XSF Discussion - 2020-01-23

  1. Guus

    is using an empty <before> element in a RSM request a spec'ed way to request for the 'last' page of a result set?

  2. lovetox


  3. lovetox

    its described in the RSM XEP

  4. Guus

    https://xmpp.org/extensions/xep-0059.html ?

  5. Guus

    can't find it there

  6. MattJ


  7. Guus


  8. Guus


  9. Guus


  10. Guus


  11. MattJ

    It's ok, it's still early in the morning :)

  12. Guus off to find more coffee

  13. Ge0rG got some coffee already, and travelled 150km

  14. jonas’

    I don’t envy you

  15. MattJ

    Is that a long way?

  16. jonas’

    it’s more than the 7 km or so I commute to work

  17. MattJ

    93 Great British Miles, so yeah quite far

  18. Guus


  19. jonas’


  20. Ge0rG

    my usual commute to work is measured in meters, not in kilometers

  21. jonas’

    7 km is a bit above the average for my commute to work in the last year. I had home office a few times.

  22. Ge0rG

    hm. when I divide the kilometers driven last year by working days, I have a daily average of ~43km. That's rather high, and it doesn't even count in the railway kilometers.

  23. jonas’


  24. Guus

    I used to commute 1000km a week. I've learned that the time lost in commute, not so much distance, annoyed me more.

  25. Guus

    it's so... pointless.

  26. Guus

    For the past few years, I'm working remote - saves me 2 to 3 hours a day that I can spend on things that are more enjoying than sitting somewhere, waiting to arrive somewhere else.

  27. jonas’

    I’m using commute time for reading up on stuff nowadays

  28. Guus

    (I did have ~one year of commute by bicycle, which was good for clearing my head / getting in shape (less out-of-shape) - that was good too).

  29. jonas’

    I imagine

  30. jonas’

    cycling is kind of a suicide mission here tho

  31. jonas’

    waaay too many high-traffic roads without dedicated cyclist lanes

  32. Guus

    Yeah, I was driving myself. Reading while operating a vehicle is frowned upon, generally. Never got into audiobooks - although I was very up-to-speed with current affairs through radio shows.

  33. Guus

    Yeah, I've learned that. Once drove over what i thought was a dedicated cyclist lane in Germany, which turned out to be the emergency shoulder of a highway.

  34. jonas’

    driving yourself sounds like an ecological nightmare in addition to the waste of time

  35. jonas’

    holy smokes

  36. Guus

    there was a colonne of military vehicles passing us. Every. Single. One. Used. Its. Horn. On. Us.

  37. jonas’

    yeah, cyclists on the highway is also something which gets mentioned in radio traffic reports

  38. jonas’

    but now I get *why* you’d even do that -- thinking that the emergency stuff was for cyclists

  39. Guus

    Yeah, that's not done here too. But we got confused by first having been on what actually was a dedicated bike path on a very similar road.

  40. Guus

    In the Netherlands, things are very clear to me, in that respect.

  41. Guus

    Also, this was 20 years ago 🙂

  42. Guus

    oh, being self-employed and being able to deduct travel from taxes should give me a nice way to see how much I travelled (for work) last year.

  43. Guus

    just under 120 hours.

  44. jonas’

    so that’s probably less than I commuted last year

  45. jonas’

    which is by approximation in the order of 140-180h

  46. Guus

    I travelled just over 10,000km last year

  47. jonas’

    in those 120h?

  48. Ge0rG

    I try not to travel more than I have podcasts in my subscription

  49. Guus

    I have two customers that are both relatively far away (~140km one-way). I'm visiting one of them once a month, and the other once a week, when I have an active project with them.

  50. jonas’

    I’m in the order of 3200km, so your travel is *much* faster than mine :D

  51. Guus

    yeah those km and hours correlate to each-other.

  52. Guus

    most of it is highway.

  53. jonas’

    (which isn’t surprising, because I’m commuting from one end of the city to the other)

  54. jonas’

    (via public transport, which is okay, but mostly blocked by rush hour individual traffic)

  55. Guus

    10430/120 = 87km/h

  56. Guus

    makes sense.

  57. Ge0rG

    I hope I'll be driving a BEV two weeks from now, so that I can still commute by individual transport but not have such a bad consciencs

  58. Ge0rG

    I hope I'll be driving a BEV two weeks from now, so that I can still commute by individual transport but not have such a bad conscience

  59. Guus


  60. Ge0rG

    Guus: battery-electric vehicle (of course only charged by regenerative energy sources)

  61. Guus

    ah right.

  62. Guus

    I'm on regular petrol - next car probably will be an electric one as well.

  63. Guus

    still - 10,000k is a dramatic improvement over a few years ago for me 🙂

  64. Guus

    still - 10,000km is a dramatic improvement over a few years ago for me 🙂

  65. jonas’ silently points at burning australia.

  66. Guus

    Not arguing that more should be done.

  67. Ge0rG

    I'm pretty sure that what's happening now all over the world is the beginning of the Apocalypse.

  68. jonas’

    yeah -- I’ve been in a fun discussion the other day and it’s echoing back

  69. jonas’

    "Jesus will save us" was the tip of the iceberg

  70. jonas’

    but we’re getting lots of off-topic now :)

  71. Ge0rG

    jonas’: Jesus will save us from that, too

  72. jonas’

    from the off-topic?

  73. Ge0rG


  74. jonas’

    I thought our lord and saviour for off-topic was xmpp:xmpp@chat.yax.im?join ?

  75. Guus

    I'm very interested in what will happen in the Netherlands in the next few months. Somewhere in March I think, the speed limit is dropped from 130km/h to 100, in order to reduce emissions.

  76. Guus

    I wonder what that does for not just the emissions, but also traffic jams, injuries, etc.

  77. jonas’


  78. jonas’

    also, kudos to the netherlands

  79. jonas’

    even thinking out loud about introducing a 130 km/h speed limit gets you on the kill-list as a politician on Germany :)

  80. Ge0rG

    jonas’: you shouldn't be making fun of it. Politician kill-lists are a real thing in Germany

  81. Guus

    It's a grudgedly applied limit, because we suddenly found out we had to stop all kinds of developments due to to high emission levels.

  82. jonas’

    Ge0rG, I know.

  83. jonas’

    Guus, ah, germany simply doesn’t care.

  84. Guus

    I think the average commute in the Netherlands is 20km or something

  85. Seve

    wow 100km/h, so slow Guus

  86. jonas’

    "we’ll deal with the trials when they happen" or something

  87. Guus

    Germany obviously is bigger.

  88. Ge0rG

    I would love to see a speed limit on Die Autobahn, even just because my BEV will be capped to 167km/h

  89. Guus

    100km/h is slow, yes. No-one really likes it, and I wonder if it will hold up at all. But it's the least worst thing that they could do, at this point.

  90. Guus

    also, the limit does not apply at night, I think.

  91. Kev

    Well, that bit makes sense at least. Stop people being used to driving at speed, and then tell them the only time they're allowed to do it is overnight when they're driving tired.

  92. Ge0rG

    Kev: it's only to support natural selection.

  93. Zash

    120km/h is the highest speed limit in Sweden.

  94. Guus

    100km/h is slow, yes. No-one really likes it, and I wonder if it will hold up at all. But it's the least unpopular thing that they could do, at this point.

  95. debacle

    I wonder, if XEP-0157: Contact Addresses for XMPP Services should standardize the address of the data protection officer. Because of GDPR and IMHO none of the standardized roles seems to fit. E.g. <field var='data-protection-addresses' type='list-multi' label='One or more addresses for data protection and privacy'/> I didn't check the related RFCs for such things, though. And maybe we can standardize the address of motorway traffic police officer, too.

  96. Ge0rG


  97. debacle


  98. jonas’

    they had a group called autobahn

  99. jonas’


  100. !XSF_Martin

    With the Album Nagelbrett or so.

  101. !XSF_Martin

    The dude abides!

  102. Guus


  103. jonas’


  104. !XSF_Martin


  105. jonas’

    > proxy.mdosch.de?

  106. !XSF_Martin

    For my searx

  107. jonas’

    it’s been too long since I watched the Big Lebowski

  108. !XSF_Martin

    So I can preview results in image searx without leaking my ip and search term to a lot of websites. 😃

  109. jonas’

    so now we all leak our IPs to you?

  110. !XSF_Martin


  111. Zash

    Standardized server-provided previews?

  112. !XSF_Martin

    I already know your ip, see: https://ip.mdosch.de

  113. !XSF_Martin

    > Standardized server-provided previews? What? Searx is using the Morty proxy on the image search result page.

  114. Ge0rG

    this has completely derailed

  115. !XSF_Martin

    Uh, this is xsf. Felt like Schrödinger's. 😂

  116. nyco


  117. pep.


  118. ralphm bangs gavel

  119. ralphm

    0. Welcome + Agenda

  120. ralphm waves

  121. Seve says hi

  122. ralphm

    Welcome all. Who do we have? Do you have an agenda item?

  123. nyco


  124. Guus


  125. pep.

    No agenda item right now. There are things I need to send.. soon(tm)

  126. ralphm

    DO we have a MattJ?

  127. ralphm

    1. Minute taker

  128. MattJ


  129. ralphm

    Thanks nyco!

  130. ralphm

    2. XSF Objectives

  131. ralphm

    The PR that's still listed on our Trello has since been retracted, in favor of an offer to make XEP-0001 a bit clearer.

  132. ralphm

    I believe one of the issues was that XEP-0001 doesn't clearly (enough) document or reference what we believe to be an open standard.

  133. ralphm

    Working from what is written in our IPR Policy, I believe we should be able to resolve that unclarity.

  134. Guus

    I don't think it'd hurt much to clarify things, if we can do that without adding so much prose that that in itself opens things up for interpretation.

  135. Guus

    iirc, Kev volunteered to make a suggestion for an improvement, after a time of reflection.

  136. ralphm


  137. Kev


  138. ralphm

    So I think we can close this item for the time being.

  139. pep.

    For this kind of soul-seeking process I'd like to involve members. If we get to something board thinks is ok, then propose it for a vote or sth

  140. Guus

    I don't think that's needed.

  141. pep.


  142. Kev

    I'm not looking to suggest a change to process, just a clarification to XEP1 of what our process already is.

  143. pep.

    Guus, why not?

  144. Guus

    as I assume Kev is going to write up a more specific definition of what Ralph, Dave, me and others understand to be the definition as how we interpret it today.

  145. Kev

    (We might, subsequently, decide we want to change our process, but one step at a time)

  146. ralphm

    pep., IMO, I don't think we need to be soul-seeking. The XSF has been pretty consistent in their interpretation of what constitutes an open standard, in our IPR, FAQ and Mission statement. Documenting that clearly in XEP-0001, however, is useful.

  147. Kev

    And I have to vanish now. Will read the minutes.

  148. pep.

    Even just "clarifying" something possibly changes what people were picturing

  149. Guus

    I think Kev's approach is sensible: clearly document what we have, and decide if we want to change that only afterwards.

  150. pep.

    Different minds, different ways to interpret things

  151. pep.

    etc. etc.

  152. MattJ

    As Kev/etc. said, I'm with documenting the current state of things

  153. ralphm


  154. MattJ

    Changes are a separate discussion

  155. pep.

    I'm not saying I'm against documenting things, note

  156. pep.

    Just that I don't think it's possible to solely "document" this kind of things. Anyway I'll wait to see what comes out

  157. Guus

    Let's see what Kev comes up with. We'll have to vote on it to merge that change anyway.

  158. Guus

    Let's not over-engineer this to much.

  159. ralphm


  160. Seve

    Super :)

  161. ralphm

    2. XMPP Summit / FOSDEM

  162. ralphm

    Things are well on their way, with various people involved in getting this organized again.

  163. Guus

    (scam hat on) did everyone receive the dinner invitation?

  164. ralphm

    I did.

  165. MattJ


  166. Guus

    it should have gone out to members and summit mailinglists.

  167. Guus


  168. ralphm

    For those reading these logs and/or minutes: please register for the XSF Dinner.

  169. Guus

    Unsure if we need to discuss more around these events in this meeting?

  170. Guus

    (happy to, unsure what)

  171. ralphm

    nothing in particular

  172. ralphm

    Other than to mention that we will not have a Board meeting next week.

  173. Guus


  174. ralphm

    3. GSoC

  175. ralphm

    I was curious if there are any updates.

  176. Guus

    For those reading these logs and/or minutes: please have your name added to the wiki page if you attend the summit. I'll use that for the guest list at Cisco's.

  177. ralphm

    Thanks Guus

  178. Guus

    flow registered us as an organisation

  179. Guus

    iirc, him and larma are signed up as an org admin. He asked me to sign up as one too, in the understanding that I'd be a backup only.

  180. Guus

    I did that.

  181. larma

    we still have to fill profile details before the application is considered complete

  182. larma

    deadline for that is Feb 5

  183. ralphm

    larma: also Project Ideas, right?

  184. Guus

    At that time, we should have project ideas ready, right?

  185. Guus

    In any case: projects that want to join should start preparing.

  186. larma

    We only need to have the page with profile ideas, which already exists. I know some orgs were accepted in the past without a proper ideas page, but it's better to have it filled by then

  187. Guus

    it doesn't hurt to have a list of teaser tasks, etc.

  188. ralphm

    larma: agreed. Hereby another reminder for our community to add more ideas on https://wiki.xmpp.org/web/GSoC/2020/Project_Ideas

  189. Guus

    that will all reflect better on our application.

  190. Guus

    larma / flow maybe it'd be good if you guys explicitly poke projects for those?

  191. Guus

    the better the quality of our proposal, the higher the chances that we get accepted.

  192. larma

    Guus, sure, openfire and smack already have their list linked

  193. ralphm

    4. AOB I would be happy for today's meeting to be short, and hope to see many of you next week.

  194. MattJ

    None here

  195. pep.


  196. Seve

    None :)

  197. Guus

    None here

  198. ralphm

    5. Date of Next

  199. ralphm


  200. ralphm

    6. Close

  201. ralphm

    Thanks all!

  202. ralphm bangs gavel

  203. pep.


  204. edhelas


  205. Guus

    oh, forgot something

  206. MattJ

    Too late!

  207. pep.

    Guus, please send on the list if possible :)

  208. pep.

    If it's not urgent

  209. Guus

    needs to be done before summit

  210. Guus

    I'll take it to the list.

  211. ralphm


  212. Guus

    Dave doing MC at summit (with keV)

  213. Guus

    Dwd asked for board to explicitly discuss him acting in that role

  214. pep.

    As I said in scam@ I'm +1. And we can also take that to the list and have board vote there until next week. If people are already gone?

  215. Guus

    Context is the discussion about the definition of "open standard" and "omemo" that happened, and how he took a position. Dave wondered if that made it undesirable for him to act as an MC.

  216. Guus

    He explicitly asked me to put that before board.

  217. Guus

    dwd - feel free to chime in.

  218. Guus

    Dave and me discussed this before Kev changed his availability status at the summit from 'online' to 'in-the-room'. Kev, as previous years, offered to lead the troops at the summit. As I understand things, Dave and Kev discussed doing it together, this year.

  219. Guus

    All of this is already a lot more formal than I wanted to be "pick someone that takes point" to be.

  220. Guus

    I think it suffices for board to answer Dave's question if they have objections on Dave acting as a master of ceremony at the upcoming Summit. I'd like to leave it at that.

  221. MattJ

    I think many people "took a position" in the discussions, I don't have any objections

  222. Guus

    I for one don't see any issue. If taking a position in an argument disqualifies you from doing anything like this, we have bigger issues.

  223. pep.

    #freespeach #censorship

  224. pep.


  225. pep.

    Always miss this one

  226. Guus

    Seve ralphm ?

  227. moparisthebest

    I feel the need to pipe in here, no hard feelings on my end at all, people have different opinions and that's perfectly fine

  228. Guus

    Thanks moparisthebest

  229. Guus

    dwd please let me know if this satisfies your request. If not, we can take it to a mailinglist.

  230. Guus

    sorry for not bringing this up during the meeting - that would've been better.

  231. moparisthebest

    judging by the text I've read from dwd , him MC'ing sounds hilarious :) on that topic is there going to be a live stream ?

  232. jonas’

    what’s MC?

  233. jonas’

    I suppose it’s not about MC as in https://www.youtube.com/watch?v=ymNFyxvIdaM

  234. moparisthebest

    I still regularly link people to https://wiki.xmpp.org/web/The_Knight :)

  235. moparisthebest

    jonas’, https://en.wikipedia.org/wiki/Master_of_ceremonies

  236. jonas’


  237. Seve

    I'm sorry, it sounds as I'm not aware of this (Dave being MC for this summit). Is it in a mailinglist? Or it has been in this room?

  238. Guus

    Seve it was not discussed outside of Scam, I think

  239. Seve

    Last thing I know was Kev was not able to make it to the Summit this year, but now I see it looks like he can? :D

  240. Seve

    Ah I see

  241. Guus

    This hardly is an official position

  242. Guus

    we might as well push someone forward during the first hour of the summit - but it helps to get things going of we pick someone before then.

  243. Guus

    Like I said: this entire discussion now is a lot more formal than what I think is needed.

  244. Seve

    I think it is very worth having this already decided as Summit time always ends up being too short. Depends on how serious we want this to be :) This is a subjective opinion as I don't know how Dave is as a MC, but just to not make this message longer, I would go with him if he stepped up for this. It depends now on the audience if he is too humorous haha :) But yeah, I like him and this, again, is subjective :P

  245. ralphm

    I am personally just happy that someone wants to share the Summit and don't care if it is Kev or Dave or both in turns.

  246. ralphm

    I also don't think Board should have an opinion on it.

  247. Guus

    he asked.

  248. ralphm

    And I answered. Though maybe differently than dwd wanted.

  249. Kev

    FWIW, I do think it's good for Board to at least approve the Chair, and when I offered to Chair I hadn't realised that Dave wanted to do it.

  250. ralphm

    I approve of Kev and/or Dave.

  251. Kev

    I was offering, rather than asking, Dave very much wants to do it, IIUC, so I'm happy for Board to say Dave, or Board to say Dave/Kev to work out between themselves, or whatever.

  252. Kev

    But as Dave wants to, I'm not intending interfering.

  253. Kev

    (Sorry, was out, am now back)

  254. Guus

    I'm with ralphm on this one.

  255. ralphm

    Ok, when we get tired of the voice of Dave, it is good to know there's a backup :-)

  256. Kev

    (Unless Dave does a terrible job, in which case I'll attempt a coup, but I don't anticipate that :D)

  257. Guus

    We'll bring the rotten tomatoes to support your cause.

  258. ralphm

    I love a good coup d'état.

  259. pep. prepares the pitchfork

  260. moparisthebest

    how do you run someone off the stage at the XSF summit? throw some JSON printouts at them?

  261. ralphm

    Ooh, I could bring my XEP-0060 printout.

  262. Seve

    Say, "Is this the Matrix discussion room" while going in

  263. Guus

    I'm fairly sure Dave would be resistant to most of that.

  264. ralphm

    Seve: oh, I should have given Matthew Hodgson a heads-up.

  265. Guus

    threaten to remove bacon from breakfast, however, might be effective.

  266. moparisthebest

    too far

  267. Ge0rG

    marc: FYI re XEP-0401: https://mail.jabber.org/pipermail/standards/2020-January/036913.html

  268. Ge0rG

    Also XEP-0401 at work here: https://georg.lukas.pro/picture.php?/708/category/xmpp

  269. Zash


  270. marc

    Ge0rG, awesome!

  271. Ge0rG

    marc: the invitation module is live on yax.im

  272. Daniel

    Ge0rG: you can also add the same play store referrer for the Conversations on that landing page if you haven't already

  273. Ge0rG

    Daniel: I had to quirk around the new play installer library, it crashed the Play app with an xmpp: URI

  274. Ge0rG

    Daniel: so I switched to "https://yax.im/i/%23" + jid + params

  275. Daniel

    Didn't have any problems with that

  276. Ge0rG

    Daniel: a referrerized version of the landing page is on https://yaxim.org/invite/

  277. Ge0rG

    Daniel: maybe the Play client on my Android 6 is too old?

  278. Ge0rG

    I had a bunch of crashes and dubious Play errors when trying to record that video

  279. Ge0rG

    what you see is the sixth or so attempt

  280. marc

    Ge0rG, awesome, tbh I dislike the current implementation (separate IQ) but since end users don't care we can implement a proper version based on SASL in parallel?

  281. Ge0rG

    marc: based on SASL2. SASL isn't flexible enough

  282. Ge0rG

    marc: and SASL2 is early beta at best

  283. marc

    Ge0rG, I meant SASL2 ;)

  284. Ge0rG

    somebody ought to work on it

  285. Ge0rG

    marc: I'm sure we can add a SASL2 flow into 0401 when SASL2 is ready

  286. Guus

    Please add yourself to the list of participants at https://wiki.xmpp.org/web/Conferences/Summit_24 if you're attending the summit. I need that list to be complete, to arrange for access to the Cisco building.

  287. Guus eyes dwd

  288. marc

    Ge0rG: so what do you propose for 401? Wait until SASL2 is ready or use the hack for now and update it later?

  289. marc

    I mean 401 as XEP not the implementation

  290. Ge0rG

    marc: use the hack and update it when SASL2 becomes ready

  291. Ge0rG

    as SASL2 is not standardized, I'm sure we won't even need to bump anything when it appears

  292. marc

    Ge0rG, not even bump 401?

  293. dwd

    Ge0rG, What's missing in SASL2?

  294. Zash


  295. Ge0rG

    marc: I don't see a need

  296. dwd

    Zash, Sure. I need to find time to test the one I have for Openfire and PR it.

  297. Ge0rG

    marc: the new feature is feature-namespaced and nobody implemented 0401 before anyway

  298. marc

    Ge0rG, I'm not in SASL2 but when we change the wire protocol from the "hacky" to SASL2-version, we need to bump 401, no?

  299. Zash

    New version of the XEP?

  300. Ge0rG

    marc: I'm not sure about that

  301. jubalh

    XEP-0232 is the only one that tell others my client version, right?

  302. Ge0rG

    jubalh: https://xmpp.org/extensions/xep-0092.html and there is also disco identity

  303. jubalh

    whats disco identity?

  304. Ge0rG

    jubalh: https://xmpp.org/extensions/xep-0030.html#example-2 has one for servers, but clients often contain the respective name in there

  305. Daniel

    But don't use that to communicate your version

  306. Ge0rG

    yeah, don't add anything dynamic in there, as it breaks disco#info caching

  307. Zash

    Having your version in XEP-0232 does that too

  308. Daniel

    So 92 it is

  309. jubalh

    I'll read all of them now before asking more questions :)

  310. Zash

    "breaks" is a bit harsh, but we don't need to shove too much stuff into disco#info

  311. moparisthebest

    so we need a special push protocol specifically for new apple induced constraints? that's nice

  312. Ge0rG

    moparisthebest: another one beyond the Push XEP?

  313. moparisthebest

    yep, see https://mail.jabber.org/pipermail/standards/2020-January/036925.html

  314. dwd

    Yeah, Apple are cracking down on silent/straight-to-app notifications. This affects features like fully encrypted stanzas rather badly, since only the app knows if a stanza arriving is of the sort you'd want to use a visible notification for. Facebook/Whatsapp and others are rather annoyed about it all.

  315. dwd

    Personally, I think it's part and parcel of not using open standards.

  316. moparisthebest

    and it does hurt to cripple an open standard to support a closed platform made up almost entirely of users who don't care about open anything

  317. Ge0rG

    dwd: we need to get back to the "contains actual message" push payload then?

  318. moparisthebest

    on the other hand "xmpp sucks, doesn't even have a useable ios client"

  319. dwd

    Ge0rG, Well, for us (Pando) we don't display message content in the notifications anyway, and we'll never do full stanza encryption because of metadata analysis (we offer that back to the hospitals). So it somewhat depends on what UX you're trying to get versus what securiy model you're aiming for.

  320. dwd

    moparisthebest, And yes, this second is important. But note it'll affect WhatsApp as well.

  321. moparisthebest

    and signal from the link in that thread, I suppose everyone

  322. moparisthebest

    the more annoying bit for xmpp specifically is, it's easier to just change all your servers if you control all the servers haha

  323. dwd

    moparisthebest, Likewise with clients. Open Standards is a harder path.

  324. moparisthebest

    clients are easier to change there because none really work today anyway, but yep

  325. Ge0rG

    I'd take the ramblings of Mr. Nenakhov with a grain of salt. I know that Anu had to do significant work on Monal for iOS 13, but he managed to make it work, so...

  326. moparisthebest

    not reliably from what I've heard, and only with the voip hack which is well documented as gone now

  327. dwd

    Ge0rG, I heard all the same things from Facebook and Wire people.

  328. moparisthebest

    just follow the links, you don't have to take his word for it

  329. dwd

    Ge0rG, I think Andrew's right in this case.

  330. Ge0rG

    Well, we can thank Facebook for that, then. But maybe the faceless automaton that is the Apple approval process will be kind to Free and Federated IM clients.

  331. dwd

    Ge0rG, Hahahaha!

  332. dwd

    Ge0rG, But seriously, please do let me know what you think is missing from SASL2. Once I've an implementation in Openfire, I was considering Last Calling, so if you think tere are important things to do first, please say.

  333. Ge0rG

    dwd: essentially what Zash said. It only exists in theory.

  334. Ge0rG

    dwd: for me to make use of it somebody would have to convince flow to implement it in smack in a way that can be back ported to the previous release

  335. dwd

    Ge0rG, Zash has half an implementation, and it's on flow's roadmap. Openfire has an implementation, though it's not yet in master (having rescured it I need to test it a bit before makign the PR, but the code is there).

  336. dwd

    Ge0rG, flow's aim is to get it working for ISR etc, which seems like a major effort - I doubt it'll backport cleanly, though a simplistic implementation should work.

  337. Ge0rG

    dwd: also with it being a security algorithm, somebody with a background in security needs to vet it

  338. Ge0rG

    I'm not yet ready to upgrade my minimum sdk level to smack 4.4 equivalent

  339. dwd

    Ge0rG, Well, it's not a security algorithm. It packages existing security algorithms in the same way as the existing SASL binding.

  340. lovetox

    dwd im interested in SASL2

  341. lovetox

    if you have a server impl, i would try to impl it in Gajim

  342. lovetox

    im most interested in the password reset thing

  343. Ge0rG

    Wasn't there also a discussion about SASL being IETF territory?

  344. dwd

    lovetox, I did have half an implementation; I just couldn't figure out how to prevent the stream restart.

  345. dwd

    Ge0rG, Any SASL mechanism, yes. SASL2 isn't one. It's borderline, I'll accept, being a binding, and I'd like some review from IETF folks, but we can get Alexey to look quite easily - and he designed the original.

  346. lovetox

    dwd what was the XEP again?

  347. Ge0rG

    dwd: that sounds like a reasonable plan indeed. Is asking Alexey blocked by needing more implementations?

  348. dwd

    Ge0rG, Well, if Kev considers implementing, I think Alexey would pretty much get sucked in...

  349. dwd

    lovetox, XEP-0388.

  350. lovetox

    oh that was the one about 2FA

  351. lovetox

    not the one with password reset

  352. lovetox

    also useful though

  353. lovetox

    although i dont know how this works in practice

  354. lovetox

    if you have a bad connection, you need to 2FA every minute?

  355. dwd

    lovetox, Though my Openfire code at https://github.com/dwd/Openfire/tree/dwd/sasl2 has SASL2 (XEP-0388), TOTP-2FA (XEP-0400), and I genuinely can't recall what else right now.

  356. dwd

    lovetox, That was why I did CLIENT-KEY, so you could get a "Remember this device" thing.

  357. moparisthebest

    that might also just resolve itself with QUIC

  358. moparisthebest

    since you can keep the same connection across network disconnects or networks

  359. dwd

    lovetox, XEP-0399. I do have code that's very similar to XEP-0399, but not quite. And there's SASL-HT* as well which could be used in much the same way, and, as moparisthebest says, QUIC.

  360. Ge0rG

    I suppose 2FA only makes sense at the moment when you have to enter a password.

  361. dwd

    FWIW, if I were to do CLIENT-KEY again, I'd probably do something weird based aorund HPKE instead.

  362. Ge0rG

    Why not just x.509 client certificates