XSF Discussion - 2020-11-15

  1. marc

    https://share.zapb.de/0e13a6d6e89e55a5708adf142c700a6b2c084b73/EXp7m5I4zMnUVV5jNHjExgpvbqPNGulS7G1JYZty/xep389_invite_and_recovery.webm

  2. marc

    XEP-389 at work

  3. flow

    marc, +1`

  4. flow

    not really related, but Dino(?) uses the term "XMPP ID"?

  5. marc

    AFAIK XMPP ID is the term that should be used according to modern XMPP

  6. Link Mauve

    Dino doesn’t, I went through all the strings recently. :)

  7. lovetox

    We use XMPP Address

  8. lovetox

    But i guess XMPP ID would also be fine

  9. lovetox

    looks good marc the password reset makes me bit uneasy

  10. lovetox

    setting new password without typing it a second time or at least have the possibility to not hide it, is a game of luck

  11. lovetox

    but this is a client UI thing, not related to 389

  12. marc

    Oh wait, that XMPP ID comes from the dataform

  13. lovetox

    then ID is probably good

  14. marc

    > setting new password without typing it a second time or at least have the possibility to not hide it, is a game of luck To hide it?

  15. lovetox

    because something like Address needs to be translated

  16. lovetox

    and not all servers support translation

  17. lovetox

    marc, "to *not* hide" it

  18. lovetox

    or better "to show" :)

  19. marc

    And it's not about changing password but recovering, you don't know your password in that case

  20. lovetox

    marc, in your video you set a new password

  21. lovetox

    what if i mistype my new password, i have to reset it all again

  22. marc

    You mean something like two pw fields that check if both are equal?

  23. Link Mauve

    marc, the correct term for the dataform would be JID.

  24. Link Mauve

    Clients can then translate it how they want.

  25. Link Mauve

    Changing JID in the protocols would be an extremely bad idea.

  26. arne

    anonbox offers instant accounts?

  27. marc

    Link Mauve, it's all about 389 not about "I did a perfect UI"

  28. arne

    Isn't that an invitation for spammers?

  29. marc

    arc, you cannot send email but receive

  30. marc

    arne

  31. arne

    ah ok, thanks for informing

  32. Link Mauve

    Spammers often need to receive emails but not send, for instance to create an account on most websites.

  33. marc

    Link Mauve, I'm not a spammer and I need to create account on some websites ;)

  34. marc

    +s

  35. marc

    Link Mauve, lovetox I did the token and email recovery implementation to spot problems of my implementation and the spec

  36. Link Mauve

    That’s cool!

  37. marc

    Turns out that once you have the basic 389 implementation, extension are quite easy to implement

  38. flow

    marc, no, modern xmpp states bascically to use "XMPP address" → https://docs.modernxmpp.org/meetings/2019-01-brussels/#naming-things

  39. flow

    "XMPP ID" would add a third term for the same thingy, we probably want to avoid that

  40. marc

    At the moment everything is done via dataforms, for some use cases it would be beneficial to have some dedicated challenges defined

  41. marc

    flow, as I said, forget about the UI ;)

  42. marc

    But TBH I find it not too bad :)

  43. Ge0rG

    marc: good work!

  44. jonas’

    marc, if the UI is all they complain about, it’s probably OK ;)

  45. jonas’

    UI is the last thing (floss) devs complain about ;D

  46. Ge0rG

    I complain about UI. Also about UX.

  47. Ge0rG

    I had to 🤐 to not complain about having to enter the JID twice and about the visible password 😉

  48. marc

    Ge0rG, thanks

  49. marc

    I also consider UI/UX as important

  50. marc

    but that was not the main exercise here

  51. marc

    Ge0rG, yes, the reason is that the ui renders all data form challenges directly

  52. marc

    in the main version I would check if the challenge is for the jid and directly send it to the server and do not render it

  53. marc

    also at the moment I used data forms only, as said before in some cases a dedicated challenge type would be beneficial

  54. marc

    But it took me like 20 minutes to build an invite token challenge on top of the existing code

  55. Ge0rG

    Yeah, specifying the exact form fields or using a dedicated challenge should allow the client to make proper UI

  56. marc

    Ge0rG, exactly

  57. flow

    marc, IIRC data forms provide a field type for passwords

  58. marc

    flow, yes, they do. what's the context?

  59. flow

    marc, not sure, it sounded like you didn't knew about that

  60. marc

    flow: I do but I didn't care for this poc

  61. marc

    flow: btw, do you have a good howto for smack on desktop?

  62. marc

    I failed with all the Java Gradle shit

  63. flow

    marc: happy to help, not sure which issues you ran into. gradle is smack build system, but you don't need to use it in order to consume smack. maybe ask in smack@conference.igniterealtime.org

  64. flow

    marc: happy to help, not sure which issues you ran into. gradle is smack's build system, but you don't need to use it in order to consume smack. maybe ask in smack@conference.igniterealtime.org

  65. mdosch

    Gradle of filth?

  66. Zash

    Gah, I opened XEP-0060 to a random section and found something I've never heard of before. Why?

  67. edhelas

    Zash I actually saw that exact message opening 0060 randomly last time I checked

  68. edhelas

    Is it some kind of malediction ?