Modern XMPP project discussion - 2021-09-03


  1. meeeeson

    > it's been a few times i hear about "xmpp 2.0" https://wiki.xmpp.org/web/XMPP_2.0 This is not up to date, isn't it? Las edit seems to be from 2017. But that's the first link you find when you search for _XMPP 2.0_

  2. meeeeson

    > it's been a few times i hear about "xmpp 2.0" https://wiki.xmpp.org/web/XMPP_2.0 This is not up to date, isn't it? Last edit seems to be from 2017. But that's the first link you find when you search for _XMPP 2.0_

  3. MattJ

    Up to date with what?

  4. meeeeson

    With the current plans of changes/improvements discussed at the office hours regards a "XMPP 2.0".

  5. MattJ

    I guess someone should merge the documents

  6. MattJ

    There's no official thing called "XMPP 2.0"

  7. MattJ

    It's just what people call their wishlist of things they want to see done differently in XMPP :)

  8. meeeeson

    I see, nvm then :)

  9. MattJ

    I think there will probably be updates to the spec in the future, but I doubt there will ever be an "XMPP 2.0"

  10. MattJ

    I think some questionable features that people don't use these days could be deprecated, probably better standardization of newer connection methods (such as direct TLS), and some of the routing rules that can be changed safely may be changed. Given the extensible nature though, there isn't much to change at the core layer. Most evolution happens through extensions, and that's a gradual evolution through many separately versioned specificatins that is always ongoing.

  11. Zash

    Perhaps XMPP 2.0 will be a bit like TLS 1.3, which pretends to be a TLS 1.2 session resumption

  12. smalltimebloke

    > MattJ: I think some questionable features that people don't use these days could be deprecated, OTR should not be a thing because of changes that have happened in the recent past

  13. MattJ

    OTR isn't in any XMPP specification

  14. smalltimebloke

    Whoops

  15. Holger

    Well it's past usage is described in XEP-0364, which kinda recommends against implementing it.

  16. smalltimebloke

    One common thing I have heard about XMPP until a few years ago is about spamming. Personally, I have not really noticed it

  17. MattJ

    It's a problem if your JID ends up on the spammers' lists, if it doesn't then you won't even know spam exists

  18. MattJ

    Any open network has this problem, and much work has been done to encourage admins to fix servers that spammers are using, etc.

  19. Zash

    It used to be quite annoying a few years ago. The operators got their act together and are now doing a great job keeping out the endless hordes of spam bots.

  20. smalltimebloke

    That is right.

  21. lovetox

    im now some years in the community my jid is plastered all over the web on git repos and mailing lists

  22. lovetox

    i never received a single spam message

  23. lovetox

    maybe i should consider myself lucky

  24. Zash

    You shuold

  25. Zash

    You should

  26. pep.

    It took quite a few years before I got spam tbh. Then I got a few somewhat regularly, and I haven't had any for.. months now

  27. Zash

    I once posted the JID from my local development instance to an issue tracker, and it drowned in spam within weeks.

  28. Zash

    To the point where I had to remove the entire host from DNS.

  29. purplebeetroot

    A term that is often used among xmpp clients is "blind trust". This is ableism. alternative could be: trust by default, always trust, trust without confirmation...etc.

  30. purplebeetroot

    I saw that you started to build a list of good practice terminology. A term that is often used among xmpp clients is "blind trust". This is ableism. alternative could be: trust by default, always trust, trust without confirmation...etc.

  31. southerntofu

    i notice there's no encryption/trust related terminology on https://docs.modernxmpp.org/terminology/

  32. southerntofu

    purplebeetroot, if you ever have too much time, it would be interesting to gather trust/encryption related vocabulary in several clients, like was done here for other vocabulary: https://docs.modernxmpp.org/translation-discussion/

  33. southerntofu

    then we can figure out what works good/not :)

  34. raucao

    using words exactly for what they mean is not ableism https://www.merriam-webster.com/dictionary/blind

  35. southerntofu

    raucao, well we could argue about the debate but the fact is that there's other, more explicit/correct ways to say it so no reason not to :)

  36. raucao

    i don't think there's anything as correct or apt as "blind"

  37. southerntofu

    "Always trust" is definitely more user-friendly than "Blind trust" which is mostly helpful to us crypto-people :)

  38. raucao

    only more clunky, because you have to describe all aspects of the word

  39. raucao

    always trust is not at all the same as blind trust

  40. southerntofu

    or we could just call it "Render my encryption useless" /s

  41. raucao

    it's also not entirely useless

  42. raucao

    one of the dictionary's definitions is actually perfect, while the others also all apply: "unable or unwilling to discern or judge"

  43. southerntofu

    in adversarial situations "trust on every use" is dangerous

  44. southerntofu

    yeah i know about the word thanks, we have the same expression in french (though i would think it doesn't apply in every language)

  45. raucao

    just because it's dangerous for one use case doesn't make it "useless" for others

  46. raucao

    the old UX problem with e2e

  47. southerntofu

    yeah anyway i think we all agree that vocabulary/icons around encryption/trust could be avstly improved ;) ;)

  48. raucao

    yes, totally

  49. purplebeetroot

    >using words exactly for what they mean is not ableism why is it so often the same with xmpp folks... People that obviously don't get the concept of ablesit language, explaining how something is not ableism. Why don't you just ask first, before speaking non-sense that is just time wasting? Yes I'm annoyed by this....

  50. raucao

    talking about ableism but grouping all kinds individuals into "xmpp folks' and judging them as a group: good job!

  51. purplebeetroot

    someone is blind if they can't see with their eyes. The eyes are just one among many senses. People establish trust through many senses. Blind trust is a narrative that dismisses the real lived experience of blind people by creating stereotypes attached their ability to use their eyes, and devaluing their autonomy in building and confirming trust without the usage of their eyes. Because of this, and other reasons, the useage of "blind trust" is ableist language. A quick websearch should have helped you...next time when you start s'plainging, about something you have a lack of knowledge, please don't expect the person you're s'plaining have that lack of knowledge too.

  52. purplebeetroot

    oh, yeah, great play the viticm cards s'plainer. lol

  53. raucao

    the word blind describes much more than just the visual impairment. and you being aggressive and confrontational, and using ad hominems instead of respectful disagreement, is not inviting any kind of constructive conversation tbh

  54. purplebeetroot

    >the word blind describes much more than just the visual impairment. yes, all that sterotyping bullshit.

  55. Zash

    Please everyone be calm and respectful.

  56. purplebeetroot

    the term "blind trust" is not respecfull. Ever told someone "Please everyone be calm and respectful.", when they say "blind trust"?

  57. raucao

    that's your personal opinion, and disagreeing with it respectfully is valid and important

  58. purplebeetroot

    "ableism does not exist. it is just your feelings and personal opinion." You do not understand the concept of ableist language. So stop claiming to have that knowledge, and stop your tone policing while just continuing being disrespecful. have you done a websearch?

  59. raucao

    i don't think anyone but you is disrespectful in here right now. you also just shifted the goalpost to ableism in general, and somehow accused me of denying it exists. which i expressly did not do

  60. meeeeson

    What about simply 'Trust [keys] (without|before) verification' ?

  61. Sam

    "Implicit trust before verification" is the non-ableist alternative I've seen applied before.

  62. purplebeetroot

    >you also just shifted the goalpost to ableism in general, and somehow accused me of denying it exists I mean ableist language, not ableism in general.

  63. southerntofu

    Sam's and meeeeson's proposals sound fair/explicit in my view

  64. southerntofu

    raucao, in case you're interested about some perspectives on ableist constructs in english language, i recently encountered https://ttm.sh/tgl.pdf i didn't finish it (only to page 15 or so) but it was a good resource so far