-
singpolyma
Well sounds like they're choosing the telegram server because of the telegram server's policies
-
singpolyma
Which indicates to me that they do care
-
moparisthebest
kurisu: I think you are saying "expiration times/sizes/etc should be discoverable for clients" ? Seems right to me
-
singpolyma
Once your client is connected you've already signed up, no?
-
moparisthebest
Before signup might be important but so is after you are connected, not like it can't change
-
singpolyma
Hopefully it's not drastically changing without a serious announcement, but I guess so
-
moparisthebest
Also users should be able to configure it :)
-
singpolyma
It hasn't been said, but I think kurisu has an assumption people are googling "xmpp server" and signup for a random one run by someone they don't have any knowledge of or some similarly bad flow
-
singpolyma
> Also users should be able to configure it :) Yes for some users this would be good ↺
-
moparisthebest
> It hasn't been said, but I think kurisu has an assumption people are googling "xmpp server" and signup for a random one run by someone they don't have any knowledge of or some similarly bad flow That would indeed be bad ↺
-
SavagePeanut
> It hasn't been said, but I think kurisu has an assumption people are googling "xmpp server" and signup for a random one run by someone they don't have any knowledge of or some similarly bad flow It would surprise me if this wasn't happening ↺
-
singpolyma
Sure, I have evidence some people are doing that. And the ecosystem is weak enough right now that I can sometimes see why. But the solution is to not do that
-
SavagePeanut
That would be the ideal solution Better account migration may also help a bit
-
kurisu
> It hasn't been said, but I think kurisu has an assumption people are googling "xmpp server" and signup for a random one run by someone they don't have any knowledge of or some similarly bad flow And there are so many famous servers with well known policies ↺
-
singpolyma
kurisu: I assume you're being sarcastic. And yes, there are almost no services I would suggest a new user to sign up with at the moment. It's a weak point for sure
-
kurisu
Weak more like breaking
-
moparisthebest
For new users I suggest: Running your own Snikket, paying for Snikket to run your Snikket, conversations.im. In that order. There are other good options too. Other lesser chat systems only have 1 choice so we are at least 4x better from the start
-
singpolyma
moparisthebest: those are indeed pretty much the options, but only if you want what they happen to offer which eg kurisu's requirements are different
-
kurisu
>for new users: running your own This must be a joke.
-
singpolyma
Depends on the user 🙂
-
moparisthebest
If you want unlimited storage you can run your own or pay someone to do it. If you want unlimited slack retention you can only pay slack a shitload.
-
kurisu
> Other lesser chat systems only have 1 choice so we are at least 4x better from the start This must be a joke too.
-
SavagePeanut
You are in a room for a decentralized chat protocol and are surprised that the people in it like self hosting and choices?
-
kurisu
> If you want unlimited storage you can run your own or pay someone to do it. If you want unlimited slack retention you can only pay slack a shitload. Telegram gives you unlimited storage for free ↺
-
moparisthebest
Not free, you pay with your data
-
kurisu
> You are in a room for a decentralized chat protocol and are surprised that the people in it like self hosting and choices? I am surprised people don't care about usability. ↺
-
moparisthebest
Plus they can change their minds literally at any time
-
kurisu
> Not free, you pay with your data From normie pov that's free. ↺
-
moparisthebest
Sounds like a much worse deal to me
-
moparisthebest
>> Not free, you pay with your data > From normie pov that's free. Maybe, but that's wrong. Educate them. ↺
-
kurisu
> Plus they can change their minds literally at any time The likelihood of that in my experience has been less than an xmpp server keeling over dead or just glitching. ↺
-
moparisthebest
Must not have that long of experience?
-
moparisthebest
Google alone has killed what 85 entire chat systems?
-
moparisthebest
AOL, msn, icq, I mean this list never ends
-
kurisu
>> From normie pov that's free. > Maybe, but that's wrong. Educate them. If educating them worked, it would've worked already. If xmpp or some other privacy friendly solution were equally as useful, then they might switch. Very few will sacrifice usability for ideology, and it shows. ↺
-
moparisthebest
No need to sacrifice usability
-
kurisu
> AOL, msn, icq, I mean this list never ends Long enough period for people to just switch. E.g. by the time icq was stopped it had basically no users. ↺
-
moparisthebest
We've already established XMPP supports infinite history, and can support the other stuff you want, just do it?
-
kurisu
> No need to sacrifice usability You suggested self hosting as the best option. If self hosting is the best solution, than YES it is need to sacrifice usability and by a lot. ↺
-
moparisthebest
Not sure what you mean?
-
moparisthebest
I've always said the best case is for everyone to use a small server hosted by themselves or close family/friends
-
kurisu
No significant chunk of the population is ever going to do that. People don't work like that.
-
kurisu
And I don't know a single person who I would rely on to keep a server running over a decade at least.✎ -
kurisu
And I don't know a single person irl who I would rely on to keep a server running over a decade at least. ✏
-
moparisthebest
Why not? Sure they do, I think you have an antiquated notion of what it takes to run a server.
-
moparisthebest
If you can install an app on a phone or TV or plug a box into a wall you can host your own server, that's it
-
kurisu
No I don't, computers are still fucked up and overcomplicated. And >sure they do Yeah sure we see that everywhere?
-
moparisthebest
That all the code isn't yet done to enable this is a small detail, something that again, just needs done
-
kurisu
> If you can install an app on a phone or TV or plug a box into a wall you can host your own server, that's it A server run on a shitdroid phone? I wouldn't expect that to last a month without downtime. ↺
-
kurisu
> That all the code isn't yet done to enable this is a small detail, something that again, just needs done No it's no small detail. Crossing between theory and practice is no small detail lol. ↺
-
moparisthebest
This is perhaps the best thing about XMPP. You seem driven to make a discord/slack alternative, you can make that happen. I want tiny servers everywhere, I can work on enabling that. And our individual disconnected efforts end up benefitting each other. 😁
-
kurisu
I want a discord/slack alternative in the sense that I want people out of surveilled walled gardens. How that "alternative" works is an implementation detail. "Small servers everywhere" has proven to not be viable, otherwise it would've prevailed by now, as the tools are there and have been there for a long time.
-
deport
2 more weeks
-
moparisthebest
> I want a discord/slack alternative in the sense that I want people out of surveilled walled gardens. How that "alternative" works is an implementation detail. Sure, sounds great, please do it! > "Small servers everywhere" has proven to not be viable, otherwise it would've prevailed by now, as the tools are there and have been there for a long time. Not really but I guess we'll see.
-
fugata
> I want a discord/slack alternative in the sense that I want people out of surveilled walled gardens. How that "alternative" works is an implementation detail. "Small servers everywhere" has proven to not be viable, otherwise it would've prevailed by now, as the tools are there and have been there for a long time. kurisu: I generally avoid making statements like "not viable, otherwise it would have prevailed by now" - 1. If it isn't widespread, there is a reason 2. If there is a reason, it can be fixed 3. If or when it is fixed, what is "unviable" will suddenly become very "viable". ↺
-
mike
Also the notion that "it isn't popular, therefore it must not be good" is quite flawed
-
kurisu
> If there is a reason, it can be fixed Not always plus it's been plenty of time for it to get fixed so
-
MSavoritias fae.ve
has it? computer science and computing are very much in their infancy still. so there hasnt been plenty of time at all.
-
kurisu
Xmpp has existed for 25 years. In computer years that's basically since the big bang.
-
mathieui
kurisu: many things have come and gone in that period, yet XMPP is still there
-
opinionplatform.org
> 3. If or when it is fixed, what is "unviable" will suddenly become very "viable". After "the ship has sailed" it may be theoretically possible to overtake it, but unlikely in practice...
-
deport
I might be crazy but I always find myself being stuck on the fence regarding the smallness of the xmpp community and relatively small user base and whether we would be better off with more people involved
-
kurisu
> kurisu: many things have come and gone in that period, yet XMPP is still there Icq was considered dead when it still had many more users than xmpp ever had. So this "still there" is technical. ↺
-
opinionplatform.org
> I might be crazy but I always find myself being stuck on the fence regarding the smallness of the xmpp community and relatively small user base and whether we would be better off with more people involved I agree people running the xmpp (public) show enjoy being among few fish in small ponds, rather than minnows among sharks in a bigger ocean... ↺
-
deport
yes, that's part of it
-
mathieui
kurisu: technically wrong, there are and were many more users of XMPP, they just did not know it (now of course private or in-app deployments don't bring street cred on the wide internet, but this is not something I care about personally)
-
lissine
> Icq was considered dead when it still had many more users than xmpp ever had. So this "still there" is technical. Do you know how many xmpp users there are? If so, provide a reference
-
kurisu
👍 1> kurisu: technically wrong, there are and were many more users of XMPP, they just did not know it (now of course private or in-app deployments don't bring street cred on the wide internet, but this is not something I care about personally) I care about people being in our out of walled gardens, so what whatsapp may or may not run under the hood of irrelevant✎ ↺ -
kurisu
> kurisu: technically wrong, there are and were many more users of XMPP, they just did not know it (now of course private or in-app deployments don't bring street cred on the wide internet, but this is not something I care about personally) I care about people being in our out of walled gardens, so what whatsapp may or may not run under the hood is irrelevant ✏ ↺
-
opinionplatform.org
>> kurisu: technically wrong, there are and were many more users of XMPP, they just did not know it (now of course private or in-app deployments don't bring street cred on the wide internet, but this is not something I care about personally) > I care about people being in our out of walled gardens, so what whatsapp may or may not run under the hood of irrelevant "Out of walled gardens" makes a catchy slogan, but does not well describe the public muc experience for _some people_. When run as tiny fiefdoms by petty people, it is just as walled as anywhere. IMO. ↺
-
lissine
kurisu: so you want a centralized system (for "usability", infinite retention etc.), but not a " surveilled walled garden" Explain how you can have the former without the latter (let's say you have 100 Million users)
-
lissine
And if you have a viable plan, why not execute it? Whatsapp was started based on xmpp
-
opinionplatform.org
How many lurker ids do there need to be before you consider it surveiled?
-
opinionplatform.org
Apologies. Back to lurking. 🙂
-
lissine
opinionplatform.org: this is a public channel, and you know that anyone can read what's here. Talking about surveillance for _public_ chats doesn't make sense
-
opinionplatform.org
lissine: Logged to a website too, iiuc....
-
lissine
opinionplatform.org: so what?
-
opinionplatform.org
Does talking about surveillance on public streets make sense?
-
opinionplatform.org
But again, apologies for disturbing the bubble.
-
lissine
A more correct analogy would be a town square, not public streets
-
kurisu
>> I care about people being in our out of walled gardens, so what whatsapp may or may not run under the hood of irrelevant > "Out of walled gardens" makes a catchy slogan, but does not well describe the public muc experience for _some people_. When run as tiny fiefdoms by petty people, it is just as walled as anywhere. IMO. I wasn't talking about mucs ↺
-
threadmisser
https://upload.jabber.cz/upn2/7ed88d5535b6c74f4535cbc31d92bf97ba534328/EoLbXftht8Rkt68v3cxPCXpoYMK28HkZ2JKbiGNe/antieverythingchad.jpg
-
kurisu
Pubsub notifications are sent via message to all currently subscribed entities, and from what I understand there's no checking if the latest notification was actually delivered?
-
lovetox
Checking?
-
lovetox
You mean if the server checks?
-
kurisu
Yeah
-
kurisu
I'm specifically interested in the context of avatars. Like what's the algorithm? Just listen for updates or should I also request manually on each client start or something like that?
-
moparisthebest
> I might be crazy but I always find myself being stuck on the fence regarding the smallness of the xmpp community and relatively small user base and whether we would be better off with more people involved I wouldn't call everyone who's ever used a smart phone a small userbase but ok... ↺
-
kurisu
Oh wait, do the updates end up in mam?
-
lovetox
kurisu: no
-
lovetox
kurisu: on coming online you place a +notify in your disco info for the node
-
lovetox
Then the server will send you the last message
-
Menel
moparisthebest: people always confuse the protocol with some client or "the open xmpp chat community" or....
-
lovetox
Is this not in the user avatar yep described?
-
moparisthebest
Daniel, Link Mauve, mathieui: did you see https://njump.me/nevent1qvzqqqqqqypzpk9xancv89h24rme53yhl6dh0hyhwce528eu5hrrfcsgvkg3vermqqsdz7p7mn89064lpnp4lepc2wu8tzeqe0z49sgvkzghcjdnpm3wd7c99wm30 ? If it's to be believed the Telegram guy was arrested in France for running a "cryptology service" without registering with the French govt first... 💀
-
Menel
Some old laws from the crypto wars? Didn't know that is still around
-
kurisu
This is a PR campaign just like their "banning" by Russia was. So people think that in terms of security Telegram is anything more than yet another centralized social network with no e2ee✎ -
kurisu
This is probably just another PR campaign just like their "banning" by Russia was. So that people think that in terms of security Telegram is anything more than yet another centralized social network with no e2ee ✏
-
moparisthebest
Telegram is nothing more than another centralized silo, where e2e or not doesn't matter at all
-
moparisthebest
But that's beside the point that if France really arrested him for running an unregistered chat service that public XMPP operators, especially those in France, might have reason to worry
-
Menel
Read a fedi post that signal _did_ register it
-
Menel
Semeone wrote how cumbersome / hard it was
-
kurisu
I'd say no unless ru military actively uses your xmpp server like they do telegram
-
kurisu
> that public XMPP operators, especially those in France, might have reason to worry Re:
-
mathieui
moparisthebest: this is certainly a pretext in that case, but also servers operators do not "import cryptographic mechanisms", and the restriction is rather on client authors on marketplaces
-
mathieui
Additionally we at least reply to law enforcement and comply to orders from judges, which is more than what telegram ever did, from what I gather
-
kurisu
I mean, Telegram erased info upon Russian and Iranian government's requests, so it definitely did more than that...
-
kurisu
Not to mention how much it had to cooperate to be based in UAE in ways we'll never know about
-
moparisthebest
> moparisthebest: this is certainly a pretext in that case, but also servers operators do not "import cryptographic mechanisms", and the restriction is rather on client authors on marketplaces mathieui: I can't imagine all your crypto code was written in France so you are importing it, no? ↺
-
mathieui
moparisthebest: it is a bullshit law but TLS stacks are not part of the equation
-
moparisthebest
So then is Daniel screwed on running a server *and* providing a client with OMEMO? Should he avoid France? :/
-
edhelas
French citizen there, but hosting in Germany, how does it apply for me :D ?
-
moparisthebest
edhelas: well the arrested guy was a French citizen not hosting in France so I'm afraid it doesn't look good for you 😞
-
mathieui
moparisthebest: I believe Daniel has filled the paperwork years ago
-
Menel
Also, not beeing frensh and not hosting there, then it doesn't apply, does it?
-
mathieui
Menel: it does if you sell your app on French app store fronts, afaik
-
mathieui
(iOS and Android, notably)
-
mathieui
Durov being French has not much link to his arrest, as far as I understand it
-
mathieui
(His French citizenship is also a very dubious affair)
-
moparisthebest
Regardless I think it's worth watching closely and being somewhat concerned about, especially if you travel to France
-
kurisu
"Durov being French"
-
Menel
Hm seems impossible to use playstore, not limiting it to any country. Then you need to know the laws of every country in the world? Quite impossible even for some lawyers
-
moparisthebest
You can limit to country, but yes, how many full time lawyers do you need on staff to analyze all law changes in all countries ?
-
moparisthebest
And how/why is "app store" different from "installing from a web page" or "Debian repos" ?
-
moparisthebest
gajim and Dino devs are breaking French laws too? Or Debian packagers? Or Debian? 🤷♂️
-
Menel
That would be a good job for Google. And acutall, why isn't it the play stores fault to ship it there
-
mathieui
Menel: when you allow the store to distribute to France, it asks you the question (see https://mastodon.social/@fj/113032860763121615 )
-
Menel
👍
-
moparisthebest
Menel: I agree, why does the multi billion dollar company actually capable of doing this escape responsibility...
-
kurisu
> Then the server will send you the last message I only get the my own pfp. I don't get messages for any other users. Am I supposed to request those myself manually? Or to somehow explicitly subscribe to them? ↺
-
singpolyma
No, you just get them if you have +notify and they are in your roster with presence permission
-
kurisu
on every reconnect?
-
singpolyma
Yes
-
Seve
"Malware infiltrates Pidgin messenger's official plugin repository" https://news.ycombinator.com/item?id=41370714
-
mimi89999
What's the best place to discuss proposed XEPs?
-
hook
> "Malware infiltrates Pidgin messenger's official plugin repository" https://news.ycombinator.com/item?id=41370714 Tangental question: how well is XMPP/Jabber support in Pidgin nowadays? ↺
-
singpolyma
Not great
-
singpolyma
Does work at all
-
hook
Too bad
-
moparisthebest
> What's the best place to discuss proposed XEPs? mimi89999: here is good, or mailing list ↺
-
kurisu
I advertised urn:xmpp:avatar:metadata+notify in my toy client's presence caps, but I only get <message> from a couple of contacts. A particular contact for which I see a pfp on dino/conversations/gajim isn't sending theirs. Why could that happen?
-
kurisu
that person is running monocles but I think that's not that point as from what I understand the message is sent on their behalf by my server anyway?
-
mimi89999
I saw https://matthewwild.co.uk/uploads/xeps-tmp/xep-oauth-client-login.html#nt-idm109 proposed by MattJ and I saw that it depends on RFC 7591, but I have some doubts about that standard.
-
mimi89999
With RFC 7591 either you need to find a way for xmpp/email client devs to obtain the _Initial Access Token_ which is just shifting the problem from having xmpp/email clients register their apps with all xmpp/mail providers or you have open registration. If I understand that RFC correctly, a malicious party could set any `client_name` and `logo_uri` making it possible to impersonate any service. What would a Firefox user click if they see the message "Firefox wants to access..." and the Firefox logo?
-
moparisthebest
mimi89999: feel free to continue but that's a protoxep currently so it would really be best for you to send this to the mailing list if possible
-
mimi89999
How are such attacks prevented?
-
singpolyma
mimi89999: yes it's true there's no vetting of the branding by default
-
singpolyma
Though hopefully the user knows which app they just came from...
-
kurisu
When a client sees a pubsub <item>, that's basically "add or update", right, so the item is to be stored in addition to what the client already has? But then different user avatars as I understand will have different item ids, based on the hash of the image. Thus when changing the avatar, does the client first <retract> the old one?...
-
kurisu
oh so like in some cases it may only store the last one... my goodness
-
kurisu
I thought my client would cache all the pubsub nodes it knows of but apparently that's the wrong strategy
-
mimi89999
singpolyma: What about a scenario where a user receives the message: "Hey, check out that great article: [shortened link]" The user then clicks on the link and sees the message: "To allow Firefox to access your account bob@example.com and associated data, select 'Allow'. Otherwise, select 'Deny'" Or "To allow Conversations to access your account bob@example.com and associated data, select 'Allow'. Otherwise, select 'Deny'" What will the user select?