XSF Discussion - 2018-05-01


  1. Ge0rG

    xnyhps: Y U h4xed my car? https://www.bleepingcomputer.com/news/security/volkswagen-and-audi-cars-vulnerable-to-remote-hacking/

  2. Maranda

    Yay perhaps "Watchdogs 2" style

  3. Ge0rG ain't no consolero

  4. Maranda

    Your loss

  5. Ge0rG

    I'm playing sokoban today. The old house is full of boxes, and the transporter guys will arrive in T-22h

  6. Ge0rG

    And I still have to put most of the things I own into boxes.

  7. Maranda

    Hmm on a different topic does yax.im fetches a static public servers list from somewhere? If it does at all

  8. Maranda

    Sounds fun

  9. Ge0rG

    Maranda: you mean yaxim, the client, not yax.im the server?

  10. Maranda

    And s/Yax.im/Yaxim/

  11. Maranda

    No the client obviously

  12. Ge0rG

    Maranda: https://github.com/pfleidi/yaxim/blob/master/res/values/servers.xml

  13. Ge0rG

    That URL doesn't work any more

  14. Ge0rG

    The original source is lost.

  15. Maranda

    Ge0rG I re enabled IBR (I implemented account locking and e-mail verification for it, so it's rather safe) now I need to scour all clients who singled out my server and re-add it 🙄

  16. Maranda

    PR incoming soon

  17. Maranda

    Btw

  18. Ge0rG

    Maranda: yaxim doesn't support entering the email address / data-forms

  19. Ge0rG

    Maranda: feel free to PR that as well

  20. Maranda

    Ge0rG damn you! 🤣

  21. Holger

    Almost no clients do.

  22. pep.

    Which is sad

  23. Maranda

    Well Gajim does and that is sorted

  24. Maranda

    I suppose that saves me sending PRs all around

  25. Maranda

    As usual spent time implementing something that will be unused

  26. Maranda thinks "That's XMPP lads ®️"

  27. Holger

    Ah I thought not even Gajim supported this last time I checked.

  28. Holger

    Maranda: Does it support the email field or the form or both?

  29. Maranda

    Holger it does support all custom fields

  30. Maranda

    s/custom/additional registration/ rather

  31. Maranda

    If you enable verification it'll make e-mail mandatory

  32. Maranda

    And I guess "both"

  33. Holger

    Sounds good.

  34. Ge0rG

    Gajim's user onboarding is so messed up, I don't even want to think about it

  35. Maranda

    Ge0rG, I don't find it so messed and it supports dataforms element pretty well

  36. Maranda

    https://upload.lightwitch.org/share/WMKL7jaY5eHb9786/ibr-forms.png

  37. Ge0rG

    Maranda: what did you have to enter in the screen before?

  38. Maranda

    just accounts, new account, and if you don't have any it'll bring you there automagically?

  39. Ge0rG

    how did you chose the server?

  40. Maranda

    register a new account > list of servers

  41. Maranda

    how is that messed?

  42. SamWhited

    This is a vaguely interesting thread if you want to see how people that aren't in this room think about instant messaging: https://twitter.com/actuallyalice/status/990889721525161986

  43. Maranda

    we need 90s messaging back, where you'd have msn, yahoo, jabber, ICQ all running from 1 app

  44. Maranda

    huhu

  45. moparisthebest

    Maranda, can't you do that using pidgin right now?

  46. Maranda

    moparisthebest, sorry I'm quoting one of the tweets

  47. Maranda

    I should have actually quoted it

  48. moparisthebest

    oops, I should read previous posts sometimes :)

  49. Maranda

    And I should stretch bbl

  50. lovetox

    they could use just sms

  51. moparisthebest

    did someone say https://jmp.chat/ ?

  52. moparisthebest

    https://signal.org/blog/looking-back-on-the-front/ "Amazon threatens to suspend Signal's AWS account over censorship circumvention"

  53. UsL

    interesting.. Time to choose smthng else than a centralized solution like that..

  54. moparisthebest

    maybe some type of federated standard might be a good choice

  55. Wiktor

    moparisthebest: in case you're interested in what would Signal guys respond to "federated would help" https://news.ycombinator.com/item?id=16870595

  56. moparisthebest

    I'll summarize that:

  57. moparisthebest

    "there are serveral other properties and trade-offs like then we couldn't lock people into our walled garden"

  58. Wiktor

    I think it's a valid point that if you have federated but only a handful of big servers, it's still easy to block, I think zinid mentioned this previously (but I may be wrong). The rest is of course marketing but that's obvious :)

  59. moparisthebest

    sure I agree with that

  60. moparisthebest

    but the point is to have a bunch of small ones

  61. moparisthebest

    the bigger ones have more resources to resort to hacks like signal

  62. moparisthebest

    (multiple servers, answer differently to different regions, etc)

  63. Wiktor

    > but the point is to have a bunch of small ones And I agree with that 👍

  64. moparisthebest

    and if the govt starts blocking them, new ones can start up to replace those

  65. Wiktor

    One way or another it's interesting to see how Moxie resolves their problems, well, usually it's better to learn on someone else's problems

  66. moparisthebest

    it becomes a game of whack-a-mole

  67. Wiktor

    Yes, but until your identity is tied to domain name you'd have to setup your roster each time you switch a server

  68. moparisthebest

    well we could expand the protocol to make things like that easier

  69. moparisthebest

    (or just save them locally on the client and share them across accounts, no protocol involved)

  70. Ge0rG

    Like Briar?

  71. Wiktor

    Identify user by keys not domains... And we're back to OpenPGP!

  72. moparisthebest

    hmm that is an interesting thought

  73. moparisthebest

    the onion-like setup would in theory allow you to chat with 1 person on multiple JIDs, identified by key

  74. moparisthebest

    and since there rosters are 100% client-side anyway, you could hop servers as much as you wanted

  75. Ge0rG

    > @signalapp Time to move to the blockchain!:D https://twitter.com/pray4crypto/status/991390269798010880 nailed it!

  76. Wiktor

    Sign your subscription requests and clients can see you're the same person :)

  77. Zash

    But federation isn't about censorship resistance.

  78. Ge0rG

    Zash: no? I'm out then!

  79. moparisthebest

    Wiktor, yea but who wants to leak to the servers that you are the same person? :)

  80. Wiktor

    Did I forget "encrypted with OMEMO" ? Encryption here and there a little always help... :)

  81. moparisthebest

    anyone know a server in the wild that implements this websocket discovery method? https://tools.ietf.org/html/rfc7395#section-4

  82. Wiktor

    moparisthebest: conversations.im

  83. Wiktor

    But they lack correct CORS headers for web clients for this file... Forgot to report that

  84. moparisthebest

    thanks!

  85. Wiktor

    No problem, I tested one web client there, worked like a charm. Actually this is just a file and both ejabberd and Prosody have websocket support. So it's trivial to set up.

  86. Ge0rG

    Oh, is my client desynchronized, or is the board meeting still ongoing?

  87. ralphm

    I thought I fixed that

  88. ralphm set the topic to

    XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  89. ralphm

    I blame Conversations

  90. moparisthebest

    yea Wiktor I just wanted to see an example of an actual file in the wild :)

  91. Wiktor

    Got it :)

  92. Ge0rG

    ralphm: thanks!

  93. Zash

    Looks like I still have one too

  94. ralphm

    Zash: but federation does address some issues caused by attempts to censorship. E.g. the blockage in Russia of AWS would not affect servers hosted in Russia.

  95. Andrew Nenakhov

    ralphm, unless servers hosted in Russia will also be blocked from AWS. And they will be, eventually.

  96. Wiktor

    I think the point is just that Russia users could talk to their friends in Russia without problems (unaffected by AWS).

  97. Andrew Nenakhov

    No. Russian servers would be asked to give up data or be shut down

  98. ralphm

    Which is different threat.

  99. Andrew Nenakhov

    Actually it's the same threat. Local servers can be blocked using same method as international ones. Authorities just have even more leverage over local services because they can not only block server but also physically access it.