XSF Discussion - 2017-03-15

  1. Tobias

    subscription request rejections are broadcasted to other resources, right?

  2. jonasw

    Tobias: hmm, I cannot find that in RFC 6121. There is only (in section 3.2.3): The contact's server then MUST send a roster push with the updated roster item to all of the contact's interested resources, where the subscription state is now either "none" or "to" (see Appendix A). CS: <iq id='pw3f2v175b34' to='juliet@example.com/balcony' type='set'> <query xmlns='jabber:iq:roster'> <item jid='romeo@example.net' subscription='none'/> </query> </iq> CS: <iq id='zu2y3f571v35' to='juliet@example.com/chamber' type='set'> <query xmlns='jabber:iq:roster'> <item jid='romeo@example.net' subscription='none'/> </query> </iq> and that doesn’t apply for un-approved contacts because of: Security Warning: Until and unless the contact approves the subscription request as described under Section 3.1.4, the contact's server MUST NOT add an item for the user to the contact's roster. in section 3.1.3

  3. jonasw

    I may be overlooking something but it seems as if this isn’t broadcast.

  4. jonasw

    there is nothing about broadcasting the <presence type="unsubscribed"/> to other resources

  5. Tobias

    hmm..feels strange to distribute the request to all resources, but not the response

  6. jonasw

    could be an oversight

  7. daniel

    Yes this actually leads to undesired effects when I can't dismiss the notification on the other device

  8. daniel

    But yes I noticed that before as well

  9. Tobias

    wonder what could be a possible workaround for that

  10. Tobias

    carbons obviously does only deal with messages

  11. daniel

    That's probably something that should just be fixed at one point or another in the protocol

  12. Ge0rG

    do we have some kind of tracker for "the RFC needs to be amended in the next revision"?

  13. Ge0rG

    Probably PSA used to know.

  14. Tobias

    don't we have a wiki page for that?

  15. Ge0rG

    this one? https://wiki.xmpp.org/web/XEP_and_RFC_Remarks/RFC_6121:_XMPP-IM

  16. Ge0rG

    the only page with the title containing "6121"

  17. Ge0rG

    Tobias or daniel: can one of you specify what's exactly going wrong and how it can be fixed, in that page?

  18. Tobias

    Ge0rG, i can write the issue down on that page, yes

  19. Ge0rG

    Tobias: thanks

  20. Arc

    ok so lets see who shows up early or late today

  21. Guus


  22. Guus

    (must die!)

  23. Flow

    Tobias, daniel: Isn't the roster push sufficient?

  24. Tobias

    Flow, if you add the contact yes, but not if you reject the subscription request

  25. Tobias

    there's no way to tell your other resources that one has rejected it

  26. Flow

    ahh, the contact is not added as pending to the roster

  27. Tobias

    right...the usual subscription spam scenario :)

  28. Flow

    so someone should write a xep with a stream future subscription-rejection-broadcasts which clients can negotiate, no?

  29. Zash

    presence-carbons? :)

  30. Flow

    or, hmm, not sure, maybe part of bind2?

  31. Flow

    or just wait for XMPP 2.0

  32. Zash

    bind2 sorta seems like XMPP 2.0

  33. Flow

    hmm I thought in XMPP 2.0 we would get rid of priorties

  34. Flow

    or is there any current use case for priorities?

  35. Zash

    There are probably non-IM use cases

  36. SamWhited

    I forgot priorities were a thing… again.

  37. Flow

    hmm priority based balanced round-robin fan out

  38. Flow

    I think I wrote a xep about that

  39. dwd

    Could do a roster:2 which does all this by storing roster events in a pair of PEP nodes.

  40. dwd

    (We discussed roster:2 in San José a few years back)

  41. Arc

    Guus: well our board meetings are UTC, thankfully. before it was british time, which is different daylight savings than everyone else so we switched 4 times a year.

  42. Arc

    it should be 1700 UTC. so its an hour later today than last week, the question is out of the 5 of us who will show up an hour early expecting a meeting ;-)

  43. Kev

    Arc: Well, no, British DST is the same as almost everyone else except the US ;)

  44. dwd

    Kev, For another two years. Then, finally free of the shackles of the EU, we shall be able to select our own DST dates!

  45. dwd

    Surely this is why we voted to take back control.

  46. Arc

    Kev: except 2 states in the US that don't do DST like reasonable people

  47. Arc

    when I run for house in Oregon, i'll introduce a bill to eliminate DST there too.

  48. dwd

    Arc, I didn't think it had managed to be state-wide; I thought there were states were it split along county lines.

  49. Arc

    except """Arizona (except for the Navajo, who do observe daylight saving time on tribal lands), Hawaii, and the overseas territories of American Samoa, Guam, the Northern Mariana Islands, Puerto Rico, and the United States Virgin Islands."""

  50. Arc

    there's bills in 3 states right now to kill DST

  51. Arc

    its a populist position right now, nobody likes DST.

  52. Arc

    auspiciously it was created for farmers or industry workers, but its been shown to hurt productivity for both

  53. dwd

    Arc, no, it's for golfers.

  54. jonasw

    let’s make it UTC everywhere.

  55. MattJ


  56. jonasw

    MattJ: for you it would be like simply abolishing DST, right? people here always complain when I suggest UTC.

  57. MattJ

    I used to keep my watch, when I wore one, in UTC year-round

  58. MattJ

    I did it a couple of years on my laptop, but it had too many interesting consequences

  59. MattJ

    so I don't bother any more

  60. jonasw

    hm, I had a UTC clock around me until I figured out that having irssi update the clock once per second via wifi can actually be seen on battery drainage :(

  61. nyco

    hi all

  62. jonasw

    hi nyco

  63. Arc

    hey nyco

  64. Arc

    nyco arrived on time!

  65. Arc

    MattJ: you here?

  66. Arc

    ralphm: ?

  67. ralphm

    I will be in 5 minutes :-D

  68. nyco

    always here but not really, but still...

  69. Arc

    holy crap we have quorum on a DST meeting

  70. Arc


  71. Arc

    Martin: you here?

  72. Martin

    I am.

  73. MattJ


  74. ralphm

    Arc: well, I expected no less. Except possibly you :-D

  75. MattJ

    I'm going to be semi-here, I have another meeting that *was* unfortunately shifted by US DST

  76. ralphm bangs gavel

  77. ralphm set the topic to

    Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  78. ralphm

    0. Welcome + Agenda

  79. ralphm

    Hi all!

  80. dwd starts the minutes.

  81. ralphm

    Suggestions for the Agenda?

  82. jonasw

    has the board to deal with PSA stepping down?

  83. ralphm

    I have Executive Director

  84. jonasw

    if so, that should probably be on the Agenda.

  85. ralphm

    As well as reaffirming other officers

  86. Ge0rG

    Depreciation of deprecated software on the website

  87. ralphm

    I was kinda expecting board members to respond.

  88. nyco

    Ge0rG, would be good, we kind of reached a rough consensus on what neutrality means, while at the Summit

  89. Martin

    Should we work through the "Items for discussion" on Trello? Or have we deprecated that.

  90. Arc

    executive director is a big one. software id like to get a vote on to move forward on it

  91. MattJ

    ralphm, the only thing missing afaics is sponsorship follow-up

  92. Martin

    Oh, wait, I'm out of sync, ignore me

  93. Arc

    and due to PSA's resignation we really need to discuss the other roles he held such as liasons

  94. dwd

    I don't *think* he had any roles left aside from ED and Treasurer.

  95. jonasw

    Ge0rG: +1

  96. Arc

    dwd: some people believe he held liason positions to IETF and ISO, at least.

  97. ralphm

    dwd: right

  98. Arc

    i'd have to look back through the minutes on those tho

  99. nyco

    dwd, hidden/implicit roles, like community leader in the most noble sense?

  100. ralphm

    We don't have a liason to IETF, we are the IETF

  101. ralphm

    (and other people)

  102. dwd

    Arc, we have no formal liaison to the IETF; never had. We do have several XSF members who are active within the IETF too, though.

  103. Arc


  104. ralphm

    Anyway, still at Agenda

  105. Zash

    ( I believe the IETF to actually be a sort of ongoing event organized by the IAB or ISOC, not an organization )

  106. ralphm

    Thanks Zash

  107. Arc

    in any case i think those two are more than enough for the next 20 mins

  108. dwd

    Zash, It's an "activity" of the ISoC, indeed.

  109. ralphm

    Ok, let's go

  110. ralphm

    1. XSF Officers

  111. ralphm

    So, our bylaws state that the Board will have an Annual Meeting to appoint officers

  112. ralphm

    This includes the EO, but also the Secretary and Treasurer.

  113. Arc

    and we haven't done that yet this year.

  114. dwd

    (And the Chair)

  115. ralphm

    dwd: sure, but I guess we did do that already

  116. dwd

    ralphm, Yup. It's daft to try and do the other Officers when you pick a Chair, though.

  117. Arc

    ok so we put a call out for volunteers? or does someone have someone in mind? or should we seek an experienced EO from outside the community

  118. Arc

    outside the xmpp community i mean

  119. ralphm

    So, I think that Alex has to announce this Annual Meeting as per 5.5 of the bylaws

  120. ralphm

    And before we do that, we should indeed look for candidates

  121. nyco

    what's EO?

  122. Arc

    executive officer

  123. ralphm

    Executive Officer

  124. nyco


  125. ralphm

    Bylaws call it CEO

  126. Arc

    since we only have one, (s)he is by default the CEO ;-)

  127. dwd

    (And Executive Director, in equal measure. Hmmmm)

  128. ralphm

    Since Peter has been EO for as long as can remember, it will be hard to fill those shoes as he filled them.

  129. ralphm

    As a role, though, we should be able to find someone to take it up

  130. dwd

    "Unless provided otherwise by a resolution adopted by the Board of Directors, the Executive Director shall be the Chief Executive Officer of the Corporation" (§6.6) but the position is "Executive Director" normally.

  131. Arc

    many foundations go quite awhile without an EO, searching for the right fit

  132. dwd

    So "EO" is rather confusing - either ED or CEO, please - and I think you guys mean ED.

  133. ralphm

    I don't have a particular preference for in- or outside of the community, but having some knowledge of the technology would be good, I believe

  134. Arc

    dwd: CEO.

  135. ralphm

    dwd: thanks for that

  136. dwd

    Arc, I mean: These two are different positions, though the CEO is normally the ED.

  137. nyco

    ok, so who?... ;-)

  138. Arc

    If we have a CEO, we should have one with CEO experience - but who at least knows what XMPP is before we approach them. But I also don't feel strongly that we need an officer position at the moment.

  139. ralphm

    So let's all think hard on how we want to find a candidate

  140. Arc

    a bad or ineffective CEO is worse than none.

  141. jonasw


  142. ralphm

    In the meanwhile, we should ask the current Officers if they want to resume their position for another year.

  143. dwd

    Arc, The bylaws seem to suggest the position of ED must be filled, and that the CEO role must be filled (and by the ED by default), so...

  144. Arc

    dwd: lazywebbing, can the ED be the chair?

  145. Kev

    I note that Peter suggested he was interested in working with the Board on finding a replacement, didn't he?

  146. Kev

    Perhaps including him in the discussion would not be stupid, as he has a better idea than anyone else what he's done in that role over the yeras.

  147. Kev

    And over the years.

  148. ralphm


  149. dwd

    Arc, Unclear. We have had the same person hold multiple officer positions for some time, though.

  150. ralphm

    I'd be happy to take that up with Peter and see how we can start going about this.

  151. Kev

    I believe Peter's had a policy of not being on Board because of his ED role, FWIW.

  152. Arc

    +1 to ralph

  153. ralphm

    Well, the ED actually is another Director, and will be the deciding voice in case of a tie.

  154. ralphm

    (when voting on matters)

  155. Arc

    ralphm: that sounds like a way to proceed; discuss this with PSA about how we can start going about this

  156. ralphm


  157. Arc

    6 minutes remain

  158. dwd

    I think that when Peter started handing over the Editor role, he wrote up a job description.

  159. dwd

    That would seem an excellent start.

  160. ralphm

    Then I motion that Board thanks Peter for huge amount of work he has done as ED and inspiration he's brought to community.

  161. Arc


  162. Kev

    The peanut gallery wishes to support the motion.

  163. Martin

    Hear hear

  164. MattJ


  165. ralphm

    Arc: thanks for the reminder

  166. ralphm

    2. Deprecation of deprecated software

  167. ralphm

    How do we commence this?

  168. Arc

    a suggestion has been made by a few members on this

  169. ralphm

    There's been a lot of talk already. We just need to have people doing this now.

  170. jonasw

    I can comment on what I did to the website.

  171. jonasw

    (with respect to that)

  172. Tobias

    get lazy folks of the iTeam review the stuff that's already in PR and have it work

  173. Arc

    we ask council, by the end of this year, to draft a 2018 recommended list XEP as they've done in previous years to be published early next year

  174. nyco

    get a rough consensus on the criteria

  175. nyco

    non-binary criteria, as we showed during the summit

  176. dwd

    nyco, I didn't notice your vote on ralphm's motion back there - need something for the mintues.

  177. nyco


  178. dwd

    nyco, Ta!

  179. nyco

    that was implicit

  180. nyco

    sorry ;-)

  181. Arc

    and that for now, this year, we simply send out an announcement to the project maintainers for software currently on the website to apply, and include that in the Q2 or Q3 vote

  182. Tobias

    jonasw, will do a full review of your PR this evening and will try getting it working on the website

  183. nyco

    and we should offer him a teddy bear

  184. jonasw

    Tobias: that’d be great. that would at least give us semi-automatic expiry.

  185. dwd

    nyco, Bruno?

  186. nyco

    why not ;-)

  187. Ge0rG

    Arc: can we please send out an announcement right now and remove everything that does not reapply in a month?

  188. Arc

    or, until we have a more formal process, informally ask the project maintainers to put in a PR like someone suggested, and that be that.

  189. Arc

    Ge0rG: that's what I would like to do, yes.

  190. Kev

    I think the idea of just requiring a maintainer to 'ping' to keep their project listed each year is pragmatic and non-contentious.

  191. Ge0rG

    Arc: that's completely orthogonal to compliance suite 2017 / 2018

  192. Kev

    And, crucially, solves the problem at hand without boiling the ocean.

  193. MattJ


  194. ralphm


  195. Ge0rG

    I volunteer to send the mail

  196. Arc

    maybe create a branch on the website github for the projects, remove all software from that branch, and ask that the post a PR against that branch, merging it in next month.

  197. Tobias

    Ge0rG, i suggest doing that as soon as we know that the implementation works and is deployed on the website

  198. jonasw

    Tobias: from what I can tell, it is already merged to master.

  199. jonasw

    https://github.com/xsf/xmpp.org/tree/master/data this at least looks like a lot like what I put in my PR.

  200. Tobias

    jonasw, right...but last i heard it wasn't deployed on the live website :)

  201. Tobias

    will figure that out today

  202. ralphm

    So does Kev's suggestion require that we contact all projects individually, or is a notice on jdev and standards sufficient?

  203. Arc

    is this a motion we want to vote on?

  204. nyco

    we can keep all mentionend software as a hall of History... or good services in the past centuries... so another page?

  205. Kev

    ralphm: I'd say that a post on jdev/standards/members, plus a note on the page about how it's generated would be more than sufficient.

  206. jonasw

    nyco: I would not make it easily discoverable. Users have a talent to find the information they’re not supposed to find for their own good.

  207. Ge0rG

    ralphm: jdev and the blog, I'd suggest

  208. jonasw

    Ge0rG: +standards

  209. ralphm

    I like Kev's idea. Who else?

  210. nyco

    jonasw, well yeah ok ;-)

  211. jonasw

    (I do, but I don’t have a vote in this meeting :-))

  212. Arc

    I think thats a fine idea.

  213. Arc


  214. Kev

    I wouldn't mind an AOB on website ownership, at the end (it's quick, I just want to raise a point for future discussion)

  215. nyco


  216. Martin


  217. ralphm

    Ok, I see Ge0rG has suggested to draft a message

  218. ralphm

    Can you send that draft to board@?

  219. Ge0rG

    ralphm: wilco

  220. ralphm


  221. ralphm

    3. EOB

  222. ralphm

    3. AOB

  223. SamWhited

    ralphm: Can you create me an "Editor Team" trello under the XSF team?

  224. ralphm

    Kev quickly

  225. ralphm

    SamWhited: I'll see what I can do

  226. SamWhited

    (sort of board AOB, sort of personal; we can chat after)

  227. Kev

    ralphm: And I'd like to have (iteam hat on) some admin over the org please.

  228. Kev

    Right, website ownership.

  229. Kev

    I'd like to note that the website currently has no clear owner - once upon a time there was a working, although not perfect, website.

  230. Kev

    Then there was a Board-led initiative to replace it, which happened, and Board ultimately instructed iteam to deploy it before iteam were comfortable with this.

  231. ralphm

    I'd be happy to say that iteam "owns" the website

  232. Tobias

    i thought content wise the XSF owns the site

  233. Tobias

    *copyright wise

  234. ralphm

    Tobias: of course

  235. dwd

    "owns" in what sense? Software, content?

  236. dwd

    Or "has final say"?

  237. nyco

    the latter?

  238. ralphm

    I think the board is about content, iteam about the mechanics

  239. Kev

    Now, iteam clearly don't own (responsibility for) the content on the website, as that's unrelated to infrastructure, so I think this means it defaults to Board. But at the same time, when there's stuff submitted to the site that actually runs on the server, iteam should have some say, but ... there's a mess here at the moment, brought to light by Tobi saying iteam were being lazy for not fixing stuff that wasn't theirs in the first place.

  240. ralphm

    Kev: indeed

  241. dwd

    As an aside, it's a bit of a mystery why the website generation needs to run on the webserver. But still, this might be my ignorance at play.

  242. Kev

    So 1) I'd like a bit more explicit statement of who is responsible for reviewing and merging content changes to the website. 2) I'd like this to include iteam review where it means running stuff on the server.

  243. ralphm

    I think it is fine for iteam to assume control over how the website works, is generated, etc.

  244. Kev

    dwd: It shouldn't. This is just an artefact of what's been somewhat thrust upon us :)

  245. jonasw

    FWIW, this can be enforced with github I think

  246. Tobias

    dwd, it doesn't have to, it can also run in your dockerized blockchain or your blockerized docker

  247. dwd

    Tobias, So some PRs etc to do this would alleviate Kev's problems entirely?

  248. jonasw

    it’s not that simple.

  249. Tobias

    the website consists of many parts, the pelican web content, XEPs, registries, etc.

  250. Tobias

    and soon also the auto generated client software lists

  251. Kev

    I wasn't looking for answers now, I just wanted to bring it to people's attention for future discussion.

  252. ralphm

    Ok. I thought this was an easy topic. But I see we need some more thinking on this.

  253. dwd

    Kev, I think there seem to be two issues:

  254. Arc

    we are T-11 minutes. shall we table and put this on the agenda for next week?

  255. Kev

    dwd: At least.

  256. dwd

    Kev, 1) iteam need to have ownership of code running on the servers.

  257. ralphm

    Arc: yeah, that was my feeling, too

  258. dwd

    Kev, 2) The website should minimize the amount of code running on the servers.

  259. ralphm

    Let's continue this discussion after formal close

  260. Kev

    Arc: I have no need for further discussion right now.

  261. Arc

    Kev: this is important tho, thanks for bringing it to the table

  262. ralphm

    4 Date of Next

  263. Arc


  264. ralphm

    5. Close

  265. ralphm

    Thanks all!

  266. jonasw

    Kev: FWIW, I built a setup for another organisation where content and pelican-stuff for generation was separate.

  267. jonasw

    that would allow to place strict requirements on merges to the generation code and less-strict requirements to merges on the content

  268. jonasw

    taking some load off iteam with reviewing stuff

  269. Tobias

    jonasw, i'll get back to you later today to ask some questions about that then

  270. bear

    running the website generation code on the server was a default thing - the default was that it was already doing it

  271. Kev

    jonasw: Yes, that would be the perfect situation.

  272. bear

    having it run as part of the build process is easy to implement

  273. Kev

    And a wild bear appears.

  274. Tobias

    bear, btw: some people in the XSF asked if they could get access to the twitter credentials

  275. Tobias

    i think Kev asked that once

  276. dwd

    jonasw, bear - I think moving the generation off the webserver would alleviate muhc of Kev's concerns, and just seems the Right Thing to do anyway.

  277. Kev

    bear: Yes, I'd like (iteam hat) to have the credentials, please.

  278. bear

    I can add folks to the twitter group user thingy if they get me a list of IDs and the board nods at me

  279. jonasw

    dwd: where would you put the generation then?

  280. ralphm bangs gavel

  281. Kev

    (As opposed to tweetdeck access to actually tweet stuff)

  282. jonasw

    Kev, Tobias, it’s those two + a non-published build.py web-hook thing which I can also pastebin you somewhere. https://github.com/fsfw-dresden/homepage-2.0-build https://github.com/fsfw-dresden/homepage-2.0-content

  283. dwd

    jonasw, A docker image? Travis?

  284. ralphm

    Wow latency

  285. jonasw

    dwd: I wouldn’t like to have travis build my website, but that’s a matter of taste.

  286. bear

    the build would be done on circleci as part of the deploy step

  287. dwd

    jonasw, I'm demanding solutions, not offering them. ;-)

  288. ralphm set the topic to

    XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  289. dwd gass at the subject change.

  290. dwd

    "gasps", even. Harrumph.

  291. bear

    Kev let me get you the credentials to twitter

  292. Kev

    bear: Thanks muchly. RO in my homedir on perseus or similar seems sensible. Although XMPP between private servers works just as well.

  293. Tobias

    also, did the recent months of increased twittering helped with our number of followers?

  294. jonasw

    Kev, Tobias: re the repositories, one should note that the Makefile is not the default pelican makefile, we made some adjustments to make it work with a non-default "content" directory (so that we could build multiple branches without having to mess with the content submodule)

  295. Tobias

    jonasw, one step at a time :) on feel free to create a list of issues :)

  296. jonasw

    I can drop an issue with random notes on the subject, sure

  297. ralphm

    dwd: why?

  298. dwd

    ralphm, Why what?

  299. ralphm

    Why gasp

  300. dwd

    ralphm, I didn't notice you'd changed it beforehand. Is this purely to disprove my assertion that nobody remembers to change the subject?

  301. ralphm

    I've been doing that since the Summit yes

  302. jonasw

    Tobias, Kev, https://github.com/xsf/xmpp.org/issues/277

  303. Kev


  304. bear

    i'll look at that issue tonight and see if I can get all of the build stuff out of the server and onto the lovely circleci free services

  305. jonasw

    if you want to run that in some CI third-party service you probably don’t have to bother with that.

  306. jonasw

    (with that what I describe in the issue, I mean)

  307. bear

    i'll read the issue and try to implement the suggestions if they make sense

  308. Ge0rG

    Yay! Another vulnerability in WhatsApp. Looks like it could have happened with XHTML-IM as well. https://news.ycombinator.com/item?id=13876087

  309. Tobias

    yeah..they should have used RTF

  310. MattJ

    Tobias, https://nakedsecurity.sophos.com/2012/05/09/what-the-rtf-mac-and-windows-users-at-risk-from-boobytrapped-documents/

  311. Tobias

    they sure must have fixed all vulnerabilities by now :D