-
emxp
Guus, Ge0rG: Coming back to the 'new' Foundations discussion. My intention is a) focus on important issues in the xmpp comunity in general b) maybe put paid devs on these task or specific clients which are likey to improve the UX of xmpp in general (yes, money is an issue i know) c) build a platform/website to show what xmpp can do for standard users who never heard of xmpp before d) may provide general information about the network (number of users, how does xmpp work etc) - you get what my intention is? I dont talk about if that's likely to happen. I ask whether is the right way?
-
Guus
emxp: I don't know. There likely is not one right way. If you see value in it, by all means.
-
Ge0rG
emxp: (a) yes, 100%. I'm trying that for a while now. (b) not only money is an issue, fair distribution of the money is as well. (c) I'm not sure people are reading such websites, but it might attract some nerds / multipliers, so yeah! I wish we could host it on jabber.org... (d) that's actually hard. The XSF is trying to, but you can hardly get reliable data from a federated system like XMPP
-
daniel
If you are good at fund raising by all means go ahead. I don't think developers will say no to money
-
daniel
Ironically fund raising is a full time job. So as soon as you start you'll have to raise enough money to at least pay your own salary
-
Ge0rG
daniel: actually, to pay for two people.
-
Ge0rG
...so that you have one effective developer
-
daniel
My personal approach is to create a sustainable business model. I know that's quite revolutionary idea in today's world. But you it might be more... sustainable...
-
zinid
sustainable model is to get hired :D
-
mathieui
daniel, did you think about pitching your idea to a VC to get funding? :p
-
daniel
zinid, only if that company itself has a sustainable business model. i'm sure the matrix developer can agree
-
Ge0rG
I've heard that Erlang an C++ developers are in high demand...
-
emxp
daniel, Ge0rG: For me there is no direct discussion of fairness. the foundation can act transparent, only invest in open source code and only spend money to task/work they all agree to. based on some principles - opensource, leading for xmpp, of intrest for xmpp community etc.. If people dont agree to those projects, they wont spend. so the foundation is forced to define task which are in the interest of most xmpp users somehow... or they can define task, the necessary effort, and let people donate and offer like 10-20% of the necessary amount. It's better to have a central plattform to collect task, than wait for third party aproaches maybe
-
emxp
I think most people, dont like to donate, if they have no idea, about where the money goes
-
Kev
Pushing only OSS projects sounds like a Really Bad Idea, given where so much of the XSF's expertise and effort has come from over the years.
-
mathieui
Kev, yeah, although I can see the point if people are donating the funding
-
emxp
mathieui: what do you mean exactly
-
emxp
Kev: Just an example. What software would you suggest to support?
-
Zash
Some may find it weird to donate to commercial projects.
-
Kev
Ah, this is a separate 'pay for software' foundation? I thought you meant the XSF.
-
Kev
If it's some 'pay for opensource XMPP foundation', it's fine to focus on open source.
-
Kev
Zash: Sure, so it has to be both non-commercial and open source? :)
-
Ge0rG
Kev: I think that OSS is the only way to ensure that the software won't just fold up and die at any moment in time after or before the funding stops.
-
Kev
Ge0rG: I don't think OSS ensures that at all. But I understand what you mean.
-
Ge0rG
Kev: with closed source, there is no way at all to achieve that.
-
Ge0rG
Kev: and there are many viable business models around OSS, so I don't think this is about offending commercial closed-source providers.
-
Kev
Also not true, but it's harder to get anyone to agree to it.
-
Ge0rG
Kev: it's always hard to agree on how to spend money. Your first remark is a good example of that.
-
Kev
Ge0rG: If the business model is viable, we don't need a new foundation to be fundraising to inject money, I suppose? :)
-
Ge0rG
Kev: so we need to focus our money on non-viable business models. Wow, that sounds like a very awful framing of paying for non-commercial OSS development.
-
Kev
I don't have any problem with someone running a "raise money and we'll give it to projects" org, BTW. I misunderstood and thought it was suggested to do it through the XSF, which I disagree with.
-
Kev
I think the prospect is filled with difficulties, but as long as it's not the XSF that's shouldering them, more people working in XMPP is good :)
-
Ge0rG
The more I think about it, the more I like the idea of resurrecting the Jabber Software Foundation.
- mathieui start writign JEPs
-
Ge0rG
Which is my second "it used to be more appropriate in the past" epiphany after "message routing was better before Carbons, and we should try to get back to it"
- mathieui starts writing JEPs
-
Kev
Routing was better before carbons?
-
Zash
Ge0rG: I suddenly have this urge to tell you something along the lines of "I told you so"
-
Ge0rG
Kev: I've been pondering about how to improve the message routing mess we are currently in, and my proposal for a future XMPP would be this: - messages to the bare JID are persistent, routed to all online resoures and archived - messages to a full JID are ephemeral, only routed to the target full JID (or bounced) and not stored.
-
Ge0rG
- resource locking must be burned with fire.
-
Ge0rG
and this is very close to XMPP message routing rules pre-Carbons
-
Kev
I'm fine with that in principle, although we're not ready for "resource locking must be burned with fire." because of not having a sensible caps story yet, but we could get there. We need to anyway, because of carbons.
-
Ge0rG
Except there is no sane way to get from here to there.
-
Ge0rG
Kev: because of carbons and archives.
-
MattJ
There are ways though
-
Ge0rG
and race conditions.
-
Kev
The idea of not doing full-JID fallback is sensible enough, in a MAM world.
-
Kev
But only if you archive. Hmm.
-
Ge0rG
Kev: if we make full-JID synonymous with ephemeral, there is no need for fallback.
-
Ge0rG
But reassigning the semantics of full-JID is a tough call.
-
Kev
Except for requiring a forklift upgrade.
-
Ge0rG
Kev: I'm open to less radical suggestions.
-
Kev
I was trying to think through whether it was possible for a 'modern' client on a 'modern' server to accept messages in 'old' style, but still do sensible things.
-
Ge0rG
Kev: but I think it's important that we analyze the situation we are in, determine that it's a huge mess, and have a vision of where we want to be in X years.
-
Kev
I guess there is.
-
Kev
If we in some way mark sessions as being xmpp 1 or xmpp 2.
-
Zash
Design from the top instead of the bottom?
-
Ge0rG
Kev: https://wiki.xmpp.org/web/XMPP_2.0 ;)
-
Kev
Ge0rG: I don't disagree with that. I've been trying to do this for some time.
-
Kev
(that being working a way out of the mess)
-
Ge0rG
and I'd love that vision to be "XMPP(-IM) is a transport protocol to synchronize a message history between a user's devices on login and live.
-
Ge0rG
plus what we have with presence, that's working well more or less.
-
Kev
I think a long session at the next summit would be justified.
-
Ge0rG
Zash: yeah.
-
Ge0rG
Kev: +1 to that, though I don't know yet if I can attend.
-
Kev
Or a fully-virtual summit.
-
Zash
Ge0rG: Yeah, I too have this feeling that we've built a bunch of things that we don't know how they are supposed to fit togeather.
-
Kev
Or just a video chat between interested parties. Whatever.
-
Kev
I don't think IM/mail is the most productive way to work through such a core issue.
-
Kev
(But I could be wrong)
-
Ge0rG
Kev: I think that whoever is going to attend a live meeting needs to understand the problem first.
-
Zash
FOSDEM isn't too far away?
-
Ge0rG
Zash: it's not just a feeling, it's our current situation. Have a look at the interop between MAM and MUC, MUC and Carbons, etc.
-
Ge0rG
Even presence in MUC is a challenge.
-
Ge0rG
And the current situation is sufficiently f***ed up that we can't fix it by piling more protocols on top.
-
Kev
I think needing to understand the problem is why high-bandwidth is useful.
-
Kev
I'm not at all convinced that it can't be fixed by building on top, though.
-
Ge0rG
I'm pondering about writing something long-ish to explain the problem as I see it and possible solution directions
-
Zash
Ge0rG: MAM, MUC, Carbons, SM, Push, CSI etc
-
Ge0rG
Zash: yeah.
-
Kev
All your examples there included MUC.
-
Zash
And the number of things involved has grown to be more numerous than what fits in my head
-
Kev
Binning MUC and replacing it might be an idea...
-
Ge0rG
Kev: what Zash said.
-
Ge0rG
Kev: how should Carbons and MAM interact with 0184 ACKs for example?
-
Kev
I think they're all necessary. Whether they're called individual things, or xmpp2core just gets really long.
-
Kev
You need archiving, you need groupchat, you need routing rules, you need app-level acks, you need push, you need bandwidth management...
-
Ge0rG
Kev: all those things are needed, yes.
-
Ge0rG
Kev: that's not the question. The question is how to make them work together.
-
Ge0rG
They are all individual patches for individual problems, and they interop badly.
-
Kev
I'm far from saying everything's perfect. I challenge the notion that things can't be fixed without binning the core, though.
-
Kev
And we certainly need The Big Picture sorted.
-
Ge0rG
Kev: this is not about binning the core.
-
Ge0rG
Kev: but about some of the assumptions it made that are not appropriate any more.
-
Kev
You'll remember (you won't, actually, because it was before your time :)) that I started a protoXEP for this many many years ago, but we didn't have the building blocks to solve it. It was in the days before MAM et al.
-
Ge0rG
Kev: I'm not intending to replace XMPP with JSON-REST. But I want to start from The Big Picture and see what needs to be changed to make XMPP2 work well.
-
Kev
I'm very much in favour of big-picture here.
-
emxp
Kev: Yes, i was talking about a different organsisation and if my thoughts are senseful
-
Zash
And big-picture needs a big whiteboard! :)
-
Kev
Maybe Ge0rG should publish a Thought-A-Day on each of the problems he sees with the current state, so it's not TL;DR, and at the end of the series we've got the full picture :D
-
jonasw
Kev, I thnik he started a blog series :)
-
Kev
Odd, I thought I had planet jabber in my feed.
-
jonasw
does the xmpp.org blog federate to that?
-
zinid
I'm lost, xmpp2.0 is coming?
-
zinid
just don't use XML anymore :)
-
Zash
funny
-
zinid
or JSON if that matters
-
zinid
JSON is XML of nowadays
-
zinid
kids from 2030s will laught at us again
-
Zash
Wake me up when ASN.1 is cool again
-
zinid
never?
-
zinid
it's not modern, ya know
-
zinid
protocol buffers is THE THING
-
Ge0rG
actually, protocol buffers is one of the saner protocol designs.
-
jonasw
Zash, ASN.1 over XML over JSON over HTTP over XMPP over VTEP
-
jonasw
Ge0rG, I’m not convinced by their implicit defaults.
-
Ge0rG
Kev: I've started a blog post series on "Easy XMPP", which is different. I think for this one, I'd rather go with my personal blog and the "xmpp" tag there.
-
Ge0rG
jonasw: admittedly, I haven't had a deep dive into it. But any protocol that doesn't implicitly encode data lengths and uses escapable special markers is sane for me.
-
Zash
jonasw: Considering ASN.1 being something of a schema thing, and the existence of an XML encoding of it ... I wonder if there's a JSON one yet.
-
Ge0rG
https://blog.plan99.net/its-time-to-kill-the-web-974a9fe80c89 was an awesome post showing that all the modern web protocols actually fail the same way the US telephone network did in the 70ies. Mixing of meta-data and data.
-
Zash
Make Gohper Great Again
-
Ge0rG
The author is calling it "buffer overflows" and meaning "lack of explicit buffer lengths", but it's all the same story.
-
Zash
Don't LangSec people say that that's a giant security hole too?
-
Ge0rG
Zash: that what?
-
Ge0rG
Kev: I'm just not sure if I can start with individual problems and somehow arrive at the big picture.
-
Zash
Whop's, bit got flipped in the length field and everything turned into a giant buffer overflow!
-
Zash
Something something length fields don't fit into some simpler language category?
-
zinid
Ge0rG: why not prefix length? you can parse it in parallel, unlike scanning
-
Zash
Because Heartbleed?
-
Zash
Length prefixed fields helped so much there
-
Ge0rG
Zash: the issue with heartbleed was conflicting length fields.
-
zinid
Zash: using same logic I would say don't use C then
-
jonasw
zinid, that’s a reasonable statement :-)
-
zinid
well, yes :)
-
Ge0rG
Zash: besides, my point wasn't that old protocols are sane, just that the current ones are mad.
-
zinid
yeah, like http2
-
zinid
tcp over http, wtf...
-
Zash
Gotta let Google have their optimizations
-
zinid
right, today everyone is accepting what Google suggests, to be exact, what's good for their bussiness
-
zinid
IETF is degrading
-
Ge0rG
W3C has fallen.
-
Ge0rG
zinid: https://jacquesmattheij.com/the-web-in-2050 is for you :P
-
zinid
Ge0rG: wait, I didn't finish reading your first article (about kill web)
-
zinid
Ge0rG: for the record, from your article: > The fix: All buffers should be length prefixed from database, to frontend server, to user interface. There should never be a need to scan something for magic characters to determine where it ends. Note that this requires binary protocols, formats and UI logic throughout the entire stack.
-
Zash
I forget where I read it, but you shouldn't underestimate human-readable protocols and formats. At least not for early versions. Later versions being binary might be sensible.
-
Zash
It was kinda cool way back in the day to open the XML console and see something that made sense.
-
Zash
Or View Source and reading the HTML and stuff.
-
Zash
can't do that anymore tho, not with all the minifications and whatnot.
-
zinid
Zash: yes, it was cool because there were no encryption, I used tcpflow for this ;)
-
Holger
Not sure why $length:$readable_data would be impossible though.
-
zinid
actually, there can be well-defined mechanism to dump structures in human-readable form
-
zinid
like they do for WebAssembly
-
Zash
Do binary protocols usually have that tho?
-
Zash
Like, included by default and accessible?
-
jonasw
Zash, protobuf does
-
zinid
Zash: I don't think so, but it's not that hard to write rules how to dump protobuffs structures for example
-
jonasw
Zash, $homebrewbinary probably doesn’t
-
zinid
and dumping structures is trivial and not error prone (almost)
-
zinid
unlike parsing them
-
Zash
Sure sure, but text formats make it really easy to get into fiddling with things, which helps with early adoption.
-
Zash
Of course it comes back to bite you later, but still.
-
jonasw
*shrug*
-
jonasw
XML worksforme
-
zinid
this is the same argument as Python vs Haskell
-
zinid
Python will bite you later for sure
-
zinid
duck typing accepts no excuses
-
Zash
Duckt tapeing ftw
-
jonasw
duct taping?
-
jonasw
kinky
-
Zash
DuckDuckTape?
-
Ge0rG
Holger: it's not impossible with human-readable formats, but then you end up with whitespace or newline in the wrong place and the parser freaks out :(
-
jonasw
Ge0rG, #poezio? ;-)
-
zinid
anyway, I'm relaxed, because I implemented XML codec for ejabberd, it does the same as asn.1/protobufs/etc and it works (despite everyone cries you should not validate)
-
Ge0rG
jonasw: no way :P
-
jonasw
Ge0rG, a good example of a working system is the chunked HTTP encoding
-
Ge0rG
jonasw: how many HTTP entities will accept unix LF instead of CRLF, what do you think?
-
jonasw
Ge0rG, right, it’s CRLF
-
Zash
The finer points HTTP header syntax will make you mad
-
jonasw
Zash, I’ve seen a fun talk about that
-
jonasw
forgot how it was called
-
Ge0rG
jonasw: also is there a CRLF at the end? https://stackoverflow.com/questions/33878377/why-are-some-servers-not-using-crlf-after-the-last-chunk-length-of-zero ;)
-
jonasw
but they made ascii-art out of well-formed HTTP headers, soo....
-
jonasw
TIL there are trailers
-
Ge0rG
movie trailes? or the ones you live in?
-
jonasw
Ge0rG, the ones behind the last chunk in chunked transfer encoding
-
jonasw
read the answer you linked :)
-
Ge0rG
Oh. My. God.
-
SamWhited
> tcp over http I start twitching every time I hear that because it makes me think of BOSH…
-
zinid
bosh... plz god no
-
Zash
speaking of which, anyone feel like going around the interwebz and purging old pre-standard xmpp-over-websockets implementations?
-
MattJ
Sorry, I have a soft spot for BOSH
-
zinid
I have a bunch of issues related to mod_bosh, it's brutally hard to debug with all that overcomplicated sid/rid/cid crap
-
zinid
just terrible protocol
-
SamWhited
Indeed… impossible to debug, hard to implement in any reasonable way, can't really be decoupled from the underlying thing it's transporting (although the XMPP over websocket protocol is that way too)
-
Zash
Thanks Web & JavaScript!
-
SamWhited
it's a right pain.
-
Ge0rG
There is a followup to kill-the-web: https://blog.plan99.net/what-should-follow-the-web-8dcbbeaccd93
-
Zash
CORBA YEAAAAAh
-
fippo
have you heard of dns over http aka DOH?
-
Zash
fippo: It needs moar JSON
-
zinid
Can't we deprecate bosh btw? Do we still need it when we have websockets?
-
pep.
https://caniuse.com/websockets I suppose we could
-
Ge0rG
zinid: are you going to pay the developers of all BOSH clients to migrate?
-
Ge0rG
Also I wonder how that will work with TCP interruptions, bad firewalls / web firewalls, etc.
-
Ge0rG
Also how good is WebSocket library support for non-webbrowser applications?
-
Zash
Maybe we should have standardized two xmpp-over-websocket versions. One with WebJS fiddlery and one that's just the same as TCP but over WS
-
Zash
Does Websockets work with all those restrictive corporate firewalls that are forcing everything into becoming https on 443?
-
Ge0rG
Zash: I think WS is masquerading as HTTPS, but of course with irregular traffic patterns.
-
Ge0rG
Zash: so it will work with the subset of firewalls that don't look too deeply into the traffic and don't have low timeouts
-
moparisthebest
zinid, excellent work on TLS SRV patch :)
-
zinid
> are you going to pay the developers of all BOSH clients to migrate? Wow, we now care about backward compatibility? What about private storage, vcard avatars, privacy lists? Who payed the developers?
-
zinid
moparisthebest: thanks
-
mathieui
zinid, nobody, and most clients are still using private storage
-
zinid
regarding firewalls: it's just https traffice, timeouts will be handled by stream management
-
zinid
mathieui: I know ;)
-
dwd
zinid, I think we still need BOSH. We have to use it on occasion.
-
moparisthebest
I'm biased, but I think web clients use websockets, and non-web clients use direct TLS, both are equivalent when over 443 as far as evil firewalls go
-
zinid
moparisthebest: I think this webby stuff is mostly for browsers now, no?
-
zinid
not sure why would a non-web client use bosh/ws
-
moparisthebest
iirc gajim has a bosh implementation
-
moparisthebest
but I agree it *should* be
-
zinid
dwd: can't we use ws occasionally? :)
-
dwd
We experience browsers with websockets explicitly disabled. This is far from ideal, but still, they exist.
-
moparisthebest
dwd, I didn't know that was a possibility
-
mathieui
zinid, when you have no other choice for direct connection, ws/bosh in desktop clients seem like a nice fit
-
Kev
We experience browsers too old to websocket, too.
-
Kev
(Yes, yes, I know, I know, but they do)
-
mathieui
hopefully they will be 0dayed into history before long
-
zinid
damn, so I need to fix those mod_bosh bugs :(
-
zinid
thank you!
-
dwd
zinid, Also, I don't think your IPv6 is working.
-
zinid
dwd: it doesn't, yeah
-
zinid
something wrong with firewall probably
-
dwd
Kev, No, we're seeing new browsers, but with it disabled. And no, I didn't know either.
-
moparisthebest
mathieui, but for a desktop client direct TLS is also a (far easier) option whenever ws/bosh is
-
Kev
dwd: Yes, you said that, I didn't doubt it.
-
mathieui
moparisthebest, sometimes you cannot
-
zinid
dwd: the problem with ipv6 is I have nowhere to test it from
-
zinid
dwd: I don't have ipv6 at home, so...
-
moparisthebest
mathieui, aren't you connecting to ws/bosh over direct TLS ?
-
moparisthebest
unless you mean, fully in-the-clear-no-tls-xmpp :/
-
pep.
moparisthebest, sometimes non-standards ports are blocked
-
mathieui
no, I mean, you can proxy those from 443 with nginx
-
moparisthebest
and you can alpn (or protocol-inspect, ew) xmpp and http to xmpp server or nginx on 443
-
moparisthebest
it all depends on the server to have it set up properly, but bosh/ws does too
-
jonasw
moparisthebest, alpn will be blocked by firewalls if they really want to
-
moparisthebest
yes it can be, and probably will one day, but not by wifi hotspots in coffee shops most likely
-
moparisthebest
also why it's not required, daniel and I talked about it back in the day, conversations will probably try with alpn and if it fails then without it, or vice versa
-
Zash
not *yet*
-
moparisthebest
so today, using alpn, you can have client -> sslh (based on alpn) -> (prosody,nginx)
-
zinid
yeah, ALPN is a really bad idea if you want to bypass the DPI: you're literally saying: "hey, I'm jabber"
-
moparisthebest
today you could also, without alpn, have client -> stunnel (or something decrypting TLS) -> sslh (based on xmpp/http) -> (prosody,nginx)
-
moparisthebest
the original spec sent the SRV name in SNI and used that to multi-plex :P
-
moparisthebest
no one liked my wanton abuse of SNI though :'(
-
dwd
moparisthebest, Wouldn't work in Java, I think.
-
zinid
for the record, I heard it TLS v1.3 sni and other extensions will not be that easy to inspect
-
zinid
can somebody confirm?
-
zinid
I tried to read the I-D, but it's brutal
-
moparisthebest
yea TLS lib support for "serve the certificate for xmpp.org when server1.xmpp.org is in SNI" is probably spotty/non-existant
-
moparisthebest
I used sslh to multiplex on SNI and prosody just served the 1 cert regardless meh
-
moparisthebest
zinid, I know people were pushing to encrypt SNI/ALPN but last I heard it was abandoned to the future, they might have done something to obfuscate it or something, not sure
-
zinid
moparisthebest: too bad, because the government firewall is annoying (it detects SNI)
-
moparisthebest
which government?
-
zinid
russian
-
moparisthebest
ah that sucks
-
dwd
zinid, We could work around that.
-
dwd
zinid, Use starttls to establish the session and then resume it on directtls.
-
moparisthebest
you are just announcing it another way, also they could inspect the certificate coming back couldn't they?
-
zinid
dwd: but starttls can be detected easily
-
moparisthebest
so my work on 443 just holds your connection up temporarily, connects on it's own to see if the TLS handshake succeeds (and only supports TLS 1.0), and only if successful lets your connection through
-
moparisthebest
so if you only support TLS 1.1+ it won't allow that either, without also supporting 1.0...
-
zinid
yes, they could inspect the certificate
-
zinid
so I would prefere all parameters to be encrypted
-
zinid
*prefer
-
moparisthebest
it's a shame to have to consider that at a country level
-
moparisthebest
but nowadays even 'free-er' countries like UK look like they are moving in that direction...
-
zinid
right, you never know who's next
-
zinid
so this should be developed now
-
zinid
thus I'm wondered the TLS folks abandoned the idea
-
moparisthebest
it's been a year or two since I looked, hopefully it was picked back up idk
-
moparisthebest
the reason was because it breaks all the multi-plexing TLS business like I do with sslh
-
moparisthebest
so akamai and such were super against it
-
moparisthebest
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
-
moparisthebest
August 29, 2017
-
moparisthebest
safe to say it's actively being worked on
-
zinid
but 20 pages...
-
Zash
Weren't all the CDNs strongly opposed to that?
-
moparisthebest
ha yea it's not short
-
Zash
oh you said that
-
Zash
20 pages is not what?
-
moparisthebest
but whatever they come up with there in theory should apply equally to ALPN
-
moparisthebest
Zash, he is saying https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 is 20 pages long
-
zinid
moparisthebest: there is a lot non-normative text, it's fine after all
-
moparisthebest
I can't find anything about ALPN encryption
-
SamWhited
I hadn't seen that; might be interesting to try and do an early implementation in our TLS 1.3 stack. I might give that a shot one of these days if I can convince my boss to loan me to the crypto team for a bit.
-
SamWhited
Does it look relatively implementable in its current form?
-
edhelas
https://signal.org/blog/private-contact-discovery/
-
mimi89999
edhelas: We saw it.
-
zinid
mimi89999: in another chatroom ;)
-
Ge0rG
If we all are in all the same rooms, can't we just merge them into one?
-
Zash
Ge0rG: You are the one who started another? :)
-
jonasw
... after people complained about off-topic discussions here
-
Zash
The off-topic discussions there are too on-topic!!
-
Ge0rG
Zash: that's not my fault.
-
mimi89999
Ge0rG: 😁
-
zinid
last time I checked there was dead silence in this room
-
zinid
now it's active, that's cool
-
Ge0rG
zinid: board meeting approaching
-
zinid
Ge0rG: nah, I mean several years ago
-
MattJ
ding
-
Arc
dong
-
Martin
Ding ding, board o'clock
-
MattJ
Looking promising :)
-
nyco
hey
-
Arc
4/5 this looks very promising
-
MattJ
ralphm, ?
-
nyco
I have to leave at :30 max
-
MattJ
Ok
-
Arc
i cant stay much beyond :30 either
-
Martin
Ok, let's get cracking then
-
Martin
1. Roll call
-
MattJ
Here
-
Arc
Here
-
nyco
Présent
-
Martin
2. Minutes, any volunteers? dwd?
-
jonasw
I can do it
-
jonasw
but I’ll also have to leave at :30
-
Martin
Thanks jonasw, much appreciated.
-
Martin
3. Topics for decisions
-
Martin
Drawing from here: https://trello.com/b/Dn6IQOu0/board-meetings
-
Martin
3.1: Logo amendments. Struggled to get this tied off last week, thoughts?
-
Arc
+1
-
nyco
+1
-
MattJ
I think it was left last week that ralphm wanted other board members to express their opinion as well
-
nyco
voted on the GH issue
-
nyco
done
-
MattJ
I was in favour, but it seems some folks are fairly against the change
-
MattJ
I continue to be +1, for the record
-
Martin
OK, me too
-
Arc
We are the only ones who even notice the glitch. It doesnt substantially alter our logo in any way a non-xsf member would ever notice.
-
Arc
we notice it because we end up with it in front of us in inkscape, like guus did
-
Guus
board is now 4 times +1, one time 0.
-
Arc
(and btw, I printed the "fixed" logo on the trifolds for fosdem and nobody even noticed)
-
Guus
Arc: someone did.
-
Guus
*twitch*
-
SouL
Yes, I did :(
-
SouL
That was supposed to be a happy smiley face, issues for using more than one keyboard layout.
-
Ge0rG
That logo has been triggering my OCD for years.
- jonasw pokes the participants
-
Martin
OK, so we're decided, it's approved
- Arc cheers
-
Martin
Moving on
-
Martin
4. Commitment list
-
Martin
4.1 D&0 quote?
-
jonasw
in one sentence for the minutes, what’s that?
-
nyco
no news? let's move on?
-
Martin
jonasw: I don't know. There's nothing more in Trello and this card precedes me being on Board
-
jonasw
I am amused.
-
nyco
stpeter is assignee
-
jonasw
I won’t put that in the minutes ;-).
-
nyco
thx
-
nyco
Council/board bios?
-
nyco
Arc and Martin, type here a short sentence! ;-)
-
Martin
4.2 Board bios
-
mimi89999
You chose the version where the 2 parts of the logo don't cross?
-
Martin
Will do my best
-
ralphm
Hi. I'm commuting, but following along
-
nyco
next item?
-
Martin
5. Items for discussion
-
Martin
5.1 XSF Editor team. There's a comment from Guus that this might be solved?
-
ralphm
.
-
Martin
…ok… anyone else got anything on this?
-
jonasw
I suspect no.
-
nyco
nope, next? ;-)
-
Arc
I have no basis to say anything on the topic
-
Martin
5.2 Legal notice on old public domain XEPs
-
Martin
https://github.com/xsf/xeps/pull/345
-
Martin
Looks like it's been merged, so I think the card's out of date
-
Martin
5.3 Ongoing marketing activities & budget. It seems I added this card, but back in February, which is definitely too long ago for me to remember what it's about
-
Arc
you know we can, for once, close the meeting early :-)
-
ralphm
So if we don't know what to discuss, can we remove it?
-
Martin
ralphm: That's what I'm doing. If there's nothing, it's gone.
-
ralphm
I have one minute thing: elections
-
nyco
yes please
-
ralphm
Shouldn't we have started this year's round?
-
Martin
5.4 Blog post on hold: nyco?
-
jonasw
is that anything board needs to discuss?
-
Martin
Nothing. OK. Next. AOBs.
-
Martin
ralphm: Elections?
-
ralphm
Yeah, sorry for jumping the agenda
-
nyco
blog post is published, so unblocked, but needs some fixes, in discussion with Guus, card can be archived
-
ralphm
But we need to have them
-
jonasw
Alex, you around?
-
MattJ
ralphm, Alex said he was working on it
-
nyco
what elections?
-
ralphm
I missed that
-
jonasw
^
-
jonasw
what elections? board?
-
MattJ
a couple of weeks ago
-
ralphm
Council and board
-
MattJ
jonasw, yes
-
jonasw
yeah, alex mentioned he’d work on it after the Q3 application meeting
-
Guus
Indeed, Alex mentioned he was going to address that soonish.
-
jonasw
"ASAP" were his words back then :)
-
ralphm
Ok. Martin can you put that in our Trello?
-
Arc
our last job as a board
-
ralphm
What, no
-
ralphm
Preparation takes weeks
-
ralphm
Finding candidates, then the online voting, etc
-
Arc
i mean, seeing a new board into their new role
-
Guus
(is board involved in the prep or execution?)
-
ralphm
Well ultimately we are responsible, yes
-
ralphm
Details are in the bylaws
-
ralphm
Also
-
Arc
Guus: tricking, er, fooling, er, convincing 5+ people to take the role is the board's responsibility. we can't leave until its done
-
jonasw
itym "welcoming"
-
ralphm
We should all consider if we would like to run again, as will council, and try and find good candidates for board
-
Arc
jonasw: yes, "welcoming"
-
SamWhited
I always get those confused :)
-
nyco
I'm gone, sorry, bye all!
-
MattJ
Thanks nyco
-
Arc
yea i need to head out soon. is there AOB?
-
MattJ
I think we're done
-
Guus
The XEP status thing?
-
Martin
Think we're done, if people are going to start breaking off
-
Guus
Didn't Sam add a card?
-
jonasw
meh, someone forgot to put that on the trello I’m afraid, Guus
-
ralphm
Thanks!
-
jonasw
ah, no it was there
-
ralphm
Guess we're done?
-
Martin
Ah, yes, "Rename Draft to Stable"
-
jonasw
but ralphm interrupted the agenda before it could be reached
-
Alex
yes I am here, cacthing up o the messages :-)
-
Arc
is it pressing such that we can't do it next week?
-
jonasw
personally, I don’t think so
-
Guus
Not pressing I think
-
SamWhited
It's not pressing
-
ralphm
Agreed
-
Martin
Right, then we're done.
-
Martin
+1W for next?
-
Arc
+1W
-
ralphm
Yay. Thanks for chairing Martin
-
ralphm
Wfm
-
Arc
yes thanks for chairing
-
MattJ
Thanks
-
jonasw
Alex, can you give me a quick statement for the minutes on the status of the preparation of the elections for board & council?
- ralphm takes back hammer and bangs gavel
-
Arc
thanks ralphm :-)
-
Alex
jonasw: I was trying to find out when we had the election last year, need to look this up on teh memberlist, becasue the meeting minutes form last year are not on the new Wiki
-
jonasw
okay
-
jonasw
I’ll note that down as "preparation in progress"
-
ralphm
Last year was too late
-
jonasw
with some "data recovery needed due to data loss"
-
Alex
wanted to do this this week, but had to travel unexpted again then for the whole week to a customer
-
ralphm
We've been slipping over the years. Used to be in August
-
Alex
hopefully I can get some work done in the hotel in the evenings
-
ralphm
Cheers
-
ralphm
I know how life can conflict with foundation duties
-
Guus
Alex: need a hand?
-
Alex
https://mail.jabber.org/pipermail/members/2016-September/008346.html
-
Alex
https://mail.jabber.org/pipermail/members/2016-November/008397.html
-
Alex
ralphm: yes, but we also said we should stick the 12 month term
-
ralphm
Yeah, I know
-
ralphm
So this is a good time to start then, right?
-
Alex
we had discussion a while ago to either make a term longer or shorter once, and agree on a fix schedule
-
Alex
I think Peter proposed a calendar year, Jan 1st to Dec 31,
-
Alex
ralphm: yes, this is why I have it on my TODO list for this week
-
Alex
I can setup the Wiki page this evening, and send out an Email
-
ralphm
Yay
- Alex is on EST time this week
-
moparisthebest
calendar year makes sense for serving times, you'd still want the vote (much?) earlier though to avoid voting over holidays/new year
-
SamWhited
It seems like if you did calendar year that the first meeting would never happen because people would be on vacation.
-
moparisthebest
that TLS SNI encryption RFC is making my brain hurt
-
Zash
RFC? Wasn't it an I-D?
-
zinid
moparisthebest: it's http fronting, not sure how it's better than tor for example
-
zinid
I read it too
-
SamWhited
I should figure out how the printer in this building works so that I can read it…
-
zinid
easy in fact
-
zinid
The current draft proposes two designs for SNI Encryption in TLS. Both designs hide a "Hidden Service" behind a "Fronting Service". To an external observer, the TLS connections will appear to be directed towards the Fronting Service. The cleartext SNI parameter will document the Fronting Service. A second SNI parameter will be transmitted in an encrypted form to the Fronting Service, and will allow that service to redirect the connection towards the Hidden Service.
-
zinid
that's all
-
Zash
SamWhited: PC LOAD LETTER
-
Zash
I should figure out how to turn arbitrary RFCs and I-Ds into epubs or something I can read on the eink thing
-
Zash
It's a pain, but at least I don't have to deal with printers.
-
zinid
what is a problem to ban this "fronting" sni?
-
zinid
I really don't get it
-
Zash
Wait so it's TLS over TLS???
-
jonasw
Zash, https://tools.ietf.org/ebook/
-
zinid
Zash: yes :)
-
zinid
kinda
-
jonasw
rfc-std.epub appears to contain all the RFCs. It doesn’t take at all long to load on my machine....
-
Zash
I believe I have one of those already
-
Zash
Not the most optimal to navigate unfortunately
-
zinid
ah, I got it, you can use any junk in the Fronting SNI
-
zinid
probably :)
-
moparisthebest
Zash, it's got txt/xml/pdf/html/bibtex
-
Zash
what?
-
moparisthebest
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
-
pep.
anybody using this https://xmpp.org/extensions/xep-0146.html
-
Zash
moparisthebest: those are not what I want
-
moparisthebest
pep., I thought council voted to deprecate that?
-
pep.
Doesn't seem deprecated to me, yet. "Last Updated: 2006-03-23"
-
pep.
But I could see why
-
Zash
https://www.zash.se/upload/-kIpyeZzS4C6LOXuehhxhQ.jpg
-
moparisthebest
pep., Council meeting minutes 2017-08-30: Vote on obsoleting XEP-0146 (Remote controlling clients) Period has expired with missing votes from Tobias and Dave. Dave and Tobias say they are happy with their implicit +1s.
-
moparisthebest
so, officially, it's deprecated, I think? editors? :)
-
pep.
k
-
moparisthebest
or obsoleted
-
jonasw
moparisthebest, oha
-
jonasw
I remotely recalled there was something like that, thanks for pointing this out
-
jonasw
moparisthebest, I can’t find it in the council minutes you mentioned, are you sure it’s the correct date?
-
jonasw
ah, nevermind
-
jonasw
found it
-
jonasw
yeah, that indeed needs Deprecation
-
moparisthebest
jonasw, btw if you want to add alpn support to your client I can give you a test account on my server
-
Zash
jonasw: btw a big reason why I wanted xep->markdown was to produce epubs using pandoc, and it works pretty well for that
-
pep.
https://xmpp.org/extensions/xep-0267.html what about "Server Buddies"? Anybody using it?
-
Zash
I wanna use it for all sorts of things, but haven't gotten around to it :(
-
moparisthebest
pep., this references it https://blog.process-one.net/wp-content/uploads/2016/07/Fighting-XMPP-messaging-spam-thanks-to-ejabberd-API.pdf
-
moparisthebest
more in a 'for the future' way
-
pep.
cool, thanks
-
Guus
I've applied the logo change in most of the obvious places
-
Guus
if someone finds an old logo somewhere, please let me know
-
Ge0rG
Google Image search is full of it...
-
MattJ
DMCA