XSF Discussion - 2020-02-19

  1. moparisthebest

    Do any servers support https://xmpp.org/extensions/xep-0078.html anymore?

  2. moparisthebest

    Or might it be worth resurrecting? Since TLS is required and everyone (https world) agrees basic auth is fine, and it doesn't suffer from the "never upgradeable" problems sasl does?

  3. Ellenor Malik

    sasl is downgrade resistant

  4. moparisthebest

    And upgrade proof

  5. dwd

    moparisthebest, You can get the same effect as XEP-0078 with PLAIN, and essentially the same speed with SASL2, though.

  6. dwd

    moparisthebest, And you get to choose more secure methods than PLAIN, as well.

  7. moparisthebest

    I'm not clear on what those are, I know about "channel binding" for instance, and iirc it's been broken before and such, but assuming not who cares anyway

  8. moparisthebest

    If every http application ever can live without it, what's the point

  9. moparisthebest

    Again, I understand not sending something plaintext across the network that can be used to login as you was absolutely critical when XMPP was written, TLS wasn't the norm then

  10. moparisthebest

    Is it valuable in a world where everything is TLS though?

  11. dwd

    HTTP applications often use OAuth, which can be done over SASL but not XEP-0078, for example.

  12. moparisthebest

    That's normally when you authenticate with a 3rd party service though right?

  13. moparisthebest

    Like, sign into this site with your GitHub account?

  14. moparisthebest

    Does anything in XMPP do that?

  15. dwd

    Yes. But that doesn't matter - point is that SASL is extensible, whereas XEP-0078 isn't.

  16. dwd

    And certainly some deployments seem to like having channel binding around, or not having plaintext password equivalents on the wire even with TLS in play.

  17. Ellenor Malik

    moparisthebest: SASL is the pinnacle

  18. moparisthebest

    Oh I get it's more extensible, it just seems 99% of the time the extra complexity and RTTs is not desirable

  19. moparisthebest

    Seems like 0078 should be the norm and sasl the exception nowadays I'm saying?

  20. moparisthebest

    My impression is this situation is similar to Direct TLS vs STARTLS

  21. flow

    moparisthebest, I think SASL PLAIN is the same (or at least close to xep78) in terms of complexity and round trips

  22. flow

    dwd, what's the benefit, besides feature discovery maybe, of "simple json" compared to xep335?

  23. flow

    and will I find an answer ot this question by carefully reading the simple json XEP?

  24. dwd

    I think so. How would a developer go about using 335? Would it involve more code than simple json?

  25. dwd

    The comparison isn't between simple json and raw 335, it's between simple json and stuffing json in directly into message bodies.

  26. Daniel

    Isn't the comparison between stuffing json anywhere and explaining people what the x in xmpp stands for?

  27. dwd

    Pretty much.

  28. dwd

    But I do understand that "Here is a protocol framework. Now off you go and design a protocol and implement it in multiple libraries" is quite a steep learning curve.

  29. Ge0rG

    HTTP REST is even less than a protocol framework.

  30. Ge0rG still isn't over that app downloading 780KB of HTML from Google Play on each launch just to check if it's up-to-date.

  31. dwd

    Ge0rG, Yes, but you just stuff JSON into named endpoints and you're done.

  32. dwd

    Ge0rG, And moreover, even if you do download 780k, it won't damage the network. Whereas stuffing JSON into <body/> does, since naive clients can't be used anymore.

  33. Ge0rG

    League of Legends used to stuff XML into the body, which of course was encoded.

  34. dwd

    Novel, at least.

  35. Ge0rG

    I think it's been in use a decade ago.

  36. Ge0rG

    > Release: October 27, 2009

  37. ralphm

    Ge0rG, there's no last-modified/etag check upon retrieval?

  38. Ge0rG

    ralphm: the code is straight from https://stackoverflow.com/a/36509726/539443

  39. Ge0rG

    It's surprising that almost none of the http client libraries actually supports local caching

  40. Ge0rG

    so you end up doing it manually, badly. if at all

  41. ralphm

    That's pretty terrible indeed.

  42. ralphm

    I.e. I can't get over how little people know about stuff like this, and always get this wrong.

  43. ralphm

    Especially when people were still doing RSS aggregators.

  44. Ge0rG

    Hey, encoding a bet on Google not changing their HTML into your app is also a rather dumb decision

  45. Ge0rG

    Luckily, the app's API designers were competent at least.

  46. ralphm

    I guess

  47. MattJ

    should iq type="get" *never* have side-effects?

  48. MattJ

    Because we have an example of such in... RFC 6121

  49. MattJ

    Requesting the roster "subscribes" you to roster pushes

  50. Zash


  51. larma

    vanitasvitae: do XMPP libraries typically provide APIs to easily send arbitrary XML? I was under the assumption they don't make it that easy

  52. MattJ

    > If a connected resource or available resource requests the roster, it is referred to as an "interested resource". The server MUST send roster pushes to all interested resources.

  53. MattJ

    larma, totally depends on the library

  54. vanitasvitae

    larma: in Smack you could do it fairly easily I think

  55. MattJ

    Some are high level, and try to hide everything from you, some are low level and offer barely any XMPP stuff - some fall in between (you could say they fail at both)

  56. vanitasvitae

    Yeah, in Smack you can parse the XML into a "StandardExtensionElement" and append that to your messages.

  57. larma

    vanitasvitae: that isn't what I would call an easy API

  58. vanitasvitae


  59. vanitasvitae

    PR welcome :P

  60. pep.

    MattJ, ugh (re roster). I can see why that's been done but that seems like breaking some assumptions indeed

  61. larma

    I just wonder how we are considering to add stream.send_json(to, json), when we don't have stream.send_xml(to, XML)

  62. MattJ

    It seems obvious that 99% of the time if you request the information you are also interested in changes to that information

  63. pep.

    That seems like a bold assumption to make. Especially since we have mechanisms to say we're interested in the data

  64. Link Mauve

    pep., they wouldn’t be atomic.

  65. pep.

    what do you mean

  66. Link Mauve

    pep., caps to your server may be known to your server long after you’ve requested the roster.

  67. Link Mauve

    In the meantime, you would miss roster pushes.

  68. pep.

    Seems like an edge-case no? Or maybe there's something missing for this kind of case (subscribing to data around bind)

  69. MattJ

    Atomic get-and-subscribe is quite an important operation to have

  70. pep.

    Yes but it this really what we want for iq type="get"? :x

  71. pep.

    Does that mean because I've requested somebody's version I want to know now everytime they change

  72. MattJ

    The XEP doesn't specify that behaviour, so no, it doesn't mean that

  73. MattJ

    It means instead that you have to poll if you ever do want that :)

  74. dwd

    larma, Most libraries let you send/receive arbitrary XML, in various ways that are individually reasonably sane. The problem is that they're all radically different from one another and involve a lot of implied knowledge to use well.

  75. larma

    Yeah, but we are we then not unifying/easying the use of custom XML in XMPP and instead only unify/ease the use of custom JSON in XMPP?

  76. larma

    Yeah, but why are we then not unifying/easying the use of custom XML in XMPP and instead only unify/ease the use of custom JSON in XMPP?

  77. dwd

    larma, I can't think of a way to do that without essentially distilling it into "learn XMPP really good".

  78. dwd

    larma, Don't get me wrong; that's my preferred solution. I just think it's impractical.

  79. larma


  80. larma

    Also, why is it required to learn xmpp really good for that?

  81. Daniel

    does anyone know of a thing that is an xmpp client on one end and a rest api on the other?

  82. Daniel

    with rest calls to send; and where you can put in (http) callbacks for notifications

  83. Daniel

    bot developers these days can’t be bothered to connect to anything not http

  84. dwd

    Daniel, Like the Prosody API, or XMPP-FTW?

  85. Daniel

    maybe. let me take a look

  86. dwd

    larma, I don't know where you'd start with trying to create a generic API. I got a lot of pushback for including the sketch in the original UDT.

  87. dwd

    Daniel, I don't know how maintained XMPP-FTW is, now. At one point it was heavily worked on by Lloyd, but he's moved onto other things and I don't know anyone else picked it up. It was, at one point, looking as if it'd merge the XML <-> JSON translations bits with stanza.io^Wjs.

  88. larma

    dwd: when searching for how to do custom XML in smack I found https://stackoverflow.com/questions/6387947/how-to-send-custom-xml-packet-using-javas-smack-api which basically says, "here is how you, but don't do it"

  89. larma

    It already starts with the requirement to define a namespace...

  90. Daniel

    dwd, yeah; probably something like mod_rest for prosody. probably a little less generic; and kinda scoped to one user (callbacks for just one user; not all users)

  91. larma

    dwd: can we at least agree that it should just be sending strings instead of json so that it can be any notation, or just strings, or base64 encoded binary, or ... Also that would allow libraries to not care about json at all (the current proposal requires libraries implementing it to at least include a json validator)

  92. Zash

    Daniel: Use case? Bots or something?

  93. Daniel

    Zash: yes bots

  94. Zash

    I'd like mod_rest to support that. Currently it's probably awkward unless you give the bot an entire domain

  95. Daniel

    Yes. Mod_rest isn't too far of from what we want to do. Except that. And except that we have only limited control over the server (don't ask) and are not running prosody

  96. moparisthebest

    that is generally my complaint with about every XMPP library I've ever used, they all make you jump through a series of hoops when I just want to send a String

  97. Zash

    Daniel: mod_component_client! (Connect Prosody as a 114 component to another XMPP server)

  98. Link Mauve

    Daniel, you also have mod_slack_webhooks, which AIUI lets Slack bots connect to Prosody.

  99. Zash

    moparisthebest: That's a good thing IMO. Pain to enforce well-formedness and stanza counting for 198 if you just get strings.

  100. Daniel

    Link Mauve: oh that might be interesting

  101. Zash

    We have a ton of variations of this, sending messages via http. mod_rest is kinda meant to be the one that does it all

  102. Zash

    I wonder i f this is something we wanna standardize tho, "HTTP based component/bot interface"

  103. Link Mauve

    This has been proposed at Summit, but other things took priority.

  104. moparisthebest

    Zash, so if you are building a client or, something serious it's a good thing, if you just want to experiment quickly not so much

  105. moparisthebest

    I tend to think they should be built in layers, bottom just deals with strings, slightly higher XML, over that you have your normal API that helps with things

  106. Link Mauve

    Oh, you actually meant printf XML?

  107. pep.

    larma, yeah I tend to agree with that. since it's really application specific I'm not sure why we'd restrict it to JSON, not sure why the library would fiddle with that

  108. Zash

    Sure, but I think you still wanna discourage people from sending raw strings too often.

  109. pep.

    And I don,t really see the point in specifying it anyway

  110. moparisthebest

    last night I was purposefully trying to send ridiculous things to see how servers would handle them for instance, ended up just not using any library because none of them had good support for this, so "testing" would be at least one use-case

  111. pep.

    moparisthebest, in any library it's possible to declare new tags to include as part of stanzas.. I am all for writing (better) documentation in libraries

  112. Zash

    I know in verse you can access the underlying socket and do whatever, but it's easy to compose arbitrary xml without reaching for strings

  113. Zash

    And prosody too

  114. Daniel

    Not just documentation. Also make it easier. The way slixmpp does it is horrible

  115. Daniel

    Where as prosody stuff is relatively easy to understand

  116. pep.

    Daniel, I don't disagree about slixmpp being horrible :)

  117. Daniel

    I mean for complex things prosody also gets in your way

  118. Link Mauve

    I usually found the declarative way in slixmpp (and in stanza.io and various other projects from Lance) to be quite good for extensibility.

  119. Daniel

    But for a simple I want to add a key value pair it's super easy

  120. pep.

    Link Mauve, fwiw I'm still confused when adding an ElementBase in slix

  121. Link Mauve

    Really? :/

  122. pep.

    "what attributes do I need again, and what do they do"

  123. moparisthebest

    https://github.com/moparisthebest/jDnsProxy/blob/master/xmpp-dox/src/main/java/com/moparisthebest/dns/xmpp/DnsIq.java#L41 java/smack isn't much better here

  124. Daniel

    The slack webhook thing is kinda nice

  125. Daniel

    I mean it's not exactly what we need. But it helps me understand the problem space better

  126. Zash

    MUC bots needing to actually join the relevant rooms is a bit awkward, the slack thing doesn't have that problem. But it's awkward in another direction instead IIRC

  127. flow

    > larma> I just wonder how we are considering to add stream.send_json(to, json), when we don't have stream.send_xml(to, XML) Probably because the data users want to send is already in json. And that does not mean that an API should (or can) not provide "sendXml(to, xml)"

  128. Zash

    send_whatever(to, mimetype, binary, data)

  129. pep.

    What Zash say

  130. pep.

    I personally don't want to include 42 parsers in my lib. Let the user validate themselves

  131. pep.

    Even though.. I'm not fond of the mimetype thing

  132. pep.

    I'd say s/mimetype/namespace/ :)

  133. flow

    > moparisthebest> that is generally my complaint with about every XMPP library I've ever used, they all make you jump through a series of hoops when I just want to send a String One of the first things Jive Software implemented in Smack ~20 years ago was an API to make that easy

  134. flow

    pep., I don't think including a parser is a necessary prerequisite for such an API

  135. flow

    Zash, binary *and* data?

  136. Zash

    flow: boolean for whether to base64 the data blob I guess

  137. flow

    ahh, is_binary (or so) then

  138. pep.

    isn't udt^WJSONthing requiring the JSON data to be validated? (well it does say "JSON", that means valid JSON)

  139. Zash

    (mod_rest has a thing for udt already)

  140. flow

    pep., if you are prepared to receive json, then you probalby have a json parser (and validator) already available,

  141. moparisthebest

    validation sounds like the recipient's problem :P

  142. flow

    I don't think I would bundle one with smack if I where to implement something like simple json

  143. pep.

    moparisthebest, if you implement that you implement both sides

  144. pep.

    I guess

  145. moparisthebest

    s/recipient/consumer of that json data/

  146. pep.

    In any case, I don't think all of this is necessary anyway..

  147. larma

    flow, if you don't validate that the string provided by the user is in fact valid JSON, one could argue that you are not standards compliant, because the json XEP clearly clarifies that what is in a <json> element MUST be valid JSON according to (insert reference to RFC here)

  148. flow

    larma, I didn't say that nobody should validate it. Just that it don't see it as strictly necessary to include a json validator in smack if I where to add support for something like simple json

  149. moparisthebest

    larma, is it the library's job to ensure anything sent using it is standards compliant? that sounds... very wrong?

  150. moparisthebest

    how do you develop new extensions then, for example

  151. larma

    moparisthebest, not in general, but when it provides a highly abstract API, like the send_json(to, data) I would expect it to only send standards compliant things on the wire

  152. larma

    I also expect it to escape my strings when I do send(to, body) with body = "x < pi &&", no?

  153. flow

    sure, but if you already ensure in a higher level that 'data' is valid json, then it only adds an unnecessary validation step if the library performs another check if data is json

  154. moparisthebest

    if the API lets me send a string I expect it to send exactly the bytes I tell it to

  155. moparisthebest

    if the API lets me send some XML object, then I expect that XML lib to do that kind of escaping

  156. flow

    I does not really hurt, but I don't see it a strict requirement for a library to perform that validation here

  157. Kev

    I suspect that's an unusual position. If would find it surprising if message->setBody(someString) required me to first escape somString.

  158. moparisthebest

    yea ^ that sounds like the second thing, some XML object that should be escaping things

  159. flow

    some goes for the receiving side

  160. flow

    also "escaping rules" != "validating something"

  161. moparisthebest

    if all xmpp client libs refuse to send non-valid things, how are we testing that server implementations deal with bad input correctly? (or are we?)

  162. pep.

    moparisthebest, I doubt allowing to send bad input is a good API

  163. larma

    Do you think it should be allowed to do send_json("test@example.com", "urn:example:type", "Nope, I don't do JSON here")? And on the recipient side it would just provide a string. So that if people don't want to do JSON they'll just end up using that method and we have an even worse problem as right now with JSON in body

  164. pep.

    You can have escape hatches for sure in the lib

  165. pep.

    But that shouldn't be the default

  166. moparisthebest

    well sure, completely agree there

  167. Kev

    At least for Swiften the idea is that stuff you send should largely be valid, and that there's an escape hatch for shoving octets onto the wire (which will break everything).

  168. Kev

    i.e. it makes it hard to do the Wrong Thing.

  169. moparisthebest

    sounds right, no argument there

  170. Link Mauve

    moparisthebest, I’d also expect a library implementing JSON to not take a raw string as input, but the language representation of the JSON thing (for instance a Python dict containing lists and other dicts and strings and such), so that the user of the library couldn’t do it wrong.

  171. Link Mauve

    Of course, the raw XML extension API wouldn’t do this validation, so you could send invalid JSON using it.

  172. Ellenor Malik

    Ryanair just screwed everything.

  173. Ellenor Malik

    Do I have to, like, hire Landor myself to come up with a new brand name for XMPP?

  174. Link Mauve

    Snikket it is.

  175. Ellenor Malik

    except that's not XMPP. That's a subset of XMPP

  176. Link Mauve

    How so?

  177. Ellenor Malik

    one could argue it's even a "proprietary" messenger.

  178. Link Mauve

    Good luck, but how?

  179. moparisthebest

    what? how could you argue that?

  180. jonas’

    Ellenor Malik, that’s bullshit.

  181. jonas’

    of course it’s a subset of XMPP. why would it need support for the IoT XEPs.

  182. jonas’

    and it’s all free and libre software, there’s nothing proprietary about it.

  183. Ellenor Malik

    "XMPP is not Snikket's focus."

  184. jonas’

    you misunderstood that

  185. Ellenor Malik


  186. jonas’

    MattJ explained it in more detail here: https://old.reddit.com/r/xmpp/comments/f0el07/can_someone_explain_to_me_whats_the_point_of/fgto5h0/

  187. jonas’

    you know about that thread, so I’m assuming you are intentionally ignoring data

  188. Ellenor Malik

    > jonas’ has written: > of course it’s a subset of XMPP. why would it need support for the IoT XEPs. why do you need a whole-ass XEP for IoT anyway? the way you control IoT on IRC is just by a standard privmsg, and XMPP doesn't need to be any different

  189. Link Mauve

    Ellenor Malik, err, no.

  190. moparisthebest

    Ellenor Malik, my take is for developers that know to search "xmpp" there are numerous servers/clients/etc, for "users" that just want "to chat", that's what snikket seems to be targeting, it's still standard/interoperable/federating/open xmpp

  191. Link Mauve

    Encoding machine-readable stuff in the body would be utterly stupid.

  192. Ellenor Malik

    moparisthebest: the whitelabel clone of conversations is refusing to connect to under-compliant XMPP servers. to me that seems far too close to a proprietary system for anyone to be comfortable with it

  193. Link Mauve

    Ellenor Malik, you mean that your server didn’t implement XEP-0401 yet?

  194. Link Mauve

    That’s a complaint to direct to your server implementation, not to that client.

  195. Link Mauve

    That’s a complaint to direct to your server implementation, not to a client using it.

  196. Daniel

    it's also not true

  197. Daniel

    i’m fairly certain that snikket would open xmpp:anyserver.tld?register

  198. Daniel

    not sure why you would want to use snikket with non snikket servers

  199. Daniel

    but if you wanted to you could

  200. moparisthebest

    if you know about non-snikket servers then snikket probably isn't for you

  201. Daniel

    The amount of bullshit and conspiracy theories that go around when ever someone - who has a well established record for working in the xsf - tries something new, is unbelievable

  202. Daniel

    Happened to me with Quicksy as well

  203. jonas’

    it’s almost as if people didn’t want XMPP to change to something successful

  204. Ellenor Malik

    it's almost as if refusing to connect to slightly behind the curve servers amounts to vendor lockin

  205. jonas’

    some call it vendor lock-in, others call "providing a decent UX in a federated system"

  206. jonas’

    take it or leave it, noones forcing you

  207. jonas’

    MattJ won’t make Snikket not federate.

  208. jonas’

    I’m rather confident in that.

  209. moparisthebest

    anecdotal quicksy story, was having an argument about why xmpp was superior to everything in an IRC channel recently, and they brought up how hard it was to install Conversations and know what a JID and a server etc was, get an account, compared to Signal where you just install it and it works

  210. moparisthebest

    I said "what about Quicksy" and got "oh, hadn't seen that before, looks really nice"

  211. moparisthebest

    another one brought over to the dark side >:)

  212. jonas’ puts some cookies on the table

  213. Ellenor Malik

    if you think I'm mentally ill now, try feeding me some cookies.

  214. moparisthebest

    I'm not personally going to use Quicksy or Snikket, I already have a setup I like, but I am VERY happy to recommend them to others that do not

  215. Ellenor Malik


  216. Ellenor Malik

    > jonas’ has written: > some call it vendor lock-in, others call "providing a decent UX in a federated system" the alternative is to prompt. "The presence server you have chosen does not support all of the features of Snikket. At this stage, you have three choices. Continue connecting, and experience marginally degraded functionality (you'll still be able to chat and join conferences), pick another server (and then the client can call a few web servers in a round-robin which can recommend a few servers based on geography), or, if you know the server administrator personally, flame them and tell them to upgrade to Snikket." > take it or leave it, noones forcing you Welcome to juntist Brazil. > MattJ won’t make Snikket not federate. > I’m rather confident in that. still, makes me uncomfortable

  217. Daniel

    Ellenor Malik: can you post a screen shot of the error message where it says you can't use a certain server?

  218. Ellenor Malik


  219. Ellenor Malik

    i was providing an example of an error message I would supply if the server was not fully compliant.

  220. Daniel

    No. You said earlier that snikket is doing vendor lock in. I'm asking you to provide proof for that

  221. Zash

    I just got Snikket (client) to connect to my main account on my non-snikket server that doesn't even have registration.

  222. Ellenor Malik

    Zash: oookaaayy

  223. Zash

    Had to `qrencode -t ansi 'xmpp:me@myserver.tld?register'` and uncheck a hidden checkbox tho

  224. Ellenor Malik

    that's more than a mite absurd

  225. Ellenor Malik

    I'm pretty sure on the server side snikket refers to a feature set and not a specific server

  226. moparisthebest

    yes "modern xmpp" for lack of a better term

  227. Zash


  228. jonas’

    moparisthebest, better term .... liiiike .... snikket?

  229. moparisthebest

    sure :)

  230. Ellenor Malik

    Zash: having to qrencode the registration seems more than a mite barrier to entry shaped

  231. Zash

    No, quite the opposite

  232. Ellenor Malik

    (she says, while planning a Website for her XMPP server which will do just that)

  233. Zash

    QR code with `xmpp:example.com?register` on your website would work just fine in Conversations too

  234. moparisthebest

    Ellenor Malik, have you ever instead tried to send someone a username and password over SMS or something

  235. Ellenor Malik

    the main issue is getting people to transcribe domain names

  236. moparisthebest

    also the people that always capitalize the first letter of everything without telling you

  237. Ellenor Malik

    why are we sending passwords over SMS anyway?

  238. moparisthebest

    I said or something :)

  239. moparisthebest

    I've done it using Silence before

  240. Ellenor Malik

    ... but why are we sending qr codes over SMS?

  241. moparisthebest

    you don't

  242. Ellenor Malik

    I should probably come up with a module to an XMPP server that makes it so that users can only federate if they verify their phone number

  243. moparisthebest

    what are you going to use to verify phone number?

  244. Ellenor Malik

    that is, they can only message out of the local server

  245. jonas’

    Ellenor Malik, sounds like a plan for anti-spam in some deployments

  246. moparisthebest

    Ellenor Malik, also sounds like you are just talking about https://www.kontalk.net/

  247. Ellenor Malik

    everything that can be done by someone with a 132 iq has already been done

  248. moparisthebest

    fyi that's mostly standard xmpp too and federates

  249. moparisthebest

    last I checked he was taking out the non-standard extensions slowly

  250. Ellenor Malik

    probably preparing to shut down

  251. Ellenor Malik

    which is bad

  252. MattJ

    I'm happy that most people in the community do understand the motivation behind Snikket <3

  253. MattJ

    and yes, you can connect to non-Snikket servers with the Snikket app, and yes, you can connect to a Snikket server from a non-Snikket app

  254. MattJ

    But it's not advertised that way because that's not really what provides the best user experience

  255. MattJ

    and I have had to explain to multiple people who try to use Snikket with non-Snikket servers that they really really should just go and use Conversations

  256. moparisthebest

    you'd have to explain "what is XMPP" to people that *just* want a chat app

  257. MattJ

    The problem is that anyone in this room, or who even knows what XMPP is most likely is not the target audience for Snikket

  258. moparisthebest

    *eyes glaze over* thinks to self: when will this idiot shut up so I can just go install Signal

  259. MattJ

    Off to dinner now, don't worry :)

  260. moparisthebest

    haha sorry if the sarcasm wasn't implied, that's an impression of a user who just wants a chat app when you go into a "what is XMPP and why is it the best" explanation

  261. MattJ


  262. !XSF_Martin

    Don't explain it, just force them to use it. 😃

  263. Ellenor Malik

    MattJ: would it not be ideal to splash up a warning when a non-snikket compliant server is used?

  264. Ellenor Malik


  265. jonas’

    I’m halfway through writing down the (xmpp) protocol used by search.jabber.network in a proper ProtoXEP by the way.

  266. jonas’

    or rather, a cleaned up variant of that.

  267. moparisthebest


  268. pep.

    for s.j.n, I'd like not to have to use HTTP btw, and some clients seemed to prefer that for possible anonymity purposes. jonas’ would it be a problem for you if servers provided anon hosts that have s.j.n whitelisted? (so potentially you could get spammed from all around)

  269. jonas’

    pep., interesting idea

  270. jonas’

    I mean, I can get spammed via HTTP already

  271. pep.


  272. jonas’

    and with tor you can make that even more fun

  273. jonas’

    I don’t block anything at the moment

  274. jonas’

    but we’ll have to write down how to behave when I reply with rate-limiting error codes

  275. jonas’

    also, see what I wrote in https://github.com/horazont/muchopper/issues/51

  276. moparisthebest

    <body>{"code":"502", "message":"please come back later"}</body>

  277. jonas’ stomps moparisthebest

  278. jonas’

    to make this less painful: <error type='wait'><resource-constraint xmlns='...'/><rate-limit xmlns='urn:xmpp:channel-search:0'/></error>

  279. jonas’

    moparisthebest, there’s SO MUCH wrong with that. I can only compliment you, you put a lot of triggers in just 63 bytes.

  280. jonas’

    only thing that’s missing is some unicode shenangians

  281. moparisthebest

    jonas’, lol yea "how to trigger XMPP developers in only 63 characters!!!"

  282. moparisthebest

    also HTTP developers if they are paying attention

  283. moparisthebest

    I guess I could have used smart quotes instead...

  284. jonas’


  285. MattJ


  286. moparisthebest

    jonas’, just for you <body>{“code”: “502”, “message”: “please come back later”}</body>

  287. Zash

    What have you cursed us with‽

  288. pep.

    I have moved the Summit minutes (pad) to the wiki, https://wiki.xmpp.org/web/Conferences/Summit_24#Minutes

  289. pep.

    I wanted to do something a bit more elaborated, but I don't have much time so that'll do. There is still quite a few pieces missing, I'd appreciate if people present could have a look