-
jonasw
daniel, >> - the requester has received directed presence from the user. > > Doesn't work in MUC either I believe. (You can't send directed presence in muc iirc)
-
jonasw
on join you send directed presence to a MUC (but to the full JID)
-
daniel
jonasw: yes but you can't send directed presence to other participants which is what we are talking about here right?
-
jonasw
I don’t think so
-
jonasw
the MUC service will proxy the vcard requests, from what we gathered here last night
-
jonasw
so from the perspective of your server, the vcard request will come from the MUC bare JID
-
daniel
Mhhh maybe. So the implication is that everyone in that muc can access your vCard?
-
jonasw
yupp
-
jonasw
like it’s now
-
daniel
i find that a bit complicated. my understanding is that server devs usually don't want to track your muc joins
-
jonasw
they’re implicitly tracked as directed presence anyways
-
jonasw
we don’t need to know that it’s a MUC join
-
jonasw
just that it’s directed presence
-
daniel
but directed presence aren't tracked are they?
-
jonasw
they need to
-
jonasw
for the type="unavailable" when the client exits
-
jonasw
that’s in RFC 6121, I think
-
Zash
Actually, since MUCs can give you a different nickname, join tracking is probably needed. Not that common tho
-
Ge0rG
daniel: are you sufficiently convinced of my proposal now? ;)
-
daniel
Ge0rG: if anying the directed presence access control should be in front of the entire vCard
-
daniel
I don't see Why pep avatars should be treated differently from vCard avatars
-
daniel
See me second email
-
daniel
Besides the way *both* implemations work that pre date the xep is the copy the Avatar on create.
-
Ge0rG
daniel: I think that "make my vcard public to the world" is a feature that long pre-dates the security awareness of normal people.
-
Ge0rG
you don't do that today
-
Ge0rG
daniel: I'd be okay with putting everything of vcard behind a presence subscription firewall
-
daniel
I'm OK with that. This requires changing a historic xep though...
-
Ge0rG
daniel: Which is why I made my proposal as I did. It doesn't violate security expectations, requires changing a proto-XEP and some non-standard implementations ;)
-
MattJ
I'm ok with it too, as a server dev
-
MattJ
Probably behind a config option, though
-
daniel
MattJ: the access control in front of the vCard?
-
MattJ
Yes
-
MattJ
As in, some deployments (or some users perhaps) should be able to have a public vcard if they want to
-
daniel
Yes
-
Kev
For some deployments, not being behind a presence check doesn't make it public.
-
MattJ
I meant public as in, no access control
-
Kev
Right, I was supporting your point of a config option.
-
Dave Cridland
jonasw, Zash - Also nickname changes get a bit weird without tracking.
-
Ge0rG
I just wanted to make a minimal change to presever the current privacy properties, not start a new bike shed ;)
-
daniel
Ge0rG: don't claim other people are bike shedding. This might upset some people. Scnr
-
Dave Cridland
Ge0rG, Issuer in TOTP URI - it can be anything. Well, I've said 1*CHAR but in reality that's URI encoded. "XMPP" is only used in an example, as far as I know.
-
Dave Cridland
Ge0rG, Could vCard access be controlled by the PEP Avatar access controls? Just a thought here.
-
daniel
Dave Cridland: how would that work in muc?
-
Ge0rG
Dave Cridland: would work for me.
-
Ge0rG
Dave Cridland: yes, "XMPP" is used in an example, but I still got confused by it. Maybe something like "BigCorpXMPPService" would be more suitable to indicate the non-normativeness of that special string?
-
Dave Cridland
Ge0rG, Well... We need to figure out if we *want* a normative string there. It might be useful/nice to have "XMPP", or "Jabber" there by default.
-
Dave Cridland
daniel, Not really thought this through much.
-
Ge0rG
Dave Cridland: I have no idea about the implications of that string.
-
Ge0rG
Dave Cridland: is it just a tag in your TOTP key manager?
-
Dave Cridland
Ge0rG, In Google Authenticator, it shows the line above the address.
-
Dave Cridland
Ge0rG, So I have Google, LastPass, GitHub and PostOffice there, for example.
-
Ge0rG
Dave Cridland: It might be counter-productive to have three lines of "XMPP", then.
-
daniel
I find presence based access control in front of vCard very reasonable. As this so fixes what most users would expect these days
-
jonasw
while we’d be at it: would it make sense to extend that access control to "shared presence or has sent a subscription request"? I.e. if A wants to subscribe to B, should B be allowed to see the vcard of A?
-
Ge0rG
jonasw: yes
-
jonasw
despite A not having shared presence with B.
-
jonasw
and should that privilege cease when the subscription has been accepted but B did not subscribe to A?
-
Ge0rG
jonasw: I think that proper presence pre-approval will solve both of your questions in a clean way
-
Ge0rG
Besides, it also makes it easier to befriend people
-
daniel
I also want presence pre-approval. But apparently it's complicated(tm)
-
Dave Cridland
Ge0rG, It lists both the Issuer and the Account, so having multiple "XMPP" would be fine. I have multiple "Google" with different accounts, for instance.
-
Flow
Ge0rG, "proper presence pre-approval"?
-
Ge0rG
Flow: support for https://xmpp.org/rfcs/rfc6121.html#sub-preapproval
-
Dave Cridland
Perfect proper presence pre-approval, presumably?
-
Flow
Germans prefer "Super proper presence pre-approval"
-
Dave Cridland
Flow, Doesn't alliterate as well, though.
-
Kev
Ain't all about alliteration.
-
Dave Cridland
Although alliteration's always awesome and appealling.
-
jonasw
Guter Gedanke, gerade Gewürzgurke gegessen.
-
Ge0rG
It's not only Google who managed to not upgrade to TLS everywhere. It also affects Cisco WebEx Jabber. So sad.
-
Holger
Well Cisco Jabber does TLS. @cisco.com doesn't have it enabled.
-
Ge0rG
Didn't we just had a discussion about e2ee in WebEx?
-
Holger
Yeah, someone said it's awesome.
-
Ge0rG
I'm sure it is.
-
ralphm
set the topic to
XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
MattJ
o/
- ralphm bangs gavel
-
ralphm
0. Welcome and Agenda
-
ralphm
Who do we have today?
-
ralphm
Guus sent regrets.
-
MattJ
I'm here
-
Martin
I'm here
-
ralphm
Good. nyco also mentioned he'd be here. He's refurbished our trello board, so I think we can start from there
-
ralphm
Anything else?
-
Martin
Nothing from me
-
ralphm
Ok.
-
MattJ
Ditto
-
ralphm
1. FOSDEM / XMPP Summit preparation
-
ralphm
Many things have already been arranged by several people, most notably Guus and intosi. We have a Summit Venue (same as last uncountable years), we have a Van, hotel options.
-
MattJ
Anything that hasn't already been taken care of?
-
ralphm
I think the most pressing things, as listed by Guus are a) aggregating sponsors (usually for Lunch and Dinner) and b) swag / print stuff
-
ralphm
I need someone who can do a)
-
MattJ
I did it last year
-
MattJ
But to be quite honest, I'm not eager to do it again
-
MattJ
Because we seem to be lacking the means to actually collect the money that we seek
-
MattJ
Apparently this has been a problem for multiple years
-
MattJ
and this comes under the funding/financing card I put in Trello for discussion, it's not necessarily just FOSDEM-related
-
ralphm
We haven't someone being on top of it, indeed
-
ralphm
Ok, so we need to quickly recruit someone, if we don't have people offering right here
-
ralphm
Help from the floor is appreciated.
-
Kev
I suggest that, as much as possible, you get people to pay for things directly.
-
Kev
To avoid needing to collect funds.
-
ralphm
Kev: that is indeed a reasonable suggestion, but I think especially for Dinner this is not necessarily easy
-
Dave Cridland
As an observation, someone has to actually pick up the tab for (for example) lunch, and then claim it back from somewhere. If that person isn't directly claiming it from the sponsor, then it requires a expense claim to the XSF and an invoice from the XSF to the sponsor.
-
Dave Cridland
For Dinner it's even worse, since that's usually the biggest single bill.
-
ralphm
Dave Cridland: indeed and we've not been awesome at this
-
MattJ
Dinner/lunch and convenience may be one thing, but in general I don't think the XSF ought to shy away from collecting funds
-
MattJ
or expenses
-
Kev
AFAIK, the XSF never invoiced Isode for their sponsorship last year (I've not checked with accounts), but equally we've not claimed back what we put in either towards taxis etc., which was about the same amount.
-
MattJ
I just think that traditionally these have both become painful inefficient processes
-
ralphm
Sending expenses to stpeter has generally been handled properly, afaict
-
Kev
ralphm: I'm not sure that's true. I think that often involves bank fees that leave people out of pocket, unless people know the system in advance.
-
ralphm
That is another, valid, issue indeed
-
Kev
(To be clear: Not that Peter has handled them improperly, but that the end result has been improper)
-
ralphm
yeah, understood
-
ralphm
There's been previous chatter about setting up a EU presence to handle that, but we never progressed on this
-
Kev
As a suggestion, can someone (not me) work out what needs paying for the summit, how much it's going to cost, and ask for sponsors for each item (full or partial) that would pay it themselves.
-
Kev
This is not the Right thing to do, but it might be the expedient one.
-
ralphm
I think Van and Lunch is rather easy. Dinner, as said, not so much.
-
Kev
Otherwise I think we're at gathering arbitrary money amounts, and getting people to pay stuff/expense, etc.
-
Dave Cridland
Kev, I have been talking through some figures from previous summits with Guus toward this end, actually.
-
ralphm
And for swag and stickers it is rather easier, too.
-
Kev
Isode have already offered to sort out the van. I'm not sure if Guus said 'yes' yet.
-
Dave Cridland
Kev, I believe that's all done and dusted.
-
Kev
Excerrent.
-
ralphm
Kev: well, I'll gladly accept
-
ralphm
Ok, it seems we can't resolve this fully right now.
-
ralphm
When Guus is back tomorrow, I'll have a chat
-
ralphm
and see what we can do
-
Dave Cridland
Figuring out a candidate list of sponsors would be useful, but for obvious reasons cannot be done entirely in public.
-
ralphm
Then, in terms of swag, I think we have virtually none left.
-
Dave Cridland
(Since otherwise folks can tell who refused)
-
ralphm
I think I have one hoodie here, no stickers, no banner
-
ralphm
(but we do have a projector now)
-
nyco
hi
-
nyco
sorry
-
ralphm
hi nyco
-
nyco
works veeeery weirdly
-
nyco
ah
-
nyco
logs are dead once again
-
nyco
can't work...
-
MattJ
nyco, http://logs.xmpp.org/xsf/2018-01-11/#14:29:45 ?
-
ralphm
I'm not sure if this is the right venue for discussing what to do for swag, etc. here, but I do want commitment from Board to make sure whoever orders especially clothing, gets payed expediently
-
MattJ
I think that's fine, but we should set an upper limit?
-
MattJ
Didn't we already give Guus a budget?
-
ralphm
Dave Cridland: do you remember what we used for budget last time around?
-
MattJ
for things like this
-
ralphm
MattJ: I think we did
-
Dave Cridland
ralphm, Nope. Not sure we did last time around, we relied on existing stock.
-
Dave Cridland
ralphm, I can only really talk to 2015's figures, since I happen to have those.
-
MattJ
"The board all agreed that a $1,000 per year budget was approved."
-
Dave Cridland
Oh, so I'm talking rubbish. :-)
-
nyco
ok, once again, my Movim, my Conversations, and MAM are not in sync, too painful to reconstruct my unsent messages
-
ralphm
Dave Cridland: I meant 'last time we ordered'
-
ralphm
nyco: first I saw was 'hi' and 'sorry'
-
nyco
yeah, messages lost before that
-
ralphm
Ok, given that budget, I think we can work with this. I'll hammer out the details with Dave Cridland and Guus
-
ralphm
And discuss what we actually want in the SCAM room
-
Kev
I don't know if it's sensible, but a small number of 'summit 2018, Brussels' t-shirts for people might be nice.
-
Kev
(Just putting that out there)
-
ralphm
I think that's enough on FOSDEM/Summit for this meeting
-
ralphm
Kev: good suggestion
-
ralphm
2. GSoC
-
ralphm
I'd love us to do this again.
-
Guus
hello - I just got back.
-
ralphm
Hi Guus
-
Kev
I have to vanish at this point. Possibly unfortunately. Poke me if you want things from me.
-
MattJ
*Kev disappears in a puff of smoke*
-
MattJ
Haha :)
-
Kev
My PT is waiting at the gym. She will kill me.
-
ralphm
Kev: just running GSoC, that's all
-
Guus
Kev, if we would do GSoC, would you be interested in adminning again?
-
MattJ
Assuming he may have left, I think we should do GSoC either way
-
ralphm
I motion we do, provided we have someone offering to admin (either Kev or someone else)
-
MattJ
Right
-
Guus
(trying to read back quickly: I did accept Isodes offer for arranging a Van. Said van has already been arranged. SCAM does indeed have a budget. I was unsure of the swag stock, so we'll need to order that. I have plenty of stickers and server folders, nothing else)
-
MattJ
If Kev declines, he may still be able to provide some description of what's involved
-
ralphm
Guus: I'll pick up the swag stuff with you
-
Guus
are affiliates interested in doing GSoC under the XSF umbrella again, this year?
-
Guus
maybe we should do a very quick inventory, if there's any interest?
-
Guus
ralph, ok
-
ralphm
We basically need proposals, in two weeks time
-
ralphm
I think in this meeting, we just say +1 / -1 on wether we want to start this
-
ralphm
I have +1 from MattJ and myself
-
Guus
+!
-
ralphm
nyco?
-
Guus
+1
-
Martin
+1
-
ralphm
So I'll ask Kev (again) if he'd like to admin again.
-
nyco
+1 of course for GSoC
-
ralphm
ok
-
ralphm
3. Board Priorities
-
ralphm
nyco you had ideas on moving this forward
-
nyco
yeah, meeting
-
nyco
h the card
-
nyco
buh
-
nyco
https://trello.com/c/yZOaF3WH/247-board-priorities-2018
-
nyco
We have to organise a long, dedicated meeting: * using voice and video and screen sharing * each one of us exposing his thoughts, facts, observations, numbers, gut feelings, and cognitive biases * listening to and understanding each other, accepting all the divergences * try to converge * come up with a high-level list of priorities for this year * if possible, commit to deliver some
-
nyco
got this msg?
-
ralphm
Yes
-
ralphm
I'm +1 on scheduling this
-
MattJ
Likewise
-
nyco
+1
-
Guus
as am I
-
nyco
good, I'm on it
-
ralphm
MattJ, Martin are you coming to the Summit?
-
MattJ
Yes
-
Guus
you're thinking of doing it in person? would be good.
-
Martin
I'm not I'm afraid, poor timing of a series of hospital visits
-
Guus
ah, to bad.
-
nyco
https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios
-
ralphm
Guus: that was indeed my idea, but we might still be able to, with Martin remote?
-
nyco
online, no pressure
-
ralphm
ok
-
Guus
I'm fine with either.
-
nyco
https://trello.com/c/sBcxZrGZ/299-plan-and-organise-a-meeting-for-board-prios
-
ralphm
Yeah, we have the link
-
ralphm
4. Bus Factor Bank Account
-
ralphm
What we need here (again) is a volunteer
-
ralphm
I also prefer a Member
-
ralphm
but I'm not sure if this has to be a requirement
-
nyco
to me, Peter's suggestion looks fine, we should just make them a member
-
Guus
As I've written, I'd like to know what the banks default procedure is here.
-
Guus
Peter was going to look into that, I think.
-
ralphm
So we reply with a request for that?
-
MattJ
Yeah, I think we should know that in any case
-
MattJ
But I'm fine with one of the people he mentioned being a backup
-
Guus
ralphm: yeah - although I believe it's already being acted on.
-
ralphm
Guus: ok, so what do we do right now?
-
Guus
confirm with Peter that he's looking into that, wait for his feedback.
-
ralphm
lok
-
ralphm
ok
-
ralphm
Then I'm through my major items
-
ralphm
5. AOB
-
Guus
for the record: did we agree to offer the reimbursement for summit/fosdem expenses to the three gsoc students of last year, as discussed on the board list?
-
ralphm
I think we decided on list that we'd provide funding for young potential. Just stating we did.
-
ralphm
If it wasn't clear, I'm +1
-
nyco
so let's move the card
-
Guus
ok. I'll work with Kev to relay the offer to the students.
-
MattJ
Me too
-
ralphm
Splendid
-
ralphm
6. Date of Next
-
ralphm
Outside of the planning of the Priorities Meeting, I suggest +1W for our regular get-together here.
-
Martin
+1w works for me
-
Guus
I'm unsure if I can make it. While following the hearse this morning, we heard of another death in the familiy. :/
-
ralphm
7. Close
-
ralphm
Thanks all!
- ralphm bangs gavel
-
jonasw
Guus, my sympathies
-
Guus
thanks.
-
ralphm
Guus: sorry to hear.
-
Guus
I'll send out an email when the funeral planning is definite.
-
Guus
Ralphm: when do you want to do swag?
-
Guus
if we're to order stuff, we probably shouldn't wait to long
-
Guus
we can move this into the SCAM muc though
-
ralphm
Now?
-
Guus
sure
-
ralphm
Hope Dave Cridland can join to at least see what we did last time
-
Guus
He sent me an expense sheet
-
nyco
Test
-
nyco
Test
-
Dave Cridland
ralphm, He has the spreadsheet I did from 2015.
-
ralphm
Oh crap, I forgot if someone could take minutes :-(
-
edhelas
what's the rule for Deffered already ?
-
mathieui
12 months without any change iirc
-
edhelas
I'm actually implementing https://xmpp.org/extensions/xep-0320.html in Movim
-
edhelas
ok
-
jonasw
yeah, deferred is ~automatic
-
jonasw
I should run the script again
-
Ge0rG
Oh, then it's probably time to change PARS
-
Alex
got this error on our Wiki while trying to create a new account: Account creation error Error sending mail: Failed to connect to atlas.jabber.org:25 [SMTP: Failed to connect socket: php_network_getaddresses: getaddrinfo failed: Name or service not known (code: -1, response: )]
-
Kev
Does it reproduce?
-
Kev
ralphm: I'm happy to be involved as an org admin, but I don't have the time to be 'the' org admin this year. So I'd want someone else to step up and commit to doing all the legwork.
-
Kev
(Which is often more work than being a mentor, so not someone who wanted to mentor too)
-
Alex
Kev: does not allow to me add the same user again, and I don't want to create a dummy user right now to repro
-
Ge0rG
So. What's the largest public MUC not related to XMPP?
-
moparisthebest
do IRC channels through biboumi count
-
jonasw
going by this page: http://search.wensley.org.uk/chat/
-
jonasw
do rooms about clients count? :)
-
jonasw
if not, IT-MSE probbaly counts, whatever that is
-
jonasw
GNU/Linux is second (30)
-
Link Mauve
“16:56:55 mathieuii> at least Anu is safe, Link Mauve has no apple device”, my iMac G3 doesn’t count? ;(
-
Link Mauve
But like every other of my non-Nintendo computers, it runs Linux.
-
Link Mauve
Although half of my Nintendo computers run Linux too.
-
jonasw
you are a strange (but cool) person.
-
Link Mauve
Heh, thanks. ^^
-
edhelas
strange is the new cool