ge0rG, nothing is more annyoing to a user if you get something like "doesn't work at the moment, try again later!"
-
Ge0rG
marc: I'm sure we can re-use existing IBR errors
-
marc
Ge0rG, I mean for token/invitation generation
-
Ge0rG
And there is https://xmpp.org/extensions/inbox/user-auth.html
-
Ge0rG
marc: the ad-hoc command should always return a token, just maybe not with an `ibr` tag.
-
marc
Ge0rG, that would be confusing ;)
-
Ge0rG
marc: to whom?
-
Ge0rG
marc: the default use case is to generate a PARS uri
-
Ge0rG
marc: if you are talking of the admin use case, yes, it should return an error.
-
marc
sometimes you have the ability to create an account sometime not?
-
marc
+s
-
Ge0rG
marc: for the user use case, the server generates a PARS or a PARS;ibr link
-
Ge0rG
marc: depending on whether user-initiated account creation is allowed on the server.
-
Ge0rG
marc: a non-ibr PARS link will mean that the invitee's client is responsible for account creation
-
marc
Ge0rG, just thought about the case where an inviter creates too much PARS;ibr tokens
-
marc
Maybe you want some policy to limit the number of PARS;ibr tokens
-
Ge0rG
marc: maybe. But there is no need to expose that to the inviter's client
-
marc
(1) Marc invites somebody without account -> server generates PARS;ibr -> nice (2) Marc invites somebody without account -> server generates PARS only -> invitee and Marc are confused
-
marc
Ge0rG, maybe I don't get your idea but this is how I understood your approach
-
Ge0rG
marc: (2) Marc invites somebody without account -> server generates PARS only -> invitee opens link in yaxim and registers on yax.im -> nice
-
marc
Ge0rG, sounds like a bad idea to me... not every client provides a xmpp server?
-
Ge0rG
marc: no, but the ones implementing PARS do :P
-
jonasw
for now
-
marc
Ge0rG, Does PARS require a client software to provide a xmpp server?
-
Ge0rG
marc: actually, I forgot to add that part to the XEP
-
marc
Ge0rG, :p
-
Ge0rG
marc: but yes, I think that a client implementing PARS needs to have a sensible user-onboarding flow that does not depend on the invitee.
-
jonasw
Ge0rG, so jabbercat better doesn’t implement PARS
-
Ge0rG
marc: it doesn't mean the client developer must run an IBR server, they can provide a list of public servers instead
-
jonasw
(I won’t get into the business of running a public server.)
-
jonasw
ah well
-
Ge0rG
jonasw: you can SRV-link jabbercat.im to the yaxim server :P
-
marc
:>
-
marc
Ge0rG, okay, I think I'm okay with your idea
-
jonasw
Ge0rG, will do
-
Ge0rG
jonasw: I'm pretty sure I can handle the additional load
-
Ge0rG
jonasw: btw, did you buy out jabber.cat already? :P
-
jonasw
no, won’t
-
jonasw
too politically unstable that TLD ;-)
-
Ge0rG
Heh.
-
Ge0rG
Still better than .io
-
marc
Although it may be very confusing if that happens to invitees who sit next to each, for example ^^
-
jonasw
does im have DNSSEC by now?
-
Ge0rG
jonasw: nope
-
jonasw
m(
-
Ge0rG
marc: why so?
-
marc
Ge0rG, because they don't get the same dialog
-
marc
Ge0rG, invitee A an create an account on the server and invitee B can choose some public server
-
jonasw
Ge0rG, but then I want private+persistent PEP on jabbercat.im!
-
Ge0rG
jonasw: please star & comment on https://prosody.im/issues/485
-
jonasw
I won’t comment, Zash hates that
-
jonasw
(rightfully so)
-
jonasw
> PEP with permanent storage is now in mod_pep_plus and should be working. Thanks to Link Mauve!
-
pep.
Yeah, that's in trunk
-
Ge0rG
> Is this feature usable with 0.10? *crickets*
-
pep.
0.10, pff :)
-
edhelas
just to give you ideas, in Movim I've implemented an invitation system for MUC that generate a unique link https://nl.movim.eu/?login/GA1dbdSB
-
edhelas
once the user login it automatically ask him to add the MUC to the bookmarks and join
-
edhelas
it's a bit like Discords in doing
-
Ge0rG
edhelas: web-based stuff is easier
-
edhelas
yup
-
jonasw
I want that MUC invite integration thing
-
Ge0rG
edhelas: can you make it work with PARS and easy-xmpp-invitation? :P
-
edhelas
dunno
-
Ge0rG
"Timothée Jaussoinhat Sie eingeladen, einen Chatraum zu bet..." - the UI is cut off.
-
Guus
That's what you get for inventing such long words in your language!
-
Guus
shees, you're almost as bad as the Finnish!
-
edhelas
there's never enough place to display german messages
-
pep.
it's also cut off in english
-
Guus
oh. :)
-
jonasw
Guus, don’t insult the finnish
-
Ge0rG
edhelas: which is why German is a good UI testing language.
-
jonasw
they’ve got the most amazing language on this continent
-
jonasw
yeah, long words and long sentences :)
-
jonasw
and umlauts!
-
edhelas
they beat all of us at the Scrabble
-
pep.
edhelas, where is that in the UI btw? Where do I generate that
-
Ge0rG
My favorite was a bug report by a user that my app was lacking a button. It took me a looong while to find out that on some Android version, the OS developers removed text-wrapping from buttons, and the "OK" button was outside of the dialog
-
Guus
jonasw: I'm always laughing at subtitles Finnish tv, where one of the lines (Swedish), has words, and the other line (Finnish) has _a word_.
-
jonasw
:)
-
jonasw
that’s how amazing it is!
-
edhelas
pep. in a chatroom, click Menu > Invite
-
pep.
nice
-
Ge0rG
https://stackoverflow.com/questions/26708976/alert-dialog-buttons-problems-in-android-l - this one, except that in my app, the button was completely gone!
-
Ge0rG
Should the ad-hoc command node be a human-readable short string or a unique identifier / URL?
-
jonasw
the latter
-
jonasw
there’s a separate name field thing
-
jonasw
cf. https://xmpp.org/extensions/xep-0050.html#retrieve
-
Ge0rG
prosody is using URLs as node names, the XEP is using short identifiers.
-
Ge0rG
I'm not talking about the 'name' field but about 'node'
-
jonasw
URLs is probably safest
-
jonasw
me too
-
Ge0rG
> Service Discovery requires that all 'node' values be unique within a given JID. This document requires that the 'node' value used in <command/> exactly match the value used in the <item/> element. It is the responsibility of the responder implementation to ensure each command's node is unique for their JID. So short identifiers are valid as well, unless you support plugins that add more nodes.
-
jonasw
yup
-
Ge0rG
So for the sake of implementing an invitation ad-hoc-command, it should be a URL as well? Hmhm.
-
jonasw
one could probably re-use the URI the XEP will allocate
-
Ge0rG
you mean the XEP html URI?
-
jonasw
no
-
jonasw
urn:xmpp:fancy-invite-xep:0:fnord✎ -
jonasw
urn:xmpp:fancy-invite-xep:0:command ✏
-
Ge0rG
ah, yes.
-
marc
Ge0rG, are you writing the XEP atm?
-
Ge0rG
marc: not yet. Should I?
-
marc
Ge0rG, Just asking because your question regarding ad-hoc command
-
Ge0rG
marc: I was looking into what's needed to write that XEP
-
Ge0rG
found another onboarding bug in yaxim: if you open yaxim with an xmpp: Intent, and you don't have an account yet, it will error out.
-
jonasw
fix things!
-
Ge0rG
Fixed. Looks good.
-
Ge0rG
Meh. Why is there no non-shady barcode scanner app that works in portrait mode?
-
jonasw
mine switches; is that important?
-
Ge0rG
yes, if you want to screen-record.
-
Ge0rG
especially since the launcher locks to portrait mode.
-
pep.
Ge0rG, marc, what are you going for in the end, improving PARS to include that use case, or another XEP?
-
Ge0rG
pep.: probably both
-
pep.
I'm filing a bug against dino for IBR and PARS
-
marc
pep., you mean regular IBR?
-
pep.
0077 yeah, at least, they don't have it apparently, from the quick search I did
-
Ge0rG
marc: https://op-co.de/tmp/easy-onboarding.mp4 (2.5MB)✎ -
Ge0rG
marc: https://op-co.de/tmp/easy-onboarding.mp4 (2.5MB; broken IPv6) ✏
-
marc
Ge0rG, nice!
-
marc
You already have a "parkedtextview"
-
pep.
Ge0rG, I feel that "Register a new account" check might be one check too many
-
marc
I searched one for Conversations
-
marc
pep., Indeed
-
pep.
Ge0rG, mind you I don't want to force the account creation on that server
-
pep.
Just talking UX wise
-
Ge0rG
marc: what's a parkedtextview?
-
Ge0rG
pep.: the usual approach is two buttons: "[login] [create]"
-
marc
A textview where you have a fixed text at the end (e.g. @example.com)
-
Ge0rG
marc: it's not parked, it's smart.
-
Ge0rG
marc: wait, I'll show you.
-
marc
Ge0rG, I found a textview on GitHub that promised to do that and it was called "ParkedTextView"
-
marc
I don't know if that's the correct term :D
-
Ge0rG
marc: https://op-co.de/tmp/autocomplete-jid.mp4
-
Ge0rG
marc: https://github.com/pfleidi/yaxim/blob/master/src/org/yaxim/androidclient/widget/AutoCompleteJidEdit.java
-
Ge0rG
marc: and if you tap into the hostname part, it will make it editable as well.
-
pep.
Ge0rG, who do I pay to appear in your server list?
-
marc
Ge0rG, that's nice! It is also possible to fix the domain part?
-
Ge0rG
pep.: PR against https://github.com/pfleidi/yaxim/blob/master/res/values/servers.xml
-
Ge0rG
marc: nope, not supported yet
-
marc
pep., In a perfect world this server list would be download from a server list provided by XSF or something like that
-
marc
+ed
-
mathieui
marc, in a perfect world we would have no need for xmpp
-
pep.
Ge0rG, k
-
pep.
mathieui, you mean everybody would be using WhatsApp?
-
Ge0rG
pep.: the former source is this: `curl -s http://xmpp.net/services.xml | xml2 | awk -F= '/@jid=/ { print "\t\t<item>" $2 "</item>" }' | sort -n`
-
pep.
Ge0rG, and then you tested for IBR?
-
Ge0rG
pep.: no.
-
marc
Ge0rG, easy onboarding!!1! :D
-
Ge0rG
pep.: it's a generic public-server list for JID auto-completion, I don't have IBR flags.
-
pep.
I'm curious what would get included in the list
-
marc
We really need a good server list... :D
-
Ge0rG
marc: we need a list with meta-data, like hosting country, privacy regulations, ToS-TLDR, reliability, and of course a fancy logo.
-
Ge0rG
The logo is the most important part, people don't care about the others.
-
marc
Ge0rG, if meta-data includes XEPs, yes
-
SouL
+1 for the logo
-
pep.
Ge0rG, agreed, a server-list like that would be nice
-
Ge0rG
marc: there was some discussion on standards@ regarding that.
-
Ge0rG
Probably around a year ago
-
marc
Yes, we need a badge and a list for public server which support all XEPs required for mobile devices, HTTP upload, OMEMO, etc.
-
Ge0rG
marc: you just volunteered.
-
pep.
marc, OMEMO is a client-side thing
-
pep.
well, PEP ~
-
marc
pep., No, it needs PEP
-
pep.
Sure
-
Ge0rG
The PARS proposal that daniel made also needs PEP. Private PEP
-
marc
Ge0rG, what's that?
-
marc
I mean the PARS proposal
-
Ge0rG
marc: current PARS requires the client to handle token generation and approval. Daniel suggested to make a private-PEP entry storing a HMAC key, so that the server can validate ingress tokens
-
pep.
I'm not sure I understand how that would work
-
jonasw
Ge0rG, your broken IPv6 is annoying
-
jonasw
mpv is now at more than a minute for trying to connect to your server
-
jonasw
can you please remove the AAAA records
-
daniel
Ge0rG, will it also be able to validate pokemon go tokens?
-
pep.
jonasw, yeah same, I resorted for wget / mpv instead :/✎ -
pep.
jonasw, yeah same, I resorted to wget / mpv instead :/ ✏
-
jonasw
finally
-
jonasw
oh no
-
jonasw
ah yes
-
jonasw
Ge0rG, hm, somehow the firs t screen seems cluttered
-
jonasw
is it possible to show *only* the dialogue without the othert suff in the background?✎ -
jonasw
is it possible to show *only* the dialogue without the other stuff in the background? ✏
-
Ge0rG
jonasw: you will find bliss in RFC 6555
-
pep.
happy eyeball?
-
jonasw
Ge0rG, yeah, but I can’t make that magically happen
-
pep.
heh
-
Ge0rG
jonasw: the first screen of yaxim? the account creation one?
-
jonasw
yes
-
Ge0rG
jonasw: do what I would do. https://github.com/dino/dino/issues/208
-
jonasw
that is, make the dialogue full screen. what’s that called in android?
-
jonasw
Ge0rG, I don’t even know which component is at fault here
-
jonasw
is it glibc for not doing this on connect(2)? is it mpv for not opening separate connections by itself? is it maybe even youtube-dl? I have no idea.
-
Ge0rG
jonasw: probably it's mpv
-
Ge0rG
youtube-dl -4, --force-ipv4 Make all connections via IPv4
-
jonasw
mpv didn’t accept -4
-
jonasw
also, ECHAN
-
mathieui
https://gateway.ipfs.io/ipns/QmSgwwdejjsizQnKffKo6e84vfvBWCH5tnGpAwLPJVvhby/ if any german people are available, it may be interesting
-
zinid
ipfs never works 😉
-
Alex
he guys, lets start the member meeting in 2 minutes
-
Zash
Feels like we just had this, with the board/council not too long ago :)
- Alex bangs the gavel
-
Alex
here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08
-
mathieui
Alex, it’s supposed to be at 20:00 UTC ?
-
mathieui
it’s 19:00 right now
-
Alex
then I put it wrong in teh Cal ;-)
-
mathieui
right, wiki says 19:00 but latest members mailing says 20:00
-
Zash
19:05 even!
-
Alex
lets do it now, as I have to leave soon, when there are no concerns
-
Ge0rG
What if there are members wanting to vote at 20:00?
-
SamWhited
Does anyone ever actually want to vote in the meeting? It doesn't matter, let's just do it now while Alex is here.
-
Zash
If you wanna be Procedurally Correct, then the time in the announcement is probably the best. And since it is later, it's also probably safer.
-
Zash
SamWhited: Last minute proxy-bot-votes happen tho
-
Zash
Altho if the original original announcement said yesterday then everyone should have voted already, so ..
-
SamWhited
Does it ever actually come down to one or two votes then? Why try to fix it until it's a problem?
-
Alex
SamWhited agreed, lets continue
-
Zash
Go for it
-
Alex
1) Call for Quorum
-
Alex
as you can see 34 members voted via memberbot, so we have a quorum
-
Alex
2) Items Subject to a Vote, new and returning members, you can see the lists of applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q4_2017
-
Alex
3) Opportunity for XSF Members to Vote in the Meeting
-
Alex
anybody here who wants to vote now?
-
Alex
memberbot would be still up for that
-
Alex
ok, will start working on the results then
-
Zash
In case anyone had wanted to, but showed up at the announced time, then it'd be a bit weird.
-
mathieui
Zash, well, initial voting time has already passed, and we have to resolve conflicts only if a number of people significant enough to change results take issue with that
-
Alex
4) Announcement of Voting Results
-
Alex
when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08#Announcement_of_Voting_Results you can see the results
-
Alex
all new and returning members are accepted
-
Ge0rG
Congratulations, everybody!
-
Ge0rG
🎆
-
mathieui
Congratulations to all returning members and pep.
-
Alex
5) Any Other Business?
-
Alex
looks like there is none
-
Alex
6) Formal Adjournment
-
Alex
I motion that we adjourn
-
mathieui
seconded
- Alex bangs the gavel
-
Alex
thanks guys
-
SamWhited
Thanks alex; and congrats all!
-
mathieui
thanks for the work, as always, Alex
-
SamWhited
Ge0rG: In most text fields on my machine I can tell what that was… in Android I can tell what that was… in my console:
-
SamWhited
https://i.imgur.com/3jykNf1.png
-
pep.
I'm interested in hearing about the 4 No votes, ping me in private if you want to talk about it
-
Alex
and sorry about the time confustion. I work in too many different timezones these days ;-)
-
Alex
pep.: maybe related to the short application, at least this is some kind of pattern I have seen in the past
-
pep.
Ok
-
Ge0rG
SamWhited: what kind of console is that? Maybe you need Smiley Hugification™
-
SamWhited
Ge0rG: mcabber on xfce4-term (which is weird, I realized I wasn't actually sure since I don't use xfce4 anymore, but apparently I left the terminal installed)…
-
Ge0rG
weird indeed.
-
lovetox
pep. i like you, just wanted to put it out there.
-
pep.
lovetox: 😘
-
SouL
Congratulations everyone, and also pep. !
-
Zash
Bunneh: draft uta-email-deep
-
Bunneh
Zash: "Cleartext Considered Obsolete: Use of TLS for Email Submission and Access", Keith Moore, Chris Newman, 2017-12-06, https://tools.ietf.org/html/draft-ietf-uta-email-deep-12.txt
-
Zash
2014 called, or something
-
Ge0rG
Zash: it was 2014 for Jabber, and that was already a decade late
-
Zash
Better late than never?
-
Ge0rG
Yeah, right
-
Ge0rG
Oh, that rfc is for MUA access to servers. They are really a decade late
-
moparisthebest
interesting they chose the term 'Implicit TLS'
-
moparisthebest
we settled on 'Direct TLS' for 368
-
moparisthebest
but I'm excited we are back to doing that for mail, I mean I have been, because it lets me multiplex on SNI and use 443 for imap+smtp+pop
-
moparisthebest
but I'm excited it's going back to recommended status :)
-
moparisthebest
if that reaches draft can we bring back implicit 5223 also ? :D