XSF Discussion - 2021-07-23

  1. Daniel

    > With the added caveat of your body must be just the url alone, because something something inputmice Technically you can also omit the body entirely and just send the x-oob stand alone

  2. Daniel

    It's just that you can't mix text and image

  3. Daniel

    The body equals x-oob is just a short hand for 'usually you want to provide a fallback for clients that don't do x-oob'

  4. Ge0rG

    Daniel: but couldn't you put the text into the <desc/> element of OOB and combine url + text in the message body? And wasn't there a client enforcing body==x-oob.url?

  5. Daniel

    Ge0rG, i'm describing Conversations behaviour. not the xep

  6. Ge0rG

    I know, we don't have any XEP describing the mess we are in.

  7. MattJ


  8. Ge0rG

    MattJ: that's as always a great resource, thanks.

  9. georgeorwell

    Hi, I am looking for a topic for a bachelor thesis with which I can support XMPP. Does anyone have an unstarted project or an idea that is suitable for a bachelor thesis?

  10. flow

    georgeorwell, good question, not from the top of my head. do you have any ideas?

  11. flow

    brainstorming ideas:

  12. flow

    - xmpp over quic

  13. flow

    (especially with consideration of stream management and transport agnostic stream resumption)

  14. Zash

    qy: https://linkmauve.fr/extensions/xep-0280.html

  15. flow

    - a MIX implementation for Smack :-P

  16. flow

    - comparing XMPP's energy and traffic consumption with other protocols (MQTT, ZeroMQ, etc). this could potentially provide insights where XMPP (and implemenations) can be improved

  17. flow

    i'd really love to provide a citeable reference that can be given if someone claims that XMPP is not suitable for all kinds of low energy use cases. While I don't expect that XMPP has the same low resource useage as binary protocols, I would expect that the overhead of XML is far lower and manageable as people expect in a lot of situations

  18. flow

    georgeorwell, does that ad-hoc list help?

  19. Zash

    qy: and others at https://linkmauve.fr/extensions/ have WIP(?) DOAP listincg

  20. Zash

    phryk: ↑

  21. georgeorwell

    flow: my previous ideas would have been about implementing currently unsupported xeps in various clients, but this only helps the specific client and not a larger part of the community. And the scientific value would be also very limited.

  22. georgeorwell

    so yes, that helps a lot!

  23. flow

    georgeorwell, right, I also don't see how this would be a good thesis, even for a bachelors

  24. flow

    georgeorwell, you don't happen to be looking for a thesis in germany?

  25. phryk

    Zash, sorry what? I just fell out of bad, still very groggy. ^^

  26. phryk

    Zash, sorry what? I just fell out of bed, still very groggy. ^^

  27. Zash

    Something about showing DOAP data in each XEP

  28. Zash

    Link Mauve was working on that

  29. georgeorwell

    If anyone else has suggestions, you are always welcome to contact me: https://www.huhn.dev/contact/

  30. georgeorwell

    flow: yet i am :)

  31. phryk

    https://paste.xinu.at/9zDg3C is pretty much all the data about XEP support currently in the DOAPs

  32. Zash

    And at https://linkmauve.fr/extensions/ it's shown in each XEP

  33. phryk

    oooooooooooooooh. :D

  34. phryk

    i thought that was just a domain mirror or something. ^^;

  35. phryk

    How is xmpp.org implemented anyways?

  36. jonas’


  37. phryk

    Ah, static site generator I was pretty sure about, but it's implemented in python, nice.

  38. jonas’


  39. jonas’

    no :)

  40. phryk


  41. jonas’

    it's using a terribly outdated pelican version with a lot strange hacks

  42. jonas’

    I wish I had the time to clean that up

  43. jonas’

    I don't dare to look into theme/ too much

  44. jonas’

    it sheds a terrible light on pelican ;)

  45. phryk

    but pelican is python?

  46. phryk

    Please tell me this doesn't use 2.7 :D

  47. jonas’

    I wouldn't bet on that.

  48. phryk

    Wow, so what's the issue with migrating it to a newer version of pelican? Did stuff just change there, or is it the "lots of strange hacks" bit?^^

  49. jonas’

    the latter.

  50. phryk

    Ah, so in essence the site is generated by a lovecraftian custom fork of ancient software?

  51. phryk

    Cthulu r'lyeh ni ni!

  52. jonas’

    it's not a fork, to be fair

  53. jonas’

    it's just a really complex theme

  54. Zash

    Pelican 3.3 from 2013, you better believe it's Python 2.x and also you need some kind of node.js madness to build the theme, which nobody knows how to do anymore, so you gotta edit minified css.

  55. Zash

    That about covers it?

  56. jonas’

    that's just the CSS part of it

  57. jonas’

    the jinja templates in the xsf theme are the reason why strange things happen when you upgrade pelican

  58. Zash

    Not that other blog engines seem any better. /me grumbles about Hugo and the Prosody blog breaking if you even think about switching version

  59. jonas’

    thing is that pelican is pretty decent in my experience with my own sites

  60. phryk

    sounds like there's just stuff done in the theme that absolutely doesn't belong into a theme.

  61. phryk

    For money, I could probably fix that. :P

  62. phryk

    Is there an A+ rating for servers with the xmpp.net tester? :3

  63. Zash

    Do you want maximum internet points or working federation? (can't have both)

  64. phryk

    well, I'm going to break *some* federation. the test also made me notice that i still got some TLS ciphers in there I probably want to remove.

  65. phryk

    But might extend my own testing suite to crawl servers for their supported ciphers and such so I have some actual data i can base my decisions on.

  66. phryk

    I mean, I assume there's probably still servers out there doing no TLS, so even just requiring any TLS already breaks *some* federation. more of a matter of degree. the internet points are just a nice bonus on top. ^^

  67. Menel

    I think Its easy, enable tls1.2+, get 4096 bit cert, Cipher bitsize only 256 and only Forward secrecy

  68. phryk

    That's the plan, tho I have no idea how large the percentage of clients/servers is that this will stop from connecting/federating…

  69. phryk

    Tho I don't know if I can specify key size at letsencrypt, but wanted to look into that anways. :)

  70. Menel

    The big once all do. I have everything on that list except cipher bitsize is unessesarily high with 256 only in my opinion

  71. Menel

    > Tho I don't know if I can specify key size at letsencrypt, but wanted to look into that anways. :) You can

  72. Zash

    Let's Encrypt doesn't generate your keys

  73. phryk

    True, but if some computation on their end is dependant in key size I can imagine them limiting maximum key size.

  74. Menel

    I think the max was once 4096. But don't know if its still the case. There were people that wanted bigger once and created issues on the tracker..

  75. phryk

    Nice, works for me. :)

  76. wuuko

    aTalk doesn't support omemo or otr in group conversations, right?

  77. Menel

    Its not a question for the xsf I assume.. You could just try it

  78. Menel

    Their play store description says they support both

  79. wuuko

    > Menel wrote: > Its not a question for the xsf I assume.. > You could just try it Ok.

  80. qy

    > Zash wrote: > qy: and others at https://linkmauve.fr/extensions/ have WIP(?) DOAP listincg Oh very good

  81. Link Mauve

    It’s not up to date though, I’d rather integrate that on the website than to maintain it myself, for other to (not) know about it.

  82. Zash

    Right. Why I said "WIP". Mostly mentioned to point out existing efforts for this.

  83. Zash

    I've forgotten what's blocking merging of that

  84. Link Mauve

    Figuring out Docker.

  85. Link Mauve

    As in, integrating it into the automated build of the website.