Ge0rGlooks like we need a compliance testing suite real-soon-now
fipposimon: ah, i spoke to florian who reported the webrtc stuff at fosdem :-)
fippohe's listed as reporter
fippoprobably proposed those items
ralphmThe 'additional protocols' one is funny
fipposhould there be an xsf blog post how happy the XSF is to see all those projects? :-)
Tobiasfippo, i'm +1 for that...while it's unfortunate the XSF itself doesn't mentor any of the projects it's nice to see adoption of XMPP style projects in other mentoring orgs
fippotobias: that would be the message ;-)
fippoi'll see if i can write something up... after another round of skiing
ralphmI also think we should try to support those efforts
ralphmfippo: do coordinate with Laura, by the way
Tobiasfippo, you make it sound like you're on holiday tztztzt
ralphmI guess "break a leg" isn't appropriate now?
fippowill do, i typically need someone to wordsmith anyway (-:
Ge0rGWe need a proof-of-work protocol for registering user accounts and for sending messages beyond a given limit!
intosiAccount registration combined with crypto currency ;)
KevEvery account you register you gain bitcoin?
Tobiasyeah...so each client will come with a 20 gig hash chain :)
Ge0rGeven though my comment was tongue-in-cheek, it might work out to reduce spam. Also, it could be used by the server admin to delegate bitcoin mining to clients, repaying for the server operation.
intosiAnd give server operators an incentive to actively welcome clients that are part of a botnet.
KevSounds good. Who's going to write up the spec?
Ge0rGbotnets are using tor already... why not do some mining?
intosiWe filled the … in 1. operate jabber.org, 2. enable registrations again, 3. …, 4. profit!!!
Ge0rGintosi: btw, that is not quite true. the botnet operator will rather be incentivized to mine their own bitcoins, instead of sponsoring the xmpp server
Ge0rGwe had throttling in xep-0198. what about letting the server send a "now please calculate this for me, or I won't forward your last message" to the client?
intosiI'm sure the mobile client developers will love the idea of even more power consumption.
intosiOr the IoT-guys, for that matter.
Kevintosi: Although if you're doing IoT you're probably not doing it on free public servers.
Ge0rGintosi: having your smartphone spin a wheel for 10-20s when registering is ok IMHO... and having your account throttled is not too much as well
KevOr maybe you are, I don't know.
intosiKev: that might be a fair point, although I don't know either.
dwdI've asked in jdev, but I'll ask here - anyone got a real-world use-case for Teemu's two-factor thing? I don't know if it's just me, but it's still too opaque to me.
intosiGe0rG: it might not be an issue at registration. And if you normally don't hit this unless you send a large number of stanzas, it wouldn't even be that big an issue for those either.
Kevdwd: I don't understand it.
Ge0rGintosi: that's what I'm saying
intosiGe0rG: right. And I presume you would suggest just falling back to rate limiting in the old-fashioned way if a client doesn't support this extension.
Ge0rGintosi: except for registration, obviously
intosiObviously. No IB registration if you don't support the extension.
intosiSomehow that feels like another step in an arms race to me.
intosiBut that might just be the nature of these problems.
Ge0rGintosi: I'm not quite sure if this is just another step or a different order of magnitude.
intosiIf it takes 10-20 seconds to do the work before you can slowly send 1000s of spam messages from a botnet drone, the cost might not be high enough to make it an order of magnitude. It might be enough to make botnet attacks harder.
KevBut this isn't the biggest problem model we have at the moment.
KevIt's signing up accounts to send a few messages each.
intosiKev: that's true.
Ge0rGintosi: I'd say that once you run into throttling, you have to work 10s per message or somesuch.
Ge0rGof course, 10s on a smartphone is different from 10s on a desktop
Ge0rGbtw, is there a way to throttle if a user sends many messages to different, not-in-roster, users?
ralphmsure, all impl. specific
dwdMy wife and daughter are making fudge and chocolate welsh cakes in the kitchen.
dwdI just heard my wife complain she's burnt one. My daughter immediately says, "Dad, you can have another!".
ralphmthat's a great form of rate limiting
KevFudge and chocolate welsh cake sounds like a wonderful thing.
KevI'm only just down the road, you know.
intosi"Can you create an account for me?" "Sure, bring me a cookie.". Don't see the difference from asking for a cup of coffee 15 years ago if soneone needed something done urgently.
ralphmintosi: yeah, token based authorization is awesome
dwdKev, It's either/or. Theer are some fudge-chip, and some choc-chip.
dwdKev, The fudge-chip ones are awesome when they're still warm.
KevYou see where they made their first mistake.
dwdKev, Well, the choc-chip ones have molten choc in them until they cool. It's not quite the same.
dwdKev, Also, you could eat both at once.
Ge0rGdwd: now that you have cookies, can I have yaxim-muc?
dwdGe0rG, I'm almost emerging from my current day-job workload.
LloydIs the editor meeting in firstname.lastname@example.org or email@example.com, email and calendar invite disagree
winfriedI am waiting in editor...
stpeteroh that's right we have editor!
LloydMe too (currently)
stpeterlet's use the editor room
dwdReading XEP-0001, I note that §5 says that after the submission is made, "If no member of the XMPP Council objects to publication of the proposal within fourteen (14) days or at the next meeting of the Council" it's accepted and published.
dwdThat's not quite the same thing as the Council has done recently (it's been considered for a maximum of 14 days after the next Council meeting). I suppose that's fixable de-facto within the process by a Council member objecting de-jure until the timeout, but still.
Kevdwd: Ah, it is what Council are doing.
KevCouncil are holding two-week long meetings, starting in a MUC, and ending on teh mailing lists :)
dwdThat's also a way of expressing it...
KevIt's what we do, though.
KevWe have a realtime portion, and then allow voting in the meeting to continue for two weeks, to allow for absent members, or those who couldn't get stuff reviewed in advance.
KevAnd as far as I could tell, there's no problem with this.
dwdYes, I entirely agree.
KevI was aware of the XEP1 language, and didn't think there was anything conflicting about what it said and what we did.
dwdAh, there I don't agree entirely. At best it depends on how you interpret it. I'd rather we just documented what we do clearly.
ralphmHowever, I don't think he has gotten a meaningful response other than an receipt acknowledgement
stpeterthat's why I figure it can't hurt too much for them to know that there's generalized demand, not just one lone person
intosiI believe dwd approached them on behalf of the XSF, but I might be mistaken.
ralphmthis is true
stpeterthat doesn't seem like the kind of thing that Dave would do
stpetersince he's Mr. Process
ralphmstpeter: it has been discussed in the Board meetings
stpeterand the Board or membership didn't officially deputize him blah blah
stpeteroh, I must have missed that meeting
ralphmI can't find a reference, though, so maybe I'm halucinating
dwdralphm, stpeter - we discussed. However, it probably wasn't part of a board meeting.
dwdralphm, stpeter - And FWIW, I'm not so much interested in slavishly following a process as ensuring the process we actually follow is documented correctly.
dwdralphm, stpeter - So in the case I noted, some author could insist their ProtoXEP should be published as a XEP according to XEP-0001 because it no objection has been raised for 14 days from its submission. The wording is such that an argument could be made that what we do is acceptable, but it'd be an unpleasant discussion at best.
dwdralphm, stpeter - I thought that given the new editorial team, I'd run a pass over XEP-0001 and see if these minor issues could be cleaned up easily with an edit or two.
dwdralphm, stpeter - What I'd really hate to happen is the kind of process drift in the IETF, where theory and practise often diverge quite badly.
stpeterdwd: yes, that all makes sense
intosiUpdate for the goto fail-issue for OS X just out. No sign in the release notes, but 10.9.2 apparently fixes it.
Simonapparently it fixes it. Love that the fix could potentially be MITM'd
xnyhpsI'd be really surprised if OS X updates don't come signed separately.
stpeterxnyhps: let's chat in London about how to manage xmpp.net submissions -- there must be a better way than the github repo that I have (not) been maintaining :-)
xnyhpsstpeter: Ah, yes. Nick from jabber.calyxinstitute.org has been asking me a couple of times about how to get on the directory.
stpetermy process is broken
stpeteror I am broken
xnyhpsAnd I think there are a couple of posts to operators@ that have gone unanswered.
fippodwd: you're generating valuable content for that blog :-p