XSF Discussion - 2017-03-03


  1. jere has left

  2. Mancho has left

  3. nicolas.verite has left

  4. Guus has left

  5. Guus has left

  6. vurpo has left

  7. vurpo has joined

  8. sonny has left

  9. waqas has left

  10. jere has joined

  11. Tobias has joined

  12. sonny has left

  13. moparisthebest has left

  14. waqas has joined

  15. moparisthebest has joined

  16. sonny has left

  17. xnyhps has left

  18. nicolas.verite has joined

  19. vurpo has left

  20. vurpo has joined

  21. moparisthebest has left

  22. moparisthebest has joined

  23. efrit has joined

  24. nicolas.verite has left

  25. efrit has joined

  26. jere has joined

  27. jere has joined

  28. nicolas.verite has joined

  29. uc has left

  30. uc has joined

  31. jere has left

  32. jere has joined

  33. nicolas.verite has left

  34. waqas has left

  35. nicolas.verite has joined

  36. Mancho has joined

  37. sonny has left

  38. moparisthebest has left

  39. kalkin has left

  40. jere has joined

  41. nicolas.verite has left

  42. nicolas.verite has joined

  43. blipp has left

  44. SamWhited has left

  45. moparisthebest has left

  46. vurpo has left

  47. vurpo has joined

  48. vurpo has left

  49. vurpo has joined

  50. Lance has left

  51. nicolas.verite has left

  52. moparisthebest has joined

  53. nicolas.verite has joined

  54. vurpo has left

  55. vurpo has joined

  56. ralphm has left

  57. suzyo has joined

  58. goffi has joined

  59. vurpo has left

  60. vurpo has joined

  61. xnyhps has left

  62. nicolas.verite has left

  63. Guus has left

  64. suzyo has left

  65. suzyo has joined

  66. Piotr Nosek has joined

  67. Flow has joined

  68. xnyhps has left

  69. nicolas.verite has joined

  70. Flow has joined

  71. xnyhps has left

  72. efrit has joined

  73. xnyhps has left

  74. jonasw

    100 bytes is a very optimistic MTU for 802.15.4

  75. jonasw

    LTIC it was more like 80 bytes.

  76. xnyhps has left

  77. kalkin has left

  78. vurpo has left

  79. vurpo has joined

  80. intosi has joined

  81. vurpo has left

  82. Tobias

    jonasw, 100 or 120 bytes is realistic for 6LoWPAN

  83. jonasw

    hmm

  84. vurpo has joined

  85. jonasw

    must’ve confused something then

  86. sezuan has left

  87. sezuan has left

  88. intosi has left

  89. Tobias

    jonasw, around 100 and with link security it was 80 https://en.wikipedia.org/wiki/6LoWPAN

  90. Tobias

    but yeah..it's not much

  91. Tobias

    at least my elliptic curve based signatures didn't fit in a single packet :D

  92. jonasw

    ah, I think I was thinking about zigbee

  93. Ge0rG remembers a sensor network project that was using XML over UDP and then had "unexplainable" errors when manifests grew over 64KB

  94. jonasw

    there the baseline is 84 bytes

  95. arc

    jonasw: 2.5 mesh networking eats a bit, as does TLS if you're using it

  96. arc

    but yes.

  97. blipp has joined

  98. arc

    my point is, going from SHA256 to something higher has performance costs associated with it

  99. Tobias

    doesn't SHA have bad runtime performance on constrained devices anyway

  100. arc

    Tobias: you missed the "magic"

  101. Tobias

    i think the SHA code even didn't fit on my target device, so i had to go with something differnet like BLAKE2 :)

  102. Ge0rG

    wouldn't it be possible to precompute the caps hash when compiling the firmware? :D

  103. Tobias

    arc, what kind of devices are you usally dealing with? I mostly played around with SAM-R21 like smallish things

  104. arc

    the schemaId the client uses is pre-baked, and if the server receives it and returns a different schemaId to use, it will use that. as long as its not required for SASL then there's no issue

  105. arc

    Tobias: im not working with a specific device right now. im just writing libexi

  106. Tobias

    ah, ok

  107. arc

    but talking about how I think EXI should be properly implemented with xmpp

  108. jonasw

    "just writing libexi" :)

  109. arc

    that method is this: the device (having no previous contact from a given server) sends a sha256: URI as the schemaId, which the server either responds to in-kind (if it is supported) with its own EXI header and the same schema, OR the server responds using a default schema all devices must support with an error, in which case the client must send the pre-encoded schema it wants to use to the server. this schema should be small enough to fit on a given embedded device.

  110. arc

    the key here is that the use of sha256 is a convention, and this leaves forward compatability if in the future this needs to change

  111. arc

    a future version of the same XEP may recommend a different hash to default to "guessing" on first connect.

  112. arc

    after the server receives the schema from the client though, the server returns the schemaId for the client to use in the future with that server. that schemaId SHOULD be a hash, but it can be literally any string.

  113. arc

    so..

  114. arc

    say in 2 years there's a quantum computer breakthrough and SHA256 can be easily broken, leading to the risk for cache poisoning, BUT there's a new quantum-proof hash

  115. arc

    there's thousands of embedded IoT devices out there..

  116. arc

    but XMPP server software is updated for the new hash.

  117. arc

    the servers can then reject all sha256 URIs and ask for the client to send the schema they want to use, on first connection to the server (or reconnection after the server is updated with this security update)

  118. intosi has joined

  119. jonasw

    seems reasonable

  120. arc

    the clients send the schema, the server responds with a QPROOFHASH:... URI to use as the schemaId, and older clients simply use that string as-is to refer to the schema they were designed to use.

  121. arc

    the XEP is updated accordingly, and everyone is happy.

  122. intosi has left

  123. intosi has joined

  124. Tobias

    right...will be interesting to see on how small of a device you can get XMPP to run

  125. arc

    the smallest devices ive used on a network generally was atmega running Contiki

  126. suzyo has left

  127. arc

    i havent done 8-bit optimizations to libexi. mostly that would be in the bitpacker I think, because an 8-bit libexi would certainly NOT be compiled with text XML capabilities which is where all the funky stuff is

  128. arc

    but I think its very doable.

  129. Tobias

    arc, do you know RIOT OS?

  130. arc

    no, never heard of it

  131. arc

    on the embedded side i'm a hobbiest at best

  132. intosi has left

  133. intosi has joined

  134. Tobias

    it's an IoT OS, similar to continki, but it's all standard C and you could even use C++ https://riot-os.org/

  135. ralphm has left

  136. arc

    I loath C++

  137. arc

    but that's cool, ill look into it down the road

  138. arc

    i see it runs on 8bit

  139. suzyo has joined

  140. Tobias

    haven't used it on 8bit yet, mostly 16 and 32 bit I think

  141. kalkin has left

  142. jonasw

    interesting

  143. jonasw

    but I’m too much a weird person to use a pre-made OS on an embedded system

  144. jonasw

    maybe for the next project :)

  145. Tobias

    and they have good support for standard IETF protocols

  146. arc

    I thought Cortex M0 was going to obsolete the AVR-based devices, but in a recent meeting I was shown a AVR-based internet connected sensor only slightly larger/thicker than a quarter that essentially stacks on top of a coin-cell battery and runs for a full year, the device costing under $5 including the cost of the battery.

  147. arc

    jonasw: i've written 3 TCP/IP stacks on 8-bit so far. I do not recommend it, especially IPv6

  148. jonasw

    :D

  149. jonasw

    I don’t do TCP/IP on embedded though :)

  150. nicolas.verite has left

  151. arc

    if you havent done it before, you should save whatever sanity is left and let someone else do that work.

  152. arc

    ah ok. well you're safe

  153. jonasw

    for MTU and "heck, I don’t want to implement a TCP/IP stack on embedded" reasons

  154. Tobias

    jonasw, https://github.com/RIOT-OS/RIOT/wiki (the supported devices are listed on the right)

  155. jonasw

    Tobias: on the website too

  156. arc

    you can do it. its just not fun.

  157. jonasw

    arc: I tried to implement UDP/IP/Ethernet in VHDL though.

  158. jonasw

    does that count? ;-)

  159. Tobias

    jonasw, didn't notice that :)

  160. arc

    essentially you need to run the whole thing zerocopy due to constrained RAM

  161. jonasw

    Tobias: well, at least enough info on the architectures that I could guess that it’ll run on anything I’ve ever touched ;-)

  162. jonasw

    arc: yes.

  163. jonasw

    that’s what I needed to do for my custom protocol

  164. arc

    and with that, im going to bed.

  165. jonasw

    I’m streaming three sensors at 200 Hz and need to spread lower sample rate data inbetween of that; the transport being Xbee it’s usual that the connection interrupts for some time. so every bit of ram needs to go into buffers.

  166. Kev

    Bed? At 9AM? :)

  167. arc

    Kev: im in DC. its 3:38am here.

  168. jonasw

    good night, arc

  169. Kev

    I knew ;)

  170. Kev

    NN

  171. arc

    i just spent 2 hours searching my old records for my social security card

  172. Kev

    Everyone needs a hobby.

  173. jonasw

    everyone needs secretaries.

  174. jubalh has joined

  175. Ge0rG

    I wouldn't place important things together with old records.

  176. Steve Kille has left

  177. jonasw

    I wouldn’t place important things on a piece of paper.

  178. jonasw

    but unfortunately one doesn’t always have a choice on that.

  179. Steve Kille has joined

  180. Tobias

    still looking for a nice document management system, so I can just scan all documents and pack them away in crates

  181. jonasw

    I have ~/Documents/{category}/{date-of-issuance}\ {tags}.pdf. works reasonably well

  182. vurpo has left

  183. vurpo has joined

  184. vurpo has left

  185. vurpo has joined

  186. vurpo has left

  187. vurpo has joined

  188. mhterres has joined

  189. daniel has left

  190. Flow has joined

  191. daniel has left

  192. Guus

    Whatever process that normally makes sure that the xmpp.org website is updated after a change in the corresponding git repository appears to be failing

  193. jonasw

    it wasn’t me.<x xmlns="jabber:x:tone">not-convincing</x>

  194. Guus

    the problem predates my merger of your code :)

  195. jonasw

    oh okay

  196. Tobias

    i can take a look

  197. Ge0rG has joined

  198. Guus

    I think it started going wrong on Feb 26, with my merger of the 'getting started' page

  199. Tobias

    unless Kev is already

  200. Guus

    JC's 'add subscribe url for the standards list' is live

  201. Guus

    ah, it failed first for my attempt to remove the empty 'who uses xmpp' page

  202. Guus

    that page is still on the website, although I tried deleting it here https://github.com/xsf/xmpp.org/commit/83f365dc99f8a60f31ea5b524e7daafedb714916

  203. daniel has left

  204. Kev

    I'm struggling at the moment to even work out what's supposed to trigger a build of the site.

  205. Tobias

    Kev, when I fixed things summer last year, i set up a cron job

  206. jonasw

    Kev: repository settings -> webhooks?

  207. Kev

    Tobias: Where's the cron?

  208. Kev

    It used to be that this was all generated in Travis so we could just pull it onto the server without running code there, but I don't think that's true any more?

  209. Tobias

    in staticweb's crontab?

  210. Kev

    Ah, staticweb, of course :)

  211. Tobias

    didn't want to add it to root's crontab :P

  212. Kev

    Tonnes of PDF generation errors.

  213. intosi

    /etc/crontab or /etc/cron.d would've been proper.

  214. Tobias

    intosi, even for user cron jobs?

  215. jonasw

    yes

  216. intosi

    Arguably this isn't a user cron job.

  217. jonasw

    pick a user there, prevents manipulation of the crontab by the user

  218. intosi

    ^ what jonasw said.

  219. jonasw

    Tobias: in /etc/cron* you have to explicitly state as which user the job runs

  220. jonasw

    so it’s not like everything there runs as root

  221. Tobias

    ahh

  222. Tobias

    ta

  223. intosi

    There's the added benefit that a random admin would look in /etc/cron* first, and might not even consider user crontabs for essential tasks until much later.

  224. jonasw has left

  225. Tobias

    feel free to move it there then

  226. Guus

    perhaps first fix the issue at hand?

  227. intosi

    Guus: that's all one go.

  228. Kev

    Indeed, I was looking in /etc/cron*.

  229. Kev

    Guus: You were right though, it does seem to be the one where you edited the sidebar :)

  230. Kev

    CRITICAL: UndefinedError: 'pelican.contents.Page object' has no attribute 'sidebar_menu_elem_url_8'

  231. Guus

    weird - why do I not get that locally? Might relate to https://github.com/xsf/xmpp.org/issues/247 ?

  232. Kev

    Yes, sounds like your local environment isn't quite working right, if that's the case.

  233. vurpo has left

  234. vurpo has joined

  235. Guus

    I might require things that are not in the repository then. My environment is a clean virtual machine, which just the repo content and build tools as listed in the readme.

  236. Tobias

    don't know how up to date the readme is, "Any editorial questions: Laura Gill or Simon Tennant can help", at least Simon doesn't seem to be around to respond to any questions regarding xmpp.org site

  237. Guus

    Kev: can you make Travis fail with the same error?

  238. kaboom has joined

  239. jubalh has left

  240. blipp has left

  241. jubalh has joined

  242. Ge0rG has left

  243. xnyhps has left

  244. nicolas.verite has joined

  245. Tobias

    Guus, what state is https://github.com/xsf/xmpp.org/pull/185 in?

  246. nicolas.verite has left

  247. jubalh has left

  248. jubalh has joined

  249. jubalh has left

  250. Guus

    Tobias: I have not looked at it since. I have now aquired a bit more knowledge about Pelican, so I might not depend on others to finish this

  251. Guus

    however: the data that it adds is incomplete

  252. Tobias

    incomplete how?

  253. Guus

    all votes since 2010 are not in there, I think

  254. Tobias

    right, but years that are in there are in there completely right?

  255. kalkin has left

  256. Guus

    it was a one-on-one conversion of the old pages.

  257. Guus

    whatever was in there, is now here.

  258. Guus

    I assume that the old data was complete, for those years.

  259. Tobias

    right

  260. daniel has left

  261. Zash has joined

  262. Alex has joined

  263. Ge0rG has left

  264. daniel has left

  265. uc has left

  266. xnyhps has left

  267. xnyhps has left

  268. uc has joined

  269. xnyhps has left

  270. Guus

    Kev / Tobias: I'll be away for the weekend in a short while. If I can help with the website issue, I'll need to do that now-ish.

  271. Kev

    No rush right now, I think.

  272. Guus

    just saying that I'm willing to help, but will be without laptop soon

  273. Guus

    (doing a weekend trip)

  274. Kev

    Thanks. Just enjoy your trip, the website will still be here Monday.

  275. Kev

    :)

  276. Guus

    kk :)

  277. jubalh has joined

  278. Zash has left

  279. Yagiza has joined

  280. Zash has joined

  281. Valerian has joined

  282. jonasw has left

  283. Valerian has left

  284. Valerian has joined

  285. daniel has left

  286. daniel has joined

  287. xnyhps has left

  288. xnyhps has left

  289. daniel has left

  290. daniel has joined

  291. daniel has left

  292. daniel has joined

  293. daniel has left

  294. daniel has joined

  295. nicolas.verite has joined

  296. nicolas.verite has left

  297. daniel has left

  298. daniel has joined

  299. daniel has left

  300. xnyhps has left

  301. daniel has joined

  302. daniel has left

  303. daniel has joined

  304. jonasw has left

  305. xnyhps has left

  306. mimi89999 has joined

  307. Mancho has left

  308. xnyhps has left

  309. Alex has left

  310. sezuan has left

  311. xnyhps has left

  312. winfried has joined

  313. Valerian has left

  314. Valerian has joined

  315. Valerian has left

  316. Valerian has joined

  317. jonasw has left

  318. Valerian has left

  319. Valerian has joined

  320. blipp has joined

  321. nicolas.verite has joined

  322. nicolas.verite has left

  323. Ge0rG has left

  324. daniel has left

  325. daniel has joined

  326. Alex has joined

  327. jere has joined

  328. uc has left

  329. uc has joined

  330. jubalh has left

  331. Tobias has joined

  332. jere has left

  333. jere has joined

  334. uc has left

  335. xnyhps has left

  336. uc has joined

  337. kaboom has left

  338. jubalh has left

  339. uc has left

  340. Ge0rG

    Flow: backward compatibility is hard :( https://github.com/ge0rg/MemorizingTrustManager/commit/168b7b5598095bfe6ae6fab4797af3f913b574f4

  341. uc has joined

  342. Yagiza has joined

  343. xnyhps has left

  344. xnyhps has left

  345. uc has left

  346. uc has joined

  347. uc has left

  348. uc has joined

  349. Flow

    Ge0rG: true

  350. Ge0rG

    in related news: running the gradle lint on yaxim turned up a dozen of issues, including this one

  351. jubalh has joined

  352. jubalh has left

  353. kalkin has left

  354. koyu has joined

  355. Flow ♥ lovles lint/static code analyzers

  356. Tobias

    Flow, Ge0rG, any experience using errorprone?

  357. jubalh has joined

  358. Flow

    Tobias: Smack uses errorprone

  359. xnyhps has left

  360. Flow

    and it's one of the reasons I made the previous statement

  361. Tobias

    ah..ok

  362. Flow

    but it did that foundt hat many issues in Smack

  363. Tobias

    well..but the thinks it found were sensible issues, right?

  364. Tobias

    it didn't produce tons of useless warnings

  365. Tobias

    or did it?

  366. Flow

    which is of course only because of my l337 c0d1n6 5k1ll5

  367. Flow

    Tobias: very sensible

  368. Flow

    compare to facebook's infer, which produces a ton of non-issues

  369. xnyhps has left

  370. Flow

    but to be fair, infer was right about every issue it found, it where just non-issues in that particular context

  371. Guus has left

  372. Valerian has left

  373. Zash

    Can you tell it to ignore those non-issues?

  374. Flow

    Zash: sure, you could suppress them

  375. Flow

    I decided against infer in Smack because another static code analyzer would increase the compile time again

  376. koyu has left

  377. koyu has joined

  378. koyu has left

  379. jubalh has left

  380. koyu has joined

  381. koyu has left

  382. koyu has joined

  383. koyu has left

  384. Guus has left

  385. Guus has joined

  386. Guus has left

  387. Guus has joined

  388. waqas has joined

  389. koyu has joined

  390. sezuan has left

  391. Ge0rG has joined

  392. jonasw has left

  393. koyu has left

  394. vurpo has left

  395. winfried has left

  396. Piotr Nosek has left

  397. koyu has joined

  398. kalkin has left

  399. koyu has left

  400. Ge0rG has left

  401. koyu has joined

  402. koyu has left

  403. Tobias has left

  404. koyu has joined

  405. Valerian has joined

  406. kaboom has joined

  407. Ge0rG has left

  408. jonasw

    people on security@ argued back then that the hash agility of 115 doesn’t work (dwd and waqas for example), but there are no conclusive reasons given.

  409. jonasw

    here for example: https://mail.jabber.org/pipermail/security/2009-September/000828.html

  410. Guus has left

  411. Zash

    doesn't work how

  412. jonasw

    Zash: I have no idea

  413. jonasw

    I would like to know.

  414. Zash

    md5 was used before according to the capsdb

  415. koyu has left

  416. daniel has left

  417. daniel has joined

  418. Guus has joined

  419. nicolas.verite has joined

  420. nicolas.verite has left

  421. waqas has left

  422. Zash has joined

  423. nicolas.verite has joined

  424. Martin has left

  425. Homer J has joined

  426. xnyhps has left

  427. xnyhps has left

  428. Homer J has left

  429. Guus has left

  430. Guus has joined

  431. nicolas.verite has left

  432. Guus has left

  433. Steve Kille has left

  434. waqas has joined

  435. Steve Kille has left

  436. waqas

    jonasw: Hash agility doesn't work. What we mean by this is backwards compatibility wasn't allowed for. Clients using new hashes vs old hashes would fail to interoperate.

  437. jonasw

    waqas: what would be wrong with simply sending two <c/> elements with different hash functions?

  438. vurpo has joined

  439. waqas

    jonasw: Reality. That wasn't allowed, and clients assume there's only one. You'd fail to interop with most (all?) existing deployments out there.

  440. jonasw

    okay

  441. jonasw

    makes sense

  442. jonasw

    I hate reality

  443. waqas

    i.e., you are modifying the XEP in a way that isn't compatible with prior understanding of implementations

  444. jonasw

    I like the suggestions you make in https://mail.jabber.org/pipermail/security/2009-September/000829.html btw.

  445. jonasw

    specifically: > Also worth considering is whether multiple hashes for different sets of data > make sense instead of just one. A hash for capabilities of an entity is the > most basic. A hash for software ID and version (disco#meta?). A hash for > disco#items. Future XEPs being able to define hashes for datasets they > define is also useful. The downside is a slightly larger presence packet > (which is mitigated by the caps optimization), but I see this leading to a > significant reduction in queries.

  446. waqas has left

  447. Flow

    hu? why wasn't/isn't it allowed to send multiple <c/>s?

  448. Guus has joined

  449. jonasw

    fwiw, aioxmpp also only uses the last one it finds, but it would be trivial to change that into a map hash->caps

  450. jonasw

    so it might simply not be clear that clients should expect multiple nodes

  451. jonasw has left

  452. xnyhps has left

  453. waqas has joined

  454. waqas

    Flow: Everything is allowed. You can even call it <b/> or <d/>. That existing clients would fail to interpret it in a defined way is the problem.

  455. waqas

    Client behavior when they see multiple instances of something that they expected to be single tends to vary between pick-first, pick-last, pick-random, error.

  456. arc

    """The Web shell used by the attackers didn't support SSL, so all their activities were logged to the webserver, enabling Verizon's RISKS team to analyze their actions. Though the idea of attacking cargo ships by hacking their CMS is a sophisticated one by the standards of sea-pirates, the attackers weren't sophisticated enough to run their attacks through a VPN, enabling the RISKS team to trace the attack back to the hackers' home IP address."""

  457. jonasw

    … and server behaviour when caps optimization is in place would also be interesting

  458. arc

    there are at least 3 things wrong with that.

  459. SamWhited

    ralphm: Ping; when you're next online can I get a bit of help with Trello? I keep missing you :)

  460. jonasw

    e.g. would the injection of caps in stanzas on first subscription to presence work?

  461. jonasw

    arc: what’s a CMS in this context?

  462. arc

    content management system

  463. jonasw

    d’oh

  464. jonasw

    I was hoping for cargo management or something domain-specific

  465. Zash

    arc: Why ... why would .. why the .. whaaaayyyy???

  466. arc

    stupid script kiddies hacked a shipping company's website and started rerouting cargo ships to them to steal the content of the ships..

  467. Flow

    waqas: I don't see receiving clients failing if <c =hash='sha1'/> is also send

  468. jonasw

    then it’s: (1) why the heck to cargo ships run a CMS which is (2) accessible from the internet and (3) can be used to take over the ship?!

  469. Flow

    together with a <c hash='new-hash-alg'/>

  470. arc

    jonasw: the ship didnt run the CMS. the shipping company operating autonomously controlled ships did

  471. jonasw

    arc: well, that’s only marginally better.

  472. arc

    the ships are controlled by the company remotely

  473. jonasw

    this future

  474. arc

    however, not only was their website - used for shipping easily hundreds of millions of goods a year - unpatched to common known vulnerabilities, but they didn't use SSL

  475. Zash

    They Should Have Used XMPP for their remote controlled drone ships

  476. arc

    but then - Verizon admits that their risk analysis team was actively monitoring unsecured HTTP, acting as a man in the middle

  477. moparisthebest

    arc, sorry to change the subject but you have me intrigued about EXI, it sounds like it might be feasible to run a generic exi<->xml converting proxy in front of any xmpp server to give it full exi support, yes or no?

  478. arc

    moparisthebest: yes, and to be clear I do think that is the first way deployment will happen, however its suboptimal to run two XML parsers in a chain like that

  479. mathieui

    arc, what’s the source of that read? it sounds lovely

  480. jonasw

    mathieui: google points me to https://boingboing.net/2016/03/03/pirates-hacked-shipping-compan.html

  481. arc

    mathieui: https://boingboing.net/2016/03/03/pirates-hacked-shipping-compan.html

  482. moparisthebest

    yea arc not as great for the server but could be excellent for clients, so when can I expect to be able to download and run the first version from you? :D

  483. Steve Kille

    SamWhited: thanks for that super-qucik MIX turnaround

  484. arc

    moparisthebest: as soon as i wrap up libexi im going to update my Apache mod_xmpp with it, which is primarily designed to serve as a proxy (websockets to xmpp) but now will also do EXI ports too

  485. SamWhited

    👍 my morning coffee goes well witch catching up on emails and taking care of XSF stuff :)

  486. SamWhited

    Thanks for the new revision

  487. Ge0rG has joined

  488. moparisthebest

    arc, so when do I get an nginx module instead? :P

  489. jonasw

    Steve Kille: ah, you’re here. I wanted to make sure you don’t feel bothered by my insisting on the issues I pointed out. I feel that I should probably have given you more time, but then again, too often things get forgotten and then we end up with sub-optimal XEPs which cannot be changed anymore because there are too many implementations :/

  490. moparisthebest

    just joking that would be fine too, I'd be curious to look at adding it to Conversations

  491. jonasw

    am I the only one who thinks that webservers are not the right place to terminate SSL for everything?

  492. Steve Kille

    jonasw: not bothered at all. You are making some excellent input to help move this spec foraward.

  493. SamWhited

    Define "web servers"? If you mean reverse proxies like nginx and haproxy, I'd say they're definitely the right place to terminate SSL for everything :)

  494. SamWhited

    Because that's what they're designed to do

  495. jonasw

    SamWhited: apache?

  496. arc

    moparisthebest: I will never write a nginx module. I'm friends with their CEO, Gus, who I used to play on the same rugby team with when he lived in DC, but he was unwilling to hire me while allowing me to work on non-NGINX FOSS on my own time

  497. arc

    moparisthebest: you can already start, there is a complete Java library implementing EXI

  498. SamWhited

    jonasw: Yah, I agree with you there… apache may be good at it now, I dunno, but it was not designed to be a reverse proxy.

  499. jonasw

    arc: wtf?

  500. moparisthebest

    ah yea arc I remember you saying that, and it sounded super shitty

  501. jonasw

    I need to repeat: wtf? Is that even legal?

  502. SamWhited

    I've heard that about nginx several times now, which is kind of sad, because I do love the software…

  503. Zash

    jonasw: Did you know that nginx is actually an email proxy? :)

  504. jonasw

    Zash: unfortunately, yes.

  505. arc

    jonasw: yea its because of some VC agreement or someshit. but the idea of a FOSS project turned commercial turning down an employee they just interviewed and were excited about because he works on other FOSS projects is insane

  506. moparisthebest

    arc, well you said your EXI should work differently than the XEP, and I'd prefer to have a proper server implementation to test against, but yea the library is there at least

  507. SamWhited

    I think most big companies have that clause for whatever reason, but I always try to negotiate it away.

  508. jonasw

    I also know that their protocol implementation is simply a character state machine, I don’t want to know how people implemented XMPP on it. I bet it cannot deal with namespace prefixes properly :-)

  509. arc

    so I don't consider nginx to be FOSS anymore, regardless to whatever license its available under

  510. jonasw

    SamWhited: wait wat? clauses which forbid you to work on FLOSS in your freetime?

  511. jonasw

    I’m really not sure that would be legal here.

  512. arc

    moparisthebest: im unsure how the java library works, but it might do general xml processing. so you could start by changing it to use the different library and developing your client's exi schema

  513. moparisthebest

    I think it is here, I guess you can agree to about anything jonasw

  514. arc

    jonasw: this was the major issue with me and Atlassian, too.

  515. SamWhited

    jonasw: Yah, I have no idea if they're enforceable or not, but most places I've applied or worked have had some similar thing.

  516. arc

    and Google. and Facebook. and Twitter. and Adroll. and dozens of other firms.

  517. Zash

    Isn't usually that they claim ownership of anything you do while employed, not forbid things outright?

  518. arc

    that's why I'm founding hub.coop

  519. mathieui

    15:23:00 jonasw> I’m really not sure that would be legal here. → it’s legal in some states/countries

  520. mathieui

    and even if illegal, nobody is challenging it in court

  521. jonasw

    hasn’t occured to me yet. but then again, I only worked at a startup and a research facility up to now. the latter being very clueless on software development in general.

  522. SamWhited

    Or at least, I think they had; I don't ever understand the legal stuff, but mostly places have made me sign a "previous inventions" thing or I've been able to negotiate that clause out.

  523. mathieui

    arc, btw, google doesn’t always have that clause, afaik

  524. arc

    Zash: California law forbids exactly that, anything you work on in your own time and on your own equipment is yours. but they can fire you for doing it without permission and without negotiating aspects about it

  525. jonasw

    but good to know. something to watch out for.

  526. jonasw

    that’d be a deal-breaker for me, too

  527. arc

    mathieui: Google requires that you get permission from them, and you must argue how it is in Google's best interest. if the project is *GPL they will ask you why you don't want to work on something Apache based instead, etc

  528. mathieui

    ha right

  529. arc

    AGPL will always get a hard "NO"

  530. jonasw

    that explains a lot.

  531. arc

    Google employees are not allowed to work on any AGPL licensed project.

  532. SamWhited

    Heh, that's okay then; AGPL is a hard no for me personally too :)

  533. jonasw

    I have no regrets about not pushing to join google anymore.

  534. arc

    having to ask permission puts them in the position of being able to say no, and negotiate with you what you can do on your own time

  535. arc

    SamWhited: for me its beyond the simple ability, its the morality of it.

  536. moparisthebest

    arc, they aren't allowed to contribute to other's AGPL projects?

  537. jonasw

    this explains so mcuh

  538. moparisthebest

    yea for me AGPL is almost always the correct choice meh

  539. arc

    moparisthebest: no. and that comes from a lawyer working in Google's Open Source Programs Office, the same office that runs Summer of Code is also the office that manages employees wanting to contribute to FOSS

  540. arc

    moparisthebest: i agree.

  541. moparisthebest

    makes me glad I work at a non-software company that just has in-house devs to develop in-house stuff lol, so none of this contract nonsense

  542. jonasw

    what the heck

  543. arc

    in fact Google is so hostile to the AGPL that they specifically forbade 3rd party projects from hosting them on their old code hosting site, code.google.com

  544. SamWhited

    I think GitHub does that now too, no? Wasn't that one of the consequences of their new TOS?

  545. jonasw

    uh

  546. SamWhited

    Or maybe that was just anything that required attribution

  547. jonasw

    that would make a few projects I host there illegal

  548. arc

    SamWhited: there were several consequences, I believe GPLv3 and AGPLv3 both

  549. arc

    I'm staying out of that one since I dislike github anyway

  550. moparisthebest

    wait what? lots of AGPL projects are on github?

  551. SamWhited

    yah, but technically they're not allowed anymore I think (no idea why, that's just what someone said about their new TOS). I suspect it wasn't an intentional consequence, it was just something they did that was incompatible with those licenses somehow

  552. jonasw

    SamWhited: do you have any sources for that?

  553. arc

    the concept of a for-profit company like github having so much control over FOSS projects, their new TOS a perfect example to the potential for abuse of that power, makes me extremely uncomfortable

  554. moparisthebest

    I can't imagine any TOS that would conflict for code hosting

  555. moparisthebest

    unintentionally anyway

  556. moparisthebest

    obviously "no agpl projects" would, but that'd be intentional

  557. arc

    moparisthebest: I wouldn't be too concerned for that, the folks at the FSF, SFLC, and SFC are all over it

  558. arc

    they'll issue a new TOS soon enough

  559. xnyhps has left

  560. jonasw

    arc: URLs?

  561. arc

    the last I heard they were apologetic for the "misunderstanding" this has caused

  562. moparisthebest

    arc, yea the way I justify using github is it's not like SVN where your repo is held hostage, I have everything locally and can just host my own gitlab whenever I want

  563. arc

    jonasw: i know this from IRC, I've been watching the lawyers talk about it

  564. jonasw

    arc: which IRC?

  565. moparisthebest

    but yea ideally I wouldn't use it at all... meh

  566. arc

    freenode

  567. jonasw

    that’s a very broad statement, arc

  568. moparisthebest

    not very specific :)

  569. arc

    mostly #Conservancy

  570. arc

    where else would lawyers be?

  571. moparisthebest

    ah the kallithea people? I love those guys

  572. arc

    but its all over, every channels talking about it

  573. SamWhited

    jonasw: Not in front of me; go read their new TOS or search for other peoples blog posts about it.

  574. arc

    a few projects immediately pulled their repos and started self-hosting since

  575. jonasw

    SamWhited: the TOS is huge and I can’t find a diff

  576. moparisthebest

    GIThub tos, no diff? :P

  577. SamWhited

    I thought they literally did have it in a repo so you could get a diff…

  578. jonasw

    SamWhited: yes, but

  579. mathieui

    that’s a line diff

  580. mathieui

    not a legalese diff

  581. SamWhited

    fair enough

  582. Zash

    IANAL, what up?

  583. SamWhited

    jonasw: Here's a source, but probably also a non-lawyer / completely biased one, so grain of salt: https://www.mirbsd.org/wlog-10_all.htm

  584. Zash

    SamWhited: Every comment thread I've seen about that has started with "This person doesn't know what they are talking about" ...

  585. jonasw

    ah, section D narrows it down so that I can take a look

  586. SamWhited

    Zash: Yah, they probably don't

  587. SamWhited

    I just assume they're seeing what they want to see, but I have no idea

  588. nicolas.verite has joined

  589. jonasw

    I’m not dealing with this right now

  590. nicolas.verite has left

  591. jonasw

    hoping to fix a bug today

  592. moparisthebest

    thanks SamWhited I was searching for 'github agpl' and such with no luck

  593. SamWhited

    yah, it was suprisingly hard to find again; makes me think it was just one or two sources being loud and blowing it way out of proportion

  594. jere has left

  595. Ge0rG has left

  596. jonasw

    arc: if you don’t like github (and I agree that github is a dangerous centralisation of power over FLOSS), what is your alternative suggestion, if I want the broad developer public to easily contribute to and raise bugs for my software?

  597. mathieui

    jonasw, you can go gitlab or bitbucket, it’s slightly less terribad

  598. jonasw

    mathieui: that’s only shifting the problem

  599. mathieui

    yes.

  600. mathieui

    you can run your own gitlab or whatever hip forge like gogs with external auth and it’s equally easy for people to contribute

  601. Zash

    Self-host all the things!

  602. jonasw

    I have a self-hosted gogs instance, but (a) I don’t really like the idea of having to maintain possible abuse if I open registrations or issues and (b) it adds the hurdle to create an account there while ~everyone has a github acconut.

  603. SamWhited

    "equally easy" except that now if everyone does that every single person has to make an account with every single project they want to contribute too…

  604. mathieui

    jonasw, gogs doesn’t allow gitlab oauth?

  605. mathieui

    -gitlab + github

  606. jonasw

    I don’t know, but that doesn’t solve (a)

  607. mathieui

    because you can login into self-hosted gitlab from github

  608. kalkin has left

  609. mathieui

    and yeah, there is no solution not run by other people where you don’t have to care for abuse

  610. jonasw

    only allowing to open issues is probably already a good reduction of possibilities for an attacker, but that’s barely sufficient if you want people to contribute patches

  611. SamWhited

    Now GitHub is the centralized service for auth, so you have more or less the same problem.

  612. SamWhited

    I dunno, not that I actually think this is a problem. If you don't want your stuff on GitHub or wherever you can move it later. I'm just going to keep using GitHub and Bitbucket; mostly they're pretty okay and legal stuff is hard.

  613. jonasw

    yes, currently it is not a problem and GitHub is convenient.

  614. moparisthebest

    that's how I justify it, I have full history and can move wherever later

  615. jonasw

    right

  616. jonasw

    except the issues and everything else which is only on gh

  617. moparisthebest

    I actually think github is the last 'hosted' thing I use, that I don't run myself

  618. SamWhited

    and if they're apologizing for the confusion over the new TOS like arc said, that probably means they're not going to start randomly deleting your software

  619. moparisthebest

    you can kind of export those, but yea

  620. nicolas.verite has joined

  621. nicolas.verite has left

  622. Guus has left

  623. arc

    SamWhited: i think one of the questions that's come up is whether you've granted github rights above and beyond the license by hosting with them

  624. nicolas.verite has joined

  625. SamWhited

    arc: so it's not that the AGPL is banned, it's just that the AGPL people don't want to give GitHub extra rights?

  626. moparisthebest

    I feel like, I would HOPE, it would be harder than just a TOS change for them to take rights above and beyond an explicit legal license...

  627. sezuan has left

  628. moparisthebest

    that wouldn't remotely be legal anyway right? if I push an AGPL project there that have AGPL contributions from countless different devs over the years, *I* can't legally grant anyone any other license can I ?

  629. jonasw

    moparisthebest: uh, actually, it shouldn’t be that hard. "By uploading to and using the service you agree that github is allowde to do X with your data"

  630. jonasw

    done.

  631. moparisthebest

    most of the time it's not *my* data though

  632. moparisthebest

    not to mention I didn't get any emails or even click to agree, they just published a new version and said 'by continuing...' what like I need to check it every time I push? meh

  633. jonasw

    well, they also state that you must ensure that you have the right to grant that license on the adta

  634. SamWhited

    That's the point though I think; it's not illegal for GitHub to say "if you want to use our service, you have to give us a legal grant to use whatever you put on our service", and if you can't do that (because you don't want to relicense from something else that says you can't), then you just don't use their service.

  635. SamWhited

    And if you can't license it because it's someone elses work, then you shouldn't be uploading it anyways (which is probably one of the things they were trying to prevent)

  636. nicolas.verite has left

  637. moparisthebest

    well that part isn't true

  638. moparisthebest

    like I have a fork of curl on github, I can't license that to others with any different license than it has, I certainly can't give github extra stuff over what the license says

  639. Guus has joined

  640. SamWhited

    right, so you can't upload it to GitHub because they say that to upload things to them you have to be able to give them a rights grant.

  641. moparisthebest

    bad example because curl has a crazy permissive license, but if it had gpl it'd be a good example :)

  642. moparisthebest

    so what if you do anyway because you aren't a lawyer and/or haven't read the TOS since 2012 when you signed up or whatever?

  643. moparisthebest

    they can't *take* those rights, they can just stop hosting you?

  644. SamWhited

    Yah, I think that's generally how it works

  645. moparisthebest

    yea and if that's worst case I don't care

  646. SamWhited

    Unless you *do* own the software, then you probably have given them a grant to use it however unless you live somewhere that legal contracts have to be explicit and TOS's don't count

  647. SamWhited

    at least, that's what this sounds like to me

  648. moparisthebest

    so I'm not clear legally on the boundaries there, it *seems* they can say stuff like 'by using the service you implicitly grant us rights', why can't they say stuff like 'if you walk outside today you explicitly grant us rights' ?

  649. bjc has left

  650. bjc has joined

  651. SamWhited

    Because you're not entering into a business relationship with them in that case.

  652. moparisthebest

    s/explicitly/implicitly/

  653. SamWhited

    (but again, I feel compelled to point out that I have no idea what I'm talking about: I'm just reading shit off the internet and interpreting it as best I can)

  654. moparisthebest

    then can they say 'if you utter the name github you implicitly grant us rights'

  655. SamWhited

    no, of course they can't

  656. moparisthebest

    I'm not really seeing a precise boundry here, but I guess that's law for you

  657. jonasw

    moparisthebest: the boundary is probably somewhere along the line of "you are using resources on their systems"

  658. moparisthebest

    jonasw, so then "if you ever visit github.com you are implicitly granting us rights to all your programs"

  659. sezuan has left

  660. jonasw

    moparisthebest: there are "if you visit our website you grant us rights" clauses

  661. SamWhited

    I suspect a court would also find that visiting GitHub.com doesn't count as entering into a legal contract or business relationship…

  662. jonasw

    that clause there is probably not in proportion and would thus be refuted

  663. moparisthebest

    what's the legal boundry between visiting and pushing code? both are simple https calls

  664. moparisthebest

    you can even edit/create code in your browser on github.com

  665. jonasw

    moparisthebest: the amount of data you move to their systems and which is stored persistently

  666. SamWhited

    What does the protocol (or anything technical) have to do with any of this?

  667. jonasw

    the data you store on their systems is theirs

  668. Ge0rG

    The data you upload to github will be thoroughly searched by the United States border control.

  669. arc

    SamWhited: im not sure, just things im seeing as i jump between channels. as i said im trying to stay out of it

  670. arc

    I don't like github, so my opinions would be biased. I'm just sharing snippets of what ive seen.

  671. arc

    honestly I loved bitbucket

  672. arc

    once i get quicksilver into a more deployable state I think it could take over

  673. arc

    quicksilver is a rather hackish realtime mercurial over xmpp I setup. it needs a lot more work, but is kinda cool for remote pair programming

  674. jonasw

    agh, I don’t like hg :-)

  675. arc

    jonasw: well you're in luck because there's nothing about it thats mercurial specific, I think

  676. arc

    it could run server-side git just as well

  677. sonny has left

  678. nicolas.verite has joined

  679. nicolas.verite has left

  680. arc

    but its not in great shape, extremely hackish. i literally have hg running in a subprocess right now

  681. arc

    i put it together with a student twoish years ago as an experiment

  682. Flow

    re pair programming using xmpp: It's so sad that gobby is no longer under active development

  683. moparisthebest

    arc, familiar with kallithea?

  684. arc

    I know, gobby was nice. but it had its faults too.

  685. moparisthebest

    or jonasw because kallithea does hg and git :P

  686. arc

    moparisthebest: yea ive seen it around

  687. jonasw

    moparisthebest: no, but let me check it out

  688. arc

    Flow: what i dont like about gobby is its really session oriented, it doesnt integrate well into daily workflow.

  689. arc

    and if you want to compile your work, and someone is editing the same session, you have to wait for them to get their part into a ready state. its a bit *too* realtime

  690. jonasw

    moparisthebest: not confident yet, as they don’t use kallithea to host their own code ;-)

  691. Flow

    uh, there is commit activity at github.com/gobby/libinfinity

  692. moparisthebest

    jonasw, they do https://kallithea-scm.org/repos/kallithea

  693. jonasw

    but not their issues etc.

  694. moparisthebest

    been using it at work since 2012, when it was called rhodecode, before the rhodecode dev did illegal license things and threatened to sue me and sent DMCA takedown notices for patches and stuff....

  695. jonasw

    gah, I can’t stand hosting services which show irrelevant information first and not the files. this is also annoying the hell out of me with the recent gitlab updates.

  696. arc

    QS is basically receiving realtime code pushes into your local VC as you work, but doesn't update. so you see that the code is there, and can merge it in realtime, but its not automagic

  697. Flow

    arc: Isn't pair programming about having a live/real-time programming session with one or more other ppl?

  698. Flow

    and everything else would be basically using a DVCS

  699. moparisthebest

    but then the software conservancy vetted it and forked it to kallithea :)

  700. SamWhited

    ooh, yah, Bitbucket does that by default… there's an option to change it, but it's an option on each individual repo not on your account, which is stupid.

  701. arc

    Flow: it is a dvcs, just with pubsub

  702. Flow

    arc: and it's called quicksilver?

  703. jonasw

    moparisthebest: all over all, kallithea looks interesting though

  704. Flow

    arc: got a link?

  705. arc

    Flow: i reserved quicksilver.vc but there's nothing really in the repo there, as i said its super hackish and only works with our GCI web-based editor

  706. arc

    at some point I'll get it into a deployable format and put some time into porting plugins to gedit/etc

  707. nicolas.verite has joined

  708. arc

    the protocol is stupid simple, the server-side is a quick and dirty pubsub service running mercurial in a subprocess with hooks and pipes, and the client side is a python script in front of local hg in their docker container receiving data from the web-based editor and chat client

  709. arc

    the client side is on gci.copyleftgames.org

  710. arc

    more than half of it was written by a 15 year old

  711. xnyhps has left

  712. arc

    Alight - im headed to grab coffee with Mr Miller to discuss becoming a member of the XSF

  713. jonasw

    good luck, arc

  714. arc

    Flow: if im successful you'll have more members for the IoT sig

  715. arc

    they're a washington dc firm doing IoT

  716. SamWhited

    Good luck

  717. jubalh has joined

  718. winfried has joined

  719. ralphm has left

  720. bjc has left

  721. jubalh has left

  722. kalkin has left

  723. bjc has joined

  724. Guus has left

  725. Guus has joined

  726. Valerian has left

  727. Valerian has joined

  728. nyco has joined

  729. nicolas.verite has left

  730. nyco has left

  731. xnyhps has left

  732. sezuan has left

  733. sezuan has left

  734. jubalh has joined

  735. nicolas.verite has joined

  736. Valerian has left

  737. Valerian has joined

  738. xnyhps has left

  739. sezuan has left

  740. tim@boese-ban.de has joined

  741. Steve Kille has left

  742. vurpo has joined

  743. Zash has left

  744. Steve Kille has left

  745. Lance has joined

  746. Steve Kille has joined

  747. ooih has joined

  748. ooih has left

  749. Zash has joined

  750. Zash has joined

  751. xnyhps has left

  752. mhterres has left

  753. intosi has left

  754. kaboom has left

  755. waqas has left

  756. Guus has left

  757. kalkin has left

  758. Guus has joined

  759. jubalh has left

  760. nicolas.verite has left

  761. kaboom has joined

  762. nyco has joined

  763. waqas has joined

  764. Zash has joined

  765. tim@boese-ban.de has joined

  766. nicolas.verite has joined

  767. Guus has left

  768. jonasw has left

  769. vurpo has left

  770. Guus has joined

  771. vurpo has joined

  772. vurpo has left

  773. vurpo has joined

  774. vurpo has left

  775. vurpo has joined

  776. vurpo has left

  777. Valerian has left

  778. Valerian has joined

  779. vurpo has joined

  780. vurpo has left

  781. vurpo has joined

  782. vurpo has left

  783. vurpo has joined

  784. waqas has left

  785. vurpo has left

  786. xnyhps has left

  787. vurpo has joined

  788. xnyhps has left

  789. vurpo has left

  790. vurpo has joined

  791. ralphm has left

  792. waqas has joined

  793. jubalh has joined

  794. Valerian has left

  795. Valerian has joined

  796. vurpo has left

  797. vurpo has joined

  798. daniel has left

  799. daniel has joined

  800. vurpo has left

  801. vurpo has joined

  802. vurpo has left

  803. vurpo has joined

  804. vurpo has left

  805. vurpo has joined

  806. vurpo has left

  807. Zash has joined

  808. vurpo has joined

  809. vurpo has left

  810. vurpo has joined

  811. vurpo has left

  812. vurpo has joined

  813. suzyo has left

  814. vurpo has left

  815. suzyo has joined

  816. xnyhps has left

  817. vurpo has joined

  818. nyco has left

  819. nicolas.verite has left

  820. nicolas.verite has joined

  821. xnyhps has left

  822. kaboom has left

  823. vurpo has left

  824. vurpo has joined

  825. SamWhited has left

  826. nicolas.verite has left

  827. jere has left

  828. jere has joined

  829. Flow has joined

  830. jere has left

  831. jere has joined

  832. Flow has left

  833. Valerian has left

  834. goffi has left

  835. Guus has left

  836. Alex has left

  837. Guus has joined

  838. Guus has left

  839. Guus has joined

  840. SamWhited has left

  841. vurpo has left

  842. kalkin has left

  843. vurpo has joined

  844. nicolas.verite has joined

  845. Guus has left

  846. Guus has joined

  847. waqas has left

  848. Tobias has joined

  849. Flow has joined

  850. nicolas.verite has left

  851. intosi has joined

  852. sezuan has left

  853. kalkin has left

  854. jubalh has left

  855. vurpo has left

  856. vurpo has joined

  857. intosi has left

  858. jubalh has left

  859. vurpo has left

  860. vurpo has joined

  861. sezuan has left

  862. daniel has left

  863. daniel has joined

  864. Lance has left

  865. waqas has joined

  866. goffi has joined

  867. jubalh has joined

  868. Lance has joined

  869. Zash has left

  870. vurpo has left

  871. vurpo has joined

  872. jubalh has left

  873. vurpo has left

  874. vurpo has joined

  875. Guus has left

  876. Flow has left

  877. Guus has joined

  878. vurpo has left

  879. Guus has left

  880. vurpo has joined

  881. Guus has joined

  882. winfried has left

  883. waqas has left

  884. jubalh has joined

  885. moparisthebest has joined

  886. SamWhited has left

  887. devnull has left

  888. devnull has joined

  889. Zash has joined

  890. daniel has left

  891. daniel has joined

  892. vurpo has left

  893. vurpo has joined

  894. waqas has joined

  895. Mancho has left

  896. jubalh has left

  897. jubalh has joined

  898. jubalh has left

  899. Guus has left

  900. vurpo has left

  901. vurpo has joined

  902. vurpo has left

  903. vurpo has joined

  904. vurpo has left

  905. vurpo has joined

  906. waqas has left

  907. vurpo has left

  908. vurpo has joined

  909. jere has left

  910. jere has joined

  911. nicolas.verite has joined

  912. vurpo has left

  913. vurpo has joined

  914. moparisthebest has left

  915. daniel has left

  916. daniel has joined

  917. daniel has left

  918. daniel has joined

  919. waqas has joined

  920. moparisthebest has joined

  921. daniel has left

  922. daniel has joined

  923. daniel has left

  924. daniel has joined

  925. daniel has left

  926. daniel has joined

  927. daniel has left

  928. daniel has joined

  929. daniel has left

  930. daniel has joined

  931. daniel has left

  932. daniel has joined

  933. daniel has left

  934. daniel has joined

  935. jubalh has joined

  936. daniel has left

  937. daniel has joined

  938. Valerian has joined

  939. daniel has left

  940. daniel has joined

  941. daniel has left

  942. daniel has joined

  943. Valerian has left

  944. Valerian has joined

  945. suzyo has left

  946. kaboom has joined

  947. Guus has joined

  948. daniel has left

  949. daniel has joined

  950. daniel has left

  951. daniel has joined

  952. arc

    5 hours later...

  953. goffi has left

  954. Guus has left

  955. xnyhps has left

  956. xnyhps has joined

  957. daniel has left

  958. daniel has joined

  959. daniel has left

  960. daniel has joined

  961. Valerian has left

  962. waqas has left

  963. kaboom has left

  964. arc

    That was a long talk. I can't even begin to summarize

  965. arc

    He's a XMPP evangelist for sure

  966. xnyhps has left

  967. arc

    Wants to join the iot WG

  968. sezuan has left

  969. arc

    And XSF more generally...

  970. arc

    He suggested the Xsf should have a relationship with IEEE

  971. kaboom has joined

  972. arc

    He wants to get XMPP standardized for iot within IEEE and other bodies

  973. jubalh has left

  974. arc

    Rickard has met him and Peter Saint-Andre

  975. moparisthebest

    Isn't psa the xsf's relationship with the IEEE?

  976. arc

    If so he missed a ieee XMPP standards group forming

  977. arc

    Also httpx is a registered URI protocol for http over XMPP??????

  978. arc

    I'm trying to get the engineers in his IEEE group into XSF

  979. arc

    Not even a single XSF member involved

  980. arc

    It's mad and he agrees. He knew of XSF but didn't know how membership works... He asked how much it cost

  981. jere has joined

  982. moparisthebest

    And how much did you tell him arc ? :-)

  983. arc

    Just $599

  984. moparisthebest

    What a deal!

  985. SouL

    Where can I send the money?

  986. arc

    Heh

  987. nicolas.verite has left

  988. blipp has left

  989. blipp has joined

  990. arc has left