Modern XMPP project discussion - 2021-09-03

> it's been a few times i hear about "xmpp 2.0" https://wiki.xmpp.org/web/XMPP_2.0 This is not up to date, isn't it? Last edit seems to be from 2017. But that's the first link you find when you search for _XMPP 2.0_ ✏

Up to date with what?

With the current plans of changes/improvements discussed at the office hours regards a "XMPP 2.0".

I guess someone should merge the documents

There's no official thing called "XMPP 2.0"

It's just what people call their wishlist of things they want to see done differently in XMPP :)

I see, nvm then :)

I think there will probably be updates to the spec in the future, but I doubt there will ever be an "XMPP 2.0"

I think some questionable features that people don't use these days could be deprecated, probably better standardization of newer connection methods (such as direct TLS), and some of the routing rules that can be changed safely may be changed. Given the extensible nature though, there isn't much to change at the core layer. Most evolution happens through extensions, and that's a gradual evolution through many separately versioned specificatins that is always ongoing.

Perhaps XMPP 2.0 will be a bit like TLS 1.3, which pretends to be a TLS 1.2 session resumption

> MattJ: I think some questionable features that people don't use these days could be deprecated, OTR should not be a thing because of changes that have happened in the recent past

OTR isn't in any XMPP specification

Whoops

Well it's past usage is described in XEP-0364, which kinda recommends against implementing it.

One common thing I have heard about XMPP until a few years ago is about spamming. Personally, I have not really noticed it

It's a problem if your JID ends up on the spammers' lists, if it doesn't then you won't even know spam exists

Any open network has this problem, and much work has been done to encourage admins to fix servers that spammers are using, etc.

It used to be quite annoying a few years ago. The operators got their act together and are now doing a great job keeping out the endless hordes of spam bots.

That is right.

im now some years in the community my jid is plastered all over the web on git repos and mailing lists

i never received a single spam message

maybe i should consider myself lucky

You should ✏

It took quite a few years before I got spam tbh. Then I got a few somewhat regularly, and I haven't had any for.. months now

I once posted the JID from my local development instance to an issue tracker, and it drowned in spam within weeks.

To the point where I had to remove the entire host from DNS.

I saw that you started to build a list of good practice terminology. A term that is often used among xmpp clients is "blind trust". This is ableism. alternative could be: trust by default, always trust, trust without confirmation...etc. ✏

i notice there's no encryption/trust related terminology on https://docs.modernxmpp.org/terminology/

purplebeetroot, if you ever have too much time, it would be interesting to gather trust/encryption related vocabulary in several clients, like was done here for other vocabulary: https://docs.modernxmpp.org/translation-discussion/

then we can figure out what works good/not :)

using words exactly for what they mean is not ableism https://www.merriam-webster.com/dictionary/blind

raucao, well we could argue about the debate but the fact is that there's other, more explicit/correct ways to say it so no reason not to :)

i don't think there's anything as correct or apt as "blind"

"Always trust" is definitely more user-friendly than "Blind trust" which is mostly helpful to us crypto-people :)

only more clunky, because you have to describe all aspects of the word

always trust is not at all the same as blind trust

or we could just call it "Render my encryption useless" /s

it's also not entirely useless

one of the dictionary's definitions is actually perfect, while the others also all apply: "unable or unwilling to discern or judge"

in adversarial situations "trust on every use" is dangerous

yeah i know about the word thanks, we have the same expression in french (though i would think it doesn't apply in every language)

just because it's dangerous for one use case doesn't make it "useless" for others

the old UX problem with e2e

yeah anyway i think we all agree that vocabulary/icons around encryption/trust could be avstly improved ;) ;)

yes, totally

>using words exactly for what they mean is not ableism why is it so often the same with xmpp folks... People that obviously don't get the concept of ablesit language, explaining how something is not ableism. Why don't you just ask first, before speaking non-sense that is just time wasting? Yes I'm annoyed by this....

talking about ableism but grouping all kinds individuals into "xmpp folks' and judging them as a group: good job!

someone is blind if they can't see with their eyes. The eyes are just one among many senses. People establish trust through many senses. Blind trust is a narrative that dismisses the real lived experience of blind people by creating stereotypes attached their ability to use their eyes, and devaluing their autonomy in building and confirming trust without the usage of their eyes. Because of this, and other reasons, the useage of "blind trust" is ableist language. A quick websearch should have helped you...next time when you start s'plainging, about something you have a lack of knowledge, please don't expect the person you're s'plaining have that lack of knowledge too.

oh, yeah, great play the viticm cards s'plainer. lol

the word blind describes much more than just the visual impairment. and you being aggressive and confrontational, and using ad hominems instead of respectful disagreement, is not inviting any kind of constructive conversation tbh

>the word blind describes much more than just the visual impairment. yes, all that sterotyping bullshit.

Please everyone be calm and respectful.

the term "blind trust" is not respecfull. Ever told someone "Please everyone be calm and respectful.", when they say "blind trust"?

that's your personal opinion, and disagreeing with it respectfully is valid and important

"ableism does not exist. it is just your feelings and personal opinion." You do not understand the concept of ableist language. So stop claiming to have that knowledge, and stop your tone policing while just continuing being disrespecful. have you done a websearch?

i don't think anyone but you is disrespectful in here right now. you also just shifted the goalpost to ableism in general, and somehow accused me of denying it exists. which i expressly did not do

What about simply 'Trust [keys] (without|before) verification' ?

"Implicit trust before verification" is the non-ableist alternative I've seen applied before.

>you also just shifted the goalpost to ableism in general, and somehow accused me of denying it exists I mean ableist language, not ableism in general.

Sam's and meeeeson's proposals sound fair/explicit in my view

raucao, in case you're interested about some perspectives on ableist constructs in english language, i recently encountered https://ttm.sh/tgl.pdf i didn't finish it (only to page 15 or so) but it was a good resource so far