XSF Discussion - 2022-02-10

  1. Maranda has left

  2. Mjolnir Archon has left

  3. daags has left

  4. floretta has left

  5. floretta has joined

  6. intosi has left

  7. adiaholic has left

  8. Andrzej has joined

  9. adiaholic has joined

  10. Neustradamus

    moparisthebest: Good job!

  11. djorz has joined

  12. djorz has left

  13. neshtaxmpp has left

  14. stp has left

  15. adiaholic has left

  16. Andrzej has left

  17. adiaholic has joined

  18. intosi has joined

  19. lskdjf has joined

  20. adiaholic has left

  21. Seve has left

  22. Titi has left

  23. adiaholic has joined

  24. Mjolnir Archon has joined

  25. Maranda has joined

  26. floretta has left

  27. Titi has joined

  28. intosi has left

  29. adiaholic has left

  30. floretta has joined

  31. adiaholic has joined

  32. Titi has left

  33. Titi has joined

  34. restive_monk has joined

  35. Andrzej has joined

  36. neshtaxmpp has joined

  37. adiaholic has left

  38. jcbrand has joined

  39. lskdjf has left

  40. floretta has left

  41. floretta has joined

  42. moparisthebest

    https://github.com/BombusMod/BombusMod/issues/130#issuecomment-1034360835 wins for fastest fix (that I know of)

  43. adiaholic has joined

  44. uhoreg has left

  45. homebeach has left

  46. Rixon 👁🗨 has left

  47. Matthew has left

  48. Half-Shot has left

  49. Half-Shot has joined

  50. Matthew has joined

  51. Rixon 👁🗨 has joined

  52. uhoreg has joined

  53. homebeach has joined

  54. jcbrand has left

  55. Link Mauve has left

  56. debacle has left

  57. intosi has joined

  58. Link Mauve has joined

  59. adiaholic has left

  60. adiaholic has joined

  61. millesimus has joined

  62. Andrzej has left

  63. intosi has left

  64. xnamed has left

  65. վարյա has left

  66. վարյա has joined

  67. adiaholic has left

  68. floretta has left

  69. adiaholic has joined

  70. Andrzej has joined

  71. marc0s has left

  72. marc0s has joined

  73. qwestion has left

  74. Andrzej has left

  75. kyemxden has left

  76. Maranda[x] has left

  77. adiaholic has left

  78. Steve Kille has left

  79. Kev has left

  80. Kev has joined

  81. Steve has joined

  82. adiaholic has joined

  83. Titi has left

  84. intosi has joined

  85. վարյա has left

  86. վարյա has joined

  87. Maranda[x] has joined

  88. Titi has joined

  89. Maranda[x] has left

  90. Maranda[x] has joined

  91. adiaholic has left

  92. intosi has left

  93. kyemxden has joined

  94. Maranda[x] has left

  95. adiaholic has joined

  96. david has left

  97. adiaholic has left

  98. david has joined

  99. gooya has left

  100. adiaholic has joined

  101. Titi has left

  102. Maranda[x] has joined

  103. Titi has joined

  104. adiaholic has left

  105. adiaholic has joined

  106. Andrzej has joined

  107. intosi has joined

  108. adiaholic has left

  109. adiaholic has joined

  110. Andrzej has left

  111. intosi has left

  112. kyemxden has left

  113. Calvin has joined

  114. govanify has left

  115. govanify has joined

  116. millesimus has left

  117. Yagiza has joined

  118. Calvin has left

  119. Thilo Molitor has left

  120. վարյա has left

  121. վարյա has joined

  122. qwestion has joined

  123. jgart has left

  124. intosi has joined

  125. intosi has left

  126. intosi has joined

  127. govanify has left

  128. neshtaxmpp has left

  129. govanify has joined

  130. neshtaxmpp has joined

  131. neshtaxmpp has left

  132. Menel has joined

  133. Andrzej has joined

  134. վարյա has left

  135. վարյա has joined

  136. intosi has left

  137. intosi has joined

  138. neshtaxmpp has joined

  139. վարյա has left

  140. վարյա has joined

  141. Thilo Molitor has joined

  142. վարյա has left

  143. վարյա has joined

  144. Andrzej has left

  145. վարյա has left

  146. վարյա has joined

  147. jcbrand has joined

  148. msavoritias has joined

  149. msavoritias has left

  150. msavoritias has joined

  151. stp has joined

  152. Menel has left

  153. Menel has joined

  154. ti_gj06 has joined

  155. marc0s has left

  156. marc0s has joined

  157. chronosx88 has left

  158. chronosx88 has joined

  159. Seve has joined

  160. jcbrand has left

  161. lovetox has left

  162. lovetox has joined

  163. intosi has left

  164. eevvoor has left

  165. eevvoor has joined

  166. adiaholic has left

  167. adiaholic has joined

  168. intosi has joined

  169. wladmis has left

  170. adiaholic has left

  171. Tobias has joined

  172. Andrzej has joined

  173. adiaholic has joined

  174. adiaholic has left

  175. intosi has left

  176. intosi has joined

  177. atomicwatch has joined

  178. adiaholic has joined

  179. Andrzej has left

  180. emus has joined

  181. վարյա has left

  182. վարյա has joined

  183. floretta has joined

  184. intosi has left

  185. adiaholic has left

  186. pasdesushi has joined

  187. վարյա has left

  188. վարյա has joined

  189. adiaholic has joined

  190. emus

    regarding CVEs, can this be reviewed? https://github.com/xsf/xmpp.org/pull/1007 Ge0rG?

  191. emus

    regarding CVEs, can this be reviewed? https://github.com/xsf/xmpp.org/pull/1001 Ge0rG?

  192. jcbrand has joined

  193. Titi has left

  194. Paganini has left

  195. restive_monk has left

  196. Titi has joined

  197. floretta has left

  198. restive_monk has joined

  199. floretta has joined

  200. dwd has joined

  201. Maranda[x] has left

  202. Maranda[x] has joined

  203. adiaholic has left

  204. wurstsalat has joined

  205. adiaholic has joined

  206. վարյա has left

  207. վարյա has joined

  208. dwd has left

  209. adiaholic has left

  210. tykayn has joined

  211. intosi has joined

  212. lovetox has left

  213. adiaholic has joined

  214. floretta has left

  215. floretta has joined

  216. intosi has left

  217. marc0s has left

  218. marc0s has joined

  219. lskdjf has joined

  220. marc0s has left

  221. marc0s has joined

  222. lovetox has joined

  223. Titi has left

  224. floretta has left

  225. druthid has left

  226. edhelas

    Movim is not using _xmppconnect and not connecting using BOSH or WS, just for you to know

  227. edhelas

    So I shoudn't be affected

  228. druthid has joined

  229. intosi has joined

  230. debacle has joined

  231. jonas’

    moparisthebest, *raises hat* good find

  232. jonas’

    I did not realize this despite looking into _xmppconnect more closely for xmppnetv2

  233. jonas’

    I do not like that the result is more HTTP though.

  234. jonas’

    but that's, for once, not your fault :)

  235. ti_gj06 has left

  236. lskdjf has left

  237. վարյա has left

  238. floretta has joined

  239. harry837374884 has left

  240. neshtaxmpp has left

  241. neshtaxmpp has joined

  242. harry837374884 has joined

  243. floretta has left

  244. dwd has joined

  245. Mikaela has joined

  246. adiaholic has left

  247. debacle has left

  248. debacle has joined

  249. dan.caseley has left

  250. dan.caseley has joined

  251. floretta has joined

  252. adiaholic has joined

  253. Menel has left

  254. adiaholic has left

  255. ti_gj06 has joined

  256. adiaholic has joined

  257. adiaholic has left

  258. Alex has joined

  259. Ge0rG has left

  260. junaid has left

  261. junaid has joined

  262. emus has left

  263. adiaholic has joined

  264. Andrzej has joined

  265. Ge0rG has joined

  266. adiaholic has left

  267. dwd has left

  268. adiaholic has joined

  269. Ge0rG has left

  270. Ge0rG has joined

  271. Alex has left

  272. Alex has joined

  273. goffi has joined

  274. adiaholic has left

  275. adiaholic has joined

  276. emus has joined

  277. debacle has left

  278. debacle has joined

  279. Dele Olajide has joined

  280. Dele Olajide has left

  281. Dele Olajide has joined

  282. debacle has left

  283. debacle has joined

  284. վարյա has joined

  285. ti_gj06 has left

  286. վարյա has left

  287. վարյա has joined

  288. Andrzej has left

  289. debacle has left

  290. debacle has joined

  291. Dele Olajide has left

  292. Dele Olajide has joined

  293. Titi has joined

  294. adiaholic has left

  295. marc0s has left

  296. marc0s has joined

  297. dan.caseley has left

  298. dan.caseley has joined

  299. kyemxden has joined

  300. Dele Olajide has left

  301. marc0s has left

  302. marc0s has joined

  303. վարյա has left

  304. վարյա has joined

  305. Guus has joined

  306. Dele Olajide has joined

  307. ti_gj06 has joined

  308. argentum has left

  309. Alex has left

  310. Alex has joined

  311. Steve has left

  312. Steve has joined

  313. Steve has left

  314. Steve has joined

  315. Dele Olajide has left

  316. վարյա has left

  317. huhn has joined

  318. Dele Olajide has joined

  319. Rixon 👁🗨 has left

  320. homebeach has left

  321. Matthew has left

  322. Half-Shot has left

  323. uhoreg has left

  324. Half-Shot has joined

  325. Matthew has joined

  326. Rixon 👁🗨 has joined

  327. uhoreg has joined

  328. homebeach has joined

  329. Dele Olajide has left

  330. Dele Olajide has joined

  331. lskdjf has joined

  332. վարյա has joined

  333. Andrzej has joined

  334. harry837374884 has left

  335. Dele Olajide has left

  336. adiaholic has joined

  337. Dele Olajide has joined

  338. Andrzej has left

  339. Andrzej has joined

  340. վարյա has left

  341. վարյա has joined

  342. Menel has joined

  343. harry837374884 has joined

  344. վարյա has left

  345. վարյա has joined

  346. Link Mauve

    emus, where is that 404 page used? I get the regular nginx page on unknown pages. :(

  347. emus


  348. emus

    dunno whats not working

  349. Link Mauve

    Yes, the 404 page from this PR.

  350. Link Mauve

    I didn’t even know we had one.

  351. emus

    can you review for pr 1001

  352. wurstsalat

    Link Mauve, it's a standard page from the default theme (not used atm)

  353. Link Mauve

    Oh, I see, thanks. :)

  354. marc0s has left

  355. marc0s has joined

  356. millesimus has joined

  357. pasdesushi has left

  358. pasdesushi has joined

  359. bean has joined

  360. Wojtek has joined

  361. adiaholic has left

  362. adiaholic has joined

  363. floretta has left

  364. floretta has joined

  365. adiaholic has left

  366. alacer has left

  367. qwestion has left

  368. qwestion has joined

  369. debacle has left

  370. debacle has joined

  371. adiaholic has joined

  372. karoshi has joined

  373. alacer has joined

  374. harry837374884 has left

  375. harry837374884 has joined

  376. restive_monk has left

  377. Neustradamus has left

  378. millesimus has left

  379. Neustradamus has joined

  380. debacle has left

  381. stp has left

  382. robertooo has left

  383. robertooo has joined

  384. millesimus has joined

  385. robertooo has left

  386. marc0s has left

  387. harry837374884 has left

  388. marc0s has joined

  389. restive_monk has joined

  390. stp has joined

  391. Andrzej has left

  392. Andrzej has joined

  393. alacer has left

  394. alacer has joined

  395. intosi has left

  396. intosi has joined

  397. Wojtek has left

  398. Wojtek has joined

  399. lskdjf has left

  400. lskdjf has joined

  401. intosi has left

  402. intosi has joined

  403. lskdjf has left

  404. lskdjf has joined

  405. lskdjf has left

  406. lskdjf has joined

  407. lskdjf has left

  408. lskdjf has joined

  409. djorz has joined

  410. harry837374884 has joined

  411. djorz has left

  412. adiaholic has left

  413. lskdjf has left

  414. lskdjf has joined

  415. adiaholic has joined

  416. floretta has left

  417. alacer has left

  418. ti_gj06 has left

  419. floretta has joined

  420. ti_gj06 has joined

  421. qwestion has left

  422. adiaholic has left

  423. adiaholic has joined

  424. rafasaurus has left

  425. rafasaurus has joined

  426. Link Mauve

    larma, in XEP-0446, why did you go for @dimensions (width"x"height) instead of the more common @width and @height?

  427. phryk has left

  428. ti_gj06 has left

  429. govanify has left

  430. govanify has joined

  431. Holger

    I'm late to the _xmppconnect party, and not into JavaScript. I was assuming the browser wouldn't even permit DNS queries (and that .well-known was invented for this reason). So that's not true?

  432. inky has joined

  433. Zash

    DoH to the "rescue" ?

  434. uhoreg has left

  435. homebeach has left

  436. Matthew has left

  437. Rixon 👁🗨 has left

  438. Half-Shot has left

  439. Half-Shot has joined

  440. Matthew has joined

  441. Rixon 👁🗨 has joined

  442. uhoreg has joined

  443. homebeach has joined

  444. Zash

    But you can use JavaScript outside of browsers, e.g. with FirefoxOS and such, which may have both raw TCP sockets and real DNS APIs

  445. uhoreg has left

  446. homebeach has left

  447. Matthew has left

  448. Rixon 👁🗨 has left

  449. Half-Shot has left

  450. Half-Shot has joined

  451. Matthew has joined

  452. Rixon 👁🗨 has joined

  453. uhoreg has joined

  454. homebeach has joined

  455. Holger

    Well sure, plus you can obviously use WebSocket outside of JavaScript, but then why wouldn't I be able to verify the certificate just as with plain TCP (non-WebSocket) access?

  456. MattJ

    Which certificate would you verify?

  457. MattJ

    JS is even more limited in this regard

  458. MattJ

    If you make a request to https://evil.com/http-bind, the browser will naturally just verify the cert is for evil.com

  459. Holger

    Ah. So the issue is about the combinartion "WebSocket with JavaScript outside the browser (i.e. Node.js)"?

  460. MattJ

    Javascript isn't relevant to the issue at all, really

  461. MattJ

    Any client that uses the DNS lookup to obtain this info is using an insecure protocol to obtain connection info

  462. Holger

    As I said my (mis?)understanding was that querying TXT records from within the browser wasn't even possible in the first place.

  463. Zash

    You're receiving a connection endpoint over an insecure channel, you must not allow it to alter the identifier you compare the certificate to.

  464. MattJ

    That's usually *not* JS stuff, because they use the HTTPS discovery alternative instead

  465. Holger


  466. MattJ

    So most/all JS clients are probably unaffected

  467. wgreenhouse has left

  468. Zash

    Unless they somehow do http:///.well-know ...

  469. MattJ

    That would be more work, and typically blocked by browsers these days afaik

  470. MattJ

    (if the script itself is loaded over https:// )

  471. Holger

    I'm definitely missing something :-)

  472. Zash

    Holger, this affects desktop clients doing _xmppconnect TXT lookups

  473. Zash

    e.g. Pidgin will automatically pick up on _xmppconnect and connect over BOSH

  474. alacer has joined

  475. MattJ

    Holger, '156 defines two methods of advertisement: DNS and HTTPS. Everything using DNS is insecure.

  476. Holger

    How's their situation different from desktop clients performing an SRV lookup?

  477. Zash

    (unless DNSSEC ... 😭️)

  478. Holger

    Well. Gajim uses DNS.

  479. MattJ

    Because when you do SRV lookup you verify the cert against the original domain

  480. Zash

    (also modulo DNSSEC)

  481. Holger


  482. MattJ

    You know you want to connect to "example.com", so when SRV tells you to connect to xmpp.evil.com, you verify you get a cert for 'example.com' still

  483. Holger

    My question remains, why can't the desktop client perform an _xmppconnect lookup, connect over BOSH, and verify the cert against the original domain.

  484. MattJ

    (for the purposes of this whole discussion, DNSSEC doesn't exist)

  485. MattJ

    It could

  486. MattJ

    So it could connect to https://evil.com/ and expect it to serve a cert for example.com instead?

  487. Holger

    That's what I would've assumed, sure.

  488. MattJ

    This is a very unusual configuration in the web world, and would require some hoops to jump through to set up

  489. Zash

    Probably tricky to convince every HTTPS library to do taht

  490. Zash

    Probably tricky to convince every HTTPS library to do that

  491. MattJ

    But yes, if you did it that way it would not be insecure

  492. Zash

    NSS supposedly made it impossible (which ruled out SRV records even)

  493. MattJ

    But everyone just grabs the URL and passes it to their HTTP stack

  494. Holger

    Oh so the issue is server-side. I hadn't thought of that.

  495. uhoreg has left

  496. homebeach has left

  497. Matthew has left

  498. Rixon 👁🗨 has left

  499. Half-Shot has left

  500. Half-Shot has joined

  501. Matthew has joined

  502. Rixon 👁🗨 has joined

  503. uhoreg has joined

  504. homebeach has joined

  505. Holger

    Ok yes plus maybe client-side HTTP library APIs. I see.

  506. MattJ

    I'm pretty sure if you serve a BOSH URL of https://evil.com/ with a cert of https://example.com/ 100% of everything is going to break trying to load that URL

  507. MattJ

    as it should, really

  508. MattJ

    In the past when implementing '156 for something, I did verify that the domain of the endpoint was the same as the XMPP domain, otherwise ignore it

  509. intosi has left

  510. intosi has joined

  511. Holger

    I see.

  512. Menel has left

  513. Menel has joined

  514. Zash

    MattJ, I would imagine that you were the only one

  515. Zash

    Oh, you mean for xmpp:example.com assert https://example.com/* ?

  516. MattJ


  517. MattJ


  518. Zash

    That, or perhaps a subdomain, ought to be safe, yeah

  519. MattJ

    "This problem will go away in the distant future when DNSSEC is more readily available" -- 2011

  520. intosi has left

  521. intosi has joined

  522. inky has left

  523. dwd has joined

  524. gooya has joined

  525. Zash

    E.g. I'd expect https://xmpp.example.com/bosh for xmpp:example.com to be fairly common

  526. kyemxden has left

  527. MattJ


  528. wgreenhouse has joined

  529. MattJ

    Kudos to moparisthebest for... actually doing something :P

  530. adiaholic has left

  531. kyemxden has joined

  532. rq77 has joined

  533. ti_gj06 has joined

  534. Calvin has joined

  535. adiaholic has joined

  536. millesimus has left

  537. adiaholic has left

  538. Calvin has left

  539. Dele Olajide has left

  540. adiaholic has joined

  541. leochiu has joined

  542. Paganini has joined

  543. alacer has left

  544. alacer has joined

  545. Menel has left

  546. dwd has left

  547. adiaholic has left

  548. Calvin has joined

  549. adiaholic has joined

  550. millesimus has joined

  551. Link Mauve

    larma, you mention “Hash the resulting string using the algorithm choosen for the sticker pack.” in XEP-0449, does it mean you want to allow only a single hash, instead of the usual hash agility thingy?

  552. Link Mauve

    Would XEP-0103 also be useful to distribute cid: URIs? I wouldn’t expect so.

  553. Link Mauve

    But if not, should we create another XEP for shipping stickers that way?

  554. adiaholic has left

  555. floretta has left

  556. bung has joined

  557. restive_monk has left

  558. adiaholic has joined

  559. ti_gj06 has left

  560. floretta has joined

  561. moparisthebest

    it mainly annoys me that I must have read '156 multiple dozens of times, and fully implemented and end-to-end tested websocket support, and only noticed it during some light refactoring before the final push https://github.com/moparisthebest/xmpp-proxy/blob/master/src/srv.rs#L77

  562. restive_monk has joined

  563. moparisthebest

    and it's surprisingly bad because even though a client does all *other* starttls/tls validation correctly, this is all it takes, an attacker can just block those and force a connection over websocket to gain mitm

  564. xnamed has joined

  565. marc0s has left

  566. marc0s has joined

  567. marc0s has left

  568. marc0s has joined

  569. pjn has joined

  570. Link Mauve

    The hashing algorithm in XEP-0449 isn’t clear, especially around hashes.

  571. Link Mauve

    Should I encode the bytes of the hash, or its base64 representation?

  572. Link Mauve

    I’d rather the former, as it is what gets out of my parser.

  573. Link Mauve

    Having a complete example like in XEP-0390 would be useful.

  574. matkor has left

  575. matkor has joined

  576. xnamed has left

  577. larma

    Link Mauve, - re dimensions: The reason was, originally, that the field shouldn't require exactly 2 dimensions, although the description indeed now reads like that. Maybe width and height would indeed be easier in practice. - re hash: the ID needs to be one ID. I guess if you put two hashes on the pack, you can pick any of the two as your hash for ID generation - re cid: I don't think 0103 is a good fit for cid uris. I also don't really see the need and future for cid URIs anyway. Instead just use Jingle with IBB which is effectively the same functionality just that the payload doesn't need to fit in one stanza.

  578. Link Mauve

    larma, other dimensions, such as for a 3D sticker for instance?

  579. larma

    446 is for any kind of file, not just stickers. But yes, 3d stickers

  580. jonas’

    what about non-spatial dimensions?

  581. Link Mauve

    Ah right, I forgot the part where the ID is also truncated and reused for the id.

  582. Link Mauve

    Why is it truncated btw?

  583. Link Mauve

    In XEP-0084 it isn’t for instance.

  584. larma

    jonas’, I think 3d is not far off reality. You could already want to transfer 3d object files which also have dimensions.

  585. Wojtek has left

  586. Andrzej has left

  587. Andrzej has joined

  588. Link Mauve

    larma, the idea about cid: was to be compatible with existing clients, like Movim.

  589. marc0s has left

  590. marc0s has joined

  591. Dele Olajide has joined

  592. Link Mauve

    larma, what about cube map textures?!

  593. Link Mauve

    How do you encode each of the six sides?

  594. marc0s has left

  595. marc0s has joined

  596. larma

    That's up for future specification 😉

  597. Link Mauve

    larma, I made https://github.com/xsf/xeps/pull/1160 and https://github.com/xsf/xeps/pull/1161 fyi.

  598. larma

    Does Movim not support http file uris or jingle ibb?

  599. Link Mauve

    Not for stickers AIUI.

  600. robertooo has joined

  601. Link Mauve

    edhelas, ↑

  602. Wojtek has joined

  603. xnamed has joined

  604. larma

    So... A sticker is an image file transferred via BoB where an image file transferred via http/jingle is not?

  605. larma

    So... A sticker is an image file transferred via BoB when an image file transferred via http/jingle is not?

  606. marc0s has left

  607. marc0s has joined

  608. marc0s has left

  609. marc0s has joined

  610. edhelas

    Movim stickers are cid:

  611. pjn has left

  612. marc0s has left

  613. pjn has joined

  614. marc0s has joined

  615. edhelas

    you can always send a link and Movim will resolve it

  616. edhelas

    but it's not a sticker "for me", just an image

  617. Dele Olajide has left

  618. edhelas

    I also support SIMS

  619. BASSGOD has left

  620. edhelas


  621. edhelas

    but also as an "'attached image"

  622. marc0s has left

  623. marc0s has joined

  624. larma

    So the only way to send a sticker to Movim is to send cid via <img> in deprecated XHTML-IM?

  625. adiaholic has left

  626. moparisthebest

    > "This problem will go away in the distant future when DNSSEC is more readily available" -- 2011 this is one of the saddest things I've ever read :'(

  627. Link Mauve

    Let’s undeprecate XHTML-IM.

  628. larma

    Or not use XHTML-IM for stickers?

  629. larma

    <sticker xmlns="custom" uri="cid:bla" /> would have worked as well, no?

  630. edhelas

    Movim doesn't support XHTML-IM, only the cid: :p

  631. Link Mauve

    Re 0446, it’s always been weird to me even back when it was called 0234 to have various metadata about specific file types.

  632. alacer has left

  633. Link Mauve

    Why dimensions and length, and not number of words in the epub, or target hardware for a video game?

  634. edhelas


  635. adiaholic has joined

  636. alacer has joined

  637. Matthew has left

  638. Rixon 👁🗨 has left

  639. uhoreg has left

  640. homebeach has left

  641. Half-Shot has left

  642. Half-Shot has joined

  643. Matthew has joined

  644. Rixon 👁🗨 has joined

  645. uhoreg has joined

  646. homebeach has joined

  647. Link Mauve

    Filesystems don’t usually provide this kind of information, so the sender would have to parse the file.

  648. Link Mauve

    That is optional, but it still seems like feature creep to me.

  649. edhelas

    Link Mauve yup, I don't trust the info :p

  650. Andrzej has left

  651. BASSGOD has joined

  652. Link Mauve

    It’s not about trust or not, it’s about whether or not it makes sense in file metadata.

  653. ti_gj06 has joined

  654. larma

    Link Mauve, the hashes and values in the example 1 of xep 0449 are actual real values, and apparently I took the file hash as base64 string. You can't use bytes directly because bytes could include 0x1F.

  655. larma

    Also regarding dimensions: It's so that you can display a sensible placeholder in correct size before fetching the file

  656. Zash

    But why as one complex attribute instead of two simple integer ones?

  657. larma

    And length is so that you can display also that for audio and video before fetching the file, it's what most other chat systems do as well

  658. Link Mauve

    Oh, with the <!-- ... --> I thought it wasn’t complete.

  659. adiaholic has left

  660. moparisthebest

    parse the images they said, it'll be fun easy and safe they said... https://www.kuow.org/stories/we-didn-t-mean-to-ruin-your-mazda-s-stereo

  661. Link Mauve

    But then I can only test whether I get the correct result or not, not see where I did something wrong like with XEP-0390.

  662. marc0s has left

  663. larma

    Zash, I agree that this would be a sensible option if we only have 2d images/videos in mind (and honestly, that's what we have right now, so probably better to not overengineer here)

  664. Link Mauve

    moparisthebest, an image of the system, aka an update, right?

  665. Link Mauve

    Not an image with pixels.

  666. marc0s has joined

  667. moparisthebest

    Link Mauve, no, literally an image with pixels

  668. Link Mauve

    larma, ok, so I have to reencode to base64.

  669. Zash

    Wait what?

  670. Andrzej has joined

  671. APach has joined

  672. bung has left

  673. marc0s has left

  674. marc0s has joined

  675. mjk

    The image placeholders in GUIs are usually 2D because our screens usually too... But then again, the sender shouldn't dictate how their cube of 3D MIP-mapped images shall be projected on the receiver's sceen

  676. moparisthebest

    Link Mauve, more technical article https://www.theregister.com/2022/02/10/mazda_radios_images/

  677. Link Mauve

    mjk, skyboxes in video games have been cube maps for about as long as 3D hardware has existed.

  678. mjk

    With the above I mean: don't limit metadata to WxH, leave space for extensibility :)

  679. mjk

    Link Mauve: Er. Yes. And? :))

  680. larma

    Link Mauve, `summary\x1fen\x1fBe cute or be cynical, this little kitten works both ways.\x1ename\x1fen\x1fMarsey the Cat\x1e\x1c👍\x1esha-256\x1f0AdP8lJOWJrugSKOIAqfEKqFatIpG5JBCjjxY253ojQ=\x1f\x1e\x1d😘\x1esha-256\x1fgw+6xdCgOcvCYSKuQNrXH33lV9NMzuDf/s0huByCDsY=\x1f\x1e\x1d\x1c` is the bytes for the sticker pack in example 1 which hash to the hash given in the Example. For reference, the two image files are https://larma.de/xeps/xep-0449-1.png and https://larma.de/xeps/xep-0449-2.png

  681. mjk

    I'm well-versed in my skyboxes :p

  682. Link Mauve


  683. rq77 has left

  684. Link Mauve

    larma, I couldn’t have guessed @xml:lang was "en". :)

  685. Link Mauve

    I default to "" if it isn’t set, in xmpp-parsers.

  686. floretta has left

  687. floretta has joined

  688. Zash

    My 5D chess videos!

  689. Link Mauve

    “Join the resulting octet strings together, ordered from lesser to greater.”, isn’t summary > name here?

  690. Link Mauve

    In your example it’s in the other way.

  691. chronosx88 has left

  692. chronosx88 has joined

  693. jgart has joined

  694. karoshi has left

  695. marc0s has left

  696. marc0s has joined

  697. վարյա has left

  698. վարյա has joined

  699. Rixon 👁🗨 has left

  700. homebeach has left

  701. uhoreg has left

  702. Matthew has left

  703. Half-Shot has left

  704. Half-Shot has joined

  705. Matthew has joined

  706. Rixon 👁🗨 has joined

  707. uhoreg has joined

  708. homebeach has joined

  709. wladmis has joined

  710. emus has left

  711. Andrzej has left

  712. neshtaxmpp has left

  713. neshtaxmpp has joined

  714. Andrzej has joined

  715. adiaholic has joined

  716. eevvoor has left

  717. karoshi has joined

  718. me9 has joined

  719. Guus has left

  720. gooya has left

  721. gooya has joined

  722. reimar has joined

  723. larma

    Meh, yeah, you're right. The field was named desc once and when I renamed it I forgot to reorder that part

  724. guus.der.kinderen has left

  725. guus.der.kinderen has joined

  726. stp has left

  727. pjn has left

  728. pjn has joined

  729. adiaholic has left

  730. argentum has joined

  731. Wojtek has left

  732. adiaholic has joined

  733. adiaholic has left

  734. Menel has joined

  735. adiaholic has joined

  736. bean has left

  737. u70jfzo5eyeb468b9o has left

  738. u70jfzo5eyeb468b9o has joined

  739. Wojtek has joined

  740. leochiu has left

  741. djorz has joined

  742. վարյա has left

  743. վարյա has joined

  744. Link Mauve

    larma, fyi you’re also missing a \x1f after the content of the name and summary fields.

  745. djorz has left

  746. Link Mauve

    With this one fix, I’m now compatible with your hash!

  747. վարյա has left

  748. վարյա has joined

  749. Kev

    This one simple fix to your hash doctors don't want you to know.

  750. debacle has joined

  751. larma

    I remember there was some issue with the hash as well, have to double check my notes from back then

  752. Menel has left

  753. Link Mauve

    Also, the desc should probably take one \x1f after, as this is done for every single other field.

  754. marc0s has left

  755. marc0s has joined

  756. pjn has left

  757. pjn has joined

  758. pjn has left

  759. pjn has joined

  760. debacle has left

  761. dwd has joined

  762. Menel has joined

  763. Link Mauve

    Re section 4.2, I think it would make sense for backwards compatibility to include the image as oob.

  764. pjn has left

  765. pjn has joined

  766. djorz has joined

  767. ralphm bangs gavel

  768. jcbrand


  769. ralphm

    0. Welcome

  770. ralphm

    Hi! Who do we have?

  771. վարյա has left

  772. jcbrand


  773. jcbrand

    Looks like arc is not here

  774. gooya has left

  775. adiaholic has left

  776. gooya has joined

  777. Dele Olajide has joined

  778. bean has joined

  779. ralphm unbangs gavel

  780. pjn has left

  781. pjn has joined

  782. jgart has left

  783. վարյա has joined

  784. stp has joined

  785. adiaholic has joined

  786. gooya has left

  787. gooya has joined

  788. pjn has left

  789. pjn has joined

  790. arc has joined

  791. adiaholic has left

  792. arc

    We really need to get ourselves better organized

  793. paul has left

  794. intosi has left

  795. intosi has joined

  796. dwd has left

  797. Andrzej has left

  798. debacle has joined

  799. govanify has left

  800. govanify has joined

  801. Link Mauve

    The recommendation to use XEP-0363 for hosting the stickers, in section 4.4, is going to crash pretty quickly with real world server configurations, where the ttl of such a file might be just one week.

  802. intosi has left

  803. intosi has joined

  804. Zash

    Also remember Daniel mentioning that in the context of avatars

  805. Link Mauve

    Thankfully avatars are still mostly served in-band.

  806. Zash

    Since you can't put them in http upload because they expire

  807. Link Mauve

    Let’s keep it like that then. :D

  808. moparisthebest


  809. moparisthebest

    Avatars are pretty much the only reason stanza size limits are exceeded

  810. Link Mauve

    If someone wants to hammer me with a 1 MiB avatar, I’d rather their connection get closed.

  811. moparisthebest

    It's more of an s2s problem

  812. moparisthebest

    Like the person in this room who had the massive avatar

  813. Zash

    On that topic, can we replace XEP-0153 with micro-images instead? (think blurhash)

  814. Zash

    moparisthebest, Link Mauve, with their INFINITE avatar?

  815. Zash

    Note for the archives: Link Mauve has an SVG avatar

  816. moparisthebest

    That would be fun, unfortunately (for the "fun") most servers have implemented sane stanza size limits by now?

  817. djorz has left

  818. Zash

    Peek at server logs and look for s2s collapses

  819. Link Mauve

    My avatar isn’t infinite, it is just the size you want. :)

  820. Link Mauve

    Any size you want.

  821. ti_gj06 has left

  822. ti_gj06 has joined

  823. uhoreg has left

  824. Rixon 👁🗨 has left

  825. homebeach has left

  826. Matthew has left

  827. Half-Shot has left

  828. Half-Shot has joined

  829. Matthew has joined

  830. Rixon 👁🗨 has joined

  831. uhoreg has joined

  832. homebeach has joined

  833. marc0s has left

  834. marc0s has joined

  835. ti_gj06 has left

  836. ti_gj06 has joined

  837. intosi has left

  838. intosi has joined

  839. alacer has left

  840. jgart has joined

  841. Andrzej has joined

  842. moparisthebest

    Link Mauve doesn't have an avatar at all for me, or it's infinitely small, I'll never know

  843. Zash

    Multi-format/multi-resolution avatars when?

  844. qwestion has joined

  845. adiaholic has joined

  846. Zash

    moparisthebest, you can still have fun if you find someone with even lower stanza size limits than everyone else

  847. Zash

    When will I finish that path MTU XEP?

  848. Steve has left

  849. Zash

    Srsly tho, squeeze avatars into the size of a hash and use that instead of a hash of the actual profile image!

  850. restive_monk has left

  851. moparisthebest

    Is that spec/code free?

  852. arc has left

  853. arc has joined

  854. Zash

    Can you send one 8x8 block of JPEG?

  855. Zash

    And like, remove the redundant parts

  856. Zash

    ie the "this is an 8x8 px JPEG" part

  857. Zash

    Someone suggested doing that instead of blurhash previously

  858. Zash

    It was larma, https://logs.xmpp.org/xsf/2020-11-22?p=h#2020-11-22-ea01a0735a4bc25e

  859. qwestion has left

  860. paul has joined

  861. Zash


  862. arc has left

  863. arc has joined

  864. Zash

    upscaled PNG something something

  865. larma

    I'd suggest to go for even smaller, like 3x2 PX. And then you're better of to use a very simple image format (think bmp or the likes)

  866. larma

    And yeah, then just upscale them in a blurry way

  867. larma

    Would be even better to use image formats that are good in supporting low color depth, because you also don't really need that

  868. Link Mauve

    Use a single chunk of BC7, this is 16 bytes, and it is supported by every GPU.

  869. Link Mauve

    Using exactly one quarter of the size it would be in RGBA8888.

  870. Steve has joined

  871. Zash

    Maybe take a bit or two to mean "circle, rounded corners, square, ????"

  872. Link Mauve

    The downside is that it only supports multiples of 4×4, so 3×2 wouldn’t be any smaller.

  873. Link Mauve

    I recently wrote an implementation of BC7 and it was pretty fun.

  874. Link Mauve

    (A software implementation.)

  875. Zash

    in poezio when?

  876. Link Mauve


  877. Link Mauve

    Zash, the Genshin Impact stickers actually come from this decoder. :)

  878. intosi has left

  879. intosi has joined

  880. Link Mauve

    Since in the game data they are stored in BC7.

  881. COM8 has joined

  882. Link Mauve

    PNG often compresses more, these stickers.

  883. Link Mauve

    Not for all of them.

  884. Zash

    Acquire some Unicode madness and render avatars in group chat views in like 2x3 pixels!

  885. COM8 has left

  886. COM8 has joined

  887. COM8 has left

  888. COM8 has joined

  889. me9 has left

  890. COM8 has left

  891. larma

    Actually, I like the idea to use BC7. We just need a mime type for "single bc7 chunk"

  892. COM8 has joined

  893. COM8 has left

  894. Dele Olajide has left

  895. Link Mauve

    At 8×8, in base64, we have an image of higher quality than blurhash, for the exact same size.

  896. Vidak has left

  897. mh has left

  898. mh has joined

  899. larma

    and yeah, it only doing 4x4 is a bit problematic, when you think of images that are rather wide, like 21:9 resolutions

  900. Zash

    Profile images are all square so that's not a problem 🙂

  901. Zash

    but you're also thinking of previews for file transfers?

  902. larma

    yes, mostly thinking about those

  903. Link Mauve

    larma, you can always put in the metadata that it actually is 4×3, and the recipient client will crop out the last line of pixels.

  904. Link Mauve

    We already have XEP-0264 for that though.

  905. harry837374884 has left

  906. adiaholic has left

  907. adiaholic has joined

  908. larma

    yes, but those use URIs which either is a BoB cid (requiring sender to be online at time of recipient wanting to fetch the thumbnail) or an external http uri (in which case I can just fetch the real thing and hope that it is encoded in a way that would allow to render early)

  909. larma

    It could be a data uri if we agree on a file format for those

  910. Link Mauve

    Reminds me to check for AVIF support of embedded thumbnails.

  911. Link Mauve

    It was annoyingly not part of the first specification.

  912. intosi has left

  913. intosi has joined

  914. mjk

    > Maybe take a bit or two to mean "circle, rounded corners, square, ????" 3D! We also need to think about three-dimensional avatars and how to round them

  915. Zash

    "circle, rounded corners, square, you need more bits"

  916. mjk


  917. djorz has joined

  918. Zash

    let's just do 1D avatars

  919. MattJ

    I've seen discussion of star-shaped avatars for Conversations 3.0

  920. Zash

    or nD? how many dimension should you curl up the string of pixels into?

  921. mjk

    > let's just do 1D avatars that's... like... `alt`?

  922. adiaholic has left

  923. adiaholic has joined

  924. emus has joined

  925. mh has left

  926. adiaholic has left

  927. adiaholic has joined

  928. վարյա has left

  929. վարյա has joined

  930. adiaholic has left

  931. dwd has joined

  932. gooya has left

  933. gooya has joined

  934. arc has left

  935. arc has joined

  936. papatutuwawa has joined

  937. emus has left

  938. Link Mauve

    I’ve tried to associate emoji to the various stickers I’ve used today, but it’s pretty hard.

  939. Link Mauve

    Is it just me, or is it not fully doable?

  940. Zash

    Isn't that the point?

  941. Link Mauve

    Sure, but then the <desc/> might not really be usable.

  942. Link Mauve

    A proper description (what I’d put in an @alt text) would be better imo.

  943. rafasaurus has left

  944. adiaholic has joined

  945. Link Mauve

    larma, for the next version of XEP-0449, it would be very nice to have format agility too.

  946. Link Mauve

    Since (as moparisthebest exhibited) not every client supports SVG yet, it would be sensible to provide an AVIF fallback.

  947. Link Mauve

    And perhaps even resolution agility, since not everyone needs a 512×512 Marsay the Cat.

  948. Link Mauve

    Perhaps using multiple <file/> elements? But then the sources don’t match any longer…

  949. larma

    Link Mauve, format agility and not using <desc/> is also on the to do already (was discussed on standards@ IIRC)

  950. adiaholic has left

  951. Link Mauve


  952. larma

    I just didn't have a lot of time recently (did I mention we have video conferences in Dino :D)

  953. Link Mauve

    (Yes! <3)

  954. Link Mauve

    There should be a TODO section in experimental XEPs!

  955. Link Mauve

    So that we wouldn’t give feedback you already have thought about. :)

  956. arc has left

  957. arc has joined

  958. rafasaurus has joined

  959. Zash

    Aren't ProtoXEPs with TODO sections rejected?

  960. Link Mauve

    Are they?

  961. Link Mauve

    Make it “future work” then.

  962. emus has joined

  963. millesimus has left

  964. harry837374884 has joined

  965. arc has left

  966. arc has joined

  967. ti_gj06 has left

  968. adiaholic has joined

  969. Vidak has joined

  970. Wojtek has left

  971. adiaholic has left

  972. millesimus has joined

  973. dwd has left

  974. robertooo has left

  975. robertooo has joined

  976. moparisthebest

    TODO is short for "this will never be done ever" right ?

  977. djorz has left

  978. adiaholic has joined

  979. arc has left

  980. arc has joined

  981. djorz has joined

  982. msavoritias has left

  983. intosi has left

  984. msavoritias has joined

  985. intosi has joined

  986. adiaholic has left

  987. arc has left

  988. arc has joined

  989. floretta has left

  990. floretta has joined

  991. norkki has joined

  992. norkki has left

  993. arc has left

  994. arc has joined

  995. msavoritias has left

  996. msavoritias has joined

  997. millesimus has left

  998. adiaholic has joined

  999. ti_gj06 has joined

  1000. intosi has left

  1001. intosi has joined

  1002. Rixon 👁🗨 has left

  1003. homebeach has left

  1004. Matthew has left

  1005. uhoreg has left

  1006. Half-Shot has left

  1007. Half-Shot has joined

  1008. Matthew has joined

  1009. Rixon 👁🗨 has joined

  1010. uhoreg has joined

  1011. homebeach has joined

  1012. adiaholic has left

  1013. gooya has left

  1014. intosi has left

  1015. intosi has joined

  1016. gooya has joined

  1017. gooya has left

  1018. gooya has joined

  1019. ti_gj06 has left

  1020. arc has left

  1021. arc has joined

  1022. xnamed has left

  1023. intosi has left

  1024. intosi has joined

  1025. marc0s has left

  1026. marc0s has joined

  1027. arc has left

  1028. arc has joined

  1029. sonny has left

  1030. emus

    Kev, would you mind to join the GSoC muc to discuss or give your input on the task discussion? So asking for your GSoC experiences if you want to contribute to the discussion

  1031. emus


  1032. gooya has left

  1033. adiaholic has joined

  1034. andrey.g has joined

  1035. xnamed has joined

  1036. gooya has joined

  1037. Yagiza has left

  1038. harry837374884 has left

  1039. emus has left

  1040. adiaholic has left

  1041. gooya has left

  1042. gooya has joined

  1043. վարյա has left

  1044. floretta has left

  1045. floretta has joined

  1046. dwd has joined

  1047. Tobias has left

  1048. Tobias has joined

  1049. bung has joined

  1050. arc has left

  1051. arc has joined

  1052. marc0s has left

  1053. marc0s has joined

  1054. emus has joined

  1055. վարյա has joined

  1056. arc has left

  1057. arc has joined

  1058. Dele Olajide has joined

  1059. arc has left

  1060. arc has joined

  1061. mjk has left

  1062. mjk has joined

  1063. arc has left

  1064. arc has joined

  1065. Dele Olajide has left

  1066. Dele Olajide has joined

  1067. arc has left

  1068. arc has joined

  1069. me9 has joined

  1070. floretta has left

  1071. reimar has left

  1072. dwd has left

  1073. Andrzej has left

  1074. Andrzej has joined

  1075. intosi has left

  1076. intosi has joined

  1077. djorz has left

  1078. bung has left

  1079. msavoritias has left

  1080. jgart has left

  1081. Alex has left

  1082. floretta has joined

  1083. Alex has joined

  1084. gooya has left

  1085. Andrzej has left

  1086. gooya has joined

  1087. intosi has left

  1088. intosi has joined

  1089. me9 has left

  1090. arc has left

  1091. arc has joined

  1092. intosi has left

  1093. gooya has left

  1094. gooya has joined

  1095. djorz has joined

  1096. Dele Olajide has left

  1097. qrpnxz has joined

  1098. arc has left

  1099. arc has joined

  1100. stp has left

  1101. andrey.g has left

  1102. floretta has left

  1103. chronosx88 has left

  1104. Andrzej has joined

  1105. adiaholic has joined

  1106. bean has left

  1107. intosi has joined

  1108. marc0s has left

  1109. marc0s has joined

  1110. qwestion has joined

  1111. adiaholic has left

  1112. Tobias has left

  1113. qrpnxz has left

  1114. wurstsalat has left

  1115. intosi has left

  1116. djorz has left

  1117. pasdesushi has left

  1118. Menel has left

  1119. arc has left

  1120. arc has joined

  1121. Andrzej has left

  1122. arc has left

  1123. arc has joined

  1124. robertooo has left

  1125. robertooo has joined

  1126. sonny has joined

  1127. huhn has left

  1128. emus has left

  1129. arc has left

  1130. arc has joined

  1131. gooya has left

  1132. gooya has joined

  1133. Dele Olajide has joined

  1134. arc has left

  1135. arc has joined

  1136. Maranda[x] has left

  1137. Maranda[x] has joined

  1138. Dele Olajide has left

  1139. tykayn has left

  1140. wgreenhouse has left

  1141. floretta has joined

  1142. wgreenhouse has joined

  1143. goffi has left

  1144. atomicwatch has left

  1145. ponymontana has joined

  1146. ponymontana has left

  1147. bung has joined

  1148. intosi has joined

  1149. Dele Olajide has joined

  1150. Dele Olajide has left

  1151. Dele Olajide has joined

  1152. bung has left

  1153. marc0s has left

  1154. marc0s has joined

  1155. intosi has left

  1156. floretta has left

  1157. Dele Olajide has left

  1158. Dele Olajide has joined

  1159. arc has left

  1160. arc has joined

  1161. floretta has joined

  1162. restive_monk has joined

  1163. Dele Olajide has left

  1164. arc has left

  1165. arc has joined

  1166. Dele Olajide has joined

  1167. Dele Olajide has left

  1168. Dele Olajide has joined