XSF Discussion - 2019-12-13


  1. SpaceFreak aka Tracer

    πŸ‘

  2. SpaceFreak aka Tracer

    thats zero o'clock content

  3. SpaceFreak aka Tracer

    :64 participants at this time is actually sick~

  4. moparisthebest

    Wonder how that works copyright-wise with nginx

  5. moparisthebest

    I'd hope if you don't enforce your copyright for 20 years while the product gains widespread adoption you don't get to swoop in and take it, but who knows

  6. Arc

    well that didnt stop them from arresting the lead two developers

  7. Arc

    I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of

  8. mr.fister

    moparisthebest: that's the copyright law, destructive by design

  9. Arc

    but for a company that considers working on other FOSS projects to be a conflict of interest, I don't feel bad for them.

  10. Arc

    if they were good actors in the community I'd be happy to come to their defense

  11. Arc

    they were literally the last company I interviewed for in SF.

  12. Arc

    the first interview was great. sure there were accent barriers but it seemed like a great fit. and then being introduced to their CEO who turned out to be a former rugby teammate from washington DC

  13. Arc

    and that amazing high turned 180 when the CEO told me, point blank, that I'd have to resign from working on other FOSS projects while working for them because it'd be considered a conflict of interest ---

  14. moparisthebest

    Actually I'd heard you tell that story before so I didn't feel sorry for them either

  15. moparisthebest

    I was asking for more selfish reasons, like, can I keep using nginx :)

  16. mr.fister

    moparisthebest: you'll know it only after a while, the rambler group states that "any usage of nginx without their personal permission is violation of copyright law" or something like that

  17. Daniel

    > I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of Arc: it's Russia

  18. Arc

    certainly its Russia. :-)

  19. Arc

    I don't expect their former employer will win. But the drama will likely drag out for some time, especially influence their current round of VC funding, and will hurt their user base

  20. Arc

    its like Michael Holdmann trying to patent parts of XMPP and then use those patents as collateral for VC loans. Its nasty behavior that can only hurt the community when his business fails and those patents get sold to a patent troll

  21. Arc

    if NGINX Inc never existed, if nginx remained a FOSS project, or tried to commercialize without VC funding or trying to turn themselves into a FOSS-toxic tech startup, we wouldn't be where we are now. but now that they have, the VC money they've pocketed makes them an easy target for copyright trolls.

  22. dwd

    I think I'm broadly in agreement with lovetox here. I think Kev's proposal on list goes some way to addressing these concerns, and we'll work on a concrete proposal in this space next week.

  23. nyco

    thread regarding IoT : https://fosstodon.org/web/statuses/103293746877193364

  24. Arc

    nyco: XEP 0322 needs some serious work or should be killed. its in a non-starter state because it was written by someone with only the most cursory experience with EXI

  25. nyco

    yep, maybe we should reboot the IoT stuff

  26. Arc

    i dont expect to see any forward movement from that from the xmpp council because EXI is very much not simple

  27. Arc

    grammar distribution and negotiation needs to be solved.

  28. Arc

    and yes while grammar unaware mode is available, and could be used, it would dramatically increase the software size for embedded devices and thus make it not feasible for some iot cases

  29. Arc

    I think I might be the only current XSF member with any experience working with EXI and that would need to change to move forward with it

  30. nyco

    there is some more members with EXI experience, not judging on how much

  31. Arc

    who?

  32. nyco

    yeah, indeed, EXI may not be the way to go

  33. nyco

    Arc MongooseIM guys

  34. nyco

    at least

  35. Arc

    ive never gotten that impression

  36. Daniel

    On the topic of exi. I was in a meeting yesterday in which we essentially decided to reinvent exi because exi itself was deemed to complicated

  37. Daniel

    But we do a strong need for 'something like exi'

  38. Arc

    its not too complicated, its poorly documented.

  39. Arc

    EXI itself is incredibly simple

  40. Daniel

    Meaning compression with predefined dictionary

  41. Arc

    the string dictionary?

  42. Daniel

    A xml tag name namespace tuples dictionary

  43. Daniel

    So yes, I guess

  44. Arc

    yea so that's really simple. too simple.

  45. Arc

    the only place so far I've had EXI completely fail is SVG

  46. Arc

    but the problem with the way its documented is it feels ass backwards. we tend to view XML from a data -> in perspective, because that's the way virtually every piece of software is written

  47. Arc

    its best to view EXI from the viewpoint of the data consumer; typically from the viewpoint of that critical piece of code that does a string compare to match it with code to be executed when a certain element is found

  48. Arc

    in XMPP code, that means the stanza router

  49. Arc

    somewhere in virtually every piece of XMPP software I've ever seen is a string compare routing an incoming stanza for message, iq, presence, or various stream errors/etc.

  50. Arc

    in EXI you always have the grammar - whether its schema informed strict (whereas grammar is fixed), schema informed non-strict (whereas grammar can be extended), or schema uninformed (whereas the grammar is constructed as needed).

  51. dwd

    Arc, But string compares only after parsing, right?

  52. Daniel

    I guess what I'm saying is that we have a need for some form of binary xml. But exi feels too much for us to tackle alone. (as opposed to just coming up with something new). But if someone else wants to colab on an exi 2.0 xep or something I might be able to convince my people to do that instead

  53. Arc

    dwd in traditional XML sure, string compares after layer 2 parsing.

  54. dwd

    Arc, But EXI prevents this?

  55. Arc

    in EXI you should only do string compare when parsing the grammar.

  56. dwd

    Arc, I think I need an example, I'm being stupid.

  57. Arc

    your parser isnt receiving the string "message" anymore. its receiving the integer 1 instead. the grammer determines how many integers there are at a given scope, and what those integers mean

  58. Arc

    ok. say we're in the scope of <stream:stream> and lets ignore stream management and stream:error etc; we have 4 possible options in xmpp; message, iq, presence, and </steam:stream>

  59. Arc

    EXI understands those as 0, 1, 2, and 3.

  60. Arc

    when in bit-packed mode EXI will represent those options with 2 bits. in other modes as one byte. but in parsing it doesn't matter

  61. Arc

    on decompression you set a hook for message, iq, presence, and </stream:stream> like you always have. the difference is now you're not string comparing what the XML library is giving you. your code is being called on a switch block for 0, 1, 2, and 3 respectively. which is tremendously faster

  62. Arc

    for embedded IoT devices using strict schema-informed grammar you can hard code that so that 0 is always message, 1 is always iq, 2 is always presence, and 3 is always </stream:stream>

  63. Arc

    so you're decoding a <iq> element, in that scope there's be a fixed number of attributes and child elements that are understood by the grammar, and similarly each is represented by an integer. with strict schema-informed grammar those options will always be the same. so a byte 1 followed by a byte 2 may always be "<iq from="

  64. Arc

    the only time a string compare should ever be needed is when transmitting grammar or grammar extensions for unexpected things that arrive, and then only once to see if your code has any clue what those things do.

  65. Arc

    after that you'll only use the integer for that thing, and you can record a pointer to what to execute what to do when that thing is read.

  66. Arc

    the XMPP challenge for the XEP is for how the client informs the server what grammer to use. strictly "schema uninformed" would waste a lot of bandwidth and consequently battery power on the IoT device. ideally we would like the device to not have to transfer the grammer also to save power. eg it could come from the manufacturer

  67. Arc

    there's two major problems with XEP 0322; first its relying on "compiling" a schema from a given set of schema files (schema informs grammar, but lacks any definition for the precise way to do this reliably across different libraries), and second its using arbitrary URLs to load the schema files from which is a pretty major security issue

  68. Arc

    clients should not be able to cause a server to automatically download HTTP URLs; that could be used as part of a DDoS attack, to anonymously transmit data via some web APIs, or worse

  69. Arc

    when I first started looking at EXI 5+ years ago I thought strict grammar mode would be unusable in any real world case. but the more you work with it, the more it changes your way of seeing XML, and you start to see strict grammar as the obvious default. there's certainly cases for extensible grammar but in all seriousness, software is written to process what the software is written to process.

  70. Arc

    that is to say: unless you're debugging or planning to save XML for other software to process, there's no reason to receive XML elements or attributes that the software is going to ignore anyway. its better for the server to silently drop that content instead of sending it to the client where it'll be ignored because there's the client doesn't know how to process it.

  71. Daniel

    Fwiw I'd be fine with a potential exi 2.0 xep being only specified for strict

  72. Daniel

    That might limit exi use to closed deployments but that's where it is needed the most

  73. Arc

    well one thing the XEP does right IMHO is the client dictates the grammar. so the client decides.

  74. Arc

    Ive been able to compile libexi for one specific small grammar in under 1k of rom. and that's the point of it for IoT.

  75. Arc

    but there's really little need to restrict what the server can support. any xmpp server should be able to support all the various modes. plus - even with strict grammar, the client still needs a way to inform the server what the grammar is.

  76. Arc

    when your IoT device is monitoring air pollution while attached to the top of a city bus with rare earth magnet and powered by a solar cell, or monitoring soil moisture in your garden with a single AA battery, the transmit power (plus amount of time the CPU is out of sleep mode) to send the grammar is simple too much.

  77. Arc

    to convince a lot of IoT companies to change to XMPP we need to meet or beat the power use of their current protocol. which in most cases will look pretty similar

  78. dwd

    So my use for EXI would be handling the crappy bandwidth one gets in hospitals. I don't think I'm anywhere close to XMPP being the bandwidth hog here, mind, but still. I don't understand how a schema-strict mode would work (or, at least, how it wouldn't violate the end-to-end principle and all that implies).

  79. Arc

    schema-strict mode would do the exact same thing that current text XML does, just in a different place. if your current client ignores data it doesn't want or need, the server would drop that data instead.

  80. Arc

    and really, for most extensions, its a best practice not to send data that the receiver hasn't asked for or specified support for

  81. Guus

    Hey, Arc!

  82. Arc

    hey Guus!

  83. Guus

    Longtime no see. How are you? (maaaybe I should've waited for whatever conversation was going on to finish, sorry πŸ˜‰ )

  84. dwd

    Also, yes, it's great to see Arc back.

  85. Arc

    dwd but also for hospital IoT stuff, they likely have the memory and CPU for handling non-strict schema. for the strict schema, its mostly for tiniest of IoT devices.

  86. Arc

    thanks! :-)

  87. dwd

    Arc, We're not IoT, but yes.

  88. Arc

    yea so informed non-strict should be fine.

  89. Arc

    there's absolutely an overhead for building grammar tables that may be extended. I have a device within arms reach of me right now that's running a 8-bit RISCV that it would be much more difficult to squeeze extensible tables into.

  90. Arc

    (its not *really* 8-bit but that's another topic)

  91. Ge0rG

    Arc: would it make sense to have a grammar caching mechanism similar to entity caps?

  92. Guus

    Daniel My first gut reaction to trying to create a new something something that's EXI like but not EXI is https://xkcd.com/927/ - but knowing you, you've probably considered that. I'm interested in how a new approach is different in this way.

  93. Ge0rG

    The client transmits its grammar on first g connection, it's cached on the server, problem solved

  94. Ge0rG

    The client transmits its grammar on first connection, it's cached on the server, problem solved

  95. Ge0rG

    On the second connection, the client just sends the sha256 of the grammar, no need to retransmit

  96. Ge0rG

    When the client software is updated, the new hash isn't known to the server, it requests the new grammar

  97. Ge0rG

    The server side filtering to known elements would also be good for mobile clients, not just IoT

  98. Guus

    If I understand Arc correctly, then one of primary issues is that EXI is lacking proper documentation. How much effort would it take to get that fixed? Would we be able to find sponsoring for that, given the impact it could have on certain applications?

  99. Ge0rG

    We really need to position ourselves as The Solution for IoT

  100. Arc

    Guus: its not a lack of documentation, its that the docs are terrible and overly verbose, such that its really difficult for people approaching EXI to understand it.

  101. Guus

    (From what I'm reading just here, at least Arc, Daniel and Dave are dabbling in this field. Is there some corporate backing here?)

  102. Ge0rG

    Arc: you could write a book!

  103. Arc

    Ge0rG: that is exactly something I proposed a few years ago, and I now disagree with as an approach. the problem is you don't want to burden the client with that responsibility

  104. Guus

    Arc sure. "documenation needs work."

  105. Guus

    Arc sure. "documentation needs work."

  106. dwd

    Guus, We aren't dabbling at all. My guess would be that Kev (And Isode, more generally) would be more interested than us.

  107. dwd

    Guus, I'm just EXI-curious. :-)

  108. Guus

    haha

  109. Guus

    You're talking about the extremely low-bandwidth type of applications?

  110. Ge0rG

    Arc: you also said you don't want the grammar to be an external HTTP URL. What's your proposal?

  111. Guus

    You're talking about the extremely low-bandwidth type of applications that some of their customers are working with?

  112. Arc

    Guus: not just low bandwidth, but low handware, low cpu, low ram, low battery power. my ultimate goal of EXI isn't to save bandwidth but vastly expand XMPP into the embedded market

  113. Daniel

    Guus: I was in fact coming from a "let's consider exi" position. Precisely not to reinvent the wheel and to have something that benefits the community. I think the feeling on the other side of the table was that "something like funxmpp" (essential hard coded, preshared lookup table of commonly used elements) is easier to grasp

  114. dwd

    Guus, Right. Most of our problems are with RTTs and unstable networks - these also apply to Isode's space. Bandwidth isn't great for us, but it's waaay better than some of Isode's cases. Our clients run on consumer smartphones, so we're absolutely not an IoT case.

  115. Daniel

    Than exi with its 3 modes of operations

  116. Daniel

    The fact that I don't know a lot about exi didn't help

  117. Arc

    Ge0rG: that's something to be discussed. I mean a specific XMPP extension for sending a grammar over XMPP would potentially be doable. that way it could never be used for an attack.

  118. Guus

    Daniel that's fair. But also kind of boils down to the documenation problem with EXI, right?

  119. Daniel

    But my hope was that starting a broader effort on the exi front might help me convince the other side

  120. Daniel

    Yeah. Also that there are virtually no libraries

  121. Arc

    ok sorry as soon as i wrote that last bit I realized how stupid that is. literally anything could be formed into an attack vector by someone determined enough. the local antifa group took down a hate group using craigslist ads.

  122. Guus

    Arc I understand. I was trying to describe to Dave the customers that I thought were interested in this, without naming names. I wasn't trying to describe all of EXI's benefit.

  123. Daniel

    I mean if exi was some plug and play thing that you just hook in between things it might be easier

  124. Arc

    Daniel: yes, and lack of software is absolutely a problem I want to address. libexi is my strategy for that but there's zero funding for it

  125. Ge0rG

    Arc: the alternative would be a common grammar file format and a central repository, which your server needs to pull from whenever you launch a new version client

  126. Ge0rG

    Arc: really, I don't see a viable alternative to xmpp based delivery for anything but closed deployments

  127. Arc

    Ge0rG: yea a "registry" could work.

  128. Ge0rG

    Arc: but server operators are lazy, and automatic push + pull with a central registry is even worse, security wise

  129. Arc

    that's something XSF could maintain

  130. Guus

    I'm probably the least qualified / experienced of people talking here right now, but from what I read here is that EXI has already had quite some work gone into it, but needs some work to be (re)usable (docs and libs). Feels like a shame to replace it with an easier-to-develop (but really, that rarely turns out to be the case) yet less re-usable XMPP-specific solution.

  131. dwd

    Guus, I'll fight you for the least-qualified position. ANd probably lose.

  132. Arc

    Guus: yes and no. in Java-land EXI is extremely mature. in C-land, not so much. outside of Java there's simple nobody working on XML.

  133. Guus

    Would it be good to get some people together, and see what amount of resources would be needed to use EXI to get a real-world application, that we can pitch to customers.

  134. Arc

    there's known 0-days in libxml2 that could easily cost billions in damage and nobody working on it.

  135. Guus

    Arc well, we have several Java implementations, so that might be a good platform to do some prototyping in XMPP then.

  136. Guus

    If anything, that could lead to traction.

  137. dwd

    Arc, Presumably strict-schema mode in EXI would require stricter schemas (ie, entirely immutable schemas) than we have previously used in XMPP?

  138. Arc

    Google knows about them, so they wrote their own XML library in Go. and Mozilla wrote their own in Rust for servo, which is likely better

  139. dwd

    Arc, Or can we safely add further attributes with default values (for example) without having to ... recompile? ... the schemas for EXI?

  140. Arc

    dwd: strict grammar means that any unknown elements, attributes, etc be ignored.

  141. Guus

    (Which seems to be problematic for the "X" in XMPP?)

  142. Arc

    Guus: no, it does the same thing in most cases when an unknown element or attribute is received by software. the client you use now for example, if I sent <message ...> <helloworld/><body>hi</body></message> what would it do with the <helloworld/> ?

  143. Guus

    ignore

  144. Arc

    bingo.

  145. dwd

    Yes, I was thinking it's not a terrible thing, since it's how XMPP works itself.

  146. Arc

    it just ignores it on the server. another way of looking at EXI is, its as if part of the XML parsing gets moved to the server

  147. Guus

    but would EXI still pass along the data, which would then be parseble XML?

  148. Arc

    not if strict is sent.

  149. Arc

    its a bitflag in the EXI header

  150. dwd

    Arc, But the, erm, EXI schema definitions need to be the same on both server and client?

  151. Guus

    So, if Client A wants to send Client B some data that contains data not understood by the server, how'd that work?

  152. Arc

    dwd the grammar needs to be the same, yes. the schema informs the grammar.

  153. Arc

    Guus: if you send me a <message><helloworld/> and I'm connected to my server while specifying "strict" mode, then my server will drop <helloworld/>

  154. Guus

    If client A sends stuff not understood by the server, which drops data, client B is unlikely to receive that data?

  155. Arc

    here's what the EXI header looks like, which might be the most readable part of the whole specification

  156. Arc

    https://www.w3.org/TR/exi/#header

  157. Guus

    Isn't that wildly different as compared to regular XMPP? If a server receives something it doesn't recognize, it'll ignore it, but pass it along.

  158. dwd

    Guus, Exactly that. Which is why I say it conflicts with the end to end principle.

  159. Arc

    Guus: the client dictates what grammar to use, not the server.

  160. Guus

    if EXI doesn't do that...

  161. Guus

    ah ok - so if the client is going to send something, it will (well, _can_) always inform (and thus configure) the receiving end in such a way that it can properly parse all data?

  162. Arc

    yes.

  163. Guus

    Right. And the receiving client will have configured the server in a similar way, so that it can be send all data that it'll be able to interpret.

  164. Zash

    So the server still needs to shuffle some generic XML representation internally?

  165. Zash

    Can an EXI client even send something not part of the schema/grammar?

  166. Guus

    (Can that grammar be re-negotiated? For example when new plugin gets dynamically loaded that introduces new goodies)

  167. Arc

    Zash: yes there's really no way around that because the clients, in most cases, will be speaking different grammars. and no the client cannot encode new things in strict encoding.

  168. Arc

    Guus: I don't believe so, the "schemaId" gets sent as part of the EXI header. though the XEP could include a specific stream-level message to renegotiate the EXI?

  169. Guus

    Somewhat of an edge case

  170. Guus

    dwd with the above, does your concern regarding end to end principle hold?

  171. Guus

    as with Arc explanaition, I'm thinking that it at least _migth_ work πŸ™‚

  172. Arc

    yea in those cases I think reconnecting is perfectly fine. but there is the "fragment" option in the EXI header too, such that you're specifying that you're not sending the whole XML document from <root> to </root> but only part of it.

  173. dwd

    Guus, Well, I said it conflicts, and it does, but that's not a blocker.

  174. Guus

    how does it conflict?

  175. Arc

    in that case yes even without an XMPP stream-level support, if you wanted to change options on the fly, you could. with obvious security concern of trying to DDoS a server by flooding it with different schemaId's to be retrieved from a ... "grammar registry"

  176. Guus

    client A won't be able to send client B data that client B doesn't know how to parse. That?

  177. Guus

    Arc I'm unsure if those conerns are obvious, but sure πŸ™‚

  178. dwd

    The end-to-end principle essentially says that end-clients care about more layers than intermediate routers. That's always been prtty shaky in XMPP anyway, since the server is often an end-client in that sense.

  179. Guus

    That's way to abstract for me to understand without loads more coffee.

  180. Arc

    what about being able to block JIDs? I mean, the client is literally instructing the server to drop unknown content, that's not unlike instructing the server to not send content from certain JIDs?

  181. Guus

    (but you said 'no blocker' which I'm happy to accept)

  182. Zash

    To the coffee machine!

  183. Arc

    wow its 2am here.

  184. dwd

    Arc, It's armageddon here, for comparison.

  185. Guus

    At least there's clarity... ?

  186. dwd

    Yes, our doom can be seen very clearly.

  187. Arc

    oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust

  188. Guus

    Dutch weather is as miserable as yours this time of year. We'd be happy to have you πŸ™‚

  189. dwd

    Arc, Rust... I'm not sure there's a stand-out library for Rust. I'd be interested to see one.

  190. Arc

    i recognized a few names from the cargo package list

  191. dwd

    Guus, I have given it some thought. Not much less convenient for travel to the office. But it'd mean moving my daughter's schooling at this point, which'd be tricky.

  192. Guus

    Isn't that why you learned the other kid to fly? Commute solved.

  193. Guus

    So, if we want to (and there seems interest, judging by this conversation) want to move forward with EXI in XMPP world, what would we need? It might be good to come up with an estimate of the effort involved, to be able to attract sponsorship for this.

  194. dwd

    And his license is an EU one, so covers him. No, I've genuinely thought about this.

  195. Arc

    Guus: I would really appreciate having a working group, even an informal one.

  196. Guus

    dwd it's a sucky situation. At least now, things will need to be solved pragmatically. Hopefully, things turn out less bad than what you've now envision.

  197. Guus

    And face it, it could be worse: Farage at no 10?

  198. Guus

    *shiver*

  199. Guus

    Arc we can do that easily. Who'd be willing to dedicate their effort into that?

  200. Arc

    beyond the big issues like how to communicate grammar, there's a ton of small ones which need to be determined. like a standard set of fidelity options for XMPP. the spec is not a small job.

  201. Arc

    https://www.w3.org/TR/exi/#fidelityOptions

  202. Zash

    Schemas being non-normative is also fun I imagine

  203. dwd

    Guus, https://twitter.com/DwdDave/status/1205426678639579136 - I'm desperately trying to find some positive outcomes.

  204. Arc

    Zash: yea. well that's also the difference between schema and grammar :-) schema informs grammar, but grammar is the actual bytestream format

  205. Arc

    schema cannot, by itself, construct a grammar. grammar is weighted, so unless you have some very cool code monitoring a connection and creating an optimized grammar for you, a human will actually write the grammar based on the schema

  206. Arc

    https://www.w3.org/TR/exi/#grammars

  207. Guus

    Arc fwiw, my preferred way of working would be to _first_ come up with a proposal on how to get EXI in XMPP realized, with estimated effort requirements, budgets, etc, before digging into the actual implementation details. My goal would be to first secure funding.

  208. Guus

    Or: have the information needed to secure funding.

  209. Arc

    you have a sponsor in mind to fund such work? :-)

  210. Guus

    Two.

  211. Guus

    but neither will bite without a proper plan.

  212. Arc

    that's excellent. I can't get companies here, even those already using XMPP, to bite.

  213. Guus

    Things should ideally be as concrete as: for this amount of money, you get this feature.

  214. Arc

    *nod*

  215. Guus

    So, how do we get to there?

  216. Guus

    (assuming we want to spend effort on this)

  217. Arc

    well ive got 5+ years implementation experience on EXI but I'm not a working group.

  218. Guus

    What would you need from a working group?

  219. Arc

    2 other people willing to invest the brain space to understand this 96 page technical document

  220. Guus

    (we can ask Board to make you a Working Group, but I'm sensing that that's not what you're after πŸ˜› )

  221. Arc

    its not the official-ness of the group im concerned with, its the brains.

  222. Guus

    Yeah, that's what I was trying to get at.

  223. Guus

    any takers?

  224. Guus eyes room

  225. Guus

    it's less than 100 pages people!

  226. Guus ducks.

  227. Arc

    I'm happy to help people get up to speed. and honestly most of it is just a few pages in the EXI header specs, and understanding the grammar

  228. dwd

    I'm not sure I can commit to working hihg-intensity on this.

  229. Arc

    there's also this super cute (and not terribly useful) primer https://www.w3.org/TR/exi-primer/

  230. Guus

    I personally won't commit unless I can find funding for it.

  231. Arc

    yea ive been without funding on this for all this time. I've met with a few companies and received some useful feedback but everyone just wants it for free.

  232. Arc

    though I learned Google has their own internal implementation written in Go

  233. Guus

    I admire you for doing that. It's not an investment I'd want to make myself.

  234. Arc

    apparently they already use it for push notifications?

  235. Arc

    I'm working on the premise of future marketability for libexi, given there's really nothing like it in existence. AGPL license it, and offer commercial LGPL-like exceptions, akin to wolfssl

  236. Guus

    Do you want to drive an effort to find people for an XSF work team for this, Arc ?

  237. Arc

    yea but it might be from people not currently in the XSF

  238. dwd

    Arc, Sounds even better.

  239. Arc

    we dont have a ton of java people and that's really where we need. i'm absolutely not a java person

  240. Guus

    XSF Bylaws: "Participation in Teams shall be limited to elected Members of the Corporation."

  241. Guus

    <-- java

  242. Arc

    Q1 2020 membership page is open

  243. dwd

    Right, Guus is the most Java person I know.

  244. dwd

    Guus, You work around this by having a Work Team preside over a Special Interest Group, the latter being open to anyone.

  245. dwd

    Guus, Then the WOrk Team is basically devoted to getting people to understand and work with the process.

  246. Guus

    You like burning hoops and making people jump through them, don't you?

  247. Guus

    but, whatever. We will find some kind of venue to discuss this, one way or the other.

  248. Arc

    Guus: well since you're a java person :-) :-) :-)

  249. Guus

    Arc I'll be as clear / blunt as Dutchies are known for: I'm definitely interested, but won't commit large amounts of effort without funding. If it boils down to doing this, or paid work, I'll go for paid work. I'm totally open to put in time to come up with data that can be used to secure funding.

  250. Arc

    I'm in the same state. Rent needs to be paid.

  251. Guus

    Hence my preferred order of things: first, do only what's needed to come up with budget estimates.

  252. Guus

    It would be awesome of others want to work under less strict conditions, but I personally choose not to.

  253. Arc

    certainly. libexi is something I've considered a hobby for now, and will continue to.

  254. Guus

    My problem is that I don't even have a grasp of the amount of effort that's required to get this to even a prototype state.

  255. Arc

    are you talking a spec or working code?

  256. Guus

    working code. My customers are unlikely to be interested in just a spec.

  257. Guus

    "for x amount of USD, you get EXI benefit A, B and C"

  258. Guus

    I'm not sure if that's the best first goal for us to work on, but I feel that that'd give me something I can use to try and secure funding.

  259. Arc

    the spec is going to end up being 20-30 pages. some working code in Java using an existing Java libraries? once the spec is done.. I don't imagine that being very long.

  260. Guus

    If others have another approach, I'd love to hear about that. I'm just winging it here.

  261. Arc

    from my side, a lot of my work has been in not just implementing EXI but using grammar to generate source code, and breaking the code up such that you can compile it with different options removed to save space

  262. Arc

    but thats all rust/C

  263. Arc

    and splatterings of assembly

  264. Guus

    😱

  265. Arc

    mozilla just recently declined sponsoring the work which would have gone into Servo. :-l but they made sure to jab the knife in my gut with the typical line "if you release it in an MPL compatible license we'd be happy to support it in Servo"

  266. Guus

    yeah, I bet they would.

  267. Guus

    I've tried to boil down what I'd like to know, before formulating a question to my customers. It's stupidly simple, but I find that that often helps coming up with concrete plans: https://etherpad.net/p/exi

  268. Guus

    I'd like that to be filled out.

  269. Arc

    at least they didn't drag me along with a job interview like a few companies have before telling me how they'll "love to support me by using my freely licensed software". one company asked for an hour presentation for their protocol team on EXI as part of the "interview" before telling me they'll join my "cause" if I change the license to permissive.

  270. Guus

    But I lack the knowledge to do that myself. Is this somethign we could work on?

  271. Arc

    I could contribute to it.

  272. Arc

    you want to find a Java EXI library and run some performance tests on it?

  273. Arc

    I know basic network performance for XMPP

  274. Arc

    I know that you *wont* get the 40x gains that I'm seeing from Java but you'll likely get 20x speed gains

  275. Arc

    the speed gains are largely the CPU cost of a string comparison. W3C did their own but I don't know what software they based it on, failing anything else you could grab some graphics from the EXI primer

  276. Arc

    er https://www.w3.org/TR/exi-measurements/

  277. Guus

    I'm updating that etherpad with the rough estimates that you have. I don't intend to send what is typed there verbatim. I'm fine with rough outlines, for now

  278. Arc

    outside IoT yea those speedups are the largest perk. especially on the server side.

  279. Guus

    those would be speedups in XML parsing right?

  280. Arc

    bandwidth and CPU cost money. saving bandwidth and CPU saves money.

  281. Guus

    what about bandwidth savings?

  282. Arc

    both parsing and creation, but yes. both sides

  283. Arc

    it depends on the data in all cases. IoT with float and int data obviously gets the best gains.

  284. Guus

    regular chat

  285. Guus

    ballpark it

  286. Zash

    "funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine?

  287. Daniel

    > "funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine? Probably. But CPU isn't our bottle neck at the moment

  288. Arc

    regular chat? you'll be using byte packed mode without the precompression option, qname tables under 250 in size, so "message" would be 1 byte, "from" is one byte. "to" is one byte. the JIDs would likely be one byte each. so SE-"Message" AT="from" "guus@yourhost.isgreat" AT="to" "arc@myhost.islong" ...message... EE would be around 60 bytes to around 6 bytes. so the message stanza overhead would be only around 10%

  289. Arc

    CPU processing speed, well see the measurements for the various java tools

  290. Arc

    with byte packed, you can assume that the qname for each element and attribute is 1 byte. and the string table for JIDs are 1 byte too. extra attributes like id= will add to the cost. and unique strings... if memory serves you can set the value for some attributes to not be cached since they're unique or not commonly reused. so the length of the id= attribute would be unchanged

  291. Guus

    right, but 'regular chat' traffic also includes a bunch of IQ and Presence stanzas. I'm thinking that most of the data would be pretty dictionairy-able, with the exception of the chat message texts?

  292. Arc

    exactly.

  293. Arc

    that's why i said overhead :-)

  294. Guus

    average stanza character count in my MAM archive appears to be 185

  295. Arc

    ok and whats the average body length for those message stanzas?

  296. Arc

    i mean i forgot the id= and the body element, so you have SE-"body", etc. but ballpark its a huge bandwidth saving

  297. Guus

    average body char count is 64

  298. Guus

    note that I'm doing stupid SQL queries on a bucket load of crappy data

  299. larma

    And even if CPU isn't a bottleneck right now, saving on CPU is a great thing, because it reduces energy consumption on portable devices

  300. Guus

    so, what's the huge ballpark saving? πŸ™‚

  301. Arc

    so average message header is 121, and we can reasonably say that can be represented in under 12 bytes.

  302. Arc

    so the message header would be 10x smaller. or the entirety of the message about 40% smaller.

  303. Arc

    but iq and presence nodes would reduce that further

  304. Arc

    ive never worked with that server but my own experience says that you should be able to double the number of stanzas routed per second. and thats exceedingly conservative

  305. Arc

    its likely closer to 10x

  306. Guus

    assuming that parsing is the bottleneck

  307. dwd

    Parsing is almost always the bottleneck.

  308. Arc

    yea you can't control things like disk or network. but parsing, most notably string matching, is usually the bottleneck

  309. Arc

    JIDs are being passed with a specific ID# instead of a string, so if done well you can optimize the crap out of that.

  310. Arc

    but even ignoring JIDs you've got the qnames. and that's a big part of it too

  311. Zash

    Isn't that a security problem?

  312. Arc

    not really, the JIDs to ID# is per connection only. they're just cached.

  313. Guus

    Cool. Updated my EXI-budget-for-Dummies at https://etherpad.net/p/exi

  314. Guus

    What work do we need to do for this?

  315. Arc

    https://www.w3.org/TR/exi/#encodingOptimizedForMisses details it but very basically, the first time "zash@ishome" is sent its cached at a specific lookup ID, and then that ID is used on that specific stream

  316. Arc

    you already have java libraries implementing EXI so your work is much simpler. most of the time will be on the XEP.

  317. Guus

    we'd probably want at least one client library too

  318. Guus

    Smack is Java...

  319. Arc

    sure. smack sounds good. ideally with a different library.

  320. Arc

    there's a few javascript libraries too

  321. Arc

    last I looked they all implement only the core functionality and you need to provide the grammar as a file

  322. Arc

    ((that's fine for a client))

  323. Arc

    i mean, for the client you shouldnt even need a library. you can hardcode values.

  324. Guus

    (note that I'm basing this very specific though experiment on implementations that I'm familiar with - I'm not trying to hijack this for my implementations at all, even if it starts to look like that now)

  325. Arc

    no you're fine. by no means would i want to intermangle my work into this

  326. Guus

    I'm also looking around the room

  327. Arc

    i made the mistake of leaking the source for libexi a few years ago and I still get email in korean asking for support

  328. Guus

    is EXI suitable for federation?

  329. Guus

    client A -> server A -> server B -> client B ... even if client A and B share a vocabulary, servers A and B might not share the same?

  330. Arc

    S2S? absolutely. with a very broad grammar and without "strict" so that grammar can grow

  331. Guus

    what's the implication of 'strict' exactly? More performance?

  332. Arc

    non-strict... in XMPP terms, say you have four options for the scope inside <stream:stream>; <message>, <iq>, <presence>, and </stream:stream> - right?

  333. Arc

    strict would encode that as 4 options, or when bitpacked 2 bits

  334. Arc

    non-strict would encode that as 5 options with the final option being "something I didn't expect"

  335. Guus

    right, so, performance.

  336. Guus

    you want strict where possible, because it compresses better.

  337. Guus

    I need to be paying attention to other stuff shortly.

  338. Arc

    yes, minorly for bandwidth, more for CPU.

  339. Arc

    its 3:30am here so I really need to be doing other stuff shortly. ie, becoming unconsciousness and hopefully hallucinating vividly

  340. Guus

    Right. I like having been able to come up with the roughest of sketches.

  341. Guus

    Let's see if we can build on this later.

  342. Arc

    sure.

  343. Arc

    feels like progress though, that's really great :-)

  344. Guus

    agreed

  345. Guus

    ok, thanks!

  346. Guus

    I'll grab some lunch and get other stuff done

  347. Guus

    sleep tight!

  348. Arc

    I was just re-reading https://www.w3.org/TR/exi-primer/#encoding and its actually .. a lot better than I remember.

  349. Arc

    i mean, wall of text is intimidating but if you walk through it and compare to the binary below its very informative, if cumbersome

  350. Arc

    but yea, g'night

  351. pep.

    "Arc> oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust" < We have no funding, but there's xmpp-rs (xmpp:chat@xmpp.rs?join), You might be able to reuse bits and pieces, and otherwise we'd be happy to have a use-case (and people contributing)

  352. pep.

    I don't think there's many more people working on Rust publicly atm, it'd be a shame to split already.

  353. pep.

    dwd, ^

  354. dwd

    I wasn't suggesting a split. Just noting I wasn't sure there was an existing standout library.

  355. pep.

    Not that it's really usable yet but we'd like to get funding for it so we can spend more time

  356. dwd

    "I’m not immediately sure that what I was saying didn’t make sense." - thanks, Kev, for making that clear...

  357. Guus

    You mean: "thanks, Kev, for not making that unclear"

  358. dwd

    Guus, It'd be wrong to say I'm not certain that wouldn't have been worse.

  359. Guus

    I agree.

  360. Kev

    You're welcome.

  361. Guus

    (I just guessed a response)

  362. jonas’

    Failed to parse sentence: resource limit exceeded while processing negations.

  363. Kev

    Everyone does like to pick on my English :p

  364. Guus

    In fairness, your Hungarian is worse.

  365. Guus

    (again, guessing)

  366. Kev

    It's not impossible.

  367. dwd

    Guus, My Hungarian used to be pretty good, but these days I just use simpler vairable names and a better IDE.

  368. Kev

    dwd: I think you're actually saying in that thread that the IETF now has 4 stages, which is roughly what I'm proposing for the XSF (modelled on Flo's suggestion).

  369. Kev

    That is, I'm suggesting we have Individual I-Ds, which are numberless.

  370. dwd

    Kev, No, the IETF dropped a stage. It did have 4 indeed.

  371. Kev

    And the acceptance for /those/ could be mechanical.

  372. Kev

    It had five, now it has four, no? If you count Individual and WG as distinct.

  373. Daniel

    > That is, I'm suggesting we have Individual I-Ds, which are numberless. I was going to suggest that after what dwd wrote

  374. dwd

    Yes, that's fair.

  375. Kev

    So we could have an entirely mechanical numberless stage that gets it published and under IPR.

  376. Kev

    More or less inbox-plus.

  377. dwd

    FWIW, I'd be fine with having those numbered. Although given that people get excited that we have lots of XEPs, there's that risk.

  378. Kev

    Experimental becomes roughly what it is (effectively) now, which is that it's a direction Council wants to see investigated.

  379. Daniel

    Versioned inbox

  380. Kev

    dwd: I think the numbers are part of the problem.

  381. Kev

    dwd: I think "It's been published and assigned a number" is what makes the issue with accepting knowing it needs significant changes.

  382. pep.

    I really need to catchup on standards@

  383. Kev

    By having the first stage be "It doesn't have a number yet", it makes the risk of it being published and then people saying "Well, it's been standardised, it can't be changed" much lower, I think.

  384. Kev

    1) Published without number. Anything goes, mechanical acceptance (maybe with a check that it's not just "Screw the Establishment" 5000 times or something, but anything goes. 2) Experimental. Anything goes quality-wise, but confirmation it's a direction the Council think should be investigated. 3) Draft as-is (but maybe a lower barrier) 4) Final as-is (but...)

  385. Kev

    Which is actually not a million miles away from how the IETF works, by my understanding. Not strictly equivalent, but it has similar properties.

  386. Kev

    And yes, Daniel, it is very similar to the inbox, in as much as there's no comment on quality, just that it's for future consideration.

  387. Daniel

    > "Well, it's been standardised, it can't be changed" much lower, I think. I think the argument usually goes: we had to implemt something that wasn't ready and ship it because the users were asking for this feature and we couldn't wait five years and now we kinda have to consider dealing with legacy

  388. Daniel

    I think those considerations are independent of numbers or stage names

  389. Kev

    Which I do think is important. I don't think another stage of Council review and etc. is going to add anything.

  390. Kev

    Daniel: I boldy assert that I've heard both types of claims.

  391. Kev

    Nothing we do about versioning or numbering or stages will effect changes in "I had to deploy something now, so I did a thing". But the other side we can do something about.

  392. Zash

    Hiw do you get the process to handle that?

  393. Kev

    Zash: I think the first stage helps with that. You can get it published but not advanced to Experimental, and thus not yet have a number assigned, and still be called Proto-XEP.

  394. dwd

    So what does "Experimental" mean, and what would be the guidance to Council?

  395. Zash

    Won't stop people from deploying and causing the same problem?

  396. Kev

    "Council considers this is an appropriate direction to be directing investigation" or something.

  397. Kev

    So when Council sees a spec and says "This is a problem that needs solving, but this isn't the appropriate way to do it", they can hold it in (1) for a while. It's still been published, it's still versioned, it's still IPRd.

  398. Zash

    I-Ds get deployed and entrenched if people need and implement them

  399. Kev

    Zash: Yes, as I said, you can't effect any change in "I had to do a thing so I did a thing".

  400. Kev

    Zash: You can address "This is now a standard, everyone should be implementing it", I hope.

  401. Kev

    So Reactions would have been able to be published by now, even though it needs to be framed in terms of a common approach (e.g. Fastening), it just wouldn't be Experimental yet.

  402. Kev

    Fastening might or might not have reached Experimental (I think the direction is right, FWIW, but that might not be clear enough, who knows).

  403. Kev

    Several of the things (IM2?) I've pushed out full of TODOs because we needed something published for discussion etc. would have stayed out of Experimental, at least for a while.

  404. Kev

    I'm not suggesting, FWIW, raising the barrier of Experimental to "This must be implementable and interoperable from the spec as-written". I think it's a good aim for all specs, but I think it's probably fine to leave some hand-waving in places.

  405. MattJ

    I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out"

  406. MattJ

    and then sitting there for years

  407. Daniel

    > I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out" Yes. People at the very least need to be able to write prototype implementations

  408. MattJ

    Interoperable ones, at that

  409. Kev

    As above, I'm not convinced that Experimental needs to be entirely baked to the point that interop is guaranteed. I think it's fine for it to be genuinely an Experiment with questions that still need answering.

  410. Kev

    I'd like to introduce a new stage at the low end, not to life the existing stages.

  411. Daniel

    > I'd like to introduce a new stage at the low end, not to life the existing stages. We can do both. Introduce something at the low end end slightly raise the barrier for experimental (from what is described in xep1) to something which we are kinda doing now already

  412. Daniel

    I think introducing super-inbox also lowers the pressure of trying to become experimental

  413. Kev

    I think that last point is very desirable.

  414. Kev

    I would like to still see Experimental able to hold experiments that don't have all the answers. I think requiring it to be fully baked before Experimental wouldn't be the best choice. But I think allowing *everything* relevant to be published seems very desirable.

  415. Kev

    There is then no inbox, essentially. ProtoXEP is a stage in the process, rather than a colloquialism.

  416. Kev

    We might still choose to have them stored in the inbox/ path on the site, for various reasons, but it's a Real Thing rather than just somewhere for Council to look at things on their way to Experimental.

  417. Kev

    (And we could do all this without even formally changing our process, although I suggest it would be a good idea to do so)

  418. pep.

    Daniel, I'm going to be the one picking on details as usual but "stable it has to be stable." doesn't mean much. The XSF would also need to define their version of "stable".

  419. pep.

    (reading the thread)

  420. Zash

    Things might change anyways

  421. pep.

    will.

  422. Daniel

    Ultimately the decision on how much leftover TODOs are OK will still be acceptable. But if experimental becomes (as it de-facto has been for a while now) a 'only thing that council agrees is a good direction' and not 'everything goes' as xep1 spells it out to be I think I want more formal readiness (meaning not _just_ TODOs)

  423. pep.

    To me this thread and discussions scream "People are afraid of change"

  424. pep.

    Introducing or removing a stage won't change this I believe

  425. Daniel

    Otherwise it sends a weird message when xeps that "some random people on the internet don't agree with" become accepted and on the other hand we have xeps that are really just stubs someone wrote in 20 minutes

  426. pep.

    Final is never final. Another XEP someday will come to replace it

  427. pep.

    (And to me it's exactly the same as changing that Final XEP in the first place..)

  428. Daniel

    Otherwise it sends a weird message when xeps that "some random people on the internet don't agree with" don't get accepted and on the other hand we have xeps that are really just stubs someone wrote in 20 minutes

  429. Kev

    Daniel: To be clear, I'm not suggesting that Experimental should be a stub. Just that it doesn't have to be complete. I have certainly published XEPs to Experimental with my name on that I would not have needed to be Experimental if we had the ProtoXEP stage.

  430. Kev

    I'm also fine for Experimental to remain a judgement call of Council.

  431. Kev

    And I'm also fine with trying to update XEP1 to describe Experimental as it is being used currently, rather than necessarily what it suggests, if it suggests otherwise.

  432. Kev

    And then Peter appears for an informed opinion :)

  433. Arc

    pep.: I looked at xmpp-rs but is it asyncio?

  434. pep.

    "which one", atm it's using tokio behind, we started having a look at async-std. tokio 0.2 uses the keywords fwiw

  435. Arc

    yea I was looking at the tokio one

  436. Arc

    this is for playerd and therefore two basic requirements; async and good pubsub support

  437. pep.

    What's playerd?

  438. pep.

    "good pubsub support" is not there at all. (We barely have messages in that high-level API), but I'd happily work on that :)

  439. Arc

    in short playerd is intended to provide game console '-like player management cross-platform; ie, input->player mapping, user profiles, and the basic XMPP-IM functionality like friends lists and chat

  440. Arc

    imagine on any game console what happens when you press the system button on a controller

  441. pep.

    I see

  442. Arc

    most games don't support this on any non-console platform. even on Steam (which has the best of this right now) when you load a game with two players you end up having to physically swap controllers when the game opens and you discover you have them backwards

  443. Arc

    btw we have a whole new group of teenagers discovering the joys of XMPP right now

  444. pep.

    we?

  445. Arc

    copyleft games

  446. Arc

    gci@chat.copyleftgames.org MUC

  447. dwd

    Arc, This library able to be used in commercial games, or only GPL?

  448. pep.

    Pidgin is so much fail :x

  449. Arc

    dwd: playerd is intended to be permissive

  450. Arc

    the code itself is AGPL right now though. the intention is to put a LGPL-like exception on it to allow it to be used by non-copyleft games

  451. dwd

    Arc, Cool. I've heard some rumblings that Epic and others are struggling with XMPP, but perhaps some demonstrations that it has broader utility might help.

  452. Arc

    valve reached out to us about playerd a bit ago too for the same reason, which gave me some hope that steam could broaden their xmpp support

  453. dwd

    Arc, Does Steam use XMPP at all?

  454. pep.

    That's what I understand from this sentence :x

  455. Arc

    from what little I could gleam (since the valve person was under NDA that I didn't sign) they have XMPP at some place internally but currently expose some "Steamworks IM" protocol to games, and there's a lot of pressure from gamedevs to use XMPP instead, so that led them to look into offering an alternative protocol

  456. dwd

    Oh, interesting. Perhaps Board could try to get into contact and see what we could offer?

  457. pep.

    What can the XSF offer at all? "Hey we can propose you more protocols!" :)

  458. dwd

    I don't know, but some contact might answer that question.

  459. Arc

    they dont need more protocols :-)

  460. Arc

    playerd uses common sense stuff

  461. Zash

    which XEP is that;

  462. Arc

    for playerd? I haven't submitted one

  463. Arc

    btw do we have a XEP for Oauth2 SASL negotiation?

  464. Arc

    as in RFC 7628 as applied to XMPP? even a best practices one?

  465. Arc

    XMPP is referred to in the RFC

  466. Arc

    but the RFC more or less starts after you have the bearer token. it doesn't really dig deep into how XMPP clients get that token

  467. Zash

    I also seem to miss how that's supposed to work.

  468. Arc

    oauth2 is a pretty big spec and covers use cases like keyboard-less UI.

  469. Arc

    consider a teen with the tech savy of the average iphone user, sitting down with a game controller and wants to "log in. oauth2 supports this, but its not very obvious how the xmpp client would.

  470. Zash

    I kinda get the impression that OAuth only works if you're web-based.

  471. Arc

    ideally they'll get a short URL plus a qr code on the screen to access on their phone to log in via phone-based web browser, or any other browser

  472. Arc

    nope. it works in all cases - and that's my point

  473. Arc

    you can log your smart fridge in with no form of input at all

  474. Arc

    fridge would just give you a URL to access to log it in

  475. Arc

    like, "Go to HTTPS://AUTH.GE.COM/H8C0 to login" with an all-caps qrcode (all caps qrcodes use fewer bits to encode so easier bigger squares, easier to scan)

  476. Arc

    the fridge keeps accessing a https url and receives a authorization_pending error response over and over until you actually log it in. and if you take very long the server will send a "expired_token" error, in which case the fridge will have to start over often with a new URL.

  477. Arc

    but once you login on your phone or laptop or whatever, the fridge will get a response containing the bearer token that it can use to actually login

  478. Arc

    usually the server will wait a few seconds on each request before sending the authorization_pending error, so that the exact moment the login is completed the fridge can be sent the bearer token. in production there's virtually no delay at all.

  479. Arc

    desktop XMPP clients can do the same; you just launch a web browser on the url instead of showing it to them on a screen. you don't need a response from the browser.

  480. Zash

    "just launch a web browser" :(

  481. Arc

    desktop client runs "browser-open" command with url "https://login.google.com/bla". it doesn't need to get anything back from the browser

  482. Arc

    there's a standard way to open a URL via default browser on every modern OS

  483. jonas’

    so, yes, web-only

  484. Arc

    web-only for login yes. but not for web XMPP clients only

  485. Arc

    here's two lines of Python code to do this from every OS: import webbrowser webbrowser.open(oauth2_url)

  486. Arc

    it will return True.

  487. Arc

    seriously the whole client handshake is maybe 30 lines of python, tops. my point being is if you're not versed in oauth2 this is very non-obvious so a XEP would be useful. IMHO every XMPP client should be using bearer tokens for account security. for account security every XMPP server should only accept oauth2 bearer tokens.

  488. Zash

    But, requiring a web browser, I don't want that

  489. Zash

    Assume that I explode if I have to evaluate JavaScript. How do I OAuth?

  490. Guus

    Preferably at a safe distance from other combustibles.

  491. larma

    Zash, I don't think there is a reason why OAuth would require JavaScript (beside most implementations certainly will)

  492. Arc

    Zash: OAuth is a web api. but its completely conceivable, if you write your own oauth2 web client, to use a simple HTTPS form. oauth2 can be implemented entirely server-side

  493. Arc

    or better yet write it in rust and compile to wasm

  494. Arc

    without a web browser at all is hard since oauth2 is a standardized web api

  495. Ge0rG

    I didn't know that browsers are the only operating system for APIs

  496. Arc

    Ge0rG: lets be real, in the real world 95%+ of software devs are web developers and we're <<looks at the XSF membership>> far too few to write everything. But web devs are limited, and thankfully still need us or we'd all be unemployable.

  497. Arc

    the only reason these companies approach us is because some web developer sent them our way. in literally every case.

  498. Arc

    when I get an email from taiwan about working on a smart appliance its because their web devs have already tried and failed. they're hiring a "specialist" because that's what we've all become. and they've already developed the web-side

  499. Arc

    the most extreme case you'll get consensus from their inhouse webdevs is to use an existing web standard

  500. Arc

    half the products I get to work on are running NodeMCU (ESP8266) and they already tried and failed to run the whole appliance on javascript using web apis.

  501. Arc

    ... and that's why a vast majority of IoT is running stupid JSON-based web apis

  502. Arc

    and it doesn't even matter because its for a single production run. the company exists only that long. they sell 100k of a product with a $40 margin over cost to manufacture, the 4 million pays the employees and investors, and poof they're gone with no continued support.

  503. Arc

    the developers working for these companies have a strictly disposible attitude.

  504. Arc

    they don't care about standards. the only reason they use standards is to shorten their development cycle. they don't care about license compliance. if we're super lucky they toss their code over the wall on github to bitrot.

  505. pep.

    Great pitch for all these new students that want to get into programming.

  506. pep.

    I would have gone farming right away if I had known

  507. Arc

    lol well :-)

  508. Arc

    my point is standards are only useful if people use them, we need to make XMPP accessible to web devs because they control the code that goes into products, and they also control who gets funded.