the asterisk is defined in: https://tools.ietf.org/html/rfc2234
jonasw
as: The operator "*" preceding an element indicates repetition. The full
form is:
<a>*<b>element
where <a> and <b> are optional decimal values, indicating at least
<a> and at most <b> occurrences of element.
Default values are 0 and infinity so that *<element> allows any
number, including zero; 1*<element> requires at least one;
3*3<element> allows exactly 3 and 1*2<element> allows one or two.
ralphmhas joined
jonasw
this means that *( foo ) is zero or more of foo
jonasw
in this case it means that ihost can be empty
jonasw
thus it is legal to have an empty JID *as per the grammar*
jonasw
I haven’t checked the text yet :)
jonasw
the same holds for the URI interpretation, but without the leading "i"
marc
Mhm okay
jonasw
it might be an oversight that the grammar allows it, but it’s useful in this case :)
marc
Maybe I need to read this document thoroughly, there is also something like "xmpp://guest@example.com/support@example.com?message"
jonasw
yeah
ralphmhas left
ralphmhas joined
ralphmhas left
ralphmhas joined
ralphmhas left
ralphmhas joined
stefandxmhas left
Ge0rG
marc: I've been pondering about the invitation workflow some more, and I think it should go like this:
1. you request an invitation token from your server via ad-hoc
2. you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band
3a. the invitee performs IBR with the invitation token
3b. the invitee already has an account and performs PARS with the invitation token
danielhas left
danielhas left
marc
Ge0rG, what is you@yourserver? The JID of the inviter?
Ge0rG
marc: correct
lskdjfhas joined
@Alacerhas left
@Alacerhas joined
marc
Ge0rG, the client still must provide the possiblity to create an account even if you already have one
Ge0rG
marc: in theory, yes. But I'm pretty sure the power users will figure it out anyway, and the regular users will only get confused
marc
Ge0rG, if you already have one you'll probably know what to do if the client provides you a dialog so it shouldn't be a problem, right?
jonasw
marc, FWIW, if you really want that feature, I’d hide it at the bottom of the screen
jonasw
like websites hide the "continue without" button when asking for your phone number :)
marc
jonasw, maybe I want to give a user the possibility to join _my_ server
marc
I think that feature is not unreasonable
jonasw
marc, I doubt that many users care a lot of about that.
Ge0rG
the default flow should be as easy as possible.
marc
yes, the default user has no account :P
marc
-> the default user will not be confronted with a dialog
marc
Ge0rG, I'm not sure about the ?roster action
Ge0rG
marc: I don't care about the action too much
Ge0rG
marc: but there will be a dialog, either account creation or add-contact
jonasw
s/roster/invite/?
marc
Ge0rG, Yes, if you already have an account there should be an "add-contact" dialog with an option to create an account
stefandxmhas joined
marc
(instead of just use an existing account)
daniel
> you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band
shouldn't that be xmpp://you@yourserver or something
Ge0rG
marc: if the client supports multiple accounts. which is arguably a power-user feature that makes UX complicated
jonasw
daniel, are you asking because of the semantic difference between xmpp:// and xmpp:?
daniel
jonasw, yes
Ge0rG
daniel: no, :// would be an account reference, : is a contact reference
marc
daniel, no
marc
I had the same idea
marc
but the authority is to indicate the account to use
daniel
oh i thought you was I
daniel
like you the proposed username for me
Ge0rG
daniel: you could do something like xmpp://proposed_invitee_jid@server/inviter@server
marc
Ge0rG, why does it lead to a complicated UI? Just a small button "Create account" in the bottom left/right corner
daniel
Ge0rG, yeah i thought that's what this thing was trying to do. never mind
Ge0rG
marc: the complicated UI arises when you have multiple accounts
Ge0rG
marc: now you need a notion of a default account, or ask the user on every interaction which account to use
daniel
marc, have you considered what communication method I would use to send you the url?
daniel
becasue gmail for example doesn't make xmpp uris clickable
daniel
neither does the sms app
marc
Ge0rG, you already have to ask the user what account to use
marc
daniel, we use an invitation url
Ge0rG
daniel: I would love to anchor that onto the easy-xmpp-invite mechanism
Steve Killehas left
Steve Killehas left
daniel
marc, like an https url?
marc
daniel, yes
Ge0rG
marc: that's exactly my point, it's a UX nightmare.
daniel
why are you discussing xmpp uri schemes then?
marc
daniel, that's an other topic ;)
Ge0rG
it's all interrelated.
daniel
only that xmpp uris are mostly worthless
daniel
when it comes to easy onboarding
marc
Yes
edhelas
was difficult to figure out those xmpp uris as well for me
Ge0rG
daniel: right, so I've made easy-xmpp-invitation.
Ge0rG
daniel: which allows to bridge xmpp: URIs over https.
daniel
edhelas, it's not that they are difficult. but you can't click them
jonasw
daniel, you can make any URL clickable on a website -> win
Ge0rG
jonasw: but it won't magically work.
marc
Ge0rG, I don't get what's the problem with multiple accounts. We already have clients that support multiple accounts.
marc
And there is almost no additional work for the UI
Ge0rG
marc: I'm not saying that implementing multiple accounts is a problem, I'm saying that having multiple accounts on the same client is a UX nightmare
Ge0rG
marc: imagine a user accidentally clicking the "create account" button and ending up with two accounts - one for all their friends and one for you
Ge0rG
and users have very large fingers.
marc
Ge0rG, yes, that needs to be solved by the UI nicely :D
stefandxmhas left
marc
That's why the preferred option is to add the contact via PARS if an account is available
Steve Killehas joined
marc
But creating a XEP just for user invitation to a server if the user doesn't already have an account limits the possibilities...
tim@boese-ban.dehas joined
Ge0rG
marc: right, which is why the whole thing is also technically a bit more complex
marc
Ge0rG, my problem at the moment is that I'm not sure how to integrate both XEPs properly
marc
In a way that both do not depend on each other and can be implemented independetly
Ge0rG
marc: you need to have four specifications:
- token generation (PARS uses a client-side approach, you go with ad-hoc. specify that)
- token transmission (basically a new xmpp: URI parameter)
- use of the token in account creation (IBR payload / data forms)
- use of the token in PARS (just reference PARS and say that the token must be usable as `preauth=` for PARS as well)
marc
Ge0rG, yes, but the tokens need to be the same if both is used
Ge0rG
the server needs to store the token in some kind of table anyway, where it will also contain the inviter's JID
Ge0rG
marc: I think that re-using this token for server-side PARS shouldn't hurt
Ge0rG
marc: so your specification means a server must implement PARS
Ge0rG
marc: or, alternatively, you need to add two tokens to the URL
Ge0rG
Actually, I would be okay with extending PARS accordingly.
Ge0rG
So that it covers both use cases.
marc
two token keys with the same token, like invite=TOKEN;preauth=TOKEN ?
marc
Such that the clients know that both is supported?
Ge0rG
marc: yes, like that.
ralphmhas left
Ge0rG
marc: or maybe invite_and_preauth=TOKEN ;)
stefandxmhas joined
Ge0rG
I like short URIs
marc
Ge0rG, No!
marc
:D
Ge0rG
marc: I would go for `invite=TOKEN` and "A server offering this feature MUST also accept the token as a <preauth token> for an inbound roster subscription to the inviter."
danielhas left
valohas left
valohas joined
marc
So implementing user-invitation requires implementation of PARS, right?
Ge0rG
marc: not technically, but if you want to provide a good UX then yes
marc
Ge0rG, Yes, for nice UX I would prefer it this way
marc
Ge0rG, your statement sounds like a requirement
uchas joined
Ge0rG
marc: you could go with two separate token parameters, then you have explicit separation between PARS and IBR. But then who is responsible for adding PARS to the URI? The server on ad-hoc? The inviter's client?
marc
Ge0rG, the server if it supports PARS?
Ge0rG
marc: in the ad-hoc response?
jonasw
Ge0rG, for breveity, the URI could also be ?invite=TOKEN;preauth=, with the empty preauth signifying that the token shall be re-used
Ge0rG
jonasw: then you are breaking existing PARS clients :P
jonasw
then turn it the other way round :)
jonasw
preauth=TOKEN;invite=
Ge0rG
jonasw: the more I think about it, the more I want to merge both functions into one XEP
jonasw
I agree
marc
Ge0rG, yes, in the ad-hoc response
marc
Ge0rG, are there any PARS clients out there? :D
Ge0rGhas left
Ge0rG
marc: there is yaxim
danielhas left
marc
Ge0rG, ah okay
jonasw
it’s on the to-do for jabbercat
marc
Ge0rG, well, I like your idea of combining both "features" but they should not be depend on each other IMO
Ge0rG
marc: that depends on your goal
Ge0rG
marc: if your goal is to make as little as possible, then you are right. If your goal is to provide a just-works™ onboarding experience, you need both.
marc
The combination of both would make on-boarding really nice
danielhas left
marc
Ge0rG, of course, providing both should be recommended for public servers
Ge0rG
marc: I'm all in for small self-contained XEPs. But if you separate these two, you have a bunch of additional client-side logic to add to compensate for the lack
Ge0rG
on the inviter's client: "oh, ad-hoc didn't give me a PARS token. I need to add one to the URI myself. Wait, the https:// URI is not a scheme I know, I can't do that!?"
Ge0rG
on the invitee's client, I need to cover all four combinations of features
Ge0rG
none / invite / pars / invite+pars
marc
Ge0rG, no, the server just adds the PARS token and returns it
Ge0rG
marc: but the server doesn't support PARS, only the client.
Ge0rG
I've designed PARS as a client-only protocol because server developers are lazy.
marc
Ge0rG, ah okay, didn't thought about that use case
Ge0rG
And server operators are even lazier.
jonasw
yeah, server developers aren’t that lazy
marc
Ge0rG, that's a good point... hm...
Ge0rG
marc: you implement your nice new server-side XEP. Then it takes weeks to months for it to get merged upstream. Then you need to wait for the next server software release. Then that release needs to be distro-packaged. Then you realize that most server operators never upgrade.
marc
Ge0rG, well, that's true for all server-side XEPs
Ge0rG
marc: true
marc
Ge0rG, should be implement everything on the client side?
Ge0rG
marc: now you know why PARS can be implemented 100% client-side
marc
s/be/we
jonasw
Ge0rG, I think it might be not /that/ bad
Ge0rG
marc: Daniel's compliance tester is a good thing to make server operators aware.
jonasw
we’ve seen quite quick adoption of things since conversations compliance checker
jonasw
right
Ge0rG
jonasw: especially private PEP.
jonasw
so if somebody builds a prosody module which does that, even if it only supports things in-memory, that’ll already be a major plus
jonasw
Ge0rG, yes, we have. A lot of work is going into that :)
Ge0rG
you can't force server developers to do work by showing a red square on some website
jonasw
but operators
marc
Ge0rG, to solve this issue we need an "official" public server list on the (xmpp.org?) website
jonasw
to solve that problem we need massive funding for developers.
marc
which shows only servers with a special set of XEPs
zinidhas left
Ge0rG
jonasw: how many servers are there in the compliance checker? ~120? yax.im has >1000 of s2s connections.
Ge0rG
marc: we can't even come up with that official set of XEPs.
daniel
Ge0rG: divide that number by 4
daniel
Because in and out and conferences
Ge0rG
marc: but yes, we need an official compliance checker, and maybe some kind of Badge Of Compliance that we can issue. Do you volunteer?
Ge0rG
daniel: `Total: 1112 outgoing, 1079 incoming connections` - not sure how many MUCs there are, but cant' imagine it's 50%
marc
Ge0rG, let me first finish my URI handling in Conversations and the user-invitation XEP ;)
jonasw
Ge0rG, depends on what you want to check, the aioxmpp end-to-end test suite might be a good start :)
marc
Ge0rG, but I think that's really important
Ge0rG
marc: what's important?
marc
Ge0rG, some official server list
Ge0rG
marc: xmpp.net had a semi-official one.
Ge0rG
but now it's down and needs work to bring up again.
jonasw
yeah, about that xmpp.net thing, Kev, I’m still hoping for your Dockerfile :)
marc
if you have created an account on a server which doesn't support, let's say HTTP upload, and file transfer in group chats doesn work this user will be annoyed and probably will never use / recommand XMPP
Kev
jonasw: Let me sort that out now.
jonasw
Kev, that’d be lovely
jonasw
I’m tempted to sink my weekend into getting xmpp.net up&running again
Ge0rG
!praise jonasw
jonasw
(and then people wonder why jabbercat isn’t making progress)
Guus
!praise jonasw
jonasw
hold yer horser
jonasw
save the praise for when I’m done
jonasw
I might easily get fed up by PHP
Kev
What is jabbercat, BTW?
Guus
(by the way, why isn't jabbercat making progress?)
jonasw
Kev, https://github.com/jabbercat/jabbercat, TL;DR: new Qt5 Desktop Client
Kev
Because we don't have a Qt5 Desktop client already? :)
Ge0rG
it's a very promising early alpha
marc
Ge0rG, to speed things up "we" should decide how we implement PARS and user-invitation
jonasw
Kev, frankly, when I started, I didn’t know / forgot about Swift & co.
Ge0rG
The Swift bug tracking situation is not optimal. I've submitted a bunch of things and I have no clue whether they got fixed or not.
Ge0rG
(except for the wontfix ones)
Ge0rG
marc: let me help you with that. We integrate account creation into PARS.
marc
Ge0rG, okay, and what's the protocol flow then?
Ge0rG
marc: ad-hoc -> xmpp: URI with optional https: URI -> out-of-band -> IBR/PARS request
Guushas left
danielhas left
marc
Ge0rG, so the server generates / appends an additional PARS token if enabled?
Ge0rG
marc: if the server doesn't provide an https: URI, the client can either pass on xmpp: or use its own landing page (eg. https://yax.im/i/)
Ge0rG
marc: there is no "if enabled"
Ge0rG
and there is only one token, that can be used for both
Ge0rG
No, that won't work for closed-registration servers.
marc
Yeah, that's somehow my problem ;)
Kev
Ge0rG: Nothing is optimal :)
jonasw
Ge0rG, why?
Ge0rG
jonasw: the xmpp: URI needs an indicator whether registration is allowed.
jonasw
Ge0rG, ;allow-register?
marc
Because that means that somebody may propose just an other XEP for it...
Ge0rG
we could go with `xmpp://server/inviter@server;preauth=TOKEN` - `server` is explicitly telling us the domain where to register, the inviter JID is present and a token that can be used for either.
Ge0rG
But that will break most current clients that support xmpp:
Ge0rG
should we provide means for the server to specify a different domain from the inviter's?
jonasw
Ge0rG, will it though?
marc
Ge0rG, yes we should, I also had this idea :)
Ge0rG
jonasw: when you open an xmpp://foo.bar/user@foo.bar link, I'm pretty sure unexpected things will happen.
marc
yes, I think the XmppUri parser in Conversations is broken
jonasw
I’m pretty sure I’ll get "unknown protocol" because I don’t have an application which supports XMPP URIs at all
Ge0rG
the URI parser on android is broken as well
marc
At least it doesn't support the authority part properly AFAIK
Ge0rG
What about:
> If the server allows In-Band-Registration with the preauth token, it SHOULD add an `ibr` parameter. If the IBR domain is different from the inviter's service domain, the server should set the value of the `ibr` parameter to the domain name.
Ge0rG
So we would end up with: `xmpp:georg@legacy.yax.im?preauth=TOKEN;ibr=yax.im`
marc
Ge0rG, should we really avoid using XMPP URI properly just because some clients don't implement the parser properly?
Guushas left
Ge0rG
marc: we are using the URI properly.
Ge0rG
marc: the primary goal of the URI is to add a contact, not to register with the server
jonasw
are we? wouldn’t xmpp://yax.im/georg@legacy.yax.im be more correct?
marc
What about xmpp://server/inviter@server;preauth=token` then?
Ge0rG
See above.
marc
I think jonasw is right
Guushas left
Ge0rG
marc: so your goal is to force the invitee to register with your server?
marc
Ge0rG, yes, at least it would be nice if we have an option for this use case
Kev
jonasw: How do you want this tarball?
marc
Ge0rG, because I'm pretty sure my server has nice XEPs enabled ;)
jonasw
Kev, deep fried
jonasw
Kev, mailto:jonas@wielicki.name
Ge0rG
marc: maybe we have different goals, then? I want to give out a link that allows the receiver to add me as a contact, and to create an account on the way if required
jonasw
I just wish this was all working before end of year :D
zinidhas left
Ge0rG
marc: if you want to "entice" the receiver to re-register on a different server, I don't agree.
Kev
jonasw: This is stuff for running up a symfony-based PHP thing, so you might want to trim some of the bits out - e.g. I have no idea if the frontend needs to install depedencies with composer. There might or might not need to be crontasks, trim that out if not, and you might or might not need to populate an environment file of some sort.
Ge0rG
marc: but in that case, the xmpp://server/inviter@server would be semantically correct.
jonasw
Kev, thank you very much
marc
Ge0rG, don't get me wrong, my intention is to make easy onboarding....
jonasw
gotta head out now for lunch, will take a look later :)
Ge0rG
marc: right. And onboarding without having to create an account is easier :P
jonasw
FWIW, marc, I think we shouldn’t encourage non-power users to have multiple accounts.
Ge0rG
what jonasw said.
jonasw
it should be there if they need and want it, but we shouldn’t make it the default path for the unthinking chicken installing debian :)
jonasw
(hitting enter / the big button on each step)
jonasw
(this is not to insult our users, just making a reference to the old joke that even a chicken can install debian by simply hitting on the Enter key repeatedly)
stefandxmhas left
jonasw
(and I think that it should be that easy to use XMPP)
marc
I agree, but to me it looks like we miss some useful feature in the XEP then
Ge0rG
marc: what would that useful feature be?
marc
Ge0rG, somebody is on a shitty server? :D
Ge0rG
marc: this is not a feature of the XEP
marc
well, it's user invitation
Ge0rG
marc: what about having a "server quality index" display in all clients, that can estimate how good the current server is, and how good the proposed one? :P
Ge0rG
marc: well. You can have the "Create new account on [ibr server]" button in the add-contact UI; and then you write into your invitation mail to click that button :P
marc
Ge0rG, if we don't have this feature there is no way to invite a user to a non-public server
Ge0rG
marc: my point is, what if you are on a shitty server and I'm not?
Ge0rG
marc: by non-public you mean non-federated?
marc
Ge0rG, no, just a server where only registered users can invite somebody
archas left
lumihas joined
archas joined
marc
Ge0rG, I think there are some reasons to join a specific server even if an user has already an account, privacy/trust etc.
Ge0rG
marc: to invite a user to a non-federated server, the correct URI would be indeed `xmpp://server/inviter@server?ibr;preauth=TOKEN`
marc
This wouldn't be possible and IMO that's not good if we have the chance the include this
marc
Ge0rG, non-federated server is not the correct term
marc
Just because a server doesn't allow public registration it can still be federated...
Ge0rG
marc: if it allows federation, there is no need to force non-power-users to create a second account
marc
Ge0rG, even if the user is a "power-user", how to easily invite the user? via a web-interface / shell just because the XEP doesn't support this feature?
jonasw
I think you two are misunderstanding eaxh other
marc
:D
jonasw
Ge0rG wants to keep the account creation, but not as default
jonasw
and away
marc
Well, I'm fine with that :)
marc
It shouldn't be the default but it should be _possible_
marc
And, maybe that's the controversal part (?!), PARS should be optional
marc: the first button is prominent, the second button is toned down, like "skip registration" would be
marc
Ge0rG, +1
Flow
Ge0rG, so JID and Name are editable text fields?
Ge0rG
Flow: the JID is visible but not editable, the name is editable
Ge0rG
Flow: one might want to add a roster group selector as well.
Flow
Hmm, how about "Invitation from Georg (georg@yaxim)" then?
marc
Ge0rG, if we agree on the possiblity of predefines usernames (optional) we're almost done :D
Ge0rG
marc: please don't.
Flow
and why is there a [create yax.im account] button?
Ge0rG
Flow: what's wrong with the above? You can reuse your regular "add contact" dialog and just disable JID editing
marc
Ge0rG, but it allows me as admin to create an account for an user
marc
As I said, optional, server-side option, maybe for admins only etc.
marc
Not useful for public servers
Flow
Ge0rG, ok, if that is the idea. But I would proably go for a specialized UI
Ge0rG
marc: if you already created an account, you should use xmpp://user@server?preauth=TOKEN
Ge0rG
Flow: [create yax.im account] is for power-users who want to have an account on the same server as the inviter.
marc
Ge0rG, well the user still has to specify the password
marc
So ibr is still correct I think
Ge0rG
marc: I think this is a completely different use case.
Flow
Ge0rG, but UX usually means to hide operating elements for power useres
Ge0rG
Flow: tell that to marc
Flow
will do
marc
:D
Flow
good thing a protocol can't require how the UI looks like
Ge0rG
Flow: actually that's a bad thing, in most cases.
Flow
Ge0rG, require or suggest? ;)
Ge0rG
Except when protocol designers try to create a UI :P
Ge0rG
But yeah, I think that hiding the account creation behind an "Advanced..." button would be good.
stefandxmhas joined
marc
Ge0rG, sounds good
Ge0rG
marc: we really do need a way to "export" an account to a new device, or to one-click register, but I think this is a (slightly) different use case
@Alacerhas left
marc
Ge0rG, just let me know what's the big difference between "you have the option to create an account or add the contact to your roster" and "you have the option to create an account with full JID or add the contact to your roster"?
Ge0rG
marc: what you are looking for is, as an admin, to pre-create an account and give the user enough info to just configure a password.
marc
Ge0rG, yes
Ge0rG
marc: what I'm looking for is to add a contact, and to create a user-defined account if required.
marc
Ge0rG, do you really think it's worth making an extra XEP for that?
Ge0rG
marc: if you pre-created an account, you want your invitee to use that.
Ge0rG
marc: I only want to give the invitee the option to create an account themselves
marc
Ge0rG, what's the down-side of allowing this optional feature?
pep.has left
Ge0rG
marc: because this optional feature must be implemented by all clients
marc
okay, that's a reason
Ge0rG
marc: every time you add an option to a protocol, you double the number of possible situations
marc
But the code is very small
danielhas left
marc
Ge0rG, I know I've implemented it in conversations
marc
You just have to check if that's a full JID or just the server name
Ge0rG
marc: so with optional inviter name, optional invitee JID, optional https:// URL, and the option to already have an account we are at sixteen different cases already.
marc
In the latter case you have to fix the server name in the JID text entry
Ge0rG
marc: I see two different, but related use cases:
1. you want to onboard someone to a pre-registered account on your server. Use `xmpp://user@server?preauth=TOKEN`
2. you want to add a contact. Use PARS with an `ibr` option.
Ge0rG, yes, me too that's why I'm so stubborn about it :D
danielhas left
danielhas left
marchas left
Ge0rG
marc: it just doesn't make sense to map both use cases onto the same UI
marc
Ge0rG, on what side? inviter, invitee, both?
Ge0rG
marc: invitee
marc
Ge0rG, I'm fine with that
Ge0rG
marc: for the inviter, the admin use case can be mapped to some ad-hoc command without explicit client-side UI
Ge0rG
the user-inviting-user case should have a "Create invitation" UI
marc
Ge0rG, My demo showed the admin version
marc
Ge0rG, just imagine that a normal user would get the qr code directly
Ge0rG
marc: it's nice that you added the admin version into Conversatios, but that's quite some overkill
marc
Without the possibility to choose a username
marc
Ge0rG, actually that's all done automatically
marc
Because the server responds a form with the possiblity to choose a username
marc
There is no additional logic for this admin feature
marc
Since the UI is generated automatically by the form
marc
So I don't think that's overkill
marc
It's like generateUserInput(form);
Ge0rG
marc: okay, so if you are an admin, you get a data form for username / display name?
marc
Ge0rG, exactly
Ge0rG
marc: I think there is no need to XEPify that.
marc
username might still be optional but you get the possibility
Ge0rG
marc: we should XEPify the ad-hoc command name. And to a normal user, it should return a PARS;ibr link.
marc
Ge0rG, maybe not, but it would prevent user/admin defined behaviour...
Ge0rG
marc: if you are an admin, it might return a PARS;ibr link or a data form asking for a username
marc
Yes
marc
That's my idea
Guushas left
Ge0rG
marc: if you leave out the username, it will return a PARS;ibr link. If you enter one, it will return an onboarding link of `xmpp://user@server;preauth=TOKEN`
marc
Ge0rG, looks good to me
Ge0rG
marc: so what needs to be XEPified is: ad-hoc command name; URI formats for both use cases; (approximate) client behavior for both use cases; wire-format for IBR
Ge0rG
+; dependency on PARS
Ge0rG
marc: what I really like about the admin use-case is that it finally allows to register on a server using a one-time-token
marc
Ge0rG, yes!
Ge0rG
There used to be an Easy_Account_Creation page on the wiki
pep.
Finally caught up with all your messages! Good to know you're getting somewhere :)
marc
:D
marc
I think we should re-use ?register action, right?
ralphmhas joined
pep.
iiuc, that means as a server admin I'll be able to issue registration tokens right? and have IBR wait for that token
marc
pep., yes
Ge0rG
marc: you mean https://xmpp.org/registrar/querytypes.html#register
marc
Yes
Ge0rG
marc: do you want me to write the XEP?
pep.
Obviously as a server admin I should be able to allow more people to issue tokens. Allowing everybody to issue these is not really smart though, right?
jubalhhas joined
marc
Ge0rG, we can work together on it
marc
pep., You can specify a set of people which are allowed to generate tokens or something like that
pep.
yeah
marc
But that really depends on your service
Ge0rG
pep.: you could disable generic IBR and use this mechanism to allow all your users to invite other users.
marc
exactly
moparisthebesthas joined
pep.
Ge0rG, I guess I could. Or have a blacklist rather than whitelist
Ge0rG
pep.: how is that supposed to work?
archas left
archas joined
Ge0rG
marc: there is also https://xmpp.org/extensions/attic/xep-0235-0.3.html
marc
Ge0rG, if you're fine with token expiration I think an other topic which need to be disucussed is how we handle/limit the number of invitations
pep.
Maybe it's not worth it, I have never been target of spam so you know better. But if a spammer gets one than it's similar to open IBR again
Ge0rG
Eh, https://xmpp.org/extensions/xep-0235.html
Ge0rG
marc: I think that is absolutely out-of-scope
pep.
They'd be able to generate tokens etc.
pep.
You can traceback where it came from though
moparisthebesthas joined
marc
Ge0rG, we should at least define an error for that
Ge0rG
pep.: right, one could easily kick the spammer and all of their friends.
marc
Ge0rG, nothing is more annyoing to a user if you get something like "doesn't work at the moment, try again later!"
Ge0rG
marc: I'm sure we can re-use existing IBR errors
marc
Ge0rG, I mean for token/invitation generation
Ge0rG
And there is https://xmpp.org/extensions/inbox/user-auth.html
Ge0rG
marc: the ad-hoc command should always return a token, just maybe not with an `ibr` tag.
marc
Ge0rG, that would be confusing ;)
Ge0rG
marc: to whom?
Ge0rG
marc: the default use case is to generate a PARS uri
Ge0rG
marc: if you are talking of the admin use case, yes, it should return an error.
marc
sometimes you have the ability to create an account sometime not?
marc
+s
Ge0rG
marc: for the user use case, the server generates a PARS or a PARS;ibr link
Ge0rG
marc: depending on whether user-initiated account creation is allowed on the server.
Ge0rG
marc: a non-ibr PARS link will mean that the invitee's client is responsible for account creation
marc
Ge0rG, just thought about the case where an inviter creates too much PARS;ibr tokens
marc
Maybe you want some policy to limit the number of PARS;ibr tokens
Ge0rG
marc: maybe. But there is no need to expose that to the inviter's client
stefandxmhas left
marc
(1) Marc invites somebody without account -> server generates PARS;ibr -> nice
(2) Marc invites somebody without account -> server generates PARS only -> invitee and Marc are confused
marc
Ge0rG, maybe I don't get your idea but this is how I understood your approach
Ge0rG
marc: (2) Marc invites somebody without account -> server generates PARS only -> invitee opens link in yaxim and registers on yax.im -> nice
ralphmhas joined
marc
Ge0rG, sounds like a bad idea to me... not every client provides a xmpp server?
Ge0rG
marc: no, but the ones implementing PARS do :P
jonasw
for now
marc
Ge0rG, Does PARS require a client software to provide a xmpp server?
Ge0rG
marc: actually, I forgot to add that part to the XEP
marc
Ge0rG, :p
Ge0rG
marc: but yes, I think that a client implementing PARS needs to have a sensible user-onboarding flow that does not depend on the invitee.
jonasw
Ge0rG, so jabbercat better doesn’t implement PARS
Ge0rG
marc: it doesn't mean the client developer must run an IBR server, they can provide a list of public servers instead
jonasw
(I won’t get into the business of running a public server.)
jonasw
ah well
Ge0rG
jonasw: you can SRV-link jabbercat.im to the yaxim server :P
marc
:>
marc
Ge0rG, okay, I think I'm okay with your idea
jonasw
Ge0rG, will do
Ge0rG
jonasw: I'm pretty sure I can handle the additional load
Ge0rG
jonasw: btw, did you buy out jabber.cat already? :P
jonasw
no, won’t
jonasw
too politically unstable that TLD ;-)
Ge0rG
Heh.
Ge0rG
Still better than .io
marc
Although it may be very confusing if that happens to invitees who sit next to each, for example ^^
jonasw
does im have DNSSEC by now?
Ge0rG
jonasw: nope
jonasw
m(
Ge0rG
marc: why so?
marc
Ge0rG, because they don't get the same dialog
marc
Ge0rG, invitee A an create an account on the server and invitee B can choose some public server
jonasw
Ge0rG, but then I want private+persistent PEP on jabbercat.im!
Ge0rG
jonasw: please star & comment on https://prosody.im/issues/485
jonasw
I won’t comment, Zash hates that
jonasw
(rightfully so)
jonasw
> PEP with permanent storage is now in mod_pep_plus and should be working. Thanks to Link Mauve!
pep.
Yeah, that's in trunk
Ge0rG
> Is this feature usable with 0.10?
*crickets*
pep.
0.10, pff :)
edhelas
just to give you ideas, in Movim I've implemented an invitation system for MUC that generate a unique link https://nl.movim.eu/?login/GA1dbdSB
edhelas
once the user login it automatically ask him to add the MUC to the bookmarks and join
edhelas
it's a bit like Discords in doing
Ge0rG
edhelas: web-based stuff is easier
edhelas
yup
jonasw
I want that MUC invite integration thing
Ge0rG
edhelas: can you make it work with PARS and easy-xmpp-invitation? :P
edhelas
dunno
Ge0rG
"Timothée Jaussoinhat Sie eingeladen, einen Chatraum zu bet..." - the UI is cut off.
Guus
That's what you get for inventing such long words in your language!
Guus
shees, you're almost as bad as the Finnish!
edhelas
there's never enough place to display german messages
pep.
it's also cut off in english
Guus
oh. :)
jonasw
Guus, don’t insult the finnish
Ge0rG
edhelas: which is why German is a good UI testing language.
jonasw
they’ve got the most amazing language on this continent
jonasw
yeah, long words and long sentences :)
jonasw
and umlauts!
edhelas
they beat all of us at the Scrabble
Guushas left
pep.
edhelas, where is that in the UI btw? Where do I generate that
Ge0rG
My favorite was a bug report by a user that my app was lacking a button. It took me a looong while to find out that on some Android version, the OS developers removed text-wrapping from buttons, and the "OK" button was outside of the dialog
Guus
jonasw: I'm always laughing at subtitles Finnish tv, where one of the lines (Swedish), has words, and the other line (Finnish) has _a word_.
jonasw
:)
jonasw
that’s how amazing it is!
edhelas
pep. in a chatroom, click Menu > Invite
pep.
nice
Ge0rG
https://stackoverflow.com/questions/26708976/alert-dialog-buttons-problems-in-android-l - this one, except that in my app, the button was completely gone!
ralphmhas joined
uchas joined
uchas joined
Guushas left
valohas left
valohas joined
uchas joined
sezuanhas joined
uchas joined
lskdjfhas joined
lskdjfhas joined
sezuanhas left
sezuanhas joined
sezuanhas left
valohas left
valohas joined
Ge0rG
Should the ad-hoc command node be a human-readable short string or a unique identifier / URL?
prosody is using URLs as node names, the XEP is using short identifiers.
Ge0rG
I'm not talking about the 'name' field but about 'node'
jonasw
URLs is probably safest
jonasw
me too
Alexhas joined
sezuanhas joined
Ge0rG
> Service Discovery requires that all 'node' values be unique within a given JID. This document requires that the 'node' value used in <command/> exactly match the value used in the <item/> element. It is the responsibility of the responder implementation to ensure each command's node is unique for their JID.
So short identifiers are valid as well, unless you support plugins that add more nodes.
debaclehas joined
jonasw
yup
Ge0rG
So for the sake of implementing an invitation ad-hoc-command, it should be a URL as well? Hmhm.
jonasw
one could probably re-use the URI the XEP will allocate
marc: and if you tap into the hostname part, it will make it editable as well.
pep.
Ge0rG, who do I pay to appear in your server list?
marc
Ge0rG, that's nice! It is also possible to fix the domain part?
Ge0rG
pep.: PR against https://github.com/pfleidi/yaxim/blob/master/res/values/servers.xml
Ge0rG
marc: nope, not supported yet
marc
pep., In a perfect world this server list would be download from a server list provided by XSF or something like that
marc
+ed
mathieui
marc, in a perfect world we would have no need for xmpp
pep.
Ge0rG, k
pep.
mathieui, you mean everybody would be using WhatsApp?
Ge0rG
pep.: the former source is this:
`curl -s http://xmpp.net/services.xml | xml2 | awk -F= '/@jid=/ { print "\t\t<item>" $2 "</item>" }' | sort -n`
pep.
Ge0rG, and then you tested for IBR?
Ge0rG
pep.: no.
marc
Ge0rG, easy onboarding!!1! :D
Ge0rG
pep.: it's a generic public-server list for JID auto-completion, I don't have IBR flags.
pep.
I'm curious what would get included in the list
marc
We really need a good server list... :D
Ge0rG
marc: we need a list with meta-data, like hosting country, privacy regulations, ToS-TLDR, reliability, and of course a fancy logo.
Ge0rG
The logo is the most important part, people don't care about the others.
marc
Ge0rG, if meta-data includes XEPs, yes
SouL
+1 for the logo
pep.
Ge0rG, agreed, a server-list like that would be nice
Ge0rG
marc: there was some discussion on standards@ regarding that.
Ge0rG
Probably around a year ago
Guushas left
marc
Yes, we need a badge and a list for public server which support all XEPs required for mobile devices, HTTP upload, OMEMO, etc.
Ge0rG
marc: you just volunteered.
sonnyhas left
pep.
marc, OMEMO is a client-side thing
pep.
well, PEP ~
jmpmanhas joined
marc
pep., No, it needs PEP
pep.
Sure
Ge0rG
The PARS proposal that daniel made also needs PEP. Private PEP
marc
Ge0rG, what's that?
marc
I mean the PARS proposal
Ge0rG
marc: current PARS requires the client to handle token generation and approval. Daniel suggested to make a private-PEP entry storing a HMAC key, so that the server can validate ingress tokens
pep.
I'm not sure I understand how that would work
jonasw
Ge0rG, your broken IPv6 is annoying
jonasw
mpv is now at more than a minute for trying to connect to your server
jonasw
can you please remove the AAAA records
daniel
Ge0rG, will it also be able to validate pokemon go tokens?
pep.
jonasw, yeah same, I resorted for wget / mpv instead :/✎
nycohas left
pep.
jonasw, yeah same, I resorted to wget / mpv instead :/ ✏
jonasw
finally
jonasw
oh no
jonasw
ah yes
Guushas left
Guushas joined
stefandxmhas joined
jonasw
Ge0rG, hm, somehow the firs t screen seems cluttered
jonasw
is it possible to show *only* the dialogue without the othert suff in the background?✎
jonasw
is it possible to show *only* the dialogue without the other stuff in the background? ✏
Ge0rG
jonasw: you will find bliss in RFC 6555
pep.
happy eyeball?
jonasw
Ge0rG, yeah, but I can’t make that magically happen
pep.
heh
Ge0rG
jonasw: the first screen of yaxim? the account creation one?
jonasw
yes
Ge0rG
jonasw: do what I would do. https://github.com/dino/dino/issues/208
jonasw
that is, make the dialogue full screen. what’s that called in android?
jonasw
Ge0rG, I don’t even know which component is at fault here
jmpmanhas joined
jonasw
is it glibc for not doing this on connect(2)? is it mpv for not opening separate connections by itself? is it maybe even youtube-dl? I have no idea.
Ge0rG
jonasw: probably it's mpv
Ge0rG
youtube-dl -4, --force-ipv4 Make all connections via IPv4
jonasw
mpv didn’t accept -4
jonasw
also, ECHAN
Ge0rGhas left
danielhas left
Guushas left
Tobiashas joined
stefandxmhas left
danielhas left
Guushas joined
danielhas left
nycohas joined
danielhas left
danielhas left
danielhas left
Guushas left
ralphmhas joined
Alexhas joined
zinidhas left
nycohas left
jmpmanhas joined
nycohas joined
jmpmanhas joined
Alexhas left
Alexhas joined
Alexhas left
Guushas left
tuxhas left
jmpmanhas left
jmpmanhas joined
Tobiashas left
Tobiashas joined
Ge0rGhas left
sonnyhas joined
Steve Killehas left
Steve Killehas left
Steve Killehas joined
stefandxmhas joined
zinidhas left
lumihas left
stefandxmhas left
ralphmhas joined
Ge0rGhas joined
sonnyhas left
sonnyhas joined
Guushas left
danielhas left
mathieui
https://gateway.ipfs.io/ipns/QmSgwwdejjsizQnKffKo6e84vfvBWCH5tnGpAwLPJVvhby/ if any german people are available, it may be interesting
ralphmhas left
Ge0rGhas left
debaclehas left
danielhas left
Alexhas joined
ralphmhas joined
zinid
ipfs never works 😉
Guushas left
jubalhhas left
marchas left
Ge0rGhas left
zinidhas left
waqashas joined
ralphmhas joined
jmpmanhas joined
jmpmanhas joined
Ge0rGhas left
Ge0rGhas left
waqashas left
Ge0rGhas left
jjrhhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
danielhas left
jubalhhas joined
jubalhhas left
jjrhhas left
jjrhhas left
danielhas left
jjrhhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
stefandxmhas joined
@Alacerhas left
Holgerhas left
@Alacerhas joined
uchas left
zinidhas left
SamWhitedhas left
ralphmhas joined
stefandxmhas left
mimi89999has joined
lumihas joined
ralphmhas left
ralphmhas joined
waqashas joined
waqashas left
jubalhhas joined
ralphmhas left
ralphmhas joined
Alexhas left
valohas left
ralphmhas left
valohas joined
ralphmhas joined
jubalhhas joined
Guushas left
ralphmhas left
ralphmhas joined
Guushas left
ralphmhas left
la|r|mahas joined
zinidhas left
Alexhas joined
danielhas left
ralphmhas joined
Alex
he guys, lets start the member meeting in 2 minutes
Zash
Feels like we just had this, with the board/council not too long ago :)
Alexbangs the gavel
Alex
here is our Agenda for today:
https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08
mathieui
Alex, it’s supposed to be at 20:00 UTC ?
mathieui
it’s 19:00 right now
Alex
then I put it wrong in teh Cal ;-)
mathieui
right, wiki says 19:00 but latest members mailing says 20:00
Zash
19:05 even!
Alex
lets do it now, as I have to leave soon, when there are no concerns
Ge0rG
What if there are members wanting to vote at 20:00?
SamWhited
Does anyone ever actually want to vote in the meeting? It doesn't matter, let's just do it now while Alex is here.
stefandxmhas joined
Zash
If you wanna be Procedurally Correct, then the time in the announcement is probably the best. And since it is later, it's also probably safer.
Zash
SamWhited: Last minute proxy-bot-votes happen tho
Zash
Altho if the original original announcement said yesterday then everyone should have voted already, so ..
SamWhited
Does it ever actually come down to one or two votes then? Why try to fix it until it's a problem?
Alex
SamWhited agreed, lets continue
Zash
Go for it
Alex
1) Call for Quorum
Alex
as you can see 34 members voted via memberbot, so we have a quorum
Alex
2) Items Subject to a Vote, new and returning members, you can see the lists of applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q4_2017
Alex
3) Opportunity for XSF Members to Vote in the Meeting
Alex
anybody here who wants to vote now?
Alex
memberbot would be still up for that
Alex
ok, will start working on the results then
Zash
In case anyone had wanted to, but showed up at the announced time, then it'd be a bit weird.
ralphmhas joined
mathieui
Zash, well, initial voting time has already passed, and we have to resolve conflicts only if a number of people significant enough to change results take issue with that
jjrhhas left
jjrhhas left
Alex
4) Announcement of Voting Results
Alex
when you reload the page at:
https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08#Announcement_of_Voting_Results
you can see the results
Alex
all new and returning members are accepted
Ge0rG
Congratulations, everybody!
Ge0rG
🎆
mathieui
Congratulations to all returning members and pep.
Alex
5) Any Other Business?
Alex
looks like there is none
Alex
6) Formal Adjournment
Alex
I motion that we adjourn
mathieui
seconded
Alexbangs the gavel
Alex
thanks guys
SamWhited
Thanks alex; and congrats all!
mathieui
thanks for the work, as always, Alex
SamWhited
Ge0rG: In most text fields on my machine I can tell what that was… in Android I can tell what that was… in my console:
SamWhited
https://i.imgur.com/3jykNf1.png
pep.
I'm interested in hearing about the 4 No votes, ping me in private if you want to talk about it
Alex
and sorry about the time confustion. I work in too many different timezones these days ;-)
Alex
pep.: maybe related to the short application, at least this is some kind of pattern I have seen in the past
jjrhhas left
jjrhhas left
pep.
Ok
Ge0rG
SamWhited: what kind of console is that? Maybe you need Smiley Hugification™
zinidhas left
jjrhhas left
SamWhited
Ge0rG: mcabber on xfce4-term (which is weird, I realized I wasn't actually sure since I don't use xfce4 anymore, but apparently I left the terminal installed)…
Ge0rG
weird indeed.
lovetox
pep. i like you, just wanted to put it out there.
danielhas left
pep.
lovetox: 😘
xnyhpshas left
stefandxmhas left
xnyhpshas joined
SamWhitedhas left
Guushas left
ralphmhas joined
stefandxmhas joined
jjrhhas left
danielhas left
jjrhhas left
ralphmhas left
jabberatdemohas joined
jabberatdemohas left
SouL
Congratulations everyone, and also pep. !
ralphmhas joined
Alexhas left
Tobiashas joined
Tobiashas joined
jubalhhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
ralphmhas joined
Ge0rGhas joined
Ge0rGhas left
jubalhhas left
danielhas left
danielhas left
Zash
Bunneh: draft uta-email-deep
Bunneh
Zash: "Cleartext Considered Obsolete: Use of TLS for Email Submission and Access", Keith Moore, Chris Newman, 2017-12-06,
https://tools.ietf.org/html/draft-ietf-uta-email-deep-12.txt
nycohas left
Zash
2014 called, or something
la|r|mahas left
nycohas joined
ralphmhas joined
la|r|mahas joined
Ge0rG
Zash: it was 2014 for Jabber, and that was already a decade late
Zash
Better late than never?
Ge0rG
Yeah, right
Ge0rG
Oh, that rfc is for MUA access to servers. They are really a decade late
danielhas left
uchas joined
Ge0rGhas left
moparisthebest
interesting they chose the term 'Implicit TLS'
moparisthebest
we settled on 'Direct TLS' for 368
moparisthebest
but I'm excited we are back to doing that for mail, I mean I have been, because it lets me multiplex on SNI and use 443 for imap+smtp+pop
moparisthebest
but I'm excited it's going back to recommended status :)
zinidhas left
moparisthebest
if that reaches draft can we bring back implicit 5223 also ? :D