XSF Discussion - 2022-03-11

Any thoughts on best practices re: .onion XMPP servers? I'm planning on actually writing this down in a xep I'm thinking for outgoing connections, do starttls on the regular ports or direct TLS on 443 and accept literally any certificate on incoming s2s just make an outgoing connection and validate that the certificate is the same, then offer sasl external Thoughts, good, bad, whatever?

moparisthebest: It would be great, this can also be applied to other VPNs ... Some friend of mine have some large networks made with tinc and they are exchanging and maintaining root CAs ✏

I think in other places where transport security and authentication isn't guaranteed like it is with .onion sharing a CA is the right thing to do and just works

Yes, but is hard to maintain updated and coordinated

MattJ, I vaguely recall you mentioning you didn't like the SRV weight algorithm and did something else?

moparisthebest: I don't like it, but I didn't do much else

I have a patch for Prosody I'm sitting on for now (needs further testing)

MattJ: what did you do differently and/or care to share the code?

https://matthewwild.co.uk/uploads/prosody-srv-weighting.diff

IIRC I'm following the RFC pretty closely with this implementation. My main complaint is the inefficiency of it, but every optimization suggested so far hasn't produced the same outputs as the RFC would in every case

We did discuss putting a limit on the number of records we would attempt to process

moparisthebest: > Any thoughts on best practices re: .onion XMPP servers? I'm planning on actually writing this down in a xep > ::: Mentioning http client behavior would be nice as well, I think. As in, allow any cert. Btw, relaxing the requirement to do specifically TLS in the http upload xep (instead, only require _some_ equivalently secure form of transport security) would be nice as well, but oos, it seems :)

emus: > i want to occasionally post about e.g. new XEPs > "XEP-1234 has been proposed! > Short description > Author" > Image ^ May I suggest adding to this info the essential effects of the xep addition/change for end users? ("Products, not protocols", etc.)

mjk: Well, XSF is protocols

and its not that I will post this very frequentlt

Well yeah, what I suggest is more like "products + protocols", so that non-tech audience isn't completely left out

“22:13:08 moparisthebest> writing specs is annoying, writing code is fun...”, absolutely completely untrue!!!

+1

producolts

writing code is fun. Debugging code... less so

Debugging specs that has no running code is...

mjk: ...a hobby of mine

finding underspecified parts and race conditions just from reading the text and thinking "what might go wrong" is exciting

Right... Exciting... /me still healing the trauma of running a mathy algorithm partly in head, partly on paper because printf would be too verbose

Or too much effort writing the formatting code

.oO(#[derive(Debug)])

jonas’: Is that some Wolfram voodoo? ✏

no, rust

Oh

applied to a struct, enum or tuple declaration, it generates the code necessary to use it with the {:?} placeholder, dumping all of its contents. ✏

Again said I tend to troll without intention^^

This what I want (example) as a tweet:

jonas’: Ah, I thought it processes a function to generate debugging instrumentation :)) But there are debuggers for that, I guess. In my case I was lazy to research step-by-step debugging of Lua, _and_ wanted to visualze the data in a fancy manner...

A new XEP has been proposed *XEP-0461: Message Replies* *Abstract* This document defines a way to indicate that a message is a reply to a previous message. *Authors* Natalie WirthMarvin Wissfeld https://xmpp.org/extensions/xep-0461.html

https://jabbers.one:5281/upload/F4f6DxRCgcfJMNN5/20220310_221533585_7bc5.png

now I killed the discussion? 😅

Or it's just _that_ perfect that nobody has anything to add ;p ✏

Ah cool - I just go ahead 🎉😉

But I hope its clear what I wanted to discuss. I think I spread some confusion

But I have! > *Abstract* > This document defines a way to indicate that a message is a reply to a previous message. "(Allows clients to have nice quotation UI.)" or something ✏

That is also fine to restate the abstract for non-techs

I always would like to start saying: > This specification standardizes ... ✏

because this is key. It works for "everyone"

Isn't every standard specification meant to standardize something?

State the obvious with too many words, lose readers on the way

But maybe it helps devs from othes ecosystems realize how more democratic things work around here ;)

Doing this right is really hard, maybe we should hire a competent technical writer.

> Ge0rG escribió: > State the obvious with too many words, lose readers on the way I think it clarifies that this was the intention. Noone has officially standardises this yet, we do

And also said: Yes, and we standardized THIS

I will move this to editors muc

mjk: good call about specifically documenting https behavior on onions too

MattJ: thanks I'll have a look, fwiw I don't think producing the same output as the SRV RFC is that valuable, vs just maximizing connection attempts

guus, just ignore

@all please remind to set labels if you merge PRs - that would be very helpful

> Thank you Alex! Welcome, Ali! Thank you Guus > Welcome Ali! Thank you emus > Congrats to all, welcome Ali, and thanks for your support! Thank you Neustradamus Thank you all for accepting my application 😊

Quick rundown of encrypted client hello https://guardianproject.info/2021/11/30/implementing-tls-encrypted-client-hello/

This will allow connecting to XMPP servers while hiding ALPN and SNI

The circumstance "nobody" care about protocols the posts just crossed the 1700 followers 😌️ https://twitter.com/xmpp/status/1502364409020268544 https://fosstodon.org/web/@xmpp/107939539350756647

Wow

6 retweets in 1 minute at Friday night ^^

10

Not "nobody" just not "normal people"

We're all "nobody" here.

100% of the people in this channel or that follow that account care :)

Good --> retweet etc 😉

Zash - you did already I saw that 🙂 good job!

Marketing goes brrrrr

🕺️

Lol, we have almost the same retweets as the latest newsletter ^^

on Fost.

https://burtrum.org/up/34510860-cae4-467d-811f-5e16d01f9e71/9wqjWU9CQtKgpDow7mfH8Q.jpg

The way husky crops that image is... Less than ideal lol

Its all weirdly cropped. I made a better version already for the next time

P SPEC

https://cerdale.zash.se/s/T7K4K8gd8cZn3k6Lp0hR5PTz/0e2e3788-89a5-44ba-bd5e-9a41a189f57f.png

Looks fine in mobile Firefox:

https://burtrum.org/up/60b68a4f-0890-4ca9-bb4a-8275a536130a/yiLtel7ASnuC91V1Ga5x5A.jpg

Guys, I raised this today and yesterday several times, but apart from almost 95% offtopic comments nothing, so please come with proposals next time -.-

https://cerdale.zash.se/s/G1gOfXkSfZ8BIuWyMYvilWlQ/25c1c82f-f6cc-40b7-a8e7-1c4af01d1036.png

The last link is what I intended

This kind of thing makes me so glad I'm not a UI developer

from morap

emus, it's late on a friday, feel free to ignore everything until tomorrow 😉

Yes^^

To be clear I don't think there is anything you could do about this

I can

https://jabbers.one:5281/upload/Z32YMVzVzhVlVHKa/bd4445f3-603e-4550-90a8-c8ad2af8dfdd.png

Isn't there some optimal resolution documented somewhere?

Nifty

larma said I should ask for some volunteers on corporate design. So please go crazy. But I would like to keep it in its own design (thats why I made it grey mode)

MattJ, no that I disagree with your "products, not protocols" - but I see lots of retoots already ;)

https://larma.de:5281/upload/ph8N3K_FGl-sNAQw/852eb62e-2bf2-4e2f-a643-5ca8a175b8c8.png

So apparently, they should be 16:9

but what happens if I remove this?

is it then native?

this is a display setting, it doesn't affect what is send

oh yes

I was already amused

and it's enabled by default, so most users will have it enabled

yeah

thus you should assume things to be cropped 16:9, and thus best way to make sure it looks good is to also send 16:9 😉

Yes, I just cropped it accordingly

> https://cerdale.zash.se/s/G1gOfXkSfZ8BIuWyMYvilWlQ/25c1c82f-f6cc-40b7-a8e7-1c4af01d1036.png The specificat appurroves

...

Interesting https://prav.app/ cc Daniel , also maybe newsletter material?