XSF Discussion - 2017-03-04

  1. Lance has left

  2. Lance has joined

  3. arc has left

  4. Zash has joined

  5. Zash has joined

  6. Guus has joined

  7. Guus has left

  8. bra has left

  9. Guus has joined

  10. Guus has left

  11. Guus has joined

  12. bra has joined

  13. Guus has left

  14. Guus has joined

  15. Guus has left

  16. Guus has joined

  17. blipp has left

  18. blipp has joined

  19. Guus has left

  20. arc

    Or twelve easy payments of $59!

  21. Guus has joined

  22. kaboom has left

  23. Guus has left

  24. Lance has left

  25. jere has joined

  26. daniel has left

  27. daniel has joined

  28. daniel has left

  29. Tobias has joined

  30. Tobias has joined

  31. daniel has joined

  32. daniel has left

  33. efrit has joined

  34. daniel has joined

  35. moparisthebest has left

  36. moparisthebest has joined

  37. daniel has left

  38. nicolas.verite has joined

  39. daniel has joined

  40. waqas has joined

  41. vurpo has left

  42. vurpo has joined

  43. efrit has joined

  44. Lance has joined

  45. sezuan has left

  46. Lance has left

  47. moparisthebest has left

  48. moparisthebest has joined

  49. jere has left

  50. jere has joined

  51. jere has left

  52. jere has joined

  53. SamWhited has joined

  54. nicolas.verite has left

  55. Guus has joined

  56. Guus has left

  57. Guus has joined

  58. arc has left

  59. Guus has left

  60. Guus has joined

  61. Lance has joined

  62. nyco has left

  63. Guus has left

  64. Guus has joined

  65. uc has left

  66. uc has joined

  67. Guus has left

  68. Guus has joined

  69. kalkin has left

  70. Lance has left

  71. waqas has left

  72. SamWhited has joined

  73. mimi89999 has left

  74. mimi89999 has left

  75. nicolas.verite has joined

  76. Yagiza has joined

  77. mimi89999 has joined

  78. suzyo has joined

  79. kalkin has left

  80. sezuan has left

  81. nicolas.verite has left

  82. sezuan has left

  83. daniel has left

  84. daniel has joined

  85. daniel has left

  86. daniel has joined

  87. nicolas.verite has joined

  88. daniel has left

  89. daniel has joined

  90. Guus has left

  91. Guus has joined

  92. daniel has left

  93. sezuan has left

  94. daniel has joined

  95. arc has left

  96. Lance has joined

  97. Guus has left

  98. Guus has joined

  99. Lance has left

  100. SamWhited has left

  101. SamWhited has joined

  102. jubalh has joined

  103. nyco has left

  104. nyco has joined

  105. nicolas.verite has left

  106. nyco has left

  107. nyco has joined

  108. jubalh has left

  109. intosi has joined

  110. nicolas.verite has joined

  111. intosi has left

  112. daniel has left

  113. daniel has joined

  114. daniel has left

  115. daniel has joined

  116. Mancho has left

  117. nyco has left

  118. nyco has joined

  119. nicolas.verite has left

  120. daniel has left

  121. daniel has joined

  122. daniel has left

  123. daniel has joined

  124. daniel has left

  125. daniel has joined

  126. goffi has joined

  127. daniel has left

  128. daniel has joined

  129. Ge0rG

    That reminds me of the jabber trademark license fee... Is it still a thing for commercial applications?

  130. daniel has left

  131. daniel has joined

  132. arc

    I do not believe so, any evidence to the contrary appears to be a mistake. But you should reach out to PSA for that

  133. arc

    I'm excited to pull in a whole new group of XMPP enthusiasts to the XSF

  134. arc

    http://www.sensei-iot.org/ over 100 members to this IoT working group

  135. arc

    and its all XMPP

  136. arc

    William (the man I met with today) is extremely interested in discussing IoT security issues and cross protocol gateways using XMPP as a core standard for interop

  137. mimi89999 has joined

  138. arc

    how this man, who knows PSA, Michael Holden, Rikard, Peter Waher, and others, has been working with and promoting XMPP for 5 years or more, and has never been invited to join the XSF is beyond me

  139. daniel has left

  140. daniel has joined

  141. fippo

    arc: the xsf is not something where you need an invite to join

  142. Mancho has left

  143. Tobias

    even more scary, you have to candidate and be voted in...think of all the campaigning involved

  144. arc

    fippo: no its not, but you do need to know you can join.

  145. arc

    ive been taking an active approach to reaching out to xmpp library developers trying to grow the xsf membership for the last year, and we've had at least a handful of new members join that way who've been working with XMPP for years

  146. arc

    in many foundations that FOSS devs are used to working around, membership is not so easy. often you do need an invite and often an onerous process to join. joining the Python Software Foundation, for example, has always been a painless but undocumented process which boils down to "what, she isn't already a member? we should add her to the list"

  147. tim@boese-ban.de has left

  148. nicolas.verite has joined

  149. Tobias

    what do you get from joining the PSF?

  150. arc

    the ability to vote and invite to the posh free annual member dinner at PyCon

  151. tim@boese-ban.de has joined

  152. daniel has left

  153. daniel has joined

  154. arc

    and being able to join the members-only list, which boils down to about the same as the XSF

  155. Tobias


  156. nicolas.verite has left

  157. arc

    I was an officer for the PSF before I was a member, I became a member when a board member asked me at pycon if i was coming to the member luncheon and I told him I wasn't a member. He brought me to the luncheon, and I became a member

  158. arc

    your first annual meeting with the PSF (which is the luncheon or dinner) you stand up to introduce yourself. and its done.

  159. arc

    there are several developers with python-dev (aka they have commit/push rights to Python itself) who are not yet PSF members due nobody noticing that they're not members yet.

  160. Valerian has joined

  161. arc

    anyway - so thoughts on this proposed "httpx" URI scheme for http over xmpp?

  162. Valerian has left

  163. Valerian has joined

  164. Valerian has left

  165. Lance has joined

  166. dwd has left

  167. arc

    i guess it boils down to whether XMPP is considered a proxy service or a primary protocol

  168. Valerian has joined

  169. sezuan has left

  170. efrit has joined

  171. Valerian has left

  172. Lance has left

  173. intosi has joined

  174. intosi has left

  175. intosi has joined

  176. sezuan has left

  177. nicolas.verite has joined

  178. Flow has joined

  179. Valerian has joined

  180. jere has left

  181. jere has joined

  182. Valerian has left

  183. goffi has left

  184. xnyhps has left

  185. nicolas.verite has left

  186. xnyhps has left

  187. jere has left

  188. efrit has joined

  189. nicolas.verite has joined

  190. jonasw

    arc: why would one want to do http over xmpp?

  191. jonasw

    I only heard people *joking* about that.

  192. Ge0rG

    jonasw: so that you can tunnel HTTP over BOSH.

  193. Valerian has joined

  194. sezuan has left

  195. jonasw

    arc: I’m sure there are usecases, but which are they?

  196. daniel has left

  197. daniel has left

  198. blipp has left

  199. daniel has left

  200. Valerian has left

  201. blipp has joined

  202. daniel has left

  203. daniel has left

  204. daniel has left

  205. daniel has left

  206. intosi has left

  207. daniel has left

  208. Mancho has left

  209. mimi89999 has joined

  210. daniel has left

  211. Lance has joined

  212. daniel has left

  213. Valerian has joined

  214. kaboom has joined

  215. pep. has left

  216. Lance has left

  217. Ge0rG

    In band http upload?

  218. Ge0rG

    jonasw: we should write up something for next month.

  219. kaboom has left

  220. Guus has left

  221. Guus has joined

  222. vurpo has left

  223. vurpo has joined

  224. Mancho has left

  225. jonasw

    Ge0rG: XEP-0363 over XEP-0332?

  226. sezuan has left

  227. sezuan has left

  228. kalkin has left

  229. Guus has left

  230. Guus has joined

  231. jubalh has joined

  232. Valerian has left

  233. jubalh has left

  234. Ge0rG

    jonasw: Yeah, I'm sure we can add some more layers to the stack... WebSockets, serverless, mdns, json/rest...

  235. jonasw

    I’d rather work on something productive at the moment.

  236. jonasw

    also, my april 1st thing (if I get around to do it) will be on mtr-tiny

  237. jubalh has joined

  238. jere has joined

  239. waqas has joined

  240. jubalh has left

  241. vurpo has left

  242. vurpo has joined

  243. ooih has joined

  244. uc has left

  245. kaboom has joined

  246. jubalh has joined

  247. Guus has left

  248. Guus has joined

  249. Lance has joined

  250. Zash has joined

  251. Ge0rG

    jonasw: I'd like to proof read it, if that's okay for you

  252. jonasw

    Ge0rG: what? what I do with mtr-tiny?

  253. jubalh has left

  254. Ge0rG

    jonasw: Yeah, that one

  255. kaboom has left

  256. Guus has left

  257. Guus has joined

  258. jere has joined

  259. moparisthebest

    Hmm HTTP over xmpp using xep368 over tls on port 443...

  260. moparisthebest

    What's the point? :/

  261. Guus has left

  262. Guus has joined

  263. Lance has left

  264. vurpo has left

  265. vurpo has joined

  266. vurpo has left

  267. vurpo has joined

  268. kaboom has joined

  269. jere has joined

  270. nicolas.verite has left

  271. arc

    jonasw: to hide your IP address

  272. jonasw

    arc: you can use a generic HTTP proxy for that

  273. Zash

    For when you don't have Tor, but do have XMPP?

  274. arc

    jonasw: that would be a fine solution too, especially if there was a manner for your xmpp server to provision it

  275. arc

    and if Tor was more widely deployed that could work too

  276. Guus has left

  277. arc

    i want to close the IP leak tho with shared URLs

  278. blipp has left

  279. Guus has joined

  280. arc

    btw moparisthebest i did a quick and dirty test late last night, exi compressed offers not much in the way of actual compression when used for xmpp due to flushes for stanzas

  281. arc

    there would be a few cases that it would such as some pubsub payloads

  282. blipp has joined

  283. Zash has left

  284. Zash has left

  285. Zash has joined

  286. kaboom has left

  287. arc

    so a lot of the values for a reasonable client's schema has a lot of low values; 01, 02, 04.. compression does pack those values together, but it doesnt save nearly as much as bitpacked does

  288. moparisthebest has left

  289. arc

    and text messages are too small to save a ton unless a dictionary is pre-applied

  290. moparisthebest has joined

  291. daniel has left

  292. arc

    there are some bitpacking schemes you can use to compress latin text down tho

  293. Zash

    Heh, dictionary based on xml:lang? heeeheh

  294. Zash has left

  295. Zash has left

  296. Zash has joined

  297. moparisthebest

    Zstd has an interesting dictionary thing built in too, but if compression can't be secure I don't see why it matters much

  298. kaboom has joined

  299. moparisthebest

    Like secure wouldn't matter on a private LAN, but bandwidth isn't an issue there either

  300. sonny has left

  301. Zash

    Trade-offs everywhere

  302. moparisthebest

    Yup but this tradeoff at least seems basically clear cut

  303. moparisthebest

    Compression or encryption, pick one

  304. jonasw

    moparisthebest: it’s not that clear cut

  305. Zash

    Memory vs security more like

  306. jonasw

    in cases where an attacker cannot inject input into your output…

  307. Zash

    vs compression ratio

  308. Guus has left

  309. Guus has joined

  310. Zash

    Having a compression dictionary per (to, from) would probably be secure and get good compression ratio, but you have to keep a ton of compression streams in memory

  311. Zash

    Compressing each stanza in their own state, or doing a full flush between each stanza is probably secure and don't use too much memory, but you don't get that great compression ratio

  312. moparisthebest

    jonasw: it's basically clear cut, since it's so hard to impossible to make sure attacker controlled input isn't in there, the only secure thing to do is no compression

  313. Mancho has left

  314. moparisthebest

    Especially at the protocol level

  315. Tobias

    wouldn't EXI allow us compression of some contents and not of others..so we could exclude security relevant info from compression

  316. moparisthebest

    Like maybe doing what Zash says is secure, but as a server or client you can't tell if the other end is doing it that way

  317. moparisthebest

    So the only secure thing to do is not support compression

  318. Zash

    You speak like security is absolute. It is not.

  319. Tobias

    moparisthebest, at some level you got to trust the software on the other end, you don't know if the other end of your TLS connection is dumping the cleartext somewhere

  320. moparisthebest

    Tobias: sounds like exis bitpacking without compression makes size smaller while still retaining security

  321. moparisthebest

    Maybe :-)

  322. vurpo has left

  323. vurpo has joined

  324. vurpo has left

  325. vurpo has joined

  326. arc

    well, if my memory and what i just re-read is sane, then in the schema you can define alternative character-restricted CH event types for chat messages

  327. jubalh has joined

  328. arc

    for example, you could offer a latin + extended latin + common emoticons CH type that may still be 6 or 7 bits in size, in which case it'll only use that number of bits in bitpacked

  329. arc

    i do *not* want to write the regular expressions for that though.

  330. arc

    thankfully that'll be up to each client.

  331. jonasw

    that doesn’t sound crazy at all

  332. arc

    i think you would want at least 3 different format options; common latin-based language, 2-byte unicode, and full unicode

  333. jonasw

    and what happens if a client gets send content which doesn’t fit that CH type?

  334. arc

    jonasw: the server would use a different CH type.

  335. jonasw

    ah okay

  336. Zash

    Huffman code all the text?

  337. jonasw

    so there can be multiple :)

  338. arc

    or, if no type is available according to the schema the client requested, then the message would not be delivered

  339. arc

    i do believe so, yes.

  340. arc

    honestly ive stayed the hell away from CH encoding because the regex parser scares the shit out of me

  341. arc

    i need to do it. one of these days, and soon.

  342. nyco has left

  343. nyco has joined

  344. arc

    there are one of three outcomes from such an effort; 1) I finish it and afterward find myself wiser, more self-confident, and appreciating the effort I put in 2) I finish it, but at the cost of whatever sanity I have left 3) I don't finish it, decide to change professions, and end up working at a starbucks

  345. sonny has left

  346. blipp has left

  347. SamWhited

    arc: starbucks? Aren't you moving to Portland? You'll have your choice of much better coffee shops there!

  348. arc

    SamWhited: lol

  349. Zash

    There's a 4th option, move into the woods and become a potato farmer.

  350. arc

    I tried that already. I got really, really bored.

  351. arc

    there's 8 acres of land in New Hampshire owned by a monastic society I founded about a decade ago

  352. arc

    the last I heard there's still 3 people living there.

  353. arc

    try a git clone on a dialup modem...

  354. arc

    but since its a church, its not required to file with the IRS - only updating its information with the state every 5 years. its exempt from paying property taxes, so the land is effectively perpetual

  355. Alex has joined

  356. arc

    in 2020 ill just have to make sure an online form gets filed with the state as a keep-alive.

  357. jubalh has left

  358. Zash

    Probably not too hard/expensive to get fiber. 3G/4G coverage might be good enough too.

  359. arc

    to get there you need to drive down what looks like a driveway, but is a public gravel road, with utility poles that have telephone but no electric. there is only a weak GSM 2G cell service at best (often no signal), no cable, and its too far out for DSL. the only power on the land is 2 solar panels mounted to the roof of a yurt.

  360. Zash

    The word "here" was missing in that sentence.

  361. Zash

    Small village I lived in in like ~2000 had fiber.

  362. Zash

    Then I moved into the city. Got worthless cable with download caps.

  363. Zash

    Local hackerspace only got fiber now and it's pretty central.

  364. arc

    oh they have decent cable internet there, but nowhere near the land. we got the land cheap as hell because there's absolutely nothing near it. there's an adjoining 118 acre plot, and an adjoining 270 acre plot, both of which are owned by family trusts and are never used

  365. sonny has left

  366. blipp has joined

  367. arc

    its overlooking a lake, and on the other side of the lake there is cable service with 100m business class available. if i moved back at any point, I'd buy a tiny shed with a microwave beam from the other side of the lake, and upgrade the solar capacity

  368. jonasw


  369. SamWhited has thought about doing something similar a few times.

  370. arc

    but right now the monastery survives on having virtually no expenses. they have a vegetable garden that sells at the local farmers market, and have bulk supplies delivered down the 4 mile dirt road, and the telephone bill.. but that's about it.

  371. arc

    SamWhited: I can literally tell you everything about incorporating a monastery. ;-)

  372. SamWhited

    I meant getting a tiny shed with Solar (which works very well in Texas) and then getting a Fiber line as far out of the city as Google will run it and doing microwave or something to get it to me.

  373. arc

    ah, yea. thats more sane.

  374. arc

    if you ever lose your mind and need to completely escape i can help there too lol

  375. SamWhited

    Don't tempt me; I'm dangerously close to that again already!

  376. Tobias has joined

  377. waqas has left

  378. boothj5 has joined

  379. arc

    if i did it again id make it a lot more tech focused and closer to a city, a place for techies to retire, or at least retreat to, but without being completely cut off.

  380. arc

    Destiny in Vermont (about 30 miles from the monastery) is a much better model. 200+ acres, permanent kitchen building, sewage, off the grid but good cell service.

  381. Zash

    arc: Let me tell you about the church of Kopimism

  382. Zash


  383. arc

    heh a friend is incorporating a church of cannabis right now with a similar vibe

  384. jonasw

    I read cannibals at the first attempt.

  385. jonasw

    that was way more disturbing.

  386. arc

    jonasw: i like the world you live in. :-)

  387. jere has joined

  388. sezuan has left

  389. SamWhited has left

  390. arc

    no the monastery is associated with Quakers, "Monastic Friends", and is effectively stable with people who just want to retire and live on the land away from technology. we had more technically minded people involved early on, but i didnt understand an important property of group building back then - the early form an organization takes will determine who will remain involved with it, and thus who will shape its future.

  391. Alex has left

  392. arc

    the people there, and by design they're the same people who make decisions for the organization, don't want to grow the monastery or develop it in any way. they just want to live their lives in quiet reflection.

  393. daniel has left

  394. sonny has left

  395. boothj5 has left

  396. nicolas.verite has joined

  397. jubalh has joined

  398. efrit has joined

  399. SamWhited has left

  400. ooih has left

  401. ooih has joined

  402. mimi89999 has left

  403. blipp has left

  404. blipp has joined

  405. Zash has left

  406. efrit has joined

  407. jubalh has left

  408. blipp has left

  409. blipp has joined

  410. winfried has left

  411. winfried has joined

  412. SouL has left

  413. kalkin has left

  414. SouL has joined

  415. kaboom has left

  416. Guus has left

  417. Guus has joined

  418. Guus has left

  419. Guus has joined

  420. efrit has joined

  421. efrit has left

  422. efrit has joined

  423. Lance has joined

  424. mimi89999 has joined

  425. ooih has left

  426. jonasw has left

  427. ooih has joined

  428. ooih has left

  429. uc has joined

  430. pep. has left

  431. pep. has joined

  432. pep. has joined

  433. pep. has left

  434. pep. has joined

  435. pep. has left

  436. uc has left

  437. uc has joined

  438. pep. has joined

  439. pep. has left

  440. pep. has left

  441. pep. has joined

  442. jere has joined

  443. Lance has left

  444. pep. has left

  445. pep. has joined

  446. arc has left

  447. arc has left

  448. Guus has left

  449. Guus has joined

  450. kalkin has left

  451. arc has left

  452. Alex has joined

  453. Alex has left

  454. devnull has left

  455. devnull has joined

  456. jere has joined

  457. daniel has left

  458. Zash has joined

  459. moparisthebest has joined

  460. jubalh has joined

  461. Guus has left

  462. Guus has joined

  463. nyco has joined

  464. nyco has joined

  465. nicolas.verite has left

  466. vurpo has left

  467. vurpo has joined

  468. kalkin has left

  469. nyco has left

  470. nyco has joined

  471. Lance has joined

  472. nicolas.verite has joined

  473. Lance has left

  474. efrit has joined

  475. nicolas.verite has left

  476. jubalh has left

  477. jubalh has joined

  478. mimi89999 has left

  479. mimi89999 has joined

  480. jubalh has left

  481. nyco has joined

  482. nicolas.verite has joined

  483. devnull has left

  484. Guus has left

  485. Guus has joined

  486. devnull has joined

  487. Zash has joined

  488. suzyo has left

  489. efrit has joined

  490. nyco has left

  491. nyco has joined

  492. nicolas.verite has left

  493. nyco has joined

  494. nyco has joined

  495. nyco has joined

  496. nyco has joined

  497. nicolas.verite has joined

  498. daniel has left

  499. jere has joined

  500. waqas has joined

  501. arc has left

  502. arc has left

  503. nicolas.verite has left

  504. vurpo has left

  505. vurpo has joined

  506. nicolas.verite has joined

  507. nicolas.verite has left

  508. nyco has left

  509. nyco has joined

  510. nicolas.verite has joined

  511. vurpo has left

  512. vurpo has joined

  513. Zash has joined

  514. xnyhps has left

  515. xnyhps has left

  516. kaboom has joined

  517. Tobias has joined

  518. arc

    ive learned a lot about how to form a successful new org through many, many mistakes.

  519. nicolas.verite has left

  520. SamWhited has left

  521. waqas has left

  522. Flow has left

  523. jere has joined

  524. nicolas.verite has joined