XSF Discussion - 2019-12-19

There's something off there, that we can't quite put our fingers on.

okay, qualys hangs as well

wow, I got a blinking notification in my favicon thingy as soon as I opened the first google hit for "qualys"

that's a sure way to have me close a browser tab in record time.

blinking favicons. lovely

the only thing even worse is "randomnews.example wants to access your location"

"wants to send you notifications"

I actually don't always mind sharing my location (eg: weather updates)

Guus, "randomnews.example wants to access canvas" also

There's access control for canvas now?

I've never had that

Zash, it's been a while

everything in web is horrible

I'd love to imagine what you could write on Chrismas cards... 😉

"Wishing You a Merry Christmas. Somebody must get one, after all, and it couldn't be any worse that last Christmas."

I think it’s indeed hard to have anything worse than Last Christmas ("I gave you my heart")

But the very next day..

I heard it TWICE this year already, and I’m neither proud nor happy about that

Here the government is kind of preventing Christmas, by forcing their pension reform upon us and we don’t like that.

And they still have the guts to ask for a break for christmas :)

Link Mauve, Trust me, you have no reason to complain at your government.

Trust me, we do. :p

Try living in the UK.

Not diminishing yours in its terribleness of course.

I did try that for quite a while. :p

But you never let me vote for an election which matters.

having a vote on stuff that matters didn't turn out to be much of an improvement...

True, your latest one was a disaster once again.

You all need Fully Automated Luxury Space Communism!

I had to google that.

Joining a potato farming collective is also an alternative to consider.

I'm from the Netherlands. We _are_ a potato farming collective.

pot-ah-to or pot-ay-to?

po-tat-is

aard-ap-pel.

> I'm from the Netherlands. We _are_ a potato farming collective. You switched to potatoes after the tulips bubble collapsed?

Ah, it's called tulpenmanie

apparently, we produce about 3 billion tulip bulbs annually.

assuming that an average potato weighs about 100 grams, we do ~70 billion potatoes.

</wikipedia>

(potatoes are probably a lot cheaper though)

Guus, Maybe I should invest in tulips, then.

dwd: Don't https://en.m.wikipedia.org/wiki/Tulip_mania

I like how !XSF_Martin is single-handedly trying to save us from another event like the crash that happened in February 1637.

Almost time?

Almost

I appear to be here, against all odds.

0. Welcome

!

Hi!

Who do we have?

o/

Seve was here ealier?

hi

!

Also, I'm expecting a contractor to show up at my door between now and 16:00, so I might have to leave early.

1. Minute taker

(as if those ever show up on time)

Can do

I'm on it: https://mensuel.framapad.org/p/9dye-cfzbnvup1y-XSF-board-weekly-2019-12-19

cool

Thanks nyco!

2. Board Mailing List

my contractor is there tomorrow morning :)

I've saw a few mails around this subject, and I'd like to reiterate my view:

The board@xmpp.org mailing list is specifically for non-public discussions and silly things like sending regrets for meeting attendance. We aim to do as much as possible in the open, either here or on the members' mailing list.

Non-public stuff would include discussions on particular individuals, eg. bad behavior. I don't see a lot falling in this category.

I've raised the subject because I haven't seen anything explicit about this.

As for the archive, I actually don't know if it is archived currently.

One thing to mention as well, the board@xmpp.org address can be used as well to receive emails from people outside our communitiy, trying to get in touch with the Board. So in that sense this cannot be public.

Seve, cannot is a strong word

pep., either we create a contact@xmpp.org or we cannot make it public

pep., you may not have, and I'm not entirely sure how to make sure we do going forward. Like a standing list of decisions on a wiki might be a good thing, but I'm not sure how unweildy that could become.

That'd be a first step I guess

A general observation: I think there is much about the running of the XSF that is currently undocumented

Like a "board decisions" category on the wiki or sth

MattJ, agreed

let's stay on point though.

Board decisions are buried in minutes, but there are other things that are often just a verbal "This is the way we do things, this is the way we have always done things"

I'm happy with such a decision list, with identifiers like 20191219-001

So you can refer to the original discussion dates.

(I've seen this in many other orgs)

Sounds good

A bit cryptic to me, but I'm happy to bikeshed once we've agreed that this needs doing

I was going for a date and a sequence number, but whatever you want.

So do we agree that members@ is the venue we want to use? and board@ only when things need to be private? (when is that even6)

+1

0

+1

pep., yes members is our venue by default

+1

Seve?

I didn't understand that was the point, but to that sentence I'm +1 ✏

That wasn't (in my agenda items) but it's an underlying issue

What about the list history? Is it kept somewhere?

If not can we? And if so can we open it?

As far as I know, Peter answered that correctly. We might want to ask iteam to have another look, as I think having history would be nice.

(sorry, I was typing for a while)

+1

+1

+1

Perfect ralphm :) +1

+1

ISTM that if conversations have to be confidential, possibly not archiving them is ok?

pep., as I said, I honestly don't know if we keep archives of board@. MattJ ?

I don't believe we do

I do not believe board@ is archived.

Kev, I think so

both motions carry and will be the first to go on the wiki, yay!

For reference: Peters answer mentioned technological challenges to getting a non-public archive realized.

I'm curious about those, but I agree with Kev that this might be a thing we shouldn't do

I don't agree with that.

I don't agree with Kev on this point. And I'm curious about the technical issue

it might be very benificial for new boards to be able to read back.

I don't, however, think this is so valuable that we should spend a lot of effort on this.

But if it's a technical issue I'm happy to leave it be until iteam changes software (maybe)

I do know that I have private mailman lists (as administrator) on ik.nu, and that's not been an issue

Guus: I guess the question is "What is the issue that means that members should not be able to access the discussion history?".

Because I'm prepared to bet that lots of those are cases where potential future Board members likely shouldn't be privy to it either.

Having new Board members able to read previous discussions I think would be a desirable thing - especially in the case where issues are ongoing at the point of a handover

Kev members or general public?

(Well, 'lots of those cases'. I believe that such instances are rare in the first place)

Sorry gotta leave.

MattJ: I think in such a case it would be very appropriate for old Board to brief new Board directly.

Guus: They're basically one and the same :)

Brief != access to raw data

not really

i.e. the outgoing Board then has full control over the narrative passed to the new Board

for example when discussing negotiations with outside entities

Guus: Find a nominal member of the general public who shouldn't have access to a discussion while a member should, and then how that public person would be prevented from joining :)

might be relevant to keep that under board/membership and not the outside world, pending negotiations (we've had some examples with making our minds up about the way to work with sponsoring, copyright, things like that)

Is there anyone here that wishes us to further look into (technical) possibilities to realize such an archive at this point?

(if not, I'd like to move on)

I'm fine with things as they are right now, though would be open to making this a potential iteam todo later down the road

that's the same for me

I'd like to have it if it's technically possible. If it's an issue with our software then maybe moving to something else (mailman3?) would be benefitial (also for other things). I'm not rushing iteam but I want this to be considered

beneficial*

An archive for board@xmpp.org accessible by Board?

Seve, yes

Then what MattJ said sounds very good to me, indeed

ok - MattJ with your iteam hat on, will you commit to look into technical feasibility?

With my iteam hat on, iteam has more pressing todo items unless Board considers this high priority (and I'm not sure most of us do)

Well I'm in board and I already don't have access anyway so I guess we got at least a year :-°

pep. can you agree to this being a low-prio thing?

Sure

Well, lower priority than other things

I've moved the Trello card to the backburner lane

Not low priority

(If there is a semantical difference here)

let's circle back to this once iteam has found the time to look into it.

Understood

Super

We've got five minutes let.

left*

I'd like to tackle this item from trello: Consider speaking out about savedotorg.org

as that is going to be outdated soon.

Do we want to pursue this?

(speaking out publicly)

I don't see why we wouldn't

In a previous meeting, we postponed discussing this topic, to give board members time to read up.

I don't think we especially have to write something about it

So do we have to take any actions?

I personally do not want to publish anything about this. Sure, I don't like what's going on, but I am not concerned that it will have the impact big enough for us to speak out against it.

Many larger organisations than ours have already spoken up. That doesn't mean we shouldn't, but also ICANN are reviewing the situation - I'm not sure "speaking up" will make a difference to the outcome in any meaningful way.

But not saying anything about it is also saying something about us.

Especially now that we're aware of it

What should be acceptable then? A tweet?

I'm on the fence between speaking up and just avoiding getting involved in the latest internet outrage currently top of peoples' minds

let me put it this way: I'm not seeing anything that we should voice concerns about. It's more of an internet outrage (thanks Matt) than an actual issue, in my opinion.

I've read some texts about potential far-reaching effects of this that I absolutely don't agree with.

There is the possibility that the transition will allow the increase of .org pricing. I find it hard to believe this will affect us in any way (if the XSF and other organisations cannot afford their domains, switching is painful but possible)

sure, it's a bastard move from people wanting to make money - but I don't feel that this is going to significantly hinder free speech, or anything to that extend.

Then there is the possibility that the deal was under-handed in some way. I don't think we know enough to pass judgement on this.

Nor is it necessarily our place to get involved in that debate

(when as I said, I don't think it would affect the outcome in any way)

Sounds wise

do we want a vote on this?

Don't see why not

I guess there is consensus. I don't especially agree but I'm not going to block it

We need to fill up that wiki page

+1

+1

+1

0

Motion passes.

Our time is up.

AOB?

None here

Thanks nyco for the minutes :)

I had one but it's been discussed (wiki stuff)

Nothing else

I'd like to mention two things:

1. GSOC has been announced. If we want in, we should act before mid january. Let's think about that.

2. People interested in joining the Summit or FOSDEM should subscribe to the summit mailing list.

date/time of next

as +1 week is Chrismas, I propose +2w

I can do both.

I'm fine with +2w

I can do next week, but probably not until two weeks after (not sure yet)

+2w wfm

I can't make it next week.

So that settles it :)

lets do +2w

happy holidays!

Same!

Thanks all.

You all too! Thank you for the mmeting

Thanks all

I guess I forgot an AOB, and I already said last week I'd take that to the list. I'd like to stop having meetings be at the center of what we do. Topics for discussion can and should be taken up to the list first IMO, to give a choice to anybody (board mostly but also members) to express their opinion and not be simply ignored because they can't participate in meetings.

I'll take that to the list now.

I agree - it'll make us a lot more effetive.

please review: https://mensuel.framapad.org/p/9dye-cfzbnvup1y-XSF-board-weekly-2019-12-19

nyco for future reference: I think it's better to explicitly note in the minutes if a motion passes or not. That removes any uncertainty.

And also add ACTION points, imo

I've added it to todays minutes (and thanks for doing them in the first place)

If there are any

A decision without any action is :x

(generally not useful)

be my guest

Yep I'm adding it

Thanks for writing all this :)

if there are actions, they you should maintain/track/follow such a list, for example in a Trello, or whatever, and review the status at each meeting

otherwise, actions are lost

I want automation really. I don't think trello is much better tbh

Trello is only a tool, nothing there is automated

I want a bot or sth we can talk to directly in meetings or on list that would be our source of truth (?) potentially posting stuff on the wiki or sth

(or on trello or..)

the goal for a team is to share, track, overview

a bot is only another tool (that adds one more layer, btw)

"automation", whatever form that takes, is good to take

"Actions review" should be an agenda item then

sure

not always

Yeah - plus, putting in effort to write a bot requires a lot more effort than manually keeping things updated in tools we use now.

Maybe you're not seeing the same things I am seeing

automation rocks when there is already a routine

Anyway, that's all ifs for now

for now, actions is a new stuff, and it is not tracked, whether it is automated or not, that's not in question

I'm off. ttyl!

I'd rather say actions are a matter of (the sum of) individual capacities

Minutes look good to me now

yes, indeed, collective effort, that was my aim

I'd love that to continue

I'd love to avoid a truck/bus factor

I'd love not to miss any more Board minutes like we have been so good at :)

I did miss last week. Even if there wasn't any official meeting we did talk about $things.

Or even just to say there was no meeting

be my guest

the logs are available

Yeah, let me send that quickly.

thx a lot

minutes sent, thx all!

Sent last week as well.

Thanks nyco

thx pep. now there are two actions, none are tracked, one is not assigned

Better than no actions at all? :)

We can review past actions next week for sure.

And make that a habit

https://discourse.mozilla.org/t/synchronous-messaging-at-mozilla-the-decision/50620

How did Mozilla, which employs a bunch of XMPP experts, end up choosing Matrix? Did anyone know this was being chosen?

They discarded XMPP early on

XMPP is not a product. They were looking for products.

dwd: what xmpp experts do the employ?

and they're using the hosted versions the article says, ugh.

Daniel, Joe, Peter, Jack, M&M. Many aren't very active. But it's massively disappointing to me that XMPP isn't a serious competitor.

What Zash said. Not surprising.

XMPP is a protocol, Matrix is a stack from protocol up to official clients for all platforms.

dwd the issue was not about XMPP, but the lack of client that "looks like" Mattermost/Riot/Slack…

dwd, what Zash said. Name a single viable product to compete with Matrix or Slack that is also free software

dwd: thanks. I was just asking out of curiosity.

To be fair. The open source tooling we have that you can just start using right now is kinda bad

dwd, they were pretty open about this whole process (which has been going on for months), but I don't think there is any XMPP solution I would personally stand behind as meeting their requirements

And I assume the same applies for everyone else who didn't submit a proposal to them

They also use the modular.im hosted service instead of hosting theirselves. I guess they really just wanted slack, but not slack (= a fully-managed, cloud-hosted, mostly centralized chat solution with good web client)

yeah

fwiw Matthew (Matrix) told me directly at POSS that they would work again on the XMPP bridge, so we'll see..

literally everytime i have met any matrix fan or employee they were telling that 😀

yeah..

and they immediately start the marketing machine: https://matrix.org/blog/2019/12/19/welcoming-mozilla-to-matrix/

Ge0rG, you surprised?

pep.: not at all. I'm rather sad about the lack of a comparable machinery (or a /product/ to brag about) in xmpp land

They worked hard for it for about 4 years, so obviously they are happy about the achievement 😀

Ge0rG, bring monies to the XMPP.

https://discourse.mozilla.org/t/matrix-and-irc-mozillians-custom-client/2911/7 < completely neutral pros and cons there

pep.: hey, that was my argument!

pep.: so how much is an xmpp-based IM product that I can deploy in March 2020?

You'd need money from VCs!

Start now

MattJ: So how's that Hype Machine coming?

It's hyper

did you say it's hyped?

Hyperhyped

pep., Ge0rG, I think the main issue is rather that all XMPP clients have severely different feature sets and UX. Most of them are fine. Conversations is solid, Converse.JS also works pretty good. But both have features that the other one doesn't have, so you end up with the smalest common feature set and also the UI is completely different. Also conversations is more focused on private chat and less on organization chat (converse does a better job for the latter)

larma: let me tell you about Riot for Android and RiotX ;)

larma: but you are fully right of course. Which is why I've been pushing for Easy XMPP and Compliance Suite

I don't really think compliance suite will help. It will always be the smalest common feature set everyone can agree on, and that won't be enough

larma: the alternative is to have a team like Xabber or Tigase provide a set of apps for all major platforms

i think it's also more about the UI

having the same colors, buttons

edhelas, true, also chat bubbles vs the other thingee (is there a name for it)

edhelas: for corporate use, yes. for a community like mozilla, probably not so much

Ge0rG, Tigase hardly has the same feature set across platform last time I checked

the chat bubble has burst in 2004.

larma: I'm sure that Xabber iOS will be the bestest of all XMPP clients, though.

it will probably take the ugly parts of other iOS XMPP clients and combine it with the ugly parts of other Xabber clients 😀

Conversations 3.0 will probably get rid of bubbles.

larma: who am I to judge ugliness of xmpp clients?

But yes not having an entity that can provide a unified product is a big hurdle

And compliance suites and the so called easy xmpp wont solve that

What you need is to have a single well-funded company do everything.

Daniel: speaking of easy xmpp, MattJ and Zash and me have a first prototype of XEP-0401 with minor protocol changes at https://gist.github.com/mwild1/088b89ea6073671ff33b4303f222a0e9 - would you mind adding that to conversations?

Zash: (pep.) > Ge0rG, bring monies to the XMPP.

Ge0rG: I currently have no plans for that

But I am happy to see support for pre auth

Daniel: it's also fixing your major issue with 0379 - the tokens are completely handled by the server

small question, where can I store the password in Bookmark 2 ? I see it was removed

You can't (in any standard way)

store it in the JID :P

MUC Passwords considered harmful

/join `pwgen`@chat.yax.im

ok :D

Ge0rG, but security!

so I'll go with members based

Zash: s/Passwords//

edhelas: yeah, private, hidden, members-only

I can't remember seeing an actual password-protected MUC

I'm still member in one.

Zash, That's because they're all hidden too.

Unfortunately, all the other members have vanished.

We got a bug report about handling MUC passwords insecurely in Prosody. But we need to because they're supposed to be included in plain text in invites.

if only we had invitation tokens. What about per-occupant-JID MUC passwords?

That might be doable without protocol changes?

it totally is

but you can't request an invitation to a members-only MUC

Ge0rG, Can't you?

Ge0rG, can you invite me to The Secret Room?

^ see

Zash: you and me are in the same MUC, and you know my JID and you know that I'm online right now.

Zash: imagine a room with multiple admins of which you know none directly.

Ge0rG, I meant https://xmpp.org/extensions/xep-0045.html#register and https://xmpp.org/extensions/xep-0045.html#regapprove

dwd: can you do that from the outside?

I haven't seen an implementation of that anyway.

The text seems to be specifically about that case.

I forget if the Prosody implementation of this allows it, can check.

Tho it was more focused on registering your nickname

Guus, Doesn't Openfire do that ^^ ?

Didn't know this was in 0045.

What what?

Registering yes. Regapprove, don't know

> XMPP is a protocol, Matrix is a stack from protocol up to official clients for all platforms. Even more, there are more or less central instance in a decentral network which is in my view not there for xmpp unfortunately

I started this: https://wiki.xmpp.org/web/Category:Board. All these templates might not be useful ("Board" might be enough), but that's details

emus, I'm not sure that having a single central gigantic instance is a sign of health for a federated network/protocol. jabber.org being a half-dead zombie is in a way a sign of maturity for XMPP. We can go on without it (but it make make a comback!)

"Half-Dead Zombie" - in the sense of running reliably.

I mean more in how registration has been temporarily closed for years

reliably? Why did we recreate jdev@ on muc.xmpp.org again? :)

Lack of interest in upgrading it, I think.

That was because of the dhparams I think, wasn't it?

Yep. Which causes many people being unable to join ✏

Sure, but that has nothing to do with reliability.

To me it is pretty much the definition of it (and we can go on like this for a long time as long as nobody gives a definition of that word. Just like people use "stable" for pretty much everything)

I think our understanding of English is probably different.

To me, functioning as intended, consistently, and not failing would be reliable.

But, regardless.

> emus, I'm not sure that having a single central gigantic instance is a sign of health for a federated network/protocol. jabber.org being a half-dead zombie is in a way a sign of maturity for XMPP. We can go on without it (but it make make a comback!) Im sure you see that I dont want a gigantic instance, but a resonable guidance / landing boat with some kind of official manner. still I agree its a good point its working (technically) without it

And back to the central thing. not every characterisitc of central organisation is bad

for the beginning it can make thing easier. i think you get my point

Based on my hobby archeology, I'd say it was, back in 1999-2004.

Back when you had a single server, a few clients, the Jabber Software Foundation and Jabber Inc.

dwd I checked: no manual approvement of nickname registration in MUC in Openfire.

Can those things be done in MIX?

I think I've seen something similar in XEP-0060, ie subscription approval, so maybe.

Zash: I mean for the beginning for newcomers and companies interested