pep.> going by this page: http://search.wensley.org.uk/chat/
> do rooms about clients count? :)
> if not, IT-MSE probbaly counts, whatever that is
> GNU/Linux is second (30)
This is sad :(
pep.OTOH, I would probably bridge my room to IRC if is I had a room here for some random project
Ge0rGhas left
zinidhas left
zinidhas joined
Kevhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
SamWhitedhas left
Guushas left
moparisthebesthas joined
Ge0rGhas left
xnyhpshas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
lskdjfhas joined
vanitasvitaehas left
la|r|mahas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
vanitasvitaehas joined
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
efrithas joined
efrithas left
efrithas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
tuxhas left
tuxhas joined
Ge0rGhas left
suzyohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
efrithas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Syndacehas left
Syndacehas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Tobiashas joined
Ge0rGhas left
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
zinidhas left
moparisthebesthas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas left
ralphmhas joined
zinidmoparisthebest, now I can refer to your article! :D https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L191
zinidI also wonder why Signal is considered more secure than Whatsapp?
zinidsame proprietary silo
mathieuihm no?
mathieuisignal isn’t controled by facebook
zinidand?
mathieuiand iirc the server can do less things in signal
zinidlike requesting private key?
Ge0rGSignal is controlled by moxie, who used to be an anarchist crypto nerd before he got bought.
zinidso this is a question of trust? which is very personal
zinidfor example, why would I trust moxie?
vanitasvitaehas joined
edhelasdon't
edhelasbut we all know the position of moxie on federation/decentralisation
Ge0rGhas left
Alexhas joined
moparisthebesthas joined
danielGe0rG: are anarchist crypto nerds those assassination market people?
danielAll pretty legit and trustworthy
moparisthebesthas joined
danielhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas left
Ge0rGhas left
Ge0rGdaniel: I'm pretty sure there are different sub-groups.
zinidedhelas, "all"? I knew about moxie from this conference (or conversations@, don't remember), I know jack shit about moxie actually 🙂
mimi89999has joined
lskdjfhas joined
lumihas joined
marchas joined
Ge0rGhas left
Tobiashas left
tuxhas joined
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
waqashas left
ralphmhas left
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
zinidhas left
tuxhas left
zinidhas left
Ge0rGhas left
edhelasHolger zinid should we clarify 0060 for this one ? https://github.com/processone/ejabberd/issues/2129
la|r|mahas left
zinidedhelas, I'm no pubsub expert, sorry, I barely can understand the problem
HolgerYes this should be clarified if you ask me.
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
MattJI don't see what there is to clarify
Dave Cridlandhas left
Dave Cridlandhas joined
MattJSomeone might think that deleting their account allows their pubsub nodes to be modified by others?
Ge0rGhas left
HolgerMattJ: Both you and me have write access to a node. Does that mean you can override items published by me?
HolgerMattJ: That's not clear (to me) from reading 0060. See that issue.
MattJOk, I see
MattJIt didn't see clear to me that that's what the issue was about
ZashItem ownership?
MattJOpens a can of worms
danielhas left
zinidthere is a similar problem with MUCs (if I understand it correctly): account deletion doesn't trigger deletion of ownership in remote MUCs
zinidso you can re-register the account and become an owner 😉
HolgerYeah. Or just become member of a members-only group.
Ge0rGNow I can't delete accounts any more? I need to convert them all into tombstones?
MattJGe0rG, welcome to federation
zinida client probably needs to clean up everything carefully, but that's PITA
Ge0rGzinid: you can't have a client clean up everything if you ban a user.
MattJThat's not always feasible
ralphmhas joined
Ge0rGAlso not all clients of a user know their remote MUC ownerships
KevMore or less you can never delete accounts safely in XMPP, you must always tombstone.
KevAt least for federated systems you don't control.
zinidyeah, so just don't delete your account 🙂
HolgerAnyway those are separate problems. The user who created that ejabberd issue is indeed fighting with deleted accounts (and I see the problem), but he stumbled over that PubSub question which is just as unclear if the accounts in question still exist.
zinidhowever, server admins can do that 🙂
HolgerI clearly see the use case for giving multiple JIDs write access to a node without allowing them to delete/override each others items. So if 0060 doesn't make this possible that's bad.
HolgerI think this should be the default behavior, just needs some clarification.
intosiHolger: you mean publish-only?
HolgerIf there's also a use case for allowing to delete/override each others items then 0060 needs additional magic.
intosiAlthough that precludes reading items.
Holgerintosi: You're always able to edit/delete items you published yourself.
Holger(Which can also be a problem.)
HolgerThis is just about messing with stuff published by others.
Ge0rGThat sounds like an Enterprise Feature.
ralphmhas joined
Ge0rGhas left
HolgerI think people like goffi and edhelas are having a hard time trying to use 0060 for very basic features ...
edhelasjust a bit :-)
Ge0rGhas left
Guushas left
ralphmhas joined
Alexhas left
ralphmhas joined
moparisthebesthas joined
ralphmhas left
Ge0rGhas left
Guushas left
moparisthebesthas joined
valohas left
valohas joined
ralphmhas joined
nycohas left
Zashhas left
Zashhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
MattJIt's because XEP-0060 is too generic
Dave Cridlandhas left
Dave Cridlandhas joined
MattJWhich means for most practical applications, it doesn't suffice, or has to be made more complex
waqasIt lacks proper turning completeness though…
Dave Cridlandhas left
la|r|mahas joined
la|r|mahas joined
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Guushas left
nycohas left
ZashSmall change to the notification transformation settings so you can make it send iq stanzas, and then do pubsub that way
matlaghas left
Ge0rGhas left
Guushas left
moparisthebesthas joined
Tobiashas joined
Alexhas joined
Tobiashas joined
Ge0rGhas left
ralphmhas left
hanneshas joined
@Alacerhas left
waqashas left
@Alacerhas joined
waqashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
matlaghas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
hanneshas joined
lskdjfhas joined
lskdjfhas joined
Ge0rGhas left
lumihas left
danielhas left
danielhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Guushas left
waqashas left
danielhas left
Ge0rGhas left
moparisthebesthas joined
moparisthebesthas left
moparisthebesthas joined
moparisthebesthas joined
moparisthebesthas joined
moparisthebesthas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
lskdjfhas joined
Kevhas left
matlaghas left
Ge0rGhas left
SamWhitedhas joined
Alexhas left
Ge0rGhas left
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
zinidhas left
Ge0rGhas left
Ge0rGhas left
moparisthebesthas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
tuxhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Alexhas joined
waqashas left
hanneshas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rG> And federation is possible over XMPP with Signal: https://signal.org/blog/the-ecosystem-is-moving/
Heh. I'm pretty sure that link conveys the absolute opposite of the stated message.
danielI by the love how their method for 'private contact discovery' is basically we just send everything to an Intel black box because Intel knows their shit, right
danielBut that's unrelated to random guy on HN not knowing the fuck he is talking about
Ge0rGYeah.
blablahas left
Ge0rGhas left
Ge0rGRecently I had some time on my hands and read through moxie's old stories, about train riding through the US and home squatting. And that's so absolutely different from the "stop calling your product like our product" moxie, it's hard to grasp
Ge0rGThe ones under https://moxie.org/stories.html
Ge0rGhas left
Zash"This is your brain. This is your brain on capitalism."
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
danielIsn't there one where he was almost raped while hitch hiking or something?
Dave Cridlandhas joined
Ge0rGhas left
danielI think I read those stories some years ago as well
Ge0rGdaniel: yeah, and he almost died while sailing. And some others.
moparisthebestOn a related note, does ejabberd TLS support SNI for cert selection?
Holgermoparisthebest: Sure, zinid added that ages ago.
Holger(Last month IIRC.)
moparisthebestNice
ZashModel changes :/
Ge0rGhas left
moparisthebestSNI is shockingly absent outside https it seems, I had to add it to 2 IRC clients and K-9 mail on Android when I started this whole multiplexing business
moparisthebestIt's been around for what 14 years at this point?
ZashDoes anything but HTTPS actually need it?
HolgerIRC has no STARTTLS I guess :-)
HolgerBut yes mail doesn't need it.
Ge0rGhas left
ZashFor weird reasons tho
moparisthebesteverything that uses TLS really
moparisthebestimap and smtp over TLS need it
moparisthebestnot STARTTLS, but TLS that is
Ge0rGhas left
lskdjfhas left
moparisthebestthe funny thing is, as IPv4 gets harder and harder to get, SNI will become more and more needed by everything
lskdjfhas joined
moparisthebestand then as IPv4 is replaced by IPv6, SNI will no longer be needed at all essentially 🙂
Holgermoparisthebest: Sure if you don't use the alternative solution available for email, then you need it :-)
moparisthebeststarttls should just die everywhere
Zashnooooooo
moparisthebestI think there is even such an RFC for all the email protocols right?
ZashPretty sure all email protocols have starttls
ZashPretty sure I've never seen SMTP over TLS
moparisthebestall of them have starttls options and direct-tls options, and an old RFC deprecated direct-tls, and a new one I think re-instates it and deprecates starttls
moparisthebestover port 465 is the standard for that Zash
moparisthebestfor client submission port over direct tls
Guushas left
ZashNever seen or heard about anyone ever using that
moparisthebestyea the standard smtp ports are 25 (for s2s you could say), 587 for submission (starttls), and 465 for smtps (direct tls), 465 pre-dated 587 and then was deprecated and assigned to some protocol no one uses...
Ge0rGhas left
HolgerZash: We've been offering SMTPS and IMAPS next to STARTTLS for ages and I've seen many other providers doing so.
moparisthebestfound it https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/
moparisthebestCleartext Considered Obsolete: Use of TLS for Email Submission and Access
moparisthebestie starttls must die
Ge0rGhas left
moparisthebeston an XMPP related note, they chose the terminology 'Implicit TLS' vs what we chose of 'Direct TLS' so it might make sense to update 368 that way
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
mathieuiyay, finally got a vacation to attend the summit
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
moparisthebestha they chose _submissions._tcp vs my initial preference of _submission._tls too
Ge0rGAnyone seen stpeter recently?
Ge0rGmoparisthebest: is the last "s" for "secure" or for plural?
moparisthebestsame as xmpps, secure
moparisthebestor ssl ? 😛
Ge0rGss-what?
Guushas left
moparisthebestit's not like anyone is going to change https to httpt
Ge0rGdid you mean: htttp? :P
Zashhtls://
moparisthebesthpkp:// where every site has a pinned public key? now that's something I could get behind
Zashipfs?
Ge0rGmoparisthebest: and the host part is replaced by the key fingerprint. key fingerprint dot onion.
moparisthebestmore like cjdns
marchas left
Ge0rGhas left
marchas left
Ge0rGhas left
danielhas left
Ge0rGhas left
marchas joined
Ge0rGhas left
Ge0rGhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
danielhas left
ralphmhas left
pep.has left
danielhas left
Ge0rGhas left
Ge0rGhas left
Martinhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
ralphmhas joined
Ge0rGhas left
jjrhhas left
matlaghas joined
marchas left
Ge0rGhas left
Ge0rGhas left
zinidhas left
Steve Killehas left
Steve Killehas left
ralphmhas joined
Ge0rGhas left
ralphmhas joined
jerehas joined
Ge0rGhas left
ralphmhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
jjrhhas left
tuxhas joined
Guushas left
jjrhhas left
jjrhhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Steve Killehas joined
Guushas left
Ge0rGhas left
Ge0rGhas left
tuxhas joined
Steve Killehas left
jabberatdemohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
jabberatdemohas left
Ge0rGhas left
Ge0rGhas left
la|r|mahas joined
Ge0rGhas left
jerehas left
jerehas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
la|r|mahas joined
Dave Cridlandhas joined
la|r|mahas joined
la|r|mahas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
hanneshas left
ralphmhas joined
winfriedhas joined
winfriedhas joined
marchas joined
ralphmhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
jonaswhas left
Ge0rGhas left
nycohas left
Dave Cridlandhas left
Dave Cridlandhas joined
lumihas joined
Ge0rGhas left
Ge0rGhas left
marchas left
anurodhphas joined
marchas joined
Guushas left
ralphmhas joined
ralphmhas joined
Ge0rGhas left
Guushas left
anurodhphas joined
Ge0rGhas left
suzyohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
tuxhas joined
Ge0rGhas left
ralphmhas joined
ralphmhas left
ralphmhas joined
Ge0rGhas left
la|r|mahas left
la|r|mahas joined
ralphmhas left
lskdjfhas left
ralphmhas joined
suzyohas joined
mimi89999has joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
ralphmhas joined
Ge0rGhas left
la|r|mahas left
la|r|mahas joined
Ge0rGhas left
zinidhas left
la|r|mahas joined
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
la|r|mahas left
la|r|mahas joined
ralphmhas joined
lskdjfhas joined
danielhas left
Ge0rGhas left
lskdjfhas left
lskdjfhas left
ralphmhas left
ralphmhas joined
tuxhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
goffihas left
Ge0rGhas left
lskdjfhas left
lskdjfhas left
danielhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
la|r|mahas joined
la|r|mahas left
Guushas left
lumihas left
Ge0rGhas left
Link Mauve“17:33:12 moparisthebest> Cleartext Considered Obsolete: Use of TLS for Email Submission and Access
17:33:20 moparisthebest> ie starttls must die”, you’ve said that a few times already, but that’s plain wrong, there is nothing more plaintext in StartTLS than in legacy TLS in XMPP.
Ge0rGhas left
winfriedhas left
winfriedhas joined
Ge0rGhas left
la|r|mahas left
lskdjfhas left
Ge0rGhas left
la|r|mahas left
ralphmhas joined
la|r|mahas left
moparisthebestLink Mauve: but then why keep it
Link MauveBecause a huge lot of software and deployments support it, and because there is no downside.
Link MauveThere is a downside to the change though.
SamWhitedhas left
ZashChanging security stuff for what amounts to a small round trip optimization is kinda scary.
ZashAnd the thing about getting through firewalls will just further that arms race
moparisthebestWay more software supports direct TLS
la|r|mahas left
Ge0rGhas left
ZashMore popular != better
moparisthebestBut in this case it does
la|r|mahas left
Ge0rGhas left
Link Mauvemoparisthebest, I just had a look at our server, we have a 1:10 ratio of users of legacy TLS vs. StartTLS.
moparisthebestLink Mauve: do you have xep368 DNS records, and what preference order
Link MauveYes, and same as the normal one.
moparisthebestWait same? What is the weight of each then
Link MauveAh no, 8 0 for _xmpp-client and 10 0 for _xmpps-client.
Link MauveI remembered wrong.
moparisthebestAh ok well that's why then
Link MauveYou can dig _xmpps?-client._tcp.jabberfr.org.
moparisthebestYou should test with them switched
Link MauveBut why? I thought the only reason to have those was to bypass firewalls that intercept the plain text version and only allow TLS-looking ones.
Link MauveIf a client fails to connect in StartTLS, but supports legacy TLS, it will just check again once the connection failed.
ZashI thought the primary reason was to get through corporate firewalls that only allow http/https
Link MauveYeah.
Link MauveThat’s the only reason we have legacy TLS in the first place.
Link MauveWe also have XEP-0156 deployed, which is another big one for those.
Ge0rGhas left
moparisthebestIsn't 368 way easier and more efficient than 156
moparisthebestIf getting around firewalls is your goal that is
Link MauveUntil your firewall starts blocking anything which doesn’t announce it is HTTP.
moparisthebestBottom line though if xmpp was being designed today do you doubt it would only support direct TLS?
Link MauveBecause 0156 describes how to use this very HTTP everyone loves so much.
ZashWeren't you the one who said "we'll still have websockets"?
Link Mauvemoparisthebest, that doesn’t matter, it has been invented twenty years ago, you can’t erase that.
moparisthebestBut you can move towards the ideal situation
Link MauveIt’s not more ideal than the rest.
moparisthebestIf you are redesigning other parts might as well improve it all
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
danielhas left
danielhas joined
ZashI don't see how moving host and service multiplexing around the layers is an improvement.
Ge0rGhas left
moparisthebestLink Mauve: wait you said 10% of your users are using the xep368 srv record? That seems huge if it's a lower priority
ZashLink Mauve: Is it set up so you can detect connections that ignored or failed to get SRV records?
ZashLike yax.im is, iirc.
Link MauveZash, yes.
ZashAnd, iirc, also produces depressing numbers.
ZashLike how 90% of all users on a thing I used to run were using DIGEST-MD5 and the rest were using PLAIN
moparisthebestThat seems like a huge number of users that otherwise wouldn't be able to connect
edhelasso looks like Movim is having a "okay" working solution to do video-conferencing with pure WebRTC and Jingle :)
moparisthebestAlso considering only a couple clients support it
Link Mauvemoparisthebest, or plain ignore the settings and connect to 5223 anyway.
Zashor got SRV sorting wrong
la|r|maedhelas, did you try out cross-browser?
moparisthebestConversations does it right mixing and all, it would connect to 5222 if it could
edhelasyup, working between chrome and firefox
edhelasdisabled on mobile for now
moparisthebestedhelas: would be great to get interop working with conversations too :)
edhelasping daniel :3
la|r|maedhelas: what about safari? (I worked with WebRTC for another project and it sucks to get it cross-browser)
moparisthebestDid that xep work as is or did you find rough edges?
edhelasI don't know if there's a WebRTC implementation in Java for Android
edhelasla|r|ma don't know, don't have Macs at home :D
la|r|mayou can use chromes libwebrtc on android
moparisthebestedhelas: actually a conversations fork has webrtc support
edhelasmoparisthebest well I basically had everything in the XEPs to do the conversion between SDP and Jingle