XSF Discussion - 2017-03-04


  1. Lance has left
  2. Lance has joined
  3. arc has left
  4. Zash has joined
  5. Zash has joined
  6. Guus has joined
  7. Guus has left
  8. bra has left
  9. Guus has joined
  10. Guus has left
  11. Guus has joined
  12. bra has joined
  13. Guus has left
  14. Guus has joined
  15. Guus has left
  16. Guus has joined
  17. blipp has left
  18. blipp has joined
  19. Guus has left
  20. arc Or twelve easy payments of $59!
  21. Guus has joined
  22. kaboom has left
  23. Guus has left
  24. Lance has left
  25. jere has joined
  26. daniel has left
  27. daniel has joined
  28. daniel has left
  29. Tobias has joined
  30. Tobias has joined
  31. daniel has joined
  32. daniel has left
  33. efrit has joined
  34. daniel has joined
  35. moparisthebest has left
  36. moparisthebest has joined
  37. daniel has left
  38. nicolas.verite has joined
  39. daniel has joined
  40. waqas has joined
  41. vurpo has left
  42. vurpo has joined
  43. efrit has joined
  44. Lance has joined
  45. sezuan has left
  46. Lance has left
  47. moparisthebest has left
  48. moparisthebest has joined
  49. jere has left
  50. jere has joined
  51. jere has left
  52. jere has joined
  53. SamWhited has joined
  54. nicolas.verite has left
  55. Guus has joined
  56. Guus has left
  57. Guus has joined
  58. arc has left
  59. Guus has left
  60. Guus has joined
  61. Lance has joined
  62. nyco has left
  63. Guus has left
  64. Guus has joined
  65. uc has left
  66. uc has joined
  67. Guus has left
  68. Guus has joined
  69. kalkin has left
  70. Lance has left
  71. waqas has left
  72. SamWhited has joined
  73. mimi89999 has left
  74. mimi89999 has left
  75. nicolas.verite has joined
  76. Yagiza has joined
  77. mimi89999 has joined
  78. suzyo has joined
  79. kalkin has left
  80. sezuan has left
  81. nicolas.verite has left
  82. sezuan has left
  83. daniel has left
  84. daniel has joined
  85. daniel has left
  86. daniel has joined
  87. nicolas.verite has joined
  88. daniel has left
  89. daniel has joined
  90. Guus has left
  91. Guus has joined
  92. daniel has left
  93. sezuan has left
  94. daniel has joined
  95. arc has left
  96. Lance has joined
  97. Guus has left
  98. Guus has joined
  99. Lance has left
  100. SamWhited has left
  101. SamWhited has joined
  102. jubalh has joined
  103. nyco has left
  104. nyco has joined
  105. nicolas.verite has left
  106. nyco has left
  107. nyco has joined
  108. jubalh has left
  109. intosi has joined
  110. nicolas.verite has joined
  111. intosi has left
  112. daniel has left
  113. daniel has joined
  114. daniel has left
  115. daniel has joined
  116. Mancho has left
  117. nyco has left
  118. nyco has joined
  119. nicolas.verite has left
  120. daniel has left
  121. daniel has joined
  122. daniel has left
  123. daniel has joined
  124. daniel has left
  125. daniel has joined
  126. goffi has joined
  127. daniel has left
  128. daniel has joined
  129. Ge0rG That reminds me of the jabber trademark license fee... Is it still a thing for commercial applications?
  130. daniel has left
  131. daniel has joined
  132. arc I do not believe so, any evidence to the contrary appears to be a mistake. But you should reach out to PSA for that
  133. arc I'm excited to pull in a whole new group of XMPP enthusiasts to the XSF
  134. arc http://www.sensei-iot.org/ over 100 members to this IoT working group
  135. arc and its all XMPP
  136. arc William (the man I met with today) is extremely interested in discussing IoT security issues and cross protocol gateways using XMPP as a core standard for interop
  137. mimi89999 has joined
  138. arc how this man, who knows PSA, Michael Holden, Rikard, Peter Waher, and others, has been working with and promoting XMPP for 5 years or more, and has never been invited to join the XSF is beyond me
  139. daniel has left
  140. daniel has joined
  141. fippo arc: the xsf is not something where you need an invite to join
  142. Mancho has left
  143. Tobias even more scary, you have to candidate and be voted in...think of all the campaigning involved
  144. arc fippo: no its not, but you do need to know you can join.
  145. arc ive been taking an active approach to reaching out to xmpp library developers trying to grow the xsf membership for the last year, and we've had at least a handful of new members join that way who've been working with XMPP for years
  146. arc in many foundations that FOSS devs are used to working around, membership is not so easy. often you do need an invite and often an onerous process to join. joining the Python Software Foundation, for example, has always been a painless but undocumented process which boils down to "what, she isn't already a member? we should add her to the list"
  147. tim@boese-ban.de has left
  148. nicolas.verite has joined
  149. Tobias what do you get from joining the PSF?
  150. arc the ability to vote and invite to the posh free annual member dinner at PyCon
  151. tim@boese-ban.de has joined
  152. daniel has left
  153. daniel has joined
  154. arc and being able to join the members-only list, which boils down to about the same as the XSF
  155. Tobias ah..ok
  156. nicolas.verite has left
  157. arc I was an officer for the PSF before I was a member, I became a member when a board member asked me at pycon if i was coming to the member luncheon and I told him I wasn't a member. He brought me to the luncheon, and I became a member
  158. arc your first annual meeting with the PSF (which is the luncheon or dinner) you stand up to introduce yourself. and its done.
  159. arc there are several developers with python-dev (aka they have commit/push rights to Python itself) who are not yet PSF members due nobody noticing that they're not members yet.
  160. Valerian has joined
  161. arc anyway - so thoughts on this proposed "httpx" URI scheme for http over xmpp?
  162. Valerian has left
  163. Valerian has joined
  164. Valerian has left
  165. Lance has joined
  166. dwd has left
  167. arc i guess it boils down to whether XMPP is considered a proxy service or a primary protocol
  168. Valerian has joined
  169. sezuan has left
  170. efrit has joined
  171. Valerian has left
  172. Lance has left
  173. intosi has joined
  174. intosi has left
  175. intosi has joined
  176. sezuan has left
  177. nicolas.verite has joined
  178. Flow has joined
  179. Valerian has joined
  180. jere has left
  181. jere has joined
  182. Valerian has left
  183. goffi has left
  184. xnyhps has left
  185. nicolas.verite has left
  186. xnyhps has left
  187. jere has left
  188. efrit has joined
  189. nicolas.verite has joined
  190. jonasw arc: why would one want to do http over xmpp?
  191. jonasw I only heard people *joking* about that.
  192. Ge0rG jonasw: so that you can tunnel HTTP over BOSH.
  193. Valerian has joined
  194. sezuan has left
  195. jonasw arc: I’m sure there are usecases, but which are they?
  196. daniel has left
  197. daniel has left
  198. blipp has left
  199. daniel has left
  200. Valerian has left
  201. blipp has joined
  202. daniel has left
  203. daniel has left
  204. daniel has left
  205. daniel has left
  206. intosi has left
  207. daniel has left
  208. Mancho has left
  209. mimi89999 has joined
  210. daniel has left
  211. Lance has joined
  212. daniel has left
  213. Valerian has joined
  214. kaboom has joined
  215. pep. has left
  216. Lance has left
  217. Ge0rG In band http upload?
  218. Ge0rG jonasw: we should write up something for next month.
  219. kaboom has left
  220. Guus has left
  221. Guus has joined
  222. vurpo has left
  223. vurpo has joined
  224. Mancho has left
  225. jonasw Ge0rG: XEP-0363 over XEP-0332?
  226. sezuan has left
  227. sezuan has left
  228. kalkin has left
  229. Guus has left
  230. Guus has joined
  231. jubalh has joined
  232. Valerian has left
  233. jubalh has left
  234. Ge0rG jonasw: Yeah, I'm sure we can add some more layers to the stack... WebSockets, serverless, mdns, json/rest...
  235. jonasw I’d rather work on something productive at the moment.
  236. jonasw also, my april 1st thing (if I get around to do it) will be on mtr-tiny
  237. jubalh has joined
  238. jere has joined
  239. waqas has joined
  240. jubalh has left
  241. vurpo has left
  242. vurpo has joined
  243. ooih has joined
  244. uc has left
  245. kaboom has joined
  246. jubalh has joined
  247. Guus has left
  248. Guus has joined
  249. Lance has joined
  250. Zash has joined
  251. Ge0rG jonasw: I'd like to proof read it, if that's okay for you
  252. jonasw Ge0rG: what? what I do with mtr-tiny?
  253. jubalh has left
  254. Ge0rG jonasw: Yeah, that one
  255. kaboom has left
  256. Guus has left
  257. Guus has joined
  258. jere has joined
  259. moparisthebest Hmm HTTP over xmpp using xep368 over tls on port 443...
  260. moparisthebest What's the point? :/
  261. Guus has left
  262. Guus has joined
  263. Lance has left
  264. vurpo has left
  265. vurpo has joined
  266. vurpo has left
  267. vurpo has joined
  268. kaboom has joined
  269. jere has joined
  270. nicolas.verite has left
  271. arc jonasw: to hide your IP address
  272. jonasw arc: you can use a generic HTTP proxy for that
  273. Zash For when you don't have Tor, but do have XMPP?
  274. arc jonasw: that would be a fine solution too, especially if there was a manner for your xmpp server to provision it
  275. arc and if Tor was more widely deployed that could work too
  276. Guus has left
  277. arc i want to close the IP leak tho with shared URLs
  278. blipp has left
  279. Guus has joined
  280. arc btw moparisthebest i did a quick and dirty test late last night, exi compressed offers not much in the way of actual compression when used for xmpp due to flushes for stanzas
  281. arc there would be a few cases that it would such as some pubsub payloads
  282. blipp has joined
  283. Zash has left
  284. Zash has left
  285. Zash has joined
  286. kaboom has left
  287. arc so a lot of the values for a reasonable client's schema has a lot of low values; 01, 02, 04.. compression does pack those values together, but it doesnt save nearly as much as bitpacked does
  288. moparisthebest has left
  289. arc and text messages are too small to save a ton unless a dictionary is pre-applied
  290. moparisthebest has joined
  291. daniel has left
  292. arc there are some bitpacking schemes you can use to compress latin text down tho
  293. Zash Heh, dictionary based on xml:lang? heeeheh
  294. Zash has left
  295. Zash has left
  296. Zash has joined
  297. moparisthebest Zstd has an interesting dictionary thing built in too, but if compression can't be secure I don't see why it matters much
  298. kaboom has joined
  299. moparisthebest Like secure wouldn't matter on a private LAN, but bandwidth isn't an issue there either
  300. sonny has left
  301. Zash Trade-offs everywhere
  302. moparisthebest Yup but this tradeoff at least seems basically clear cut
  303. moparisthebest Compression or encryption, pick one
  304. jonasw moparisthebest: it’s not that clear cut
  305. Zash Memory vs security more like
  306. jonasw in cases where an attacker cannot inject input into your output…
  307. Zash vs compression ratio
  308. Guus has left
  309. Guus has joined
  310. Zash Having a compression dictionary per (to, from) would probably be secure and get good compression ratio, but you have to keep a ton of compression streams in memory
  311. Zash Compressing each stanza in their own state, or doing a full flush between each stanza is probably secure and don't use too much memory, but you don't get that great compression ratio
  312. moparisthebest jonasw: it's basically clear cut, since it's so hard to impossible to make sure attacker controlled input isn't in there, the only secure thing to do is no compression
  313. Mancho has left
  314. moparisthebest Especially at the protocol level
  315. Tobias wouldn't EXI allow us compression of some contents and not of others..so we could exclude security relevant info from compression
  316. moparisthebest Like maybe doing what Zash says is secure, but as a server or client you can't tell if the other end is doing it that way
  317. moparisthebest So the only secure thing to do is not support compression
  318. Zash You speak like security is absolute. It is not.
  319. Tobias moparisthebest, at some level you got to trust the software on the other end, you don't know if the other end of your TLS connection is dumping the cleartext somewhere
  320. moparisthebest Tobias: sounds like exis bitpacking without compression makes size smaller while still retaining security
  321. moparisthebest Maybe :-)
  322. vurpo has left
  323. vurpo has joined
  324. vurpo has left
  325. vurpo has joined
  326. arc well, if my memory and what i just re-read is sane, then in the schema you can define alternative character-restricted CH event types for chat messages
  327. jubalh has joined
  328. arc for example, you could offer a latin + extended latin + common emoticons CH type that may still be 6 or 7 bits in size, in which case it'll only use that number of bits in bitpacked
  329. arc i do *not* want to write the regular expressions for that though.
  330. arc thankfully that'll be up to each client.
  331. jonasw that doesn’t sound crazy at all
  332. arc i think you would want at least 3 different format options; common latin-based language, 2-byte unicode, and full unicode
  333. jonasw and what happens if a client gets send content which doesn’t fit that CH type?
  334. arc jonasw: the server would use a different CH type.
  335. jonasw ah okay
  336. Zash Huffman code all the text?
  337. jonasw so there can be multiple :)
  338. arc or, if no type is available according to the schema the client requested, then the message would not be delivered
  339. arc i do believe so, yes.
  340. arc honestly ive stayed the hell away from CH encoding because the regex parser scares the shit out of me
  341. arc i need to do it. one of these days, and soon.
  342. nyco has left
  343. nyco has joined
  344. arc there are one of three outcomes from such an effort; 1) I finish it and afterward find myself wiser, more self-confident, and appreciating the effort I put in 2) I finish it, but at the cost of whatever sanity I have left 3) I don't finish it, decide to change professions, and end up working at a starbucks
  345. sonny has left
  346. blipp has left
  347. SamWhited arc: starbucks? Aren't you moving to Portland? You'll have your choice of much better coffee shops there!
  348. arc SamWhited: lol
  349. Zash There's a 4th option, move into the woods and become a potato farmer.
  350. arc I tried that already. I got really, really bored.
  351. arc there's 8 acres of land in New Hampshire owned by a monastic society I founded about a decade ago
  352. arc the last I heard there's still 3 people living there.
  353. arc try a git clone on a dialup modem...
  354. arc but since its a church, its not required to file with the IRS - only updating its information with the state every 5 years. its exempt from paying property taxes, so the land is effectively perpetual
  355. Alex has joined
  356. arc in 2020 ill just have to make sure an online form gets filed with the state as a keep-alive.
  357. jubalh has left
  358. Zash Probably not too hard/expensive to get fiber. 3G/4G coverage might be good enough too.
  359. arc to get there you need to drive down what looks like a driveway, but is a public gravel road, with utility poles that have telephone but no electric. there is only a weak GSM 2G cell service at best (often no signal), no cable, and its too far out for DSL. the only power on the land is 2 solar panels mounted to the roof of a yurt.
  360. Zash The word "here" was missing in that sentence.
  361. Zash Small village I lived in in like ~2000 had fiber.
  362. Zash Then I moved into the city. Got worthless cable with download caps.
  363. Zash Local hackerspace only got fiber now and it's pretty central.
  364. arc oh they have decent cable internet there, but nowhere near the land. we got the land cheap as hell because there's absolutely nothing near it. there's an adjoining 118 acre plot, and an adjoining 270 acre plot, both of which are owned by family trusts and are never used
  365. sonny has left
  366. blipp has joined
  367. arc its overlooking a lake, and on the other side of the lake there is cable service with 100m business class available. if i moved back at any point, I'd buy a tiny shed with a microwave beam from the other side of the lake, and upgrade the solar capacity
  368. jonasw :D
  369. SamWhited has thought about doing something similar a few times.
  370. arc but right now the monastery survives on having virtually no expenses. they have a vegetable garden that sells at the local farmers market, and have bulk supplies delivered down the 4 mile dirt road, and the telephone bill.. but that's about it.
  371. arc SamWhited: I can literally tell you everything about incorporating a monastery. ;-)
  372. SamWhited I meant getting a tiny shed with Solar (which works very well in Texas) and then getting a Fiber line as far out of the city as Google will run it and doing microwave or something to get it to me.
  373. arc ah, yea. thats more sane.
  374. arc if you ever lose your mind and need to completely escape i can help there too lol
  375. SamWhited Don't tempt me; I'm dangerously close to that again already!
  376. Tobias has joined
  377. waqas has left
  378. boothj5 has joined
  379. arc if i did it again id make it a lot more tech focused and closer to a city, a place for techies to retire, or at least retreat to, but without being completely cut off.
  380. arc Destiny in Vermont (about 30 miles from the monastery) is a much better model. 200+ acres, permanent kitchen building, sewage, off the grid but good cell service.
  381. Zash arc: Let me tell you about the church of Kopimism
  382. Zash https://en.wikipedia.org/wiki/Missionary_Church_of_Kopimism
  383. arc heh a friend is incorporating a church of cannabis right now with a similar vibe
  384. jonasw I read cannibals at the first attempt.
  385. jonasw that was way more disturbing.
  386. arc jonasw: i like the world you live in. :-)
  387. jere has joined
  388. sezuan has left
  389. SamWhited has left
  390. arc no the monastery is associated with Quakers, "Monastic Friends", and is effectively stable with people who just want to retire and live on the land away from technology. we had more technically minded people involved early on, but i didnt understand an important property of group building back then - the early form an organization takes will determine who will remain involved with it, and thus who will shape its future.
  391. Alex has left
  392. arc the people there, and by design they're the same people who make decisions for the organization, don't want to grow the monastery or develop it in any way. they just want to live their lives in quiet reflection.
  393. daniel has left
  394. sonny has left
  395. boothj5 has left
  396. nicolas.verite has joined
  397. jubalh has joined
  398. efrit has joined
  399. SamWhited has left
  400. ooih has left
  401. ooih has joined
  402. mimi89999 has left
  403. blipp has left
  404. blipp has joined
  405. Zash has left
  406. efrit has joined
  407. jubalh has left
  408. blipp has left
  409. blipp has joined
  410. winfried has left
  411. winfried has joined
  412. SouL has left
  413. kalkin has left
  414. SouL has joined
  415. kaboom has left
  416. Guus has left
  417. Guus has joined
  418. Guus has left
  419. Guus has joined
  420. efrit has joined
  421. efrit has left
  422. efrit has joined
  423. Lance has joined
  424. mimi89999 has joined
  425. ooih has left
  426. jonasw has left
  427. ooih has joined
  428. ooih has left
  429. uc has joined
  430. pep. has left
  431. pep. has joined
  432. pep. has joined
  433. pep. has left
  434. pep. has joined
  435. pep. has left
  436. uc has left
  437. uc has joined
  438. pep. has joined
  439. pep. has left
  440. pep. has left
  441. pep. has joined
  442. jere has joined
  443. Lance has left
  444. pep. has left
  445. pep. has joined
  446. arc has left
  447. arc has left
  448. Guus has left
  449. Guus has joined
  450. kalkin has left
  451. arc has left
  452. Alex has joined
  453. Alex has left
  454. devnull has left
  455. devnull has joined
  456. jere has joined
  457. daniel has left
  458. Zash has joined
  459. moparisthebest has joined
  460. jubalh has joined
  461. Guus has left
  462. Guus has joined
  463. nyco has joined
  464. nyco has joined
  465. nicolas.verite has left
  466. vurpo has left
  467. vurpo has joined
  468. kalkin has left
  469. nyco has left
  470. nyco has joined
  471. Lance has joined
  472. nicolas.verite has joined
  473. Lance has left
  474. efrit has joined
  475. nicolas.verite has left
  476. jubalh has left
  477. jubalh has joined
  478. mimi89999 has left
  479. mimi89999 has joined
  480. jubalh has left
  481. nyco has joined
  482. nicolas.verite has joined
  483. devnull has left
  484. Guus has left
  485. Guus has joined
  486. devnull has joined
  487. Zash has joined
  488. suzyo has left
  489. efrit has joined
  490. nyco has left
  491. nyco has joined
  492. nicolas.verite has left
  493. nyco has joined
  494. nyco has joined
  495. nyco has joined
  496. nyco has joined
  497. nicolas.verite has joined
  498. daniel has left
  499. jere has joined
  500. waqas has joined
  501. arc has left
  502. arc has left
  503. nicolas.verite has left
  504. vurpo has left
  505. vurpo has joined
  506. nicolas.verite has joined
  507. nicolas.verite has left
  508. nyco has left
  509. nyco has joined
  510. nicolas.verite has joined
  511. vurpo has left
  512. vurpo has joined
  513. Zash has joined
  514. xnyhps has left
  515. xnyhps has left
  516. kaboom has joined
  517. Tobias has joined
  518. arc ive learned a lot about how to form a successful new org through many, many mistakes.
  519. nicolas.verite has left
  520. SamWhited has left
  521. waqas has left
  522. Flow has left
  523. jere has joined
  524. nicolas.verite has joined