XSF Discussion - 2018-01-11


  1. jonasw

    daniel, >> - the requester has received directed presence from the user. > > Doesn't work in MUC either I believe. (You can't send directed presence in muc iirc)

  2. jonasw

    on join you send directed presence to a MUC (but to the full JID)

  3. daniel

    jonasw: yes but you can't send directed presence to other participants which is what we are talking about here right?

  4. jonasw

    I don’t think so

  5. jonasw

    the MUC service will proxy the vcard requests, from what we gathered here last night

  6. jonasw

    so from the perspective of your server, the vcard request will come from the MUC bare JID

  7. daniel

    Mhhh maybe. So the implication is that everyone in that muc can access your vCard?

  8. jonasw

    yupp

  9. jonasw

    like it’s now

  10. daniel

    i find that a bit complicated. my understanding is that server devs usually don't want to track your muc joins

  11. jonasw

    they’re implicitly tracked as directed presence anyways

  12. jonasw

    we don’t need to know that it’s a MUC join

  13. jonasw

    just that it’s directed presence

  14. daniel

    but directed presence aren't tracked are they?

  15. jonasw

    they need to

  16. jonasw

    for the type="unavailable" when the client exits

  17. jonasw

    that’s in RFC 6121, I think

  18. Zash

    Actually, since MUCs can give you a different nickname, join tracking is probably needed. Not that common tho

  19. Ge0rG

    daniel: are you sufficiently convinced of my proposal now? ;)

  20. daniel

    Ge0rG: if anying the directed presence access control should be in front of the entire vCard

  21. daniel

    I don't see Why pep avatars should be treated differently from vCard avatars

  22. daniel

    See me second email

  23. daniel

    Besides the way *both* implemations work that pre date the xep is the copy the Avatar on create.

  24. Ge0rG

    daniel: I think that "make my vcard public to the world" is a feature that long pre-dates the security awareness of normal people.

  25. Ge0rG

    you don't do that today

  26. Ge0rG

    daniel: I'd be okay with putting everything of vcard behind a presence subscription firewall

  27. daniel

    I'm OK with that. This requires changing a historic xep though...

  28. Ge0rG

    daniel: Which is why I made my proposal as I did. It doesn't violate security expectations, requires changing a proto-XEP and some non-standard implementations ;)

  29. MattJ

    I'm ok with it too, as a server dev

  30. MattJ

    Probably behind a config option, though

  31. daniel

    MattJ: the access control in front of the vCard?

  32. MattJ

    Yes

  33. MattJ

    As in, some deployments (or some users perhaps) should be able to have a public vcard if they want to

  34. daniel

    Yes

  35. Kev

    For some deployments, not being behind a presence check doesn't make it public.

  36. MattJ

    I meant public as in, no access control

  37. Kev

    Right, I was supporting your point of a config option.

  38. Dave Cridland

    jonasw, Zash - Also nickname changes get a bit weird without tracking.

  39. Ge0rG

    I just wanted to make a minimal change to presever the current privacy properties, not start a new bike shed ;)

  40. daniel

    Ge0rG: don't claim other people are bike shedding. This might upset some people. Scnr

  41. Dave Cridland

    Ge0rG, Issuer in TOTP URI - it can be anything. Well, I've said 1*CHAR but in reality that's URI encoded. "XMPP" is only used in an example, as far as I know.

  42. Dave Cridland

    Ge0rG, Could vCard access be controlled by the PEP Avatar access controls? Just a thought here.

  43. daniel

    Dave Cridland: how would that work in muc?

  44. Ge0rG

    Dave Cridland: would work for me.

  45. Ge0rG

    Dave Cridland: yes, "XMPP" is used in an example, but I still got confused by it. Maybe something like "BigCorpXMPPService" would be more suitable to indicate the non-normativeness of that special string?

  46. Dave Cridland

    Ge0rG, Well... We need to figure out if we *want* a normative string there. It might be useful/nice to have "XMPP", or "Jabber" there by default.

  47. Dave Cridland

    daniel, Not really thought this through much.

  48. Ge0rG

    Dave Cridland: I have no idea about the implications of that string.

  49. Ge0rG

    Dave Cridland: is it just a tag in your TOTP key manager?

  50. Dave Cridland

    Ge0rG, In Google Authenticator, it shows the line above the address.

  51. Dave Cridland

    Ge0rG, So I have Google, LastPass, GitHub and PostOffice there, for example.

  52. Ge0rG

    Dave Cridland: It might be counter-productive to have three lines of "XMPP", then.

  53. daniel

    I find presence based access control in front of vCard very reasonable. As this so fixes what most users would expect these days

  54. jonasw

    while we’d be at it: would it make sense to extend that access control to "shared presence or has sent a subscription request"? I.e. if A wants to subscribe to B, should B be allowed to see the vcard of A?

  55. Ge0rG

    jonasw: yes

  56. jonasw

    despite A not having shared presence with B.

  57. jonasw

    and should that privilege cease when the subscription has been accepted but B did not subscribe to A?

  58. Ge0rG

    jonasw: I think that proper presence pre-approval will solve both of your questions in a clean way

  59. Ge0rG

    Besides, it also makes it easier to befriend people

  60. daniel

    I also want presence pre-approval. But apparently it's complicated(tm)

  61. Dave Cridland

    Ge0rG, It lists both the Issuer and the Account, so having multiple "XMPP" would be fine. I have multiple "Google" with different accounts, for instance.

  62. Flow

    Ge0rG, "proper presence pre-approval"?

  63. Ge0rG

    Flow: support for https://xmpp.org/rfcs/rfc6121.html#sub-preapproval

  64. Dave Cridland

    Perfect proper presence pre-approval, presumably?

  65. Flow

    Germans prefer "Super proper presence pre-approval"

  66. Dave Cridland

    Flow, Doesn't alliterate as well, though.

  67. Kev

    Ain't all about alliteration.

  68. Dave Cridland

    Although alliteration's always awesome and appealling.

  69. jonasw

    Guter Gedanke, gerade Gewürzgurke gegessen.

  70. Ge0rG

    It's not only Google who managed to not upgrade to TLS everywhere. It also affects Cisco WebEx Jabber. So sad.

  71. Holger

    Well Cisco Jabber does TLS. @cisco.com doesn't have it enabled.

  72. Ge0rG

    Didn't we just had a discussion about e2ee in WebEx?

  73. Holger

    Yeah, someone said it's awesome.

  74. Ge0rG

    I'm sure it is.

  75. ralphm set the topic to

    XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  76. MattJ

    o/

  77. ralphm bangs gavel

  78. ralphm

    0. Welcome and Agenda

  79. ralphm

    Who do we have today?

  80. ralphm

    Guus sent regrets.

  81. MattJ

    I'm here

  82. Martin

    I'm here

  83. ralphm

    Good. nyco also mentioned he'd be here. He's refurbished our trello board, so I think we can start from there

  84. ralphm

    Anything else?

  85. Martin

    Nothing from me

  86. ralphm

    Ok.

  87. MattJ

    Ditto

  88. ralphm

    1. FOSDEM / XMPP Summit preparation

  89. ralphm

    Many things have already been arranged by several people, most notably Guus and intosi. We have a Summit Venue (same as last uncountable years), we have a Van, hotel options.

  90. MattJ

    Anything that hasn't already been taken care of?

  91. ralphm

    I think the most pressing things, as listed by Guus are a) aggregating sponsors (usually for Lunch and Dinner) and b) swag / print stuff

  92. ralphm

    I need someone who can do a)

  93. MattJ

    I did it last year

  94. MattJ

    But to be quite honest, I'm not eager to do it again

  95. MattJ

    Because we seem to be lacking the means to actually collect the money that we seek

  96. MattJ

    Apparently this has been a problem for multiple years

  97. MattJ

    and this comes under the funding/financing card I put in Trello for discussion, it's not necessarily just FOSDEM-related

  98. ralphm

    We haven't someone being on top of it, indeed

  99. ralphm

    Ok, so we need to quickly recruit someone, if we don't have people offering right here

  100. ralphm

    Help from the floor is appreciated.

  101. Kev

    I suggest that, as much as possible, you get people to pay for things directly.

  102. Kev

    To avoid needing to collect funds.

  103. ralphm

    Kev: that is indeed a reasonable suggestion, but I think especially for Dinner this is not necessarily easy

  104. Dave Cridland

    As an observation, someone has to actually pick up the tab for (for example) lunch, and then claim it back from somewhere. If that person isn't directly claiming it from the sponsor, then it requires a expense claim to the XSF and an invoice from the XSF to the sponsor.

  105. Dave Cridland

    For Dinner it's even worse, since that's usually the biggest single bill.

  106. ralphm

    Dave Cridland: indeed and we've not been awesome at this

  107. MattJ

    Dinner/lunch and convenience may be one thing, but in general I don't think the XSF ought to shy away from collecting funds

  108. MattJ

    or expenses

  109. Kev

    AFAIK, the XSF never invoiced Isode for their sponsorship last year (I've not checked with accounts), but equally we've not claimed back what we put in either towards taxis etc., which was about the same amount.

  110. MattJ

    I just think that traditionally these have both become painful inefficient processes

  111. ralphm

    Sending expenses to stpeter has generally been handled properly, afaict

  112. Kev

    ralphm: I'm not sure that's true. I think that often involves bank fees that leave people out of pocket, unless people know the system in advance.

  113. ralphm

    That is another, valid, issue indeed

  114. Kev

    (To be clear: Not that Peter has handled them improperly, but that the end result has been improper)

  115. ralphm

    yeah, understood

  116. ralphm

    There's been previous chatter about setting up a EU presence to handle that, but we never progressed on this

  117. Kev

    As a suggestion, can someone (not me) work out what needs paying for the summit, how much it's going to cost, and ask for sponsors for each item (full or partial) that would pay it themselves.

  118. Kev

    This is not the Right thing to do, but it might be the expedient one.

  119. ralphm

    I think Van and Lunch is rather easy. Dinner, as said, not so much.

  120. Kev

    Otherwise I think we're at gathering arbitrary money amounts, and getting people to pay stuff/expense, etc.

  121. Dave Cridland

    Kev, I have been talking through some figures from previous summits with Guus toward this end, actually.

  122. ralphm

    And for swag and stickers it is rather easier, too.

  123. Kev

    Isode have already offered to sort out the van. I'm not sure if Guus said 'yes' yet.

  124. Dave Cridland

    Kev, I believe that's all done and dusted.

  125. Kev

    Excerrent.

  126. ralphm

    Kev: well, I'll gladly accept

  127. ralphm

    Ok, it seems we can't resolve this fully right now.

  128. ralphm

    When Guus is back tomorrow, I'll have a chat

  129. ralphm

    and see what we can do

  130. Dave Cridland

    Figuring out a candidate list of sponsors would be useful, but for obvious reasons cannot be done entirely in public.

  131. ralphm

    Then, in terms of swag, I think we have virtually none left.

  132. Dave Cridland

    (Since otherwise folks can tell who refused)

  133. ralphm

    I think I have one hoodie here, no stickers, no banner

  134. ralphm

    (but we do have a projector now)

  135. nyco

    hi

  136. nyco

    sorry

  137. ralphm

    hi nyco

  138. nyco

    works veeeery weirdly

  139. nyco

    ah

  140. nyco

    logs are dead once again

  141. nyco

    can't work...

  142. MattJ

    nyco, http://logs.xmpp.org/xsf/2018-01-11/#14:29:45 ?

  143. ralphm

    I'm not sure if this is the right venue for discussing what to do for swag, etc. here, but I do want commitment from Board to make sure whoever orders especially clothing, gets payed expediently

  144. MattJ

    I think that's fine, but we should set an upper limit?

  145. MattJ

    Didn't we already give Guus a budget?

  146. ralphm

    Dave Cridland: do you remember what we used for budget last time around?

  147. MattJ

    for things like this

  148. ralphm

    MattJ: I think we did

  149. Dave Cridland

    ralphm, Nope. Not sure we did last time around, we relied on existing stock.

  150. Dave Cridland

    ralphm, I can only really talk to 2015's figures, since I happen to have those.

  151. MattJ

    "The board all agreed that a $1,000 per year budget was approved."

  152. Dave Cridland

    Oh, so I'm talking rubbish. :-)

  153. nyco

    ok, once again, my Movim, my Conversations, and MAM are not in sync, too painful to reconstruct my unsent messages

  154. ralphm

    Dave Cridland: I meant 'last time we ordered'

  155. ralphm

    nyco: first I saw was 'hi' and 'sorry'

  156. nyco

    yeah, messages lost before that

  157. ralphm

    Ok, given that budget, I think we can work with this. I'll hammer out the details with Dave Cridland and Guus

  158. ralphm

    And discuss what we actually want in the SCAM room

  159. Kev

    I don't know if it's sensible, but a small number of 'summit 2018, Brussels' t-shirts for people might be nice.

  160. Kev

    (Just putting that out there)

  161. ralphm

    I think that's enough on FOSDEM/Summit for this meeting

  162. ralphm

    Kev: good suggestion

  163. ralphm

    2. GSoC

  164. ralphm

    I'd love us to do this again.

  165. Guus

    hello - I just got back.

  166. ralphm

    Hi Guus

  167. Kev

    I have to vanish at this point. Possibly unfortunately. Poke me if you want things from me.

  168. MattJ

    *Kev disappears in a puff of smoke*

  169. MattJ

    Haha :)

  170. Kev

    My PT is waiting at the gym. She will kill me.

  171. ralphm

    Kev: just running GSoC, that's all

  172. Guus

    Kev, if we would do GSoC, would you be interested in adminning again?

  173. MattJ

    Assuming he may have left, I think we should do GSoC either way

  174. ralphm

    I motion we do, provided we have someone offering to admin (either Kev or someone else)

  175. MattJ

    Right

  176. Guus

    (trying to read back quickly: I did accept Isodes offer for arranging a Van. Said van has already been arranged. SCAM does indeed have a budget. I was unsure of the swag stock, so we'll need to order that. I have plenty of stickers and server folders, nothing else)

  177. MattJ

    If Kev declines, he may still be able to provide some description of what's involved

  178. ralphm

    Guus: I'll pick up the swag stuff with you

  179. Guus

    are affiliates interested in doing GSoC under the XSF umbrella again, this year?

  180. Guus

    maybe we should do a very quick inventory, if there's any interest?

  181. Guus

    ralph, ok

  182. ralphm

    We basically need proposals, in two weeks time

  183. ralphm

    I think in this meeting, we just say +1 / -1 on wether we want to start this

  184. ralphm

    I have +1 from MattJ and myself

  185. Guus

    +!

  186. ralphm

    nyco?

  187. Guus

    +1

  188. Martin

    +1

  189. ralphm

    So I'll ask Kev (again) if he'd like to admin again.

  190. nyco

    +1 of course for GSoC

  191. ralphm

    ok

  192. ralphm

    3. Board Priorities

  193. ralphm

    nyco you had ideas on moving this forward

  194. nyco

    yeah, meeting

  195. nyco

    h the card

  196. nyco

    buh

  197. nyco

    https://trello.com/c/yZOaF3WH/247-board-priorities-2018

  198. nyco

    We have to organise a long, dedicated meeting: * using voice and video and screen sharing * each one of us exposing his thoughts, facts, observations, numbers, gut feelings, and cognitive biases * listening to and understanding each other, accepting all the divergences * try to converge * come up with a high-level list of priorities for this year * if possible, commit to deliver some

  199. nyco

    got this msg?

  200. ralphm

    Yes

  201. ralphm

    I'm +1 on scheduling this

  202. MattJ

    Likewise

  203. nyco

    +1

  204. Guus

    as am I

  205. nyco

    good, I'm on it

  206. ralphm

    MattJ, Martin are you coming to the Summit?

  207. MattJ

    Yes

  208. Guus

    you're thinking of doing it in person? would be good.

  209. Martin

    I'm not I'm afraid, poor timing of a series of hospital visits

  210. Guus

    ah, to bad.

  211. nyco

    https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios

  212. ralphm

    Guus: that was indeed my idea, but we might still be able to, with Martin remote?

  213. nyco

    online, no pressure

  214. ralphm

    ok

  215. Guus

    I'm fine with either.

  216. nyco

    https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios

  217. ralphm

    Yeah, we have the link

  218. ralphm

    4. Bus Factor Bank Account

  219. ralphm

    What we need here (again) is a volunteer

  220. ralphm

    I also prefer a Member

  221. ralphm

    but I'm not sure if this has to be a requirement

  222. nyco

    to me, Peter's suggestion looks fine, we should just make them a member

  223. Guus

    As I've written, I'd like to know what the banks default procedure is here.

  224. Guus

    Peter was going to look into that, I think.

  225. ralphm

    So we reply with a request for that?

  226. MattJ

    Yeah, I think we should know that in any case

  227. MattJ

    But I'm fine with one of the people he mentioned being a backup

  228. Guus

    ralphm: yeah - although I believe it's already being acted on.

  229. ralphm

    Guus: ok, so what do we do right now?

  230. Guus

    confirm with Peter that he's looking into that, wait for his feedback.

  231. ralphm

    lok

  232. ralphm

    ok

  233. ralphm

    Then I'm through my major items

  234. ralphm

    5. AOB

  235. Guus

    for the record: did we agree to offer the reimbursement for summit/fosdem expenses to the three gsoc students of last year, as discussed on the board list?

  236. ralphm

    I think we decided on list that we'd provide funding for young potential. Just stating we did.

  237. ralphm

    If it wasn't clear, I'm +1

  238. nyco

    so let's move the card

  239. Guus

    ok. I'll work with Kev to relay the offer to the students.

  240. MattJ

    Me too

  241. ralphm

    Splendid

  242. ralphm

    6. Date of Next

  243. ralphm

    Outside of the planning of the Priorities Meeting, I suggest +1W for our regular get-together here.

  244. Martin

    +1w works for me

  245. Guus

    I'm unsure if I can make it. While following the hearse this morning, we heard of another death in the familiy. :/

  246. ralphm

    7. Close

  247. ralphm

    Thanks all!

  248. ralphm bangs gavel

  249. jonasw

    Guus, my sympathies

  250. Guus

    thanks.

  251. ralphm

    Guus: sorry to hear.

  252. Guus

    I'll send out an email when the funeral planning is definite.

  253. Guus

    Ralphm: when do you want to do swag?

  254. Guus

    if we're to order stuff, we probably shouldn't wait to long

  255. Guus

    we can move this into the SCAM muc though

  256. ralphm

    Now?

  257. Guus

    sure

  258. ralphm

    Hope Dave Cridland can join to at least see what we did last time

  259. Guus

    He sent me an expense sheet

  260. nyco

    Test

  261. nyco

    Test

  262. Dave Cridland

    ralphm, He has the spreadsheet I did from 2015.

  263. ralphm

    Oh crap, I forgot if someone could take minutes :-(

  264. edhelas

    what's the rule for Deffered already ?

  265. mathieui

    12 months without any change iirc

  266. edhelas

    I'm actually implementing https://xmpp.org/extensions/xep-0320.html in Movim

  267. edhelas

    ok

  268. jonasw

    yeah, deferred is ~automatic

  269. jonasw

    I should run the script again

  270. Ge0rG

    Oh, then it's probably time to change PARS

  271. Alex

    got this error on our Wiki while trying to create a new account: Account creation error Error sending mail: Failed to connect to atlas.jabber.org:25 [SMTP: Failed to connect socket: php_network_getaddresses: getaddrinfo failed: Name or service not known (code: -1, response: )]

  272. Kev

    Does it reproduce?

  273. Kev

    ralphm: I'm happy to be involved as an org admin, but I don't have the time to be 'the' org admin this year. So I'd want someone else to step up and commit to doing all the legwork.

  274. Kev

    (Which is often more work than being a mentor, so not someone who wanted to mentor too)

  275. Alex

    Kev: does not allow to me add the same user again, and I don't want to create a dummy user right now to repro

  276. Ge0rG

    So. What's the largest public MUC not related to XMPP?

  277. moparisthebest

    do IRC channels through biboumi count

  278. jonasw

    going by this page: http://search.wensley.org.uk/chat/

  279. jonasw

    do rooms about clients count? :)

  280. jonasw

    if not, IT-MSE probbaly counts, whatever that is

  281. jonasw

    GNU/Linux is second (30)

  282. Link Mauve

    “16:56:55 mathieuii> at least Anu is safe, Link Mauve has no apple device”, my iMac G3 doesn’t count? ;(

  283. Link Mauve

    But like every other of my non-Nintendo computers, it runs Linux.

  284. Link Mauve

    Although half of my Nintendo computers run Linux too.

  285. jonasw

    you are a strange (but cool) person.

  286. Link Mauve

    Heh, thanks. ^^

  287. edhelas

    strange is the new cool