XSF Discussion - 2018-04-13


  1. Maranda

    Ge0rG and sorted the GC1 directed presence stuff now it tracks those too (also for carbons)

  2. Ge0rG

    Maranda: what do you do with Carbons differently?

  3. Maranda

    Not much, it checked muc whispers looking into the resource session's "joined mucs" table before but that didnt cover GC1, now it'll fall back to the directed bare I added in that case covering it.

  4. Maranda

    also removed a loop so it's a pro point as we

  5. Maranda

    As well*

  6. Maranda

    Ge0rG and outside mucs there's no use I currently see of directed presences as well so it's safe enough to make an assumption

  7. Ge0rG

    I don't know what the use case for directed presence was...

  8. Holger

    > In general, a client sends directed presence when it wishes to share availability information with an entity that is not subscribed to its presence, typically on a temporary basis. Common uses of directed presence include casual one-to-one chat sessions as described under Section 5.1 and multi-user chat rooms as described in [XEP-0045].

  9. Holger

    And I've seen IoT people doing directed presence for some reason.

  10. Zash

    Jingle maybe

  11. lovetox

    jonasw, Ge0rG: did one of you implement that coloring xep? maybe in a python lib that i now just can use 😃?

  12. jonasw

    lovetox, jclib has the functions

  13. jonasw

    I also have some stuff in C++

  14. jonasw

    lovetox, I wanted to make it a standalone lib but never gotten around to do it

  15. Ge0rG

    externalize everything! `pip install left-align`

  16. jonasw

    Ge0rG, this is python, not node.js

  17. lovetox

    ok nice thanks i will look into it

  18. Ge0rG

    jonasw: or is it?

  19. jonasw

    lovetox, jclib doesn’t have a license file, but it’s going to be GPLv3+ or LGPLv3+. you can extract and use the coloring stuff under MIT, Apache 2.0 or 3-clause BSD, whatever pleases you.

  20. jonasw

    no guarantee that it’s 100% the XEP as it stands right now, I might’ve some experiment in there

  21. jonasw

    double-check the constants

  22. lovetox

    people can say about python what they want, but so many people using it and because of it so many libs and code exists is such a huge plus that language architecture details dont really matter

  23. lovetox

    yes thanks

  24. jonasw

    ah yes, it’s not what’s in the XEP atm.

  25. lovetox

    jonasw, doesnt really matter for me now

  26. Ge0rG

    jonasw: have a different branch :P

  27. lovetox

    i just need something that colors my nicks

  28. jonasw

    yeah, the difference is minor

  29. lovetox

    ah i really have to try now to run a minimal gtk application with aioxmpp

  30. lovetox

    i wanted to do this for a long time

  31. jonasw

    I had a basic demo somewhere, but it might’ve been lost

  32. lovetox

    if it works with gtk, i definitly plan to try and port gajim to it

  33. Ge0rG

    Yeah, finally consistent colors!

  34. jonasw

    neeaaat

  35. Ge0rG

    I totally love it.

  36. jonasw

    lovetox, you might wanna look into jclib instead/in addition

  37. Ge0rG

    But maybe I'm an OCD nerd.

  38. jonasw

    Ge0rG, :)

  39. jonasw

    it’s a bit more high-level than aioxmpp. it’s essentially the non-GUI part of jabbercat

  40. lovetox

    to be honest i just need the low level socket stuff

  41. Ge0rG

    It's great that there are four different XMPP libraries for python

  42. jonasw

    Ge0rG, if lovetox pulls the port off, it’s down to three...

  43. Ge0rG

    We should rename XMPP to NIHP

  44. lovetox

    gajim uses nbxmpp only for connection and roster

  45. lovetox

    every other xep is in gajim code implemented

  46. Kev

    So, five then? :)

  47. lovetox

    😃

  48. Ge0rG

    Yeah.

  49. jonasw

    lovetox, ah okay, then it’s like, just use aioxmpp.Client

  50. lovetox

    no joke, people asked on the list that gajim should be able to run without gui

  51. Kev

    At least there's only one Qt/C++ client :)

  52. lovetox

    and send events via dbus

  53. lovetox

    so they can use it to write gui around it

  54. lovetox

    😃

  55. Ge0rG

    Kev: because no sane people use C++ today :P

  56. Ge0rG

    D-Bus.

  57. Kev

    Ge0rG: Also, I think there's five, or something.

  58. jonasw

    lovetox, I thought about that model actually, but I found that it will rarely be sufficient.

  59. Ge0rG

    Isn't D-Bus similar to XMPP, conceptually?

  60. Ge0rG

    Wasn't there some discussion of that failed idea in the context of telepathy?

  61. jonasw

    Ge0rG, pep., winfried, in case you missed it: https://www.earth.li/mailman/listinfo/gdpr-discuss

  62. Ge0rG

    Where the maintainer complained in public how it was a horrible idea to have a local generic abstraction of IM services

  63. pep.

    Ge0rG, yeah I pasted that here a while back if you want to look at your logs

  64. pep.

    jonasw, saw it! thanks. Not sure if we should start something there already?

  65. pep.

    Maybe just drop a word that we're having a look at it in public

  66. jonasw

    stpeter already sent two mails there

  67. pep.

    Ah ok

  68. jonasw

    yeah I thought about that too

  69. jonasw

    stpeters mail was not directly related to our discussions though

  70. pep.

    Ge0rG, https://mail.gnome.org/archives/desktop-devel-list/2017-September/msg00047.html

  71. Anu

    I always felt many architectural decisions like this were influenced by x. Back in the day everything was slow when rendering remotely so no one would notice

  72. Ge0rG

    pep.: great, thanks

  73. jonasw

    You lose a huge amount by not being able to have your protocol code in the same process as the UI, unless you write an API which basically _is_ your protocol, or an API which is the UI, but the bigger the gap between the two, the more developers fall into that pit and don't get any UI or protocol work done. :)

  74. jonasw

    this is so true

  75. jonasw

    whenever I thought about whether it’s somehow reasonable to separate jabbercat in multiple processes (for whatever gain, I had various insane ideas), I ended up with excatly that: my IPC protocol would’ve been essentially XMPP•

  76. Zash

    This was what Jabber was originally designed for after all :)

  77. Ge0rG

    jonasw: I've experienced that the hard way with yaxim as well. The foundation was written by two CS students who overengineered everything.

  78. Anu

    Yup, this was how Monal on Mac developed too. There was a minor justification 10 years ago because I also had Oscar but it just started replicating stuff

  79. Anu

    I think convemourally ui logic should be separate makes sense

  80. Ge0rG

    Nine years later, I finally added a shortcut from the UI through the service, data provider into the XMPP implementation

  81. jonasw

    if anything, jabbercat will ship/be able to directly interface with a local biboumi at some point.

  82. Ge0rG

    via XMPP or via C++ API calls?

  83. Anu

    Dbus sounds like mvc taken to a logical extreme :) . Just ditch the view

  84. Ge0rG

    Just do everything ith XMPP Data Forms.

  85. jonasw

    Ge0rG, XMPP

  86. jonasw

    Ge0rG, when I have a massive surplus of energy next, I want to implement the server-side of the Component protocol in aioxmpp for an experiment.

  87. lovetox

    I wonder what happend to Link Mauve server jingle component

  88. lovetox

    btw Link Mauve seems absent for a while now

  89. moparisthebest

    jonasw, is it going to be useable from other clients or only locally?

  90. jonasw

    moparisthebest, locally

  91. jonasw

    obviously

  92. jonasw

    we don’t have a way to host components in clients.

  93. moparisthebest

    not if you used my amazing echo-self :P

  94. jonasw

    that’s a crude hack which I won’t support.

  95. moparisthebest

    yes, because breaking carbons/mam is superior

  96. moparisthebest

    ...

  97. Ge0rG

    jonasw: you might want to make a separate lib sor server things

  98. jonasw

    Ge0rG, it’s not meant to be a server thing

  99. jonasw

    it’s meant to be a shim wrapper to make use of components locally. I don’t even know if that’ll work.

  100. jonasw

    I don’t intend to get into server business.

  101. pep.

    lovetox: he's busy with the strikes in France :p

  102. pep.

    goffi also has a jingle component implementation btw

  103. Ge0rG

    winfried: I just realized that http://thealiceandbobsuicide.org redirects to your homepage. I'd really love that page to re-appear again, is that feasible?

  104. Maranda

    😁

  105. Maranda

    We shall make an e2ee sticker with it

  106. Ge0rG

    I was linking to the archive.org cache, but it's down today.

  107. winfried

    Ge0rG: maybe in a bit different form: I don't want to go through the hassle of maintaining a WordPress site for just two static pages again....

  108. moparisthebest

    winfried, wget the page from archive.org, put it at that path?

  109. MattJ

    It's just text, any simple HTML page would suffice

  110. moparisthebest

    while we are on the subject, Ge0rG always links it as some type of argument against e2e, can anyone explain that to me?

  111. moparisthebest

    the only argument I can glean from it is something like "e2e doesn't protect against everything, so why bother" which is dumb

  112. moparisthebest

    or "sometimes software has bugs, so why bother" in which case why are we here

  113. SamWhited

    heh, I'd forgotten about that; I didn't realize that was your site winfried, well done

  114. Ge0rG

    Yeah, kudos for it

  115. moparisthebest

    so what am I missing? any takers on explaining it to me? :)

  116. winfried

    moparisthebest: working on restoring it ;-)

  117. moparisthebest

    winfried, well I've read them both from https://web.archive.org/web/20110501005631/http://thealiceandbobsuicide.org/ but I still must be missing the point

  118. winfried

    moparisthebest I would like grasp where you are missing the point

  119. moparisthebest

    winfried, I'm only seeing 2 possible arguments either "e2e doesn't protect against everything, so why bother" or "sometimes software has bugs, so why bother"

  120. winfried

    The point I had in mind while setting it up is: we are suggesting a sense of security by the way we talk about technology, but we can't guarantee that

  121. Maranda

    Which is not hard at all to understand..

  122. moparisthebest

    well I completely understand and agree with that

  123. winfried

    I never wanted to imply 'why bother' btw, just be very careful

  124. moparisthebest

    the only way I've seen people *use* the site before is in the context of "e2e is a complete waste, don't bother, see http://thealiceandbobsuicide.org/"

  125. moparisthebest

    which is what I was disagreeing with

  126. winfried

    and e2e: I still want to write a nasty rant against e2e :-D

  127. Zash

    Hmmmm what?

  128. winfried

    thealiceandbobsuicide.org can be used against e2e, as much as against any security technology that is presented as THE solution for every problem

  129. moparisthebest

    right, I just think it needs to be clear what a particular technology does/protects against, and what it does not

  130. winfried

    moparisthebest: yes, and we need to aware of issues created by the platform, (human) circumstances etc. I have literally spend days on fairs where companies were selling boxes that were welded shut with the promise that if you put them in your network, your network is save. Right...

  131. winfried

    https://www.tilanus.com/#weblog_pantsdown

  132. moparisthebest

    winfried, yea that's just the misconception that closed/black box means secure, when the opposite is true

  133. moparisthebest

    I saw one not too long ago, promised secure email, ended up being a raspberry pi glued inside a fancy case with numerous security flaws, can't find it now...

  134. winfried

    a Dutch company sold pgp-phones. All secret keys were generated and stored on a server in Canada. All the police had to do, was to seize that server and they could catch tens of heavy criminals

  135. moparisthebest

    ha I found it winfried https://www.nomx.com/ https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/

  136. winfried

    moparisthebest: yeah, great story too!

  137. Ge0rG

    Like the story of the NSA compromising Gemalto to obtain the secret keys of all SIM cards.

  138. moparisthebest

    and this is why, pre-2013 people could go "this is make believe, you are protecting against a non-existant threat"

  139. moparisthebest

    then 2013 happened and there is proof it's a thing that happens daily

  140. Maranda

    funny, this code was so stupidly broken yet it *worked*

  141. Maranda is in one of those "gawd" moments.

  142. Maranda

    (... and obviously fixing something else broken it.)

  143. Maranda

    (... and obviously fixing something else borked it.)

  144. edhelas

    PHP 5.4, wow