Ge0rGGood morning. Did everyone have a great party last night, or is Summit resuming the tech talks? :D
Seve/SouL:D
Zashhas left
pep.!
jjrhBeh train stopped
mathieuieveryone had a great snow-delayed train to diegem
jjrhThe one time on this trip I leave to make it exactly on time and not early is the day there is a delay
Zashhas left
Zashhas joined
Thanoshas left
debaclehas joined
ossguyhas joined
MattJjjrh, I think our train passed it on the way :)
jjrhBooo
jjrhAlmost there now
Thanoshas left
Thanoshas joined
alameyoi have 20 mina to next train :(
pep.Pad is still at https://etherpad.wikimedia.org/p/XMPP_Summit_2019_Day1 today!
Tobiasyeah...let's use that
intosihas left
Tobiasalso, I'd be nice if there was more contribution on the minutes
mathieuiGe0rG, we’re starting
Holgerhas left
Tobiasanyone needing A/V
Tobias?
jonas’I can’t attend remotely this time
goffihas joined
intosihas joined
jonas’but Ge0rG might want to listen in?
Zashpep. talks about Moved
jjrhhas left
olihas joined
Thanoshas left
MattJhas joined
Thanoshas left
Thanoshas joined
Seve/SouLHonestly it would be cool to at least being able to listen the discussion (maybe for next year), because I could listen to it but not participate
Thanoshas left
GuusSouL, i think you _can_ listen today
Guusor at least, it is technically possible for us to provide you with a stream.
Link MauveHey, you are editing the pad both at the bottom and at the top.
mathieuiI did at the top since Tobias added day2 at the top
Tobiasi thought reading it top to bottom, folks would notice it :)
jcbrandhas left
Thanoshas joined
olihas joined
Ge0rGI left my earpiece at home, so I can't listen in without offending the cow-orkers
pep.Ge0rG, takeaways for <moved/> is, "offline servers" support as a separate XEP, not in the scope of our first draft. I think it's reasonable. We can still support scheduled shutdowns
jcbrandhas left
Ge0rGpep.: any insights on the best protocol to use for embedding <moved/>? PEP? Messages? Presence? All of the above?
Ge0rGI've heard there are unmaintained servers without persistent PEP
Ge0rGOh, also PEP access model: public --> potential for spam; roster --> your contacts lose access once one of the clients has completed the "moved" game
jcbrandhas left
pep.<error type='cancel'><gone/></error>
jcbrandhas left
jcbrandhas left
pep.And we'd have a mechanism (IBR?) to be able to set the tombstone on your account
pep.So the old server can even only send that gone error to your contacts
Ge0rGso this won't work on today's unmaintained servers, but only on tomorrow's ones, which support moved?
intosihas left
intosihas joined
pep.Indeed. But as you said that doesn't work on today's server without persistent PEP
jonas’today’s servers have persistent pep
jonas’(mostly)
Ge0rGpep.: backward compatibility is the toughest piece of any protocol
Ge0rGjonas’: you might be biased by only looking at the *popular* servers.
Thanoshas left
pep.Ge0rG, ok, so I still don't know how to answer that.
pep.And I guess you don't either
pep.I guess we can have both PEP and <gone/> tbh
Ge0rGpep.: maybe a <message><moved> to all contacts in addition?
Zash<message to=everyone type=chat><moved to="newjid"/><body>Hey, I'm moving to a new account, please add me there: newjid</body></message>
Thanoshas joined
pep.yeah backwards compatibility through natural languages in <body/>
Ge0rG> The <body/> MUST NOT contain information unrelated to the account move. This allows a receiving client that understands the <moved/> element to discard the <body/> and use an appropriate internal presentation format.
pep.heh, TIL of that document
Ge0rGpep.: ouch. sorry. Should have mentioned that earlier.
Ge0rGI've stopped short of introducing PEP
Ge0rGIt's not even git-commited yet, just a stash in my $HOME
Thanoshas left
Thanoshas joined
ZashDelay tags can/are scoped by the delaying entity
Thanoshas left
edhelashas joined
edhelashello people
edhelassorry to ask again, what is the url of the webex meeting already ?
jonas’edhelas, https://cs.co/rudy maybe?
jonas’I don’t know for sure, I’m not listening in today
Ge0rGyes, https://cs.co/rudy works
Ge0rGit even had an XML snapshot slide a bit back
edhelasokay :) I'm in, but no video
edhelaslet's try on chrome
Ge0rGedhelas: there is no video, AFAICS
Thanoshas joined
edhelasoh ok
Ge0rGbut maybe there is and my firefox is too old
ralphmHuh? Three is
ralphmThere
edhelastried with chrome/firefox, no video
Thanoshas left
ralphmWeird
vanitasvitaehas left
edhelasoh actually I have the video stream of goffi now :)
edhelasso it's definitly an issue with the cameras in the room
MattJKev, room in the schedule for a very brief demo from me?
Syndacehas left
edhelasif there's still room left I can also do a demo :p
edhelaswould it be possible to list Moya on the XMPP website ?
MattJedhelas, I think you can submit a PR
MattJor Daniel :)
Danieli'm just a consultant/contractor for Moya. I don’t have decision power
edhelascan you share the screen ?
Danieloh never mind. i missunderstood that question
pep.edhelas, it's supposed to be
Ge0rGI can't see anything.
pep.ralphm, ^
Ge0rGaudio works, but no video/screen sharing
MattJGe0rG, https://jmp.chat/
Ge0rGMattJ: I never completed their onboarding, so I wanted to see it in action at least remotely.
Ge0rGDaniel's presentation worked.
edhelasyes I can confirm, like Ge0rG
jjrhhas left
hantuhas left
jjrhhas left
ossguyhttps://gitlab.com/ossguy/sgx-catapult
Ge0rGossguy: do you happen to have a video of what you've shown right now?
ossguyyes, I did a similar demo at DebConf that was recorded - let me get you the link a minute...
flohas joined
ossguyGe0rG: it starts at 29:40 in https://saimei.ftp.acc.umu.se/pub/debian-meetings/2017/debconf17/live-demos.vp8.webm
ossguy(not sure if there's an easy way to add that time offset as a # thing in the URL)
Holgerhas left
Holgerhas left
Ge0rGossguy: thanks, I'll watch it when I'm off my metered mobile connection.
ossguyyou're very welcome
Kevhas left
Ge0rGVIDEO!!!1!
edhelasVIDEO §§§
edhelasannndd it's gone
mathieuiblame Link Mauve
Ge0rGWhatever you guys did, do it again please.
edhelasthe video only turns on when Link Mauve is filmed
Zashworks now?
mathieuinote how he made his "slides" in tmux tabs
Ge0rGWe had Link Mauve's screen, then Link Mauve's face, and now it's gone again
edhelas> Video is not currently available due to low bandwidth or local computer conditions (such as CPU or RAM use). Video will resume automatically when conditions improve.
Ge0rGno video any more
edhelasI'm sure I have the bandwidth for it
mathieuiedhelas, rust is too powerful for your computer
Zash"worksforme" / ralphm
pep.https://gitlab.com/xmpp-rs/xmpp-parsers/
edhelasmathieui :(
jjrhhttps://wiki.xmpp.org/web/Summit_23#Show-and-tell has some of the links
ralphmSorry people, I don't know why it (sometimes?) doesn't work for you, but I've been constantly connected to the stream on my laptop, too, and see no issues there.
edhelasralphm you're stealling all our bandwidth !
Ge0rGThere is *at least* one writer thread *cough*cough*
flowjonas’: 12:23:09 intosi> At one EuroOSCON many moons ago, we had a lengthy chat with someone using (amonst other open tech) XMPP for teledildonics.
ZashGe0rG: Anything to say about xmpp developer foundation or somesuch?
Danielhttps://xmpp-developers.foundation/about/
Ge0rGZash: I'm not the right person for that. But I've heard somebody wanted to found a JSF
ZashGe0rG: JSF vs XDF - FIGHT!
flowwhy does it always have to be a vs. and not simply live and let live ;)
vanitasvitaeflow: its about the name
flowvanitasvitae, ahh, if this is the biggest issue, i am sure we can find something everyone is unhappy with
debacleFor everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join
Seve/SouLZimpy
vanitasvitaeLets name the developer foundation matrix.org
jonas’flow, I’m also sure we can come up with an acronym with is massively misleading
jonas’ah, vanitasvitae did it already
vanitasvitaeYou're welcome :)
jonas’Massive Advancement Towards Rapid Integration of XMPP
jonas’or something
vanitasvitaePerfect!
vanitasvitaeSpld
vanitasvitae*sold
mathieuijonas’, Massive Advancement Towards Rapid Integration of XMPP. Openly Regulated Guidelines
debacles/Integr/Implement/ ?
jonas’debacle, !
Bartekhas joined
edhelasPlanner Jabber is actually available on XMPP Pubsub https://nl.movim.eu/?node/news.movim.eu/PlanetJabber :) #eatyourownfood
dwdhas left
Ge0rGjonas’: I thought MATRIX is Monolithic Awfully Trendy Re-Invention of XMPP (courtesy of debacle)
jonas’that’s the other Matrix
vanitasvitaeSprint XYZ - presented by the XSF and XDF!
Ge0rGSpeaking of marketing... "We bring the Pee into XMPP"
flow"Monolithic Awfully Trendy Re-Invention of XMPP" ← love it
vanitasvitaeRe planetjabber: it still contains philosophy posts
mathieuiGe0rG, please stay away from public relations in any form
Zashhttps://www.ag-software.net/matrix-xmpp-sdk/ this Matrix?
pep.That's the channel we've been idling in fwiw, xmpp:jsf@chat.cluxia.eu?join - jsf is probably not the name, and xdf came afterwards.
Ge0rGthere is precedent for a Jabber®-named organization, and there is precedent for the JSF
Ge0rGAnd if we keep to the notion of "Jabber" being the federated IM network, a JSF kinda makes sense
singpolymaMerry Band of Jabberers
Zashpep.: look up
vanitasvitaeJust do a poll regarding the name
vanitasvitaeThere is a xep for that, right?
Ge0rGLink Mauve is very quiet on the audio stream
Ge0rGThere is also an ongoing effort to report spam-forwarding IBR servers to the admins and to the respective ISPs, to get them shut down
ralphmvanitasvitae: as I said, Planet Jabber is about People Doing Jabber/XMPP stuff. It is not about Posts About Jabber/XMPP.
flowralphm, I think there is maybe a desire to change that
Ge0rG99.9% of current spam can be blocked by some easy heuristics and blocking of URLs from non-subscribers
ralphmflow: there's also Planet Jabber News which includes software update feeds
Ge0rGif the audio wasn't so bad, I'd contribute some insights too
Ge0rGMaybe we can pay the spammers *more* to not send any spam any more! 😁
Seve/SouL:)
ZashWhat could go wrong
Ge0rGZash: Cobras
pep.We need to hire a hitman
Seve/SouLThanks for explaining MattJ
flowHmm, the discussion is dereailed it appears, was interersting to hear what Link Mauve explained, but right now I don't know where we are heading to
pep.Spammers might be listening in this room, we need not to reveal our secrets
Ge0rG*raise hand* my spam solution isn't blocking all messages from foreigners
TobiasGe0rG, alright...will proxy it
Danielflow, i think a lot of people don’t know how spammers or spim work. so getting everyone on the same page (ie how does the threat vector look like exactly) is certainly valuable
dwdpep. Good point. Maybe we should lay some false trails. How about I suggest that the spammers are easy to spot because they use plaintext whereas everyone else uses XHTML-IM?
TobiasGe0rG, Link Mauve is explaining things in more detail
Ge0rGTobias: Link Mauve is very quiet, so I'm missing out random fragments
pep.dwd, sounds good to me
flowDaniel, true, but given the limited time I think it would be benficial to focus on what actually works regarding spam prevention
Ge0rGraises hand
singpolymahas left
dwdpep., Maybe a XEP that has a new element: <this-is-not-a-spam xmlns='urn:xmpp:spam:0'/> that we pretend we check for?
TobiasGe0rG, next time i'll bring a megaphone
Danielright. but to work out the solutions it is importants to understand how the problem actually looks like
flowGe0rG, you need to tell Tobias to raise his hand for you :->
Danielfor example the information that there are only ~3 spamming services is interesting
TobiasGe0rG, it's up
Danielalso the information that spammers can read
Danielwhich apparently people weren’t aware of
TobiasGe0rG, are you on audio? if not just write what you want proxied
Ge0rGTobias: I'm on audio, just need to unmute myself and surprise you all with my voice
Tobiasalright
intosiWe could ask spimmers to use https://xmpp.org/extensions/xep-0076.html
Ge0rGhttps://github.com/JabberSPAM/blacklist re what Link Mauve is saying
TobiasGe0rG, PING
Seve/SouLYes Ge0rG
flowSo according to https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt, the current size of the problematic services is 1
flowDoesn't look so bad
Guus😛
Danielflow, there is a due processes to get on that list and off that list
Danielquite a few servers are about to get on that list
TobiasIn case people remember stuff from the spam discussion that's missing on https://etherpad.wikimedia.org/p/XMPP_Summit_2019_Day1 , please add it
Ge0rGWith the current level of sophistication of the spammers, there is NO NEED for captchas
intosiGe0rG: interesting observation.
Ge0rGTobias: *raises hand* sometimes spam accounts are created, then not logging in for multiple weeks, then wake up and spam
Danielyes.
mathieuioften, yes
Danielbut i don’t think it matters to the pattern of suddenly sending messages to 1000s of people
TobiasGe0rG, it's up
mathieui+1
Danielthat pattern should be blocked regardless of how old the account is
singpolymahas joined
jjrhhas left
Ge0rGless-than-secret example from the firewall:
```
# outgoing messages to non-contacts need to be full-body-searched.
KIND: message
TYPE: chat|normal|headline
NOT SUBSCRIBED?
JUMP_CHAIN=user/bodycheck
```
Ge0rGfrom a fast skim of the rules, the only thing that's not coming from the message is the mutual subscription status
Tobiasmaybe the Rspamd protocol documentation can also provide some helpful input✎
singpolymaso the antispam server doesn't need the whole roster, just a boolean basically about the relationship between from and to
Zashnone/to/from/both
Tobiasmaybe the Rspamd protocol documentation can also provide some helpful input https://www.rspamd.com/doc/architecture/protocol.html ✏
Ge0rGZash: the relevant question is: did the recipient authorize the sender before
singpolymawould the blacklist being public be as problematic as the rules? I would think probably not?
Ge0rGsingpolyma: the blacklist doesn't contain any black magic.
mathieuiyet.
Ge0rGThere are various public blacklists already
flowGe0rG, that sounds like it could be feasiable to just put additional metainformation in the message send to the spam indendification service, versus the spam identification service asking for additional information from the xmpp server
Ge0rGI've only created my own one because none of the earlier ones had a due process
Ge0rGflow: yes.
Ge0rGflow: just a metadata flag
singpolymafor sure. due process is a good thing that can help us from becoming like email
Ge0rGsingpolyma: I wanted to be a _good_ RBL
flowGe0rG, question is, will there be more metadata in the future? Probably, but then we question is "How much?"
Seve/SouLDid I hear correctly :)
Ge0rGTobias: jonas’ provided measurements from compression with different flushing aggressivity
Ge0rGjonas’' data on XMPP compression: https://github.com/horazont/aioxmpp/issues/249
Ge0rGaioxmpp test suite, sync_flush only (XEP-0138 as written): 40% rx, 20% tx
aioxmpp test suite, full_flush after each stanza: 25% rx, 20% tx
JabberCat startup (lots of mucs, lots of avatars), full flush after each stanza: 25% rx, 12% tx
JabberCat startup (lots of mucs, lots of avatars), sync flush: 36% rx, 12% tx
Ge0rG(the percentage being the ratio of bytes saved; tx is from client to server, rx is from server to client)
singpolymaso even full flush after every staza could be worth it *if* that is safe in your context
winfriedEXI!
Ge0rGyou save 20% of traffic, but add some proper CPU load
Ge0rGalso RAM
singpolymafor sure
Zashsomething something ROI
mathieuiGe0rG, which might be something of interest using a smartphone over an edge channel
ZashAs a server dev, I'm happy avoding the additional memory usage of compression
Ge0rGraises hand: an approach that's maybe worth exploring is a pre-created "official" compression dictionary, containing all the relevant stanzas and namespaces. like http/brotli
Ge0rGTobias: ^
singpolymawinfried: is there data on EXI vs compression similar to those numbers above?
Ge0rGdamn, toolate
TobiasGe0rG, sorry. we moved to the next item
debacleGe0rG in some cases compression actually reduces CPU load, because there is less data to TLS encrypt
Ge0rGdebacle: I know
Ge0rGIs there somebody good at painting? We still need XMPP Compliance Badges
winfriedsingpolyma: some years ago there were some japanese guys, who did metrics on EXI, it worked quite well
Seve/SouLYes! A lot of people!
Seve/SouLSomebody writing that donw? Just to know what can we improve in the future for Summits and so on
dwdKev's writing this stuff down, yes.
Ge0rGI wish for a working A/V and *especially* better audio, and it would be great if it would work over XMPP
TobiasSeve/SouL, see etherpad
alameyohttps://ctftime.org/writeup/12913 here is kind of compression oracle attack - it was created as hacking challenge but you can get the idea
Seve/SouLHe has a point though :)
dwdSeve/SouL, Who?
Ge0rGVideo worked and broke down synchronously for me and edhelas, so it must be on Cisco's end
Seve/SouLdwd, working on the agenda before Summit (I don't know him unfortunately)
Tobiaswhat's at the top of the board?
Zash"agenda before reading"
MattJLooks like "AGENDA FUR BY REAPING"
Zashfor?
Tobiassomething in between i bet,...ta
ZashHaving the agenda prior to the summit so you can read up on XEPs and whatnot
MattJAh
Seve/SouLI had that experience last year, couldn't have maybe an exact opinion on something
dwdThat was suggested by Piotr of Erlang Solutions.
Seve/SouLAh I see, thanks dwd
Seve/SouLWhat did happen to think about this information for new people attending?
ZashSeve/SouL: What do you mean?
Seve/SouLZash, just curious about if this topic popped up because somebody did something wrong by mistake... Or something like that (Writing how the Summit works, I mean.) Anyway, I may have understood it in a different way, audio is ok but of course not real life.
ZashSeve/SouL: No, we want to remember what was done well, so it's not forgotten and can repeated next year
Seve/SouLOk perfect, great
Seve/SouLThank you Zash
ZashSeve/SouL: Assuming I understood your question
Bartekhas left
flowSecretary: Add ProtoXEP SEX to the XSF Summit 2020 agenda
flowSecretary: Vote for "ProtoXEP SEX" as agenda item
Zash/invite Secretary
flowSecretary: Add XEP-1234 as recommended read for the "ProtoXEP SEX" agenda item
Syndacehas left
singpolymahas left
dwdhas left
debaclehas left
Danielhas left
winfriedhas left
intosihas left
kinguWhat is he selling?
ossguyhas left
hantuhas left
Guushas left
Tobiashas joined
jjrhhas left
Zashhas left
flohas left
flohas joined
goffihas left
Kevhas left
Zashhas joined
alameyoso anyone, any plans for the rest of the evening?