XSF Discussion - 2020-02-25

How do client devs feel about implementing references of type=mention?

Feel in what sense?

Why does (afaict) only a single client support it right now?

I think it's particularly useful for servers too, when generating notifications.

Right, I'm involved in such a project

But I'm intending Swift does them when we get to it.

But if you use most XMPP clients with this server, no notifications are generated

MattJ, I don’t feel particularly enthusiastic about implementing anything References until my comments from three years ago are at least addressed

and by addressed, in this context, I mean "replied to", because not even that happende (beyond "someone will rewrite the XEP soon so no point in dealing with this right now")

oh, just two years: https://mail.jabber.org/pipermail/standards/2018-March/034559.html

Is it related to character counting? or something else?

I thought the character counting stuff reached some kind of consensus

and that was the primary blocker in my mind

MattJ: I mean when the server is generating push notifications, it can do so based on the presence of a mention reference. As well.

MattJ: Jonas also (sensibly) wanted extensible reference types (mentions etc.).

Kev, you mean "as well as text scanning"?

MattJ: I mean as well as the receiving client generating notifications based on something having put mentions in.

It's a tough sell for me to add a feature that emails someone with the nick "max" every time someone asks "what's the max number of items this can handle?"

Their current stance is "Why don't XMPP clients support mentions? The ecosystem seems terrible"

I don't think I'm suggesting that, am I?

I'm not intentionally doing so, at least!

What's this then MattJ ?

Zash, only works if I'm online and connected, and their primary client is a web app

and I don't want to use it, but I can't notify people when I send them a message :)

(and this isn't just about me - they /want/ to say they support arbitrary XMPP clients)

But if they advertise that as a feature, people will wonder why nobody answers them when they mention them

Cry and implement some server-side heuristics? Like only looking for nicknames at the start of lines

I have started memberbot for collection votes on our current Q1-2020 application period

Hey all. What XEP does a Client / Server need to support for sending and receiving if a message was read?

Is this done within XEP-0085: Chat State Notifications or is there something seperate / additional?

Jeybe, XEP-0184 (Message Receipts)

Isn't that just a delivery receipt and no info about whether a message was read or not?

Or do I get that wrong

Alex, thanks

Jeybe: You're correct. People typically use 333 for that.

https://xmpp.org/extensions/xep-0333.html

Kev: Ah, thank you. Many clients seem to support this, although it's a deferred spec. Just no one who is able or willing to finish it correctly?

Deferred doesn't especially mean unfinished

When do we kill this state again :x

Jeybe: That's a reasonable approximation of a description, yes :)

Kev: Ok, thanks

Jeybe: sorry, I misread your message and thought you wrote "received" instead of read

memberbot is online for member applications for Q1. If you read this, you might as well cast your votes now. 🙂

emus: re https://wiki.xmpp.org/web/Edward_Maurer_Application_2020

you say you work in the wind power industry, yet you claim no company affiliation

I don't think that's right

The company uses.....Skype f B. 😃🎉🎊

I'm not sure that matters

I`m saying I apply as a private person.

my understanding is that we have limits on the share of members per company

Correct.

What do expect from me?

I think you can only apply as individual in general

Ehm, so I did?

what I'm saying is that you're still affiliated with your employer and need to say so

I *think*

that's at least how I understand the rules and how I wrote my own application

emus: basically, to avoid companies trying to take over the world, starting with the XSF, we'd like to make sure that the number of members do not all affiliate to the same company. Just mention the name of your company, and all is good.

Bylaws have the details, if you're interested.

https://xmpp.org/extensions/xep-0345.html#mandatory > Any affiliations, as described within the final clause of the XSF Bylaws, Section 2.1. Note that this is not limited to employment, but must include it.

"Note that this is not limited to employment" interesting

I also disclosed my university when I was still a student

(for that reason)

and the bylaws: > An applicant for membership may not be admitted if, at the time of application or consideration, fifteen percent (15%) of the Members of the Corporation are employed by or represent the same corporation or organization as that corporation or organization which employs the applicant or is represented by the applicant.

there goes the evil plan to hire a lot of contractors and take over the xsf...

fippo, yeah, the bylaws saw you coming!!

I'm sure you have backup evil plans.

> memberbot is online for member applications for Q1. If you read this, you might as well cast your votes now. 🙂 I set out to prove that I can read this message on my mobile, yet voting would be impractical. Instead, I completed the voting process, so, well played.

Its just saying what I do as giving some information about myself. Guys, that what I voluntarily do in XMPP has absolutely nothing to with where I work. I'm confused.... ✏

emus: humans are often influenced by their employers in more or less sublte ways, therefore it's required to tell the XSF who your employer is

> Its just saying what I do as giving some information about myself. > Guys, that what I voluntarily has absolutely nothing to with where I work. I'm confused.... same for me. doesn't change the bylaws rules tho.

> I set out to prove that I can read this message on my mobile, yet voting would be impractical. Instead, I completed the voting process, so, well played. Muwhahahaa

Im a working student...

No, then I refuse my application.

emus: I'm not particularly fond of those rules either. But I understand that they are useful to keep the XSF independent.

I understand the XSF has to know about it, I still don't understand why this has to be made public

emus: on the bright side, nothing of what you stated in your application strictly requires membership

pep.: maybe because nobody asked for it to be private yet? sounds like a board topic to fix that.

I got asked to apply, because some appeciated what I did 🤷‍♂️ So I said, yes is fine

I think we've mentioned that it's probably doable to have only the Secretary know

jonas’, yeah I encouraged him, and I did completely forget this "detail". Nothing requires him to be a member indeed, it's mostly to show interest

jonas’, I don't think enough people care yet, so proposing this to board would be a waste of time and maybe even harmful. I'm happy to lead this if I'm proven wrong

I can tell privately where work to someone responsible, but I would not like to put it online.

pep.: to be honest, I don't like this requirement either. It did put me off back then for a moment.

Note that this topic has come up every last membership vote I think

so I'd support a motion for defining a way to declare affiliations privately

> pep.: maybe because nobody asked for it to be private yet? sounds like a board topic to fix that. actually there have been multiple people asking for private information like full name and employer not to be in a public wiki anymore. So yeah if that could be brought up with board, that would be nice.

did it? I only recall the anonymity thing

Well this kind of mitigates the anonymity issue

Anonymity is not an on/off switch as you know :)

does it?

I still think that for a public standards organizations, it's important to have public information about the members and their affiliations

Actually I dropped, saying in which industry I work, to even more say that this has no relation 😅

emus, I'm sorry but that doesn't help :/

I'm with Ge0rG

I'm not

> I still think that for a public standards organizations, it's important to have public information about the members and their affiliations I think you can argue that for people that have been voted into council, board and the secretary. however, not for normal members.

But does everyone here dropped exactly where their work or study?

lskdjf: there is no requirement to be a member for contributing to XEPs

emus: check the applications

> I think you can argue that for people that have been voted into council, board and the secretary. however, not for normal members. Yes, I wonder as well

Ge0rG, that's diverting

Ge0rG, I'm aware of that. What's your point?

> emus: check the applications What exactly?

lskdjf: membership is responsible for voting people into public positions, so I think the transparency requirements extend here

> lskdjf: there is no requirement to be a member for contributing to XEPs though I *do* wonder how one would submit a XEP pseudonymously ✏

members don't have to submit XEPs either

> though I *do* wonder how one would submit a XEP pseudonomously jonas’ it's not allowed according to ... xep 001 or so

> What exactly? emus, just open them and you'll see that people disclose their employer

it's on my user page for example

Will check again, but havent recognised that as a mandatory point

also not that everyone was telling

> lskdjf: membership is responsible for voting people into public positions, so I think the transparency requirements extend here Ge0rG Legislations require a presitent of a country to make all sorts of information public. That doesn't mean that the voting directory should be online.

It is mandatory. Check the bylaws. If not everyone included the information, that was an omission in their application.

reading the bylaws of the organization you're trying to join seems like a good idea either way

jonas’, so yeah I can bring that to board, but it's likely to get shot down :)

lskdjf: I'm aware of that. What's your point?

Okay guys, lets make itsimple: I refuse. Is fine and not important any way. ✏

Okay guys, lets make it simple: I refuse. Is fine and not important any way. ✏

Alex, cc, see emus message above

Ge0rG, 😛 well, I was drawing an analogy.

emus, sorry, and thanks :)

> emus, sorry, and thanks :) No problem

Also why I think the XSF won't change as long as we don't let new people like this in.

yeah xsf tends to be a bunch of people that "have been doing things this way forever and want it to stay that way" at times.

deleted ✏

That meant to be in the wrong chat

wow.

we didn't even start to debate this.

but, sure. We're not open to change, apparently.

lskdjf: I'm only part of the XSF for five years now, and I think that the current requirements for becoming a member are adequate.

Didn`t meant to bother your procedures, but if I would have known before, I wouldnt have applied anyway ✏

I'm pretty sure that it's possible to ask Board for a change to these rules without being a member, though.

But it's not possible to vote

emus: that's on you. We have very public records and bylaws.

don't blame us for not doing your homework.

> emus: that's on you. We have very public records and bylaws. > don't blame us for not doing your homework. I don't blame and I read it of course, still missed that spot

I'm going to drop out of this conversation. It is ticking a nerve, which doesn't help me being a useful participant.

Guus, I think that's on us. That could be made a bit more obvious. https://xmpp.org/community/membership.html this doesn't mention anything about the requirements, it just links to thing

(yes yes we can all PR)

Why is this suddenly coming up?

There is obviously a trade-off between allowing people who need their private information protected, but also anonymous trolls, vs. the transparency of a public and open standards organization.

Daniel: because it's election time

> Why is this suddenly coming up? Because I havent named my company, as I missed that requirement, but also doesnt want to put the information online

Yes. But it was never a big topic before

it has

multiple times

Daniel: anonymous participation has been a topic before, some times.

Yeah. I was more referring to the affiliations part

But its not anonymous anymore actually

This is not full anonymity towards the XSF mind

once I put my name

muc_semianon

kinda

Tbh I'm not really sure what affiliation means in the context of my being self employed

You have to disclose every single one of your clients!

hrhr

😅

But hmm, tbh, I think that's what "Note that this is not limited to employment" means

I'm sure that at least 50 percent of my customers aren't happy with me doing that

I'm sure of that :)

The "not company" thing is because e.g. most OSS projects aren't company-based within XMPP.

But if 30 people working for different companies, all of whom were working on Swift were to apply, the XSF should care.

> It is mandatory. Check the bylaws. If not everyone included the information, that was an omission in their application. I think it's funny how everyone has assumptions what is in the bylaws, but nobody ever actually seems to verify them...

> to be eligible for membership, a person, corporation, organization, or other entity must complete a written membership application in such form as shall be adopted by the Board of Directors from time to time. The substance of such membership application must be included in a notice to the Members of the meeting at which such membership application is considered. > The Secretary shall have general charge of the membership records of the Corporation and shall keep, at the principal office of the Corporation, a record of the Members showing the name, address, telephone number, facsimile number and electronic mail address of each Member.

> The "not company" thing is because e.g. most OSS projects aren't company-based within XMPP. > But if 30 people working for different companies, all of whom were working on Swift were to apply, the XSF should care. I intended to tell the branch where I work, but also that it has (unfortunatly) nothing to do with XMPP. But yes, till then I didnt knew about that requirement

Nowhere in the bylaws it says that things go public at all (beside board members). Members receive the "substance" of the application (that doesn't need to include company if that's not substantial), the membership records are with the secretary. Of course board can decide to only accept public membership applications in the wiki that include company details, but it's *not* in the bylaws, don't claim that.

I haven't read the entire discussion, but yeah, I'm in the category of "Self-employed and not going to dump a list of my clients in the wiki" ✏

We had many similar applications in the past where people were just saying that they are self employed or apply as an individual. Because he is saying that his work is not realted to XMPP at all I did not pay further attention. If this is a problem and you think it violates the bylaws (which everyone reads difefrent ;-) ) I can ask him to disclose with employer directly to me only

Alex, emus retracted the application

it is still on the Wiki, don't think we defined somewhere on how to retract an application ;-)

jonas’: I retraced, as understood that was mandatory. I am fine to tell Alex privately where I work, if that is within the process

I don't think I've ever listed my employer either and no one said anything, my employer has nothing to do with xmpp or even chat

as said

I am.okay with other option

I wouldn't want to list it on the wiki either, my employer is kind of odd about "don't mention us on social media or anything that might be construed as you representing us" but I wouldn't mind telling Alex , just no one has ever asked

MattJ, there is no reason by the bylaws to disclose clients of a self-employed person. You'd only need to disclose to board/secretary when you are employed by or represent a company so they can apply the maximum 15% rule.

The whole idea behind it is just that we want to prevent companies to be overrepresented in our membership.

Right

I totally get the idea behind it

But from the day it was first proposed I said I didn't see how it would actually work

I've never listed anything and nobody has ever complained :)

It doesn't seem to be applied very much anyway

I don't there is a problem to solve right now. If someone finds that the 15% rule can be argued to be broken, we can go back and fix it.

Nothing stops anyone from just lying, or simply not putting anything, apparently :)

The assumption seems to be that everyone would be so kind to mention company info if it was relevant

moparisthebest, yeah that's true of every info you give anyway :)

I think self-employed is totally fine.

If I (hypothetically) did a 3-month contract for Isode (picking one well-represented company in the XSF community) in the middle of my membership period, what should happen?

Lies will be caught up with, I don't see a problem.

MattJ, we'd talk about it

and it would be my fault if I forgot to mention it?

MattJ, are you representing their interest when making use of your XSF membership rights? If no, then it doesn't matter

Does it specify anywhere that I have to update the XSF if my status with a company changes between applications?

and how do I know which companies I need to notify the XSF about, and which I don't?

Obviously I've been around a while and could guess a few, but it seems pretty arbitrary

if my employer enters a three month contract to build infrastructure for, say, NATO messaging, would I have to disclose that (assuming that I’m assigned to work on that)? ✏

If the honest answer is "it's fine, you'll know if you're (close to) breaking the rules and we trust everyone to be honest" then I'm fine with the status quo

Of some putting their affiliations and some not? And asking every new member to? :p

assuming it was actually enforced, I'm not sure I see any advantage anyway, if one company wanted to hijack messaging standards they could just start their own standards organization and do it anyway, maybe call themselves Matrix or something?

MattJ: your last statement is my vantage point

I'm curious what you think is the status quo though

pep., you just summed it up :)

I don't like this

Why would we force it on new members while not on others

We historically haven't forced it

Seems pretty random to me

For my point of view, I think having some protection against representation/flooding is worthwhile. I'm fine with that protection not being public (although I think it's useful to default to public where people are willing). I think some guidance on what to disclose would be useful.

We request it, I've never seen anyone flag an application that didn't have it

The status quo is that every few days other parts of our bylaws are scrutinized to see if there's an issue. I think it would be better to focus on things when there's an actual problem in need dire need for solving.

If we don't strictly enforce this rule, how are we supposed to prevent being hijacked?

Ge0rG, it beats not having a rule and then not being able to enforce it when you need to

> If we don't strictly enforce this rule, how are we supposed to prevent being hijacked? I mean, one could also lie... you would have to proof it anyway or?

emus, what MattJ said.

MattJ: okay, I can see that.

If you agree, I can tell Alex, or anyone else privately, as long that kept privately

I also think it's a worthwile rule to have. I'm happy to rework the implementation

So maybe somebody should change XEP-0345 into "affiliations can be made public, and must be communicated to the Secretary otherwise"

(I also understand that XSF fears to get hijacked of course)

Ge0rG, 345 doesn't actually say this information has to be public does it?

ah it does

Only in one place, Security Considerations. It just seems to be assumed in the document ✏

pep.: https://xmpp.org/extensions/xep-0345.html#mandatory

Ge0rG, it says applicants must provide, not to whom

That doesn't say public. It talks about giving info to the Secretary and allowing members to vote

> As a secondary purpose, it also allows the XSF members to make an informed decision when voting to accept applications

yes

that implies that members will see this.

Sure

That's already better than "On a public wiki"

and §3 says it has to be in the wiki

pep.: I'm sure you can provide a better wording as a PR :D

I'm working on it

emus, there is no fear. This rule exists so we can take action in case a company is overrepresented based on that rule, instead of some vague notion of 'too much'.

15:51:07 MattJ> We request it, I've never seen anyone flag an application that didn't have it I did, today.

I didn't scroll back that far, I guess :)

I'm definitely against picking on random people

> emus, there is no fear. This rule exists so we can take action in case a company is overrepresented based on that rule, instead of some vague notion of 'too much'. Ok, I understand

I wasn’t aware I was picking on anyone in particular. I admit that I probably don’t scan applications of "famous" people like Dave as thoroughly as I do for others, though

I simply assumed it was an oversight

(and, to be frank, I also assumed that Alex would screen the applications, as he said he also keeps tab on the 15% rule at some point)

jonas’, he can keep tab on the 15% even without getting company names 😉

like, we currrently have one applicant that works in a company in the wind power industry and no other member that does, so that implies his company is not overrepresented ;)

Yes, until we only have 8 members, which is yet another problem.

I'm happy for Alex to continue doing what he's been doing and if someone at some point feels a company is overrepresented we can look into it.

as @ralphm said. The ruile is there to take action if we thing a componany is overpresented or someone is raising concerns with that. I am not compiling and verifiying the stats after every election.

ralphm, +1 - as long as we make sure that applicants that obviously are not overrepresenting a company don't feel any repression to apply I see no issue. It just feels very absurd to not accept an active community member like emus purely based on the fact that we don't know the company even if we do know that it is not overrepresented.

Where is a good venue that's not standards because it's about the membership, but also not members@ because that's not opened to non-members (right?)

Organizational meta-discussions?

@emus exposed his employer to me. So I have it in my records

Zash, I'd like a place where interested people can also join the discussion. A place where they can say things like "yeah if you do that I'd be interested to join"

> @emus exposed his employer to me. So I have it in my records Ok, and if someone really really needs to know, I can tell him or her as well

Am I even real? 😱

Are birds real?

I only see pixels

I see fragged people

I don't even see the pixels. All I see is blonde, brunette, redhead.

damn, that was the better reference

just proves that it’s been too long since I saw The Matrix

marc: I've initiated a standards@ thread on the 0401 change, but there was less activity than I anticipated. How can we move it forward now?

"just do it"

said the person who just did it.

ahem.

switching hats all the time sure does get confusing

* jonas’ puts on his wizard hat and robe.

that’s only on friday nights.

and also not a wizard, actually

a lizard, then?

Level 7 Valor Bard

> vantiasvitae never disclosed their job either :P Omg... tbh I read a few applications but also yours to get some inspiration... 🐵 ✏

> The namespace governing this protocol is "http://jabber.org/protocol/commands" (hereafter referred to as x-commands). What the x-?

legacy, probably

Hm, can't well-known commands take the dataform in the first step?

> Omg... tbh I read a few applications but also yours to get some inspiration... 🐵 Don't blame me for this now :P

Ge0rG: what are our options?

> Don't blame me for this now :P Everything is your fault!!!1! 😉

marc: you read https://mail.jabber.org/pipermail/standards/2020-January/036848.html and the reply and decide whether you want to accept the change or not

does anyone know how a Last Call email for a Procedural XEP should look like?

otherwise I’m going to cook something up

(the old tooling did not support this case, neither does the new)

Looks like shit on mobile, I'll read it later

marc: yeah :/

bahaha

man, I should step back from writing emails for today

Oof, my inbox

> URL: http://localhost:8080/extensions/xep-0429.html

spot the error ;)

ouch ;)

Hah

jonas’, wait what, vcard4 isn't PEP-backed already?

Zash, I checked it, and it didn’t look as if it was

``` <iq from='samizzi@cisco.com/foo' id='bx81v356' to='stpeter@jabber.org' type='get'> <vcard xmlns='urn:ietf:params:xml:ns:vcard-4.0'/> </iq> ``` ✏

that’s not PEP to me

it optionally uses PEP events for update notifications

It was PEP-only before, then that was added so that it would work in MUC ... IIRC

but it isn’t strictly a PEP node

mod_vcard4 in Prosody is just a thin layer over the corresponding PEP node.

and mod_vcard_legacy which implements 0398 is also a (not so thin) layer over a bunch of PEP nodes

And as I'm trying to figure out how to write, it does respect the individual permission settings of those nodes.

you may want to add that to the thread then.

because that’s not what the spec says currently ;)

(and I generally prefer your implementation’s behaviour) ✏

That reply is exactly what I'm trying to compose

:)

I especially enjoy being able to set (or, keep?) the full vcard to access=presence while having the avatar nodes public, which makes it spit out a vcard-temp with only the avatar

yeah, that’s the kind of stuff I was thinking about

There's a thread on 0292 somewhere btw

That simpler iq syntax doesn't actually help with the MUC thing, since that's afaik an explicit exception for vcard-temp, so you could just as well do the same for a PEP / PubSub query as for a vcard4 iq-get

sounds to me as if The Editor™ should re-issue the (expired) LC for '292

Ge0rG, I agree with Daniel and I would prefer to use SASL2 even though I'm not familar with SASL2 at all atm

marc: SASL2 was introduced in March 2017, and then... nothing happened

With me?

Thank you.

On what?

Daniel: re XEP-0401

marc: my reasons to change 0401 were not to make it perfect but to make it easy to integrate today

Ge0rG, I know but "we" have lots of problem today because "we" did ugly hacks in the past, no?

+s

It's a hack but there's an Actual Product that uses it, so there's that

marc: yes, but this is a minor hack on top of an existing hack

I used data forms in the first place because i though it's the best solution

now it seems SASL2 is the "best" solution

SASL2 for the future! :)

Ge0rG, you argued about complexity during 401 spec development, a hacky solution now and SASL2 later would introduce a shitload of additional and unnecessary complexity on the client and server

too late

tbh, I don't know how far away we are from SASL2 :)

Zash, hm?

marc: not so much, because SASL2 will be a nice and clean solution to many problems, including token authentication

marc: I mean there are implementations already (of 0401 etc)

Ge0rG, yep, but you need backwards compability

-s

marc: yes, but you'll also need backward compat between SASL2 and IBR, between SASL2 and normal login, etc

Zash, yep, a spec cannot step people from implementing something else ;)

Ge0rG, token if SASL2, no token otherwise? :)

I do have some SASL2 code stewing fwiw

marc: no - token via SALS2 or token via IQ if no SASL22

Need ... a client to test with

Zash: I'd offer help, but... yaxim is not doing SASL directly and instead using Smack, and the current Smack development tree won't work with yaxim

:(

Zash, SASL2 code for prosody?

Yes

Daniel, how much effort is it to implement SASL2 in Conversations?

IIRC the two things I got stuck on was 1) client or something to test with and 2) internal architecture to make it easy to do the things that SASL2 allows

Ge0rG, 401 is not important enough for ugly hacks IMO

marc: I don't know a lot about sasl 2 to say. Probably not a lot

marc: if it's not important, you can accept the ugly hack

432 sounds like a joke from fefe's blog ^^

I'd imagine SASL2 itself to be easy to implement, but as I said, it might take architectural changes to do fancy parallell things

marc: however, I'm convinced that we need easy user onboarding and that 0401 is an important step in that direction

Zash, can you give me the link to your SASL2 branch?

marc: ask MattJ about the experience with 0401 at last FOSDEM

Ge0rG, I already had a working implementation with ejabberd and Conversations, I know that it is nice

But I don't want to pollute the protocol with more ugly hacks

Zash, I could probably look into implementing SASL2 in aioxmpp if you hand me a server to test with

marc: you had an implementation of 0401 before my change?

jonas’, +1

Ge0rG, yes?

marc: you need to be more public about your achievements.

Ge0rG, IIRC I posted a screencast ;)

marc: ...to where?

Ge0rG, even a Gajim implementation!!1!

here or in the Conversations group chat

marc: that's not adequate.

People are not reading chat-logs

Ge0rG, I'm pretty sure you read it Ôo

Also I'm Very Sad Now, because I changed the spec and got the changed spec implemented in yaxim, prosody and I've heard about it being part of recent Conversations

marc: maybe I'm just getting old

Ge0rG, If not I'm very sorry

marc: what's the URL?

Maybe I'll remember when I see it?

Or maybe I should just go offline and become a potato farmer

s/potato/tomato/ #louiz

It's not online anymore because I reinstalled my infrastructure but let me see if I can find it

either way, I was totally unaware of all of that when I made https://yaxim.org/blog/2020/01/31/yaxim-0-dot-9-9-fosdem-edition/

Ge0rG, found it

Ge0rG, https://blog.zapb.de/assets/xmpp-invite.webm

Ge0rG, 1142496 Nov 16 2017 xmpp-invite.webm

marc: okay, I've seen that video back in 2017. Where's the code?

Ge0rG, somewhere on my notebook / server

marc: so it never got published?

ejabberd implementation got stuck because of an xml element with the same synatx whatever but two different meanings

this was not possible in ejabberd I was told by zinid

hmh?

Ge0rG, I don't remember the details but some element used in 401 and PARS had the same name but different meaning

the token element?

and this couldn't be implemented in ejabberd

maybe, yes

marc: did you submit anything to Conversations or Gajim?

..or even tell the developers?

Sorry, I'm not trying to offend you, I'm just sad.

Daniel was aware of it

The Gajim dudes I don't know

Ge0rG, sorry

Zash, what about your SASL2 code?

Food takes priority

marc, jonas’: https://modules.prosody.im/mod_sasl2.html

Zash, wow, not very complex

SASL itself isn't that complicated

And the logic is mostly handled elsewhere by the same stuff that handles SASL1

That code is just mapping it to the new wire protocol

And notably doesn't do any of the fancy stuff SASL2 is meant to allow

jonas’, sent that vcard compat reply. I hope I finished it.

Like tasks?

Zash, I know that feel

Zash, does vcard4 not contain an avatar?

It can, but why would we when we have '84?

Or what do you mean?

Avatars are separated out and not included stored in the vcard4 PEP node by the Prosody module.

minus one word

the post-food slowness

Zash, so when a client wants the "full" vcard4, it has to query vcard4 + avatar, separately? ✏

So?

Yes.

just for my understanding

You probably had the avatar already to show in the contact list or somesuch.

Zash, I was asking from a permission perspective mainly

i.e. whether the granularity is consistent between vcard4 and vcard-temp

Ge0rG, Zash: how is sasl2 and ibr related? do we always have an authentication (anonymous?) step and then ibr?

jonas’, It should be consistent, yes.

marc, they would be related somehow in some way such that everything is nicer

lol

Oh there's https://xmpp.org/extensions/xep-0389.html too

Wait have we been talking about SASL2 when we should have been talking about IBR2?

Such confuse

hm?

IBR2 is what you want for 0401

I think?

Probably, who came up with SASL2?

Dunno, was it me or Ge0rG ?

Early connection something 2 that reduces the hackyness of 0401

Maybe it was Daniel?

XMPP 2!

No bullshit please

SASL2, IBR2, Routing2, ... MAM2

marc, so, IBR2 is for improved registration flows (ask for random profile details, invite tokens, CAPTCHA etc) and SASL2 is for improved login flow (2FA, required password change, stuff) and reducing roundtrips (auth + bind or 198 resumption in one step)

Zash, yep, that's what I thought

Zash, is there a IBR2 XEPs?

-s

Linked to it above, https://xmpp.org/extensions/xep-0389.html

I see

But atm I don't see the advantage over regular IBR

Suprise Blog Post! https://blog.jabberhead.tk/2020/02/25/how-to-implement-a-xep-for-smack/

Fallback Indication was a defenseless victim MWAHAHAHA!!!

I read in the Application Wiki again. And I saw the list there and got reminded that I read that point about the company of course for the application, but didn't felt related to it. So I didn't actually thought about nameing it (and of course for privacy reasons). Further, I thought it would be mandatory only if you work in a company that has any interest or relation to XMPP topics. So, maybe that should be cleared out in the future, that, where ever you work as individual (StarBucks or Microsoft) you have to put it to the application.

> Suprise Blog Post! > https://blog.jabberhead.tk/2020/02/25/how-to-implement-a-xep-for-smack/ Can you drop it to the march newsletter:

?

ugh I hadn't realized Fallback Indication had been accepted..

vanitasvitae, I know it's "just an example" but this is a bad use of 428, considering there's already EME (0380) :/

And we all know people just look at examples

yeah thats true

actually that example made me think that the XEP itself is useless 😀

But I can imagine some use case for it server side.

vanitasvitae, neat blog post

thanks 😉

Yeah I also like the blog post otherwise :)

Maybe add some kind of syntax highlighting? If it's not too much a hassle

My WP theme doesn't support it unfortunately 🙁

Maybe there is a plugin for that..

k

I bet there is. and I wouldn’t be surprised if it came with a free remote shell!

exactly 😛

Ge0rG, did you explain the disadvantage(s) of IBR dataforms somewhere?

no need to, it contains XEP-0004

jonas’, did you explain the disadvantage(s) of XEP-0004 somewhere? :P

from a different docmuent, but I think it also applies to IBR: > Sturctured data, beyond lists of text and JIDs, can not be represented with Data Forms (XEP-0004) [9] at all. Machine-readable data would also have to be human-readable at the same time to provide a fallback view for human users. Interationalization of such human-readable data in field values is not possible with Data Forms (XEP-0004) [9].

Zash, as a matter of fact, I did, in a recent ProtoXEP

marc: yes, but I don't remember where. Might have been on list on the initial 0401 submission

Ge0rG, hm, okay

My biggest issue was that a client now has to check whether a data form is fully equivalent to plain IBR plus the token

And then display the regular IBR dialog instead of a full data form dialog

For which I don't have support anyway

I'm lost now. https://www.google.com/search?hl=de&q=site%3Amail.jabber.org+%22XEP-0401%22&oq=site%3Amail.jabber.org+%22XEP-0401%22&aqs=heirloom-srp..

weiird

from searching for "council", I get the impression that google doesn’t have anything newer than 2017 in its indices

ah, 2019-march, too

> Maybe add some kind of syntax highlighting? Done 😉

woo :)

Now it's even more obvious for people to just copy the code!!

Alex, https://github.com/xsf/memberbot/pull/1

An idea of why memberbot is so slow btw? Or is it my server again being too far?

it introduces an intentional delay I think to make it feel more realistic?

hah

It's even setting "composing"

it also sends typing notifications in case you haven’t ... yeah :)

I quite like that actually

Not too uncanny yet, we're good

Say what? It's adding latency to feel more human like?

I haven't tested yet but I hate it already...

Should fix the thing where messages end up before the responses due to sorting by timestamps with insufficient precision :)

Real life hacks(tm)

btw ad-hoc voting is not enabled on memberbot?

Ah, fulljid.

woot

Zash: that should only be an issue if the bot adds timestamp to everything

returns empty nonetheless..

But I see code for it

So it will artificially delay its responses to be more human like, but it won't accept a "Yes" for a yes?

And yes, I hate it indeed

> but it won't accept a "Yes" for a yes? This is especially annoying if you are on mobile

vanitasvitae: Yes

Ge0rG, what?

Revive https://xmpp.org/extensions/inbox/buttons.html ?

Well I just fixed it. Let's wait for Alex to merge it :) ✏

You mean yes?

Speaking of mobile, the wiki is also unreadable

Yaks, unshaven yaks everywere1

!