XSF Discussion - 2018-04-06

  1. Seve/SouL

    Yes, people get scared when hear Jabber, as UsL said, people then to make 'do not like face' saying 'the old old chat thing??' (in case they know it)

  2. Ge0rG

    I'm still waiting for a viable alternative proposal that will work without a multi million marketing campaign

  3. Neustradamus

    Ge0rG: first migrate the planet to xmpp.org ^^

  4. UsL

    so I replied in operators@ instead of here.. : S

  5. UsL

    still havent had my morning coffee :O

  6. edhelas

    I have more and more spam each days

  7. Ge0rG

    UsL: you might associate Jabber with a low-quality implementation, but at least you know what it is about.

  8. edhelas

    my only solution for now is to blacklist more and more servers

  9. Guus

    I frown upon people not taking their morning coffee ceremony seriously.

  10. Guus

    (afk, getting coffee)

  11. Ge0rG

    Guus: have a nice weekend

  12. Guus

    Weekend? We've got an entire workday ahead of us 🙂

  13. Ge0rG

    Guus: in that case you don't take your morning coffee ceremony sufficiently serious.

  14. intosi

    Broken records are broken.

  15. Guus

    yes, that was the implied joke.

  16. Neustradamus


  17. Maranda

    Just one coffee??!!

  18. Maranda looks at his the "quadruple" espresso coffee cup.

  19. Maranda


  20. Ge0rG 's got a 475ml on-the-go coffee cup.

  21. Guus

    My office is also my kitchen, where the espresso machine is. 😊

  22. intosi

    Deliberately keeping my coffee machine two floors down from my office ;)

  23. UsL

    yes, that is the case. Still, jabber and the lightbulb feels dated compared to xmpp and the xmpp logo. Is it supposed to be two horns? Or two of those ancient looking baskets that Miss Fortuna held. Cornucopia. Had to look it up.

  24. UsL

    haha, I'll try to coffee before talking hence forth

  25. Ge0rG

    UsL: nobody knows I think.

  26. Ge0rG

    There was a long logo discussion last year

  27. UsL

    the description fits though: "commonly a large horn-shaped container overflowing with produce, flowers or nuts."

  28. UsL

    : D

  29. UsL


  30. Ge0rG

    The only thing I can agree on. We are all nuts.

  31. UsL

    that settles it. The logo depicts two cornucopias

  32. Maranda


  33. Maranda


  34. Seve/SouL

    I love the XMPP logo

  35. Seve/SouL

    Feels modern

  36. Seve/SouL

    (subjective I know)

  37. Maranda

    Too bad that normal people can't stop going "what" whenever you mention "ECS-AM-PEE-PEE" who knows maybe it's the two final P ™️. Thoughts?

  38. Ge0rG

    Maranda: just ask them for their JID then.

  39. Maranda


  40. Guus

    I think the logo form is based on the 'X' in XMPP.

  41. Maranda

    UsL was till on the way out of his trip with "cornucopias and stuff" me thinks

  42. Maranda


  43. Ge0rG

    Maranda: so you are processing urine of former military police personnel? That's noble.

  44. Zash

    The pointy bit of speech balloons?

  45. Maranda

    Ge0rG 🤨 that statement didn't 🖥

  46. Maranda


  47. Ge0rG

    Maranda: ex MP pee.

  48. Maranda


  49. Maranda


  50. Zash

    Members of Parliament?

  51. Holger

    Zash, flow: Seems I'm missing something regarding "Blocking of subscription request denials"? What's the problem with the server (1) handling my 'unsubscribed' presence as usual but (2) not forwarding it to the requester?

  52. Holger

    flow: > on subsequent incoming requests from the blocked entity have the server send an error (or rejection) presence. This would clearly violate 0191 ("For presence stanzas (including notifications, subscriptions, and probes), the server MUST NOT respond and MUST NOT return an error"), no?

  53. Ge0rG

    Zash: those, too.

  54. flow

    Holger, I'm not sure if we talk about the same thing anymore. What I have in mind is: 1) A sends sub request to B; 2) B blocks A; at 2 A's server could reject the sub request from the blocked entity

  55. flow

    What is the rationale of xep191 becoming a presence blackhole?

  56. Zash

    Holger: Possibly an implementation detail. Gets complicated for one plugin to let another do some of the processing for an event but not other.

  57. flow

    Holger, you seem to talk about: 1) A sends sub request to B; 2) A blocks B; 3) B rejects A's sub request

  58. flow

    In which case I'd also say that the server should simply process the rejection (unsubscribed) as usual

  59. jonasw

    winfried, Ge0rG: I wont be able to make todays meeting, sorry

  60. Zash

    flow: You send me a sub request. I block you, then I deny that request. I get an error because I blocked you, and then I get the request sent to me every time I sign in with no way to do anything about it.

  61. Zash

    Holger: ^

  62. Holger

    flow: No I didn't talk about the latter case but about the one Zash repeated now.

  63. Holger

    I can easily see this being meh to implement. I was just wondering whether I got the scenario wrong. Maybe I didn't after all :-)

  64. Zash

    Might be a case of "being modular is hard"

  65. flow

    You get an error if you send a stanza to an entity you have blocked?

  66. Zash

    > If the user attempts to send an outbound stanza to the JID, the user's > server MUST NOT route the stanza to the JID but instead MUST return a > <not-acceptable/> error [...]

  67. flow


  68. Zash

    I suppose you could argue that presence management stanzas are not outbound stanzas.

  69. Holger

    Zash: So process the stanza and send an error :-)

  70. flow

    I wonder what's the rationale behind that

  71. Holger

    Zash: Hah I thought I'm kidding but seems that's ejabberd's behavior.

  72. Holger

    Probably does the trick in practice.

  73. Zash

    Looks like Prosody would send the not-acceptable error to itself, not to the user, if presence handling was done before blocking.

  74. Holger

    Talking to yourself can be healthy.

  75. Zash

    We're already breaking another MUST so that you don't get a ton of not-acceptable in response to normal presence broadcasts, in case you've blocked a bunch of subscription=both|from contacts

  76. Ge0rG

    what's wrong with that not-acceptable? It allows the client to show the contact as "bad"

  77. Holger

    Zash: What MUST are you breaking in that case?

  78. Zash

    That same one I quoted above

  79. Zash

    It doesn't distinguish between presence stanzas sent from the server and those sent from the user.

  80. Zash

    Ge0rG: Hmmm

  81. Ge0rG

    Can we persist error messages in offline storage/MAM?

  82. Holger

    Zash: A presence broadcast qualifies as an attempt "to send an outbound stanza to the JID"?

  83. Zash

    How do you know your denial was processed

  84. pep.

    GDPR meeting in 5min!

  85. Ge0rG


  86. Ge0rG

    I'm totally unprepared.

  87. winfried

    Sorry, will be late and have to leave early

  88. Ge0rG attempts to remember who the other GDPR expert was some days ago

  89. pep.


  90. pep.

    jonasw, ?

  91. Ge0rG

    pep.: jonasw> winfried, Ge0rG: I wont be able to make todays meeting, sorry

  92. pep.


  93. pep.

    Shall we start anyway? Have a look at what's left

  94. pep.

    winfried, how long do you have

  95. Anu


  96. Anu

    Where is gdpr meeting? Here?

  97. pep.

    Appart from the LQ{1,2}, I think we've covered the C2S case pretty much already?

  98. pep.

    Anu, yes

  99. Ge0rG

    Anu: here and now, though we are missing some people

  100. pep.


  101. Anu

    Also dealing with baby so I might lurk

  102. Ge0rG

    hi Anu! :)

  103. pep.

    I'm taking minutes of whatever this will be :p

  104. Anu

    I’ll try to participate to the best of my ability

  105. Ge0rG

    It looks like we are missing two participants, including our chair.

  106. Ge0rG

    I can try to chair a bit, but I'm rather unprepared, so brace for a very loosely organized session

  107. pep.

    I guess we'll do it short and plan another date

  108. winfried is present

  109. pep.

    winfried, ready?

  110. Ge0rG

    I think we have multiple points that still need to be worked out: Q1.1d List legal grounds for the processing - that didn't feel quite finished to me, especially regarding federation Q1.1e Analyse possible consequences Q1.2: What consequences does the GDPR has for the XMPP server operators Q1.3: What can/should the XSF do with it?

  111. winfried

    have to leave at 14:00 CEST (35 minutes from now)

  112. winfried

    Ge0rG: yes, S2S / federation is still open

  113. Ge0rG

    I've briefly looked at GDPR work in the IETF, but didn't find something like a WG, it's just a topic in different sub-orgs

  114. Ge0rG

    Anu wanted to add more lawyer questions, which I'd like to hear as well

  115. winfried

    Anu: yes, please!

  116. Ge0rG

    Maybe we can ask Board for some budget regarding those.

  117. Anu

    1: what level of logging is legal on xmpp servers

  118. Anu

    2: what info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved

  119. Ge0rG

    Anu: I think that server logs are pretty well covered under recital 49

  120. winfried

    Anu: +1 @ Ge0rG

  121. Ge0rG


  122. winfried

    Anu: pii is also quite well defined

  123. Ge0rG

    winfried: is it really?

  124. Ge0rG

    I think there is still no clear consensus whether IP addresses are PII or not ,)

  125. winfried

    Ge0rG: they are

  126. winfried

    (but IPadresses are a nice edge-case)

  127. pep.

    I was also told they are. But yeah they might not identify just one individual

  128. Ge0rG

    Anu: the questions are also very technical. You'd have to explain to the lawyer how XMPP works, first.

  129. winfried

    For the process right now: I propose we take a look at the tasks at hand check if we can do some of them before the next meeting and plan a next meeting...

  130. pep.


  131. winfried


  132. winfried

    I added 'TBD' on some places Q1.1d still needs some more details and from Q1.1e everything is work in progress.

  133. Ge0rG

    winfried: yeah. We should talk about federation now

  134. pep.

    I feel Q1.1e is going to be even more speculation than the rest

  135. winfried

    pep.: yes

  136. Ge0rG

    pep.: I think there are some non-speculative parts in e. Like how to do a data retention policy, and how to implement the right to be forgotten

  137. winfried

    Ge0rG: Yes, starting with Q1.1b on S2S

  138. pep.

    Ge0rG, ok I wouldn't have put right to be forgotten in 1.1e

  139. winfried

    Next TBD Q1.1c on S2S

  140. Ge0rG

    so let's do S2S 1.1b and c

  141. pep.


  142. winfried

    pep.: 1.1e is *very* speculative

  143. Ge0rG

    for 1.1b S2S: - s2s meta-data (IP addresses, hostnames, sessions, probably server logs) - I don't think the GDPR applies - user meta-data (presence, subscriptions, message routing) - user content (messages, pubsub, ...)

  144. pep.

    s2s meta-data, I think GDPR is out as well, it's not somebody's private info

  145. winfried


  146. Ge0rG

    - MUC history, MUC MAM

  147. pep.


  148. Ge0rG

    anything else for 1.1b?

  149. winfried

    can't think of anything right now

  150. pep.

    I think that covers pretty much everything

  151. Ge0rG

    remote components

  152. pep.

    include pubsub in there then

  153. Ge0rG

    there is component access to roster, I don't know which kind of data is a transport allowed to access there

  154. Anu

    3: when an xmpp opeator is fined is it based on personal income if they are non profit?

  155. winfried

    remote_vibrator.tilanus.com? ;-)

  156. Ge0rG

    Anu: 3 -> no

  157. pep.

    Ge0rG, I would consider that as standard s2s

  158. Ge0rG

    Anu: the fine is max(0.04*turnover, 200k€) - so even if you are broke, you can be fined 200k€

  159. winfried

    Who can add this to the wiki? One TBD down then!

  160. pep.

    winfried, I'm taking the minutes

  161. Ge0rG

    pep.: https://xmpp.org/extensions/xep-0321.html#request_roster

  162. winfried

    pep.: thanks!

  163. pep.

    Ge0rG, hmm

  164. Ge0rG

    Remote Roster Management requires explicit user consent, and provides information about it, so I suppose this is well covered by the existing legal framework

  165. Ge0rG

    However, I'd like to have Remote Roster Management explicitly listed as a data type

  166. winfried

    Ge0rG: +1

  167. winfried

    good catch

  168. pep.


  169. Ge0rG

    next: Q1.1c

  170. winfried

    - transfer to an other controller

  171. winfried

    - archiving (MAM, MAM on MUC)

  172. Ge0rG

    - s2s meta-data - typically just inside of server logs, so R49 probably applies - user meta-data: all transfer requires (implicit) user consent - by joining a MUC or sending a message to somebody or accepting a subscription

  173. pep.

    I had a legalese 101 question, what is meant by "third-party country" in chapter 5? Does that mean it only applies when transfering data to *other* countries?

  174. Ge0rG

    pep.: non-EU

  175. winfried

    pep.: transfer to non-EU is also a possible processing here....

  176. pep.

    So they always use this third-party country term from what I gathered, where is transfer within EU entites defined then

  177. winfried

    pep.: No, 5 is about transfer out the EU

  178. pep.

    I see

  179. Ge0rG

    winfried: does it matter if we do s2s inside or outside the EU?

  180. winfried

    Ge0rG: Yes

  181. Ge0rG

    then we need to separate that

  182. winfried

    outside chapter 5 applies, inside not

  183. pep.

    That's going to be fun

  184. winfried

    *big time*

  185. pep.

    Zash, be prepared to see a mod_gdpr appear at some point :p

  186. winfried

    pep.: before may the 25th :-P

  187. pep.


  188. winfried

    I have to leave soon :-(

  189. winfried

    new appointment?

  190. pep.

    Ok, we should do date of next

  191. pep.

    I'm free anytime. monday same time?

  192. winfried


  193. winfried

    though monday better a bit earlier

  194. pep.

    What time?

  195. winfried

    starting between 9:00 and 12:00 CEST works the best for me

  196. Ge0rG

    I can starting 10:30CEST

  197. winfried

    jonasw: any possibility?

  198. pep.

    err that's 9:30am here ><

  199. pep.

    I'll have to get up

  200. pep.

    But ok

  201. pep.

    winfried, jonasw is not here. will try to ping him during the weekend

  202. winfried

    pep.: thanks

  203. pep.

    So monday 10:30CEST it is then?

  204. winfried


  205. pep.

    cool, *bang*

  206. winfried


  207. pep.

    Ge0rG, I would rename your "user meta-data" above in Q1.1c to "user data", it's talking about messages etc.

  208. Ge0rG

    pep.: no, it's message routing metadata

  209. pep.

    Ok so we still have to cover user content then, that works

  210. pep.

    Though winfried mentioned MAM etc.

  211. Ge0rG

    MAM contains both

  212. pep.

    https://cryptpad.fr/code/#/1/edit/Zc1c+aBtFP-49TYSX0T+7g/VcSdjDmU9rC0crMKwQyiehe9/ what I have for now. I'll have another read after lunch

  213. Anu

    Meeting still happening?

  214. Ge0rG

    Anu: nope

  215. Anu

    Aw ok

  216. Anu

    Looks like it was productive

  217. Anu

    Mod gdpr will probably be needed

  218. Anu

    Honestly gdpr is the biggest gift to walled garden monolithic messaging systems. Unless you control the whole stack it’s hard to be compliant

  219. Anu

    I’m wondering if xmpp will even be legal. It was made from another time and merrily leaks ip addresses to other servers

  220. Anu

    E.g push servers get device ips

  221. Ge0rG

    Anu: push servers like Google and Apple? They have your IP anyway

  222. Ge0rG

    Anu: I don't see how XMPP is different from email

  223. Anu

    No push like push.monal.im that use Apple to push to your device

  224. Anu

    I know chatsecure and conversations have similar push servers

  225. Holger

    Anu: Registration with the push service for Conversations works without revealing the IP address, though.

  226. Ge0rG

    Anu: push.monal.im talks to your XMPP server and to Apple APNS, not to the client

  227. pep.

    Yeah it's quite similar to email and I don't think they'd want to get rid of this. Also I didn't see anything federation specific in Google's policies

  228. Anu

    The out of band registration will log the device ip on the push server

  229. Holger

    (It's done via XMPP, i.e. routed over your server.)

  230. Holger

    Anu: In your case, yes.

  231. Ge0rG

    Anu: that's not part of the XEP, is it?

  232. Holger

    Right, the XEP doesn't specify how to register.

  233. Anu

    Or I’m mixing protocols :( hold on

  234. Anu

    Let me see

  235. Ge0rG

    so should I switch my father-in-law from ChatSecure to Monal now?

  236. Holger

    Anu: AFAIK clients register against push.monal.im via HTTP and thereby reveal their IP address (short of using some proxy), yes. I'm just saying it doesn't have to work this way, and doesn't for Conversations (but also for ChatSecure IIRC).

  237. Anu

    Not yet . I haven’t published the libsignal stuff

  238. Ge0rG

    Anu: no need for E2EE, just chat and http-upload

  239. Ge0rG

    not even MUCs

  240. Anu

    Bah you know I I’m tired when I don’t remember how my own push service works :(

  241. Anu

    Oh right it’s s2s in with token info

  242. Anu

    Tokens should be suitably pseudoanonymized

  243. Holger

    Anu: The actual registration step is via HTTP, AFAIK :-)

  244. Anu


  245. Anu

    The rest call

  246. Holger


  247. Holger


  248. Anu

    Phew I thought I was thinking of another protocol

  249. Holger


  250. jonasw

    monday 10:30 CEST wfm if we don’t draw it out too long, Ge0rG, winfried

  251. jonasw

    I’d like to leave at 11:30 CEST

  252. Anu

    No joke I have like four of them swirling in my head and they are all usually very similar

  253. Ge0rG

    Holger: is there a TL;DR about setting up push on an xmpp server the right way?

  254. Holger

    Ge0rG: For ejabberd you enable mod_push and mod_push_keepalive, but that's probably not what you meant?

  255. pep.

    jonasw: cool

  256. Ge0rG

    Holger: yeah, in retrospect it was pretty dumb to ask you things about my server.

  257. daniel

    I think the process on prosody isn't much harder

  258. Anu

    Yeah it’s pretty straightforward on prosody

  259. Anu

    That’s what I use

  260. Ge0rG

    I'm not sure if it's ChatSecure then that's borked, or if my father-in-law can't properly use his phone.

  261. Holger

    mod_cloud_notify now supports the mod_push_keepalive magic AFAIK, at least partly.

  262. daniel

    I think for chatsecure you might want to look at the patched mod_cloud_notifiy

  263. Holger

    Hm or maybe not.

  264. daniel

    Don't ask me why that isn't mainline though

  265. Ge0rG

    daniel: patched where?

  266. Holger

    It is now.

  267. Holger

    Well a variant of it.

  268. Ge0rG

    since when?

  269. Holger

    (The same variant I'm going for with ejabberd.)

  270. Ge0rG

    So many questions. All off topic

  271. Anu

    Is the keep alive to keep the connection open?

  272. daniel

    Holger: a variant that is compat with Chatsecure?

  273. Holger

    daniel: Yes.

  274. daniel


  275. Anu


  276. daniel

    Anu: it's to check if the connection is still alive and if not send a push as a wakeup signal

  277. Holger

    Anu: It's to keep the stream management session open, yes. Mostly to make push notifications work for MUC messages.

  278. Anu

    Isn’t the whole point that we use the push to signal time to wake up

  279. Anu


  280. Anu

    Oh man so do you guys see me going offline constantly?

  281. Holger

    Anu: The client disconnects but the session remains alive.

  282. Anu

    Ah cool that’s exactly what I need!

  283. Anu

    I’ve only been using Monal with muc and push

  284. Holger

    Anu: For this to work, you must close the TCP session without terminating the XMPP stream.

  285. Anu


  286. Anu

    And resume it ok wake up

  287. Ge0rG

    The next thing we need to design: MUC notification filtering, where the mobile client doesn't need to be joined all the time but can connect and MAM-sync when the user is highlighted

  288. Anu

    Thats what I do now but user showing up as offline when I close the tcp connection has been driving me nuts

  289. Holger

    Anu: https://mail.jabber.org/pipermail/standards/2016-February/030925.html and https://mail.jabber.org/pipermail/standards/2016-February/030925.html

  290. Holger

    Anu: I'm not sure whether mod_cloud_notify can be configured to do that.

  291. Ge0rG

    prosody will keep the session visible as online as long as smacks doesn't kill the zombie

  292. Anu

    I’m thinking about a completely non invasive fix for this on the client side. Ditch offline, it’s not really a thing anymore. It doesn’t solve the muc issue though

  293. Holger

    Ge0rG: But there's no hack to increase the timeout for the push case?

  294. Ge0rG

    Anu: "offline" is a limited use case, but "dnd" is rather important, I'd say

  295. Holger

    Ge0rG: Wouldn't you just silence your phone rather than hoping your contacts will respect that status?

  296. jonasw

    Holger, but letting contacts know that they won’t have success with sending you a message is probably nice?

  297. jonasw

    also maybe a thing which lets a sender override that dnd silence if and only if they are in some whitelist

  298. Holger

    I think "last activity" is a better indicator for success chances.

  299. Ge0rG

    Holger: my jabber goes dnd when I silence my phone.

  300. jonasw

    e.g. "people from the family group may circumvent phone dnd (raise a priority notification) if asked for"

  301. Holger

    jonasw: I mean in theory I see your point but in practice presence status is just always wrong.

  302. jonasw

    Holger, is it?

  303. Ge0rG

    Holger: I think "last activity" is a nice addon to proper dnd signaling

  304. jonasw

    Ge0rG, if I had that setting, I would always be dnd :)

  305. jonasw

    it would be great if the presence was reflected by the actual DND status of the phone.

  306. Holger

    Ge0rG: My phone does the same, but I'm often available despite my phone being quiet. It's just always wrong.

  307. jonasw

    (not sure if this is lineageos specific, but it has a neat DND mode where you can say either priority only, alarms only or total silence for N hours)

  308. jonasw

    (or by time)

  309. Ge0rG

    jonasw: that lineageos mode is fucking with my brains.

  310. jonasw


  311. Ge0rG

    there used to be (silent+alarms|vibration|normal) and then they split up the first one into two different ones

  312. Ge0rG

    and one of them ended up also silencing the alarm.

  313. Ge0rG

    Really, who on earth wants their alarm silenced?

  314. pep.

    I say it's a valid use case

  315. jonasw

    there is probably a use-case for that.

  316. jonasw

    think small children wihch might be woken up or something, meetings of indefinite duration, …

  317. Ge0rG

    ...coming late to work.

  318. jonasw

    that only happened when it -- I think -- didn’t reset the alarm volume after I accidentally triggered total silence

  319. Anu

    My phone is permanent silenced haha

  320. Anu

    I don’t even know what my alert tones are

  321. Anu

    But that might be a very narrow use case.

  322. Anu

    I honestly think one problem for xmpp is that there are mobile and desktop clients. Mobile will almost never be offline or away

  323. Anu

    Desktop might be.

  324. Ge0rG

    Anu: there are people shutting down wifi and mobile data over night

  325. Anu

    Really? That’s a thing?

  326. Ge0rG

    Anu: and there are people going outside of network coverage for hours

  327. jonasw

    Anu, it is a thing, I’m one of them

  328. Ge0rG

    my worst case is to take long phones when on 2G

  329. jonasw

    my phones battery doesn’t like if conversations is in 20 MUCs overnight for no reason.

  330. Ge0rG

    jonasw: but it is there for a reason!

  331. Anu


  332. Ge0rG

    you could miss an xmpp rant!

  333. Holger

    Anu: I'm not sure the presence status is really that useful on the desktop either.

  334. Anu

    I’ve been thinking a lot about my ui choices and how they are rooted in 90s tech

  335. Anu

    I still have status under the username in the contact list

  336. jonasw

    Ge0rG, I can read up on XMPP rants in poezio :>

  337. Anu

    No one pays status anymore

  338. Anu


  339. Anu

    It was a proto Twitter

  340. Ge0rG

    Anu: Kev suggested to rework status from a per-client thing to a per-account thing. It would make more sense then

  341. Holger

    Ge0rG: Would the result be much different from how clients show presence today?

  342. Seve/SouL

    I have my alarm silenced by the way

  343. Ge0rG

    Holger: probably not

  344. Seve/SouL

    I wake up just with the phone's vibration (although I usually wake up some minutes before it starts)

  345. Zash

    pep.: Make it so

  346. pep.

    Not exactly sure what would go in there though

  347. Ge0rG

    Anu: is there a Monal iOS beta program?

  348. pep.

    `forbid_non_compliant_s2s = true` :o

  349. Ge0rG

    Anu: if I "delete this account" from Monal, will it delete the account on the server or just the client setup for it?

  350. Ge0rG

    hm. the latest version is a year old and doesn't show contact names, but shows multiple JIDs per contact.

  351. Maranda

    EU is becoming a mass of demented nonsense, well it was already but now it's even more.

  352. Maranda waits for the "comprehensible TODO" summary about GDPR.

  353. Maranda

    Without the vomiting lagalese included. 😠

  354. pep.

    You'll have to deal with that vomiting legalese anyway

  355. Maranda

    Not all of that pepe, I'm sure that 80% is as usual incomprehensible blah blah that ends in a possible "compression ratio" of 3/4

  356. LNJ

    I started implementing SIMS (https://xmpp.org/extensions/xep-0385.html) in my XMPP client. The XEP tells me that data sent using Bits of Binary (https://xmpp.org/extensions/xep-0231.html) is stored on the server, but I can't find any definition of a protocol to send such data to the server. Also e.g. prosody says that the Bits of Binary XEP is server independant and thus works even if the server doesn't support it. I also can't find an implementation for ejabberd. Can somebody explain that? :D

  357. Ge0rG

    hey LNJ, you are working on Kaidan, right?

  358. Anu

    Ge0rg: will not delete from server.

  359. Anu

    There is a beta I can invite you to

  360. LNJ

    Ge0rg: Yep, that's right

  361. daniel

    LNJ: you basically just put base64 stuff in the same stanza

  362. Ge0rG

    Anu: yes please

  363. daniel

    On the root level of the stanza

  364. LNJ

    So of the root level of the SIMS Stanza?

  365. daniel

    No on the root level of the message stanza

  366. LNJ

    Ah ok

  367. daniel

    And then the Sims reference references that

  368. LNJ

    But isn't the BoB XEP saying to not include the data directly, if it's larger than ~1 KiB?

  369. daniel


  370. daniel


  371. LNJ

    Ok, so I'll just ignore that fact ...

  372. LNJ


  373. daniel

    Ignore that. But keep them reasonable small I guess

  374. Ge0rG

    daniel: is SIMS the new OOB?

  375. daniel

    The entire stanza including mam overhead should be less than 10k bytes

  376. daniel

    I was planning on generating thumbs with 2kb or 3

  377. LNJ

    Ok then it should into 10 kB

  378. LNJ

    * should fit

  379. daniel

    Just to be clear you could request bob from the other party in an iq request as well

  380. daniel

    That defeats the stateless part though

  381. daniel

    But bob would allow you to do that

  382. daniel

    Ge0rG: some people want it to be the new oob

  383. daniel

    I'm not entirely convinced

  384. daniel

    Partially because of the weirdness I've just talked about

  385. Ge0rG

    References has weirdness, SIMS does, OOB does too (in the IQ section)

  386. LNJ

    But that's not very nice if the other use has to be online. But I'll implement that as well, just for the case. :D

  387. Ge0rG

    Madness everywhere

  388. Zash

    People are weird

  389. daniel

    I'm relatively convinced that the way I just described it is the way it is supposed to work (sticking it in the root of the message). However that is entirely unclear after reading the xep

  390. Ge0rG

    daniel: will you replace OOB with SIMS? References?

  391. daniel

    Replace. Probably not. Maybe I do both. I'm mostly in it for the thumbs

  392. daniel

    While other people are in it for the mime tag

  393. daniel

    *most other people

  394. daniel

    But ux wise this opens a can of worms on the Conversations side

  395. daniel

    That's why i have been pushing this off

  396. jonasw

    hm, the last argument of yours on this I heard was "how does it work with e2ee"?

  397. Ge0rG

    daniel: btw, how does Conversations handle non-picture uploads like PDF, or pictures that are attached instead of recompressed?

  398. daniel

    it doesn't. but i don’t care. i'm just doing thumbs different in omemo

  399. jonasw

    so, virtually everywhere?

  400. daniel


  401. daniel

    public mucs

  402. jonasw

    so you’d auto-download/show content in public MUCs?

  403. daniel

    that's where thumbs will be used most of the time anyway

  404. daniel

    because they are not auto downloaded

  405. daniel

    unlike the rest of conversations

  406. jonasw

    ah I wa sthinking you were replacing auto-download with auto-show-thumbs-and-tap-for-full-version

  407. daniel

    mhhh maybe not. i still think i'll be autodownloading files by default

  408. daniel

    users can always turn that of. and having thumbs might make that more attractive

  409. daniel

    haven't thought about that before you brought that up

  410. jonasw

    maybe auto-fetch thumbs and download full versions when and only while the conversation is in view?

  411. daniel

    yeah maybe. first things first though. implement thumbs and aftewards we can maybe think about changing the auto download defaults

  412. daniel

    Ge0rG, things that exceed the auto download size currently have a normal button that says 'donwload pdf document'

  413. daniel

    or download mime/type if it's not well known

  414. Maranda wonders how'll that work with gdpr.

  415. Maranda

    (auto fetching thumbs)

  416. daniel

    and files for which i do not have a thumbnail after download will just display an open $foo button

  417. Ge0rG

    you leak your IP if you are browsing images in any random web forum, so meh.

  418. Ge0rG

    daniel: if you plan to auto-download, there is no need to pursue thumbs. Except for huge files

  419. Maranda

    Ge0rG, *made in legalese*

  420. daniel

    yes like i said the way it currently works they will mostly be shown in mucs

  421. daniel

    where i don't have auto download

  422. daniel

    but they open the door to changing the auto download behaviour as jonas and i were just discussing

  423. daniel

    plus fancy

  424. Ge0rG

    LNJ: do you happen to have a Kaidan MUC?

  425. LNJ

    Well ... yes, but after file uploads

  426. LNJ

    AH .. you mean a channel

  427. Ge0rG

    LNJ: yes. A place where I can bother you without going through github

  428. LNJ

    Yes there was one at kaidan@conference.siacs.eu .. but I'd prefer a new on the new kaidan.im server

  429. LNJ

    Wait, I'll create one ..

  430. Seve/SouL

    Thanks, LNJ.

  431. Ge0rG was hosting the inofficial dino MUC for a while, until the devs finally made their own one

  432. LNJ


  433. LNJ

    ... wait need to configure my dns

  434. LNJ

    Haven't used muc before on that server

  435. moparisthebest

    yay it's back https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-02

  436. moparisthebest

    they also thankfully mention hiding ALPN using the same mechanisms

  437. Ge0rG

    Looks like our editors are on Easter holidays.