XSF Discussion - 2024-03-05


  1. edhelas

    I'm planning to write a small XEP named Pubsub Payload Hash, the title should be quite self explanatory, it's to introduce a small optimization in Pubsub to prevent clients to request the same payload twice on an item in case of an update.

  2. edhelas

    It will be linked with the Stories and Pubsub Items Acknowledgement that are introducing metadata at the Pubsub item level

  3. edhelas

    I was wondering if there is a proper way to declare a hash element in a XMPP stanza beforehand

  4. Guus

    Something like XEP-0300 edhelas ?

  5. Guus

    (I never used it myself, I have no first hand experience)

  6. flow

    edhelas, there is prior-art wrt to pubsub item hash in https://xmpp.org/extensions/xep-0395.html#cap-v

  7. flow

    edhelas, there is prior-art wrt pubsub item hash in https://xmpp.org/extensions/xep-0395.html#cap-v

  8. flow

    reading the xep today, i think the name cap-value was poorly choosen by me, something like item-hash would be better

  9. flow

    or maybe even item-payload-hash, to make it clear that the has value is calculated exclusively over the payload and no other item metadata

  10. edhelas

    > reading the xep today, i think the name cap-value was poorly choosen by me, something like item-hash would be better Indeed

  11. edhelas

    Si looks like I'll do something redundant with 0395

  12. edhelas

    So looks like I'll do something redundant with 0395

  13. flow

    edhelas, happy to change the name (and potentially other aspects of xep395) and potentially factor it out collaboratively with you into a standalone "pubsub item payload hash" xep

  14. edhelas

    I'd prefer personnally to put the hash directly at the item level indeed

  15. edhelas

    <item><payload-hash/></item> or something like that, then it could be pushed easily along Pubsub headlines

  16. flow

    edhelas, I am not sure if this will work or that this is sensible. but maybe we need to make even one step back: who do you envision to calculate the hash?

  17. edhelas

    Hash the entry serialized XML ?

  18. MattJ

    😬

  19. MattJ

    One doesn't simply hash XML

  20. edhelas

    Time to write a XEP for it then 😬 Reproducible XML serialization

  21. MattJ

    https://en.m.wikipedia.org/wiki/Canonical_XML

  22. MattJ

    I think it would be better, if possible, to do something like HTTP's opaque ETags

  23. edhelas

    Or maybe the Atom timestamp could do it for now

  24. edhelas

    If somehow I can put it as a item metadata

  25. MattJ

    Which brings us to https://xmpp.org/extensions/xep-0312.html

  26. edhelas

    ❀️

  27. flow

    edhelas, basically what I was heading at is that the pubsub service should do the hash calculation, then it has not even be an actual hash value, but, as MattJ already hinted, something similar to ETags or a generation counter

  28. edhelas

    "XMPP, don't worry, we got you covered, There's a XEP for That β„’ "

  29. edhelas

    > edhelas, basically what I was heading at is that the pubsub service should do the hash calculation, then it has not even be an actual hash value, but, as MattJ already hinted, something similar to ETags or a generation counter Actually yes that was my idea, its doesn't even need to be an actual reproductible hash by the client, but more a unique Pubsub paydoad identifier

  30. edhelas

    Maybe Hash was not the best word for it

  31. edhelas

    I'm discovering ETags indeed :)

  32. flow

    ok, then the pubsub server assigns this "tag" value. this, in turn, means that you don't need to shove it into <item/>, which IMHO would be a questionable approach in the first place

  33. MattJ

    Would it be useful for clients to receive a server-provided spam flag/score on incoming messages? (and probably presence subscriptions)

  34. MattJ

    https://xmpp.org/extensions/xep-0287.html#spim-marker went in this direction

  35. Fishbowler

    > ok, then the pubsub server assigns this "tag" value. Hash / tag needs to be lightweight? Considering a DoS where sending a stanza to a server infers far more work on the server than the sending did.

  36. goffi

    MattJ: yes, and it would be useful to provide it at gateway level too (thinking about the email gateway I'll be working on later this year).

  37. alom

    Does anyone know how to mention all users in a MUC? I need this for a private group am hosting. I cant find an answer to this. Sorry if am asking in the wrong place :)

  38. singpolyma

    alom: most clients do not support it but there is a xep for "attention" that I use for thir

  39. singpolyma

    alom: most clients do not support it but there is a xep for "attention" that I use for this

  40. alom

    singpolyma: Thank you so much! I dont need to mention their name specifically, the goal is to give a notification to all of something posted to the MUC. So maybe the "attention" solution will fit :)

  41. singpolyma

    If you want to test it Cheogram Android client has this feature if you start a message with @here

  42. alom

    singpolyma: Ok great, I will test thatπŸ‘ Am using the app "Conversations" now on Android. If I like this feature, is it possible to add support for it on the Conversatons app through a plugin for example?

  43. singpolyma

    It would be a patch, but if you like conversations then Cheogram should feel very natural as they are based on mostly the same code

  44. gooya

    Is there any xep for pinning messages in muc's?

  45. alom

    singpolyma: Thank you so much, you really helped me a lot! :)

  46. singpolyma

    gooya: just one, the subject, and it's generally only text

  47. MSavoritias fae.ve

    > Is there any xep for pinning messages in muc's? there is none

  48. MSavoritias fae.ve

    afaik

  49. gooya

    > Is there any xep for pinning messages in muc's? I wonder if there is enough interest in the community for such a thing. I never really noticed it wasn't there until someone pointed out that xmpp was lacking it. It is probably a huge hassle to implement client and server wise? And unsure whether there is a big enough need for it?

  50. edhelas

    Wondering how it can be done properly indeed

  51. MSavoritias fae.ve

    people have expressed interest before

  52. MSavoritias fae.ve

    i would aim for telegram/twitch pinned messages as a goal personally

  53. edhelas

    Also a lot of clients doens't implement a "click to go to the place in history" UI/UX, it's difficult to do properly afaik

  54. gooya

    > i would aim for telegram/twitch pinned messages as a goal personally I like telegrams way of pinning indeed

  55. singpolyma

    > Also a lot of clients doens't implement a "click to go to the place in history" UI/UX, it's difficult to do properly afaik this is needed even without pinning though

  56. MSavoritias fae.ve

    idk what discord does

  57. singpolyma

    pinning messages is always on my radar, but so far no one has actually needed it for anything so I didn't do it yet

  58. MSavoritias fae.ve

    i expect it to come for the peertube chat at sooner or later

  59. singpolyma

    Well, once someone has a use for it then we can ask what they actually want to accomplish and find out if pinned messages is the best way to get that UX or if something else will help better

  60. singpolyma

    Like some platforms only allow a single pinned message anyway, at which point we have that now

  61. gooya

    I feel like there are a lot more important features/fixes to be implemented in xmpp. Message pinning is probably not a high priority, but shouldn't we come up with some kind of way on collecting data/survey info regarding most willed features/fixes/idk. Whenever there is something which could be improved the answer is always 'people expressed interest'. Would be cool if there was a way to submit and vote for ideas to better track popularity of features etc

  62. MSavoritias fae.ve

    that wont help much. because we are missing developers

  63. MSavoritias fae.ve

    and designers

  64. singpolyma

    gooya: I guess clients get feature requests on a regular basis which is kind of how this voting happens now

  65. MSavoritias fae.ve

    a lot of them. even if we knew what features to add

  66. MattJ

    Yes, users need to request to client developers, client developers have to make it happen. Most open-source client developers are not working full-time on their clients.

  67. MSavoritias fae.ve

    also people who use xmpp for not tech talk imo

  68. singpolyma

    the hardest part is figuring out if someone asks for something because they actually want it, or because they think someone else might want it

  69. MattJ

    If client developers need additional protocol, that's where the "XMPP" part comes in

  70. gooya

    > gooya: I guess clients get feature requests on a regular basis which is kind of how this voting happens now Yeah but some idea's/implementation are a collective effort. e.g. better moderation tools. One client will unlikely adopt better/newer moderation tools if it only support their client. If that makes sense.

  71. gooya

    > the hardest part is figuring out if someone asks for something because they actually want it, or because they think someone else might want it Hence the collecting of data/votes on a somewhat larger scale

  72. MSavoritias fae.ve

    makes sense yeah

  73. singpolyma

    If you have concrete ideas for better moderation tools I didn't add yet I'm happy to be the first to add them ;)

  74. flow

    Fishbowler, a generation counter is pretty lightweight, the pubsub service could simply increment if an item is updated (even if it structually didn't change its content)

  75. gooya

    > If you have concrete ideas for better moderation tools I didn't add yet I'm happy to be the first to add them ;) Ohh I wrote a long ass message when the spamwave was going on a few months ago. I'll look for it

  76. MSavoritias fae.ve

    for moderation i am writing a paper to see what is needed btw. so any more ideas welcome

  77. MSavoritias fae.ve

    ideas is just one of the steps. and then i plan to write some actionable stuff xmpp/clients can do to be better

  78. MSavoritias fae.ve

    > > If you have concrete ideas for better moderation tools I didn't add yet I'm happy to be the first to add them ;) > Ohh I wrote a long ass message when the spamwave was going on a few months ago. I'll look for it i would be interested too to add it to the paper. :) if you have anything

  79. gooya

    https://share.loqi.im/upload/de9ecdd7-df4b-493e-8eb0-3474934f2003/zb2rhYq6whsjnVBTfgspVn97mNaS7mfAesLxg4FKtHQ2FKJzU.jpg

  80. gooya

    MSavoritias fae.ve, singpolyma:

  81. gooya

    The only related message I could find

  82. MSavoritias fae.ve

    yeah moderation pannel sounds like a great idea

  83. singpolyma

    gooya: ah, so you're talking about users flagging a message in-muc to moderators

  84. MSavoritias fae.ve

    at all xmpp layers. server, group chats and individual

  85. gooya

    Yes. In contrast to the usual pinging

  86. gooya

    would be nice for 1:1 too but for muc's it would be a big help for moderating

  87. singpolyma

    not sure what it would do in 1:1 ?

  88. gooya

    Imagine 4 moderators in a muc. All in different timezones. instead of a user pinging moderator (who is possibly inactive) to notify about spam. They can report it and the all the mods get a notification about the new report. Once someone deals with the report they can dismiss it so the other mods won't have to read/act again. No more pinging mods. No more reading back the whole conversation with possibly over 100s messages.

  89. gooya

    > not sure what it would do in 1:1 ? 1:1 spam attacks, report the user to the server admin

  90. Daniel

    >> not sure what it would do in 1:1 ? > 1:1 spam attacks, report the user to the server admin This already works

  91. pep.

    gooya, yeah the report-to-mods mechanism you're talking about is something I'd like to have too

  92. gooya

    > gooya: ah, so you're talking about users flagging a message in-muc to moderators singpolyma, Isn't this kind of a chicken-egg problem? Who will be the first to implement such a feature, server devs or client devs? XEP-0377 only concerns about 1:1 and not MUC's?

  93. pep.

    gooya, 0377 doesn't concern itself with anything, it just defines a format no?

  94. pep.

    That can be sent in any message

  95. pep.

    So one "just" needs to use it in MUC

  96. alom

    singpolyma: Hello again, I installed and setup Cheogram with an account. But am not able to make the @here "attention" function work to notify my Conversations client. Did you mean it only works across Cheogram clients and that its not enough that its being sent from a Cheogram client?

  97. singpolyma

    >> gooya: ah, so you're talking about users flagging a message in-muc to moderators > singpolyma, Isn't this kind of a chicken-egg problem? Who will be the first to implement such a feature, server devs or client devs? XEP-0377 only concerns about 1:1 and not MUC's? You speak as though these are naturally disjoint groups πŸ˜‰

  98. singpolyma

    alom: correct

  99. alom

    singpolyma: Ok, thanks againπŸ˜ŠπŸ‘

  100. moparisthebest

    Alex: memberbot broken or ignoring me? :'(

  101. Zash

    Looked offline a moment ago? Good thing I already voted :)

  102. moparisthebest

    I don't think I've ever missed a vote I'd hate to break a streak lol

  103. Seve

    This time I voted thanks to the reminder, I try to do it before that but I must admit defeat this time

  104. Alex

    checking memberbot now

  105. Alex

    memberbot is back and should accept your votes now

  106. moparisthebest

    Worked! Thanks Alex

  107. Alex

    we are at 40 voters now. Lets see if we can get more before the meeting starts soon

    πŸ—³οΈ 1
  108. Alex

    checking the voters to finalize the Agenda, then we should be able to start in 3 minutes with our member meeting

  109. Kev

    Thanks Alex, as always :)

  110. Alex

    okay, lets start

  111. Alex bangs the gavel

  112. Alex

    here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2024-03-05

  113. Alex

    1) Call for Quorum

  114. Alex

    as you can see 41 members voted via proxy. So we have a quorum

  115. Alex

    we have 53 members currently when I counted correct ;-)

  116. Alex

    2) Items Subject to a Vote

  117. Alex

    new and returning members. You can see all applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q1_2024

  118. Alex

    3) Opportunity for XSF Members to Vote in the Meeting

  119. Alex

    any members here who have not voted yet?

  120. Alex

    Memberbot is still online

  121. Alex

    looks like there are none

  122. Alex

    then I will shutdown the bot and start counting

  123. moparisthebest

    77.4% voter turnout is the best I recall, good work everyone :D

  124. Alex

    ya, pretty good

  125. Alex

    okay, drumroll

  126. Alex

    4) Announcement of Voting Results

  127. Alex

    when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2024-03-05#Announcement_of_Voting_Results you can see the results

  128. Alex

    all applicants and reappliers are accepted. Congrats to everyone

  129. arne-bruen

    πŸŽ‰

  130. Alex

    5) Any Other Business?

  131. Alex

    looks like there is none

  132. Alex

    6) Formal Adjournment

  133. Alex

    I motion that we adjourn

  134. Alex

    need someone to second ;-)

  135. flow

    Thanks Alex

  136. flow

    moparisthebest, otoh, your member count feels a bit low…

  137. flow

    but at least those who are members largely voted

  138. Mari0

    thank you for voting for me, I will do my best :-)

  139. Guus

    seconded!

  140. arne-bruen

    Thanks Alex. Welcome Mario

  141. Alex

    Thanks Guus

  142. Mari0

    Thanks Alex

  143. Mari0

    and arne-bruen, :-)

  144. Guus

    Welcome aboard, Mari0 :)

  145. Guus

    Thanks, as always, Alex

  146. moparisthebest

    flow: Alex said 41 of 53

  147. Mari0

    Guus, thx

  148. Alex

    PR for Mario: https://github.com/xsf/xmpp.org/pull/1353

  149. nicola

    Hi all! Thank you everyone. Congratulations to all members. A warm welcome @Mari0 πŸ˜€

  150. Mari0

    nicola: thank you! πŸ˜€

  151. Guus

    This is a long shot, but: does anyone happen to know what Trillian ("Astra") from 2009 requires from a server to connect? Or, alternatively, how to enable debug logs / capture an XMPP stream?

  152. Kev

    Guus: Talk to your XMPP server devs and work out how to get telemetry on the server side? :)

  153. Guus

    Does someone know a good XMPP server dev?

  154. moparisthebest

    Is it a TLS error? If TLS is involved I'd immediately assume yes

  155. Guus

    ``` Connection to JABBER has failed: system errorcode β€œ0”. *** You have been disconnected. ```

  156. Guus

    That's all I got told by the user :)

  157. Alex

    Mari0, you should have received an invite to our mailing list

  158. Mari0

    Alex: on a train I'll accept invitation asap

  159. Alex

    I think I accepted it already for you

  160. Mari0

    Thank you πŸ˜€

  161. moparisthebest

    Guus: does the server require TLS though

  162. Guus

    moparisthebest: likely

  163. Guus

    moparisthebest: yathzee: `Client requested protocol TLSv1 is not enabled or supported in server context`

  164. Kev

    Victory.

  165. moparisthebest

    Excellent, if it's not DNS it's an ancient client that can't do modern TLS 🀣

  166. moparisthebest

    Guus: can that client do plain no-tls with a manually configured host/port ? If so they can run xmpp-proxy anywhere and connect to it's client port

  167. Guus

    moparisthebest: I don't know. Openfire allows one to enable old TLS versions through its admin console though, so it's easily rectified.

  168. moparisthebest

    ew that's pretty bad though

  169. Guus

    You're not our intended audience :)

  170. Zash

    Please tell us you're building a museum and that it is airgapped from the rest of the internets.

  171. Zash

    Lie if you must

  172. Guus

    I mean I also have a NonSaslAuth plugin, if you really want to be worried about something :)

  173. Guus

    Zash ... it's not me who's building that, but... yes?

  174. moparisthebest

    Guus: presumably they want TLS for encryption guarantees though and known broken versions don't really provide that :/

  175. moparisthebest

    Whatever they want to do I guess but I'd never recommend exposing TLS 1.1 on the internet

  176. Zash

    Non-SASL login did have combined auth and resource binding, which we're going back to with SASL2 :)

  177. moparisthebest

    sasl isn't even needed over good TLS so that's fine /unpopular-opinion :D

  178. Guus

    Can't find the exact link, but these guys are running XMPP on ... museum-worthy hardware: https://system7today.com/

  179. Menel

    moparisthebest: then don't check TLS versions of jabber.org πŸ‘Ό

  180. moparisthebest

    πŸ™ˆπŸ™‰

  181. Guus

    also: https://soapboxrace.world/

  182. emus

    > also: https://soapboxrace.world/ it uses xmpp? or what was the point?

  183. emus

    Congrats everyone for Q1 πŸ­πŸŽ‰

  184. Guus

    Yeah, there's XMPP in there, somewhere. I once worked on an Openfire plugin for them

  185. Guus

    jabber:browse maybe? or nonsasl, jabber:agent - somesuch

  186. emus

    thx