Zash, jonasw: you thought xmpp over TLS on https port was bad https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-02
moparisthebest
How about take udp DNS request, bas64 it and send it over https, then get answer back the same way :)
Ge0rGhas left
jubalhhas joined
Tobiashas joined
Ge0rGhas left
efrithas joined
Tobiashas joined
Dave Cridlandhas left
Ge0rGhas left
Zash
moparisthebest: Was that the one with or without JSON?
moparisthebest
Zash: without at least, so that's better
@Alacerhas joined
jjrhhas left
jjrhhas left
Ge0rGhas left
zinidhas left
@Alacerhas left
@Alacerhas joined
zinidhas joined
hanneshas joined
efrithas left
Dave Cridlandhas left
Dave Cridlandhas left
Ge0rGhas left
@Alacerhas left
Ge0rGhas left
uchas joined
matlaghas left
Dave Cridlandhas left
Dave Cridlandhas left
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
peterhas left
suzyohas joined
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
Ge0rGhas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
suzyohas joined
Guushas left
Ge0rGhas left
Guushas left
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
zinid
DNS over HTTP, finally
zinid
So we finally have everything over http on a single port and single tasking OS (in the phone)
zinid
IT is progressing
Ge0rGhas left
tuxhas left
tuxhas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
valohas joined
Dave Cridlandhas left
Dave Cridlandhas left
Ge0rGhas left
zinidhas left
Tobiashas left
Ge0rGhas left
Tobiashas joined
moparisthebesthas joined
jonaswhas left
Dave Cridlandhas left
Dave Cridlandhas left
ralphmhas left
Dave Cridlandhas left
Dave Cridlandhas left
Ge0rGhas left
ralphmhas joined
ralphmhas joined
Ge0rGhas left
remkohas joined
Guushas joined
Ge0rGhas left
Ge0rGhas left
ralphmhas joined
ralphmhas left
Ge0rGhas left
moparisthebesthas left
moparisthebesthas joined
Dave Cridlandhas left
Dave Cridlandhas left
Martinhas joined
ralphmhas left
tuxhas joined
tuxhas joined
Ge0rGhas left
Steve Killehas left
Steve Killehas left
ralphmhas left
Steve Killehas joined
lumihas joined
ralphmhas left
Ge0rGhas left
tuxhas joined
tuxhas joined
Dave Cridlandhas left
goffihas joined
ralphmhas left
Steve Killehas left
la|r|mahas joined
Ge0rGhas left
tuxhas left
la|r|mahas joined
la|r|mahas joined
Kevhas joined
tuxhas joined
intosihas joined
pep.
> SamWhited> pluging in a 4k monitor everything on it is tiny, if I make it bigger when I unplug it the bar eats half my screen
That's an X issue I believe
Ge0rG
zinid: but now we have ALPN to multiplex
Ge0rGhas left
intosihas left
intosihas joined
emodemohas joined
Dave Cridlandhas left
Dave Cridlandhas left
intosihas left
intosihas joined
Ge0rGhas left
Dave Cridland
Ge0rG, Ports in userspace.
jonasw
\o/
jonasw
it’s only a matter of time until ALPN is handled by thekernel
daniel
now i'm wondering if iptables can filter based on alpn
Ge0rG
Dave Cridland: I might not make it in time for the Council meeting today. I need to relocate 500km between now and 5PM, and my arrival depends on traffic conditions.
Ge0rG
s/5PM/1600Z/
Ge0rG
But I'll try hard because I want some qualified feedback on user-invite-protoXEP (for which I'm obviously +1)
moparisthebesthas joined
Ge0rG
daniel: you might be able to construct something with BPF and marks.
Ge0rG
but kernels are getting less important every day, with the dockerization of our IT infrastructure
Ge0rG
you don't need a kernel in SaaS :P
jonasw
I’d be happy if ip6tables were able to filter on ipv6 neighbour discovery✎
lskdjfhas joined
jonasw
I’d be happy if ip6tables were able to filter on ipv6 neighbour discovery fields, like it can for arp ✏
Ge0rGhas left
Ge0rGhas left
Kev
Yay. Thon rejected my booking because the deadline of the 12th had passed. *facepalm*
zinidhas left
SouL
Oh, really? :(
Ge0rGhas left
Kev
Yep.
Kev
They've got about a 24hour roundtrip time on emails, so this can only go well for me.
Kev
And two of my team's went through fine, when we sent the forms at the same time. Oh, Thon, we love you.
Ge0rGhas left
intosi
This is the point where I would give them a ring, really.
Syndacehas left
Syndacehas joined
uchas joined
uchas joined
Alexhas joined
jubalhhas joined
Ge0rGhas left
winfriedhas joined
Ge0rGhas left
winfriedhas joined
winfriedhas joined
la|r|mahas joined
blablahas left
blablahas joined
blablahas left
winfriedhas joined
blablahas left
Ge0rGhas left
blablahas left
blablahas joined
blablahas left
blablahas joined
ralphmhas left
blablahas left
lskdjfhas joined
blablahas left
blablahas left
blablahas joined
blablahas left
blablahas joined
Ge0rGhas left
blablahas left
blablahas joined
ralphmhas joined
pep.
All we need is IP over http right.
pep.
Apparently there is such a thing already. "Microsoft used to discourage IP-HTTPS use because it was slow." duh
edhelas
can't wait for XMPP over HTTP
edhelas
wait…
Ge0rGhas left
uchas left
uchas joined
Ge0rGhas joined
uchas joined
uchas joined
uchas joined
uchas joined
Ge0rGhas left
Guushas left
Guushas joined
uchas joined
uchas joined
uchas joined
uchas joined
uchas joined
uchas joined
winfriedhas left
danielhas left
uchas joined
Ge0rGhas left
Guushas left
uchas joined
danielhas left
uchas joined
uchas joined
Alexhas left
goffihas left
Ge0rGhas left
Alexhas joined
ralphmhas joined
Martinhas left
marchas joined
marchas left
Guushas joined
lskdjfhas joined
lskdjfhas joined
Ge0rGhas left
jjrhhas left
suzyohas joined
suzyohas joined
zinid
There is tcp over http, called http2
Ge0rGhas left
danielhas left
blablahas left
danielhas left
@Alacerhas joined
@Alacerhas left
Ge0rGhas left
@Alacerhas joined
winfriedhas left
uchas joined
winfriedhas joined
uchas joined
@Alacerhas left
tuxhas left
vanitasvitaehas left
Alexhas left
uchas joined
uchas joined
xnyhpshas left
Ge0rGhas left
uchas joined
uchas joined
uchas joined
Martinhas joined
uchas joined
blablahas joined
Guushas left
Guushas joined
uchas joined
lskdjfhas left
uchas joined
Ge0rGhas left
Kev
Having now got Thon to honour the block booking rate, they still seem to be silently ripping me off by charging (much) more than the block booking rate anyway.
Kevsighs
xnyhpshas joined
Ge0rGhas left
intosi
:/
uchas joined
uchas joined
brahas joined
winfriedhas joined
Guushas left
Ge0rGhas left
@Alacerhas joined
@Alacerhas left
valohas joined
intosihas left
winfriedhas joined
Ge0rGhas left
uchas left
uchas joined
Guushas joined
Guus
Kev: I have written confirmation that Thon extended our block booking rate deadline to the 17th (today)
Alexhas joined
Guus
This was offered to us by David Hutsebaut on January 8th, by mail, to me.
Guus
I'm also interested in how much they're now charging you.
uchas joined
SamWhitedhas joined
SamWhitedhas joined
moparisthebesthas joined
Martinhas left
moparisthebesthas left
moparisthebesthas joined
Ge0rGhas left
moparisthebesthas joined
moparisthebesthas joined
Kev
Actually, looking at the number they're charging me less for the second night, just much more for the third night, so in the end it only ends up being £20 or so difference. I can live with that.
jubalhhas joined
Kevhas left
danielhas left
Anuhas joined
danielhas left
Ge0rGhas left
Ge0rGhas left
la|r|mahas joined
Martinhas joined
jjrhhas left
jjrhhas left
@Alacerhas joined
@Alacerhas left
@Alacerhas joined
Ge0rGhas left
danielhas left
@Alacerhas left
@Alacerhas joined
vanitasvitaehas left
Anuhas left
Ge0rGhas left
lskdjfhas joined
jjrhhas left
Anuhas left
Anuhas joined
zinidhas left
Anuhas left
ralphmhas joined
Ge0rGhas left
Guushas left
jjrhhas left
Ge0rG
If only somebody would disrupt the hotel business.
zinidhas left
jjrhhas left
Ge0rGhas left
winfriedhas left
moparisthebest
what do you want an 'Uber Hotels'
Ge0rG
moparisthebest: I thought about a web portal where private people offer rooms or flats to random strangers from the Internet, filming them naked.
moparisthebest
isn't there already something that does that, uh, airbnb or something?
Ge0rG
moparisthebest: no way!
Steve Killehas left
suzyohas joined
Ge0rGhas left
suzyohas joined
moparisthebesthas left
Guushas left
Guushas joined
Ge0rGhas left
lovetoxhas joined
Ge0rGhas left
jonasw
no, airbnb just gets you spider-infested flats which are half as large as claimed in the ad
Ge0rG
jonasw: maybe the difference between sqft and m²?
jonasw
nah
jonasw
just fraud
jonasw
that was pretty clear from the way the photos were and the general state of the flat
Ge0rG
But you can rate down the flat!1!
Dave Cridlandhas left
Dave Cridlandhas left
jonasw
we complained
Ge0rGhas left
tuxhas left
Martinhas left
jubalhhas joined
Dave Cridlandhas left
ralphmhas joined
Dave Cridlandhas left
Tobiashas joined
Ge0rG
daniel: as the operator of a public server, I don't want a module to expose user avatars to the general public by loading a "compatibility" module.
daniel
> I'm not sure we should be messing with vcard anymore, but we can probably discuss afterwards unless this is critical to someones vote and it can't be done on list?
I think there is an argument to be made that vCard will be needed for as long as muc is around
Ge0rG
s/a module//
Ge0rG
Maybe there are people still using vcard as designed.
jonasw
Ge0rG, aren’t user avatars factually already open to the general public when they’re stored as vcard?
Ge0rG
jonasw: yes.
daniel
I'm not really happy about that either but I can't remove MUC from existence
jonasw
could you run a query which tells you how many users have their avatar *only* in PEP?
Ge0rG
jonasw: except that most clients will warn you about your vcard being public
jonasw
(and how many have their avatar in PEP and vcard?)
daniel
> jonasw: except that most clients will warn you about your vcard being public
What clients do?
jonasw
I’d like to have numbers on clients which do *not* warn you and only support PEP.
jonasw
daniel, conversations? ;-)
daniel
jonasw: no
Dave Cridland
There is the argument that maybe, while vCard is pretty rubbish, it's also good enough.
jonasw
Ge0rG, because I think that clients are simply neglient about warning users about their o+r avatars.
Ge0rG
jonasw: that might be true, but doesn't invalidate my argument.
SamWhitedis temporarily not here, will rejoin discussion shortly hopefully.
jonasw
daniel, I remotely recall that the avatar is visible to everyone, but maybe it was just "to your contacts" :)
jonasw
Even though, for the record, I *was* surprised to see that my avatar passes through anon MUCs.
Ge0rG
I see merit in having a public vcard by opt-in.
daniel
jonasw, Conversations had a message saying that pep avatars are only available to contacts. but i don't know a single client that warns you before publishing a vcard avatar
Dave Cridlandhas left
pep.
Ge0rG, agreed. I recently cleared my own vcard for that. Avatar is fine-ish
jonasw
daniel, ok, it’s been a while since I set conversations up
daniel
so as far as I see it the argument is either users expect avatars to be public in that case pep-vcard-conversion is not a problem. OR users expect avatars to be private in which case we need to fix vcard
jonasw
so, what do we need vcard avatars for exactly?
jonasw
is it only anon MUCs?
daniel
jonasw, pretty much
jonasw
if so, couldn’t we make MUC implementations handle that case like they handle vcards?
Ge0rG
pep.: depends on how you use your avatar. If you just put in some random picture from google images, everything is alright. if you have your photo there... not quite
daniel
+ a little but backwards compat
daniel
but mostly muc
pep.
Ge0rG, sure
pep.
I was talking about mine
Ge0rGhas left
jonasw
like, a generic PEP-through-MUC XEP which specifies how that works (welp, obviously updates won’t get pushed necessarily etc., but how queries are passed through), with a whitelisting approach and suggesting a list of things to allow based on MUC configuration and affiliations of the involved entities
jonasw
because going forward we might want to abandon vcard entirely (or finally replace it by vcard4 proper)
Ge0rG
pep.: I don't see your avatar.
pep.
153?
daniel
fwiw i'm fine with resubmitting the XEP as informal like 'look this is what ejabberd and prosody can do. take it or leave it'
Ge0rG
pep.: I'm on a console client.
jonasw
I’m fine with the XEP as-is. It has clear security considerations, it can be built upon and whether public operators do this or not is their matter.
daniel
but i'd prefer to 'fix' this by putting the kind of access control Ge0rG described in front of vcard
pep.
Ge0rG, I'm on the same console client with borked avatar support :P
jonasw
daniel, that’d be better but I don’t see that as an requirement
daniel
jonasw, not for that XEP, no
jonasw
yupp
SamWhited
My view is that we should be moving towards a world in which vcard doesn't exist, so we shouldn't modify the historical spec. It's worked "well enough" for years, so why add more stuff that things will have to implement? If the privacy thing is a concern for some clients (with the note that it's never been a concern for any client I've seen, so I don't know why that could change now), people could always do Daniel's hack if they have the pep node set to public and not do it (thereby losing avatars in MUCs) if it's set to private. If you want your avatar to be private, you probably don't want it showing up in MUCs anyways, no?
jonasw
SamWhited, I think that the privacy expectations for avatars and the actual privacy delivered by the XMPP network diverge.
SouL
The problem I would say is having to choose one avatar (or let's say identity) for everything.
daniel
oO(it's really annoying to read long texts in Gajim when you have been mentioned. because gajim makes that into bold text with a low contrast)
jonasw
and that clients do not care about this is not a sign that everything is alright
Ge0rG
jonasw: historically, XMPP clients don't care about privacy.
jonasw
"yay"?
Ge0rG
SamWhited: we should be talking about _users'_ privacy expectations, not clients'.
jonasw
I mean, it’s fine-ish if you don’t care about MAM things, because you’re supposed to trust your server anyways.
jonasw
(or at least, one can argue that it’s "fine-ish")
Ge0rG
jonasw: MAM is another messy issue in my eyes.
jonasw
but it’s less fine if data gets available to everyone.
intosihas joined
SamWhited
Ignore that part, it's irrelavant, as usual I shoudln't have mentioned anything extra.
SamWhited
The point is "if you want private avatars, they probably shouldn't show up in MUCs, so don't do the vcard thing and now you don't have to make changes to vcards"
Ge0rG
jonasw: https://prosody.im/issues/867
Ge0rG
SamWhited: the vcard thing is a server-wide module.
jonasw
Ge0rG, unless coupled with PEP permissions, which is what SamWhited was saying I think.
Ge0rG
SamWhited: so the server admin decides for all users if public avatars are fine
SamWhited
Ge0rG: that's an implementation detail; we can tell servers "do serve vcards in MUCs or don't"
jonasw
(then the client gets to decide)
SamWhited
but yes, whether or not they implement the XEP we write is a server admin decision, but there's not much we can do about that. Server operators can share avatars online publically over HTTP for all we know, all we can do is provide guidance.
Ge0rG
SamWhited: the world is full of implementation details. The XEP does not contain this detail, so it's changing the status quo
SamWhited
I didn't understand that?
suzyohas joined
Ge0rG
SamWhited: if we tell server admins "this will make avatars of your users work in MUC" but don't tell them "this will make all user avatars public" we've failed our job
SamWhited
It won't make user avatars public if it says "don't do this if user avatars are private"
Ge0rG
it's an interesting related question whether we should apply the same ACL to anonymous MUCs we are in as to our contacts.
Ge0rGhas left
ralphmhas joined
zinidhas left
Dave Cridlandhas left
Dave Cridlandhas left
Tobiashas left
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas left
ralphmhas left
ralphmhas joined
Ge0rGhas left
bearhas left
bearhas joined
Dave Cridlandhas left
Dave Cridlandhas left
intosihas left
nycohas left
suzyohas joined
la|r|mahas left
suzyohas joined
Ge0rGhas left
Dave Cridlandhas left
Dave Cridlandhas left
jubalhhas left
Kevhas joined
Ge0rGhas left
ralphmhas joined
ralphmhas joined
lskdjfhas joined
blablahas joined
Steve Killehas left
lumihas joined
Steve Killehas left
uchas joined
Steve Killehas joined
zinidhas left
Ge0rGhas left
Tobiashas joined
Tobiashas joined
Dave Cridlandhas left
Dave Cridlandhas left
uchas joined
@Alacerhas left
brahas left
brahas joined
Steve Killehas left
Ge0rGhas left
Ge0rGhas joined
danielhas left
jubalhhas joined
adminhas joined
admin
Hi everyone! Can someone please type 123 to comfirm everything is connecting properly and this server works?