XSF Discussion - 2022-04-13

Well, there is... the HTTP RFC(s)

there is a spec for one solution at least. we were considering using that in remotestorage for the resumable uploads part for example: https://tus.io/protocols/resumable-upload.html

raucao: nice! That seems mostly sane, a lot of strange unnecessary things but otherwise

> The Client SHOULD use this header if its environment does not support the PATCH or DELETE methods. Which environment would this be...

Browser

For example

But without JS then

Sry, hehe. Can also not send custom headers then

But you can trust that there was a case for this

Since the protocol was written for a large upload service

You wouldn't have to support all of it to be compatible with most client libraries, especially regarding the optional extensions

Mdn seems down... But a quick search looks like PATCH works from JavaScript in the browser

The reason for using PATCH is that HTTP doesn't allow Content-Range on PUTs

Yeah, if you use Fetch in JS you can use all methods

The method limit might be mostly <form>s

Looks like plain xmlhttprequest has supported it for over a decade too https://stackoverflow.com/questions/11288608/http-patch-xmlhttprequest-support

XHR supports it

but you're then immediately in CORS land

though you're already in CORS land when using the http upload XEP anyway

Isn't all that obsolete and now you must use Fetch()?

It's not a MUST, but Fetch is also much more convenient than that old Internet Exploder hack

Yes it is. Web developers MUST use the latest hotness, lest they'd have to do actual useful work

Shots fired

Using a much simpler native API over some library or complex boilerplate code in new code gives you more time to do useful things tho ✏

But you still don't have to

raucao, feel free to assume everything I say on the topic is sarcasm

(where topic == the web)

right

Hi all, I've been working on setting up a possible new federated community space as an alternative to reddit/discourse. I'd love to see some other great XMPP projects join, or you can of course just join as an individual and follow your favorite projects! See you there I hope! https://community.xmpp.net/

Sam, very nice! So you can't comment/post with an existing fediverse account? you need a lemmy account ?

You should be able to use any existing fediverse account (you just won't be able to create communities I think)

The lemmy fediverse integration is relatively new though, so I'm not sure how it works. I know a few people have posted from other instances already, southerntofu knows maybe?

Pasting a post URL into the search box of a Mastodon instance finds the post at least

nifty I'll have to try it, wasn't looking forward to running another service :P

I wonder if I can promote someone on another service to be a moderator of a group; if so, happy to create communities for those who don't want a local account and then I can just promote them. I doubt it, because they wouldn't be able to log into the interface, but maybe they've thought of that

on the other hand lemmy is both rust and AGPL so it's really calling me to run it haha

> Hi all, I've been working on setting up a possible new federated community space as an alternative to reddit/discourse. I'd love to see some other great XMPP projects join, or you can of course just join as an individual and follow your favorite projects! See you there I hope! https://community.xmpp.net/ hi Sam ! not sure if this is the best place to ask but I tried to create an account and haven't received the verification email. pretty sure I put the right one so not sure if there's something else I should try 😅

Check your spam folder

That's where mine went, unfortunately

I dunno, worked for me but I don't actually have any visibility into the email system

Maybe I should disable email verification and allow accounts without email; it makes password reset impossible, which will probably cause issues later

yeah I checked my spam folder but nothing 🤔 not essential to create an account I guess - just thought it would be helpful for me moving forward 😄

It might just take a bit too

In the meantime I've disabled email verification. We can turn it on again later if spam becomes a problem.

Oh hey, someone has already banned a spammer apparently. I didn't even see it. Thanks all.

awesome - that works for now 😄 hopefully the spamming won't be too much of an issue

moparisthebest: just saw your note about security consideration on pubsub public subscription, will add it (answering the same if user exists but has no public subscriptions as if user doesn't exists). However, mutual subscription should not be required to get public subscriptions.

goffi, cool sounds good, then I think just add another one saying adding at least 1 public subscription makes your JID subject to harvesting (which, I think, is desirable here)

moparisthebest: yes makes sense. Thanks for the feedbacks.

even desirable outcomes should be clearly documented

if you have other suggestions, please write to standard@ so I can easily check them for next update.