XSF Communications Team - 2020-09-11

peetah: scroll above please, so you don't duplicate

sorry, I'll check the logs before posting from now on

Pretty sure this one was not seen here => BeagleIM 4.0 and Siskin 6.0 released: https://tigase.net/beagleim-4.0-and-siskin-6.0-released/

peetah: please keep collecting. I don't mind duplicates :) they'll resolve anyway when adding content to the newsletter draft

Does the cisco vulnerability CVE-2020-3495 considered worthy of the newletter ? it makes a lot of noise.

What bugs me is the mix made between cisco product and Jabber: in the article I run through, they are often taken one for another, considering that the flaw is in Jabber (the protocol) and not the cisco client

here is what I think is the original publication from the company that discovered the different flaws: https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/

s/in the article/in the articles/

Jabber *is* Cisco. I really don't like that jabber is widely misused as synonym for xmpp as people start mixing it up with the Cisco product jabber which is based on xmpp.

https://blog.windfluechter.net/content/blog/2020/06/09/1758-jabber-vs-xmpp

Martin: enlighten me here please: years ago I first heard of Jabber as a protocol, then it became XMPP; do you mean that Jabber was first a cisco product then its protocol has been opened ?

oh thanks for the link ✏

> sorry, I'll check the logs before posting from now on No problem, please keep up the good work!

I suggest that the next newsletter relay these two articles in the same news so that we talk about these vunerabilities and make a strong statement about the possible current confusion between Cisco Jabber and XMPP as described in the link Martin just posted

> peetah: please keep collecting. I don't mind duplicates :) they'll resolve anyway when adding content to the newsletter draft yes

I don't remember having seen anything about limiting the newsletter to FOSS: is there something stated against proprietary softwares as I guess (without any real knowledge) Cisco Jabber is ?

XMPP can be used for closed source products as well (see games, grindr) so I don't see why we should not cover those in the newsletter as well.

What, they aren't actively trying to hide its usage? :))

ok that's fine for me, it's just that I scarcely saw closed source softwares news in the newsletter

I wonder if the licence should force at least naming that the technology is used 🤔

What license?

If they don't use any OSS lib but implement it by looking at the specification they don't have to follow any license I guess.

Martin: I meant, the xmpp protocol has a license or, like gpl?

Not that I'm aware of, but I'm neither a protocol expert nor a lawyer. 😃

so its usable without any license?

It's an open spec, there's no license or price. Afaik

Okay, thanks

Martin: Need to think about it 🤔

you github comment

Ok

It's a minor thing anyway.

Martin: reading the small introduction to the article might bring the reader to use an online translator rather than skip the article altogether because of a language issue

I just dont like any [ --- ] things in the beginning of a sentence 😅 but maybe that is my personal problem

I think people willing to read an article in another language by using a translator won't be scared away by mentioning at the beginning that another language is used. 😃

Yes, but I meant this about "reading flow" and convienece

its like a visual interuption to me

> I wonder if the licence should force at least naming that the technology is used 🤔 Cisco owns the Jabber trademark. The XSF has a pretty permissive (my qualification) license to use it.

https://xmpp.org/about/xsf/jabber-trademark/

Guus: You meant the jabber trademark, but not xmpp?

Yes. I'm not sure if xmpp is trademarked at all.

ralphm: Looks like p.j.o isn't updating anymore.

Pleny of daily philosophy posts there :)) ✏

> Yes. I'm not sure if xmpp is trademarked at all. ok thx

There was a feed that tripped up Venus, leaving a gazillion zombie processes. Should be ok now.

ralphm: Works! Thanks. 😃

xmpp is not, and probably cannot be trademarked. This was one of the goals choosing the name when we standardized at ietf

👍

Hey guys, I created a poll on that language question: https://nuudel.digitalcourage.de/rCEGG1Jc3CIkDq1W everyone welcome to vote!

emus, I'd put the language tag directy after the link

In front...in front

emus: This noodle doesn't remember my choices. I filled it twice already.

In front green Behind yellow no mention red

🤔

> emus, I'd put the language tag directy after the link Ahh forgot to put that solution

update the noodle!

Martin: you votet, but I am the only one who sees the outcome 🙂 No worries, you will be informed

I updated the noodle

😃

I voted

But I first voted also twice bwcause I forgot that I set that option 😅

https://mastodon.xyz/@jcbrand/104839965037571601

^ strophe.js gets support for sharing a single websocket connection between two tabs