Modern XMPP project discussion - 2024-11-24


  1. polkadot

    > And it doesn't take everything into account. So some servers are at the top of the list which I would never recommend, and some good reputable servers receive a terrible rating From your experience, what are some good, reputable, and reliable servers that has a good userbase and has existed for a long time? Right now I'm on hookipa.net. Is it any good?

  2. opinionplatform.org

    Looks OK here, fwiw, polkadot https://compliance.conversations.im/server/hookipa.net/

  3. polkadot

    I see

  4. polkadot

    I see

  5. polkadot

    Glad I picked correctly lol

  6. Zash

    That test suite is pretty focused on protocol features needed by Conversations. I'd suggest taking those tests with a grain of salt and consider that they rarely give a complete picture of everything that may be relevant.

  7. MattJ

    In other words: every attempt to grade and rank servers will be opinionated 🙂

  8. Zash

    https://providers.xmpp.net/overview/ does have a lot more info than just protocol features enabled, that you could with some amount of work rank by your own criteria.

  9. zapb

    Nice overview 👌

  10. opinionplatform.org

    Ask why they don't commit and answer, > From your experience, what are some good, reputable, and reliable servers that has a good userbase and has existed for a long time?

  11. opinionplatform.org

    > https://providers.xmpp.net/overview/ does have a lot more info than just protocol features enabled, that you could with some amount of work rank by your own criteria. In a short time an A rated service has moved to D, based on one statement. Odd.

  12. opinionplatform.org

    Conversations.im is now D because of another odd reason. They are often recommended. And, Snikket is not listed, why?

  13. Kris

    Snikket is not a single server

  14. cal0pteryx

    opinionplatform.org, all the oddities can be well explained. you're welcome to join xmpp:support@chat.xmpp-providers.org?join

  15. Zash

    > Those rankings are primarily aimed at client developers, not users ↑

  16. cal0pteryx

    Are they though? What makes you think they are? Most of the criteria were chosen to have easier onboarding (e.g. inband registration) and less frustration after registration (e.g. upload limit too low)

  17. cal0pteryx

    Pre-filtered lists are available for client developers _if_ they want to use them. Developers are free to use an unfiltered version and apply their own criteria. That's what I see as aimed at client developers

  18. leke

    Don't we have Compliance Suites?

  19. leke

    Why not rank according to Compliance Suites?

  20. cal0pteryx

    leke, that can be a part of a rating, yes. But a fully compliant server may have undesirable properties as well

  21. opinionplatform.org

    It's what compliance.conversations.im does?

  22. cal0pteryx

    No, compliance.conversations.im does not check for Compliance Suites. It does check for its own set of supported XEPs

  23. MattJ

    cal0pteryx [14:19]: > Are they though? What makes you think they are? Demoting servers without IBR, for example

  24. MSavoritias (fae,ve)

    also > Security (C2S) is listed for some reason

  25. MSavoritias (fae,ve)

    specifically that is

  26. MSavoritias (fae,ve)

    or the fact that captchas and and free of charge are "A". or bus factor 1 person. some of the reasons i can see with a quick browse

  27. cal0pteryx

    > cal0pteryx [14:19]: > > Are they though? What makes you think they are? > Demoting servers without IBR, for example But onboarding is easier for users if they can do it directly from their app

  28. Kris

    > Are they though? What makes you think they are? Most of the criteria were chosen to have easier onboarding (e.g. inband registration) and less frustration after registration (e.g. upload limit too low) In app onboarding is not something well run servers actually want.

  29. Kris

    Its only client developers that think that is a good idea.

  30. cal0pteryx

    MSavoritias (fae,ve), I don't understand, C2S and S2S properties are not used for ratings. They used to, but the service providing these ratings went away.

  31. Kris

    >> cal0pteryx [14:19]: >> Demoting servers without IBR, for example > But onboarding is easier for users if they can do it directly from their app Not really, it is an annoying extra step you want to avoid.

    ☝ 1
  32. MSavoritias (fae,ve)

    > MSavoritias (fae,ve), I don't understand, C2S and S2S properties are not used for ratings. They used to, but the service providing these ratings went away. read my message. i said: > is listed for some reason nobody cares about C2S security whatever that means except developers. in the sense that servers that dont have it shouldnt be listed at all to be for non-devs.

  33. cal0pteryx

    MSavoritias (fae,ve), as I said, as a client developer, you're free to combine these infos to your own rating, if you think they fit your users better

  34. MSavoritias (fae,ve)

    for the list to be for non-devs

  35. MSavoritias (fae,ve)

    of course :)

  36. cal0pteryx

    I'd be careful to say "nobody cares about x". If it's part of why a provider is rated down or up, it becomes relevant to the user

  37. Kris

    >> But onboarding is easier for users if they can do it directly from their app > Not really, it is an annoying extra step you want to avoid. The only exception being apps that are primarily distributed through stores and use centralized servers.

  38. cal0pteryx

    > The only exception being apps that are primarily distributed through stores and use centralized servers. That depends on where a user's entry point is? If you download the app first, you wouldn't want to be redirected to a website for registration (that is an extra step)

  39. MSavoritias (fae,ve)

    > I'd be careful to say "nobody cares about x". If it's part of why a provider is rated down or up, it becomes relevant to the user they do care. but in the sense that if its secure its shown, if its not secure its not shown. Its not for "non-devs" if I have to figure out what C2S means

  40. Kris

    > I'd be careful to say "nobody cares about x". If it's part of why a provider is rated down or up, it becomes relevant to the user Well, there should be minimum requirements for c2s secutity, and servers that don't fulfill them are better hidden and not down-ranked.

    💯 1
  41. cal0pteryx

    > they do care. but in the sense that if its secure its shown, if its not secure its not shown. > Its not for "non-devs" if I have to figure out what C2S means "if it's not secure it is now shown" I don't understand that message

  42. MSavoritias (fae,ve)

    if a server is not secure it is not shown on the list as Kris said

  43. cal0pteryx

    Ah you mean a provider is shown depending on that. Yes, sure. But this has be done in a transparent manner ;)

  44. Kris

    >> The only exception being apps that are primarily distributed through stores and use centralized servers. > That depends on where a user's entry point is? If you download the app first, you wouldn't want to be redirected to a website for registration (that is an extra step) Yes, but from a server admin perspective you really do not want the app to be the primary entry point.

  45. cal0pteryx

    Does the user care?

  46. MSavoritias (fae,ve)

    that they have to pick a server from a random list? yes. i repeateadly had the experience where "picking" a server in the app was confusing

  47. MSavoritias (fae,ve)

    even with ratings and such

  48. cal0pteryx

    At the moment it's a difference of A or B depending on whether IBR is active or not. Both colored green

  49. MSavoritias (fae,ve)

    because ok I have like 5 servers that are "A" rating. that means nothing for me really

  50. Kris

    Depends. Prople complain that it is hard to chose a server, and thst is partially because clients hide away context that is necessary to make an informed decision about which server to choose.

  51. cal0pteryx

    It means you did not pick one from D, which might bring you a really bad experience

  52. Kris

    Depends. Prople complain that it is hard to chose a server, and that is partially because clients hide away context that is necessary to make an informed decision about which server to choose.

  53. cal0pteryx

    > Depends. Prople complain that it is hard to chose a server, and that is partially because clients hide away context that is necessary to make an informed decision about which server to choose. Right, that's what the project tries to achive. Enabling users to make an informed decision

  54. Kris

    A ranking is a very poor substitute for visiting the server website, reading about their values, privacy policy etc.

  55. MSavoritias (fae,ve)

    exactly

  56. MSavoritias (fae,ve)

    servers are about communities, otherwise they are not really sustainable

  57. Kris

    And if you want people to do that you can better have them register on the website then.

    💯 1
  58. cal0pteryx

    Sure, that's a thing we offer in Gajim for example. We always link the website

  59. cal0pteryx

    Both A (IBR enabled) and B (no IBR) providers are listed for browsing. As soon as a provider is selected, additional info plus a website link is shown.

  60. MattJ

    For as long as well-maintained servers like conversations.im and yax.im receive a 'D' rating I'll always question the rating system 🙂

  61. leke

    > For as long as well-maintained servers like conversations.im and yax.im receive a 'D' rating I'll always question the rating system 🙂 me too

  62. cal0pteryx

    For yax.im there is no support chat listed (that would be easy via xep-0157), and for conversations.im it's http upload storage size, which cannot be automatically determined as of now (that's why the "providers file" was invented until that property can be queried automatically)

  63. cal0pteryx

    All properties which cannot be retrieved automatically at the moment are covered by a provider file: https://providers.xmpp.net/provider-file-generator/ If a provider offers this file, its info is automatically updated

  64. cal0pteryx

    60% of all providers listed at providers.xmpp.net already offer such a file

  65. Zash

    > For yax.im there is no support chat listed (that would be easy via xep-0157), and for conversations.im it's http upload storage size, which cannot be automatically determined as of now (that's why the "providers file" was invented until that property can be queried automatically) Doesn't it? https://paste.debian.net/hidden/5d921137/

  66. cal0pteryx

    It looks like today's scan of yax.im did not receive an answer for the '157 query. It did before. Should be fine tomorrow?

  67. leke

    I’m curious to know when we can expect to see messages that display both images and text simultaneously. I’ve heard that this was a compromise made in the past for compatibility with other clients, but the protocol actually allows for it.

  68. Kris

    With http upload there are no images per se. It is a hidden message with a link that tells clients that the link contains an image.

  69. Kris

    You could put additional metadata into that message, like a title or a image description, but that would require clients to agree on a format for that.

  70. MSavoritias (fae,ve)

    something like xhtml for example :P

  71. Kris

    I think it is just considered very low priority as you can just send a second message after sharing the image link.

  72. cal0pteryx

    Dino just received support for XEP-0447

  73. cal0pteryx

    https://xmpp.org/extensions/xep-0447.html

  74. MattJ

    Kris, there is a format for that since 2002, the problem is simply that the most popular implementation didn't support it

  75. MattJ

    and everyone else wanted to remain compatible

  76. MattJ

    But now people are looking to more advanced formats anyway, which have even more features (again, the limit is simply implementations)

  77. Kris

    I see. So a C problem as usual 🤦‍♂️

  78. Kris

    > Dino just received support for XEP-0447 Seems nice. Basically it is just missing chunked file sharing and you have a bit torrent like function 😅

  79. Kris

    Dino is the only client implementing this?

  80. MSavoritias (fae,ve)

    > Seems nice. Basically it is just missing chunked file sharing and you have a bit torrent like function 😅 it doesnt have? :(

  81. Kris

    Also it might be interesting to write a server module that attaches another source, so that accounts connected to that server can preferr that.

  82. cal0pteryx

    > Dino is the only client implementing this? https://xmpp.org/extensions/#xep-0447-implementations

  83. Kris

    MSavoritias (fae,ve): it's not mentioned in the specs, but it has multi file support, so I guess if both sides know how to disassemble and reassemble files it could work purely client side with the current specs

  84. MSavoritias (fae,ve)

    meh. so i need to write a XEP on top of that then if it is widely adopted instead of SIMS

  85. MSavoritias (fae,ve)

    to make it aware of pieces of files

  86. MSavoritias (fae,ve)

    and framing possibly

  87. Kris

    cal0pteryx: thanks. The usual list of not actually practical to use clients sadly.

  88. Kris

    MSavoritias (fae,ve): yeah I would guess that is the best way forward

    👍 1
  89. cal0pteryx

    Well, some client needs to make a start right? In Gajim we already prepared the database for multiple possible formats. Now Dino made the first step

  90. Kris

    Yeah, thats good of course