Tobias: I was looking at XEP-0385 (Stateless Inline Media Sharing). Have you considered sending multiple media files at once? Would it be supported by adding additional <file/> elements?
alacerhas left
alacerhas joined
Str4tocasterhas left
Str4tocasterhas joined
alexishas left
dedekinhas left
dedekinhas joined
danielhas left
danielhas joined
dwdhas left
dwdhas joined
dwd
WOuldn't that be multiple <media-sharing/> elements? Or maybe even references depending.
Tobias
Multiple messages, multiple media-sharing or multiple file
Tobias
That probably needs to be specified
mrdoctorwhohas left
lskdjfhas joined
Str4tocasterhas left
Str4tocasterhas joined
Tobias
But inside a single message would probably be best. Multiple messages already works
mrdoctorwhohas joined
Str4tocasterhas left
Str4tocasterhas joined
Str4tocasterhas left
Guushas left
Guushas joined
guusdkhas left
lhas joined
Guushas left
guusdkhas joined
Guushas joined
lskdjfhas joined
Str4tocasterhas joined
lskdjfhas joined
lskdjfhas joined
lskdjfhas joined
Str4tocasterhas left
Str4tocasterhas joined
lskdjfhas joined
lskdjfhas left
lskdjfhas left
lskdjfhas joined
vaulorhas left
ralphm
Sure, I'd prefer a single message in my use case
Ge0rG
I'd prefer a single message to carry multiple 0184 delivery receipts, but that's not what the XEP allows...
ralphm
I'm a bit surprised also by the use of XEP-0372 References here. In my thinking, References was meant to annotate a previous message. This seems to leave off the uri attribute to refer to the current one. I think that use case has not been properly defined.
ralphm
In fact, in my use case, there wouldn't necessarily be a part of the text to be reference.
ralphm
d
ralphm
More like the 'add attachment' button in many messengers.
matlaghas left
ralphm
Ge0rG: maybe XEP-0333 is more appropriate for you?
lumihas left
Ge0rG
ralphm: I want per message receipts, but with a more efficient delivery
ralphm
I'm not sure if I can see the use case, but yeah, then that doesn't help
ralphm
Anyway, I was really looking at Tobias' spec only right now.
nycohas left
vaulorhas joined
Ge0rG
The use case is after mam sync / fetching offline messages. You need to ack a bunch of incoming messages, and the respective payloads are just ids, wrapped into a bunch of boilerplate
alexishas joined
mightyBroccolihas left
alexishas left
alexishas joined
alexishas left
Str4tocasterhas left
Str4tocasterhas joined
Str4tocasterhas left
Str4tocasterhas joined
alacerhas left
alacerhas joined
Str4tocasterhas left
Str4tocasterhas joined
alexishas joined
Zashhas left
lskdjfhas joined
Str4tocasterhas left
Alexhas left
Str4tocasterhas joined
mightyBroccolihas joined
ThibGhas joined
Guushas left
Guushas joined
Guushas left
alacerhas left
intosihas joined
matlaghas left
alexishas left
alexishas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
lskdjfhas joined
Andrew Nenakhovhas joined
thorstenhas left
ThibGhas left
ThibGhas joined
alexishas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
nycohas left
Andrew Nenakhovhas joined
thorstenhas joined
moparisthebesthas left
danielhas left
danielhas joined
alexishas joined
Str4tocasterhas left
Alexhas joined
vanitasvitaehas left
Holgerhas left
ThibGhas left
ThibGhas joined
alexishas left
nycohas left
dwd
ralphm, No, references were always meant to be capable of referring to the current message. For hyperlinky stuff.
Alexhas left
lhas left
daniel
> The use case is after mam sync / fetching offline messages. You need to ack a bunch of incoming messages, and the respective payloads are just ids, wrapped into a bunch of boilerplate
Ge0rG: I think we either talked about this before or I independently had the thought of just bundling multiple receipts in a single message
ralphm
Ge0rG: but XEP-0333 just marks the last one, so that covers the use case
jonas’
ralphm, no it doesn’t, because you can’t be sure that all messages between two markers actually✎
jonas’
ralphm, no it doesn’t, because you can’t be sure that all messages between two markers actually arrived ✏
daniel
However in reality at least the bandwidth overhead of multiple messages vs one would be negligible if we had proper compression
daniel
We should really revisit the compression xep
daniel
And make it secure ™
lorddavidiiihas left
ralphm
dwd: ah, I guess the references XEP needs to point this out then. Nevertheless, it doesn't seem useful for when you don't have a particular part of the message to reference, when sending media.
Zash
Someone Should™
ralphm
jonas’: arrived at the user or at his server?
Zash
What happens if the receiving users archive acks messages when they are saved into the archive?
waqashas joined
alexishas joined
blablahas left
alexishas joined
alexishas left
Guushas joined
jonas’
ralphm, both
alexishas joined
alexishas left
ralphm
Zash: right
dedekin
> would be negligible if we had proper compression
You could start with
https://github.com/mgp25/Chat-API/wiki/FunXMPP-Protocol
:-)
Seve
And call it WhatshAPPening
jonas’
looks like they invented a stripped-down version of EXI
!xsf_martinhas left
mrdoctorwhohas joined
mrdoctorwhohas joined
lskdjfhas joined
alexishas joined
lskdjfhas joined
Zash
jonas’: almost
jonas’
I expect EXI to be more useful than generic compression in the general XMPP case actually
pep.
Without the negotiation bits? ("these are the namespaces I'll be using")
Zash
EXI is more involved tho
pep.
(Re almost exi)
jonas’
Zash, that’s true
ThibGhas joined
daniel
> I expect EXI to be more useful than generic compression in the general XMPP case actually
But arguably a lot harder to implement
jonas’
probably
Zash
"FunXMPP" is closer to a fixed compression dictionary IIRC
daniel
Especially since the xep is apparently garbage
jonas’
if there are no ready-to-use libs
jonas’
Zash, yes, which is also what EXI does
fippo
hah. This one is much better than exi for chat! http://cvs.schmorp.de/Net-Knuddels/Net/Knuddels/Dictionary.pm?revision=1.5&view=markup
Zash
jonas’: EXI generates those from schemas tho
jonas’
Zash, true
fippo
why compress protocol when you can compress the chat message content
rionhas left
Zash
fippo: wut
jonas’
I sense sarcasm
daniel
But fwiw I'd love to play with exi if I can get a server dev on board
Zash
jonas’: sure hope so, since that's the opposite of what we want here
alexishas left
fippo
zash: this module is not a joke even. i think the knuddels stuff came up in the late 90s, mostly in germany. they were alive until a recent databreach
jonas’
is there a lua-exi?
Zash
jonas’: nope
jonas’
pity
Zash
And EXI seems complex enough that I'd rather use a library than NIH it
jonas’
yes please
jonas’
is there even any floss implementation of EXI?
pep.
Deprecate it! It's too complex you'll never get it right! /s
jonas’
that libexi is "status: planning" on sourceforge, whatever that means
Zash
Thanks Firefox, I really did mean to go to http://EXIstentialcomics.com/
daniel
jonas’: a Java one
daniel
But that's literally the only one I believe
Zash
http://exip.sourceforge.net/ ?
Kev
daniel: I'm interested in EXI, actually, but no clue where we'd start to get something sensible (and no cycles to do anything immediately).
APachhas left
daniel
Compression - be it exi or an improved compression xep - would make for a good summit topic
SamWhited
That's a good idea
Guus
wasn't Arc Riley working on EXI stuff?
lskdjfhas joined
daniel
Guus: yes. He was the one who told us that the xep is garbage
daniel
(probably not his exact words)
Guus
Where's he off to anyways? Haven't seen him in ages.
jonas’
vanished after last year’s board elections essentially
jonas’
hope they’re alright…
APachhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Zash
You could define a zlib-safe that requires flushing between every stanza (or when to/from changes in some way)
intosihas left
APachhas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
dwd
Zash, Am I right in thinking Prosody has built-in support for JWT authentication for BOSH/WebSocket connections?
Zash
dwd: What makes you think that?
Zash
What does that even mean?
dwd
Zash, I was under the impression that Jitsi used something like that.
dwd
Zash, Of course, I could so easily be wrong.
daniel
Sounds like an reasonable approach to 'fixing' that xep
Guus
dwd: Jitsi might have added custom code (it did so for a number of things, iirc)
Isn't the issue with compression and encryption that a MiM can inject bits of information in messages going to an entity that are sure to be returned, to learn about the dictionary?
Zash
ralphm: Yes, like iq id attributes.
dwd
ralphm, Sorta. Compression oracles work by inserting known plaintext into a compression stream. So in our case, the compression stream is the entire session, so an attacker just sends messages to see if they can guess what's been sent before.
Zash
ralphm: If you flush between stanzas, that goes away
APachhas joined
dwd
ralphm, But an attacker has to be able to see the compressed/encrypted stream, to count octets. I've generally considered this quite a hard attack.
ralphm
like on a mobile device?
Zash
You usually need a *lot* of requests to get actual secrets out
ralphm
ok, I had no idea how practicle an attack like this is
ralphm, By which I mean, if an attacker has got to the point that they've got full access to your network traffic *and* is willing to expose themselves by sending traffic over tyour XMPP session as well, they're getting pretty desperate.
jonas’
ninja’d
ralphm
I know that document, but sure
jonas’
dwd, sending traffic to ones XMPP session is not that hard using a botnet. I get a lot of unsolicited traffic all day.
jonas’
that’s not *that* suspicious anymore
dwd
jonas’, Sure, but the attacker *also* has to have visibility over your TCP sessions.
jonas’
that’s true
Zash
But are the amounts of traffict required to do an actual attack small enough to evade admins being annoyed by the bandwidth usage?
jonas’
I wouldn’t count on admins thwarting an attack
dwd
Zash, Maybe. Depends what they're trying to discover. It'd be relatively simple to find out, for example, if you were in this MUC by sending you traffic including the room's jid. But then, it's far easier to just just the MUC and look...✎
dwd
Zash, Maybe. Depends what they're trying to discover. It'd be relatively simple to find out, for example, if you were in this MUC by sending you traffic including the room's jid. But then, it's far easier to just join the MUC and look... ✏
Zash
Another way to fix this is to have a fixed dictionary
dwd
Zash, That's not how zlib works.
Zash
dwd: There are other compression libraries
Zash
dwd: And you can sorta fake it by feeding it a dictionary before every ... chunk .. somehow.
dwd
Zash, Sure. But then you're only able to compress, say, the XML. So you'd be into EXI territory.
alexishas joined
Zash
dwd: Picking say zstandard and training a dictionary on some XMPP data ought to be a lot easier to do than implementing all of EXI
dwd
Zash, Better solution of course is to use a constant-bandwidth transmission medium. :-)
SamWhited
Not necessarily, the spec could say that the dictionary must contain "@yourserver.com" or similar (assuming we want to target large rosters and assume that most people will be using the same server as their friends)
Kev
dwd: So padding all stanzas to the 1GB mark?
SamWhited
But I doubt a fixed dictionary is actually practical; interesting to think about though.
Zash
Kev: 10MB and you have a deal
dwd
Kev, No, just transmitting at a constant rate, and including padding.
dwd
Kev, It works quite well on radios. :-)
Zash
Whitespace flood instead of ping?
jonas’
like ssh does for keystrokes? :)
Zash
jonas’: REAL TIME TEXT?
jonas’
!!
jjrhhas left
jjrhhas joined
Zash
SamWhited: Could do something where the client downloads and caches a dictionary on connect. Then it can be tuned to the server and stuff. More complexity tho and closer to EXI
Zash
(Can you tell that I just found `zstd --train ...` ?)
SamWhited
ooh, yah, that's interesting. It would be fun to think more about what sort of policies the server could create that way
Andrew Nenakhovhas left
jonas’
Zash, interesting
lorddavidiiihas left
SamWhited
I say "policies", but I guess you don't have to target anything if you do that. Just train it on lots of streams and see what the most common stuff is.
Ge0rG
And you'll end up leaking private data in your dictionaries.
lorddavidiiihas joined
Zash
Trade-offs
SamWhited
So exclude bits of the stream you don't want it to see
SamWhited
Start training after stream negotiation, drop IDs, messages probably won't matter because if a phrase is reused enough it's probably not private, etc.
Zash
If we knew which bits that was, we could do nice compression.
Zash
... and that's basically what FunXMPP is
SamWhited
Fair
lskdjfhas joined
Zash
Pre-defined dictionary
Zash
With common things like "<message " and such
jonas’
Zash, except with zstd, there would be a standard-ish way to translate that dictionary
jonas’
and we wouldn’t be limited to keep XML metacharacters in place
jonas’
for example, 'from="' could be one token in the dict
I intend to make reservations for the annual dinner later this week
lorddavidiiihas joined
ralphm
We now need to start really inviting people to come and look at hotel deals
Guus
also, I'm assuming that last years hotel arrangements were ok? I'll redo those too, then
ralphmnods
ralphm
That's it for me on this.
jjrhhas left
jjrhhas joined
Guus
one thing
Guus
now that you raised the topic
Guus
last year, we, as in the XSF, invited three people to summit and fosdem, sponsoring them. I dubbed them 'young potentials', I think.
lhas joined
lhas joined
lhas joined
Guus
do we want to do something like that again this year
lhas joined
lhas joined
lhas joined
lhas joined
Guus
and if so, who? Last year, we extended an invitation to gsoc students. We did not participate in gsoc this year.
nyco
what was the outcome of this?
Guus
We had two students attend, iirc
nyco
how much were we attractive?
Guus
both of them are still active in the ignite realtime community
j.rhas left
Guus
at least one of them mentioned that he'll be going to FOSDEM again this year.
nyco
so we might wanna do it again, I'd go for it...
Guus
I kind of like the concept of doing such sponsoring, but I can't immediately identify candidates for this iteration.
Guus
Do you have suggestions for candidates?
ralphm
Let the records reflect that suggestions are welcome.
j.rhas joined
ralphm
Let's put it back on next weeks agenda
Guus
k
ralphm
2. Elections
ralphm
With 3 days left, the list is wanting
Guus
we're at 4 candidates for board, 3 for council. All sitting candidates, I think
ralphm
Indeed
Kev
Sorry, lagging here, but from the peanut gallery, did any of the young hopefuls remain active in the standards community, or just for a particular project?
Kev
We've moved on, nevermind. As you were.
ralphm
Kev: Guus can still answer that one.
Guus
Kev: one is still active, afaik.
ralphm
Should we be worried about Council specifically? Three people is really meager
Guus
Paul / Vanitas
Kev
It's only two, actually, with one intending to apply but hasn't yet.
Kev
I was going to take a year off, but I'll throw my hat into the ring again now.
ralphm
Kev: well, if you mean: there page isn't actually there yet, we then also only have 2 for Board. *shame*
Guus
I wonder if there are people that are inclined to run, but are hold back for some reason
ralphm
Shall I sent another reminder?
nyco
yes, please, I think
ralphm
Ok.
Guus
Well, Alex just did one?
Guusshrugs
ralphm
Last Friday, yes.
nyco
today is good, because it's Thu, and still a week day
ralphm
Right
ralphm
3. Executive Director
lhas left
Kev
Another Council application in.
Guus
I think the relevant people now know that we have an election. I don't think it's a matter of pointing that out. Maybe we can persuade them to actually run, in some way though.
nyco
reminder at -48h, -24h, 12h, 6h, 1h, 30 min... 😉
ralphm
We haven't had one since Peter resigned this post. There's been question on needing one, and to be honest, maybe we don't.
Guus
Thanks Kev
Guus
Ralph, we briefly discussed this last week. I offered to take over from Martin, in doing an inventory of tasks/responsibilities.
Guus
which I wanted to do after we actually meet with Peter, for this and financials, which is another 'todo' that's been outstanding for to long..
ralphm
Ok
nyco
if we don't have an ED, then do we need to modify the bylaws? or we just elect a ghost ED?
Guus
I think Peter stated that he intended to resign as soon as we had a replacement.
Guus
as he's not actually doing anything in the role currently, I prefer having this status-quo over undertaking the massive operation that is rewriting the bylaws.
ralphm
What I've also seen done is that the Chair of the Board is appointed in such role in the absense of a candidate.
Guus
but, we should move on this. We should have, ages ago.
ralphm
(like in the company I currently work at)
nyco
ah I like that the chair is ED as well
alexishas left
nyco
*the idea*
Guus
ralphm, if that works with our bylaws (I doubt it, for reasons), we might want to wait until next board picks a new chair then.
ralphm
Right, I'm not sure myself, it is just something that popped up.
Guus
worth considering, nonetheless.
ralphm
I think the ED is appointed by the Board, so I don't think it conflicts, but I'm happy to hear thoughts from the floor on this, before actually suggesting we do this.
Kev
ED being on Board would seem inappropriate to me, even if it's allowed.
Kev
Given the ED is used to break deadlocks in the Board.
Guus
"If the Board consists of an even number of Directors, the Executive Director of the Corporation shall be empowered to cast a tie-breaking vote (...)" complicates matters.
Guus
(what he said)
ralphm
Kev: indeed.
ralphm
The issue is that a) I haven't seen this been used in this corporation, b) I have no real other suggestions.
ralphm
But I'm happy to discuss with Guus and Peter.
Guus
Let's move on for now
Guus
*tap*tap* is this thing still on?
Kev
Everyone moved on.
Guus
ralphm usually swings his mighty hammer before he does. 🙂
"Zash> jonas’: EXI generates those from schemas tho" not necessarily. i was told that it would perform also well without schemas, although I wonder if it would suffer from the same side channel based attacks as zlib compression
flow
"Kev> Sorry, lagging here, but from the peanut gallery, did any of the young hopefuls remain active in the standards community," I'd say vanitasvitae is active, he wrote a mail to standards@ not to long ago, but go no reply/response back, so I'd say the standards community is the entity being inactive here ;)
rionhas joined
alexishas left
blablahas left
blablahas joined
Marandahas left
alexishas joined
jjrhhas left
labdsfhas left
labdsfhas joined
Tobiashas left
Tobiashas joined
Marandahas left
labdsfhas left
labdsfhas joined
marchas left
rionhas left
rionhas joined
jshas joined
genofirehas left
labdsfhas left
labdsfhas joined
alexishas left
alexishas joined
tahas joined
alexishas left
alexishas joined
Guushas left
Guushas left
matlaghas left
alacerhas left
jshas left
Valerianhas joined
jshas joined
jjrhhas left
moparisthebesthas joined
tahas left
lorddavidiiihas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jonas’has left
mimi89999has joined
jonas’has left
mimi89999has joined
lhas joined
lskdjfhas joined
jshas left
lskdjfhas joined
jshas joined
j.rhas left
j.rhas joined
jonas’
some numbers on the stream compression ratio (numbers are "bytes saved" in percent from the perspective of the client; i.e. tx == from client to server, rx == from server to client):
aioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
sync vs. full is executed on both sides (client and server)✎
alexishas left
jonas’has left
Marandahas left
Marandahas left
alexishas joined
jonas’
some numbers on the stream compression ratio (numbers are "bytes saved" in percent from the perspective of the client; i.e. tx == from client to server, rx == from server to client):
aioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
JabberCat startup (lots of mucs, lots of avatars), sync flush: 36% rx, 12% tx
sync vs. full is executed on both sides (client and server) ✏
mimi89999has left
jonas’
these are to be taken with a grain of salt due to the rather narrow use-cases