-
Steve Kille
Putting notes within notes does not seem vital
-
Steve Kille
In the notes list, it would be ideal to sort XEPs in order, so you can quickly check if a given XEP is referenced
-
Flow
Holger: Is that you: https://wiki.diasporafoundation.org/User:Holger ?
-
Holger
Flow: Nope, that's someone else.
-
goffi
Hey, I'm checking python-omemo which use - if I'm not mistaken -, the old oloxotl based method for OMEMO: https://python-omemo.readthedocs.io/en/latest/xep-omemo.html
-
goffi
And I'm really surprised to see that the same namespace is used in current XEP: https://xmpp.org/extensions/xep-0384.html
-
dwd
Axoilotl-based OMEMO was never submitted; but the namespace should probably have been bumped anyway.
-
dwd
Sorry - was submitted, but rejected.
-
daniel
goffi: I think this is actually just the docs that refer to that namespace
-
daniel
The actual implementation uses siacs namespace
-
daniel
As it should if it's using the signal protocol
-
daniel
Someone just blindly copied the xep into the docs
-
goffi
daniel: ah ok, that's good then, because if we do an implementation in SàT it will be with the current method (olm), and that will be a big issue with gajim or other using python-omemo
-
goffi
I'll open a ticket
-
Zash
Blindly copying the examples? :)
-
intosi
Examples Considered Harmful
-
mathieui
Zash, nobody does that!
-
Zash
"Considered Harmful" Considered Harmful
-
intosi
Moderated +1, It's True
-
Ge0rG
daniel, you really should move forward with conversations to use the XEP namespace to get rid of the confusion. You'll need to support both anyway for the time being
-
daniel
Ge0rG: we can't just sed the namespace
-
daniel
There is no confusion. Siacs namespace means axolotl. Official namespace means olm
-
Ge0rG
daniel, siacs namespace isn't documented in the XEP, but widely deployed. Now you have created a de-facto standard, which other developers are following.
-
Tobias
Ge0rG, it's documented in the protoxep on the omemo website, not?
-
Flow
still, the current situation is suboptimal
-
Ge0rG
daniel, it's not easy, but it is only going to get harder from here
-
Flow
we have a xep, which either no one is going to implement because it is not what conversations does, or if somebody implements it, he/she would find out that it doesn't work with conversations
-
Flow
what georg said
-
Zash
These things are messy.
-
Tobias
Ge0rG, the thing is, there isn't a java lib for Olm yeta
-
Ge0rG
Tobias, I can't imagine how that is not a de-facto standard.
-
daniel
Ge0rG: get me a Java implementation of olm and I can switch pretty quickly. I can also get the majority of the other clients to switch at roughly the same time. I'm in contact with all of them all their libraries are designed with modularity with a switch to olm already in mind
-
daniel
The olm/signal switch is extremly easy from an implementation standpoint
-
Ge0rG
daniel, being a developer myself, I tend not to believe this claim
-
Flow
Is there still a reason to use OLM, now that Moxie put double ratchet into the public domain?
-
daniel
Flow: this is one of the things I'd like to figure out before I do the switch
-
Flow
Why not have OMEMO use https://whispersystems.org/docs/specifications/doubleratchet/ ?
-
daniel
Flow: that's what we are currently checking
-
daniel
If that's feasible
-
Flow
daniel: I hope we can sort this things out at the summit
-
Ge0rG
daniel, you'll need to support both namespaces in order not to break older versions of the code. You can't just "flip the switch"
-
daniel
Ge0rG: hard switch and tell your user to update or gtfo
-
Zash
Someone say Flag Day? :)
-
daniel
I have absolutely no problem doing that
-
Ge0rG
daniel, but your users will. You are going to alternate your core audience.
-
goffi
it would be nice to sort is out yes, if we do an implemention it will be XEP version regardless of existing implementations
-
daniel
Ge0rG: when did I ever care about my users
-
Ge0rG
*alienate
-
Ge0rG
daniel, I don't know. But I do care about the users of XMPP.
-
daniel
As long as the other clients are available they can simply upgrade
-
daniel
It's not like upgrading is hard
-
Zash
daniel: I hear you live in a world without long term support releases.
-
Tobias
there's no problem for Conversations to support axolotl OMEMO and olm OMEMO for a year or so and then dropping the axolotl one...it already supports OMEMO and OTR in parallel
-
Tobias
and GPG IIRC
-
daniel
Zash: if someone pays me to do lts I'll happily do that. For now very few people even pay to provide any support at all
-
Kev
ISTM if daniel is happy for a hard-upgrade, then given this is switching from a 'non-standard' to 'standard' version, that's actually a good thing.
-
Ge0rG
Kev, so your position is standardization over UX? 😛
-
ralphm
Dear summiteers. I just sent an e-mail to the summit@xmpp.org mailinglist about the Summit/FOSDEM hotel. Please read and act on it ASAP.
-
daniel
Do I have to sign up for the list again if I have been subscribed last year?
-
Tobias
it's the same as last year
-
Zash
I assume nobody went and removed all subscriptions
-
Kev
Interesting. I should be subscribed to that list, but there's no mail come through.
-
daniel
Kev: that's what triggered me asking that question
-
Kev
Ge0rG: No. My position is that if daniel says that his users can and will trivially upgrade, along with other users of that namespace, I'm going to trust he knows what he's talking about.
-
Ge0rG
daniel, Kev: maybe. But when I look at it from the user perspective, I see three issues: - how is user A supposed to figure out that he can't chat with B any more because of the upgrade? - how can A tell B to upgrade as well if they can't talk to each other? - who's going to delete the old pre-keys from PEP?
-
mathieui
Ge0rG, disco?
-
Ge0rG
mathieui, how is that going to solve any of the three? Maybe just a bit of #1.
-
daniel
Ge0rG: we can un-annouce the old devices. So messages won't just get discarded
-
daniel
It'll look like that contact doesn't have support for omemo
-
Ge0rG
daniel, un-announce on upgrade? That might work. You could also add discovery for the new namespace already, and show a message to upgrade the client if it is encountered on a contract.
-
daniel
Ge0rG: see. No problem
-
Ge0rG
daniel, see, you need to do advance planning!
-
Ge0rG
daniel, and you need to convince all the others to do the same planning.
-
Ge0rG
daniel, you can't just sed out the namespace on day X.
-
daniel
Ge0rG: convincing the others is not a problem. We are all besties
-
Ge0rG
daniel, it's getting harder and harder with each non standard implementation.
-
daniel
Ge0rG: I'm not doubting that it gets relatively harder
-
Ge0rG
I'm just saying...
-
daniel
Ge0rG: in any case there are a couple of things that have to happen first. Assess if a switch is still necessary with ows releasing specs
-
daniel
Write a olm java library
-
daniel
Fix bugs in olm
-
Ge0rG
Maybe the OWS spec is something that should be discussed in Brussels.
-
daniel
I'm happy to discuss it if people have enough background information to make that assessment.
-
daniel
Note that this far I dont have that level of background information either
-
Ge0rG
daniel, I think it would be awesome if you could prepare it then and add a discussion point to the agenda. Unfortunately I'm not going to attend.
-
ralphm
Kev: so did the e-mail just come in delayed?
-
Kev
I had it on my other account. I thought both accounts were subbed, but presumably either I'm wrong, or it got spamtrapped at work.
-
Link Mauve
“17:30:58 SamWhited> I wouldn't mind writing an XMPP implementation ontop of [tokio].”, oh nice, I’ll have a look, I remember wanting to try it before but it was very immature a few months ago (especially due to futures) so I went for mio instead.
-
Link Mauve
“17:36:10 Zash> lua::lua_setfield(L, -2, CString::new("foo").unwrap());”, you are just using raw bindings that don’t have a higher-level wraper, it won’t provide you any better safety than writing plain C either, it’s not the level at which you want to be using Rust.
-
Zash
Link Mauve: I imagined that it'd be possible to do Safe™ things in Rust and have a relatively small area of unsafe code that moves stuff between that and the C / Lua world.
-
Zash
Which should be true, but then I reached my tolerance of telling a computer how to turn a string into a string.
-
SamWhited
> Welcome to our room, I'm going to add you to my roster, if you accept, please reply with Yes or 1 to accept, or you can reply with No or 0 if you don't want to. مـرحـبآ بك في رومنا , سأقوم بإضافتك, لو سمحت أجب بنعم او 1 ان كنت موافقآ, او لا او 0 ان كنت لا تريد اضافتي.
-
SamWhited
Whisper in jdev or somewhere
-
Link Mauve
Zash, :)
-
SamWhited
That's a new one
-
Link Mauve
SamWhited, from who?
-
SamWhited
discuss@, rather; if anyone here has a ban hammer…
-
Zash
A kind of thing highlighting the continued need for JID privacy in public rooms?
-
SamWhited
That wouldn't stop a pm would it?
-
Tobias
SamWhited, a fix for the duplicated note numbers https://github.com/xsf/xeps/pull/374
-
SamWhited
"Avril Lavinge" if anyone has op rights there
-
SamWhited
Tobias: nice, thanks!
-
Zash
SamWhited: Makes it harder for whatever that was to actually add you to their roster and/or send direct spam.
-
SamWhited
Fair
-
intosi
It would be nice if clients would render PM's outside of the chat room context, IMO ;) Avoids a bit of confusion.
-
SamWhited
Agreed
-
intosi
I'm generally always confused by how Conversations handles this.
-
Zash
Still need to write that server module to limit PMs in the MUC itself.
-
SamWhited
It would also prevent a lot of "me sending private messages to the whole room by mistake"
-
intosi
SamWhited, and that :)
-
Link Mauve
I only know of two clients doing that, imo you should report to their bugtracker.
-
Link Mauve
It’s indeed a terrible UX.
-
mathieui
that’s conversations and mcabber?
-
Link Mauve
Yeah.
-
moparisthebest
I talked to daniel about that before and it was a deliberate design decision
-
Zash
Yay trade offs
-
moparisthebest
if I recall correctly, because it'd be confusing that people they were chatting with just disappeared and quit working etc
-
moparisthebest
which is fair I guess
-
moparisthebest
I also hate it, coding it up as an advanced option has been on my todo list for too long
-
daniel
The target audience (tm) is also discouraged to use PMs at all
-
daniel
They usually dont hang around anonymous conferences
-
SamWhited
Oh huh, the person sending that spam *is* an admin. Compromised account, maybe.
-
mathieui
maybe they just want to make friends :-(
-
moparisthebest
yea I have a feeling hardcore xmpp or irc users are the only one bothered by that behavior daniel :)✎ -
Zash
The nickname does seem familiar somehow
-
moparisthebest
yea I have a feeling hardcore xmpp or irc users are the only ones bothered by that behavior daniel :) ✏
-
intosi
daniel: perhaps in your client, but that doesn't stop other clients from doing do.
-
daniel
intosi: yeah sure. I was just talking about the reasoning Conversations doesn't do it this way
-
intosi
Discouraging its use is fine (I know I rather receive normal chats instead), but rendering it such that it's easy to broadcast things meant to be said in private might not be the best choice for random users ;) They might also assume the thing was said in publiuc in the first place.
-
intosi
The incoming message, that is.
-
intosi
If a techie is confused about the whispers, imagine how non-techies would perceive it ;)
-
daniel
Mix to the rescue
-
ralphm
daniel: how would you handle it differently for MIX?
-
daniel
ralphm: the private conversation doesn't randomly drop out and can be persistent over longer periods
-
ralphm
sure
-
ralphm
so would press-hold on a participant then bring you to another conversation?
-
daniel
ralphm: it can be a different conversation. How exactly you'd open one I haven't thought about yet
-
daniel
But in essence yes
-
ralphm
Zash, Flow, and other participants of the XMPP Summit and/or FOSDEM, please join summit@muc.xmpp.org
-
Ge0rG
A coworker just clicked my nickname in gajim's MUC window to chat to me. He was utterly confused when I tried to explain to him that this is not the same as a direct message. Oh the woes of XMPP
-
Ge0rG
Normal people would be best served by MUC light.
-
intosi
Why did you try to explain that? He probably did so because he had a question, and an answer would've made him close the window again ;)
-
Ge0rG
Also, I've recently fixed yaxim to put MUC PMs into separate windows, even though they lack presence info yet. It vastly improved the UX
-
Arc
im a bit confused by something; why is MIX split into two services with the special proxy service?
-
Kev
Because some things can only happen on your own server.
-
Steve Kille
Arc: Will talk about this at the summit. Need to make this clearer. MIX has requirements on the User's server, and these requirements are currently reference as MIX Proxy
-
Kev
The 'special proxy service' is bad terminology for 'things your server does'.
-
Ge0rG
Arc, it requires support from your server, and the MIX proxy is the part of your server that implements this support
-
Ge0rG
I'm still in favor of "MIX agent"
-
dwd
MIX Master?
-
Ge0rG
dwd, nice sound but technically misleading
-
dwd
Well, it has to be MIX something or else Steve Kille won't write the spec. See RFC 2156.
-
intosi
MIX Connector, or MC for short.
-
Zash
MIX Blender
-
Tobias
or MIX Bender (futurama style)
-
Ge0rG
dwd, that problem can be solved. I remember you offered to kill people who come to Brussels... :P
-
Ge0rG
Tobias, +1
-
intosi
Bite my shiny mixing affiliation.
-
Ge0rG
Why not just as short as possible? "mixer" or "MIXer"
-
Zash
MIXing Server
-
Zash
MIX Inclusion eXtension
-
Arc
hmm
-
Arc
ok
-
Arc
it doesnt sit quite right, does it? requiring special server support for a remote service?
-
Zash
I believe it started as "what if the server kept track of your pubsub subscriptions?" combined with "what if muc was pubsub based?"
-
Zash
Currently, pubsub state is between a client (resource) and the pubsub service. Moving the tracking into the account (on the server) enables magic.
-
Tobias
maybe the MIX XEP should make that explicit, so that we don't have someone stubling about that fact every month
-
Zash
Having not kept up with MIX, I'm not sure how much magic is expected of the server now.
-
Tobias
*explicit in the introduction
-
Arc
meeting time
-
Arc
and starting today, I'm FREE!
-
Arc
Google Code-in is officially over. all student work submitted, all reviews complete, only thing left is choosing grand prize winners and the awards ceremony sometime this spring
-
Arc
ralphm: nyco:
-
mathieui
Arc, congratulations
- MattJ waves
-
nyco
hey
-
ralphm
I'm here
-
Arc
https://wiki.xmpp.org/web/Joshua_Pan_Application_2017 is a great result from google code-in
-
ralphm
start in 40 s
-
nyco
hey Arc, can/should we write a blog post about XMPP-related work on Google Code-In?
-
Arc
Zash: if you want to follow up with one of the students, that's the big one
-
ralphm
intosi: but will it MIX?
-
Arc
nyco: we could? im not huge into press release style posts tho
- ralphm bangs gavel
-
ralphm
1. Welcome + Agenda
-
nyco
Arc, rather tech content?
-
Arc
Martin: you here?
-
ralphm
Who do we have today?
-
nyco
Welcome ;-)
-
Arc
Here
-
ralphm
MattJ?
-
MattJ
Here
-
ralphm
(despite your presence)
-
ralphm
Good. Any agenda items, besides Summit/FOSDEM?
-
nyco
Agenda: all for the summit?
-
Arc
I added 2 to the board
-
nyco
IMHO we should focus on Brussels
-
nyco
ah ok
-
ralphm
2. Minute taker
-
ralphm
dwd around?
-
dwd
I'm not going to be around the entire time, but I'll get to minutes.
-
ralphm
ok
-
ralphm
3. Summit / FOSDEM
-
Arc
Thank you ralph for getting the hotel stuff together
-
ralphm
As you might have seen, I've got the quote from Thon Hotel, and sent out some details on the Summit ML
-
nyco
thx
-
Martin
(apologies, I'm here, but on a train, so my connection is ropey)
-
ralphm
I still need to sign the document, and dwd suggested we could simply put in the bank details to cover their requirement for non-paying individuals
-
ralphm
If that's ok with y'all
-
Arc
thats ok so long as everyone in the block is known and reliable
-
ralphm
aye, that's also why I put up the Google Docs form
-
Arc
and there's a clear understanding that the XSF will hold people responsible for paying anything charged to the XSF on their behalf
-
Arc
which I think you've covered.
-
dwd
Hence the phrasing on the Google Docs form, indeed.
-
ralphm
It has a checkbox stating 'I understand that I will be personally responsible for the payment to Thon Hotel EU and will be required to make good any expense incurred by the XMPP Standards Foundation in relation to my stay.̈́
-
Arc
quick question - why is wednesday twice the price for weekend nights?
-
dwd
arc, Because Hotels.
-
ralphm
I'm assuming that's also because of EU
-
ralphm
It's always been like this at Aloft, too
-
intosi
They had few rooms available on that date.
-
Arc
thats bizarre, but moving on.
-
ralphm
yeah
-
Tobias
payments to the hotel okay, but why to the XSF?
-
Arc
unfortunetly there's not a lot of other options; the eariest eurostar from london (for example) arrives after 10am, over 30 minutes from summit
-
ralphm
So, other than that, I got word that Chris Deering won't be at the Summit, and neither will M&M, but Chris is in talks with Jerome Poisson on the summit venue
-
ralphm
tobias: you don't pay the XSF for the hotel, this is just to make sure that if you don't pay the hotel, we will need to cover it and come haunt you
-
Tobias
ralphm, ahh
-
ralphm
To be clear, the venue being Cisco Diegem
-
ralphm
I trust we can work that out again
-
SamWhited
In case Cisco doesn't work out, maybe it's worth inquiring if the hotel has a conference room we can use?
-
intosi
We'll squat all of the Poechenellekelder if not .
-
Arc
is that not locked down yet?
-
ralphm
it does, dwd said it was expensive
-
ralphm
Arc: please don't worry so much
-
SamWhited
Ah weird, I'd assume it would be free to people bringing in a big group paying them tons of money
-
dwd
The XSF can, if needs be, afford the hotel's conference room.
-
intosi
SamWhited: that's not how bistromath works.
-
dwd
SamWhited, That's a US thing. EU hotels don't operate in that way.
-
SamWhited
Huh, interesting.
-
ralphm
dwd: yeah
-
SamWhited
I thought that was the point of conference rooms in hotels, to attract big groups :)
-
ralphm
SamWhited: well, in the case of hotels in the EU district in Brussels, there appear to be plenty of venues offered by the EU
-
ralphm
Moving on
-
Arc
SamWhited: and in the US, wednesdays are usually the cheapest day.
-
ralphm
Other thing on the list is the XSF dinner. We just need to contact the same old restaurant and setup a new Google Form afterwards
-
Arc
what restaurant is it?
-
ralphm
dwd: let's get that check list done today
-
ralphm
http://www.aubergebretonne.be/
-
ralphm
We've been going there for years. Good venue.
-
dwd
ralphm, Yes. Mea culpa and all that.
-
ralphm
That brings me to the next point, sponsors
-
ralphm
we need to chase those. Who wants to take that on
-
ralphm
?
-
ralphm
if needed dwd can help with tips
-
Arc
i have a bad feeling that im going to lose so much weight on this trip lol
-
dwd
arc, You'll lose many negative pounds.
-
ralphm
dwd :-)
-
Arc
dwd: you might. lol
-
ralphm
not seeing any volunteers
-
ralphm
:-(
-
ralphm
come on guys, I can't do it all
-
MattJ
I'll volunteer, if someone gives me pointers
-
dwd
ralphm, This is for Dinner etc?
-
ralphm
yeah
-
MattJ
Not convinced I'm the best person for the job, but hey :)
-
ralphm
last year we had Dinner and Lunch sponsors, as well as Cisco for the Summit venue
-
dwd
I'll give MattJ some tips.
-
Zash
MattJ: You can arrange for all vegan and cheese free dinner for everyone
-
ralphm
MattJ: you'll be fine, just don't get lost in the woods
-
MattJ
I won't be there :)
-
dwd
ralphm, That's how lost he'll be.
-
Arc
Zash: I don't think its possible, looking at this one restaurant's menu. even the fish has dairy on it
-
dwd
Arc, Vegan isn't really a thing in Belgium. Vegetarian isn't much of a thing either.
-
ralphm
Arc: I'm sure they can do specials, we've always had a veggie option, too
-
Arc
dwd: yes I'm getting that impression.
-
intosi
ralphm: vegan is probably more complex for them.
-
Arc
I'm vegan plus fish and eggs. strong dairy allergy.
-
ralphm
intosi: hm. I'll ask them anyway
-
ralphm
(or whoever calls them)
-
dwd
Arc, Ah... Yes, you may have some problems.
-
dwd
Arc, You can always live off beer. It's practically a meal in itself there.
-
Arc
things like butter can lead to a hospital visit, you can understand hesitation eating in non-english countries
-
intosi
I'm sure native speakers can help out at the Auberge here.
-
Arc
I ate exactly two meals in paris over 4 days.
-
MattJ
Arc, it's fine, once the infamous "ribs place" made up a vegetarian dish for me
-
MattJ
Consisting 100% of tomatoes
-
intosi
MattJ: the plate full of tomatoes?
-
ralphm
Yeah, I'm sure people in Paris think you're from another planet
-
MattJ
That's the one
-
Arc
MattJ: tomatos are great for electrolites lol
-
MattJ
I think there was some parsley on the top
-
Arc
anyway we can discuss that on summit@
-
waqas
What has the typical cost of the dinner been? i.e., what's the baseline funding goal?
-
dwd
I'd have to check previous years' figures.
-
ralphm
meanwhile, let's spend the last 5 minutes on Marketing
-
ralphm
I relatedly asked if my company could provide a projector, and I think that's shouldn't be a problem
-
Martin
I asked if Surevine could, and nobody seemed to know where the projector was, so that's good to hear
-
ralphm
We do need to get things printed soonish
-
ralphm
Martin: the more the better
-
MattJ
Martin, :)
-
Arc
ralphm: yes, do you have quotes on that?
-
Martin
ralphm: OK, I'll chase
-
Arc
ralphm: full color front and back A4
-
ralphm
Arc: I'll get you a quote on that.
-
ralphm
anything else specifically?
-
Arc
well you mentioned a banner
-
Arc
I'm focusing my attention on flyers, which i should have a pdf by friday
-
ralphm
Arc: right. Roll op banners are around €35
-
ralphm
(going from, of course you can get more expensive)
-
ralphm
I've also eyed this: https://www.dvc.nl/beurs-presentatie/beurs-en-wanden
-
Arc
ralphm: want me to do layout for the banner too?
-
ralphm
The soft image wand (wall), for example
-
ralphm
and https://www.dvc.nl/beurs-presentatie/balies
-
ralphm
Arc: yes please
-
Arc
ok get me DPI and size. my schedule is pretty open this week
- ralphm nods
-
ralphm
time's up
-
Arc
I added tshirts for decision
-
ralphm
anything else?
-
ralphm
Arc: I'm +1 on them, we just need to get a nice design
-
Arc
no problem. full color on one side, one color on the other?
-
Arc
are we doing free shirts for summit participants (they'll cost under $20/ea I expect) or taking online orders to pay for them?
-
ralphm
Martin, nyco?
-
nyco
not sure
-
ralphm
Arc: I don't know
-
ralphm
I would pay for it
-
Arc
it'd cost under $400 to print them. the issue here is the price goes up in smaller quantity
-
Arc
assuming similar pricing US to EU, good tshirt material around $8, and around $15 setup per screen, plus a nominal amount per shirt to print. but the screens are the key there
-
ralphm
does different sizes affect that?
-
Arc
not typically, until you get to XXL or higher
-
Arc
with full color on one side (for xmpp logo) it'll cost $75-$100 USD for setup and printing regardless of quantity
-
ralphm
I have no idea on this
-
ralphm
I'm going to close this meeting, but we can chat some more afterwards
-
Ge0rG
Would it be possible to get summit-neutral t shirts for non-participants?
-
ralphm
Arc: thanks for the PyCon thing
-
nyco
ok, I need to go, sorry... I've not been useful :'(
-
ralphm
Ge0rG: the idea this time around is participant-only shirts, if I remember correctly.
-
Arc
so being conservative it'll cost under $400 for qty 36.
-
ralphm
4. Date of Next
-
ralphm
+1W
-
ralphm
5. Close
-
ralphm
Thanks all
-
nyco
thx
- ralphm bangs gavel
-
MattJ
Thanks ralphm
-
ralphm
By the way, I think we'll skip Feb 1.
-
Arc
what, no in-person board meeting?
-
ralphm
Not on Feb 1
-
ralphm
I'll still be in Veldhoven
-
ralphm
But I'm all up for the in-person board drink
-
ralphm
(on one of the other nights)
-
Arc
ralphm: i'm suggesting we use up to $400 of the $1500 for promo material budget for tshirts
-
ralphm
right
-
Arc
so, you ended the meeting a bit abruptly there. are we making those decisions on the list?
-
ralphm
Arc: well, yeah, because it's been mostly a conversation between us two. I think that's a reasonable course of action
-
ralphm
I am curious about how to find proper shirt material
-
Arc
the printer will have options.
-
ralphm
Most of my shirts are American Apparel, but I'm not sure if you can get those here
-
moparisthebest
'MIX Proxy' should be renamed 'MIX User Connector', or MUC for short, that'll fix all the confusion surely
-
Arc
a third of my closet are tshirts ive designed or run the orders on, mostly rugby shirts
-
ralphm
I know good vendors for flags and for paper printing, but not so much for clothes
-
ralphm
Guus, intosi, any idea?
-
Arc
would amsterdam be easy for you to pick up from ralphm?
-
Arc
I can ask the rugby team in amsterdam, all rugby teams make shirts like crazy
-
Arc
btw ralphm you've got an invite to Bingham Cup 2018 in Amsterdam ;-)
-
ralphm
I'm in A'dam three days a week
-
ralphm
But I'd guess that all printers would do cheap shipping
-
ralphm
.nl is small
-
ralphm
Hah.
-
Arc
i asked the amsterdam lowlanders
-
Ge0rG
"I'm in A'dam three days a week" this is a surprising coming out.
-
Arc
Ge0rG: especially when replying to an invite to a gay rugby tournament lol
-
ralphm
Yeah, I found it hard to admit, too.
-
Arc
largest rugby tournament in the world, pretty big deal.
-
Arc
https://www.youtube.com/watch?v=ulSPA_Enh2A was Sydney 3 years ago.
-
Guus
Some one mentioned me?
-
Guus
Clothing vendors, no idea
-
Ge0rG
Has anybody ever considered that JIDs reflected by a MUC or MIX are not trustworthy, as the component could fake everything?
-
Arc
thats an interesting point
-
Arc
currently tho you can confirm their server at least if they use http upload to send a photo
-
Ge0rG
http://xmpp.org/extensions/xep-0045.html#invite-mediated writes "The <room@service> itself MUST then add a 'from' address to the <invite/> element whose value is the bare JID, full JID, or occupant JID of the inviter" which all have interesting security implications
-
Arc
ive retreated to my safe EXI level work, theres just too many privacy exploits to close them all
-
Arc
besides, many of those problems *we* can't solve.
-
Arc
i think i found the bottom of the rabbit hole, and it puts everything else in perspective
-
Arc
all I need to do to uncover your IP address is send you a custom link to a server I manage.
-
Ge0rG
Arc: and make me click it
-
Arc
thats easy. i just have to provoke you with an emotional discussion and make it look like a url shortener service
-
Arc
I started running this as a proof of concept on alt-right forums, im getting over 50% click-through rate
-
Arc
it works most reliably with DMs
-
Arc
usually after forum visibility posts
-
Ge0rG
Arc: I hope you aren't doing unethical things with the IP data
-
Arc
not unless profiting from humans being terrible to each other is unethical
-
Ge0rG
Arc: in not sure. "profiting" can be anything or nothing
-
Ge0rG
I'm
-
Arc
i got the idea when I first noticed this problem a few weeks ago at the same time a transwoman friend was being harassed online to the point of closing her facebook account. using this method we were able to uncover that they were using RCN from the DC area, meaning its likely someone she knows
-
Arc
but we lacked data.
-
Arc
so I identified other places online where this person might be posting, and started running automated agents there to see if we could find a match. we haven't yet.
-
Arc
if we could ever link the person to a real identity, they would face criminal charges for repeatedly threatening to kill her
-
Arc
the latest is after she left facebook, her harrasser created a spoof profile with her name and started sending friend requests to people she knows. its been pretty scary
-
Ge0rG
Arc: interesting op-sec finding
-
Guus
(RCN?)
-
Arc
RCN is a cable company. unfortunetly RCN doesnt have ipv6
-
daniel
Does somebody have a deep link to the summits mailing list sign-up page / archive. (basically to the mailman page). I'm on mobile with horrible Internet and googleing that is a pain
-
Guus
https://mail.jabber.org/mailman/listinfo/summit
-
Arc
anyway im considering turning it into a business. the data archived exclusively from "biggot sites" that trolls tend to use frequently. advertisers are already using your IP address to track you
-
Ge0rG
Arc: such a business would be illegal wir where I live
-
Guus
when is the next board meeting?
-
Arc
Ge0rG: thats entirely possible.
-
Arc
Ge0rG: Jan 25.
-
Arc
we are skipping Feb 1
-
Guus
ah, today was one?
-
Arc
yes, and we really only got through one item. its unlikely we'll be able to touch non-summit next week either
-
Arc
the big one we need to attack now is GSoC. if XSF is going to put in a decent application this year we need someone to step up, I'm happy to serve as backup admin (I've been a GSoC mentor every year since 2005), and need to start getting the ideas page going like yesterday
-
Guus
Board should probably have a say in the desirability of something like, which is why I was asking: https://github.com/xsf/xmpp.org/pull/246
-
Guus
ah, GSoC, good thought. Not sure if I can commit to put in effort there though. I can try to coordinate with IgniteRealtime projects, if that'd be helpful
-
Arc
Ge0rG: just curious, what part specifically would be illegal where you are? the recording of IP addresses? sending bots to engage in social sites? allowing paid subscribers to use our data to narrow down who their harassers are?
-
Arc
Guus: well GCI just ended, which means GSoC is starting.
-
Arc
please note, and this is very important, if XSF isnt accepted there are other projects that will umbrella
-
Arc
we can, Python may, even Apache
-
Flow
GSOC, yes please :)
-
Arc
the difference is who gets the money. umbrellas usually keep most or all of the per-student funds
-
Flow
so does the XSF ;)
-
daniel
Guus: thank you
-
dwd
Arc, I don't think we do it for the monety.
-
Arc
dwd: no, but it helps
-
Flow
helps how?
-
Flow
I'm not sure if I want mentors who wouldn't mentor if there was no money
-
Arc
we had Wesnoth under us as an umbrella a few years ago, they threw a nuclear hissy fit over the org payment from google even when they were a very small part of the overall org
-
Ge0rG
Arc: recording of addresses is borderline, selling them without user consent illegal
-
Arc
Ge0rG: would love to see that law, because advertisers do this all the time.
-
dwd
Ge0rG, Germany's a little over-inclusive about what they treat as PII, mind.
-
Guus
Arc: Germa...what Dave said.
-
Arc
ah, gotcha.
-
Arc
well if i do this i plan to incorporate as an LLC in nevada anyway
-
Ge0rG
dwd: it's good to err on the safe side
-
dwd
Arc, You could probably have a query service over whether a particular user visiting a site may frequent alt-right groups. Having a flat out IP blacklist might be problematic.
-
Arc
dwd: not a blacklist. we're not blocking anyone, just attempting to link up what they've said on different sites to identify who they are
-
Arc
once we get into facebook it might become very easy.
-
dwd
Arc, If you do it via advertising - or via a mechanism that's substantially similar - you're perfectly fine.
-
dwd
Arc, Depending on what "identify" might mean here.
-
Arc
the IP address is easy. the question is who's posting hate from that IP address.
-
dwd
On another note - pubsub events and retracts - type='headline' a sensible default?
-
Arc
so the MIX "proxy" isnt MIX-specific, its your own server tracking pubsub subscriptions
-
Kev
It *is* MIX specific, because MIX does a special type of pubsub.
-
Ge0rG
And because the proxy also filters / redirects messages and possibly presence
-
Arc
could it be mare more generic, tracking pubsub subscriptions would be a nice feature
-
Kev
Yes, that's PAM.
-
dwd
Arc, See PAM.
-
Kev
But PAM wasn't specced out sufficiently when MIX was being done to use PAM.
-
dwd
Arc, And that does need work, but I think I've got a reasonable spec for the actual tracking bit.
-
Kev
So what's needed is specced out in MIX more explicitly, with the understanding it may well be rephrased in terms of PAM when PAM is more fully baked.
-
Arc
ok
-
Ge0rG
Kev: why haven't we progressed PAM then?
-
Arc
clearly i have a lot of reading to do
-
Arc
easier to retreat back to EXI and let the rest wash over for now
-
Kev
Arc: Sure. We're basically building XMPP2 at this point.
-
dwd
Ge0rG, Cycles. I'm always blocked when thinking how PEP ought to work with PAM.
-
Arc
that is long since overdue
-
Kev
We're just doing it in a way that still works on top of 6120/6121 and allows interop with XMPP1.
-
Arc
TLS mandatory, EXI detection mandatory, SASL mandatory, fully framed and no restarts
-
Kev
Which is obviously a good thing, but makes it hard to break the mindset of 'well, why should entity X have to support Y in order for entity Z to ...', when the answer is 'because this is how the new world needs to work'.
-
Ge0rG
XMPP2 you say? Is that why bind2 is called as it is? I found the name rather uncreative
-
daniel
Let's duplicate all xeps and add a 2.0 to the name
-
Kev
daniel: Resource binding 1 not being a XEP, of course ;)
-
Ge0rG
daniel: just bump the steam namespace version
-
Ge0rG
And replace XML with http2
-
Kev
And I'm out again.
-
Arc
and then replace http2 with telnet
-
Flow
hmm, yesterday gave a +1 for removing the ability of the client to suggest a resource, and today I look at stanza traces of integration tests I wrote which use that feature to make it clear which role the involved full JIDs perform in the test.
-
Holger
Yes, custum resource names can be really convenient during debugging.
-
Flow
exactly, so I'm not sure if we should get rid of them on protocol level again
-
Flow
(and that, of course, includes bind2)
-
Tobias
it's just one indirection more
-
Flow
tobias: hmm?
-
Flow
instead of looking at the localpart?
-
Tobias
in your logs, just find the resource you interested in and then look at all debugs things related to it
-
Tobias
you just skip the "find the resource you're interested in"
-
Flow
tobias: in case of integration tests, i'm interested in multiple resources
-
Flow
of course, I could highlight them in different colors
-
daniel
Debugging is a good usecase. Maybe the only one. Not sure if this justifies keeping them
-
Tobias
sure..but you can just have them handle them being dynamic, not?
-
Flow
and then try to remember somehow that blue is the address doing to the read out from the red resource
-
Tobias
if you have asserts that are resource dependent, just do a lookup for the resource after you log in, and use the resource in the asserts of your integration tests
-
Flow
tobias: ahh i'm not sure if we talk about the same thing
-
Tobias
i'm neither
-
Flow
Right now I've a stanza trace in front of me, which involves three different entities
-
Tobias
what's the integration test you have that requires static hardcoded resources?
-
Flow
which somehow interact with each other
-
Flow
tobias: it does not *require* it
-
Flow
it makes the trace much easier to read
-
Tobias
so, highlight them differently based on resoruce
-
Tobias
*resource
-
Flow
i may not always have emacs in front of me
-
Flow
i.e. I could have an editor in front of me which doesn't have this feature
-
Flow
like google docs
-
Flow
which is actually the case right now
-
Tobias
google docs can colour text
-
Flow
ahh ok, didn't knew
-
Flow
let's see
-
Flow
but the point still stands
-
Flow
tobias: can color text, or can color search results in different colors?
-
Tobias
i don't know...i rarely use google docs
-
bjc
it's useful for debugging, but it's hard to use that as a strong motivation to keep the feature, imho
-
bjc
i do the same thing with my resources in tests
-
Tobias
and you can still use static resources, just not when doing login using bind2
-
Flow
If the only motiviation for removing it is that it makes clustering easier, then I tend to say "keep it", because it's already possible to generate the resources on the local cluster node with the current RFC
-
Ge0rG
+1 for keeping client generated resources.
-
bjc
it removes a round trip when you don't have to negotiate resources
-
Flow
tobias: right, but what if bind2 becomes XMPP 2.0?
-
Ge0rG
My motivation is debugging as well, and really, we shouldn't make server operator lives even more complicated
-
bjc
honestly, not sure if i care about that, either, but there you go
-
Flow
bjc: no it does not
-
Arc
it could be streamlined
-
bjc
no? i haven't read bind2 yet
-
Tobias
it's the XEP with no external references :p
-
Ge0rG
There is no extra round-trip. The client politely asks, the server either approves or reassigns
-
bjc
it's a round trip if you have to ask, as opposed to just being assigned one
-
Ge0rG
Besides, we need some way to tell the server to kill the stale session anyway on a reconnect
-
Flow
I sometimes wish the bind element would be more explicit about the "politely asks" aspect
-
Flow
Ge0rG, why do we need that?
-
Flow
The only party which has an advantage by removing the old stale session is the server, no?
-
Ge0rG
Flow: because I just killed and restarted my client, and I want to replace the previous session
-
Flow
because? I mean with carbons and such?
-
bjc
what flow said
-
Flow
hmm, probably stale presence, not sure
-
daniel
Ge0rG: the kill stale sessions can be done differently
-
daniel
It doesn't require custom resources
-
Flow
true
-
bjc
may be an issue with directed presence
-
Ge0rG
daniel: eg with 0198,which has its own session identifier
-
Flow
isn't directed presence send to bare JIDs?
-
bjc
full or bare
-
bjc
but for, eg, muc, it's full
-
Flow
ahh ok
-
Ge0rG
Flow: because of OMEMO for example, which talks to a given resource
-
bjc
not sure if it matters, at the end of the day, though
-
Flow
doesn't OMEMO talk to devices?
-
Ge0rG
(in mixed support situations)
-
daniel
What?
-
daniel
Omemo doesn't need resources
-
Tobias
Ge0rG, carbons?
-
Flow
But I don't see a problem extending <bind2/> with an optional <kill-previous-session resource='foo'/> element
-
daniel
Flow: yeah that's what I suggested yesterday
-
daniel
Or if bind 2 requires sm when can use sm for that
-
Flow
brrr "requires"
-
Ge0rG
Flow: that and <attempt-stream-resume id=bar>
-
Flow
I'd avoid hard dependencies when possible
-
Flow
hmm stream-resume doesn't make sense for bind2
-
Flow
stream-enable may does
-
bjc
why would you use sm over bosh instead of just using acks?
-
Ge0rG
Flow: if we want to clean up the mess, we need to make bold steps
-
daniel
Flow: I don't have an opinion on that. But I said *if* it requires sm. Either that or do the kill-prevois element
-
Flow
right, but still, stream-resume doesn't make sense when using bind2
-
Ge0rG
Flow: stream-resume does make sense because it spares a round-trip and moves more logic into the server
-
Flow
if you do SASL auth followed by xep198 stream resume, then you don't need bind2
-
daniel
Flow: but in case it fails
-
daniel
It spares you a round trip
-
Flow
then you do bind2 with stream-enable
-
daniel
Flow: yes. And that's the extra round trip
-
daniel
That you have to do the bind
-
Ge0rG
Flow: or you just do bind2 with attempt-resume and the server does all the magic
-
Flow
ahh, got ya, fair point
-
daniel
(I'm not necessarily agreeing just explaining that it does save a round trip)
-
Ge0rG
Ideally, as a client, I'd put (my last MAM id, resource, sm session) into the bind2 request and let the server do everything else
-
Flow
BTW: I did some related art yesterday. Ladies and Gentleman, I present you, the XMPP client session establishment state machine: https://goo.gl/photos/xg2yECoACUscsj6Z6
-
Flow
Ge0rg, the last MAM ID, so the server also sends you the missing messages?
-
Ge0rG
Flow: exactly
-
Flow
hmm, not sure if that's really required
-
Flow
I mean bind2 is there to solve a race condition
-
Flow
and not to make everything super optimized
-
Flow
at least that's how I see it
-
SamWhited
Flow: nice; I've got a few chunks of that drawn up in some details, and I've been meaning to complete the picture and try to get the full diagram drawn out. Good job
-
daniel
Sending the mam id would be a very bold move
-
Flow
SamWhited: I'm tikz'ing it and plan to put the tex into a public git
-
Ge0rG
Expected result: either stream resume, or: - kill old session - update old sm state according to delivered counter - send all I missed from MAM - bind new session - enable carbons
-
daniel
Not sure if bind 2 wants to take that on
-
SamWhited
Flow: I'e got a few graphs here, feel free to borrow from them: https://bitbucket.org/SamWhited/xmppdocs/overview
-
Ge0rG
daniel: why not make bind2 explicitly support extension elements for MAM, sm etc
-
daniel
Ge0rG: I didn't say bold aren't good moves. I'm just not sure if this is something that Kev would be willing to do
-
Flow
SamWhited: will certainly have a look. thanks!
-
Ge0rG
daniel: im not sure if Kev is the ultimate authority or if we want to make something that's good and future proof
-
Ge0rG
(not implying that we can't with Kev)
-
daniel
Ge0rG: sure. But you can't hijack kevs xep is what I'm saying.
-
daniel
'hijack' and 'kevs'
-
Ge0rG
daniel: this is a shortcoming of the XEP process.
-
Ge0rG
If I had more time, I'd hijack a bunch of them.
-
daniel
Maybe it is...
-
Ge0rG
We can make bind2 something awesome and remove some cruft from the graph Flow shared.
-
Ge0rG
And not just a hot fix for a race condition.
-
Ge0rG
I wouldn't mind it becoming XMPP2. There are many problems in XMPP 1
-
SamWhited
I've been thinking about that a lot lately actually; redoing the login flow and calling it XMPP 1.1 or 2 or whatever; maybe fixing some of the erratas, or merging in XEPs that are now seen as necessary, etc.
-
SamWhited
Almost certainly not worth the effort though.
-
Ge0rG
SamWhited: why not?
-
SamWhited
Because everything would break, and most of the problems probably aren't bad enough that anyone would bother implementing it. Just a hunch though.
-
Ge0rG
Besides of the MAM carbon SM mess we could also get 2fa and one-time / per device passwords
-
SamWhited
And the IETF-WG process is a big deal, and would take a massive amount of effort.
-
SamWhited
We can get that now without rewriting the whole RFC.
-
Kev
What I want to do with the bind2 spec is not to do anything complicated without a clear consensus.
-
Kev
Dave has possibly reasonable things he wants to do, including redoing all of SASL I think.
-
Kev
If that happens, it'd probably bin any work done on complicated things in bind2, which is why I'm not keen on boiling the ocean at this stage.
-
Ge0rG
Kev: I want to redo the things after SASL, and I have controversial ideas about it. Will post to the ML after my holiday (next week)
-
Ge0rG
Kev: how does one thing bin the other?
-
Kev
My approach is "Do the simple things right now in bind2 so we can solve the real problems that need solving, then let someone write an elegant and future-proof reworking of the entire stream setup, and then rephrase bind2 in terms of that".
-
SamWhited
SASL itself is a pain to implement in a generic way; I haven't seen anything better, but I'm not sure the problems with it are just XMPP problems…
-
Kev
SamWhited: And then you start ratholing.
-
Kev
SamWhited: And then bind2 gets held up. And then we don't solve the immediate problems.
-
SamWhited
Exactly
-
Kev
Thus my approach of doing the simple thing first, and adapting once the complicated thing is done (if ever)
-
Kev
Maybe my simple thing is *too* simple, even for that plan, but that is my motivation.
-
SamWhited
Kevs approach ++; there are places where I think it's necessary to do a radical redesign, but in this case I suspect it's simpler and cleaner to do it incrementally. Especially since even the "simple" approach is a pretty big step.
-
Ge0rG
Just make bind2 extensible with additional elements for SM and MAM