ralphmTobias: I was looking at XEP-0385 (Stateless Inline Media Sharing). Have you considered sending multiple media files at once? Would it be supported by adding additional <file/> elements?
alacerhas left
alacerhas joined
Str4tocasterhas left
Str4tocasterhas joined
alexishas left
dedekinhas left
dedekinhas joined
danielhas left
danielhas joined
dwdhas left
dwdhas joined
dwdWOuldn't that be multiple <media-sharing/> elements? Or maybe even references depending.
TobiasMultiple messages, multiple media-sharing or multiple file
TobiasThat probably needs to be specified
mrdoctorwhohas left
lskdjfhas joined
Str4tocasterhas left
Str4tocasterhas joined
TobiasBut inside a single message would probably be best. Multiple messages already works
mrdoctorwhohas joined
Str4tocasterhas left
Str4tocasterhas joined
Str4tocasterhas left
Guushas left
Guushas joined
guusdkhas left
lhas joined
Guushas left
guusdkhas joined
Guushas joined
lskdjfhas joined
Str4tocasterhas joined
lskdjfhas joined
lskdjfhas joined
lskdjfhas joined
Str4tocasterhas left
Str4tocasterhas joined
lskdjfhas joined
lskdjfhas left
lskdjfhas left
lskdjfhas joined
vaulorhas left
ralphmSure, I'd prefer a single message in my use case
Ge0rGI'd prefer a single message to carry multiple 0184 delivery receipts, but that's not what the XEP allows...
ralphmI'm a bit surprised also by the use of XEP-0372 References here. In my thinking, References was meant to annotate a previous message. This seems to leave off the uri attribute to refer to the current one. I think that use case has not been properly defined.
ralphmIn fact, in my use case, there wouldn't necessarily be a part of the text to be reference.
ralphmd
ralphmMore like the 'add attachment' button in many messengers.
matlaghas left
ralphmGe0rG: maybe XEP-0333 is more appropriate for you?
lumihas left
Ge0rGralphm: I want per message receipts, but with a more efficient delivery
ralphmI'm not sure if I can see the use case, but yeah, then that doesn't help
ralphmAnyway, I was really looking at Tobias' spec only right now.
nycohas left
vaulorhas joined
Ge0rGThe use case is after mam sync / fetching offline messages. You need to ack a bunch of incoming messages, and the respective payloads are just ids, wrapped into a bunch of boilerplate
alexishas joined
mightyBroccolihas left
alexishas left
alexishas joined
alexishas left
Str4tocasterhas left
Str4tocasterhas joined
Str4tocasterhas left
Str4tocasterhas joined
alacerhas left
alacerhas joined
Str4tocasterhas left
Str4tocasterhas joined
alexishas joined
Zashhas left
lskdjfhas joined
Str4tocasterhas left
Alexhas left
Str4tocasterhas joined
mightyBroccolihas joined
ThibGhas joined
Guushas left
Guushas joined
Guushas left
alacerhas left
intosihas joined
matlaghas left
alexishas left
alexishas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
lskdjfhas joined
Andrew Nenakhovhas joined
thorstenhas left
ThibGhas left
ThibGhas joined
alexishas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
nycohas left
Andrew Nenakhovhas joined
thorstenhas joined
moparisthebesthas left
danielhas left
danielhas joined
alexishas joined
Str4tocasterhas left
Alexhas joined
vanitasvitaehas left
Holgerhas left
ThibGhas left
ThibGhas joined
alexishas left
nycohas left
dwdralphm, No, references were always meant to be capable of referring to the current message. For hyperlinky stuff.
Alexhas left
lhas left
daniel> The use case is after mam sync / fetching offline messages. You need to ack a bunch of incoming messages, and the respective payloads are just ids, wrapped into a bunch of boilerplate
Ge0rG: I think we either talked about this before or I independently had the thought of just bundling multiple receipts in a single message
ralphmGe0rG: but XEP-0333 just marks the last one, so that covers the use case
jonas’ralphm, no it doesn’t, because you can’t be sure that all messages between two markers actually
jonas’ralphm, no it doesn’t, because you can’t be sure that all messages between two markers actually arrived
danielHowever in reality at least the bandwidth overhead of multiple messages vs one would be negligible if we had proper compression
danielWe should really revisit the compression xep
danielAnd make it secure ™
lorddavidiiihas left
ralphmdwd: ah, I guess the references XEP needs to point this out then. Nevertheless, it doesn't seem useful for when you don't have a particular part of the message to reference, when sending media.
ZashSomeone Should™
ralphmjonas’: arrived at the user or at his server?
ZashWhat happens if the receiving users archive acks messages when they are saved into the archive?
waqashas joined
alexishas joined
blablahas left
alexishas joined
alexishas left
Guushas joined
jonas’ralphm, both
alexishas joined
alexishas left
ralphmZash: right
dedekin> would be negligible if we had proper compression
You could start with
https://github.com/mgp25/Chat-API/wiki/FunXMPP-Protocol
:-)
SeveAnd call it WhatshAPPening
jonas’looks like they invented a stripped-down version of EXI
!xsf_martinhas left
mrdoctorwhohas joined
mrdoctorwhohas joined
lskdjfhas joined
alexishas joined
lskdjfhas joined
Zashjonas’: almost
jonas’I expect EXI to be more useful than generic compression in the general XMPP case actually
pep.Without the negotiation bits? ("these are the namespaces I'll be using")
ZashEXI is more involved tho
pep.(Re almost exi)
jonas’Zash, that’s true
ThibGhas joined
daniel> I expect EXI to be more useful than generic compression in the general XMPP case actually
But arguably a lot harder to implement
jonas’probably
Zash"FunXMPP" is closer to a fixed compression dictionary IIRC
danielEspecially since the xep is apparently garbage
jonas’if there are no ready-to-use libs
jonas’Zash, yes, which is also what EXI does
fippohah. This one is much better than exi for chat! http://cvs.schmorp.de/Net-Knuddels/Net/Knuddels/Dictionary.pm?revision=1.5&view=markup
Zashjonas’: EXI generates those from schemas tho
jonas’Zash, true
fippowhy compress protocol when you can compress the chat message content
rionhas left
Zashfippo: wut
jonas’I sense sarcasm
danielBut fwiw I'd love to play with exi if I can get a server dev on board
Zashjonas’: sure hope so, since that's the opposite of what we want here
alexishas left
fippozash: this module is not a joke even. i think the knuddels stuff came up in the late 90s, mostly in germany. they were alive until a recent databreach
jonas’is there a lua-exi?
Zashjonas’: nope
jonas’pity
ZashAnd EXI seems complex enough that I'd rather use a library than NIH it
jonas’yes please
jonas’is there even any floss implementation of EXI?
pep.Deprecate it! It's too complex you'll never get it right! /s
jonas’that libexi is "status: planning" on sourceforge, whatever that means
ZashThanks Firefox, I really did mean to go to http://EXIstentialcomics.com/
danieljonas’: a Java one
danielBut that's literally the only one I believe
Zashhttp://exip.sourceforge.net/ ?
Kevdaniel: I'm interested in EXI, actually, but no clue where we'd start to get something sensible (and no cycles to do anything immediately).
APachhas left
danielCompression - be it exi or an improved compression xep - would make for a good summit topic
SamWhitedThat's a good idea
Guuswasn't Arc Riley working on EXI stuff?
lskdjfhas joined
danielGuus: yes. He was the one who told us that the xep is garbage
daniel(probably not his exact words)
GuusWhere's he off to anyways? Haven't seen him in ages.
jonas’vanished after last year’s board elections essentially
jonas’hope they’re alright…
APachhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
ZashYou could define a zlib-safe that requires flushing between every stanza (or when to/from changes in some way)
intosihas left
APachhas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
dwdZash, Am I right in thinking Prosody has built-in support for JWT authentication for BOSH/WebSocket connections?
Zashdwd: What makes you think that?
ZashWhat does that even mean?
dwdZash, I was under the impression that Jitsi used something like that.
dwdZash, Of course, I could so easily be wrong.
danielSounds like an reasonable approach to 'fixing' that xep
Guusdwd: Jitsi might have added custom code (it did so for a number of things, iirc)
ralphmIsn't the issue with compression and encryption that a MiM can inject bits of information in messages going to an entity that are sure to be returned, to learn about the dictionary?
Zashralphm: Yes, like iq id attributes.
dwdralphm, Sorta. Compression oracles work by inserting known plaintext into a compression stream. So in our case, the compression stream is the entire session, so an attacker just sends messages to see if they can guess what's been sent before.
Zashralphm: If you flush between stanzas, that goes away
APachhas joined
dwdralphm, But an attacker has to be able to see the compressed/encrypted stream, to count octets. I've generally considered this quite a hard attack.
ralphmlike on a mobile device?
ZashYou usually need a *lot* of requests to get actual secrets out
ralphmok, I had no idea how practicle an attack like this is
dwdralphm, By which I mean, if an attacker has got to the point that they've got full access to your network traffic *and* is willing to expose themselves by sending traffic over tyour XMPP session as well, they're getting pretty desperate.
jonas’ninja’d
ralphmI know that document, but sure
jonas’dwd, sending traffic to ones XMPP session is not that hard using a botnet. I get a lot of unsolicited traffic all day.
jonas’that’s not *that* suspicious anymore
dwdjonas’, Sure, but the attacker *also* has to have visibility over your TCP sessions.
jonas’that’s true
ZashBut are the amounts of traffict required to do an actual attack small enough to evade admins being annoyed by the bandwidth usage?
jonas’I wouldn’t count on admins thwarting an attack
dwdZash, Maybe. Depends what they're trying to discover. It'd be relatively simple to find out, for example, if you were in this MUC by sending you traffic including the room's jid. But then, it's far easier to just just the MUC and look...
dwdZash, Maybe. Depends what they're trying to discover. It'd be relatively simple to find out, for example, if you were in this MUC by sending you traffic including the room's jid. But then, it's far easier to just join the MUC and look...
ZashAnother way to fix this is to have a fixed dictionary
dwdZash, That's not how zlib works.
Zashdwd: There are other compression libraries
Zashdwd: And you can sorta fake it by feeding it a dictionary before every ... chunk .. somehow.
dwdZash, Sure. But then you're only able to compress, say, the XML. So you'd be into EXI territory.
alexishas joined
Zashdwd: Picking say zstandard and training a dictionary on some XMPP data ought to be a lot easier to do than implementing all of EXI
dwdZash, Better solution of course is to use a constant-bandwidth transmission medium. :-)
SamWhitedNot necessarily, the spec could say that the dictionary must contain "@yourserver.com" or similar (assuming we want to target large rosters and assume that most people will be using the same server as their friends)
Kevdwd: So padding all stanzas to the 1GB mark?
SamWhitedBut I doubt a fixed dictionary is actually practical; interesting to think about though.
ZashKev: 10MB and you have a deal
dwdKev, No, just transmitting at a constant rate, and including padding.
dwdKev, It works quite well on radios. :-)
ZashWhitespace flood instead of ping?
jonas’like ssh does for keystrokes? :)
Zashjonas’: REAL TIME TEXT?
jonas’!!
jjrhhas left
jjrhhas joined
ZashSamWhited: Could do something where the client downloads and caches a dictionary on connect. Then it can be tuned to the server and stuff. More complexity tho and closer to EXI
Zash(Can you tell that I just found `zstd --train ...` ?)
SamWhitedooh, yah, that's interesting. It would be fun to think more about what sort of policies the server could create that way
Andrew Nenakhovhas left
jonas’Zash, interesting
lorddavidiiihas left
SamWhitedI say "policies", but I guess you don't have to target anything if you do that. Just train it on lots of streams and see what the most common stuff is.
Ge0rGAnd you'll end up leaking private data in your dictionaries.
lorddavidiiihas joined
ZashTrade-offs
SamWhitedSo exclude bits of the stream you don't want it to see
SamWhitedStart training after stream negotiation, drop IDs, messages probably won't matter because if a phrase is reused enough it's probably not private, etc.
ZashIf we knew which bits that was, we could do nice compression.
Zash... and that's basically what FunXMPP is
SamWhitedFair
lskdjfhas joined
ZashPre-defined dictionary
ZashWith common things like "<message " and such
jonas’Zash, except with zstd, there would be a standard-ish way to translate that dictionary
jonas’and we wouldn’t be limited to keep XML metacharacters in place
jonas’for example, 'from="' could be one token in the dict
ralphmAlso, we've secured the location for the Summit
nycohas left
lskdjfhas joined
GuusI intend to make reservations for the annual dinner later this week
lorddavidiiihas joined
ralphmWe now need to start really inviting people to come and look at hotel deals
Guusalso, I'm assuming that last years hotel arrangements were ok? I'll redo those too, then
ralphmnods
ralphmThat's it for me on this.
jjrhhas left
jjrhhas joined
Guusone thing
Guusnow that you raised the topic
Guuslast year, we, as in the XSF, invited three people to summit and fosdem, sponsoring them. I dubbed them 'young potentials', I think.
lhas joined
lhas joined
lhas joined
Guusdo we want to do something like that again this year
lhas joined
lhas joined
lhas joined
lhas joined
Guusand if so, who? Last year, we extended an invitation to gsoc students. We did not participate in gsoc this year.
nycowhat was the outcome of this?
GuusWe had two students attend, iirc
nycohow much were we attractive?
Guusboth of them are still active in the ignite realtime community
j.rhas left
Guusat least one of them mentioned that he'll be going to FOSDEM again this year.
nycoso we might wanna do it again, I'd go for it...
GuusI kind of like the concept of doing such sponsoring, but I can't immediately identify candidates for this iteration.
GuusDo you have suggestions for candidates?
ralphmLet the records reflect that suggestions are welcome.
j.rhas joined
ralphmLet's put it back on next weeks agenda
Guusk
ralphm2. Elections
ralphmWith 3 days left, the list is wanting
Guuswe're at 4 candidates for board, 3 for council. All sitting candidates, I think
ralphmIndeed
KevSorry, lagging here, but from the peanut gallery, did any of the young hopefuls remain active in the standards community, or just for a particular project?
KevWe've moved on, nevermind. As you were.
ralphmKev: Guus can still answer that one.
GuusKev: one is still active, afaik.
ralphmShould we be worried about Council specifically? Three people is really meager
GuusPaul / Vanitas
KevIt's only two, actually, with one intending to apply but hasn't yet.
KevI was going to take a year off, but I'll throw my hat into the ring again now.
ralphmKev: well, if you mean: there page isn't actually there yet, we then also only have 2 for Board. *shame*
GuusI wonder if there are people that are inclined to run, but are hold back for some reason
ralphmShall I sent another reminder?
nycoyes, please, I think
ralphmOk.
GuusWell, Alex just did one?
Guusshrugs
ralphmLast Friday, yes.
nycotoday is good, because it's Thu, and still a week day
ralphmRight
ralphm3. Executive Director
lhas left
KevAnother Council application in.
GuusI think the relevant people now know that we have an election. I don't think it's a matter of pointing that out. Maybe we can persuade them to actually run, in some way though.
nycoreminder at -48h, -24h, 12h, 6h, 1h, 30 min... 😉
ralphmWe haven't had one since Peter resigned this post. There's been question on needing one, and to be honest, maybe we don't.
GuusThanks Kev
GuusRalph, we briefly discussed this last week. I offered to take over from Martin, in doing an inventory of tasks/responsibilities.
Guuswhich I wanted to do after we actually meet with Peter, for this and financials, which is another 'todo' that's been outstanding for to long..
ralphmOk
nycoif we don't have an ED, then do we need to modify the bylaws? or we just elect a ghost ED?
GuusI think Peter stated that he intended to resign as soon as we had a replacement.
Guusas he's not actually doing anything in the role currently, I prefer having this status-quo over undertaking the massive operation that is rewriting the bylaws.
ralphmWhat I've also seen done is that the Chair of the Board is appointed in such role in the absense of a candidate.
Guusbut, we should move on this. We should have, ages ago.
ralphm(like in the company I currently work at)
nycoah I like that the chair is ED as well
alexishas left
nyco*the idea*
Guusralphm, if that works with our bylaws (I doubt it, for reasons), we might want to wait until next board picks a new chair then.
ralphmRight, I'm not sure myself, it is just something that popped up.
Guusworth considering, nonetheless.
ralphmI think the ED is appointed by the Board, so I don't think it conflicts, but I'm happy to hear thoughts from the floor on this, before actually suggesting we do this.
KevED being on Board would seem inappropriate to me, even if it's allowed.
KevGiven the ED is used to break deadlocks in the Board.
Guus"If the Board consists of an even number of Directors, the Executive Director of the Corporation shall be empowered to cast a tie-breaking vote (...)" complicates matters.
Guus(what he said)
ralphmKev: indeed.
ralphmThe issue is that a) I haven't seen this been used in this corporation, b) I have no real other suggestions.
ralphmBut I'm happy to discuss with Guus and Peter.
GuusLet's move on for now
Guus*tap*tap* is this thing still on?
KevEveryone moved on.
Guusralphm usually swings his mighty hammer before he does. 🙂
flow"Zash> jonas’: EXI generates those from schemas tho" not necessarily. i was told that it would perform also well without schemas, although I wonder if it would suffer from the same side channel based attacks as zlib compression
flow"Kev> Sorry, lagging here, but from the peanut gallery, did any of the young hopefuls remain active in the standards community," I'd say vanitasvitae is active, he wrote a mail to standards@ not to long ago, but go no reply/response back, so I'd say the standards community is the entity being inactive here ;)
rionhas joined
alexishas left
blablahas left
blablahas joined
Marandahas left
alexishas joined
jjrhhas left
labdsfhas left
labdsfhas joined
Tobiashas left
Tobiashas joined
Marandahas left
labdsfhas left
labdsfhas joined
marchas left
rionhas left
rionhas joined
jshas joined
genofirehas left
labdsfhas left
labdsfhas joined
alexishas left
alexishas joined
tahas joined
alexishas left
alexishas joined
Guushas left
Guushas left
matlaghas left
alacerhas left
jshas left
Valerianhas joined
jshas joined
jjrhhas left
moparisthebesthas joined
tahas left
lorddavidiiihas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jonas’has left
mimi89999has joined
jonas’has left
mimi89999has joined
lhas joined
lskdjfhas joined
jshas left
lskdjfhas joined
jshas joined
j.rhas left
j.rhas joined
jonas’some numbers on the stream compression ratio (numbers are "bytes saved" in percent from the perspective of the client; i.e. tx == from client to server, rx == from server to client):
aioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
sync vs. full is executed on both sides (client and server)
alexishas left
jonas’has left
Marandahas left
Marandahas left
alexishas joined
jonas’some numbers on the stream compression ratio (numbers are "bytes saved" in percent from the perspective of the client; i.e. tx == from client to server, rx == from server to client):
aioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
JabberCat startup (lots of mucs, lots of avatars), sync flush: 36% rx, 12% tx
sync vs. full is executed on both sides (client and server)
mimi89999has left
jonas’these are to be taken with a grain of salt due to the rather narrow use-cases
XSF Discussion - 2018-11-01