XSF Discussion - 2014-02-25


  1. SouL has left

  2. SouL has joined

  3. Santiago26 has joined

  4. Santiago26 has left

  5. Alex has joined

  6. Santiago26 has joined

  7. Simon has joined

  8. Tobias has joined

  9. jabberjocke has left

  10. Santiago26 has left

  11. Simon has left

  12. dezant has joined

  13. Santiago26 has joined

  14. Alex has left

  15. Santiago26 has left

  16. Simon has joined

  17. intosi has left

  18. simon\ has joined

  19. Santiago26 has joined

  20. Laura has joined

  21. Laura has left

  22. Laura has joined

  23. Santiago26

    Mozilla also accepted and have some XMPP-related tasks for Instantbird

  24. simon\

    Santiago26: that's excellent news. Do you have a link?

  25. Santiago26

    https://wiki.mozilla.org/Community:SummerOfCode14#Instantbird

  26. Laura has left

  27. Ash has joined

  28. Lloyd has joined

  29. Ge0rG

    looks like we need a compliance testing suite real-soon-now

  30. Santiago26 has left

  31. Santiago26 has joined

  32. intosi has joined

  33. emcho has joined

  34. Tobias has left

  35. Simon has joined

  36. Santiago26 has left

  37. Simon has joined

  38. Laura has joined

  39. fippo

    simon: ah, i spoke to florian who reported the webrtc stuff at fosdem :-)

  40. ralphm

    'reported'?

  41. fippo

    he's listed as reporter

  42. fippo

    probably proposed those items

  43. ralphm

    The 'additional protocols' one is funny

  44. Santiago26 has joined

  45. Laura has left

  46. Laura has joined

  47. Tobias has joined

  48. Santiago26 has left

  49. fippo

    should there be an xsf blog post how happy the XSF is to see all those projects? :-)

  50. Tobias

    fippo, i'm +1 for that...while it's unfortunate the XSF itself doesn't mentor any of the projects it's nice to see adoption of XMPP style projects in other mentoring orgs

  51. Santiago26 has joined

  52. fippo

    tobias: that would be the message ;-)

  53. fippo

    i'll see if i can write something up... after another round of skiing

  54. ralphm

    I also think we should try to support those efforts

  55. ralphm

    fippo: do coordinate with Laura, by the way

  56. Tobias

    fippo, you make it sound like you're on holiday tztztzt

  57. ralphm

    I guess "break a leg" isn't appropriate now?

  58. Tobias

    hehe

  59. fippo

    will do, i typically need someone to wordsmith anyway (-:

  60. Santiago26 has left

  61. Simon has joined

  62. Santiago26 has joined

  63. Laura has left

  64. Laura has joined

  65. Santiago26 has left

  66. Santiago26 has joined

  67. Santiago26 has left

  68. emcho has left

  69. Laura has left

  70. Ge0rG

    We need a proof-of-work protocol for registering user accounts and for sending messages beyond a given limit!

  71. Simon has left

  72. intosi

    Account registration combined with crypto currency ;)

  73. Kev

    Every account you register you gain bitcoin?

  74. Tobias

    yeah...so each client will come with a 20 gig hash chain :)

  75. dwd has joined

  76. Laura has joined

  77. Ge0rG

    even though my comment was tongue-in-cheek, it might work out to reduce spam. Also, it could be used by the server admin to delegate bitcoin mining to clients, repaying for the server operation.

  78. intosi

    And give server operators an incentive to actively welcome clients that are part of a botnet.

  79. Kev

    Sounds good. Who's going to write up the spec?

  80. Ge0rG

    botnets are using tor already... why not do some mining?

  81. intosi

    We filled the … in 1. operate jabber.org, 2. enable registrations again, 3. …, 4. profit!!!

  82. Ge0rG

    intosi: btw, that is not quite true. the botnet operator will rather be incentivized to mine their own bitcoins, instead of sponsoring the xmpp server

  83. Ge0rG

    we had throttling in xep-0198. what about letting the server send a "now please calculate this for me, or I won't forward your last message" to the client?

  84. intosi

    I'm sure the mobile client developers will love the idea of even more power consumption.

  85. intosi

    Or the IoT-guys, for that matter.

  86. Kev

    intosi: Although if you're doing IoT you're probably not doing it on free public servers.

  87. Ge0rG

    intosi: having your smartphone spin a wheel for 10-20s when registering is ok IMHO... and having your account throttled is not too much as well

  88. Kev

    Or maybe you are, I don't know.

  89. intosi

    Kev: that might be a fair point, although I don't know either.

  90. dwd

    I've asked in jdev, but I'll ask here - anyone got a real-world use-case for Teemu's two-factor thing? I don't know if it's just me, but it's still too opaque to me.

  91. intosi

    Ge0rG: it might not be an issue at registration. And if you normally don't hit this unless you send a large number of stanzas, it wouldn't even be that big an issue for those either.

  92. Kev

    dwd: I don't understand it.

  93. Ge0rG

    intosi: that's what I'm saying

  94. Laura has left

  95. intosi

    Ge0rG: right. And I presume you would suggest just falling back to rate limiting in the old-fashioned way if a client doesn't support this extension.

  96. Laura has joined

  97. Ge0rG

    intosi: yeah.

  98. Ge0rG

    intosi: except for registration, obviously

  99. intosi

    Obviously. No IB registration if you don't support the extension.

  100. intosi

    Somehow that feels like another step in an arms race to me.

  101. intosi

    But that might just be the nature of these problems.

  102. Ge0rG

    intosi: I'm not quite sure if this is just another step or a different order of magnitude.

  103. intosi

    If it takes 10-20 seconds to do the work before you can slowly send 1000s of spam messages from a botnet drone, the cost might not be high enough to make it an order of magnitude. It might be enough to make botnet attacks harder.

  104. Kev

    But this isn't the biggest problem model we have at the moment.

  105. Kev

    It's signing up accounts to send a few messages each.

  106. Tobias has left

  107. intosi

    Kev: that's true.

  108. jabberjocke has joined

  109. Ge0rG

    intosi: I'd say that once you run into throttling, you have to work 10s per message or somesuch.

  110. Ge0rG

    of course, 10s on a smartphone is different from 10s on a desktop

  111. Ge0rG

    btw, is there a way to throttle if a user sends many messages to different, not-in-roster, users?

  112. ralphm

    sure, all impl. specific

  113. dwd

    My wife and daughter are making fudge and chocolate welsh cakes in the kitchen.

  114. dwd

    I just heard my wife complain she's burnt one. My daughter immediately says, "Dad, you can have another!".

  115. dwd

    Well, thanks.

  116. Tobias has joined

  117. winfried has joined

  118. jabberjocke has left

  119. ralphm

    heh

  120. ralphm

    that's a great form of rate limiting

  121. intosi

    :)

  122. Kev

    Fudge and chocolate welsh cake sounds like a wonderful thing.

  123. intosi

    <proof workload='bake_cookies'/>

  124. Kev

    I'm only just down the road, you know.

  125. intosi

    "Can you create an account for me?" "Sure, bring me a cookie.". Don't see the difference from asking for a cup of coffee 15 years ago if soneone needed something done urgently.

  126. jabberjocke has joined

  127. ralphm

    intosi: yeah, token based authorization is awesome

  128. Santiago26 has joined

  129. stpeter has joined

  130. dwd

    Kev, It's either/or. Theer are some fudge-chip, and some choc-chip.

  131. dwd

    Kev, The fudge-chip ones are awesome when they're still warm.

  132. Kev

    You see where they made their first mistake.

  133. dwd

    Kev, Well, the choc-chip ones have molten choc in them until they cool. It's not quite the same.

  134. dwd

    Kev, Also, you could eat both at once.

  135. Ge0rG

    dwd: now that you have cookies, can I have yaxim-muc?

  136. dwd

    Ge0rG, I'm almost emerging from my current day-job workload.

  137. Laura has left

  138. Laura has joined

  139. jabberjocke has left

  140. Lloyd

    Is the editor meeting in editor@muc.xmpp.org or council@muc.xmpp.org, email and calendar invite disagree

  141. winfried

    ah!

  142. winfried

    I am waiting in editor...

  143. stpeter

    oh that's right we have editor!

  144. Lloyd

    Me too (currently)

  145. stpeter

    let's use the editor room

  146. dwd

    Reading XEP-0001, I note that §5 says that after the submission is made, "If no member of the XMPP Council objects to publication of the proposal within fourteen (14) days or at the next meeting of the Council" it's accepted and published.

  147. Laura has left

  148. dwd

    That's not quite the same thing as the Council has done recently (it's been considered for a maximum of 14 days after the next Council meeting). I suppose that's fixable de-facto within the process by a Council member objecting de-jure until the timeout, but still.

  149. SouL has left

  150. SouL has joined

  151. SouL has left

  152. Kev

    dwd: Ah, it is what Council are doing.

  153. Kev

    Council are holding two-week long meetings, starting in a MUC, and ending on teh mailing lists :)

  154. dwd

    That's also a way of expressing it...

  155. Kev

    It's what we do, though.

  156. Kev

    We have a realtime portion, and then allow voting in the meeting to continue for two weeks, to allow for absent members, or those who couldn't get stuff reviewed in advance.

  157. Kev

    And as far as I could tell, there's no problem with this.

  158. dwd

    Yes, I entirely agree.

  159. Kev

    I was aware of the XEP1 language, and didn't think there was anything conflicting about what it said and what we did.

  160. dwd

    Ah, there I don't agree entirely. At best it depends on how you interpret it. I'd rather we just documented what we do clearly.

  161. Lloyd has left

  162. fippo

    gmgm

  163. fippo

    errrr...

  164. stpeter

    fippo: how is your week going?

  165. Santiago26 has left

  166. fippo

    stpeter: code-ski-code-ski-code-sauna-code... quite productive ;-)

  167. stpeter

    fippo: sounds delightful!

  168. intosi

    Sounds awesome.

  169. Lance has joined

  170. simon\ has left

  171. winfried

    Next summit in Lapland?

  172. stpeter

    :)

  173. Kev

    I tried skiing once and loved it. I'm somewhat concerned that trying it again, especially given my lack of fitness, would be an invitation to destroy myself.

  174. Tobias

    i'm sure there are easy tracks

  175. stpeter

    I prefer nordic skiing

  176. stpeter

    I don't fancy hurtling down mountains

  177. Kev

    Tobias: Sure, it's not as if I did more than blue runs last time.

  178. Kev

    stpeter: I don't think one would describe what I did as hurtling.

  179. intosi

    Right, mail sent to my registrar asking them when they will allow submission of DNSSEC DS records for the NL TLD. They support it for .net

  180. intosi

    DLV kinda sucks, and the XMPP Observatory (rightfully, I think) doesn't check it.

  181. Ge0rG

    what about DNSSEC on .im?

  182. ralphm

    dwd: I think you are getting to cought up in process

  183. ralphm

    caught

  184. ralphm

    Ge0rG: there are efforts underway to achieve that

  185. Lance has left

  186. stpeter

    hmm, I haven't sent my yearly inquiry to the nic.im folks about DNSSEC support

  187. Kev

    stpeter: I think others might have.

  188. intosi

    dwd is working on that, as far as I know.

  189. stpeter

    the more the merrier

  190. intosi

    Well, not really.

  191. stpeter

    maybe I need to hop on over to the Isle of Man when I visit the British Isles next week :-)

  192. ralphm

    stpeter: dwd has been working on this

  193. stpeter

    allrightie

  194. ralphm

    http://mail.jabber.org/pipermail/operators/2013-November/001963.html

  195. ralphm

    However, I don't think he has gotten a meaningful response other than an receipt acknowledgement

  196. stpeter

    right

  197. stpeter

    that's why I figure it can't hurt too much for them to know that there's generalized demand, not just one lone person

  198. winfried has left

  199. intosi

    I believe dwd approached them on behalf of the XSF, but I might be mistaken.

  200. ralphm

    this is true

  201. stpeter

    that doesn't seem like the kind of thing that Dave would do

  202. stpeter

    since he's Mr. Process

  203. ralphm

    stpeter: it has been discussed in the Board meetings

  204. stpeter

    and the Board or membership didn't officially deputize him blah blah

  205. stpeter

    oh, I must have missed that meeting

  206. ralphm

    I can't find a reference, though, so maybe I'm halucinating

  207. xnyhps has left

  208. Simon has joined

  209. emcho has joined

  210. Simon has joined

  211. Simon has left

  212. Simon has joined

  213. emcho has left

  214. emcho has joined

  215. emcho has left

  216. emcho has joined

  217. Alex has left

  218. Tobias has left

  219. Alex has joined

  220. emcho has left

  221. emcho has joined

  222. Simon has joined

  223. intosi has left

  224. Tobias has joined

  225. emcho has left

  226. emcho has joined

  227. intosi has joined

  228. intosi has left

  229. intosi has joined

  230. emcho has left

  231. dwd

    ralphm, stpeter - we discussed. However, it probably wasn't part of a board meeting.

  232. dwd

    ralphm, stpeter - And FWIW, I'm not so much interested in slavishly following a process as ensuring the process we actually follow is documented correctly.

  233. Simon has left

  234. Simon has joined

  235. dwd

    ralphm, stpeter - So in the case I noted, some author could insist their ProtoXEP should be published as a XEP according to XEP-0001 because it no objection has been raised for 14 days from its submission. The wording is such that an argument could be made that what we do is acceptable, but it'd be an unpleasant discussion at best.

  236. dwd

    ralphm, stpeter - I thought that given the new editorial team, I'd run a pass over XEP-0001 and see if these minor issues could be cleaned up easily with an edit or two.

  237. dwd

    ralphm, stpeter - What I'd really hate to happen is the kind of process drift in the IETF, where theory and practise often diverge quite badly.

  238. stpeter

    dwd: yes, that all makes sense

  239. Tobias has left

  240. Simon has left

  241. Simon has joined

  242. Tobias has joined

  243. intosi

    Update for the goto fail-issue for OS X just out. No sign in the release notes, but 10.9.2 apparently fixes it.

  244. Simon

    apparently it fixes it. Love that the fix could potentially be MITM'd

  245. xnyhps

    I'd be really surprised if OS X updates don't come signed separately.

  246. intosi has left

  247. Simon has left

  248. ralphm

    dwd: nod

  249. intosi has joined

  250. stpeter

    xnyhps: let's chat in London about how to manage xmpp.net submissions -- there must be a better way than the github repo that I have (not) been maintaining :-)

  251. xnyhps

    stpeter: Ah, yes. Nick from jabber.calyxinstitute.org has been asking me a couple of times about how to get on the directory.

  252. stpeter

    right

  253. stpeter

    my process is broken

  254. stpeter

    or I am broken

  255. xnyhps

    And I think there are a couple of posts to operators@ that have gone unanswered.

  256. stpeter

    yes

  257. stpeter

    exactly

  258. emcho has joined

  259. Ash has left

  260. Simon has joined

  261. fippo

    dwd: you're generating valuable content for that blog :-p

  262. stpeter has left

  263. stpeter has joined

  264. Simon has left

  265. Alex has left

  266. emcho has left

  267. emcho has joined

  268. emcho has left

  269. emcho has joined

  270. Tobias has left

  271. emcho has left

  272. emcho has joined

  273. Lance has joined

  274. stpeter has left