If I get technical assitance I am always happy to make tweets and toots out of it
adiaholichas joined
Andrzejhas joined
konstantinoshas joined
Vaulorhas left
Vaulorhas joined
marc0shas left
marc0shas joined
pablohas left
adiaholichas left
Daniel
would 0390/caps2 be a good place to create something like: <query xmlns="disco#items"><item jid="foo"><c xmlns="urn:xmpp:caps"><hash xmlns="urn:xmpp:hashes:2" algo="sha-256">β¦</c></item></query>
Daniel
i really want _something_ like this; doesnβt necessarily have to be that syntax
Zash
Me too! Recursive caps-disco something something
Daniel
it doesnβt necessarily have to be recursive
Daniel
just the caps hash of each item in the items response
Zash
Also something in stream:features on connect for local components etc
Daniel
(that the server knows)
Daniel
the next step would be to put the items in the bind2 responseβ¦
sonnyhas left
chipmnkhas joined
Zash
Negotiated with `<iq><{disco#info}query><{ecaps}plz-include-in-items/></query></iq>` or something ?
Dele Olajidehas left
Dele Olajidehas joined
sonnyhas joined
Daniel
does it have to be negotiated if it's just an extension?
stpeterhas joined
Daniel
but yes that's an option to save traffic I guess
zonsopkomsthas left
massiveboxhas left
MSavoritias (fae,ve)has left
Mikaelahas left
antranigvhas left
antranigvhas joined
Mikaelahas joined
neshtaxmpphas left
neshtaxmpphas joined
Mikaelahas left
Mikaelahas joined
Mikaelahas left
xnamedhas left
gooyahas left
gooyahas joined
Mikaelahas joined
Mikaelahas left
xnamedhas joined
marc0shas left
marc0shas joined
Axelhas left
Zash
Dunno how careful we need to be with unexpected items in these very core pieces
antranigvhas left
moparisthebest
TLS land (including QUIC) does a whole bunch of purposefully putting random unexpected items in core places so that new things will work in the future, maybe we should do the same?
Axelhas joined
moparisthebest
https://www.rfc-editor.org/rfc/rfc9287.html for example
atomicwatchhas joined
moparisthebest
https://www.rfc-editor.org/rfc/rfc8701
antranigvhas joined
moparisthebest
8701 is probably what we should emulate with bind2, register a few useless extensions, have servers randomly insert them
flow
are we facing the same issues that causes TLS to do so?
moparisthebest
If Zash is afraid of putting unexpected things in there then maybe...
stpeterhas left
stpeterhas joined
MattJ
We used to be a lot less scared of breaking changes :)
MattJ
I'm inclined to just go for it in this case - it *is* how XMPP is meant to work
catchyhas left
catchyhas joined
Daniel
what's the X for again?
moparisthebest
eXcept too many implementations failed on uneXpected values...
massiveboxhas joined
Vaulorhas left
inkyhas left
inkyhas joined
nicocohas left
nicocohas joined
Vaulorhas joined
Fishbowlerhas left
Fishbowlerhas joined
Martinhas left
Martinhas joined
Dele Olajide
>Daniel : what's the X for again?
X factor. eXciting, eXtendable, eXtensible, eXtraordinary, ineXhaustible and uneXceptional
Zash
Daniel, point about conserving size might be relevant, but otoh caps helps with caching so probably won't matter
emushas left
Axelhas left
nicocohas left
nicocohas joined
flow
moparisthebest> eXcept too many implementations failed on uneXpected values...
not in my experience. I believe, at least in the FOSS space, the majority of XMPP implementations correctly handle unknown extensions at the well defined extensions points
flow
and even if not, say if you use exotic extensions points like namespace attributes, then I still would be willing to accept the fallout of implementations not handling namespace attributes like they should and tell those to fix their implementation✎
me9has joined
flow
and even if not, say if you use "exotic" extensions points like namespaced attributes, then I still would be willing to accept the fallout of implementations not handling namespace attributes like they should and tell those to fix their implementation ✏
Martinhas left
moparisthebest
TLS was extensible in the same way and failed hard this way, and we have very popular servers that can't parse stream features if you format them in a totally valid but unexpected way, so I'd disagree...
antranigvhas left
Axelhas joined
Fishbowlerhas left
Fishbowlerhas joined
Martinhas joined
Martinhas left
moparisthebest
Write a server and send:
<features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls></features>
Then be surprised you can only federate with ~half the network, because the other half fails if you don't send <stream:features ...
Tobiashas left
Tobiashas joined
Fishbowlerhas left
Fishbowlerhas joined
flashcorehas left
emushas joined
Tobiashas left
MattJ
Hash the remote domain, and feed that into a probability function that gradually increases the percentage of domains which we send prefix-free <features/> to, until it reaches 100% on a certain date
Tobiashas joined
Zash
Phased rollout strategies, on my federated network?
snowhas joined
MattJ
Something we should do more of :)
Zash
Wait, aren't we already?
antranigvhas joined
MattJ
By upgrading software?
Zash
Yeah. Not everyone does it at the same rate etc.
MattJ
With an algorithm we get to control the rate though, I guess
Zash
Yeah.
MattJ
If we want to be able to send prefix-free features, we can't just release that today or it will break for 50% of remote domains
MattJ
if we want to make that change within a year, we can't just release it in a year either
catchyhas left
catchyhas joined
moparisthebest
For that particular bug I suppose we should just fix the offending server and wait, but I'm theory something like GREASE would prevent the same thing from happening with bind2 etc✎
moparisthebest
For that particular bug I suppose we should just fix the offending server and wait, but in theory something like GREASE would prevent the same thing from happening with bind2 etc ✏
Wojtekhas left
flashcorehas joined
Zash
Prosody trunk, enabled by default, see who notices anything :)
xeckshas left
xeckshas joined
Mikaelahas joined
konstantinoshas left
MSavoritias (fae,ve)has joined
neshtaxmpphas left
neshtaxmpphas joined
Axelhas left
Martinhas joined
Vaulorhas left
xeckshas left
xeckshas joined
adiaholichas joined
Dele Olajidehas left
Wojtekhas joined
inkyhas left
inkyhas joined
Maxencehas left
Maxencehas joined
Maxencehas left
Maxencehas joined
Kevhas left
Guus
Roughly 75% of the servers running the server software that I'm working on have not updated in the last 2 years. π¨
About 3% has not updated in more than 10 years. π±
Axelhas joined
neshtaxmpphas left
neshtaxmpphas joined
Vaulorhas joined
Tobiashas left
Tobiashas joined
Tobiashas left
neshtaxmpphas left
neshtaxmpphas joined
Kevhas joined
Tobiashas joined
Tobiashas left
asterixhas left
asterixhas joined
Tobiashas joined
Kevhas left
Vaulorhas left
Vaulorhas joined
mjkhas left
neshtaxmpphas left
snowhas left
neshtaxmpphas joined
AlexJOhas joined
AlexJOhas left
Alex
never change a running system ποΈ
jgarthas left
flow
moparisthebest, your example falls more into the namespaced attributes category than into what I consider "well defined extension points"
flow
and the latter is what I understand you want to feed with "random unexpected items", but maybe I misunderstood that
Wojtekhas left
Vaulorhas left
Patigahas left
Vaulorhas joined
moparisthebest
flow: I think it's all basically the same, that programmers handle things they see and not things they don't
Kevhas joined
Kevhas left
petrescatraianhas left
konstantinoshas joined
Friendly Resident Cynichas left
moparisthebest
Maybe xmpp-proxy could have a mode where it inserts random caps, randomly changes single quotes to double quotes, randomly changes prefixes etc etc
Maxencehas left
Menel
moparisthebest: that sounds honestly really good for testingπ
Maxencehas joined
snowhas joined
sonnyhas left
Dele Olajidehas joined
Ray22has joined
sonnyhas joined
flow
In general, an interoperability testsuite that checks for such mistakes implementations are known to make would be a good idea✎
marc0shas left
marc0shas joined
Yagizahas left
papatutuwawahas left
papatutuwawahas joined
pep.
chaosproxy
inkyhas left
asterixhas left
asterixhas joined
gooyahas left
gooyahas joined
gooyahas left
gooyahas joined
robertooohas left
moparisthebest
GREASE is about testing the points we know should be flexible, but in production where, let's face it, is the only place many things are actually tested lol
moparisthebest
pep.: hmm very nice I might steal that name lol
petrescatraianhas joined
Peter Waherhas left
stpeterhas left
Peter Waherhas joined
Wojtekhas joined
catchyhas left
resolihas joined
resolihas left
xengineeringhas left
xengineeringhas joined
Andrzejhas left
robertooohas joined
Maxencehas left
Maxencehas joined
projjalmhas joined
inkyhas joined
stpeterhas joined
jgarthas joined
projjalmhas left
projjalmhas joined
projjalmhas left
projjalmhas joined
stpeter
Have we had any discussion about the forthcoming CRA legislation? I just now glanced at https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/ and https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/ - their warnings are concerning.
snowhas left
atomicwatchhas left
Kevhas joined
atomicwatchhas joined
atomicwatchhas left
Maxencehas left
Maxencehas joined
resolihas joined
Ray22has left
florettahas left
beanhas joined
projjalmhas left
projjalmhas joined
atomicwatchhas joined
konstantinoshas left
resolihas left
Dele Olajidehas left
konstantinoshas joined
Ellenor Malik
empp
Patigahas joined
snowhas joined
konstantinoshas left
projjalmhas left
flow
In general, an interoperability testsuite that checks for such mistakes, implementations are known, to make would be a good idea ✏
projjalmhas joined
wurstsalat
Hi folks! I plan to let go of our renewal policy for the software listing on xmpp.org. Until now, every maintainer had to update "last_renewed" once per year. We now have DOAP files for many actively developed clients, servers, libraries, and tools. Software providing a DOAP file would be listed in a rich list (like it is now), and software without would be listed in a simple table below, behind a "Show List" button. Any objections?
Peter Waher
π
Guus
wurstsalat: None here
stpeter
@wurstsalat that sounds reasonable
stpeterhas left
projjalmhas left
projjalmhas joined
florettahas joined
emus
π
Axelhas left
emus
wurstsalat: can you call via member, jdev and standards to update and provide doaps one last time? should I?