-
dwd
So odd question, but does anyone know what the state of xmpphp is?
-
jonas’
"awful"
-
jonas’
no wait
-
jonas’
I got confused
-
jonas’
I have no idea.
-
dwd
Well, yes, it's PHP.
-
dwd
What I'm looking for is a way of writing a component in PHP - I'm bound to a library written in PHP, in case you wonder. Has anyone tried this recently?
-
jonas’
dwd, maybe the movim folks?
-
Zash
I hear long-lived PHP processes are great!
-
dwd
No, edhelas seems to have a (quite reasonable) library, but it's C2S over websockets I think.
-
Zash
/s
-
dwd
Zash, It's not like I have much of a choice, unless I reverse engineer the PHP library, which is not much fun either.
-
Link Mauve
dwd, no, it’s normal c2s.
-
Link Mauve
The websocket part of Movim is for a custom protocol between its client-side (web) part and the PHP thing.
-
dwd
Oh, it talked of removing BOSH for WebSocket.
-
Link Mauve
It actually removed both.
-
dwd
Gasp.
-
Link Mauve
Just normal TLS nowadays.✎ -
Link Mauve
Just normal TCP nowadays. ✏
-
dwd
OK, so I could take one of the three (!) XMPP libraries I've found in PHP and hack component support into it, I suppose.
-
Zash
Heh, didn't we discuss s2s over BOSH once?
-
Ge0rG
dwd: have a node.js web service in the backend spoken to by the PHP library :P
-
dwd
Zash, It has TCP/TLS support. Doesn't seem to need BOSH about.
-
moparisthebest
dwd, iirc the whole nextcloud chat thing has a full fledged xmpp server written in PHP, just without federation so far
-
moparisthebest
at least I know it was that way in the nearish past
-
dwd
That's a bizarre choice to make. Why on earth didn't they repackage an existing one?
-
pep.
dwd: edhelas actually merged his c2s lib into movim not so long ago. Maybe it's worth getting out again.
-
Zash
"This is your brain on PHP"
-
pep.
He was also looking into writing components for other things iirc, not sure what he's going to use
-
dwd
pep., You can get at it via the Composer, which is sort of PHP's package manager thing.
-
pep.
Maybe it's an older version then?
-
dwd
Not sure.
-
Maranda
Moxl does xmpp on xmpp
-
Maranda
Websocket in Movim is just for the frontend app to connect to the backend
-
moparisthebest
dwd, pretty sure because it has to run on webhosts that only offer PHP
-
pep.
What does that mean
-
j.r
Why are there still people using PHP? And this scary webspaces that only have a PHP Interpreter?
-
Zash
Gah, this anti-XML, pro-JSON discrimination everywhere!
-
moparisthebest
pep., j.r , you know in the not-too-distant past when a dedicated server or VPS was expensive but you could get FTP access to upload PHP files to run on some remote multi-user machine?
-
moparisthebest
guess they still want to support that kind of thing, I'm assuming that's the only reason anyone ever writes PHP
-
moparisthebest
https://www.moparisthebest.com/images/php_the_good_parts.png
-
Zash
continued popularity because popularity
-
pep.
I guess that's how it all started, I'm not sure what statred first though, the PHP hosting or the PHP devs :p
-
Zash
Doesn't >50% of the web still run wordpress?
-
j.r
moparisthebest: yes I also used them, but today PHP is not the best anymore
-
moparisthebest
neither is windows or mac or skype or signal or, well I could literally go on forever
-
pep.
j.r, has it ever been
-
Zash
It's easy to get started after learning HTML basics
-
moparisthebest
still it exists :'(
-
j.r
> j.r, has it ever been No not really in my opinon
-
j.r
> It's easy to get started after learning HTML basics Also work with NodeJS or also Java Enterprise or whatever
-
SamWhited
In case anyone is interested, on HN someone was complaining about this page being out of date, so I started updating it (added OMEMO, removed a bunch of old mechanisms that no one cares about, added clear recommendations):
-
SamWhited
https://conversations.im/omemo/audit.pdf
-
SamWhited
err, oops: https://wiki.xmpp.org/web/XMPP_E2E_Security
-
Zash
words of praise
-
SamWhited
Please feel free to jump in; the table also needs updating but I am struggling with this wiki format
-
SamWhited
And there is probably more important stuff I don't know about
-
Zash
pandoc, the best thing ever, can generate mediawiki format ;)
-
pep.
SamWhited, for OTR I would add the transport use-case in recommentations
-
pep.
As in, you don't need protocol knowledge to use it, shove that into <body/> (:() and you're done
-
SamWhited
Does anyone care about transports enough to make that useful information? (serious question, I have no idea; I know the Matrix people like to advertise them, but I'm not sure how widely they're developed or used)
-
pep.
I am not an e2ee user, but I know a few users still using OTR because of that
-
SamWhited
"a few users" probably doesn't mean we should keep recommending OTR though, personally I want it to die in a fire though, so maybe I'm just projecting that onto what I think the recommendations should be
-
pep.
We all have our own bubble right :)
-
SamWhited
Actually, SCIMP probably doesn't need to be on there either. Is there a single implementation that's not whatever their client is?
-
pep.
I never heard of SCIMP before
-
SamWhited
yah, me neither until I saw this page
-
pep.
Also what about MLS? Do we want to "pre-list" it in there?
-
Zash
Is that the RFC thing?
-
pep.
yeah
-
Zash
SCIMP
-
dwd
Internet Draft right now.
-
SamWhited
I wouldn't link an untried RFC with no implementations personally, seems like it's just muddying the waters.
-
pep.
Also OX
-
pep.
That should probably be listed alongside OMEMO
-
SamWhited
I guess we could put it on their as "future work, recommendation: watch" or something
-
pep.
Though I don't have actual knowledge on that either
-
dwd
SamWhited, I think MLS will take over everything, eventually. I was working on a XEP for it, but it's a little too much in flux right now.
-
SamWhited
I'll believe it when I see it
-
SamWhited
I'm worried about having yet another complicated protocol and generally don't trust the IETF with this sort of thing, but also it seems like something that should be done there and not by us so we'll see I guess
-
SamWhited
But I still haven't done anything but glance through it, so grain of salt I guess
-
dwd
You don't trust the IETF? In what way?
-
dwd
I mean, if you mean, "They're really slow and might never get it done" I can somewhat sympathise, but the crypto and protocol I'm willing to trust.
-
SamWhited
I just generally think they overengineer everything and pick use cases that are way too general
-
Zash
https://tools.ietf.org/html/rfc6121#section-13.2 hmmmm
-
dwd
Well, in this case, the use-case is handling groups of participants with e2ee. Seems OK to me.
-
SamWhited
But I'd also rather see them developing something than every random company going it solo
-
dwd
A lot of CPIM and so on was actually our fault. Or SIP's, depending on how you look at it. Either way, the industry was split and couldn't really pick a standard. The result has been no standard.
-
SamWhited
Right, now we have OMEMO which is starting to gain adoption and are developing another standard. Things haven't changed much.
-
Zash
Except OMEMO is in a weird state too
-
SamWhited
It's true.
-
moparisthebest
at the moment, whether anyone wants to accept it or not, it's whatever Conversations decides to implement will win
-
Zash
Conversations is the new Internet Explorer \o/
-
pep.
Zash, that's harsh, but I see where you want to go
-
Zash
or Chrome
-
SamWhited
or Netscape
-
Zash
I suppose Pidgin might be the IE
-
SamWhited
But I don't think that's entirely true; Conversations may drive a lot of development, but as long as they do it in the open with community involvement it's probably okay
-
j.r
> I suppose Pidgin might be the IE +1
-
dwd
Right. The current spec doesn't even reference the Signal spec needed to implement.
-
SamWhited
I agree OMEMO has problems, but they seem fixable. Seems like we're throwing the baby out with the bathwater if we start over.
-
SamWhited
Then again, maybe it's better enough to justify that, I just don't know.
-
dwd
Well, OMEMO really doesn't scale well for chatrooms, whereas MLS does.
-
dwd
So depends if you want >10K scaling in pubsub and chatrooms, I suppose.
-
SamWhited
Yah, maybe that's enough of a reason; I'm just scared of throwing out all the progress we've made again
-
SamWhited
But that is a pretty good one if it can really scale that well
-
dwd
I must make sure my sketch-design for offline/non-escrow encrypted archives still works after the last major changes, though. I think it does.
-
pep.
I guess that's only a corporate use-case, >10K people in a single chatroom, because I've never seen/heard of that in the wild
-
pep.
Or maybe we're planning for when XMPP becomes great again
-
dwd
pep., Sure, but OMEMO won't really scale well enough for, say, xsf@ or jdev@.
-
SamWhited
Back to the wiki: is OX XEP-0374? It doesn't appear to have been worked on in a while, is it worth including? Are there many implementations?
-
dwd
SamWhited, Smack does it I think. Not sure how many clients use it.
-
dwd
SamWhited, Most use the OMEMO/Signal plugin for that, even when they're not GPL clients, which is hella-awks.
-
pep.
SamWhited, that's the one
-
SamWhited
Thanks; doesn't seem worth including if nothing uses it
-
pep.
The good thing compared to OMEMO is that container
-
SamWhited
(nothing end user visible, I mean; it's neat that Smack does it)
-
dwd
SamWhited, I'd actually appreciate all the historic and aborted attempts being documented.
-
pep.
That includes more than just <body/>
-
dwd
pep., Right, but eSessions had that a decade ago.
-
pep.
dwd, sure
-
pep.
I was also wondering why OMEMO didn't use it
-
dwd
pep., And, I think, did it in such a way it was reusable.
-
Zash
(nice features, widely used) pick one
-
dwd
Zash, I'm not convinced OX is all about nice features, mind.
-
pep.
dwd, I'm not arguing for OX per se
-
pep.
(I'm not arguing at all)
-
dwd
Is this the right room for an argument?
-
pep.
No idea, but we don't have to figure this out if it isn't one :)
-
Zash
https://proxy.duckduckgo.com/iu/?u=http%3A%2F%2Fjpegy.com%2Fimages%2Fuploads%2F2015%2F07%2FNot-take-only-throw.jpg&f=1
-
Zash
no argument, only spec .. or something
-
dwd
Right, but actually, it's "No argument, only implementation in a popular client".
-
Zash
No agreement, only implement!
-
SamWhited
Partially filled in OMEMO in the table; didn't do the crypto properties because I couldn't remember off the top of my head
-
SamWhited
If someone else has the confidence to finish it I'd appreciate it
-
SamWhited
I guess I can remove the column "Online chats" from that able too… unless that means something that I don't understand? Isn't that just the same as 1:1 and groupchat columns? Obviously the e2e mechanisms all work with "chats"…
-
SamWhited
*that table
-
SamWhited
Or the "encryption" column too for that matter; I know it's a property that not all cryptosystems provide, but given that this is a page about e2e encryption…
-
Zash
Someone who thinks xep393 is markdown. Do we burn it with fire now?
-
SamWhited
I think everyone just calls everything that looks like Slack/Watsapp formatting "markdown" even if it's not
-
SamWhited
It's very confusing
-
Zash
I fear this confusion will eventually lead someone to use a generic markdown library (with html passthrough enabled by default) and then the sky falls.
-
SamWhited
If they did that it wouldn't be compatible at all and their formatting wouldn't be the same, so I suspect they'd nontice
-
SamWhited
I suppose it's possible they wouldn't notice, at least some of the styles are the same, but I suspect someone would want bold or italic or whichever isn't the same and notice
-
Syndace
Oh boy, positive and optimistic words towards OMEMOs future, hell yeah! In a few weeks I'll finally get my lib to a stable state, then I'll start pushing towards this "better future".