XSF Discussion - 2018-06-27

00:01:13 daniel has joined
00:01:21 lumi has left
00:02:52 Dave Cridland has left
00:03:27 Dave Cridland has left
00:06:47 daniel has left
00:11:58 lorddavidiii has left
00:13:47 daniel has joined
00:19:20 daniel has left
00:22:40 lorddavidiii has left
00:31:06 daniel has joined
00:31:14 jjrh has left
00:31:28 la|r|ma has left
00:34:15 MattJ has joined
00:37:39 daniel has left
00:46:09 marc has left
00:48:09 daniel has joined
00:51:11 lumi has joined
00:56:43 daniel has left
01:01:48 xnyhps has left
01:01:48 xnyhps has joined
01:06:36 dos has left
01:06:47 Dave Cridland has left
01:11:12 daniel has joined
01:21:24 Zash has left
01:22:21 lumi has left
01:26:39 daniel has left
01:31:16 daniel has joined
01:34:07 jere has left
02:00:22 jjrh has left
02:01:18 SamWhited has left
02:04:21 Dave Cridland has left
02:11:52 jjrh has left
02:13:32 muppeth has left
02:13:34 muppeth has joined
02:15:03 daniel has left
02:22:46 daniel has joined
02:32:51 daniel has left
02:38:00 Dave Cridland has left
02:38:59 Dave Cridland has left
02:39:32 Dave Cridland has left
02:42:49 daniel has joined
02:43:54 Dave Cridland has left
02:46:11 Dave Cridland has left
02:48:23 daniel has left
02:49:14 Dave Cridland has left
02:49:19 Zash has joined
02:49:30 Zash has left
02:50:27 Zash has joined
02:50:40 Zash has left
02:51:13 Zash has joined
02:51:26 Zash has left
02:52:08 Zash has joined
02:52:21 Zash has left
02:53:17 Zash has joined
02:53:24 Zash has left
02:54:21 Zash has joined
02:58:33 Dave Cridland has left
03:03:11 daniel has joined
03:09:07 daniel has left
03:24:49 daniel has joined
03:30:20 daniel has left
03:34:39 Dave Cridland has left
03:40:42 SamWhited has left
03:41:52 j.r has joined
03:42:52 j.r has joined
03:45:57 daniel has joined
03:51:00 Dave Cridland has left
03:55:14 j.r has joined
03:57:57 j.r has joined
04:04:21 daniel has left
04:05:51 daniel has joined
04:07:42 Nekit has joined
04:11:22 daniel has left
04:17:45 kasper.dement has joined
04:22:49 Dave Cridland has left
04:26:34 daniel has joined
04:27:48 kasper.dement has left
04:28:23 jere has joined
04:42:07 lnj has joined
04:46:52 lskdjf has joined
04:51:07 goffi has joined
04:59:13 tux has left
04:59:14 tux has joined
04:59:14 Dave Cridland has left
05:01:02 lskdjf has joined
05:05:54 marmistrz has joined
05:06:46 lskdjf has joined
05:07:18 jere has joined
05:22:19 Dave Cridland has left
05:23:38 la|r|ma has joined
05:24:37 goffi has left
05:29:22 goffi has left
05:30:51 daniel has left
05:31:02 Chobbes has joined
05:31:02 Chobbes has joined
05:31:04 Dave Cridland has left
05:36:36 goffi has left
05:41:15 goffi has left
05:42:33 goffi has left
05:45:44 Dave Cridland has left
05:46:24 daniel has joined
05:47:03 Ge0rG has left
05:49:08 Nekit has left
05:49:08 Nekit has joined
05:49:32 goffi has left
05:52:43 goffi has left
05:55:08 Ge0rG has left
05:57:26 moparisthebest has left
05:57:28 daniel has left
06:01:56 Ge0rG has left
06:07:53 goffi has left
06:09:29 Guus has left
06:10:54 daniel has joined
06:11:38 SaltyBones has left
06:12:09 SaltyBones has joined
06:15:11 andy has joined
06:29:27 Guus has left
06:30:15 Dave Cridland has left
06:32:02 Guus has left
06:32:29 Ge0rG has left
06:32:44 alacer has left
06:32:46 alacer has joined
06:34:35 mikaela has joined
06:34:40 alacer has left
06:34:42 alacer has joined
06:34:49 alacer has left
06:38:07 Ge0rG Sam is bringing up a point. How do you protect a web service from files uploaded by users?
06:40:48 labdsf has left
06:40:53 jonasw context?
06:41:03 Dave Cridland has left
06:41:27 Ge0rG I upload a html+js file via http-upload, share the link with you, it's executed in your browser, I get your webchat / account login session cookie
06:41:38 Chobbes has joined
06:41:43 jonasw right, this should probably be in the security considerations
06:41:51 jonasw but I don’t see where he brings that up
06:41:57 Ge0rG the c.im cookie is only valid for account.c.im, so this specific issue doesn't apply
06:42:15 Ge0rG standards, three days ago, re Council Minutes 2018-06-20
06:42:23 jonasw (the solutions I’ve seen so far is to (a) be careful with the domain you choose for your upload service and (b) use Content-Disposition: attachment with anything which may contain executable code)
06:42:40 jonasw sure, I see that mail, but not what you’re saying in it :)
06:42:41 j.r has joined
06:42:56 j.r has joined
06:43:45 Ge0rG maybe I extended the focus of the question slightly. the general question was about "executable content"
06:43:48 Ge0rG whatever that is.
06:44:06 jonasw right
06:44:11 Ge0rG there is nothing about content-disposition in the XEP
06:44:15 jonasw somehow I didn’t get at all what that bullet point was trying to say
06:44:25 jonasw but what you interpret into it kinda makes sense
06:44:47 Ge0rG this is actually something I didn't have on my agenda on the last LC.
06:44:55 jonasw or maybe not, I’m not sure. I think when I first read it I thought something along the lines of "okay, a client really should not download and run an .exe, but that’s obvious"
06:44:56 Ge0rG ponders between "+1 but" and "-1 because"
06:45:39 jonasw I think those are mostly operational concerns which will probably evolve with how the web treats content in the future.
06:45:45 jonasw (nothing specific in mind)
06:45:50 jonasw they’re also not directly related to XMPP
06:45:54 Dave Cridland has left
06:45:55 jonasw so I would probably not block based on that
06:46:07 marmistrz has joined
06:46:24 daniel has left
06:46:39 jonasw they also don’t require a namespace bump or otherwise interaction with the entities implementing the protocol, AFAICT
06:47:11 Ge0rG yes
06:47:24 Ge0rG we are only giving server operators a huge, back-facing gun.
06:47:29 Ge0rG nothing wrong with that.
06:47:52 jonasw that’s not what I wanted to s ay
06:48:17 jonasw I wanted to say that it should be expected that we have to modify this in the future anyways, so modifying it right when it goes to draft should be ok too (regarding your "+1 but").
06:48:39 Ge0rG yeah, also don't want to be an asshole for security's sake. I played that card last time already.
06:48:41 jonasw this should be fixed ASAP, but blocking advancement based on that might not help with that
06:49:03 jonasw (something something demotivating authors something)
06:49:25 Ge0rG yeah, that.
06:50:27 Kev has left
06:51:30 daniel has joined
06:53:11 Dave Cridland has left
06:53:33 j.r has joined
06:53:38 j.r has joined
06:54:45 j.r has left
06:57:03 daniel has left
06:58:39 j.r has joined
06:58:55 SaltyBones has left
06:58:58 SaltyBones has joined
06:59:24 Dave Cridland has left
07:00:31 Dave Cridland has left
07:02:06 labdsf has left
07:02:33 xnyhps has joined
07:03:52 xnyhps has joined
07:03:59 Dave Cridland has left
07:05:02 daniel has joined
07:05:42 Dave Cridland has left
07:06:29 winfried has left
07:07:54 marmistrz has joined
07:08:54 goffi Hi, nobody answered my remarks on expiration date for HTTP upload, does anybody care? It seems a major point to me.
07:09:44 winfried has joined
07:15:21 Guus has left
07:17:26 jonasw goffi, I can’t recall your feedback. I think it would help the discussion if you would provide a link to your feedback.
07:18:33 goffi jonasw: https://mail.jabber.org/pipermail/standards/2018-June/035181.html
07:19:13 rion has left
07:19:23 jonasw goffi, I now recall that email. I do remember that you wrote it, but I also remember not seeing this as particularly important
07:19:39 goffi you don't think expiration date is important ?
07:19:41 jonasw maybe you should clarify on the mailing list why you think this is particularly important
07:19:57 jonasw ~~I’m not sure it’s extremely important to have this on the protocol.~~ ✎
07:20:05 goffi we upload file on a server, we don't know for how long, and we have no access to it then.
07:20:06 jonasw I’m not sure it’s extremely important to have this on the protocol level, it should be included in the Privacy Policy for sure. ✏
07:21:28 goffi jonasw: OK I'll try to explain more, thanks for feedback, I had the feeling to be ignored which is quite frustrating as it is a major point to me (even if it's to say that it's not that important for whatever reason).
07:22:09 jonasw sure
07:22:13 jonasw I fully understand that
07:22:28 labdsf has left
07:22:34 jonasw to me, it really did not come across to me that you thought that this is an important point, mostly because it lacked any rationale
07:22:41 moparisthebest has joined
07:22:53 Chobbes has joined
07:23:02 jonasw (typically when I try to raise a point I think is important, I’ll put a rationale on it *why* I think its important.)
07:24:13 Valerian has joined
07:25:13 Kev has left
07:25:22 ralphm has joined
07:27:59 daniel goffi: in parts that was due to me being extremely busy with work these days. And in parts I was taking the easy way out and was waiting for someone to write a me too or something
07:30:00 jonasw daniel, FWIW, I think this is a good idea and supplements the work I was aiming to do with ToS.
07:30:15 jonasw I also think that this can easily be added later because it’s a data form \o/
07:32:36 j.r has joined
07:32:41 j.r has joined
07:32:59 daniel yeah i’m ok with just putting it in there as an optional data form field
07:33:26 daniel but I don’t see a technical use case for it because it won’t be reliable anyway
07:33:43 daniel i see it as a pure TOS informational thing
07:34:05 jonasw maybe
07:35:35 Valerian has left
07:35:35 Valerian has joined
07:35:51 Dave Cridland has left
07:37:28 goffi jonasw: indeed, I've made a new message. daniel: OK, thanks to come in the discussion here, I've sent a new message to explain. I know it's not reliable, but it's informational, and there is a relation of trust with a server anyway (if I can trust retention date, I can't trust anything). It's the same with ToS.
07:38:07 Dave Cridland has left
07:38:30 lnj has left
07:38:32 Dave Cridland has left
07:38:48 Dave Cridland has left
07:38:48 Ge0rG Did you just add data forms to http upload?
07:39:24 goffi the think with putting it in the HTTP Upload XEP is to make it mandatory. If it's not, nobody will set the data. Also the HTTP Upoad Component probably knows when the files are deleted so it can be set automatically.
07:39:26 jonasw Ge0rG, they were always there
07:39:34 jonasw Ge0rG, in disco#info
07:39:40 j.r has joined
07:39:50 daniel goffi, i see and agree with most of your points. and don’t think the suggested solution is a very good one or a solution at all
07:39:50 Ge0rG Ah
07:40:19 daniel if anything we would need the client to mark a file as permanent (for avatars or blogs posts) or shortlived
07:40:27 daniel and maybe a deletion command
07:40:43 jonasw daniel, +1
07:40:49 Dave Cridland has left
07:40:51 j.r has joined
07:40:51 daniel just putting the information in there on how long a server might store it doesn't do anything
07:40:58 daniel or very very little
07:41:12 daniel i mean what i'm a supposed to do? reupload the avatar every 30 days?
07:41:18 Dave Cridland has left
07:42:13 goffi having a way to specify retention time in the request would be better, my email is not discarding this option.
07:42:13 Ge0rG Permanent storage requirements will break my GDPR compliance script... 🤔
07:42:56 j.r has joined
07:42:58 Ge0rG Or we need to have multiple upload components for temporary and permanent storage
07:43:04 jonasw ew
07:43:07 goffi daniel: is is possible to write your comments on standard@ even in a short email, so we can have other people input?
07:43:10 Kev I imagine it's generally down to local policy.
07:43:23 jonasw Ge0rG, your component could implement this trivially by putting permanant files in a different directory (and reflecting that in the URL)
07:43:24 Kev But avatars are an exception as they are 'always' permanent.
07:44:17 daniel jonasw, yeah. the problem with that is that you still need some policy on the server that prevents stupid clients from always using the permanent store
07:44:25 daniel and cluttering your file system
07:44:29 Kev Do you?
07:44:36 Kev I mean, you can always have usage limits.
07:44:48 jonasw daniel, quotas? and explicit request for permanent storage so that stupid clients need to be actively stupid at least
07:44:57 jonasw then it blows up in their face for reaching quotas and you’re done :)
07:45:14 jonasw quotas can be really small for permanent storage on IM deployments, 10 MiB or something
07:45:18 jonasw that’ll be reached extremely quickly
07:45:21 daniel jonasw, yes and yes. but it makes implementations a bit more complicated then 'just put it in a different folder' is what i'm saying
07:45:27 jonasw (when abused for sending gifs to MUCs)
07:45:35 jonasw daniel, you need to have some type of quota anyways
07:45:36 j.r has joined
07:45:49 daniel right. but then you need different quotas
07:45:49 Dave Cridland has left
07:45:53 j.r has joined
07:45:53 jonasw that’s true
07:46:18 daniel i'm not saying it can’t be done. but right now most http upload implementations are very very simple
07:46:37 Steve Kille has left
07:47:00 jonasw indeed
07:47:16 jonasw and I think if one went around and started abusing that, many servers would fail very quickly with ENOSPC
07:47:21 Dave Cridland has left
07:47:23 Ge0rG this sounds like a quick escalation from "file sharing" to "cloud storage provider"
07:47:30 daniel yes
07:47:43 daniel especially if you start doing delete
07:47:45 daniel and list files
07:47:58 Steve Kille has left
07:48:02 jonasw just implement WebDAV with XMPP auth
07:48:05 Ge0rG if you want to provide permanent storage, you need both listing and deletion. and quotas
07:48:11 daniel has left
07:48:19 jonasw actually, that doesn’t sound *too* bad for permanent HTTP-based storage.
07:48:25 daniel that’s why i see a general desire to have those features but am hesitent to put them in the xep
07:48:37 goffi that looks like the component I'm doing with Jingle.
07:48:39 Ge0rG jonasw: but custom http headers for obscure aws servers!11!
07:48:42 jonasw you’ll probably find a WebDAV library and servers which support WebDAV. just make the client pass some token in the HTTP Auth header and done.
07:48:58 lorddavidiii has left
07:49:18 goffi in this case why not keeping HTTP Upload for simple temporary storage, and specifying date of expiration, and having more elaborated components for stuff like avatar or blogs ?
07:49:31 Dave Cridland has left
07:49:58 jonasw goffi, this sounds very reasonable
07:50:04 goffi and explicitly forbidding permanent storage with HTTP Upload
07:50:33 jonasw I wouldn’t go that far
07:50:53 daniel what’s the use case for the expiration then?
07:50:59 Dave Cridland has left
07:51:03 daniel *the expiration date
07:51:10 goffi if we want to keep the implementation simple, which is the main interest of this XEP I think, permanent storage doesn't seem an option.
07:51:46 goffi daniel: knowing when the file is deleted, how long we can still use the link.
07:52:07 goffi I'm not confortable in uploading a picture if I don't know how long it will stay
07:52:31 goffi I can encrypt, but I then have the feeling to waster resources.
07:52:42 daniel apperently you are comfortable with sending messages without knowing how long they will stay in archive
07:52:49 Dave Cridland has left
07:52:52 daniel that's what the TOS are for…
07:53:04 goffi I know how long they stay
07:53:20 goffi on my server at least
07:53:27 Kev How?
07:53:35 jonasw you also know how long files are stored on your server ;-)
07:54:16 Dave Cridland has left
07:54:31 goffi right, but I have no MAM at the moment, so my server is not keeping anything. But the same question is valid for MAM I've never said the opposite.
07:55:10 alexis has left
07:55:16 daniel yeah i’m not sure that every feature in xmpp that has the ability to store something needs to signal it's own retention period
07:55:30 goffi and about resource, it's not the same about a couple of message, and one or several MB files
07:55:42 daniel my vcard service never report how long it will store that either
07:55:42 Valerian has left
07:55:45 alexis has joined
07:55:45 jonasw goffi, not your department; the server is responsible for managing the resources it offers to you.
07:55:49 jonasw it must not rely on your goodwill
07:55:56 Dave Cridland has left
07:55:56 goffi daniel: in this case in ToS, but it may be mentioned in the XEP
07:56:19 Dave Cridland has left
07:56:37 goffi jonasw: I usually have different usage if I know I'm wasting resources
07:56:42 Dave Cridland has left
07:56:54 jonasw you shouldn’t
07:56:59 goffi why ?
07:57:07 Kev Sure you should. Wasteful is wasteful.
07:57:13 jonasw it’s the servers responsibility to take care of that.
07:57:22 Kev Whether it's you paying the bill or someone else doesn't change that.
07:57:29 jonasw I mean right, uploading a screenshot of each message instead of the message itself *is* wasteful and you shouldn’t do that
07:57:38 Dave Cridland has left
07:58:06 goffi jonasw: put on an analogy, if I can choose between plastic and something else, and I know plastic can't be recycled correctly and something else can, I'll take something else.
07:58:09 jonasw but I don’t think you should base your individual upload decisions on whether and which retention policy the server implements. you might base your decision which server to use on that, though (that makes sense to me for resource use and privacy reasons)
07:58:25 goffi and don't say "once it's in the trash, it's not my problem"
07:58:54 jonasw goffi, I’m not arguing against that, it makes sense. and choosing a server based on those factors may make a lot of sense.
07:59:08 Dave Cridland has left
07:59:49 goffi to get back to initial subject, it make sense to put this on ToS, but is there anyway to make it mandatory ? Or at least a SHOULD ?
08:00:12 jonasw having this information in the disco#info is good, I think
08:00:25 jonasw but we need to make the semantics clear
08:00:30 goffi yes disco#info make sense
08:00:44 Dave Cridland has left
08:01:17 jonasw a service could have a dynamic retention time based on resource use for example. something like "at least 7 days, at most 14 days, and everything in between depends on how full our disk is". how would that be reflected? should the sevrice say 7 days (this will confuse users who expect their data to be gone after the threshold) or 14 days (which will confuse users who expect the data to be available up to the threshold)?
08:01:25 Valerian has joined
08:01:25 jonasw do we need a min-retention and max-retention field?
08:01:25 Kev And how do you signal policy changes?
08:01:28 goffi that's what framadrop is doing
08:01:34 goffi large file => short rentention
08:01:36 Kev You uploaded when it was a policy to keep for 30 days, and now the server is changed to 15.
08:01:47 Dave Cridland has left
08:01:57 goffi in this case it need to be returned in the HTTP Upload <IQ> result
08:02:16 jonasw goffi, Expires header on the HTTP response would be my suggestion
08:02:46 alexis has joined
08:02:57 jonasw (which gives a min-retention)
08:03:08 goffi jonasw: I'm fine with that as long as it is explained in a XEP, either HTTP Upload itself, or a separated one mentioned in HTTP Upload.
08:03:17 jonasw yupp
08:03:23 goffi if it's not specified anywher, nobody will do it.
08:04:08 Steve Kille has left
08:05:38 Dave Cridland has left
08:07:31 lorddavidiii has left
08:09:28 Dave Cridland has left
08:12:10 Guus has left
08:12:49 Dave Cridland has left
08:17:29 Dave Cridland has left
08:20:17 daniel has left
08:21:35 blabla has left
08:21:53 blabla has joined
08:22:26 Dave Cridland has left
08:23:43 rishiraj22 has left
08:31:25 labdsf has left
08:31:55 alexis has left
08:32:05 marmistrz has left
08:32:23 alexis has joined
08:32:28 Dave Cridland has left
08:34:19 muppeth has joined
08:35:03 Dave Cridland has left
08:35:58 Dave Cridland has left
08:38:40 muppeth has joined
08:40:34 Kev has left
08:45:28 lorddavidiii has left
08:46:27 Valerian has left
08:47:05 vanitasvitae has left
08:49:53 mikaela has joined
09:00:08 Valerian has joined
09:04:09 Valerian has left
09:05:58 muppeth has joined
09:08:25 blabla has left
09:08:29 blabla has joined
09:12:43 lorddavidiii has left
09:14:31 Valerian has joined
09:15:55 muppeth has joined
09:26:28 muppeth has joined
09:27:44 Dave Cridland has left
09:28:29 moparisthebest has joined
09:29:10 lumi has joined
09:29:18 moparisthebest has joined
09:31:21 Dave Cridland has left
09:33:38 alexis has joined
09:36:52 alexis has left
09:37:23 alexis has joined
09:40:38 Kev has left
09:41:06 j.r has joined
09:41:29 j.r has joined
09:44:41 alexis has joined
09:45:30 daniel has left
09:49:02 muppeth has joined
09:49:06 rishiraj22 has joined
09:49:29 Dave Cridland has left
09:50:09 Dave Cridland has left
09:52:25 Andrew Nenakhov has left
09:55:03 ThibG has joined
09:56:49 Andrew Nenakhov has joined
09:57:19 jubalh has joined
09:58:02 rishiraj22 has left
09:59:21 Dave Cridland has left
09:59:33 rishiraj22 has joined
10:00:36 Guus has left
10:01:37 Valerian has left
10:02:50 Nekit has left
10:04:20 Nekit has left
10:04:58 Dave Cridland has left
10:08:09 rishiraj22 has left
10:11:54 Dave Cridland has left
10:12:14 edhelas has left
10:12:27 rishiraj22 has joined
10:14:58 edhelas has joined
10:15:13 j.r has joined
10:18:45 alexis has joined
10:19:50 lorddavidiii has left
10:24:45 Ge0rG has left
10:24:57 alexis has left
10:25:35 alexis has joined
10:25:52 Guus has left
10:25:58 daniel has left
10:26:09 Ge0rG has joined
10:26:13 lorddavidiii has left
10:27:49 j.r has joined
10:28:45 Ge0rG has left
10:30:47 moparisthebest has joined
10:31:47 moparisthebest has joined
10:35:22 jubalh has joined
10:37:58 Dave Cridland has left
10:39:25 Nekit has left
10:41:06 alexis has left
10:41:37 Dave Cridland has left
10:44:04 alexis has joined
10:45:18 Dave Cridland has left
10:45:37 Dave Cridland has left
10:45:44 Guus has left
10:48:47 Dave Cridland has left
10:49:46 alexis has left
10:49:49 Valerian has joined
10:49:49 Dave Cridland has left
10:51:06 Dave Cridland has left
10:51:28 pep. has left
10:52:11 alexis has joined
10:52:20 lumi has left
10:53:29 Dave Cridland has left
10:54:45 Dave Cridland has left
10:54:48 j.r has joined
10:54:58 rishiraj22 has left
10:55:15 flow has left
10:56:26 Dave Cridland has left
10:57:26 Dave Cridland has left
10:57:41 Dave Cridland has left
10:57:54 jubalh has joined
10:58:28 Dave Cridland has left
11:02:21 Dave Cridland has left
11:05:41 j.r has joined
11:07:01 Valerian has left
11:07:19 Valerian has joined
11:07:20 Valerian has left
11:07:23 Valerian has joined
11:08:06 Valerian has left
11:08:09 Valerian has joined
11:08:53 Valerian has left
11:10:18 Dave Cridland has left
11:10:32 moparisthebest has joined
11:11:06 Dave Cridland has left
11:11:21 moparisthebest has joined
11:11:32 Dave Cridland has left
11:12:21 jubalh has joined
11:13:19 karp has left
11:13:20 karp has joined
11:14:21 Dave Cridland has left
11:16:40 Dave Cridland has left
11:17:17 Dave Cridland has left
11:18:39 Dave Cridland has left
11:20:28 Dave Cridland has left
11:29:56 ralphm has left
11:32:15 Guus has left
11:32:56 Dave Cridland has left
11:33:24 Kev has left
11:34:50 marc has joined
11:34:56 ThibG has joined
11:34:59 Dave Cridland has left
11:36:58 ThibG has joined
11:37:41 jubalh has joined
11:39:24 j.r has joined
11:42:54 Dave Cridland has left
11:43:27 ThibG has joined
11:43:32 ThibG has joined
11:43:52 marmistrz has joined
11:45:32 efrit has joined
11:46:35 Dave Cridland has left
11:47:12 Guus has left
11:48:13 Dave Cridland has left
11:49:24 Dave Cridland has left
11:50:58 j.r has joined
11:51:01 Dave Cridland has left
11:53:41 Dave Cridland has left
11:54:19 Dave Cridland has left
11:56:05 Dave Cridland has left
11:57:04 jere has joined
11:58:10 jere has left
11:58:14 jere has joined
11:58:37 jubalh has joined
11:59:17 Dave Cridland has left
11:59:51 Dave Cridland has left
11:59:51 jubalh has joined
12:02:33 Dave Cridland has left
12:05:22 j.r has joined
12:07:15 SaltyBones has left
12:07:18 SaltyBones has joined
12:09:13 daniel has left
12:10:42 j.r has joined
12:13:34 Dave Cridland has left
12:16:02 j.r has joined
12:16:06 j.r has joined
12:16:35 moparisthebest has joined
12:17:10 moparisthebest has joined
12:17:22 muppeth has joined
12:18:12 Dave Cridland has left
12:18:39 muppeth has joined
12:19:35 Dave Cridland has left
12:20:16 ralphm has joined
12:24:01 efrit has left
12:26:31 daniel has left
12:30:19 jubalh has joined
12:30:33 Dave Cridland has left
12:33:22 tux has joined
12:34:08 Dave Cridland has left
12:34:23 daniel has left
12:36:09 blabla has left
12:36:16 Valerian has joined
12:37:10 blabla has joined
12:37:43 j.r has joined
12:38:00 alexis has left
12:38:27 j.r has joined
12:38:55 alexis has joined
12:41:18 marmistrz has joined
12:44:55 mikaela has joined
12:45:28 alexis has left
12:46:55 Dave Cridland has left
12:51:36 Dave Cridland has left
12:54:56 winfried has left
12:58:29 Dave Cridland has left
13:00:05 Dave Cridland has left
13:05:58 dos has joined
13:06:46 SaltyBones has left
13:06:58 SaltyBones has joined
13:07:31 jjrh has left
13:08:25 Dave Cridland has left
13:09:29 andy has left
13:09:47 andy has joined
13:10:08 SamWhited has left
13:10:08 SamWhited has joined
13:10:22 daniel has left
13:11:55 Dave Cridland has left
13:12:09 la|r|ma has joined
13:15:05 Dave Cridland has left
13:15:12 marmistrz has joined
13:16:02 Dave Cridland has left
13:17:27 marmistrz has left
13:23:19 Guus has left
13:23:50 Guus has left
13:24:47 j.r has left
13:30:36 jjrh has left
13:32:03 Maranda has joined
13:32:09 j.r has joined
13:33:39 ThibG has joined
13:33:42 ThibG has joined
13:33:52 Maranda since we're in disco#info topic, a good chunk of, if not all of, the examples in https://xmpp.org/extensions/xep-0045.html don't have the disco#info feature set (and apparently that's a MUST)
13:33:55 intosi has left
13:33:56 intosi has joined
13:34:20 jonasw Maranda, I think it is generally understood that examples showing disco#info query replies are always exceprts
13:34:52 Maranda is it?
13:34:56 lskdjf has joined
13:35:00 Maranda 🤔
13:35:11 Maranda 😁
13:35:12 jonasw all the XEPs do that
13:35:39 Maranda I see nothing that makes me assume that, but okay.
13:35:44 goffi re: HTTP Upload, would a del URL as suggested by Tess Sterr be a big deal? I don't think it complicates too much on server side, and after it's up to the client to keep it or not.
13:36:37 Dave Cridland has left
13:36:45 jonasw Maranda, it’s easy. disco#info has the disco#info feature as MUST. it is not included. ergo, the examples are excerpts :)
13:37:02 jonasw goffi, it’s not very useful IMO
13:37:09 goffi jonasw: why ?
13:37:11 MattJ goffi, I'm not strictly against it (especially if optional for the server), but just because there's a delete URL doesn't mean the file will stay until it's deleted
13:37:18 jonasw it would require the client to save the URL somewhere, and the multi-client story isn’t tight either
13:39:01 Maranda jonasw, if it was an excerpts I would expect some ... or around in 'em, https://xmpp.org/extensions/xep-0045.html#disco-rooms don't look like excerpts (to myself at least).
13:39:14 goffi it would solve the "oops I've uploaded nuclear codes" case, or at least reduce the problem.
13:39:19 jonasw Maranda, that’s disco#items, not disco#info :)
13:40:00 Maranda jonasw, disco#info examples are in there as well.
13:40:04 Maranda brb
13:40:38 jonasw Maranda, feel free to submit a patch which adds ... to all the disco#info examples
13:40:38 goffi MattJ: I'm not sure to understand your sentence: "just because there's a delete URL doesn't mean the file will stay until it's deleted"
13:41:03 goffi you mean if we want to upload it forever ?
13:41:11 MattJ goffi, I was referring to the second part of your message, "and after it's up to the client to keep it or not"
13:41:22 jonasw MattJ, that was referring to the delete URL I think
13:41:23 MattJ Since earlier we were discussing retention times
13:41:28 MattJ Oh, I see
13:41:32 MattJ Ok, ignore me then :)
13:41:35 goffi :)
13:41:59 goffi but I think delete URL and retention time are complementary, and both are trivial to implement.
13:42:24 MattJ I can certainly see value in DELETE, even if it only works from a single client it solves the "oops" problem
13:42:35 goffi (where retention time can be "forever as long as you don't kill your quota")
13:43:45 goffi daniel: ^
13:44:05 Dave Cridland has left
13:44:19 Maranda has left
13:44:26 MattJ Though considering the "oops" problem, if your contact is online, they are probably already downloading your file, or downloaded it
13:45:02 Zash Is that not an UX issue? That clients send stuff without any confirmation
13:45:42 MattJ Does it ask for confirmation every time you press enter after typing a message?
13:46:20 MattJ http://alistapart.com/article/neveruseawarning
13:46:21 SaltyBones has left
13:46:38 flow has left
13:48:03 lnj has joined
13:48:05 goffi MattJ: you may not have shared the link already (think about blogging for instance)
13:48:36 Dave Cridland has left
13:50:43 goffi it's not solving 100% the oops, as long at it's gone in the wild, it's not possible anyway. But it does mitigate it for sure.
13:52:28 jere has left
13:52:32 jere has joined
13:55:31 Ge0rG MattJ: embedding the chosen file as a preview in the input box with an explicit [send] action might improve the UX
13:56:11 pep. I'd prefer a DELETE as well, rather than a delete link that's not deterministic, so clients don't have to store anything
13:57:30 andy has left
14:00:36 lnj has left
14:00:41 MattJ pep., that can't work, because it needs auth
14:01:22 pep. Right, maybe if we had a solution within xmpp already to upload files.. ah wait
14:01:44 winfried has left
14:02:01 pep. MattJ, not an HTTP verb then
14:02:18 pep. Just send an iq or sth, with the generated url and a delete action? :/
14:02:29 ralphm has joined
14:03:41 Ge0rG pep.: and the iq response yields an URL that you can run HTTP DELETE on?
14:03:48 goffi pep.: but then you have to keep generated URL, it's the same as a delete URL.
14:04:03 Ge0rG How to get rid of the inadvertently uploaded file in 12 easy steps.
14:04:07 pep. Ge0rG, no, just tells you "yes it's deleted"
14:04:17 pep. goffi, that's in the message already
14:04:26 Dave Cridland has left
14:04:27 Dave Cridland has joined
14:04:43 Ge0rG pep.: but that doesn't work with external upload servers
14:05:05 pep. Ge0rG, the answer of that external upload server doesn't go back through the xmpp server?
14:05:14 pep. Ah wait no it's http..
14:05:18 pep. pff
14:05:36 goffi pep.: only if you are in a chat use case.
14:05:45 pep. goffi, what's the other use case?
14:06:04 Zash Avatar use for one
14:06:07 pep. :(
14:06:07 j.r has joined
14:06:16 pep. seriously.. don't we already have stuff for that
14:06:21 goffi yep, I was about to say blog, but you have the URL there too
14:06:39 pep. Well in any case you already have the url in the message
14:06:40 goffi and for avatar we can find it
14:06:45 pep. Or the blog post, or the vcard, or..
14:06:48 goffi so it's not a bad suggestion actually.
14:07:13 pep. external upload server is going to be annoying
14:07:33 pep. is there a way to predict that url, from the xmpp server, or is that handled by the upload server all the way down
14:07:51 Zash Turtles
14:08:40 MattJ pep., not without storing something
14:08:43 pep. Do we care really? The xmpp server can tell the upload thing, "YOU SHALL USE THIS ID"
14:09:10 Guus (I'm a big fan of servers shouting stuff to things)
14:09:17 pep. :)
14:09:27 Dave Cridland has left
14:09:31 pep. Well either the servers stores, or the client stores
14:09:37 pep. You decide
14:09:43 MattJ pep., to be clear, there is no communication between Prosody and an external upload server, other than the admin giving them a shared secret
14:09:59 pep. MattJ, yeah I got that bit
14:10:10 pep. :/
14:10:29 pep. So, server devs vs client devs fight?
14:10:53 MattJ Has been going on for nearly two decades :)
14:11:39 ralphm has left
14:11:43 pep. Good luck
14:11:55 Zash Is it not just a branch of the still ongoing mainfraimes vs fat workstations war?
14:12:04 jjrh has left
14:12:20 jjrh has left
14:12:33 edhelas now we have both, big cloud-mainframes and fat terminals to run big JS apps
14:13:04 jjrh has left
14:13:31 jjrh has left
14:14:03 lnj has joined
14:15:30 Ge0rG the current round is serverless clown infrastructure
14:15:41 Ge0rG But then again, Metal-as-a-Service is a thing too
14:19:06 jjrh has left
14:19:59 daniel has left
14:25:11 alexis has joined
14:25:54 Dave Cridland has left
14:27:09 alexis has left
14:27:41 Dave Cridland has left
14:27:46 alexis has joined
14:29:31 Dave Cridland has left
14:32:09 ThibG has joined
14:32:39 ThibG has joined
14:35:02 alexis has joined
14:36:01 karp has left
14:36:01 karp has joined
14:36:35 Valerian has left
14:37:35 SaltyBones has joined
14:38:24 marmistrz has joined
14:39:46 jjrh has left
14:40:34 dos has left
14:40:43 daniel has left
14:42:54 Valerian has joined
14:45:34 daniel has left
14:45:51 jjrh has left
14:46:52 mikaela has left
14:47:06 Yagiza has joined
14:47:15 ThibG has left
14:49:40 daniel has left
14:50:22 lnj has left
14:52:31 daniel has left
14:53:02 Zash Maybe editor/iteam-related... but what if the XEP revision history was also made into an RSS feed?
14:54:07 edhelas Zash we could even use a feed system built in XMPP, with publications or subscriptions 🤔 wait
14:54:34 Zash Yes, put them into pubsub.xmpp.org!!
14:54:44 MattJ I think I suggested this ~10 years ago
14:54:49 Ge0rG We could just http upload an atom xml
14:55:03 daniel has left
14:55:24 Zash (When I say RSS, I mean Atom)
14:56:28 edhelas Zash https://github.com/edhelas/atomtopubsub :)
14:56:45 Zash yes yes and https://modules.prosody.im/mod_pubsub_feeds.html
14:56:52 edhelas :)
14:56:55 vanitasvitae has left
14:57:34 lnj has joined
14:57:43 lskdjf has joined
14:57:59 flow has left
14:57:59 flow has left
14:58:03 flow has joined
14:59:11 Zash and https://modules.prosody.im/mod_pubsub_post.html
15:00:26 Valerian has left
15:00:27 Valerian has joined
15:00:29 Ge0rG has left
15:03:56 dos has joined
15:11:24 daniel has left
15:11:42 daniel has left
15:13:31 daniel has left
15:22:16 rishiraj22 has joined
15:22:22 edhelas https://news.ycombinator.com/item?id=17408041
15:23:36 muppeth has joined
15:24:11 muppeth has joined
15:24:15 daniel that reminds me that i still have feedback for activity pub
15:25:09 Dave Cridland has left
15:25:37 Dave Cridland has left
15:29:00 Kev has left
15:32:47 jjrh has left
15:36:17 ralphm has joined
15:36:57 Ge0rG daniel: could you add a subsection about properly securing a http upload service in a way that won't allow uploading of html/js to compromise other web applications on the same infrastructure? e.g. an account login portal, or a webchat client
15:39:02 MattJ Hmm, was there a standard for adding custom non-standard items in e.g. a MUC configuration form?
15:39:34 MattJ I vaguely recall something, but I can't remember if it was just a discussion or actually a standard
15:40:37 MattJ Aha, found in XEP-0068
15:40:49 Zash -xep 68
15:40:49 Bunneh Zash: Field Standardization for Data Forms (Informational, Active, 2012-05-28) See: https://xmpp.org/extensions/xep-0068.html
15:41:06 MattJ https://xmpp.org/extensions/xep-0068.html#approach-fieldnames
15:41:27 Dave Cridland has joined
15:41:58 jjrh has left
15:42:58 SaltyBones has left
15:44:42 marmistrz has joined
15:46:05 moparisthebest has left
15:46:28 moparisthebest has joined
15:47:45 pep. has joined
15:48:07 SaltyBones has joined
15:49:06 Seve/SouL has left
15:51:53 pep. has joined
15:54:34 rishiraj22 has left
15:54:35 Seve/SouL has joined
15:55:05 Seve/SouL has joined
15:55:05 ralphm has left
15:56:10 rishiraj22 has joined
15:56:55 Guus has left
15:59:02 dos has left
15:59:03 Ge0rG has left
16:01:34 nyco has joined
16:03:11 dos has joined
16:07:05 alacer has joined
16:08:11 karp has left
16:08:11 karp has joined
16:10:16 waqas has joined
16:13:14 Valerian has left
16:13:14 Valerian has joined
16:15:10 alacer has left
16:16:01 labdsf has left
16:16:04 alacer has joined
16:16:24 Andrew Nenakhov has left
16:19:01 Lance has joined
16:19:19 Andrew Nenakhov has joined
16:19:45 Lance has left
16:23:01 Valerian has left
16:24:32 SamWhited has left
16:26:26 daniel has left
16:26:29 daniel has joined
16:28:28 alacer has left
16:28:30 alacer has joined
16:29:20 Guus has left
16:29:59 Dave Cridland has left
16:30:58 ralphm has joined
16:31:43 Ge0rG has left
16:48:51 lumi has joined
16:50:38 Guus has left
16:52:05 Guus has left
16:53:01 Guus has left
16:53:33 Guus has left
16:54:52 Guus has left
16:58:46 rishiraj22 has left
16:58:47 Guus has left
17:03:41 jjrh has left
17:05:38 SaltyBones has left
17:05:41 jjrh has left
17:06:41 Guus has left
17:07:26 rishiraj22 has joined
17:07:26 Guus has left
17:08:28 Guus has left
17:12:19 lskdjf has left
17:12:43 Guus has left
17:14:47 Nekit has left
17:14:59 Nekit has joined
17:16:06 ThibG has joined
17:16:48 Andrew Nenakhov has left
17:17:05 jjrh has left
17:17:48 Steve Kille has left
17:18:47 tux has joined
17:18:48 Steve Kille has left
17:19:09 Steve Kille has joined
17:20:00 Andrew Nenakhov has joined
17:20:17 Guus has left
17:22:35 alacer has left
17:24:39 Andrew Nenakhov has left
17:24:43 Andrew Nenakhov has joined
17:29:17 j.r has left
17:29:20 j.r has joined
17:34:21 ThibG has left
17:40:43 lskdjf has joined
17:42:44 daniel has left
17:42:47 daniel has joined
17:43:24 daniel has left
17:43:26 daniel has joined
17:47:46 daniel has left
17:47:49 daniel has joined
17:50:34 Andrew Nenakhov has left
17:50:39 Andrew Nenakhov has joined
17:52:01 Zash has left
17:55:28 alexis has left
17:58:42 dos has left
18:00:17 karp has left
18:00:17 karp has joined
18:00:19 SaltyBones has joined
18:03:04 karp has left
18:03:04 karp has joined
18:03:30 marmistrz has joined
18:10:45 dos has joined
18:11:01 ta has joined
18:11:13 SaltyBones has left
18:11:27 SaltyBones has joined
18:15:29 Guus has left
18:18:25 daniel has left
18:18:29 daniel has joined
18:19:33 alacer has joined
18:19:36 rion has left
18:24:17 SamWhited has left
18:27:42 blabla has joined
18:28:37 SaltyBones has left
18:28:50 SaltyBones has joined
18:31:23 dos has left
18:34:12 Andrew Nenakhov has left
18:35:50 Valerian has joined
18:36:01 Andrew Nenakhov has joined
18:38:08 lskdjf has joined
18:39:20 la|r|ma has left
18:39:54 daniel has left
18:39:57 daniel has joined
18:40:14 flow Kev, Steve Kille: you are currently pursuing user#channel@domain(/resource) as MIX JID, is that still correct?
18:41:12 rion has joined
18:42:29 Dave Cridland has left
18:45:40 anjan has left
18:45:44 rishiraj22 has left
18:48:32 Andrew Nenakhov has left
18:48:43 Andrew Nenakhov has joined
18:48:58 daniel has left
18:49:01 daniel has joined
18:51:03 Andrew Nenakhov has left
18:51:06 Andrew Nenakhov has joined
18:55:46 Kev has left
18:59:44 marc has left
19:01:35 SaltyBones has left
19:01:39 Andrew Nenakhov has left
19:01:42 Andrew Nenakhov has joined
19:02:28 Steve Kille flow: yes. The spec of this is now in XEP-403, as this encoding is not needed for the basic message distribution specified in MIX core. This encoding is used for sharing presence status of MIX participants and to address Mix participants through the channel. The discussion concluded that it was desirable that each participant bare JID was unique to the participant.
19:03:41 xnyhps has joined
19:05:25 xnyhps has joined
19:07:15 goffi has left
19:08:24 SaltyBones has joined
19:09:32 goffi has left
19:11:31 goffi has left
19:13:26 marmistrz has joined
19:17:41 daniel has left
19:17:43 daniel has joined
19:19:24 alacer has left
19:20:45 valo has joined
19:22:51 dos has joined
19:24:04 mikaela has joined
19:24:20 anjan has left
19:25:47 mikaela has joined
19:26:49 jubalh has joined
19:30:57 Guus has left
19:31:43 valo has joined
19:32:44 mikaela has joined
19:32:48 anjan has joined
19:36:21 lskdjf has joined
19:36:47 mikaela has joined
19:38:13 lskdjf has joined
19:39:48 Guus has left
19:40:37 blabla has joined
19:43:46 jjrh has left
19:46:59 edhelas has left
19:49:30 jere has joined
19:49:53 jjrh has left
19:52:29 Valerian has left
19:59:45 jere has joined
20:10:40 valo has joined
20:10:49 lorddavidiii has left
20:11:16 lskdjf has joined
20:12:48 j.r has joined
20:13:22 jubalh has left
20:13:31 j.r has joined
20:16:23 valo has joined
20:21:13 Yagiza has left
20:23:37 xnyhps has left
20:23:38 xnyhps has joined
20:24:23 Guus has left
20:24:23 goffi has left
20:24:32 alexis has joined
20:25:11 Guus has joined
20:25:33 rishiraj22 has joined
20:32:06 valo has joined
20:32:48 alexis has left
20:33:20 alexis has joined
20:34:32 j.r has joined
20:35:18 valo has joined
20:35:20 Lance has joined
20:36:39 daniel has left
20:36:39 jubalh has joined
20:36:43 daniel has joined
20:42:10 j.r has joined
20:42:13 j.r has joined
20:43:50 waqas has left
20:43:53 waqas has joined
20:45:09 j.r has joined
20:45:12 j.r has joined
20:47:48 j.r has left
20:47:54 j.r has joined
20:52:33 alacer has joined
20:58:27 lnj has left
20:58:40 Chobbes has joined
20:59:39 Valerian has joined
21:02:46 rion has left
21:02:47 rion has joined
21:05:40 dos has left
21:09:10 Valerian has left
21:12:25 rishiraj22 has left
21:16:37 muppeth has left
21:16:41 muppeth has joined
21:19:27 rion has left
21:19:27 rion has joined
21:19:29 Valerian has joined
21:20:33 Valerian has left
21:22:35 moparisthebest has joined
21:22:42 waqas has left
21:25:12 rishiraj22 has joined
21:30:55 ta has joined
21:35:39 alacer has left
21:38:47 la|r|ma has left
21:43:30 Syndace has joined
21:44:12 moparisthebest has joined
21:46:24 moparisthebest has joined
21:48:48 lskdjf has left
21:52:32 rion has left
21:52:46 Syndace has joined
21:53:15 la|r|ma has left
21:57:48 lskdjf has left
21:58:30 la|r|ma has left
22:05:07 vanitasvitae has left
22:06:01 lorddavidiii has left
22:10:03 SamWhited has left
22:11:20 goffi has left
22:11:41 moparisthebest has joined
22:14:40 moparisthebest has joined
22:14:58 lskdjf has left
22:15:14 lskdjf has left
22:18:59 rishiraj22 has left
22:23:14 Zash has left
22:24:28 marmistrz has joined
22:24:31 marmistrz has joined
22:25:58 Nekit has joined
22:30:29 dos has joined
22:36:52 rishiraj22 has joined
22:38:01 alexis has joined
22:40:26 j.r has joined
22:41:44 lskdjf has joined
22:45:18 j.r has joined
22:48:36 j.r has joined
22:48:41 j.r has joined
23:05:17 marc has joined
23:08:56 Guus has left
23:09:16 Guus has joined
23:14:57 Guus has left
23:15:21 Guus has joined
23:21:37 rishiraj22 has left
23:23:19 waqas has joined
23:24:53 rishiraj22 has joined
23:28:10 marmistrz has joined
23:31:03 MattJ has joined
23:31:33 mikaela has left
23:32:08 lumi has joined
23:37:16 labdsf has left
23:38:20 nyco has left
23:38:51 nyco has joined
23:40:26 Lance has left
23:54:52 marmistrz has left
23:54:55 marmistrz has joined