XSF Discussion - 2018-02-23

fun

always reassuring when software foundations partner with media

https://medium.com/processone/eve-online-chat-is-moving-to-ejabberd-8e73d40fa887

Nice - I thought they already were.

cool

well done :)

This is something that should be promoted via our social media team.

COMM team, assemble!

indeed

We were already on it :)

Ge0rG: More information on this is coming next week. I've been in touch with the devs and generally offered to be helpful if I can be.

\o/

Kev: that's great. We still should promote it now. We could also offer them a place on our own blog instead of medium?

Ge0rG, why are you not on the comm wt?

Presumably we'd promote the source article (linked here the other day), rather than the P1 repost.

I didn’t click the source article, somehow I thought from the URL that they were moving away from XMPP and I wanted to avoid making myself sad

Kev: what's wrong with promoting both?

Nope. Never used XMPP before, now they are going to. Which is cool.

Hm, wasn't some large-ish game already using xmpp for chat?

leage of legends? ✏

Zash: Riot Games

Ah, so it was another 3 letter acronym

lol (pun intended)

So who's responsible for @xmpp on twitter?

Board, ultimately.

But I imagine they'll delegate to the commteam now.

I'd really like to get the two articles twittered about. Something like "Congratulations to EVE Online for joining the robust and scalable XMPP ecosystem! <link1> <link2>"

jonasw, I can push a change for xep401 to use namespaces for the nodes, shall I?

Ge0rG, can you think of a way how we can properly manage interoperability between XEP-0158 and XEP-0401?

Just using both fields in the IBR form would be my proposal :D

marc: aren't there ibr captchas already?

That would be an argument pro data forms indeed.

Ge0rG, XEP-0158 is IBR captcha

Ge0rG, yes, it would be "easy" to combine both

the _right_ thing would probably be to integrate the captcha into the form sent back when you attempt to make an invitation

Ge0rG, good point

Ge0rG, can you post that on the ML?

marc: no. It will end up in pointless debate about how to make the onboarding harder.

marc: I don't have captchas on my server and I'm perfectly able to kill off spam accounts.

Ge0rG, okay, so you don't like the CAPTCHA idea?

captchas are a pointless insult to your users.

I could live with captchas to external users sending me spam, but only as a workaround for the inability to delay stanzas in mod_firewall

Ge0rG, okay, actually I don't care about botnets and spam because I run a private service - you and the other XSF guys should know what's best

marc: "the other XSF guys" might disagree with me, but I don't care.

Ge0rG, doesn't sound like we can make fast progress with this XEP ;)

marc: the main question that remains for me is: data forms or ad-hoc ibr extension?

So far, only Jonas reacted to my rationale

I wish for some more feedback from the council members that raised concerns with ad-hoc ibr

Ge0rG, okay, to me it looks like data forms are the best solution but I don't have much experience with the XMPP internals

And I thought the IBR data forms are exactly for such extensions

marc: data forms are well suited to ask the user questions

Ge0rG, actually I don't get why you're against data forms

Less so to mix hidden and visible fields

Ge0rG, okay, I'll stop working on the implementation until I get some feedback from @standards how we proceed

Unfortunately, from next month on I won't have that much time

marc: I wonder how big the needed changes are afterwards

Ge0rG: depends on how the general feedback is

There is no feedback at all except from Jonas and you

marc: I mean to switch between ibr and data forms

Ge0rG: not that big... I already changed it ;)

marc: then you can just go on implementing everything else

{jabber🇮🇶register}token?

argh

🤣

marc: yes for the node name change

Zash: I've put an updated version of the plugin online

Inventing new elements in an existing namespace seems weird to me

"online"

Zash: same URL

Ge0rG: Where did you publish this?

Zash: just search in your history for the random pastebin id

\o/

jonasw: okay

but yeah, first order of business is to make sure that the certificates that are used actually cover the server host name

(which is why I got started working on certs in Openfire in the first place)

I'm thinking that you locally have both a proper certificate, and match your xmpp domain name to your server FQDN.

that saves you some trouble :)

hey, what?

hargh, my tabs changed :)

disregard my last text :)

Certificate verification is an arcane witchcraft. Don't get into it if you want to prevent embarrassing vulnerabilities

Speaking from experience

It is known

jonasw, on top of my pending change?

Zash: https://op-co.de/tmp/emoji_ascii.py (returned to a PC now)

Thanks

(same URL as always, I was just mocking you for putting everything into ungreppable pastebins; sorry)

marc, better not

marc, Ge0rG seems to not like that change :)

marc: your PR contained both the error fixes and a change from adhoc-IBR to data-forms, right?

Ge0rG: yes

jonasw: how to handle the version number then?

marc, don’t, that’s the editors job in case of doubt

jonasw: also no description?

marc, make descriptive commit message s:)

jonasw: okay

jonasw: I don't like one of the two changes that were part of the same commit

Ge0rG, true

jonasw: but please don't get me started about commit chains depending on dead ends

jonasw: irregardless of what I like, I will bow to Council's decision

what is councils decision on this experimental xep?

jonasw: it was accepted as experimental with some IBR data-forms sentiment

About games using xmpp for chat, Perfect World Entertainment/Cryptic Studios use XMPP for their out of game to in-game chat interface from like 2011

(e.g. Star Trek Online)

(Neverwinter)

I like the fact, that a Star Trek game is using XMPP given the fact, that all species in the star trek universe can call each others ships without any issues

Kev: so who is _technically able_ to post on @xmpp twitter?

I remember mention of Twitter account setup such that people could be given access easily. How did that go?

Guus: I didn't volunteer because I plainly lack the time

As nicely illustrated by answering after 2 1/2 hours

Guus: sorry :(

no worries :)

Guus: do you know who can twitter out things?

Ah, there it was already: https://news.ycombinator.com/item?id=16445365

jonasw, done in https://github.com/xsf/xeps/pull/592

Oh damn, I should adapt the examples :D

yeah

do that :)

okay, done

lgtm

Ge0rG, I can’t seem to find councils statemetn on easy user onboarding

jonasw: I wish council minutes were better greppable.

Can't we have links to the council MUC from the XEP history? :D

hah

jonasw: Dave's comment is in the lines after http://logs.xmpp.org/council/2018-01-17#16:06:45

jonasw: Kev commented on-list: > Not blocking this (+1), but the addition of fields into IBR seems wrong - don’t we have xep4 in IBR for this reason?

ok

so I should be merging the PR against 401 and you delayed that for no reason? ;-)

https://mail.jabber.org/pipermail/standards/2018-January/034152.html is the link

jonasw: yes. I'm an asshole :P

m(

I know, zinid said that

jonasw: seriously though, I provided my rationale for adding fields into IBR on-list, and I hoped that Dave and Kev would comment on that.

Ge0rG, well, okay. so should we be waiting longer?

jonasw: yes please.

gaaah just say that! :P

you wasted a minute of my time :P

jonasw: I what? Why?

because of thinking on whether or not to merge this now and hunting references and so on :P

jonasw: maybe data-forms have an advantage for server developers, where a single hook API can be exposed for all registration-related things. I don't know.

All I know is how it's the easiest for a client.

I find it useful to have extensibility here

Do we have something for hidden fields in data forms?

type hidden?

like FORM_TYPE is?

https://www.quora.com/What-technology-does-the-iOS-Apple-Push-Notification-Service-APNS-use-to-maintain-a-persistent-connection-with-each-device-to-receive-such-fast-push-notifications

jonasw: like field type hidden, but to be filled out by the client

Ge0rG, > hidden The field is not shown to the form-submitting entity, but instead is returned with the form. The form-submitting entity SHOULD NOT modify the value of a hidden field, but MAY do so if such behavior is defined for the "using protocol".

so exactly like field type hidden?

jonasw: I was just going to post that quote, yes!

so, just in case you don't have it on your radar yet

GDPR will be in effect from May on ✏

I still have no idea what that means.

I just attended a talk about it and tried to pull out of the guys nose what I have to do.

And the answer is definitely not nothing.

what is the answer then?

In fact it is apparently so far away from nothing that it can only be described as "it's complicated" and he pretty much suggested that I shut down.

"you"?

Well, to not complicate things I only told him that I am running an e-mail server for family and friends...

And apparently that means you actually have to do a bunch of things that somehow magically conform to the legalese of risk analysis and all the other umpteen steps I just heard about...

I think nobody knows what it will mean in practice yet. The documents are complex and contain the usual, excessive amount of weaselwords.

can someone not affected sue me?

if not, I don’t care.

I have no clue. He at some point seemed to answer this question with yes and later with no. :p

I just wanted to mention it.

SaltyBones: I'm a professional GDPR consultant. I can support you at only 175€/hr.

Is "Self-host in your own home" still the best way to avoid all legalities?

Ask Ge0rG! :D

Zash: no. "Do not store other people's data" is the best way.

Good thing we made MAM mandatory!

Zash: you might understand now why I insist on https://prosody.im/issues/867 so much.

Ge0rG: I'd probably go with disabling it entirely until explicitly enabled via prefs if I were me

Zash: are you you?

Not sure

I'm sure I'm not you.

Uh, this doesn't look right: https://xmpp.org/extensions/xep-0158.html#registrar-formtypes-register

Is that the same as the captcha from above it?