I'm reading the Standards ML, before putting Bookmark to Final would it maybe be wise to update it, like to clarify which method is prefered for storing them ?
flow
edhelas, isn't that done in xep48 § 3. ?
dwdhas left
danielhas left
danielhas joined
Dave Cridlandhas left
Zashhas left
Dave Cridlandhas left
ludohas left
ludohas joined
Zashhas joined
Martinhas joined
danielhas left
danielhas joined
dwdhas left
danielhas left
danielhas joined
j.rhas joined
lumihas joined
rtq3has left
rtq3has joined
tuxhas left
jubalhhas joined
ralphmhas joined
Dave Cridlandhas left
moparisthebesthas left
ralphmhas left
ralphmhas joined
jjrhhas left
marmistrzhas joined
ralphmhas joined
Dave Cridlandhas left
dwdhas left
Dave Cridlandhas left
danielhas left
danielhas joined
andyhas joined
Holgerhas left
Dave Cridlandhas left
ralphmhas joined
marchas left
Martinhas left
andyhas left
Guushas left
Martinhas joined
j.rhas joined
Guushas left
la|r|mahas joined
moparisthebesthas joined
Guushas left
j.rhas joined
jerehas joined
Dave Cridlandhas left
jubalhhas joined
Syndacehas left
jubalhhas left
Syndacehas joined
Alexhas joined
tuxhas joined
Alexhas left
Tobiashas left
Alexhas joined
Martinhas left
Dave Cridlandhas left
lskdjfhas joined
Dave Cridlandhas left
tuxhas joined
Dave Cridlandhas left
dwdhas left
marmistrzhas joined
Martinhas joined
Dave Cridlandhas left
ralphmhas joined
rtq3has left
rtq3has joined
Alexhas left
blablahas left
Guushas left
moparisthebesthas joined
Dave Cridlandhas left
dwdhas left
Dave Cridlandhas left
dwdhas left
danielhas left
danielhas joined
Guushas left
Alexhas joined
Alexhas left
Alexhas joined
rtq3has left
rtq3has joined
Dave Cridlandhas left
dwdhas left
lskdjfhas joined
Dave Cridlandhas left
ThurahThas left
j.rhas joined
dwdhas left
Martinhas left
jerehas joined
jerehas joined
Seve/SouLhas joined
Dave Cridlandhas left
lskdjfhas left
lskdjfhas left
lskdjfhas left
Seve/SouLhas joined
Dave Cridlandhas left
dwdhas left
Dave Cridlandhas left
Guushas left
Dave Cridlandhas left
Guushas left
dwdhas left
Guushas left
ralphmhas joined
Guushas left
Guushas left
Seve/SouLhas joined
Seve/SouLhas joined
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
Yagizahas left
j.rhas joined
dwdhas left
Guushas left
Yagizahas left
danielhas left
danielhas joined
Kevhas left
Yagizahas left
Guushas left
Dave Cridlandhas left
Yagizahas left
Guushas left
jubalhhas joined
jubalhhas left
Guushas left
Dave Cridlandhas left
danielhas left
dwdhas left
danielhas joined
Martinhas joined
Dave Cridlandhas left
dwdhas left
Dave Cridlandhas left
ralphmhas joined
dwdhas left
ralphmhas joined
marc
hm, if matrix requires an additional push protocol (GCM for Android), is it not possible to use riot without Google services installed?
danielhas left
Ge0rG
marc: AFAIU it falls back to polling the server.
jonasw
marc, I think it is, but that ^
danielhas joined
marc
yes, okay :D
Ge0rG
Life is great, isn't it?
Guushas left
marc
Ge0rG, it just means to me that it sucks and has a big disadvantage in comparison to XMPP :D
Ge0rG
marc: what did you expect from HTTP? WebSockets?
daniel
Well that's what signal does
daniel
And rocket.chat
marc
daniel, signal requires GCM and if not available falls back to polling?
daniel
marc: no. It falls back to websockets
daniel
The well that was signal does was a response to what Ge0rG said
SaltyBones
should it be obvious why websockets works?
marc
websockets allow permanent connections, right?
daniel
Yeah using websockets is reasonable
Zash
I wouldn't count on "permanent"
daniel
Compared to polling http that is
SaltyBones
oh weird..so the os does the connection part for you and just gives you some magical permanent socket?
Zash
If that worked, everyone would be doing it
Zash
I imagine it has the same restrictions on mobile OSes as plain TCP
Dave Cridlandhas left
Kevhas joined
Guushas left
Dave Cridlandhas left
Guushas left
Zashhas left
Ge0rG
Zash: but better firewall piercing capabilities
Dave Cridlandhas left
Guushas left
Guushas left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
vanitasvitaehas left
jjrhhas left
jjrhhas left
lskdjfhas left
lskdjfhas joined
jubalhhas joined
danielhas left
danielhas joined
Alexhas left
ThurahThas joined
lskdjfhas joined
dwdhas left
moparisthebest
but only over HTTPS, at which point, you can also just use TLS on 443
let me update the first section and add the vote which just came in
moparisthebest
(sorry)
Alex
not a problem
Alex
1) Call for Quorum
Alex
as you can see 32 members voted via memberbot
Alex
so we have a quorum
Alex
2) Items Subject to a Vote
Alex
new and returning members, you can see all the applicantions here:
https://wiki.xmpp.org/web/Membership_Applications_Q1_2018
Alex
3) Opportunity for XSF Members to Vote in the Meeting
ralphmhas joined
jonasw
Alex, did pep. reach out to you?
jonasw
or did you receive his attempts to reach out?
Dave Cridlandhas left
Alex
anybody here who has not voted yet, and want to vote in teh meeting?
jonasw
did the MUC just die or is it just me?
Alex
jonasw: I don't think so. At least I do not remember
jonasw
Alex, he tried to reach you sevearl times since memberbot didn’t talk to him :(
jonasw
he also said that he probably wouldn’t be able to make this meeting though :(
Alex
my client blocks all messaged from unsubscribed users silently, becuase I get tons of spam
jonasw
ah I see
Alex
I he is around we can fix now and get his vote in
jonasw
I told him to try email though
Alex
otherwise we fix for the next voting period
Ge0rG
Alex [20:07]:
> my client blocks all messaged from unsubscribed users silently, becuase I get tons of spam
This policy fails to work for people with public roles.
jonasw
Ge0rG, he accepts subscriptions though
jonasw
also probably not the right time to discuss this
Alexstarts counting now, for working on the results
Ge0rG
Right, sorry.
Alex
looks like nobody wants to vote
Alex
Ge0rG: lets put it under otehr business and discuss at the end of our meeting
boothj5has left
Alex
4) Announcement of Voting Results
Alex
when you reload the page at:
https://wiki.xmpp.org/web/Meeting-Minutes-2018-02-27#Announcement_of_Voting_Results
you can see the results
Alex
all new and returning members are accepted
Alex
congrats to everyone
jonasw
\o/
Alex
5) Any Other Business?
jonasw
Ge0rG, that’s your cue
jjrhhas left
Alex
Ge0rG: I use XMPP since the very early days when Jers first server came out. my jabber.org Jid is probably on every spammer list, and its a huge pain for me these days
moparisthebest
wouldn't a better system than bugging Alex just be to automatically import all member JIDs into memberbot ?
danielhas left
Alex
sometimes I log in and have 100 spams in the morning
Dave Cridlandhas left
jonasw
Alex, ugh
moparisthebest
and, while we have a database of member JIDs, tie that into the wiki and use xmpp for auth, slightly different topic though :)
jonasw
I fell your pain, even though probably 1.5 orders of magnitude less worse
Ge0rG
Alex: I'm blocking 99% of spam messages with some simple heuristics, and I had to implement "reject all requests" against presence spam
Alex
because of the server crash we had last year I lost the whitellist
Guus
Can we give someone else privs to add people to memberbot?
Guus
So that we don't depend solely on Alex ?
dwdhas left
Alex
but usually I add all new members to the list, and when people contact me by email or xmpp it takes only some seconds to add them to teh whitelist
memberbot is pretty smart and support xdata commands for administration
jjrhhas left
moparisthebest
can't memberbot just always use that list?
jjrhhas left
Alex
Guus: memberbot also has a list of admins IIRC
Alex
Happy to add someone else who can execute the commands and add peopel to teh whitelist
Ge0rG
Jabber.org being de facto unmaintained doesn't help much, I suppose
rtq3has left
Alex
its just executing 2 coommands
1) submit the Jid
2) reload the whitelist
rtq3has joined
Guus
Alex: add me if you want
danielhas left
Alex
Guus: done
danielhas left
Alex
restarting the bot, you can check if commands are working for you
jjrhhas left
Guus
Alex: later. Kid just got sock
Guus
Sick
jjrhhas left
Guus
Thanks though
Guus
Afk
SaltyBones
Ah, I thought he was a house elf
Alex
moparisthebest: jave seen this post, and its on my todo list to add this to my personal prosody server, but my main Jid is still on jabber.org
Alex
I mean Ge0rG ;-)
Alex
but we have to solve this SPAM problem in general, it could kill our technology when its getting worse
danielhas left
jonasw
yeah
Dave Cridlandhas left
SaltyBonesnever gets any spam and feels left out.
jonasw
SaltyBones, you can have mine
jonasw
Alex, sent you a subscription request
moparisthebest
I didn't until I became XSF member and XEP author
moparisthebest
but that happened around the same time, so I don't know which or both
ralphmhas joined
Dave Cridlandhas left
Alex
jonasw: accepted, becuase teh Jid did not conatain 3 numbers ;-)
dwdhas left
intosihas joined
Dave Cridlandhas left
danielhas left
Alex
6) Formal Adjournment
danielhas left
Alex
I motion that we adjourn
jonasw
seems reasonable :)
Kev
Seconded.
Alexbangs the gavel
Alex
thanks guys
Kev
Thanks Alex.
jonasw
thanks for doing the work and again congrats to all (re-)accepted folks
Alex
we send out mail to memberslist tomorrow in the AM, and create the applications page for Q2 ASAP
Dave Cridlandhas left
jjrhhas left
SamWhited
I was getting a lot of spam for a while, but it was all from 3 or 4 domains that had IBR enabled so I blocked those and now I don't get any. ¯\_(ツ)_/¯
SamWhited
I don't think I ever got the presence spam that some people get though, so maybe I'm just not on the right lists.
jonasw
contextswitch: how does XEP-0401 interoperate with the European GDPR thingy? if an offering server provides MAM etc. it would have to acquire explicit consent. Or maybe we need to change clients to make consent to MAM explicit and show the privacy policy of the server beforehands? That would probably require some protocol.
dwdhas left
j.r
I haven't had spam on any of my accounts
Zash
I got one the other day
Kev
I know it's not a popular viewpoint, but I still think that signing up for services through web interfaces makes sense, rather than doing it inband.
Zash
Why not both?
Dave Cridlandhas left
Zash
We have protocol to register inband, or to redirect to a website from inband.
Alex
the spam I get since the last ~4 weeks is always from different domains. Some of those domains look very weird and like they just get automatically created only for this purpose
Alex
sometimes its from "well known" domains which still have IBR open, this is a very low percentage
moparisthebest
do you have strict s2s requiring encryption and valid certs turned on?
moparisthebest
I think I'd get a lot more spam judging by my failed s2s logs
Alex
moparisthebest: its on my jabber.org Jid
moparisthebest
today for instance: Establishing a secure connection from rosolina.estate to burtrum.org failed
moparisthebest
what are the chances that's a legit xmpp server? (I haven't checked hehe)
Dave Cridlandhas left
moparisthebest
well does jabber.org require valid s2s certs and TLS ?
intosihas left
Dave Cridlandhas left
Kev
No. Requires TLS, but allows dialback.
moparisthebest
how many legitimate servers don't have valid TLS certs nowadays with letsencrypt?
jonasw
I run one
jonasw
because I couldn’t be bothered to set up letsencrypt for that thing
moparisthebest
I mean illegitimate ones can easly get valid TLS certs from letsencrypt too
jonasw
it’s still CACert
moparisthebest
but, I'd say turn it on, force bad admins to stop being lazy
jonasw
I actually keep it renewed
moparisthebest
:P
jjrhhas left
jonasw
*shrugh*
jonasw
I’d simply turn off that service instead.
Dave Cridlandhas left
moparisthebest
it has to be harder for you to renew CACert once than set up letsencrypt
jonasw
moparisthebest, no
jonasw
in fact it’s not
jonasw
letsencrypt is tedious for XMPP
moparisthebest
besides CACert has always been useless, just self-sign
jonasw
the only way to do it right is with DNS Challenge
jonasw
and that’s it’s own ratsnest
jonasw
*shrug*
Alex
jonasw: agree
Guus
jonasw: indees
jonasw
CACert takes the load of managing signatures off of my head :)
jjrhhas left
moparisthebest
it's not, you can use DNS, but I also find it rare that you can't just listen on HTTP
jonasw
something something CA signature serial I have no idea what I’m even talking about
Dave Cridlandhas left
SaltyBones
jonasw, switch to letsencrypt
jonasw
moparisthebest, it’s just wrong to listen on HTTP for chat.domain.example
jonasw
simple as that.
SaltyBones
it is easier to maintain and they have certificates that don't use md5...
jonasw
it’s not an HTTP service.
Alex
on my personal server I renew the lets sncrypt cert every 3 month and it sucks
jonasw
I’m not even going to set A/AAAA records up for that.
Alex
on my k8s clusters with kube lego its awesome
valohas joined
SaltyBones
Alex, really? I just did it three days ago. "certbot renew" and restarting/reloading a few services...that's it
Alex
maybe we need to invest a bit more in letsencrypt modules for all mayor servers
jonasw
yeah
jonasw
with DNS challenge please.
jonasw
I’d really love to have a thing which just implements a very trivial DNS server
moparisthebest
Alex, you manually renew them every 3 months?
jonasw
and then just delegate to it
Alex
SaltyBones: I host HTTP on a different server, my DNS provider cannot be automated, so I always have to add TXT records manual for validation which sucks
moparisthebest
jonasw, why is it wrong to listen on chat.domain.example and only serve 1 thing? :/
SaltyBones
ah...yeah that's a pain :D
SaltyBones
I just have apache vhosts for imap and jabber
Dave Cridlandhas left
jonasw
moparisthebest, because it is not a friggin HTTP service.
Kev
And then you move the certs from the http server to the xmpp one? :)
jonasw
Alex, lovely :<
jonasw
Alex, consider hosting a tiny pdns instance with RFCsoandso support (that DNS update thin>)
SaltyBones
Kev, that's why it's a pain if the servers are different. Although, given http_upload I suppose a letsencrypt module for servers would not be absurd...
jonasw
and delegating the _acme-challenge subdomains to it
jonasw
I do that, it works
moparisthebest
no Kev , I just have this nginx config on all my servers:
and all letsencrypt challenges pass without any communication between servers
moparisthebest
easy and done
Dave Cridlandhas left
Alex
moparisthebest: it would be easy when I would have a subdomain for my XMPP server, or a domain which I don't use on other servers
SaltyBones
wait..isn't there something wrong with this? that allows me to get certs for your machine, no?
moparisthebest
SaltyBones, only if you have my letsencrypt account key
Kev
moparisthebest: So that on the HTTP server is enough to be able to generate a cert on the XMPP server?
moparisthebest
which is the same on all servers
SaltyBones
Oh, is that included in the cert?
moparisthebest
yes Kev
SaltyBones
Because I can just say "letsencrypt gimme cert for $yourdomain" and it will go to your domain and check if the file is there, think that it is, give me the cert...no?
tuxhas joined
ludohas left
ludohas joined
danielhas left
dwdhas left
moparisthebest
SaltyBones, this part return 200 "$1.YOUR_LETSENCRYPT_ACCOUNT_KEY_HASH";
moparisthebest
letsencrypt expects it to return the hash of the requesting key in there
SaltyBones
kk
moparisthebest
you'd have to have that key for the challenge to pass
SaltyBones
so I actually need to prove that I have a key with that hash?
moparisthebest
so if you hack into my server and steal that key you can get certs for my domains, but, if you hack into a server that's true anyway
moparisthebest
yep
SaltyBones
okay
Dave Cridlandhas left
Alex
this is exactly how all the big web providers handle it in their apache or nginx configurations
rtq3has left
Alex
and part of my problem, because I use PAAS for my HTTP servers, they don't allow me to control the ./sell-known/ route :( The automatcially handly it with their key always
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Alexhas left
Dave Cridlandhas left
jjrhhas left
dwdhas left
andyhas joined
danielhas left
jjrhhas left
Dave Cridlandhas left
rtq3has joined
jjrhhas left
jjrhhas left
Dave Cridlandhas left
jjrhhas left
lumihas left
Alexhas joined
Dave Cridlandhas left
Dave Cridlandhas left
ralphmhas joined
danielhas left
Dave Cridlandhas left
jjrhhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
danielhas left
Dave Cridlandhas left
dwdhas left
andyhas left
Dave Cridlandhas left
andyhas joined
dwdhas left
Dave Cridlandhas left
Dave Cridlandhas left
j.rhas left
j.rhas joined
Dave Cridlandhas left
moparisthebest
ah yea then you have to use the DNS challenge
Dave Cridlandhas left
Dave Cridlandhas left
moparisthebest
this works perfect in my setup because I have 2 http servers, one for burtrum.org and one for moparisthebest.com, and 1 xmpp server that serves both, so it's nice they don't need to communicate and each can get the proper certs automatically
Guushas left
Dave Cridlandhas left
blablahas left
Dave Cridlandhas left
Guushas left
rtq3has left
dwdhas left
Kev
Which only works if you're prepared to set up 'bad' A records for your things like pubsub, MUC etc. pointing to the HTTP server.
Guushas left
Dave Cridlandhas left
ralphmhas joined
moparisthebest
I guess, all mine just redirect you to the right domain anyway, don't see the harm
moparisthebest
but if you don't want to mess with it, DNS challenge