XSF Discussion - 2018-04-13

Ge0rG and sorted the GC1 directed presence stuff now it tracks those too (also for carbons)

Maranda: what do you do with Carbons differently?

Not much, it checked muc whispers looking into the resource session's "joined mucs" table before but that didnt cover GC1, now it'll fall back to the directed bare I added in that case covering it.

also removed a loop so it's a pro point as we

As well*

Ge0rG and outside mucs there's no use I currently see of directed presences as well so it's safe enough to make an assumption

I don't know what the use case for directed presence was...

> In general, a client sends directed presence when it wishes to share availability information with an entity that is not subscribed to its presence, typically on a temporary basis. Common uses of directed presence include casual one-to-one chat sessions as described under Section 5.1 and multi-user chat rooms as described in [XEP-0045].

And I've seen IoT people doing directed presence for some reason.

Jingle maybe

jonasw, Ge0rG: did one of you implement that coloring xep? maybe in a python lib that i now just can use 😃?

lovetox, jclib has the functions

I also have some stuff in C++

lovetox, I wanted to make it a standalone lib but never gotten around to do it

externalize everything! `pip install left-align`

Ge0rG, this is python, not node.js

ok nice thanks i will look into it

jonasw: or is it?

lovetox, jclib doesn’t have a license file, but it’s going to be GPLv3+ or LGPLv3+. you can extract and use the coloring stuff under MIT, Apache 2.0 or 3-clause BSD, whatever pleases you.

no guarantee that it’s 100% the XEP as it stands right now, I might’ve some experiment in there

double-check the constants

people can say about python what they want, but so many people using it and because of it so many libs and code exists is such a huge plus that language architecture details dont really matter

yes thanks

ah yes, it’s not what’s in the XEP atm.

jonasw, doesnt really matter for me now

jonasw: have a different branch :P

i just need something that colors my nicks

yeah, the difference is minor

ah i really have to try now to run a minimal gtk application with aioxmpp

i wanted to do this for a long time

I had a basic demo somewhere, but it might’ve been lost

if it works with gtk, i definitly plan to try and port gajim to it

Yeah, finally consistent colors!

neeaaat

I totally love it.

lovetox, you might wanna look into jclib instead/in addition

But maybe I'm an OCD nerd.

Ge0rG, :)

it’s a bit more high-level than aioxmpp. it’s essentially the non-GUI part of jabbercat

to be honest i just need the low level socket stuff

It's great that there are four different XMPP libraries for python

Ge0rG, if lovetox pulls the port off, it’s down to three...

We should rename XMPP to NIHP

gajim uses nbxmpp only for connection and roster

every other xep is in gajim code implemented

So, five then? :)

😃

Yeah.

lovetox, ah okay, then it’s like, just use aioxmpp.Client

no joke, people asked on the list that gajim should be able to run without gui

At least there's only one Qt/C++ client :)

and send events via dbus

so they can use it to write gui around it

😃

Kev: because no sane people use C++ today :P

D-Bus.

Ge0rG: Also, I think there's five, or something.

lovetox, I thought about that model actually, but I found that it will rarely be sufficient.

Isn't D-Bus similar to XMPP, conceptually?

Wasn't there some discussion of that failed idea in the context of telepathy?

Ge0rG, pep., winfried, in case you missed it: https://www.earth.li/mailman/listinfo/gdpr-discuss

Where the maintainer complained in public how it was a horrible idea to have a local generic abstraction of IM services

Ge0rG, yeah I pasted that here a while back if you want to look at your logs

jonasw, saw it! thanks. Not sure if we should start something there already?

Maybe just drop a word that we're having a look at it in public

stpeter already sent two mails there

Ah ok

yeah I thought about that too

stpeters mail was not directly related to our discussions though

Ge0rG, https://mail.gnome.org/archives/desktop-devel-list/2017-September/msg00047.html

I always felt many architectural decisions like this were influenced by x. Back in the day everything was slow when rendering remotely so no one would notice

pep.: great, thanks

You lose a huge amount by not being able to have your protocol code in the same process as the UI, unless you write an API which basically _is_ your protocol, or an API which is the UI, but the bigger the gap between the two, the more developers fall into that pit and don't get any UI or protocol work done. :)

this is so true

whenever I thought about whether it’s somehow reasonable to separate jabbercat in multiple processes (for whatever gain, I had various insane ideas), I ended up with excatly that: my IPC protocol would’ve been essentially XMPP•

This was what Jabber was originally designed for after all :)

jonasw: I've experienced that the hard way with yaxim as well. The foundation was written by two CS students who overengineered everything.

Yup, this was how Monal on Mac developed too. There was a minor justification 10 years ago because I also had Oscar but it just started replicating stuff

I think convemourally ui logic should be separate makes sense

Nine years later, I finally added a shortcut from the UI through the service, data provider into the XMPP implementation

if anything, jabbercat will ship/be able to directly interface with a local biboumi at some point.

via XMPP or via C++ API calls?

Dbus sounds like mvc taken to a logical extreme :) . Just ditch the view

Just do everything ith XMPP Data Forms.

Ge0rG, XMPP

Ge0rG, when I have a massive surplus of energy next, I want to implement the server-side of the Component protocol in aioxmpp for an experiment.

I wonder what happend to Link Mauve server jingle component

btw Link Mauve seems absent for a while now

jonasw, is it going to be useable from other clients or only locally?

moparisthebest, locally

obviously

we don’t have a way to host components in clients.

not if you used my amazing echo-self :P

that’s a crude hack which I won’t support.

yes, because breaking carbons/mam is superior

...

jonasw: you might want to make a separate lib sor server things

Ge0rG, it’s not meant to be a server thing

it’s meant to be a shim wrapper to make use of components locally. I don’t even know if that’ll work.

I don’t intend to get into server business.

lovetox: he's busy with the strikes in France :p

goffi also has a jingle component implementation btw

winfried: I just realized that http://thealiceandbobsuicide.org redirects to your homepage. I'd really love that page to re-appear again, is that feasible?

😁

We shall make an e2ee sticker with it

I was linking to the archive.org cache, but it's down today.

Ge0rG: maybe in a bit different form: I don't want to go through the hassle of maintaining a WordPress site for just two static pages again....

winfried, wget the page from archive.org, put it at that path?

It's just text, any simple HTML page would suffice

while we are on the subject, Ge0rG always links it as some type of argument against e2e, can anyone explain that to me?

the only argument I can glean from it is something like "e2e doesn't protect against everything, so why bother" which is dumb

or "sometimes software has bugs, so why bother" in which case why are we here

heh, I'd forgotten about that; I didn't realize that was your site winfried, well done

Yeah, kudos for it

so what am I missing? any takers on explaining it to me? :)

moparisthebest: working on restoring it ;-)

winfried, well I've read them both from https://web.archive.org/web/20110501005631/http://thealiceandbobsuicide.org/ but I still must be missing the point

moparisthebest I would like grasp where you are missing the point

winfried, I'm only seeing 2 possible arguments either "e2e doesn't protect against everything, so why bother" or "sometimes software has bugs, so why bother"

The point I had in mind while setting it up is: we are suggesting a sense of security by the way we talk about technology, but we can't guarantee that

Which is not hard at all to understand..

well I completely understand and agree with that

I never wanted to imply 'why bother' btw, just be very careful

the only way I've seen people *use* the site before is in the context of "e2e is a complete waste, don't bother, see http://thealiceandbobsuicide.org/"

which is what I was disagreeing with

and e2e: I still want to write a nasty rant against e2e :-D

Hmmmm what?

thealiceandbobsuicide.org can be used against e2e, as much as against any security technology that is presented as THE solution for every problem

right, I just think it needs to be clear what a particular technology does/protects against, and what it does not

moparisthebest: yes, and we need to aware of issues created by the platform, (human) circumstances etc. I have literally spend days on fairs where companies were selling boxes that were welded shut with the promise that if you put them in your network, your network is save. Right...

https://www.tilanus.com/#weblog_pantsdown

winfried, yea that's just the misconception that closed/black box means secure, when the opposite is true

I saw one not too long ago, promised secure email, ended up being a raspberry pi glued inside a fancy case with numerous security flaws, can't find it now...

a Dutch company sold pgp-phones. All secret keys were generated and stored on a server in Canada. All the police had to do, was to seize that server and they could catch tens of heavy criminals

ha I found it winfried https://www.nomx.com/ https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/

moparisthebest: yeah, great story too!

Like the story of the NSA compromising Gemalto to obtain the secret keys of all SIM cards.

and this is why, pre-2013 people could go "this is make believe, you are protecting against a non-existant threat"

then 2013 happened and there is proof it's a thing that happens daily

funny, this code was so stupidly broken yet it *worked*

(... and obviously fixing something else borked it.) ✏

PHP 5.4, wow