XSF Discussion - 2022-01-07

jcbrand, mjk: > Easy: just set Google as the default MUC search engine in all clients! More like, be a subproject of a project google keeps around so that it can pretend there's competition

> Was there supposed to be a board meeting today? > An hour ago? What do you guys even do on meetings

Same thing all non-profit boards talk about: funding, putting on events, the direction of the organization, etc. :)

> More like, be a subproject of a project google keeps around so that it can pretend there's competition This sounds like Firefox, not Thunderbird

I have a problem with service discovery: Prosody doesn't return disco info on a bare jid if I'm not subscribed to its presence, which is the expected behaviour according to https://xmpp.org/extensions/xep-0030.html#security. But I need to know if the PEP service there handles Pubsub RSM (to access the public microblog node). How can I do that if I don't have presence subscription?

It doesn't make sense to require presence subscription to get basic informations on a public node.

what's in a disco#info #items response of a bare jid anyways?

...PEP 😉

or is it mostly meant to prevent JID haveresting? ✏

it's to prevent jid haversting

but with an open node, we just have to request the node anyway to check if the jid exists

goffi, I wonder if you couldn't opportunistically try pep RSM and determine via the response if it's supported or not ✏

if it's only to prevent jid haversting, then I wonder if it isn't more or less pointless due to well-known open nodes…

flow: I could, but this is ugly and complicating the code

yes that my point

that's my point*

goffi, altough, even if we would change xep30 then you may want to write that code

Hmmm. PEP and interactions with presence subscriptions has always been a bit weird.

on the other hand, we could say that it's discoverable by the service's bare, i.e., localpartless, JID

flow: even if it would work around my current issue, I suspect that this presence thing is a more general problem and will hit again

goffi, true, we probably should tackle this from multiple angles: fix the spec and write compatibility code

And maybe take another look at PEP's magic subscriptions while we're there.

of course, as soon as one wrote robust compatibility code, the incentive to fix the spec suddenly decreases ;) ✏

XEP-0030 is final, I'm not even sure how we could fix that, with a new XEP ?

I'll write something on standard@ about that

Well, that "is not otherwise trusted" in the spec gives you enough wiggle room, I think.

writing a new xep every time we discover a flaw in a final one appears like our rules standing in our way

flow, Yes, I agree, but "Final" doesn't mean no changes, it means nothing that is not backwards compatible. Providing full disco#info when it had previously been deliberately hidden seems backwards compatible to me - I mean, who's relying on the existing behaviour?

dwd, fair point

Also see https://xmpp.org/extensions/xep-0001.html#mods - the Council can make changes to Final just fine, and if the community objects afterward, can even reverse them.

regarding JID haversting, if all well-known PEP nodes are not open, it should not be possible to discover presence (but there are probably other means). But I think that open nodes will get more and more common with blogging and encryption public keys.

OK I've created https://github.com/xsf/xeps/pull/1145 and sent a message on standard@ about this issue, let's see where it goes.

goffi, I fear you mail to standards@ still finds my spam folder :/

you may want to check your mail setup

Here they don't go to spam. Do you use a weird hoster, e.g. gmail who prefers to put all mails not coming from the big companies to spam?

yes

They are annoying. They punish selfhosting. Although my setup is good, I don't send spam, but most of the times gmail puts my emails to spam. 😡

Isn't that, as usual, the mailing list is breaking DKIM causing Google to lower the score..?

That has always been the case afair with all jabber.org mls

jcbrand: > This sounds like Firefox, not Thunderbird Still same entity, Mozilla

kurisu: the article mentioned 3 million dollars specifically for Thunderbird, not Mozilla

Nah Mozilla employees and directors are free to come up with whatever they want to simulate a business and not a puppet

I could believe that firefox makes some significant sums of money by shoving spyware search engines down the users' throats, but I'd be very very hesitant to believe it covers even the cost of development, let alone actually ends up being profitable. Now thunderbird? Noone even uses that, and who do they even partner with lmao ✏

I could believe that firefox makes some significant sums of money by shoving spyware search engines down the users' throats, but I'd be very very hesitant to believe it covers even the cost of development, let alone actually ends up being profitable. Now thunderbird? No one even uses that, and who do they even partner with lmao ✏

flow: it's really weird cause I've checked with several email testing services, my DKIM, SPF and DMARC should be fine (but emails are modified by mailman, so DKIM is broken once on standard@). Also I should not be on any blacklist. I'm not sure what can I do more.

oh actually reading the log, all that have been said already :)

kurisu, im using thunderbird on many machines, i dont even know alternatives in the space to be honest

lovetox, kontact/kmail!

evolution

that duplicated half my inbox within half an hour of parallel use with thunderbird, thanks but no thanks