XSF Discussion - 2019-01-09


  1. Syndace

    daniel (and others), I would love to hear your opinion on something. OMEMO has the issue of the key exchange not accounting for lost messages, that's why clients keep building sessions and reusing the same pre key until they get a response which tells them that the session was built successfully. I don't really like that solution. First of all I'm a little scared, because if a cryptographer tells you not to reuse a key, you should probably not reuse that key. Second it puts a lot of dirty hacky work on client devs, backing up the signal state before building a message and restoring it afterwards and stuff like that. So I was thinking about a different solution for a while and then I had the idea of just ignoring the issue altogether. Let's say you are really unlucky enough to lose the message containing the key exchange. You then send a second message, which gets delivered as usual. Your contact would notice that it can't decrypt the message and in reaction send a new key exchange back to you. So instead of one lost message, all the messages between the lost key exchange and the "healing" key exchange are lost. I would still consider that an acceptable trade for all the hassle and possibly insecurity that comes with the way clients currently handle that scenario.

  2. jonas’

    adding more ways to non-obviously lose messages with OMEMO doesn’t sound like a good thing to me

  3. Ge0rG

    It can't get much worse, can it?

  4. waqas

    Ge0rG: Don't jinx it

  5. Ge0rG

    Can't we just encrypt all our messages with deflate and be done?

  6. jonas’

    encrypt :D

  7. Ge0rG

    I've got two semi-related questions for tomorrow's Board

  8. Ge0rG

    1. are pseudonymous membership applications allowed? (I can't see anything in https://xmpp.org/about/xsf/bylaws but that Board decides about the form of applications) 2. https://xmpp.org/extensions/xep-0345.html which adresses this point with "no" is Deferred. Could Board please LC and advance it?

  9. jonas’

    (I had put it on my todo to add '345 to the board agenda)

  10. Ge0rG

    jonas’: do you have agenda write access?

  11. jonas’

    yes

  12. jonas’

    (I think)

  13. jonas’

    in my role as editor

  14. Ge0rG

    jonas’: if it's scoped to your role, you probably can't bring in my #1

  15. jonas’

    that’s true

  16. Guus

    I think it's important that there's little barriers for people to bring something up for discussion with the board. Trello is just a tool - don't be to shy about using it to put something on the board's agenda. Maybe put it in AOB if you're unsure.

  17. Guus

    (tl;dr: go for it, jonas’ )

  18. Ge0rG

    Guus: thanks!

  19. Guus

    as personal feedback on the pseudonymous membership applications (I've not read up on it yet): why would this be desirable?

  20. Guus

    (my gut does not like the concept, as it appears to conflict with transparency)

  21. Ge0rG

    Guus: it does conflict with transparency indeed, and there are many debates of requiring a full name on different online platforms, with both sides suggesting many reasons.

  22. Zash

    They should join the secret shadow XSF instead

  23. waqas

    XXSF

  24. Maranda

    That sounds like st else 😅😅😅

  25. Guus

    Zash the secret shadow XSF where they require you to sign up using the secret handshake and writing in blood? That's not 'bonding', that's DNA profiling.

  26. Ge0rG

    I was just asked by a contact whether they could apply under a pseudonym, and I don't know their specific reasons. I'm not sure if this is relevant to a generic Board decision on whether to allow / deny them

  27. Ge0rG

    XXXSF!

  28. ta

    Rule 34!

  29. waqas

    I know at least one individual who was rejected for applying under a pseudonym before

  30. Ge0rG

    waqas: I've heard that story.

  31. Guus

    Bear?

  32. Maranda suggests dropping the multiple uppercase "X" alltogether 🤭🤭✨

  33. Ge0rG

    I think they are multiple possible outcomes: - legal name only - pseudonyms allowed - per-case decision of board (rather improbable outcome, I suppose)

  34. Guus

    well, on the one hand - we don't actually check up on the names provided anyway

  35. Guus

    we do have a requirement that not to many people are affiliated with the same organization, which might be a conflicting issue here.

  36. Ge0rG

    Guus: yeah

  37. Guus

    Also, Members get to vote on things

  38. pep.

    Maybe Ge0rG is not really named Georg. J'accuse!

  39. Kev

    No, Bear wasn't for applying under a pseudonym, quite the opposite.

  40. Guus

    having anonymous members would open the door for one person signing up multiple times, influencing votes

  41. Guus

    Bear signed up using his legal name, which no-one recognized, right?

  42. Kev

    He applied not under a pseudonym, and no-one knew who he was except as Bear.

  43. Kev

    Right.

  44. Ge0rG

    pep.: you had a chance to check my ID *and* to cross-sign pgp keys recently. I'm even a certified CACert assessor, orhowtheycallit

  45. waqas

    Note that the real name policy isn't really enforced, as far as I've seen. Someone could make up a real sounding pseudonym and they'll likely get in.

  46. waqas

    So, the door to one person singing up multiple times isn't really closed at the moment.

  47. Guus

    jonas’ / Ge0rG I added quick Trello items for both issues on Board's Trello Board.

  48. Ge0rG

    Guus: thanks very much!

  49. jonas’

    Guus, thx! :)

  50. Guus

    waqas I agree, and said as much. But still, ...

  51. Ge0rG

    waqas: I think that we are in a situation where it's hard enough to get a person to sign up *one* time. We need more volunteers!

  52. Ge0rG

    Also this is probably not the official Board response to that question ;)

  53. Guus

    right 🙂

  54. Ge0rG

    while speaking of Board responses... anybody seen peter lately?

  55. Guus

    I'd really like to know what the reasoning is behind wanting to sign up under a pseudonym

  56. jonas’

    he replied on github on an issue a day or two ago

  57. Ge0rG

    maybe I need to PR for JabberSPAM after all?

  58. Guus

    Ge0rG Yeah, on github and in a mail sent earlier today/tonight

  59. waqas

    Wow, it was a decade back: https://wiki.xmpp.org/web/Solarius_Application_2008#About_my_anonimity

  60. Guus

    PSA: if you are going to be at the Summit, it would be a Good Thing for your name to be on the attendance list in wiki, as that's what I'll use to get everyone access to the Cisco building.

  61. Guus

    ah, thanks waqas - I didn't know about that one.

  62. Guus

    I'm not sure if either argument is a valid reason for us to accept anonymous signups. Not being a XSF member does not limit your freedom of speech. The other one is personal preference.

  63. Guus

    waqas do you remember if this persons membership rejection was specifically caused by the anonymity aspect of it?

  64. waqas

    Yes, I believe so

  65. Kev

    But rejected by the members, IIRC.

  66. Kev

    (Which I might not)

  67. Guus

    I'm not a free speech expert - did my comment above make sense?

  68. Kev

    I don't think not giving your name to an organisation of which you want to be a member is about free speech.

  69. Ge0rG

    It doesn't look like we have the minutes on the wiki.

  70. Ge0rG

    Kev: could you reword that with fewer negations, please?

  71. Kev

    And as we allow participation regardless of pseudonymity in our process, I don't see a reason we need to allow psedonymous members.

  72. Kev

    Ge0rG: This isn't about free speech.

  73. Guus

    Thanks Kev

  74. waqas

    I'm curious if there's any legal aspect here, in terms of the XSF's status as a non-profit

  75. Guus

    I guestimate that at best, that's apply for registered officials of the org

  76. Guus

    I guestimate that at best, that'd apply for registered officials of the org

  77. waqas

    Does the board count?

  78. Guus

    unsure.

  79. Kev

    I'd have thought the XSF would need legal advice before accepting someone that they knew wasn't giving their real name. (Which isn't the same as being duped). So the path of least resistance seems to me to disallow pseudonyms.

  80. Guus

    I tend to agree with Kev - however, if there's a compelling reason, I'd be willing to consider allowing it on an individual base.

  81. Guus

    Me not being able to think of one doesn't rule out that such reason does exist.

  82. waqas

    Another case was Daurnimator later on. He withdrew his application based on this. I don't recall any other cases.

  83. waqas

    I have no strong opinions either way

  84. Guus

    In unrelated news: https://xmpp.net/ now is updated. Please file your bug reports and PRs at https://github.com/xmpp-observatory

  85. jonas’

    updated with the DNSSEC fix? :)

  86. Guus

    yes

  87. jonas’

    appears to be, awesome!

  88. jonas’

    thanks for the work to all involved!

  89. Guus

    and the lets-not-accept-submits-as-http-gets

  90. Guus

    thingy

  91. jonas’

    awesome

  92. Zash

    \o/

  93. jonas’

    that should reduce the load on the system a lot, too

  94. Guus

    right

  95. Guus

    we'll need to have that new index at some point

  96. jonas’

    index?

  97. jonas’

    ah, db index

  98. Guus

    from iteam, I learned that there's a third docker image being used, still based on your personal account jonas’

  99. Guus

    maybe we should move that one over too?

  100. jonas’

    the third one being?

  101. jonas’

    and, yeah, sure

  102. jonas’

    I can do that later, ping me after 15:00Z

  103. waqas

    https://xmpp.net — every host listed there has had the progress indicator for a few minutes. Is that real, or is that just stuck?

  104. Guus

    jonas’ : xsfjonas/xmppoke-db-docker

  105. Guus

    waqas that's real

  106. Guus

    tests take quite a long time to complete

  107. jonas’

    my scan works at least: https://xmpp.net/result.php?domain=dreckshal.de&type=server

  108. Guus

    although I cannot rule out that a test that was running while the service was restarted will remain in this state forever.

  109. Ge0rG

    Guus: maybe we can include the server into the "Recent results" only after completion of the test?

  110. Guus

    the progress indicator (and an 'error' indicator) now replace the question-mark that was previously used for both.

  111. Guus

    Ge0rG I welcome your PR 🙂

  112. Ge0rG appends to TODO

  113. Guus

    Also, I'd love to have volunteers to help maintain the code

  114. Ge0rG

    ask Board to create a team?

  115. Guus

    this is not an XSF effort

  116. Guus

    I just need volunteers 🙂

  117. Guus

    waqas, if you refresh https://xmpp.net/index.php you'll notice that some tests now have finished.

  118. Guus

    takes about 8 minutes, it seems.

  119. Guus

    also, the number of submitted tests appear to be down an order of magnitude. Seems like the GET/POST thing was helpful. Thanks, whoever figured that one out.

  120. jonas’

    that also looks much better now

  121. jonas’

    because otherwise you always had those in-progress indicators and never knew if the service was kaputt or just lots of tests pouring in

  122. Guus

    Google's XMPP endpoint is still active? https://xmpp.net/result.php?domain=gmail.com&type=client

  123. Half-Shot

    no way, I thought that got closed a long time ago?

  124. Zash

    Subject: organizationalUnitName: No SNI provided; please fix your client. commonName: invalid2.invalid

  125. Zash

    Lol

  126. Zash

    They closed the s2s

  127. Zash

    Took their sweet time tho, it was still up long after the annouced shutdow date, so long that people forgot that it was supposed to be dead.

  128. Ge0rG

    Zash: did you test whether it works without TLS?

  129. Zash

    "it"?

  130. Ge0rG

    Gmail xmpp

  131. Zash

    nc: connect to xmpp-server.l.google.com port 5269 (tcp) failed: Connection refused

  132. Link Mauve

    Ge0rG, it never did work with.

  133. Zash

    c2s had TLS tho, still does

  134. Zash

    but it seems to require SNI

  135. Ge0rG

    Link Mauve: exactly. It's kind of pointless to test it with an SSL checker then

  136. Zash

    Does xmpp.net do SNI?

  137. Zash

    https://prosody.im/pastebin/ac9e1833-ab38-4b75-a50d-5bdd5966656a anyways

  138. Guus

    Zash I do not know

  139. Guus

    jonas’ it's after 15:00 here - obligatory ping re. database

  140. Guus

    can we move it / use a new image, without loosing data?

  141. jonas’

    Guus, I explicitly added the Z

  142. jonas’

    (15:00Z)

  143. jonas’

    (= UTC)

  144. jonas’

    gotta run :), remind me after 15:00Z ;-)

  145. Zash

    =16:00+01:00

  146. Guus

    that last character didn't fit in my memory buffer

  147. Zash

    Guus: I prescribe more RAM

  148. Guus

    I tried image-searching for "ram module in nose" and did not find one applicable image. I am disappointed in the interwebs.

  149. dwd

    Guus, Off by on?

  150. Guus

    I hope that was a pun.

  151. dwd

    Guus, I think the question mark spoilt the joke.

  152. Guus

    jonas’ what I said earlier.

  153. Guus

    ah crap

  154. Guus

    dst

  155. Guus

    wait, you said 15

  156. Guus

    I'm fine

  157. dwd

    Guus, 1506Z right now.

  158. dwd

    Guus, Also, had someone else approach me about "what types of sessions might be going on", in order to travel to the Summit.

  159. dwd

    Guus, FWIW, this guy works heavily in IETF and standards dev in general - so the arguments about "we only want hardcore XMPP experts" are falling a bit flat given he's doing the XMPP work in SACM/IETF.

  160. Kev

    I'm not sure even /I/ have suggested we only want hardcore XMPP experts.

  161. Kev

    I have suggested we only want people who can meaningfully contribute, at least as the majority, for summits, but that's not the same.

  162. Guus

    > dwd 16:33 > Guus, 1506Z right now.

  163. Zash

    dwd: I prescribe some NTP

  164. dwd

    Guus, Oh. Yes. I should avoid taking the time from the previous message received.

  165. Guus

    dwd, I'd be overjoyed to list some kind of session details. I'm hoping that they'll be in that text that you were going to write 🙂

  166. dwd

    That would be difficult given I don't know either.

  167. Guus

    maybe we can draw from past experience, but also explicitly mention that we're doing that, and that actual content is often decided on on the first day.

  168. dwd

    Guus, "We will spend approximately half the first day discussing something that then lies dormant for the rest of the year"

  169. MattJ

    Tradition

  170. jonas’

    Guus, okay, I’m moving the repository, and I’ll patch the docker hub stuff under my name

  171. Guus

    Yes, but that needs less of your truthfullness and more of your marketing sauce.

  172. jonas’

    it might maek sense to make a docker hub org, too

  173. Guus

    jonas’ +!

  174. Guus

    eh, +1

  175. jonas’

    Guus, ok, s o I linked https://cloud.docker.com/u/xsfjonas/repository/docker/xsfjonas/xmppoke-db-docker to the repository under xmpp-observatory

  176. jonas’

    it is built from xmppoke-frontend-docker

  177. jonas’

    so I only had to patch the source repository for the docker build

  178. jonas’

    https://hub.docker.com/r/xsfjonas/xmppoke-db-docker/ that one

  179. Guus

    xmppoke-frontend-docker is no longer used

  180. Guus

    that's merged into xmppoke-frontend

  181. jonas’

    why does it exist then? :(

  182. Guus

    eh?

  183. dwd

    jonas’, To annoy you.

  184. jonas’

    and how are you building the images?

  185. jonas’

    because my builds are still pointing at xmppoke-frontend-docker

  186. Guus

    jonas’ images are built here: https://hub.docker.com/u/xmppobservatory (which holds two plans)

  187. Guus

    iteam now pulls two out of three images from there too

  188. jonas’

    okay, so it’s not my department anymore anyways?

  189. jonas’

    you’ll have to re-create the build from that

  190. jonas’

    you’ll have to re-create the build there

  191. Guus

    well, the object of the move was to have you no longer be responsible for maintenance on your own, right? 🙂

  192. jonas’

    the xmppoke-db-docker build built this Dockerfile: https://github.com/xmpp-observatory/xmppoke-frontend/blob/master/database/Dockerfile#L2

  193. jonas’

    Guus, yes, but the point is, I don’t have +w on that docker hub org

  194. jonas’

    I can’t do what you’re asking me to do

  195. Guus

    aah

  196. jonas’

    (I originally was thinking that (a) you’re still using the images I build under xsfjonas and (b) you were talking about a github repository which had to be moved)

  197. Guus

    @jonas: actually, xsfjonas is owner of that docker hub org

  198. jonas’

    then I’m too stupid for that interface

  199. jonas’

    let me se

  200. Guus

    it is a confusing interface, I get lost all the time.

  201. Guus

    also, _I_ was under the impression that it involved another github repo

  202. jonas’

    https://cloud.docker.com/u/xmppobservatory/repository/docker/xmppobservatory/xmppoke-db-docker/builds so that’s maybe the thing?

  203. jonas’

    https://cloud.docker.com/u/xmppobservatory/repository/docker/xmppobservatory/xmppoke-db-docker/builds so that’s maybe what you are asking for? (I just created that)

  204. Guus

    looks good-ish 🙂

  205. Guus

    so, if iteam now switches to that - will it loose all existing data?

  206. jonas’

    so I’m going to delete all the stuff under xsfjonas to reduce confusion

  207. jonas’

    no

  208. jonas’

    if iteam configured it properly

  209. jonas’

    the pgdata should be in a docker volume

  210. Guus

    Kev ^ ?

  211. jonas’

    which is not lost when the container is re-created

  212. Guus

    I'm unsure if the data / volume is linked to a container type / image or somesuch

  213. Guus

    I'm not very familiar with docker

  214. jonas’

    no, volumes can be freely moved around between containers

  215. jonas’

    they exist independent of them

  216. jonas’

    (most likely, iteam configured it just as a mount anyways)

  217. Guus

    jonas’ follow up question: can we incrementally add to the database definition (add an index)?

  218. jonas’

    manually, yes

  219. jonas’

    log into the container, get a postgres shell, create the index

  220. Guus

    right, but from a definition?

  221. jonas’

    define definition

  222. Guus

    (somethign that need not involve iteam?)

  223. jonas’

    iteam needs to be involved anyways

  224. Guus

    there now is a one-time reconfiguration, yes, but after that, it'd be nice if they could take their hands of off it for things like this.

  225. jonas’

    it’s not possible, because you’d have to modify code to do that

  226. jonas’

    and none of the images are pulled automatically

  227. jonas’

    and that’s intentional, AFAIK

  228. Guus

    Oh, I was under the impression that the images _are_ pulled automatically

  229. Guus

    as with the website

  230. Guus

    but am unsure.

  231. jonas’

    I don’t think that’s the case for those which execute lots of code (i.e. all of xmppoke)

  232. MattJ

    It's not automatic, no

  233. MattJ

    and yes, postgres data is in a volume (or a data container, or something)

  234. Guus

    ugh. I had hoped for more automation.

  235. jonas’

    you don’t want automation for that kind of stuff, I think

  236. Guus

    why not?

  237. Guus

    old code has been bashing the server for months, no-one cared. Things are unlikely to get worse than that.

  238. MattJ

    I'm on the fence, but I get jonas’'s point

  239. Guus

    if anything, you'd have more people be able to fix an issue, by autodeployment.

  240. jonas’

    intosi and Kev had a very strong opinion on this IIRC

  241. Guus

    it's in containers, isolated

  242. MattJ

    Combined with your proposed policy of adding anyone who complains to the org, it's granting many people the ability to run arbitrary code on XSF servers :)

  243. Guus

    MattJ, yes.

  244. jonas’

    containers only provide that much isolation

  245. MattJ

    Doesn't stop pep. adding a bitcoin miner, or sending out XMPP spam

  246. Guus

    also: grain of salt 🙂

  247. pep.

    MattJ, sshhh, don't spoil it

  248. MattJ

    he's writing the code as we speak

  249. Link Mauve

    I doubt he needs that to send XMPP spam, I’ve seen way cheaper offers coming my way. :p

  250. Guus

    but, yeah, this is the same difference of perspective that made me conclude that I'm not a good fit for iteam 🙂

  251. Guus

    anyway, there is food waiting for me to prepare it

  252. jonas’

    gl!

  253. jonas’

    what is the preferred trello inbox for Board? Last year’s board preferred to have agenda in the leftmost column ("Agenda items")

  254. Guus

    jonas’: no preference, nor is there damage done by doing it wrong

  255. jonas’

    just making sure that it’s being looked at

  256. Guus

    I'd go with items for discussion

  257. jonas’

    ok, appended

  258. dwd

    OK, so this text describing the Summit: "The XMPP Summit is a yearly event, open to all participants in the standards process, and anyone working on or with XMPP. Run as an "Unconference", the agenda is only finalised on the first morning, and is therefore highly fluid. With heavy attendance from many key XEP authors and developers, places are limited, but registration is free. Lunch is often covered by sponsors, and it takes place in Brussels just before the legendary FOSDEM conference."

  259. jonas’

    s/Lunch is/Lunch for XSF members is/

  260. Zash

    Not confusing with dinner ?

  261. dwd

    I suppose we need a bit in the middle, erm, "Previous items on the agenda have ranged from low-level discussions on Groupchat to high level discussion on how XMPP is used, and how it can support modern UX needs."

  262. jonas’

    ohh

  263. dwd

    jonas’, Lunch is usually paid for for all attendees by a sponsor.

  264. jonas’

    I am confusing it probably

  265. jonas’

    sorry :)

  266. dwd

    jonas’, It's dirt cheap to sponsor, too, so it really doesn't matter.

  267. jonas’

    > ranged from low-level discussions on wire protocol, via considerations of interoperability of different standards, to high-level ..."

  268. jonas’

    maybe that^

  269. dwd

    That also works.

  270. jonas’

    oh, maybe I misunderstood for what "bit in the middle" you were asking

  271. dwd

    jonas’, I meant to we have a bit about the content. So in full, it'd be: he XMPP Summit is a yearly event, open to all participants in the standards process, and anyone working on or with XMPP. Run as an "Unconference", the agenda is only finalised on the first morning, and is therefore highly fluid. Previous items on the agenda have ranged from low-level discussions on Groupchat to high level discussion on how XMPP is used, and how it can support modern UX needs. With heavy attendance from many key XEP authors and developers, places are limited, but registration is free. Lunch is often covered by sponsors, and it takes place in Brussels just before the legendary FOSDEM conference.

  272. jonas’

    yeah, that’s good enough

  273. jonas’

    my middle bit was really me grasping straws

  274. dwd

    Except with a T at the beginning because I can't cut and paste.

  275. jonas’

    He, The Holy And Unspoken Of XMPP Summit

  276. dwd

    I'll never make a good developer if I can't cut and paste properly.

  277. goffi

    https://xmpp.org/about/xmpp-standards-foundation is not up-to-date

  278. dwd

    goffi, Council isn't no.

  279. dwd

    goffi, https://github.com/xsf/xmpp.org/pull/502 should help, right?

  280. moparisthebest

    Bad Gateway

  281. Guus

    Dave, I like that Summit description

  282. Guus

    (also couldn't help but notice that you removed Openfire from your bio, gulp)

  283. Guus

    dwd Shall we have a new page on the website with that text?

  284. Guus

    (and redirect Jonas' banner to that - then link to the wiki on the page with your text)

  285. Guus

    https://github.com/xsf/xmpp.org/pull/503

  286. dwd

    Guus, I thought I've done embarrassingly little on Openfire - I need to correct that before I try to claim it.

  287. Guus

    Yeah, you fixed that the wrong way around though.

  288. pep.

    Btw re discussions today about people having access to the infra, I won't be offended if I am removed rights to that github org :)

  289. pep.

    (Now I need to finish my bitcoin miner before they notice)