I knew about the feature but I always thought it was a custom client thing
mathieui
didn’t we talk about it at the meetup?
jonas’
wait what
jonas’
amazing
jonas’
same here, pep.
jonas’
now let’s move that to multi-item PEP and it’s actually useful.
edhelas
jonas’ <3
mathieui
pep., if you feel bored, don’t hesitate to fix https://lab.louiz.org/poezio/poezio/issues/2557
saszahas joined
pep.
mathieui, I don't think so. Or I didn't understand it like that. I'm discussing this with sasza just now
jonas’
a proper solution for metacontacts of which the information lives server-side is somthing I wanted
jonas’
and then I ditched it. and now it doesn’t fit in my roster data model anymore.
owlhas joined
jonas’
but given that it can greatly improve UX for those of us with (friends with) multiple accounts ... :)
mrdoctorwhohas left
chunkhas joined
mrdoctorwhohas joined
Half-Shothas left
pep.
There doesn't seem to be much security concerns for this meta-contact thing. owl was wondering if it was possible to use this as a pre-condition (but not requirement) for <moved/>. I also think it would be interesting
pep.
At the moment it seems I can just send a meta-contact tag for any other jid as long as I know their identity tag?
olihas left
jonas’
what?
jonas’
send to whom?
genofirehas left
genofirehas joined
pep.
Say I, userA, sends a meta-contact thing to userB, <meta jid='userA@jid1' tag='foo' .. />. Now userB knows my identity tag right, they could use it to send userC <meta jid='userB@jid1' tag='foo' ../> ?
pep.
There doesn't seem to be any auth mechanism(?)
mrdoctorwhohas left
pep.
/verification
jonas’
XEP-0209 does not specify anything for sending a meta-contact thing to another user.
jonas’
so why should there be an auth or verification mechanism?
pep.
oh
pep.
I see
jonas’
did you only look at the examples? ;-P
pep.
Yes and I was confused
jonas’
heh
pep.
Because it's not what I thought it was
pep.
With owl we were picturing something else, users would be able to say "This is another account of mine"
pep.
That would need another XEP then.. and would probably need to interact with this
jonas’
put it in vcard?
pep.
hmm?
jonas’
I bet you can put a JID in a vcard
jonas’
put all your accounts in all your vcards
jonas’
also allows cross-validation
pep.
Yeah cross-validation should be a thing
pep.
The issue owl had was that with <moved/> (and even with what's being discussed, https://wiki.xmpp.org/web/Sprints/2018_November_Dusseldorf/Pad grep for moved), it's not possible to say "hey I moved to that other JID" anymore if the first server is down
lhas left
pep.
Ge0rG, ^
chunkhas joined
Half-Shothas joined
Half-Shothas left
olihas joined
olihas joined
olihas joined
chunkhas joined
chunkhas joined
Half-Shothas joined
Zashhas left
genofirehas left
Half-Shothas left
404.cityhas joined
Half-Shothas joined
mrDoctorWhohas joined
Guushas left
owlhas left
MattJhas joined
stevenhas left
!xsf_Martinhas joined
mrdoctorwhohas joined
!xsf_Martinhas left
Half-Shothas left
!xsf_Martinhas joined
labdsfhas left
MatthewXhas left
Half-Shothas joined
Half-Shothas left
Ge0rG
pep.: yes, also if you actually delete the old account. Moved is full of hairy corner cases of xmpp.
Ge0rG
Next time I have a bit of time to tackle it, I'll prepare a proposal for a new Moved, probably based on a mix of messages and pep
labdsfhas joined
lhas left
edhelas
is stream compression still a thing in XMPP ?
Zash
It has dubious security properties. Prosody got rid of it. Dunno about others.
(scroll to the bottom of that comment for a summary)
jonas’
TL;DR: if you do it rightâ„¢, the benefits are rather slim, but it can at least revert the base64 overhead
flow
edhelas, I'd say yes, and I believe that the side channels can be closed
flow
jonas’, you consider 12% bytes saved in the worst case "rather slim"?
flow
Or am I misreading the stats and its 1.2% or something?
Zash
Does it consider the extra memory usage on servers?
jonas’
yes, 12% is rather slim IMO
jonas’
12% is low enough that I’d be interested if the additional CPU time involved on the client side isn’t worse than transmitting the extra bytes
jonas’
(not to mention the memory overhead)
Zash
As a server dev, I'd rather avoid more memory usage
edhelas
I saw some security issues regarding TLS + compression as well
Zash
Yeah, you don't want SASL / password anywhere near compression.
labdsfhas left
labdsfhas joined
APachhas left
neshtaxmpphas joined
Half-Shothas joined
lskdjfhas left
lhas left
lhas joined
lhas joined
mimi89999has left
lhas joined
moparisthebesthas joined
moparisthebesthas joined
Half-Shothas left
tahas left
marc_has left
APachhas left
tahas joined
APachhas left
mimi89999has joined
marc_has joined
APachhas left
APachhas left
efrithas joined
lhas joined
Yagizahas left
jonas’
"password or password-equivalent" is probably more fitting, given that SCRAM for example is safe-ish even without encryption, IIRC.
chunkhas left
olihas joined
chunkhas joined
APachhas left
labdsfhas left
labdsfhas joined
Tobiashas left
Tobiashas joined
Zash
Depends on what you wanna protect or be safe against
lhas left
lhas joined
APachhas left
mimi89999has joined
goffihas joined
lhas left
MatthewXhas joined
Tobiashas joined
Tobiashas joined
Zashhas left
olihas joined
olihas left
labdsfhas left
labdsfhas joined
404.cityhas left
labdsfhas left
labdsfhas joined
waqashas joined
mrdoctorwhohas left
mrdoctorwhohas joined
!xsf_Martinhas left
labdsfhas left
labdsfhas joined
pep.has left
olihas left
olihas left
olihas joined
Half-Shothas joined
MatthewXhas left
labdsfhas left
labdsfhas joined
labdsfhas left
labdsfhas joined
olihas left
olihas joined
efrithas left
efrithas joined
lhas joined
labdsfhas left
labdsfhas joined
MattJhas joined
marc_has left
olihas left
MatthewXhas joined
olihas joined
stevenhas left
MatthewXhas left
moparisthebesthas left
Wiktorhas left
labdsfhas left
labdsfhas joined
labdsfhas left
labdsfhas joined
tuxhas left
ThibGhas left
ThibGhas joined
Zashhas left
labdsfhas left
labdsfhas joined
labdsfhas left
labdsfhas joined
labdsfhas left
pep.has left
labdsfhas joined
ThibGhas left
olihas joined
goffihas joined
lorddavidiiihas left
ThibGhas joined
lorddavidiiihas joined
genofirehas left
genofirehas joined
genofirehas left
genofirehas joined
tuxhas left
edhelashas left
edhelashas left
edhelashas left
olihas left
olihas joined
olihas left
olihas joined
olihas left
olihas joined
olihas left
olihas joined
olihas left
olihas joined
edhelashas left
vaulorhas left
vaulorhas joined
ThibGhas left
ThibGhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lhas joined
lskdjfhas left
lskdjfhas joined
vaulorhas left
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
labdsfhas left
labdsfhas joined
Nekithas joined
olihas left
UsLhas left
UsLhas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
mimi89999has joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
edhelashas joined
edhelashas left
lorddavidiiihas left
genofirehas left
genofirehas joined
moparisthebesthas joined
lhas left
olihas left
edhelashas joined
edhelashas left
edhelashas joined
genofirehas joined
genofirehas joined
igoosehas left
igoosehas joined
genofirehas joined
olihas left
genofirehas left
olihas left
vanitasvitae
XML namespaces containing multiple occurences od ':' (eg. "urn:xmpp:bob") are valid, are they?
https://github.com/dino/dino/issues/394#issuecomment-450573159
Maybe someone can shine some light on this issue?
vanitasvitae
s/od/of
olihas left
olihas left
olihas joined
lhas joined
lovetox
this is indeed wrong vanitasvitae
vanitasvitae
So such namespaces are not allowed?
lovetox
as you see on the captcha node
lovetox
namespace and node name are exchanged
lovetox
the thing is the namespace is not as namespace declared
lovetox
as you can read <urn:xmpp:captcha xmlns='captcha'>
lovetox
but it should be
lovetox
<captcha xmlns='urn:xmpp:captcha'>
lskdjfhas joined
lovetox
if this comes from an ejabberd, this is a major bug
vanitasvitae
ah 😀
vanitasvitae
Okay, I understood it wrong then
vanitasvitae
I thought "xmlns='urn:xmpp:bob'" would be illegal.