XSF Discussion - 2018-04-26


  1. MattJ

    edhelas, https://edhelas.movim.eu/ certificate expired

  2. edhelas

    damn

  3. edhelas

    just had to restart nginx …

  4. pep.

    reload*

  5. pep.

    Don't restart for nothing

  6. edhelas

    yeah that is what I didn't understood

  7. edhelas

    reload didn't worked

  8. edhelas

    I have to check

  9. winfried

    GDPR meeting?

  10. pep.

    Give me a minute!

  11. winfried

    only one?

  12. Dave Cridland

    Do the minutes from the GDPR meetings conform to the GDPR?

  13. pep.

    !

  14. pep.

    Dave Cridland, I only report public discussions, so I assume so

  15. pep.

    Maybe mailman could put a few more disclaimers when subscribing though

  16. winfried

    Dave Cridland: of course not, the biggest leaks are at the plumbers house!

  17. jonasw

    I’m there, just a sec

  18. jonasw

    .

  19. jonasw

    now I’m there

  20. winfried

    Ge0rG present?

  21. winfried is not waiting for GeOrG and banging the gafel

  22. jonasw

    \o/

  23. pep.

    okay

  24. winfried

    We did a splendid job on metadata last time, most of it is 1 to 1 applicable to [stanza|user provided] content too

  25. pep.

    yep

  26. winfried

    The only thing that needs a bit of consideration IMHO is MAM

  27. jonasw

    why?

  28. pep.

    I thought we already settled on that

  29. pep.

    Apart from the TODO items

  30. winfried

    all processing is done under article 6.1b / 49.1b except for MAM, when using your own archive, it is 6.1a (consent) and the storage at somebody else should be a case of 6.1f (legitimate interest of third party)

  31. winfried

    are you still there?

  32. pep.

    I agree for 6.1a for own archives, and I see the logic for 6.1f, but that goes against what we said no?

  33. jonasw

    I’m still there

  34. pep.

    That messages sent to a recipient are this under this recipient's consent

  35. jonasw

    I don’t see why other peoples archive isn’t covered by "messages sent to other users are subject to policies those users agreed to"

  36. winfried

    jonasw: good point

  37. pep.

    winfried, I fear it's not only MAM we'd have to treat differently if we went that way

  38. winfried

    that is indeed a result of consciously transfering the data to the other entity

  39. winfried

    so, indeed skip the 6.1f part (and from the table, plz put it in the minutes)

  40. pep.

    ok

  41. winfried

    So, left is: ensure 6.1a is taken care of in MAM, aka, consent and of by default...

  42. winfried

    ... and possibility to withdraw consent

  43. pep.

    Right

  44. winfried

    and that one was already on the technical ToDO ;-)

  45. pep.

    "Right to erasure" is already more or less implemented right?

  46. jonasw

    pep., depends

  47. pep.

    Maybe I'm skipping steps

  48. jonasw

    there’s no way to truncate MAM via protocol currently.

  49. jonasw

    Holger argued that it’s requested so rarely that it isn’t needed to encode in protocol and manual handling is entirely feasible

  50. pep.

    jonasw, hmm, ok, I was thinking about the entire account

  51. jonasw

    pep., that’s truncation

  52. jonasw

    or do you mean non-MAM content, too?

  53. pep.

    everything

  54. jonasw

    right

  55. jonasw

    we don’t have that

  56. jonasw

    but that’s probably okay-ish to defer to manual operator intervention at this stage.

  57. pep.

    When you request account deletion, what's being deleted?

  58. Holger

    jonasw: Actually I just mentioned it's requested rarely without argueing for anything :-)

  59. Holger

    jonasw: I wouldn't mind such a feature at all, esp. if we manage to keep it simple.

  60. jonasw

    Holger, sorry, lost in translation :(

  61. pep.

    I don't think prosody keeps anything does it?

  62. winfried

    Truncating an entire account and truncating your MAM should be possible separate form each other

  63. jonasw

    winfried, agreed

  64. pep.

    winfried, sure

  65. jonasw

    pep., I’m rather sure that prosody won’t delete HTTP upload-ed files

  66. jonasw

    Holger, my idea was something like a disco#info feature + <iq><mam-truncate/></iq>, which simply drops all of your MAM archive.

  67. winfried

    jonasw: good point

  68. jonasw

    I suggest that we put together a list of user data which is currently commonly held as a guideline for operators

  69. jonasw

    - HTTP Uploaded files - MAM contents - Offline messages (if separate from MAM) - Roster - XML Private Storage - PEP

  70. winfried

    jonasw: yes, can also be an important part for an EULA

  71. Holger

    jonasw: Sounds good to me. But people *will* want more features for sure, so maybe we should clarify right from the start whether or not we'll resist adding them.

  72. jonasw

    - HTTP Uploaded files - MAM contents - Offline messages (if separate from MAM) - Roster - XML Private Storage - PEP - Ephemerally cached stuff (last presence stanza)

  73. Holger

    jonasw: Because if we end up with more features anyway, we might want different syntax from the start.

  74. jonasw

    Holger, sure, this isn’t the place for that though :)

  75. Ge0rG

    Sorry I'm late, had an unexpected appointment

  76. winfried

    Ge0rG: welcome

  77. Ge0rG

    Good progress you've made today

  78. Ge0rG

    There are some other prosody todos like actually deleting MAM after N days even if the user didn't log in

  79. winfried

    jonasw Holger, the list should be writen as baseline, but if a server operator wishes to do other processings, it should be added to the list (and have its own legal stuff)

  80. Ge0rG

    And probably also deleting the files from their http upload, both after N days and on account deletion

  81. Ge0rG

    mod_gdpr_timer anyone?

  82. winfried

    Lets not focus on one implementation and its bug list ;-)

  83. pep.

    People doing http-upload usually keep track of who uploads what?

  84. pep.

    Is this a thing?

  85. jonasw

    pep., no, it’s not :)

  86. jonasw

    and that’s probably the problem :)

  87. pep.

    hehe

  88. winfried

    yeah, that one is needed for deleting it....

  89. pep.

    Another TODO

  90. jonasw

    is there a specified maximum time an operator can take for deleting data after receiving the request?

  91. winfried

    yes

  92. pep.

    jonasw, for the "what data do you have on me request" I think it's a month,

  93. pep.

    I'm not sure about deletion

  94. winfried is reading the bible again

  95. jonasw

    if it’s like 7 days, operators could just go with the natural http upload expiry they might have

  96. Ge0rG

    pep.: you can extend the time by sending back a whiny response how hard is it to gather all the data ;)

  97. pep.

    jonasw, you mean "natural expiry" of "none"?

  98. pep.

    :)

  99. Ge0rG

    jonasw: what happens with the things the user uploads things while their request is pending?

  100. pep.

    Ge0rG, but then you'd have to explain that to the ICO? :P

  101. Ge0rG

    jonasw: what happens with the things the user uploads while their request is pending?

  102. winfried

    my bible says: "deletion without unreasonable delay", at least within a month :-D

  103. jonasw

    is "uh, we don’t track who owns which file so we have to rely on normal expiry" a reasonable delay? :)

  104. pep.

    :P

  105. winfried

    jonasw: LOL! I guess not

  106. pep.

    In doubt, ask for consent!

  107. Ge0rG

    jonasw: just replace all http uploaded files with a goatse overlayed with "no consent"

  108. jonasw

    *all*?

  109. jonasw

    even those of other users?

  110. Ge0rG

    yeah, you can't know for sure

  111. winfried

    todo: write a XEP that asks all other users on consent when one user requests deletion of HTTP-upload content :-D

  112. Ge0rG

    winfried: sounds like the blockchain approach

  113. pep.

    What was that potential XEP again? http-uplod slot that wouldn't expire

  114. pep.

    For avatars and whatnots

  115. winfried

    But HTTP-upload deletion needs to be covered too, unfortunately

  116. winfried

    jonasw: to return to the question if expiry will be enough here: only if it expires *fast*

  117. jonasw

    what’s "fast"?

  118. jonasw

    1h? 1d? 7d? 30d?

  119. winfried

    jonasw: I would say 7d

  120. jonasw

    ok

  121. winfried

    But from a legal point of view, real deletion would be better (and more flexible)

  122. pep.

    yes

  123. winfried

    So do we want to add deletion to HTTP-file upload?

  124. pep.

    Also prevent trolls from uploading stuff when they've requested deletion

  125. jonasw

    winfried, I’m not sure if it should be added to the protocol.

  126. pep.

    winfried, where does it say "deletion without unreasonable delay" exactly?

  127. pep.

    Do we want an EULA XEP + informational GDPR XEP?

  128. winfried

    art 17.1

  129. pep.

    Or do we want to change others

  130. jonasw

    and if so, it needs to be thought out because the HTTP server and the XMPP server may not be the same entity. but it should be mentioned in the HTTP Upload XEP that implementations must allow the operator to delete all files of an individual user as well as individual files.

  131. jonasw

    pep., it’s safer to include such information in the relevant XEPs than having a another XEP which people must play attention to.

  132. pep.

    jonasw, hah, good point

  133. pep.

    (for both)

  134. jonasw

    maybe add a "Privacy Considerations" section.

  135. pep.

    Right

  136. pep.

    Maybe that could be added into the template now

  137. winfried

    pep.: +1

  138. jonasw

    I think historically we had this in the Security Considerations

  139. jonasw

    but this is a separate thing IMO

  140. winfried

    jonasw: +1

  141. pep.

    Even if both are entangled, they're not exactly the same :x

  142. jonasw

    should that section be REQUIRED or RECOMMENDED?

  143. jonasw

    I think having it REQUIRED is sane.

  144. winfried

    jonasw: yes, and maybe add some items to the template that help structuring and analyzing it

  145. jonasw

    winfried, would be glad to do that if I get input on that

  146. pep.

    I would say RECOMMENDED, but I could see both

  147. winfried

    jonasw: I can help there

  148. pep.

    jonasw, oh, that's for the template, so XEP authors?

  149. jonasw

    pep., I think REQUIRED makes sense. Even if the section is just "no user data is collected, thus there are no considerations".

  150. pep.

    Then REQUIRED

  151. jonasw

    pep., yes.

  152. winfried

    jonasw: can we return to the HTTP upload for a moment? We should not change that XEP?

  153. jonasw

    winfried, I’m pretty sure we should change it

  154. pep.

    change what

  155. pep.

    exactly

  156. jonasw

    at least it should get a note that operators MUST have a way to delete all files of a user.

  157. pep.

    Can we not just update it

  158. jonasw

    winfried, extending it with a flow which allows a user to IQ-request a URL where they can issue an HTTP DELETE to delete a file is another step I can see happening.

  159. jonasw

    pep., I’m not sure I understand

  160. pep.

    ok I'm just confused, nvm

  161. pep.

    jonasw, yes we'd need both I think

  162. winfried

    jonasw: should we open this discussion in the standards list?

  163. pep.

    winfried, yes

  164. jonasw

    winfried, seems ok

  165. jonasw

    I’ll write the mail right now.

  166. pep.

    We'll need to open a few threads anyway :P

  167. winfried

    jonasw: thanks!

  168. pep.

    See TODOs

  169. pep.

    jonasw, PR then thread maybe?

  170. pep.

    Unless it's not exactly clear yet

  171. jonasw

    damn, I’m getting pulled away

  172. jonasw

    will do

  173. pep.

    cool

  174. winfried

    cool +1 ;-)

  175. pep.

    I brought right to erasure to the table, but is it ok? What else is there to do on 1.1e

  176. winfried

    pep.: it is totally ok

  177. pep.

    We haven't done server logs? remote components?

  178. winfried

    correct

  179. winfried

    but server logs is clear cut: recommendation for server operators

  180. winfried

    remote components is covered by 6.1b and no need for extra measures (in line with the earlier decisions)

  181. pep.

    winfried, "recommendation for server operators", what do you mea

  182. pep.

    mean

  183. winfried

    pep.: we should mention to server operators what they should and should not do with the logs to stay within the GDPR

  184. pep.

    Ok, subject for next time then?

  185. pep.

    We should probably start opening threads for the TODOs and Technical TODOs

  186. pep.

    so we can see results quick

  187. winfried

    yes

  188. winfried

    But I believe we have covered 1 by now!

  189. pep.

    I want a bit more details for server logs, for the minutes/wiki, but yeah

  190. pep.

    Lots of things to act on now

  191. pep.

    See we can see for the XSF.

  192. pep.

    I guess it'll benefit from all we do for the other operators anyway. And then the wiki, maybe we just need to state during registration that it's all public?

  193. pep.

    as PII, only keep email addresses are stored?

  194. winfried

    pep.: Ge0rG mentioned this one http://www.privacy-regulation.eu/en/r49.htm

  195. pep.

    winfried, yeah but I thought maybe we can dillute that a bit in guidelines

  196. winfried

    pep.: yes, agreed

  197. pep.

    Date of next maybe?

  198. winfried

    Looking at the time: ...

  199. winfried

    we need to check if 1 covers 2 fully

  200. winfried

    and then start all over again for 3 :-D

  201. pep.

    no as it's not only XMPP, for 2

  202. pep.

    wiki, mailing lists

  203. pep.

    Ah wait

  204. pep.

    That's 3

  205. winfried

    ;-)

  206. winfried

    And we need to polish the list of tasks and put names under it...

  207. pep.

    Right

  208. winfried

    and report to the board

  209. winfried

    (and council)

  210. jonasw

    re

  211. jonasw

    sorry, I had to let an ISP technician in

  212. pep.

    Date of next? +1 no good for me

  213. pep.

    Next week I should be able to do any

  214. jonasw

    next week has my usual constraints

  215. winfried

    apr 30 12:30 CEST?

  216. pep.

    worksforme

  217. jonasw

    should be able to

  218. winfried

    Ge0rG ^^^

  219. winfried

    pep.: I was still in the process op updating the table and processing your previous minutes.. will continue with that

  220. winfried

    Guess Ge0rG is afk again...

  221. winfried

    If write it down, pending objections from Ge0rG

  222. jonasw

    yeah

  223. jonasw

    thanks all :)

  224. jonasw

    we’re doing good progress here

  225. winfried

    jonasw: yeah, thank you too!

  226. winfried

    the pieces are falling together nicely

  227. pep.

    I'm running away, will confirm date of next if Ge0rG can't do, it should work for me anyway

  228. winfried

    yes, plz!

  229. winfried forgot to bang the gafel. *BANG*

  230. jonasw

    winfried, will you provide me with a list of guiding questions I can put into the Privacy Considerations template sections

  231. jonasw

    winfried, will you provide me with a list of guiding questions I can put into the Privacy Considerations template section?

  232. winfried

    jonasw: the bottom line is we want to know if anything is done that is not covered by 6.1b or 6.1a

  233. winfried

    lets try to make that one not too bureaucratic

  234. winfried

    Does the extension describe any processing that is not obvious to the user?

  235. winfried

    If so, does the extension mandate consent for it?

  236. winfried

    And if so, can the consent be retracted?

  237. Ge0rG

    Sorry folks. I *think* I can make 30th 12:30

  238. winfried

    and also: are there any additional risks, like profiling, analyzing sensitive data or automated decisions? If so, what measures are taken against that?

  239. winfried

    Ge0rG: then you will be with us at least in thought ;-)

  240. winfried

    Ge0rG: plz drop a not when you know more

  241. winfried

    s/not/note/

  242. winfried

    jonasw: enough to get started like this?

  243. Ge0rG

    winfried: I'll have to decide on short notice. The next week will be rather rough, I'm finally moving to the new house

  244. winfried

    Ge0rG: congrats!

  245. winfried

    let us know, plz give us feedback in other ways otherwise!

  246. Ge0rG

    winfried: don't make it depend on me; ping me when you start and I'll try to be here

  247. Zash

    Do HTTP uploads count as message content?

  248. winfried

    Zash: yes, user provided content to be precise

  249. Zash

    I saw mention of "legitimate interest" for the message receiver, I wondered if that covers uploaded content as well

  250. Ge0rG

    Zash: I think so, yes

  251. winfried

    Zash: we decided to abandon that line of thought, sending a message / file is just a transfer

  252. Zash

    The (currently at least) technical difference is that files are still hosted at the sender

  253. winfried

    Zash: yes, good point. But from a legal perspective there is no need to give the receiver based on 'legitimate interest' any rights to that. That would just open a legal minefield

  254. Zash

    It touches on a recent discussion about possibly re-hosting files at the receivers server, or providing a HTTP proxy, to provide some privacy protection to the receiver

  255. winfried

    Zash: the issue is the 'right to be forgotten': transferring data to a proxy or re-hosting it at the receivers server doesn't change that right, neither does the legitimate interest argument

  256. MattJ

    So if it wasn't hosted at the receiver's server, but the receiver downloaded it and kept it on their PC...?

  257. Zash

    I'm not sure what 'right to be forgotten' means exactly. I assume you can't ask service provider A to forget something and have provider B also forget about it.

  258. winfried

    MattJ: then it is transferred to the intended user, demanding deletion depends on the use of it by the receiver, personal use is not regulated, other use is subject to right to be forgotten

  259. winfried

    Zash: no, you have to ask both

  260. Zash

    winfried: Sounds like fun if you'd dropped something into a large groupchat :D

  261. winfried

    That is my job, and I love my work :-P

  262. Zash yells "Information wants to be free!" and runs away

  263. Zash

    .. to get more coffee

  264. Ge0rG

    https://twitter.com/leinweber/status/989267343002951680

  265. Ge0rG

    We need that too!

  266. nyco

    test

  267. nyco

    Test

  268. Guus

    (it works)

  269. nyco is ready for the board meeting! 😉

  270. Guus

    congrats on the new job, Nyco!

  271. Guus

    congrats on the new lap around the sun, Dave

  272. Guus

    I'm all out of congrats now.

  273. Kev

    I feel I deserve a congrats just for getting out of bed in the morning, frankly.

  274. Guus

    Kev, you did not get my card?

  275. ralphm set the topic to

    XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  276. Kev

    Lost in the post, I fear.

  277. ralphm bangs gavel

  278. ralphm

    0. Welcome and Agenda

  279. Guus

    Bastards. It was not easy to find an appropriate one. Hallmark apparently does not have a card for every occasion after all...

  280. ralphm

    Hi! Who do we have, and do you have something for the agenda?

  281. Guus

    I'm here, nothing new for the agenda.

  282. ralphm

    Also congrats to all around.

  283. nyco

    well, we can revive cafepress? take a decision?

  284. MattJ

    Hey

  285. ralphm

    nyco: that's already on the agenda

  286. ralphm

    Anyway, Martin sent apologies.

  287. ralphm

    1. Minute taker

  288. ralphm

    Who?

  289. MattJ

    I'll do them

  290. Guus

    (I'm again pressed for time, sorry)

  291. Guus

    tx

  292. ralphm

    2. Topics for Decisions

  293. ralphm

    I'll pull the Swag one here.

  294. ralphm

    nyco

  295. nyco

    so what's our decision I'd go for a try, let's say a few months, see how much time we spend, how much money we get, how good/bad press we have

  296. MattJ

    I'm good with that

  297. Guus

    what does that look like?

  298. ralphm

    Who'd "manage" the "shop", including providing designs?

  299. ralphm

    I have never done something like this

  300. nyco

    I can lead, or someone does in which case I can help

  301. nyco

    the designs would only be the logo for the beginning

  302. ralphm

    And what is the Royalties thing?

  303. nyco

    I sent an email around that, could you read it?

  304. Guus

    I think we have an option to either pay upfront, or have a percentage deduced from our earnings (but not have upfront costs).

  305. Guus

    I'd prefer the latter for now, while we're experimenting. If only because it reduces the complexity of setting things up, I imagine.

  306. ralphm

    nyco: I did, and I didn't understand

  307. Dave Cridland

    I have various chunks of artwork around in EPS/SVG if anyone needs them.

  308. nyco

    sure

  309. ralphm

    (cause if I didn't read it, how would I know about Royalties?)

  310. nyco

    right ;-)

  311. ralphm

    Dave Cridland: same here

  312. MattJ

    ]

  313. nyco

    I think until a certain threshold, it is a % fee

  314. ralphm

    Dave Cridland: like the little design I did for a potential Summit shirt. I also have the correct fonts

  315. nyco

    the markup is big, as always (like AppStores at 30%)

  316. MattJ

    nyco, oh, I thought from the email it was 10%?

  317. Guus

    Note that it is 10% of the _royalties_, which is _not_ equal to the sales volume.

  318. ralphm

    So like a t-shirt (tri-blend) seems to sell for $29.99. How much would we gain from this?

  319. Guus

    I don't know what amount of royalties we get for a sale.

  320. ralphm

    Guus: right, that's why I want to know what Royalties means

  321. nyco

    all right, so I thought I understood, which does not seem true anymore

  322. Guus

    From what I understood from that site (I browsed a little)

  323. Guus

    they have a base price for items

  324. nyco

    I understand we need to know+understand more about royalties before taking a decision, is that correct?

  325. Guus

    you can add your own markup

  326. Guus

    that's what you receive as 'royalties', and from which their fee is deduced.

  327. ralphm

    It seems that this is more informative: https://www.cafepress.com/cp/info/help/shop_services.aspx

  328. Guus

    https://www.cafepress.com/cp/info/sell/index.aspx?area=intro_money&page=intro_money

  329. ralphm

    So, for this meeting, I think we need to agree at least if we'd like to do something like this, and then evaluate which actual shop we'd like to use.

  330. Dave Cridland

    https://www.cafepress.com/p/help-creating-selling-earning-money and https://www.cafepress.com/cp/info/help/pricing_policy.aspx seem to explain it.

  331. Guus

    Ralph, to be honest, as long as we're not spending money, I don't mind to much.

  332. ralphm

    E.g. I'm wary of this part: “n order to keep designs fresh and of high quality as we launch new products, styles, and printing technologies, solely for designs that you are selling through the CafePress Marketplace: (i) CafePress may automatically add your designs to additional products in the CafePress Marketplace; and (ii) in order to improve the printing quality, CafePress may automatically modify your designs (e.g., cleaning up JPG artifacting, adjusting colors for different printers and products, and adjusting design placement on products).”

  333. nyco

    that's correct, not only cafepress offers those kind of services

  334. Guus

    Ralphm: I see no problem with that text you just quoted.

  335. nyco

    "CafePress may automatically add your designs to additional products in the CafePress Marketplace", what does this mean?

  336. Guus

    "if we sell new types of swag, we might automatically add these with your branding on it."

  337. Kev

    When they add a new product (now they sell garden fences), they can add your logo to garden fences and sell XSF garden fences.

  338. Dave Cridland

    nyco, You make a t-shirt, they do a mug.

  339. MattJ

    I'm guessing (but don't know) that it means you opt to sell a t-shirt, but they also offer a mug

  340. nyco

    I'll have to jump on another meeting at 16:00

  341. ralphm

    So let's separate this: do we want to sell swag in a shop "like cafepress"?

  342. nyco

    yes

  343. ralphm

    I'm +1.

  344. Guus

    +1

  345. MattJ

    +1

  346. Kev

    Sounds at worst harmless to me, from the peanut gallery, too.

  347. ralphm

    Ok, decided we'd like to do this.

  348. nyco

    so I'll find alternatives to caferpress

  349. ralphm

    Then the second part is which shop. I read something about Cafepress "mailing checks". We don't have checks anymore in .nl, so I don't know how this works, but given that we are incorporated, I suppose that could still work?

  350. Guus

    I think we should OK whatever choice we make with our Treasurer.

  351. Guus

    to verify that we can facilitate the way money exchanges, I mean.

  352. ralphm

    Ok, nyco to find out. Let me know when I can help with designs

  353. nyco

    now...

  354. ralphm

    :-D

  355. ralphm

    3.

  356. nyco

    send me what you got?

  357. ralphm

    3. AOB

  358. Guus

    (no AOBs from me)

  359. ralphm

    We've got 4 minutes. Anything we need to do now?

  360. MattJ

    Survey

  361. nyco

    the next newsletter is getting readier everyday

  362. MattJ

    A couple of brief questions:

  363. ralphm

    nyco: yay

  364. MattJ

    we need to agree on the scope - should it be members-only, or open?

  365. nyco

    currently, as it is today, the members

  366. Guus

    I have no strong preference there.

  367. ralphm

    Oh, I can report we gained github.com/xmpp. I've given control to intosi and Kev, and we can figure out what to do with this

  368. ralphm

    MattJ: let's go with members for now

  369. MattJ

    Ok

  370. nyco

    if we want to go broader, then we should grow our ambitions, make it wider, obey all the surveying rules, promote it in a proper way, have time to interpret and analyse the results, report to the board and members

  371. nyco

    I'd like we do such a survey soon

  372. MattJ

    Feel free to draft and prepare such :)

  373. Guus

    Did you have more questions, MattJ?

  374. nyco

    exactly

  375. MattJ

    Guus, I think that's it for now

  376. MattJ

    Should I just send it this week?

  377. MattJ

    to members@

  378. ralphm

    Yes

  379. Guus

    go for it.

  380. MattJ

    Ok!

  381. nyco

    yes, please, and thanks for this

  382. ralphm

    Thanks!

  383. ralphm

    4. Date of Next

  384. MattJ

    Then that's all

  385. ralphm

    +1W

  386. MattJ

    wfm

  387. Guus

    wfm

  388. nyco

    yep

  389. nyco

    thx all!

  390. ralphm

    5. Close

  391. MattJ

    Thanks

  392. ralphm

    Thanks!

  393. ralphm

    And more congrats were due.

  394. ralphm bangs gavel

  395. Guus

    congrats!

  396. Ge0rG

    Now I want to have an "XSF" shaped garden fence

  397. Guus

    I trust that you will appropriately motivate CafePress.com to add that to their collection.

  398. Ge0rG

    Ah, the times when laser-cut XMPP stickers were the cool stuff.

  399. Guus

    ... showing your age ...

  400. Ge0rG

    Who needs laser-cut stickers if you can 3D printed garden fences.

  401. Ge0rG

    I think we should do A/B testing of our brand by offering "Jabber" everything that we also offer "XMPP" of

  402. Guus

    I don't know if we can use the Jabber trademark for swag.

  403. Ge0rG

    I wonder if the XSF needs a permission from the XSF to use the trademar. Peter will love the idea.

  404. Ge0rG

    > Otherwise, the fee is $250.00 for use of the mark in connection with Jabber accessories or any use other than software or computer hardware

  405. Ge0rG

    I can't even find a mention of the 250$ fee in the license agreement.

  406. Ge0rG

    But I should stop now. I think everybody still remembers my contempt for the license situation from the last time I tried to fix it.

  407. jonasw

    where’s the license agreement?

  408. jonasw

    I thought we only had that declaration of intent

  409. Ge0rG

    jonasw: https://xmpp.org/about/xsf/jabber-trademark/trademark-license-agreement.html

  410. Ge0rG

    > The <tt>url</tt> attribute of the <tt>delete-slot</tt> element must refer to the GET URL for the file. The server replies with a URL which can be used by the client to delete the file Wait. What?

  411. Ge0rG

    jonasw: is there a reason why the server shouldn't just immediately delete?

  412. jonasw

    Ge0rG, the XMPP server and the HTTP server might be on different machines.

  413. jonasw

    I can also imagine that we leave it up to the server whether the client has to DELETE or whether it deletes right away (indicated by lack of the <delete/> child). but I’m not sure there are use-cases for that.

  414. jonasw

    (it might be that it’s required to do that in some circumstances though, where DELETE can’t be authorized properly with a token; not sure if such scenarios exist)

  415. Ge0rG

    I can see how off-loading PUT makes sense, but what's wrong with having the XMPP server do whatever HTTP request?

  416. jonasw

    I can see why XMPP servers might not want to have an HTTP client.

  417. Zash

    jonasw: Can you have anything without a HTTP client these days? :/

  418. jonasw

    Zash, :(

  419. Ge0rG

    Does sed have an HTTP client?

  420. Ge0rG

    Or bash?

  421. Ge0rG

    jonasw: did you submit the bot to HN already?

  422. jonasw

    bash, it would be trivial to do one (sockets)

  423. jonasw

    sed, not

  424. Ge0rG

    I've written a web *server* in bash, some twenty years ago.

  425. jonasw

    Ge0rG, too lazy to get an account etc.

  426. Ge0rG

    okay, maybe not quite 20. But it was at a time when dialup was the thing in Germany

  427. Ge0rG

    jonasw: I'd create one for you, but I'm sure it'll be tainted as a sock puppet

  428. ralphm

    Somebody wrote an HTTP server in PostScript

  429. Ge0rG

    It's what's running on HP LaserJets, right?

  430. ralphm

    Not sure

  431. jonasw

    haha

  432. ralphm

    jonasw: http://www.pugo.org/project/pshttpd/

  433. SamWhited

    That's horrifying…

  434. jonasw

    you are aware of the atrocity I did? https://github.com/horazont/xmpp-echo-bot/

  435. jonasw

    (it’s not as harmless as it looks like from the URL…)

  436. Lance

    jonasw: I am simultaneously appalled and in awe. wow

  437. moparisthebest

    same Lance , nice work jonasw :)

  438. jonasw

    thanks :D

  439. jonasw

    that was the kind of reaction I was going for, Lance

  440. Ge0rG

    Lance: that'd be a great testimony for the README, if you are okay with it

  441. Lance

    of course :)

  442. Ge0rG

    I'd do a PR, but I don't know the Canonical Order of Testimonials

  443. jonasw

    good point

  444. jonasw

    Lance, where, if any, should I link to at your name?

  445. Ge0rG

    That, too.

  446. Ge0rG

    jonasw didn't ask me that question...

  447. Lance

    github.com/legastero works

  448. Ge0rG

    https://lance.im/ looks like a prosody 404

  449. Zash

    Neat

  450. Lance

    as it should

  451. jonasw

    Ge0rG, sure, but I knew where I could link, I don’t know for Lance

  452. jonasw

    published

  453. Maranda

    It's behind joo.

  454. moparisthebest

    did anyone post this before? ew https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app/

  455. moparisthebest

    it's amazing what millions of dollars of investor money can buy

  456. jjrh

    Geez

  457. UsL

    sad..

  458. jjrh

    I mean I guess good for them.

  459. jjrh

    Is the matrix standard even finalized yet?

  460. jjrh

    nah guess not - it's r0.3.0 and it's a 'living standard'

  461. Wiktor

    interesting comments w.r.t. Matrix as a standard: https://news.ycombinator.com/item?id=16933736

  462. Zash

    Define interesting

  463. Wiktor

    Zash: adj. Arousing or holding the attention; absorbing

  464. UsL

    : D

  465. Wiktor

    this comment seems to claim the protocol is highly unstable: https://news.ycombinator.com/item?id=16935012

  466. moparisthebest

    who cares if the protocol is unstable if 1 company is producing all the servers and clients?

  467. Zash

    Their spec pages do too

  468. Wiktor

    moparisthebest: I guess not the French government ;)

  469. moparisthebest

    also, no way anyone in france's govt even knows what a 'protocol' is

  470. moparisthebest

    all they know is they want a fancy chat app

  471. Wiktor

    *encrypted* fancy chat app

  472. Wiktor

    encrypted sells nowadays ;)

  473. Maranda

    They know enough to be willing to put spyware in your router firmware to satisfy music recording firms against piracy.

  474. Maranda

    🤨

  475. moparisthebest

    that sounds horrifying

  476. moparisthebest

    but I'm guessing they still don't know, only that music industry said it will 'save the music industry'

  477. Zash

    moparisthebest: Yeah, they'll be in exactly the situation they claim to have avoided once another implementation becomes popular enoguh.

  478. moparisthebest

    Zash, well worse if there are no standardized protocols or consensus, but yes

  479. Zash

    > Alternatives like Prosody's XMPP server implementation dropped websocket support in favor of BOSH years ago I don't even.

  480. Maranda

    :O

  481. Maranda

    :O

  482. moparisthebest

    where is that from?

  483. Maranda wonders what to do next now that Lua Garbage Collector is happy.

  484. Zash

    Second-to-top comment on that HN thread

  485. Zash

    https://news.ycombinator.com/item?id=16933736

  486. Maranda

    I should find myself something costructive to do.

  487. Maranda

    Maybe going to bed falls in that department.

  488. Maranda

    :P

  489. Zash

    Agh, all links go to the top post! This one https://news.ycombinator.com/item?id=16935094

  490. fippo

    zash: lets blame lance for that!

  491. jjrh

    I mean in theory going with at open protocol with a open client/server is better than paying IBM or whoever a bunch of money for a solution that sucks and can't be improved internally.

  492. jjrh

    On the other hand if they went with XMPP they would have multiple vendors who would compete on RFP's

  493. Zash

    Huh?

  494. Zash

    Isn't the point of RFPs to draft them tailored to a specific vendor?

  495. jjrh

    er probably used that wrong - I mean when the government wants a new feature or whatever multiple companies are going to be sending in bids.