XSF Discussion - 2022-01-07


  1. kurisu

    jcbrand, mjk: > Easy: just set Google as the default MUC search engine in all clients! More like, be a subproject of a project google keeps around so that it can pretend there's competition

  2. kurisu

    > Was there supposed to be a board meeting today? > An hour ago? What do you guys even do on meetings

  3. Sam

    Same thing all non-profit boards talk about: funding, putting on events, the direction of the organization, etc. :)

  4. jcbrand

    > More like, be a subproject of a project google keeps around so that it can pretend there's competition This sounds like Firefox, not Thunderbird

  5. goffi

    I have a problem with service discovery: Prosody doesn't return disco info on a bare jid if I'm not subscribed to its presence, which is the expected behaviour according to https://xmpp.org/extensions/xep-0030.html#security. But I need to know if the PEP service there handles Pubsub RSM (to access the public microblog node). How can I do that if I don't have presence subscription?

  6. goffi

    It doesn't make sense to require presence subscription to get basic informations on a public node.

  7. flow

    what's in a disco#info #items response of a bare jid anyways?

  8. MattJ

    ...PEP 😉

  9. flow

    or is it mostly meant to prevent JID harveresting?

  10. flow

    or is it mostly meant to prevent JID haveresting?

  11. goffi

    it's to prevent jid haversting

  12. goffi

    but with an open node, we just have to request the node anyway to check if the jid exists

  13. flow

    goffi, I wonder if you could't opportunistically try pep RSM and determine via the response if it's supported or not

  14. flow

    goffi, I wonder if you couldn't opportunistically try pep RSM and determine via the response if it's supported or not

  15. flow

    if it's only to prevent jid haversting, then I wonder if it isn't more or less pointless due to well-known open nodes…

  16. goffi

    flow: I could, but this is ugly and complicating the code

  17. goffi

    yes that my point

  18. goffi

    that's my point*

  19. flow

    goffi, altough, even if we would change xep30 then you may want to write that code

  20. dwd

    Hmmm. PEP and interactions with presence subscriptions has always been a bit weird.

  21. flow

    on the other hand, we could say that it's discoverable by the service's bare, i.e., localpartless, JID

  22. goffi

    flow: even if it would work around my current issue, I suspect that this presence thing is a more general problem and will hit again

  23. flow

    goffi, true, we probably should tackle this from multiple angles: fix the spec and write compatibility code

  24. dwd

    And maybe take another look at PEP's magic subscriptions while we're there.

  25. flow

    of course, as soon as one wrote robust compatiblitiy code, the incentive to fix the spec suddenly decreases ;)

  26. flow

    of course, as soon as one wrote robust compatibility code, the incentive to fix the spec suddenly decreases ;)

  27. goffi

    XEP-0030 is final, I'm not even sure how we could fix that, with a new XEP ?

  28. goffi

    I'll write something on standard@ about that

  29. dwd

    Well, that "is not otherwise trusted" in the spec gives you enough wiggle room, I think.

  30. flow

    writing a new xep every time we discover a flaw in a final one appears like our rules standing in our way

  31. dwd

    flow, Yes, I agree, but "Final" doesn't mean no changes, it means nothing that is not backwards compatible. Providing full disco#info when it had previously been deliberately hidden seems backwards compatible to me - I mean, who's relying on the existing behaviour?

  32. flow

    dwd, fair point

  33. dwd

    Also see https://xmpp.org/extensions/xep-0001.html#mods - the Council can make changes to Final just fine, and if the community objects afterward, can even reverse them.

  34. goffi

    regarding JID haversting, if all well-known PEP nodes are not open, it should not be possible to discover presence (but there are probably other means). But I think that open nodes will get more and more common with blogging and encryption public keys.

  35. goffi

    OK I've created https://github.com/xsf/xeps/pull/1145 and sent a message on standard@ about this issue, let's see where it goes.

  36. flow

    goffi, I fear you mail to standards@ still finds my spam folder :/

  37. flow

    you may want to check your mail setup

  38. mdosch

    Here they don't go to spam. Do you use a weird hoster, e.g. gmail who prefers to put all mails not coming from the big companies to spam?

  39. flow

    yes

  40. mdosch

    They are annoying. They punish selfhosting. Although my setup is good, I don't send spam, but most of the times gmail puts my emails to spam. 😡

  41. Maranda

    Isn't that, as usual, the mailing list is breaking DKIM causing Google to lower the score..?

  42. Maranda

    That has always been the case afair with all jabber.org mls

  43. kurisu

    jcbrand: > This sounds like Firefox, not Thunderbird Still same entity, Mozilla

  44. jcbrand

    kurisu: the article mentioned 3 million dollars specifically for Thunderbird, not Mozilla

  45. kurisu

    Nah Mozilla employees and directors are free to come up with whatever they want to simulate a business and not a puppet

  46. kurisu

    I could believe that firefox makes some significant sums of money by shoving spyware search engines down the users' throats, but I'd be very very hesitant to believe it covers even the cost of development, lake alone actually ends up being profitable. Now thunderbird? Noone even uses that, and who do they even partner with lmao

  47. kurisu

    I could believe that firefox makes some significant sums of money by shoving spyware search engines down the users' throats, but I'd be very very hesitant to believe it covers even the cost of development, let alone actually ends up being profitable. Now thunderbird? Noone even uses that, and who do they even partner with lmao

  48. kurisu

    I could believe that firefox makes some significant sums of money by shoving spyware search engines down the users' throats, but I'd be very very hesitant to believe it covers even the cost of development, let alone actually ends up being profitable. Now thunderbird? No one even uses that, and who do they even partner with lmao

  49. goffi

    flow: it's really weird cause I've checked with several email testing services, my DKIM, SPF and DMARC should be fine (but emails are modified by mailman, so DKIM is broken once on standard@). Also I should not be on any blacklist. I'm not sure what can I do more.

  50. goffi

    oh actually reading the log, all that have been said already :)

  51. lovetox

    kurisu, im using thunderbird on many machines, i dont even know alternatives in the space to be honest

  52. jonas’

    lovetox, kontact/kmail!

  53. Stefan

    evolution

  54. jonas’

    that duplicated half my inbox within half an hour of parallel use with thunderbird, thanks but no thanks