XSF Discussion - 2013-11-20


  1. fippo

    I think that is Jers first post ever on a @xmpp.org list, isn't it?

  2. Alex

    fippo: which one?

  3. Alex

    standards list?

  4. fippo

    http://mail.jabber.org/pipermail/standards/2013-November/028280.html

  5. dwd

    Yeah, I think any previous have been before the Great XSF Renaming.

  6. dwd

    ralphm, It's the 15th of December we get a go/no-go for the FOSDEM Lounge, right? Do they normally hit that date or is there sometimes some slippage?

  7. ralphm

    yes

  8. ralphm

    no

  9. dwd

    Bedankt.

  10. ralphm

    :-D

  11. ralphm

    Maybe I could poke them a bit about it

  12. dwd

    It'd be useful to know as soon as, since we can begin planning more concretely, but I'd prefer not to annoy them.

  13. dwd

    Lloyd, Ashley Ward - Nice that your server broadcasts how it was shutdown.

  14. Ashley Ward

    If it does then I assume that's what Prosody does by default!

  15. dwd

    Ashley Ward, Yeah, seems so. Two restarts, eh?

  16. Ashley Ward

    Yeah. Lloyds been updating the TSL stuff on it in readiness for the 4th Jan

  17. Ashley Ward

    TSL = TLS

  18. dwd

    Right, yes. I think mine's about ready now. I've been trying to get otalk.im deployed, but it's not yet working for me.

  19. Ashley Ward

    Be interested to hear how you get on with that.

  20. dwd

    SLowly.

  21. dwd

    I'm really not experienced enough with Node and modern webapp stuff to figure out what's broken about it.

  22. Ashley Ward

    Hehe. Tell me about it - I've only barely figured out how all this node stuff works. I understand it okay as long as nothing goes too badly wrong!

  23. dwd

    I spent literally hours downloading extension after extension.

  24. ralphm

    Edwin Mons did the same for our machine the other day. He experienced issues with both disabling SSL and compression.

  25. Edwin Mons

    Well, prosody failed to do any TLS if I disabled compression.

  26. ralphm

    that counts as 'experiencing issues'

  27. ralphm

    :-D

  28. Edwin Mons

    It does.

  29. Edwin Mons

    That might be due to the hackish nature of our setup, though. I had to do a bit of library mapping to get luasec to use the openssl from ports.

  30. Edwin Mons

    Instead of the system openssl.

  31. Edwin Mons

    (FreeBSD based)

  32. dwd

    FreeBSD? But you don't have a beard...

  33. Edwin Mons

    dwd: in spirit only ;)

  34. Edwin Mons

    Nor does Kurt, for that matter ;)

  35. ralphm

    dwd: I have a beard

  36. ralphm

    and we co-admin

  37. Edwin Mons

    dwd: although I really do need to shave. It's not a full beard yet.

  38. Alex started memberbot

  39. dwd

    Heh. Lisa Dusseault's applicaiton doesn't mention that she was the one who coined the term "stanza".

  40. dwd

    Voted. :-)

  41. Edwin Mons

    dwd: fix it for her, it's a wiki after all :P

  42. fippo

    dwd: she also denies coming from IRC ;-)

  43. dwd

    Nobody admits to any involvement there, though, right?

  44. Edwin Mons

    Voted as well. A shame dwd beat me to it ;)

  45. Alex

    isn't there a comment function in the Wiki?

  46. dwd

    Discussion page, at least - I've added a note there.

  47. Edwin Mons

    The talk page. But who looks there.

  48. Alex

    ya

  49. Edwin Mons

    Discussion, yes.

  50. dwd

    Both the new applicants look good. I also realise I know nearly every reapplicant personally, too.

  51. Kev

    OK, "Yes" isn't a valid response to the memberbot.

  52. Kev

    That seems a little bit overly restrictive.

  53. dwd

    Gosh. I hadn't actually noticed.

  54. Edwin Mons

    Just noticed Diana didn't reapply.

  55. Kev

    I also get the feeling Florian's heart wasn't really in this.

  56. Edwin Mons

    You'd think with all the time he had to spend on SFO, he'd have had ample time to create a beautiful page there.

  57. dwd

    That one might be my fault.

  58. dwd

    [17:26:45] David Cridland: Just put up a blank page, nobody reads them anyway. [17:30:00] Florian Jensen: lol [17:30:02] Florian Jensen: I'll try that

  59. Kev

    In fact, I'm not convinced that his application is legal.

  60. dwd

    Oh?

  61. Kev

    We have to provide affiliation information.

  62. dwd

    That is actually a good point.

  63. dwd

    Oh. Actually I can just add it into his application; assuming I'm right in thinking he's now working for Uber?

  64. dwd

    But no, we should just contact him, actually.

  65. Edwin Mons

    I think editing someone's application is not really the best of ideas...

  66. Kev

    I'm opposed to people editing other people's applications.

  67. dwd

    Edwin Mons, It doesn't seem quite right, does it?

  68. Edwin Mons

    dwd: that's one way of putting it.

  69. Kev

    On the other hand, it's too late to edit applications at this point.

  70. Kev

    Does Florian get disqualified on a technicality? That would be ... amusing?

  71. dwd

    So the only way he could be disqualified would be to argue that his written application is not in such a form as has been adopted by the Board.

  72. dwd

    I think, anyway. So we'd need to decide on what form actually has been adopted by the Board.

  73. Kev

    Which is listed on http://wiki.xmpp.org/web/Membership_Applications_Q3_2013, no?

  74. dwd

    OK, when was that adopted by the Board?

  75. Edwin Mons

    The list of required elements is quite clear.

  76. Kev

    dwd: You tell me, you're on the Board :)

  77. dwd

    Edwin Mons, As far as I can tell, the Board agreed a few years ago to require a full name, which is *not* listed there. Can't yet find if they require anything else.

  78. dwd

    I suspect the Board could, and should, issue an edict^W^W^Wadopt a resolution that an application must include full name, email, jid, and employment details. I'm struggling to find if the Board ever has done so in the past, though.

  79. dwd

    Also, reading the bylaws, I'm surprised to note that companies can be members too.

  80. Alex

    for reapplliers we never were that strict about this information. I guess because we assume that the info did not change and we got it with the 1st application

  81. dwd

    Right, something else for the Board to deal with, then.

  82. Alex

    yes

  83. dwd

    Alex, You were Chair when that Solarius guy stood without a real name - do you know if the Board "adopted such a form" about member applications then? I thought it did, but I can't find anything.

  84. Edwin Mons

    I think it did, but the members didn't accept it and voted him down.

  85. dwd

    Oh, so maybe we just didn't vote him in and left it.

  86. Alex

    it was a long discussion at that time, but I can't remember exactly what the conclusion was. But we accepted his application and at Fosdem verified his idendity when he showed up. That was a strange guy

  87. Edwin Mons

    I remember Christ had to share a room with him.

  88. dwd

    I've read through the members@ thread, and also the next Board minutes, and can't find any conclusion. Certainly no Board resolution.

  89. Edwin Mons

    Good thing we have voting-by-proxy, because the meeting is at Sinterklaasavond.

  90. dwd

    Mmmmmm... mini-cookies....

  91. Alex

    wow 6 voters in the first 60 minutes, looks like we can achieve a good turnout this quarter ;-)

  92. dwd

    If we can keep up the momentum...

  93. Kev

    http://wiki.xmpp.org/web/Membership_Applications_Q3_2013 might need an update.

  94. dwd

    For the meeting dates, you mean?

  95. Kev

    r

  96. Alex

    updated

  97. Kev

    Murky buckets.

  98. Lloyd

    Has memberbot dropped offline for anyone else?

  99. dwd

    Lloyd, Online for me.

  100. Edwin Mons

    Online here.

  101. Kev

    Lloyd: Check no-one's been fiddling with your server ;)

  102. dwd

    And responding.

  103. dwd

    Lloyd, Right, could be some dodgy sysadmin breaking things.

  104. Lloyd

    :P Changes were made last night, gave it a kick earlier for another reason

  105. dwd

    I quite like Brian Carpenter's note to ietf-disgust saying that the main advantage of all these multistakeholder meeting groups has been to mire all attempts by governments to put international treaties over the internet.

  106. fippo

    ietf-disgust... ;-)

  107. dwd

    Not, sadly, my gag. I forget who uses that; one of the ADs I think.

  108. dwd

    *possibly* Adrian Farrell.

  109. Lloyd

    update: think it was adium being a pita, using xmpp-ftw to vote intead :)

  110. MattJ

    Heh

  111. Kev

    /Now/ memberbot isn't responding for me.

  112. Kev

    I've already voted, but it should still talk to me shouldn't it?

  113. Kev

    Ah, there it is. Just lagging a few minutes.

  114. Edwin Mons

    Same over here.

  115. MattJ

    It's simulating a real human

  116. MattJ

    or it's actually Alex simulating a bot

  117. Edwin Mons

    So you're saying there is no memberbot, just Alex?

  118. dwd

    Or that Alex is a bot faking being a human faking a bot?

  119. Kev

    Or there's no Alex, only the bot.

  120. Edwin Mons

    Hmm. I'm pretty sure I met someone who claimed to be Alex a few times.

  121. dwd

    Edwin Mons, Just shows how good that bot is.

  122. Edwin Mons

    Fair point. He/it sure passed the Turing test when I talked to him/it.

  123. Edwin Mons

    (Alex, not the memberbot)

  124. Lloyd

    kev: it was quite slow earlier

  125. dwd

    Lloyd, ALex, or the memberbot?

  126. Lloyd

    :) memberbot

  127. dwd

    Kev, You're Councilling today, aren't you?

  128. MattJ

    and since membership voting and meetings actually *happen*, it must be stpeter simulating them both

  129. Kev

    dwd: Yes, 16:10Z

  130. Lloyd

    MattJ :D

  131. Kev

    dwd: Pam?

  132. dwd

    Kev, Just so I could wander into the room and nod politely.

  133. ralphm

    dwd: like Kev does for Board?

  134. Kev

    I was very good!

  135. ralphm

    Kev: one occasion is not a pattern, but can be a good start :-P

  136. Kev

    You might be overly optimistic if you want a pattern :p

  137. bear

    5 minutes (or so) to the board meeting

  138. bear

    current agenda: - Board Chair election - FOSDEM preparation update - IoT Liason update from Peter - Membership application question from Dave - Next meeting time

  139. Simon

    I sent through a couple of things regarding security

  140. dwd

    Simon had some stuff, didn't he? Or am I confused?

  141. dwd

    Right. Not too confused.

  142. ralphm waves

  143. stpeter

    howdy

  144. bear

    oh poo

  145. Alex

    good

  146. Edwin Mons nods

  147. Alex

    I missed the last meeting, I huess treasurer and secretary is not yet elected?

  148. Alex

    huess==guess

  149. dwd

    No, we haven't yet reelected you.

  150. bear

    had that in my notes and forgot to add that line

  151. bear

    how are we on attendence today - me, dave, ralph, simon

  152. dwd waves

  153. bear

    has someone poked Laura

  154. dwd

    Laura sent apologies to the list.

  155. bear realizes he does not have her in his contacts

  156. dwd

    Lloyd, I assume she's still caught in whatever she was called into?

  157. dwd

    bear, She's not online anyway.

  158. Kev

    By 'the list' is this members@ or board@?

  159. ralphm

    yes

  160. stpeter

    in the past I've encouraged the Board to consider the various "positions" (secretary, treasurer-always-unfilled, and executive director) in January after they've interacted a bit with those currently serving in those roles

  161. Edwin Mons

    Glad that's cleared….

  162. stpeter

    perhaps it makes sense to formalize that

  163. dwd

    Kev, I can't remember where she sent her "I might not make it".

  164. ralphm

    stpeter: I can see the logic in that, yeah

  165. ralphm

    dwd: on the board list

  166. stpeter

    (because sometimes we have new Board members and they don't know who all the people are)

  167. dwd

    stpeter, But not Chair?

  168. bear

    her missing the meeting note went to the board list

  169. stpeter

    dwd: the Board selects its own chair and needs to do that straightaway, methinks

  170. bear

    ok, we have quorom, shall we start?

  171. ralphm

    bear: please

  172. Simon

    +1

  173. dwd

    stpeter, Yes, I'm inclined to agree, but it's technically a position just like secretary etc.

  174. stpeter

    the Secretary, Treasurer, and Executive Director are appointed or serve at the pleasure of the Board

  175. bear bangs the gavel

  176. stpeter

    IMHO

  177. stpeter

    anyway

  178. stpeter

    off you go :-)

  179. bear adds the current discussion to the agenda so we can get back to it

  180. bear

    any items that anyone want to add to the agenda?

  181. bear

    (I know about the item that I missed from Simon)

  182. bear

    ok, none given

  183. Alex

    ya, the current discussion about election schedules

  184. bear

    Alex - noted

  185. bear adjusts his pause-o-timer

  186. bear

    any others?

  187. ralphm

    nope

  188. bear

    first item: nominations for Board Chair so we can vote on them

  189. Kev

    I think you were going to discuss github for submissions, at some point.

  190. bear

    yes, but I need to get the git mirror in place before letting the membership know it's a change (well, that's what I was thinking)

  191. bear

    Nominations for Chair - do we have anyone who wants to nominate someone?

  192. Lloyd

    dwd: yeah sorry just caught up, she hasn't arrived back yet so I assume so.

  193. bear notes that he does not mind continuing in the role

  194. dwd

    I'm happy to do it, but happy to let you continue if you want.

  195. bear

    ok, Dave has offered what can only be described as a passive aggressive nomination ;)

  196. dwd

    :-)

  197. ralphm

    I nominate bear

  198. bear

    ok

  199. bear

    simon?

  200. dwd

    I read bear as nominating himself anyway. :-)

  201. ralphm nods

  202. bear

    I was leading the charge for passive aggressive nominations

  203. Alex

    so either fight now, or vote ;-)

  204. bear

    :)

  205. Simon

    What's Kev's role these days? Would he be eligible for nomination?

  206. Edwin Mons

    He's not on the board...

  207. bear

    kev is a member of the council, not the board

  208. dwd

    Edwin Mons, The chair need not be on the Board.

  209. Edwin Mons

    dwd: ah :)

  210. dwd

    At least, I see nothing at all in the bylaws that would indicate that.

  211. Alex

    and voted by board members

  212. Alex

    or elected

  213. ralphm

    Simon: did you want to nominate Kev?

  214. dwd

    The Board selects its chair, but the chair needn't be a Board member themselves. It's on a par with the other positions the XSF has, like Secretary, Treasurer, etc.

  215. Simon

    It would help if we outlined the responsibilites of the chair. What's their role?

  216. bear

    running the meetings

  217. Simon

    /duties?

  218. Simon

    k

  219. ralphm

    Simon: this is outlined in the by laws

  220. dwd

    That and, interesting, the Chair has the casting vote in the case of a tie.

  221. bear

    it's purely administrative - there are some bylaw specific duties that being charted as a org requires

  222. bear

    in all the time i've been aware of the board, I don't think we've ever had a tie

  223. Kev

    That's because we try to pick odd numbers for both Board and Council, I think.

  224. Kev

    (Less important for Council)

  225. bear nods

  226. stpeter

    dwd: the Board has traditionally selected a Chair from among the Board members, but you're right that it's not required by the bylaws

  227. dwd

    Oh, I lie - it's the Executive Director that has the casting vote.

  228. Kev

    That sounds more familiar.

  229. bear

    ok, the point still remains, does simon wish to nominate someone (or do ralph and dave wish to nominate anyone else)

  230. Simon

    I nominate Kev.

  231. bear

    k

  232. bear

    any others?

  233. ralphm

    nope

  234. bear

    dave?

  235. dwd

    No - without anyone else willing to nominate me, I'll withdraw, as well.

  236. bear

    you don't have to withdraw IMO

  237. dwd

    No, I don't I don't have to. :-)

  238. dwd

    I know I don't have to, I mean.

  239. ralphm

    ok, so we have two candidates: bear and kev

  240. bear

    ok, so we now have two people, Kev and Bear

  241. bear

    shall we vote?

  242. ralphm

    yep

  243. dwd

    Erm, wait.

  244. bear waits

  245. dwd

    It'd be handy to know if Kev accepts the nomination, first.

  246. Kev

    Sure, what's the worst that can happen? :)

  247. dwd

    You get twice as many minutes to write up?

  248. Kev

    (I don't like people being on both Board and Council, but I don't think this counts as Chair gets no power)

  249. ralphm

    Kev: that we vote for you and for all the other roles, too?

  250. bear

    ok, Kev has accepted - ready to vote now?

  251. dwd

    Yup.

  252. bear

    simon, ralph - ready?

  253. Simon

    yep

  254. ralphm

    yeah

  255. bear

    sound off then please

  256. ralphm

    +1 for bear

  257. Simon

    +1 for Kev

  258. bear is going to laugh if this ties

  259. bear

    +1 for bear

  260. dwd

    I was wondering about the wisdom of tying it, and therefore letting either Peter pick, or else making Laura do it instead.

  261. bear

    i would say that we send it to laura if it tied

  262. bear

    but I would also just remove myself and let kev do it - he has a very capable meeting running style

  263. ralphm

    dwd: about the minutes, technically it is the Secretary's duty

  264. stpeter

    I don't think it's appropriate for me to express a preference, given that the Board is the one determining whether I continue to serve as Executive Director with all its many perquisites of power

  265. ralphm

    stpeter: tough luck, should have written the by laws better :-D

  266. bear

    any opinion is always appreciated

  267. dwd

    I'll vote for bear. On balance, I think having Kev as Chair of both Board and Council would probably not be ideal.

  268. bear

    the current board "season" has already proved to be very divergent from past ones

  269. ralphm

    I want to note that I have to leave in a few minutes

  270. Kev

    Safe :)

  271. ralphm

    dwd: agreed

  272. bear

    ok, I see 1 for Kev and 3 for bear - that is done, i'll continue as Board Chair

  273. ralphm

    woot

  274. bear

    next agenda item: meeting time - shall we continue with bi weekly for next week and i'll post to the list for anyone to object?

  275. ralphm

    +1

  276. bear

    s/next week/next meeting/

  277. bear

    simon, dave?

  278. dwd

    I think we agreed on a meeting this time next week anyway.

  279. ralphm

    indeed

  280. Simon

    +1 for next week

  281. bear

    k

  282. dwd

    But as for ongoing, I'd like to hear from Laura on whether there's likely to be too many clashes for her at this time.

  283. bear

    meeting nextg week at the same time slot

  284. bear

    agreed - we need to put this to the list so she has ample time respond yea/nea

  285. stpeter

    why not weekly? fortnightly can get confusing ("do we have a meeting this week?") -- the meeting can always be short if there's not much to cover, as Council meetings are

  286. ralphm

    stpeter: I suggested this before, and still agree

  287. Alex

    +1

  288. bear looks and wonders why he typed bi above

  289. dwd

    Yes, I agree, weekly is better.

  290. Kev

    I find it works well for Council, even if half the meetings end up being "1. Roll call 2. Date of next"

  291. bear

    noted, i'll reinforce that in the email

  292. stpeter nods to Kev

  293. bear

    next agenda item i'm making FOSDEM report since ralph is time constrained

  294. ralphm

    dwd had a short chat on this earlier this week

  295. bear

    is there anything that is board actionable for FOSDEM yet?

  296. ralphm

    no

  297. dwd

    Not yet. We're somewhat constrined because we can't really commit until we've heard whether we get the Lounge again.

  298. ralphm

    we were talking about doing some kind of t-shirts/hoodies/whatever again

  299. bear

    has the wiki page for the next summit been created so we can start to note details and pending decision items?

  300. ralphm

    yeah, we formally won't know until half december

  301. bear

    ah - ok

  302. ralphm

    bear: I will do this tomorrow

  303. ralphm

    eh

  304. bear

    thanks ralph

  305. stpeter updates his .plan to find out about travel approvals and reserving space at the Cisco office again

  306. dwd

    Oh, we have quite a large page on SUmmit_15.

  307. ralphm

    there is a summit page already, though

  308. ralphm

    dwd: that's mostly a copy of previous editions

  309. bear

    yea, it seemed overly detailed

  310. bear

    ok, anything else needed for ralph and FOSDEM?

  311. ralphm

    but I think a separate planning page for us would be good

  312. ralphm

    with things like the gear we need and stuff

  313. bear

    +1

  314. bear

    shall we move on to the next item - IoT Liason report?

  315. ralphm

    I was happy for the IoT mentioning some stuff for the XMPP UK meetup, and I'd love to have some stuff from them at FOSDEM

  316. stpeter

    FOSDEM is even earlier than usual this year, so preparation in December will be important

  317. stpeter

    ralphm: yes

  318. ralphm

    the location is an ideal venue for things like this

  319. ralphm

    FOSDEM is hardly earlier

  320. ralphm

    one day or so

  321. stpeter

    sure

  322. Simon

    FWIW, I'll be offline most of December and the start of Jan.

  323. stpeter

    Simon: good for you :-)

  324. Simon

    :)

  325. ralphm

    Simon: booh

  326. stpeter

    ok, about liaison relationships...

  327. bear

    peter - can you give your IoT liason update?

  328. stpeter

    as you know, we've received a liaison request from ISO TC 122 (logistics stuff)

  329. stpeter

    we need to finalize that

  330. stpeter

    I did send an inquiry to them and they replied, so I will send information about that to the membership

  331. stpeter

    it was a small issue

  332. stpeter

    but we need to finalize it

  333. stpeter

    I'll have time to do that now

  334. stpeter

    I have also had some preliminary discussions with two other groups

  335. dwd

    We were finding out whether the specifications were under NDA or similar, weren't we?

  336. stpeter

    not quite NDA

  337. stpeter

    but they keep their specs under wraps until finished

  338. dwd

    Right.

  339. stpeter

    so if we assign two people (or whatever) to be liaisons, those people couldn't share the documents with, say, any XSF member or even the Council

  340. stpeter

    workaround: we could appoint the entire Council to be liaisons, but they might not care about the topics under consideration

  341. bear

    but they would not be barred from discussion specific items with council?

  342. ralphm

    I think at least one should be on the Council

  343. stpeter

    ralphm: good idea

  344. Simon

    What is ISO TC 122? The best I coluld find was the ISO packaging committee

  345. stpeter

    Simon: logistics

  346. stpeter

    lorries and such

  347. stpeter

    "this vehicle did not arrive at its scheduled location on time, has it been hijacked?" that kind of thing

  348. bear

    fleet monitoring?

  349. stpeter

    bear: as best I can determine, yes

  350. dwd

    We use TLS; we're immune to hijacking, right?

  351. Simon

    Right. What's the aim of liason - tech help or?

  352. stpeter

    so let me describe the two other liaison relationships and then I think we can talk in general about our approach

  353. Simon

    I didn't even need to read the sender of that to know it was a DWD post.

  354. bear

    :)

  355. stpeter

    Simon: review their technical specs so that they don't use XMPP in silly ways

  356. bear

    dave - can i watch you try to MiTM a lorrie session?

  357. ralphm

    this

  358. Simon

    Sounds very useful and a good way to generate an XEP down the road.

  359. stpeter

    the other two are IEC TC 57 (electrical grid stuff) and UPnP Forum

  360. Kev

    bear: Sorry, with that comment I'm forced to post http://b.oooom.net/1r8t

  361. stpeter

    IEC TC 57 seems to be interested in using XMPP in ways similar to the OpenADR folks did in the USA, but globally

  362. stpeter

    I reviewed the OpenADR work informally (no liaison relationship needed) last year

  363. stpeter

    IEC is more formal

  364. bear

    kev - that is an epic video IMO (and i'll stop derailing the thread now)

  365. dwd

    If they're extending, rather than using existing stuff, do we want them to do so within the XSF and the XEP framework, or don't we care?

  366. stpeter

    so they'd want something similar to what we do with ISO TC 122

  367. stpeter

    so far, these have not been extensions but "profiles" that re-use their existing XML payload formats

  368. stpeter

    they're just using XMPP as a transport

  369. stpeter

    at least during the initial phases

  370. Simon

    While on the subject of liason, it would be great to help out the mozilla folk more in their wg-presence list.

  371. stpeter

    Simon: yes

  372. bear signed up for wg-presence mailing list last night

  373. stpeter

    the other liaison relationship people have been exploring with me is UPnP Forum, which is basing its "UPnP Cloud" technology on XMPP

  374. Simon

    https://mail.mozilla.org/pipermail/wg-presence/2013-November/000143.html

  375. Simon

    and there is a call tomorrow 10AM PST

  376. dwd

    stpeter, So how does the UPnP stuff work in terms of specification access?

  377. stpeter

    (BTW, the last two have come about through people within Cisco poking me to help out since I'm the "XMPP Guy")

  378. stpeter

    dwd: I am not sure yet about that -- the discussions have been quite preliminary and I don't know the details, although I was on a call with some of the UPnP folks recently and they asked me some technical questions about XMPP

  379. stpeter

    since I work at Cisco and Cisco is a corporate member of these organizations, I haven't needed to sign an NDA or become a formal liaison or anything like that

  380. stpeter

    but both IEC and UPnP Forum seemingly would like to also establish a more formal relationship

  381. Simon

    I'm happy to add my name to a list to help out with liason (inside or outside of any official role). Can sign any NDAs privately too.

  382. dwd

    That seems like really good news.

  383. stpeter

    XMPP is now an old technology and these more formal SDOs are getting interested in using it :-)

  384. stpeter

    so the question for the Board is, do we want to set some guidelines for establishing liaison relationships with other SDOs?

  385. Simon

    That's it I'm leaving - you make me feel old.

  386. dwd

    stpeter, It'd be useful to steer these guys into working "our" way as much as we can, but it's good that they're inetersted at al.

  387. stpeter

    we have 3 in the pipeline now, and might have more in the future

  388. bear

    I think we need to have a wiki page (or something) that outlines how a group can make contact with us for that

  389. dwd

    stpeter, Is there anything you need form us at this stage?

  390. stpeter

    dwd: these organizations are quite formal in how they work, especially ISO/IEC -- they're multistakeholder organizations etc.

  391. stpeter

    dwd: so I don't think we'll steer them anywhere :-)

  392. stpeter

    dwd: I think we need direction from the Board about our preferred way of working here

  393. bear

    at a minimum we can make sure XMPP is not dismissed for bad information or FUD

  394. dwd

    stpeter, Right, but since we have a formal membership, I was wondering if all members could get access to the specs for liason, etc.

  395. stpeter

    e.g., "at least one Council member"

  396. Simon

    I guess this really depends what they are looking for? Technical help? Design help? Protocol approval?

  397. stpeter

    dwd: typically these groups seem to want consolidated feedback, so opening up access to all XSF members might be complicated

  398. stpeter

    dwd: e.g., do we need to take an XSF vote on our review feedback?

  399. dwd

    stpeter, Yes, we'd want communications to be formalized through a liason.

  400. stpeter

    Simon: good question

  401. bear

    this really sounds like something that the Council needs to be a part of - since that is the group the membership bestows formally the task of ensuring technical accuracy

  402. Simon

    So this could be a working-group scenario (probably staffed by fine council members)

  403. dwd

    stpeter, As far as choice of actual liason goes, the COuncil ought to be selecting the people.

  404. stpeter

    Simon: in my experience so far, these groups have independently decided they want to use XMPP, but they're experts in other domains so they want someone who knows about XMPP to give them some design help with the XMPP aspects and review their work so that what they produce is consistent with the Tao of XMPP

  405. Kev

    dwd: I think that's something Board should give blessing to, if that's what we do.

  406. Alex

    I also think working group, maybe only with elected members from the council or board

  407. stpeter

    I note that in the IETF, it's the IAB (not the IESG) that appoints liaisons

  408. bear

    at first we could consider it a board+council working group and if membership expresses a strong desire we can make it another voted group?

  409. Kev

    These are people representing the XSF, in private. There's clearly relevance to both parties.

  410. dwd

    stpeter, Right, but the XSF Board isn't the IAB, the XSF Board is the ISOC Board.

  411. stpeter

    dwd: no one knows what the IAB really is ;-)

  412. stpeter

    but anyway, we need to figure this out

  413. dwd

    stpeter, However grew the biggest beard.

  414. dwd

    Whoever, even. My typing's gone today.

  415. stpeter

    my preference is to have only a single liaison or a small number of them

  416. stpeter

    not the whole Council or the whole membership

  417. bear

    single liason from a small(ish) pool?

  418. dwd

    OK, so I'll suggest that the Council provides nominations for liasons to the Board on a per-project basis, and the Board ratifies that.

  419. stpeter

    I'd be fine with the whole Council, actually, but they have enough to do

  420. stpeter

    another question is whether liaisons need to be XSF members

  421. stpeter

    dwd: that approach seems reasonable

  422. bear

    I want to say yes to that - as liason will represent the XSF

  423. dwd

    Oh, indeed... Yes, I think we do want liasons to be XSF members typically.

  424. stpeter

    bear: yes, I think so

  425. dwd

    It's not clear if we want this to be an unbreakable rule.

  426. stpeter

    dwd: not clear to me either

  427. bear

    I don't like unbreakable in general

  428. stpeter

    :)

  429. bear

    because a person may be needed due to problem space expertise

  430. stpeter

    we could consider a liaison team to be a work team per the bylaws

  431. stpeter

    (btw)

  432. bear

    in that case we should have both

  433. dwd

    If we had, say, two people on the liason team, I'd be happy to mandate that one of them must be XSF.

  434. bear

    yes

  435. Simon

    So let's do this on a case by case basis until we have a repeatable pattern. I'd be happy for the first liason to be made up of a council working group of ~3 people that feel strongly about the topic and can sign up/and sign an NDA to work on the topic.

  436. dwd

    stpeter, Yeah, that's XSF members only, right?

  437. stpeter

    dwd: yes

  438. bear

    peter - agree that liason should be a work team

  439. dwd

    bear, That does make it an unbreakable rule that the liasons are XSF members.

  440. Kev

    Is this a particularly productive discussion about a situation that hasn't come up? :)

  441. bear

    ok, following simon's lead: we (the board) will ask the Council to nominate 2+ people to form the initial liason team and then iterate on that as needed

  442. stpeter

    Simon: that's a good question, I don't know if these groups do have formal NDAs but it's something similar (and that's something the XSF is probably committing to by setting up a liaison relationship although right now I don't recall the details for ISO and I haven't heard about them yet for IEC or UPnP)

  443. stpeter

    Kev: :)

  444. dwd

    Let's keep XSF members only for now. If something comes up where we can't fulfill that for some reason, we'll tackle it then.

  445. stpeter

    Kev: I was suggesting that we use the work team model because it's already in the bylaws and we don't need to design new process for it

  446. dwd

    So, also, yes - use the work team model.

  447. bear

    +1 to work team model

  448. bear

    ok, do we have any other colour choices for this bike shed?

  449. stpeter

    :)

  450. dwd

    bear, So I'd like to move that for any liasons, the COuncil nominates a small team (1-3 typically) to act as liason work team, which the Board ratifies.

  451. stpeter

    http://xmpp.org/about-xmpp/xsf/xsf-bylaws/ Article VIII by the way

  452. stpeter

    dwd: seems reasonable to me

  453. bear

    I suggest that we take dave's summary as our actionable item for this

  454. Simon

    +1

  455. bear

    ralph?

  456. bear

    (wondering if he is even still here)

  457. dwd

    Gone I think.

  458. dwd

    But we're still quorate.

  459. bear

    k

  460. dwd

    (just)

  461. stpeter

    dwd: you love the word 'quorate' don't you?

  462. bear

    Kev - what is the best place for the board to ask the council for this - on the mailing list?

  463. stpeter

    members@ list I'd think :-)

  464. Kev

    Poke me on the Council list to put it on the agenda, I"d have thought.

  465. stpeter

    other members might have ideas too

  466. dwd

    stpeter, You're upbraiding me for linguistics? Pot, kettle, black!

  467. Simon

    What's next on the agenda?

  468. Kev

    And sure, copy members@.

  469. bear

    Peter - can we then get you to post that request for the current liason spot on members@ to the council

  470. bear notes he is moderated for council@

  471. stpeter

    " - Membership application question from Dave"

  472. stpeter

    bear: sure

  473. dwd

    Defer it until a next meeting.

  474. Kev

    bear: Poke me via IM to try and fix that, or Peter.

  475. bear

    kev - will do

  476. bear

    ok, dave's question is deferred to next

  477. bear

    that leaves simon's item about planning for security day

  478. stpeter

    bear: fixed

  479. bear

    thank you sir

  480. Simon

    We really need a good set of technical documents on how to pass the security day. And we need to start ramping up publicity for it.

  481. dwd

    Simon, I'd rather defer your publicity questions until Laura is present.

  482. Simon

    I've tried to have some of these here. http://wiki.xmpp.org/web/Securing_XMPP

  483. Simon

    publicity we can do with laura - sure

  484. bear

    we can raise the issue now to get started, most of this I think should be on members@ list

  485. Simon

    but we should think about nudging the different XMPP server groups to publish the bare minimum to pass the tests.

  486. stpeter

    Simon: yes

  487. Simon

    I'll start this with a post to jdev

  488. stpeter

    Simon: great!

  489. Simon

    and we should also ack the great work that thaijs has been doing on the xmpp.net project.

  490. stpeter

    Simon: I'm happy to poke people like Matthias and Artur directly, too

  491. Simon

    that's the most amazing piece of light shining into the dark corners of insecurity.

  492. bear

    agreed

  493. Simon

    Wish we had something like that to test XEPs :)

  494. bear

    that is something we can discuss with Laura, ways to show focus on members activities

  495. stpeter

    Simon: actually, the UPnP folks asked me about compliance testing suites but I didn't have much to offer

  496. Simon

    ok then that's my bit - but everyone please keep tweeting and mentioning the upcoming date.

  497. Simon

    4th Jan :)

  498. stpeter

    Simon: will do!

  499. bear

    if anyone wants to see a blog post happen, please do poke me via IM or email and I'll generate one

  500. Simon

    the DNSSEC stuff isn't doing any harm with the IAB either :) Dan York loves us.

  501. stpeter

    yep!

  502. dwd

    Also pleasing to see Hannes joining in.

  503. stpeter

    Dan and I plan to write an Internet-Draft about being a "Jabber scribe" (as they call it) during IETF sessions

  504. Simon

    Hannes?

  505. stpeter

    another IETF character

  506. dwd

    Tschoffenig.

  507. dwd

    Author of the most Internet Drafts, I seem to recall.

  508. Simon

    right - so that's my security bit for this week.

  509. stpeter

    Hannes Tschofenig

  510. bear

    that is the last agenda item, any agenda bashing for this meeting?

  511. stpeter

    no AOB here

  512. dwd

    None from me.

  513. Kev

    I note we need to think about GSoC at some point. Potentially not now.

  514. bear

    noted

  515. Kev

    (But agenda for next week would be good, please)

  516. stpeter

    I have a huge presentation to make internally in 15 minutes so I'll ignore this XMPP stuff for a little while

  517. bear

    the only board business left to do is to affirm roles

  518. bear

    secretary, ED and so on, but I don't mind at all deferring that to another meeting

  519. bear

    so that the new board folks can acclimate

  520. dwd

    bear, stpeter suggested doing that in January.

  521. bear

    +1 to that

  522. bear

    ok, then I am calling this meeting done - any objections?

  523. stpeter

    no objections here!

  524. bear

    simon, dave?

  525. Simon

    done

  526. dwd

    Close away.

  527. bear

    any volunteer for meeting minutes - if not, I will do them tonight

  528. stpeter

    gotta run, bbl

  529. bear

    and I'll post the meeting announcement with agenda list to members@ tonight also

  530. bear

    ok, meeting is done

  531. bear

    minutes and agenda will be sent to members@ by me tonight

  532. bear

    thanks all for a most epic meeting

  533. dwd looks at the time.

  534. dwd

    Yup. Epic. :-)

  535. bear

    yea, seriously not a Kev quality meeting today ;)

  536. Kev

    Four times as good as a Council meeting? :)

  537. bear

    :)

  538. bear

    board meeting notice sent to members@

  539. bear

    more details to follow, switching of to $dayjob now

  540. bear

    s/of/over/

  541. Kev

    My understanding is that all that's going to happen on 4th January is that people will need to have some sort of cert in place, is that right?

  542. Kev

    (That is - no-one's going to be requiring TAs and valid certs)

  543. fippo

    kev: that is my understanding as well. require TLS, but don't check certs

  544. fippo

    reminds me that technically we should have a spec for starttls+dialback by then

  545. fippo pokes dwd

  546. Kev

    Good, it'd be a shame to have to replace my five-year-old cert. I've gotten attached to it :D

  547. fippo

    that's actually one of the questions we need to work out for that

  548. Lance

    i'll be sad to see fippo have to replace his cert too :p

  549. fippo

    I'd say that for starttls+dialback only non-trusted or self-signed are egibly

  550. fippo

    but no certs that have expired or where the hostname doesn't match

  551. Kev

    Because a self-signed cert that's expired is less trustworthy than a selfsigned that hasn't?

  552. fippo

    no. because expired certs like mine should break

  553. fippo

    so i am forced to update it

  554. fippo

    and more important, so i notice something is wrong

  555. Kev

    And ADH is better or worse than an expired self-signed cert? :)

  556. fippo

    i dont think 6120 allows ADH :-p

  557. fippo

    but yeah, it's not a security question

  558. Kev

    Oh, does it not?

  559. Kev

    I can't find anything immediately disallowing anonymous suites.

  560. fippo

    right

  561. fippo

    it talks about a certificate in alot of places though.

  562. Kev

    It's not immediately clear to me that anonymous+dialback is any worse than untrusted+dialback

  563. Kev

    Is it?

  564. fippo

    i think they're the same as far as starttls+dialback is concerned

  565. fippo

    untrusted+dialback has some advantages for d-w-d

  566. Kev

    And pinning.

  567. Kev

    Interestingly, though, -PLUS+ADH would still be better for clients that any other mech+a trusted cert, I think?

  568. Kev

    Well, depends what you consider the attack to be, I guess.

  569. MattJ

    With -PLUS I don't think it matters whether you use ADH or any kind of cert

  570. Kev

    It does if you think the password might be compromised elsewhere.

  571. bear

    hey - can I suggest you guys talk about this over in jdev?

  572. Kev

    The XSF isn't an appropriate venue? :)

  573. bear

    it is - was just tyring to raise the awareness higher and jdev has more lurkers

  574. MattJ

    Simon, the "Securing XMPP" is making me uneasy

  575. MattJ

    ^ +page

  576. Simon

    what's up?

  577. MattJ

    It's just looking so complex...

  578. Simon

    I know.

  579. MattJ

    when the correct answer for Prosody users is really just... make sure you're running the latest versions of everything

  580. MattJ

    I can't speak for other implementations

  581. MattJ

    DANE is complicated and would need a whole tutorial by itself, it's not production-ready yet IMHO

  582. Simon

    Agreed. Let's cut it out.

  583. MattJ

    We need better docs, but I don't think it belongs in a high-level page such as this

  584. MattJ

    I need to work with Zash and other folk who have it deployed already to document it

  585. Zash

    mod_s2s_auth_dnssec_srv isn't DANE

  586. MattJ

    More testers and we can iron out the implementation and setup procedure

  587. Simon

    Presumably on 4th Jan ops will need to add c2s_require_encryption = true s2s_require_encryption = true ?

  588. MattJ

    Zash, there was a mod_dane or something though?

  589. Zash

    MattJ: No

  590. MattJ

    Simon, yes, that makes sense - I'm happy with that being on that page

  591. MattJ

    But cipher strings and such... I'd rather users just leave that stuff to us, unless they really know what they are doing

  592. Simon

    Also Prosody seems to treat client and s2s connections the same.

  593. Simon

    So we should just have a general section.

  594. Zash

    Treat how?

  595. Simon

    I mean with keys and ciphers.

  596. MattJ

    Yes, it does (though in trunk you can separate them - most people don't need/want this)

  597. Simon

    But yeah - it's late now, but I'd like to restructure the page more as a "for things to work on 4th Jan, you need to add the following to different servers" page.

  598. Simon

    Promise to look at this in the morning.

  599. MattJ

    I can help with that perhaps, I think most of the information is there now

  600. MattJ

    It just needs restructuring and simplification

  601. MattJ

    boiling down to the essentials

  602. Simon

    I suggest we structure it by Server, not c2s and s2s as teh page is done now.

  603. MattJ

    Agreed

  604. Simon

    then we have just the commands for each server.

  605. MattJ

    I think that will help a lot

  606. Simon

    yep

  607. stpeter

    +1

  608. stpeter

    that all sounds good

  609. MattJ

    Oh, and that reminds me I have some stats to post to jdev

  610. stpeter

    stats++

  611. Simon

    BTW, I ran into a bit of an issue with Prosody. I'd sort of assumed that I didn't need to install an intermediate certificate from my ca. Found out the hard way.

  612. stpeter

    yeah, intermediate certs are a pain

  613. Simon

    it might be nice to be more explicit about this in the docs.

  614. MattJ

    http://prosody.im/doc/certificates#certificate_chains

  615. Simon

    /might be nice if I read the docs.

  616. Simon

    you could loose the link to xmpp ica. :)

  617. MattJ

    A certificate issues by an intermediate CA is rarely usable on a server without the ICA's cert somewhere

  618. MattJ

    Yes, I'll fix that :)

  619. MattJ

    *issued by

  620. Simon

    XMPP.net is great for testing these things though :)

  621. stpeter

    yeah for sure, Thijs rocks

  622. MattJ

    +1

  623. bear

    +1

  624. fippo

    about 1000 times as much as my 2007 openssl s_client patches ;-)

  625. stpeter

    we should give Thijs an award of some kind at the next Summit :-)

  626. fippo

    free spare ribs?

  627. stpeter

    I still have on my desk the "Jimmie" award I earned in 2000 :-)

  628. bear

    :)

  629. stpeter

    "Best Performance by a Deity" :-)

  630. Simon

    +1 on awards.

  631. stpeter

    I need to take a picture of that

  632. MattJ

    Simon, I've updated the docs on ICAs and simplified the wording now

  633. Simon

    excellent :)

  634. Simon

    I'm re-layingout the wiki page now.

  635. Simon

    to the chagrin of "come to bed now Simon"

  636. Simon

    what is wrong with me.

  637. MattJ

    :)

  638. Simon

    ok - slightly better formatted now.

  639. Simon

    http://wiki.xmpp.org/web/Securing_XMPP

  640. Simon

    Perhaps we add "optional" to the gmail.com exclusion

  641. Zash

    And that's also not going to work

  642. MattJ

    Yeeah, we have a small issue there

  643. Zash

    s2s_insecure_domains isn't exceptions to the encryption requirement

  644. Simon

    I'll let you guys look after the prosody config :)

  645. MattJ

    I can hack this into mod_manifesto though perhaps :)

  646. stpeter

    can we do even unauthenticated encryption with gmail? even anon-DH would be better than nothing

  647. MattJ

    stpeter, nope

  648. MattJ

    They have no TLS whatsoever

  649. stpeter

    Simon: thanks for the updates, time to go to bed!

  650. stpeter

    sigh

  651. SouL

    stpeter: +1

  652. SouL

    gnight

  653. stpeter

    they're encrypting stuff between their data centers like made, but don't care about user communications?

  654. stpeter

    s/made/mad/

  655. MattJ

    and Prosody's s2s_require_encryption has no exclusion list

  656. Simon

    That could be a bit killer. Certainly for me I'm not goting to get a bunch of folk off gmail for a while.

  657. stpeter

    Simon: yeah I know :(

  658. stpeter

    Simon: worry about that tomorrow, ok? ;-)

  659. Simon

    deal

  660. Simon

    night all

  661. stpeter

    :)

  662. MattJ

    'night :)

  663. bear

    I see gmail folks moving on this only after we can show serious peer pressure that they are the *last* one to be insecure

  664. stpeter

    yes

  665. MattJ

    Call me cynical, but I doubt it somehow

  666. stpeter

    perhaps they'd rather turn off federation entirely

  667. bear

    yea

  668. MattJ

    I think federation is hanging by a thread (or maybe a piece of string) - their reaction to the peer pressure could be that someone there realises this is their last insecure service

  669. MattJ

    and then decides it's best turned off

  670. stpeter

    right

  671. stpeter

    everyone move to Hangouts and be done with that pesky interoperability stuff

  672. MattJ

    :)

  673. bear

    sit in your silo and be happy already

  674. stpeter

    heh

  675. Simon

    Matt - what is happening with your sign-up service?

  676. stpeter

    Simon: go to bed already!

  677. MattJ

    Simon, you were getting some sleep

  678. MattJ

    and... I'm hoping to get to it at the weekend

  679. stpeter

    Simon: I'm going to kick you out!

  680. Lance

    someone just kick him from the room already :p

  681. MattJ

    It's currently a weekend-only project (I'd like to remove myself as the bottleneck ASAP though... get it up on github or something)

  682. MattJ

    psa means business

  683. bear

    LOL

  684. bear

    does prosody (or other xmpp servers) allow UDP connections?

  685. psa

    hmph

  686. bear

    and ... I see Matt answering

  687. psa

    hmph, I can't figure out how to kick people in Adium :P

  688. MattJ

    bear, XMPP over lossy transports will be... unpleasant ;)

  689. psa

    /help

  690. psa

    hmph

  691. bear

    ugh - it won't let a mod kick a mod

  692. psa

    no, it's a UI or PEBKAC issue

  693. bear

    I just tried it using swift

  694. psa

    I can't figure out how to kick anyone

  695. bear

    Occupant role change failed: Not allowed

  696. bear

    that's the error I got

  697. psa

    damn MUC protections!

  698. psa

    security be damned!

  699. MattJ

    bear, XEP-0045 says you have to demote first :)

  700. psa

    stupid specs

  701. psa

    evil corporations defined this garbage!

  702. psa

    heh

  703. Lance

    alright guys, lets make a new room and all move there

  704. MattJ

    I'm sure half the people on standards@ would agree with you

  705. MattJ

    and the other half won't

  706. stpeter

    well, Simon got the message :P

  707. bear

    :)

  708. bear

    MattJ - yea,udp seems overkill, maybe they are solving/asking the wrong question

  709. MattJ

    If they really want presence over UDP... SIP? :)

  710. ralphm

    stpeter: maybe not

  711. stpeter

    ralphm: we just don't know, do we? if the right people read your + posts, things will all turn out well ;-)

  712. ralphm

    stpeter: hmm. I think the technical people mostly did, but have no say

  713. stpeter

    ralphm: likely

  714. bear

    which post?

  715. stpeter

    that's how big companies often work (i.e., evil corporations)

  716. ralphm

    I like how hangouts recently addes things like moods, in-call and device status. http://m.iclarified.com/entry/index.php?enid=35592

  717. ralphm

    adds

  718. ralphm

    bear: the ones rectifying google back in May

  719. bear

    ah - ok, thought maybe I broke my reading list again

  720. ralphm

    but eh PEP