XSF Discussion - 2017-11-30

Kev: do you have a response to my last email in the mam group chat thread?

I'll try to get to that this afternoon or tomorrow afternoon. My current policy is to spend the mornings coding and afternoons dealing with everything else.

👍

That's a good approach to life :)

I've got a bunch of other changes that need making for 313, so I'm tempted to write up a sentence that I think will make everyone happy, and include that in the patch and see what you think.

jonasw here ?

edhelas, yes

great :)

now that 0060 has been updated I'll see if I can update the XEPs that require multi-items

I was thinking about 0277 and 0330 first

also I'd like to move Bookmarks to that

edhelas, bookmarks is a hot topic, at least wait for next weeks council discussion

yup, I'll update the others because it's just about clarification

for the others, go ahead, those are experimental and deferred

if you have other XEPs in mind please tell me

I don’t, I’m not really in the pubsub space

you should come, it's fun over there

nah, I’m busy in MAM space currently :)

I start to have users that are putting a lot of private information in their XMPP account

I find the standard authentication (password) quite weak and I'd like to know if we could discuss about that

basically maybe work on 2FA and password recovery

edhelas, regarding 2FA, SASL2 might be for you

[xep 388]

-xep 388

jonasw: Extensible SASL Profile (Standards Track, Experimental, 2017-08-24) See: https://xmpp.org/extensions/xep-0388.html

ah nice

edhelas, I have a load of stuff done (coded up, everything) on this.

edhelas, I need to find the time to finish off the spec work.

edhelas, But if you want to help out that'd be awesome.

zinid, to answer your question regarding bookmarks and avatars. this was postponed to next week. we haven't talked about this yesterday

zinid what was your question ?

edhelas, I just asked what was the conclusion on bookmarks and avatars XEPs

edhelas, it seems like some guys don't want PEP based avatars, for the record 🙂 Probably you won't like it a lot 🙂

I want PEP for everything :p

I know 😛

I know

rrr self_ping

nyco - are you here for the upcoming board meeting?

I tried pinging nyco myself this morning and half an hour ago. No response yet.

as did I - same result

I learned from a colleague he's unavailable until at least 5pm, so I don't expect him

ah, to bad.

well, let's give it a few minutes, see if we're lucky.

if only we had a mechanism that'd allow us to see the availability of someone online... ;)

:D

0. Welcome and Agenda

Hi, new board! Who do we have?

I'm here

XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

o/

As said before the meeting, through the grapevine, I've learned that's unlikely that nyco will attend today.

My suggested agenda is relatively simple: pick a Chair.

The Board should also later appoint other Officers.

I'd like to quickly run over the outstanding Trello cards, see what's still relevant.

Can you pick a chair in the absence of a full Board?

dwd: this is indeed a good question. I've tried getting into contact with nyco in various ways. So has Guus.

dwd: I'd be uncomfortable doing so.

I'm not happy about that either

I would not object to postpone picking a chair until we all are present, and move on with other business, having Ralph continue to be chair for the time being.

I think that's acceptable with regard to the bylaws, but opinions welcome.

I'm fine to continue

ok, so then I only offer the point of Appointment of Officers for the agenda

I don't see how the bylaws would forbid it (though neither how they require the full board to elect the chair)

along with walking over the Trello board

1. Confirm minute taker

Who will do the honors?

(dwd?)

I'll do them

(Belatedly, I think delaying voting on a new Chair until all are present is ideal too)

Guus: appreciated, but it would also be nice if it was not a Board member, so that's why I ask

last term dwd offered

I'm AFK in a few minutes, so I can't, sorry.

Kev: thanks!

Ralphm: I'd be happy for someone else to do them. :)

:-)

Let's see if someone else pops up, but for now it is you

I'm only somewhat here. Rather busy today.

ok

2. Appointment of Officers

What Officers?

Besides the Chair, we also need to re-appoint Secretary, Treasurer and Executive Director.

In the previous term, Peter has noted he wanted to step down as ED

Didn't Peter indicate intent to resign the position(s)?

I've not read up in the bylaws. Can you outline the procedure?

but would still be Treasurer. Alex is our current secretary.

Let's ask them if they want to continue for another term

Guus: what!

ARTICLE VI: Officers Section 6.1 Number and Qualifications. The officers of the Corporation shall consist of the following: (a) a Chair, (b) an Executive Director, (c) a Secretary, and (d) a Treasurer. Officers must be natural persons that the Board of Directors elects or appoints. Officers need not be Directors of the Corporation and shall hold office at the discretion of the Board of Directors. Subject to these Bylaws, the Board of Directors may also elect or appoint one or more additional officers or assistant officers as it may deem convenient or necessary. Except as provided in these Bylaws, the Board of Directors shall fix the powers and duties of all officers.

(oh, Gajim, you are so funny with emoticons)

that doesn't state a term for those officers. Is there a requirement to re-appoint them?

(apart from ED, who has expressed intention to step down)

Guus: please read the bylaws

Ok

The term is 1 year for all officers

In any case, I'm happy with the suggestion to ask the existing officers to continue for another term.

Ok.

"Each officer shall hold office for a period of one year or until his or her successor is elected and qualified or until his or her earlier resignation or removal."

Yeah, I think that is a bit ambiguous.

Doesn't hurt to ask them explicitly.

Does it mean you'll hold the office beyond a year if no-one else comes up?

anyway

Shall I draft a quick email to both?

3. Sure

oops

sure!

3. Topics for decisions

I see the item of renaming Draft to Stable.

I think we said last time that there's no consensus. Can we remove this item?

MattJ?

I think we can remove it for now, until a new proposal is made

The current one did not reach consensus

Agreed.

4. Commitments

Apart from that e-mail by Guus, I'd like to add one for searching for a replacement ED

While I'm Chair, I'll take that one

There's also an item about a D&O quote. I think I need to figure that out with stpeter, too.

What is that?

My point

I think nobody remembers exactly

also: as Peter is no board member - why are we tracking this?

Peter is Executive Director

and Treasurer

It was a task assigned to Peter by the boar

*d

iirc

ah.

in both roles, he's invited for Board meetings, as well as the Secretary and the Chair of Council ✏

No-one remembers what 'D&O' is?

Guus, Director and Officer insurance.

Insurance

ah

thanks

Last comment I saw by Peter was 30-8:

This fell off my radar screen. If it is still a priority I can look into it again. It tends to be expensive, but I can report back on details.

Actually, I've looked into this for another Foundation - it doesn't need to be that expensive.

Guus: if you want, please check with Peter

but that might be in a Dutch setting only - unsure

Ok, I will

5. Items for discussion

Let's use this to quickly go over the backlog

Last Board failed to agree on a list of priorities. So let's try for real this time

I'm not sure about the IoT strategy doc, alternative meeting org

the meetups sync seems to be for SCAM?

as there's no progress on both for a long time, lets archive the IoT strategy doc and alternative meeting org.

Aye

I agree on the meetup sync bit - that aught to be scam

for the SPIM thing, that doesn't require anything from us right now. Anyone can write a XEP to propose this

I think the idea of a SPIM-focussed work team is something to be discussed.

ok

Ah. I read that as: create a group of people focussed on that, solely.

Not sure if that needs Board, but sure, let's put it there

I'm not sure why people be more inclined to work on that after being grouped though.

Yeah, I think some concrete goals should be defined before forming the group

That leaves us with the membership survey

Rather than just a vague "we need to fix the spam problem, let's form a group"

Shall I keep that for discussion?

doesn't the survey tie in with the priorities?

maybe

as in: one's output should be the others input?

I'd also like everyone to think about the priorities next to that

nyco appears to have done quite some legwork on that

I mean, we are part of the community, too, so there might be some things you already know you want to work on this term

Shall I move it to discussion then?

+1

sure

Ok. I think we're out of time

6. Date of Next

I've asked for the creation of a SPAM taskforce, which would operate behind closed doors at first, but it was not deemed acceptable.

I suggest +1W

until we hear from nyco otherwise

+1W is fine with me

+1W++

Ge0rG: that's not entirely true. There was simply no consensus

Shall I provisionally move the scheduled item in the calendar?

(yet)

(works for me)

Guus: yes please

7. Close

Thanks all!

one AOB: there's an old wiki page for board with stale data. Can we remove that?

ralphm: I think the consensus was that anybody can form any kind of closed group and that the XSF shouldn't approve of this specific one

Guus: A link would be good.

https://wiki.xmpp.org/web/Board

ralphm: that was not meant as a criticism, I'm okay with the decision - just a reminder of why this was on the agenda

Guus: sure archive

Instead, I propose to redirect that link to the public website (which is what we do for Council, too)

Ge0rG: so we can remove it from our Trello then?

ralphm: unless you want to form an official SPIM fighting group open to the public, I think you can remove it

I'll leave it on for next week, and then we make that decision

Thanks ralphm

thanks, Board :)

thank you guys

XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

MattJ: I'm still missing you in that MUC, and I think you are still blocking messages from strangers.

Can someone give me access to Trello, please?

the Board board, specifically.

I will

tx

Ge0rG, invite me? I'm not blocking messages from strangers (since a while back, as my receipt of many spam messages proves)

Guus: what's your handle?

MattJ: invited you, once again :)

Ok, weird, I didn't receive it :/

MattJ: last time we tried it, it was blocked by some module/config on your server/account.

ralphm: guusderkinderen

done

I've just rescheduled the XSF Board agenda item in the calendar - can someone kindly verify that I didn't mess up?

ralphm: thanks

Looks good to me, Guus. Thanks

great

SamWhited, re colors, I’m thinking of putting the base algorithm in a single block, and only noting the differences for the individual modifications (like CVD correction, background correction etc.) in separate sections

in addition to cleaning up my reference implementation and putting it somewhere public

hmm, my CVD corretion doesn't appear to be working, but without that it's passing the tests

I don't think that was due to anything confusing in the document though, just a bug of mine

ah yah, MSB not LSB

jonasw: I think the second test for blue-blindness correction may be wrong, can you confirm the values there when you get a moment?

sure

working on those things at the moment anyways

hmm, my naive impression is that for blue-blindness that color wouldn't change actually (no blue component when I convert it to RGB), so maybe my implementation is broken. Not sure how it would affect that single value though

maybe the others aren’t affected by blue correction

The first one shouldn't be either, but it appears to be changing (and my implementation seems to work there)

Well, I say "shouldn't be", I'm not sure, I'm just guessing based on the blue component

I should do the floating point version of the math and check

That's weird, if I check the angle before applying the correction it is different from yours for everything *except* this one, but the final result is correct for everything except this one.

what

that’s weird

I haven’t checked the non-floating-point way though

I just trusted what Marcel said on list

I’ll try to implement that in the C++ app I’m currently building right now

afk for dinner now though

jonasw: also, the first test in blue-blindness doesn't have enough columns (I think it's missing the g/b values)

or something; it doesn't match the headers anyways, but it looks like others don't too so maybe the headers are wrong

oh nevermind, I refreshed and that's already been fixed…

SamWhited, if the columns changed, did you accidentally use the wrong tables?

No, I had two versions of the document open and didn't notice. I was using the right one when I put these values in though

I found at least one bug in my blue correction, but fixing that just changed what's failing (all the others are failing and the second one is passing). It's very confusing.

care to paste the cvd and test code?

would be happy to take a look

sure, just a second

I'm still setting the wrong bit on the blue correction, will fix then push

anglei = (anglei & 0x7fff) | ((anglei & 0x4000) << 1);

this is what I’m doing and I think it does the right thing

jonasw: isn't it the inverse of the second bit you want?

the second-most-significant

so if 15th is the most significant, you want the inverse of the 14th

right

right, there you're just taking the second most significant not doing the inverse

that’s not the inverse.

now I need to hceck which is correct with the FP version :)

(I *think* that both would work)

cvd-wise

yeah, with ~ before the last anglei

interesting, apparently CSS will apply **0.45 to the colors, while Qt wont

that’s great >.>

or something else is fishy

Fixed it, I had an order of operations issue the whole time *facepalm*

https://bitbucket.org/mellium/xmpp/branch/xep0392_color

i = (i & 0x7fff) | (((i & 0x4000) << 1) ^ 0x8000) should do the right thing

yup, seems sane

That's easy enough to make simple mistakes on that it might be worth including it in that section

yeah

Same for the "i &= 0x7fff" for red-green blindness

noted for the next update

It looks only slightly less awkward than the Java version. I've really started to love python's struct.pack() for those use cases

int.from_bytes(hash[:2], "little") is what I did

In retrospect I'm not sure why I implemented Go's Hash interface. I can't imagine anyone wanting to use this for large amounts of data or wanting to pass it in as a replacement for some actual hash…

So really I could remove all the API nonsense and have it just be a single function

is anyone working on restoring xmpp.net, by the way? I recall Arc wanted to do something about that

hm, nice, the luasec version needed by xmpppoke doesn’t work with libssl1.1

"nice", "luasec" and "openssl" in the same sentence? sarcasm detected

indeed

debian oldstable it is!

Yeah I built some of these things myself on check.messaging.one.

Debain oldstable too.

Holger, do you happen to have a recipe of some kind for that?

I’m trying to devise a dockerfile I can then throw at iteam

You need an older OpenSSL anyway for the SSLv2 checking.

hm, maybe I should just use the libssl from testssl.sh?

I don't have proper docs sorry, but if you're stumbling over specific issues I can try to recall how I solved them.

nothing out of the ordinary yet

except that developing these things with docker is annoying

I also have various xmppoke backend/frontend fixes. But just a big diff, not individual commits, yay.

:/

could you share these eventually?

I'm sorry. I was annoyed and wanted to get this set up quickly.

Yes sure.

I understand :)

I used OpenSSL 1.0.2k as that's the most-recent version with v2 support.

Needs "./config enable-ssl2 ...".

I wonder if you can get away with just sending a raw SSL v2/v3 handshake and look for success/fail in the response, instead of having full support for it in OpenSSL

Probably.

I’m now giving it a shot with the OpenSSL build used by testssl.sh

which is 1.0.2k with some patches

Ah.

doing the one thing one should probably never do with that piece of software: make insatll.

Ah the backend diff is not that bad actually: https://check.messaging.one/patches/xmppoke.diff.txt

indeed

The frontend diff is :-/

https://check.messaging.one/patches/xmppoke-frontend.diff.txt

... because there's bug fixes hidden between all those cosmetic changes.

https://vignette.wikia.nocookie.net/meme/images/1/1d/Yt655563971_a663674241_z.jpg/revision/latest?cb=20150712012656

Haha.

me when I see web thing

Ge0rG, that's my vision of user invitation on mobile devices: https://projects.zapb.de/tmp/xmpp-invite-conversations.webm

Providing a username is optional, of course

MattJ: there, easy onboarding

jonasw: I figured out what I was looking at earlier when I thought the columns were wrong… in the other version of the document I had open it wasn't an old one, I was just scrolled down to the color pallete tests and they have the wrong number of fields

marc: why do you need to enter two names?

Ge0rG, username is optional (required in this setup) and predefines the username of the JID

Ge0rG, your name = name of the inviter

marc: you don't need any names to create an invitation

Ge0rG, sure, both are optional

or not even possible to be set, depends on your configuration

And ideally the your name field is pre-filled with possibly existing vcard information

Flow, exactly!

Ge0rG, in my current ejabberd setup, inviter name and username are configured as "requried"

that's why they need to be filled out

the inviter name is also used for the roster item

marc: too many things to do....

Get the inviter name from the vCard and let the invitee specify their own name

Ge0rG, once again, that's configurable

you don't even see the input fields if you configure your server in that way

but pre fill the roster entry name on the invitee's UI with the possibly provided inviter name

marc: good job so far

Ge0rG, if you click "invite contact" you immediatley get the QR code

Ge0rG, that's just because I configured the server in that way...

Flow, thanks!

what is the rationale for the "benutername"?

what is the incentive for me to enter it?

Flow, you have the choice to predefine the JID

predefine the JID?

you can set the username part of the new JID

ahh ok, I'd eventually switch the order of fields

If Benutername = "marc", the JID of the new created account is marc@<server>

Flow, yes

I would leave that to the invitee

Ge0rG, you can configure it ;)

Flow, just a proof of concept

sure

But a working one :)

Beware those

But UI is not perfect and there are some corner-case bugs

I made a proof of concept once. Now everyone uses it as if it was production ready!

Sure, that's why I didn't publish the code yet :D

Ge0rG, you're not really convinced, hm? :D

marc: you are doing a good job, and it's important to do. I'm just a hardcore perfectionist.

Getting the right level of feedback is Hard

marc: do you need help wiring the XEP?

I'm sometimes a bit blunt with my feedback, sorry

The trick, according to some blag I saw once, is to make your thing look about as finished as it is

Ge0rG, good, I'm a perfectionist too :D

Ge0rG, I have a XEP version with the protocol flow and some references but far away from "ready-to-submit"

I'll probably push it on my Git repo in a couple of days

marc: That sounds like "ready-to-submit" to me

Zash, not for a perfectionist :>