XMPP Council - 2022-02-16

  1. moparisthebest

    FYI for https://github.com/xsf/xeps/pull/1158 I intend to vote +0 and unless everyone else thinks it should go through as-is change it up to not Obsolete it, just remove DNS method (and mention it in security considerations for posterity) and change it to only add urn:xmpp:alt-connections:xbosh, I'd appreciate a indication whether you all think this is the right way forward or not

  2. daniel

    i literally just now walked into my hotel room and got connected to the internet...

  3. Ge0rG


  4. daniel

    1) roll call

  5. moparisthebest


  6. Ge0rG


  7. moparisthebest

    (that shoulder injury looks painful!)

  8. daniel

    the lady at the check in desk asked me to give a sales pitch for Conversations. that was unexpected and slowed me down...

  9. jonas’


  10. moparisthebest

    haha awesome

  11. daniel

    do we have a larma?

  12. larma


  13. Ge0rG

    daniel: did you arrive with a huge poster?

  14. daniel

    i did not unfortunatly. but i was registered as a business travel to not pay tourism tax

  15. daniel

    2) Agenda bashing

  16. daniel


  17. daniel

    3) Editors update

  18. daniel

    jonas’, published the xep4 and 60 changes we voted on last week

  19. daniel

    and a new proto xep that we are going to vote on later

  20. jonas’

    do we need to add ownership changes for muji to the agenda, larma?

  21. jonas’

    i.e. did you get a reply from the authors in that regard?

  22. daniel

    i have not seen public emails? did i miss them?

  23. larma

    I haven't had time to write a mail to ML yet, which we agreed to do first.

  24. jonas’

    ack, I was confused then. carry on.

  25. daniel

    4) Items for voting

  26. daniel

    a) Obsolete XEP-0156 and add warnings https://github.com/xsf/xeps/pull/1158

  27. jonas’

    I can live with that. +1

  28. Ge0rG

    We are removing DNS but also HTTP Lookup Method, right?

  29. daniel

    just to be clear. this essentially makes bosh obsolete?

  30. moparisthebest

    so http lookup is already defined in the RFC

  31. jonas’

    no, HTTPS is delegated to RFC 7395

  32. daniel

    because you can’t discover bosh any more?

  33. moparisthebest

    but this removes bosh, so my alternate proposal is remove everything else but adding bosh

  34. jonas’


  35. moparisthebest

    hence my +0 vote

  36. jonas’

    I did not realize this removes BOSH, I thought that was also covered by RFC 7395

  37. moparisthebest

    (see my comment right before the meeting)

  38. jonas’

    in that case, -1, because we should keep BOSH discoverable

  39. moparisthebest

    I didn't either until it was pointed out

  40. Ge0rG

    yeah, -1 because of BOSH

  41. daniel

    i'm on board with getting rid of dns and getting rid of http

  42. moparisthebest

    cool, I'll rework the PR for next week

  43. daniel

    but i do think we need to keep bosh

  44. daniel


  45. jonas’

    moparisthebest, thank you :)

  46. daniel

    do you want to vote on this as well larma ?

  47. Ge0rG

    maybe we can get rid of 0156 if we put BOSH into some other adequate place?

  48. larma

    I don't think we need to keep BOSH forever, but probably still need it today, so -1

  49. daniel

    thank you

  50. daniel

    wrt BOSH i think it's interesting that w3c eventsource is still around too (even though websocket exist)

  51. daniel

    but that's a discussion for another day probably

  52. daniel

    b) Obsolete and update Security Considerations for XEP-0138 and XEP-0229 https://github.com/xsf/xeps/pull/1159

  53. moparisthebest

    I think I'll remove httppoll too unless people think it's useful..

  54. moparisthebest

    +1 on this one

  55. larma

    +1 on b)

  56. jonas’

    (I would like to point out that writing a MUST NOT in an obsolete document seems kinda pointless :))

  57. Ge0rG

    I agree with obsoleting, but "this method is deemed insecure and MUST NOT be used" is a normative change and we MUST NOT enforce policy with protocol

  58. daniel

    ironcially we just deployed compression on a big project last week

  59. Sam

    I'm torn on this; I get the reasoning, but I also have deployed it on large projects and found it *extremely* beneficial

  60. larma

    Ge0rG: if you implement it, you must not use it ;)

  61. moparisthebest

    lots of insecure things are useful

  62. jonas’

    moparisthebest, I think I would be happier if, instead of changing the normative text, we add a huge security notice to the top of the document and the place where you'd change the normative text instead

  63. jonas’

    otherwise, it seems that the "MUST NOT" thing is, in fact, obsolete.

  64. moparisthebest

    the rationale behind putting the "MUST NOT" in regard to the *method* specifically is because I expect a new compression method to come along and resurrect the negotiation

  65. jonas’

    right, but at the same time, you're obsoleting that standard, including the MUST NOT

  66. jonas’

    that seems off

  67. Ge0rG

    -1 because of the MUST NOT

  68. moparisthebest

    I'm not married to it, happy to change as you all see fit

  69. Ge0rG

    I'd be okay with just obsoleting and adding a fat red warning in the security considerations

  70. jonas’

    what Ge0rG says.

  71. daniel

    yeah i think i'm -1 too. either just obsolete it (and put exi or zstd or whatever in a new xep). or just add a security warning

  72. jonas’

    -1 to b: what Ge0rG says :).

  73. Sam

    *thinks outloud* maybe it would be good to have an "editorial notes" section at the top of the XEP that's non-normative and doesn't require any update to the version because it's not actually part of the xep.

  74. jonas’

    Sam, unrelated to this, because stuff like that should definitely be versioned (thinking attic)

  75. moparisthebest

    I'll update this one too for next week :)

  76. Sam

    Nah, it would be versioned in Git and would be something the editor or council or whomever could update. Maybe call it "Editor Notes" and "Council Notes" or something. We don't version every website page in the attic

  77. Sam

    But anyways, not a discussion fo rhere

  78. Sam

    Just throwing the idea out while a relevant thing is being discussed.

  79. jonas’

    moparisthebest, thank you very much

  80. daniel

    c) XEP-0045: Remove some more mentions of GC 1.0 https://github.com/xsf/xeps/pull/1163

  81. daniel

    on list

  82. daniel

    it'll probably be fine. just want to double check later

  83. Ge0rG

    I think that "[citation needed]" is not appropriate in a XEP

  84. Ge0rG

    also on-list

  85. larma

    Same as daniel

  86. jonas’

    on list, also what Ge0rG says, I'll leave an editorial note

  87. daniel

    d) Obsolete some deferred XEP (0008, 0038, 0051) https://github.com/xsf/xeps/pull/727/

  88. moparisthebest

    yea I'd be +1 if not for [citation needed]

  89. jonas’

    daniel, can we split that vote?

  90. daniel

    yes we can

  91. jonas’

    I'd like to vote +1 on obsoleting 0008, but I don't have an immediate opinion on the other two

  92. Ge0rG


  93. daniel

    right. let me call them seperatly

  94. Ge0rG

    but I agree we should vote per-XEP

  95. daniel

    your votes on obsoleting 0008

  96. daniel

    on list

  97. larma

    I'm +1 on all of them

  98. Ge0rG


  99. moparisthebest

    +1 on obsoleting 0008

  100. jonas’

    +1 on obsoleting 0008

  101. jonas’

    (using the silence: I also have an AOB)

  102. daniel

    yes give me a second. i'm live editing the spreadsheet on a notebook screen :-)

  103. jonas’

    shall I take over?

  104. jonas’

    (for editing, that is)

  105. jonas’

    (well, I just filled in a few blanks)

  106. daniel

    ok. your votes on obsoleting 0038 now please

  107. jonas’


  108. daniel

    larma's vote has been recorded already

  109. moparisthebest

    +1 on obsoleting 0038

  110. Ge0rG

    +1, but I'd like to have a XEP for mapping ASCII smiley to Unicode

  111. daniel

    i'm on list

  112. jonas’

    Ge0rG, that sounds more like a thing for modernxmpp / client UI

  113. pep.

    Ge0rG, jabber:x:data

  114. daniel

    next vote: obsolete 0051

  115. moparisthebest

    I'm +1 with prejudice on obsoleting 0051 because it needs major security considerations and just has "To follow" yikes.... fyi the very important security considerations are covered by https://datatracker.ietf.org/doc/html/rfc6120#section-

  116. Ge0rG

    it's been deferred for over a decade, but is there anybody using it?

  117. jonas’

    +1, I think this is best addressed with <see-other-host/> stream error in RFC 6120, which also talks about the corresponding security considerations.

  118. jonas’

    (which I've actually seen in the wild)

  119. daniel

    i'm on list for this one too

  120. Ge0rG

    alright, given <see-other-host> I'm +1 on obsoleting

  121. moparisthebest

    I sure hope no one is using it, or if they are, I hope they are using it in a secure way... :/

  122. daniel

    ok thank you

  123. daniel

    moving on

  124. daniel

    e) ProtoXEP: MUC Affiliations Versioning https://xmpp.org/extensions/inbox/muc-affiliations-versioning.html

  125. daniel

    have we ever done attribute namespaces?

  126. daniel

    last time there was a huge debate about them. but i dont recall the outcome

  127. pep.


  128. daniel

    pep where?

  129. jonas’

    the outcome is that some people whose XML library can't deal with them don't like them

  130. pep.

    103? Referenced in the stickers thing

  131. Sam

    FWIW, I have seen multiple implementations (not just my own) that this will break even though technically I'm using an XML parser with namespace read support

  132. jonas’

    on-list for the protoxep

  133. larma

    I'm +1 on this

  134. Ge0rG

    can't we put a child element into the <x/>?

  135. moparisthebest

    I'm on-list, my gut reaction is to run from attribute namespaces

  136. pep.

    I'm not sure why that would be a blocker for experimental anyway

  137. Ge0rG

    on-list as well

  138. daniel

    attribute namespaces aside i'm thinking that we might want to think this bigger and version presences/roles as well

  139. jonas’

    pep., I agree, it shouldn't be a blocker for experimental

  140. daniel

    and not just affiliations?

  141. Ge0rG

    daniel: fully agree

  142. pep.

    daniel, there's already two XEPs for presence, doing about the same thing

  143. larma

    daniel, for presences there are 311 and 436

  144. Ge0rG

    it'd be awesome to get a differential membership update mechanism for huge MUCs

  145. daniel

    but yes personal opinions aside I agree that those aren’t blockers for experimental

  146. daniel

    i'm +1

  147. Ge0rG


  148. jonas’

    I still need to read it, so I'll stay with on list

  149. daniel

    ok. thank you everyone

  150. daniel

    5) Pending votes

  151. daniel

    a) Georg on 'Proposed XMPP Extension: PubSub Type Filtering'

  152. Ge0rG


  153. daniel

    6) Date of Next

  154. daniel

    +1w wfm

  155. moparisthebest

    +1w wfm

  156. jonas’

    +1w wfm

  157. daniel

    7) AOB

  158. larma

    +1w wfm

  159. daniel

    jonas’, mentioned one but we are out of time

  160. daniel

    is everyone fine with extending by 10mins?

  161. moparisthebest


  162. jonas’

    we can also move it to next week, it's not urgent

  163. Ge0rG

    I'm still semi-here, so ok

  164. jonas’

    ok, really quick

  165. daniel

    ok jonas’ go ahead

  166. jonas’

    the past two years with pandemic and so on have advanced the A/V technology and probably increase most of ours exposure to that.

  167. jonas’

    I was thinking whether we should or want to migrate this meeting to an audio-by-default, video-if-desired, chat-as-fallback format

  168. jonas’

    you can think on that in the week until the next meeting and maybe we can have a discussion then

  169. jonas’

    infrastructure won't be a problem (I have a Jitsi to spare)

  170. Ge0rG

    I'm very much -1, not only for auditability reasons

  171. daniel

    jonas’, i was actually considering proposing the same. although maybe on a monthly basis

  172. daniel

    like every first meeting in a month or something

  173. Zash

    Try Dino? 😉

  174. larma

    I wouldn't be entirely against, but I kinda don't like the idea of using not-standardized XMPP for this and I also don't think everyone wants to use Dino

  175. Sam

    The minutes would have to be written as the meeting goes on unless it's being recorded for auditability; that seems desirable though. Stuff gets missed when people do them afterwards.

  176. jonas’

    I'd volunteer to write proper online minutes for auditability

  177. jonas’

    (I've been doing that for various work meetings in the past two years and it's not a problem for me)

  178. Kev

    Didn't want to derail the meeting, but for 'editorial notes', I think they're a fine idea, but I also think there's no reason not to version them - numbers are cheap and we already have an editorial numbering scheme (the last number).

  179. pep.

    Judging by what minutes looked like in board (at the time) I'd hope that'd be worth it :/

  180. moparisthebest

    I also prefer text format as a standard, but I'm fine with audio if everyone else wanted it, or on a monthly basis or whatever

  181. daniel

    ok Ge0rG seems to be a hard no. but thank you for the suggestion. maybe something to think about or reconsider at a later date

  182. Sam

    I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something

  183. jonas’

    I'd like to have a proper discussion including Ge0rG next week when we are not running out of time :)

  184. daniel


  185. daniel


  186. daniel

    thank you everyone

  187. jonas’

    thanks daniel!

  188. moparisthebest


  189. pep.

    Not in council but that'd be a -1 from the floor. Maybe there can be trials to see how that'd go :x

  190. Kev

    re: Video/Voice/Text - High bandwidth is useful for Council themselves, if it's the only thing they're doing at the time and not e.g. on trains etc., while text is really useful for people following along, or reading up later. Maybe a poll of non-Council to see how many people actually take advantage of being able to read the raw logs would reveal that I'm the only person who does it, and there wouldn't be much value in keeping that if video was better for Council.

  191. Sam

    FWIW re video calls: I also thought about proposing something like this a few times when I was on the council. Having a face to face chat once a month or more would probably make things go smoother the rest of the time.

  192. daniel

    two years into the pandemic i figured out that i can hook up my full frame mirror less camera over usb and use it as a webcam (i had always assumed i needed a hdmi->usb capture device). but with gphoto it just works

  193. jonas’ out

  194. moparisthebest

    Also Zash some badxmpp that sends https://datatracker.ietf.org/doc/html/rfc6120#section- or 0051 before auth or where the target has a bad certificate would be interesting

  195. Zash

    moparisthebest, topic for somewhere else, probably jdev@ tho

  196. Kev

    > I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something That's true, but it's a bump where we already encode in the version number that the change was meaningless :)

  197. moparisthebest

    Just brought it up re: our vote here :)

  198. Sam

    Does bumping the version mean council has to weigh in for final XEPs? That seems to defeat the purpose

  199. moparisthebest

    I used to be strictly against audio and especially video in preference to text chat, but the last 2 years have shown me they can add some value when used periodically

  200. pep.

    « Kev> [..] how many people actually take advantage of being able to read the raw logs » I also do that often. Many things that get missed in minutes

  201. moparisthebest

    Sam: editorial changes don't need council, even if versions get bumped I think...

  202. daniel

    yes if anything we should probably start doing 1 in 4 meetings with A/V or something. see how people like it

  203. daniel

    (instead of every week)

  204. Zash

    (and do a Summit, so we remember there are actual humans attached to these nicknames/avatars)

  205. Kev

    > Sam: editorial changes don't need council, even if versions get bumped I think... This.

  206. Sam

    Hmm, I thought final couldn't be bumped at all and draft required council.

  207. Sam

    Anyways, the whole point in my mind is that it's *not* part of the XEP, it could just as easily be a separate wiki page it's just included at the top for convenience, but I don't really care either way.

  208. Kev

    And, I realise this might be a pointless idea, but I wonder if there are services where people will transcribe video meetings for you, and if the XSF might be willing to pay for such a service for Council meetings if they went video - that way those of us who like to read up would be no worse off than now, and Council could enjoy the extra bandwidth.

  209. Sam

    There are; I forget what the one I used in the past was called but it cost <a lot> (I forget that too, just that it was expensive)

  210. pep.

    A/V for crappy links isn't exactly great either fwiw. It'd be the case for me (if I were in council) but how many times have we heard Ge0r.G complain about his link :)

  211. Sam

    Although that was live transcription actually, so maybe it would be cheaper after the fact

  212. larma

    https://cloud.google.com/speech-to-text/pricing first 60 minutes free per month 😀

  213. pep.

    yay another google service

  214. Sam

    Seems reasonable

  215. Sam

    I forget this can be automated now.

  216. moparisthebest

    How do those do with accents I wonder?

  217. moparisthebest

    There are some even British accents that are completely incomprehensible to me

  218. Sam

    The robots are probably better at this than you, they have a larger training set :)

  219. Sam

    (that's a serious statement, not a joke)

  220. moparisthebest

    Very possible, I never know if that's the case or whether 100% of their training data were people with California accents

  221. Ge0rG

    moparisthebest: I think the problem won't be the accents but rather the slang.

  222. Ge0rG

    translation services are horrible at technical slang

  223. moparisthebest

    Probably true

  224. pep.

    Too Many TLAs

  225. jonas’

    I'll see if I can get a demo of a minutes file I created from an A/V meeting