Idk about the internal affairs, I just really don't like Python for web backend kind of things. It's taking them way too long to sort out parallelism and packaging, while NodeJS got both right from the start and gracefully upgraded (no 2->3 mess).
Also I used Python way before JS, and I still like JS's syntax better. Especially not using whitespace for scope, which makes even less sense in a scripting language since it's hard to type that into a REPL.
Is it really a wish if it's already come true? I can't name a single person who uses XMPP. If a federated chat protocol ever wins, it'll probably be something more modern like Matrix. At least there's email too.
"The protocol has been extended" has been XMPP's theme for decades, and also its problem. Name your favorite client, it probably won't have several extensions, and a lot of useful things require support on both ends plus the server. Lots of things that should be ubiquitous are not, including s2s auth. There needed to be more structure, like AIM back then or Signal now. Also the XML stuff is a nightmare.
Even if Google Talk kept XMPP, they weren't going to save it, cause nobody used Google Talk. Facebook was by far the biggest XMPP-supported platform (though it wasn't federated), and they stopped probably cause they didn't see enough clients. Even Slack supported XMPP for a while, did you use that?
Yeah, but I wouldn't call SMS super available either since it relies a lot on the ends too. Had a lot of those drop when I traveled. Something like Facebook Messenger has a whole server storing messages, so it's solid, you'll receive them later even if your phone breaks.
It's not a big expensive task to look at what data an app is sending/receiving. Anyone with minimal reverse-engineering skill will know how to intercept HTTPS to/from their own phone in 5 minutes. Signal uses some other protocol, but it's also doable, also it's open source anyway.
The conclusion isn't that Signal should be closed-source, it's that Signal's servers should not trust the clients not to be tampered with. So after 90 days, they will remove phone numbers from the protocol for users who have hidden them, breaking old clients, which is fine. What is the alternative solution you're thinking of?
Their decisions seem right for the use case of a secure messaging app, but I don't care about that use case and would rather use a non-e2ee app that'll be reliable, not lock me out, and work seamlessly across devices. Also, for those who truly care about e2ee, it's pointless if you aren't checking all the safety numbers out-of-band.
That's what I was referring to, wondering if anyone uses it and why. It even says "Why This is a Bad Idea" at the bottom.
Maybe for databases queried directly by users who also need to mix in API responses, and you're wrapping this all up in triggers or some other stored procedure cause you really want to use Postgres without some controller written in Python or JS.
I've thought about writing a general-purpose programming language that uses Postgres as its runtime, with the twist that it can save checkpoints to survive system reboots and also interop closely with SQL. Postgres already has a lot of nice built-in types and functions.
Also I used Python way before JS, and I still like JS's syntax better. Especially not using whitespace for scope, which makes even less sense in a scripting language since it's hard to type that into a REPL.