XSF Discussion - 2018-02-23

  1. jonasw


  2. jonasw

    always reassuring when software foundations partner with media

  3. Ge0rG


  4. Guus

    Nice - I thought they already were.

  5. jonasw


  6. jonasw tips hat to the ejabberd folks

  7. jonasw

    well done :)

  8. Ge0rG

    This is something that should be promoted via our social media team.

  9. Zash

    COMM team, assemble!

  10. jonasw


  11. Seve

    We were already on it :)

  12. Kev

    Ge0rG: More information on this is coming next week. I've been in touch with the devs and generally offered to be helpful if I can be.

  13. jonasw


  14. Ge0rG

    Kev: that's great. We still should promote it now. We could also offer them a place on our own blog instead of medium?

  15. Guus

    Ge0rG, why are you not on the comm wt?

  16. Kev

    Presumably we'd promote the source article (linked here the other day), rather than the P1 repost.

  17. jonasw

    I didn’t click the source article, somehow I thought from the URL that they were moving away from XMPP and I wanted to avoid making myself sad

  18. Ge0rG

    Kev: what's wrong with promoting both?

  19. Kev

    Nope. Never used XMPP before, now they are going to. Which is cool.

  20. Zash

    Hm, wasn't some large-ish game already using xmpp for chat?

  21. jonasw


  22. jonasw

    leage of legends?

  23. Ge0rG

    Zash: Riot Games

  24. Zash

    Ah, so it was another 3 letter acronym

  25. jonasw

    lol (pun intended)

  26. Ge0rG

    So who's responsible for @xmpp on twitter?

  27. Kev

    Board, ultimately.

  28. Kev

    But I imagine they'll delegate to the commteam now.

  29. Ge0rG

    I'd really like to get the two articles twittered about. Something like "Congratulations to EVE Online for joining the robust and scalable XMPP ecosystem! <link1> <link2>"

  30. marc

    jonasw, I can push a change for xep401 to use namespaces for the nodes, shall I?

  31. marc

    Ge0rG, can you think of a way how we can properly manage interoperability between XEP-0158 and XEP-0401?

  32. marc

    Just using both fields in the IBR form would be my proposal :D

  33. Ge0rG

    marc: aren't there ibr captchas already?

  34. Ge0rG

    That would be an argument pro data forms indeed.

  35. marc

    Ge0rG, XEP-0158 is IBR captcha

  36. marc

    Ge0rG, yes, it would be "easy" to combine both

  37. Ge0rG

    the _right_ thing would probably be to integrate the captcha into the form sent back when you attempt to make an invitation

  38. marc

    Ge0rG, good point

  39. marc

    Ge0rG, can you post that on the ML?

  40. Ge0rG

    marc: no. It will end up in pointless debate about how to make the onboarding harder.

  41. Ge0rG

    marc: I don't have captchas on my server and I'm perfectly able to kill off spam accounts.

  42. marc

    Ge0rG, okay, so you don't like the CAPTCHA idea?

  43. Ge0rG

    captchas are a pointless insult to your users.

  44. Ge0rG

    I could live with captchas to external users sending me spam, but only as a workaround for the inability to delay stanzas in mod_firewall

  45. marc

    Ge0rG, okay, actually I don't care about botnets and spam because I run a private service - you and the other XSF guys should know what's best

  46. Ge0rG

    marc: "the other XSF guys" might disagree with me, but I don't care.

  47. marc

    Ge0rG, doesn't sound like we can make fast progress with this XEP ;)

  48. Ge0rG

    marc: the main question that remains for me is: data forms or ad-hoc ibr extension?

  49. Ge0rG

    So far, only Jonas reacted to my rationale

  50. Ge0rG

    I wish for some more feedback from the council members that raised concerns with ad-hoc ibr

  51. marc

    Ge0rG, okay, to me it looks like data forms are the best solution but I don't have much experience with the XMPP internals

  52. marc

    And I thought the IBR data forms are exactly for such extensions

  53. Ge0rG

    marc: data forms are well suited to ask the user questions

  54. marc

    Ge0rG, actually I don't get why you're against data forms

  55. Ge0rG

    Less so to mix hidden and visible fields

  56. marc

    Ge0rG, okay, I'll stop working on the implementation until I get some feedback from @standards how we proceed

  57. marc

    Unfortunately, from next month on I won't have that much time

  58. Ge0rG

    marc: I wonder how big the needed changes are afterwards

  59. marc

    Ge0rG: depends on how the general feedback is

  60. marc

    There is no feedback at all except from Jonas and you

  61. Ge0rG

    marc: I mean to switch between ibr and data forms

  62. marc

    Ge0rG: not that big... I already changed it ;)

  63. Ge0rG

    marc: then you can just go on implementing everything else

  64. Zash


  65. Zash


  66. Ge0rG


  67. jonasw

    marc: yes for the node name change

  68. Ge0rG

    Zash: I've put an updated version of the plugin online

  69. Zash

    Inventing new elements in an existing namespace seems weird to me

  70. Zash


  71. Ge0rG

    Zash: same URL

  72. Zash

    Ge0rG: Where did you publish this?

  73. Ge0rG

    Zash: just search in your history for the random pastebin id

  74. Zash


  75. marc

    jonasw: okay

  76. Guus

    but yeah, first order of business is to make sure that the certificates that are used actually cover the server host name

  77. Guus

    (which is why I got started working on certs in Openfire in the first place)

  78. Guus

    I'm thinking that you locally have both a proper certificate, and match your xmpp domain name to your server FQDN.

  79. Guus

    that saves you some trouble :)

  80. Guus

    hey, what?

  81. Guus

    hargh, my tabs changed :)

  82. Guus

    disregard my last text :)

  83. Ge0rG

    Certificate verification is an arcane witchcraft. Don't get into it if you want to prevent embarrassing vulnerabilities

  84. Ge0rG

    Speaking from experience

  85. Zash

    It is known

  86. marc

    jonasw, on top of my pending change?

  87. Ge0rG

    Zash: https://op-co.de/tmp/emoji_ascii.py (returned to a PC now)

  88. Zash


  89. Ge0rG

    (same URL as always, I was just mocking you for putting everything into ungreppable pastebins; sorry)

  90. jonasw

    marc, better not

  91. jonasw

    marc, Ge0rG seems to not like that change :)

  92. Ge0rG

    marc: your PR contained both the error fixes and a change from adhoc-IBR to data-forms, right?

  93. marc

    Ge0rG: yes

  94. marc

    jonasw: how to handle the version number then?

  95. jonasw

    marc, don’t, that’s the editors job in case of doubt

  96. marc

    jonasw: also no description?

  97. jonasw

    marc, make descriptive commit message s:)

  98. marc

    jonasw: okay

  99. Ge0rG

    jonasw: I don't like one of the two changes that were part of the same commit

  100. jonasw

    Ge0rG, true

  101. Ge0rG

    jonasw: but please don't get me started about commit chains depending on dead ends

  102. Ge0rG

    jonasw: irregardless of what I like, I will bow to Council's decision

  103. jonasw

    what is councils decision on this experimental xep?

  104. Ge0rG

    jonasw: it was accepted as experimental with some IBR data-forms sentiment

  105. Maranda

    About games using xmpp for chat, Perfect World Entertainment/Cryptic Studios use XMPP for their out of game to in-game chat interface from like 2011

  106. Maranda

    (e.g. Star Trek Online)

  107. Maranda


  108. vanitasvitae

    I like the fact, that a Star Trek game is using XMPP given the fact, that all species in the star trek universe can call each others ships without any issues

  109. Ge0rG

    Kev: so who is _technically able_ to post on @xmpp twitter?

  110. Zash

    I remember mention of Twitter account setup such that people could be given access easily. How did that go?

  111. Ge0rG

    Guus: I didn't volunteer because I plainly lack the time

  112. Guus

    As nicely illustrated by answering after 2 1/2 hours

  113. Ge0rG

    Guus: sorry :(

  114. Guus

    no worries :)

  115. Ge0rG

    Guus: do you know who can twitter out things?

  116. Ge0rG

    Ah, there it was already: https://news.ycombinator.com/item?id=16445365

  117. marc

    jonasw, done in https://github.com/xsf/xeps/pull/592

  118. marc

    Oh damn, I should adapt the examples :D

  119. jonasw


  120. jonasw

    do that :)

  121. marc

    okay, done

  122. jonasw


  123. jonasw

    Ge0rG, I can’t seem to find councils statemetn on easy user onboarding

  124. Ge0rG

    jonasw: I wish council minutes were better greppable.

  125. Ge0rG

    Can't we have links to the council MUC from the XEP history? :D

  126. jonasw


  127. Ge0rG

    jonasw: Dave's comment is in the lines after http://logs.xmpp.org/council/2018-01-17#16:06:45

  128. Ge0rG

    jonasw: Kev commented on-list: > Not blocking this (+1), but the addition of fields into IBR seems wrong - don’t we have xep4 in IBR for this reason?

  129. jonasw


  130. jonasw

    so I should be merging the PR against 401 and you delayed that for no reason? ;-)

  131. Ge0rG

    https://mail.jabber.org/pipermail/standards/2018-January/034152.html is the link

  132. Ge0rG

    jonasw: yes. I'm an asshole :P

  133. jonasw


  134. jonasw

    I know, zinid said that

  135. Ge0rG

    jonasw: seriously though, I provided my rationale for adding fields into IBR on-list, and I hoped that Dave and Kev would comment on that.

  136. jonasw

    Ge0rG, well, okay. so should we be waiting longer?

  137. Ge0rG

    jonasw: yes please.

  138. jonasw

    gaaah just say that! :P

  139. jonasw

    you wasted a minute of my time :P

  140. Ge0rG

    jonasw: I what? Why?

  141. jonasw

    because of thinking on whether or not to merge this now and hunting references and so on :P

  142. Ge0rG

    jonasw: maybe data-forms have an advantage for server developers, where a single hook API can be exposed for all registration-related things. I don't know.

  143. Ge0rG

    All I know is how it's the easiest for a client.

  144. jonasw

    I find it useful to have extensibility here

  145. Ge0rG

    Do we have something for hidden fields in data forms?

  146. jonasw

    type hidden?

  147. jonasw

    like FORM_TYPE is?

  148. Ge0rG


  149. Ge0rG

    jonasw: like field type hidden, but to be filled out by the client

  150. jonasw

    Ge0rG, > hidden The field is not shown to the form-submitting entity, but instead is returned with the form. The form-submitting entity SHOULD NOT modify the value of a hidden field, but MAY do so if such behavior is defined for the "using protocol".

  151. jonasw

    so exactly like field type hidden?

  152. Ge0rG

    jonasw: I was just going to post that quote, yes!

  153. SaltyBones

    so, just in case you don't have it on your radar yet

  154. SaltyBones

    GDPR will be in effect from may on

  155. SaltyBones

    GDPR will be in effect from May on

  156. jonasw

    I still have no idea what that means.

  157. SaltyBones

    I just attended a talk about it and tried to pull out of the guys nose what I have to do.

  158. SaltyBones

    And the answer is definitely not nothing.

  159. jonasw

    what is the answer then?

  160. SaltyBones

    In fact it is apparently so far away from nothing that it can only be described as "it's complicated" and he pretty much suggested that I shut down.

  161. jonasw


  162. SaltyBones

    Well, to not complicate things I only told him that I am running an e-mail server for family and friends...

  163. SaltyBones

    And apparently that means you actually have to do a bunch of things that somehow magically conform to the legalese of risk analysis and all the other umpteen steps I just heard about...

  164. SaltyBones

    I think nobody knows what it will mean in practice yet. The documents are complex and contain the usual, excessive amount of weaselwords.

  165. jonasw

    can someone not affected sue me?

  166. jonasw

    if not, I don’t care.

  167. SaltyBones

    I have no clue. He at some point seemed to answer this question with yes and later with no. :p

  168. SaltyBones

    I just wanted to mention it.

  169. Ge0rG

    SaltyBones: I'm a professional GDPR consultant. I can support you at only 175€/hr.

  170. Zash

    Is "Self-host in your own home" still the best way to avoid all legalities?

  171. SaltyBones

    Ask Ge0rG! :D

  172. Ge0rG

    Zash: no. "Do not store other people's data" is the best way.

  173. Zash

    Good thing we made MAM mandatory!

  174. Ge0rG

    Zash: you might understand now why I insist on https://prosody.im/issues/867 so much.

  175. Zash

    Ge0rG: I'd probably go with disabling it entirely until explicitly enabled via prefs if I were me

  176. Ge0rG

    Zash: are you you?

  177. Zash

    Not sure

  178. Ge0rG

    I'm sure I'm not you.

  179. Zash

    Uh, this doesn't look right: https://xmpp.org/extensions/xep-0158.html#registrar-formtypes-register

  180. Zash

    Is that the same as the captcha from above it?