XSF Discussion - 2022-04-13


  1. MattJ

    Well, there is... the HTTP RFC(s)

  2. raucao

    there is a spec for one solution at least. we were considering using that in remotestorage for the resumable uploads part for example: https://tus.io/protocols/resumable-upload.html

  3. moparisthebest

    raucao: nice! That seems mostly sane, a lot of strange unnecessary things but otherwise

  4. moparisthebest

    > The Client SHOULD use this header if its environment does not support the PATCH or DELETE methods. Which environment would this be...

  5. raucao

    Browser

  6. raucao

    For example

  7. raucao

    But without JS then

  8. raucao

    Sry, hehe. Can also not send custom headers then

  9. raucao

    But you can trust that there was a case for this

  10. raucao

    Since the protocol was written for a large upload service

  11. raucao

    You wouldn't have to support all of it to be compatible with most client libraries, especially regarding the optional extensions

  12. moparisthebest

    Mdn seems down... But a quick search looks like PATCH works from JavaScript in the browser

  13. raucao

    The reason for using PATCH is that HTTP doesn't allow Content-Range on PUTs

  14. raucao

    Yeah, if you use Fetch in JS you can use all methods

  15. Zash

    The method limit might be mostly <form>s

  16. moparisthebest

    Looks like plain xmlhttprequest has supported it for over a decade too https://stackoverflow.com/questions/11288608/http-patch-xmlhttprequest-support

  17. jonas’

    XHR supports it

  18. jonas’

    but you're then immediately in CORS land

  19. jonas’

    though you're already in CORS land when using the http upload XEP anyway

  20. Zash

    Isn't all that obsolete and now you must use Fetch()?

  21. raucao

    It's not a MUST, but Fetch is also much more convenient than that old Internet Exploder hack

  22. Zash

    Yes it is. Web developers MUST use the latest hotness, lest they'd have to do actual useful work

  23. moparisthebest

    Shots fired

  24. raucao

    Using a much simpler native API over some library or complex boilercode in new code gives you more time to do useful things tho

  25. raucao

    Using a much simpler native API over some library or complex boilerplate code in new code gives you more time to do useful things tho

  26. raucao

    But you still don't have to

  27. Zash

    raucao, feel free to assume everything I say on the topic is sarcasm

  28. jonas’

    (where topic == the web)

  29. Zash

    right

  30. Sam

    Hi all, I've been working on setting up a possible new federated community space as an alternative to reddit/discourse. I'd love to see some other great XMPP projects join, or you can of course just join as an individual and follow your favorite projects! See you there I hope! https://community.xmpp.net/

  31. moparisthebest

    Sam, very nice! So you can't comment/post with an existing fediverse account? you need a lemmy account ?

  32. Sam

    You should be able to use any existing fediverse account (you just won't be able to create communities I think)

  33. Sam

    The lemmy fediverse integration is relatively new though, so I'm not sure how it works. I know a few people have posted from other instances already, southerntofu knows maybe?

  34. Zash

    Pasting a post URL into the search box of a Mastodon instance finds the post at least

  35. moparisthebest

    nifty I'll have to try it, wasn't looking forward to running another service :P

  36. Sam

    I wonder if I can promote someone on another service to be a moderator of a group; if so, happy to create communities for those who don't want a local account and then I can just promote them. I doubt it, because they wouldn't be able to log into the interface, but maybe they've thought of that

  37. moparisthebest

    on the other hand lemmy is both rust and AGPL so it's really calling me to run it haha

  38. andrew

    > Hi all, I've been working on setting up a possible new federated community space as an alternative to reddit/discourse. I'd love to see some other great XMPP projects join, or you can of course just join as an individual and follow your favorite projects! See you there I hope! https://community.xmpp.net/ hi Sam ! not sure if this is the best place to ask but I tried to create an account and haven't received the verification email. pretty sure I put the right one so not sure if there's something else I should try 😅

  39. MattJ

    Check your spam folder

  40. MattJ

    That's where mine went, unfortunately

  41. Sam

    I dunno, worked for me but I don't actually have any visibility into the email system

  42. Sam

    Maybe I should disable email verification and allow accounts without email; it makes password reset impossible, which will probably cause issues later

  43. andrew

    yeah I checked my spam folder but nothing 🤔 not essential to create an account I guess - just thought it would be helpful for me moving forward 😄

  44. Sam

    It might just take a bit too

  45. Sam

    In the meantime I've disabled email verification. We can turn it on again later if spam becomes a problem.

  46. Sam

    Oh hey, someone has already banned a spammer apparently. I didn't even see it. Thanks all.

  47. andrew

    awesome - that works for now 😄 hopefully the spamming won't be too much of an issue

  48. goffi

    moparisthebest: just saw your note about security consideration on pubsub public subscription, will add it (answering the same if user exists but has no public subscriptions as if user doesn't exists). However, mutual subscription should not be required to get public subscriptions.

  49. moparisthebest

    goffi, cool sounds good, then I think just add another one saying adding at least 1 public subscription makes your JID subject to harvesting (which, I think, is desirable here)

  50. goffi

    moparisthebest: yes makes sense. Thanks for the feedbacks.

  51. Ge0rG

    even desirable outcomes should be clearly documented

  52. goffi

    if you have other suggestions, please write to standard@ so I can easily check them for next update.