XSF Discussion - 2014-02-26

fippo, I am. I'm hoping he'll snap and "interview" one of us.

Whowherewhat?

Tsahi's blog, http://bloggeek.me

He comes out with stuff like "I am not a fan of XMPP to say the least, but I don’t really have anything bad to say about this approach."

That's the most positive thing he's yet said.

dwd: for what it's worth, I found his posts reasonably low on signal

Like the new one talking about 'SaaS'.

ralphm, Yes, they often are, but I'd like to have his low-grade mumblings also mention XMPP positively.

ralphm: the analiysis of signalling protocol completly misses some important facts

like: "you typically use sip because then you can use webrtcs sdp thing -- but note that webrtc sdp != sdp"

or: "jingle doesnt use sdp, webrtc does so you need a transformation"

but i dont want to generate content on his blog (-:

for those interested, I have a first, very rough, draft for the new push xep ready here: https://github.com/legastero/customxeps/blob/gh-pages/extensions/push.md

comments welcome. tomorrow i'll xep-ify it and add in all of the formalities

Lance, If you are a client developer, and I can register with your client backend, can I construct some form of attack (on you, or on your client-users)?

Lance, Also, it *is* tomorrow. Even for you. :-)

Lance - Looks like what we chatted about at the Summit. I'll point Abmar to it as well. (for easy XEP-ing, I can recommend Lloyd's Github+Travis XEP workflow. - https://github.com/buddycloud/buddycloud-xep)

heh, so it is

dwd: doing the registration via xmpp is nice as proof-of-ownership for a jid, so i can associate a device id with user jid

the main attack against me would be injecting someone elses device id

dwd: sure thing, I've been telling people they are wrong on the internet by tracking http://display.ik.nu/xmpp

Lance, Yeah, but could I flood your push service with a slew of fake registrations from dummy accounts?

sure. just like you can ddos anything else. thats a problem every mobile app developer that uses accounts has to deal with

I wonder if there's a reasonable way of mitigating that.

In any case, don't take this as in any way blocking.

dwd: eg. https://twitter.com/mike10010100/status/438353086978211840

So, sponsorship - as I read things, Silver gets a logo, but no text, on the sponsors page, right?

dwd: yes

the table seems pretty clear to me

Joachim makes a good point. One for the agenda this afternoon.

hey lloyd, you could have told me about @decentcamp :-)

How do you know I know :) Sorry. I think they only announced on Monday

twitter tells me you follow them as well

ahh :) Its a good location for visiting the girlfriend's family too.

For everyone else: http://decentralizecamp.com/ - have submitted to talk about XMPP

fippo maybe you could talk about webrtc but sneak a whole bunch of webrtc in ;)

second webrtc == xmpp, D'Oh!

yeah, even though a pure xmpp one might be good as well... "why decentralization is hard -- 15 years xmpp"

oh, that's interesting

also 2 days after open discussion day

talk proposals also submitted - this should be fun :)

haha

I think with all the submissions there'll be at least one XMPP session :)

Decentralize! Own the web! Follow us on Twitter!

Oh the ironing ;)

In the sense of lacking Irony.

Right. So I've done a pass over XEP-0001. The main changes I'm proposing (aside from some linguistic hoops) are: 1) Removed the timeout for Council [now Approving Body] objections - this is now a timeout for the Approving Body Chair to poll the members of the Approving Body. The timeout for objections is then stipulated as being up to the Chair. 2) Switched the Approving Body for Humorous XEPs to being the Editor; I think this is how it's actually been for some years anyway.

So the change in (1) now means that a ProtoXEP will go up before the Council within 14 days, rather than objections must be filed within 14 days. Again, I think this matches what actually happens.

Oh, note I've also removed the stipulation for "the next meeting", so the Council Chair could punt a submission on Wednesday morning to the next meeting within the process; I'm not sure that's ever happened, actually, but it was easier to frame the text that way.

i do wonder whether we should hold council meetings on april 1st where those xeps are discussed....

There, sent to the list.

dwd: thanks.

dwd: you forgot to mention the Humorous XEPs in <section1 topic='Publication Process' anchor='publication'> para 1.

Ah, yes, I forgot to add it.

I'd actually only changed that para to titlecase Approving Body since it's now a Thing.

A captital-T Thing?

Right. It's a Term, technically.

a Term Thing

So scanning for similar cases, I see there's no provision for modifying Humorous XEPs. It's also not clear if we can deprecate and obsolete them.

I don't think I care.

If I got €1 for every person contacting me about switching to Threema… Now imagine if there was a service that let you send messages to friends over securely.

!define Threema

It's a swiss service that seems to be benefitting from the WhatsApp = Facebook effect.

Oh, no HAL

I've seen Telegram mentioned in a few places too :(

It might actually be worth pushing XMPP in this light.

That is, putting together some copy etc to specifically target this market.

what do you mean with copy?

dwd: the old problem is that XMPP is a protocol, not a product. and those services offer a product

"copy" as in text etc.

fippo, Yes, indeed.

fippo, There's an argument here for some productizing effort. But that loops back to testing, compliance suites, etc.

Simon, I sympathize with that, certainly, but there is *always* one more thing.

This market segment is probably going to care about e2e crypto

Regardless of if it's actually secure

dwd: yes, but that costs money. which you only have if you market a product (-:

dwd: indeed. But the people that have been asking me about Threema will not be running the current crop of XMPP clients willingly.

dwd: Allways.

dwd: And that thing is the most important one!

Can't switch to XMPP unless it has that one thing!

Zash, Right.

Zash, FWIW, Mark Crispin used to complain that the IMAP world was full of these things without which IMAP would inevitably fail.

Zash, Yet whichever ones were left out, it still did the same.

In the end, it's only network effect that counts.

Zash, That's certainly the most important factor.

what is amazing is that we don't see the multi-protocol clients again...

but I guess the vendors are fighting them harder than last time.

fippo: Just wait

Either fighting, or they've switched to offering an XMPP interface to their silo.

All this has happened before etc

When did the first multi-protocol clients show up?

1997 maybe?

Has anyone used http://instantbird.com <http://instantbird.com/> or know how closely it's tied into Mozilla?

Simon: The IM support in Thunderbird is build on that iirc.

No and no. But I imagine we could find out the latter easily.

I /think/ the guy showed up at FOSDEM last year

or was it the year before

ah, florian talked to me at fosdem. I did not know he was behind instandbird

Which Florian?

dwd: http://www.instantbird.com/about.html

Oh, a new Florian.

TO me.

So many Florians

So little time.

Is there a recommended indentation tab/spaces size and line wrap length for XEPs (bonus: Eclipse settings that I can import)?

I don't think so.

dwd - so woe to anyone who reformats a document and then tries to make a diff of it? Or is there a nice way to make an XML diff that I'm missing?

Simon, I think Tobias made some tools to diff XEPs.

[14:44:05] Dave Cridland: http://xmpp.org/about-xmpp/xsf/xsf-people/#editor actually says to submit XEPs to Peter directly, still.

I was actually trying to find the XEP submission address. :-)

dwd: http://xmpp.org/extensions/xep-0001.html#appendix-discuss whataboutthtatone

Ah, errata. Yes, not what I was doing, though.

I'm catching up on Exciting Board Paperwork. :-)

Do we have an agenda for this week?

Not AFAIK.

Excellent, my mail helped. Joker now supports submission of DS records for .nl domains.

Alex: ralphm Kev Zash xnyhps MattJ Simon http://syriatalk.co/IMG_10209337760734.jpg

Simon: you sure that will work?

Why do you people click on random URLs?

Especially ones with 'syria' in them.

Look over there. Free donuts.

http://www.did-i-loose-all-my-bitcoins-on-mtgox.com/

Simon, or server side tool uses daisy diff and generates that diff based on the two HTML outputs of the different versions

Tobias - thanks. Do you have a non-syrian link for me?

https://code.google.com/p/daisydiff/ this is the lib..or do you just want a diff of versions already in the repo, then this might help http://xmpp.org/extensions/diff/

Simon: ^

thanks :)

Simon: Hoping you aren't affected

Of course, the lack of regulation the bitcoinistas enjoy so much also means they won't have the standard protections enjoyed by anyone using a traditional bank with boring, non-digital money.

ralphm: Thankfully not affected by the Gox madness. Actually I bought from Mark Karples before there was even a mtGox (by sending money to his friend in Sweden) Amazingly it all worked (and I pulled my coins into a private wallet immediately)

Simon, You've bought bitcoins?

Simon, I have this bridge I can sell you.

Simon: I haven't looked into this stuff at all, but why would you *not* keep them in a private wallet?

because of all the convenient cloud services?

dwd: made of chocolate fudge?

Tobias, Right, and cloud services are cool.

Tobias, dwd: Oh, I didn't know that.

ralphm, It's Tower Bridge. The UK is selling it and has made me sole agent. Honest.

ralphm: no idea. Well perhaps you are doing some exchange arbitrage and day-trading.

Tobias, dwd: I don't know much about cloud services, really.

Might have a go at writing up a XEP for payment requests.

ralphm, Cloud services are like normal internet services except... Erm... cloudier.

and with less privacy of course

dwd: I should tell my boss, I guess. He might be interested in this cloud thing.

ralphm, And because clouds are cold - think of fog, for instance - then cloud services are cooler.

Tobias: nice tool.

that's also why dwd stays in the foggy parts of this world :)

dwd: I can see why they like Cloud services in San Francisco, too.

ralphm, Right.

fog much

ralphm, They probably have cloud services in London, too, only they call them Pea Souper Services.

Cloud services in London occasionally cause my flight to be delayed or even cancelled.

hm

I'll make a note of this

Agenda Item: Spam protection.

Agenda Item: XEP-0001 Changes (probably need to punt until next week)

Agenda Item: ProtoXEP Submission on "Form of Membership Applications" (again, probably need to put until next week)

In other news, Sony have released their new toys. Being a complete Sony whore now, I'm drooling.

does it include a new crypto fail?

Did Sony have one? Beyond the stock Android fails?

the PS3 had one

where their random number for their ECDSA signatures was always the same :D

Rootkit pre-installed?

Were there minutes of the editing team's meeting?

Simon, That meeting was yesterday; I don't know of minutes yet, but I asked M&M if he'd say a few words to the Board today.

dwd: that was going to be my next question.

I have a meeting IRL so I probably won't pay much attention to the Board meeting, but if I'm needed please include "stpeter" in the next so my client will show it in bold red text :-)

ok stpeter

Ok

Still two short

Hiya

dwd, becoming more and more Welsh each day

Lloyd, What, with "Hiya"?

dwd yep, happy female Welsh I grant you, but I assumed you'd prefer me to leave those bits out.

Lloyd, Happy I'll grant you. The rest, not so much.

ralphm, Assuming you're chairing, I've put messages in here with "agenda" in them so you can find them in the logs. All today.

"A battlecry a ninja yells when the ninja is ready to attack."

Oh, Miss Piggy, too.

But it was that kind of "Hiya" either.

neither?

I entirely missed out all my negatives there, yes.

It was not that kind of "Hiya" either.

Anyway, even though we're still missing bear and Laura, shall we begin?

Laura sent apologies to the list.

oh, good

Sorry, I thought you'd seen those.

Wasn't aware of snow on the Isles

anyway

0. Agenda

dwd spammed this room today

any other items?

I don't think Laura can make it (she couldn't make our website meeting before this one either)

Simon: dwd just said "Laura sent apologies to the list."

Oh, the note to Board@ I sent WRT IETF.

dwd: right

Nothing major from my end.

1. Spam Protection

dwd?

So m&m mentioned that editor@ is inundated with spam, currently.

Making it hard to find the actual submissions in amongst the rubbish.

the room, the list?

The list.

This is specifically email spam.

why is it a problem on that list and not on the others?

Because that list relies on promptly handling messages from non-list members.

dwd: ok, so this is something that the I-team should be able to handle. Or stpeter.

it takes some effort to separate the wheat and the chaff

iteam is looking at introducing greylisting on atlas.

Right, but a third-party spam filtering service might be in order, which would mean expenditure.

stpeter mentioned installing a graylisting filter

yes iteam will be doing that

I think the greylisting will help significantly

If greylisting works, that's great - but I'd like to see Board agree in principle that item can go look for spam filtering services that cost actual money.

Or at least alert that they may need to.

without too much self-promotion, intosi is looking into Mailgun for outgoing mail, they also do spam filtering for incoming

is there a good reason for the XSF to spend time running mailing lists rather than using commercial alternatives?

ralphm: great.

Simon, I would argue the mailing lists themselves (and the archives of them, more so) are a core service.

dwd: agreed

Simon, For the most part this doesn't appear to be an onerous task, either.

running mailman, when familiar, takes almost no resources

it is things like spam that complicate things

But anyway - can we tell iteam that we'll authorize actual money?

dwd: I'd first like them to look at the options

raphm

dwd: but I am not opposed on principle

sorry - kbd slip

ralphm, OK. Sounds good to me.

I also asked intosi to gather metrics on the number of messages we send out

depending on the volume, the costs might be near or at zero

ralphm: sorry, forgot about that. been busy, have put it higher on my todo-list.

intosi: no worries

All sounds good. FWIW, some of these places charge by the email address by the looks of things. Which could be quite amusing, given it's all lists.

Anyway, I'm done on this one.

Mailgun charges only per outgoing message and per dedicated IP

(the latter we don't need)

2. XEP-0001 updates

Just a general note to read them. I don't think we've had sufficient discussion to consider them ready for voting.

+1

let's push to next week

dwd: can't the Council do this themselves?

ralphm, The Approving Body for XEP-0001 is actually Board.

ah yes

I just noticed

ralphm, So it has to be us.

oh well then

I missed the Council meeting today, were the changes discussed there?

Only in as much as I called attention to them, and Kev/PSA noted that I may have the Humorous XEP approving body wrong.

FWIW, I still think that's probably the right change, but it's worth adding in some blurb about how they seek opinion as required.

dwd: Kev is right, you just have no idea

Not sure that's exactly my wording.

But hey ho.

Kev, Well, you said the approving body was still council.

Yes.

adding procedure also sucks humor

It was Ralph's "You have no idea" that I said I didn't say.

going forward

Kev, Ah, OK.

Kev: that was my opinion

ralphm: Right. I want to stay on Board's good side. You know how fickle they are.

ralphm, You should have had your humour formally approved before stating.

ralphm: If you propose your humour now, I can get it approved by Council in the next 28 days.

:)

_ _ _ _ | | | | __ _| |__ __ _| | | |_| |/ _` | '_ \ / _` | | | _ | (_| | | | | (_| |_| |_| |_|\__,_|_| |_|\__,_(_)

OK, I'm good with this.

3. ProtoXEP form of membership applications

FWIW, the Editorial team haven't yet announced this, so I was a little premature in putting it on the agenda.

I don't think we're in the habit of discussing protoxeps formally other than raising objections for admission

we're working on it!

Right, again this one's Approving Body is the XSF Board, and is the "Form of membership applications" that the By-Laws state we approve.

m&m: we == board

Or need to approve. From time to time.

It's basically a marginally tidied version of what I sent to the memebrs list back in December.

in the case of the ProtoXEP publication, we == Editorial Team

dwd: so is it in the inbox?

not yet

Could the party that raised this agenda item please outline the benefits of a proto-xep over the current wiki based system.

ralphm, Submitted. Not yet there. Like I said, I was a little premature.

Simon, There is no current system.

dwd: ok, anything to discuss now then?

Simon, Or rather, there is no formally approved "Form of membership applications" that I can find.

Simon, So this ProtoXEP provides a proposal for one, and includes saying "Applications must be made on the Wiki" etc.

ralphm, Erm. Probably nothign more than a heads-up, and please read when you see it announced.

4. AOB

Oh, yes.

m&m, Can you give a summary of where the Editorial Team is?

And if you say "scattered across the earth", I shall have to stick my tongue out at you.

dwd: on teh intarwebs

sure

the team had its first meeting yesterday @ 16:00 UTC

we got a brain dump from stpeter on the processes he's followed all of these years

changed editor@xmpp.org from an alias to a mailing list

and have some documents we're working through on processes, templates, etc

so far I'm the only member of the team with (most of) the necessary access to do things

we'll get the rest of them up and running as soon as we can

m&m: ok, cool. Thanks for the update.

any other Any Other Business?

there's more, but I'm not yet ready for that part yet (-:

I'm assembling a postmortem writeup on part of the process so far

Oh, we need some updates to various bits of website to handle the switch from PSA to the Editorial Team.

m&m: right

which might have some recommendations for infrastructure updates

Who can make those changes?

it looks like I might be able to now, actually

but also stpeter

that's all I have, really!

OK, thanks.

Nice update m&m.

5. Date of Next

I assume +1W is tricky for some.

So proposing +2W

That works for me.

I'm not sure I'll be able to be online around then, yet.

But let's just schedule it

Could someone attending IETF volunteer to write up a blog post on the XSF activities there

2014-03-12?

dwd: yes

Simon, That would be useful.

Simon: your question is noted

6. Close

Thanks all!

Oh.

too late

We didn't cover that IETF question I had.

Also maybe someone who is going to the IETF and the evening XMPP meetup might like to give a summary at the meetup about what happened at the IETF session

dwd: I asked for AOAOB

Ash: I'm planning to attend both, so I could do that if no one else is willing

ralphm, Yes, quite, my fault - I'd mentioned it at the beginning then forgot again.

dwd: but +1

ralphm, I'll ask on the list.

dwd: that seems proper

m&m: awesome

Thanks m&m - I'll put your name down :)

graze

Ash, You know Tuesday is free enrty (kind of) for ISOC members? And ISOC membership is free...

actually, let me get that ProtoXEP into the inbox

I was thinking of doing it myself, but I don't think I'm going to be able to make the IETF now as next week is starting to look pretty busy!

Right, yes. I should presumably look at ISOC membership at some point prior to Tuesday.

dwd: What's the procedure here for getting entry as an ISOC member?

(Pointer to appropriate URL is a fine answer)

I *entirely* forget. Let me see if I can dig out the mail I got.

It could even be too late.

Ta.

I have some minutes written up, BTW.

Do any Board members want to review ahead of time, or shall I just post them to memebrs@?

members@

Oh, so *that's* why everyone seems to ignore my mail.

memeboards@

memebros@

MemeBruceStephens@ was actually what came to my mind.

need moar cats!

dwd: I knew it did.

dwd: same here.

it's not a meme without cats

Minutes sent to board@ cc members@, noted unapproved.

Any iOS users here with tips on XMPP clients for iPad / iPhone? Monad does seem to choke on any site not doing SSLv3, ChatSecure seems to crash on me.

Monal

intosi, What was the one that was announced on one of the mailing lists last week?

Not sure I saw the message you're talking about

Ah, Boogie Chat.

That rings a bell.

It looks the part at least.

It wants me to manually provide hostname and port...

:|

Zash: quite.

That's not a great start.

Not really, no.

And no notifications of chats when the app is not the foreground app.

Oh, I know what you could do.

But it involves changing your phone to something reasonable.

N900! :P

I said "something reasonable".

Right, that was way into the "too awesome to be true" category

dwd: it's not for me.

intosi, Right. That sounds suspiciously like one of those "A friend of mine - no, not me, really - " stories.

dwd: I know. Although I'd like to have a good XMPP client on my iPad, I'm more than happy to just use my Nexus 7 or Android phone when on the road.