-
phryk
Were the XEPs for video calls and conferencing used in collaboration with the jitsi folks?✎ -
phryk
Were the XEPs for video calls and conferencing developed in collaboration with the jitsi folks? ✏
-
phryk
Good morning everyone. I finally have the first draft for the central article done and would love if people could look and see if they find anything that's wrong. I put a render of it at https://docs.phryk.net/x/X%20as%20in%20Freedom.html – the sections "Free & Open standard" and "eXtensibility" especially contains things that people here know better where I'm not sure.
-
phryk
And with that, I'm off to sleep.^^
-
phryk
SVGs might look slightly less fancy because I haven't converted texts to paths yet.
-
Menel
phryk: > Were the XEPs for video calls and conferencing developed in collaboration with the jitsi folks? Jitsi does their own thing.
-
moparisthebest
"Interop via embedding our iframe" - jitsi
-
pep.
phryk: I'm no native but isn't "dissident" pejorative? I'd use activist instead probably
-
edhelas
moparisthebest exactly :D
-
mjk
phryk: > OTR only works for direct messaging – i.e. not for chatrooms, file transfers or calls. > ::: > OpenPGP works for direct messaging as well as chatrooms, but not for file transfers or calls. It's worth reminding the context of these statements: > OTR/PGP _in XMPP, in practice_ only work for ... There's no technical reason for being unable to encrypt files or verify caller identity with those
-
mjk
And... I'm not sure there's a spec for pgp muc, is there?
-
mjk
pep.: I'm no native either, but pretty sure it's not. It only means 'one who disagrees'
-
pep.
mjk: yeah that's also what I found as a definition. Somebody in opposition to.. I'd still prefer something more positive :)
-
mjk
Well, at least 'activist' is not equivalent, one can disagree passively :D
-
pep.
It's already depressing enough to see how #&%£@ stuff around us is, it's nice when words don't add another layer :)
-
mjk
I don't disagree :))
-
pep.
phryk: also I'm not that set on p2p being the bestest. It's all about that model. p2p often leaks metadata you'd rather keep for yourself.
-
Zash
You might think that p2p means "there are no servers". This isn't accurate. Instead, everyone is a server.
-
pep.
Yeah
-
pep.
It's all about threat model*
-
edhelas
Zash maybe we should do p2p over blockchain with e2ee to solve the issue
-
Kev
Just for a somewhat native speaker's perspective just on the English side - 'dissident' does have overtones, yes.
-
Zash
!slap edhelas
-
edhelas
Zash too bad for you, you'll not be part of the next multi-billion $ startup
-
Zash
I don't wanna!
-
pep.
phryk: re anonymity I find it weird that you discard using pseudonymity to then use "true anonymity" to talk about anonymity.
-
pep.
I'm curious about the expected reader of this article. I still find it too technical. Also, reality is not as rainbow and flowers as the article describes it. But I haven't finished reading and I'll come back to it later actually. It's good that this topic is brought up though :)
-
pep.
> The body governing XMPP is the [XSF] phryk, governing is a strong word, maybe something more alongside the lines of stewardship? The XSF only defines a process to publish specs that gravitate around XMPP. Nothing prevents another entity to start publishing specs on XMPP (and some already do).
-
Zash
_That_ is the true extensibility
-
pep.
I also find the title "Free & Open standard" deceitful. To me it relates to "Free & Open source", but in the first paragraph you say free as in free beer
-
pep.
And I'm yet to see a definition for open standard. Just sounds like another word that means everything and its opposite
-
pep.
(Same in FOSS tbh)
-
Zash
How about this one: https://www.itu.int/en/ITU-T/ipr/Pages/open.aspx
-
Sam
The usual reminder that it's "Tor" not "TOR" applies
-
Sam
The backronym came later and only applies to a specific part of the project.
-
Zash
ToR
-
MattJ
#NotTheOnionRouter
-
pep.
Taking about Tor, I felt like it was name-dropped in the article. Not really explained why it's needed
-
pep.
Also I'm not sure I'd attribute a phrase such as direct democracy to the XSF :/
-
pep.
The article, still
-
pep.
phryk: maybe you want feedback in another form? I feel like there's a lot more to say, details etc.
-
moparisthebest
phryk: also pgp does allow for encrypted file sharing
-
phryk
Okay, thanks a bunch for the feedback; yreading from top to bottom (and technically supposed to be in a meeting, but boss doesn't replay): * "dissident" was chosen over "activist" for associated connotations in leftist/anarchist spaces where "activists" are often perceived to care primarily about "optics". * mjk, XEP 373 ("OX") intro states "Therefore this XEP can be used for example to implement end-to-end encrypted Multi-User Chat" – i just assumed that means usually implementations support it? * pep, I actively said P2P wasn't the "bestest" and that other factors overruled its theoretically better resilience features. this isn't clear from the current wording? * Zash, IIRC the agreed-upon terminology is that P2P neither has clients nor servers, but only peers. I mean you could've also called them sients or clervers, but that would only add to the confusion :P pep: * in a previous version of the identity compartmentalization section, i was being all anal about pseudonymity being the right term, but that doesn't reflect everyday use by normal people, so I changed it to confuse non-techies less. * I agree that it isn't "there yet" in terms of being readily digestible for non-techies. any hints on what things still need explaining would be welcome. * I think free & open are at least as well defined as most things in everyday speech – language is a mess and there's no real way around that, especially if you don't want to end up with an academic text so dry it'll make you shrivel up reading it. * non-members being able to hand in proposals is indeed a *very* good and relevant point. * good point about tor not being explained. * the direct democracy bit is supposed to refer to people being able to dictate what parts of the whole spec (as in core + extensions) is "active" or "alive" simply through their usage. this point is about community influence, not about XSF members. * moparisthebest, source plox – XEPs say no.✎ -
phryk
Okay, thanks a bunch for the feedback; reading from top to bottom (and technically supposed to be in a meeting, but boss doesn't reply): * "dissident" was chosen over "activist" for associated connotations in leftist/anarchist spaces where "activists" are often perceived to care primarily about "optics". * mjk, XEP 373 ("OX") intro states "Therefore this XEP can be used for example to implement end-to-end encrypted Multi-User Chat" – i just assumed that means usually implementations support it? * pep, I actively said P2P wasn't the "bestest" and that other factors overruled its theoretically better resilience features. this isn't clear from the current wording? * Zash, IIRC the agreed-upon terminology is that P2P neither has clients nor servers, but only peers. I mean you could've also called them sients or clervers, but that would only add to the confusion :P pep: * in a previous version of the identity compartmentalization section, i was being all anal about pseudonymity being the right term, but that doesn't reflect everyday use by normal people, so I changed it to confuse non-techies less. * I agree that it isn't "there yet" in terms of being readily digestible for non-techies. any hints on what things still need explaining would be welcome. * I think free & open are at least as well defined as most things in everyday speech – language is a mess and there's no real way around that, especially if you don't want to end up with an academic text so dry it'll make you shrivel up reading it. * non-members being able to hand in proposals is indeed a *very* good and relevant point. * good point about tor not being explained. * the direct democracy bit is supposed to refer to people being able to dictate what parts of the whole spec (as in core + extensions) is "active" or "alive" simply through their usage. this point is about community influence, not about XSF members. * moparisthebest, source plox – XEPs say no. ✏
-
pep.
The part on jitsi is slightly weird. Jitsi publishing a first version of their spec at the XSF, that later was extended and changes not pushed back into the spec. But it's not "because" some of it isn't specified that it's not usable with "normal" XMPP clients (what is normal here, "A/V" wasn't part of normal in most clients until recently). Clients could very well implement unspecified, or non-standard, or non-XSF-standard behaviour, such as Jitsi-meet's, if they wanted.
-
Zash
phryk, the point is that having clear roles and responsibilities is nice. I know which servers see the metadata of any message I send. Harder to say in dht p2p things.
-
pep.
And "clients have integrated audio and video calls with OMEMO encryption", nit as well, but (please correct me if I'm wrong), call transport isn't exactly encrypted with OMEMO, it's only that some things are verified as part of initializing the transport(?)
-
pep.
(with OMEMO)
-
Zash
You can say the same about "TLS encryption".
-
pep.
hmm possible, yes
-
Zash
Probably not very useful outside of detailed crypto system design discussions to make that kind of distinction.
-
pep.
Would you say OpenPGP encrypted calls though if it replaced OMEMO?
-
moparisthebest
phryk: send a file with Conversations and pgp turned on, you'll notice it http uploads a .pgp file
-
pep.
I guess one would.. for marketing purposes probably :/
-
pep.
istr monkeysphere, even though it's slightly different
-
phryk
pep., "say" or "through" supposed to be a different word? because i can't parse that sentence…
-
pep.
which one
-
phryk
"Would you say OpenPGP encrypted calls though if it replaced OMEMO?"
-
pep.
remove "though" and it still works
-
pep.
And you can quote "OpenPGP encrypted calls"
-
phryk
Ah, I'd probably say "PGP encrypted calls" in that case.
-
Zash
Are the messages "encrypted with OMEMO" ? No, it's likely AES or somesuch cipher
-
phryk
Zash, that's actually a good point, I can substitute "encrypted" with "secured" in a lot of places and make things more understandable for non-techies…
-
pep.
Zash, sure. I get why we say OMEMO-encrypted messages, just like we say PGP-encrypted messages. But when people say for example "OMEMO encrypted files" it feels eird.✎ -
pep.
Zash, sure. I get why we say OMEMO-encrypted messages, just like we say PGP-encrypted messages. But when people say for example "OMEMO encrypted files" it feels weird. ✏
-
pep.
As you'd use a very similar way (if not the exact same) to share file with PGP
-
Sam
It doesn't seem worth distinguishing between OMEMO for key exchange or OMEMO encrypting the actual data in a thing for users who won't even care what OMEMO is ¯\_(ツ)_/¯
-
pep.
Exactly? I would just use "encrypted"
-
Zash
Encrypted with 🦄️🎉️
-
pep.
Anyway, I did say it was a nit. Please ignore, that's far from the most important comment in the article
-
Sam
I meant "OMEMO-encrypted files" or "PGP-encrypted files" or whatever seems fine, even if it's actually only encrypting an AES key under the hood and that is being used to encrypt the actual data.
-
Sam
But I don't know the exact context; I'm just assuming it's something where you actually want to distinguish between "OMEMO is being used or PGP is being used" but don't care exactly how it's used.
-
pep.
"* non-members being able to hand in proposals is indeed a *very* good and relevant point." I think you misunderstood my comment? phryk
-
Zash
How pedantic do we wanna be today? 😀
-
jonas’
very, obviously
-
phryk
pep., okay, wanna elaborate on that?^^
-
phryk
also boss just appeared, so I'm kind of in a meeting now^^
-
pep.
That was the one on the XSF "governing" XMPP right? I was saying it's not (governing XMPP).
-
pep.
*a wild boss appears*
-
pep.
Grab your shield and sword, quick
-
Zash
The XSF is governing the XEP series, if anything.
-
pep.
*boss casts meeting*
-
pep.
aaaaahhhrrg, they got me
-
Zash
The wider XMPP ecosystem ... I mean we can _try_ but it's like herding cats.
-
pep.
Yeah no thanks. I don't think the XSF is legitimate to "govern" the wider ecosystem. It's definitely not to me as it stands
-
moparisthebest
pep., *It's dangerous to go alone! Take this.* ... *uh wtf is this?* *an XML library of course* ... *oh no*
-
pep.
*I'd rather use my **JSON LIBRARY** haha!!*
-
pep.
"It's very effective"
-
phryk
pep., no, that was about collaboration being open through membership and you pointing out that membership isn't actually required. :)
-
pep.
I don't remember saying that, but good
-
Zash
pep., and 9 months later https://xmpp.org/extensions/xep-0432.html was born
-
phryk
might've been zash :P
-
Zash
membership is mostly a legal thing for organizational reasons
-
pep.
Zash, aaarrrhhhggg, that thing turned against me!
-
pep.
phryk, my general feeling is that it's pretty thick for actualy activists. The circles I'm in are not very technical and I'm sure this wouldn't be understood
-
pep.
(Also some don't speak english, but a translation might help here)
-
pep.
In general I go with the practical things, "XMPP doesn't require a phone number", "There's a number of public servers you can use to blend in the masses", "there's not central entity" (analogy to the government we want to overthrow :))
-
pep.
And of course use Tor, etc.
- phryk starts compiling notes from feedback while waiting for the second meeting
-
emus
> analogy to the government we want to overthrow I guess that pulls in more people besides drug and weapon dealers we actually dont want. but yes, its good to not have a central instance
-
pep.
I don't understand your first sentence
-
emus
I just wanted to state that such analogies raises interest to radical people I assume few people want to encourage within their networks. Even so independent infrastructure is a thing
-
pep.
Who doesn't want to get rid of capitalism and the injustice that goes with it? :)
-
emus
offtopic
-
pep.
Sure that's a great way to cut a discussion short, but fine :)
-
pep.
I'm not sure where you discussed the reasons for this article if even just this is offtopic
-
emus
I dont see why I should discuss radical politics here now
-
MattJ
I think it's fair to say that discussions of political views and statements like "who doesn't X?" (when some people clearly do not) are off-topic here. I assume the article was posted primarily because the author is seeking review about the XMPP parts from people with XMPP experience, and this is probably the most likely place to find them. And the majority of feedback on the article has been about technical rather than political aspects, which I imagine was the intention.
-
MattJ
I can't assume everyone here is of the same political opinions, and I really don't want to spend time moderating political discussions
-
pep.
(I doubt everyone here is of the same political opinions..)
-
MattJ
Certainly
-
Zash
s/everyone here/any two people/
-
pep.
Ah I misread, I first thought you said everyone was :P
-
MattJ
If only :)
-
pep.
fwiw, there's more politics that happens in here than you think :)
-
jonas’
pep., what is the use in that statement?
-
pep.
Answering the "I don't want to spend time moderating political discussions"
-
jonas’
well if more politics is happening here than $someone thinks, it doesn't seem to require moderation *so far*. I think the statement from MattJ was meant as a foreshadowing(?), if things go farther than they have.
-
pep.
It doesn't need to because it's probably opinions the majority has (which often passes as "non-political" ..)
-
emus
Definitively, and thats good (differnet polt. views). But my gut feeling told me that if we just continue for 5 mins with this we are back to useless root discussion of how we can force people into some poltical direction with XMPP tech. I doubt thats what we are here for in the end nor have any resources. Let`s propagate the protocol and their applications in a way most people would understand and see it as useful (with the few resources we have).
-
jonas’
pep., see, excellent.
-
pep.
..
-
pep.
Dismissing different opinions 101
-
moparisthebest
XMPP is a tool, like a hammer, that can be used for good or evil, regardless of what you consider good or evil :)
-
Daniel
XMPP greatest accomplishment is to trick the majority into believing they would benefit from it
-
Zash
Playing XMPP's advocate eh?
-
pep.
moparisthebest, your tool enables TLS, why? It also speaks unicode, why not just ascii? Why is federation even an option? That's what your tool that has totally nothing to do with politics (/s) does :)
-
jonas’
pep., let's cut it here.
-
moparisthebest
I agree unicode was a mistake
-
moparisthebest
a hammer is also a poor tool for driving in screws
-
Kev
We should have just chosen a charset that can encode the 29 letters of the alphabet in one byte each, numbers, some punctuation and been done with it ;)
-
flow
but I want to write Fußball!
-
emus
Heizölrückstoßabdämpfung :-)
-
Zash
räksmörgås?
-
moparisthebest
see? no use-case at all for nonsense words like these in chat... /s
-
jonas’
🙀
-
mjk
phryk: > XEP 373 ("OX") intro states "Therefore this XEP can be used for example to implement end-to-end encrypted Multi-User Chat" – i just assumed that means usually implementations support it? Errr, _are_ there implementations of OX? Much less OX MUC? Genuine question, but I have my doubts. I humbly opine that the article should mostly talk about actual impl status rather than theoretically possible implementations :)
-
Menel
Profanity in some state?
-
mjk
Nebraska?
-
moparisthebest
:sensible_chuckle:
-
phryk
mjk, I honestly have no idea. Lemme look if I can find which XEP Conversations implements for PGP…
-
moparisthebest
phryk, it's not OX, it's https://xmpp.org/extensions/xep-0027.html
-
moparisthebest
no signing, no replay prevention etc etc
-
phryk
According to my DOAP table builder thingie, Conversations, Dino and Gajim support XEP-0027 and Gajim additionally implements XEP-373.
-
moparisthebest
if you are a dissident who the govt is after you might not want signing
-
phryk
moparisthebest, So XEP-0027 messages can be forged?
-
moparisthebest
anyone can encrypt to a key if that's what you mean
-
phryk
Ye, that's why I spelled the identity assurance part explicitly out in the article.
-
mjk
Replayed rather
-
moparisthebest
the authenticity just comes from normal xmpp guarantees (so if you have an evil server operator, those are out the window)
-
phryk
Well if a login is compromised but the pgp isn't the attacker with the login can forge messages that for the recipient are indiscernable from messages by the actual holder of the pgp key, right?✎ -
phryk
Well if a login is compromised but the pgp key isn't, the attacker with the login can forge messages that for the recipient are indiscernable from messages by the actual holder of the pgp key, right? ✏
-
moparisthebest
you don't need or use a pgp key to send a xep-0027 message
-
phryk
Yes, that's kind of the cause. You just need the recipients pubkey.
-
moparisthebest
yes
-
phryk
Just want to make sure I understand correctly. :)
-
mjk
> Gajim Right, I remembered something like that. Interestingly, I don't hear people talking about actually using it, even just testing. Weird
-
phryk
Well, the only "advantage" it really has to OMEMO is that you can have something approaching legally binding proof of identity, right? Don't see many people having a use-case for that.
-
phryk
If municipalities used XMPP for bureaucracy I could see a strong use-case, but not in the current environment.
-
mjk
> Well, the only "advantage" it really has to OMEMO is that you can have something approaching legally binding proof of identity, right? Don't see many people having a use-case for that. Makes sense✎ -
mjk
>? Don't see many people having a use-case for that. Makes sense ✏
-
phryk
mjk, your edit just gave me an *awful* idea.
-
phryk
having a bot do a marquee on their last message through continuous edits.
-
mjk
That's an actual thing...
-
phryk
This already exists? D:
-
phryk
Not sure if I should be sad or relieved…^^
-
mjk
Don't remember whether in profanity or poezio
-
mjk
Btw, does OX not provide the convenience of having the entire history encrypted with one key?
-
phryk
I would think so, but honestly haven't read the specs. :P
-
phryk
I mean, at least for devices on which you use the same key.
-
phryk
But I also assume that you could migrate OMEMO keypairs between devices and have the same result. Just haven't seen clients offering that as a feature.
-
moparisthebest
phryk, yea implementing <marquee> with last message edit was already done, Link Mauve iirc ?
-
moparisthebest
you can't migrate OMEMO keypairs actually
-
moparisthebest
you can't use the same ones on 2 different devices that is
-
phryk
And here I was, thinking I'd be doing something unspeakably offensive by implementing that. ^^
-
phryk
moparisthebest, how come?
-
moparisthebest
one of the properties of OMEMO is you can only decrypt messages once
-
Menel
I think its about the rotating keys after use. Pfs
-
phryk
Ah, nice to know, thanks for explaining.
-
mjk
Technically, you could probably clone omemo state and receive messages on all clones successfully, but the moment you try to send something, the ratchets go out of sync
-
mathieui
mjk, the marquee thing is from a poezio plugin -I wrote it, don’t hit me-
-
mjk
mathieui: it's not abuse if it's for fun!
-
mathieui
allowed us to find a some bugs in correction code, though (between unbounded message correction depth which leads to leaks, and recursion that goes further than the python limits and crashes)
-
mjk
Noice