-
MattJ
edhelas, https://edhelas.movim.eu/ certificate expired
-
edhelas
damn
-
edhelas
just had to restart nginx …
-
pep.
reload*
-
pep.
Don't restart for nothing
-
edhelas
yeah that is what I didn't understood
-
edhelas
reload didn't worked
-
edhelas
I have to check
-
winfried
GDPR meeting?
-
pep.
Give me a minute!
-
winfried
only one?
-
Dave Cridland
Do the minutes from the GDPR meetings conform to the GDPR?
-
pep.
!
-
pep.
Dave Cridland, I only report public discussions, so I assume so
-
pep.
Maybe mailman could put a few more disclaimers when subscribing though
-
winfried
Dave Cridland: of course not, the biggest leaks are at the plumbers house!
-
jonasw
I’m there, just a sec
-
jonasw
.
-
jonasw
now I’m there
-
winfried
Ge0rG present?
- winfried is not waiting for GeOrG and banging the gafel
-
jonasw
\o/
-
pep.
okay
-
winfried
We did a splendid job on metadata last time, most of it is 1 to 1 applicable to [stanza|user provided] content too
-
pep.
yep
-
winfried
The only thing that needs a bit of consideration IMHO is MAM
-
jonasw
why?
-
pep.
I thought we already settled on that
-
pep.
Apart from the TODO items
-
winfried
all processing is done under article 6.1b / 49.1b except for MAM, when using your own archive, it is 6.1a (consent) and the storage at somebody else should be a case of 6.1f (legitimate interest of third party)
-
winfried
are you still there?
-
pep.
I agree for 6.1a for own archives, and I see the logic for 6.1f, but that goes against what we said no?
-
jonasw
I’m still there
-
pep.
That messages sent to a recipient are this under this recipient's consent
-
jonasw
I don’t see why other peoples archive isn’t covered by "messages sent to other users are subject to policies those users agreed to"
-
winfried
jonasw: good point
-
pep.
winfried, I fear it's not only MAM we'd have to treat differently if we went that way
-
winfried
that is indeed a result of consciously transfering the data to the other entity
-
winfried
so, indeed skip the 6.1f part (and from the table, plz put it in the minutes)
-
pep.
ok
-
winfried
So, left is: ensure 6.1a is taken care of in MAM, aka, consent and of by default...
-
winfried
... and possibility to withdraw consent
-
pep.
Right
-
winfried
and that one was already on the technical ToDO ;-)
-
pep.
"Right to erasure" is already more or less implemented right?
-
jonasw
pep., depends
-
pep.
Maybe I'm skipping steps
-
jonasw
there’s no way to truncate MAM via protocol currently.
-
jonasw
Holger argued that it’s requested so rarely that it isn’t needed to encode in protocol and manual handling is entirely feasible
-
pep.
jonasw, hmm, ok, I was thinking about the entire account
-
jonasw
pep., that’s truncation
-
jonasw
or do you mean non-MAM content, too?
-
pep.
everything
-
jonasw
right
-
jonasw
we don’t have that
-
jonasw
but that’s probably okay-ish to defer to manual operator intervention at this stage.
-
pep.
When you request account deletion, what's being deleted?
-
Holger
jonasw: Actually I just mentioned it's requested rarely without argueing for anything :-)
-
Holger
jonasw: I wouldn't mind such a feature at all, esp. if we manage to keep it simple.
-
jonasw
Holger, sorry, lost in translation :(
-
pep.
I don't think prosody keeps anything does it?
-
winfried
Truncating an entire account and truncating your MAM should be possible separate form each other
-
jonasw
winfried, agreed
-
pep.
winfried, sure
-
jonasw
pep., I’m rather sure that prosody won’t delete HTTP upload-ed files
-
jonasw
Holger, my idea was something like a disco#info feature + <iq><mam-truncate/></iq>, which simply drops all of your MAM archive.
-
winfried
jonasw: good point
-
jonasw
I suggest that we put together a list of user data which is currently commonly held as a guideline for operators
-
jonasw
- HTTP Uploaded files - MAM contents - Offline messages (if separate from MAM) - Roster - XML Private Storage - PEP✎ -
winfried
jonasw: yes, can also be an important part for an EULA
-
Holger
jonasw: Sounds good to me. But people *will* want more features for sure, so maybe we should clarify right from the start whether or not we'll resist adding them.
-
jonasw
- HTTP Uploaded files - MAM contents - Offline messages (if separate from MAM) - Roster - XML Private Storage - PEP - Ephemerally cached stuff (last presence stanza) ✏
-
Holger
jonasw: Because if we end up with more features anyway, we might want different syntax from the start.
-
jonasw
Holger, sure, this isn’t the place for that though :)
-
Ge0rG
Sorry I'm late, had an unexpected appointment
-
winfried
Ge0rG: welcome
-
Ge0rG
Good progress you've made today
-
Ge0rG
There are some other prosody todos like actually deleting MAM after N days even if the user didn't log in
-
winfried
jonasw Holger, the list should be writen as baseline, but if a server operator wishes to do other processings, it should be added to the list (and have its own legal stuff)
-
Ge0rG
And probably also deleting the files from their http upload, both after N days and on account deletion
-
Ge0rG
mod_gdpr_timer anyone?
-
winfried
Lets not focus on one implementation and its bug list ;-)
-
pep.
People doing http-upload usually keep track of who uploads what?
-
pep.
Is this a thing?
-
jonasw
pep., no, it’s not :)
-
jonasw
and that’s probably the problem :)
-
pep.
hehe
-
winfried
yeah, that one is needed for deleting it....
-
pep.
Another TODO
-
jonasw
is there a specified maximum time an operator can take for deleting data after receiving the request?
-
winfried
yes
-
pep.
jonasw, for the "what data do you have on me request" I think it's a month,
-
pep.
I'm not sure about deletion
- winfried is reading the bible again
-
jonasw
if it’s like 7 days, operators could just go with the natural http upload expiry they might have
-
Ge0rG
pep.: you can extend the time by sending back a whiny response how hard is it to gather all the data ;)
-
pep.
jonasw, you mean "natural expiry" of "none"?
-
pep.
:)
-
Ge0rG
jonasw: what happens with the things the user uploads things while their request is pending?✎ -
pep.
Ge0rG, but then you'd have to explain that to the ICO? :P
-
Ge0rG
jonasw: what happens with the things the user uploads while their request is pending? ✏
-
winfried
my bible says: "deletion without unreasonable delay", at least within a month :-D
-
jonasw
is "uh, we don’t track who owns which file so we have to rely on normal expiry" a reasonable delay? :)
-
pep.
:P
-
winfried
jonasw: LOL! I guess not
-
pep.
In doubt, ask for consent!
-
Ge0rG
jonasw: just replace all http uploaded files with a goatse overlayed with "no consent"
-
jonasw
*all*?
-
jonasw
even those of other users?
-
Ge0rG
yeah, you can't know for sure
-
winfried
todo: write a XEP that asks all other users on consent when one user requests deletion of HTTP-upload content :-D
-
Ge0rG
winfried: sounds like the blockchain approach
-
pep.
What was that potential XEP again? http-uplod slot that wouldn't expire
-
pep.
For avatars and whatnots
-
winfried
But HTTP-upload deletion needs to be covered too, unfortunately
-
winfried
jonasw: to return to the question if expiry will be enough here: only if it expires *fast*
-
jonasw
what’s "fast"?
-
jonasw
1h? 1d? 7d? 30d?
-
winfried
jonasw: I would say 7d
-
jonasw
ok
-
winfried
But from a legal point of view, real deletion would be better (and more flexible)
-
pep.
yes
-
winfried
So do we want to add deletion to HTTP-file upload?
-
pep.
Also prevent trolls from uploading stuff when they've requested deletion
-
jonasw
winfried, I’m not sure if it should be added to the protocol.
-
pep.
winfried, where does it say "deletion without unreasonable delay" exactly?
-
pep.
Do we want an EULA XEP + informational GDPR XEP?
-
winfried
art 17.1
-
pep.
Or do we want to change others
-
jonasw
and if so, it needs to be thought out because the HTTP server and the XMPP server may not be the same entity. but it should be mentioned in the HTTP Upload XEP that implementations must allow the operator to delete all files of an individual user as well as individual files.
-
jonasw
pep., it’s safer to include such information in the relevant XEPs than having a another XEP which people must play attention to.
-
pep.
jonasw, hah, good point
-
pep.
(for both)
-
jonasw
maybe add a "Privacy Considerations" section.
-
pep.
Right
-
pep.
Maybe that could be added into the template now
-
winfried
pep.: +1
-
jonasw
I think historically we had this in the Security Considerations
-
jonasw
but this is a separate thing IMO
-
winfried
jonasw: +1
-
pep.
Even if both are entangled, they're not exactly the same :x
-
jonasw
should that section be REQUIRED or RECOMMENDED?
-
jonasw
I think having it REQUIRED is sane.
-
winfried
jonasw: yes, and maybe add some items to the template that help structuring and analyzing it
-
jonasw
winfried, would be glad to do that if I get input on that
-
pep.
I would say RECOMMENDED, but I could see both
-
winfried
jonasw: I can help there
-
pep.
jonasw, oh, that's for the template, so XEP authors?
-
jonasw
pep., I think REQUIRED makes sense. Even if the section is just "no user data is collected, thus there are no considerations".
-
pep.
Then REQUIRED
-
jonasw
pep., yes.
-
winfried
jonasw: can we return to the HTTP upload for a moment? We should not change that XEP?
-
jonasw
winfried, I’m pretty sure we should change it
-
pep.
change what
-
pep.
exactly
-
jonasw
at least it should get a note that operators MUST have a way to delete all files of a user.
-
pep.
Can we not just update it
-
jonasw
winfried, extending it with a flow which allows a user to IQ-request a URL where they can issue an HTTP DELETE to delete a file is another step I can see happening.
-
jonasw
pep., I’m not sure I understand
-
pep.
ok I'm just confused, nvm
-
pep.
jonasw, yes we'd need both I think
-
winfried
jonasw: should we open this discussion in the standards list?
-
pep.
winfried, yes
-
jonasw
winfried, seems ok
-
jonasw
I’ll write the mail right now.
-
pep.
We'll need to open a few threads anyway :P
-
winfried
jonasw: thanks!
-
pep.
See TODOs
-
pep.
jonasw, PR then thread maybe?
-
pep.
Unless it's not exactly clear yet
-
jonasw
damn, I’m getting pulled away
-
jonasw
will do
-
pep.
cool
-
winfried
cool +1 ;-)
-
pep.
I brought right to erasure to the table, but is it ok? What else is there to do on 1.1e
-
winfried
pep.: it is totally ok
-
pep.
We haven't done server logs? remote components?
-
winfried
correct
-
winfried
but server logs is clear cut: recommendation for server operators
-
winfried
remote components is covered by 6.1b and no need for extra measures (in line with the earlier decisions)
-
pep.
winfried, "recommendation for server operators", what do you mea
-
pep.
mean
-
winfried
pep.: we should mention to server operators what they should and should not do with the logs to stay within the GDPR
-
pep.
Ok, subject for next time then?
-
pep.
We should probably start opening threads for the TODOs and Technical TODOs
-
pep.
so we can see results quick
-
winfried
yes
-
winfried
But I believe we have covered 1 by now!
-
pep.
I want a bit more details for server logs, for the minutes/wiki, but yeah
-
pep.
Lots of things to act on now
-
pep.
See we can see for the XSF.
-
pep.
I guess it'll benefit from all we do for the other operators anyway. And then the wiki, maybe we just need to state during registration that it's all public?
-
pep.
as PII, only keep email addresses are stored?
-
winfried
pep.: Ge0rG mentioned this one http://www.privacy-regulation.eu/en/r49.htm
-
pep.
winfried, yeah but I thought maybe we can dillute that a bit in guidelines
-
winfried
pep.: yes, agreed
-
pep.
Date of next maybe?
-
winfried
Looking at the time: ...
-
winfried
we need to check if 1 covers 2 fully
-
winfried
and then start all over again for 3 :-D
-
pep.
no as it's not only XMPP, for 2
-
pep.
wiki, mailing lists
-
pep.
Ah wait
-
pep.
That's 3
-
winfried
;-)
-
winfried
And we need to polish the list of tasks and put names under it...
-
pep.
Right
-
winfried
and report to the board
-
winfried
(and council)
-
jonasw
re
-
jonasw
sorry, I had to let an ISP technician in
-
pep.
Date of next? +1 no good for me
-
pep.
Next week I should be able to do any
-
jonasw
next week has my usual constraints
-
winfried
apr 30 12:30 CEST?
-
pep.
worksforme
-
jonasw
should be able to
-
winfried
Ge0rG ^^^
-
winfried
pep.: I was still in the process op updating the table and processing your previous minutes.. will continue with that
-
winfried
Guess Ge0rG is afk again...
-
winfried
If write it down, pending objections from Ge0rG
-
jonasw
yeah
-
jonasw
thanks all :)
-
jonasw
we’re doing good progress here
-
winfried
jonasw: yeah, thank you too!
-
winfried
the pieces are falling together nicely
-
pep.
I'm running away, will confirm date of next if Ge0rG can't do, it should work for me anyway
-
winfried
yes, plz!
- winfried forgot to bang the gafel. *BANG*
-
jonasw
winfried, will you provide me with a list of guiding questions I can put into the Privacy Considerations template sections✎ -
jonasw
winfried, will you provide me with a list of guiding questions I can put into the Privacy Considerations template section? ✏
-
winfried
jonasw: the bottom line is we want to know if anything is done that is not covered by 6.1b or 6.1a
-
winfried
lets try to make that one not too bureaucratic
-
winfried
Does the extension describe any processing that is not obvious to the user?
-
winfried
If so, does the extension mandate consent for it?
-
winfried
And if so, can the consent be retracted?
-
Ge0rG
Sorry folks. I *think* I can make 30th 12:30
-
winfried
and also: are there any additional risks, like profiling, analyzing sensitive data or automated decisions? If so, what measures are taken against that?
-
winfried
Ge0rG: then you will be with us at least in thought ;-)
-
winfried
Ge0rG: plz drop a not when you know more
-
winfried
s/not/note/
-
winfried
jonasw: enough to get started like this?
-
Ge0rG
winfried: I'll have to decide on short notice. The next week will be rather rough, I'm finally moving to the new house
-
winfried
Ge0rG: congrats!
-
winfried
let us know, plz give us feedback in other ways otherwise!
-
Ge0rG
winfried: don't make it depend on me; ping me when you start and I'll try to be here
-
Zash
Do HTTP uploads count as message content?
-
winfried
Zash: yes, user provided content to be precise
-
Zash
I saw mention of "legitimate interest" for the message receiver, I wondered if that covers uploaded content as well
-
Ge0rG
Zash: I think so, yes
-
winfried
Zash: we decided to abandon that line of thought, sending a message / file is just a transfer
-
Zash
The (currently at least) technical difference is that files are still hosted at the sender
-
winfried
Zash: yes, good point. But from a legal perspective there is no need to give the receiver based on 'legitimate interest' any rights to that. That would just open a legal minefield
-
Zash
It touches on a recent discussion about possibly re-hosting files at the receivers server, or providing a HTTP proxy, to provide some privacy protection to the receiver
-
winfried
Zash: the issue is the 'right to be forgotten': transferring data to a proxy or re-hosting it at the receivers server doesn't change that right, neither does the legitimate interest argument
-
MattJ
So if it wasn't hosted at the receiver's server, but the receiver downloaded it and kept it on their PC...?
-
Zash
I'm not sure what 'right to be forgotten' means exactly. I assume you can't ask service provider A to forget something and have provider B also forget about it.
-
winfried
MattJ: then it is transferred to the intended user, demanding deletion depends on the use of it by the receiver, personal use is not regulated, other use is subject to right to be forgotten
-
winfried
Zash: no, you have to ask both
-
Zash
winfried: Sounds like fun if you'd dropped something into a large groupchat :D
-
winfried
That is my job, and I love my work :-P
- Zash yells "Information wants to be free!" and runs away
-
Zash
.. to get more coffee
-
Ge0rG
https://twitter.com/leinweber/status/989267343002951680
-
Ge0rG
We need that too!
-
nyco
test
-
nyco
Test
-
Guus
(it works)
- nyco is ready for the board meeting! 😉
-
Guus
congrats on the new job, Nyco!
-
Guus
congrats on the new lap around the sun, Dave
-
Guus
I'm all out of congrats now.
-
Kev
I feel I deserve a congrats just for getting out of bed in the morning, frankly.
-
Guus
Kev, you did not get my card?
-
ralphm
set the topic to
XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
Kev
Lost in the post, I fear.
- ralphm bangs gavel
-
ralphm
0. Welcome and Agenda
-
Guus
Bastards. It was not easy to find an appropriate one. Hallmark apparently does not have a card for every occasion after all...
-
ralphm
Hi! Who do we have, and do you have something for the agenda?
-
Guus
I'm here, nothing new for the agenda.
-
ralphm
Also congrats to all around.
-
nyco
well, we can revive cafepress? take a decision?
-
MattJ
Hey
-
ralphm
nyco: that's already on the agenda
-
ralphm
Anyway, Martin sent apologies.
-
ralphm
1. Minute taker
-
ralphm
Who?
-
MattJ
I'll do them
-
Guus
(I'm again pressed for time, sorry)
-
Guus
tx
-
ralphm
2. Topics for Decisions
-
ralphm
I'll pull the Swag one here.
-
ralphm
nyco
-
nyco
so what's our decision I'd go for a try, let's say a few months, see how much time we spend, how much money we get, how good/bad press we have
-
MattJ
I'm good with that
-
Guus
what does that look like?
-
ralphm
Who'd "manage" the "shop", including providing designs?
-
ralphm
I have never done something like this
-
nyco
I can lead, or someone does in which case I can help
-
nyco
the designs would only be the logo for the beginning
-
ralphm
And what is the Royalties thing?
-
nyco
I sent an email around that, could you read it?
-
Guus
I think we have an option to either pay upfront, or have a percentage deduced from our earnings (but not have upfront costs).
-
Guus
I'd prefer the latter for now, while we're experimenting. If only because it reduces the complexity of setting things up, I imagine.
-
ralphm
nyco: I did, and I didn't understand
-
Dave Cridland
I have various chunks of artwork around in EPS/SVG if anyone needs them.
-
nyco
sure
-
ralphm
(cause if I didn't read it, how would I know about Royalties?)
-
nyco
right ;-)
-
ralphm
Dave Cridland: same here
-
MattJ
]
-
nyco
I think until a certain threshold, it is a % fee
-
ralphm
Dave Cridland: like the little design I did for a potential Summit shirt. I also have the correct fonts
-
nyco
the markup is big, as always (like AppStores at 30%)
-
MattJ
nyco, oh, I thought from the email it was 10%?
-
Guus
Note that it is 10% of the _royalties_, which is _not_ equal to the sales volume.
-
ralphm
So like a t-shirt (tri-blend) seems to sell for $29.99. How much would we gain from this?
-
Guus
I don't know what amount of royalties we get for a sale.
-
ralphm
Guus: right, that's why I want to know what Royalties means
-
nyco
all right, so I thought I understood, which does not seem true anymore
-
Guus
From what I understood from that site (I browsed a little)
-
Guus
they have a base price for items
-
nyco
I understand we need to know+understand more about royalties before taking a decision, is that correct?
-
Guus
you can add your own markup
-
Guus
that's what you receive as 'royalties', and from which their fee is deduced.
-
ralphm
It seems that this is more informative: https://www.cafepress.com/cp/info/help/shop_services.aspx
-
Guus
https://www.cafepress.com/cp/info/sell/index.aspx?area=intro_money&page=intro_money
-
ralphm
So, for this meeting, I think we need to agree at least if we'd like to do something like this, and then evaluate which actual shop we'd like to use.
-
Dave Cridland
https://www.cafepress.com/p/help-creating-selling-earning-money and https://www.cafepress.com/cp/info/help/pricing_policy.aspx seem to explain it.
-
Guus
Ralph, to be honest, as long as we're not spending money, I don't mind to much.
-
ralphm
E.g. I'm wary of this part: “n order to keep designs fresh and of high quality as we launch new products, styles, and printing technologies, solely for designs that you are selling through the CafePress Marketplace: (i) CafePress may automatically add your designs to additional products in the CafePress Marketplace; and (ii) in order to improve the printing quality, CafePress may automatically modify your designs (e.g., cleaning up JPG artifacting, adjusting colors for different printers and products, and adjusting design placement on products).”
-
nyco
that's correct, not only cafepress offers those kind of services
-
Guus
Ralphm: I see no problem with that text you just quoted.
-
nyco
"CafePress may automatically add your designs to additional products in the CafePress Marketplace", what does this mean?
-
Guus
"if we sell new types of swag, we might automatically add these with your branding on it."
-
Kev
When they add a new product (now they sell garden fences), they can add your logo to garden fences and sell XSF garden fences.
-
Dave Cridland
nyco, You make a t-shirt, they do a mug.
-
MattJ
I'm guessing (but don't know) that it means you opt to sell a t-shirt, but they also offer a mug
-
nyco
I'll have to jump on another meeting at 16:00
-
ralphm
So let's separate this: do we want to sell swag in a shop "like cafepress"?
-
nyco
yes
-
ralphm
I'm +1.
-
Guus
+1
-
MattJ
+1
-
Kev
Sounds at worst harmless to me, from the peanut gallery, too.
-
ralphm
Ok, decided we'd like to do this.
-
nyco
so I'll find alternatives to caferpress
-
ralphm
Then the second part is which shop. I read something about Cafepress "mailing checks". We don't have checks anymore in .nl, so I don't know how this works, but given that we are incorporated, I suppose that could still work?
-
Guus
I think we should OK whatever choice we make with our Treasurer.
-
Guus
to verify that we can facilitate the way money exchanges, I mean.
-
ralphm
Ok, nyco to find out. Let me know when I can help with designs
-
nyco
now...
-
ralphm
:-D
-
ralphm
3.
-
nyco
send me what you got?
-
ralphm
3. AOB
-
Guus
(no AOBs from me)
-
ralphm
We've got 4 minutes. Anything we need to do now?
-
MattJ
Survey
-
nyco
the next newsletter is getting readier everyday
-
MattJ
A couple of brief questions:
-
ralphm
nyco: yay
-
MattJ
we need to agree on the scope - should it be members-only, or open?
-
nyco
currently, as it is today, the members
-
Guus
I have no strong preference there.
-
ralphm
Oh, I can report we gained github.com/xmpp. I've given control to intosi and Kev, and we can figure out what to do with this
-
ralphm
MattJ: let's go with members for now
-
MattJ
Ok
-
nyco
if we want to go broader, then we should grow our ambitions, make it wider, obey all the surveying rules, promote it in a proper way, have time to interpret and analyse the results, report to the board and members
-
nyco
I'd like we do such a survey soon
-
MattJ
Feel free to draft and prepare such :)
-
Guus
Did you have more questions, MattJ?
-
nyco
exactly
-
MattJ
Guus, I think that's it for now
-
MattJ
Should I just send it this week?
-
MattJ
to members@
-
ralphm
Yes
-
Guus
go for it.
-
MattJ
Ok!
-
nyco
yes, please, and thanks for this
-
ralphm
Thanks!
-
ralphm
4. Date of Next
-
MattJ
Then that's all
-
ralphm
+1W
-
MattJ
wfm
-
Guus
wfm
-
nyco
yep
-
nyco
thx all!
-
ralphm
5. Close
-
MattJ
Thanks
-
ralphm
Thanks!
-
ralphm
And more congrats were due.
- ralphm bangs gavel
-
Guus
congrats!
-
Ge0rG
Now I want to have an "XSF" shaped garden fence
-
Guus
I trust that you will appropriately motivate CafePress.com to add that to their collection.
-
Ge0rG
Ah, the times when laser-cut XMPP stickers were the cool stuff.
-
Guus
... showing your age ...
-
Ge0rG
Who needs laser-cut stickers if you can 3D printed garden fences.
-
Ge0rG
I think we should do A/B testing of our brand by offering "Jabber" everything that we also offer "XMPP" of
-
Guus
I don't know if we can use the Jabber trademark for swag.
-
Ge0rG
I wonder if the XSF needs a permission from the XSF to use the trademar. Peter will love the idea.
-
Ge0rG
> Otherwise, the fee is $250.00 for use of the mark in connection with Jabber accessories or any use other than software or computer hardware
-
Ge0rG
I can't even find a mention of the 250$ fee in the license agreement.
-
Ge0rG
But I should stop now. I think everybody still remembers my contempt for the license situation from the last time I tried to fix it.
-
jonasw
where’s the license agreement?
-
jonasw
I thought we only had that declaration of intent
-
Ge0rG
jonasw: https://xmpp.org/about/xsf/jabber-trademark/trademark-license-agreement.html
-
Ge0rG
> The <tt>url</tt> attribute of the <tt>delete-slot</tt> element must refer to the GET URL for the file. The server replies with a URL which can be used by the client to delete the file Wait. What?
-
Ge0rG
jonasw: is there a reason why the server shouldn't just immediately delete?
-
jonasw
Ge0rG, the XMPP server and the HTTP server might be on different machines.
-
jonasw
I can also imagine that we leave it up to the server whether the client has to DELETE or whether it deletes right away (indicated by lack of the <delete/> child). but I’m not sure there are use-cases for that.
-
jonasw
(it might be that it’s required to do that in some circumstances though, where DELETE can’t be authorized properly with a token; not sure if such scenarios exist)
-
Ge0rG
I can see how off-loading PUT makes sense, but what's wrong with having the XMPP server do whatever HTTP request?
-
jonasw
I can see why XMPP servers might not want to have an HTTP client.
-
Zash
jonasw: Can you have anything without a HTTP client these days? :/
-
jonasw
Zash, :(
-
Ge0rG
Does sed have an HTTP client?
-
Ge0rG
Or bash?
-
Ge0rG
jonasw: did you submit the bot to HN already?
-
jonasw
bash, it would be trivial to do one (sockets)
-
jonasw
sed, not
-
Ge0rG
I've written a web *server* in bash, some twenty years ago.
-
jonasw
Ge0rG, too lazy to get an account etc.
-
Ge0rG
okay, maybe not quite 20. But it was at a time when dialup was the thing in Germany
-
Ge0rG
jonasw: I'd create one for you, but I'm sure it'll be tainted as a sock puppet
-
ralphm
Somebody wrote an HTTP server in PostScript
-
Ge0rG
It's what's running on HP LaserJets, right?
-
ralphm
Not sure
-
jonasw
haha
-
ralphm
jonasw: http://www.pugo.org/project/pshttpd/
-
SamWhited
That's horrifying…
-
jonasw
you are aware of the atrocity I did? https://github.com/horazont/xmpp-echo-bot/
-
jonasw
(it’s not as harmless as it looks like from the URL…)
-
Lance
jonasw: I am simultaneously appalled and in awe. wow
-
moparisthebest
same Lance , nice work jonasw :)
-
jonasw
thanks :D
-
jonasw
that was the kind of reaction I was going for, Lance
-
Ge0rG
Lance: that'd be a great testimony for the README, if you are okay with it
-
Lance
of course :)
-
Ge0rG
I'd do a PR, but I don't know the Canonical Order of Testimonials
-
jonasw
good point
-
jonasw
Lance, where, if any, should I link to at your name?
-
Ge0rG
That, too.
-
Ge0rG
jonasw didn't ask me that question...
-
Lance
github.com/legastero works
-
Ge0rG
https://lance.im/ looks like a prosody 404
-
Zash
Neat
-
Lance
as it should
-
jonasw
Ge0rG, sure, but I knew where I could link, I don’t know for Lance
-
jonasw
published
-
Maranda
It's behind joo.
-
moparisthebest
did anyone post this before? ew https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app/
-
moparisthebest
it's amazing what millions of dollars of investor money can buy
-
jjrh
Geez
-
UsL
sad..
-
jjrh
I mean I guess good for them.
-
jjrh
Is the matrix standard even finalized yet?
-
jjrh
nah guess not - it's r0.3.0 and it's a 'living standard'
-
Wiktor
interesting comments w.r.t. Matrix as a standard: https://news.ycombinator.com/item?id=16933736
-
Zash
Define interesting
-
Wiktor
Zash: adj. Arousing or holding the attention; absorbing
-
UsL
: D
-
Wiktor
this comment seems to claim the protocol is highly unstable: https://news.ycombinator.com/item?id=16935012
-
moparisthebest
who cares if the protocol is unstable if 1 company is producing all the servers and clients?
-
Zash
Their spec pages do too
-
Wiktor
moparisthebest: I guess not the French government ;)
-
moparisthebest
also, no way anyone in france's govt even knows what a 'protocol' is
-
moparisthebest
all they know is they want a fancy chat app
-
Wiktor
*encrypted* fancy chat app
-
Wiktor
encrypted sells nowadays ;)
-
Maranda
They know enough to be willing to put spyware in your router firmware to satisfy music recording firms against piracy.
-
Maranda
🤨
-
moparisthebest
that sounds horrifying
-
moparisthebest
but I'm guessing they still don't know, only that music industry said it will 'save the music industry'
-
Zash
moparisthebest: Yeah, they'll be in exactly the situation they claim to have avoided once another implementation becomes popular enoguh.
-
moparisthebest
Zash, well worse if there are no standardized protocols or consensus, but yes
-
Zash
> Alternatives like Prosody's XMPP server implementation dropped websocket support in favor of BOSH years ago I don't even.
-
Maranda
:O
-
Maranda
:O
-
moparisthebest
where is that from?
- Maranda wonders what to do next now that Lua Garbage Collector is happy.
-
Zash
Second-to-top comment on that HN thread
-
Zash
https://news.ycombinator.com/item?id=16933736
-
Maranda
I should find myself something costructive to do.
-
Maranda
Maybe going to bed falls in that department.
-
Maranda
:P
-
Zash
Agh, all links go to the top post! This one https://news.ycombinator.com/item?id=16935094
-
fippo
zash: lets blame lance for that!
-
jjrh
I mean in theory going with at open protocol with a open client/server is better than paying IBM or whoever a bunch of money for a solution that sucks and can't be improved internally.
-
jjrh
On the other hand if they went with XMPP they would have multiple vendors who would compete on RFP's
-
Zash
Huh?
-
Zash
Isn't the point of RFPs to draft them tailored to a specific vendor?
-
jjrh
er probably used that wrong - I mean when the government wants a new feature or whatever multiple companies are going to be sending in bids.