XSF Discussion - 2017-01-18

  1. Steve Kille

    Putting notes within notes does not seem vital

  2. Steve Kille

    In the notes list, it would be ideal to sort XEPs in order, so you can quickly check if a given XEP is referenced

  3. Flow

    Holger: Is that you: https://wiki.diasporafoundation.org/User:Holger ?

  4. Holger

    Flow: Nope, that's someone else.

  5. goffi

    Hey, I'm checking python-omemo which use - if I'm not mistaken -, the old oloxotl based method for OMEMO: https://python-omemo.readthedocs.io/en/latest/xep-omemo.html

  6. goffi

    And I'm really surprised to see that the same namespace is used in current XEP: https://xmpp.org/extensions/xep-0384.html

  7. dwd

    Axoilotl-based OMEMO was never submitted; but the namespace should probably have been bumped anyway.

  8. dwd

    Sorry - was submitted, but rejected.

  9. daniel

    goffi: I think this is actually just the docs that refer to that namespace

  10. daniel

    The actual implementation uses siacs namespace

  11. daniel

    As it should if it's using the signal protocol

  12. daniel

    Someone just blindly copied the xep into the docs

  13. goffi

    daniel: ah ok, that's good then, because if we do an implementation in SàT it will be with the current method (olm), and that will be a big issue with gajim or other using python-omemo

  14. goffi

    I'll open a ticket

  15. Zash

    Blindly copying the examples? :)

  16. intosi

    Examples Considered Harmful

  17. mathieui

    Zash, nobody does that!

  18. Zash

    "Considered Harmful" Considered Harmful

  19. intosi

    Moderated +1, It's True

  20. Ge0rG

    daniel, you really should move forward with conversations to use the XEP namespace to get rid of the confusion. You'll need to support both anyway for the time being

  21. daniel

    Ge0rG: we can't just sed the namespace

  22. daniel

    There is no confusion. Siacs namespace means axolotl. Official namespace means olm

  23. Ge0rG

    daniel, siacs namespace isn't documented in the XEP, but widely deployed. Now you have created a de-facto standard, which other developers are following.

  24. Tobias

    Ge0rG, it's documented in the protoxep on the omemo website, not?

  25. Flow

    still, the current situation is suboptimal

  26. Ge0rG

    daniel, it's not easy, but it is only going to get harder from here

  27. Flow

    we have a xep, which either no one is going to implement because it is not what conversations does, or if somebody implements it, he/she would find out that it doesn't work with conversations

  28. Flow

    what georg said

  29. Zash

    These things are messy.

  30. Tobias

    Ge0rG, the thing is, there isn't a java lib for Olm yeta

  31. Ge0rG

    Tobias, I can't imagine how that is not a de-facto standard.

  32. daniel

    Ge0rG: get me a Java implementation of olm and I can switch pretty quickly. I can also get the majority of the other clients to switch at roughly the same time. I'm in contact with all of them all their libraries are designed with modularity with a switch to olm already in mind

  33. daniel

    The olm/signal switch is extremly easy from an implementation standpoint

  34. Ge0rG

    daniel, being a developer myself, I tend not to believe this claim

  35. Flow

    Is there still a reason to use OLM, now that Moxie put double ratchet into the public domain?

  36. daniel

    Flow: this is one of the things I'd like to figure out before I do the switch

  37. Flow

    Why not have OMEMO use https://whispersystems.org/docs/specifications/doubleratchet/ ?

  38. daniel

    Flow: that's what we are currently checking

  39. daniel

    If that's feasible

  40. Flow

    daniel: I hope we can sort this things out at the summit

  41. Ge0rG

    daniel, you'll need to support both namespaces in order not to break older versions of the code. You can't just "flip the switch"

  42. daniel

    Ge0rG: hard switch and tell your user to update or gtfo

  43. Zash

    Someone say Flag Day? :)

  44. daniel

    I have absolutely no problem doing that

  45. Ge0rG

    daniel, but your users will. You are going to alternate your core audience.

  46. goffi

    it would be nice to sort is out yes, if we do an implemention it will be XEP version regardless of existing implementations

  47. daniel

    Ge0rG: when did I ever care about my users

  48. Ge0rG


  49. Ge0rG

    daniel, I don't know. But I do care about the users of XMPP.

  50. daniel

    As long as the other clients are available they can simply upgrade

  51. daniel

    It's not like upgrading is hard

  52. Zash

    daniel: I hear you live in a world without long term support releases.

  53. Tobias

    there's no problem for Conversations to support axolotl OMEMO and olm OMEMO for a year or so and then dropping the axolotl one...it already supports OMEMO and OTR in parallel

  54. Tobias

    and GPG IIRC

  55. daniel

    Zash: if someone pays me to do lts I'll happily do that. For now very few people even pay to provide any support at all

  56. Kev

    ISTM if daniel is happy for a hard-upgrade, then given this is switching from a 'non-standard' to 'standard' version, that's actually a good thing.

  57. Ge0rG

    Kev, so your position is standardization over UX? 😛

  58. ralphm

    Dear summiteers. I just sent an e-mail to the summit@xmpp.org mailinglist about the Summit/FOSDEM hotel. Please read and act on it ASAP.

  59. daniel

    Do I have to sign up for the list again if I have been subscribed last year?

  60. Tobias

    it's the same as last year

  61. Zash

    I assume nobody went and removed all subscriptions

  62. Kev

    Interesting. I should be subscribed to that list, but there's no mail come through.

  63. daniel

    Kev: that's what triggered me asking that question

  64. Kev

    Ge0rG: No. My position is that if daniel says that his users can and will trivially upgrade, along with other users of that namespace, I'm going to trust he knows what he's talking about.

  65. Ge0rG

    daniel, Kev: maybe. But when I look at it from the user perspective, I see three issues: - how is user A supposed to figure out that he can't chat with B any more because of the upgrade? - how can A tell B to upgrade as well if they can't talk to each other? - who's going to delete the old pre-keys from PEP?

  66. mathieui

    Ge0rG, disco?

  67. Ge0rG

    mathieui, how is that going to solve any of the three? Maybe just a bit of #1.

  68. daniel

    Ge0rG: we can un-annouce the old devices. So messages won't just get discarded

  69. daniel

    It'll look like that contact doesn't have support for omemo

  70. Ge0rG

    daniel, un-announce on upgrade? That might work. You could also add discovery for the new namespace already, and show a message to upgrade the client if it is encountered on a contract.

  71. daniel

    Ge0rG: see. No problem

  72. Ge0rG

    daniel, see, you need to do advance planning!

  73. Ge0rG

    daniel, and you need to convince all the others to do the same planning.

  74. Ge0rG

    daniel, you can't just sed out the namespace on day X.

  75. daniel

    Ge0rG: convincing the others is not a problem. We are all besties

  76. Ge0rG

    daniel, it's getting harder and harder with each non standard implementation.

  77. daniel

    Ge0rG: I'm not doubting that it gets relatively harder

  78. Ge0rG

    I'm just saying...

  79. daniel

    Ge0rG: in any case there are a couple of things that have to happen first. Assess if a switch is still necessary with ows releasing specs

  80. daniel

    Write a olm java library

  81. daniel

    Fix bugs in olm

  82. Ge0rG

    Maybe the OWS spec is something that should be discussed in Brussels.

  83. daniel

    I'm happy to discuss it if people have enough background information to make that assessment.

  84. daniel

    Note that this far I dont have that level of background information either

  85. Ge0rG

    daniel, I think it would be awesome if you could prepare it then and add a discussion point to the agenda. Unfortunately I'm not going to attend.

  86. ralphm

    Kev: so did the e-mail just come in delayed?

  87. Kev

    I had it on my other account. I thought both accounts were subbed, but presumably either I'm wrong, or it got spamtrapped at work.

  88. Link Mauve

    “17:30:58 SamWhited> I wouldn't mind writing an XMPP implementation ontop of [tokio].”, oh nice, I’ll have a look, I remember wanting to try it before but it was very immature a few months ago (especially due to futures) so I went for mio instead.

  89. Link Mauve

    “17:36:10 Zash> lua::lua_setfield(L, -2, CString::new("foo").unwrap());”, you are just using raw bindings that don’t have a higher-level wraper, it won’t provide you any better safety than writing plain C either, it’s not the level at which you want to be using Rust.

  90. Zash

    Link Mauve: I imagined that it'd be possible to do Safe™ things in Rust and have a relatively small area of unsafe code that moves stuff between that and the C / Lua world.

  91. Zash

    Which should be true, but then I reached my tolerance of telling a computer how to turn a string into a string.

  92. SamWhited

    > Welcome to our room, I'm going to add you to my roster, if you accept, please reply with Yes or 1 to accept, or you can reply with No or 0 if you don't want to. مـرحـبآ بك في رومنا , سأقوم بإضافتك, لو سمحت أجب بنعم او 1 ان كنت موافقآ, او لا او 0 ان كنت لا تريد اضافتي.

  93. SamWhited

    Whisper in jdev or somewhere

  94. Link Mauve

    Zash, :)

  95. SamWhited

    That's a new one

  96. Link Mauve

    SamWhited, from who?

  97. SamWhited

    discuss@, rather; if anyone here has a ban hammer…

  98. Zash

    A kind of thing highlighting the continued need for JID privacy in public rooms?

  99. SamWhited

    That wouldn't stop a pm would it?

  100. Tobias

    SamWhited, a fix for the duplicated note numbers https://github.com/xsf/xeps/pull/374

  101. SamWhited

    "Avril Lavinge" if anyone has op rights there

  102. SamWhited

    Tobias: nice, thanks!

  103. Zash

    SamWhited: Makes it harder for whatever that was to actually add you to their roster and/or send direct spam.

  104. SamWhited


  105. intosi

    It would be nice if clients would render PM's outside of the chat room context, IMO ;) Avoids a bit of confusion.

  106. SamWhited


  107. intosi

    I'm generally always confused by how Conversations handles this.

  108. Zash

    Still need to write that server module to limit PMs in the MUC itself.

  109. SamWhited

    It would also prevent a lot of "me sending private messages to the whole room by mistake"

  110. intosi

    SamWhited, and that :)

  111. Link Mauve

    I only know of two clients doing that, imo you should report to their bugtracker.

  112. Link Mauve

    It’s indeed a terrible UX.

  113. mathieui

    that’s conversations and mcabber?

  114. Link Mauve


  115. moparisthebest

    I talked to daniel about that before and it was a deliberate design decision

  116. Zash

    Yay trade offs

  117. moparisthebest

    if I recall correctly, because it'd be confusing that people they were chatting with just disappeared and quit working etc

  118. moparisthebest

    which is fair I guess

  119. moparisthebest

    I also hate it, coding it up as an advanced option has been on my todo list for too long

  120. daniel

    The target audience (tm) is also discouraged to use PMs at all

  121. daniel

    They usually dont hang around anonymous conferences

  122. SamWhited

    Oh huh, the person sending that spam *is* an admin. Compromised account, maybe.

  123. mathieui

    maybe they just want to make friends :-(

  124. moparisthebest

    yea I have a feeling hardcore xmpp or irc users are the only one bothered by that behavior daniel :)

  125. Zash

    The nickname does seem familiar somehow

  126. moparisthebest

    yea I have a feeling hardcore xmpp or irc users are the only ones bothered by that behavior daniel :)

  127. intosi

    daniel: perhaps in your client, but that doesn't stop other clients from doing do.

  128. daniel

    intosi: yeah sure. I was just talking about the reasoning Conversations doesn't do it this way

  129. intosi

    Discouraging its use is fine (I know I rather receive normal chats instead), but rendering it such that it's easy to broadcast things meant to be said in private might not be the best choice for random users ;) They might also assume the thing was said in publiuc in the first place.

  130. intosi

    The incoming message, that is.

  131. intosi

    If a techie is confused about the whispers, imagine how non-techies would perceive it ;)

  132. daniel

    Mix to the rescue

  133. ralphm

    daniel: how would you handle it differently for MIX?

  134. daniel

    ralphm: the private conversation doesn't randomly drop out and can be persistent over longer periods

  135. ralphm


  136. ralphm

    so would press-hold on a participant then bring you to another conversation?

  137. daniel

    ralphm: it can be a different conversation. How exactly you'd open one I haven't thought about yet

  138. daniel

    But in essence yes

  139. ralphm

    Zash, Flow, and other participants of the XMPP Summit and/or FOSDEM, please join summit@muc.xmpp.org

  140. Ge0rG

    A coworker just clicked my nickname in gajim's MUC window to chat to me. He was utterly confused when I tried to explain to him that this is not the same as a direct message. Oh the woes of XMPP

  141. Ge0rG

    Normal people would be best served by MUC light.

  142. intosi

    Why did you try to explain that? He probably did so because he had a question, and an answer would've made him close the window again ;)

  143. Ge0rG

    Also, I've recently fixed yaxim to put MUC PMs into separate windows, even though they lack presence info yet. It vastly improved the UX

  144. Arc

    im a bit confused by something; why is MIX split into two services with the special proxy service?

  145. Kev

    Because some things can only happen on your own server.

  146. Steve Kille

    Arc: Will talk about this at the summit. Need to make this clearer. MIX has requirements on the User's server, and these requirements are currently reference as MIX Proxy

  147. Kev

    The 'special proxy service' is bad terminology for 'things your server does'.

  148. Ge0rG

    Arc, it requires support from your server, and the MIX proxy is the part of your server that implements this support

  149. Ge0rG

    I'm still in favor of "MIX agent"

  150. dwd

    MIX Master?

  151. Ge0rG

    dwd, nice sound but technically misleading

  152. dwd

    Well, it has to be MIX something or else Steve Kille won't write the spec. See RFC 2156.

  153. intosi

    MIX Connector, or MC for short.

  154. Zash

    MIX Blender

  155. Tobias

    or MIX Bender (futurama style)

  156. Ge0rG

    dwd, that problem can be solved. I remember you offered to kill people who come to Brussels... :P

  157. Ge0rG

    Tobias, +1

  158. intosi

    Bite my shiny mixing affiliation.

  159. Ge0rG

    Why not just as short as possible? "mixer" or "MIXer"

  160. Zash

    MIXing Server

  161. Zash

    MIX Inclusion eXtension

  162. Arc


  163. Arc


  164. Arc

    it doesnt sit quite right, does it? requiring special server support for a remote service?

  165. Zash

    I believe it started as "what if the server kept track of your pubsub subscriptions?" combined with "what if muc was pubsub based?"

  166. Zash

    Currently, pubsub state is between a client (resource) and the pubsub service. Moving the tracking into the account (on the server) enables magic.

  167. Tobias

    maybe the MIX XEP should make that explicit, so that we don't have someone stubling about that fact every month

  168. Zash

    Having not kept up with MIX, I'm not sure how much magic is expected of the server now.

  169. Tobias

    *explicit in the introduction

  170. Arc

    meeting time

  171. Arc

    and starting today, I'm FREE!

  172. Arc

    Google Code-in is officially over. all student work submitted, all reviews complete, only thing left is choosing grand prize winners and the awards ceremony sometime this spring

  173. Arc

    ralphm: nyco:

  174. mathieui

    Arc, congratulations

  175. MattJ waves

  176. nyco


  177. ralphm

    I'm here

  178. Arc

    https://wiki.xmpp.org/web/Joshua_Pan_Application_2017 is a great result from google code-in

  179. ralphm

    start in 40 s

  180. nyco

    hey Arc, can/should we write a blog post about XMPP-related work on Google Code-In?

  181. Arc

    Zash: if you want to follow up with one of the students, that's the big one

  182. ralphm

    intosi: but will it MIX?

  183. Arc

    nyco: we could? im not huge into press release style posts tho

  184. ralphm bangs gavel

  185. ralphm

    1. Welcome + Agenda

  186. nyco

    Arc, rather tech content?

  187. Arc

    Martin: you here?

  188. ralphm

    Who do we have today?

  189. nyco

    Welcome ;-)

  190. Arc


  191. ralphm


  192. MattJ


  193. ralphm

    (despite your presence)

  194. ralphm

    Good. Any agenda items, besides Summit/FOSDEM?

  195. nyco

    Agenda: all for the summit?

  196. Arc

    I added 2 to the board

  197. nyco

    IMHO we should focus on Brussels

  198. nyco

    ah ok

  199. ralphm

    2. Minute taker

  200. ralphm

    dwd around?

  201. dwd

    I'm not going to be around the entire time, but I'll get to minutes.

  202. ralphm


  203. ralphm

    3. Summit / FOSDEM

  204. Arc

    Thank you ralph for getting the hotel stuff together

  205. ralphm

    As you might have seen, I've got the quote from Thon Hotel, and sent out some details on the Summit ML

  206. nyco


  207. Martin

    (apologies, I'm here, but on a train, so my connection is ropey)

  208. ralphm

    I still need to sign the document, and dwd suggested we could simply put in the bank details to cover their requirement for non-paying individuals

  209. ralphm

    If that's ok with y'all

  210. Arc

    thats ok so long as everyone in the block is known and reliable

  211. ralphm

    aye, that's also why I put up the Google Docs form

  212. Arc

    and there's a clear understanding that the XSF will hold people responsible for paying anything charged to the XSF on their behalf

  213. Arc

    which I think you've covered.

  214. dwd

    Hence the phrasing on the Google Docs form, indeed.

  215. ralphm

    It has a checkbox stating 'I understand that I will be personally responsible for the payment to Thon Hotel EU and will be required to make good any expense incurred by the XMPP Standards Foundation in relation to my stay.̈́

  216. Arc

    quick question - why is wednesday twice the price for weekend nights?

  217. dwd

    arc, Because Hotels.

  218. ralphm

    I'm assuming that's also because of EU

  219. ralphm

    It's always been like this at Aloft, too

  220. intosi

    They had few rooms available on that date.

  221. Arc

    thats bizarre, but moving on.

  222. ralphm


  223. Tobias

    payments to the hotel okay, but why to the XSF?

  224. Arc

    unfortunetly there's not a lot of other options; the eariest eurostar from london (for example) arrives after 10am, over 30 minutes from summit

  225. ralphm

    So, other than that, I got word that Chris Deering won't be at the Summit, and neither will M&M, but Chris is in talks with Jerome Poisson on the summit venue

  226. ralphm

    tobias: you don't pay the XSF for the hotel, this is just to make sure that if you don't pay the hotel, we will need to cover it and come haunt you

  227. Tobias

    ralphm, ahh

  228. ralphm

    To be clear, the venue being Cisco Diegem

  229. ralphm

    I trust we can work that out again

  230. SamWhited

    In case Cisco doesn't work out, maybe it's worth inquiring if the hotel has a conference room we can use?

  231. intosi

    We'll squat all of the Poechenellekelder if not .

  232. Arc

    is that not locked down yet?

  233. ralphm

    it does, dwd said it was expensive

  234. ralphm

    Arc: please don't worry so much

  235. SamWhited

    Ah weird, I'd assume it would be free to people bringing in a big group paying them tons of money

  236. dwd

    The XSF can, if needs be, afford the hotel's conference room.

  237. intosi

    SamWhited: that's not how bistromath works.

  238. dwd

    SamWhited, That's a US thing. EU hotels don't operate in that way.

  239. SamWhited

    Huh, interesting.

  240. ralphm

    dwd: yeah

  241. SamWhited

    I thought that was the point of conference rooms in hotels, to attract big groups :)

  242. ralphm

    SamWhited: well, in the case of hotels in the EU district in Brussels, there appear to be plenty of venues offered by the EU

  243. ralphm

    Moving on

  244. Arc

    SamWhited: and in the US, wednesdays are usually the cheapest day.

  245. ralphm

    Other thing on the list is the XSF dinner. We just need to contact the same old restaurant and setup a new Google Form afterwards

  246. Arc

    what restaurant is it?

  247. ralphm

    dwd: let's get that check list done today

  248. ralphm


  249. ralphm

    We've been going there for years. Good venue.

  250. dwd

    ralphm, Yes. Mea culpa and all that.

  251. ralphm

    That brings me to the next point, sponsors

  252. ralphm

    we need to chase those. Who wants to take that on

  253. ralphm


  254. ralphm

    if needed dwd can help with tips

  255. Arc

    i have a bad feeling that im going to lose so much weight on this trip lol

  256. dwd

    arc, You'll lose many negative pounds.

  257. ralphm

    dwd :-)

  258. Arc

    dwd: you might. lol

  259. ralphm

    not seeing any volunteers

  260. ralphm


  261. ralphm

    come on guys, I can't do it all

  262. MattJ

    I'll volunteer, if someone gives me pointers

  263. dwd

    ralphm, This is for Dinner etc?

  264. ralphm


  265. MattJ

    Not convinced I'm the best person for the job, but hey :)

  266. ralphm

    last year we had Dinner and Lunch sponsors, as well as Cisco for the Summit venue

  267. dwd

    I'll give MattJ some tips.

  268. Zash

    MattJ: You can arrange for all vegan and cheese free dinner for everyone

  269. ralphm

    MattJ: you'll be fine, just don't get lost in the woods

  270. MattJ

    I won't be there :)

  271. dwd

    ralphm, That's how lost he'll be.

  272. Arc

    Zash: I don't think its possible, looking at this one restaurant's menu. even the fish has dairy on it

  273. dwd

    Arc, Vegan isn't really a thing in Belgium. Vegetarian isn't much of a thing either.

  274. ralphm

    Arc: I'm sure they can do specials, we've always had a veggie option, too

  275. Arc

    dwd: yes I'm getting that impression.

  276. intosi

    ralphm: vegan is probably more complex for them.

  277. Arc

    I'm vegan plus fish and eggs. strong dairy allergy.

  278. ralphm

    intosi: hm. I'll ask them anyway

  279. ralphm

    (or whoever calls them)

  280. dwd

    Arc, Ah... Yes, you may have some problems.

  281. dwd

    Arc, You can always live off beer. It's practically a meal in itself there.

  282. Arc

    things like butter can lead to a hospital visit, you can understand hesitation eating in non-english countries

  283. intosi

    I'm sure native speakers can help out at the Auberge here.

  284. Arc

    I ate exactly two meals in paris over 4 days.

  285. MattJ

    Arc, it's fine, once the infamous "ribs place" made up a vegetarian dish for me

  286. MattJ

    Consisting 100% of tomatoes

  287. intosi

    MattJ: the plate full of tomatoes?

  288. ralphm

    Yeah, I'm sure people in Paris think you're from another planet

  289. MattJ

    That's the one

  290. Arc

    MattJ: tomatos are great for electrolites lol

  291. MattJ

    I think there was some parsley on the top

  292. Arc

    anyway we can discuss that on summit@

  293. waqas

    What has the typical cost of the dinner been? i.e., what's the baseline funding goal?

  294. dwd

    I'd have to check previous years' figures.

  295. ralphm

    meanwhile, let's spend the last 5 minutes on Marketing

  296. ralphm

    I relatedly asked if my company could provide a projector, and I think that's shouldn't be a problem

  297. Martin

    I asked if Surevine could, and nobody seemed to know where the projector was, so that's good to hear

  298. ralphm

    We do need to get things printed soonish

  299. ralphm

    Martin: the more the better

  300. MattJ

    Martin, :)

  301. Arc

    ralphm: yes, do you have quotes on that?

  302. Martin

    ralphm: OK, I'll chase

  303. Arc

    ralphm: full color front and back A4

  304. ralphm

    Arc: I'll get you a quote on that.

  305. ralphm

    anything else specifically?

  306. Arc

    well you mentioned a banner

  307. Arc

    I'm focusing my attention on flyers, which i should have a pdf by friday

  308. ralphm

    Arc: right. Roll op banners are around €35

  309. ralphm

    (going from, of course you can get more expensive)

  310. ralphm

    I've also eyed this: https://www.dvc.nl/beurs-presentatie/beurs-en-wanden

  311. Arc

    ralphm: want me to do layout for the banner too?

  312. ralphm

    The soft image wand (wall), for example

  313. ralphm

    and https://www.dvc.nl/beurs-presentatie/balies

  314. ralphm

    Arc: yes please

  315. Arc

    ok get me DPI and size. my schedule is pretty open this week

  316. ralphm nods

  317. ralphm

    time's up

  318. Arc

    I added tshirts for decision

  319. ralphm

    anything else?

  320. ralphm

    Arc: I'm +1 on them, we just need to get a nice design

  321. Arc

    no problem. full color on one side, one color on the other?

  322. Arc

    are we doing free shirts for summit participants (they'll cost under $20/ea I expect) or taking online orders to pay for them?

  323. ralphm

    Martin, nyco?

  324. nyco

    not sure

  325. ralphm

    Arc: I don't know

  326. ralphm

    I would pay for it

  327. Arc

    it'd cost under $400 to print them. the issue here is the price goes up in smaller quantity

  328. Arc

    assuming similar pricing US to EU, good tshirt material around $8, and around $15 setup per screen, plus a nominal amount per shirt to print. but the screens are the key there

  329. ralphm

    does different sizes affect that?

  330. Arc

    not typically, until you get to XXL or higher

  331. Arc

    with full color on one side (for xmpp logo) it'll cost $75-$100 USD for setup and printing regardless of quantity

  332. ralphm

    I have no idea on this

  333. ralphm

    I'm going to close this meeting, but we can chat some more afterwards

  334. Ge0rG

    Would it be possible to get summit-neutral t shirts for non-participants?

  335. ralphm

    Arc: thanks for the PyCon thing

  336. nyco

    ok, I need to go, sorry... I've not been useful :'(

  337. ralphm

    Ge0rG: the idea this time around is participant-only shirts, if I remember correctly.

  338. Arc

    so being conservative it'll cost under $400 for qty 36.

  339. ralphm

    4. Date of Next

  340. ralphm


  341. ralphm

    5. Close

  342. ralphm

    Thanks all

  343. nyco


  344. ralphm bangs gavel

  345. MattJ

    Thanks ralphm

  346. ralphm

    By the way, I think we'll skip Feb 1.

  347. Arc

    what, no in-person board meeting?

  348. ralphm

    Not on Feb 1

  349. ralphm

    I'll still be in Veldhoven

  350. ralphm

    But I'm all up for the in-person board drink

  351. ralphm

    (on one of the other nights)

  352. Arc

    ralphm: i'm suggesting we use up to $400 of the $1500 for promo material budget for tshirts

  353. ralphm


  354. Arc

    so, you ended the meeting a bit abruptly there. are we making those decisions on the list?

  355. ralphm

    Arc: well, yeah, because it's been mostly a conversation between us two. I think that's a reasonable course of action

  356. ralphm

    I am curious about how to find proper shirt material

  357. Arc

    the printer will have options.

  358. ralphm

    Most of my shirts are American Apparel, but I'm not sure if you can get those here

  359. moparisthebest

    'MIX Proxy' should be renamed 'MIX User Connector', or MUC for short, that'll fix all the confusion surely

  360. Arc

    a third of my closet are tshirts ive designed or run the orders on, mostly rugby shirts

  361. ralphm

    I know good vendors for flags and for paper printing, but not so much for clothes

  362. ralphm

    Guus, intosi, any idea?

  363. Arc

    would amsterdam be easy for you to pick up from ralphm?

  364. Arc

    I can ask the rugby team in amsterdam, all rugby teams make shirts like crazy

  365. Arc

    btw ralphm you've got an invite to Bingham Cup 2018 in Amsterdam ;-)

  366. ralphm

    I'm in A'dam three days a week

  367. ralphm

    But I'd guess that all printers would do cheap shipping

  368. ralphm

    .nl is small

  369. ralphm


  370. Arc

    i asked the amsterdam lowlanders

  371. Ge0rG

    "I'm in A'dam three days a week" this is a surprising coming out.

  372. Arc

    Ge0rG: especially when replying to an invite to a gay rugby tournament lol

  373. ralphm

    Yeah, I found it hard to admit, too.

  374. Arc

    largest rugby tournament in the world, pretty big deal.

  375. Arc

    https://www.youtube.com/watch?v=ulSPA_Enh2A was Sydney 3 years ago.

  376. Guus

    Some one mentioned me?

  377. Guus

    Clothing vendors, no idea

  378. Ge0rG

    Has anybody ever considered that JIDs reflected by a MUC or MIX are not trustworthy, as the component could fake everything?

  379. Arc

    thats an interesting point

  380. Arc

    currently tho you can confirm their server at least if they use http upload to send a photo

  381. Ge0rG

    http://xmpp.org/extensions/xep-0045.html#invite-mediated writes "The <room@service> itself MUST then add a 'from' address to the <invite/> element whose value is the bare JID, full JID, or occupant JID of the inviter" which all have interesting security implications

  382. Arc

    ive retreated to my safe EXI level work, theres just too many privacy exploits to close them all

  383. Arc

    besides, many of those problems *we* can't solve.

  384. Arc

    i think i found the bottom of the rabbit hole, and it puts everything else in perspective

  385. Arc

    all I need to do to uncover your IP address is send you a custom link to a server I manage.

  386. Ge0rG

    Arc: and make me click it

  387. Arc

    thats easy. i just have to provoke you with an emotional discussion and make it look like a url shortener service

  388. Arc

    I started running this as a proof of concept on alt-right forums, im getting over 50% click-through rate

  389. Arc

    it works most reliably with DMs

  390. Arc

    usually after forum visibility posts

  391. Ge0rG

    Arc: I hope you aren't doing unethical things with the IP data

  392. Arc

    not unless profiting from humans being terrible to each other is unethical

  393. Ge0rG

    Arc: in not sure. "profiting" can be anything or nothing

  394. Ge0rG


  395. Arc

    i got the idea when I first noticed this problem a few weeks ago at the same time a transwoman friend was being harassed online to the point of closing her facebook account. using this method we were able to uncover that they were using RCN from the DC area, meaning its likely someone she knows

  396. Arc

    but we lacked data.

  397. Arc

    so I identified other places online where this person might be posting, and started running automated agents there to see if we could find a match. we haven't yet.

  398. Arc

    if we could ever link the person to a real identity, they would face criminal charges for repeatedly threatening to kill her

  399. Arc

    the latest is after she left facebook, her harrasser created a spoof profile with her name and started sending friend requests to people she knows. its been pretty scary

  400. Ge0rG

    Arc: interesting op-sec finding

  401. Guus


  402. Arc

    RCN is a cable company. unfortunetly RCN doesnt have ipv6

  403. daniel

    Does somebody have a deep link to the summits mailing list sign-up page / archive. (basically to the mailman page). I'm on mobile with horrible Internet and googleing that is a pain

  404. Guus


  405. Arc

    anyway im considering turning it into a business. the data archived exclusively from "biggot sites" that trolls tend to use frequently. advertisers are already using your IP address to track you

  406. Ge0rG

    Arc: such a business would be illegal wir where I live

  407. Guus

    when is the next board meeting?

  408. Arc

    Ge0rG: thats entirely possible.

  409. Arc

    Ge0rG: Jan 25.

  410. Arc

    we are skipping Feb 1

  411. Guus

    ah, today was one?

  412. Arc

    yes, and we really only got through one item. its unlikely we'll be able to touch non-summit next week either

  413. Arc

    the big one we need to attack now is GSoC. if XSF is going to put in a decent application this year we need someone to step up, I'm happy to serve as backup admin (I've been a GSoC mentor every year since 2005), and need to start getting the ideas page going like yesterday

  414. Guus

    Board should probably have a say in the desirability of something like, which is why I was asking: https://github.com/xsf/xmpp.org/pull/246

  415. Guus

    ah, GSoC, good thought. Not sure if I can commit to put in effort there though. I can try to coordinate with IgniteRealtime projects, if that'd be helpful

  416. Arc

    Ge0rG: just curious, what part specifically would be illegal where you are? the recording of IP addresses? sending bots to engage in social sites? allowing paid subscribers to use our data to narrow down who their harassers are?

  417. Arc

    Guus: well GCI just ended, which means GSoC is starting.

  418. Arc

    please note, and this is very important, if XSF isnt accepted there are other projects that will umbrella

  419. Arc

    we can, Python may, even Apache

  420. Flow

    GSOC, yes please :)

  421. Arc

    the difference is who gets the money. umbrellas usually keep most or all of the per-student funds

  422. Flow

    so does the XSF ;)

  423. daniel

    Guus: thank you

  424. dwd

    Arc, I don't think we do it for the monety.

  425. Arc

    dwd: no, but it helps

  426. Flow

    helps how?

  427. Flow

    I'm not sure if I want mentors who wouldn't mentor if there was no money

  428. Arc

    we had Wesnoth under us as an umbrella a few years ago, they threw a nuclear hissy fit over the org payment from google even when they were a very small part of the overall org

  429. Ge0rG

    Arc: recording of addresses is borderline, selling them without user consent illegal

  430. Arc

    Ge0rG: would love to see that law, because advertisers do this all the time.

  431. dwd

    Ge0rG, Germany's a little over-inclusive about what they treat as PII, mind.

  432. Guus

    Arc: Germa...what Dave said.

  433. Arc

    ah, gotcha.

  434. Arc

    well if i do this i plan to incorporate as an LLC in nevada anyway

  435. Ge0rG

    dwd: it's good to err on the safe side

  436. dwd

    Arc, You could probably have a query service over whether a particular user visiting a site may frequent alt-right groups. Having a flat out IP blacklist might be problematic.

  437. Arc

    dwd: not a blacklist. we're not blocking anyone, just attempting to link up what they've said on different sites to identify who they are

  438. Arc

    once we get into facebook it might become very easy.

  439. dwd

    Arc, If you do it via advertising - or via a mechanism that's substantially similar - you're perfectly fine.

  440. dwd

    Arc, Depending on what "identify" might mean here.

  441. Arc

    the IP address is easy. the question is who's posting hate from that IP address.

  442. dwd

    On another note - pubsub events and retracts - type='headline' a sensible default?

  443. Arc

    so the MIX "proxy" isnt MIX-specific, its your own server tracking pubsub subscriptions

  444. Kev

    It *is* MIX specific, because MIX does a special type of pubsub.

  445. Ge0rG

    And because the proxy also filters / redirects messages and possibly presence

  446. Arc

    could it be mare more generic, tracking pubsub subscriptions would be a nice feature

  447. Kev

    Yes, that's PAM.

  448. dwd

    Arc, See PAM.

  449. Kev

    But PAM wasn't specced out sufficiently when MIX was being done to use PAM.

  450. dwd

    Arc, And that does need work, but I think I've got a reasonable spec for the actual tracking bit.

  451. Kev

    So what's needed is specced out in MIX more explicitly, with the understanding it may well be rephrased in terms of PAM when PAM is more fully baked.

  452. Arc


  453. Ge0rG

    Kev: why haven't we progressed PAM then?

  454. Arc

    clearly i have a lot of reading to do

  455. Arc

    easier to retreat back to EXI and let the rest wash over for now

  456. Kev

    Arc: Sure. We're basically building XMPP2 at this point.

  457. dwd

    Ge0rG, Cycles. I'm always blocked when thinking how PEP ought to work with PAM.

  458. Arc

    that is long since overdue

  459. Kev

    We're just doing it in a way that still works on top of 6120/6121 and allows interop with XMPP1.

  460. Arc

    TLS mandatory, EXI detection mandatory, SASL mandatory, fully framed and no restarts

  461. Kev

    Which is obviously a good thing, but makes it hard to break the mindset of 'well, why should entity X have to support Y in order for entity Z to ...', when the answer is 'because this is how the new world needs to work'.

  462. Ge0rG

    XMPP2 you say? Is that why bind2 is called as it is? I found the name rather uncreative

  463. daniel

    Let's duplicate all xeps and add a 2.0 to the name

  464. Kev

    daniel: Resource binding 1 not being a XEP, of course ;)

  465. Ge0rG

    daniel: just bump the steam namespace version

  466. Ge0rG

    And replace XML with http2

  467. Kev

    And I'm out again.

  468. Arc

    and then replace http2 with telnet

  469. Flow

    hmm, yesterday gave a +1 for removing the ability of the client to suggest a resource, and today I look at stanza traces of integration tests I wrote which use that feature to make it clear which role the involved full JIDs perform in the test.

  470. Holger

    Yes, custum resource names can be really convenient during debugging.

  471. Flow

    exactly, so I'm not sure if we should get rid of them on protocol level again

  472. Flow

    (and that, of course, includes bind2)

  473. Tobias

    it's just one indirection more

  474. Flow

    tobias: hmm?

  475. Flow

    instead of looking at the localpart?

  476. Tobias

    in your logs, just find the resource you interested in and then look at all debugs things related to it

  477. Tobias

    you just skip the "find the resource you're interested in"

  478. Flow

    tobias: in case of integration tests, i'm interested in multiple resources

  479. Flow

    of course, I could highlight them in different colors

  480. daniel

    Debugging is a good usecase. Maybe the only one. Not sure if this justifies keeping them

  481. Tobias

    sure..but you can just have them handle them being dynamic, not?

  482. Flow

    and then try to remember somehow that blue is the address doing to the read out from the red resource

  483. Tobias

    if you have asserts that are resource dependent, just do a lookup for the resource after you log in, and use the resource in the asserts of your integration tests

  484. Flow

    tobias: ahh i'm not sure if we talk about the same thing

  485. Tobias

    i'm neither

  486. Flow

    Right now I've a stanza trace in front of me, which involves three different entities

  487. Tobias

    what's the integration test you have that requires static hardcoded resources?

  488. Flow

    which somehow interact with each other

  489. Flow

    tobias: it does not *require* it

  490. Flow

    it makes the trace much easier to read

  491. Tobias

    so, highlight them differently based on resoruce

  492. Tobias


  493. Flow

    i may not always have emacs in front of me

  494. Flow

    i.e. I could have an editor in front of me which doesn't have this feature

  495. Flow

    like google docs

  496. Flow

    which is actually the case right now

  497. Tobias

    google docs can colour text

  498. Flow

    ahh ok, didn't knew

  499. Flow

    let's see

  500. Flow

    but the point still stands

  501. Flow

    tobias: can color text, or can color search results in different colors?

  502. Tobias

    i don't know...i rarely use google docs

  503. bjc

    it's useful for debugging, but it's hard to use that as a strong motivation to keep the feature, imho

  504. bjc

    i do the same thing with my resources in tests

  505. Tobias

    and you can still use static resources, just not when doing login using bind2

  506. Flow

    If the only motiviation for removing it is that it makes clustering easier, then I tend to say "keep it", because it's already possible to generate the resources on the local cluster node with the current RFC

  507. Ge0rG

    +1 for keeping client generated resources.

  508. bjc

    it removes a round trip when you don't have to negotiate resources

  509. Flow

    tobias: right, but what if bind2 becomes XMPP 2.0?

  510. Ge0rG

    My motivation is debugging as well, and really, we shouldn't make server operator lives even more complicated

  511. bjc

    honestly, not sure if i care about that, either, but there you go

  512. Flow

    bjc: no it does not

  513. Arc

    it could be streamlined

  514. bjc

    no? i haven't read bind2 yet

  515. Tobias

    it's the XEP with no external references :p

  516. Ge0rG

    There is no extra round-trip. The client politely asks, the server either approves or reassigns

  517. bjc

    it's a round trip if you have to ask, as opposed to just being assigned one

  518. Ge0rG

    Besides, we need some way to tell the server to kill the stale session anyway on a reconnect

  519. Flow

    I sometimes wish the bind element would be more explicit about the "politely asks" aspect

  520. Flow

    Ge0rG, why do we need that?

  521. Flow

    The only party which has an advantage by removing the old stale session is the server, no?

  522. Ge0rG

    Flow: because I just killed and restarted my client, and I want to replace the previous session

  523. Flow

    because? I mean with carbons and such?

  524. bjc

    what flow said

  525. Flow

    hmm, probably stale presence, not sure

  526. daniel

    Ge0rG: the kill stale sessions can be done differently

  527. daniel

    It doesn't require custom resources

  528. Flow


  529. bjc

    may be an issue with directed presence

  530. Ge0rG

    daniel: eg with 0198,which has its own session identifier

  531. Flow

    isn't directed presence send to bare JIDs?

  532. bjc

    full or bare

  533. bjc

    but for, eg, muc, it's full

  534. Flow

    ahh ok

  535. Ge0rG

    Flow: because of OMEMO for example, which talks to a given resource

  536. bjc

    not sure if it matters, at the end of the day, though

  537. Flow

    doesn't OMEMO talk to devices?

  538. Ge0rG

    (in mixed support situations)

  539. daniel


  540. daniel

    Omemo doesn't need resources

  541. Tobias

    Ge0rG, carbons?

  542. Flow

    But I don't see a problem extending <bind2/> with an optional <kill-previous-session resource='foo'/> element

  543. daniel

    Flow: yeah that's what I suggested yesterday

  544. daniel

    Or if bind 2 requires sm when can use sm for that

  545. Flow

    brrr "requires"

  546. Ge0rG

    Flow: that and <attempt-stream-resume id=bar>

  547. Flow

    I'd avoid hard dependencies when possible

  548. Flow

    hmm stream-resume doesn't make sense for bind2

  549. Flow

    stream-enable may does

  550. bjc

    why would you use sm over bosh instead of just using acks?

  551. Ge0rG

    Flow: if we want to clean up the mess, we need to make bold steps

  552. daniel

    Flow: I don't have an opinion on that. But I said *if* it requires sm. Either that or do the kill-prevois element

  553. Flow

    right, but still, stream-resume doesn't make sense when using bind2

  554. Ge0rG

    Flow: stream-resume does make sense because it spares a round-trip and moves more logic into the server

  555. Flow

    if you do SASL auth followed by xep198 stream resume, then you don't need bind2

  556. daniel

    Flow: but in case it fails

  557. daniel

    It spares you a round trip

  558. Flow

    then you do bind2 with stream-enable

  559. daniel

    Flow: yes. And that's the extra round trip

  560. daniel

    That you have to do the bind

  561. Ge0rG

    Flow: or you just do bind2 with attempt-resume and the server does all the magic

  562. Flow

    ahh, got ya, fair point

  563. daniel

    (I'm not necessarily agreeing just explaining that it does save a round trip)

  564. Ge0rG

    Ideally, as a client, I'd put (my last MAM id, resource, sm session) into the bind2 request and let the server do everything else

  565. Flow

    BTW: I did some related art yesterday. Ladies and Gentleman, I present you, the XMPP client session establishment state machine: https://goo.gl/photos/xg2yECoACUscsj6Z6

  566. Flow

    Ge0rg, the last MAM ID, so the server also sends you the missing messages?

  567. Ge0rG

    Flow: exactly

  568. Flow

    hmm, not sure if that's really required

  569. Flow

    I mean bind2 is there to solve a race condition

  570. Flow

    and not to make everything super optimized

  571. Flow

    at least that's how I see it

  572. SamWhited

    Flow: nice; I've got a few chunks of that drawn up in some details, and I've been meaning to complete the picture and try to get the full diagram drawn out. Good job

  573. daniel

    Sending the mam id would be a very bold move

  574. Flow

    SamWhited: I'm tikz'ing it and plan to put the tex into a public git

  575. Ge0rG

    Expected result: either stream resume, or: - kill old session - update old sm state according to delivered counter - send all I missed from MAM - bind new session - enable carbons

  576. daniel

    Not sure if bind 2 wants to take that on

  577. SamWhited

    Flow: I'e got a few graphs here, feel free to borrow from them: https://bitbucket.org/SamWhited/xmppdocs/overview

  578. Ge0rG

    daniel: why not make bind2 explicitly support extension elements for MAM, sm etc

  579. daniel

    Ge0rG: I didn't say bold aren't good moves. I'm just not sure if this is something that Kev would be willing to do

  580. Flow

    SamWhited: will certainly have a look. thanks!

  581. Ge0rG

    daniel: im not sure if Kev is the ultimate authority or if we want to make something that's good and future proof

  582. Ge0rG

    (not implying that we can't with Kev)

  583. daniel

    Ge0rG: sure. But you can't hijack kevs xep is what I'm saying.

  584. daniel

    'hijack' and 'kevs'

  585. Ge0rG

    daniel: this is a shortcoming of the XEP process.

  586. Ge0rG

    If I had more time, I'd hijack a bunch of them.

  587. daniel

    Maybe it is...

  588. Ge0rG

    We can make bind2 something awesome and remove some cruft from the graph Flow shared.

  589. Ge0rG

    And not just a hot fix for a race condition.

  590. Ge0rG

    I wouldn't mind it becoming XMPP2. There are many problems in XMPP 1

  591. SamWhited

    I've been thinking about that a lot lately actually; redoing the login flow and calling it XMPP 1.1 or 2 or whatever; maybe fixing some of the erratas, or merging in XEPs that are now seen as necessary, etc.

  592. SamWhited

    Almost certainly not worth the effort though.

  593. Ge0rG

    SamWhited: why not?

  594. SamWhited

    Because everything would break, and most of the problems probably aren't bad enough that anyone would bother implementing it. Just a hunch though.

  595. Ge0rG

    Besides of the MAM carbon SM mess we could also get 2fa and one-time / per device passwords

  596. SamWhited

    And the IETF-WG process is a big deal, and would take a massive amount of effort.

  597. SamWhited

    We can get that now without rewriting the whole RFC.

  598. Kev

    What I want to do with the bind2 spec is not to do anything complicated without a clear consensus.

  599. Kev

    Dave has possibly reasonable things he wants to do, including redoing all of SASL I think.

  600. Kev

    If that happens, it'd probably bin any work done on complicated things in bind2, which is why I'm not keen on boiling the ocean at this stage.

  601. Ge0rG

    Kev: I want to redo the things after SASL, and I have controversial ideas about it. Will post to the ML after my holiday (next week)

  602. Ge0rG

    Kev: how does one thing bin the other?

  603. Kev

    My approach is "Do the simple things right now in bind2 so we can solve the real problems that need solving, then let someone write an elegant and future-proof reworking of the entire stream setup, and then rephrase bind2 in terms of that".

  604. SamWhited

    SASL itself is a pain to implement in a generic way; I haven't seen anything better, but I'm not sure the problems with it are just XMPP problems…

  605. Kev

    SamWhited: And then you start ratholing.

  606. Kev

    SamWhited: And then bind2 gets held up. And then we don't solve the immediate problems.

  607. SamWhited


  608. Kev

    Thus my approach of doing the simple thing first, and adapting once the complicated thing is done (if ever)

  609. Kev

    Maybe my simple thing is *too* simple, even for that plan, but that is my motivation.

  610. SamWhited

    Kevs approach ++; there are places where I think it's necessary to do a radical redesign, but in this case I suspect it's simpler and cleaner to do it incrementally. Especially since even the "simple" approach is a pretty big step.

  611. Ge0rG

    Just make bind2 extensible with additional elements for SM and MAM