XSF Discussion - 2018-01-04

  1. goffi has left

  2. jere has joined

  3. lovetox has left

  4. jere has left

  5. jere has joined

  6. jjrh has left

  7. jjrh has left

  8. SamWhited has joined

  9. jjrh has left

  10. lskdjf has joined

  11. la|r|ma has joined

  12. la|r|ma has joined

  13. lskdjf has joined

  14. winfried has left

  15. SamWhited has left

  16. SamWhited has left

  17. tux has left

  18. tux has joined

  19. moparisthebest has left

  20. matlag has left

  21. matlag has joined

  22. Lance has joined

  23. uc has joined

  24. Lance has left

  25. dwd has left

  26. dwd has left

  27. suzyo has joined

  28. moparisthebest has joined

  29. sezuan has left

  30. Tobias has joined

  31. Tobias has joined

  32. suzyo has joined

  33. suzyo has joined

  34. moparisthebest has joined

  35. suzyo has left

  36. suzyo has joined

  37. suzyo has joined

  38. Guus has joined

  39. suzyo has joined

  40. suzyo has left

  41. suzyo has joined

  42. suzyo has joined

  43. suzyo has joined

  44. Tobias has left

  45. tim@boese-ban.de has joined

  46. suzyo has left

  47. dwd has left

  48. ralphm has joined

  49. suzyo has joined

  50. Guus has left

  51. Guus has joined

  52. dwd has left

  53. zinid has left

  54. Guus has left

  55. Guus has joined

  56. efrit has joined

  57. dwd has left

  58. jere has left

  59. dwd has joined

  60. dwd has joined

  61. jere has joined

  62. Steve Kille has left

  63. dwd has left

  64. pep. has left

  65. Guus has left

  66. Guus has joined

  67. Zash has left

  68. remko has joined

  69. remko has left

  70. Guus has left

  71. andrey.g has left

  72. goffi has joined

  73. moparisthebest has joined

  74. moparisthebest has joined

  75. Tobias has joined

  76. Steve Kille has joined

  77. Alex has joined

  78. efrit has left

  79. ralphm has joined

  80. daniel has left

  81. Guus has joined

  82. zinid has joined

  83. dwd has left

  84. tux has joined

  85. dwd has left

  86. daniel has left

  87. ralphm has joined

  88. lskdjf has joined

  89. la|r|ma has joined

  90. la|r|ma has joined

  91. remko has joined

  92. zinid has left

  93. ralphm has left

  94. jonasw has left

  95. tux has left

  96. la|r|ma has left

  97. zinid has joined

  98. dwd has joined

  99. dwd has joined

  100. dwd has joined

  101. zinid has left

  102. zinid has joined

  103. andrey.g has joined

  104. zinid has left

  105. zinid has joined

  106. lskdjf has left

  107. ralphm has left

  108. daniel has left

  109. suzyo has joined

  110. ralphm has left

  111. Alex has left

  112. Alex has joined

  113. zinid has left

  114. zinid has joined

  115. suzyo has joined

  116. zinid has left

  117. zinid has joined

  118. lskdjf has joined

  119. la|r|ma has left

  120. Alex has left

  121. dwd has joined

  122. dwd has joined

  123. Ge0rG has left

  124. suzyo has left

  125. had-hoc has joined

  126. suzyo has joined

  127. SouL has joined

  128. Alex has joined

  129. SouL has joined

  130. Alex has left

  131. daniel has left

  132. ralphm has left

  133. suzyo has joined

  134. jjrh has left

  135. suzyo has joined

  136. ralphm has left

  137. daniel has left

  138. lumi has joined

  139. moparisthebest has joined

  140. moparisthebest has joined

  141. daniel has left

  142. zinid has left

  143. zinid has joined

  144. SamWhited has left

  145. hannes has joined

  146. sonny has left

  147. jjrh has left

  148. zinid has left

  149. suzyo has joined

  150. zinid has joined

  151. suzyo has joined

  152. jjrh has left

  153. zinid has left

  154. xnyhps has joined

  155. ralphm has left

  156. lskdjf has joined

  157. sonny has joined

  158. sonny has left

  159. Guus has left

  160. Guus has joined

  161. sonny has left

  162. Guus has left

  163. sonny has joined

  164. goffi has left

  165. Guus has joined

  166. jere has left

  167. jere has joined

  168. dwd has joined

  169. dwd has left

  170. SouL has left

  171. hannes has left

  172. hannes has joined

  173. dwd has joined

  174. ralphm has left

  175. dwd has left

  176. dwd has joined

  177. dwd has left

  178. dwd has joined

  179. lumi has joined

  180. jjrh has left

  181. SouL has left

  182. SouL has joined

  183. Guus has left

  184. dwd has left

  185. ralphm

    Hi all

  186. MattJ


  187. ralphm bangs gavel

  188. Ge0rG

    What? End of Meeting?

  189. ralphm

    0. Welcome and agenda

  190. ralphm

    Who do we have?

  191. MattJ

    I'm here

  192. jjrh has left

  193. jjrh has left

  194. MattJ

    Guus and Martin both said they couldn't make it today

  195. ralphm


  196. Syndace has left

  197. Syndace has joined

  198. ralphm

    and no nyco?

  199. dwd has left

  200. dwd has joined

  201. ralphm

    Ok, so no quorum. Let's try next week and follow up on list.

  202. ralphm bangs gavel

  203. MattJ


  204. Ge0rG

    ralphm: don't forget to change the topic for our multi-year ongoing Board meeting

  205. moparisthebest has joined

  206. Guus has left

  207. dwd has left

  208. ralphm set the topic to

    XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  209. ralphm


  210. Ge0rG


  211. Ge0rG

    thanks very much.

  212. Ge0rG

    BTW, whom should I approach about the administration of jabber.org and xmpp.org the Jabber servers?

  213. jonasw

    stpeter maybe?

  214. jonasw

    xmpp.org is iteam

  215. jonasw

    xmpp.org isn’t a public server in any way though

  216. jonasw


  217. Kev

    Iteam for xmpp.org. Peter for jabber.org. Although you can always approach me and see if I can help.

  218. Ge0rG

    Maybe I should just make it (more) public now.

  219. jonasw

    your manifesto?

  220. Ge0rG

    Kev: I'm working on a Public Servers Anti-Spam manifesto - https://gist.github.com/ge0rg/2e4accf6950821ca45f743fdf587c08e - I'd like to get some feedback from large public servers' admins to create a consensus that can be signed off

  221. mathieui

    if only the third item was possible

  222. Ge0rG

    mathieui: monitoring registrations from TOR?

  223. mathieui


  224. Ge0rG

    mathieui: it is possible, at least on prosody

  225. Kev

    I think it's millions of users, FWIW, although not all active.

  226. Kev

    jabber.org has millions of registered users on its own.

  227. mathieui

    well, if "monitoring" consists of adding one log line to the prosody debug file, then sure, it’s possible

  228. mathieui

    but also useless

  229. Ge0rG

    mathieui: you can have a script grep your log

  230. moparisthebest

    And do what

  231. moparisthebest

    Xmpp over tor is perfectly legitimate

  232. jonasw

    moparisthebest, treat the accounts with more scrunity until it’s clear they’re not abusers?

  233. jonasw

    limit resource usage etc.

  234. mathieui

    moparisthebest, it’s perfectly legitimate but mass account creation is not

  235. jonasw

    protecting public servers against tor-helped abuse is also perfectly legitimate :)

  236. moparisthebest

    jonasw: sounds hard for a script but sounds ok

  237. mathieui

    also from my homemade statistics we’ve got around 1000 registrations for one legitimate user from those ips

  238. Ge0rG

    > protecting public servers against tor-helped abuse is also perfectly legitimate :) We really need to differentiate here. There _are_ legitimate use cases for Tor

  239. jonasw

    Ge0rG, that’s why I’m saying "tor-helped abuse" and not "tor itself"

  240. mathieui

    yeah, it’s not about banning Tor at all (hell, I run a relay myself)

  241. moparisthebest

    So will there be a public list of servers that should be blocked or will that be up to individual servers to determine

  242. jonasw

    I suggested to run a public DNS block list

  243. jonasw

    but Ge0rG was against the name I proposed :)

  244. moparisthebest

    That would be ideal, but then someone has to manage it

  245. jere has joined

  246. jonasw

    I wanted to try that

  247. moparisthebest

    The reason it's ideal is because large servers have enough info to determine bad domains, small servers do not

  248. jonasw


  249. moparisthebest

    And I'm biased, I'm the only one on my server to get spam :)

  250. lumi has joined

  251. waqas has joined

  252. Ge0rG

    jonasw: I was not opposed to you actually running it, but you might give it a better name, like xmpp-rbl

  253. jonasw

    I know

  254. jonasw

    RBL doesn’t seem to be a reasonable name though

  255. jonasw

    because it won’t be real-time or blackhole, will it?

  256. Kev

    Is there any reason for it to be DNS-based for XMPP?

  257. jonasw

    Kev, exploiting existing cache infrastructures and speed?

  258. Kev

    But you're talking about running your own, aren't you?

  259. jonasw

    what does that have to do with anything?

  260. jonasw

    with existing cache infrastructtures, I mean global and local resolvers

  261. Kev

    "Exploiting existing infrastructure" and "bringing your own new infrastructure" don't seem compatible.

  262. jonasw

    DNS is also easily replicated

  263. Kev

    Anyway, I don't have a particular reason it needs to not be DNS.

  264. Ge0rG

    jabber.org doesn't have offline storage :(

  265. Kev

    It doesn't?

  266. Ge0rG


  267. Kev

    I don't remember that being disabled.

  268. Ge0rG

    At least I get `503 - cancel: Service unavailable` when messaging stpeter

  269. Kev

    I just tested on myself, and it worked.

  270. Ge0rG

    I never was able to message stpeter when he wasn't online.

  271. jonasw


  272. Ge0rG


  273. Ge0rG has left

  274. dwd has joined

  275. lumi has left

  276. jjrh has left

  277. SamWhited has joined

  278. SamWhited


  279. Ge0rG

    syn ack

  280. SamWhited has left

  281. SamWhited


  282. SamWhited

    wow, took a,long time to send but apparently I can connect for free on Delta flights' terrible wifi.

  283. Ge0rG

    SamWhited: your `syn?` was delivered twice.

  284. mathieui


  285. mathieui

    I have that from time to time with conversations

  286. SamWhited


  287. Holger

    SM resume fails so Conversations resends to fail on the safe side?

  288. SamWhited

    They claim to only allow Whatsapp, Facebook, and sonething else for free but I can use my server and jmp.chat's SI. server, this is rather nice.

  289. SamWhited

    SIP, even.

  290. Ge0rG

    Holger: shouldn't it wait for the MUC sync to complete before re-sending?

  291. Ge0rG

    SamWhited: maybe they are only blocking HTTP(S) ;)

  292. Holger

    (SM resume fails and the server doesn't include the 'h' attribute with the <failed/> response, that is ...)

  293. jonasw

    Ge0rG, this muc is anonymous, isn’t it?

  294. jonasw

    so there’s no point in syncing

  295. Holger

    Ge0rG: How would that help?

  296. Ge0rG

    jonasw: right, all bets are off.

  297. jonasw

    Holger, if you received the history in a non-anon muc you could be sure whether your message got delivered :)

  298. Ge0rG

    personally, I just ignore impersonation attacks and sync away.

  299. Holger

    jonasw: Hm with some proper ID (origin-id?) I guess so, yes.

  300. lskdjf has joined

  301. zinid has joined

  302. Syndace has left

  303. Syndace has joined

  304. Kev has left

  305. Guus has left

  306. tim@boese-ban.de has left

  307. SamWhited has joined

  308. la|r|ma has left

  309. la|r|ma has joined

  310. Guus has left

  311. jjrh has left

  312. jjrh has left

  313. jjrh has left

  314. hannes has joined

  315. lovetox has joined

  316. SamWhited has joined

  317. zinid has left

  318. mimi89999 has joined

  319. lskdjf has joined

  320. lskdjf has joined

  321. dwd has left

  322. dwd has left

  323. hannes has left

  324. hannes has joined

  325. lumi has joined

  326. tux has left

  327. goffi has left

  328. Lance has joined

  329. Lance has left

  330. efrit has joined

  331. jere has left

  332. jere has joined

  333. efrit has left

  334. efrit has joined

  335. Kev has left

  336. hannes has left

  337. hannes has joined

  338. suzyo has joined

  339. daniel has left

  340. daniel has joined

  341. remko has left

  342. Lance has joined

  343. jjrh has left

  344. jjrh has left

  345. SouL has joined

  346. SouL has joined

  347. suzyo has joined

  348. @Alacer has left

  349. waqas has left

  350. @Alacer has joined

  351. jjrh has left

  352. ralphm has left

  353. remko has left

  354. jjrh has left

  355. efrit has left

  356. Steve Kille has left

  357. jjrh has left

  358. dwd has left

  359. suzyo has joined

  360. Steve Kille has left

  361. dwd has joined

  362. Steve Kille has joined

  363. jjrh has left

  364. uc has joined

  365. dwd has left

  366. hannes has left

  367. la|r|ma has joined

  368. hannes has joined

  369. Steve Kille has left

  370. jjrh has left

  371. Syndace has left

  372. ralphm has left

  373. daniel has left

  374. jere has joined

  375. jere has joined

  376. dwd has joined

  377. Syndace has joined

  378. jere has left

  379. jere has joined

  380. zinid has joined

  381. hannes has left

  382. hannes has joined

  383. Tobias has joined

  384. remko has left

  385. Tobias has joined

  386. hannes has left

  387. hannes has joined

  388. jere has joined

  389. jere has joined

  390. waqas has joined

  391. lskdjf has left

  392. lskdjf has left

  393. andrey.g has left

  394. goffi has joined

  395. Lance has joined

  396. lskdjf has joined

  397. jjrh has left

  398. jjrh has left

  399. mimi89999 has joined

  400. jjrh has left

  401. la|r|ma has left

  402. lskdjf has left

  403. hannes has left

  404. valo has joined

  405. hannes has joined

  406. daniel has left

  407. lskdjf has joined

  408. lskdjf has left

  409. lskdjf has left

  410. lskdjf has left

  411. ralphm has left

  412. lskdjf has left

  413. lskdjf has left

  414. dwd has left

  415. daniel has left

  416. dwd has left

  417. Alex has left

  418. intosi has left

  419. Lance has joined

  420. dwd has left

  421. dwd has left

  422. SamWhited has left

  423. Alex has joined

  424. SouL has joined

  425. ralphm has left

  426. ralphm has joined

  427. ralphm has left

  428. ralphm has joined

  429. zinid has left

  430. ralphm has joined

  431. dwd has joined

  432. goffi has left

  433. Alex has left

  434. hannes has left

  435. hannes has joined

  436. Alex has joined

  437. Lance has left

  438. dwd has left

  439. andrey.g has joined

  440. dwd has joined

  441. marc

    Ge0rG, how did our discussion of user invitation URI end? Do we need the "ibr" query parameter?

  442. dwd has left

  443. daniel has left

  444. valo has joined

  445. dwd has joined

  446. Ge0rG

    marc: yes

  447. marc

    Ge0rG, in what case?

  448. marc

    I remeber I agreed that we don't need an action parameter :)

  449. lskdjf has joined

  450. Ge0rG

    marc: the ibr parameter indicates that the preauth token can be used in an IBR request to the server

  451. marc

    Ge0rG, but the authority part of the URI already indicates it

  452. Ge0rG

    marc: wait, we are talking of account invitation?

  453. Ge0rG

    marc: we need a good glossary

  454. marc

    Ge0rG, no, "account creation" uses the "register" action query :)

  455. Ge0rG

    marc: so how does the contact invitation indicate ibr?

  456. marc

    Ge0rG, xmpp://example.com/inviter@example.com?preauth=TOKEN

  457. marc

    xmpp:inviter@example.com?preauth=TOKEN for client-side PARS

  458. moparisthebest

    did you mean https for the first one marc ?

  459. Ge0rG

    marc: so which one of those?

  460. marc

    Okay, wait

  461. marc

    Account creation: xmpp://newuser@example.com/inviter@example.com?register;preauth=TOKEN User invitation: xmpp://example.com/inviter@example.com?preauth=TOKEN Client-side PARS: xmpp:inviter@example.com?preauth=TOKEN

  462. marc

    moparisthebest, no

  463. Ge0rG

    xmpp:inviter@example.com?preauth=TOKEN;ibr is a perfect match for both second and third use case

  464. marc

    Ge0rG, no

  465. Ge0rG

    And the account invitation doesn't need the inviter URL

  466. marc

    The authority part can indicate the domain to create an account

  467. moparisthebest

    not really sure the need for all the different urls but I'll just shut up until I see xep :P

  468. marc

    moparisthebest, no, just ask

  469. moparisthebest

    well what do each of those do?

  470. Ge0rG

    marc: you are making it too complicated

  471. moparisthebest

    and why are there more than one format if all have to be handled by xmpp client?

  472. marc

    moparisthebest, 1: create an account, 2: invite a user and give the choice to register on the server 3: PARS

  473. Ge0rG

    marc: stop adding edge cases. If the inviter and invitee domains differ, this is not our use case any more

  474. moparisthebest

    hmm how is 1 different than 2 ?

  475. moparisthebest

    like how would you get link #1

  476. marc

    moparisthebest, #1 is more or like admin stuff

  477. moparisthebest

    so why isn't it the same?

  478. marc

    Ge0rG, don't get why this makes it more complicated than using an additional "ibr" parameter

  479. moparisthebest

    I still don't see any reason for more than 1 url

  480. moparisthebest

    whatever it may be

  481. moparisthebest

    it looks like all those have exactly the same info in slightly different formats, why?

  482. marc

    moparisthebest, no, they don't

  483. marc

    moparisthebest, because they are different? ;)

  484. moparisthebest

    what is different

  485. moparisthebest

    what info do they have?

  486. moparisthebest

    bet you wish you would have just let me wait for xep now lol

  487. moparisthebest

    you can go back to ignoring me if you want I don't mind :)

  488. marc

    moparisthebest, #1: contains the new account JID (newuser@example.com)

  489. marc

    moparisthebest, #2 contains the domain for IBR (example.com)

  490. moparisthebest

    do they not all contain domain for IBR ?

  491. Ge0rG

    marc: just completely delete #2

  492. moparisthebest

    so looks like 1 & 2 are same except extra useless 'register' and optional account name

  493. marc

    Ge0rG, we already agreed on it ;)

  494. Ge0rG

    marc: on deleting it

  495. Ge0rG

    And implementing the same functionality in #3

  496. marc

    And IIRC you liked the idea of different domains

  497. moparisthebest

    what does 'register' get you?

  498. marc

    moparisthebest, indicates account registration

  499. moparisthebest

    doesn't newuser@ indicate that?

  500. marc

    moparisthebest, no, because newuser is optional :P

  501. moparisthebest

    So what does it do differently

  502. marc

    moparisthebest, as I said, you could have xmpp://example.com/inviter@example.com?register;preauth=TOKEN

  503. marc

    But don't tell Ge0rG :D

  504. daniel has left

  505. Ge0rG

    marc: that won't work if the invitee already has an account!

  506. moparisthebest

    marc: point being you have to check if they have an account or not already so I think it's useless

  507. moparisthebest has joined

  508. moparisthebest

    And how do you validate it meh

  509. ralphm has joined

  510. marc

    Ge0rG, don't get your point

  511. marc

    Ge0rG, you're talking about #1, right?

  512. Ge0rG

    marc: no, #2

  513. marc

    Ge0rG, okay, what's the problem if the invitee already has an account?

  514. marc

    Why doesn't it work? You just show an dialog to add via the PARS token

  515. marc

    And show a short button or whatever that the invitee can also create an account on the server

  516. Ge0rG

    marc: because you need a #3 link for that to work

  517. marc


  518. marc

    Ge0rG, why?

  519. marc

    Ge0rG, if the server doesn't support this XEP the client can generate #3 itself

  520. marc

    As fallback, the user doesn't even notice it

  521. la|r|ma has left

  522. marc

    The same applies if the server doesn't allow IBR for invitation

  523. marc

    It just sends #3

  524. marc

    (This is what you describe as server-side PARS in your XEP)

  525. jjrh has left

  526. Ge0rG

    marc: if the server allows ibr and generates the link, I still want it to be in #3 format, because that's most widely supported

  527. Ge0rG has left

  528. Ge0rG

    marc: if the server allows ibr and generates the link, I still want it to be in #3 format, because that's most widely supported

  529. marc

    Ge0rG, if these clients are implemented correctly it is even backward compatible ;)

  530. marc

    Ge0rG, #2 is backward compatible to #3 if you parse the URI properly IMO

  531. Ge0rG

    marc: no, it's something different

  532. marc

    Ge0rG, if you correctly parse the #3 URI you would extract the JID from the "path" component

  533. marc

    The same for #2

  534. blueliner has joined

  535. marc

    Ge0rG, in #3 the authority part is empty and the JID in the "path" component

  536. Ge0rG

    marc: except that #2 has completely weird semantics with a host as the authority

  537. Ge0rG

    marc: just leave it away, please

  538. marc

    Ge0rG, that's the sematinc of XMPP URIs

  539. marc

    Ge0rG, xmpp:///inviter@example.com?preauth=TOKEN if no domain is provided

  540. Ge0rG

    "this URI points to a jabber server."

  541. Ge0rG

    marc: xmpp:inviter@domain;preauth;ibr is an invitation to a user JID, with the hint that you can register on that domain

  542. marc

    Ge0rG, but you can not provide a good argument why that's a better solution ;)

  543. ralphm has joined

  544. Ge0rG

    marc: I've provided multiple good arguments multiple times already

  545. marc

    Ge0rG, both are backward compatible

  546. Ge0rG

    marc: I'm on my mobile client right now, and I really don't want to repeat them all

  547. Ge0rG

    marc: there are no clients supporting #2 dnd it has the wrong semantics

  548. marc

    Ge0rG, #1 has the same wrong semantic then?

  549. Ge0rG

    marc: #1 is sharing an account on a server

  550. marc

    Ge0rG, okay, what about xmpp://example.com?register;preauth=TOKEN (#1 without specified username)?

  551. Ge0rG

    marc: I still think we could completely cover most situations with just #3, but #1 adds some value

  552. Ge0rG

    marc: nope! Use #3

  553. marc

    Ge0rG, I'm talking about #1 scenario

  554. marc

    Ge0rG, is this URI correct?

  555. marc

    for #1 scenario...

  556. marc

    No trick question ;) I'll use "ibr" for user invitation

  557. dwd has left

  558. Ge0rG

    marc: if you don't supply a username, just skip the authority completely

  559. marc

    Hm, I don't know but we agree on the following: User invitation: xmpp:inviter@example.com?preauth=TOKEN;ibr User invitation (without IBR, server-side PARS) xmpp:inviter@example.com?preauth=TOKEN

  560. marc

    If the server doesn't support this XEP the client generates #2 itself

  561. marc


  562. Ge0rG

    marc: yes

  563. marc

    Ge0rG, okay, I'll adapt the XEP accordingly

  564. Flow

    marc, is the (proto)xep online somewhere?

  565. Ge0rG

    marc: that is exactly what we agreed about, plus account invitation with xmpp://invitee@domain with a token

  566. edhelas has left

  567. marc

    Flow, no, but I can upload it tomorrow or so

  568. jjrh has left

  569. dwd has left

  570. Flow


  571. blueliner has left

  572. edhelas has left

  573. marc has left

  574. edhelas has left

  575. edhelas has joined

  576. edhelas has left

  577. edhelas has joined

  578. jere has left

  579. jere has joined

  580. SouL has joined

  581. SouL has joined

  582. Alex has left

  583. dwd has left

  584. dwd has joined

  585. winfried has left

  586. lumi has joined

  587. dwd has left

  588. dwd has joined

  589. dwd has left

  590. dwd has joined

  591. dwd has left