> going by this page: http://search.wensley.org.uk/chat/
> do rooms about clients count? :)
> if not, IT-MSE probbaly counts, whatever that is
> GNU/Linux is second (30)
This is sad :(
pep.
OTOH, I would probably bridge my room to IRC if is I had a room here for some random project
Ge0rGhas left
zinidhas left
zinidhas joined
Kevhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
SamWhitedhas left
Guushas left
moparisthebesthas joined
Ge0rGhas left
xnyhpshas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
lskdjfhas joined
vanitasvitaehas left
la|r|mahas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
vanitasvitaehas joined
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
efrithas joined
efrithas left
efrithas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
tuxhas left
tuxhas joined
Ge0rGhas left
suzyohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
efrithas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Syndacehas left
Syndacehas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Tobiashas joined
Ge0rGhas left
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
zinidhas left
moparisthebesthas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas left
ralphmhas joined
zinid
moparisthebest, now I can refer to your article! :D https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L191
I also wonder why Signal is considered more secure than Whatsapp?
zinid
same proprietary silo
mathieui
hm no?
mathieui
signal isn’t controled by facebook
zinid
and?
mathieui
and iirc the server can do less things in signal
zinid
like requesting private key?
Ge0rG
Signal is controlled by moxie, who used to be an anarchist crypto nerd before he got bought.
zinid
so this is a question of trust? which is very personal
zinid
for example, why would I trust moxie?
vanitasvitaehas joined
edhelas
don't
edhelas
but we all know the position of moxie on federation/decentralisation
Ge0rGhas left
Alexhas joined
moparisthebesthas joined
daniel
Ge0rG: are anarchist crypto nerds those assassination market people?
daniel
All pretty legit and trustworthy
moparisthebesthas joined
danielhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas left
Ge0rGhas left
Ge0rG
daniel: I'm pretty sure there are different sub-groups.
zinid
edhelas, "all"? I knew about moxie from this conference (or conversations@, don't remember), I know jack shit about moxie actually 🙂
mimi89999has joined
lskdjfhas joined
lumihas joined
marchas joined
Ge0rGhas left
Tobiashas left
tuxhas joined
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
waqashas left
ralphmhas left
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
zinidhas left
tuxhas left
zinidhas left
Ge0rGhas left
edhelas
Holger zinid should we clarify 0060 for this one ? https://github.com/processone/ejabberd/issues/2129
la|r|mahas left
zinid
edhelas, I'm no pubsub expert, sorry, I barely can understand the problem
Holger
Yes this should be clarified if you ask me.
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
MattJ
I don't see what there is to clarify
Dave Cridlandhas left
Dave Cridlandhas joined
MattJ
Someone might think that deleting their account allows their pubsub nodes to be modified by others?
Ge0rGhas left
Holger
MattJ: Both you and me have write access to a node. Does that mean you can override items published by me?
Holger
MattJ: That's not clear (to me) from reading 0060. See that issue.
MattJ
Ok, I see
MattJ
It didn't see clear to me that that's what the issue was about
Zash
Item ownership?
MattJ
Opens a can of worms
danielhas left
zinid
there is a similar problem with MUCs (if I understand it correctly): account deletion doesn't trigger deletion of ownership in remote MUCs
zinid
so you can re-register the account and become an owner 😉
Holger
Yeah. Or just become member of a members-only group.
Ge0rG
Now I can't delete accounts any more? I need to convert them all into tombstones?
MattJ
Ge0rG, welcome to federation
zinid
a client probably needs to clean up everything carefully, but that's PITA
Ge0rG
zinid: you can't have a client clean up everything if you ban a user.
MattJ
That's not always feasible
ralphmhas joined
Ge0rG
Also not all clients of a user know their remote MUC ownerships
Kev
More or less you can never delete accounts safely in XMPP, you must always tombstone.
Kev
At least for federated systems you don't control.
zinid
yeah, so just don't delete your account 🙂
Holger
Anyway those are separate problems. The user who created that ejabberd issue is indeed fighting with deleted accounts (and I see the problem), but he stumbled over that PubSub question which is just as unclear if the accounts in question still exist.
zinid
however, server admins can do that 🙂
Holger
I clearly see the use case for giving multiple JIDs write access to a node without allowing them to delete/override each others items. So if 0060 doesn't make this possible that's bad.
Holger
I think this should be the default behavior, just needs some clarification.
intosi
Holger: you mean publish-only?
Holger
If there's also a use case for allowing to delete/override each others items then 0060 needs additional magic.
intosi
Although that precludes reading items.
Holger
intosi: You're always able to edit/delete items you published yourself.
Holger
(Which can also be a problem.)
Holger
This is just about messing with stuff published by others.
Ge0rG
That sounds like an Enterprise Feature.
ralphmhas joined
Ge0rGhas left
Holger
I think people like goffi and edhelas are having a hard time trying to use 0060 for very basic features ...
edhelas
just a bit :-)
Ge0rGhas left
Guushas left
ralphmhas joined
Alexhas left
ralphmhas joined
moparisthebesthas joined
ralphmhas left
Ge0rGhas left
Guushas left
moparisthebesthas joined
valohas left
valohas joined
ralphmhas joined
nycohas left
Zashhas left
Zashhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
MattJ
It's because XEP-0060 is too generic
Dave Cridlandhas left
Dave Cridlandhas joined
MattJ
Which means for most practical applications, it doesn't suffice, or has to be made more complex
waqas
It lacks proper turning completeness though…
Dave Cridlandhas left
la|r|mahas joined
la|r|mahas joined
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Guushas left
nycohas left
Zash
Small change to the notification transformation settings so you can make it send iq stanzas, and then do pubsub that way
matlaghas left
Ge0rGhas left
Guushas left
moparisthebesthas joined
Tobiashas joined
Alexhas joined
Tobiashas joined
Ge0rGhas left
ralphmhas left
hanneshas joined
@Alacerhas left
waqashas left
@Alacerhas joined
waqashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
matlaghas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
hanneshas joined
lskdjfhas joined
lskdjfhas joined
Ge0rGhas left
lumihas left
danielhas left
danielhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Guushas left
waqashas left
danielhas left
Ge0rGhas left
moparisthebesthas joined
moparisthebesthas left
moparisthebesthas joined
moparisthebesthas joined
moparisthebesthas joined
moparisthebesthas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
lskdjfhas joined
Kevhas left
matlaghas left
Ge0rGhas left
SamWhitedhas joined
Alexhas left
Ge0rGhas left
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
zinidhas left
Ge0rGhas left
Ge0rGhas left
moparisthebesthas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
tuxhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Alexhas joined
waqashas left
hanneshas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rG
> And federation is possible over XMPP with Signal: https://signal.org/blog/the-ecosystem-is-moving/
Heh. I'm pretty sure that link conveys the absolute opposite of the stated message.
Zash
Wait what
Ge0rG
From https://news.ycombinator.com/item?id=16127570
Zash
XMPP over Signal?? Why would you even
lskdjfhas joined
lskdjfhas joined
Ge0rGhas joined
daniel
I by the love how their method for 'private contact discovery' is basically we just send everything to an Intel black box because Intel knows their shit, right
daniel
But that's unrelated to random guy on HN not knowing the fuck he is talking about
Ge0rG
Yeah.
blablahas left
Ge0rGhas left
Ge0rG
Recently I had some time on my hands and read through moxie's old stories, about train riding through the US and home squatting. And that's so absolutely different from the "stop calling your product like our product" moxie, it's hard to grasp
Ge0rG
The ones under https://moxie.org/stories.html
Ge0rGhas left
Zash
"This is your brain. This is your brain on capitalism."
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
daniel
Isn't there one where he was almost raped while hitch hiking or something?
Dave Cridlandhas joined
Ge0rGhas left
daniel
I think I read those stories some years ago as well
Ge0rG
daniel: yeah, and he almost died while sailing. And some others.
On a related note, does ejabberd TLS support SNI for cert selection?
Holger
moparisthebest: Sure, zinid added that ages ago.
Holger
(Last month IIRC.)
moparisthebest
Nice
Zash
Model changes :/
Ge0rGhas left
moparisthebest
SNI is shockingly absent outside https it seems, I had to add it to 2 IRC clients and K-9 mail on Android when I started this whole multiplexing business
moparisthebest
It's been around for what 14 years at this point?
Zash
Does anything but HTTPS actually need it?
Holger
IRC has no STARTTLS I guess :-)
Holger
But yes mail doesn't need it.
Ge0rGhas left
Zash
For weird reasons tho
moparisthebest
everything that uses TLS really
moparisthebest
imap and smtp over TLS need it
moparisthebest
not STARTTLS, but TLS that is
Ge0rGhas left
lskdjfhas left
moparisthebest
the funny thing is, as IPv4 gets harder and harder to get, SNI will become more and more needed by everything
lskdjfhas joined
moparisthebest
and then as IPv4 is replaced by IPv6, SNI will no longer be needed at all essentially 🙂
Holger
moparisthebest: Sure if you don't use the alternative solution available for email, then you need it :-)
moparisthebest
starttls should just die everywhere
Zash
nooooooo
moparisthebest
I think there is even such an RFC for all the email protocols right?
Zash
Pretty sure all email protocols have starttls
Zash
Pretty sure I've never seen SMTP over TLS
moparisthebest
all of them have starttls options and direct-tls options, and an old RFC deprecated direct-tls, and a new one I think re-instates it and deprecates starttls
moparisthebest
over port 465 is the standard for that Zash
moparisthebest
for client submission port over direct tls
Guushas left
Zash
Never seen or heard about anyone ever using that
moparisthebest
yea the standard smtp ports are 25 (for s2s you could say), 587 for submission (starttls), and 465 for smtps (direct tls), 465 pre-dated 587 and then was deprecated and assigned to some protocol no one uses...
Ge0rGhas left
Holger
Zash: We've been offering SMTPS and IMAPS next to STARTTLS for ages and I've seen many other providers doing so.
moparisthebest
found it https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/
moparisthebest
Cleartext Considered Obsolete: Use of TLS for Email Submission and Access
moparisthebest
ie starttls must die
Ge0rGhas left
moparisthebest
on an XMPP related note, they chose the terminology 'Implicit TLS' vs what we chose of 'Direct TLS' so it might make sense to update 368 that way
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
mathieui
yay, finally got a vacation to attend the summit
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
moparisthebest
ha they chose _submissions._tcp vs my initial preference of _submission._tls too
Ge0rG
Anyone seen stpeter recently?
Ge0rG
moparisthebest: is the last "s" for "secure" or for plural?
moparisthebest
same as xmpps, secure
moparisthebest
or ssl ? 😛
Ge0rG
ss-what?
Guushas left
moparisthebest
it's not like anyone is going to change https to httpt
Ge0rG
did you mean: htttp? :P
Zash
htls://
moparisthebest
hpkp:// where every site has a pinned public key? now that's something I could get behind
Zash
ipfs?
Ge0rG
moparisthebest: and the host part is replaced by the key fingerprint. key fingerprint dot onion.
moparisthebest
more like cjdns
marchas left
Ge0rGhas left
marchas left
Ge0rGhas left
danielhas left
Ge0rGhas left
marchas joined
Ge0rGhas left
Ge0rGhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
danielhas left
ralphmhas left
pep.has left
danielhas left
Ge0rGhas left
Ge0rGhas left
Martinhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
ralphmhas joined
Ge0rGhas left
jjrhhas left
matlaghas joined
marchas left
Ge0rGhas left
Ge0rGhas left
zinidhas left
Steve Killehas left
Steve Killehas left
ralphmhas joined
Ge0rGhas left
ralphmhas joined
jerehas joined
Ge0rGhas left
ralphmhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
jjrhhas left
tuxhas joined
Guushas left
jjrhhas left
jjrhhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
Steve Killehas joined
Guushas left
Ge0rGhas left
Ge0rGhas left
tuxhas joined
Steve Killehas left
jabberatdemohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
jabberatdemohas left
Ge0rGhas left
Ge0rGhas left
la|r|mahas joined
Ge0rGhas left
jerehas left
jerehas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
la|r|mahas joined
Dave Cridlandhas joined
la|r|mahas joined
la|r|mahas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
hanneshas left
ralphmhas joined
winfriedhas joined
winfriedhas joined
marchas joined
ralphmhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
jonaswhas left
Ge0rGhas left
nycohas left
Dave Cridlandhas left
Dave Cridlandhas joined
lumihas joined
Ge0rGhas left
Ge0rGhas left
marchas left
anurodhphas joined
marchas joined
Guushas left
ralphmhas joined
ralphmhas joined
Ge0rGhas left
Guushas left
anurodhphas joined
Ge0rGhas left
suzyohas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
ralphmhas joined
tuxhas joined
Ge0rGhas left
ralphmhas joined
ralphmhas left
ralphmhas joined
Ge0rGhas left
la|r|mahas left
la|r|mahas joined
ralphmhas left
lskdjfhas left
ralphmhas joined
suzyohas joined
mimi89999has joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
ralphmhas joined
Ge0rGhas left
la|r|mahas left
la|r|mahas joined
Ge0rGhas left
zinidhas left
la|r|mahas joined
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
ralphmhas joined
la|r|mahas left
la|r|mahas joined
ralphmhas joined
lskdjfhas joined
danielhas left
Ge0rGhas left
lskdjfhas left
lskdjfhas left
ralphmhas left
ralphmhas joined
tuxhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Ge0rGhas left
waqashas joined
waqashas left
waqashas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
Ge0rGhas left
goffihas left
Ge0rGhas left
lskdjfhas left
lskdjfhas left
danielhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
la|r|mahas joined
la|r|mahas left
Guushas left
lumihas left
Ge0rGhas left
Link Mauve
“17:33:12 moparisthebest> Cleartext Considered Obsolete: Use of TLS for Email Submission and Access
17:33:20 moparisthebest> ie starttls must die”, you’ve said that a few times already, but that’s plain wrong, there is nothing more plaintext in StartTLS than in legacy TLS in XMPP.
Ge0rGhas left
winfriedhas left
winfriedhas joined
Ge0rGhas left
la|r|mahas left
lskdjfhas left
Ge0rGhas left
la|r|mahas left
ralphmhas joined
la|r|mahas left
moparisthebest
Link Mauve: but then why keep it
Link Mauve
Because a huge lot of software and deployments support it, and because there is no downside.
Link Mauve
There is a downside to the change though.
SamWhitedhas left
Zash
Changing security stuff for what amounts to a small round trip optimization is kinda scary.
Zash
And the thing about getting through firewalls will just further that arms race
moparisthebest
Way more software supports direct TLS
la|r|mahas left
Ge0rGhas left
Zash
More popular != better
moparisthebest
But in this case it does
la|r|mahas left
Ge0rGhas left
Link Mauve
moparisthebest, I just had a look at our server, we have a 1:10 ratio of users of legacy TLS vs. StartTLS.
moparisthebest
Link Mauve: do you have xep368 DNS records, and what preference order
Link Mauve
Yes, and same as the normal one.
moparisthebest
Wait same? What is the weight of each then
Link Mauve
Ah no, 8 0 for _xmpp-client and 10 0 for _xmpps-client.
Link Mauve
I remembered wrong.
moparisthebest
Ah ok well that's why then
Link Mauve
You can dig _xmpps?-client._tcp.jabberfr.org.
moparisthebest
You should test with them switched
Link Mauve
But why? I thought the only reason to have those was to bypass firewalls that intercept the plain text version and only allow TLS-looking ones.
Link Mauve
If a client fails to connect in StartTLS, but supports legacy TLS, it will just check again once the connection failed.
Zash
I thought the primary reason was to get through corporate firewalls that only allow http/https
Link Mauve
Yeah.
Link Mauve
That’s the only reason we have legacy TLS in the first place.
Link Mauve
We also have XEP-0156 deployed, which is another big one for those.
Ge0rGhas left
moparisthebest
Isn't 368 way easier and more efficient than 156
moparisthebest
If getting around firewalls is your goal that is
Link Mauve
Until your firewall starts blocking anything which doesn’t announce it is HTTP.
moparisthebest
Bottom line though if xmpp was being designed today do you doubt it would only support direct TLS?
Link Mauve
Because 0156 describes how to use this very HTTP everyone loves so much.
Zash
Weren't you the one who said "we'll still have websockets"?
Link Mauve
moparisthebest, that doesn’t matter, it has been invented twenty years ago, you can’t erase that.
moparisthebest
But you can move towards the ideal situation
Link Mauve
It’s not more ideal than the rest.
moparisthebest
If you are redesigning other parts might as well improve it all
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
danielhas left
danielhas joined
Zash
I don't see how moving host and service multiplexing around the layers is an improvement.
Ge0rGhas left
moparisthebest
Link Mauve: wait you said 10% of your users are using the xep368 srv record? That seems huge if it's a lower priority
Zash
Link Mauve: Is it set up so you can detect connections that ignored or failed to get SRV records?
Zash
Like yax.im is, iirc.
Link Mauve
Zash, yes.
Zash
And, iirc, also produces depressing numbers.
Zash
Like how 90% of all users on a thing I used to run were using DIGEST-MD5 and the rest were using PLAIN
moparisthebest
That seems like a huge number of users that otherwise wouldn't be able to connect
edhelas
so looks like Movim is having a "okay" working solution to do video-conferencing with pure WebRTC and Jingle :)
moparisthebest
Also considering only a couple clients support it
Link Mauve
moparisthebest, or plain ignore the settings and connect to 5223 anyway.
Zash
or got SRV sorting wrong
la|r|ma
edhelas, did you try out cross-browser?
moparisthebest
Conversations does it right mixing and all, it would connect to 5222 if it could
edhelas
yup, working between chrome and firefox
edhelas
disabled on mobile for now
moparisthebest
edhelas: would be great to get interop working with conversations too :)
edhelas
ping daniel :3
la|r|ma
edhelas: what about safari? (I worked with WebRTC for another project and it sucks to get it cross-browser)
moparisthebest
Did that xep work as is or did you find rough edges?
edhelas
I don't know if there's a WebRTC implementation in Java for Android
edhelas
la|r|ma don't know, don't have Macs at home :D
la|r|ma
you can use chromes libwebrtc on android
moparisthebest
edhelas: actually a conversations fork has webrtc support
edhelas
moparisthebest well I basically had everything in the XEPs to do the conversion between SDP and Jingle