XSF Discussion - 2017-12-08

Anyone an idea how we can make "xmpp:?message;body=BODY" XMPP URIs legal? It seems that some RFC doesn't allow empty JID in XMPP URI...

marc, what’d you use them for?

jonasw, share a message

Do you know these social share buttons on YouTube, Wordpress etc?

That would be a use case

ah, I see

You click on it, the XMPP client pops up and let you decide the contact you want to share the message with

if the RFC doesn’t allow for it, we need to extend the RFC I guess

although I’m not sure if the URI RFC allows it :/

It does

At least I'm pretty sure

implement it, the RFC can follow :)

I'll double check if that possible in general URIs

jonasw, I have an implementation for Conversations

It needs some restructuring but PoC works fine

python urllib at least accepts xmpp:?

which RFC specifies xmpp: again?

jonasw, https://tools.ietf.org/html/rfc3986#section-3 "The scheme and path components are required, though the path may be empty (no characters)."

https://tools.ietf.org/html/rfc5122#section-2.2

So URIs allow it

We need to change XMPP URI RFC :)

Of course, we could use an ugly hack like "xmpp:share?message;body=BODY"

But I don't like it

I think it allows it

but I may be mistaken

the rule we’re expanding in this case is: xmppiri = "xmpp" ":" ihierxmpp, ihierxmpp = ipathxmpp, ipathxmpp = ihost

ihost is defined in: https://tools.ietf.org/html/rfc3987#section-2.2

as: ihost = *( iunreserved / pct-encoded / sub-delims )

the asterisk is defined in: https://tools.ietf.org/html/rfc2234

as: The operator "*" preceding an element indicates repetition. The full form is: <a>*<b>element where <a> and <b> are optional decimal values, indicating at least <a> and at most <b> occurrences of element. Default values are 0 and infinity so that *<element> allows any number, including zero; 1*<element> requires at least one; 3*3<element> allows exactly 3 and 1*2<element> allows one or two.

this means that *( foo ) is zero or more of foo

in this case it means that ihost can be empty

thus it is legal to have an empty JID *as per the grammar*

I haven’t checked the text yet :)

the same holds for the URI interpretation, but without the leading "i"

Mhm okay

it might be an oversight that the grammar allows it, but it’s useful in this case :)

Maybe I need to read this document thoroughly, there is also something like "xmpp://guest@example.com/support@example.com?message"

yeah

marc: I've been pondering about the invitation workflow some more, and I think it should go like this: 1. you request an invitation token from your server via ad-hoc 2. you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band 3a. the invitee performs IBR with the invitation token 3b. the invitee already has an account and performs PARS with the invitation token

Ge0rG, what is you@yourserver? The JID of the inviter?

marc: correct

Ge0rG, the client still must provide the possiblity to create an account even if you already have one

marc: in theory, yes. But I'm pretty sure the power users will figure it out anyway, and the regular users will only get confused

Ge0rG, if you already have one you'll probably know what to do if the client provides you a dialog so it shouldn't be a problem, right?

marc, FWIW, if you really want that feature, I’d hide it at the bottom of the screen

like websites hide the "continue without" button when asking for your phone number :)

jonasw, maybe I want to give a user the possibility to join _my_ server

I think that feature is not unreasonable

marc, I doubt that many users care a lot of about that.

the default flow should be as easy as possible.

yes, the default user has no account :P

-> the default user will not be confronted with a dialog

Ge0rG, I'm not sure about the ?roster action

marc: I don't care about the action too much

marc: but there will be a dialog, either account creation or add-contact

s/roster/invite/?

Ge0rG, Yes, if you already have an account there should be an "add-contact" dialog with an option to create an account

(instead of just use an existing account)

> you send a url of xmpp:you@yourserver?roster;invitation=token out-of-band shouldn't that be xmpp://you@yourserver or something

marc: if the client supports multiple accounts. which is arguably a power-user feature that makes UX complicated

daniel, are you asking because of the semantic difference between xmpp:// and xmpp:?

jonasw, yes

daniel: no, :// would be an account reference, : is a contact reference

daniel, no

I had the same idea

but the authority is to indicate the account to use

oh i thought you was I

like you the proposed username for me

daniel: you could do something like xmpp://proposed_invitee_jid@server/inviter@server

Ge0rG, why does it lead to a complicated UI? Just a small button "Create account" in the bottom left/right corner

Ge0rG, yeah i thought that's what this thing was trying to do. never mind

marc: the complicated UI arises when you have multiple accounts

marc: now you need a notion of a default account, or ask the user on every interaction which account to use

marc, have you considered what communication method I would use to send you the url?

becasue gmail for example doesn't make xmpp uris clickable

neither does the sms app

Ge0rG, you already have to ask the user what account to use

daniel, we use an invitation url

daniel: I would love to anchor that onto the easy-xmpp-invite mechanism

marc, like an https url?

daniel, yes

marc: that's exactly my point, it's a UX nightmare.

why are you discussing xmpp uri schemes then?

daniel, that's an other topic ;)

it's all interrelated.

only that xmpp uris are mostly worthless

when it comes to easy onboarding

Yes

was difficult to figure out those xmpp uris as well for me

daniel: right, so I've made easy-xmpp-invitation.

daniel: which allows to bridge xmpp: URIs over https.

edhelas, it's not that they are difficult. but you can't click them

daniel, you can make any URL clickable on a website -> win

jonasw: but it won't magically work.

Ge0rG, I don't get what's the problem with multiple accounts. We already have clients that support multiple accounts.

And there is almost no additional work for the UI

marc: I'm not saying that implementing multiple accounts is a problem, I'm saying that having multiple accounts on the same client is a UX nightmare

marc: imagine a user accidentally clicking the "create account" button and ending up with two accounts - one for all their friends and one for you

and users have very large fingers.

Ge0rG, yes, that needs to be solved by the UI nicely :D

That's why the preferred option is to add the contact via PARS if an account is available

But creating a XEP just for user invitation to a server if the user doesn't already have an account limits the possibilities...

marc: right, which is why the whole thing is also technically a bit more complex

Ge0rG, my problem at the moment is that I'm not sure how to integrate both XEPs properly

In a way that both do not depend on each other and can be implemented independetly

marc: you need to have four specifications: - token generation (PARS uses a client-side approach, you go with ad-hoc. specify that) - token transmission (basically a new xmpp: URI parameter) - use of the token in account creation (IBR payload / data forms) - use of the token in PARS (just reference PARS and say that the token must be usable as `preauth=` for PARS as well)

Ge0rG, yes, but the tokens need to be the same if both is used

the server needs to store the token in some kind of table anyway, where it will also contain the inviter's JID

marc: I think that re-using this token for server-side PARS shouldn't hurt

marc: so your specification means a server must implement PARS

marc: or, alternatively, you need to add two tokens to the URL

Actually, I would be okay with extending PARS accordingly.

So that it covers both use cases.

two token keys with the same token, like invite=TOKEN;preauth=TOKEN ?

Such that the clients know that both is supported?

marc: yes, like that.

marc: or maybe invite_and_preauth=TOKEN ;)

I like short URIs

Ge0rG, No!

:D

marc: I would go for `invite=TOKEN` and "A server offering this feature MUST also accept the token as a <preauth token> for an inbound roster subscription to the inviter."

So implementing user-invitation requires implementation of PARS, right?

marc: not technically, but if you want to provide a good UX then yes

Ge0rG, Yes, for nice UX I would prefer it this way

Ge0rG, your statement sounds like a requirement

marc: you could go with two separate token parameters, then you have explicit separation between PARS and IBR. But then who is responsible for adding PARS to the URI? The server on ad-hoc? The inviter's client?

Ge0rG, the server if it supports PARS?

marc: in the ad-hoc response?

Ge0rG, for breveity, the URI could also be ?invite=TOKEN;preauth=, with the empty preauth signifying that the token shall be re-used

jonasw: then you are breaking existing PARS clients :P

then turn it the other way round :)

preauth=TOKEN;invite=

jonasw: the more I think about it, the more I want to merge both functions into one XEP

I agree

Ge0rG, yes, in the ad-hoc response

Ge0rG, are there any PARS clients out there? :D

marc: there is yaxim

Ge0rG, ah okay

it’s on the to-do for jabbercat

Ge0rG, well, I like your idea of combining both "features" but they should not be depend on each other IMO

marc: that depends on your goal

marc: if your goal is to make as little as possible, then you are right. If your goal is to provide a just-works™ onboarding experience, you need both.

The combination of both would make on-boarding really nice

Ge0rG, of course, providing both should be recommended for public servers

marc: I'm all in for small self-contained XEPs. But if you separate these two, you have a bunch of additional client-side logic to add to compensate for the lack

on the inviter's client: "oh, ad-hoc didn't give me a PARS token. I need to add one to the URI myself. Wait, the https:// URI is not a scheme I know, I can't do that!?"

on the invitee's client, I need to cover all four combinations of features

none / invite / pars / invite+pars

Ge0rG, no, the server just adds the PARS token and returns it

marc: but the server doesn't support PARS, only the client.

I've designed PARS as a client-only protocol because server developers are lazy.

Ge0rG, ah okay, didn't thought about that use case

And server operators are even lazier.

yeah, server developers aren’t that lazy

Ge0rG, that's a good point... hm...

marc: you implement your nice new server-side XEP. Then it takes weeks to months for it to get merged upstream. Then you need to wait for the next server software release. Then that release needs to be distro-packaged. Then you realize that most server operators never upgrade.

Ge0rG, well, that's true for all server-side XEPs

marc: true

Ge0rG, should be implement everything on the client side?

marc: now you know why PARS can be implemented 100% client-side

s/be/we

Ge0rG, I think it might be not /that/ bad

marc: Daniel's compliance tester is a good thing to make server operators aware.

we’ve seen quite quick adoption of things since conversations compliance checker

right

jonasw: especially private PEP.

so if somebody builds a prosody module which does that, even if it only supports things in-memory, that’ll already be a major plus

Ge0rG, yes, we have. A lot of work is going into that :)

you can't force server developers to do work by showing a red square on some website

but operators

Ge0rG, to solve this issue we need an "official" public server list on the (xmpp.org?) website

to solve that problem we need massive funding for developers.

which shows only servers with a special set of XEPs

jonasw: how many servers are there in the compliance checker? ~120? yax.im has >1000 of s2s connections.

marc: we can't even come up with that official set of XEPs.

Ge0rG: divide that number by 4

Because in and out and conferences

marc: but yes, we need an official compliance checker, and maybe some kind of Badge Of Compliance that we can issue. Do you volunteer?

daniel: `Total: 1112 outgoing, 1079 incoming connections` - not sure how many MUCs there are, but cant' imagine it's 50%

Ge0rG, let me first finish my URI handling in Conversations and the user-invitation XEP ;)

Ge0rG, depends on what you want to check, the aioxmpp end-to-end test suite might be a good start :)

Ge0rG, but I think that's really important

marc: what's important?

Ge0rG, some official server list

marc: xmpp.net had a semi-official one.

but now it's down and needs work to bring up again.

yeah, about that xmpp.net thing, Kev, I’m still hoping for your Dockerfile :)

if you have created an account on a server which doesn't support, let's say HTTP upload, and file transfer in group chats doesn work this user will be annoyed and probably will never use / recommand XMPP

jonasw: Let me sort that out now.

Kev, that’d be lovely

I’m tempted to sink my weekend into getting xmpp.net up&running again

!praise jonasw

(and then people wonder why jabbercat isn’t making progress)

!praise jonasw

hold yer horser

save the praise for when I’m done

I might easily get fed up by PHP

What is jabbercat, BTW?

(by the way, why isn't jabbercat making progress?)

Kev, https://github.com/jabbercat/jabbercat, TL;DR: new Qt5 Desktop Client

Because we don't have a Qt5 Desktop client already? :)

it's a very promising early alpha

Ge0rG, to speed things up "we" should decide how we implement PARS and user-invitation

Kev, frankly, when I started, I didn’t know / forgot about Swift & co.

The Swift bug tracking situation is not optimal. I've submitted a bunch of things and I have no clue whether they got fixed or not.

(except for the wontfix ones)

marc: let me help you with that. We integrate account creation into PARS.

Ge0rG, okay, and what's the protocol flow then?

marc: ad-hoc -> xmpp: URI with optional https: URI -> out-of-band -> IBR/PARS request

Ge0rG, so the server generates / appends an additional PARS token if enabled?

marc: if the server doesn't provide an https: URI, the client can either pass on xmpp: or use its own landing page (eg. https://yax.im/i/)

marc: there is no "if enabled"

and there is only one token, that can be used for both

No, that won't work for closed-registration servers.

Yeah, that's somehow my problem ;)

Ge0rG: Nothing is optimal :)

Ge0rG, why?

jonasw: the xmpp: URI needs an indicator whether registration is allowed.

Ge0rG, ;allow-register?

Because that means that somebody may propose just an other XEP for it...

we could go with `xmpp://server/inviter@server;preauth=TOKEN` - `server` is explicitly telling us the domain where to register, the inviter JID is present and a token that can be used for either.

But that will break most current clients that support xmpp:

should we provide means for the server to specify a different domain from the inviter's?

Ge0rG, will it though?

Ge0rG, yes we should, I also had this idea :)

jonasw: when you open an xmpp://foo.bar/user@foo.bar link, I'm pretty sure unexpected things will happen.

yes, I think the XmppUri parser in Conversations is broken

I’m pretty sure I’ll get "unknown protocol" because I don’t have an application which supports XMPP URIs at all

the URI parser on android is broken as well

At least it doesn't support the authority part properly AFAIK

What about: > If the server allows In-Band-Registration with the preauth token, it SHOULD add an `ibr` parameter. If the IBR domain is different from the inviter's service domain, the server should set the value of the `ibr` parameter to the domain name.

So we would end up with: `xmpp:georg@legacy.yax.im?preauth=TOKEN;ibr=yax.im`

Ge0rG, should we really avoid using XMPP URI properly just because some clients don't implement the parser properly?

marc: we are using the URI properly.

marc: the primary goal of the URI is to add a contact, not to register with the server

are we? wouldn’t xmpp://yax.im/georg@legacy.yax.im be more correct?

What about xmpp://server/inviter@server;preauth=token` then?

See above.

I think jonasw is right

marc: so your goal is to force the invitee to register with your server?

Ge0rG, yes, at least it would be nice if we have an option for this use case

jonasw: How do you want this tarball?

Ge0rG, because I'm pretty sure my server has nice XEPs enabled ;)

Kev, deep fried

Kev, mailto:jonas@wielicki.name

marc: maybe we have different goals, then? I want to give out a link that allows the receiver to add me as a contact, and to create an account on the way if required

I just wish this was all working before end of year :D

marc: if you want to "entice" the receiver to re-register on a different server, I don't agree.

jonasw: This is stuff for running up a symfony-based PHP thing, so you might want to trim some of the bits out - e.g. I have no idea if the frontend needs to install depedencies with composer. There might or might not need to be crontasks, trim that out if not, and you might or might not need to populate an environment file of some sort.

marc: but in that case, the xmpp://server/inviter@server would be semantically correct.

Kev, thank you very much

Ge0rG, don't get me wrong, my intention is to make easy onboarding....

gotta head out now for lunch, will take a look later :)

marc: right. And onboarding without having to create an account is easier :P

FWIW, marc, I think we shouldn’t encourage non-power users to have multiple accounts.

what jonasw said.

it should be there if they need and want it, but we shouldn’t make it the default path for the unthinking chicken installing debian :)

(hitting enter / the big button on each step)

(this is not to insult our users, just making a reference to the old joke that even a chicken can install debian by simply hitting on the Enter key repeatedly)

(and I think that it should be that easy to use XMPP)

I agree, but to me it looks like we miss some useful feature in the XEP then

marc: what would that useful feature be?

Ge0rG, somebody is on a shitty server? :D

marc: this is not a feature of the XEP

well, it's user invitation

marc: what about having a "server quality index" display in all clients, that can estimate how good the current server is, and how good the proposed one? :P

marc: well. You can have the "Create new account on [ibr server]" button in the add-contact UI; and then you write into your invitation mail to click that button :P

Ge0rG, if we don't have this feature there is no way to invite a user to a non-public server

marc: my point is, what if you are on a shitty server and I'm not?

marc: by non-public you mean non-federated?

Ge0rG, no, just a server where only registered users can invite somebody

Ge0rG, I think there are some reasons to join a specific server even if an user has already an account, privacy/trust etc.

marc: to invite a user to a non-federated server, the correct URI would be indeed `xmpp://server/inviter@server?ibr;preauth=TOKEN`

This wouldn't be possible and IMO that's not good if we have the chance the include this

Ge0rG, non-federated server is not the correct term

Just because a server doesn't allow public registration it can still be federated...

marc: if it allows federation, there is no need to force non-power-users to create a second account

Ge0rG, even if the user is a "power-user", how to easily invite the user? via a web-interface / shell just because the XEP doesn't support this feature?

I think you two are misunderstanding eaxh other

:D

Ge0rG wants to keep the account creation, but not as default

and away

Well, I'm fine with that :)

It shouldn't be the default but it should be _possible_

And, maybe that's the controversal part (?!), PARS should be optional

Hm, maybe that's not too important

I don't know

marc: why do you think PARS should be optional?

Ge0rG, just thought about it

Doesn't make sense

marc: :)

:)

Okay, sounds good to me

marc: anticipated UI: +-----------------------+ | Invitation from Georg | | | | JID: [georg@yax.im ] | | Name: [Georg ] | | | | [ ADD CONTACT ] | | | | [create yax.im accnt] | +-----------------------+

marc: the first button is prominent, the second button is toned down, like "skip registration" would be

Ge0rG, +1

Ge0rG, so JID and Name are editable text fields?

Flow: the JID is visible but not editable, the name is editable

Flow: one might want to add a roster group selector as well.

Hmm, how about "Invitation from Georg (georg@yaxim)" then?

Ge0rG, if we agree on the possiblity of predefines usernames (optional) we're almost done :D

marc: please don't.

and why is there a [create yax.im account] button?

Flow: what's wrong with the above? You can reuse your regular "add contact" dialog and just disable JID editing

Ge0rG, but it allows me as admin to create an account for an user

As I said, optional, server-side option, maybe for admins only etc.

Not useful for public servers

Ge0rG, ok, if that is the idea. But I would proably go for a specialized UI

marc: if you already created an account, you should use xmpp://user@server?preauth=TOKEN

Flow: [create yax.im account] is for power-users who want to have an account on the same server as the inviter.

Ge0rG, well the user still has to specify the password

So ibr is still correct I think

marc: I think this is a completely different use case.

Ge0rG, but UX usually means to hide operating elements for power useres

Flow: tell that to marc

will do

:D

good thing a protocol can't require how the UI looks like

Flow: actually that's a bad thing, in most cases.

Ge0rG, require or suggest? ;)

Except when protocol designers try to create a UI :P

But yeah, I think that hiding the account creation behind an "Advanced..." button would be good.

Ge0rG, sounds good

marc: we really do need a way to "export" an account to a new device, or to one-click register, but I think this is a (slightly) different use case

Ge0rG, just let me know what's the big difference between "you have the option to create an account or add the contact to your roster" and "you have the option to create an account with full JID or add the contact to your roster"?

marc: what you are looking for is, as an admin, to pre-create an account and give the user enough info to just configure a password.

Ge0rG, yes

marc: what I'm looking for is to add a contact, and to create a user-defined account if required.

Ge0rG, do you really think it's worth making an extra XEP for that?

marc: if you pre-created an account, you want your invitee to use that.

marc: I only want to give the invitee the option to create an account themselves

Ge0rG, what's the down-side of allowing this optional feature?

marc: because this optional feature must be implemented by all clients

okay, that's a reason

marc: every time you add an option to a protocol, you double the number of possible situations

But the code is very small

Ge0rG, I know I've implemented it in conversations

You just have to check if that's a full JID or just the server name

marc: so with optional inviter name, optional invitee JID, optional https:// URL, and the option to already have an account we are at sixteen different cases already.

In the latter case you have to fix the server name in the JID text entry

marc: I see two different, but related use cases: 1. you want to onboard someone to a pre-registered account on your server. Use `xmpp://user@server?preauth=TOKEN` 2. you want to add a contact. Use PARS with an `ibr` option.

marc: both use cases can share wire protocol ✏

yes

marc: and I think they also can share an XEP

Ge0rG, yes, me too that's why I'm so stubborn about it :D

marc: it just doesn't make sense to map both use cases onto the same UI

Ge0rG, on what side? inviter, invitee, both?

marc: invitee

Ge0rG, I'm fine with that

marc: for the inviter, the admin use case can be mapped to some ad-hoc command without explicit client-side UI

the user-inviting-user case should have a "Create invitation" UI

Ge0rG, My demo showed the admin version

Ge0rG, just imagine that a normal user would get the qr code directly

marc: it's nice that you added the admin version into Conversatios, but that's quite some overkill

Without the possibility to choose a username

Ge0rG, actually that's all done automatically

Because the server responds a form with the possiblity to choose a username

There is no additional logic for this admin feature

Since the UI is generated automatically by the form

So I don't think that's overkill

It's like generateUserInput(form);

marc: okay, so if you are an admin, you get a data form for username / display name?

Ge0rG, exactly

marc: I think there is no need to XEPify that.

username might still be optional but you get the possibility

marc: we should XEPify the ad-hoc command name. And to a normal user, it should return a PARS;ibr link.

Ge0rG, maybe not, but it would prevent user/admin defined behaviour...

marc: if you are an admin, it might return a PARS;ibr link or a data form asking for a username

Yes

That's my idea

marc: if you leave out the username, it will return a PARS;ibr link. If you enter one, it will return an onboarding link of `xmpp://user@server;preauth=TOKEN`

Ge0rG, looks good to me

marc: so what needs to be XEPified is: ad-hoc command name; URI formats for both use cases; (approximate) client behavior for both use cases; wire-format for IBR

+; dependency on PARS

marc: what I really like about the admin use-case is that it finally allows to register on a server using a one-time-token

Ge0rG, yes!

There used to be an Easy_Account_Creation page on the wiki

Finally caught up with all your messages! Good to know you're getting somewhere :)

:D

I think we should re-use ?register action, right?

iiuc, that means as a server admin I'll be able to issue registration tokens right? and have IBR wait for that token

pep., yes

marc: you mean https://xmpp.org/registrar/querytypes.html#register

Yes

marc: do you want me to write the XEP?

Obviously as a server admin I should be able to allow more people to issue tokens. Allowing everybody to issue these is not really smart though, right?

Ge0rG, we can work together on it

pep., You can specify a set of people which are allowed to generate tokens or something like that

yeah

But that really depends on your service

pep.: you could disable generic IBR and use this mechanism to allow all your users to invite other users.

exactly

Ge0rG, I guess I could. Or have a blacklist rather than whitelist

pep.: how is that supposed to work?

marc: there is also https://xmpp.org/extensions/attic/xep-0235-0.3.html

Ge0rG, if you're fine with token expiration I think an other topic which need to be disucussed is how we handle/limit the number of invitations

Maybe it's not worth it, I have never been target of spam so you know better. But if a spammer gets one than it's similar to open IBR again

Eh, https://xmpp.org/extensions/xep-0235.html

marc: I think that is absolutely out-of-scope

They'd be able to generate tokens etc.

You can traceback where it came from though

Ge0rG, we should at least define an error for that

pep.: right, one could easily kick the spammer and all of their friends.

Ge0rG, nothing is more annyoing to a user if you get something like "doesn't work at the moment, try again later!"

marc: I'm sure we can re-use existing IBR errors

Ge0rG, I mean for token/invitation generation

And there is https://xmpp.org/extensions/inbox/user-auth.html

marc: the ad-hoc command should always return a token, just maybe not with an `ibr` tag.

Ge0rG, that would be confusing ;)

marc: to whom?

marc: the default use case is to generate a PARS uri

marc: if you are talking of the admin use case, yes, it should return an error.

sometimes you have the ability to create an account sometime not?

+s

marc: for the user use case, the server generates a PARS or a PARS;ibr link

marc: depending on whether user-initiated account creation is allowed on the server.

marc: a non-ibr PARS link will mean that the invitee's client is responsible for account creation

Ge0rG, just thought about the case where an inviter creates too much PARS;ibr tokens

Maybe you want some policy to limit the number of PARS;ibr tokens

marc: maybe. But there is no need to expose that to the inviter's client

(1) Marc invites somebody without account -> server generates PARS;ibr -> nice (2) Marc invites somebody without account -> server generates PARS only -> invitee and Marc are confused

Ge0rG, maybe I don't get your idea but this is how I understood your approach

marc: (2) Marc invites somebody without account -> server generates PARS only -> invitee opens link in yaxim and registers on yax.im -> nice

Ge0rG, sounds like a bad idea to me... not every client provides a xmpp server?

marc: no, but the ones implementing PARS do :P

for now

Ge0rG, Does PARS require a client software to provide a xmpp server?

marc: actually, I forgot to add that part to the XEP

Ge0rG, :p

marc: but yes, I think that a client implementing PARS needs to have a sensible user-onboarding flow that does not depend on the invitee.

Ge0rG, so jabbercat better doesn’t implement PARS

marc: it doesn't mean the client developer must run an IBR server, they can provide a list of public servers instead

(I won’t get into the business of running a public server.)

ah well

jonasw: you can SRV-link jabbercat.im to the yaxim server :P

:>

Ge0rG, okay, I think I'm okay with your idea

Ge0rG, will do

jonasw: I'm pretty sure I can handle the additional load

jonasw: btw, did you buy out jabber.cat already? :P

no, won’t

too politically unstable that TLD ;-)

Heh.

Still better than .io

Although it may be very confusing if that happens to invitees who sit next to each, for example ^^

does im have DNSSEC by now?

jonasw: nope

m(

marc: why so?

Ge0rG, because they don't get the same dialog

Ge0rG, invitee A an create an account on the server and invitee B can choose some public server

Ge0rG, but then I want private+persistent PEP on jabbercat.im!

jonasw: please star & comment on https://prosody.im/issues/485

I won’t comment, Zash hates that

(rightfully so)

> PEP with permanent storage is now in mod_pep_plus and should be working. Thanks to Link Mauve!

Yeah, that's in trunk

> Is this feature usable with 0.10? *crickets*

0.10, pff :)

just to give you ideas, in Movim I've implemented an invitation system for MUC that generate a unique link https://nl.movim.eu/?login/GA1dbdSB

once the user login it automatically ask him to add the MUC to the bookmarks and join

it's a bit like Discords in doing

edhelas: web-based stuff is easier

yup

I want that MUC invite integration thing

edhelas: can you make it work with PARS and easy-xmpp-invitation? :P

dunno

"Timothée Jaussoinhat Sie eingeladen, einen Chatraum zu bet..." - the UI is cut off.

That's what you get for inventing such long words in your language!

shees, you're almost as bad as the Finnish!

there's never enough place to display german messages

it's also cut off in english

oh. :)

Guus, don’t insult the finnish

edhelas: which is why German is a good UI testing language.

they’ve got the most amazing language on this continent

yeah, long words and long sentences :)

and umlauts!

they beat all of us at the Scrabble

edhelas, where is that in the UI btw? Where do I generate that

My favorite was a bug report by a user that my app was lacking a button. It took me a looong while to find out that on some Android version, the OS developers removed text-wrapping from buttons, and the "OK" button was outside of the dialog

jonasw: I'm always laughing at subtitles Finnish tv, where one of the lines (Swedish), has words, and the other line (Finnish) has _a word_.

:)

that’s how amazing it is!

pep. in a chatroom, click Menu > Invite

nice

https://stackoverflow.com/questions/26708976/alert-dialog-buttons-problems-in-android-l - this one, except that in my app, the button was completely gone!

Should the ad-hoc command node be a human-readable short string or a unique identifier / URL?

the latter

there’s a separate name field thing

cf. https://xmpp.org/extensions/xep-0050.html#retrieve

prosody is using URLs as node names, the XEP is using short identifiers.

I'm not talking about the 'name' field but about 'node'

URLs is probably safest

me too

> Service Discovery requires that all 'node' values be unique within a given JID. This document requires that the 'node' value used in <command/> exactly match the value used in the <item/> element. It is the responsibility of the responder implementation to ensure each command's node is unique for their JID. So short identifiers are valid as well, unless you support plugins that add more nodes.

yup

So for the sake of implementing an invitation ad-hoc-command, it should be a URL as well? Hmhm.

one could probably re-use the URI the XEP will allocate

you mean the XEP html URI?

no

urn:xmpp:fancy-invite-xep:0:command ✏

ah, yes.

Ge0rG, are you writing the XEP atm?

marc: not yet. Should I?

Ge0rG, Just asking because your question regarding ad-hoc command

marc: I was looking into what's needed to write that XEP

found another onboarding bug in yaxim: if you open yaxim with an xmpp: Intent, and you don't have an account yet, it will error out.

fix things!

Fixed. Looks good.

Meh. Why is there no non-shady barcode scanner app that works in portrait mode?

mine switches; is that important?

yes, if you want to screen-record.

especially since the launcher locks to portrait mode.

Ge0rG, marc, what are you going for in the end, improving PARS to include that use case, or another XEP?

pep.: probably both

I'm filing a bug against dino for IBR and PARS

pep., you mean regular IBR?

0077 yeah, at least, they don't have it apparently, from the quick search I did

marc: https://op-co.de/tmp/easy-onboarding.mp4 (2.5MB; broken IPv6) ✏

Ge0rG, nice!

You already have a "parkedtextview"

Ge0rG, I feel that "Register a new account" check might be one check too many

I searched one for Conversations

pep., Indeed

Ge0rG, mind you I don't want to force the account creation on that server

Just talking UX wise

marc: what's a parkedtextview?

pep.: the usual approach is two buttons: "[login] [create]"

A textview where you have a fixed text at the end (e.g. @example.com)

marc: it's not parked, it's smart.

marc: wait, I'll show you.

Ge0rG, I found a textview on GitHub that promised to do that and it was called "ParkedTextView"

I don't know if that's the correct term :D

marc: https://op-co.de/tmp/autocomplete-jid.mp4

marc: https://github.com/pfleidi/yaxim/blob/master/src/org/yaxim/androidclient/widget/AutoCompleteJidEdit.java

marc: and if you tap into the hostname part, it will make it editable as well.

Ge0rG, who do I pay to appear in your server list?

Ge0rG, that's nice! It is also possible to fix the domain part?

pep.: PR against https://github.com/pfleidi/yaxim/blob/master/res/values/servers.xml

marc: nope, not supported yet

pep., In a perfect world this server list would be download from a server list provided by XSF or something like that

+ed

marc, in a perfect world we would have no need for xmpp

Ge0rG, k

mathieui, you mean everybody would be using WhatsApp?

pep.: the former source is this: `curl -s http://xmpp.net/services.xml | xml2 | awk -F= '/@jid=/ { print "\t\t<item>" $2 "</item>" }' | sort -n`

Ge0rG, and then you tested for IBR?

pep.: no.

Ge0rG, easy onboarding!!1! :D

pep.: it's a generic public-server list for JID auto-completion, I don't have IBR flags.

I'm curious what would get included in the list

We really need a good server list... :D

marc: we need a list with meta-data, like hosting country, privacy regulations, ToS-TLDR, reliability, and of course a fancy logo.

The logo is the most important part, people don't care about the others.

Ge0rG, if meta-data includes XEPs, yes

+1 for the logo

Ge0rG, agreed, a server-list like that would be nice

marc: there was some discussion on standards@ regarding that.

Probably around a year ago

Yes, we need a badge and a list for public server which support all XEPs required for mobile devices, HTTP upload, OMEMO, etc.

marc: you just volunteered.

marc, OMEMO is a client-side thing

well, PEP ~

pep., No, it needs PEP

Sure

The PARS proposal that daniel made also needs PEP. Private PEP

Ge0rG, what's that?

I mean the PARS proposal

marc: current PARS requires the client to handle token generation and approval. Daniel suggested to make a private-PEP entry storing a HMAC key, so that the server can validate ingress tokens

I'm not sure I understand how that would work

Ge0rG, your broken IPv6 is annoying

mpv is now at more than a minute for trying to connect to your server

can you please remove the AAAA records

Ge0rG, will it also be able to validate pokemon go tokens?

jonasw, yeah same, I resorted to wget / mpv instead :/ ✏

finally

oh no

ah yes

Ge0rG, hm, somehow the firs t screen seems cluttered

is it possible to show *only* the dialogue without the other stuff in the background? ✏

jonasw: you will find bliss in RFC 6555

happy eyeball?

Ge0rG, yeah, but I can’t make that magically happen

heh

jonasw: the first screen of yaxim? the account creation one?

yes

jonasw: do what I would do. https://github.com/dino/dino/issues/208

that is, make the dialogue full screen. what’s that called in android?

Ge0rG, I don’t even know which component is at fault here

is it glibc for not doing this on connect(2)? is it mpv for not opening separate connections by itself? is it maybe even youtube-dl? I have no idea.

jonasw: probably it's mpv

youtube-dl -4, --force-ipv4 Make all connections via IPv4

mpv didn’t accept -4

also, ECHAN

https://gateway.ipfs.io/ipns/QmSgwwdejjsizQnKffKo6e84vfvBWCH5tnGpAwLPJVvhby/ if any german people are available, it may be interesting

ipfs never works 😉

he guys, lets start the member meeting in 2 minutes

Feels like we just had this, with the board/council not too long ago :)

here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08

Alex, it’s supposed to be at 20:00 UTC ?

it’s 19:00 right now

then I put it wrong in teh Cal ;-)

right, wiki says 19:00 but latest members mailing says 20:00

19:05 even!

lets do it now, as I have to leave soon, when there are no concerns

What if there are members wanting to vote at 20:00?

Does anyone ever actually want to vote in the meeting? It doesn't matter, let's just do it now while Alex is here.

If you wanna be Procedurally Correct, then the time in the announcement is probably the best. And since it is later, it's also probably safer.

SamWhited: Last minute proxy-bot-votes happen tho

Altho if the original original announcement said yesterday then everyone should have voted already, so ..

Does it ever actually come down to one or two votes then? Why try to fix it until it's a problem?

SamWhited agreed, lets continue

Go for it

1) Call for Quorum

as you can see 34 members voted via memberbot, so we have a quorum

2) Items Subject to a Vote, new and returning members, you can see the lists of applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q4_2017

3) Opportunity for XSF Members to Vote in the Meeting

anybody here who wants to vote now?

memberbot would be still up for that

ok, will start working on the results then

In case anyone had wanted to, but showed up at the announced time, then it'd be a bit weird.

Zash, well, initial voting time has already passed, and we have to resolve conflicts only if a number of people significant enough to change results take issue with that

4) Announcement of Voting Results

when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2017-12-08#Announcement_of_Voting_Results you can see the results

all new and returning members are accepted

Congratulations, everybody!

🎆

Congratulations to all returning members and pep.

5) Any Other Business?

looks like there is none

6) Formal Adjournment

I motion that we adjourn

seconded

thanks guys

Thanks alex; and congrats all!

thanks for the work, as always, Alex

Ge0rG: In most text fields on my machine I can tell what that was… in Android I can tell what that was… in my console:

https://i.imgur.com/3jykNf1.png

I'm interested in hearing about the 4 No votes, ping me in private if you want to talk about it

and sorry about the time confustion. I work in too many different timezones these days ;-)

pep.: maybe related to the short application, at least this is some kind of pattern I have seen in the past

Ok

SamWhited: what kind of console is that? Maybe you need Smiley Hugification™

Ge0rG: mcabber on xfce4-term (which is weird, I realized I wasn't actually sure since I don't use xfce4 anymore, but apparently I left the terminal installed)…

weird indeed.

pep. i like you, just wanted to put it out there.

lovetox: 😘

Congratulations everyone, and also pep. !

Bunneh: draft uta-email-deep

Zash: "Cleartext Considered Obsolete: Use of TLS for Email Submission and Access", Keith Moore, Chris Newman, 2017-12-06, https://tools.ietf.org/html/draft-ietf-uta-email-deep-12.txt

2014 called, or something

Zash: it was 2014 for Jabber, and that was already a decade late

Better late than never?

Yeah, right

Oh, that rfc is for MUA access to servers. They are really a decade late

interesting they chose the term 'Implicit TLS'

we settled on 'Direct TLS' for 368

but I'm excited we are back to doing that for mail, I mean I have been, because it lets me multiplex on SNI and use 443 for imap+smtp+pop

but I'm excited it's going back to recommended status :)

if that reaches draft can we bring back implicit 5223 also ? :D