Friday, May 11, 2012
xsf@muc.xmpp.org
May
Mon Tue Wed Thu Fri Sat Sun
  1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
             
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

[00:01:06] *** Jef has joined the room
[00:10:18] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[00:10:28] *** Jef shows as "online"
[00:26:50] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[00:35:39] *** luca tagliaferri has left the room
[00:36:22] *** luca tagliaferri has joined the room
[00:41:14] *** Jef shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[00:46:20] *** Jef shows as "online"
[01:06:50] *** luca tagliaferri has left the room
[01:08:22] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[01:09:08] *** Jef shows as "online"
[01:38:56] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[01:42:56] *** Jef shows as "online"
[01:52:32] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[01:53:58] *** Jef shows as "online"
[02:46:25] *** Zash has left the room
[04:05:14] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[04:06:34] *** Jef shows as "online"
[04:11:34] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[04:12:10] *** Jef shows as "online"
[04:20:04] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[04:22:06] *** Jef shows as "online"
[05:02:40] *** Kooda shows as "online"
[05:14:49] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[05:24:49] *** Jef shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[05:25:59] *** Jef shows as "online"
[05:31:30] *** Jef has left the room
[06:42:35] *** Kev shows as "online"
[07:07:43] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[07:16:21] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[07:17:40] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[07:17:40] *** MiGri shows as "xa" and his status message is "Screen detached. I'll read the messages as soon as I'll be back."
[07:37:50] *** dwd shows as "online"
[07:39:11] *** dwd shows as "online"
[08:07:11] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[08:17:11] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[08:46:18] *** dwd shows as "online"
[10:23:48] *** Kev shows as "away"
[10:23:56] *** Kev shows as "online"
[10:34:01] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:36:25] *** dwd shows as "online"
[10:57:44] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[11:22:31] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[11:30:10] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:40:09] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[11:52:03] *** Zash shows as "online"
[11:52:03] *** Zash shows as "online"
[11:53:10] *** Kev shows as "away"
[11:57:55] *** dwd shows as "online"
[12:00:26] *** Kev shows as "online"
[12:03:01] *** Zash has left the room
[12:03:48] *** Zash shows as "online"
[12:03:49] *** Zash shows as "online"
[12:18:24] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[12:20:59] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:29:23] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[12:31:00] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:34:02] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[12:39:47] *** dwd shows as "online"
[12:51:44] *** MiGri shows as "xa" and his status message is "Screen detached. I'll read the messages as soon as I'll be back."
[13:22:37] *** Zash has left the room
[13:22:41] *** Zash shows as "online"
[13:22:41] *** Zash shows as "online"
[13:48:31] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:51:49] *** dwd shows as "online"
[14:42:59] *** Kooda shows as "online"
[14:53:38] *** stpeter has joined the room
[15:01:11] <stpeter> dwd: does the Board have a meeting soon?
[15:01:37] <Kev> 30 seconds.
[15:01:44] <Kev> According to the ML anyway.
[15:01:46] <stpeter> that *is* soon
[15:02:06] <stpeter> I'm shocked to be here on time
[15:03:35] *** Ashley has joined the room
[15:04:06] <Ashley> hey y'all
[15:04:15] <stpeter> hi Ashley
[15:04:15] <dwd> Yes, gosh. Meeting time already.
[15:05:19] <dwd> Although we're rather less than quorate.
[15:05:45] <Kev> I think bear was expecting to be here?
[15:06:51] <dwd> Yes. It was amazingly short notice, really.
[15:08:40] <stpeter> dwd: what are the topics for discussion, formal or informal?
[15:09:40] <dwd> Well, there's this browserid project.
[15:10:01] <dwd> Plus I think Mike and Florian were doing things with book shipping to GSoC students.
[15:10:05] *** bear shows as "online"
[15:10:13] <dwd> bear, Hiya.
[15:10:13] *bear is here
[15:10:23] <Kev> I poked bear about that yesterday, he was going to check he had all the addresses for ordering books when he was back at his desk.
[15:10:25] <Kev> Ah, and he's here :)
[15:10:36] <dwd> Well, that counts us as quorate if we need to decide anything, I think.
[15:10:38] <bear> yep - I have the addresses, need to send them to Kev
[15:10:45] <Kev> bear: I don't think I need them.
[15:10:54] <Kev> The next step was Board deciding whether to send the books, I think.
[15:10:56] <dwd> So, stupid question - where are our students, georgaphically?
[15:10:58] <Kev> (And then sending them)
[15:11:04] <bear> all over the map
[15:11:36] <dwd> Kev, I think Board had already decided to send books, actually.
[15:11:45] <Kev> Oh, ok.
[15:11:50] <Ashley> yeah, that's what i recall as well
[15:12:03] <Kev> I remember you saying Bear had to get a price based on where the students were and how much it'd cost to ship.
[15:12:05] <Kev> But yay.
[15:12:26] <stpeter> we need to make sure that people get reimbursed appropriately this time, too!
[15:12:53] <dwd> That, as I recall, was related to a discussion on how to actually ship - basically, not getting all the books shipped to Mike and then him sending them air around the globe, or something.
[15:13:15] <dwd> More likely, we use the power of Amazon, or similar, to order the books locally near the students if at all possible.
[15:13:27] <bear> Germany, Poland, Brazil
[15:13:53] <bear> we never had the books shipped to me - I used Amazon
[15:14:01] <bear> and just entered gift addresses
[15:14:35] <stpeter> IIRC we used amazon.co.uk for European orders before
[15:14:40] <bear> yes
[15:15:05] <dwd> stpeter, Amazon europe is one big thing, AFAIK, so they'll ship from whichever depot makes sense.
[15:15:07] <bear> only the China student caused a small issue, but that was because of how postal codes work, not Amazon.co.uk
[15:16:33] <bear> so I will start the ordering tonight and send an email to the list with the details
[15:16:42] <dwd> So anyway, this means we can just order the books - anyone want to take responsibility for doing so?
[15:16:51] <dwd> Oh. Mike just has. Marvellous.
[15:16:59] <Kev> I think bear just has, which is great by me because I don't want to :)
[15:17:01] <Kev> Thanks bear.
[15:17:17] <bear> I will just need to remember to send peter the receipt this time
[15:17:33] <dwd> bear, I don't *think* we need the details beyond the costs to any list.
[15:17:46] <stpeter> dwd: agreed
[15:17:47] <dwd> bear, In particular, I don't think we want the addresses anywhere near the list.
[15:18:00] <bear> the list sending is just my way of asking kev to poke me if he doesn't see it by monday
[15:18:14] <bear> oh sure, by nature I'm a privacy nut, so that's a given
[15:18:29] <dwd> OK.
[15:18:43] <dwd> So, browserid stuff.
[15:19:20] <dwd> stpeter, I've noticed with some alarm that you've not said anything on this, yet - do you have any particular thoughts?
[15:20:31] <stpeter> dwd: I thought it was a good idea when we discussed it in Brussels, but I've been pretty distracted for the last few weeks and I haven't made time to focus on it -- I will try to do that this weekend or next week
[15:21:16] <dwd> OK, great. I just had a horrible vision of you saying "What on earth are you *thinking*!?", so I'm glad you think it's OK. :-)
[15:21:32] <stpeter> dwd: I haven't delved into the technical details, but overall it seems like a good thing
[15:21:37] <bear> I think Simon from buddycloud will also be helping (I don't know if they have announced their news yet re: Mozilla)
[15:22:08] <Kev> I haven't seen it announced anywhere yet.
[15:22:32] <bear> they are probably waiting on Moz then :/
[15:23:44] <dwd> Right. I was looking at more technical detail on this, and I think there's some key chunks we can break out.
[15:24:44] <dwd> Basically there's a couple of bits of spec (browser->XMPP, and site->browserid), plus the server implementation, plus the browser one.
[15:25:33] <dwd> Of these, the bit I think we're going to struggle on is the browser-side implementation - the rest seem well within our areas of expertise, so we should manage to get these done.
[15:26:00] <stpeter> dwd: I'm ashamed to admit that I haven't looked into BrowserID much yet, nor have I thought about the XMPP integration with XMPP -- do you have any kind of writeup or blog post that explores it?
[15:26:06] <dwd> But obviously the implementation work is somewhat gated on the specs.
[15:26:18] <stpeter> er, s/XMPP// there
[15:26:38] *stpeter is pretty much flat out exhausted this morning
[15:27:40] <bear> let's post to the list a meeting request so folks interested can come
[15:27:47] <dwd> stpeter, Shockingly, no. But Browserid itself is pretty simple. It's a case of browser gets an "assertion" (ticket) as a credential for a site from the security provider, and the site validates it with a single HTTP request to https://browserid.org/verify
[15:28:27] <dwd> bear, Yeah, I thought that last time Florian was going to do that, but I may be mis-remembering, and I might have told him I would organize the meeting.
[15:28:30] <stpeter> bear: well, yes
[15:28:40] <Zash> I'd describe it as PKI with JSON
[15:28:54] <dwd> Zash, It's not even PKI, closer to Kerberos.
[15:29:03] <stpeter> it would be good to schedule something a week in advance or somesuch, and preferably have a brief writeup that folks can read (and not just XMPP folks)
[15:29:08] <Kev> Two great flavours that taste great together.
[15:29:31] <dwd> stpeter, Right. I can probably manage the write-up.
[15:29:31] <stpeter> dwd: yes, it does sound like Kerberos or even OAuth -- the same ticket pattern in all three cases
[15:29:57] <dwd> stpeter, Right, so in our case what we do need to do is allow multiple verify URIs instead of just one centralized one.
[15:30:02] <Kev> So we should just do Kerberos-over-XMPP, then. Simples.
[15:30:04] <Zash> The ticket can be validated without asking anyone
[15:30:43] <dwd> Zash, Really? Seems like you have to do a POST to the browserid URI.
[15:30:46] <Zash> s/ticket/assertion/
[15:31:56] <stpeter> do the security providers register with Mozilla somehow?
[15:32:08] <dwd> Zash, Actually, I think you're volunteering to help me with the write-up.
[15:32:12] <stpeter> and do feel free to tell me to RTFM :)
[15:32:21] <dwd> stpeter, No, the browserid model helpfully only provides on security provider.
[15:32:30] <dwd> stpeter, Which I think is daft anyway.
[15:32:47] <Zash> The browser has a key+certificate signed by the ID provider (browserid.org). To sign in somewhere, it sigs an assertion and sends that to the site, which can either ask the provider to verify it, or disassemble it and check it itself.
[15:32:50] <stpeter> as I recall, the browserid.org page basically said "1. Collect Underpants 2. Magic Here 3. Profit"
[15:33:07] <bear> it's a bit more than that now :)
[15:33:33] <bear> internally mozilla has gone "all in" for browserid - using it for our own tools
[15:33:57] <dwd> Zash, The info I can find suggests that a site can't verify the assertion itself.
[15:35:23] <Zash> dwd: I'd rather think that's because they don't want to encourage people to write RSA code in PHP
[15:35:27] <dwd> Zash, Oh, then again, it actually says "The easiest way to do this". And that's easiest because there's no info on how else one might.
[15:36:22] <dwd> Zash, Right - if that's the case we need to figure out whather to continue with that model. But thanks for volunteering to work with me on a write-up.
[15:36:36] <Zash> Heh :)
[15:37:27] <Kev> I think "Specs welcome" is one up from "Patches welcome".
[15:37:32] <dwd> OK - so if we try to schedule another meeting next week sometime, does that work for everyone?
[15:37:38] <Kev> And we all know what the latter means...
[15:37:52] <dwd> Kev, That patches are welcome?
[15:38:02] <Kev> Something like that.
[15:38:10] <Kev> It was a FOSDEM joke, you had to be there...
[15:38:53] <stpeter> dwd: in order to have enough notice and a short document for folks to read, it might need to be the week after (Monday or Tuesday or whatever)
[15:40:20] <stpeter> say, May 22nd?
[15:40:35] <stpeter> or the 23rd after the Council meeting?
[15:40:44] <dwd> stpeter, Yeah - how about I (and Zash, now) figure out a detailed technical write-up, and then we send that out and schedule the meeting then?
[15:40:55] <stpeter> that sounds absolutely super
[15:41:34] <dwd> Righty.
[15:41:52] <dwd> On that note, then, I think we may be done.
[15:42:16] <Kev> Righty. Thanks chaps.
[15:42:23] *stpeter opens a bunch of tabs about BrowserID
[15:43:53] <dwd> bear, You've a contact who "really" knows about BrowserID, right?
[15:43:57] <bear> yes
[15:44:03] <stpeter> that might be helpful :)
[15:44:05] <bear> the people who are writing the mozilla stuff
[15:44:13] <bear> irc.mozilla.org #identity
[15:44:39] <dwd> bear, Oh, OK. If I have a 1980's chat client somewhere I'll go join in.
[15:44:40] *** Ashley shows as "away" and his status message is "Away"
[15:44:47] <bear> :)
[15:44:59] *dwd goes hunting for a vt100
[15:45:11] <bear> I can make introductions if you want more of a small meeting type discussion
[15:46:11] <bear> Ben Adida is very approachable and he is the gateway to the entire Mozilla Identity (now called Personas) project
[15:47:19] <dwd> OK, cool. If I have trouble getting in with the crowd, as it were, I'll give you a shout.
[15:48:10] <bear> k
[15:48:24] <dwd> Zash, So if I get this right, BrowserID is basically a CA?
[15:48:40] <Zash> Yes
[15:50:38] <Zash> There's some spec here https://github.com/mozilla/browserid/blob/dev/docs/PRIMARY_PROTOCOL.md
[15:51:51] <dwd> Zash, OK - so the BrowserId thing is basically verifying your email address, and then issuing a cert?
[15:52:07] <Zash> Yes.
[15:52:56] <dwd> Zash, Which suggests that *that* is the bit we could easily run over XMPP, actually. So do I have to verify my email address on every brwoser I use (laptop, desktop)?
[15:54:40] *** Ashley shows as "away" and his status message is "Away"
[15:56:39] <Zash> I suppose the browser prefs syncing should also sync your keys. The rest is up to the CA, it could (as browserid.org does) issue you a normal password that you log in with.
[15:57:50] <dwd> What, for verifying? Or every time?
[16:00:47] <Zash> If your device doesn't have a cert, you're supposed to be provisioned one. How the CA determines who you are isn't in the spec afaik.
[16:01:25] <Zash> BrowserID.org sends a verification email, then lets you choose a password. Then I suppose you could log in with that password to get a cert on another device.
[16:11:25] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:13:23] *** dwd shows as "online"
[16:13:54] *** Ashley shows as "away" and his status message is "Away"
[16:13:56] *** Ashley shows as "online"
[16:14:59] <dwd> OK, so it's a global CA which has a single password per user.
[16:15:19] <dwd> Does it have a single X.500 directory behind it, too?
[16:15:53] *** bear shows as "away" and his status message is "I am away from my desk. Leave a message."
[16:17:21] <Zash> Heh
[16:18:13] <Zash> At least you(r email provider) can run a CA too.
[16:20:21] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:27:11] <Zash> Fun, so the current implementation passes arround big numbers in decimal form. The JSON Web * specs says to base64 them.
[16:30:21] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:32:19] <Zash> Suddenly, JSON and base64 everywhere!
[16:36:34] *** Ashley has left the room
[16:36:37] *** Ashley has joined the room
[16:45:31] *** dwd shows as "online"
[17:08:17] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:16:03] *** dwd shows as "online"
[17:16:17] *** Ashley shows as "away" and his status message is "Away"
[17:17:22] *** Kooda shows as "away"
[17:18:50] *** Ashley shows as "online"
[17:22:55] *** Jef has joined the room
[17:32:29] *** stpeter has left the room
[17:43:38] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:44:50] *** Jef shows as "online"
[17:45:59] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:55:14] *** Jef has left the room
[17:55:59] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[17:56:33] *** dwd shows as "online"
[17:58:39] *** Ashley shows as "away" and his status message is "Away"
[17:59:37] *** Jef has joined the room
[18:01:09] *** Ashley shows as "online"
[18:01:09] *** Jef has left the room
[18:07:17] *** Ashley shows as "away" and his status message is "Away"
[18:10:01] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:14:58] *** dwd shows as "online"
[18:17:18] *** Ashley shows as "away" and his status message is "Away"
[18:19:40] *** Neustradamus has left the room
[18:20:15] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:30:15] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[18:35:39] *** dwd shows as "online"
[18:40:39] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:50:39] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[19:05:09] *** Ashley shows as "away" and his status message is "Away"
[19:09:42] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[19:24:01] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[19:26:54] *** Kev shows as "away"
[19:27:59] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[19:38:08] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[19:48:33] *** dwd shows as "online"
[19:57:25] *** Ashley shows as "away" and his status message is "Away"
[19:57:29] *** Ashley shows as "online"
[20:01:02] *** Ashley has left the room
[20:13:23] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[20:21:24] *** Jef has joined the room
[20:23:23] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[20:31:04] *** Kev shows as "online"
[20:44:11] *** Ashley has joined the room
[20:46:55] *** Ashley shows as "away" and his status message is "Away"
[20:47:20] *** Ashley shows as "online"
[20:47:48] *** Ashley shows as "online"
[20:48:04] *** Ashley has left the room
[21:05:11] *** dwd shows as "online"
[21:11:10] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[21:18:11] *** Jef shows as "dnd" and his status message is "Doing some homework"
[21:19:30] *** MiGri shows as "away" and his status message is "I'm not at the computer but I'll read the messages as soon as I'll be back."
[21:34:06] *** Kev shows as "away"
[21:34:17] *** Kev shows as "online"
[21:39:33] *** Jef has left the room
[21:39:39] *** Jef has joined the room
[21:44:17] *** Kev shows as "away"
[21:48:27] *** Kev shows as "online"
[21:58:36] *** Kev shows as "away"
[21:59:42] *** MiGri shows as "online" and his status message is "This conversation may be monitored for quality assurance or security purposes. ;)"
[21:59:42] *** MiGri shows as "xa" and his status message is "Screen detached. I'll read the messages as soon as I'll be back."
[22:02:49] *** Jef has left the room
[22:03:53] *** Jef has joined the room
[22:19:55] *** Jef shows as "away" and his status message is " (Away as a result of being idle more than 15 min)"
[22:22:39] *** Jef shows as "online"
[22:29:42] *** dwd shows as "online"
[22:30:16] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:33:26] *** Jef has left the room
[22:40:16] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[23:23:16] *** dwd shows as "online"
[23:29:04] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:39:04] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"