-
moparisthebest
Couldn't resist :) and maybe, same name there
-
Maskugatiger
hi guys,if u want find my group..on gajim.. u only type this keyword "maskuga" on search box. start/join. then click button Global Group Chat Search. that all.
-
moparisthebest
I warned him he should stop with the spam in dino channel before this, he insists it's not spam, this is channel #4 that I've seen
-
ralphm
Thanks, moparisthebest. Spam is in the eye of the beholder.
-
Sam
The office hours are today at 1600 UTC! Join us for "Building a Chat Bot on Ad Hoc Commands" by Christopher Vollick: https://socialcoop.meet.coop/sam-pku-dud-niv
-
Holger
Seems 0060's integer-or-max thing was defined for pubsub#max_items and two other node config options, but e.g. not for pubsub#max_payload_size, where I'd think it would make sense as well?
-
phryk
Sam, sounds interesting, was wondering how to go about creating XMPP bots – and there's a few hours left before that so i can get some food in me. :)
-
phryk
Sam, is it alright to share this invite link on the fediverse?
-
MattJ
phryk, https://fosstodon.org/@xmpp/106642759433718435
-
phryk
Oooh, didn't even know the XSF had a fedi account, but that makes so much sense in hindsight that I'm embarassed I didn't realize it.^^
-
phryk
wait lol, i already follow that account :D
-
phryk
any clue whether i need previous knowledge about ad-hoc commands or the internals of any other xmpp spec/xep?
-
Sam
I'm not sure, I haven't talked to the presenter about the content
-
phryk
alrighty. it seems as though this sort of talk is at least a semi-regular occurance?
-
Sam
In theory; lately no one seems to want to sign up
-
phryk
When I got this setup finished, I might be interested in saying a bit about secure XMPP setups.
-
phryk
That's gonna take at the very least a month tho. Besides some more minor stuff, I still have to implement a custom invite page, fix at least one bug in mod_e2e_policy and extend its featureset by a good chunk, and I never programmed in lua before. :P
-
phryk
Currently I'm writing a bunch of texts for the website to onboard people and give them what they need to make informed decisions.
-
Sam
You could always present on what you plan to do instead; that way it's more likely to happen 🙂
-
phryk
But that way, I don't have any actual findings. :P
-
phryk
Plus, it's an anarchist thing – I want propaganda of the deed: if I already did it and show it off it shows to others that and how it's possible. :)
-
emus
The office hours start in about 30 mins! Join us for "Building a Chat Bot on Ad Hoc Commands" by Christopher Vollick: https://socialcoop.meet.coop/sam-pku-dud-niv
-
jonas’
Sam, what's your final take on https://github.com/xsf/xeps/pull/1090, after list discussion?
-
jonas’
can it be closed, do you want to update it?
-
Sam
I still think it's fine as is, but might as well update it for the mam thing too
-
jonas’
Sam, could you explain where the current methods are not sufficient on list so that we have it documented? It's still not obvious to me.
-
goffi
jonas’: hi, I didn't change the status from Deferred to experimental for https://github.com/xsf/xeps/pull/1094, will it be done automatically?
-
goffi
apparently not, I'll make an other PR then
-
jonas’
goffi: thx!
-
MattJ
<iteam-hat>I guess the E2EE SIG wants a mailing list? How about a MUC? (cc vanitasvitae)
-
goffi
jonas’: https://github.com/xsf/xeps/pull/1097/files
-
vanitasvitae
I have thought about that as well, but I'm not sure how muvh benefit dedicated lists and rooms would bring.
-
vanitasvitae
But it can't hurt either I guess. Whats the process of getting a MUC registered on xmpp.org?
-
MattJ
My opinion is that a MUC would be valuable, but list discussion would be better on standards@ if the traffic is low
-
vanitasvitae
Yeah, thats more or less my opinion as well
-
vanitasvitae
Too many lists to keep track of :D
-
MattJ
But never enough MUCs!
-
vanitasvitae
#thatsXMPP!
-
me9
> MattJ wrote: > My opinion is that a MUC would be valuable, but list discussion would be better on standards@ if the traffic is low What muc address would that be?
-
me9
It was stated here, not so long ago, that the XSF makes no software for XMPP but only discusses the standards, XEPs. Or did I get this wrong? Does it also write the XEPs? I mean defining something in detail without making it would feel weird to me.
-
moparisthebest
people write the XEPs, anyone can, the XSF discusses+publishes them
-
moparisthebest
sometimes code comes before XEPs or after or sometimes never, personally I agree with you, for me code always comes first
-
MattJ
"Rough consensus and running code" is the way
-
me9
Ok, thanks.
-
MattJ
me9: the XSF is a volunteer organization. When a XEP is written there is usually someone with an interest in implementing it, and they are involved in the process (often they are the XEP's author)
-
me9
Mhm.
-
phryk
Where are past presentations hosted? Would be especially interested in talks giving a good high-level overview of the specs and terminology.
-
me9
phryk: Do you mean the XMPP Office Hours?
-
phryk
For example, but if there's more than just that, I'm happy, too. ;)
-
phryk
Ah found XSF's Youtube channel and Sam's talk.
-
phryk
4/20 \o/
-
me9
> phryk wrote: > Ah found XSF's Youtube channel and Sam's talk. I think Sam made that channel and puts the recorsings on there.✎ -
me9
> phryk wrote: > Ah found XSF's Youtube channel and Sam's talk. I think Sam made that channel and puts the recordings on there. ✏
-
phryk
lol grindr is built on xmpp?
-
Link Mauve
Yes.
-
phryk
and fucking zoom? jeebus. :F
-
jonas’
language maybe
-
Zash
Yes, maybe keep a civil language
-
phryk
I'll try.^^
-
phryk
Under protest. :P
-
jjrh
Didn't know about zoom, that's pretty nifty :)
-
phryk
Is there a recording of the "Towards XMPP 2.0" thing?
-
phryk
https://www.youtube.com/watch?v=oc5844dyrsc and this one is going into my future watch list :3
-
Link Mauve
phryk, Zoom posted some job offer on https://xmpp.work/ recently.
-
Link Mauve
But looking at their docs is enough to know they use XMPP.
-
phryk
I never used Zoom and never looked at their docs. :P
-
phryk
I even dislike jitsi because goddamnit, just build an A/V MUC thing I can join with a normal XMPP client. :F
-
Link Mauve
phryk, that’s exactly what they have done.
-
jonas’
"just"
-
phryk
They did?
-
Link Mauve
They do.
-
phryk
Wait, can I join jitsi meets with conversations, then?
-
Zash
Nope
-
Link Mauve
You can join any Jitsi MUC with any other client, yes.
-
jonas’
you won't get A/V though
-
phryk
Yeah, I meant the A/V part. :P
-
Link Mauve
phryk, their main meet.jit.si server only exposes a WebSocket entrypoint, no plain TCP ones.
-
Link Mauve
phryk, get any other client to implement multi-party A/V first?
-
jonas’
Link Mauve, though nowadays you need to send <nick/> in presence for things to work IIRC
-
Link Mauve
jonas’, yes, even back then.
-
jonas’
back then™ it was sufficient to send <nick/> in <message/>, not in presence.
-
Link Mauve
Or you get weird auto-generated ids instead of your nick.
-
phryk
Link Mauve, Conversations doesn't implement multi-party A/V yet? I thought they did…
-
Link Mauve
phryk, nope, it doesn’t.
-
Sam
I think they're webrtc only now, last time I tried I couldn't connect anymore
-
phryk
Damn.^^
-
Zash
It doesn't and Jitsi doesn't want to cooperate
-
jonas’
Link Mauve, I know because my bot got away with that, while injecting it into presence was so annoying that I replaced it with a prosody module :D
-
Link Mauve
The only clients I know of which implement that are Jitsi Meet, Jitsi, Empathy, and I guess Zoom.
-
Zash
Isn't everything "webrtc" these days tho?
-
jonas’
Link Mauve, dino is on it though, or so I hear
-
phryk
Yeah figures, I guess they also didn't hand in an XEP to specify how multi-party A/V either?
-
Link Mauve
Sam, always has been WebRTC, it wouldn’t do audio/video in a browser otherwise.
-
jonas’
and Conversations is interested to follow suit
-
jonas’
phryk, they are based on XEPs which specify multi-party A/V :)
-
Sam
Link Mauve: the signaling is webrtc now too, I mean
-
Link Mauve
Note that Conversations, Movim, Dino and whatnot are also WebRTC, with Dino being the only one not WebRTC only.
-
jonas’
those haven't been kept up to date though :(
-
Link Mauve
Sam, WebRTC doesn’t do signaling though.
-
Link Mauve
It leaves that out to the client.
-
phryk
jonas’, care to throw me the XEP numbers? :)
-
Sam
It does whatever you send over it.
-
jonas’
phryk, check the list for COLIBRI
-
jonas’
Sam, you need something to exchange the SDPs over though, before you can even exchange peer-to-peer data
-
Link Mauve
phryk, XEP-0298, XEP-0340 are the main ones.
-
jonas’
right, Coin and COLIBRI
-
Sam
I couldn't see a websocket connection last time I tried anyways, I could see IQs in a webrtc error message.
-
jonas’
(make sure to enable Deferred ones in the view)
-
Zash
What was "WebRTC" even? Some profile of codecs and stuff? RTP over UDP over DTLS over HTTP over SCTP over DTLS over ...???
-
phryk
Dino just uses rtp directly?
-
Link Mauve
Sam, in any given room, press F12, go to the network tab, and look for the wss://meet.jit.si/xmpp-websocket?room=yourroom connection, it has HTTP status 101.
-
Link Mauve
Then in the Response tab you can see the WebSocket exchanges.
-
Link Mauve
(In Firefox, I don’t know how it is in other browsers.)
-
Link Mauve
phryk, yes, or with DTLS-SRTP to negociate the encryption, which is basically what WebRTC is.
-
Link Mauve
Plus a bunch of other extensions made mandatory.
-
phryk
cool.
-
phryk
Now, I think, I'll finally go read that mod_e2e_policy code. :3
-
Zash
MattJ, others interested in E2EE might be interested in an e2ee ietf mailinglist: https://mailarchive.ietf.org/arch/msg/ietf-announce/JD82eEVcnGOYCYCcIjRDwiZlB6Q
-
southerntofu
Link Mauve, can you actually join meet.jit.si with any other client? i thought they disabled s2s?
-
phryk
southerntofu, sounds like you can join chats if your client supports xmpp over websocket.
-
phryk
so, i assume that basically means conversejs and nothing else?^^
-
southerntofu
idk phryk i dug through my browser console to find the muc address and tried to join, but it failed
-
Link Mauve
southerntofu, yes you can, configure your client to use this WebSocket endpoint, and then join the MUC you want.
-
southerntofu
ok strange, thanks
-
Link Mauve
Most desktop clients don’t support WebSocket though, so use something like Gajim, Converse.js or such.
-
Link Mauve
I have successfully used Gajim.
-
phryk
Sounds like Gajim is the best client for debugging XMPP stuff…
-
southerntofu
good to know! like we were talking in some other chan, i'd find it great to have better desktop/mobile clients for Jitsi Meet
-
moparisthebest
<open xmlns="urn:ietf:params:xml:ns:xmpp-framing" is WebSocket C2S, anyone have opinions on what S2S should look like? unless I hear complaints I'm going with xmlns="urn:ietf:params:xml:ns:xmpp-framing-server"
-
vanitasvitae
Zash, created on 27.07? Coincidence? :O
-
moparisthebest
southerntofu, phryk I'm close to releasing a tool that'll let any normal-xmpp-speaking client connect over WebSockets FYI
-
southerntofu
a MUC<->websocketMUC gateway?
-
phryk
websockify?^^
-
vanitasvitae
webmucket
-
Zash
moparisthebest: The framing that is only really needed with clients that are limited to DOM entire-document parsers? Why would you ever keep that? Why do we still have it for c2s???
-
moparisthebest
a TCP-XMPP -> websocket-xmpp proxy
-
moparisthebest
Zash, yea, wouldn't *need* the framing I guess, on the other hand why not
-
Link Mauve
phryk, I usually use poezio, but it’s a matter of preferences really.
-
Link Mauve
It doesn’t support WebSocket though, nor WebRTC.
-
phryk
My preference UI wise is dino, tho I'd like it to be a bit mor explicit and offer more things on context…
-
phryk
Might actually end up writing my own client, but that's one of those potential projects like me writing my own wayland composer or webframework. :P
-
Link Mauve
phryk, why not contribute to Dino?
-
phryk
I mean I am doing the latter, but I started in 2011-2012 and it's been in it's third iteration since 2015 and still isn't even at alpha^^
-
phryk
Link Mauve, because the devs made it clear they don't see eye to eye with me concerning UX.
-
moparisthebest
fork!
-
phryk
No way.
-
moparisthebest
why? certainly nicer than totally starting from scratch when you are 90% of the way there
-
phryk
No, and a whole bunch of reasons.
-
phryk
For one, I'm not gonna learn yet another language just to fork a thing when I'm already currently learning D for that wayland compositor, have to get back into Perl for a job and am about to embark on learning Lua.
-
phryk
Learning 3 languages in parallel is enough for me, thank you very much.
-
phryk
Also, because time and time again I've found that using other peoples codebases for complex stuff turns out to be a complete cl*****f*** when trying to bend it to my needs.
-
phryk
For example in my webframework I tried using pandas (python data analysis module) for over a year and everything was pain and suffering for that time.
-
phryk
When I decided to just throw the damn thing out, I was at feature parity with my old stuff in about a month and a week later had more features than before, the thing worked more generally and the serialization was more reliable while not changing its interface at all.✎ -
phryk
When I decided to just throw the damn thing out, I was at feature parity with my old stuff in about a month and a week later had more features than before, the thing worked more generically and the serialization was more reliable while not changing its interface at all. ✏
-
moparisthebest
other people's code is terrible, your code is terrible, welcome to programming
-
phryk
Nah, it's not only that.
-
moparisthebest
programmers like rewriting things :) https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/
-
phryk
*Some* other peoples code is great, amazing even. I've only ever once had a problem with flask for example when it was relatively fresh, dumped my concerns into IRC and forgot about it – only to come back to it a couple months later and found that all my issues had been fixed in ways that were better than what i proposed.
-
southerntofu
and some other people's code is garbage, like ansible which has over 1000 papercuts/m² which are very counter-intuitive
-
phryk
And XMPP implementations are one of those things where I'd be *extremely* cautious. Been playing with the tought of implementing it myself, but then it's not a medium-sized domain-specific project anymore, but a multi-year one.^^
-
phryk
The concept for an XMPP messenger I came up with some time last year was using python + kivy so I can do responsive design from the ground up and do desktop + android + iOS (+ pinephone or whatever) – basically one client to rule them all. :P
-
phryk
But honestly, I'd like it to be compiled, so currently I'd be leaning more towards D, but then I don't know of any compatible GUI toolkit being constructed with responsive design methodology built-in…
-
phryk
Plus, I'd still lose the whole "support for any and all platforms" thing…
-
southerntofu
phryk, sounds a lot like libervia.org (except python)
-
phryk
Isn't that just an online service, not a client?
-
southerntofu
phryk, it's a client with different frontends: gtk, web, cli, tui, android...
-
phryk
oh, like mplayer but for XMPP? :D
-
southerntofu
something like that :P
-
phryk
good approach, I'd say. but I want just one frontend that' responsive.
-
southerntofu
also you may be interested in some rust GUI frameworks which support web platform, like https://github.com/hecrj/iced
-
southerntofu
or keep an eye on WASI project to reuse web technologies everywhere (except JS of course)
-
phryk
No, no, aand no. ^^
-
phryk
And definitely no electron or anything like that.
-
southerntofu
it's not EXACTLY "anything like that" but it's the same spirit yes
-
phryk
Don't get me wrong, I've been doing web development for some 15 odd years now and I love what the web enables, but I hate how the web is used to replace anything native.
-
southerntofu
https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/ <--- not exactly sure it's the best but if web platform is on your list, then it may be the most appropriate
-
phryk
My webframework has a strict policy about no client-side scripting and no third-party requests. enforced by CSP in its core so you'd have to fork the damn thing to use that stuff. :F
-
southerntofu
phryk, i also hate it, but with a proper desktop/system integration, lightweight runtime, and distribution on proper package systems (appimage/guix/flatpak) i think i could actually like it
-
southerntofu
phryk, i really like what i hear, do you have a link? is everything handled via <form>s?
-
phryk
No, web platform is absolutely not on my list. I'll begrudgingly deploy converse on the XMPP service I'm currently building, but only for onboarding and fallback.
-
Link Mauve
phryk, libervia already has a Kivy frontend named Cagou.
-
southerntofu
ah sorry i thought "web" was in the "one client to rules them all" :D :D
-
Link Mauve
You may also be interested in Kaidan, doing the same but with Kirigami.
-
phryk
Yes, I have an integrated custom form system that also allows building complex, stateful applications powered by encrypted server-side sessions out of webforms.
-
Link Mauve
So far I’m not impressed on desktop, but maybe with more workforce they could become good.
-
phryk
Kirigami doesn't ring a bell. I wanted to try Kaidan on my system, but it only ever segfaulted – I thought it was KDE?
-
moparisthebest
sounds useless for e2e chat though right?
-
Link Mauve
phryk, it’s one of the KDE frameworks, targetting mobile too.
-
phryk
So KDE developed a desktop<->mobile portable GUI framework independently from Qt?
-
southerntofu
phryk, also libervia project could use some help, it's pretty cool and the maintainer has an interesting vision from what i could chat with
-
moparisthebest
server-side anything without client-side scripting is useless for e2e chat I mean
-
Link Mauve
phryk, I don’t think it’s independent on it, probably building on top of it.
-
phryk
southerntofu, https://rnd.phryk.net/phryk-evil-mad-sciences-llc/poobrains/ <- the framework
-
Link Mauve
I haven’t looked much into it, so I can’t help you more with that.
-
southerntofu
moparisthebest, it's not useless, you can build encryption by making your own user agent for those HTTP requests :)
-
phryk
Mhh, Qt is complicated because I don't know if we can depend on it to stay open/maintained or if it'll diverge from the commercial one.
-
southerntofu
encryption in the browser is the worst idea already
-
Ellenor Malik
ehh
-
phryk
X.509 is the worst idea already. :P
-
moparisthebest
sure, but at least you can do it in a real language with webasm
-
phryk
Worst. Spec. Ever.
-
southerntofu
moparisthebest, not all browsers support that, we're already trying to remove JS, without adding an even bigger attack surface :P :P
-
southerntofu
for me WASM is only useful for cross-platform applications, not on the actual WWW
-
southerntofu
it brings the good stuff of the web (HTML+CSS) on the desktop via WASI, and we can keep client-side scripting outside of the browser :)
-
southerntofu
(because of fingerprinting, sandbox escapes, rowhammer-style attacks..)
-
Link Mauve
phryk, Libervia’s Cagou is built on Python + Kivy, have a look at it, the room is at xmpp:sat@chat.jabberfr.org?join fyi.
-
Link Mauve
southerntofu, how is wasm a bigger attack surface than JS?
-
Zash
X.509 is great because it caused this to be written: https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
-
Link Mauve
It also brings neither HTML nor CSS into wasi.
-
southerntofu
Link Mauve, doesn't have to be bigger (in fact can be smaller) but it's bigger than no client-side scripting at all
-
southerntofu
Link Mauve, no but WASI + a desktop browser engine allows good cross-platform web-based UI, that's what i meant
-
Link Mauve
How is that different from a browser?
-
phryk
Zash, It also caused this to be written: https://phryk.net/article/zomgwtftls/ :P
-
phryk
(CW: language)
-
southerntofu
Link Mauve, it doesn't run random code from the internet to just display stuff
-
southerntofu
it runs an application you downloaded and vetted, hopefully through trustworthy chanels
-
Link Mauve
southerntofu, I mean, a browser engine + a wasm interpreter which has access to local stuff (wasi) is worse than a browser engine + a wasm interpreter which is restricted to HTTP resources to me.
-
Link Mauve
The former is pretty much electron.
-
Link Mauve
The latter, any standard browser.
-
southerntofu
oO? you'd rather run random code from the internet?
-
Link Mauve
I’d rather have a sandbox than none.
-
Link Mauve
Which is why I do use the web, and why I don’t use electron.
-
southerntofu
well sure you can sandbox stuff, but in my view that'd be the role of firejail/flatpak/chroot not the role of the runtime itself
-
southerntofu
also browser sandboxes are a joke, people keep on poking holes through all the time
-
phryk
> X.509 - the PDF of IT Security <- I'm still *extremely* proud of that heading. :P
-
southerntofu
personally i'd much rather run code packaged by my distro without a sandbox, than sandboxed code fro mthe internet
-
Link Mauve
Well, good for you I guess.
-
southerntofu
sure. i mean how much malware distributed through debian? vs how much malware due to browser vulns?
-
phryk
southerntofu, full ACK on that. I especially hate the implications of client-side scripting code delivered by servers being able to be different for every request. theoretically you can target by demographics or users to only *sometimes* deploy malicious code making any audit basically meaningless.
-
southerntofu
phryk, exactly! plus i recently learnt about rowhammer.js and i was like "wow is this what we have come to?"
-
phryk
When I install packages from the distro package repo (or my own one), I have strong cryptographic assurance that it hasn't been tampered with between compilation and delivery.
-
Zash
Computers bad. Grow potatoes. 🤷️
-
phryk
Heh, yeah, I still remember that ASLR-defeating exploit that worked over javascript.
-
phryk
Exactly, run GNU Hurd and bury thyself!
-
phryk
he said, running FreeBSD and being very unGNU… ^^
-
southerntofu
don't forget your GNU/shovel to resolve (`dig`) where this whole is taking you :) :)
-
phryk
I often say we should have abolished UNIX and all used Lisp machines, only half-jokingly. :P
-
southerntofu
well that is an interesting paradigm! but i'm afraid we're growing offtopic here :D
-
phryk
Aye, was thinking the same thing.
-
phryk
To get a bit more on-topic: Is the server domain alone a valid (but somehow special) JID? If so, where is that definedD?✎ -
phryk
To get a bit more on-topic: Is the server domain alone a valid (but somehow special) JID? If so, where is that defined? ✏
-
moparisthebest
All browsers support wasm, and I'd rather they only support wasm and not js
-
Zash
Yes, a bare hostname is a valid JID. XMPP-Core and/or XMPP-Addr
-
phryk
Thanks.
-
Zash
https://xmpp.org/rfcs/rfc6120.html#rfc.section.2.1 and https://xmpp.org/rfcs/rfc6122.html