XSF Discussion - 2019-01-09

daniel (and others), I would love to hear your opinion on something. OMEMO has the issue of the key exchange not accounting for lost messages, that's why clients keep building sessions and reusing the same pre key until they get a response which tells them that the session was built successfully. I don't really like that solution. First of all I'm a little scared, because if a cryptographer tells you not to reuse a key, you should probably not reuse that key. Second it puts a lot of dirty hacky work on client devs, backing up the signal state before building a message and restoring it afterwards and stuff like that. So I was thinking about a different solution for a while and then I had the idea of just ignoring the issue altogether. Let's say you are really unlucky enough to lose the message containing the key exchange. You then send a second message, which gets delivered as usual. Your contact would notice that it can't decrypt the message and in reaction send a new key exchange back to you. So instead of one lost message, all the messages between the lost key exchange and the "healing" key exchange are lost. I would still consider that an acceptable trade for all the hassle and possibly insecurity that comes with the way clients currently handle that scenario.

adding more ways to non-obviously lose messages with OMEMO doesn’t sound like a good thing to me

It can't get much worse, can it?

Ge0rG: Don't jinx it

Can't we just encrypt all our messages with deflate and be done?

encrypt :D

I've got two semi-related questions for tomorrow's Board

1. are pseudonymous membership applications allowed? (I can't see anything in https://xmpp.org/about/xsf/bylaws but that Board decides about the form of applications) 2. https://xmpp.org/extensions/xep-0345.html which adresses this point with "no" is Deferred. Could Board please LC and advance it?

(I had put it on my todo to add '345 to the board agenda)

jonas’: do you have agenda write access?

yes

(I think)

in my role as editor

jonas’: if it's scoped to your role, you probably can't bring in my #1

that’s true

I think it's important that there's little barriers for people to bring something up for discussion with the board. Trello is just a tool - don't be to shy about using it to put something on the board's agenda. Maybe put it in AOB if you're unsure.

(tl;dr: go for it, jonas’ )

Guus: thanks!

as personal feedback on the pseudonymous membership applications (I've not read up on it yet): why would this be desirable?

(my gut does not like the concept, as it appears to conflict with transparency)

Guus: it does conflict with transparency indeed, and there are many debates of requiring a full name on different online platforms, with both sides suggesting many reasons.

They should join the secret shadow XSF instead

XXSF

That sounds like st else 😅😅😅

Zash the secret shadow XSF where they require you to sign up using the secret handshake and writing in blood? That's not 'bonding', that's DNA profiling.

I was just asked by a contact whether they could apply under a pseudonym, and I don't know their specific reasons. I'm not sure if this is relevant to a generic Board decision on whether to allow / deny them

XXXSF!

Rule 34!

I know at least one individual who was rejected for applying under a pseudonym before

waqas: I've heard that story.

Bear?

I think they are multiple possible outcomes: - legal name only - pseudonyms allowed - per-case decision of board (rather improbable outcome, I suppose)

well, on the one hand - we don't actually check up on the names provided anyway

we do have a requirement that not to many people are affiliated with the same organization, which might be a conflicting issue here.

Guus: yeah

Also, Members get to vote on things

Maybe Ge0rG is not really named Georg. J'accuse!

No, Bear wasn't for applying under a pseudonym, quite the opposite.

having anonymous members would open the door for one person signing up multiple times, influencing votes

Bear signed up using his legal name, which no-one recognized, right?

He applied not under a pseudonym, and no-one knew who he was except as Bear.

Right.

pep.: you had a chance to check my ID *and* to cross-sign pgp keys recently. I'm even a certified CACert assessor, orhowtheycallit

Note that the real name policy isn't really enforced, as far as I've seen. Someone could make up a real sounding pseudonym and they'll likely get in.

So, the door to one person singing up multiple times isn't really closed at the moment.

jonas’ / Ge0rG I added quick Trello items for both issues on Board's Trello Board.

Guus: thanks very much!

Guus, thx! :)

waqas I agree, and said as much. But still, ...

waqas: I think that we are in a situation where it's hard enough to get a person to sign up *one* time. We need more volunteers!

Also this is probably not the official Board response to that question ;)

right 🙂

while speaking of Board responses... anybody seen peter lately?

I'd really like to know what the reasoning is behind wanting to sign up under a pseudonym

he replied on github on an issue a day or two ago

maybe I need to PR for JabberSPAM after all?

Ge0rG Yeah, on github and in a mail sent earlier today/tonight

Wow, it was a decade back: https://wiki.xmpp.org/web/Solarius_Application_2008#About_my_anonimity

PSA: if you are going to be at the Summit, it would be a Good Thing for your name to be on the attendance list in wiki, as that's what I'll use to get everyone access to the Cisco building.

ah, thanks waqas - I didn't know about that one.

I'm not sure if either argument is a valid reason for us to accept anonymous signups. Not being a XSF member does not limit your freedom of speech. The other one is personal preference.

waqas do you remember if this persons membership rejection was specifically caused by the anonymity aspect of it?

Yes, I believe so

But rejected by the members, IIRC.

(Which I might not)

I'm not a free speech expert - did my comment above make sense?

I don't think not giving your name to an organisation of which you want to be a member is about free speech.

It doesn't look like we have the minutes on the wiki.

Kev: could you reword that with fewer negations, please?

And as we allow participation regardless of pseudonymity in our process, I don't see a reason we need to allow psedonymous members.

Ge0rG: This isn't about free speech.

Thanks Kev

I'm curious if there's any legal aspect here, in terms of the XSF's status as a non-profit

I guestimate that at best, that'd apply for registered officials of the org ✏

Does the board count?

unsure.

I'd have thought the XSF would need legal advice before accepting someone that they knew wasn't giving their real name. (Which isn't the same as being duped). So the path of least resistance seems to me to disallow pseudonyms.

I tend to agree with Kev - however, if there's a compelling reason, I'd be willing to consider allowing it on an individual base.

Me not being able to think of one doesn't rule out that such reason does exist.

Another case was Daurnimator later on. He withdrew his application based on this. I don't recall any other cases.

I have no strong opinions either way

In unrelated news: https://xmpp.net/ now is updated. Please file your bug reports and PRs at https://github.com/xmpp-observatory

updated with the DNSSEC fix? :)

yes

appears to be, awesome!

thanks for the work to all involved!

and the lets-not-accept-submits-as-http-gets

thingy

awesome

\o/

that should reduce the load on the system a lot, too

right

we'll need to have that new index at some point

index?

ah, db index

from iteam, I learned that there's a third docker image being used, still based on your personal account jonas’

maybe we should move that one over too?

the third one being?

and, yeah, sure

I can do that later, ping me after 15:00Z

https://xmpp.net — every host listed there has had the progress indicator for a few minutes. Is that real, or is that just stuck?

jonas’ : xsfjonas/xmppoke-db-docker

waqas that's real

tests take quite a long time to complete

my scan works at least: https://xmpp.net/result.php?domain=dreckshal.de&type=server

although I cannot rule out that a test that was running while the service was restarted will remain in this state forever.

Guus: maybe we can include the server into the "Recent results" only after completion of the test?

the progress indicator (and an 'error' indicator) now replace the question-mark that was previously used for both.

Ge0rG I welcome your PR 🙂

Also, I'd love to have volunteers to help maintain the code

ask Board to create a team?

this is not an XSF effort

I just need volunteers 🙂

waqas, if you refresh https://xmpp.net/index.php you'll notice that some tests now have finished.

takes about 8 minutes, it seems.

also, the number of submitted tests appear to be down an order of magnitude. Seems like the GET/POST thing was helpful. Thanks, whoever figured that one out.

that also looks much better now

because otherwise you always had those in-progress indicators and never knew if the service was kaputt or just lots of tests pouring in

Google's XMPP endpoint is still active? https://xmpp.net/result.php?domain=gmail.com&type=client

no way, I thought that got closed a long time ago?

Subject: organizationalUnitName: No SNI provided; please fix your client. commonName: invalid2.invalid

Lol

They closed the s2s

Took their sweet time tho, it was still up long after the annouced shutdow date, so long that people forgot that it was supposed to be dead.

Zash: did you test whether it works without TLS?

"it"?

Gmail xmpp

nc: connect to xmpp-server.l.google.com port 5269 (tcp) failed: Connection refused

Ge0rG, it never did work with.

c2s had TLS tho, still does

but it seems to require SNI

Link Mauve: exactly. It's kind of pointless to test it with an SSL checker then

Does xmpp.net do SNI?

https://prosody.im/pastebin/ac9e1833-ab38-4b75-a50d-5bdd5966656a anyways

Zash I do not know

jonas’ it's after 15:00 here - obligatory ping re. database

can we move it / use a new image, without loosing data?

Guus, I explicitly added the Z

(15:00Z)

(= UTC)

gotta run :), remind me after 15:00Z ;-)

=16:00+01:00

that last character didn't fit in my memory buffer

Guus: I prescribe more RAM

I tried image-searching for "ram module in nose" and did not find one applicable image. I am disappointed in the interwebs.

Guus, Off by on?

I hope that was a pun.

Guus, I think the question mark spoilt the joke.

jonas’ what I said earlier.

ah crap

dst

wait, you said 15

I'm fine

Guus, 1506Z right now.

Guus, Also, had someone else approach me about "what types of sessions might be going on", in order to travel to the Summit.

Guus, FWIW, this guy works heavily in IETF and standards dev in general - so the arguments about "we only want hardcore XMPP experts" are falling a bit flat given he's doing the XMPP work in SACM/IETF.

I'm not sure even /I/ have suggested we only want hardcore XMPP experts.

I have suggested we only want people who can meaningfully contribute, at least as the majority, for summits, but that's not the same.

> dwd 16:33 > Guus, 1506Z right now.

dwd: I prescribe some NTP

Guus, Oh. Yes. I should avoid taking the time from the previous message received.

dwd, I'd be overjoyed to list some kind of session details. I'm hoping that they'll be in that text that you were going to write 🙂

That would be difficult given I don't know either.

maybe we can draw from past experience, but also explicitly mention that we're doing that, and that actual content is often decided on on the first day.

Guus, "We will spend approximately half the first day discussing something that then lies dormant for the rest of the year"

Tradition

Guus, okay, I’m moving the repository, and I’ll patch the docker hub stuff under my name

Yes, but that needs less of your truthfullness and more of your marketing sauce.

it might maek sense to make a docker hub org, too

jonas’ +!

eh, +1

Guus, ok, s o I linked https://cloud.docker.com/u/xsfjonas/repository/docker/xsfjonas/xmppoke-db-docker to the repository under xmpp-observatory

it is built from xmppoke-frontend-docker

so I only had to patch the source repository for the docker build

https://hub.docker.com/r/xsfjonas/xmppoke-db-docker/ that one

xmppoke-frontend-docker is no longer used

that's merged into xmppoke-frontend

why does it exist then? :(

eh?

jonas’, To annoy you.

and how are you building the images?

because my builds are still pointing at xmppoke-frontend-docker

jonas’ images are built here: https://hub.docker.com/u/xmppobservatory (which holds two plans)

iteam now pulls two out of three images from there too

okay, so it’s not my department anymore anyways?

you’ll have to re-create the build there ✏

well, the object of the move was to have you no longer be responsible for maintenance on your own, right? 🙂

the xmppoke-db-docker build built this Dockerfile: https://github.com/xmpp-observatory/xmppoke-frontend/blob/master/database/Dockerfile#L2

Guus, yes, but the point is, I don’t have +w on that docker hub org

I can’t do what you’re asking me to do

aah

(I originally was thinking that (a) you’re still using the images I build under xsfjonas and (b) you were talking about a github repository which had to be moved)

@jonas: actually, xsfjonas is owner of that docker hub org

then I’m too stupid for that interface

let me se

it is a confusing interface, I get lost all the time.

also, _I_ was under the impression that it involved another github repo

https://cloud.docker.com/u/xmppobservatory/repository/docker/xmppobservatory/xmppoke-db-docker/builds so that’s maybe what you are asking for? (I just created that) ✏

looks good-ish 🙂

so, if iteam now switches to that - will it loose all existing data?

so I’m going to delete all the stuff under xsfjonas to reduce confusion

no

if iteam configured it properly

the pgdata should be in a docker volume

Kev ^ ?

which is not lost when the container is re-created

I'm unsure if the data / volume is linked to a container type / image or somesuch

I'm not very familiar with docker

no, volumes can be freely moved around between containers

they exist independent of them

(most likely, iteam configured it just as a mount anyways)

jonas’ follow up question: can we incrementally add to the database definition (add an index)?

manually, yes

log into the container, get a postgres shell, create the index

right, but from a definition?

define definition

(somethign that need not involve iteam?)

iteam needs to be involved anyways

there now is a one-time reconfiguration, yes, but after that, it'd be nice if they could take their hands of off it for things like this.

it’s not possible, because you’d have to modify code to do that

and none of the images are pulled automatically

and that’s intentional, AFAIK

Oh, I was under the impression that the images _are_ pulled automatically

as with the website

but am unsure.

I don’t think that’s the case for those which execute lots of code (i.e. all of xmppoke)

It's not automatic, no

and yes, postgres data is in a volume (or a data container, or something)

ugh. I had hoped for more automation.

you don’t want automation for that kind of stuff, I think

why not?

old code has been bashing the server for months, no-one cared. Things are unlikely to get worse than that.

I'm on the fence, but I get jonas’'s point

if anything, you'd have more people be able to fix an issue, by autodeployment.

intosi and Kev had a very strong opinion on this IIRC

it's in containers, isolated

Combined with your proposed policy of adding anyone who complains to the org, it's granting many people the ability to run arbitrary code on XSF servers :)

MattJ, yes.

containers only provide that much isolation

Doesn't stop pep. adding a bitcoin miner, or sending out XMPP spam

also: grain of salt 🙂

MattJ, sshhh, don't spoil it

he's writing the code as we speak

I doubt he needs that to send XMPP spam, I’ve seen way cheaper offers coming my way. :p

but, yeah, this is the same difference of perspective that made me conclude that I'm not a good fit for iteam 🙂

anyway, there is food waiting for me to prepare it

gl!

what is the preferred trello inbox for Board? Last year’s board preferred to have agenda in the leftmost column ("Agenda items")

jonas’: no preference, nor is there damage done by doing it wrong

just making sure that it’s being looked at

I'd go with items for discussion

ok, appended

OK, so this text describing the Summit: "The XMPP Summit is a yearly event, open to all participants in the standards process, and anyone working on or with XMPP. Run as an "Unconference", the agenda is only finalised on the first morning, and is therefore highly fluid. With heavy attendance from many key XEP authors and developers, places are limited, but registration is free. Lunch is often covered by sponsors, and it takes place in Brussels just before the legendary FOSDEM conference."

s/Lunch is/Lunch for XSF members is/

Not confusing with dinner ?

I suppose we need a bit in the middle, erm, "Previous items on the agenda have ranged from low-level discussions on Groupchat to high level discussion on how XMPP is used, and how it can support modern UX needs."

ohh

jonas’, Lunch is usually paid for for all attendees by a sponsor.

I am confusing it probably

sorry :)

jonas’, It's dirt cheap to sponsor, too, so it really doesn't matter.

> ranged from low-level discussions on wire protocol, via considerations of interoperability of different standards, to high-level ..."

maybe that^

That also works.

oh, maybe I misunderstood for what "bit in the middle" you were asking

jonas’, I meant to we have a bit about the content. So in full, it'd be: he XMPP Summit is a yearly event, open to all participants in the standards process, and anyone working on or with XMPP. Run as an "Unconference", the agenda is only finalised on the first morning, and is therefore highly fluid. Previous items on the agenda have ranged from low-level discussions on Groupchat to high level discussion on how XMPP is used, and how it can support modern UX needs. With heavy attendance from many key XEP authors and developers, places are limited, but registration is free. Lunch is often covered by sponsors, and it takes place in Brussels just before the legendary FOSDEM conference.

yeah, that’s good enough

my middle bit was really me grasping straws

Except with a T at the beginning because I can't cut and paste.

He, The Holy And Unspoken Of XMPP Summit

I'll never make a good developer if I can't cut and paste properly.

https://xmpp.org/about/xmpp-standards-foundation is not up-to-date

goffi, Council isn't no.

goffi, https://github.com/xsf/xmpp.org/pull/502 should help, right?

Bad Gateway

Dave, I like that Summit description

(also couldn't help but notice that you removed Openfire from your bio, gulp)

dwd Shall we have a new page on the website with that text?

(and redirect Jonas' banner to that - then link to the wiki on the page with your text)

https://github.com/xsf/xmpp.org/pull/503

Guus, I thought I've done embarrassingly little on Openfire - I need to correct that before I try to claim it.

Yeah, you fixed that the wrong way around though.

Btw re discussions today about people having access to the infra, I won't be offended if I am removed rights to that github org :)

(Now I need to finish my bitcoin miner before they notice)