looks like we need a compliance testing suite real-soon-now
Santiago26has left
Santiago26has joined
intosihas joined
emchohas joined
Tobiashas left
Simonhas joined
Santiago26has left
Simonhas joined
Laurahas joined
fippo
simon: ah, i spoke to florian who reported the webrtc stuff at fosdem :-)
ralphm
'reported'?
fippo
he's listed as reporter
fippo
probably proposed those items
ralphm
The 'additional protocols' one is funny
Santiago26has joined
Laurahas left
Laurahas joined
Tobiashas joined
Santiago26has left
fippo
should there be an xsf blog post how happy the XSF is to see all those projects? :-)
Tobias
fippo, i'm +1 for that...while it's unfortunate the XSF itself doesn't mentor any of the projects it's nice to see adoption of XMPP style projects in other mentoring orgs
Santiago26has joined
fippo
tobias: that would be the message ;-)
fippo
i'll see if i can write something up... after another round of skiing
ralphm
I also think we should try to support those efforts
ralphm
fippo: do coordinate with Laura, by the way
Tobias
fippo, you make it sound like you're on holiday tztztzt
ralphm
I guess "break a leg" isn't appropriate now?
Tobias
hehe
fippo
will do, i typically need someone to wordsmith anyway (-:
Santiago26has left
Simonhas joined
Santiago26has joined
Laurahas left
Laurahas joined
Santiago26has left
Santiago26has joined
Santiago26has left
emchohas left
Laurahas left
Ge0rG
We need a proof-of-work protocol for registering user accounts and for sending messages beyond a given limit!
Simonhas left
intosi
Account registration combined with crypto currency ;)
Kev
Every account you register you gain bitcoin?
Tobias
yeah...so each client will come with a 20 gig hash chain :)
dwdhas joined
Laurahas joined
Ge0rG
even though my comment was tongue-in-cheek, it might work out to reduce spam. Also, it could be used by the server admin to delegate bitcoin mining to clients, repaying for the server operation.
intosi
And give server operators an incentive to actively welcome clients that are part of a botnet.
Kev
Sounds good. Who's going to write up the spec?
Ge0rG
botnets are using tor already... why not do some mining?
intosi
We filled the … in 1. operate jabber.org, 2. enable registrations again, 3. …, 4. profit!!!
Ge0rG
intosi: btw, that is not quite true. the botnet operator will rather be incentivized to mine their own bitcoins, instead of sponsoring the xmpp server
Ge0rG
we had throttling in xep-0198. what about letting the server send a "now please calculate this for me, or I won't forward your last message" to the client?
intosi
I'm sure the mobile client developers will love the idea of even more power consumption.
intosi
Or the IoT-guys, for that matter.
Kev
intosi: Although if you're doing IoT you're probably not doing it on free public servers.
Ge0rG
intosi: having your smartphone spin a wheel for 10-20s when registering is ok IMHO... and having your account throttled is not too much as well
Kev
Or maybe you are, I don't know.
intosi
Kev: that might be a fair point, although I don't know either.
dwd
I've asked in jdev, but I'll ask here - anyone got a real-world use-case for Teemu's two-factor thing? I don't know if it's just me, but it's still too opaque to me.
intosi
Ge0rG: it might not be an issue at registration. And if you normally don't hit this unless you send a large number of stanzas, it wouldn't even be that big an issue for those either.
Kev
dwd: I don't understand it.
Ge0rG
intosi: that's what I'm saying
Laurahas left
intosi
Ge0rG: right. And I presume you would suggest just falling back to rate limiting in the old-fashioned way if a client doesn't support this extension.
Laurahas joined
Ge0rG
intosi: yeah.
Ge0rG
intosi: except for registration, obviously
intosi
Obviously. No IB registration if you don't support the extension.
intosi
Somehow that feels like another step in an arms race to me.
intosi
But that might just be the nature of these problems.
Ge0rG
intosi: I'm not quite sure if this is just another step or a different order of magnitude.
intosi
If it takes 10-20 seconds to do the work before you can slowly send 1000s of spam messages from a botnet drone, the cost might not be high enough to make it an order of magnitude. It might be enough to make botnet attacks harder.
Kev
But this isn't the biggest problem model we have at the moment.
Kev
It's signing up accounts to send a few messages each.
Tobiashas left
intosi
Kev: that's true.
jabberjockehas joined
Ge0rG
intosi: I'd say that once you run into throttling, you have to work 10s per message or somesuch.
Ge0rG
of course, 10s on a smartphone is different from 10s on a desktop
Ge0rG
btw, is there a way to throttle if a user sends many messages to different, not-in-roster, users?
ralphm
sure, all impl. specific
dwd
My wife and daughter are making fudge and chocolate welsh cakes in the kitchen.
dwd
I just heard my wife complain she's burnt one. My daughter immediately says, "Dad, you can have another!".
dwd
Well, thanks.
Tobiashas joined
winfriedhas joined
jabberjockehas left
ralphm
heh
ralphm
that's a great form of rate limiting
intosi
:)
Kev
Fudge and chocolate welsh cake sounds like a wonderful thing.
intosi
<proof workload='bake_cookies'/>
Kev
I'm only just down the road, you know.
intosi
"Can you create an account for me?" "Sure, bring me a cookie.". Don't see the difference from asking for a cup of coffee 15 years ago if soneone needed something done urgently.
jabberjockehas joined
ralphm
intosi: yeah, token based authorization is awesome
Santiago26has joined
stpeterhas joined
dwd
Kev, It's either/or. Theer are some fudge-chip, and some choc-chip.
dwd
Kev, The fudge-chip ones are awesome when they're still warm.
Kev
You see where they made their first mistake.
dwd
Kev, Well, the choc-chip ones have molten choc in them until they cool. It's not quite the same.
dwd
Kev, Also, you could eat both at once.
Ge0rG
dwd: now that you have cookies, can I have yaxim-muc?
dwd
Ge0rG, I'm almost emerging from my current day-job workload.
Laurahas left
Laurahas joined
jabberjockehas left
Lloyd
Is the editor meeting in editor@muc.xmpp.org or council@muc.xmpp.org, email and calendar invite disagree
winfried
ah!
winfried
I am waiting in editor...
stpeter
oh that's right we have editor!
Lloyd
Me too (currently)
stpeter
let's use the editor room
dwd
Reading XEP-0001, I note that §5 says that after the submission is made, "If no member of the XMPP Council objects to publication of the proposal within fourteen (14) days or at the next meeting of the Council" it's accepted and published.
Laurahas left
dwd
That's not quite the same thing as the Council has done recently (it's been considered for a maximum of 14 days after the next Council meeting). I suppose that's fixable de-facto within the process by a Council member objecting de-jure until the timeout, but still.
SouLhas left
SouLhas joined
SouLhas left
Kev
dwd: Ah, it is what Council are doing.
Kev
Council are holding two-week long meetings, starting in a MUC, and ending on teh mailing lists :)
dwd
That's also a way of expressing it...
Kev
It's what we do, though.
Kev
We have a realtime portion, and then allow voting in the meeting to continue for two weeks, to allow for absent members, or those who couldn't get stuff reviewed in advance.
Kev
And as far as I could tell, there's no problem with this.
dwd
Yes, I entirely agree.
Kev
I was aware of the XEP1 language, and didn't think there was anything conflicting about what it said and what we did.
dwd
Ah, there I don't agree entirely. At best it depends on how you interpret it. I'd rather we just documented what we do clearly.
I tried skiing once and loved it. I'm somewhat concerned that trying it again, especially given my lack of fitness, would be an invitation to destroy myself.
Tobias
i'm sure there are easy tracks
stpeter
I prefer nordic skiing
stpeter
I don't fancy hurtling down mountains
Kev
Tobias: Sure, it's not as if I did more than blue runs last time.
Kev
stpeter: I don't think one would describe what I did as hurtling.
intosi
Right, mail sent to my registrar asking them when they will allow submission of DNSSEC DS records for the NL TLD. They support it for .net
intosi
DLV kinda sucks, and the XMPP Observatory (rightfully, I think) doesn't check it.
Ge0rG
what about DNSSEC on .im?
ralphm
dwd: I think you are getting to cought up in process
ralphm
caught
ralphm
Ge0rG: there are efforts underway to achieve that
Lancehas left
stpeter
hmm, I haven't sent my yearly inquiry to the nic.im folks about DNSSEC support
Kev
stpeter: I think others might have.
intosi
dwd is working on that, as far as I know.
stpeter
the more the merrier
intosi
Well, not really.
stpeter
maybe I need to hop on over to the Isle of Man when I visit the British Isles next week :-)
However, I don't think he has gotten a meaningful response other than an receipt acknowledgement
stpeter
right
stpeter
that's why I figure it can't hurt too much for them to know that there's generalized demand, not just one lone person
winfriedhas left
intosi
I believe dwd approached them on behalf of the XSF, but I might be mistaken.
ralphm
this is true
stpeter
that doesn't seem like the kind of thing that Dave would do
stpeter
since he's Mr. Process
ralphm
stpeter: it has been discussed in the Board meetings
stpeter
and the Board or membership didn't officially deputize him blah blah
stpeter
oh, I must have missed that meeting
ralphm
I can't find a reference, though, so maybe I'm halucinating
xnyhpshas left
Simonhas joined
emchohas joined
Simonhas joined
Simonhas left
Simonhas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
Alexhas left
Tobiashas left
Alexhas joined
emchohas left
emchohas joined
Simonhas joined
intosihas left
Tobiashas joined
emchohas left
emchohas joined
intosihas joined
intosihas left
intosihas joined
emchohas left
dwd
ralphm, stpeter - we discussed. However, it probably wasn't part of a board meeting.
dwd
ralphm, stpeter - And FWIW, I'm not so much interested in slavishly following a process as ensuring the process we actually follow is documented correctly.
Simonhas left
Simonhas joined
dwd
ralphm, stpeter - So in the case I noted, some author could insist their ProtoXEP should be published as a XEP according to XEP-0001 because it no objection has been raised for 14 days from its submission. The wording is such that an argument could be made that what we do is acceptable, but it'd be an unpleasant discussion at best.
dwd
ralphm, stpeter - I thought that given the new editorial team, I'd run a pass over XEP-0001 and see if these minor issues could be cleaned up easily with an edit or two.
dwd
ralphm, stpeter - What I'd really hate to happen is the kind of process drift in the IETF, where theory and practise often diverge quite badly.
stpeter
dwd: yes, that all makes sense
Tobiashas left
Simonhas left
Simonhas joined
Tobiashas joined
intosi
Update for the goto fail-issue for OS X just out. No sign in the release notes, but 10.9.2 apparently fixes it.
Simon
apparently it fixes it. Love that the fix could potentially be MITM'd
xnyhps
I'd be really surprised if OS X updates don't come signed separately.
intosihas left
Simonhas left
ralphm
dwd: nod
intosihas joined
stpeter
xnyhps: let's chat in London about how to manage xmpp.net submissions -- there must be a better way than the github repo that I have (not) been maintaining :-)
xnyhps
stpeter: Ah, yes. Nick from jabber.calyxinstitute.org has been asking me a couple of times about how to get on the directory.
stpeter
right
stpeter
my process is broken
stpeter
or I am broken
xnyhps
And I think there are a couple of posts to operators@ that have gone unanswered.
stpeter
yes
stpeter
exactly
emchohas joined
Ashhas left
Simonhas joined
fippo
dwd: you're generating valuable content for that blog :-p