XSF Discussion - 2014-01-15

What's the current thinking on new XEP's using montague/capulet.lit vs example.com/org ?

#finally getting the bc XEP into shape

I still vote for the example.org. even though we have a love for hamlet et al.

It can be misleading

Steffen - my leaning too. But there's history…

simon: every author does what he/she wants ;)

fippo - that's an answer I can live with :)

I know simon.. And even though I actually like the hamlet stuff and find it funny.. I still believe that common sense and example.org would be a lot better

http://xmpp.org/extensions/xep-0143.html#sections-usecases still recommends that

I don't see a problem with using Shakespeare examples, FWIW.

Not a practical problem, anyway.

Personally I like the shakespeare examples, it also means I sound more cultured when the subject comes up.

Tomorrow's topic: painting the other bike shed.

Its a not big problem as such, but by specifying example.org people can see that the domain and stanza is an explicit example

Finding Shakespeare examples is the only fun bit about writing XEPs ;)

Steffen Larsen: I don't think anyone's ever read a XEP and thought that only the three witches were able to do PEP, or whatever :)

Kev: :-)

Kev :)

Their muc server is always down anyway

Kev: try buying some of the domains (if not already taken) and see how many sta zas you get. ;-)

stanzas

I'd like to give people more credit than that.

heh

what's the cost for a new top-level domain these days? XSF buying .lit

We could use .lt ?

* .li

Simon: I didn't know Buddycloud was doing so well these days

I believe it was around €180000

I'm not sure if that's the entry fee, though

ok - scratch that idea. :)

(initial price was $185000. Pretty close)

cheap! buy!

yoyoyo peeps!

I come with great news

https://www.starwoodmeeting.com/StarGroupsWeb/res?id=1401152156&key=C2049

O_o

Thanks Florian.

dwd / ralphm: Going to do the mail thing, then?

FloRida: So this is good to go?

yup

Thanks very much.

Morning. Yes, I'll sort that out now.

Unless ralphm has beaten me to it.

dwd: go for it

I am working on the final touches for the beanbags

http://mag.ik.nu/~ralphm/tmp/beanbags/

Writing it now.

intosi suggested putting the Jabber one on a dark background

(I picked the colour, though)

Booked :)

comments welcome, until I send them off

I'm not sure about the realtime one (Do people immediately recognise that as being realtime?), but the other two look good.

Kev: well, I'm not sure about recognition, either, but combined with further projected branding that should be quite fine

and hey, it's a clock!

Booked.

Are the beanbags for sale? :-P

Actually I could do with decorating the home office

/if/ they are for sale, they will be for sale with conditions (such as: available for next FOSDEM ;-) ). I'm not saying they will be.

intosi: I don't see why such a condition should be needed.

The XSF *could* order and make more of them.

Although I'm sure a few can be made as a special order.

:-D

It's up to the FOSDEM-handling board member to make a decision on selling them, of course.

I am sure something can be arranged

also, the XSF would be quite willing to have these sponsored by individuals or companies

In any case, the designs are off to the printer

ralphm: thank you!

I wonder how much 380 liters of EPS weighs

The definition of EPS is not very strict ;)

But it is Turing-complete.

Could be anything between 16 and 640 kg/m3

180x140cm. pretty big ass big

and indeed Lloyd, I was thinking the same

not sure how you'd get it back to .uk

Ralphm: a fat boy of that size is ±7 kg.

FATBOY, not a fat boy. The latter would be significantly heavier.

ralphm: It'd float, right?

Depends on the lead content of all the pies I suppose.

Kev, Only if it's a sealed volume.

Fatboys float, fat is less dense than water

EPS usually floats.

I wouldn't rely on this

ralphm: just buy covers, source innards in home country

Not for transportational purposes.

Lloyd: totally possible. Their man product is flags

hmm I get no rooms available for the given date

Flags?

We can start the summit with a procession?

I am trying to bok from the 29'th to 2'feb.. no rooms avail?

book

Who will book the marching band?

ha ha

Steffan Larsen. maybe block booking doesn't cover the wednesday? Try from Thursday onwards

(I haven't booked BTW)

Lloyd, It *should* cover that.

[11:11:14] Florian Jensen: ALOFT BRUSSELS SCHUMAN -          20/25 Lofts from 29/01 – 03/02/2014 -          Week rate (29+30/02): 165 euro per room & per night -          Weekend rate (31/01+01+02/02): 75 euro per room & per night -          Breakfast included served at the re;fuel -          Supplement of 10 euro for a double room

That's what I have.

FloRida, Ping?

yes it says that it covers it.. but it does not work

but I have a flight Wednesday.. so I need a room

I managed 29th->2nd fine.

hmm

Fully booked already?

Maybe the rooms genuinely are all gone?

tryind in various browsers

;-)

Kev, We've a block of 25 locked for us, so I hope not.

Martin, Ash, and myself get booked off that group due to new PA organising, so there should be at least 3 free

well changing the startdate.. still doesnt work

Huh. I get the same thing.

Cant make it work!

so.. something is wrong from the hotel service I think.

or we will have quite the party

dwd: realtime conf spoiled you

realtimeconf spoilt me for sure. That was fun!

I wonder why it would be failing now. It was certainly working earlier when the four Isode folks booked.

well.. now it just fails no matter what

I'm booking for three so if anyone wants to double up on the second room, let me know.

https://twitter.com/disruptivedean/status/423390001309556736 -- *sigh*

simon: ping!

fippo: ACK. Will do.

fippo: yes, people still sometimes suggest Skype to me. bwahaha

I did manage to get a reservation earlier

dwd: hmm, maybe the yetis could bring the rt flags

ralphm nope

at least not with flagpoles

so far 6 rooms are booked

ralphm fippo: skype? surely just visit one of these and log in: http://legastero.github.io/jingle-interop-demos/xmpp-ftw/ http://legastero.github.io/jingle-interop-demos/stanzaio/ http://legastero.github.io/jingle-interop-demos/strophejingle/ http://legastero.github.io/jingle-interop-demos/jslix-jingle/

lloyd: WE know better of course

FloRida, It's rejecting me and Steffan for the whole period.

that's odd

Jup!

FloRida, We've got a 25-room block reservation, haven't we?

maybe its a 2.5 block ;-)

Lance, I have some reservations, but not a hotel one.

dwd you read the user-auth proposal too?

The "two factor" one?

yeah

I spent ages trying to decide what the other factor was.

Lance: of course without the poles

Lance: I wasn't actually suggesting it, I think

Lance: except maybe the one with the realtime logo on it

ralphm i'll see what i can get from storage then

:-)

Lance: by the way, you can tell Amy I found an svg of the logo after all

It's funny to see the hour markers have rounded corners on the t-shirts (only), I did the same for the bean bag

reservation problems: they're on it

FloRida: cool

screenshots guys?

of the error

Aloft Brussels Schuman - Thank you for your message. We regret to inform you that the selected room is not available on the required dates. You can contact Bram Visser, bram.visser@alofthotels.com who will be there to assist you.

got the same 100 times now

I've written to the email but no answer yet

I am attempting to use file transfer to send you a screenshot.

Optimistic, aren't I?

FloRida, ^^

cl.ly

FloRida, Doesn't seem to run on Linux.

it's web based

https://dl.dropboxusercontent.com/u/46064438/Screenshot%20from%202014-01-15%2013%3A20%3A47.png

sent

can you try again?

Working

woot

\o/

Anyone work out how to get two twin beds? Much as I love you all…

No idea. Bed options are either King or No Pref.

No Poref, by the way, gets you King.

Ouch, that happened to Waqas and I once. We ended up dismantling the bed somewhat

We were late to check out the next morning, having had to spend a long time putting it back so that no-one would notice

"do not cross the [imaginary] line"

:)

I'll bring duct tape just in case anyone needs it ;)

intosi, Just sharing a bed is enough, no need for that kind of thing.

To mark off their side of the bed...

intosi, Oh, right. Yes.

yeah yeah...

Hmpf.

lol

nice to see XEPs getting a security review on the [esteemed] cryptography mailing list http://lists.randombit.net/pipermail/cryptography/2014-January/006175.html

Super! got a room now

Turns out the beanbags are about 6kg

Getting some food, might be in slightly later

I'll need to leave after 30mins.

(30 mins after the start)

Council ran to 10 minutes today, it was a long one. So Board will have to make up for that :)

the board picking up after the council again. Sigh!

10 minutes, tsk.

howdy

G'day

hi

wow, lots of folks here today

Hi!

hi Laura!

stpeter, The XSF is now officially popular.

heh

Where all the cool kids are

the cool factor comes and goes

Time to start requiring TLS on s2s connections here? :)

at least xmpp.org ought to be participate in the next test day

Definitely

I'm requiring it still on stpeter.im and I was able to join here

[surevine.com does too]

I'd actually argue that we want xmpp.org to be as inclusive as possible, and blocking S2S is unhelpful for that, especially when all traffic to/from xmpp.org is publicly logged so there's no security gain.

-cipher xmpp.org

Zash: Connection to xmpp.org uses cipher RC4-MD5

s/inclusive/accessible/

*Mumble* ✏

so in any case does the Board have quorum?

I think we're all here

(Kev: I see your point)

ok!

We have a full house.

ralphm, Laura, Simon, me - quorom

and dave

:-D

peter has the floor

oh

well, the Board needs to decide about approving the two work team charters

and there's FOSDEM/Summit

anything else on the agenda today?

we still need to write a post on the website about the ISOC sponsorship, too

Was there any comments on the security side (manifesto or otherwise)?

Simon: I don't think we've necessarily collected data about the test day

sorry - I just meant that peter's two agenda items are up

bear: ok

ack - server is offline - I will be lurking - Ralph can you run the meeting for a bit?

sure

Dave has provided feedback on the Editorial Team charter

I'd like to table a quick DNSSEC discussion that might involve us working with Council on documentation

any other items?

ralphm: I don't think so

good.

stpeter, I'm fine with it, excepting "In order to improve the management of these processes" - I think with that struck it's good.

1) UPnP liason

(in fact we have possible liaison relationships with ISO and IEC to figure out too, so we need to get this "template" figured out)

s/possible/likely/

any comments on the team charter?

Both seem good to me.

my main concern is not the charter but our ability to recruit people (XSF members) to participate

My only question is about who'll be in them

at least for the liaison teams

and how many of them for each

since we'll have 3 of them to start (UPnP, ISO, IEC)

It looks good to me. As I (think I) said, there's some worry surrounding IPR for the UPnP liason team, but we can figure that out as we go.

dwd: UPnP, ISO, and IEC all have much more restrictive IPR rules than we do

so we need to decide if we're comfortable with that

I'd also prefer at least one council member to be part of the liason teams

e.g., they lock down discussion and specs until they go public after the specs are baked

ralphm: makes sense

stpeter, Mostly, I agree, but the XSF's assignment stuff invokes complexity in the other direction, too.

the IPR issue, for me, isn't a huge worry as we would be advising in this role

bear: that's how I see it, too

It's not the IPR per se, in terms of license of teh documents, but essentially being under NDA seems actively unhelpful. Not that it makes any difference what I think.

dwd: in which direction?

stpeter, Anything coming our way.

we would just have to be careful of the wording of the NDA

Kev: I'm not an NDA fan, myself, so philosophically I agree, but if we want to help these other SDOs we need to play by their rules

how do possible patent disclosures work for liasons? Are the people in teams there as individuals or as officers of the Foundation?

ralphm, Not "officers", but representatives, certainly.

dwd: I see that as unlikely for now given my discussions with these folks so far

ralphm: as representatives, yes

As far as NDA goes, I think we should gently push for XMPP related specs to be publicly discussed if at all possible, but these SDOs are generally more comfortable with full secrecy.

does that still bind them with knowledge they may have outside their representing the Foundation, like, say, their employer?

Can't be as bad as the OMA, mind.

ralphm, Probably.

dwd: right, and I don't see us changing ISO policies :-)

stpeter, Are ISO that much bigger than us, then?

They have more than a PO box in Colorado - offices in Switzerland :)

bigger in terms of us angle brackets usage?

ISO has 163 members, according to wikipedia

Simon, TO be fair, we don't actually have a PO Box yet... :-)

dwd: correction, anymore

ralphm: I am not sure about that "binding" question

IMHO we have an opportunity to help these groups, and we should take advantage of that

agreed

Agreed.

they're inviting us into their house to help, and we ought to respect their house rules :-)

but I'm sure companies might want to know if their employees, because they become part of such a team, will be required to relinguish information

And once we're invited in, we can always return and drink their blood.

Or was that vampires?

ralphm: right, that's a good question

so at least we should know how that works

IMO we should for the teams, with Council support - and then find out what it is like once "on the inside"

ralphm: I can find out about that from the various SDOs

we can always stop if IPR or NDA gets onorous

bear: nod

bear: The problem with that is that we're in a position where we (outside the team) can't know how onerous it is :)

bear: if that's an option, I'm all for it

This all seems messy and underisable, but we should help these folks so we probably have to live with it.

the team can report to the board if something is fishy

Kev: right, that's how I see it

I mean, the way that these groups work is quite foreign to us

it's how i've worked in the past as a consultant

company-based membership or even country-based membership

bear: Yes. But what essentially happens then is that the work team get to tear down the liason unilaterally, as they can't tell Board what's fishy :)

Kev: no, I disagree

Kev, I didn't *think* that the terms of liason would ever be secret.

Ahhar, excellent. I'd misunderstood. If details can be freely shared within the XSF there seems limited issue.

Kev: they can't reveal the technical information, but if they think the liaison relationship isn't working or they have process / legal concerns, I think that's definitely open for discussion with the board

or with the membership

right

right

The only dangerous possibility I see is someone deciding to wedge a non-RF patent into the specs.

dwd: into our specs or their specs?

but any action to *our* specs would have to follow our process

bear: yes

stpeter, Well, I'm thinking into XMPP-related their-specs.

ok

so we agree on this charter for UPnP?

Yes.

I don't see any major blockers to moving forward with this

+1

+1

+1

Well, I'm voting yes anyway.

While we await Laura's vote

let's move on to

2) Editor Team Charter

+1

+1

+1 for editor team charter

(With removal of clause as discussed)

dwd: noted

+1 (as much as I understand)

(as amended, yes sorry)

Laura: on 1) or 2) or both?

+1

stpeter: good idea

Simon, how much time do you have still?

I have 5 mins

ok

Well I'll jump in quickly.

thanks, Simon!

In that case I want to quickly have your confirmations on refunding bean bags and hiring a cargo van for FOSDEM

3 ^

So we have a bit of an issue: with DNSSEC potentially solving lots of problems for the XMPP community to do witih security but a) no modules in servers that fully support it and b) no doucemntation

I'm in favour of both.

Beanbags - my contacts have been unable to help (getting them Brussels is the problem)

Has someone found a good supplier?

Laura, Ralph has.

so I asked Shuman to write up a page on securing DNS as a first step: http://wiki.xmpp.org/web/Securing_DNS

Laura: I have actually already ordered them

Oh wow!

1 step behind...

they will be 180x140 cm

+1 to beanbags and +1 for van

three different ones

but we need to find a way to, especially after the ISOC grant, to have more traction on getting this to work on the XMPP server level.

http://mag.ik.nu/~ralphm/tmp/beanbags/

designs ^

So my question is: how do we turn http://wiki.xmpp.org/web/Securing_DNS into real code and implemented security on running servers?

Simon: BTW, we can apply for another grant specifically about DNSSEC — the existing one was just to recognize us for being good people doing good work

Perhaps GSOC could help us with this too

we should probably get the xmpp.net folks looking at it and then get some tools in place so that the membership can start pressuring their server vendors

They already check it.

Simon, We can either: a) Offer Actual Cash™ to those implementing it. b) Make it known we're going to call attention to implementation supporting DNSSEC.

Simon: while we discuss your point as well, could you vote on the FOSDEM thingies as well, before you leave?

but there is no good doc on how to set it up and even Prosody's DNSSEC modules don't do everything.

"even prosody" :)

Perhaps I'll take this to the mailing list(s).

Simon: agreed

Its not really a voting thing. Just something that concerns me about the [general lack of] security in XMPP-land.

Simon: I totally agree, we need to improve things here to the extent we can (obviously there are limits to our influence over DNS stacks and such)

hhh

Simon: hey, we're getting there slowly but surely

Simon: well, we are slightly making people more aware of these things

getting it on the members list and then adding it to the summit agenda = +1

Simon, If you want the XSF to do something, the only things we can positively offer as incentive are recognition or cash. Different groups are going to respond better to one or other.

bear: should it be a members-only discussion?

dwd: I don't believe that's true.

isn't standards a better venue?

Psst, Simon, I wrote a DANE module for prosody ;)

agreed. Just surprised that we're still in the era of a) trusing DNS and not checking certs for validity. <sad face>

dwd: I think there's also, at least, lowering the barrier to entry.

Kev, In what respect?

ralphm: yes, standards@

or maybe even jdev@

dwd: If you want people to do something, making it easier to do that thing can only help.

Kev, Yes, I agree, but how can the XSF make it easier?

I'll Jdev it in the morning.

Simon: thanks

ack, yes - not members - nice catch

How that might look is another question. Writing a guide to doing dnssec, with sample code or whatever, is one option.

From an XMPP PoV.

jumping off now. later guys.

Simon: can you place your votes on FOSDEM thingies before leaving

(In some sensible language that everyone has access to, so presumably C)

What am I voting on?

Kev, That'll certainly help all those servers written in C. ;-)

kev: +1 :-)

Simon: beanbags and hiring a cargo ba

van

My vote +1

I'm presuming that all servers have access to C. Lots of Prosody's underlyings are, at least.

Ok, I think we covered the DNS and security item on the agenda

Who are the beanbags for?

But it illustrates my point, regardless. Making things easy is another option.

Simon: for people to lounge on

Simon, Us, at FOSDEM.

DWD - that's my issue. There's too much lounging at the realtime lounge and not enough interaction with potential folk.

at the realtime lounge

it becomes a comfy hangout for us.

Simon: I welcome you to become reengaged in the discussion on what we'll be doing at FOSDEM

which I don't think is the best use of funds.

I'm more a fan of the tables and demos on tables

Simon: there will be lots of that, too. We have been discussion quite a bit of stuff over the last month

Sorry - been offline.

but yeah

I've never through the reclining thing is a great way to sell XMPP - too intimiate to be doing with a FOSDEM stranger.

nothing wrong with a -1 vote for the fosdem item

bear: agreed

I'm on the -1 for spending on these thigns then :)

+1 for spending on posters etc that get people to the booth.

Simon, Are you -1 on the van as well?

but I'll follow up on the list too then.

Can't see the point tbh.

-1 on van

Simon: we will not do posters (made of paper) as there's no way to properly hang them, but we'll try projecting stuff on the walls

Simon, OK, I look forward to you carrying stuff from Cisco, then. :-)

Simon: can I ask you to drive all the stuff from storage to FOSDEM?

ralphm, I'm actually keen on posters, too.

Ralphm - I mean around the campus.

Simon, Right.

I've one design done, another in the works.

Posters are a great idea

dwd: paper poster elsewhere is a good thing, but the place where the lounge will be at has horrible walls

Spread the word further than the stand

Laura, Right.

Well, summarizing that bit then, I see 4 people with +1 on both the van and the beanbags, and one -1

right?

correct

Looks right to me

Looked that way to me

ok

Didn't you already vote that Ralph could do whatever he wanted anyway, for FOSDEM logistics?

Are we voting on how the vote went?

Kev, Yes, we did.

As long as Stuff Got Done.

Kev: I wanted to make sure in this particular case

I am still doing whatever I want, of course

BTW I do have confirmation of the meeting room on Thursday and Friday

Kev: I remember something like that.

stpeter: no worries

y'all need to figure out what you want to do for food

stpeter: that

stpeter and

Oooh Food

there's a little café at the Cisco office there for coffee

Will be much needed

stpeter: I would like to have some projectors. Do you think we can borrow those again?

How big is the pizza budget? :D

I can arrange for lunches, or you guys can call out to pizza.be or whatever

Pizza works.

ralphm: yes, I can arrange that with Jerome

hildjj will be there in person so he can help with all that

Pizza good

I will sponsor the Pizza budget for the Summit

stpeter: right, I thought giving them a heads-up would be a good thing

bear: thanks!

Thank you Bear!

(well, as long as they take american cards)

I'm thinking now that it would have been good for me to stay on one more week with Cisco to at least be able to arrange things at the last minute from inside

bear: send me your logo to project along with other sponsors

but I can have people help out, like linuxwolf

hahaha

stpeter: we'll probably be fine

ralphm: I have contacts on the inside who can help here and there :-)

Speaking of meals, I've spoken with Florian, and he is booking the Auberge Brétonne (AKA, Florian's Babysitter), for Saturday. I'll be passing around a hat for sponsors as is traditional.

getting the room reserved is like 99% of the pain for an event

bear: and hotels :-D

is that the place we ate at last time?

What about Thursday night - summit night?

bear: yes, we go there tradionally for YEARS

bear, That's the traditional place.

Laura: People will probably just mingle organically.

There's a decent place 5mins walk from the hotel.

Ah man, am I going to miss the big get together dinner?

I know I will be at the nearest Pub

And I think multiple, even.

Laura, The XSF Dinner is on Saturday partly because there's at least one sponsor for which the controller of the budget is only there on Saturday.

Booooo *grows up and stops acting like a child*

Laura: we'll make it up to you

Laura, Can't you extend your stay by a night?

I wish - at a wedding Saturday morning!

Laura, Unless it's yours, this is surely more important? ;-)

dwd: skipping them is frowned upon.

Ha ha, not mine or I might be panicking more!

Very old friends unfortunately or I would miss it!

ok, ok, moving on

And I am involved, so absence would probably be noticed!

anything else FOSDEM we need to discuss here?

I think not

Not from me

ok

then we will need to have an amazing evening thurs or fri to help Laura feel less angst about missing Sat ;)

Hurrah! (and Thurs)

5) ISOC post

Laura, Any chance you could draft something about the ISoc gift?

Sure can!

Laura, Not wanting to push work onto you, but I suspect you'd craft the best words.

if Laura can do some wordsmithing I will do the work to get it posted

I can wordsmith

Can someone send me the details and I will write it tomorrow?

I think the details have already gone to the Board list, but I can dig them out again.

I will find them

awesome

Laura: thanks

then, I think we are at

I can help / review

6) AOB

Thanks

Laura: I know the details / back story since I have a relationship with our friends at ISOC

none, I assume

Great

7) Date of Next

+1W

8) Thanks all!

Thanks ralphm.

thanks ralph!

Bye all, thanks very much

thanks Laura!!!

wonder if a printer would be handy to have at FOSDEM

Laura, do you think we should be doing regular posts between now and FOSDEM advertising the Realtime Lounge?

bear: no worries, I'm happy to chair meetings every now and then

ralphm: doesn't the FOSDEM team have a printer?

bear: I think that if you have a plan of what will be demod at the stand, then blog posts about those demos in advance might help.

kev - agreed

stpeter: I don't want to burden them with that

Yeah, we should nail stuff down.

The FOSDEM team gets pretty busy, I think :)

well sure

Something none of us can relate to :D

We used to bring a printer the first few years.

I think I might have an old deskjet lying around

Came in handy from time to time.

do we have a better plan for remote participation in the Summit?

stpeter: now you become interested in this, huh?

:P

:P

stpeter, Oh, good point.

stpeter, DO you have decent contacts with the Meetecho guys?

brb

dwd: yes I do

stpeter, It might be good to get them over/involved/etc.

but I don't know if we'd be able to run their stuff — we could invite them to the Summit

stpeter, Right.

ok I will reach out to them

stpeter, Can you drop them a line?

Thanks!

Jitsi videobridge? :)

yes, will ping the meetecho guys now

Ok, if meeting and FOSDEM stuff is over...

Unencrypted s2s connections to {,muc.}xmpp.org: gmail.com, uww.edu, cisco.com, coversant.net, jit.si, imaginator.com, jabber.bluendo.com

I can't even connect to cisco.com anymore

without enforcing encryption

'undefined-condition'

Weird

maybe certain ciphers or something

but really, this should be in jdev@

dwd: email sent to our Meetecho friends

Enforcing TLS on xmpp.org will affect peoples' ability to vote

I could work out which members are affected, and ping them

I think we should simply not do it.

So unencrypted membership voting is ok? :)

Yes.

If that's what people choose.

I don't care so much, as long as a long notice period is given for people to migrate to other accounts for XSF stuff.

I agree with Kev - xmpp.org is special in this case

A couple of months or whatever.

MattJ

MattJ, mod_manifesto in reverse for the voting bot

we should warn/remind our members that until ubiquitous security is in place that *they* need to make sure their s2s is secure

Shouldn't xmpp.org really be setting an example?

and XSF members by extension

s/xmpp.org/XSF Members/

not when that example excludes members who may need to be shown how to do it

bear: well, we could always create @xmpp.org accounts for members

I was going to say they only need to create an account on jabber.org... :)

Surely we can help those than need help.

when moving from a status quo of oh-my-god-no-security to locked-down-tight we have to err on the side of open

waqas, already written

stpeter: I think we shouldn't do that, personally :)

MattJ: Which one? The last one I saw was for local users, not remote

Yeah, I agree with not handing out xmpp.org JIDs, that has come up before and general consensus was against it

But if we can work out which members are affected (we have the memberbot roster for this), then we can announce a two-month-out date, and check each individually that they know they have to migrate servers.

let's find out how many members are impacted

dwd: BTW I am working on an I-D for the STRINT workshop before the London IETF meeting, see https://github.com/stpeter/xmpp-sec/blob/master/draft-saintandre-strint-workshop-xmpp.xml

+1 to what Kev just suggested

s/migrate/migrate or fix/

Kev: that seems reasonable

> 17:33:30 MattJ> I could work out which members are affected, and ping them

Zash: I bet these people aren't running their own servers. I don't think any XSF member is going to be running a server without any TLS.

Before you said you disagreed :)

Kev, *cough*

MattJ: you = ?

MattJ: I don't agree with participating in the encryption days.

MattJ: I don't oppose having a long-term plan to encrypt stuff, carefully.

Kev, until recently several were, but ok... few now

... dwd

stpeter, sorry, that was addressed to Kev

modify the MUC to report security status when joining ;)

and I guess bear :)

and the suggestion of pinging people before enablig it

Matt - gather data and report it to members@

let's get the conversation going

Shall do

thanks

\o/

bear: yeah, Justin Karneges suggested a tag for that

all insecure connections should be auto-assigned the role of "clueless" ?

Hah

If only we still had groupchat-style join/part messages :)

yeah I always liked those

Shove it in their presence?

"My connection is insecure, please let me know"

ugh - I *hate* part/join messages

"/me disappears in a puff of smoke" and all that

MattJ, oh noes...the bloat ✏

Send them PMs? :)

the only client that does it properly is Swift

we could also put silly *hats* on them ^^

if we only had a XEP for that

bear: You'd be surprised how much work that was, too. But thank you :)

not surprised at all - I'm glad that you got it working so well

Tobias, oh, overlay a silly hat on their avatar

MattJ, yup..intercept avatar request and render that :)

just wanted to suggest that ^^

MattJ, just needs a imagemagick lua binding

bear, Kev: how's that?

a little unlocked / insecure icon might jolt some people into taking action of some kind, I agree

ralphm: sezuan, bruce.stephens@isode.com and aman have left the room and Tobias and Steve Kille have left then returned to the room

-xep Hats

Zash: XEP-0317: Hats is Standards Track (Experimental, 2013-01-03) See: http://xmpp.org/extensions/xep-0317.html

Tobias: Do it!

ralphm: Which gets updated as people join and leave, so that all presence in a block is compressed to a single message.

Zash, clients implementing vcard based avatars = all, clients implementing Hats = 0?

actually Hats needs to be deferred — where's that Editorial Team when you need them? ;-)

Ooooh. Hats has example.edu - not an example domain as far as I can recall.

Yeah, I went to Example University

MattJ, But that was surely example.ac.uk?

Got my Example Degree and everything

No, it was online

MattJ, in what?

MattJ, BEx?

Shut down shortly after

Tobias, I can't remember

MattJ, Is Ian coming to FOSDEM, by the way?

No, not this year :(

Me neither, for that matter

Oh.

Not that I'm trying to keep him away from you or anything

hehe

Don't tell me, you're going to a wedding?

Wait - Laura's going to your wedding?

Oh, so that's why he was inviting me

who's getting married?

Matt and Ian, by the sound of it.

Nobody I know!

MattJ, you don't know your own father?

congrats Matt and Ian!

This conversation managed to get weird without the help of Fritzy

bear, I don't *think* a father/son marriage is actually legal in the UK.

dwd: I think you spoiled the surprise

MattJ: It did have Dave.

They were both trying to pair me off with people in Portland

MattJ, To be fair, you started it.

No, Adam started it

MattJ, He did?

Adam wasn't the one who gave Dave an opening

MattJ, Oh, I see. Yes, I suppose he did. Him and Henrick.

It doesn't really matter who started it. It only matters that you're happy together.

+1

waqas, PLEASE rephrase that.

Either you and Adam or you and Ian. It's not quite clear to me what's going on at the moment.

oh my - that was an unsettling mental image just now

That was the first?

hardly

just an interesting way to start the day

Are members' JIDs public?

I thought they were, but now I don't see them on the members page on the site

So maybe I imagined it

They are.

They're all on their application pages.

Ah, and this is where I saw the list: http://xmpp.org/about-xmpp/xsf/meeting-minutes/xsf-member-meeting-2013-12-05/

The. List.

In that case, these are the ones on servers without TLS: axelsena (at) uww.edu bschumac (at) cisco.com zooldk (at) gmail.com dthompson (at) gmail.com emcho (at) jit.si jfrankel (at) coversant.net gnauck (at) gmail.com artur.hefczyc (at) gmail.com enuenschwander (at) coversant.net dave (at) coversant.net arcriley (at) gmail.com

emcho's might do TLS, but there have been some interop issues with Openfire, so I need to double-check it

at least some of them have other JIDs, too

MattJ: thanks, that's helpful

we can definitely ping the folks at coversant and jit.si

I think Ben Schumacher has a non-Cisco JID

hopefully gmail will get in line by May 19th :-)

I'll change my JID into my own domain. who shall I write to give my other JID?

haven't chatted with axelsena in ages

Steffen Larsen: Alex Gnauck, gnauck@ag-software.de

stpeter: ok! thanks peter

sure thing!

time for lunch here, bbiaw

Hah, Alex is on the list with his gmail JID :)

heh

well, he has a jabber.org JID too, I know

ha ha ha

he is also gnauck@jabber.org

that ag-software.de address was for email, I am not sure if he uses that for XMPP too

bbiab

I'm editing the summit wiki page to show that the venue will be cisco and to add the hotel link

bear: (Y)

the dinner is saturday - right?

Right

hmm, google is not giving me a link for that restaurant

got it from a past wiki page

ok, summit venue, hotel and dinner info updated

bear: thanks!

how did we get to the restaurant last year?

There was a bus

Right. I varies per year.

So I suppose we have to arrange that again. Or is that part of what Florian does?

I'm not sure actually. It always looks like Florian handles that part, but who actually knows?

It always appears he just knows all the drivers and such. No wonder he was hired by Uber ;)

I asked Florian about a bus, too.

MattJ, Are you suggesting we need to have all members on TLS-capable servers? I suppose that's probably the case given the Memberbot.

dwd: I wonder if the strint thing should explicitly mention that xmpp makes no attempt to hide metadata

i.e. from/to

We could have a vote on it, but the membership would answer 'yes' to both 'require TLS' and 'don't require TLS'

fippo, Probably, yes.

waqas, I vote yes.

'Should we rename XMPP to PPMX?', 'Do you want to stop being a member?', etc...

That's worrying. Google Plus now thinks my daily commute is to Tesco.

Is it right?

Frustratingly close to right.

I've dropped g+.. confusing, annoying and.. well could keep going.

No, not Google+, I didn't mean that at all. Google Now. That's what I meant to type.

waqas, BTW, I do like the notion of asking people if they want to resign as a question in the middle of the voting.

I vote for including that in the vote

Oh, we could get the members to vote on it.

How many do you think we'd lose?

90%

I don't think it'd be a loss if anyone resigned because they vote yes to everything.

I would also love linking you being able to vote for someone based on wiki logs showing you at least visited the person's application

Does the XSF want a larger membership (membership, not community which may include non-members)?

active trumps size IMO

waqas, Yes and no. I'd like to see a larger engaged membership.

waqas, So I'd like more people, but I'd like them to be active in the XSF.

Most of the membership isn't really engaged, it's more like an easy merit badge you get and then forget about until the next vote.

Some people have been known to forgoet about it even longer than that...

and some people were on the members list despite not voting for years :-)

brb

FWIW, I try to be fairly restrictive in who I vote for, but I suspect I'm nothing like restrictive enough. There's probably dozens of people I vote for who don't contribute anything at all to the XSF itself.

I think it's perfectly fine for anyone to be subscribed to public mailing lists, and the members ML is public

I'm fairly restrictive most of the time, but it's annoying knowing that a no from me wouldn't really change anything.

The only time I remember someone not being voted in was Solarius in 2008, who didn't want to use his real name. Was he even in the vote?

Yes, he was.

Yes apparently: http://xmpp.org/about-xmpp/xsf/meeting-minutes/xsf-member-meeting-2008-02-07/

(I know, because I looked into it very heavily when Florian put in his last application)

I often wonder how much it really matters

waqas: vt100 from jabber.ccc.de wasn't voted in either

I personally don't think it matters. No member of the XSF has ever verified my identity FWIW.

http://xmpp.org/about-xmpp/xsf/meeting-minutes/xsf-member-meeting-2008-05-02/ - Mike Taylor not voted in, that's a surprise

waqas: so you think

waqas, I have

MattJ: I was careful not to let you touch my ID

I saw your passport, and your photo

waqas, Oh, *this* converation again.

waqas: were you awake all the time?

He wasn't

MattJ wouldn't know if it was real or fake anyway

waqas, Still talking about your passport?

He didn't even notice you guys switched it, right?

granted, MattJ can get lost in a city park

Oh wait, I wasn't supposed to know this.

ralphm, I can't help it if the American idea of a "park" is about 30x the size of the kind I'm used to

It was only 30cm on the map at the start

http://wiki.xmpp.org/web/Kurt_Zeilenga_Application_2013 - heh.

Whereas Peter Waher has, "The main purpose for reapplying for membership is to be able to propose XMPP extensions." Nope.

waqas - yea, I never figured out why so many folks voted no

This is a fairly widespread problem though, most applications have something like that as a reason

bear: Beard envy.

That's the only explanation.

+1

I guess

on the other hand florian had a horrible application (on purpose) but was voted in on merit

I do know that i've forgotten to reapply a number of times and got dropped

and that's fine

dwd: well, for years I was one of the few non-xsf xep authors

bear, As I recall, you got voted against because you used your real name, and nobody knew you as that, or something.

Haha

The Inverted Solarius Syndrome.

I would have voted for 'bear' :)

I recall Fritzy explaining to me who you were.

I think that technically I should have been dropped for not voting trice at some point

ralphm: weren't you?

no

I was on the council and voted in that Q

ahh - now that makes total sense

bear: when are you legally changing that?

:P