-
jonasw
MattJ, Ge0rG, to be fair, the "worst" I did XMPP-wise was on that plastic router with 64 MiB of RAM. I used libstrophe/libcouplet there (despite a lua runtime available; I didn’t want to get into building libexpat for that system; when I was going to crosscompile, I could also simply crosscompile my C application).
-
jonasw
the SASL handshake still took considerable time on that system :)
-
jonasw
(one really wants PLAIN on really constrained systems)
-
Ge0rG
I'm not sure I can even fit TLS into the ESP
-
ibikk
MattJ, GeOrg: regarding home automation and mqtt: once I was fed up with openhab I hacked something which connects mqtt, some scripts and rules and a xmpp "command line interface". Maybe someone is interested? I'd have to document and upload it...
-
Ge0rG
ibikk: that's great but I want an Android app, so OpenHab is rather practical for that.
-
Ge0rG
What I hate about it is that it consumes gigabytes of RAM and that there is no way to abstract multiple identical multi-item controllers as entities
-
ibikk
the openhab app was OK, but I didn't want to expose openhab to the internet or use an VPN, therefore I did this xmpp command line, which in some aspects is far more powerful than openhab. also 'scripts' is misleading. it is a python app and provides scripts (have to be explicitly called by user) and (automatic) rules/controllers.
-
ibikk
in my home network there also is a browser interface.
-
Ge0rG
There is a subcommunity of people claiming that XMPP is awesome for IoT. I want to see that in practice.
-
ibikk
I do not. mqtt seems fine.
-
Ge0rG
ibikk: MQTT is okay for a small fleet of devices, but I want to have something where a device can bundle its API spec in a machine-readable way, like "I'm an RGBW controller and I support one HSV channel and one brightness channel and a global power switch"
-
jonasw
Ge0rG, there is a bearssl implementation.
-
Ge0rG
is there also a bearxmpp?
-
Ge0rG
and a bearxmppiot?
-
jonasw
I think hooking up libcouplet with that shouldn’t be too hard.
-
Ge0rG
jonasw: and then we are still lacking all of the IoT infrastructure that purportedly puts XMPP above MQTT for IoT.
-
jonasw
maybe
-
Ge0rG
jonasw: feel free to prove me wrong.
-
Ge0rG
Right now I'm convinced that XMPP-IoT is overhyped to a degree that's actually harmful for IoT over XMPP
-
jonasw
I haven’t followed the work actual IoT people do
-
jonasw
I just do my own stuff with some pubsub and IQs
-
jonasw
that was easy enough to do with libcouplet and sleek and aioxmpp
-
ibikk
Ge0rG: I think people have proposed how to do something like this using mqtt? It does not fit my needs however. My devices don't even talk mqtt themselves.
-
Ge0rG
winfried: what was the scheduled appointment time again?
-
jonasw
Ge0rG, 1230 CEST
-
Ge0rG
Alright, thanks.
-
MattJ
Ge0rG, have you looked at Home Assistant? OpenHAB was a bit too heavy for me
-
Ge0rG
MattJ: that looks very interesting, thanks
-
Ge0rG
And it's not running node.js, despite being hosted on .io
-
MattJ
Indeed
-
Ge0rG
"Learn how Hass.io can turn your Raspberry Pi into the ultimate home automation hub" - Hass is the German word for "hate". So appropriate.
-
MattJ
They have an MQTT mode where the device posts its configuration
-
MattJ
Ge0rG, https://www.home-assistant.io/docs/mqtt/discovery/
-
Ge0rG
<node_id> (Optional): ID of the node providing the topic. <object_id>: The ID of the device. This is only to allow for separate topics for each device and is not used for the entity_id. node_id, object_id, entity_id... This looks like Designed by the XSF™
-
MattJ
:)
-
Ge0rG
I'm not sure why they need multiple topics for a single switch (set and state), if they could just have one that is read and written to and retained.
-
Ge0rG
and embedding the full path of that into the config kind of defeats the purpose
-
MattJ
The API has to handle many different kinds of devices, many APIs separate command and state, because in reality they are different
-
Ge0rG
right. Devices that react to "ON" and then set the HSV state to "0,0,100" or somesuch.
-
Ge0rG
It's awesome how fast you end up with a huge complexity overhead.
-
MattJ
Indeed
-
jonasw
also, sometimes setting might not work
-
jonasw
for example if the device is offline
-
jonasw
and you’d normally want to be able to detect that
-
jonasw
(or if it is slow or something)
-
MattJ
Yeah, the state essentially doubles as an ack for any command
-
jonasw
it’s common in commanding systems actually
-
MattJ
Also in Home Assistant it's generally optional anyway, if it's absent then the UI just assumes the state is whatever was requested, instantly (which obviously has downsides)
-
Ge0rG
Right.
-
Ge0rG
I see where this is going.
-
MattJ
FWIW I consider XMPP suitable for higher-level IoT stuff, but not for device<->controller comms, unless the devices are powerful enough
-
Ge0rG
MattJ: my devices are sufficiently powerful.
-
MattJ
I consider most of the IoT XEPs to be over-engineered though
-
MattJ
Then XEP-0060 them and enjoy
-
Ge0rG
the hass discovery looks like a nice trade-off between complexity and comfort.
-
Ge0rG
The Converse.js on http://www.xmpp-iot.org is great. You have to click it away after Every. Freaking. Click.
-
pep.
When was the last gdpr meeting again, the one with all of us
-
pep.
0504?
-
Ge0rG
pep.: I could tell you, but I need to gain consent from all attendees first.
-
pep.
yeah that sounds about right
-
pep.
Ge0rG, shut up :p
-
Ge0rG
pep.: do you want to make use of your right to Erasure?
-
pep.
let me gdpr the hell out of you. *goes and create a yax.im account*
-
Ge0rG
Damn. You win this round.
- Ge0rG goes looking for yax.im's power plug
-
pep.
hmm no there was nothing on 0504
-
pep.
last one with all of us seems to be 0430
-
pep.
Or my logs are lying to me
-
pep.
Ok I'm sending something for the minutes, 11 (& 12 that was cancelled)
-
pep.
Ge0rG, jonasw, winfried, meeting in ~10min
-
winfried
(Y)
-
Ge0rG
I'm on the run right now, can't promise anything
-
pep.
k
-
pep.
!
-
winfried
t -2 ;-)
-
jonasw
🙋
-
Ge0rG
Okay, so I'm in the expected lunch break, but I'm alone so I can focus on the GDPR.
-
winfried
great
-
winfried
lets recapp
-
pep.
There's a question (quotes) I added in the minutes, that I think we didn't really focus on
-
pep.
I don't know if we can answer it by ourselves though
-
winfried
pep.: can you repeat the question(s) here?
-
pep.
Do we have to find all the data scattered across all different services, re export/deletion
-
pep.
"all different services", meaning not ours
-
Ge0rG
We'd have to monitor all the services a user uses and how
-
winfried
pep.: from a legal perspective not: the data is transferred and not 'our' responsibility anymore
-
pep.
Ge0rG, I'm not saying it'd be easy or even fun, just asking from a legal standpoint
-
pep.
winfried, k
-
winfried
still thinking it would be fun ;-)
-
pep.
Ok, so what's left
-
Ge0rG
winfried: that's too easy for an answer. If we are the controller, we are probably still responsible, aren't we?
-
Ge0rG
What if Facebook "transfers" the data from Facebook EU Inc. to Facebook USA?
-
winfried
Ge0rG: IF we are controller yes, but there is no controller - processor situation but a transfer between two controllers
-
winfried
Ge0rG: FB EU -> FB US is transfer between two controllers, in the FB case that is not covered by 6.1b, so it has to be 6.1a
-
Ge0rG
winfried: so we are controllers, but the other servers are controllers too?
-
winfried
Ge0rG: yes... that was one of the first premises we started with ;-)
-
Ge0rG
winfried: I've always seen that as "controllers of our users' friends' data"
-
Ge0rG
Which is not the same thing
-
winfried
what difference do you see (I am still digesting that one)
-
pep.
Ge0rG, that would make the s2s server a processor, but then how do you say you're not liable for what the contact does with MAM
-
jonasw
I think with Ge0rGs interpretation we can argue that after the transfer the data is at the recipients control and the handling of the data is owned by the recipent, thus the recipient is responsible for all things GDPR and whether the senders privacy preferences are matched is a matter of trust between recipient and sender.
-
Ge0rG
winfried: remote PubSub is data that a user's server transmits to a different server (controller?) on behalf of the user. Now does the remote server need to obtain consent from the user?
-
Ge0rG
I'm explicitly not talking about data sent to other users.
-
winfried
Ge0rG: no, that is still 6.1b, so no consent. But the remote server, when it falls under the jurisdiction of the GDPR, needs to publish its privacy policy
-
Ge0rG
winfried: and if it's in a third country?
-
pep.
then it's 49.1b, no consent required
-
winfried
pep.: thanks, you got the article number before me ;-)
-
pep.
Ah hmm, if that's not a controller that's different?
-
pep.
Ah nvm
-
Ge0rG
winfried: great. Can we have that in the wiki, then?
-
winfried
yes pep. plz remind me ;-)
-
pep.
So wait, that means.. transfer between controllers? Or what Ge0rG said?
-
Ge0rG
pep.: it is transfer between controllers
-
Ge0rG
And what I said
-
pep.
> Ge0rG> winfried: I've always seen that as "controllers of our users' friends' data"
-
Ge0rG
What did I say? And when?
-
Ge0rG
pep.: two different use cases. Messages sent to other users vs things we store on other servers.
-
winfried
Ge0rG: yes, good to distinguish between them
-
Ge0rG
pep.: if I send you a message, you become the owner on your server. If I publish a post on movim, I stay the owner
-
pep.
Ok, so what winfried said doesn'T apply to MAM?
-
Ge0rG
pep.: what kind of MAM?
-
pep.
1:1
-
winfried
pep.: if it is my server archiving your messages in the conversation I had with you, then that MAM is my responsibility
-
Ge0rG
pep.: and what did winfried say?
-
pep.
winfried, yes that's what I thought until now, but you're all confusing me with words :p
-
winfried
I propose I try to write it down in clear wording in the Wiki, plz correct if that is still confusing/incorrect. agreed?
-
pep.
Ge0rG, so "Ge0rG> winfried: I've always seen that as "controllers of our users' friends' data"" < this is wrong?
-
pep.
Well..
-
Ge0rG
winfried: s/propose/volunteer/, right?
-
pep.
It's "not the interpretation we choose to think will be applied"
-
winfried
Ge0rG: yes
-
Ge0rG
pep. [12:57]: > Ge0rG, so "Ge0rG> winfried: I've always seen that as "controllers of our users' friends' data"" < this is wrong? This is true as well, for the remote copy of the message I sent to my friend
-
winfried
pep.: correct, but we can only discuss/check an interpretation if it is worded complete and clear
-
Ge0rG
We need to choose an interpretation anyway, and then hope we don't have to defend it in court
-
Ge0rG
It's better to have an interpretation that we can reasonably agree on than not to have any
-
pep.
sure
-
winfried
and there is an interesting subtle issue here: when becomes my message the responsibility of the receiving person?
-
pep.
Once it gets over s2s?
-
winfried
I will try to word as precise as I can so we can decide ...
-
Ge0rG
winfried: when the receiving person opted to use offline storage / MAM and the message arrives there?
-
winfried
:-D I see different opinions here
-
winfried
I tend to the pov of Ge0rG
-
winfried
as long as it is on the receivers server and not transferred to the receiver, the message is nobodies responsibility if we take s2s as border
-
winfried
but let me think about that one a bid and let me word it in the wiki
-
pep.
k
-
Ge0rG
winfried: if the message is discarded, it doesn't matter. If it is stored, the recipient is the most logical person
-
winfried
Ge0rG: correct
-
pep.
I'd like to see setups where there is no offline storage / MAM at all
-
winfried
Have you seen the pdf I posted to the members list? Is that the way to go for the consequences for server operators? (Q1.2)
-
winfried
(oops it was odg)
-
winfried
(silence)
-
pep.
yes, digesting all this
-
jonasw
still sick :(
-
jonasw
I’m half-following
-
winfried
jonasw: :-( hope you get better soon!
-
jonasw
thanks
-
Ge0rG
I didn't see a PDF, but there was an .odg
-
winfried
:-D
-
pep.
The table?
-
pep.
So today is clarification day
-
pep.
How are we regarding things that can be sent to standards@ already
-
winfried
GDPR scheme.odg attached to a reply to minutes 10
-
pep.
hmm, should we plan for next, doesn't seem to be really active today
-
winfried
Waiting for reactions... ;-)
-
Ge0rG
winfried: waiting for the mail server? Forget it.
-
jonasw
why waiting for the email server?
-
pep.
winfried, you're talking about https://wiki.xmpp.org/web/GDPR/Table ?
-
Ge0rG
winfried> GDPR scheme.odg attached to a reply to minutes 10
-
jonasw
Ge0rG, it’s already been sent last week
-
jonasw
https://sotecware.net/images/dont-puush-me/bOy6D9sQg3BxiP0GYdDkXcUBcdfc3o2_Pi4PW-5zUdQ.png
-
jonasw
that’s a screen shot of it
-
Ge0rG
oh, I misread that as "10 minutes ago" and was looking for new replies.
-
jonasw
timestamp of the mail is 2018-05-08 11:56Z
-
pep.
oh
-
Ge0rG
yeah, had that open already.
-
winfried
jonasw: that is the first page
-
jonasw
there are more pages?
-
jonasw
ugh
-
pep.
winfried, "on a large scale", is this even important?
-
jonasw
I don’t know that tool
-
Ge0rG
Oh, there is a second page!
-
jonasw
I assumed when I scroll down and reach the end of a page there aren’t more pages :D
-
winfried
jonasw: yeah bad UI
-
winfried
pep.: not for the XSF context, but it helps asses server operators if they should to anything
-
pep.
hmm
-
pep.
I guess I should start working on that XEP quick
-
pep.
10days to write it and get it council approved(tm)!
-
winfried
:-D
-
pep.
And just after that, deployed everywhere!
-
jonasw
noooot gonna happen
-
jonasw
unless you manage to submit it today :)
-
pep.
hmm
-
pep.
nope
-
winfried
of you don't have your act together on the 25th in the Netherlands, you may get a warning and some more months to correct it :-P
-
pep.
cool
-
pep.
I guess they'll have to do that for a lot more people
-
winfried
any amendments to the scheme?
-
Ge0rG
in Austria you get a warning. Full stop.
-
pep.
winfried, template looks ok to me. Maybe alongside MAM specify offline storage
-
pep.
How do you even set offline storage available but not active by default
-
Ge0rG
winfried: step 5 might be "require consent for processing beyond the XSF template"
-
winfried
good points!
-
winfried
maybe split step 5 in two options: when using the XSF template (or equivalent) or when doing processing beyond that.
-
pep.
Zash, MattJ, is there a way to have offline storage stanby and do nothing atm?
-
MattJ
Hmm?
-
pep.
Have offline storage opt-in
-
winfried
Next meeting: friday 13:30 CEST
-
pep.
winfried, ok
-
MattJ
pep., not currently possible to configure per-user, if that's what you mean
-
pep.
ok, I guess that also need changing in the protocol
-
MattJ
Totally possible, just not implemented
-
pep.
ah ok
-
MattJ
Well, M-Link uses ad-hoc commands for that
-
MattJ
Though a number of clients don't support them
-
pep.
Yeah so it's not specified
-
pep.
-xep offline
-
pep.
Bunneh! where are you when I need you
-
MattJ
I always wanted a "user account configuration" XEP
-
pep.
There is IBR, in some ways
-
Ge0rG
With data forms! And hookers!
-
winfried
pep.: do you summarize minutes again?
-
pep.
winfried, I'll try to do that yes :x
-
winfried
pep.: thanks!
-
winfried
then there is one thing left for me:
- winfried *bangs* the gavel
-
winfried
thanks once again guys!
-
pep.
Ge0rG, and jonasw ok with the date?
-
jonasw
thanks folks
-
Ge0rG
pep.: hope so
-
jonasw
pep., yes, still OK
-
pep.
k
-
pep.
Updated the date on the wiki
-
winfried
pep.: thanks!
-
edhelas
winfried I'm telling it you here, I don't have OMEMO on my device, so please desactivate it with my JID
-
winfried
Done, thank Daniel :-P
-
edhelas
because I'm getting more and more like that I'm thinking of an automatic reply
-
Holger
edhelas: I could sell you <https://github.com/processone/ejabberd-contrib/tree/master/mod_deny_omemo> ...
-
edhelas
no it's more a client side feature
-
Ge0rG
Dave Cridland: was there an update to hacx to put it onto the agenda again? Cc jonasw
-
moparisthebest
nope will get it out tonight if we don't have another unexpected area-wide power outage :)
-
jonasw
Ge0rG, not that I knew
-
Dave Cridland
No