this post was submitted on 19 Jul 2025
262 points (93.7% liked)

Technology

73209 readers
3981 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
262
Giving Up on Element & Matrix.org (xn--gckvb8fzb.com)
submitted 1 week ago by mesamunefire@piefed.social to c/technology@lemmy.world
168 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] psycotica0@lemmy.ca 2 points 6 days ago (1 children)

XMPP doesn't change very very often, but there's actually tons of XEPs that are in common use and are considered functionally essential for a modern client, and with much higher numbers than XEP-0004

The good news, though, is that mostly you as the user don't need to care about those! Most of the modern clients agree on the core set and thus interoperate fine for most normal things. And most XEPs have a fallback in case the receiver doesn't support the same XEPs.

I'm general XMPP as a protocol is a lightweight core that supports an interesting soup of modules (in the form of XEPs) to make it a real messenger in the modern sense. And I think that's neat! But you can't really judge the core to say how often things change.

[–] DreamlandLividity@lemmy.world 1 points 1 day ago* (last edited 1 day ago) (1 children)

Most of the modern clients agree on the core set and thus interoperate fine for most normal things.

So you think it is a sane solution to mark essential features as optional extensions and then have a wink-wink, nudge-nudge agreement of which of these "optional" extensions are actually mandatory? Instead of having essential features be part of the core protocol?

But more importantly, XMPP sucks because it does not have one back-end implementation like Vodozemac for Matrix. So let alone being unable to have security audits, you are forcing client developers to roll their own implementation of the e2ee, with likely little to no experience with cyber-security, and just hoping they will make no mistakes. You know, implementing encryption that even experts have hard time getting right.

[–] psycotica0@lemmy.ca 1 points 48 minutes ago

Honestly, I struggle with this myself. On the one hand I like the diversity of clients; it feels like a sign of strength of the community and protocol that there are many options that have different values. But the cost of this diversity is that it makes things more complicated to coordinate, and different people with different values have different opinions on what a chat client should even want for features.

Something like Slack or Discord can roll out a server feature and client feature to all their clients all at the same time and have a unified experience. But the whole benefit of FLOSS is that anyone can fork the client to make changes, and the whole point of an open protocol is that multiple independent clients can interoperate, and so there's a kind of irony in me wanting those things, but those things producing a fractured output.

So I think XMPP, as a protocol, does the best compromise. These differences between clients and servers aren't just random changes in behaviour or undocumented features, they're named, numbered, alterations that live somewhere and are advertised in the built-in "discovery" protocols. The protocol format itself is extensible, so unexpected content can be passed alongside known content in a message or a server response and the clients all know to ignore anything they don't understand, and virtually all of the XEPs are designed with some kind of backwards compatibility in mind for how this feature might degrade when sent to a non-supported client.

It isn't perfect, but I think perfection is impossible here. A single server and client that everyone uses and keeps up to date religiously with forced upgrades is best for cohesiveness, but worst for "freedom", and a free-for-all where people just make random individual changes and everything is always broken isn't really a community, and XMPP sits in the middle and has a menu of documented deviations for clients to advertise and choose.

As for security, that can be mostly solved with libraries, independent of the rest of the client or server implementation. Like, most clients used libsignal for their crypto, so that could in theory be audited and bug-fixed and all clients would benefit. Again, not perfect, there's always room at the interface between the client code and the library code that's unique, but it's not as bad as rolling your own crypto.