XSF Discussion - 2018-02-22

What's that sasl mode that proves the server knows your password?

I recall Zash talking about it, like it'd be safe to use with a self signed cert type thing

moparisthebest: scram is one

https://signal.org/blog/signal-foundation/ wow! It's impressive what they've achieved with 2.3 developers, and now they are drowning in money.

Ge0rG: Weren't they already drowning in money?

Zash: they just got 50M USD on top.

> by Brian Acton, the co-founder of WhatsApp

am I the only one to whom it's suspicous? :)

marmistrz: he sold it to facebook and made gazillions on it?

> sell software for distribution Jaber and base 450000 jabber - ready business for you is$500 a real bargain!

I don’t even get it

Ge0rG: ?

English is hard

Just got another incoming XMPP spam flood

I think he’s getting spimmed

somebody is selling a jabber spam bot plus a JID database for 500 usd.

Oh 😮

A real bargain!

Ge0rG: I know they sold it to fb, what I mean that "if it's shaped in the same way whatsapp was shaped"

I mean, I'm not using signal (phone number as an ID is a bad idea), but if it's backed by the whatsapp founder, I'd have at least a little more suspicion before ever thinking to use it, judging from the way whatsapp has evolved

marmistrz, maybe the whatsapp founder feels bad for what happened :)

jonasw, by supporting another walled garden?

obviously he’s not opposed to walled gardens

well, if someone donated 5% of what he did for XMPP client development...

There are times that I wonder if our some on our support forums are high on something: "Smack Bubble in Rainbow"

(A service provided by openrainbow.com is apparently XMPP based?)

marmistrz: there was a time when I respected moxie for what he does. Back then I'd have said that moxie will keep an eye on that money.

General service announcement: systemd sucks.</rant>

Old news

I know.

XMPP sucks, too.

Everything sucks.

No, no, you're wrong there.

My vacuum cleaner doesn't anymore.

well played

Mine either, actually, its battery doesn't last a full round of the floor it's on :(

Kev: should've bought a Tesla then :P

I call it Gir.

That's it! What we really need is Internet-connected battery-powered IoT vacuum cleaners that collects dust into a blockchain!

Zash: into a quantum blockchain!

And battery charging as a service!

3) profit!

Zash: and huge batteries, because PoW performance

Kev: your floor is to large.

Very much not!

your vacuum cleaner disagrees.

My vacuum cleaner is senile, it used to be fine with it.

Hmm... Sure your floor didn't grow?

Moderately.

I concede.

Never underestimate continental drift!

I unconcede. What he said!

Can somebody add me into memberbot's roster? I sent a subscription presence yesterday

pep., ping Alex

What he said ^

Ge0rG, are you going to change your langing page such that it accepts xmpp URIs?

marc: are you going to look up how to do a string replace in Erlang?

Ge0rG, yeah, if you tell me the reason for _not_ using the xmpp URI ;)

marc: every character counts. more characters = longer QR codes = less readabiliy = higher chance for typos when entering manually

marc: the "xmpp:" is really redundant there.

marc: besides, you need to url-encode the JID anyway, so you won't get around custom processing.

marc: and you could just make the default prefix "xmpp:" for when constructing the link

Ge0rG, that's not a good reason for _not_ accepting it ;)

marc: yes it is. I'm forcing you to do something that's good for your users.

...

sounds like I need to fork :D

marc: or you need to bury your ego and just listen to what my ego says is the right thing™ 😛

Ge0rG, not sure if this is gonna happen for this thing ;)

marc, FWIW, I think Ge0rG has a point here.

jonasw, 5 chars?

are you going to ban too long local parts of a JID too? :D

or too long domain names?

marc: now guess why I own yax.im

Ge0rG, because it's a funny name?

probably I'll append the OMEMO keys to the QR code

We generate QR codes for a XMPP URI and 5 OMEMO keys at the moment

Works fine

marc: to the xmpp URI or to the location URL?

Ge0rG, to the xmpp URI

doesn't make sense to transfer OMEMO keys via an "insecure" channel

marc: not much probably.

it's for the QR code only

marc: I mean obviously it does make sense to transmit them but not to trust them.

just check for MitM

Ge0rG, nitpicker ;)

marc: professional pessimist^W security analyst :P

Ge0rG, if we put the URI into the fragment part we don't need to URL encode it AFAIK

marc: except when we do.

Ge0rG, hm?

marc: as I mentioned some days ago, have a look at typical irc Transport JIDs

marc: https://yax.im/i/#%23channel%25irc.man-da.de@irc.transport.server?join

Ge0rG, wtf should I care about IRC transport URIs for invitation?

marc: "#" is a valid local part character

Ge0rG, "'#" can be used as username?

-nodeprep #hello

Zash: #hello

yeah

Ge0rG, but URL encoding is the wrong thing here, we don't need to escape all characters as not URL encoders do

...as normal..

marc: good luck figuring out the right subset. Also don't forget to tell me!

Ge0rG, if you would _really_ care about the chars you would spend your time to figure it out ;)

marc: I'm here to point out the problems, not the solutions!

wait, I thought you were here because you were our mascot?

Guus: what? I'm way too sexy for that! 😁

A sexy mascot is what we need so..

w00t! just had my first in-client video conference :)

it's still very rough around the edges, but still, I'm excited :)

Great Guus :D

Guus: we are only a decade behind?

stop raining on my parade!

I've created a beautiful freak!

outdated, yes. incomplete, yes.

Guus: oh, your own client. Good work, then! :)

Time to catch up!

Guus: Video conference via XMPP/Jingle?

Ge0rG, After a walk in the sunshine I'm convinced now ;)

marc: :)

marc, yes (although we're cheating by embedding jitsi-meet in a browser component)

Guus, is this some closed-source component?

Guus, but doing jingle xmpp protocol?

Jitsi Meet is open source, a webrtc-based solution that uses XMPP (COIN/Colibri/Jingle) for negotiation.

we've server-sided wrapped that solution in a very-easy-to-install plugin

clients will detect its presence, and use it isntead of the public instance

from there, it's a matter of opening the correct URL, and let Jitsi do the rest.

What's COIN?

Added bonus is that users of our client can invite anyone that has a browser.

Guus, so you had a video conference between browsers running jitsi meet?

https://xmpp.org/extensions/xep-0298.html

marc, yes.

Guus: Ah, thanks.

Guus, with n > 2?

yes. not unlike google talk

err

hangouts

I can try posting an invite here, if you want

(beware, alpha-quality software release)

Please join me in this web-based video-conference room: https://meet.jit.si/xsf

Guus, masked camera here ;)

But I can see you :D

I am nice to look at :D

Nice

Works fine

yeah, one-on-one is peer-to-peer

Maybe somebody else can join to test with n > 2? :)

beyond that, a bridge kicks in

where is that bridge hosted?

I've added a uuid to make the room name somewhat more unique, but neglected doing that in a muc context

it's part of the Jitsi setup. We're now using their public service, but that is also deployable as an Openfire plugin

Nice, now we need this in some desktop / moible client :)

(or a standalone installation if you go with their setup)

they do have a mobile client

okay, now we need this in other mobile clients :D

they have an API that potentially is usable for that

not my area of expertise though

Jitsi doesn't like my home network for some reason, that's new.

I popped out for a second

still, you should've been able to join that Meet.

... you know that, having worked at their stuff :)

one would think, but I've already forgotten most of how it works.

You're the expert, fix it Guus!

if you're trying to use their public service, it should pretty much work out of the box, if you're not blocking outbound traffic and have a relatively sane NAT setup.

other than that, Damian is a hero :)

Indeed

I'll dig in later, catching the bus now. My network hasn't changed to my knowledge, so maybe it just needs a kick

Nice

I wonder when my coworkers will figure it out.

I'm only 19mins and two reboots in.

Wasn't Lync one of those dismissed things by Microsoft btw?

(it should be "Skype for Bussness" now)

Maranda: it's not dismissed, just renamed.

🤣

Touche

Third reboot, same result.

Keep going, try with a kick or two since you're at it 🤣

Board meeting time

XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

0. Welcome and Agenda

Who do we have?

Nyco apologised earlier

Martin is showing as offline to me

Mattj?

Here

ok good

shall we?

So I don't see many changes from last time around. Did we progress on any of the items in our Trello, and discuss it?

I think we skipped last week because of lack of people, and I don't remember the week before that

we skipped the week before too

no progress that I am aware of, although one new item was added

the comm-wt card

Ok

And I forgot to write to an ML regarding a SPAM SIG :(

Ok, let's start with these then

1. Communications Team

if desirable, we can do a post-mortem on the summit/fosdem too

(ok)

I'm with Kev on this, that we don't really need this to be formalized

(at the moment)

I'd rather just first see some stuff happening, without the yak shaving

I think it helps to get stuff under way

How?

by defining that team members get access to things they want to use to produce stuff.

I strongly believe we should get away from needing some kind of formal structure to be able to do things.

I'm hearing that, combined with "we need to restrict access to XSF resources"

you might want to approve the persons named for comm-wt access to github, before they go away in disdain.

well, getting access to resources are a pain. I've done that plenty of times recently, and it was always painful and took way to long for comfort.

Ge0rG: wait what?

i'm not seeing harm in us formaly defining the team again, and defining that its members get read/write access to our website and social media accounts.

Same here

ralphm: referring to JC's last email on that thread.

I agree this shouldn't be so painful, but it appears to me that (re)formation of the team seems the least painful way for everyone involved

(also, the overhead of us doing this is minor)

But since this is GitHub, why can't we start with pull requests (that don't require any additional permissions) and move from that? I think that's the point Kev tried to make. I'm not opposed to restart a formal team, but I don't see it being on the critical path.

ralphm: the deployment cycle via PRs and editor bugging is long and frustrating

ralphm: because it's keeping the team-members dependent of others, and thus less effective. Also, I really don't see the harm in not giving them access.

why not facilitate them if it benefits us all?

as I said, most of the work for board on this is this debate. After that, it's asking iteam to add some permissions to existing resources.

which I assume will take them about five minutes to implement

iteam can do that, words need only be said.

Ok, so let me get this straight. The deployment cycle of the site itself is cumbersome and would require an Editor to approve?

It does not.

no, it now requires <unnamed entity> (usually me) to approve.

It requires someone with commit permissions on the website repo to merge the PR.

Which is currently (iteam + editors)?

no, it's undefined, as far as I know

wouldn't that be another reason to name it "comm-team"?

(defining that comm-team gets access would be another nice side-eff... what he said)

What would be arguments for _not_ doing this?

Well, it is just a bit of work to get going.

You need a charter, a chair and Members (only).

I believe that's neglible.

the charter has been proposed, as has the chair and member list

(on list, and in @commsteam)

@commteam, not @commsteam

I'm also inclined towards "let's just do it"

Ok. I didn't see the chair mentioned. I have no strong objections to having a formal team with only those Members having those accesses for publishing at xmpp.org

the chair was mentioned in the MUC only (being JC)

Aha

it'd also be good if that team can use our social media accounts (which currently is limited to Twitter, I think?)

It would be great to mention all the many XMPP-deploying projects on @XMPP

So the proposal is as the e-mail with JC as chair.

The only objection I have is Simon not (currently) being a Member.

AFIAK

ah, good catch.

bylaws do say: "Participation in Teams shall be limited to elected Members of the Corporation."

Indeed that was my point

So assuming Guus is motioning this with the exception of Simon, I'm +1

he's not listed as a member, nor do find an application for him

Ok, I'm motioning.

For the record: Daniel Wisnewski (Daniel_W) Jan-Carel Brand (jcbrand) as Chair Nicolas Vérité (Nyco) Severino Ferrer de la Peñita (Seve or SouL) Charter: The team's mission is to inform the XMPP community and interested parties on news and recent developments within XMPP ecosystem.

So he can still submit PRs/etc. but a member will need to approve

Still an acceptable situation if you ask me

Right

agreed

I left off the second part of the charter as it seems superfluous and not alligned with the bylaws w.r.t. openness of the team itself. Of course others are still free to contribute through the Team.

aligned even

agreed (as was agreed on in the mail htread)

Yeah, just repeating here for the record

I'm +1 to the formation of the WT, the chair and member list, and the charter.

+1 (again)

+1

Yay

also, I motion that we grant read/write permission to the source code repository that holds the XMPP.org website code to all members of the Communications work team - which should reflect future team changes.

The motion carries.

Guus: I don't think we need to formalize that per se. But I'm sure Kev and intosi can make sure of the necessary technical requirements for the Team to carry out their task.

I'd simply like to avoid a situation where everyone looks at eachother and wonders who is allowed access, by making this explicit.

Is there a list of github user ids for the members of the comms team?

intosi: I'll ask them to provide that

Ta.

I'm sure there will be other things that access is required for and I'm not sure if asking Board every time is needed. If iteam would give out too many creds, that'd be the day.

Sure. Comms team can just ask iteam.

I was going to follow up with one more similar motion, for social media accounts :)

I trust iteam to handle this all properly.

ok, works for me

I think that's enough for today, right?

wfm

yup

2. Date of Next

+1W

3. Close

wfm

Thanks all!

works for me

thank you

XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

No spam team this week.

*sniff*

sorry Ge0rG

Ge0rG, haven't we discussed the spam team 50 times already?

We actually rejected it because there wasn't a feeling of needing a team of SIG for doing things around that topic.

MattJ: with the Spam Fighting Manifesto, there is some traction in the open to improve default server configs, write modules to block domains etc.

Great.

but that said Manifesto is made by a single volunteer who lacks time to incorporate feedback from server admins already.

Github repo and get people to submit PRs - if unable to merge PRs, find the people that you imagine in the SIG and grant them access to merge the PRs

An impromptu SIGish, if you like.

I had hoped for something more official than my private github account, but okay.

why?

Please, and I have asked this before, why can't you do any of this without 'something more official'?

I don't understand this at all.

I'm doing it already, as far as my time permits. Sorry for bothering you.

comm team effective immediately, with the list JC mailed?

I note that Winfried replied that he wanted to be on it as well.

intosi: without Simon AFAIU

Ge0rG: it is not about bothering. It is about not feeling for doing a lot of bureaucracy just because.

ralphm: ah, I see

intosi, in my understanding, Winfried was in, Simon out.

couldn’t we put the anti spam manifesto under the xsf account?

intosi: yes. I think Winfried already has permissions, by the way, and I wasn't sure if was actually applying for the team or merely contributing.

intosi, scratch that

we didn't include Winfried when voting (I overlooked that)

jonasw: why?

ralphm, dunno, if georg is unhappy with having that under his account

The TLS manifesto was also not an XSF activity and worked out fine

I’m just throwing ideas in the room

jonasw, as I understand it some people are opposed to the manifesto. It's just going to cause way more debate and just be counter-productive when it's totally unnecessary in the first place

yeah, true

and what MattJ said applied to that manifesto, too

Right

I have added JC as maintainer of the comm team group

I'm not opposed to the manifesto, and Ge0rG, if you need help, I and others would be more than willing I'm sure

Invited Nÿco, kept Winfried in it for now, and require two more github user names, for SouL and for Daniel_W.

Thanks intosi

SeveFP <-- Soul's github

Guus: ta

MattJ: thanks for your offer!

In is ok for me (I am in a meeting, can't communicate all the time)

I suggest that the comm teams adds its own page to the website, and optionally fixes its own wiki page :)

it's nice how we keep having the same conversation in two different MUCs :)

I just proposed that (sans the wiki, but that's a good idea)

Don't know in which muc that happened, but I'm not in it :)

commteam@muc.xmpp.org

Ah, not something I'd want to be in on a permanent basis currently :)

you not being in it made it more impressive

Great minds, fools, there was something with a comparison there.

Ge0rG, fixed my ejabberd implementation but your landing page doesn't work on "firefox klar"

Ge0rG, no button is clickable

Ge0rG, can you verify and at least add an issue please

works fine on firefox (desktop version)

marc: Is that different than Firefox Focus?

waqas, it seems, I don't know if they use a different engine, probably not

maybe some javascript issue but at least some javascript code works

the xmpp URI is correct etc.

waqas, oh, thought you're asking about "normal" firefox

https://play.google.com/store/apps/details?id=org.mozilla.focus&hl=en and https://play.google.com/store/apps/details?id=org.mozilla.klar&hl=en look practically the same, both were updated on February 5, and only Focus is listed on the Mozilla page: https://play.google.com/store/apps/developer?id=Mozilla&hl=en

waqas, does it work for "firefox focus"?

I was asking what Klar was, as I've only heard of Focus

waqas, AFAIK it's just the german version of firefox focus

Ah, right you are: https://support.mozilla.org/en-US/kb/difference-between-firefox-focus-and-firefox-klar