Re: The ecosystem is moving

Dave Cridland <> Fri, 13 May 2016 18:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8830412D4FC for <>; Fri, 13 May 2016 11:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id A_e15knsNUTZ for <>; Fri, 13 May 2016 11:14:17 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0270512D0C3 for <>; Fri, 13 May 2016 11:14:17 -0700 (PDT)
Received: by with SMTP id k142so183304075oib.1 for <>; Fri, 13 May 2016 11:14:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=FzCTUmZ1I1zIoxJjM7pqaU6nuWOgchymb50VXXDJe7M=; b=baS4CxyDoKvcetmIpuRLqSZh3jSaGm0wZXfvDDE3d0FZL6WjhRIiAVUuiasyDhywtX d1ZrKHYwxFOa2O8Jc/SL9jsXMOPQ4ec2VA0ONTmb/U0Nk/3dR+HJd1HuFN3wD6rnPN2K d+8mIdnECEabUaDRHDqJm3m0GnJ4gYNSlXsds=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=FzCTUmZ1I1zIoxJjM7pqaU6nuWOgchymb50VXXDJe7M=; b=KqPzcV2M+qjfeO7p4latC9RKua8aXgQBAMDxDGeolhmPsZaCxd28NKn7LmlkEUHDHi RU49eRQJcOt1xU/A16YcFm4QcOPGv+8LJSGybfIxkIaX+wksrx/4mOaKVkI7SB5ANtY6 8paCiqP9Fpy03f+XoxXgtd5C39nvOVmDl5e2NzGy7M3ir3yLf0wPR2eU0CQkQXiLSSd1 HZlDuo5DcwsssaIKWbFXGZYJXguOiCiydEDcI8dcJhlwf/Bu964k2yGe3guaLxAf7HpJ Uu/YKVbNpr1ifUmAVHnUDU3tkvzbdgrr8IEiFQBftqq34tzfF3hKbyZYbx5qHLiNCD+0 tCwQ==
X-Gm-Message-State: AOPr4FX7M0rlwU4G6rg4Qh/X4+kiJtLyPRs7YWkczGde9KP+pgsO/6rKv0Mbv4KXeEoCe+y03IUBA/+SCViTOFa2
MIME-Version: 1.0
X-Received: by with SMTP id u8mr4198503otu.91.1463163256311; Fri, 13 May 2016 11:14:16 -0700 (PDT)
Received: by with HTTP; Fri, 13 May 2016 11:14:16 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Fri, 13 May 2016 19:14:16 +0100
Message-ID: <>
Subject: Re: The ecosystem is moving
From: Dave Cridland <>
Content-Type: multipart/alternative; boundary=001a1141cf902432a20532bd3ef2
Archived-At: <>
Cc: Phillip Hallam-Baker <>, Paul Wouters <>, " Discussion" <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 13 May 2016 18:14:19 -0000

On 13 May 2016 at 17:57, Martin Rex <> wrote:

> Phillip Hallam-Baker wrote:
> >
> > Moxie has never really been interested in the standards game. He just
> likes
> > doing code.
> >
> > If we want this to be really open, we have to put our own proposal on the
> > table.
> >
> > I am currently trying to do just that.
> IMO, Moxie points to a number of real problems, but I think his
> conclusions about the causes are wrong.
I agree.

> The two most important things that engineers (professionals and amateurs)
> get wrong are:
>   - failure to provide smooth interop with installed base
>   - failure to take usability into account, how does a novice
>     user get started?
I agree, though I dispute the fact that XMPP has failed on the first.

> Jabber (which allegedly uses XMPP) is a royal PITA.
> It is possible to participate IETF Meetings remotely via Jabber,
> and the IETF operates a jabber server, but that crappy server
> refuses to let you in (provide a login/user account for you).
> How to get a user account to join?  Well that's a black magic art
> that is explained nowhere (at leat this was the situation
> a while ago and for more than a decade).
> I got myself an "jabber account" somewhere else, but at some point,
> I got a "warning" that I would soon no longer be able to login to
> that account, because my client software didn't support TLS.
> Well, getting a jabber client _with_ support for TLS turned out to
> be another royal PITA, because it wasn't available for my old Linux
> distro, and compiling it my self would have required to obtain and
> compile at least three dozen other libs and toolkits it depends upon,
> and what my existing Linux distro had was "too old".
The XMPP community switched to recommending mandatory TLS as a whole just
under two years ago, in no small part due to the issues discussed at length
within the IETF.

This doesn't represent a protocol change but a deployment one, and we
switched after extensively examining the usage of existing, popular servers.

> I only wanted to join IETF meetings remotely, and they're public anyways,
> so I was just fine without TLS and my old client, but the XMPP freaks
> running this stuff seemed to be fiercly determined of breaking backwards
> compatibility just for the fun of it, giving a shit about their users,
> similar to the developers of the newer client software, which gave a shit
> about compiling the client software on a 5 year old linux distro.
I think "freak" is presumably some kind compliment I'm misunderstanding,
but I'm unaware of any XMPP client which doesn't support TLS. I might have
to get a t-shirt made up with "XMPP freak" on it, though.

> There things that WhatsApp achieved in a straightforward and
> user friendly manner:
>    - signing up as a new user is *EASY*
Yes, I agree that onboarding is difficult. We've made it more, not less, so
in recent years by trying to avoid a growing spam problem, and this has
hurt usability.

But onboarding is difficult with email, too.

>    - getting the newest of their client software for a 5+ year old
>      Android (e.g. Android 4.1) is no more difficult that getting
>      it for bleeding edge OS releases
Conversations, Yaxim? Both available in Google Play, although I'm only
aware of Yaxim running back to 2.1; Conversations might require something
more modern.

>    - Interoperability with installed base was not impaired when
>      rolling out the encryption-enabled clients
There's actually no way to upgrade a set of arbitrary clients to mandatory
channel encryption unless you only have one client and you control it
absolutely. This is one of the points Moxie was driving at, and he's quite
right in this.

That said, I think the XMPP community did pretty well - a series of four
test days spanning four months, with a large number of client and server
developers. I appreciate you were caught out by this; I'm afraid that's a
penalty of running an open source desktop that I share; sometimes you find
yourself having to compile your own software when you weren't expecting it.
But the vast, vast majority of users probably didn't even notice.

> For these three issues, Jabber is a complete and utter failure.

Thanks, and I appreciate your work too.

By the way, if there's someone from Google here, can you please kill the
broken XMPP system you're running which is causing vast user confusion.