XSF Discussion - 2019-07-12

  1. Ge0rG

    we need to mandate this for Avatars: https://en.wikipedia.org/wiki/Better_Portable_Graphics 😁

  2. jonas’

    > Fabrice Bellard

  3. jonas’

    I’m on board

  4. jonas’

    and of course he wrote a decoder in JavaScript.

  5. jonas’

    and of course they wrote a decoder in JavaScript.

  6. Ge0rG

    And you most probably can pipe the compressed data through your hardware HEVC decoder

  7. lovetox

    seems peter is not answering by email

  8. lovetox

    ok maybe i give him another week, maybe he is on holiday or something :)

  9. lovetox

    jonas’, why is the HTTP API discouraged for search.jabbercat.org ?

  10. Ge0rG

    lovetox: it's harder to rate limit

  11. Ge0rG

    And easier to abuse.

  12. Daniel

    Not that xmpp is particularly easy to rate limit...

  13. Ge0rG

    I've opted for the xmpp api for yaxim, with a bot serving a cache of the data on yax.im, Daniel opted to use the HTTP api so he doesn't leak users' JIDs but instead IPs

  14. lovetox

    yeah i will implement both but default to the http

  15. Daniel

    Also those databases queries should be dirt cheap. I don't really understand the worry about rate limiting

  16. Ge0rG

    Something something full text search

  17. Daniel

    I mean every word press blog is more expansive for a db and you usually don't rate limit that

  18. lovetox

    a plus for the xmpp api is, i dont have to deal with proxy

  19. Ge0rG

    Daniel: this is also why wordpress completely melts down if you happen to be mentioned on any news aggregator

  20. jonas’

    Daniel, it’s just a precaution

  21. jonas’

    I don’t expect to have to do any type of fun rate limiting outside of specific attacks, but I like to have thought about that.

  22. jonas’

    lovetox, downside of XMPP is, the server sees the user’s JID + their search terms

  23. jonas’

    with HTTP, it only sees the users IP + search terms

  24. jonas’

    make of that what you will :)

  25. pep.

    Technically a client could use an sasl anonymous connection to do the query :-°

  26. jonas’

    I could offer that indeed.

  27. jonas’

    most SASL ANON services won’t let you s2s

  28. jonas’

    for obvious reasons

  29. lovetox

    and has much overhead

  30. jonas’

    that, too

  31. jonas’

    I could do things like use a HMAC’d part of the IP prefix as the local part to do rate limiting through that or something

  32. jonas’

    anyways, gotta run

  33. stpeter

    One of my recent projects: https://hacks.mozilla.org/2019/07/add-ons-outage-post-mortem-result/

  34. lovetox

    hey stpeter hello, i wrote you an email some days ago regarding the state of the jabber.org server, did you receive it?

  35. ralphm

    stpeter: thanks for the link. Keep up the good work!

  36. stpeter

    I did! Now I just need to reply. $dayjob is bleeding into $eveningjob these days.

  37. stpeter disappears for 3 hours of video calls

  38. ralphm

    Ouch

  39. stpeter

    This is my job. ;-)

  40. Guus

    stpeter: please implement fast-forward functionality in video calling

  41. ralphm

    Haha

  42. Ge0rG

    You'd become rich and famous. Or you'd have been killed by the time travel police.

  43. eevvoor

    Has anybody used elasticsearch's XMPP plugins already?