XSF Discussion - 2018-01-22

Flow, haha nice when you search for a lib and someone you are familiar with has already written a good looking one, thanks for java-pinning :)

m0xie? I wouldn't trust him.

Oh, no. m0xie did android-pinning. Completely separate project.

you have to be careful because loads of projects use the terms 'public key pinning' and 'certificate pinning' interchangeably when they are completely not, or they'll say 'TLS pinning', and you have to figure out what they actually do

java-pinning looks to support regular java and android, and both cert and public key pinning (public key being the only good acceptable version imho :))

moparisthebest: how do you do revocation with pkp?

you release a new app with an updated set of pins, then switch it on the server

same deal with cert pinning though

moparisthebest: that's rotation, not revocation

Ge0rG, how do you revoke without pkp ? iirc revocation essentially doesn't work and people just don't do it

moparisthebest: OCSP stapling is probably the least broken way

it's the same with pkp though, you supply 3 pins, only 1 of which is active, if you have to revoke you do it and use one of the other keys already pinned

Yes, but how can you tell the client that the pin for the stolen cert is not trustworthy any more?

It's not in the pinned set anymore, either in hpkp header or your new app

moparisthebest, you are welcome :)

is there a xep for voice messages? Or does for example conversations just http_uploades a short audio file?

http_upload + SIMS should be the way to go to me

actually i think that Movim is showing a little audio player when he receive an audio file by SIMS :)

edhelas, ah thank you :)

Sigh. "ceth4275@red42.net wants to subscribe"

hehe new version of sslh released, one of the features is support for letsencrypt tls-sni-* challenges, you know, the ones they just disabled and removed from the spec :)

because there was some security issue in the protocol

well, common implementations of SNI, but yes

"blocking RTTs at startup are a soluble problem here."

hehe autocorrect is an endless source of entertainment

What's the autocorrect?

solvable -> soluble

unless he meant we could dissolve that problem

That's not an autocorrect.

Or, at least, it needn't have been.

Soluble means able-to-be-solved.

(As well as able to be dissolved)

does it? hmm learn something new every day

Always have your Websters handy when Brits write.

https://en.wikipedia.org/wiki/Soluble says nothing about 'solving' but turns out indeed that's definition #2 from https://www.merriam-webster.com/dictionary/soluble

guess I need to start checking it as a british -> american dictionary :)

just learn en_GB :)

I don't have time to learn what's obviously an entirely new language :P

Or, as we like to call it, English.

although, in the XSF, en_GB isn’t accepted anyways :(

I've talked with brits every day for going on 13 years and *still* learn random new things all the time, it's ridiculous

I don't think this is an en_GB thing.

At least, all the dictionaries I've just looked at have both meanings.

moparisthebest, https://en.wiktionary.org/wiki/soluble#Adjective

even wiktionary has it ;-)

except wikipedia, but fair, I've just never seen it used that way, we just say 'solvable'

moparisthebest, wikipedia isn’t a dictionary ;-)

https://www.collinsdictionary.com/dictionary/english/soluble seems to suggest it's American as well.

(moparisthebest, in contrast to wiktionary, which even has the definition)

well at least I'm not the only one https://math.stackexchange.com/questions/2195485/proving-a-group-is-soluble-solvable-if-you-are-american

Maybe it's just the Brits attempting to use less common words to implicate some kind of eliteliteraryism.

Outside of the US it's really called "soluble"? As in "dissolves in a solvent"? Why on earth is it called that? – Stella Biderman Mar 21 '17 at 16:19 ; my thoughts exactly Stella :)

I know, it doesn't make much sense. Capable of dissolving in a solvent should obviously be solvable.

Ge0rG, half of the time, it’s also French people using the original word with an English accent.

(It’s also « soluble » in French.)

Weirdly, I wrote "solvable" and decided that soundsed like it was a Maths problem, so changed it.

That's "Math" if you're en_US. Happy to help.

he is correct

But weirdly, "Mathematics" in both.

or Arithmetic

Oh, I thought it was Maths instead of Mathematics, not Maths instead of Math. That's confusing.

I swear british and american are two different languages that just share a common ancestor in english :P

Arithmetic, and Maths are not the same :)

moparisthebest, so you’re saying en_GB and en_US are like C and C++?

:)

Arithmetic's the numbery bit of Maths.

jonasw: C and BCPL, in order ;)

I don't like the connotation that US is the C++ but, otherwise yes

moparisthebest, "The United States and Great Britain are two countries separated by a common language" - attrib George Bernard Shaw.

moparisthebest, So you prefer the idea that the US is simple and error prone?

Great, language wars.

better than complicated and error prone

moparisthebest, oh, I didn’t mean to imply that either is eithre

also I prefer tabs for code indentation, and nano for an editor, might as well get all the wars out of the way :)

just that they share a relationship

moparisthebest, does nano edit XEPs now?

Tabs for indentation are obviously superior.

Is nano actually an editor?

we should add emacs or something to the editor team

The U.S. is the C++ to GB's C… in theory it was an enhancement, but in practice it's overly complicated and messy.

"we have really everything in common with America nowadays, except, of course, language" - Oscar Wilde.

As long as we can all agree that Dutch is Python, I'm fine with whatever analogy you can come up with for English and Murican.

intosi, Dutch is Erlang. Probably great, but nobody understands it.

I thought that was Russian.

what would Rust be, esperanto? technically superior but no one wants to be bothered learning another language?

Dave Cridland, if you want to go by that analogy, I’d recommend finnish instead of dutch

jonasw, Finnish is Perl6. Impossible to understand and most people are convinced it doesn't really exist.

nah, Rust is currently one of the most desirable languages to learn, no one ever really cared about esperanto

That's what the Esperantists said ;)

nah I'm still hoping rust takes over the world :) I hope it's not an esperanto

Rust is actually getting serious code written in it. WHich is more than can be said for D, for example.

Fair enough. I'm fairly language agnostic anyway. Except for Java, which triggers some strong emotions. And PHP, but that's not a language.

We're starting to adopt Rust at work which has been nice. Unfortunately all the tooling still sucks; they're making very similar mistakes to what Go did and ignoring that people want to be able to host their own packages internally without jumping through hoops

(or rather, the tools for packaging in Rust are great, they're just lacking in features)

Wow, some strong emotions in this place.

❤️

Lovely discussion, thanks for the fun guys :D

http://lists.jitsi.org/pipermail/dev/2018-January/036563.html nice <3

so basically I'll not do any kind of effort to try to be compatible with Jitsi

except maybe for the videobridge but they have quite no documentation so meh…

so as far as I know, Movim is the only modern web client that is doing (pure) Jingle + WebRTC at the moment

I want to get that into conversations so bad

an impl to test with and against is a big bonus :P

I'm more of a watch the wire guy than a read the specs guy...

remind me of buddycloud and their "own pubsub implementation" http://buddycloud.com/

hopefully we still have people like Goffi that are willing to work with the others and make the standard interroperable

edhelas, you haven’t checked jsxc?

It also does that.

moparisthebest, checking what Jitsi Videobridge does would be quite helpful.

will have a look