XSF Discussion - 2019-12-13

👍

thats zero o'clock content

:64 participants at this time is actually sick~

Wonder how that works copyright-wise with nginx

I'd hope if you don't enforce your copyright for 20 years while the product gains widespread adoption you don't get to swoop in and take it, but who knows

well that didnt stop them from arresting the lead two developers

I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of

moparisthebest: that's the copyright law, destructive by design

but for a company that considers working on other FOSS projects to be a conflict of interest, I don't feel bad for them.

if they were good actors in the community I'd be happy to come to their defense

they were literally the last company I interviewed for in SF.

the first interview was great. sure there were accent barriers but it seemed like a great fit. and then being introduced to their CEO who turned out to be a former rugby teammate from washington DC

and that amazing high turned 180 when the CEO told me, point blank, that I'd have to resign from working on other FOSS projects while working for them because it'd be considered a conflict of interest ---

Actually I'd heard you tell that story before so I didn't feel sorry for them either

I was asking for more selfish reasons, like, can I keep using nginx :)

moparisthebest: you'll know it only after a while, the rambler group states that "any usage of nginx without their personal permission is violation of copyright law" or something like that

> I assume their equivalent of a DA approved the arrest, usually required to get a justice to sign of Arc: it's Russia

certainly its Russia. :-)

I don't expect their former employer will win. But the drama will likely drag out for some time, especially influence their current round of VC funding, and will hurt their user base

its like Michael Holdmann trying to patent parts of XMPP and then use those patents as collateral for VC loans. Its nasty behavior that can only hurt the community when his business fails and those patents get sold to a patent troll

if NGINX Inc never existed, if nginx remained a FOSS project, or tried to commercialize without VC funding or trying to turn themselves into a FOSS-toxic tech startup, we wouldn't be where we are now. but now that they have, the VC money they've pocketed makes them an easy target for copyright trolls.

I think I'm broadly in agreement with lovetox here. I think Kev's proposal on list goes some way to addressing these concerns, and we'll work on a concrete proposal in this space next week.

thread regarding IoT : https://fosstodon.org/web/statuses/103293746877193364

nyco: XEP 0322 needs some serious work or should be killed. its in a non-starter state because it was written by someone with only the most cursory experience with EXI

yep, maybe we should reboot the IoT stuff

i dont expect to see any forward movement from that from the xmpp council because EXI is very much not simple

grammar distribution and negotiation needs to be solved.

and yes while grammar unaware mode is available, and could be used, it would dramatically increase the software size for embedded devices and thus make it not feasible for some iot cases

I think I might be the only current XSF member with any experience working with EXI and that would need to change to move forward with it

there is some more members with EXI experience, not judging on how much

who?

yeah, indeed, EXI may not be the way to go

Arc MongooseIM guys

at least

ive never gotten that impression

On the topic of exi. I was in a meeting yesterday in which we essentially decided to reinvent exi because exi itself was deemed to complicated

But we do a strong need for 'something like exi'

its not too complicated, its poorly documented.

EXI itself is incredibly simple

Meaning compression with predefined dictionary

the string dictionary?

A xml tag name namespace tuples dictionary

So yes, I guess

yea so that's really simple. too simple.

the only place so far I've had EXI completely fail is SVG

but the problem with the way its documented is it feels ass backwards. we tend to view XML from a data -> in perspective, because that's the way virtually every piece of software is written

its best to view EXI from the viewpoint of the data consumer; typically from the viewpoint of that critical piece of code that does a string compare to match it with code to be executed when a certain element is found

in XMPP code, that means the stanza router

somewhere in virtually every piece of XMPP software I've ever seen is a string compare routing an incoming stanza for message, iq, presence, or various stream errors/etc.

in EXI you always have the grammar - whether its schema informed strict (whereas grammar is fixed), schema informed non-strict (whereas grammar can be extended), or schema uninformed (whereas the grammar is constructed as needed).

Arc, But string compares only after parsing, right?

I guess what I'm saying is that we have a need for some form of binary xml. But exi feels too much for us to tackle alone. (as opposed to just coming up with something new). But if someone else wants to colab on an exi 2.0 xep or something I might be able to convince my people to do that instead

dwd in traditional XML sure, string compares after layer 2 parsing.

Arc, But EXI prevents this?

in EXI you should only do string compare when parsing the grammar.

Arc, I think I need an example, I'm being stupid.

your parser isnt receiving the string "message" anymore. its receiving the integer 1 instead. the grammer determines how many integers there are at a given scope, and what those integers mean

ok. say we're in the scope of <stream:stream> and lets ignore stream management and stream:error etc; we have 4 possible options in xmpp; message, iq, presence, and </steam:stream>

EXI understands those as 0, 1, 2, and 3.

when in bit-packed mode EXI will represent those options with 2 bits. in other modes as one byte. but in parsing it doesn't matter

on decompression you set a hook for message, iq, presence, and </stream:stream> like you always have. the difference is now you're not string comparing what the XML library is giving you. your code is being called on a switch block for 0, 1, 2, and 3 respectively. which is tremendously faster

for embedded IoT devices using strict schema-informed grammar you can hard code that so that 0 is always message, 1 is always iq, 2 is always presence, and 3 is always </stream:stream>

so you're decoding a <iq> element, in that scope there's be a fixed number of attributes and child elements that are understood by the grammar, and similarly each is represented by an integer. with strict schema-informed grammar those options will always be the same. so a byte 1 followed by a byte 2 may always be "<iq from="

the only time a string compare should ever be needed is when transmitting grammar or grammar extensions for unexpected things that arrive, and then only once to see if your code has any clue what those things do.

after that you'll only use the integer for that thing, and you can record a pointer to what to execute what to do when that thing is read.

the XMPP challenge for the XEP is for how the client informs the server what grammer to use. strictly "schema uninformed" would waste a lot of bandwidth and consequently battery power on the IoT device. ideally we would like the device to not have to transfer the grammer also to save power. eg it could come from the manufacturer

there's two major problems with XEP 0322; first its relying on "compiling" a schema from a given set of schema files (schema informs grammar, but lacks any definition for the precise way to do this reliably across different libraries), and second its using arbitrary URLs to load the schema files from which is a pretty major security issue

clients should not be able to cause a server to automatically download HTTP URLs; that could be used as part of a DDoS attack, to anonymously transmit data via some web APIs, or worse

when I first started looking at EXI 5+ years ago I thought strict grammar mode would be unusable in any real world case. but the more you work with it, the more it changes your way of seeing XML, and you start to see strict grammar as the obvious default. there's certainly cases for extensible grammar but in all seriousness, software is written to process what the software is written to process.

that is to say: unless you're debugging or planning to save XML for other software to process, there's no reason to receive XML elements or attributes that the software is going to ignore anyway. its better for the server to silently drop that content instead of sending it to the client where it'll be ignored because there's the client doesn't know how to process it.

Fwiw I'd be fine with a potential exi 2.0 xep being only specified for strict

That might limit exi use to closed deployments but that's where it is needed the most

well one thing the XEP does right IMHO is the client dictates the grammar. so the client decides.

Ive been able to compile libexi for one specific small grammar in under 1k of rom. and that's the point of it for IoT.

but there's really little need to restrict what the server can support. any xmpp server should be able to support all the various modes. plus - even with strict grammar, the client still needs a way to inform the server what the grammar is.

when your IoT device is monitoring air pollution while attached to the top of a city bus with rare earth magnet and powered by a solar cell, or monitoring soil moisture in your garden with a single AA battery, the transmit power (plus amount of time the CPU is out of sleep mode) to send the grammar is simple too much.

to convince a lot of IoT companies to change to XMPP we need to meet or beat the power use of their current protocol. which in most cases will look pretty similar

So my use for EXI would be handling the crappy bandwidth one gets in hospitals. I don't think I'm anywhere close to XMPP being the bandwidth hog here, mind, but still. I don't understand how a schema-strict mode would work (or, at least, how it wouldn't violate the end-to-end principle and all that implies).

schema-strict mode would do the exact same thing that current text XML does, just in a different place. if your current client ignores data it doesn't want or need, the server would drop that data instead.

and really, for most extensions, its a best practice not to send data that the receiver hasn't asked for or specified support for

Hey, Arc!

hey Guus!

Longtime no see. How are you? (maaaybe I should've waited for whatever conversation was going on to finish, sorry 😉 )

Also, yes, it's great to see Arc back.

dwd but also for hospital IoT stuff, they likely have the memory and CPU for handling non-strict schema. for the strict schema, its mostly for tiniest of IoT devices.

thanks! :-)

Arc, We're not IoT, but yes.

yea so informed non-strict should be fine.

there's absolutely an overhead for building grammar tables that may be extended. I have a device within arms reach of me right now that's running a 8-bit RISCV that it would be much more difficult to squeeze extensible tables into.

(its not *really* 8-bit but that's another topic)

Arc: would it make sense to have a grammar caching mechanism similar to entity caps?

Daniel My first gut reaction to trying to create a new something something that's EXI like but not EXI is https://xkcd.com/927/ - but knowing you, you've probably considered that. I'm interested in how a new approach is different in this way.

The client transmits its grammar on first connection, it's cached on the server, problem solved ✏

On the second connection, the client just sends the sha256 of the grammar, no need to retransmit

When the client software is updated, the new hash isn't known to the server, it requests the new grammar

The server side filtering to known elements would also be good for mobile clients, not just IoT

If I understand Arc correctly, then one of primary issues is that EXI is lacking proper documentation. How much effort would it take to get that fixed? Would we be able to find sponsoring for that, given the impact it could have on certain applications?

We really need to position ourselves as The Solution for IoT

Guus: its not a lack of documentation, its that the docs are terrible and overly verbose, such that its really difficult for people approaching EXI to understand it.

(From what I'm reading just here, at least Arc, Daniel and Dave are dabbling in this field. Is there some corporate backing here?)

Arc: you could write a book!

Ge0rG: that is exactly something I proposed a few years ago, and I now disagree with as an approach. the problem is you don't want to burden the client with that responsibility

Arc sure. "documentation needs work." ✏

Guus, We aren't dabbling at all. My guess would be that Kev (And Isode, more generally) would be more interested than us.

Guus, I'm just EXI-curious. :-)

haha

Arc: you also said you don't want the grammar to be an external HTTP URL. What's your proposal?

You're talking about the extremely low-bandwidth type of applications that some of their customers are working with? ✏

Guus: not just low bandwidth, but low handware, low cpu, low ram, low battery power. my ultimate goal of EXI isn't to save bandwidth but vastly expand XMPP into the embedded market

Guus: I was in fact coming from a "let's consider exi" position. Precisely not to reinvent the wheel and to have something that benefits the community. I think the feeling on the other side of the table was that "something like funxmpp" (essential hard coded, preshared lookup table of commonly used elements) is easier to grasp

Guus, Right. Most of our problems are with RTTs and unstable networks - these also apply to Isode's space. Bandwidth isn't great for us, but it's waaay better than some of Isode's cases. Our clients run on consumer smartphones, so we're absolutely not an IoT case.

Than exi with its 3 modes of operations

The fact that I don't know a lot about exi didn't help

Ge0rG: that's something to be discussed. I mean a specific XMPP extension for sending a grammar over XMPP would potentially be doable. that way it could never be used for an attack.

Daniel that's fair. But also kind of boils down to the documenation problem with EXI, right?

But my hope was that starting a broader effort on the exi front might help me convince the other side

Yeah. Also that there are virtually no libraries

ok sorry as soon as i wrote that last bit I realized how stupid that is. literally anything could be formed into an attack vector by someone determined enough. the local antifa group took down a hate group using craigslist ads.

Arc I understand. I was trying to describe to Dave the customers that I thought were interested in this, without naming names. I wasn't trying to describe all of EXI's benefit.

I mean if exi was some plug and play thing that you just hook in between things it might be easier

Daniel: yes, and lack of software is absolutely a problem I want to address. libexi is my strategy for that but there's zero funding for it

Arc: the alternative would be a common grammar file format and a central repository, which your server needs to pull from whenever you launch a new version client

Arc: really, I don't see a viable alternative to xmpp based delivery for anything but closed deployments

Ge0rG: yea a "registry" could work.

Arc: but server operators are lazy, and automatic push + pull with a central registry is even worse, security wise

that's something XSF could maintain

I'm probably the least qualified / experienced of people talking here right now, but from what I read here is that EXI has already had quite some work gone into it, but needs some work to be (re)usable (docs and libs). Feels like a shame to replace it with an easier-to-develop (but really, that rarely turns out to be the case) yet less re-usable XMPP-specific solution.

Guus, I'll fight you for the least-qualified position. ANd probably lose.

Guus: yes and no. in Java-land EXI is extremely mature. in C-land, not so much. outside of Java there's simple nobody working on XML.

Would it be good to get some people together, and see what amount of resources would be needed to use EXI to get a real-world application, that we can pitch to customers.

there's known 0-days in libxml2 that could easily cost billions in damage and nobody working on it.

Arc well, we have several Java implementations, so that might be a good platform to do some prototyping in XMPP then.

If anything, that could lead to traction.

Arc, Presumably strict-schema mode in EXI would require stricter schemas (ie, entirely immutable schemas) than we have previously used in XMPP?

Google knows about them, so they wrote their own XML library in Go. and Mozilla wrote their own in Rust for servo, which is likely better

Arc, Or can we safely add further attributes with default values (for example) without having to ... recompile? ... the schemas for EXI?

dwd: strict grammar means that any unknown elements, attributes, etc be ignored.

(Which seems to be problematic for the "X" in XMPP?)

Guus: no, it does the same thing in most cases when an unknown element or attribute is received by software. the client you use now for example, if I sent <message ...> <helloworld/><body>hi</body></message> what would it do with the <helloworld/> ?

ignore

bingo.

Yes, I was thinking it's not a terrible thing, since it's how XMPP works itself.

it just ignores it on the server. another way of looking at EXI is, its as if part of the XML parsing gets moved to the server

but would EXI still pass along the data, which would then be parseble XML?

not if strict is sent.

its a bitflag in the EXI header

Arc, But the, erm, EXI schema definitions need to be the same on both server and client?

So, if Client A wants to send Client B some data that contains data not understood by the server, how'd that work?

dwd the grammar needs to be the same, yes. the schema informs the grammar.

Guus: if you send me a <message><helloworld/> and I'm connected to my server while specifying "strict" mode, then my server will drop <helloworld/>

If client A sends stuff not understood by the server, which drops data, client B is unlikely to receive that data?

here's what the EXI header looks like, which might be the most readable part of the whole specification

https://www.w3.org/TR/exi/#header

Isn't that wildly different as compared to regular XMPP? If a server receives something it doesn't recognize, it'll ignore it, but pass it along.

Guus, Exactly that. Which is why I say it conflicts with the end to end principle.

Guus: the client dictates what grammar to use, not the server.

if EXI doesn't do that...

ah ok - so if the client is going to send something, it will (well, _can_) always inform (and thus configure) the receiving end in such a way that it can properly parse all data?

yes.

Right. And the receiving client will have configured the server in a similar way, so that it can be send all data that it'll be able to interpret.

So the server still needs to shuffle some generic XML representation internally?

Can an EXI client even send something not part of the schema/grammar?

(Can that grammar be re-negotiated? For example when new plugin gets dynamically loaded that introduces new goodies)

Zash: yes there's really no way around that because the clients, in most cases, will be speaking different grammars. and no the client cannot encode new things in strict encoding.

Guus: I don't believe so, the "schemaId" gets sent as part of the EXI header. though the XEP could include a specific stream-level message to renegotiate the EXI?

Somewhat of an edge case

dwd with the above, does your concern regarding end to end principle hold?

as with Arc explanaition, I'm thinking that it at least _migth_ work 🙂

yea in those cases I think reconnecting is perfectly fine. but there is the "fragment" option in the EXI header too, such that you're specifying that you're not sending the whole XML document from <root> to </root> but only part of it.

Guus, Well, I said it conflicts, and it does, but that's not a blocker.

how does it conflict?

in that case yes even without an XMPP stream-level support, if you wanted to change options on the fly, you could. with obvious security concern of trying to DDoS a server by flooding it with different schemaId's to be retrieved from a ... "grammar registry"

client A won't be able to send client B data that client B doesn't know how to parse. That?

Arc I'm unsure if those conerns are obvious, but sure 🙂

The end-to-end principle essentially says that end-clients care about more layers than intermediate routers. That's always been prtty shaky in XMPP anyway, since the server is often an end-client in that sense.

That's way to abstract for me to understand without loads more coffee.

what about being able to block JIDs? I mean, the client is literally instructing the server to drop unknown content, that's not unlike instructing the server to not send content from certain JIDs?

(but you said 'no blocker' which I'm happy to accept)

To the coffee machine!

wow its 2am here.

Arc, It's armageddon here, for comparison.

At least there's clarity... ?

Yes, our doom can be seen very clearly.

oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust

Dutch weather is as miserable as yours this time of year. We'd be happy to have you 🙂

Arc, Rust... I'm not sure there's a stand-out library for Rust. I'd be interested to see one.

i recognized a few names from the cargo package list

Guus, I have given it some thought. Not much less convenient for travel to the office. But it'd mean moving my daughter's schooling at this point, which'd be tricky.

Isn't that why you learned the other kid to fly? Commute solved.

So, if we want to (and there seems interest, judging by this conversation) want to move forward with EXI in XMPP world, what would we need? It might be good to come up with an estimate of the effort involved, to be able to attract sponsorship for this.

And his license is an EU one, so covers him. No, I've genuinely thought about this.

Guus: I would really appreciate having a working group, even an informal one.

dwd it's a sucky situation. At least now, things will need to be solved pragmatically. Hopefully, things turn out less bad than what you've now envision.

And face it, it could be worse: Farage at no 10?

*shiver*

Arc we can do that easily. Who'd be willing to dedicate their effort into that?

beyond the big issues like how to communicate grammar, there's a ton of small ones which need to be determined. like a standard set of fidelity options for XMPP. the spec is not a small job.

https://www.w3.org/TR/exi/#fidelityOptions

Schemas being non-normative is also fun I imagine

Guus, https://twitter.com/DwdDave/status/1205426678639579136 - I'm desperately trying to find some positive outcomes.

Zash: yea. well that's also the difference between schema and grammar :-) schema informs grammar, but grammar is the actual bytestream format

schema cannot, by itself, construct a grammar. grammar is weighted, so unless you have some very cool code monitoring a connection and creating an optimized grammar for you, a human will actually write the grammar based on the schema

https://www.w3.org/TR/exi/#grammars

Arc fwiw, my preferred way of working would be to _first_ come up with a proposal on how to get EXI in XMPP realized, with estimated effort requirements, budgets, etc, before digging into the actual implementation details. My goal would be to first secure funding.

Or: have the information needed to secure funding.

you have a sponsor in mind to fund such work? :-)

Two.

but neither will bite without a proper plan.

that's excellent. I can't get companies here, even those already using XMPP, to bite.

Things should ideally be as concrete as: for this amount of money, you get this feature.

*nod*

So, how do we get to there?

(assuming we want to spend effort on this)

well ive got 5+ years implementation experience on EXI but I'm not a working group.

What would you need from a working group?

2 other people willing to invest the brain space to understand this 96 page technical document

(we can ask Board to make you a Working Group, but I'm sensing that that's not what you're after 😛 )

its not the official-ness of the group im concerned with, its the brains.

Yeah, that's what I was trying to get at.

any takers?

it's less than 100 pages people!

I'm happy to help people get up to speed. and honestly most of it is just a few pages in the EXI header specs, and understanding the grammar

I'm not sure I can commit to working hihg-intensity on this.

there's also this super cute (and not terribly useful) primer https://www.w3.org/TR/exi-primer/

I personally won't commit unless I can find funding for it.

yea ive been without funding on this for all this time. I've met with a few companies and received some useful feedback but everyone just wants it for free.

though I learned Google has their own internal implementation written in Go

I admire you for doing that. It's not an investment I'd want to make myself.

apparently they already use it for push notifications?

I'm working on the premise of future marketability for libexi, given there's really nothing like it in existence. AGPL license it, and offer commercial LGPL-like exceptions, akin to wolfssl

Do you want to drive an effort to find people for an XSF work team for this, Arc ?

yea but it might be from people not currently in the XSF

Arc, Sounds even better.

we dont have a ton of java people and that's really where we need. i'm absolutely not a java person

XSF Bylaws: "Participation in Teams shall be limited to elected Members of the Corporation."

<-- java

Q1 2020 membership page is open

Right, Guus is the most Java person I know.

Guus, You work around this by having a Work Team preside over a Special Interest Group, the latter being open to anyone.

Guus, Then the WOrk Team is basically devoted to getting people to understand and work with the process.

You like burning hoops and making people jump through them, don't you?

but, whatever. We will find some kind of venue to discuss this, one way or the other.

Guus: well since you're a java person :-) :-) :-)

Arc I'll be as clear / blunt as Dutchies are known for: I'm definitely interested, but won't commit large amounts of effort without funding. If it boils down to doing this, or paid work, I'll go for paid work. I'm totally open to put in time to come up with data that can be used to secure funding.

I'm in the same state. Rent needs to be paid.

Hence my preferred order of things: first, do only what's needed to come up with budget estimates.

It would be awesome of others want to work under less strict conditions, but I personally choose not to.

certainly. libexi is something I've considered a hobby for now, and will continue to.

My problem is that I don't even have a grasp of the amount of effort that's required to get this to even a prototype state.

are you talking a spec or working code?

working code. My customers are unlikely to be interested in just a spec.

"for x amount of USD, you get EXI benefit A, B and C"

I'm not sure if that's the best first goal for us to work on, but I feel that that'd give me something I can use to try and secure funding.

the spec is going to end up being 20-30 pages. some working code in Java using an existing Java libraries? once the spec is done.. I don't imagine that being very long.

If others have another approach, I'd love to hear about that. I'm just winging it here.

from my side, a lot of my work has been in not just implementing EXI but using grammar to generate source code, and breaking the code up such that you can compile it with different options removed to save space

but thats all rust/C

and splatterings of assembly

😱

mozilla just recently declined sponsoring the work which would have gone into Servo. :-l but they made sure to jab the knife in my gut with the typical line "if you release it in an MPL compatible license we'd be happy to support it in Servo"

yeah, I bet they would.

I've tried to boil down what I'd like to know, before formulating a question to my customers. It's stupidly simple, but I find that that often helps coming up with concrete plans: https://etherpad.net/p/exi

I'd like that to be filled out.

at least they didn't drag me along with a job interview like a few companies have before telling me how they'll "love to support me by using my freely licensed software". one company asked for an hour presentation for their protocol team on EXI as part of the "interview" before telling me they'll join my "cause" if I change the license to permissive.

But I lack the knowledge to do that myself. Is this somethign we could work on?

I could contribute to it.

you want to find a Java EXI library and run some performance tests on it?

I know basic network performance for XMPP

I know that you *wont* get the 40x gains that I'm seeing from Java but you'll likely get 20x speed gains

the speed gains are largely the CPU cost of a string comparison. W3C did their own but I don't know what software they based it on, failing anything else you could grab some graphics from the EXI primer

er https://www.w3.org/TR/exi-measurements/

I'm updating that etherpad with the rough estimates that you have. I don't intend to send what is typed there verbatim. I'm fine with rough outlines, for now

outside IoT yea those speedups are the largest perk. especially on the server side.

those would be speedups in XML parsing right?

bandwidth and CPU cost money. saving bandwidth and CPU saves money.

what about bandwidth savings?

both parsing and creation, but yes. both sides

it depends on the data in all cases. IoT with float and int data obviously gets the best gains.

regular chat

ballpark it

"funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine?

> "funxmpp"-like approach would get you bandwidth savings at the cost of CPU I imagine? Probably. But CPU isn't our bottle neck at the moment

regular chat? you'll be using byte packed mode without the precompression option, qname tables under 250 in size, so "message" would be 1 byte, "from" is one byte. "to" is one byte. the JIDs would likely be one byte each. so SE-"Message" AT="from" "guus@yourhost.isgreat" AT="to" "arc@myhost.islong" ...message... EE would be around 60 bytes to around 6 bytes. so the message stanza overhead would be only around 10%

CPU processing speed, well see the measurements for the various java tools

with byte packed, you can assume that the qname for each element and attribute is 1 byte. and the string table for JIDs are 1 byte too. extra attributes like id= will add to the cost. and unique strings... if memory serves you can set the value for some attributes to not be cached since they're unique or not commonly reused. so the length of the id= attribute would be unchanged

right, but 'regular chat' traffic also includes a bunch of IQ and Presence stanzas. I'm thinking that most of the data would be pretty dictionairy-able, with the exception of the chat message texts?

exactly.

that's why i said overhead :-)

average stanza character count in my MAM archive appears to be 185

ok and whats the average body length for those message stanzas?

i mean i forgot the id= and the body element, so you have SE-"body", etc. but ballpark its a huge bandwidth saving

average body char count is 64

note that I'm doing stupid SQL queries on a bucket load of crappy data

And even if CPU isn't a bottleneck right now, saving on CPU is a great thing, because it reduces energy consumption on portable devices

so, what's the huge ballpark saving? 🙂

so average message header is 121, and we can reasonably say that can be represented in under 12 bytes.

so the message header would be 10x smaller. or the entirety of the message about 40% smaller.

but iq and presence nodes would reduce that further

ive never worked with that server but my own experience says that you should be able to double the number of stanzas routed per second. and thats exceedingly conservative

its likely closer to 10x

assuming that parsing is the bottleneck

Parsing is almost always the bottleneck.

yea you can't control things like disk or network. but parsing, most notably string matching, is usually the bottleneck

JIDs are being passed with a specific ID# instead of a string, so if done well you can optimize the crap out of that.

but even ignoring JIDs you've got the qnames. and that's a big part of it too

Isn't that a security problem?

not really, the JIDs to ID# is per connection only. they're just cached.

Cool. Updated my EXI-budget-for-Dummies at https://etherpad.net/p/exi

What work do we need to do for this?

https://www.w3.org/TR/exi/#encodingOptimizedForMisses details it but very basically, the first time "zash@ishome" is sent its cached at a specific lookup ID, and then that ID is used on that specific stream

you already have java libraries implementing EXI so your work is much simpler. most of the time will be on the XEP.

we'd probably want at least one client library too

Smack is Java...

sure. smack sounds good. ideally with a different library.

there's a few javascript libraries too

last I looked they all implement only the core functionality and you need to provide the grammar as a file

((that's fine for a client))

i mean, for the client you shouldnt even need a library. you can hardcode values.

(note that I'm basing this very specific though experiment on implementations that I'm familiar with - I'm not trying to hijack this for my implementations at all, even if it starts to look like that now)

no you're fine. by no means would i want to intermangle my work into this

I'm also looking around the room

i made the mistake of leaking the source for libexi a few years ago and I still get email in korean asking for support

is EXI suitable for federation?

client A -> server A -> server B -> client B ... even if client A and B share a vocabulary, servers A and B might not share the same?

S2S? absolutely. with a very broad grammar and without "strict" so that grammar can grow

what's the implication of 'strict' exactly? More performance?

non-strict... in XMPP terms, say you have four options for the scope inside <stream:stream>; <message>, <iq>, <presence>, and </stream:stream> - right?

strict would encode that as 4 options, or when bitpacked 2 bits

non-strict would encode that as 5 options with the final option being "something I didn't expect"

right, so, performance.

you want strict where possible, because it compresses better.

I need to be paying attention to other stuff shortly.

yes, minorly for bandwidth, more for CPU.

its 3:30am here so I really need to be doing other stuff shortly. ie, becoming unconsciousness and hopefully hallucinating vividly

Right. I like having been able to come up with the roughest of sketches.

Let's see if we can build on this later.

sure.

feels like progress though, that's really great :-)

agreed

ok, thanks!

I'll grab some lunch and get other stuff done

sleep tight!

I was just re-reading https://www.w3.org/TR/exi-primer/#encoding and its actually .. a lot better than I remember.

i mean, wall of text is intimidating but if you walk through it and compare to the binary below its very informative, if cumbersome

but yea, g'night

"Arc> oh yea that's right, I completely forgot I jumped back in xsf to ask for recommendations for a xmpp library with pubsub support for rust" < We have no funding, but there's xmpp-rs (xmpp:chat@xmpp.rs?join), You might be able to reuse bits and pieces, and otherwise we'd be happy to have a use-case (and people contributing)

I don't think there's many more people working on Rust publicly atm, it'd be a shame to split already.

dwd, ^

I wasn't suggesting a split. Just noting I wasn't sure there was an existing standout library.

Not that it's really usable yet but we'd like to get funding for it so we can spend more time

"I’m not immediately sure that what I was saying didn’t make sense." - thanks, Kev, for making that clear...

You mean: "thanks, Kev, for not making that unclear"

Guus, It'd be wrong to say I'm not certain that wouldn't have been worse.

I agree.

You're welcome.

(I just guessed a response)

Failed to parse sentence: resource limit exceeded while processing negations.

Everyone does like to pick on my English :p

In fairness, your Hungarian is worse.

(again, guessing)

It's not impossible.

Guus, My Hungarian used to be pretty good, but these days I just use simpler vairable names and a better IDE.

dwd: I think you're actually saying in that thread that the IETF now has 4 stages, which is roughly what I'm proposing for the XSF (modelled on Flo's suggestion).

That is, I'm suggesting we have Individual I-Ds, which are numberless.

Kev, No, the IETF dropped a stage. It did have 4 indeed.

And the acceptance for /those/ could be mechanical.

It had five, now it has four, no? If you count Individual and WG as distinct.

> That is, I'm suggesting we have Individual I-Ds, which are numberless. I was going to suggest that after what dwd wrote

Yes, that's fair.

So we could have an entirely mechanical numberless stage that gets it published and under IPR.

More or less inbox-plus.

FWIW, I'd be fine with having those numbered. Although given that people get excited that we have lots of XEPs, there's that risk.

Experimental becomes roughly what it is (effectively) now, which is that it's a direction Council wants to see investigated.

Versioned inbox

dwd: I think the numbers are part of the problem.

dwd: I think "It's been published and assigned a number" is what makes the issue with accepting knowing it needs significant changes.

I really need to catchup on standards@

By having the first stage be "It doesn't have a number yet", it makes the risk of it being published and then people saying "Well, it's been standardised, it can't be changed" much lower, I think.

1) Published without number. Anything goes, mechanical acceptance (maybe with a check that it's not just "Screw the Establishment" 5000 times or something, but anything goes. 2) Experimental. Anything goes quality-wise, but confirmation it's a direction the Council think should be investigated. 3) Draft as-is (but maybe a lower barrier) 4) Final as-is (but...)

Which is actually not a million miles away from how the IETF works, by my understanding. Not strictly equivalent, but it has similar properties.

And yes, Daniel, it is very similar to the inbox, in as much as there's no comment on quality, just that it's for future consideration.

> "Well, it's been standardised, it can't be changed" much lower, I think. I think the argument usually goes: we had to implemt something that wasn't ready and ship it because the users were asking for this feature and we couldn't wait five years and now we kinda have to consider dealing with legacy

I think those considerations are independent of numbers or stage names

Which I do think is important. I don't think another stage of Council review and etc. is going to add anything.

Daniel: I boldy assert that I've heard both types of claims.

Nothing we do about versioning or numbering or stages will effect changes in "I had to deploy something now, so I did a thing". But the other side we can do something about.

Hiw do you get the process to handle that?

Zash: I think the first stage helps with that. You can get it published but not advanced to Experimental, and thus not yet have a number assigned, and still be called Proto-XEP.

So what does "Experimental" mean, and what would be the guidance to Council?

Won't stop people from deploying and causing the same problem?

"Council considers this is an appropriate direction to be directing investigation" or something.

So when Council sees a spec and says "This is a problem that needs solving, but this isn't the appropriate way to do it", they can hold it in (1) for a while. It's still been published, it's still versioned, it's still IPRd.

I-Ds get deployed and entrenched if people need and implement them

Zash: Yes, as I said, you can't effect any change in "I had to do a thing so I did a thing".

Zash: You can address "This is now a standard, everyone should be implementing it", I hope.

So Reactions would have been able to be published by now, even though it needs to be framed in terms of a common approach (e.g. Fastening), it just wouldn't be Experimental yet.

Fastening might or might not have reached Experimental (I think the direction is right, FWIW, but that might not be clear enough, who knows).

Several of the things (IM2?) I've pushed out full of TODOs because we needed something published for discussion etc. would have stayed out of Experimental, at least for a while.

I'm not suggesting, FWIW, raising the barrier of Experimental to "This must be implementable and interoperable from the spec as-written". I think it's a good aim for all specs, but I think it's probably fine to leave some hand-waving in places.

I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out"

and then sitting there for years

> I'm in favour of anything that prevents XEPs being assigned numbers while having entire sections consist of "TODO: Figure this thing out" Yes. People at the very least need to be able to write prototype implementations

Interoperable ones, at that

As above, I'm not convinced that Experimental needs to be entirely baked to the point that interop is guaranteed. I think it's fine for it to be genuinely an Experiment with questions that still need answering.

I'd like to introduce a new stage at the low end, not to life the existing stages.

> I'd like to introduce a new stage at the low end, not to life the existing stages. We can do both. Introduce something at the low end end slightly raise the barrier for experimental (from what is described in xep1) to something which we are kinda doing now already

I think introducing super-inbox also lowers the pressure of trying to become experimental

I think that last point is very desirable.

I would like to still see Experimental able to hold experiments that don't have all the answers. I think requiring it to be fully baked before Experimental wouldn't be the best choice. But I think allowing *everything* relevant to be published seems very desirable.

There is then no inbox, essentially. ProtoXEP is a stage in the process, rather than a colloquialism.

We might still choose to have them stored in the inbox/ path on the site, for various reasons, but it's a Real Thing rather than just somewhere for Council to look at things on their way to Experimental.

(And we could do all this without even formally changing our process, although I suggest it would be a good idea to do so)

Daniel, I'm going to be the one picking on details as usual but "stable it has to be stable." doesn't mean much. The XSF would also need to define their version of "stable".

(reading the thread)

Things might change anyways

will.

Ultimately the decision on how much leftover TODOs are OK will still be acceptable. But if experimental becomes (as it de-facto has been for a while now) a 'only thing that council agrees is a good direction' and not 'everything goes' as xep1 spells it out to be I think I want more formal readiness (meaning not _just_ TODOs)

To me this thread and discussions scream "People are afraid of change"

Introducing or removing a stage won't change this I believe

Final is never final. Another XEP someday will come to replace it

(And to me it's exactly the same as changing that Final XEP in the first place..)

Otherwise it sends a weird message when xeps that "some random people on the internet don't agree with" don't get accepted and on the other hand we have xeps that are really just stubs someone wrote in 20 minutes ✏

Daniel: To be clear, I'm not suggesting that Experimental should be a stub. Just that it doesn't have to be complete. I have certainly published XEPs to Experimental with my name on that I would not have needed to be Experimental if we had the ProtoXEP stage.

I'm also fine for Experimental to remain a judgement call of Council.

And I'm also fine with trying to update XEP1 to describe Experimental as it is being used currently, rather than necessarily what it suggests, if it suggests otherwise.

And then Peter appears for an informed opinion :)

pep.: I looked at xmpp-rs but is it asyncio?

"which one", atm it's using tokio behind, we started having a look at async-std. tokio 0.2 uses the keywords fwiw

yea I was looking at the tokio one

this is for playerd and therefore two basic requirements; async and good pubsub support

What's playerd?

"good pubsub support" is not there at all. (We barely have messages in that high-level API), but I'd happily work on that :)

in short playerd is intended to provide game console '-like player management cross-platform; ie, input->player mapping, user profiles, and the basic XMPP-IM functionality like friends lists and chat

imagine on any game console what happens when you press the system button on a controller

I see

most games don't support this on any non-console platform. even on Steam (which has the best of this right now) when you load a game with two players you end up having to physically swap controllers when the game opens and you discover you have them backwards

btw we have a whole new group of teenagers discovering the joys of XMPP right now

we?

copyleft games

gci@chat.copyleftgames.org MUC

Arc, This library able to be used in commercial games, or only GPL?

Pidgin is so much fail :x

dwd: playerd is intended to be permissive

the code itself is AGPL right now though. the intention is to put a LGPL-like exception on it to allow it to be used by non-copyleft games

Arc, Cool. I've heard some rumblings that Epic and others are struggling with XMPP, but perhaps some demonstrations that it has broader utility might help.

valve reached out to us about playerd a bit ago too for the same reason, which gave me some hope that steam could broaden their xmpp support

Arc, Does Steam use XMPP at all?

That's what I understand from this sentence :x

from what little I could gleam (since the valve person was under NDA that I didn't sign) they have XMPP at some place internally but currently expose some "Steamworks IM" protocol to games, and there's a lot of pressure from gamedevs to use XMPP instead, so that led them to look into offering an alternative protocol

Oh, interesting. Perhaps Board could try to get into contact and see what we could offer?

What can the XSF offer at all? "Hey we can propose you more protocols!" :)

I don't know, but some contact might answer that question.

they dont need more protocols :-)

playerd uses common sense stuff

which XEP is that;

for playerd? I haven't submitted one

btw do we have a XEP for Oauth2 SASL negotiation?

as in RFC 7628 as applied to XMPP? even a best practices one?

XMPP is referred to in the RFC

but the RFC more or less starts after you have the bearer token. it doesn't really dig deep into how XMPP clients get that token

I also seem to miss how that's supposed to work.

oauth2 is a pretty big spec and covers use cases like keyboard-less UI.

consider a teen with the tech savy of the average iphone user, sitting down with a game controller and wants to "log in. oauth2 supports this, but its not very obvious how the xmpp client would.

I kinda get the impression that OAuth only works if you're web-based.

ideally they'll get a short URL plus a qr code on the screen to access on their phone to log in via phone-based web browser, or any other browser

nope. it works in all cases - and that's my point

you can log your smart fridge in with no form of input at all

fridge would just give you a URL to access to log it in

like, "Go to HTTPS://AUTH.GE.COM/H8C0 to login" with an all-caps qrcode (all caps qrcodes use fewer bits to encode so easier bigger squares, easier to scan)

the fridge keeps accessing a https url and receives a authorization_pending error response over and over until you actually log it in. and if you take very long the server will send a "expired_token" error, in which case the fridge will have to start over often with a new URL.

but once you login on your phone or laptop or whatever, the fridge will get a response containing the bearer token that it can use to actually login

usually the server will wait a few seconds on each request before sending the authorization_pending error, so that the exact moment the login is completed the fridge can be sent the bearer token. in production there's virtually no delay at all.

desktop XMPP clients can do the same; you just launch a web browser on the url instead of showing it to them on a screen. you don't need a response from the browser.

"just launch a web browser" :(

desktop client runs "browser-open" command with url "https://login.google.com/bla". it doesn't need to get anything back from the browser

there's a standard way to open a URL via default browser on every modern OS

so, yes, web-only

web-only for login yes. but not for web XMPP clients only

here's two lines of Python code to do this from every OS: import webbrowser webbrowser.open(oauth2_url)

it will return True.

seriously the whole client handshake is maybe 30 lines of python, tops. my point being is if you're not versed in oauth2 this is very non-obvious so a XEP would be useful. IMHO every XMPP client should be using bearer tokens for account security. for account security every XMPP server should only accept oauth2 bearer tokens.

But, requiring a web browser, I don't want that

Assume that I explode if I have to evaluate JavaScript. How do I OAuth?

Preferably at a safe distance from other combustibles.

Zash, I don't think there is a reason why OAuth would require JavaScript (beside most implementations certainly will)

Zash: OAuth is a web api. but its completely conceivable, if you write your own oauth2 web client, to use a simple HTTPS form. oauth2 can be implemented entirely server-side

or better yet write it in rust and compile to wasm

without a web browser at all is hard since oauth2 is a standardized web api

I didn't know that browsers are the only operating system for APIs

Ge0rG: lets be real, in the real world 95%+ of software devs are web developers and we're <<looks at the XSF membership>> far too few to write everything. But web devs are limited, and thankfully still need us or we'd all be unemployable.

the only reason these companies approach us is because some web developer sent them our way. in literally every case.

when I get an email from taiwan about working on a smart appliance its because their web devs have already tried and failed. they're hiring a "specialist" because that's what we've all become. and they've already developed the web-side

the most extreme case you'll get consensus from their inhouse webdevs is to use an existing web standard

half the products I get to work on are running NodeMCU (ESP8266) and they already tried and failed to run the whole appliance on javascript using web apis.

... and that's why a vast majority of IoT is running stupid JSON-based web apis

and it doesn't even matter because its for a single production run. the company exists only that long. they sell 100k of a product with a $40 margin over cost to manufacture, the 4 million pays the employees and investors, and poof they're gone with no continued support.

the developers working for these companies have a strictly disposible attitude.

they don't care about standards. the only reason they use standards is to shorten their development cycle. they don't care about license compliance. if we're super lucky they toss their code over the wall on github to bitrot.

Great pitch for all these new students that want to get into programming.

I would have gone farming right away if I had known

lol well :-)

my point is standards are only useful if people use them, we need to make XMPP accessible to web devs because they control the code that goes into products, and they also control who gets funded.