XSF Discussion - 2013-12-02


  1. ralphm

    Simon: could you send me a copy of the e-mail you sent to Adewale. I was enjoying my weekend.

  2. Kev

    Getting to this thing tonight is not proving easy!

  3. stpeter

    this thing = ?

  4. Kev

    London XMPP meeting.

  5. Kev

    Is anyone in here going?

  6. Kev

    At this point it's not clear it's worthwhile me trying to make it, as it'd be half seven or eight before I got there.

  7. bear

    I don't think so

  8. Kev

    Ta.

  9. bear

    all of the people I know who are going are already there for the IoT part

  10. Simon

    Kev - Lloyd is there

  11. Simon

    lloydwatkin@googlemail.com

  12. stpeter

    chat with him while you still can :P

  13. Simon

    heh

  14. bear

    power failure! oh no!

  15. Kev

    And I'm still in the office. I'm really not making this :/

  16. Kev

    Simon: Is that Lloyd's email addr. as well?

  17. stpeter

    Kev: sorry to hear it :(

  18. Simon

    lloyd.watkin@surevine.com

  19. Kev

    Murky.

  20. ralphm

    Kev: who's the slave driver keeping you there?

  21. Kev

    Circumstance.

  22. ralphm

    Odd name

  23. stpeter

    :)

  24. stpeter tries to figure out his priorities for the remainder of the year

  25. ralphm

    1) avoid certain IETF mailing lists

  26. Kev

    2) avoid uncertain IETF mailing lists?

  27. ralphm

    3) done

  28. Simon

    Peter - your last paragraph reads very oddly: "Ideally, Google would decide to either shut off federation with the XMPP network entirely or at least support unauthenticated TLS for server-to-server connections. The limbo we're in is unfortunate."

  29. Simon

    Makes it sound like it would be ideal for google to stop federating :)

  30. Kev

    It reads as if stopping federation is best, and if they can't do that then they could at least TLS.

  31. Kev

    Yes.

  32. stpeter

    at this point, the lack of features and security in Google Talk is holding back progress, no?

  33. stpeter

    I agree that I might not have expressed myself very well

  34. Simon

    If progress = more features then yes. If progress = user_count, then no.

  35. ralphm

    Simon: weren't you the guy who wrote 'we tried to ignore as much of XMPP as possible'?

  36. ralphm

    :-D

  37. Simon

    yes - because I think a lot of it is features that are irrelevent to 99% of end users.

  38. stpeter

    progress = better security

  39. stpeter

    (in this context)

  40. Simon

    Agree on better security. But it's a hard sell to server operators with paying customers and we might need to find a more nuanced solution. (/me really doesn't want opt-outs when it comes to TLS so I hope we can find a sensible way for Google to turn on TLS)

  41. ralphm

    Simon: my point is that if you want to promote using XMPP for anything, this is not promoting it, either. Even if it makes sense for *your* use cases, others disagree.

  42. ralphm

    As for Google, I don't give us a lot of odds getting this sorted out with them.

  43. Simon

    ralph: I'm talking about how we used it for our use case.

  44. ralphm

    Simon: *I* understand the context. For other people you are 'one of those XSF Board members'.

  45. Simon

    eg - we ignore vcards, we ignore PEP, we ignore as much as possible

  46. ralphm

    worthsmithing is not fun, but yeah

  47. Simon

    not in that email to Mozilla - I was very clear about how we used it for buddycloud. Buddycloud is not the XSF.

  48. ralphm

    Simon: again, I see that difference.

  49. ralphm

    Not saying people at Mozilla are stupid, but, you know, people are busy and have different contexts.

  50. Simon

    Did anyone hear back from any Google folk today? Peter - were you able to ping any of your contacts?

  51. stpeter

    I shall do that now

  52. ralphm

    Similarly, as someone mentioned before in the board meeting, people outside of the XMPP community might see the Manifest as an XSF thing, even though it technically isn't. We need to be aware of such perceptions.

  53. Simon

    Ralph - I hear what you are saying - but we have to also address the fear that XMPP=100s of XEPs that must be followed. We know that they are optional. But someone at Mozilla or any other developer will look at XMPP and fear that it's a huge set of specs.

  54. ralphm

    Agreed

  55. Simon

    We should be clear about that - since we're discussing it here, at the Summit and at Board meetings then.

  56. ralphm

    As I said, we need to be careful in how we word things.

  57. ralphm

    I also wonder why people don't think of the IETF as 7000 of specifications you must implement to do anything on internet.

  58. stpeter

    as someone said recently on Twitter, XMPP is the C++ of messaging protocols :P

  59. Simon

    I have to say it sounds a little odd having a security initiative and then following it up by saying this ISN'T endorsed by the XSF.

  60. ralphm

    Nobody has said such a thing.

  61. ralphm

    The XSF might, still.

  62. bear

    then we should be talking about that now

  63. ralphm

    I do know that one of the initial responses I got was that (large?) companies generally don't really like manifestos.

  64. bear

    test day can be seperate from the manifesto

  65. ralphm

    sure it can

  66. stpeter

    large companies might not generally like security, either ;-)

  67. Simon

    Manifesto can be the trigger if that makes you feel more confortable. IMHO this is a really important selling point of XMPP and it's not quite right yet when you look at the results coming out of XMPP.net. (although getting better).

  68. ralphm

    Well, I think that if you recently publicly stated that you are going to start encrypting all your inter-DC traffic, you kinda care.

  69. stpeter

    ralphm: you might care about protecting your stuff but not your customer's stuff

  70. Simon

    ralphm - I hope so.

  71. ralphm

    If we arrive at 19 May, and this list *isn't* looking good then, yeah, we kinda failed.

  72. stpeter

    but I can't speculate about motivations, because I simply don't know

  73. Simon

    I'll ping Ade now and see if he heard anything.

  74. stpeter

    ralphm: if much more of our traffic is encrypted, then we've succeeded

  75. ralphm

    stpeter: good point

  76. Simon

    To me the most frustrating part is not even getting an ACK back from anyone at Google's XMPP team.

  77. ralphm

    Simon: welcome to our world

  78. Simon

    Jonas has generally been really helpful when I've pinged him about other issues.

  79. dwd

    Simon, Arguably, Google no longer has an XMPP team. I suspect the federation is running largely because it's not yet caused any further problems.

  80. stpeter

    dwd: the thought has crossed my mind

  81. Simon

    Do they need to call in the A-Team?

  82. dwd

    stpeter, I think there's also the impact of the IETF folk using it for meetings. It'd cause embarrassment if that failed. It has occured to me that if we could persuade the IETF to go encrypted, we might force the issue.

  83. stpeter

    dwd: well, you've seen the discussions about https for ietf.org, I take it :-)

  84. stpeter

    dwd: I gave a warning about this in my remarks at the plenary

  85. dwd

    Oh, I didn't see that.

  86. ralphm

    do you think it is a big issue?

  87. stpeter

    dwd: I was the last person to go to the mic at the technical plenary in Vancouver

  88. Kev

    "as someone said recently on Twitter, XMPP is the C++ of messaging protocols :P" Wow, that's really high praise

  89. stpeter

    ;-)

  90. Kev

    dwd: You mean there was someone who /wasn't/ watching that plenary?

  91. fippo

    frankly, as long as jabber.org deploys tls-only that's enough for me

  92. fippo

    this will cause waves and break things

  93. fippo

    things that ought to be fixed.

  94. fippo

    dwd: i'm showing googles webrtc team that ignoring jingle and xmpp is a very bad thing currently (-:

  95. stpeter nods to fippo