moparisthebesthttps://github.com/BombusMod/BombusMod/issues/130#issuecomment-1034360835 wins for fastest fix (that I know of)
adiaholichas joined
uhoreghas left
homebeachhas left
Rixon 👁🗨has left
Matthewhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
jcbrandhas left
Link Mauvehas left
debaclehas left
intosihas joined
Link Mauvehas joined
adiaholichas left
adiaholichas joined
millesimushas joined
Andrzejhas left
intosihas left
xnamedhas left
վարյաhas left
վարյաhas joined
adiaholichas left
florettahas left
adiaholichas joined
Andrzejhas joined
marc0shas left
marc0shas joined
qwestionhas left
Andrzejhas left
kyemxdenhas left
Maranda[x]has left
adiaholichas left
Steve Killehas left
Kevhas left
Kevhas joined
Stevehas joined
adiaholichas joined
Titihas left
intosihas joined
վարյաhas left
վարյաhas joined
Maranda[x]has joined
Titihas joined
Maranda[x]has left
Maranda[x]has joined
adiaholichas left
intosihas left
kyemxdenhas joined
Maranda[x]has left
adiaholichas joined
davidhas left
adiaholichas left
davidhas joined
gooyahas left
adiaholichas joined
Titihas left
Maranda[x]has joined
Titihas joined
adiaholichas left
adiaholichas joined
Andrzejhas joined
intosihas joined
adiaholichas left
adiaholichas joined
Andrzejhas left
intosihas left
kyemxdenhas left
Calvinhas joined
govanifyhas left
govanifyhas joined
millesimushas left
Yagizahas joined
Calvinhas left
Thilo Molitorhas left
վարյաhas left
վարյաhas joined
qwestionhas joined
jgarthas left
intosihas joined
intosihas left
intosihas joined
govanifyhas left
neshtaxmpphas left
govanifyhas joined
neshtaxmpphas joined
neshtaxmpphas left
Menelhas joined
Andrzejhas joined
վարյաhas left
վարյաhas joined
intosihas left
intosihas joined
neshtaxmpphas joined
վարյաhas left
վարյաhas joined
Thilo Molitorhas joined
վարյաhas left
վարյաhas joined
Andrzejhas left
վարյաhas left
վարյաhas joined
jcbrandhas joined
msavoritiashas joined
msavoritiashas left
msavoritiashas joined
stphas joined
Menelhas left
Menelhas joined
ti_gj06has joined
marc0shas left
marc0shas joined
chronosx88has left
chronosx88has joined
Sevehas joined
jcbrandhas left
lovetoxhas left
lovetoxhas joined
intosihas left
eevvoorhas left
eevvoorhas joined
adiaholichas left
adiaholichas joined
intosihas joined
wladmishas left
adiaholichas left
Tobiashas joined
Andrzejhas joined
adiaholichas joined
adiaholichas left
intosihas left
intosihas joined
atomicwatchhas joined
adiaholichas joined
Andrzejhas left
emushas joined
վարյաhas left
վարյաhas joined
florettahas joined
intosihas left
adiaholichas left
pasdesushihas joined
վարյաhas left
վարյաhas joined
adiaholichas joined
emusregarding CVEs, can this be reviewed?
https://github.com/xsf/xmpp.org/pull/1007
Ge0rG?✎
emusregarding CVEs, can this be reviewed?
https://github.com/xsf/xmpp.org/pull/1001
Ge0rG? ✏
jcbrandhas joined
Titihas left
Paganinihas left
restive_monkhas left
Titihas joined
florettahas left
restive_monkhas joined
florettahas joined
dwdhas joined
Maranda[x]has left
Maranda[x]has joined
adiaholichas left
wurstsalathas joined
adiaholichas joined
վարյաhas left
վարյաhas joined
dwdhas left
adiaholichas left
tykaynhas joined
intosihas joined
lovetoxhas left
adiaholichas joined
florettahas left
florettahas joined
intosihas left
marc0shas left
marc0shas joined
lskdjfhas joined
marc0shas left
marc0shas joined
lovetoxhas joined
Titihas left
florettahas left
druthidhas left
edhelasMovim is not using _xmppconnect and not connecting using BOSH or WS, just for you to know
edhelasSo I shoudn't be affected
druthidhas joined
intosihas joined
debaclehas joined
jonas’moparisthebest, *raises hat* good find
jonas’I did not realize this despite looking into _xmppconnect more closely for xmppnetv2
jonas’I do not like that the result is more HTTP though.
jonas’but that's, for once, not your fault :)
ti_gj06has left
lskdjfhas left
վարյաhas left
florettahas joined
harry837374884has left
neshtaxmpphas left
neshtaxmpphas joined
harry837374884has joined
florettahas left
dwdhas joined
Mikaelahas joined
adiaholichas left
debaclehas left
debaclehas joined
dan.caseleyhas left
dan.caseleyhas joined
florettahas joined
adiaholichas joined
Menelhas left
adiaholichas left
ti_gj06has joined
adiaholichas joined
adiaholichas left
Alexhas joined
Ge0rGhas left
junaidhas left
junaidhas joined
emushas left
adiaholichas joined
Andrzejhas joined
Ge0rGhas joined
adiaholichas left
dwdhas left
adiaholichas joined
Ge0rGhas left
Ge0rGhas joined
Alexhas left
Alexhas joined
goffihas joined
adiaholichas left
adiaholichas joined
emushas joined
debaclehas left
debaclehas joined
Dele Olajidehas joined
Dele Olajidehas left
Dele Olajidehas joined
debaclehas left
debaclehas joined
վարյաhas joined
ti_gj06has left
վարյաhas left
վարյաhas joined
Andrzejhas left
debaclehas left
debaclehas joined
Dele Olajidehas left
Dele Olajidehas joined
Titihas joined
adiaholichas left
marc0shas left
marc0shas joined
dan.caseleyhas left
dan.caseleyhas joined
kyemxdenhas joined
Dele Olajidehas left
marc0shas left
marc0shas joined
վարյաhas left
վարյաhas joined
Guushas joined
Dele Olajidehas joined
ti_gj06has joined
argentumhas left
Alexhas left
Alexhas joined
Stevehas left
Stevehas joined
Stevehas left
Stevehas joined
Dele Olajidehas left
վարյաhas left
huhnhas joined
Dele Olajidehas joined
Rixon 👁🗨has left
homebeachhas left
Matthewhas left
Half-Shothas left
uhoreghas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
Dele Olajidehas left
Dele Olajidehas joined
lskdjfhas joined
վարյաhas joined
Andrzejhas joined
harry837374884has left
Dele Olajidehas left
adiaholichas joined
Dele Olajidehas joined
Andrzejhas left
Andrzejhas joined
վարյաhas left
վարյաhas joined
Menelhas joined
harry837374884has joined
վարյաhas left
վարյաhas joined
Link Mauveemus, where is that 404 page used? I get the regular nginx page on unknown pages. :(
emushttps://github.com/xsf/xmpp.org/pull/1001
emusdunno whats not working
Link MauveYes, the 404 page from this PR.
Link MauveI didn’t even know we had one.
emuscan you review for pr 1001
wurstsalatLink Mauve, it's a standard page from the default theme (not used atm)
Link MauveOh, I see, thanks. :)
marc0shas left
marc0shas joined
millesimushas joined
pasdesushihas left
pasdesushihas joined
beanhas joined
Wojtekhas joined
adiaholichas left
adiaholichas joined
florettahas left
florettahas joined
adiaholichas left
alacerhas left
qwestionhas left
qwestionhas joined
debaclehas left
debaclehas joined
adiaholichas joined
karoshihas joined
alacerhas joined
harry837374884has left
harry837374884has joined
restive_monkhas left
Neustradamushas left
millesimushas left
Neustradamushas joined
debaclehas left
stphas left
robertooohas left
robertooohas joined
millesimushas joined
robertooohas left
marc0shas left
harry837374884has left
marc0shas joined
restive_monkhas joined
stphas joined
Andrzejhas left
Andrzejhas joined
alacerhas left
alacerhas joined
intosihas left
intosihas joined
Wojtekhas left
Wojtekhas joined
lskdjfhas left
lskdjfhas joined
intosihas left
intosihas joined
lskdjfhas left
lskdjfhas joined
lskdjfhas left
lskdjfhas joined
lskdjfhas left
lskdjfhas joined
djorzhas joined
harry837374884has joined
djorzhas left
adiaholichas left
lskdjfhas left
lskdjfhas joined
adiaholichas joined
florettahas left
alacerhas left
ti_gj06has left
florettahas joined
ti_gj06has joined
qwestionhas left
adiaholichas left
adiaholichas joined
rafasaurushas left
rafasaurushas joined
Link Mauvelarma, in XEP-0446, why did you go for @dimensions (width"x"height) instead of the more common @width and @height?
phrykhas left
ti_gj06has left
govanifyhas left
govanifyhas joined
HolgerI'm late to the _xmppconnect party, and not into JavaScript. I was assuming the browser wouldn't even permit DNS queries (and that .well-known was invented for this reason). So that's not true?
inkyhas joined
ZashDoH to the "rescue" ?
uhoreghas left
homebeachhas left
Matthewhas left
Rixon 👁🗨has left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
ZashBut you can use JavaScript outside of browsers, e.g. with FirefoxOS and such, which may have both raw TCP sockets and real DNS APIs
uhoreghas left
homebeachhas left
Matthewhas left
Rixon 👁🗨has left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
HolgerWell sure, plus you can obviously use WebSocket outside of JavaScript, but then why wouldn't I be able to verify the certificate just as with plain TCP (non-WebSocket) access?
MattJWhich certificate would you verify?
MattJJS is even more limited in this regard
MattJIf you make a request to https://evil.com/http-bind, the browser will naturally just verify the cert is for evil.com
HolgerAh. So the issue is about the combinartion "WebSocket with JavaScript outside the browser (i.e. Node.js)"?
MattJJavascript isn't relevant to the issue at all, really
MattJAny client that uses the DNS lookup to obtain this info is using an insecure protocol to obtain connection info
HolgerAs I said my (mis?)understanding was that querying TXT records from within the browser wasn't even possible in the first place.
ZashYou're receiving a connection endpoint over an insecure channel, you must not allow it to alter the identifier you compare the certificate to.
MattJThat's usually *not* JS stuff, because they use the HTTPS discovery alternative instead
HolgerSure.
MattJSo most/all JS clients are probably unaffected
wgreenhousehas left
ZashUnless they somehow do http:///.well-know ...
MattJThat would be more work, and typically blocked by browsers these days afaik
MattJ(if the script itself is loaded over https:// )
HolgerI'm definitely missing something :-)
ZashHolger, this affects desktop clients doing _xmppconnect TXT lookups
Zashe.g. Pidgin will automatically pick up on _xmppconnect and connect over BOSH
alacerhas joined
MattJHolger, '156 defines two methods of advertisement: DNS and HTTPS. Everything using DNS is insecure.
HolgerHow's their situation different from desktop clients performing an SRV lookup?
Zash(unless DNSSEC ... 😭️)
HolgerWell. Gajim uses DNS.
MattJBecause when you do SRV lookup you verify the cert against the original domain
Zash(also modulo DNSSEC)
HolgerYes.
MattJYou know you want to connect to "example.com", so when SRV tells you to connect to xmpp.evil.com, you verify you get a cert for 'example.com' still
HolgerMy question remains, why can't the desktop client perform an _xmppconnect lookup, connect over BOSH, and verify the cert against the original domain.
MattJ(for the purposes of this whole discussion, DNSSEC doesn't exist)
MattJIt could
MattJSo it could connect to https://evil.com/ and expect it to serve a cert for example.com instead?
HolgerThat's what I would've assumed, sure.
MattJThis is a very unusual configuration in the web world, and would require some hoops to jump through to set up
ZashProbably tricky to convince every HTTPS library to do taht✎
ZashProbably tricky to convince every HTTPS library to do that ✏
MattJBut yes, if you did it that way it would not be insecure
ZashNSS supposedly made it impossible (which ruled out SRV records even)
MattJBut everyone just grabs the URL and passes it to their HTTP stack
HolgerOh so the issue is server-side. I hadn't thought of that.
uhoreghas left
homebeachhas left
Matthewhas left
Rixon 👁🗨has left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
HolgerOk yes plus maybe client-side HTTP library APIs. I see.
MattJI'm pretty sure if you serve a BOSH URL of https://evil.com/ with a cert of https://example.com/ 100% of everything is going to break trying to load that URL
MattJas it should, really
MattJIn the past when implementing '156 for something, I did verify that the domain of the endpoint was the same as the XMPP domain, otherwise ignore it
intosihas left
intosihas joined
HolgerI see.
Menelhas left
Menelhas joined
ZashMattJ, I would imagine that you were the only one
ZashOh, you mean for xmpp:example.com assert https://example.com/* ?
MattJKudos to moparisthebest for... actually doing something :P
adiaholichas left
kyemxdenhas joined
rq77has joined
ti_gj06has joined
Calvinhas joined
adiaholichas joined
millesimushas left
adiaholichas left
Calvinhas left
Dele Olajidehas left
adiaholichas joined
leochiuhas joined
Paganinihas joined
alacerhas left
alacerhas joined
Menelhas left
dwdhas left
adiaholichas left
Calvinhas joined
adiaholichas joined
millesimushas joined
Link Mauvelarma, you mention “Hash the resulting string using the algorithm choosen for the sticker pack.” in XEP-0449, does it mean you want to allow only a single hash, instead of the usual hash agility thingy?
Link MauveWould XEP-0103 also be useful to distribute cid: URIs? I wouldn’t expect so.
Link MauveBut if not, should we create another XEP for shipping stickers that way?
adiaholichas left
florettahas left
bunghas joined
restive_monkhas left
adiaholichas joined
ti_gj06has left
florettahas joined
moparisthebestit mainly annoys me that I must have read '156 multiple dozens of times, and fully implemented and end-to-end tested websocket support, and only noticed it during some light refactoring before the final push https://github.com/moparisthebest/xmpp-proxy/blob/master/src/srv.rs#L77
restive_monkhas joined
moparisthebestand it's surprisingly bad because even though a client does all *other* starttls/tls validation correctly, this is all it takes, an attacker can just block those and force a connection over websocket to gain mitm
xnamedhas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
pjnhas joined
Link MauveThe hashing algorithm in XEP-0449 isn’t clear, especially around hashes.
Link MauveShould I encode the bytes of the hash, or its base64 representation?
Link MauveI’d rather the former, as it is what gets out of my parser.
Link MauveHaving a complete example like in XEP-0390 would be useful.
matkorhas left
matkorhas joined
xnamedhas left
larmaLink Mauve,
- re dimensions: The reason was, originally, that the field shouldn't require exactly 2 dimensions, although the description indeed now reads like that. Maybe width and height would indeed be easier in practice.
- re hash: the ID needs to be one ID. I guess if you put two hashes on the pack, you can pick any of the two as your hash for ID generation
- re cid: I don't think 0103 is a good fit for cid uris. I also don't really see the need and future for cid URIs anyway. Instead just use Jingle with IBB which is effectively the same functionality just that the payload doesn't need to fit in one stanza.
Link Mauvelarma, other dimensions, such as for a 3D sticker for instance?
larma446 is for any kind of file, not just stickers. But yes, 3d stickers
jonas’what about non-spatial dimensions?
Link MauveAh right, I forgot the part where the ID is also truncated and reused for the id.
Link MauveWhy is it truncated btw?
Link MauveIn XEP-0084 it isn’t for instance.
larmajonas’, I think 3d is not far off reality. You could already want to transfer 3d object files which also have dimensions.
Wojtekhas left
Andrzejhas left
Andrzejhas joined
Link Mauvelarma, the idea about cid: was to be compatible with existing clients, like Movim.
marc0shas left
marc0shas joined
Dele Olajidehas joined
Link Mauvelarma, what about cube map textures?!
Link MauveHow do you encode each of the six sides?
marc0shas left
marc0shas joined
larmaThat's up for future specification 😉
Link Mauvelarma, I made https://github.com/xsf/xeps/pull/1160 and https://github.com/xsf/xeps/pull/1161 fyi.
larmaDoes Movim not support http file uris or jingle ibb?
Link MauveNot for stickers AIUI.
robertooohas joined
Link Mauveedhelas, ↑
Wojtekhas joined
xnamedhas joined
larmaSo... A sticker is an image file transferred via BoB where an image file transferred via http/jingle is not?✎
larmaSo... A sticker is an image file transferred via BoB when an image file transferred via http/jingle is not? ✏
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
edhelasMovim stickers are cid:
pjnhas left
marc0shas left
pjnhas joined
marc0shas joined
edhelasyou can always send a link and Movim will resolve it
edhelasbut it's not a sticker "for me", just an image
Dele Olajidehas left
edhelasI also support SIMS
BASSGODhas left
edhelashttps://xmpp.org/extensions/xep-0385.html
edhelasbut also as an "'attached image"
marc0shas left
marc0shas joined
larmaSo the only way to send a sticker to Movim is to send cid via <img> in deprecated XHTML-IM?
adiaholichas left
moparisthebest> "This problem will go away in the distant future when DNSSEC is more readily available" -- 2011
this is one of the saddest things I've ever read :'(
Link MauveLet’s undeprecate XHTML-IM.
larmaOr not use XHTML-IM for stickers?
larma<sticker xmlns="custom" uri="cid:bla" /> would have worked as well, no?
edhelasMovim doesn't support XHTML-IM, only the cid: :p
Link MauveRe 0446, it’s always been weird to me even back when it was called 0234 to have various metadata about specific file types.
alacerhas left
Link MauveWhy dimensions and length, and not number of words in the epub, or target hardware for a video game?
Link MauveFilesystems don’t usually provide this kind of information, so the sender would have to parse the file.
Link MauveThat is optional, but it still seems like feature creep to me.
edhelasLink Mauve yup, I don't trust the info :p
Andrzejhas left
BASSGODhas joined
Link MauveIt’s not about trust or not, it’s about whether or not it makes sense in file metadata.
ti_gj06has joined
larmaLink Mauve, the hashes and values in the example 1 of xep 0449 are actual real values, and apparently I took the file hash as base64 string. You can't use bytes directly because bytes could include 0x1F.
larmaAlso regarding dimensions: It's so that you can display a sensible placeholder in correct size before fetching the file
ZashBut why as one complex attribute instead of two simple integer ones?
larmaAnd length is so that you can display also that for audio and video before fetching the file, it's what most other chat systems do as well
Link MauveOh, with the <!-- ... --> I thought it wasn’t complete.
adiaholichas left
moparisthebestparse the images they said, it'll be fun easy and safe they said... https://www.kuow.org/stories/we-didn-t-mean-to-ruin-your-mazda-s-stereo
Link MauveBut then I can only test whether I get the correct result or not, not see where I did something wrong like with XEP-0390.
marc0shas left
larmaZash, I agree that this would be a sensible option if we only have 2d images/videos in mind (and honestly, that's what we have right now, so probably better to not overengineer here)
Link Mauvemoparisthebest, an image of the system, aka an update, right?
Link MauveNot an image with pixels.
marc0shas joined
moparisthebestLink Mauve, no, literally an image with pixels
Link Mauvelarma, ok, so I have to reencode to base64.
ZashWait what?
Andrzejhas joined
APachhas joined
bunghas left
marc0shas left
marc0shas joined
mjkThe image placeholders in GUIs are usually 2D because our screens usually too... But then again, the sender shouldn't dictate how their cube of 3D MIP-mapped images shall be projected on the receiver's sceen
moparisthebestLink Mauve, more technical article https://www.theregister.com/2022/02/10/mazda_radios_images/
Link Mauvemjk, skyboxes in video games have been cube maps for about as long as 3D hardware has existed.
mjkWith the above I mean: don't limit metadata to WxH, leave space for extensibility :)
mjkLink Mauve: Er. Yes. And? :))
larmaLink Mauve, `summary\x1fen\x1fBe cute or be cynical, this little kitten works both ways.\x1ename\x1fen\x1fMarsey the Cat\x1e\x1c👍\x1esha-256\x1f0AdP8lJOWJrugSKOIAqfEKqFatIpG5JBCjjxY253ojQ=\x1f\x1e\x1d😘\x1esha-256\x1fgw+6xdCgOcvCYSKuQNrXH33lV9NMzuDf/s0huByCDsY=\x1f\x1e\x1d\x1c` is the bytes for the sticker pack in example 1 which hash to the hash given in the Example. For reference, the two image files are https://larma.de/xeps/xep-0449-1.png and https://larma.de/xeps/xep-0449-2.png
mjkI'm well-versed in my skyboxes :p
Link MauveThanks!
rq77has left
Link Mauvelarma, I couldn’t have guessed @xml:lang was "en". :)
Link MauveI default to "" if it isn’t set, in xmpp-parsers.
florettahas left
florettahas joined
ZashMy 5D chess videos!
Link Mauve“Join the resulting octet strings together, ordered from lesser to greater.”, isn’t summary > name here?
Link MauveIn your example it’s in the other way.
chronosx88has left
chronosx88has joined
jgarthas joined
karoshihas left
marc0shas left
marc0shas joined
վարյաhas left
վարյաhas joined
Rixon 👁🗨has left
homebeachhas left
uhoreghas left
Matthewhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
wladmishas joined
emushas left
Andrzejhas left
neshtaxmpphas left
neshtaxmpphas joined
Andrzejhas joined
adiaholichas joined
eevvoorhas left
karoshihas joined
me9has joined
Guushas left
gooyahas left
gooyahas joined
reimarhas joined
larmaMeh, yeah, you're right. The field was named desc once and when I renamed it I forgot to reorder that part
guus.der.kinderenhas left
guus.der.kinderenhas joined
stphas left
pjnhas left
pjnhas joined
adiaholichas left
argentumhas joined
Wojtekhas left
adiaholichas joined
adiaholichas left
Menelhas joined
adiaholichas joined
beanhas left
u70jfzo5eyeb468b9ohas left
u70jfzo5eyeb468b9ohas joined
Wojtekhas joined
leochiuhas left
djorzhas joined
վարյաhas left
վարյաhas joined
Link Mauvelarma, fyi you’re also missing a \x1f after the content of the name and summary fields.
djorzhas left
Link MauveWith this one fix, I’m now compatible with your hash!
վարյաhas left
վարյաhas joined
KevThis one simple fix to your hash doctors don't want you to know.
debaclehas joined
larmaI remember there was some issue with the hash as well, have to double check my notes from back then
Menelhas left
Link MauveAlso, the desc should probably take one \x1f after, as this is done for every single other field.
marc0shas left
marc0shas joined
pjnhas left
pjnhas joined
pjnhas left
pjnhas joined
debaclehas left
dwdhas joined
Menelhas joined
Link MauveRe section 4.2, I think it would make sense for backwards compatibility to include the image as oob.
pjnhas left
pjnhas joined
djorzhas joined
ralphmbangs gavel
jcbrandhi
ralphm0. Welcome
ralphmHi! Who do we have?
վարյաhas left
jcbrandMattJ?
jcbrandLooks like arc is not here
gooyahas left
adiaholichas left
gooyahas joined
Dele Olajidehas joined
beanhas joined
ralphmunbangs gavel
pjnhas left
pjnhas joined
jgarthas left
վարյաhas joined
stphas joined
adiaholichas joined
gooyahas left
gooyahas joined
pjnhas left
pjnhas joined
archas joined
adiaholichas left
arcWe really need to get ourselves better organized
paulhas left
intosihas left
intosihas joined
dwdhas left
Andrzejhas left
debaclehas joined
govanifyhas left
govanifyhas joined
Link MauveThe recommendation to use XEP-0363 for hosting the stickers, in section 4.4, is going to crash pretty quickly with real world server configurations, where the ttl of such a file might be just one week.
intosihas left
intosihas joined
ZashAlso remember Daniel mentioning that in the context of avatars
Link MauveThankfully avatars are still mostly served in-band.
ZashSince you can't put them in http upload because they expire
Link MauveLet’s keep it like that then. :D
moparisthebests/thankfully/unfortunately/
moparisthebestAvatars are pretty much the only reason stanza size limits are exceeded
Link MauveIf someone wants to hammer me with a 1 MiB avatar, I’d rather their connection get closed.
moparisthebestIt's more of an s2s problem
moparisthebestLike the person in this room who had the massive avatar
ZashOn that topic, can we replace XEP-0153 with micro-images instead? (think blurhash)
Zashmoparisthebest, Link Mauve, with their INFINITE avatar?
ZashNote for the archives: Link Mauve has an SVG avatar
moparisthebestThat would be fun, unfortunately (for the "fun") most servers have implemented sane stanza size limits by now?
djorzhas left
ZashPeek at server logs and look for s2s collapses
Link MauveMy avatar isn’t infinite, it is just the size you want. :)
Link MauveAny size you want.
ti_gj06has left
ti_gj06has joined
uhoreghas left
Rixon 👁🗨has left
homebeachhas left
Matthewhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
marc0shas left
marc0shas joined
ti_gj06has left
ti_gj06has joined
intosihas left
intosihas joined
alacerhas left
jgarthas joined
Andrzejhas joined
moparisthebestLink Mauve doesn't have an avatar at all for me, or it's infinitely small, I'll never know
ZashMulti-format/multi-resolution avatars when?
qwestionhas joined
adiaholichas joined
Zashmoparisthebest, you can still have fun if you find someone with even lower stanza size limits than everyone else
ZashWhen will I finish that path MTU XEP?
Stevehas left
ZashSrsly tho, squeeze avatars into the size of a hash and use that instead of a hash of the actual profile image!
restive_monkhas left
moparisthebestIs that spec/code free?
archas left
archas joined
ZashCan you send one 8x8 block of JPEG?
ZashAnd like, remove the redundant parts
Zashie the "this is an 8x8 px JPEG" part
ZashSomeone suggested doing that instead of blurhash previously
ZashIt was larma, https://logs.xmpp.org/xsf/2020-11-22?p=h#2020-11-22-ea01a0735a4bc25e
qwestionhas left
paulhas joined
Zashor?
archas left
archas joined
Zashupscaled PNG something something
larmaI'd suggest to go for even smaller, like 3x2 PX. And then you're better of to use a very simple image format (think bmp or the likes)
larmaAnd yeah, then just upscale them in a blurry way
larmaWould be even better to use image formats that are good in supporting low color depth, because you also don't really need that
Link MauveUse a single chunk of BC7, this is 16 bytes, and it is supported by every GPU.
Link MauveUsing exactly one quarter of the size it would be in RGBA8888.
Stevehas joined
ZashMaybe take a bit or two to mean "circle, rounded corners, square, ????"
Link MauveThe downside is that it only supports multiples of 4×4, so 3×2 wouldn’t be any smaller.
Link MauveI recently wrote an implementation of BC7 and it was pretty fun.
Link Mauve(A software implementation.)
Zashin poezio when?
Link Mauve:D
Link MauveZash, the Genshin Impact stickers actually come from this decoder. :)
intosihas left
intosihas joined
Link MauveSince in the game data they are stored in BC7.
COM8has joined
Link MauvePNG often compresses more, these stickers.
Link MauveNot for all of them.
ZashAcquire some Unicode madness and render avatars in group chat views in like 2x3 pixels!
COM8has left
COM8has joined
COM8has left
COM8has joined
me9has left
COM8has left
larmaActually, I like the idea to use BC7. We just need a mime type for "single bc7 chunk"
COM8has joined
COM8has left
Dele Olajidehas left
Link MauveAt 8×8, in base64, we have an image of higher quality than blurhash, for the exact same size.
Vidakhas left
mhhas left
mhhas joined
larmaand yeah, it only doing 4x4 is a bit problematic, when you think of images that are rather wide, like 21:9 resolutions
ZashProfile images are all square so that's not a problem 🙂
Zashbut you're also thinking of previews for file transfers?
larmayes, mostly thinking about those
Link Mauvelarma, you can always put in the metadata that it actually is 4×3, and the recipient client will crop out the last line of pixels.
Link MauveWe already have XEP-0264 for that though.
harry837374884has left
adiaholichas left
adiaholichas joined
larmayes, but those use URIs which either is a BoB cid (requiring sender to be online at time of recipient wanting to fetch the thumbnail) or an external http uri (in which case I can just fetch the real thing and hope that it is encoded in a way that would allow to render early)
larmaIt could be a data uri if we agree on a file format for those
Link MauveReminds me to check for AVIF support of embedded thumbnails.
Link MauveIt was annoyingly not part of the first specification.
intosihas left
intosihas joined
mjk> Maybe take a bit or two to mean "circle, rounded corners, square, ????"
3D! We also need to think about three-dimensional avatars and how to round them
Zash"circle, rounded corners, square, you need more bits"
mjkright
djorzhas joined
Zashlet's just do 1D avatars
MattJI've seen discussion of star-shaped avatars for Conversations 3.0
Zashor nD? how many dimension should you curl up the string of pixels into?
mjk> let's just do 1D avatars
that's... like... `alt`?
adiaholichas left
adiaholichas joined
emushas joined
mhhas left
adiaholichas left
adiaholichas joined
վարյաhas left
վարյաhas joined
adiaholichas left
dwdhas joined
gooyahas left
gooyahas joined
archas left
archas joined
papatutuwawahas joined
emushas left
Link MauveI’ve tried to associate emoji to the various stickers I’ve used today, but it’s pretty hard.
Link MauveIs it just me, or is it not fully doable?
ZashIsn't that the point?
Link MauveSure, but then the <desc/> might not really be usable.
Link MauveA proper description (what I’d put in an @alt text) would be better imo.
rafasaurushas left
adiaholichas joined
Link Mauvelarma, for the next version of XEP-0449, it would be very nice to have format agility too.
Link MauveSince (as moparisthebest exhibited) not every client supports SVG yet, it would be sensible to provide an AVIF fallback.
Link MauveAnd perhaps even resolution agility, since not everyone needs a 512×512 Marsay the Cat.
Link MauvePerhaps using multiple <file/> elements? But then the sources don’t match any longer…
larmaLink Mauve, format agility and not using <desc/> is also on the to do already (was discussed on standards@ IIRC)
adiaholichas left
Link MauveOh.
larmaI just didn't have a lot of time recently (did I mention we have video conferences in Dino :D)
Link Mauve(Yes! <3)
Link MauveThere should be a TODO section in experimental XEPs!
Link MauveSo that we wouldn’t give feedback you already have thought about. :)
archas left
archas joined
rafasaurushas joined
ZashAren't ProtoXEPs with TODO sections rejected?
Link MauveAre they?
Link MauveMake it “future work” then.
emushas joined
millesimushas left
harry837374884has joined
archas left
archas joined
ti_gj06has left
adiaholichas joined
Vidakhas joined
Wojtekhas left
adiaholichas left
millesimushas joined
dwdhas left
robertooohas left
robertooohas joined
moparisthebestTODO is short for "this will never be done ever" right ?
djorzhas left
adiaholichas joined
archas left
archas joined
djorzhas joined
msavoritiashas left
intosihas left
msavoritiashas joined
intosihas joined
adiaholichas left
archas left
archas joined
florettahas left
florettahas joined
norkkihas joined
norkkihas left
archas left
archas joined
msavoritiashas left
msavoritiashas joined
millesimushas left
adiaholichas joined
ti_gj06has joined
intosihas left
intosihas joined
Rixon 👁🗨has left
homebeachhas left
Matthewhas left
uhoreghas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
adiaholichas left
gooyahas left
intosihas left
intosihas joined
gooyahas joined
gooyahas left
gooyahas joined
ti_gj06has left
archas left
archas joined
xnamedhas left
intosihas left
intosihas joined
marc0shas left
marc0shas joined
archas left
archas joined
sonnyhas left
emusKev, would you mind to join the GSoC muc to discuss or give your input on the task discussion? So asking for your GSoC experiences if you want to contribute to the discussion