MattJHow do client devs feel about implementing references of type=mention?
KevFeel in what sense?
MattJWhy does (afaict) only a single client support it right now?
KevI think it's particularly useful for servers too, when generating notifications.
MattJRight, I'm involved in such a project
KevBut I'm intending Swift does them when we get to it.
MattJBut if you use most XMPP clients with this server, no notifications are generated
jonas’MattJ, I don’t feel particularly enthusiastic about implementing anything References until my comments from three years ago are at least addressed
jonas’and by addressed, in this context, I mean "replied to", because not even that happende (beyond "someone will rewrite the XEP soon so no point in dealing with this right now")
jonas’oh, just two years: https://mail.jabber.org/pipermail/standards/2018-March/034559.html
MattJIs it related to character counting? or something else?
MattJI thought the character counting stuff reached some kind of consensus
MattJand that was the primary blocker in my mind
KevMattJ: I mean when the server is generating push notifications, it can do so based on the presence of a mention reference. As well.
KevMattJ: Jonas also (sensibly) wanted extensible reference types (mentions etc.).
MattJKev, you mean "as well as text scanning"?
KevMattJ: I mean as well as the receiving client generating notifications based on something having put mentions in.
MattJIt's a tough sell for me to add a feature that emails someone with the nick "max" every time someone asks "what's the max number of items this can handle?"
MattJTheir current stance is "Why don't XMPP clients support mentions? The ecosystem seems terrible"
KevI don't think I'm suggesting that, am I?
KevI'm not intentionally doing so, at least!
ZashWhat's this then MattJ ?
MattJZash, only works if I'm online and connected, and their primary client is a web app
MattJand I don't want to use it, but I can't notify people when I send them a message :)
MattJ(and this isn't just about me - they /want/ to say they support arbitrary XMPP clients)
MattJBut if they advertise that as a feature, people will wonder why nobody answers them when they mention them
ZashCry and implement some server-side heuristics? Like only looking for nicknames at the start of lines
Dele Olajidehas left
Dele Olajidehas joined
AlexI have started memberbot for collection votes on our current Q1-2020 application period
JeybeHey all. What XEP does a Client / Server need to support for sending and receiving if a message was read?
JeybeIs this done within XEP-0085: Chat State Notifications or is there something seperate / additional?
jonas’Jeybe, XEP-0184 (Message Receipts)
JeybeIsn't that just a delivery receipt and no info about whether a message was read or not?
JeybeOr do I get that wrong
KevJeybe: You're correct. People typically use 333 for that.
JeybeKev: Ah, thank you. Many clients seem to support this, although it's a deferred spec. Just no one who is able or willing to finish it correctly?
pep.Deferred doesn't especially mean unfinished
pep.When do we kill this state again :x
KevJeybe: That's a reasonable approximation of a description, yes :)
JeybeKev: Ok, thanks
Douglas Terabytehas left
Douglas Terabytehas joined
Douglas Terabytehas left
Douglas Terabytehas joined
jonas’Jeybe: sorry, I misread your message and thought you wrote "received" instead of read
Guusmemberbot is online for member applications for Q1. If you read this, you might as well cast your votes now. 🙂
jonas’emus: re https://wiki.xmpp.org/web/Edward_Maurer_Application_2020
jonas’you say you work in the wind power industry, yet you claim no company affiliation
jonas’I don't think that's right
emusThe company uses.....Skype f B. 😃🎉🎊
jonas’I'm not sure that matters
emusI`m saying I apply as a private person.
jonas’my understanding is that we have limits on the share of members per company
emusWhat do expect from me?
jonas’I think you can only apply as individual in general
emusEhm, so I did?
jonas’what I'm saying is that you're still affiliated with your employer and need to say so
jonas’that's at least how I understand the rules and how I wrote my own application
Guusemus: basically, to avoid companies trying to take over the world, starting with the XSF, we'd like to make sure that the number of members do not all affiliate to the same company. Just mention the name of your company, and all is good.
GuusBylaws have the details, if you're interested.
> Any affiliations, as described within the final clause of the XSF Bylaws, Section 2.1. Note that this is not limited to employment, but must include it.
pep."Note that this is not limited to employment" interesting
jonas’I also disclosed my university when I was still a student
jonas’(for that reason)
Ge0rGand the bylaws:
> An applicant for membership may not be admitted if, at the time of application or consideration, fifteen percent (15%) of the Members of the Corporation are employed by or represent the same corporation or organization as that corporation or organization which employs the applicant or is represented by the applicant.
fippothere goes the evil plan to hire a lot of contractors and take over the xsf...
pep.fippo, yeah, the bylaws saw you coming!!
KevI'm sure you have backup evil plans.
emusIts just saying what I do as giving some information about myself.
Guys, that what I voluntarily has absolutely nothing to with where I work. I'm confused....
jonas’> memberbot is online for member applications for Q1. If you read this, you might as well cast your votes now. 🙂
I set out to prove that I can read this message on my mobile, yet voting would be impractical. Instead, I completed the voting process, so, well played.
emusIts just saying what I do as giving some information about myself.
Guys, that what I voluntarily do in XMPP has absolutely nothing to with where I work. I'm confused....
Ge0rGemus: humans are often influenced by their employers in more or less sublte ways, therefore it's required to tell the XSF who your employer is
jonas’> Its just saying what I do as giving some information about myself.
> Guys, that what I voluntarily has absolutely nothing to with where I work. I'm confused....
same for me. doesn't change the bylaws rules tho.
Guus> I set out to prove that I can read this message on my mobile, yet voting would be impractical. Instead, I completed the voting process, so, well played.
emusIm a working student...
emusNo, then I refuse my application.
jonas’emus: I'm not particularly fond of those rules either. But I understand that they are useful to keep the XSF independent.
pep.I understand the XSF has to know about it, I still don't understand why this has to be made public
jonas’emus: on the bright side, nothing of what you stated in your application strictly requires membership
jonas’pep.: maybe because nobody asked for it to be private yet? sounds like a board topic to fix that.
emusI got asked to apply, because some appeciated what I did 🤷♂️ So I said, yes is fine
ZashI think we've mentioned that it's probably doable to have only the Secretary know
pep.jonas’, yeah I encouraged him, and I did completely forget this "detail". Nothing requires him to be a member indeed, it's mostly to show interest
pep.jonas’, I don't think enough people care yet, so proposing this to board would be a waste of time and maybe even harmful. I'm happy to lead this if I'm proven wrong
emusI can tell privately where work to someone responsible, but I would not like to put it online.
jonas’pep.: to be honest, I don't like this requirement either. It did put me off back then for a moment.
pep.Note that this topic has come up every last membership vote I think
jonas’so I'd support a motion for defining a way to declare affiliations privately
lskdjf> pep.: maybe because nobody asked for it to be private yet? sounds like a board topic to fix that.
actually there have been multiple people asking for private information like full name and employer not to be in a public wiki anymore. So yeah if that could be brought up with board, that would be nice.
jonas’did it? I only recall the anonymity thing
pep.Well this kind of mitigates the anonymity issue
pep.Anonymity is not an on/off switch as you know :)
Ge0rGI still think that for a public standards organizations, it's important to have public information about the members and their affiliations
emusActually I dropped, saying in which industry I work, to even more say that this has no relation 😅
pep.emus, I'm sorry but that doesn't help :/
GuusI'm with Ge0rG
lskdjf> I still think that for a public standards organizations, it's important to have public information about the members and their affiliations
I think you can argue that for people that have been voted into council, board and the secretary. however, not for normal members.
emusBut does everyone here dropped exactly where their work or study?
Ge0rGlskdjf: there is no requirement to be a member for contributing to XEPs
jonas’emus: check the applications
emus> I think you can argue that for people that have been voted into council, board and the secretary. however, not for normal members.
Yes, I wonder as well
pep.Ge0rG, that's diverting
lskdjfGe0rG, I'm aware of that. What's your point?
emus> emus: check the applications
jonas’> lskdjf: there is no requirement to be a member for contributing to XEPs
though I *do* wonder how one would submit a XEP pseudonomously
Ge0rGlskdjf: membership is responsible for voting people into public positions, so I think the transparency requirements extend here
jonas’> lskdjf: there is no requirement to be a member for contributing to XEPs
though I *do* wonder how one would submit a XEP pseudonymously
pep.members don't have to submit XEPs either
lskdjf> though I *do* wonder how one would submit a XEP pseudonomously
jonas’ it's not allowed according to ... xep 001 or so
jonas’> What exactly?
emus, just open them and you'll see that people disclose their employer
jonas’it's on my user page for example
emusWill check again, but havent recognised that as a mandatory point
emusalso not that everyone was telling
lskdjf> lskdjf: membership is responsible for voting people into public positions, so I think the transparency requirements extend here
Ge0rG Legislations require a presitent of a country to make all sorts of information public. That doesn't mean that the voting directory should be online.
GuusIt is mandatory. Check the bylaws. If not everyone included the information, that was an omission in their application.
jonas’reading the bylaws of the organization you're trying to join seems like a good idea either way
emusOkay guys, lets making simple: I refuse. Is fine and not important any way.
pep.jonas’, so yeah I can bring that to board, but it's likely to get shot down :)
Ge0rGlskdjf: I'm aware of that. What's your point?
emusOkay guys, lets make itsimple: I refuse. Is fine and not important any way.
emusOkay guys, lets make it simple: I refuse. Is fine and not important any way.
jonas’Alex, cc, see emus message above
lskdjfGe0rG, 😛 well, I was drawing an analogy.
pep.emus, sorry, and thanks :)
emus> emus, sorry, and thanks :)
pep.Also why I think the XSF won't change as long as we don't let new people like this in.
emusXMPP wondering why no one gives a shit about it.... 🤔
lskdjfyeah xsf tends to be a bunch of people that "have been doing things this way forever and want it to stay that way" at times.
emusThat meant to be in the wrong chat
Guuswe didn't even start to debate this.
Guusbut, sure. We're not open to change, apparently.
Ge0rGlskdjf: I'm only part of the XSF for five years now, and I think that the current requirements for becoming a member are adequate.
emusDidn`t meant to bother you procedures, but if I would have known before, I wouldnt have applied anyway
emusDidn`t meant to bother your procedures, but if I would have known before, I wouldnt have applied anyway
Ge0rGI'm pretty sure that it's possible to ask Board for a change to these rules without being a member, though.
pep.But it's not possible to vote
Guusemus: that's on you. We have very public records and bylaws.
Guusdon't blame us for not doing your homework.
emus> emus: that's on you. We have very public records and bylaws.
> don't blame us for not doing your homework.
I don't blame and I read it of course, still missed that spot
GuusI'm going to drop out of this conversation. It is ticking a nerve, which doesn't help me being a useful participant.
pep.Guus, I think that's on us. That could be made a bit more obvious. https://xmpp.org/community/membership.html this doesn't mention anything about the requirements, it just links to thing
pep.(yes yes we can all PR)
DanielWhy is this suddenly coming up?
Ge0rGThere is obviously a trade-off between allowing people who need their private information protected, but also anonymous trolls, vs. the transparency of a public and open standards organization.
Ge0rGDaniel: because it's election time
emus> Why is this suddenly coming up?
Because I havent named my company, as I missed that requirement, but also doesnt want to put the information online
DanielYes. But it was never a big topic before
Ge0rGDaniel: anonymous participation has been a topic before, some times.
DanielYeah. I was more referring to the affiliations part
emusBut its not anonymous anymore actually
pep.This is not full anonymity towards the XSF mind
emusonce I put my name
DanielTbh I'm not really sure what affiliation means in the context of my being self employed
pep.You have to disclose every single one of your clients!
pep.But hmm, tbh, I think that's what "Note that this is not limited to employment" means
DanielI'm sure that at least 50 percent of my customers aren't happy with me doing that
pep.I'm sure of that :)
KevThe "not company" thing is because e.g. most OSS projects aren't company-based within XMPP.
KevBut if 30 people working for different companies, all of whom were working on Swift were to apply, the XSF should care.
larma> It is mandatory. Check the bylaws. If not everyone included the information, that was an omission in their application.
I think it's funny how everyone has assumptions what is in the bylaws, but nobody ever actually seems to verify them...
larma> to be eligible for membership, a person, corporation, organization, or other entity must complete a written membership application in such form as shall be adopted by the Board of Directors from time to time. The substance of such membership application must be included in a notice to the Members of the meeting at which such membership application is considered.
> The Secretary shall have general charge of the membership records of the Corporation and shall keep, at the principal office of the Corporation, a record of the Members showing the name, address, telephone number, facsimile number and electronic mail address of each Member.
emus> The "not company" thing is because e.g. most OSS projects aren't company-based within XMPP.
> But if 30 people working for different companies, all of whom were working on Swift were to apply, the XSF should care.
I intended to tell the branch where I work, but also that it has (unfortunatly) nothing to do with XMPP.
But yes, till then I didnt knew about that requirement
larmaNowhere in the bylaws it says that things go public at all (beside board members). Members receive the "substance" of the application (that doesn't need to include company if that's not substantial), the membership records are with the secretary. Of course board can decide to only accept public membership applications in the wiki that include company details, but it's *not* in the bylaws, don't claim that.
MattJI haven't read the entire discussion, but yeah, I'm in the category or "Self-employed and not going to dump a list of my clients in the wiki"
MattJI haven't read the entire discussion, but yeah, I'm in the category of "Self-employed and not going to dump a list of my clients in the wiki"
AlexWe had many similar applications in the past where people were just saying that they are self employed or apply as an individual. Because he is saying that his work is not realted to XMPP at all I did not pay further attention.
If this is a problem and you think it violates the bylaws (which everyone reads difefrent ;-) ) I can ask him to disclose with employer directly to me only
jonas’Alex, emus retracted the application
Alexit is still on the Wiki, don't think we defined somewhere on how to retract an application ;-)
emusjonas’: I retraced, as understood that was mandatory. I am fine to tell Alex privately where I work, if that is within the process
moparisthebestI don't think I've ever listed my employer either and no one said anything, my employer has nothing to do with xmpp or even chat
emusI am.okay with other option
moparisthebestI wouldn't want to list it on the wiki either, my employer is kind of odd about "don't mention us on social media or anything that might be construed as you representing us" but I wouldn't mind telling Alex , just no one has ever asked
larmaMattJ, there is no reason by the bylaws to disclose clients of a self-employed person. You'd only need to disclose to board/secretary when you are employed by or represent a company so they can apply the maximum 15% rule.
ralphmThe whole idea behind it is just that we want to prevent companies to be overrepresented in our membership.
MattJI totally get the idea behind it
MattJBut from the day it was first proposed I said I didn't see how it would actually work
MattJI've never listed anything and nobody has ever complained :)
pep.It doesn't seem to be applied very much anyway
ralphmI don't there is a problem to solve right now. If someone finds that the 15% rule can be argued to be broken, we can go back and fix it.
moparisthebestNothing stops anyone from just lying, or simply not putting anything, apparently :)
larmaThe assumption seems to be that everyone would be so kind to mention company info if it was relevant
pep.moparisthebest, yeah that's true of every info you give anyway :)
ralphmI think self-employed is totally fine.
MattJIf I (hypothetically) did a 3-month contract for Isode (picking one well-represented company in the XSF community) in the middle of my membership period, what should happen?
ralphmLies will be caught up with, I don't see a problem.
ralphmMattJ, we'd talk about it
MattJand it would be my fault if I forgot to mention it?
larmaMattJ, are you representing their interest when making use of your XSF membership rights? If no, then it doesn't matter
MattJDoes it specify anywhere that I have to update the XSF if my status with a company changes between applications?
jonas’if my employer enters a three month contract to build infrastructure for, say, NATO messaging, would I have to disclose that?
MattJand how do I know which companies I need to notify the XSF about, and which I don't?
MattJObviously I've been around a while and could guess a few, but it seems pretty arbitrary
jonas’if my employer enters a three month contract to build infrastructure for, say, NATO messaging, would I have to disclose that (assuming that I’m assigned to work on that)?
MattJIf the honest answer is "it's fine, you'll know if you're (close to) breaking the rules and we trust everyone to be honest" then I'm fine with the status quo
pep.Of some putting their affiliations and some not? And asking every new member to? :p
moparisthebestassuming it was actually enforced, I'm not sure I see any advantage anyway, if one company wanted to hijack messaging standards they could just start their own standards organization and do it anyway, maybe call themselves Matrix or something?
ralphmMattJ: your last statement is my vantage point
pep.I'm curious what you think is the status quo though
MattJpep., you just summed it up :)
pep.I don't like this
pep.Why would we force it on new members while not on others
MattJWe historically haven't forced it
pep.Seems pretty random to me
KevFor my point of view, I think having some protection against representation/flooding is worthwhile. I'm fine with that protection not being public (although I think it's useful to default to public where people are willing). I think some guidance on what to disclose would be useful.
MattJWe request it, I've never seen anyone flag an application that didn't have it
ralphmThe status quo is that every few days other parts of our bylaws are scrutinized to see if there's an issue. I think it would be better to focus on things when there's an actual problem in need dire need for solving.
Ge0rGIf we don't strictly enforce this rule, how are we supposed to prevent being hijacked?
MattJGe0rG, it beats not having a rule and then not being able to enforce it when you need to
emus> If we don't strictly enforce this rule, how are we supposed to prevent being hijacked?
I mean, one could also lie... you would have to proof it anyway or?
pep.emus, what MattJ said.
Ge0rGMattJ: okay, I can see that.
emusIf you agree, I can tell Alex, or anyone else privately, as long that kept privately
pep.I also think it's a worthwile rule to have. I'm happy to rework the implementation
Ge0rGSo maybe somebody should change XEP-0345 into "affiliations can be made public, and must be communicated to the Secretary otherwise"
emus(I also understand that XSF fears to get hijacked of course)
pep.Ge0rG, 345 doesn't actually say this information has to be public does it?
pep.ah it does
pep.Only in one place, Security Considerations. It just seems to be assume in the document
pep.Only in one place, Security Considerations. It just seems to be assumed in the document
larmaGe0rG, it says applicants must provide, not to whom
pep.That doesn't say public. It talks about giving info to the Secretary and allowing members to vote
Ge0rG> As a secondary purpose, it also allows the XSF members to make an informed decision when voting to accept applications
Ge0rGthat implies that members will see this.
pep.That's already better than "On a public wiki"
Ge0rGand §3 says it has to be in the wiki
Ge0rGpep.: I'm sure you can provide a better wording as a PR :D
pep.I'm working on it
ralphmemus, there is no fear. This rule exists so we can take action in case a company is overrepresented based on that rule, instead of some vague notion of 'too much'.
jonas’15:51:07 MattJ> We request it, I've never seen anyone flag an application that didn't have it
I did, today.
MattJI didn't scroll back that far, I guess :)
MattJI'm definitely against picking on random people
emus> emus, there is no fear. This rule exists so we can take action in case a company is overrepresented based on that rule, instead of some vague notion of 'too much'.
Ok, I understand
jonas’I wasn’t aware I was picking on anyone in particular. I admit that I probably don’t scan applications of "famous" people like Dave as thoroughly as I do for others, though
jonas’I simply assumed it was an oversight
jonas’(and, to be frank, I also assumed that Alex would screen the applications, as he said he also keeps tab on the 15% rule at some point)
larmajonas’, he can keep tab on the 15% even without getting company names 😉
larmalike, we currrently have one applicant that works in a company in the wind power industry and no other member that does, so that implies his company is not overrepresented ;)
ralphmYes, until we only have 8 members, which is yet another problem.
ralphmI'm happy for Alex to continue doing what he's been doing and if someone at some point feels a company is overrepresented we can look into it.
Alexas @ralphm said. The ruile is there to take action if we thing a componany is overpresented or someone is raising concerns with that.
I am not compiling and verifiying the stats after every election.
larmaralphm, +1 - as long as we make sure that applicants that obviously are not overrepresenting a company don't feel any repression to apply I see no issue.
It just feels very absurd to not accept an active community member like emus purely based on the fact that we don't know the company even if we do know that it is not overrepresented.
pep.Where is a good venue that's not standards because it's about the membership, but also not members@ because that's not opened to non-members (right?)
Alex@emus exposed his employer to me. So I have it in my records
pep.Zash, I'd like a place where interested people can also join the discussion. A place where they can say things like "yeah if you do that I'd be interested to join"
emus> @emus exposed his employer to me. So I have it in my records
Ok, and if someone really really needs to know, I can tell him or her as well
vanitasvitaenever disclosed their job either :P
vanitasvitaeAm I even real? 😱
ZashAre birds real?
pep.I only see pixels
jonas’I see fragged people
Ge0rGI don't even see the pixels. All I see is blonde, brunette, redhead.
jonas’damn, that was the better reference
jonas’just proves that it’s been too long since I saw The Matrix
Ge0rGmarc: I've initiated a standards@ thread on the 0401 change, but there was less activity than I anticipated. How can we move it forward now?
jonas’"just do it"
Ge0rGsaid the person who just did it.
jonas’switching hats all the time sure does get confusing
Ge0rG* jonas’ puts on his wizard hat and robe.
jonas’that’s only on friday nights.
jonas’and also not a wizard, actually
Ge0rGa lizard, then?
vanitasvitaeLevel 7 Valor Bard
Steve Killehas left
Steve Killehas joined
emus> vantiasvitae never disclosed their job either :P
Omg... tbh I read a few application but also yours to get some inspiration... 🐵
emus> vantiasvitae never disclosed their job either :P
Omg... tbh I read a few applications but also yours to get some inspiration... 🐵
Zash> The namespace governing this protocol is "http://jabber.org/protocol/commands" (hereafter referred to as x-commands).
What the x-?
ZashHm, can't well-known commands take the dataform in the first step?
vanitasvitae> Omg... tbh I read a few applications but also yours to get some inspiration... 🐵
Don't blame me for this now :P
marcGe0rG: what are our options?
emus> Don't blame me for this now :P
Everything is your fault!!!1! 😉
Ge0rGmarc: you read https://mail.jabber.org/pipermail/standards/2020-January/036848.html and the reply and decide whether you want to accept the change or not
jonas’does anyone know how a Last Call email for a Procedural XEP should look like?
jonas’otherwise I’m going to cook something up
jonas’(the old tooling did not support this case, neither does the new)
marcLooks like shit on mobile, I'll read it later
Ge0rGmarc: yeah :/
jonas’man, I should step back from writing emails for today
jonas’it optionally uses PEP events for update notifications
ZashIt was PEP-only before, then that was added so that it would work in MUC ... IIRC
jonas’but it isn’t strictly a PEP node
Zashmod_vcard4 in Prosody is just a thin layer over the corresponding PEP node.
Zashand mod_vcard_legacy which implements 0398 is also a (not so thin) layer over a bunch of PEP nodes
ZashAnd as I'm trying to figure out how to write, it does respect the individual permission settings of those nodes.
jonas’you may want to add that to the thread then.
jonas’because that’s not what the spec says currently ;)
jonas’(and I generally prefer your behaviour)
jonas’(and I generally prefer your implementation’s behaviour)
ZashThat reply is exactly what I'm trying to compose
ZashI especially enjoy being able to set (or, keep?) the full vcard to access=presence while having the avatar nodes public, which makes it spit out a vcard-temp with only the avatar
jonas’yeah, that’s the kind of stuff I was thinking about
ZashThere's a thread on 0292 somewhere btw
ZashThat simpler iq syntax doesn't actually help with the MUC thing, since that's afaik an explicit exception for vcard-temp, so you could just as well do the same for a PEP / PubSub query as for a vcard4 iq-get
jonas’sounds to me as if The Editor™ should re-issue the (expired) LC for '292
marcGe0rG, I agree with Daniel and I would prefer to use SASL2 even though I'm not familar with SASL2 at all atm
Ge0rGmarc: SASL2 was introduced in March 2017, and then... nothing happened
Ge0rGDaniel: re XEP-0401
Ge0rGmarc: my reasons to change 0401 were not to make it perfect but to make it easy to integrate today
marcGe0rG, I know but "we" have lots of problem today because "we" did ugly hacks in the past, no?
ZashIt's a hack but there's an Actual Product that uses it, so there's that
Ge0rGmarc: yes, but this is a minor hack on top of an existing hack
marcI used data forms in the first place because i though it's the best solution
marcnow it seems SASL2 is the "best" solution
ZashSASL2 for the future! :)
marcGe0rG, you argued about complexity during 401 spec development, a hacky solution now and SASL2 later would introduce a shitload of additional and unnecessary complexity on the client and server
marctbh, I don't know how far away we are from SASL2 :)
Ge0rGmarc: not so much, because SASL2 will be a nice and clean solution to many problems, including token authentication
Zashmarc: I mean there are implementations already (of 0401 etc)
marcGe0rG, yep, but you need backwards compability
Ge0rGmarc: yes, but you'll also need backward compat between SASL2 and IBR, between SASL2 and normal login, etc
marcZash, yep, a spec cannot step people from implementing something else ;)
marcGe0rG, token if SASL2, no token otherwise? :)
ZashI do have some SASL2 code stewing fwiw
Ge0rGmarc: no - token via SALS2 or token via IQ if no SASL22
ZashNeed ... a client to test with
Dele Olajidehas left
Ge0rGZash: I'd offer help, but... yaxim is not doing SASL directly and instead using Smack, and the current Smack development tree won't work with yaxim
marcZash, SASL2 code for prosody?
Dele Olajidehas joined
marcDaniel, how much effort is it to implement SASL2 in Conversations?
ZashIIRC the two things I got stuck on was 1) client or something to test with and 2) internal architecture to make it easy to do the things that SASL2 allows
marcGe0rG, 401 is not important enough for ugly hacks IMO
Danielmarc: I don't know a lot about sasl 2 to say. Probably not a lot
Ge0rGmarc: if it's not important, you can accept the ugly hack
marc432 sounds like a joke from fefe's blog ^^
ZashI'd imagine SASL2 itself to be easy to implement, but as I said, it might take architectural changes to do fancy parallell things
Ge0rGmarc: however, I'm convinced that we need easy user onboarding and that 0401 is an important step in that direction
marcZash, can you give me the link to your SASL2 branch?
Ge0rGmarc: ask MattJ about the experience with 0401 at last FOSDEM
marcGe0rG, I already had a working implementation with ejabberd and Conversations, I know that it is nice
marcBut I don't want to pollute the protocol with more ugly hacks
jonas’Zash, I could probably look into implementing SASL2 in aioxmpp if you hand me a server to test with
Ge0rGmarc: you had an implementation of 0401 before my change?
Ge0rGmarc: you need to be more public about your achievements.
marcGe0rG, IIRC I posted a screencast ;)
Ge0rGmarc: ...to where?
marcGe0rG, even a Gajim implementation!!1!
marchere or in the Conversations group chat
Ge0rGmarc: that's not adequate.
Ge0rGPeople are not reading chat-logs
marcGe0rG, I'm pretty sure you read it Ôo
Ge0rGAlso I'm Very Sad Now, because I changed the spec and got the changed spec implemented in yaxim, prosody and I've heard about it being part of recent Conversations
Ge0rGmarc: maybe I'm just getting old
marcGe0rG, If not I'm very sorry
Ge0rGmarc: what's the URL?
Ge0rGMaybe I'll remember when I see it?
Ge0rGOr maybe I should just go offline and become a potato farmer
marcIt's not online anymore because I reinstalled my infrastructure but let me see if I can find it
Ge0rGeither way, I was totally unaware of all of that when I made https://yaxim.org/blog/2020/01/31/yaxim-0-dot-9-9-fosdem-edition/
ZashAnd the logic is mostly handled elsewhere by the same stuff that handles SASL1
ZashThat code is just mapping it to the new wire protocol
ZashAnd notably doesn't do any of the fancy stuff SASL2 is meant to allow
Zashjonas’, sent that vcard compat reply. I hope I finished it.
jonas’Zash, I know that feel
jonas’Zash, does vcard4 not contain an avatar?
ZashIt can, but why would we when we have '84?
ZashOr what do you mean?
Douglas Terabytehas joined
ZashAvatars are separated out and not included stored in the vcard4 PEP node by the Prosody module.
Zashminus one word
Zashthe post-food slowness
jonas’Zash, so when a client wants the "full" vcard4, it has to query vcard4 + avatar?
jonas’Zash, so when a client wants the "full" vcard4, it has to query vcard4 + avatar, separately?
jonas’just for my understanding
ZashYou probably had the avatar already to show in the contact list or somesuch.
jonas’Zash, I was asking from a permission perspective mainly
jonas’i.e. whether the granularity is consistent between vcard4 and vcard-temp
marcGe0rG, Zash: how is sasl2 and ibr related? do we always have an authentication (anonymous?) step and then ibr?
Zashjonas’, It should be consistent, yes.
Zashmarc, they would be related somehow in some way such that everything is nicer
ZashOh there's https://xmpp.org/extensions/xep-0389.html too
ZashWait have we been talking about SASL2 when we should have been talking about IBR2?
ZashIBR2 is what you want for 0401
marcProbably, who came up with SASL2?
ZashDunno, was it me or Ge0rG ?
ZashEarly connection something 2 that reduces the hackyness of 0401
Ge0rGMaybe it was Daniel?
marcNo bullshit please
ZashSASL2, IBR2, Routing2, ... MAM2
Zashmarc, so, IBR2 is for improved registration flows (ask for random profile details, invite tokens, CAPTCHA etc) and SASL2 is for improved login flow (2FA, required password change, stuff) and reducing roundtrips (auth + bind or 198 resumption in one step)
marcZash, yep, that's what I thought
marcZash, is there a IBR2 XEPs?
ZashLinked to it above, https://xmpp.org/extensions/xep-0389.html
marcBut atm I don't see the advantage over regular IBR
vanitasvitaeSuprise Blog Post!
vanitasvitaeFallback Indication was a defenseless victim MWAHAHAHA!!!
emusI read in the Application Wiki again. And I saw the list there and got reminded that I read that point about the company of course for the application, but didn't felt related to it. So I didn't actually thought about nameing it (and of course for privacy reasons). Further, I thought it would be mandatory only if you work in a company that has any interest or relation to XMPP topics.
So, maybe that should be cleared out in the future, that, where ever you work as individual (StarBucks or Microsoft) you have to put it to the application.
emus> Suprise Blog Post!
Can you drop it to the march newsletter:
pep.ugh I hadn't realized Fallback Indication had been accepted..
pep.vanitasvitae, I know it's "just an example" but this is a bad use of 428, considering there's already EME (0380) :/
pep.And we all know people just look at examples
vanitasvitaeyeah thats true
vanitasvitaeactually that example made me think that the XEP itself is useless 😀
vanitasvitaeBut I can imagine some use case for it server side.
jonas’vanitasvitae, neat blog post
pep.Yeah I also like the blog post otherwise :)
pep.Maybe add some kind of syntax highlighting? If it's not too much a hassle
vanitasvitaeMy WP theme doesn't support it unfortunately 🙁
vanitasvitaeMaybe there is a plugin for that..
jonas’I bet there is. and I wouldn’t be surprised if it came with a free remote shell!
marcGe0rG, did you explain the disadvantage(s) of IBR dataforms somewhere?
jonas’no need to, it contains XEP-0004
Zashjonas’, did you explain the disadvantage(s) of XEP-0004 somewhere? :P
jonas’from a different docmuent, but I think it also applies to IBR:
> Sturctured data, beyond lists of text and JIDs, can not be represented with Data Forms (XEP-0004)  at all. Machine-readable data would also have to be human-readable at the same time to provide a fallback view for human users. Interationalization of such human-readable data in field values is not possible with Data Forms (XEP-0004) .
jonas’Zash, as a matter of fact, I did, in a recent ProtoXEP
Ge0rGmarc: yes, but I don't remember where. Might have been on list on the initial 0401 submission
marcGe0rG, hm, okay
Ge0rGMy biggest issue was that a client now has to check whether a data form is fully equivalent to plain IBR plus the token
Ge0rGAnd then display the regular IBR dialog instead of a full data form dialog
Ge0rGFor which I don't have support anyway
Ge0rGI'm lost now. https://www.google.com/search?hl=de&q=site%3Amail.jabber.org+%22XEP-0401%22&oq=site%3Amail.jabber.org+%22XEP-0401%22&aqs=heirloom-srp..
jonas’from searching for "council", I get the impression that google doesn’t have anything newer than 2017 in its indices
jonas’ah, 2019-march, too
vanitasvitae> Maybe add some kind of syntax highlighting?
pep.Now it's even more obvious for people to just copy the code!!
pep.An idea of why memberbot is so slow btw? Or is it my server again being too far?
jonas’it introduces an intentional delay I think to make it feel more realistic?
pep.It's even setting "composing"
jonas’it also sends typing notifications in case you haven’t ... yeah :)
jonas’I quite like that actually
pep.Not too uncanny yet, we're good
Ge0rGSay what? It's adding latency to feel more human like?
Ge0rGI haven't tested yet but I hate it already...
ZashShould fix the thing where messages end up before the responses due to sorting by timestamps with insufficient precision :)
pep.Real life hacks(tm)
pep.btw ad-hoc voting is not enabled on memberbot?
Ge0rGZash: that should only be an issue if the bot adds timestamp to everything
pep.returns empty nonetheless..
pep.But I see code for it
Ge0rGSo it will artificially delay its responses to be more human like, but it won't accept a "Yes" for a yes?
Ge0rGAnd yes, I hate it indeed
vanitasvitae> but it won't accept a "Yes" for a yes?
This is especially annoying if you are on mobile
pep.Well I just fixed it. Let's awit for Alex to merge it :)