Steve KillePutting notes within notes does not seem vital
Steve KilleIn the notes list, it would be ideal to sort XEPs in order, so you can quickly check if a given XEP is referenced
Steve Killehas left
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
FlowHolger: Is that you: https://wiki.diasporafoundation.org/User:Holger ?
HolgerFlow: Nope, that's someone else.
goffiHey, I'm checking python-omemo which use - if I'm not mistaken -, the old oloxotl based method for OMEMO: https://python-omemo.readthedocs.io/en/latest/xep-omemo.html
goffiAnd I'm really surprised to see that the same namespace is used in current XEP: https://xmpp.org/extensions/xep-0384.html
dwdAxoilotl-based OMEMO was never submitted; but the namespace should probably have been bumped anyway.
dwdSorry - was submitted, but rejected.
danielgoffi: I think this is actually just the docs that refer to that namespace
danielThe actual implementation uses siacs namespace
danielAs it should if it's using the signal protocol
danielSomeone just blindly copied the xep into the docs
goffidaniel: ah ok, that's good then, because if we do an implementation in SàT it will be with the current method (olm), and that will be a big issue with gajim or other using python-omemo
goffiI'll open a ticket
ZashBlindly copying the examples? :)
intosiExamples Considered Harmful
mathieuiZash, nobody does that!
Zash"Considered Harmful" Considered Harmful
intosiModerated +1, It's True
Ge0rGdaniel, you really should move forward with conversations to use the XEP namespace to get rid of the confusion. You'll need to support both anyway for the time being
danielGe0rG: we can't just sed the namespace
danielThere is no confusion. Siacs namespace means axolotl. Official namespace means olm
Ge0rGdaniel, siacs namespace isn't documented in the XEP, but widely deployed. Now you have created a de-facto standard, which other developers are following.
TobiasGe0rG, it's documented in the protoxep on the omemo website, not?
Flowstill, the current situation is suboptimal
Ge0rGdaniel, it's not easy, but it is only going to get harder from here
Flowwe have a xep, which either no one is going to implement because it is not what conversations does, or if somebody implements it, he/she would find out that it doesn't work with conversations
Flowwhat georg said
ZashThese things are messy.
TobiasGe0rG, the thing is, there isn't a java lib for Olm yeta
Ge0rGTobias, I can't imagine how that is not a de-facto standard.
danielGe0rG: get me a Java implementation of olm and I can switch pretty quickly. I can also get the majority of the other clients to switch at roughly the same time. I'm in contact with all of them all their libraries are designed with modularity with a switch to olm already in mind
danielThe olm/signal switch is extremly easy from an implementation standpoint
Ge0rGdaniel, being a developer myself, I tend not to believe this claim
FlowIs there still a reason to use OLM, now that Moxie put double ratchet into the public domain?
danielFlow: this is one of the things I'd like to figure out before I do the switch
FlowWhy not have OMEMO use https://whispersystems.org/docs/specifications/doubleratchet/ ?
danielFlow: that's what we are currently checking
danielIf that's feasible
Flowdaniel: I hope we can sort this things out at the summit
Ge0rGdaniel, you'll need to support both namespaces in order not to break older versions of the code. You can't just "flip the switch"
danielGe0rG: hard switch and tell your user to update or gtfo
ZashSomeone say Flag Day? :)
danielI have absolutely no problem doing that
Ge0rGdaniel, but your users will. You are going to alternate your core audience.
goffiit would be nice to sort is out yes, if we do an implemention it will be XEP version regardless of existing implementations
danielGe0rG: when did I ever care about my users
Ge0rGdaniel, I don't know. But I do care about the users of XMPP.
danielAs long as the other clients are available they can simply upgrade
danielIt's not like upgrading is hard
Zashdaniel: I hear you live in a world without long term support releases.
Tobiasthere's no problem for Conversations to support axolotl OMEMO and olm OMEMO for a year or so and then dropping the axolotl one...it already supports OMEMO and OTR in parallel
Tobiasand GPG IIRC
danielZash: if someone pays me to do lts I'll happily do that. For now very few people even pay to provide any support at all
KevISTM if daniel is happy for a hard-upgrade, then given this is switching from a 'non-standard' to 'standard' version, that's actually a good thing.
Ge0rGKev, so your position is standardization over UX? 😛
ralphmDear summiteers. I just sent an e-mail to the firstname.lastname@example.org mailinglist about the Summit/FOSDEM hotel. Please read and act on it ASAP.
danielDo I have to sign up for the list again if I have been subscribed last year?
Tobiasit's the same as last year
ZashI assume nobody went and removed all subscriptions
KevInteresting. I should be subscribed to that list, but there's no mail come through.
danielKev: that's what triggered me asking that question
KevGe0rG: No. My position is that if daniel says that his users can and will trivially upgrade, along with other users of that namespace, I'm going to trust he knows what he's talking about.
Ge0rGdaniel, Kev: maybe. But when I look at it from the user perspective, I see three issues:
- how is user A supposed to figure out that he can't chat with B any more because of the upgrade?
- how can A tell B to upgrade as well if they can't talk to each other?
- who's going to delete the old pre-keys from PEP?
Ge0rGmathieui, how is that going to solve any of the three? Maybe just a bit of #1.
danielGe0rG: we can un-annouce the old devices. So messages won't just get discarded
danielIt'll look like that contact doesn't have support for omemo
Ge0rGdaniel, un-announce on upgrade? That might work. You could also add discovery for the new namespace already, and show a message to upgrade the client if it is encountered on a contract.
danielGe0rG: see. No problem
Ge0rGdaniel, see, you need to do advance planning!
Ge0rGdaniel, and you need to convince all the others to do the same planning.
Ge0rGdaniel, you can't just sed out the namespace on day X.
danielGe0rG: convincing the others is not a problem. We are all besties
Ge0rGdaniel, it's getting harder and harder with each non standard implementation.
danielGe0rG: I'm not doubting that it gets relatively harder
Ge0rGI'm just saying...
danielGe0rG: in any case there are a couple of things that have to happen first. Assess if a switch is still necessary with ows releasing specs
danielWrite a olm java library
danielFix bugs in olm
Ge0rGMaybe the OWS spec is something that should be discussed in Brussels.
danielI'm happy to discuss it if people have enough background information to make that assessment.
danielNote that this far I dont have that level of background information either
Ge0rGdaniel, I think it would be awesome if you could prepare it then and add a discussion point to the agenda. Unfortunately I'm not going to attend.
ralphmKev: so did the e-mail just come in delayed?
KevI had it on my other account. I thought both accounts were subbed, but presumably either I'm wrong, or it got spamtrapped at work.
Link Mauve“17:30:58 SamWhited> I wouldn't mind writing an XMPP implementation ontop of [tokio].”, oh nice, I’ll have a look, I remember wanting to try it before but it was very immature a few months ago (especially due to futures) so I went for mio instead.
Link Mauve“17:36:10 Zash> lua::lua_setfield(L, -2, CString::new("foo").unwrap());”, you are just using raw bindings that don’t have a higher-level wraper, it won’t provide you any better safety than writing plain C either, it’s not the level at which you want to be using Rust.
ZashLink Mauve: I imagined that it'd be possible to do Safe™ things in Rust and have a relatively small area of unsafe code that moves stuff between that and the C / Lua world.
ZashWhich should be true, but then I reached my tolerance of telling a computer how to turn a string into a string.
SamWhited> Welcome to our room, I'm going to add you to my roster, if you accept, please reply with Yes or 1 to accept, or you can reply with No or 0 if you don't want to.
مـرحـبآ بك في رومنا , سأقوم بإضافتك, لو سمحت أجب بنعم او 1 ان كنت موافقآ, او لا او 0 ان كنت لا تريد اضافتي.
SamWhitedWhisper in jdev or somewhere
Link MauveZash, :)
SamWhitedThat's a new one
Link MauveSamWhited, from who?
SamWhiteddiscuss@, rather; if anyone here has a ban hammer…
ZashA kind of thing highlighting the continued need for JID privacy in public rooms?
SamWhitedThat wouldn't stop a pm would it?
TobiasSamWhited, a fix for the duplicated note numbers https://github.com/xsf/xeps/pull/374
SamWhited"Avril Lavinge" if anyone has op rights there
SamWhitedTobias: nice, thanks!
ZashSamWhited: Makes it harder for whatever that was to actually add you to their roster and/or send direct spam.
intosiIt would be nice if clients would render PM's outside of the chat room context, IMO ;) Avoids a bit of confusion.
intosiI'm generally always confused by how Conversations handles this.
ZashStill need to write that server module to limit PMs in the MUC itself.
SamWhitedIt would also prevent a lot of "me sending private messages to the whole room by mistake"
intosiSamWhited, and that :)
Link MauveI only know of two clients doing that, imo you should report to their bugtracker.
Link MauveIt’s indeed a terrible UX.
mathieuithat’s conversations and mcabber?
moparisthebestI talked to daniel about that before and it was a deliberate design decision
ZashYay trade offs
moparisthebestif I recall correctly, because it'd be confusing that people they were chatting with just disappeared and quit working etc
moparisthebestwhich is fair I guess
moparisthebestI also hate it, coding it up as an advanced option has been on my todo list for too long
danielThe target audience (tm) is also discouraged to use PMs at all
danielThey usually dont hang around anonymous conferences
SamWhitedOh huh, the person sending that spam *is* an admin. Compromised account, maybe.
mathieuimaybe they just want to make friends :-(
moparisthebestyea I have a feeling hardcore xmpp or irc users are the only one bothered by that behavior daniel :)
ZashThe nickname does seem familiar somehow
moparisthebestyea I have a feeling hardcore xmpp or irc users are the only ones bothered by that behavior daniel :)
intosidaniel: perhaps in your client, but that doesn't stop other clients from doing do.
danielintosi: yeah sure. I was just talking about the reasoning Conversations doesn't do it this way
intosiDiscouraging its use is fine (I know I rather receive normal chats instead), but rendering it such that it's easy to broadcast things meant to be said in private might not be the best choice for random users ;) They might also assume the thing was said in publiuc in the first place.
intosiThe incoming message, that is.
intosiIf a techie is confused about the whispers, imagine how non-techies would perceive it ;)
danielMix to the rescue
ralphmdaniel: how would you handle it differently for MIX?
danielralphm: the private conversation doesn't randomly drop out and can be persistent over longer periods
ralphmso would press-hold on a participant then bring you to another conversation?
danielralphm: it can be a different conversation. How exactly you'd open one I haven't thought about yet
danielBut in essence yes
ralphmZash, Flow, and other participants of the XMPP Summit and/or FOSDEM, please join email@example.com
Ge0rGA coworker just clicked my nickname in gajim's MUC window to chat to me. He was utterly confused when I tried to explain to him that this is not the same as a direct message. Oh the woes of XMPP
Ge0rGNormal people would be best served by MUC light.
intosiWhy did you try to explain that? He probably did so because he had a question, and an answer would've made him close the window again ;)
Ge0rGAlso, I've recently fixed yaxim to put MUC PMs into separate windows, even though they lack presence info yet. It vastly improved the UX
Arcim a bit confused by something; why is MIX split into two services with the special proxy service?
KevBecause some things can only happen on your own server.
Steve KilleArc: Will talk about this at the summit. Need to make this clearer. MIX has requirements on the User's server, and these requirements are currently reference as MIX Proxy
KevThe 'special proxy service' is bad terminology for 'things your server does'.
Ge0rGArc, it requires support from your server, and the MIX proxy is the part of your server that implements this support
Ge0rGI'm still in favor of "MIX agent"
Ge0rGdwd, nice sound but technically misleading
dwdWell, it has to be MIX something or else Steve Kille won't write the spec. See RFC 2156.
intosiMIX Connector, or MC for short.
Tobiasor MIX Bender (futurama style)
Ge0rGdwd, that problem can be solved. I remember you offered to kill people who come to Brussels... :P
intosiBite my shiny mixing affiliation.
Ge0rGWhy not just as short as possible? "mixer" or "MIXer"
ZashMIX Inclusion eXtension
Arcit doesnt sit quite right, does it? requiring special server support for a remote service?
ZashI believe it started as "what if the server kept track of your pubsub subscriptions?" combined with "what if muc was pubsub based?"
ZashCurrently, pubsub state is between a client (resource) and the pubsub service. Moving the tracking into the account (on the server) enables magic.
Tobiasmaybe the MIX XEP should make that explicit, so that we don't have someone stubling about that fact every month
ZashHaving not kept up with MIX, I'm not sure how much magic is expected of the server now.
Tobias*explicit in the introduction
Arcand starting today, I'm FREE!
ArcGoogle Code-in is officially over. all student work submitted, all reviews complete, only thing left is choosing grand prize winners and the awards ceremony sometime this spring
Archttps://wiki.xmpp.org/web/Joshua_Pan_Application_2017 is a great result from google code-in
ralphmstart in 40 s
nycohey Arc, can/should we write a blog post about XMPP-related work on Google Code-In?
ArcZash: if you want to follow up with one of the students, that's the big one
ralphmintosi: but will it MIX?
Arcnyco: we could? im not huge into press release style posts tho
ralphm1. Welcome + Agenda
nycoArc, rather tech content?
ArcMartin: you here?
ralphmWho do we have today?
ralphm(despite your presence)
ralphmGood. Any agenda items, besides Summit/FOSDEM?
nycoAgenda: all for the summit?
ArcI added 2 to the board
nycoIMHO we should focus on Brussels
ralphm2. Minute taker
dwdI'm not going to be around the entire time, but I'll get to minutes.
ralphm3. Summit / FOSDEM
ArcThank you ralph for getting the hotel stuff together
ralphmAs you might have seen, I've got the quote from Thon Hotel, and sent out some details on the Summit ML
Martin(apologies, I'm here, but on a train, so my connection is ropey)
ralphmI still need to sign the document, and dwd suggested we could simply put in the bank details to cover their requirement for non-paying individuals
ralphmIf that's ok with y'all
Arcthats ok so long as everyone in the block is known and reliable
ralphmaye, that's also why I put up the Google Docs form
Arcand there's a clear understanding that the XSF will hold people responsible for paying anything charged to the XSF on their behalf
Arcwhich I think you've covered.
dwdHence the phrasing on the Google Docs form, indeed.
ralphmIt has a checkbox stating 'I understand that I will be personally responsible for the payment to Thon Hotel EU and will be required to make good any expense incurred by the XMPP Standards Foundation in relation to my stay.̈́
Arcquick question - why is wednesday twice the price for weekend nights?
dwdarc, Because Hotels.
ralphmI'm assuming that's also because of EU
ralphmIt's always been like this at Aloft, too
intosiThey had few rooms available on that date.
Arcthats bizarre, but moving on.
Tobiaspayments to the hotel okay, but why to the XSF?
Arcunfortunetly there's not a lot of other options; the eariest eurostar from london (for example) arrives after 10am, over 30 minutes from summit
ralphmSo, other than that, I got word that Chris Deering won't be at the Summit, and neither will M&M, but Chris is in talks with Jerome Poisson on the summit venue
ralphmtobias: you don't pay the XSF for the hotel, this is just to make sure that if you don't pay the hotel, we will need to cover it and come haunt you
ralphmTo be clear, the venue being Cisco Diegem
ralphmI trust we can work that out again
SamWhitedIn case Cisco doesn't work out, maybe it's worth inquiring if the hotel has a conference room we can use?
intosi We'll squat all of the Poechenellekelder if not .
Arcis that not locked down yet?
ralphmit does, dwd said it was expensive
ralphmArc: please don't worry so much
SamWhitedAh weird, I'd assume it would be free to people bringing in a big group paying them tons of money
dwdThe XSF can, if needs be, afford the hotel's conference room.
intosiSamWhited: that's not how bistromath works.
dwdSamWhited, That's a US thing. EU hotels don't operate in that way.
SamWhitedI thought that was the point of conference rooms in hotels, to attract big groups :)
ralphmSamWhited: well, in the case of hotels in the EU district in Brussels, there appear to be plenty of venues offered by the EU
ArcSamWhited: and in the US, wednesdays are usually the cheapest day.
ralphmOther thing on the list is the XSF dinner. We just need to contact the same old restaurant and setup a new Google Form afterwards
Arcwhat restaurant is it?
ralphmdwd: let's get that check list done today
ralphmWe've been going there for years. Good venue.
dwdralphm, Yes. Mea culpa and all that.
ralphmThat brings me to the next point, sponsors
ralphmwe need to chase those. Who wants to take that on
ralphmif needed dwd can help with tips
Arci have a bad feeling that im going to lose so much weight on this trip lol
dwdarc, You'll lose many negative pounds.
Arcdwd: you might. lol
ralphmnot seeing any volunteers
ralphmcome on guys, I can't do it all
MattJI'll volunteer, if someone gives me pointers
dwdralphm, This is for Dinner etc?
MattJNot convinced I'm the best person for the job, but hey :)
ralphmlast year we had Dinner and Lunch sponsors, as well as Cisco for the Summit venue
dwdI'll give MattJ some tips.
ZashMattJ: You can arrange for all vegan and cheese free dinner for everyone
ralphmMattJ: you'll be fine, just don't get lost in the woods
MattJI won't be there :)
dwdralphm, That's how lost he'll be.
ArcZash: I don't think its possible, looking at this one restaurant's menu. even the fish has dairy on it
dwdArc, Vegan isn't really a thing in Belgium. Vegetarian isn't much of a thing either.
ralphmArc: I'm sure they can do specials, we've always had a veggie option, too
Arcdwd: yes I'm getting that impression.
intosiralphm: vegan is probably more complex for them.
ArcI'm vegan plus fish and eggs. strong dairy allergy.
ralphmintosi: hm. I'll ask them anyway
ralphm(or whoever calls them)
dwdArc, Ah... Yes, you may have some problems.
dwdArc, You can always live off beer. It's practically a meal in itself there.
Arcthings like butter can lead to a hospital visit, you can understand hesitation eating in non-english countries
intosiI'm sure native speakers can help out at the Auberge here.
ArcI ate exactly two meals in paris over 4 days.
MattJArc, it's fine, once the infamous "ribs place" made up a vegetarian dish for me
Steve Killehas left
MattJConsisting 100% of tomatoes
intosiMattJ: the plate full of tomatoes?
ralphmYeah, I'm sure people in Paris think you're from another planet
MattJThat's the one
ArcMattJ: tomatos are great for electrolites lol
Steve Killehas left
MattJI think there was some parsley on the top
Arcanyway we can discuss that on summit@
waqasWhat has the typical cost of the dinner been? i.e., what's the baseline funding goal?
dwdI'd have to check previous years' figures.
ralphmmeanwhile, let's spend the last 5 minutes on Marketing
ralphmI relatedly asked if my company could provide a projector, and I think that's shouldn't be a problem
MartinI asked if Surevine could, and nobody seemed to know where the projector was, so that's good to hear
ralphmWe do need to get things printed soonish
ralphmMartin: the more the better
Arcralphm: yes, do you have quotes on that?
Martinralphm: OK, I'll chase
Arcralphm: full color front and back A4
ralphmArc: I'll get you a quote on that.
Steve Killehas joined
ralphmanything else specifically?
Arcwell you mentioned a banner
ArcI'm focusing my attention on flyers, which i should have a pdf by friday
ralphmArc: right. Roll op banners are around €35
ralphm(going from, of course you can get more expensive)
ralphmI've also eyed this: https://www.dvc.nl/beurs-presentatie/beurs-en-wanden
Arcralphm: want me to do layout for the banner too?
Arcok get me DPI and size. my schedule is pretty open this week
ArcI added tshirts for decision
ralphmArc: I'm +1 on them, we just need to get a nice design
Arcno problem. full color on one side, one color on the other?
Arcare we doing free shirts for summit participants (they'll cost under $20/ea I expect) or taking online orders to pay for them?
ralphmArc: I don't know
ralphmI would pay for it
Arcit'd cost under $400 to print them. the issue here is the price goes up in smaller quantity
Arcassuming similar pricing US to EU, good tshirt material around $8, and around $15 setup per screen, plus a nominal amount per shirt to print. but the screens are the key there
ralphmdoes different sizes affect that?
Arcnot typically, until you get to XXL or higher
Arcwith full color on one side (for xmpp logo) it'll cost $75-$100 USD for setup and printing regardless of quantity
ralphmI have no idea on this
ralphmI'm going to close this meeting, but we can chat some more afterwards
Ge0rGWould it be possible to get summit-neutral t shirts for non-participants?
ralphmArc: thanks for the PyCon thing
nycook, I need to go, sorry... I've not been useful :'(
ralphmGe0rG: the idea this time around is participant-only shirts, if I remember correctly.
Arcso being conservative it'll cost under $400 for qty 36.
ralphm4. Date of Next
ralphmBy the way, I think we'll skip Feb 1.
Arcwhat, no in-person board meeting?
ralphmNot on Feb 1
ralphmI'll still be in Veldhoven
ralphmBut I'm all up for the in-person board drink
ralphm(on one of the other nights)
Steve Killehas left
Arcralphm: i'm suggesting we use up to $400 of the $1500 for promo material budget for tshirts
Arcso, you ended the meeting a bit abruptly there. are we making those decisions on the list?
ralphmArc: well, yeah, because it's been mostly a conversation between us two. I think that's a reasonable course of action
ralphmI am curious about how to find proper shirt material
Arcthe printer will have options.
ralphmMost of my shirts are American Apparel, but I'm not sure if you can get those here
moparisthebest'MIX Proxy' should be renamed 'MIX User Connector', or MUC for short, that'll fix all the confusion surely
Arca third of my closet are tshirts ive designed or run the orders on, mostly rugby shirts
ralphmI know good vendors for flags and for paper printing, but not so much for clothes
ralphmGuus, intosi, any idea?
Arcwould amsterdam be easy for you to pick up from ralphm?
ArcI can ask the rugby team in amsterdam, all rugby teams make shirts like crazy
Arcbtw ralphm you've got an invite to Bingham Cup 2018 in Amsterdam ;-)
ralphmI'm in A'dam three days a week
ralphmBut I'd guess that all printers would do cheap shipping
ralphm.nl is small
Arci asked the amsterdam lowlanders
Ge0rG"I'm in A'dam three days a week" this is a surprising coming out.
ArcGe0rG: especially when replying to an invite to a gay rugby tournament lol
ralphmYeah, I found it hard to admit, too.
Arclargest rugby tournament in the world, pretty big deal.
Archttps://www.youtube.com/watch?v=ulSPA_Enh2A was Sydney 3 years ago.
GuusSome one mentioned me?
GuusClothing vendors, no idea
Ge0rGHas anybody ever considered that JIDs reflected by a MUC or MIX are not trustworthy, as the component could fake everything?
Arcthats an interesting point
Arccurrently tho you can confirm their server at least if they use http upload to send a photo
Ge0rGhttp://xmpp.org/extensions/xep-0045.html#invite-mediated writes "The <room@service> itself MUST then add a 'from' address to the <invite/> element whose value is the bare JID, full JID, or occupant JID of the inviter" which all have interesting security implications
Arcive retreated to my safe EXI level work, theres just too many privacy exploits to close them all
Arcbesides, many of those problems *we* can't solve.
Arci think i found the bottom of the rabbit hole, and it puts everything else in perspective
Arcall I need to do to uncover your IP address is send you a custom link to a server I manage.
Ge0rGArc: and make me click it
Arcthats easy. i just have to provoke you with an emotional discussion and make it look like a url shortener service
ArcI started running this as a proof of concept on alt-right forums, im getting over 50% click-through rate
Arcit works most reliably with DMs
Arcusually after forum visibility posts
Ge0rGArc: I hope you aren't doing unethical things with the IP data
Arcnot unless profiting from humans being terrible to each other is unethical
Ge0rGArc: in not sure. "profiting" can be anything or nothing
Arci got the idea when I first noticed this problem a few weeks ago at the same time a transwoman friend was being harassed online to the point of closing her facebook account. using this method we were able to uncover that they were using RCN from the DC area, meaning its likely someone she knows
Arcbut we lacked data.
Arcso I identified other places online where this person might be posting, and started running automated agents there to see if we could find a match. we haven't yet.
Arcif we could ever link the person to a real identity, they would face criminal charges for repeatedly threatening to kill her
Arcthe latest is after she left facebook, her harrasser created a spoof profile with her name and started sending friend requests to people she knows. its been pretty scary
Ge0rGArc: interesting op-sec finding
ArcRCN is a cable company. unfortunetly RCN doesnt have ipv6
danielDoes somebody have a deep link to the summits mailing list sign-up page / archive. (basically to the mailman page). I'm on mobile with horrible Internet and googleing that is a pain
Arcanyway im considering turning it into a business. the data archived exclusively from "biggot sites" that trolls tend to use frequently. advertisers are already using your IP address to track you
Ge0rGArc: such a business would be illegal wir where I live
Guuswhen is the next board meeting?
ArcGe0rG: thats entirely possible.
ArcGe0rG: Jan 25.
Arcwe are skipping Feb 1
Guusah, today was one?
Arcyes, and we really only got through one item. its unlikely we'll be able to touch non-summit next week either
Arcthe big one we need to attack now is GSoC. if XSF is going to put in a decent application this year we need someone to step up, I'm happy to serve as backup admin (I've been a GSoC mentor every year since 2005), and need to start getting the ideas page going like yesterday
GuusBoard should probably have a say in the desirability of something like, which is why I was asking: https://github.com/xsf/xmpp.org/pull/246
Guusah, GSoC, good thought. Not sure if I can commit to put in effort there though. I can try to coordinate with IgniteRealtime projects, if that'd be helpful
ArcGe0rG: just curious, what part specifically would be illegal where you are? the recording of IP addresses? sending bots to engage in social sites? allowing paid subscribers to use our data to narrow down who their harassers are?
ArcGuus: well GCI just ended, which means GSoC is starting.
Arcplease note, and this is very important, if XSF isnt accepted there are other projects that will umbrella
Arcwe can, Python may, even Apache
FlowGSOC, yes please :)
Arcthe difference is who gets the money. umbrellas usually keep most or all of the per-student funds
Flowso does the XSF ;)
danielGuus: thank you
dwdArc, I don't think we do it for the monety.
Arcdwd: no, but it helps
FlowI'm not sure if I want mentors who wouldn't mentor if there was no money
Arcwe had Wesnoth under us as an umbrella a few years ago, they threw a nuclear hissy fit over the org payment from google even when they were a very small part of the overall org
Ge0rGArc: recording of addresses is borderline, selling them without user consent illegal
ArcGe0rG: would love to see that law, because advertisers do this all the time.
dwdGe0rG, Germany's a little over-inclusive about what they treat as PII, mind.
GuusArc: Germa...what Dave said.
Arcwell if i do this i plan to incorporate as an LLC in nevada anyway
Ge0rGdwd: it's good to err on the safe side
dwdArc, You could probably have a query service over whether a particular user visiting a site may frequent alt-right groups. Having a flat out IP blacklist might be problematic.
Arcdwd: not a blacklist. we're not blocking anyone, just attempting to link up what they've said on different sites to identify who they are
Arconce we get into facebook it might become very easy.
dwdArc, If you do it via advertising - or via a mechanism that's substantially similar - you're perfectly fine.
dwdArc, Depending on what "identify" might mean here.
Arcthe IP address is easy. the question is who's posting hate from that IP address.
dwdOn another note - pubsub events and retracts - type='headline' a sensible default?
Arcso the MIX "proxy" isnt MIX-specific, its your own server tracking pubsub subscriptions
KevIt *is* MIX specific, because MIX does a special type of pubsub.
Ge0rGAnd because the proxy also filters / redirects messages and possibly presence
Arccould it be mare more generic, tracking pubsub subscriptions would be a nice feature
KevYes, that's PAM.
dwdArc, See PAM.
KevBut PAM wasn't specced out sufficiently when MIX was being done to use PAM.
dwdArc, And that does need work, but I think I've got a reasonable spec for the actual tracking bit.
KevSo what's needed is specced out in MIX more explicitly, with the understanding it may well be rephrased in terms of PAM when PAM is more fully baked.
Ge0rGKev: why haven't we progressed PAM then?
Arcclearly i have a lot of reading to do
Arceasier to retreat back to EXI and let the rest wash over for now
KevArc: Sure. We're basically building XMPP2 at this point.
dwdGe0rG, Cycles. I'm always blocked when thinking how PEP ought to work with PAM.
Arcthat is long since overdue
KevWe're just doing it in a way that still works on top of 6120/6121 and allows interop with XMPP1.
ArcTLS mandatory, EXI detection mandatory, SASL mandatory, fully framed and no restarts
KevWhich is obviously a good thing, but makes it hard to break the mindset of 'well, why should entity X have to support Y in order for entity Z to ...', when the answer is 'because this is how the new world needs to work'.
Ge0rGXMPP2 you say? Is that why bind2 is called as it is? I found the name rather uncreative
danielLet's duplicate all xeps and add a 2.0 to the name
Kevdaniel: Resource binding 1 not being a XEP, of course ;)
Ge0rGdaniel: just bump the steam namespace version
Ge0rGAnd replace XML with http2
KevAnd I'm out again.
Arcand then replace http2 with telnet
Flowhmm, yesterday gave a +1 for removing the ability of the client to suggest a resource, and today I look at stanza traces of integration tests I wrote which use that feature to make it clear which role the involved full JIDs perform in the test.
HolgerYes, custum resource names can be really convenient during debugging.
Flowexactly, so I'm not sure if we should get rid of them on protocol level again
Flow(and that, of course, includes bind2)
Tobiasit's just one indirection more
Flowinstead of looking at the localpart?
Tobiasin your logs, just find the resource you interested in and then look at all debugs things related to it
Tobiasyou just skip the "find the resource you're interested in"
Flowtobias: in case of integration tests, i'm interested in multiple resources
Flowof course, I could highlight them in different colors
danielDebugging is a good usecase. Maybe the only one. Not sure if this justifies keeping them
Tobiassure..but you can just have them handle them being dynamic, not?
Flowand then try to remember somehow that blue is the address doing to the read out from the red resource
Tobiasif you have asserts that are resource dependent, just do a lookup for the resource after you log in, and use the resource in the asserts of your integration tests
Flowtobias: ahh i'm not sure if we talk about the same thing
FlowRight now I've a stanza trace in front of me, which involves three different entities
Tobiaswhat's the integration test you have that requires static hardcoded resources?
Flowwhich somehow interact with each other
Flowtobias: it does not *require* it
Flowit makes the trace much easier to read
Tobiasso, highlight them differently based on resoruce
Flowi may not always have emacs in front of me
Flowi.e. I could have an editor in front of me which doesn't have this feature
Flowlike google docs
Flowwhich is actually the case right now
Tobiasgoogle docs can colour text
Flowahh ok, didn't knew
Flowbut the point still stands
Flowtobias: can color text, or can color search results in different colors?
Tobiasi don't know...i rarely use google docs
bjcit's useful for debugging, but it's hard to use that as a strong motivation to keep the feature, imho
bjci do the same thing with my resources in tests
Tobiasand you can still use static resources, just not when doing login using bind2
FlowIf the only motiviation for removing it is that it makes clustering easier, then I tend to say "keep it", because it's already possible to generate the resources on the local cluster node with the current RFC
Ge0rG+1 for keeping client generated resources.
bjcit removes a round trip when you don't have to negotiate resources
Flowtobias: right, but what if bind2 becomes XMPP 2.0?
Ge0rGMy motivation is debugging as well, and really, we shouldn't make server operator lives even more complicated
bjchonestly, not sure if i care about that, either, but there you go
Flowbjc: no it does not
Arcit could be streamlined
bjcno? i haven't read bind2 yet
Tobiasit's the XEP with no external references :p
Ge0rGThere is no extra round-trip. The client politely asks, the server either approves or reassigns
bjcit's a round trip if you have to ask, as opposed to just being assigned one
Ge0rGBesides, we need some way to tell the server to kill the stale session anyway on a reconnect
FlowI sometimes wish the bind element would be more explicit about the "politely asks" aspect
FlowGe0rG, why do we need that?
FlowThe only party which has an advantage by removing the old stale session is the server, no?
Ge0rGFlow: because I just killed and restarted my client, and I want to replace the previous session
Flowbecause? I mean with carbons and such?
bjcwhat flow said
Flowhmm, probably stale presence, not sure
danielGe0rG: the kill stale sessions can be done differently
danielIt doesn't require custom resources
bjcmay be an issue with directed presence
Ge0rGdaniel: eg with 0198,which has its own session identifier
Flowisn't directed presence send to bare JIDs?
bjcfull or bare
bjcbut for, eg, muc, it's full
Ge0rGFlow: because of OMEMO for example, which talks to a given resource
bjcnot sure if it matters, at the end of the day, though
Flowdoesn't OMEMO talk to devices?
Ge0rG(in mixed support situations)
danielOmemo doesn't need resources
FlowBut I don't see a problem extending <bind2/> with an optional <kill-previous-session resource='foo'/> element
danielFlow: yeah that's what I suggested yesterday
danielOr if bind 2 requires sm when can use sm for that
Ge0rGFlow: that and <attempt-stream-resume id=bar>
FlowI'd avoid hard dependencies when possible
Flowhmm stream-resume doesn't make sense for bind2
Flowstream-enable may does
bjcwhy would you use sm over bosh instead of just using acks?
Ge0rGFlow: if we want to clean up the mess, we need to make bold steps
danielFlow: I don't have an opinion on that. But I said *if* it requires sm. Either that or do the kill-prevois element
Flowright, but still, stream-resume doesn't make sense when using bind2
Ge0rGFlow: stream-resume does make sense because it spares a round-trip and moves more logic into the server
Flowif you do SASL auth followed by xep198 stream resume, then you don't need bind2
danielFlow: but in case it fails
danielIt spares you a round trip
Flowthen you do bind2 with stream-enable
danielFlow: yes. And that's the extra round trip
danielThat you have to do the bind
Ge0rGFlow: or you just do bind2 with attempt-resume and the server does all the magic
Flowahh, got ya, fair point
daniel(I'm not necessarily agreeing just explaining that it does save a round trip)
Ge0rGIdeally, as a client, I'd put (my last MAM id, resource, sm session) into the bind2 request and let the server do everything else
FlowBTW: I did some related art yesterday. Ladies and Gentleman, I present you, the XMPP client session establishment state machine: https://goo.gl/photos/xg2yECoACUscsj6Z6
FlowGe0rg, the last MAM ID, so the server also sends you the missing messages?
Flowhmm, not sure if that's really required
FlowI mean bind2 is there to solve a race condition
Flowand not to make everything super optimized
Flowat least that's how I see it
SamWhitedFlow: nice; I've got a few chunks of that drawn up in some details, and I've been meaning to complete the picture and try to get the full diagram drawn out. Good job
danielSending the mam id would be a very bold move
FlowSamWhited: I'm tikz'ing it and plan to put the tex into a public git
Ge0rGExpected result: either stream resume, or:
- kill old session
- update old sm state according to delivered counter
- send all I missed from MAM
- bind new session
- enable carbons
danielNot sure if bind 2 wants to take that on
SamWhitedFlow: I'e got a few graphs here, feel free to borrow from them: https://bitbucket.org/SamWhited/xmppdocs/overview
Ge0rGdaniel: why not make bind2 explicitly support extension elements for MAM, sm etc
danielGe0rG: I didn't say bold aren't good moves. I'm just not sure if this is something that Kev would be willing to do
FlowSamWhited: will certainly have a look. thanks!
Ge0rGdaniel: im not sure if Kev is the ultimate authority or if we want to make something that's good and future proof
Ge0rG(not implying that we can't with Kev)
danielGe0rG: sure. But you can't hijack kevs xep is what I'm saying.
daniel'hijack' and 'kevs'
Ge0rGdaniel: this is a shortcoming of the XEP process.
Ge0rGIf I had more time, I'd hijack a bunch of them.
danielMaybe it is...
Ge0rGWe can make bind2 something awesome and remove some cruft from the graph Flow shared.
Ge0rGAnd not just a hot fix for a race condition.
Ge0rGI wouldn't mind it becoming XMPP2. There are many problems in XMPP 1
SamWhitedI've been thinking about that a lot lately actually; redoing the login flow and calling it XMPP 1.1 or 2 or whatever; maybe fixing some of the erratas, or merging in XEPs that are now seen as necessary, etc.
SamWhitedAlmost certainly not worth the effort though.
Ge0rGSamWhited: why not?
SamWhitedBecause everything would break, and most of the problems probably aren't bad enough that anyone would bother implementing it. Just a hunch though.
Ge0rGBesides of the MAM carbon SM mess we could also get 2fa and one-time / per device passwords
SamWhitedAnd the IETF-WG process is a big deal, and would take a massive amount of effort.
SamWhitedWe can get that now without rewriting the whole RFC.
KevWhat I want to do with the bind2 spec is not to do anything complicated without a clear consensus.
KevDave has possibly reasonable things he wants to do, including redoing all of SASL I think.
KevIf that happens, it'd probably bin any work done on complicated things in bind2, which is why I'm not keen on boiling the ocean at this stage.
Ge0rGKev: I want to redo the things after SASL, and I have controversial ideas about it. Will post to the ML after my holiday (next week)
Ge0rGKev: how does one thing bin the other?
KevMy approach is "Do the simple things right now in bind2 so we can solve the real problems that need solving, then let someone write an elegant and future-proof reworking of the entire stream setup, and then rephrase bind2 in terms of that".
SamWhitedSASL itself is a pain to implement in a generic way; I haven't seen anything better, but I'm not sure the problems with it are just XMPP problems…
KevSamWhited: And then you start ratholing.
KevSamWhited: And then bind2 gets held up. And then we don't solve the immediate problems.
KevThus my approach of doing the simple thing first, and adapting once the complicated thing is done (if ever)
KevMaybe my simple thing is *too* simple, even for that plan, but that is my motivation.
SamWhitedKevs approach ++; there are places where I think it's necessary to do a radical redesign, but in this case I suspect it's simpler and cleaner to do it incrementally. Especially since even the "simple" approach is a pretty big step.
Ge0rGJust make bind2 extensible with additional elements for SM and MAM