I'd hope if you don't enforce your copyright for 20 years while the product gains widespread adoption you don't get to swoop in and take it, but who knows
mukt2has left
mukt2has joined
krauqhas left
kokonoehas left
krauqhas joined
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
adiaholichas joined
pdurbinhas joined
Arc
well that didnt stop them from arresting the lead two developers
Arc
I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of
mr.fister
moparisthebest: that's the copyright law, destructive by design
Arc
but for a company that considers working on other FOSS projects to be a conflict of interest, I don't feel bad for them.
Arc
if they were good actors in the community I'd be happy to come to their defense
!XSF_Martinhas left
!XSF_Martinhas joined
pdurbinhas left
Arc
they were literally the last company I interviewed for in SF.
Zashhas left
Arc
the first interview was great. sure there were accent barriers but it seemed like a great fit. and then being introduced to their CEO who turned out to be a former rugby teammate from washington DC
Zashhas joined
mukt2has left
Arc
and that amazing high turned 180 when the CEO told me, point blank, that I'd have to resign from working on other FOSS projects while working for them because it'd be considered a conflict of interest ---
kokonoehas joined
archas left
archas joined
!XSF_Martinhas left
mimi89999has left
mimi89999has joined
moparisthebest
Actually I'd heard you tell that story before so I didn't feel sorry for them either
moparisthebest
I was asking for more selfish reasons, like, can I keep using nginx :)
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
mukt2has joined
Danielhas left
Danielhas joined
!XSF_Martinhas joined
mr.fister
moparisthebest: you'll know it only after a while, the rambler group states that "any usage of nginx without their personal permission is violation of copyright law" or something like that
waqashas left
mukt2has left
!XSF_Martinhas left
UṣLhas left
Shellhas left
mukt2has joined
!XSF_Martinhas joined
calvinhas left
calvinhas joined
mukt2has left
adiaholichas left
adiaholichas joined
andrey.ghas joined
karoshihas joined
mukt2has joined
krauqhas left
Zashhas left
krauqhas joined
calvinhas left
!XSF_Martinhas left
!XSF_Martinhas joined
matkorhas left
matkorhas joined
pdurbinhas joined
kokonoehas left
kokonoehas joined
pdurbinhas left
!XSF_Martinhas left
!XSF_Martinhas joined
mukt2has left
!XSF_Martinhas left
!XSF_Martinhas joined
Danielhas left
Danielhas joined
ralphmhas left
ralphmhas joined
Nekithas joined
Yagizahas joined
mukt2has joined
!XSF_Martinhas left
!XSF_Martinhas joined
ralphmhas left
ralphmhas joined
!XSF_Martinhas left
!XSF_Martinhas joined
stpeterhas left
andyhas joined
karoshihas left
andyhas left
andyhas joined
neshtaxmpphas joined
lorddavidiiihas joined
mukt2has left
stpeterhas joined
pdurbinhas joined
stpeterhas left
kokonoehas left
adiaholichas left
adiaholichas joined
pdurbinhas left
mr.fisterhas left
wurstsalathas joined
Douglas Terabytehas left
paulhas joined
DebXWoodyhas left
stpeterhas joined
kokonoehas joined
DebXWoodyhas joined
pdurbinhas joined
stpeterhas left
Douglas Terabytehas joined
pdurbinhas left
LNJhas joined
!XSF_Martinhas left
Daniel
> I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of
Arc: it's Russia
stpeterhas joined
neshtaxmpphas left
stpeterhas left
!XSF_Martinhas joined
mukt2has joined
LNJhas left
mukt2has left
sonnyhas joined
kokonoehas left
kokonoehas joined
archas left
archas joined
Arc
certainly its Russia. :-)
moparisthebesthas left
rionhas joined
Tobiashas joined
karoshihas joined
Arc
I don't expect their former employer will win. But the drama will likely drag out for some time, especially influence their current round of VC funding, and will hurt their user base
!XSF_Martinhas left
!XSF_Martinhas joined
matkorhas left
matkorhas joined
UṣLhas joined
SpaceFreak aka Tracerhas joined
sonnyhas left
adiaholichas left
Arc
its like Michael Holdmann trying to patent parts of XMPP and then use those patents as collateral for VC loans. Its nasty behavior that can only hurt the community when his business fails and those patents get sold to a patent troll
adiaholichas joined
Arc
if NGINX Inc never existed, if nginx remained a FOSS project, or tried to commercialize without VC funding or trying to turn themselves into a FOSS-toxic tech startup, we wouldn't be where we are now. but now that they have, the VC money they've pocketed makes them an easy target for copyright trolls.
sjaakhas left
sjaakhas joined
SpaceFreak aka Tracerhas left
!XSF_Martinhas left
!XSF_Martinhas joined
mathijshas left
mathijshas joined
sonnyhas joined
SpaceFreak aka Tracerhas joined
krauqhas left
krauqhas joined
dwd
I think I'm broadly in agreement with lovetox here. I think Kev's proposal on list goes some way to addressing these concerns, and we'll work on a concrete proposal in this space next week.
nyco: XEP 0322 needs some serious work or should be killed. its in a non-starter state because it was written by someone with only the most cursory experience with EXI
nyco
yep, maybe we should reboot the IoT stuff
Arc
i dont expect to see any forward movement from that from the xmpp council because EXI is very much not simple
Arc
grammar distribution and negotiation needs to be solved.
Arc
and yes while grammar unaware mode is available, and could be used, it would dramatically increase the software size for embedded devices and thus make it not feasible for some iot cases
Arc
I think I might be the only current XSF member with any experience working with EXI and that would need to change to move forward with it
nyco
there is some more members with EXI experience, not judging on how much
Arc
who?
nyco
yeah, indeed, EXI may not be the way to go
nyco
Arc MongooseIM guys
nyco
at least
adiaholichas joined
Arc
ive never gotten that impression
Daniel
On the topic of exi. I was in a meeting yesterday in which we essentially decided to reinvent exi because exi itself was deemed to complicated
pdurbinhas joined
Daniel
But we do a strong need for 'something like exi'
Arc
its not too complicated, its poorly documented.
Arc
EXI itself is incredibly simple
Daniel
Meaning compression with predefined dictionary
Arc
the string dictionary?
Daniel
A xml tag name namespace tuples dictionary
Daniel
So yes, I guess
Arc
yea so that's really simple. too simple.
Arc
the only place so far I've had EXI completely fail is SVG
Arc
but the problem with the way its documented is it feels ass backwards. we tend to view XML from a data -> in perspective, because that's the way virtually every piece of software is written
betahas left
betahas joined
Arc
its best to view EXI from the viewpoint of the data consumer; typically from the viewpoint of that critical piece of code that does a string compare to match it with code to be executed when a certain element is found
Arc
in XMPP code, that means the stanza router
mathijshas left
mathijshas joined
Arc
somewhere in virtually every piece of XMPP software I've ever seen is a string compare routing an incoming stanza for message, iq, presence, or various stream errors/etc.
Zashhas joined
Arc
in EXI you always have the grammar - whether its schema informed strict (whereas grammar is fixed), schema informed non-strict (whereas grammar can be extended), or schema uninformed (whereas the grammar is constructed as needed).
dwd
Arc, But string compares only after parsing, right?
neshtaxmpphas joined
Daniel
I guess what I'm saying is that we have a need for some form of binary xml. But exi feels too much for us to tackle alone. (as opposed to just coming up with something new). But if someone else wants to colab on an exi 2.0 xep or something I might be able to convince my people to do that instead
Arc
dwd in traditional XML sure, string compares after layer 2 parsing.
dwd
Arc, But EXI prevents this?
Arc
in EXI you should only do string compare when parsing the grammar.
dwd
Arc, I think I need an example, I'm being stupid.
Arc
your parser isnt receiving the string "message" anymore. its receiving the integer 1 instead. the grammer determines how many integers there are at a given scope, and what those integers mean
Arc
ok. say we're in the scope of <stream:stream> and lets ignore stream management and stream:error etc; we have 4 possible options in xmpp; message, iq, presence, and </steam:stream>
Arc
EXI understands those as 0, 1, 2, and 3.
Arc
when in bit-packed mode EXI will represent those options with 2 bits. in other modes as one byte. but in parsing it doesn't matter
pdurbinhas left
Arc
on decompression you set a hook for message, iq, presence, and </stream:stream> like you always have. the difference is now you're not string comparing what the XML library is giving you. your code is being called on a switch block for 0, 1, 2, and 3 respectively. which is tremendously faster
Arc
for embedded IoT devices using strict schema-informed grammar you can hard code that so that 0 is always message, 1 is always iq, 2 is always presence, and 3 is always </stream:stream>
Arc
so you're decoding a <iq> element, in that scope there's be a fixed number of attributes and child elements that are understood by the grammar, and similarly each is represented by an integer. with strict schema-informed grammar those options will always be the same. so a byte 1 followed by a byte 2 may always be "<iq from="
stpeterhas joined
Arc
the only time a string compare should ever be needed is when transmitting grammar or grammar extensions for unexpected things that arrive, and then only once to see if your code has any clue what those things do.
kokonoehas left
LNJhas joined
Arc
after that you'll only use the integer for that thing, and you can record a pointer to what to execute what to do when that thing is read.
!XSF_Martinhas left
!XSF_Martinhas joined
Arc
the XMPP challenge for the XEP is for how the client informs the server what grammer to use. strictly "schema uninformed" would waste a lot of bandwidth and consequently battery power on the IoT device. ideally we would like the device to not have to transfer the grammer also to save power. eg it could come from the manufacturer
LNJhas left
Arc
there's two major problems with XEP 0322; first its relying on "compiling" a schema from a given set of schema files (schema informs grammar, but lacks any definition for the precise way to do this reliably across different libraries), and second its using arbitrary URLs to load the schema files from which is a pretty major security issue
Arc
clients should not be able to cause a server to automatically download HTTP URLs; that could be used as part of a DDoS attack, to anonymously transmit data via some web APIs, or worse
sjaakhas left
sjaakhas joined
marc_has left
Arc
when I first started looking at EXI 5+ years ago I thought strict grammar mode would be unusable in any real world case. but the more you work with it, the more it changes your way of seeing XML, and you start to see strict grammar as the obvious default. there's certainly cases for extensible grammar but in all seriousness, software is written to process what the software is written to process.
kokonoehas joined
Arc
that is to say: unless you're debugging or planning to save XML for other software to process, there's no reason to receive XML elements or attributes that the software is going to ignore anyway. its better for the server to silently drop that content instead of sending it to the client where it'll be ignored because there's the client doesn't know how to process it.
marc_has joined
stpeterhas left
mukt2has joined
Daniel
Fwiw I'd be fine with a potential exi 2.0 xep being only specified for strict
intosihas joined
Daniel
That might limit exi use to closed deployments but that's where it is needed the most
Arc
well one thing the XEP does right IMHO is the client dictates the grammar. so the client decides.
Arc
Ive been able to compile libexi for one specific small grammar in under 1k of rom. and that's the point of it for IoT.
Arc
but there's really little need to restrict what the server can support. any xmpp server should be able to support all the various modes. plus - even with strict grammar, the client still needs a way to inform the server what the grammar is.
Arc
when your IoT device is monitoring air pollution while attached to the top of a city bus with rare earth magnet and powered by a solar cell, or monitoring soil moisture in your garden with a single AA battery, the transmit power (plus amount of time the CPU is out of sleep mode) to send the grammar is simple too much.
Arc
to convince a lot of IoT companies to change to XMPP we need to meet or beat the power use of their current protocol. which in most cases will look pretty similar
dwd
So my use for EXI would be handling the crappy bandwidth one gets in hospitals. I don't think I'm anywhere close to XMPP being the bandwidth hog here, mind, but still. I don't understand how a schema-strict mode would work (or, at least, how it wouldn't violate the end-to-end principle and all that implies).
Arc
schema-strict mode would do the exact same thing that current text XML does, just in a different place. if your current client ignores data it doesn't want or need, the server would drop that data instead.
Arc
and really, for most extensions, its a best practice not to send data that the receiver hasn't asked for or specified support for
Guus
Hey, Arc!
Arc
hey Guus!
Guus
Longtime no see. How are you? (maaaybe I should've waited for whatever conversation was going on to finish, sorry 😉 )
dwd
Also, yes, it's great to see Arc back.
Arc
dwd but also for hospital IoT stuff, they likely have the memory and CPU for handling non-strict schema. for the strict schema, its mostly for tiniest of IoT devices.
Arc
thanks! :-)
dwd
Arc, We're not IoT, but yes.
Arc
yea so informed non-strict should be fine.
mimi89999has left
mukt2has left
Arc
there's absolutely an overhead for building grammar tables that may be extended. I have a device within arms reach of me right now that's running a 8-bit RISCV that it would be much more difficult to squeeze extensible tables into.
mimi89999has joined
Arc
(its not *really* 8-bit but that's another topic)
Ge0rG
Arc: would it make sense to have a grammar caching mechanism similar to entity caps?
Guus
Daniel My first gut reaction to trying to create a new something something that's EXI like but not EXI is https://xkcd.com/927/ - but knowing you, you've probably considered that. I'm interested in how a new approach is different in this way.
Ge0rG
The client transmits its grammar on first g connection, it's cached on the server, problem solved ✎
Ge0rG
The client transmits its grammar on first connection, it's cached on the server, problem solved ✏
Ge0rG
On the second connection, the client just sends the sha256 of the grammar, no need to retransmit
Ge0rG
When the client software is updated, the new hash isn't known to the server, it requests the new grammar
Ge0rG
The server side filtering to known elements would also be good for mobile clients, not just IoT
Guus
If I understand Arc correctly, then one of primary issues is that EXI is lacking proper documentation. How much effort would it take to get that fixed? Would we be able to find sponsoring for that, given the impact it could have on certain applications?
Ge0rG
We really need to position ourselves as The Solution for IoT
Arc
Guus: its not a lack of documentation, its that the docs are terrible and overly verbose, such that its really difficult for people approaching EXI to understand it.
Guus
(From what I'm reading just here, at least Arc, Daniel and Dave are dabbling in this field. Is there some corporate backing here?)
Ge0rG
Arc: you could write a book!
Arc
Ge0rG: that is exactly something I proposed a few years ago, and I now disagree with as an approach. the problem is you don't want to burden the client with that responsibility
Guus, We aren't dabbling at all. My guess would be that Kev (And Isode, more generally) would be more interested than us.
dwd
Guus, I'm just EXI-curious. :-)
Guus
haha
Guus
You're talking about the extremely low-bandwidth type of applications?✎
Ge0rG
Arc: you also said you don't want the grammar to be an external HTTP URL. What's your proposal?
SpaceFreak aka Tracerhas joined
Guus
You're talking about the extremely low-bandwidth type of applications that some of their customers are working with? ✏
Arc
Guus: not just low bandwidth, but low handware, low cpu, low ram, low battery power. my ultimate goal of EXI isn't to save bandwidth but vastly expand XMPP into the embedded market
Daniel
Guus: I was in fact coming from a "let's consider exi" position. Precisely not to reinvent the wheel and to have something that benefits the community. I think the feeling on the other side of the table was that "something like funxmpp" (essential hard coded, preshared lookup table of commonly used elements) is easier to grasp
dwd
Guus, Right. Most of our problems are with RTTs and unstable networks - these also apply to Isode's space. Bandwidth isn't great for us, but it's waaay better than some of Isode's cases. Our clients run on consumer smartphones, so we're absolutely not an IoT case.
Daniel
Than exi with its 3 modes of operations
Daniel
The fact that I don't know a lot about exi didn't help
Arc
Ge0rG: that's something to be discussed. I mean a specific XMPP extension for sending a grammar over XMPP would potentially be doable. that way it could never be used for an attack.
Guus
Daniel that's fair. But also kind of boils down to the documenation problem with EXI, right?
Daniel
But my hope was that starting a broader effort on the exi front might help me convince the other side
Daniel
Yeah. Also that there are virtually no libraries
Arc
ok sorry as soon as i wrote that last bit I realized how stupid that is. literally anything could be formed into an attack vector by someone determined enough. the local antifa group took down a hate group using craigslist ads.
Guus
Arc I understand. I was trying to describe to Dave the customers that I thought were interested in this, without naming names. I wasn't trying to describe all of EXI's benefit.
Daniel
I mean if exi was some plug and play thing that you just hook in between things it might be easier
Arc
Daniel: yes, and lack of software is absolutely a problem I want to address. libexi is my strategy for that but there's zero funding for it
Ge0rG
Arc: the alternative would be a common grammar file format and a central repository, which your server needs to pull from whenever you launch a new version client
Ge0rG
Arc: really, I don't see a viable alternative to xmpp based delivery for anything but closed deployments
Arc
Ge0rG: yea a "registry" could work.
Ge0rG
Arc: but server operators are lazy, and automatic push + pull with a central registry is even worse, security wise
Arc
that's something XSF could maintain
Guus
I'm probably the least qualified / experienced of people talking here right now, but from what I read here is that EXI has already had quite some work gone into it, but needs some work to be (re)usable (docs and libs). Feels like a shame to replace it with an easier-to-develop (but really, that rarely turns out to be the case) yet less re-usable XMPP-specific solution.
!XSF_Martinhas left
!XSF_Martinhas joined
dwd
Guus, I'll fight you for the least-qualified position. ANd probably lose.
Arc
Guus: yes and no. in Java-land EXI is extremely mature. in C-land, not so much. outside of Java there's simple nobody working on XML.
Guus
Would it be good to get some people together, and see what amount of resources would be needed to use EXI to get a real-world application, that we can pitch to customers.
Arc
there's known 0-days in libxml2 that could easily cost billions in damage and nobody working on it.
Guus
Arc well, we have several Java implementations, so that might be a good platform to do some prototyping in XMPP then.
Guus
If anything, that could lead to traction.
dwd
Arc, Presumably strict-schema mode in EXI would require stricter schemas (ie, entirely immutable schemas) than we have previously used in XMPP?
Arc
Google knows about them, so they wrote their own XML library in Go. and Mozilla wrote their own in Rust for servo, which is likely better
dwd
Arc, Or can we safely add further attributes with default values (for example) without having to ... recompile? ... the schemas for EXI?
Arc
dwd: strict grammar means that any unknown elements, attributes, etc be ignored.
Guus
(Which seems to be problematic for the "X" in XMPP?)
Arc
Guus: no, it does the same thing in most cases when an unknown element or attribute is received by software. the client you use now for example, if I sent <message ...> <helloworld/><body>hi</body></message> what would it do with the <helloworld/> ?
goffihas joined
Steve Killehas left
Guus
ignore
Arc
bingo.
dwd
Yes, I was thinking it's not a terrible thing, since it's how XMPP works itself.
Arc
it just ignores it on the server. another way of looking at EXI is, its as if part of the XML parsing gets moved to the server
Guus
but would EXI still pass along the data, which would then be parseble XML?
Arc
not if strict is sent.
Arc
its a bitflag in the EXI header
Steve Killehas joined
dwd
Arc, But the, erm, EXI schema definitions need to be the same on both server and client?
Guus
So, if Client A wants to send Client B some data that contains data not understood by the server, how'd that work?
Arc
dwd the grammar needs to be the same, yes. the schema informs the grammar.
Arc
Guus: if you send me a <message><helloworld/> and I'm connected to my server while specifying "strict" mode, then my server will drop <helloworld/>
Guus
If client A sends stuff not understood by the server, which drops data, client B is unlikely to receive that data?
Arc
here's what the EXI header looks like, which might be the most readable part of the whole specification
Arc
https://www.w3.org/TR/exi/#header
Guus
Isn't that wildly different as compared to regular XMPP? If a server receives something it doesn't recognize, it'll ignore it, but pass it along.
dwd
Guus, Exactly that. Which is why I say it conflicts with the end to end principle.
Arc
Guus: the client dictates what grammar to use, not the server.
Guus
if EXI doesn't do that...
Steve Killehas left
Kevhas left
!XSF_Martinhas left
!XSF_Martinhas joined
Guus
ah ok - so if the client is going to send something, it will (well, _can_) always inform (and thus configure) the receiving end in such a way that it can properly parse all data?
Arc
yes.
Guus
Right. And the receiving client will have configured the server in a similar way, so that it can be send all data that it'll be able to interpret.
Zash
So the server still needs to shuffle some generic XML representation internally?
Zash
Can an EXI client even send something not part of the schema/grammar?
Guus
(Can that grammar be re-negotiated? For example when new plugin gets dynamically loaded that introduces new goodies)
Arc
Zash: yes there's really no way around that because the clients, in most cases, will be speaking different grammars. and no the client cannot encode new things in strict encoding.
Arc
Guus: I don't believe so, the "schemaId" gets sent as part of the EXI header. though the XEP could include a specific stream-level message to renegotiate the EXI?
Guus
Somewhat of an edge case
Guus
dwd with the above, does your concern regarding end to end principle hold?
Guus
as with Arc explanaition, I'm thinking that it at least _migth_ work 🙂
Arc
yea in those cases I think reconnecting is perfectly fine. but there is the "fragment" option in the EXI header too, such that you're specifying that you're not sending the whole XML document from <root> to </root> but only part of it.
dwd
Guus, Well, I said it conflicts, and it does, but that's not a blocker.
Guus
how does it conflict?
Arc
in that case yes even without an XMPP stream-level support, if you wanted to change options on the fly, you could. with obvious security concern of trying to DDoS a server by flooding it with different schemaId's to be retrieved from a ... "grammar registry"
Guus
client A won't be able to send client B data that client B doesn't know how to parse. That?
Guus
Arc I'm unsure if those conerns are obvious, but sure 🙂
dwd
The end-to-end principle essentially says that end-clients care about more layers than intermediate routers. That's always been prtty shaky in XMPP anyway, since the server is often an end-client in that sense.
sjaakhas left
sjaakhas joined
Guus
That's way to abstract for me to understand without loads more coffee.
Arc
what about being able to block JIDs? I mean, the client is literally instructing the server to drop unknown content, that's not unlike instructing the server to not send content from certain JIDs?
Guus
(but you said 'no blocker' which I'm happy to accept)
Zash
To the coffee machine!
Arc
wow its 2am here.
dwd
Arc, It's armageddon here, for comparison.
Guus
At least there's clarity... ?
dwd
Yes, our doom can be seen very clearly.
Arc
oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust
sjaakhas left
sjaakhas joined
Guus
Dutch weather is as miserable as yours this time of year. We'd be happy to have you 🙂
dwd
Arc, Rust... I'm not sure there's a stand-out library for Rust. I'd be interested to see one.
Arc
i recognized a few names from the cargo package list
dwd
Guus, I have given it some thought. Not much less convenient for travel to the office. But it'd mean moving my daughter's schooling at this point, which'd be tricky.
Guus
Isn't that why you learned the other kid to fly? Commute solved.
lorddavidiiihas left
Guus
So, if we want to (and there seems interest, judging by this conversation) want to move forward with EXI in XMPP world, what would we need? It might be good to come up with an estimate of the effort involved, to be able to attract sponsorship for this.
dwd
And his license is an EU one, so covers him. No, I've genuinely thought about this.
Arc
Guus: I would really appreciate having a working group, even an informal one.
Guus
dwd it's a sucky situation. At least now, things will need to be solved pragmatically. Hopefully, things turn out less bad than what you've now envision.
Guus
And face it, it could be worse: Farage at no 10?
kokonoehas left
Guus
*shiver*
Guus
Arc we can do that easily. Who'd be willing to dedicate their effort into that?
Arc
beyond the big issues like how to communicate grammar, there's a ton of small ones which need to be determined. like a standard set of fidelity options for XMPP. the spec is not a small job.
Arc
https://www.w3.org/TR/exi/#fidelityOptions
Zash
Schemas being non-normative is also fun I imagine
dwd
Guus, https://twitter.com/DwdDave/status/1205426678639579136 - I'm desperately trying to find some positive outcomes.
Arc
Zash: yea. well that's also the difference between schema and grammar :-) schema informs grammar, but grammar is the actual bytestream format
Arc
schema cannot, by itself, construct a grammar. grammar is weighted, so unless you have some very cool code monitoring a connection and creating an optimized grammar for you, a human will actually write the grammar based on the schema
Arc
https://www.w3.org/TR/exi/#grammars
Guus
Arc fwiw, my preferred way of working would be to _first_ come up with a proposal on how to get EXI in XMPP realized, with estimated effort requirements, budgets, etc, before digging into the actual implementation details. My goal would be to first secure funding.
Guus
Or: have the information needed to secure funding.
Arc
you have a sponsor in mind to fund such work? :-)
Guus
Two.
Guus
but neither will bite without a proper plan.
Arc
that's excellent. I can't get companies here, even those already using XMPP, to bite.
Guus
Things should ideally be as concrete as: for this amount of money, you get this feature.
Arc
*nod*
larmahas left
Guus
So, how do we get to there?
Guus
(assuming we want to spend effort on this)
Arc
well ive got 5+ years implementation experience on EXI but I'm not a working group.
Guus
What would you need from a working group?
Arc
2 other people willing to invest the brain space to understand this 96 page technical document
Guus
(we can ask Board to make you a Working Group, but I'm sensing that that's not what you're after 😛 )
Arc
its not the official-ness of the group im concerned with, its the brains.
Guus
Yeah, that's what I was trying to get at.
Guus
any takers?
Guuseyes room
Guus
it's less than 100 pages people!
Guusducks.
Arc
I'm happy to help people get up to speed. and honestly most of it is just a few pages in the EXI header specs, and understanding the grammar
dwd
I'm not sure I can commit to working hihg-intensity on this.
larmahas joined
Arc
there's also this super cute (and not terribly useful) primer https://www.w3.org/TR/exi-primer/
Guus
I personally won't commit unless I can find funding for it.
kokonoehas joined
Arc
yea ive been without funding on this for all this time. I've met with a few companies and received some useful feedback but everyone just wants it for free.
Arc
though I learned Google has their own internal implementation written in Go
Guus
I admire you for doing that. It's not an investment I'd want to make myself.
Arc
apparently they already use it for push notifications?
Arc
I'm working on the premise of future marketability for libexi, given there's really nothing like it in existence. AGPL license it, and offer commercial LGPL-like exceptions, akin to wolfssl
sjaakhas left
sjaakhas joined
Guus
Do you want to drive an effort to find people for an XSF work team for this, Arc ?
Arc
yea but it might be from people not currently in the XSF
dwd
Arc, Sounds even better.
Arc
we dont have a ton of java people and that's really where we need. i'm absolutely not a java person
Guus
XSF Bylaws: "Participation in Teams shall be limited to elected Members of the Corporation."
Guus
<-- java
Arc
Q1 2020 membership page is open
dwd
Right, Guus is the most Java person I know.
dwd
Guus, You work around this by having a Work Team preside over a Special Interest Group, the latter being open to anyone.
dwd
Guus, Then the WOrk Team is basically devoted to getting people to understand and work with the process.
Guus
You like burning hoops and making people jump through them, don't you?
Guus
but, whatever. We will find some kind of venue to discuss this, one way or the other.
Arc
Guus: well since you're a java person :-) :-) :-)
sjaakhas left
sjaakhas joined
Guus
Arc I'll be as clear / blunt as Dutchies are known for: I'm definitely interested, but won't commit large amounts of effort without funding. If it boils down to doing this, or paid work, I'll go for paid work. I'm totally open to put in time to come up with data that can be used to secure funding.
Arc
I'm in the same state. Rent needs to be paid.
Guus
Hence my preferred order of things: first, do only what's needed to come up with budget estimates.
Guus
It would be awesome of others want to work under less strict conditions, but I personally choose not to.
Arc
certainly. libexi is something I've considered a hobby for now, and will continue to.
Guus
My problem is that I don't even have a grasp of the amount of effort that's required to get this to even a prototype state.
Arc
are you talking a spec or working code?
Guus
working code. My customers are unlikely to be interested in just a spec.
Guus
"for x amount of USD, you get EXI benefit A, B and C"
Guus
I'm not sure if that's the best first goal for us to work on, but I feel that that'd give me something I can use to try and secure funding.
Arc
the spec is going to end up being 20-30 pages. some working code in Java using an existing Java libraries? once the spec is done.. I don't imagine that being very long.
Guus
If others have another approach, I'd love to hear about that. I'm just winging it here.
Arc
from my side, a lot of my work has been in not just implementing EXI but using grammar to generate source code, and breaking the code up such that you can compile it with different options removed to save space
Arc
but thats all rust/C
Arc
and splatterings of assembly
Guus
😱
Arc
mozilla just recently declined sponsoring the work which would have gone into Servo. :-l but they made sure to jab the knife in my gut with the typical line "if you release it in an MPL compatible license we'd be happy to support it in Servo"
stpeterhas joined
debaclehas joined
Guus
yeah, I bet they would.
Danielhas left
Danielhas joined
Guus
I've tried to boil down what I'd like to know, before formulating a question to my customers. It's stupidly simple, but I find that that often helps coming up with concrete plans: https://etherpad.net/p/exi
Guus
I'd like that to be filled out.
Arc
at least they didn't drag me along with a job interview like a few companies have before telling me how they'll "love to support me by using my freely licensed software". one company asked for an hour presentation for their protocol team on EXI as part of the "interview" before telling me they'll join my "cause" if I change the license to permissive.
Guus
But I lack the knowledge to do that myself. Is this somethign we could work on?
Arc
I could contribute to it.
Arc
you want to find a Java EXI library and run some performance tests on it?
Arc
I know basic network performance for XMPP
Arc
I know that you *wont* get the 40x gains that I'm seeing from Java but you'll likely get 20x speed gains
Arc
the speed gains are largely the CPU cost of a string comparison. W3C did their own but I don't know what software they based it on, failing anything else you could grab some graphics from the EXI primer
Arc
er https://www.w3.org/TR/exi-measurements/
Guus
I'm updating that etherpad with the rough estimates that you have. I don't intend to send what is typed there verbatim. I'm fine with rough outlines, for now
Arc
outside IoT yea those speedups are the largest perk. especially on the server side.
Guus
those would be speedups in XML parsing right?
Arc
bandwidth and CPU cost money. saving bandwidth and CPU saves money.
Guus
what about bandwidth savings?
Arc
both parsing and creation, but yes. both sides
Arc
it depends on the data in all cases. IoT with float and int data obviously gets the best gains.
Guus
regular chat
Guus
ballpark it
Zash
"funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine?
Daniel
> "funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine?
Probably. But CPU isn't our bottle neck at the moment
stpeterhas left
Arc
regular chat? you'll be using byte packed mode without the precompression option, qname tables under 250 in size, so "message" would be 1 byte, "from" is one byte. "to" is one byte. the JIDs would likely be one byte each. so SE-"Message" AT="from" "guus@yourhost.isgreat" AT="to" "arc@myhost.islong" ...message... EE would be around 60 bytes to around 6 bytes. so the message stanza overhead would be only around 10%
Arc
CPU processing speed, well see the measurements for the various java tools
Arc
with byte packed, you can assume that the qname for each element and attribute is 1 byte. and the string table for JIDs are 1 byte too. extra attributes like id= will add to the cost. and unique strings... if memory serves you can set the value for some attributes to not be cached since they're unique or not commonly reused. so the length of the id= attribute would be unchanged
Guus
right, but 'regular chat' traffic also includes a bunch of IQ and Presence stanzas. I'm thinking that most of the data would be pretty dictionairy-able, with the exception of the chat message texts?
Arc
exactly.
Arc
that's why i said overhead :-)
Guus
average stanza character count in my MAM archive appears to be 185
Arc
ok and whats the average body length for those message stanzas?
!XSF_Martinhas left
Arc
i mean i forgot the id= and the body element, so you have SE-"body", etc. but ballpark its a huge bandwidth saving
Guus
average body char count is 64
Guus
note that I'm doing stupid SQL queries on a bucket load of crappy data
!XSF_Martinhas joined
larma
And even if CPU isn't a bottleneck right now, saving on CPU is a great thing, because it reduces energy consumption on portable devices
Guus
so, what's the huge ballpark saving? 🙂
Arc
so average message header is 121, and we can reasonably say that can be represented in under 12 bytes.
Arc
so the message header would be 10x smaller. or the entirety of the message about 40% smaller.
Arc
but iq and presence nodes would reduce that further
Arc
ive never worked with that server but my own experience says that you should be able to double the number of stanzas routed per second. and thats exceedingly conservative
Arc
its likely closer to 10x
Guus
assuming that parsing is the bottleneck
dwd
Parsing is almost always the bottleneck.
Arc
yea you can't control things like disk or network. but parsing, most notably string matching, is usually the bottleneck
Arc
JIDs are being passed with a specific ID# instead of a string, so if done well you can optimize the crap out of that.
Arc
but even ignoring JIDs you've got the qnames. and that's a big part of it too
Zash
Isn't that a security problem?
Arc
not really, the JIDs to ID# is per connection only. they're just cached.
Guus
Cool. Updated my EXI-budget-for-Dummies at https://etherpad.net/p/exi
Guus
What work do we need to do for this?
Arc
https://www.w3.org/TR/exi/#encodingOptimizedForMisses details it but very basically, the first time "zash@ishome" is sent its cached at a specific lookup ID, and then that ID is used on that specific stream
Arc
you already have java libraries implementing EXI so your work is much simpler. most of the time will be on the XEP.
Guus
we'd probably want at least one client library too
Guus
Smack is Java...
Arc
sure. smack sounds good. ideally with a different library.
Arc
there's a few javascript libraries too
Arc
last I looked they all implement only the core functionality and you need to provide the grammar as a file
Arc
((that's fine for a client))
Arc
i mean, for the client you shouldnt even need a library. you can hardcode values.
Guus
(note that I'm basing this very specific though experiment on implementations that I'm familiar with - I'm not trying to hijack this for my implementations at all, even if it starts to look like that now)
Arc
no you're fine. by no means would i want to intermangle my work into this
Guus
I'm also looking around the room
Arc
i made the mistake of leaking the source for libexi a few years ago and I still get email in korean asking for support
Guus
is EXI suitable for federation?
sonnyhas left
Guus
client A -> server A -> server B -> client B ... even if client A and B share a vocabulary, servers A and B might not share the same?
Arc
S2S? absolutely. with a very broad grammar and without "strict" so that grammar can grow
Guus
what's the implication of 'strict' exactly? More performance?
Arc
non-strict... in XMPP terms, say you have four options for the scope inside <stream:stream>; <message>, <iq>, <presence>, and </stream:stream> - right?
Arc
strict would encode that as 4 options, or when bitpacked 2 bits
Arc
non-strict would encode that as 5 options with the final option being "something I didn't expect"
Guus
right, so, performance.
Guus
you want strict where possible, because it compresses better.
Guus
I need to be paying attention to other stuff shortly.
Arc
yes, minorly for bandwidth, more for CPU.
Arc
its 3:30am here so I really need to be doing other stuff shortly. ie, becoming unconsciousness and hopefully hallucinating vividly
Guus
Right. I like having been able to come up with the roughest of sketches.
Guus
Let's see if we can build on this later.
Arc
sure.
!XSF_Martinhas left
Arc
feels like progress though, that's really great :-)
!XSF_Martinhas joined
Tobiashas left
Guus
agreed
Guus
ok, thanks!
Guus
I'll grab some lunch and get other stuff done
Guus
sleep tight!
Arc
I was just re-reading https://www.w3.org/TR/exi-primer/#encoding and its actually .. a lot better than I remember.
Arc
i mean, wall of text is intimidating but if you walk through it and compare to the binary below its very informative, if cumbersome
Arc
but yea, g'night
Tobiashas joined
pep.
"Arc> oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust" < We have no funding, but there's xmpp-rs (xmpp:chat@xmpp.rs?join), You might be able to reuse bits and pieces, and otherwise we'd be happy to have a use-case (and people contributing)
Wojtekhas joined
archas left
archas joined
pep.
I don't think there's many more people working on Rust publicly atm, it'd be a shame to split already.
archas left
archas joined
pep.
dwd, ^
Shellhas joined
pdurbinhas joined
dwd
I wasn't suggesting a split. Just noting I wasn't sure there was an existing standout library.
pep.
Not that it's really usable yet but we'd like to get funding for it so we can spend more time
kokonoehas left
sonnyhas joined
Shellhas left
kokonoehas joined
!XSF_Martinhas left
alameyohas left
alameyohas joined
stpeterhas joined
!XSF_Martinhas joined
!XSF_Martinhas left
!XSF_Martinhas joined
betahas left
Danielhas left
Danielhas joined
pdurbinhas left
stpeterhas left
APachhas left
APachhas joined
lovetoxhas joined
holgerhas joined
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
marc_has left
!XSF_Martinhas left
!XSF_Martinhas joined
marc_has joined
!XSF_Martinhas left
adiaholichas left
adiaholichas joined
waqashas joined
holgerhas left
holgerhas joined
!XSF_Martinhas joined
holgerhas left
holgerhas joined
dwd
"I’m not immediately sure that what I was saying didn’t make sense." - thanks, Kev, for making that clear...
marc_has left
holgerhas left
moparisthebesthas joined
mathijshas left
mathijshas joined
holgerhas joined
Guus
You mean: "thanks, Kev, for not making that unclear"
holgerhas left
holgerhas joined
kokonoehas left
mathijshas left
mathijshas joined
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
UṣLhas left
holgerhas left
holgerhas joined
stpeterhas joined
kokonoehas joined
alameyohas left
alameyohas joined
!XSF_Martinhas left
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
dwd
Guus, It'd be wrong to say I'm not certain that wouldn't have been worse.
Kevhas joined
Guus
I agree.
Kev
You're welcome.
Guus
(I just guessed a response)
jonas’
Failed to parse sentence: resource limit exceeded while processing negations.
!XSF_Martinhas joined
Yagizahas left
Yagizahas joined
stpeterhas left
Kev
Everyone does like to pick on my English :p
Guus
In fairness, your Hungarian is worse.
Guus
(again, guessing)
Kev
It's not impossible.
dwd
Guus, My Hungarian used to be pretty good, but these days I just use simpler vairable names and a better IDE.
marc_has joined
Kev
dwd: I think you're actually saying in that thread that the IETF now has 4 stages, which is roughly what I'm proposing for the XSF (modelled on Flo's suggestion).
Kev
That is, I'm suggesting we have Individual I-Ds, which are numberless.
dwd
Kev, No, the IETF dropped a stage. It did have 4 indeed.
Kev
And the acceptance for /those/ could be mechanical.
Kev
It had five, now it has four, no? If you count Individual and WG as distinct.
Daniel
> That is, I'm suggesting we have Individual I-Ds, which are numberless.
I was going to suggest that after what dwd wrote
dwd
Yes, that's fair.
Kev
So we could have an entirely mechanical numberless stage that gets it published and under IPR.
Kev
More or less inbox-plus.
dwd
FWIW, I'd be fine with having those numbered. Although given that people get excited that we have lots of XEPs, there's that risk.
Kev
Experimental becomes roughly what it is (effectively) now, which is that it's a direction Council wants to see investigated.
Daniel
Versioned inbox
Kev
dwd: I think the numbers are part of the problem.
Kev
dwd: I think "It's been published and assigned a number" is what makes the issue with accepting knowing it needs significant changes.
pep.
I really need to catchup on standards@
Kev
By having the first stage be "It doesn't have a number yet", it makes the risk of it being published and then people saying "Well, it's been standardised, it can't be changed" much lower, I think.
Kev
1) Published without number. Anything goes, mechanical acceptance (maybe with a check that it's not just "Screw the Establishment" 5000 times or something, but anything goes.
2) Experimental. Anything goes quality-wise, but confirmation it's a direction the Council think should be investigated.
3) Draft as-is (but maybe a lower barrier)
4) Final as-is (but...)
Kev
Which is actually not a million miles away from how the IETF works, by my understanding. Not strictly equivalent, but it has similar properties.
pdurbinhas joined
Kev
And yes, Daniel, it is very similar to the inbox, in as much as there's no comment on quality, just that it's for future consideration.
Daniel
> "Well, it's been standardised, it can't be changed" much lower, I think.
I think the argument usually goes: we had to implemt something that wasn't ready and ship it because the users were asking for this feature and we couldn't wait five years and now we kinda have to consider dealing with legacy
Daniel
I think those considerations are independent of numbers or stage names
Kev
Which I do think is important. I don't think another stage of Council review and etc. is going to add anything.
Kev
Daniel: I boldy assert that I've heard both types of claims.
Kev
Nothing we do about versioning or numbering or stages will effect changes in "I had to deploy something now, so I did a thing". But the other side we can do something about.
marc_has left
Zash
Hiw do you get the process to handle that?
pdurbinhas left
Kev
Zash: I think the first stage helps with that. You can get it published but not advanced to Experimental, and thus not yet have a number assigned, and still be called Proto-XEP.
dwd
So what does "Experimental" mean, and what would be the guidance to Council?
Zash
Won't stop people from deploying and causing the same problem?
Kev
"Council considers this is an appropriate direction to be directing investigation" or something.
Kev
So when Council sees a spec and says "This is a problem that needs solving, but this isn't the appropriate way to do it", they can hold it in (1) for a while. It's still been published, it's still versioned, it's still IPRd.
Zash
I-Ds get deployed and entrenched if people need and implement them
holgerhas left
holgerhas joined
Kev
Zash: Yes, as I said, you can't effect any change in "I had to do a thing so I did a thing".
Kev
Zash: You can address "This is now a standard, everyone should be implementing it", I hope.
Kev
So Reactions would have been able to be published by now, even though it needs to be framed in terms of a common approach (e.g. Fastening), it just wouldn't be Experimental yet.
Kev
Fastening might or might not have reached Experimental (I think the direction is right, FWIW, but that might not be clear enough, who knows).
Kev
Several of the things (IM2?) I've pushed out full of TODOs because we needed something published for discussion etc. would have stayed out of Experimental, at least for a while.
!XSF_Martinhas left
Kev
I'm not suggesting, FWIW, raising the barrier of Experimental to "This must be implementable and interoperable from the spec as-written". I think it's a good aim for all specs, but I think it's probably fine to leave some hand-waving in places.
MattJ
I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out"
MattJ
and then sitting there for years
Daniel
> I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out"
Yes. People at the very least need to be able to write prototype implementations
MattJ
Interoperable ones, at that
Kev
As above, I'm not convinced that Experimental needs to be entirely baked to the point that interop is guaranteed. I think it's fine for it to be genuinely an Experiment with questions that still need answering.
Kev
I'd like to introduce a new stage at the low end, not to life the existing stages.
!XSF_Martinhas joined
Daniel
> I'd like to introduce a new stage at the low end, not to life the existing stages.
We can do both. Introduce something at the low end end slightly raise the barrier for experimental (from what is described in xep1) to something which we are kinda doing now already
Daniel
I think introducing super-inbox also lowers the pressure of trying to become experimental
Kev
I think that last point is very desirable.
kokonoehas left
Kev
I would like to still see Experimental able to hold experiments that don't have all the answers. I think requiring it to be fully baked before Experimental wouldn't be the best choice. But I think allowing *everything* relevant to be published seems very desirable.
Kev
There is then no inbox, essentially. ProtoXEP is a stage in the process, rather than a colloquialism.
Kev
We might still choose to have them stored in the inbox/ path on the site, for various reasons, but it's a Real Thing rather than just somewhere for Council to look at things on their way to Experimental.
Kev
(And we could do all this without even formally changing our process, although I suggest it would be a good idea to do so)
pep.
Daniel, I'm going to be the one picking on details as usual but "stable it has to be stable." doesn't mean much. The XSF would also need to define their version of "stable".
pep.
(reading the thread)
Zash
Things might change anyways
pep.
will.
SpaceFreak aka Tracerhas left
Daniel
Ultimately the decision on how much leftover TODOs are OK will still be acceptable. But if experimental becomes (as it de-facto has been for a while now) a 'only thing that council agrees is a good direction' and not 'everything goes' as xep1 spells it out to be I think I want more formal readiness (meaning not _just_ TODOs)
pep.
To me this thread and discussions scream "People are afraid of change"
pep.
Introducing or removing a stage won't change this I believe
Daniel
Otherwise it sends a weird message when xeps that "some random people on the internet don't agree with" become accepted and on the other hand we have xeps that are really just stubs someone wrote in 20 minutes ✎
pep.
Final is never final. Another XEP someday will come to replace it
pep.
(And to me it's exactly the same as changing that Final XEP in the first place..)
Daniel
Otherwise it sends a weird message when xeps that "some random people on the internet don't agree with" don't get accepted and on the other hand we have xeps that are really just stubs someone wrote in 20 minutes ✏
Kev
Daniel: To be clear, I'm not suggesting that Experimental should be a stub. Just that it doesn't have to be complete. I have certainly published XEPs to Experimental with my name on that I would not have needed to be Experimental if we had the ProtoXEP stage.
stpeterhas joined
Kev
I'm also fine for Experimental to remain a judgement call of Council.
Kev
And I'm also fine with trying to update XEP1 to describe Experimental as it is being used currently, rather than necessarily what it suggests, if it suggests otherwise.
Kev
And then Peter appears for an informed opinion :)
marc_has joined
intosihas left
marc_has left
calvinhas joined
mtavareshas left
stpeterhas left
patrickhas joined
mtavareshas joined
holgerhas left
marc_has joined
kokonoehas joined
intosihas joined
mukt2has joined
karoshihas left
karoshihas joined
Steve Killehas joined
Wojtekhas left
karoshihas left
karoshihas joined
j.rhas left
Marandahas left
Marandahas joined
Wojtekhas joined
mathijshas left
marc_has left
calvinhas left
calvinhas joined
Steve Killehas left
mathijshas joined
mukt2has left
mukt2has joined
Steve Killehas joined
mathijshas left
!XSF_Martinhas left
!XSF_Martinhas joined
mukt2has left
mathijshas joined
mathijshas left
pdurbinhas joined
mathijshas joined
kokonoehas left
mukt2has joined
j.rhas joined
pdurbinhas left
!XSF_Martinhas left
marc_has joined
stpeterhas joined
larmahas left
!XSF_Martinhas joined
larmahas joined
calvinhas left
marc_has left
kokonoehas joined
mukt2has left
patrickhas left
kokonoehas left
marc_has joined
stpeterhas left
mathijshas left
mathijshas joined
kokonoehas joined
marc_has left
!XSF_Martinhas left
mukt2has joined
intosihas left
!XSF_Martinhas joined
mathijshas left
mathijshas joined
Arc
pep.: I looked at xmpp-rs but is it asyncio?
pep.
"which one", atm it's using tokio behind, we started having a look at async-std. tokio 0.2 uses the keywords fwiw
Arc
yea I was looking at the tokio one
mukt2has left
Arc
this is for playerd and therefore two basic requirements; async and good pubsub support
pep.
What's playerd?
mukt2has joined
pep.
"good pubsub support" is not there at all. (We barely have messages in that high-level API), but I'd happily work on that :)
mathijshas left
mathijshas joined
Arc
in short playerd is intended to provide game console '-like player management cross-platform; ie, input->player mapping, user profiles, and the basic XMPP-IM functionality like friends lists and chat
Arc
imagine on any game console what happens when you press the system button on a controller
pep.
I see
Arc
most games don't support this on any non-console platform. even on Steam (which has the best of this right now) when you load a game with two players you end up having to physically swap controllers when the game opens and you discover you have them backwards
mukt2has left
gavhas left
gavhas joined
mukt2has joined
!XSF_Martinhas left
marc_has joined
Arc
btw we have a whole new group of teenagers discovering the joys of XMPP right now
pep.
we?
Arc
copyleft games
Arc
gci@chat.copyleftgames.org MUC
dwd
Arc, This library able to be used in commercial games, or only GPL?
pep.
Pidgin is so much fail :x
Arc
dwd: playerd is intended to be permissive
!XSF_Martinhas joined
Arc
the code itself is AGPL right now though. the intention is to put a LGPL-like exception on it to allow it to be used by non-copyleft games
dwd
Arc, Cool. I've heard some rumblings that Epic and others are struggling with XMPP, but perhaps some demonstrations that it has broader utility might help.
Arc
valve reached out to us about playerd a bit ago too for the same reason, which gave me some hope that steam could broaden their xmpp support
dwd
Arc, Does Steam use XMPP at all?
pep.
That's what I understand from this sentence :x
Arc
from what little I could gleam (since the valve person was under NDA that I didn't sign) they have XMPP at some place internally but currently expose some "Steamworks IM" protocol to games, and there's a lot of pressure from gamedevs to use XMPP instead, so that led them to look into offering an alternative protocol
dwd
Oh, interesting. Perhaps Board could try to get into contact and see what we could offer?
marc_has left
stpeterhas joined
pep.
What can the XSF offer at all? "Hey we can propose you more protocols!" :)
dwd
I don't know, but some contact might answer that question.
mukt2has left
Arc
they dont need more protocols :-)
Arc
playerd uses common sense stuff
Zash
which XEP is that;
mukt2has joined
Wojciech Kapciahas joined
Wojciech Kapciahas left
Nekithas left
kokonoehas left
mukt2has left
kokonoehas joined
archas left
archas joined
mukt2has joined
sjaakhas left
sjaakhas joined
Yagizahas left
pdurbinhas joined
Kevhas left
!XSF_Martinhas left
Wojtekhas left
Wojtekhas joined
pdurbinhas left
mukt2has left
mukt2has joined
!XSF_Martinhas joined
holgerhas joined
calvinhas joined
archas left
archas joined
Wojtekhas left
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
kokonoehas left
sjaakhas left
sjaakhas joined
kokonoehas joined
debaclehas left
Nekithas joined
!XSF_Martinhas left
Arc
for playerd? I haven't submitted one
adiaholichas left
Arc
btw do we have a XEP for Oauth2 SASL negotiation?
calvinhas left
calvinhas joined
Arc
as in RFC 7628 as applied to XMPP? even a best practices one?
!XSF_Martinhas joined
APachhas left
Arc
XMPP is referred to in the RFC
sjaakhas left
sjaakhas joined
Arc
but the RFC more or less starts after you have the bearer token. it doesn't really dig deep into how XMPP clients get that token
Zash
I also seem to miss how that's supposed to work.
Arc
oauth2 is a pretty big spec and covers use cases like keyboard-less UI.
Arc
consider a teen with the tech savy of the average iphone user, sitting down with a game controller and wants to "log in. oauth2 supports this, but its not very obvious how the xmpp client would.
Zash
I kinda get the impression that OAuth only works if you're web-based.
Arc
ideally they'll get a short URL plus a qr code on the screen to access on their phone to log in via phone-based web browser, or any other browser
Arc
nope. it works in all cases - and that's my point
Arc
you can log your smart fridge in with no form of input at all
betahas joined
Arc
fridge would just give you a URL to access to log it in
Arc
like, "Go to HTTPS://AUTH.GE.COM/H8C0 to login" with an all-caps qrcode (all caps qrcodes use fewer bits to encode so easier bigger squares, easier to scan)
betahas left
stpeterhas left
betahas joined
Arc
the fridge keeps accessing a https url and receives a authorization_pending error response over and over until you actually log it in. and if you take very long the server will send a "expired_token" error, in which case the fridge will have to start over often with a new URL.
Arc
but once you login on your phone or laptop or whatever, the fridge will get a response containing the bearer token that it can use to actually login
sjaakhas left
sjaakhas joined
Arc
usually the server will wait a few seconds on each request before sending the authorization_pending error, so that the exact moment the login is completed the fridge can be sent the bearer token. in production there's virtually no delay at all.
Arc
desktop XMPP clients can do the same; you just launch a web browser on the url instead of showing it to them on a screen. you don't need a response from the browser.
matkorhas left
matkorhas joined
Zash
"just launch a web browser" :(
Arc
desktop client runs "browser-open" command with url "https://login.google.com/bla". it doesn't need to get anything back from the browser
Arc
there's a standard way to open a URL via default browser on every modern OS
jonas’
so, yes, web-only
Arc
web-only for login yes. but not for web XMPP clients only
j.rhas left
Arc
here's two lines of Python code to do this from every OS:
import webbrowser
webbrowser.open(oauth2_url)
andrey.ghas left
Arc
it will return True.
Arc
seriously the whole client handshake is maybe 30 lines of python, tops. my point being is if you're not versed in oauth2 this is very non-obvious so a XEP would be useful. IMHO every XMPP client should be using bearer tokens for account security. for account security every XMPP server should only accept oauth2 bearer tokens.
holgerhas left
Zash
But, requiring a web browser, I don't want that
Zash
Assume that I explode if I have to evaluate JavaScript. How do I OAuth?
j.rhas joined
krauqhas left
Guus
Preferably at a safe distance from other combustibles.
mathijshas left
mathijshas joined
pdurbinhas joined
sjaakhas left
sjaakhas joined
mathijshas left
mathijshas joined
calvinhas left
sonnyhas left
pdurbinhas left
j.rhas left
sjaakhas left
sjaakhas joined
mr.fisterhas joined
kokonoehas left
Steve Killehas left
!XSF_Martinhas left
larma
Zash, I don't think there is a reason why OAuth would require JavaScript (beside most implementations certainly will)
krauqhas joined
!XSF_Martinhas joined
Arc
Zash: OAuth is a web api. but its completely conceivable, if you write your own oauth2 web client, to use a simple HTTPS form. oauth2 can be implemented entirely server-side
Arc
or better yet write it in rust and compile to wasm
kokonoehas joined
Arc
without a web browser at all is hard since oauth2 is a standardized web api
calvinhas joined
davidhas left
davidhas joined
adiaholichas joined
stpeterhas joined
j.rhas joined
calvinhas left
Nekithas left
!XSF_Martinhas left
Ge0rG
I didn't know that browsers are the only operating system for APIs
!XSF_Martinhas joined
adiaholichas left
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
calvinhas joined
calvinhas left
calvinhas joined
!XSF_Martinhas left
!XSF_Martinhas joined
calvinhas left
calvinhas joined
calvinhas left
debaclehas joined
Arc
Ge0rG: lets be real, in the real world 95%+ of software devs are web developers and we're <<looks at the XSF membership>> far too few to write everything. But web devs are limited, and thankfully still need us or we'd all be unemployable.
sjaakhas left
sjaakhas joined
sjaakhas left
sjaakhas joined
kokonoehas left
Arc
the only reason these companies approach us is because some web developer sent them our way. in literally every case.
Arc
when I get an email from taiwan about working on a smart appliance its because their web devs have already tried and failed. they're hiring a "specialist" because that's what we've all become. and they've already developed the web-side
Arc
the most extreme case you'll get consensus from their inhouse webdevs is to use an existing web standard
Arc
half the products I get to work on are running NodeMCU (ESP8266) and they already tried and failed to run the whole appliance on javascript using web apis.
Arc
... and that's why a vast majority of IoT is running stupid JSON-based web apis
Arc
and it doesn't even matter because its for a single production run. the company exists only that long. they sell 100k of a product with a $40 margin over cost to manufacture, the 4 million pays the employees and investors, and poof they're gone with no continued support.
karoshihas left
Arc
the developers working for these companies have a strictly disposible attitude.
Arc
they don't care about standards. the only reason they use standards is to shorten their development cycle. they don't care about license compliance. if we're super lucky they toss their code over the wall on github to bitrot.
Lancehas joined
pep.
Great pitch for all these new students that want to get into programming.
pep.
I would have gone farming right away if I had known
Arc
lol well :-)
!XSF_Martinhas left
pdurbinhas joined
kokonoehas joined
mukt2has left
mukt2has joined
Arc
my point is standards are only useful if people use them, we need to make XMPP accessible to web devs because they control the code that goes into products, and they also control who gets funded.