XSF Discussion - 2018-03-05

What's not to get about the mam thread. Closing gaps is incredibly difficult in current MAM.

I can totally see why they want to retrieve a list of all ids

yeah, I realized that while writing my reply

Also when you are woken up by the os after a push I can see why you maybe want to just get one message instead of all the back log

but assuming that with bad connection, the overlap between the "huge" gap (which spans from "last message ID of the gapless huge block in the past to now) and messages received inbetween should be small enough to not worry about the overhead?

I might not do that in my application.

But I can see why someone would want to do that

How is filling a hole hard? You say "Give me stuff between these ids".

yeah, I don’t see the problem with that; the push service should just deliver that ID.

Kev, what if you don’t have those IDs?

Kev: remembering where the gaps are is

because you don’t get IDs for messages you sent!!k

jonasw: you have ids of things surrounding the gap. You can use the start and end of a returned set that isn't complete.

* first / last

intosi, *if* you actually have the IDs, yes

but it makes things more complex than "query MAM from the last ID you got"

Other than sent messages, which are an obviously different problem, why would you not have them?

^ what Kev asked

Kev, other than that, you’d have them if your server supports giving you IDs on carbons

If you know there's a hole, you have a first and a last id.

I am just arguing that the suggesiton from that thread that all you’d have to do is to query since the last ID: > And how it is more simple than "the latest message I have has ID XXXXX, request all messages since XXXXX"? is not correct.

jonasw: It depends what you're trying to achieve.

If you want complete sync, then Edwin is right.

If you only want recent sync, then the holes don't matter so much.

But in any case, ISTM that filling the holes is possible anyway.

Assuming you get the ids on messages sent/received, but those are orthogonal issues.

Kev, yes, it is possible

so I drafted this: https://github.com/jabbercat/jabbercat/issues/26#issuecomment-370333729

would that work or do I have a logic fault in that?

(regarding backfilling holes)

s/event/message/ if you can’t follow

jonasw: sounds pretty complicated considering the general dump clients approach of xmpp

I find it rather okay-ish. It has the advantage (compared to a list of stanza-IDs from the server) that I can dedup properly even if I don’t get stanza-ids on all stanzas, which is sadly currently the state-of-the-xmpp-art

jonasw: i agree with you that it is _possible_ to close gaps. But at what cost. Do you really want to point every xmpp developer to that algorithm?

one could also simply keep track of the last "MAM-confirmed" message and always sync from there.

the number of dups should be neglectible anyways if sync failed due to bad network.

> one could also simply keep track of the last "MAM-confirmed" message and always sync from there. That's what I do. And I only dedup once because then I put the mam ID in the dedupped message by the way

But thats a different thing than closing gaps

Sounds straightforward enough.

daniel, in the end, the gap is closed; what do you consider "closing gaps"?

I love how for every xep there is ab 'algorithm' or an explanation on some random persons blog or github like here is how you use that xep.

https://github.com/signalapp/Signal-Android/issues/7460 Signal down

Time to blow the xmpp horn!

Oh, it's up again, only was down for two hours

Damn.

vanitasvitae, wouldn’t the MAM usage you proposed on standards@ cause a long-connected client to re-download all messages it alread has received live?

jonasw: sorry, I'm not sure which proposal you are talking about :D

vanitasvitae, the email which starts with: > Maybe it helps to write down how most xmpp devs use MAM

oh damn

:D

I think I got you confused

Wasnt me probably

which also explains why "you" are so proficient with MAM, that was unexpected to me

:D

I think lovetox sent that mail, right?

yeah

Ugh… https://github.com/redsolution/xabber-android/issues/802

Suddenly Swift's issue reporting doesn't seem so bad, does it? :)

You mean closing any issue and opening it in your internal bugtracker, where you can say exactly the same thing without me knowing it? :p

I think the 'without you knowing it' bit matters :)

I mean, no, we'd never do that!

😼

Link Mauve, to be fair that scanner thing had a ton of false positives, even on conversations...

in fact what I've seen of it was *only* false positives up to now

moparisthebest, they haven’t been able to scan Conversations because you have to pay for it.

oh, was it a different scan then?

I'm having trouble finding it but there was definitly a 'scan report' released recently that accused conversations of having trackers too

moparisthebest, there was one for some Conversations “plugin”: https://reports.exodus-privacy.eu.org/reports/search/eu.siacs.conversations.sharelocation

But that’s not Conversations.

I hatethose things, they always say stuff without any context

'ACCESS_COARSE_LOCATION Dangerous' … umm, no, it's a mapping app, that's expected.

https://reports.exodus-privacy.eu.org/reports/2332/ otoh, is doing well.

SamWhited, or internet access, for an application opening a TCP connection on a non-HTTP port. :p

Isn't Android's INTERNET permission just implicit and given to everything? That one seems really extreme

yes

lolwat, INTERNET "dangerous"?

I thought they were changing that at some point, maybe 8 or in the future?

this is one of the now fewer reasons why I insist rooting is necessary for a secure android phone

(because you can firewall applications from the internet that way)

I’m more worried about android or the telephony itself being massively insecure. If I wouldn’t trust the apps I’m running, I can trash the device right away I feel.

Anyway, these guys are very open to suggestions, I can pass any you have.

I'm more worried about "scanners" like this training non-technical users to look at exactly the wrong things.

yeah

scanning for trackers is probably sane

Not IMO

dunno

SamWhited, when you see things such as https://blog.acolyer.org/2018/03/05/apps-trackers-privacy-and-regulators-a-global-study-of-the-mobile-tracking-ecosystem/

depends on how safe against false-positives it is

It’s not exactly “the wrong thing”.

I'm aware, but Google's app analytics stuff isn't that.

jonasw, it isn’t, because by European laws they are not allowed to decompile or anything.

Their tester is a glorified grep.

I would not support a statement which said that "google analytics is exactly the wrong thing to look at when checking how privacy friendly a thing is" though

I block Google Analytics on the web, I would do the same if I had a phone.

yea but if you voluntarily use the google play store to install apps, that seems like a hard opt-in to google analytics tracking to me

which is why I only use f-droid personally

moparisthebest, most people don’t know alternatives even exist.

They use what was installed when they bought their phone.

Windows monopoly all over again

I know, depressing :'(

moparisthebest, does Google Play Store leaks when you launch applications or what you do in them, or something?

additionally most phones don't allow you to remove google play, again, you have to root it for that

Or is it just what you install and when?

I know it can uninstall apps and install updates without your permission too

so *probably* all of those things?

wait did you say only https wasn't a red flag? why is TLS on 443 any less suspicious than other ports? :'(

“18:05:56 jonasw> lolwat, INTERNET "dangerous"?”, I asked them, apparently the category is given by Google.

That quoting

Sorry, I haven’t worked on poezio in a long time. :x

Anyone have any recommendations for a simple XMPP git bot?

github sends me notifications on commits. maybe their bot is opensource. I don't know.

rion: how?

Yeah github has uh hubot? It's kinda a giant thing that does a whole lot more than respond to a on commit hook

There's one that announces commits in the poezio room, ask them what they use.

Thanks Zash

IIRC it got added to Github itself, somehow.

I think there is one by github themselves, which they host, and a ruĝamia from redmine.

You could also do what we (prosody) do, and put something as a receive-hook on the server, if you have control over that

Zash, that's what i'm planning on doing.

example of github standard hook http://pix.academ.info/img/2018/03/06/af0363c83be4f268ad76a09ecb0fa35f.png

> I think there is one by github themselves, which they host, and a ruĝamia from redmine. Where can I finds the bot by github itself?

We already do this with email, but channel notifications would be nice.

you could have the email trigger an xmpp message >:)

j.r, I couldn’t find their source code in a short search, I don’t know.

Ok

moparisthebest, yes - but what software exists to do the XMPP part?

I could write this myself but I figured someone had already done it

https://github.com/github/github-services/tree/master/lib/services search for "xmpp"

wild guess

Seems to match the options in Settings → Integrations

jjrh, https://github.com/moparisthebest/sendxmpp-py https://github.com/moparisthebest/sendxmpp-rs ancient-perl-sendxmpp, called by a hook or sieve script

cheers!

of those I'd suggest the python one if it works for you

Does it do MUC or just message?

ew yea, just message

you probably want a proper bot then

Yeah that's what it's sounding like. Probably should just write something myself, the examples are handy though.

sendxmpp-py should be fairly easy to modify to do that I think

Yeah - what might work nicely is to use sendxmpp to send a message to a bot which can have some more smarts

https://github.com/moparisthebest/sendxmpp-rs/blob/master/Cargo.toml I think your description might be wrong ;)

ha yea looks like it, how the hell did that happen, probably what cargo new does by default or something

rion, do you have a room for psi dev?

or psi in general

xmpp:psi-dev@conference.jabber.ru?join

yay captcha..

Ge0rG, https://github.com/ge0rg/easy-xmpp-invitation/pull/9 works fine for me on firefox and firefox focus (mobile)

Would be nice if you merge it t get rid of Google Fonts

s/t/to