XSF Discussion - 2018-01-11

daniel, >> - the requester has received directed presence from the user. > > Doesn't work in MUC either I believe. (You can't send directed presence in muc iirc)

on join you send directed presence to a MUC (but to the full JID)

jonasw: yes but you can't send directed presence to other participants which is what we are talking about here right?

I don’t think so

the MUC service will proxy the vcard requests, from what we gathered here last night

so from the perspective of your server, the vcard request will come from the MUC bare JID

Mhhh maybe. So the implication is that everyone in that muc can access your vCard?

yupp

like it’s now

i find that a bit complicated. my understanding is that server devs usually don't want to track your muc joins

they’re implicitly tracked as directed presence anyways

we don’t need to know that it’s a MUC join

just that it’s directed presence

but directed presence aren't tracked are they?

they need to

for the type="unavailable" when the client exits

that’s in RFC 6121, I think

Actually, since MUCs can give you a different nickname, join tracking is probably needed. Not that common tho

daniel: are you sufficiently convinced of my proposal now? ;)

Ge0rG: if anying the directed presence access control should be in front of the entire vCard

I don't see Why pep avatars should be treated differently from vCard avatars

See me second email

Besides the way *both* implemations work that pre date the xep is the copy the Avatar on create.

daniel: I think that "make my vcard public to the world" is a feature that long pre-dates the security awareness of normal people.

you don't do that today

daniel: I'd be okay with putting everything of vcard behind a presence subscription firewall

I'm OK with that. This requires changing a historic xep though...

daniel: Which is why I made my proposal as I did. It doesn't violate security expectations, requires changing a proto-XEP and some non-standard implementations ;)

I'm ok with it too, as a server dev

Probably behind a config option, though

MattJ: the access control in front of the vCard?

Yes

As in, some deployments (or some users perhaps) should be able to have a public vcard if they want to

Yes

For some deployments, not being behind a presence check doesn't make it public.

I meant public as in, no access control

Right, I was supporting your point of a config option.

jonasw, Zash - Also nickname changes get a bit weird without tracking.

I just wanted to make a minimal change to presever the current privacy properties, not start a new bike shed ;)

Ge0rG: don't claim other people are bike shedding. This might upset some people. Scnr

Ge0rG, Issuer in TOTP URI - it can be anything. Well, I've said 1*CHAR but in reality that's URI encoded. "XMPP" is only used in an example, as far as I know.

Ge0rG, Could vCard access be controlled by the PEP Avatar access controls? Just a thought here.

Dave Cridland: how would that work in muc?

Dave Cridland: would work for me.

Dave Cridland: yes, "XMPP" is used in an example, but I still got confused by it. Maybe something like "BigCorpXMPPService" would be more suitable to indicate the non-normativeness of that special string?

Ge0rG, Well... We need to figure out if we *want* a normative string there. It might be useful/nice to have "XMPP", or "Jabber" there by default.

daniel, Not really thought this through much.

Dave Cridland: I have no idea about the implications of that string.

Dave Cridland: is it just a tag in your TOTP key manager?

Ge0rG, In Google Authenticator, it shows the line above the address.

Ge0rG, So I have Google, LastPass, GitHub and PostOffice there, for example.

Dave Cridland: It might be counter-productive to have three lines of "XMPP", then.

I find presence based access control in front of vCard very reasonable. As this so fixes what most users would expect these days

while we’d be at it: would it make sense to extend that access control to "shared presence or has sent a subscription request"? I.e. if A wants to subscribe to B, should B be allowed to see the vcard of A?

jonasw: yes

despite A not having shared presence with B.

and should that privilege cease when the subscription has been accepted but B did not subscribe to A?

jonasw: I think that proper presence pre-approval will solve both of your questions in a clean way

Besides, it also makes it easier to befriend people

I also want presence pre-approval. But apparently it's complicated(tm)

Ge0rG, It lists both the Issuer and the Account, so having multiple "XMPP" would be fine. I have multiple "Google" with different accounts, for instance.

Ge0rG, "proper presence pre-approval"?

Flow: support for https://xmpp.org/rfcs/rfc6121.html#sub-preapproval

Perfect proper presence pre-approval, presumably?

Germans prefer "Super proper presence pre-approval"

Flow, Doesn't alliterate as well, though.

Ain't all about alliteration.

Although alliteration's always awesome and appealling.

Guter Gedanke, gerade Gewürzgurke gegessen.

It's not only Google who managed to not upgrade to TLS everywhere. It also affects Cisco WebEx Jabber. So sad.

Well Cisco Jabber does TLS. @cisco.com doesn't have it enabled.

Didn't we just had a discussion about e2ee in WebEx?

Yeah, someone said it's awesome.

I'm sure it is.

XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

o/

0. Welcome and Agenda

Who do we have today?

Guus sent regrets.

I'm here

I'm here

Good. nyco also mentioned he'd be here. He's refurbished our trello board, so I think we can start from there

Anything else?

Nothing from me

Ok.

Ditto

1. FOSDEM / XMPP Summit preparation

Many things have already been arranged by several people, most notably Guus and intosi. We have a Summit Venue (same as last uncountable years), we have a Van, hotel options.

Anything that hasn't already been taken care of?

I think the most pressing things, as listed by Guus are a) aggregating sponsors (usually for Lunch and Dinner) and b) swag / print stuff

I need someone who can do a)

I did it last year

But to be quite honest, I'm not eager to do it again

Because we seem to be lacking the means to actually collect the money that we seek

Apparently this has been a problem for multiple years

and this comes under the funding/financing card I put in Trello for discussion, it's not necessarily just FOSDEM-related

We haven't someone being on top of it, indeed

Ok, so we need to quickly recruit someone, if we don't have people offering right here

Help from the floor is appreciated.

I suggest that, as much as possible, you get people to pay for things directly.

To avoid needing to collect funds.

Kev: that is indeed a reasonable suggestion, but I think especially for Dinner this is not necessarily easy

As an observation, someone has to actually pick up the tab for (for example) lunch, and then claim it back from somewhere. If that person isn't directly claiming it from the sponsor, then it requires a expense claim to the XSF and an invoice from the XSF to the sponsor.

For Dinner it's even worse, since that's usually the biggest single bill.

Dave Cridland: indeed and we've not been awesome at this

Dinner/lunch and convenience may be one thing, but in general I don't think the XSF ought to shy away from collecting funds

or expenses

AFAIK, the XSF never invoiced Isode for their sponsorship last year (I've not checked with accounts), but equally we've not claimed back what we put in either towards taxis etc., which was about the same amount.

I just think that traditionally these have both become painful inefficient processes

Sending expenses to stpeter has generally been handled properly, afaict

ralphm: I'm not sure that's true. I think that often involves bank fees that leave people out of pocket, unless people know the system in advance.

That is another, valid, issue indeed

(To be clear: Not that Peter has handled them improperly, but that the end result has been improper)

yeah, understood

There's been previous chatter about setting up a EU presence to handle that, but we never progressed on this

As a suggestion, can someone (not me) work out what needs paying for the summit, how much it's going to cost, and ask for sponsors for each item (full or partial) that would pay it themselves.

This is not the Right thing to do, but it might be the expedient one.

I think Van and Lunch is rather easy. Dinner, as said, not so much.

Otherwise I think we're at gathering arbitrary money amounts, and getting people to pay stuff/expense, etc.

Kev, I have been talking through some figures from previous summits with Guus toward this end, actually.

And for swag and stickers it is rather easier, too.

Isode have already offered to sort out the van. I'm not sure if Guus said 'yes' yet.

Kev, I believe that's all done and dusted.

Excerrent.

Kev: well, I'll gladly accept

Ok, it seems we can't resolve this fully right now.

When Guus is back tomorrow, I'll have a chat

and see what we can do

Figuring out a candidate list of sponsors would be useful, but for obvious reasons cannot be done entirely in public.

Then, in terms of swag, I think we have virtually none left.

(Since otherwise folks can tell who refused)

I think I have one hoodie here, no stickers, no banner

(but we do have a projector now)

hi

sorry

hi nyco

works veeeery weirdly

ah

logs are dead once again

can't work...

nyco, http://logs.xmpp.org/xsf/2018-01-11/#14:29:45 ?

I'm not sure if this is the right venue for discussing what to do for swag, etc. here, but I do want commitment from Board to make sure whoever orders especially clothing, gets payed expediently

I think that's fine, but we should set an upper limit?

Didn't we already give Guus a budget?

Dave Cridland: do you remember what we used for budget last time around?

for things like this

MattJ: I think we did

ralphm, Nope. Not sure we did last time around, we relied on existing stock.

ralphm, I can only really talk to 2015's figures, since I happen to have those.

"The board all agreed that a $1,000 per year budget was approved."

Oh, so I'm talking rubbish. :-)

ok, once again, my Movim, my Conversations, and MAM are not in sync, too painful to reconstruct my unsent messages

Dave Cridland: I meant 'last time we ordered'

nyco: first I saw was 'hi' and 'sorry'

yeah, messages lost before that

Ok, given that budget, I think we can work with this. I'll hammer out the details with Dave Cridland and Guus

And discuss what we actually want in the SCAM room

I don't know if it's sensible, but a small number of 'summit 2018, Brussels' t-shirts for people might be nice.

(Just putting that out there)

I think that's enough on FOSDEM/Summit for this meeting

Kev: good suggestion

2. GSoC

I'd love us to do this again.

hello - I just got back.

Hi Guus

I have to vanish at this point. Possibly unfortunately. Poke me if you want things from me.

*Kev disappears in a puff of smoke*

Haha :)

My PT is waiting at the gym. She will kill me.

Kev: just running GSoC, that's all

Kev, if we would do GSoC, would you be interested in adminning again?

Assuming he may have left, I think we should do GSoC either way

I motion we do, provided we have someone offering to admin (either Kev or someone else)

Right

(trying to read back quickly: I did accept Isodes offer for arranging a Van. Said van has already been arranged. SCAM does indeed have a budget. I was unsure of the swag stock, so we'll need to order that. I have plenty of stickers and server folders, nothing else)

If Kev declines, he may still be able to provide some description of what's involved

Guus: I'll pick up the swag stuff with you

are affiliates interested in doing GSoC under the XSF umbrella again, this year?

maybe we should do a very quick inventory, if there's any interest?

ralph, ok

We basically need proposals, in two weeks time

I think in this meeting, we just say +1 / -1 on wether we want to start this

I have +1 from MattJ and myself

+!

nyco?

+1

+1

So I'll ask Kev (again) if he'd like to admin again.

+1 of course for GSoC

ok

3. Board Priorities

nyco you had ideas on moving this forward

yeah, meeting

h the card

buh

https://trello.com/c/yZOaF3WH/247-board-priorities-2018

We have to organise a long, dedicated meeting: * using voice and video and screen sharing * each one of us exposing his thoughts, facts, observations, numbers, gut feelings, and cognitive biases * listening to and understanding each other, accepting all the divergences * try to converge * come up with a high-level list of priorities for this year * if possible, commit to deliver some

got this msg?

Yes

I'm +1 on scheduling this

Likewise

+1

as am I

good, I'm on it

MattJ, Martin are you coming to the Summit?

Yes

you're thinking of doing it in person? would be good.

I'm not I'm afraid, poor timing of a series of hospital visits

ah, to bad.

https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios

Guus: that was indeed my idea, but we might still be able to, with Martin remote?

online, no pressure

ok

I'm fine with either.

https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios

Yeah, we have the link

4. Bus Factor Bank Account

What we need here (again) is a volunteer

I also prefer a Member

but I'm not sure if this has to be a requirement

to me, Peter's suggestion looks fine, we should just make them a member

As I've written, I'd like to know what the banks default procedure is here.

Peter was going to look into that, I think.

So we reply with a request for that?

Yeah, I think we should know that in any case

But I'm fine with one of the people he mentioned being a backup

ralphm: yeah - although I believe it's already being acted on.

Guus: ok, so what do we do right now?

confirm with Peter that he's looking into that, wait for his feedback.

lok

ok

Then I'm through my major items

5. AOB

for the record: did we agree to offer the reimbursement for summit/fosdem expenses to the three gsoc students of last year, as discussed on the board list?

I think we decided on list that we'd provide funding for young potential. Just stating we did.

If it wasn't clear, I'm +1

so let's move the card

ok. I'll work with Kev to relay the offer to the students.

Me too

Splendid

6. Date of Next

Outside of the planning of the Priorities Meeting, I suggest +1W for our regular get-together here.

+1w works for me

I'm unsure if I can make it. While following the hearse this morning, we heard of another death in the familiy. :/

7. Close

Thanks all!

Guus, my sympathies

thanks.

Guus: sorry to hear.

I'll send out an email when the funeral planning is definite.

Ralphm: when do you want to do swag?

if we're to order stuff, we probably shouldn't wait to long

we can move this into the SCAM muc though

Now?

sure

Hope Dave Cridland can join to at least see what we did last time

He sent me an expense sheet

Test

Test

ralphm, He has the spreadsheet I did from 2015.

Oh crap, I forgot if someone could take minutes :-(

what's the rule for Deffered already ?

12 months without any change iirc

I'm actually implementing https://xmpp.org/extensions/xep-0320.html in Movim

ok

yeah, deferred is ~automatic

I should run the script again

Oh, then it's probably time to change PARS

got this error on our Wiki while trying to create a new account: Account creation error Error sending mail: Failed to connect to atlas.jabber.org:25 [SMTP: Failed to connect socket: php_network_getaddresses: getaddrinfo failed: Name or service not known (code: -1, response: )]

Does it reproduce?

ralphm: I'm happy to be involved as an org admin, but I don't have the time to be 'the' org admin this year. So I'd want someone else to step up and commit to doing all the legwork.

(Which is often more work than being a mentor, so not someone who wanted to mentor too)

Kev: does not allow to me add the same user again, and I don't want to create a dummy user right now to repro

So. What's the largest public MUC not related to XMPP?

do IRC channels through biboumi count

going by this page: http://search.wensley.org.uk/chat/

do rooms about clients count? :)

if not, IT-MSE probbaly counts, whatever that is

GNU/Linux is second (30)

“16:56:55 mathieuii> at least Anu is safe, Link Mauve has no apple device”, my iMac G3 doesn’t count? ;(

But like every other of my non-Nintendo computers, it runs Linux.

Although half of my Nintendo computers run Linux too.

you are a strange (but cool) person.

Heh, thanks. ^^

strange is the new cool