XSF Discussion - 2020-01-23

is using an empty <before> element in a RSM request a spec'ed way to request for the 'last' page of a result set?

yes

its described in the RSM XEP

https://xmpp.org/extensions/xep-0059.html ?

can't find it there

https://xmpp.org/extensions/xep-0059.html#last

do'h!

d'oh?

bah!

thanks.

It's ok, it's still early in the morning :)

I don’t envy you

Is that a long way?

it’s more than the 7 km or so I commute to work

93 Great British Miles, so yeah quite far

https://igniterealtime.org:443/httpfileupload/747e77fb-3cd9-4f54-ba4e-c6309947f2af/image.png

lol

my usual commute to work is measured in meters, not in kilometers

7 km is a bit above the average for my commute to work in the last year. I had home office a few times.

hm. when I divide the kilometers driven last year by working days, I have a daily average of ~43km. That's rather high, and it doesn't even count in the railway kilometers.

Pendlerpauschale!

I used to commute 1000km a week. I've learned that the time lost in commute, not so much distance, annoyed me more.

it's so... pointless.

For the past few years, I'm working remote - saves me 2 to 3 hours a day that I can spend on things that are more enjoying than sitting somewhere, waiting to arrive somewhere else.

I’m using commute time for reading up on stuff nowadays

(I did have ~one year of commute by bicycle, which was good for clearing my head / getting in shape (less out-of-shape) - that was good too).

I imagine

cycling is kind of a suicide mission here tho

waaay too many high-traffic roads without dedicated cyclist lanes

Yeah, I was driving myself. Reading while operating a vehicle is frowned upon, generally. Never got into audiobooks - although I was very up-to-speed with current affairs through radio shows.

Yeah, I've learned that. Once drove over what i thought was a dedicated cyclist lane in Germany, which turned out to be the emergency shoulder of a highway.

driving yourself sounds like an ecological nightmare in addition to the waste of time

holy smokes

there was a colonne of military vehicles passing us. Every. Single. One. Used. Its. Horn. On. Us.

yeah, cyclists on the highway is also something which gets mentioned in radio traffic reports

but now I get *why* you’d even do that -- thinking that the emergency stuff was for cyclists

Yeah, that's not done here too. But we got confused by first having been on what actually was a dedicated bike path on a very similar road.

In the Netherlands, things are very clear to me, in that respect.

Also, this was 20 years ago 🙂

oh, being self-employed and being able to deduct travel from taxes should give me a nice way to see how much I travelled (for work) last year.

just under 120 hours.

so that’s probably less than I commuted last year

which is by approximation in the order of 140-180h

I travelled just over 10,000km last year

in those 120h?

I try not to travel more than I have podcasts in my subscription

I have two customers that are both relatively far away (~140km one-way). I'm visiting one of them once a month, and the other once a week, when I have an active project with them.

I’m in the order of 3200km, so your travel is *much* faster than mine :D

yeah those km and hours correlate to each-other.

most of it is highway.

(which isn’t surprising, because I’m commuting from one end of the city to the other)

(via public transport, which is okay, but mostly blocked by rush hour individual traffic)

10430/120 = 87km/h

makes sense.

I hope I'll be driving a BEV two weeks from now, so that I can still commute by individual transport but not have such a bad conscience ✏

BEV?

Guus: battery-electric vehicle (of course only charged by regenerative energy sources)

ah right.

I'm on regular petrol - next car probably will be an electric one as well.

still - 10,000km is a dramatic improvement over a few years ago for me 🙂 ✏

Not arguing that more should be done.

I'm pretty sure that what's happening now all over the world is the beginning of the Apocalypse.

yeah -- I’ve been in a fun discussion the other day and it’s echoing back

"Jesus will save us" was the tip of the iceberg

but we’re getting lots of off-topic now :)

jonas’: Jesus will save us from that, too

from the off-topic?

sure

I thought our lord and saviour for off-topic was xmpp:xmpp@chat.yax.im?join ?

I'm very interested in what will happen in the Netherlands in the next few months. Somewhere in March I think, the speed limit is dropped from 130km/h to 100, in order to reduce emissions.

I wonder what that does for not just the emissions, but also traffic jams, injuries, etc.

yeah

also, kudos to the netherlands

even thinking out loud about introducing a 130 km/h speed limit gets you on the kill-list as a politician on Germany :)

jonas’: you shouldn't be making fun of it. Politician kill-lists are a real thing in Germany

It's a grudgedly applied limit, because we suddenly found out we had to stop all kinds of developments due to to high emission levels.

Ge0rG, I know.

Guus, ah, germany simply doesn’t care.

I think the average commute in the Netherlands is 20km or something

wow 100km/h, so slow Guus

"we’ll deal with the trials when they happen" or something

Germany obviously is bigger.

I would love to see a speed limit on Die Autobahn, even just because my BEV will be capped to 167km/h

also, the limit does not apply at night, I think.

Well, that bit makes sense at least. Stop people being used to driving at speed, and then tell them the only time they're allowed to do it is overnight when they're driving tired.

Kev: it's only to support natural selection.

120km/h is the highest speed limit in Sweden.

100km/h is slow, yes. No-one really likes it, and I wonder if it will hold up at all. But it's the least unpopular thing that they could do, at this point. ✏

I wonder, if XEP-0157: Contact Addresses for XMPP Services should standardize the address of the data protection officer. Because of GDPR and IMHO none of the standardized roles seems to fit. E.g. <field var='data-protection-addresses' type='list-multi' label='One or more addresses for data protection and privacy'/> I didn't check the related RFCs for such things, though. And maybe we can standardize the address of motorway traffic police officer, too.

motorwhat?

Autobahn!

they had a group called autobahn

technopop

With the Album Nagelbrett or so.

The dude abides!

Kraftwerk!

Kampfhund!

https://proxy.mdosch.de/?mortyurl=https%3A%2F%2Fs2.qwant.com%2Fthumbr%2F200x200%2Fe%2Ff%2F1efb1083c05fbb5ac43e5005853f9ca02e1ede3e01aa08a979338d406b320d%2Fbig-lebowski-autobahn-nagelbett2-1856.jpg%3Fu%3Dhttp%253A%252F%252F3.bp.blogspot.com%252F-p9_oyJzTjAw%252FUuk01RDzdeI%252FAAAAAAAAWaE%252Fq5S3o5oev9I%252Fs1600%252Fbig-lebowski-autobahn-nagelbett2-1856.jpg%26q%3D0%26b%3D1%26p%3D0%26a%3D0%26b_id%3DOIP.ouLprTXlo81s_QO-m1hF0wHaHa&mortyhash=77c57ead43440344f9b841078413628118bd2e6f6b37ab7256e9a841d2dd93a0

> proxy.mdosch.de?

For my searx

it’s been too long since I watched the Big Lebowski

So I can preview results in image searx without leaking my ip and search term to a lot of websites. 😃

so now we all leak our IPs to you?

😈

Standardized server-provided previews?

I already know your ip, see: https://ip.mdosch.de

> Standardized server-provided previews? What? Searx is using the Morty proxy on the image search result page.

this has completely derailed

Uh, this is xsf. Felt like Schrödinger's. 😂

Late

!

0. Welcome + Agenda

Welcome all. Who do we have? Do you have an agenda item?

https://mensuel.framapad.org/p/9elq-XSFBoardWeeklyMeeting-2020-01-23-zzbs

o/

No agenda item right now. There are things I need to send.. soon(tm)

DO we have a MattJ?

1. Minute taker

Hey

Thanks nyco!

2. XSF Objectives

The PR that's still listed on our Trello has since been retracted, in favor of an offer to make XEP-0001 a bit clearer.

I believe one of the issues was that XEP-0001 doesn't clearly (enough) document or reference what we believe to be an open standard.

Working from what is written in our IPR Policy, I believe we should be able to resolve that unclarity.

I don't think it'd hurt much to clarify things, if we can do that without adding so much prose that that in itself opens things up for interpretation.

iirc, Kev volunteered to make a suggestion for an improvement, after a time of reflection.

RIght.

Right.

So I think we can close this item for the time being.

For this kind of soul-seeking process I'd like to involve members. If we get to something board thinks is ok, then propose it for a vote or sth

I don't think that's needed.

searching*?

I'm not looking to suggest a change to process, just a clarification to XEP1 of what our process already is.

Guus, why not?

as I assume Kev is going to write up a more specific definition of what Ralph, Dave, me and others understand to be the definition as how we interpret it today.

(We might, subsequently, decide we want to change our process, but one step at a time)

pep., IMO, I don't think we need to be soul-seeking. The XSF has been pretty consistent in their interpretation of what constitutes an open standard, in our IPR, FAQ and Mission statement. Documenting that clearly in XEP-0001, however, is useful.

And I have to vanish now. Will read the minutes.

Even just "clarifying" something possibly changes what people were picturing

I think Kev's approach is sensible: clearly document what we have, and decide if we want to change that only afterwards.

Different minds, different ways to interpret things

etc. etc.

As Kev/etc. said, I'm with documenting the current state of things

Indeed

Changes are a separate discussion

I'm not saying I'm against documenting things, note

Just that I don't think it's possible to solely "document" this kind of things. Anyway I'll wait to see what comes out

Let's see what Kev comes up with. We'll have to vote on it to merge that change anyway.

Let's not over-engineer this to much.

Thanks

Super :)

2. XMPP Summit / FOSDEM

Things are well on their way, with various people involved in getting this organized again.

(scam hat on) did everyone receive the dinner invitation?

I did.

Yep

it should have gone out to members and summit mailinglists.

cool

For those reading these logs and/or minutes: please register for the XSF Dinner.

Unsure if we need to discuss more around these events in this meeting?

(happy to, unsure what)

nothing in particular

Other than to mention that we will not have a Board meeting next week.

right.

3. GSoC

I was curious if there are any updates.

For those reading these logs and/or minutes: please have your name added to the wiki page if you attend the summit. I'll use that for the guest list at Cisco's.

Thanks Guus

flow registered us as an organisation

iirc, him and larma are signed up as an org admin. He asked me to sign up as one too, in the understanding that I'd be a backup only.

I did that.

we still have to fill profile details before the application is considered complete

deadline for that is Feb 5

larma: also Project Ideas, right?

At that time, we should have project ideas ready, right?

In any case: projects that want to join should start preparing.

We only need to have the page with profile ideas, which already exists. I know some orgs were accepted in the past without a proper ideas page, but it's better to have it filled by then

it doesn't hurt to have a list of teaser tasks, etc.

larma: agreed. Hereby another reminder for our community to add more ideas on https://wiki.xmpp.org/web/GSoC/2020/Project_Ideas

that will all reflect better on our application.

larma / flow maybe it'd be good if you guys explicitly poke projects for those?

the better the quality of our proposal, the higher the chances that we get accepted.

Guus, sure, openfire and smack already have their list linked

4. AOB I would be happy for today's meeting to be short, and hope to see many of you next week.

None here

none

None :)

None here

5. Date of Next

+2W

6. Close

Thanks all!

Thanks.

yup

oh, forgot something

Too late!

Guus, please send on the list if possible :)

If it's not urgent

needs to be done before summit

I'll take it to the list.

what?

Dave doing MC at summit (with keV)

Dwd asked for board to explicitly discuss him acting in that role

As I said in scam@ I'm +1. And we can also take that to the list and have board vote there until next week. If people are already gone?

Context is the discussion about the definition of "open standard" and "omemo" that happened, and how he took a position. Dave wondered if that made it undesirable for him to act as an MC.

He explicitly asked me to put that before board.

dwd - feel free to chime in.

Dave and me discussed this before Kev changed his availability status at the summit from 'online' to 'in-the-room'. Kev, as previous years, offered to lead the troops at the summit. As I understand things, Dave and Kev discussed doing it together, this year.

All of this is already a lot more formal than I wanted to be "pick someone that takes point" to be.

I think it suffices for board to answer Dave's question if they have objections on Dave acting as a master of ceremony at the upcoming Summit. I'd like to leave it at that.

I think many people "took a position" in the discussions, I don't have any objections

I for one don't see any issue. If taking a position in an argument disqualifies you from doing anything like this, we have bigger issues.

#freespeach #censorship

speech.

Always miss this one

Seve ralphm ?

I feel the need to pipe in here, no hard feelings on my end at all, people have different opinions and that's perfectly fine

Thanks moparisthebest

dwd please let me know if this satisfies your request. If not, we can take it to a mailinglist.

sorry for not bringing this up during the meeting - that would've been better.

judging by the text I've read from dwd , him MC'ing sounds hilarious :) on that topic is there going to be a live stream ?

what’s MC?

I suppose it’s not about MC as in https://www.youtube.com/watch?v=ymNFyxvIdaM

I still regularly link people to https://wiki.xmpp.org/web/The_Knight :)

jonas’, https://en.wikipedia.org/wiki/Master_of_ceremonies

!

I'm sorry, it sounds as I'm not aware of this (Dave being MC for this summit). Is it in a mailinglist? Or it has been in this room?

Seve it was not discussed outside of Scam, I think

Last thing I know was Kev was not able to make it to the Summit this year, but now I see it looks like he can? :D

Ah I see

This hardly is an official position

we might as well push someone forward during the first hour of the summit - but it helps to get things going of we pick someone before then.

Like I said: this entire discussion now is a lot more formal than what I think is needed.

I think it is very worth having this already decided as Summit time always ends up being too short. Depends on how serious we want this to be :) This is a subjective opinion as I don't know how Dave is as a MC, but just to not make this message longer, I would go with him if he stepped up for this. It depends now on the audience if he is too humorous haha :) But yeah, I like him and this, again, is subjective :P

I am personally just happy that someone wants to share the Summit and don't care if it is Kev or Dave or both in turns.

I also don't think Board should have an opinion on it.

he asked.

And I answered. Though maybe differently than dwd wanted.

FWIW, I do think it's good for Board to at least approve the Chair, and when I offered to Chair I hadn't realised that Dave wanted to do it.

I approve of Kev and/or Dave.

I was offering, rather than asking, Dave very much wants to do it, IIUC, so I'm happy for Board to say Dave, or Board to say Dave/Kev to work out between themselves, or whatever.

But as Dave wants to, I'm not intending interfering.

(Sorry, was out, am now back)

I'm with ralphm on this one.

Ok, when we get tired of the voice of Dave, it is good to know there's a backup :-)

(Unless Dave does a terrible job, in which case I'll attempt a coup, but I don't anticipate that :D)

We'll bring the rotten tomatoes to support your cause.

I love a good coup d'état.

how do you run someone off the stage at the XSF summit? throw some JSON printouts at them?

Ooh, I could bring my XEP-0060 printout.

Say, "Is this the Matrix discussion room" while going in

I'm fairly sure Dave would be resistant to most of that.

Seve: oh, I should have given Matthew Hodgson a heads-up.

threaten to remove bacon from breakfast, however, might be effective.

too far

marc: FYI re XEP-0401: https://mail.jabber.org/pipermail/standards/2020-January/036913.html

Also XEP-0401 at work here: https://georg.lukas.pro/picture.php?/708/category/xmpp

Neat!

Ge0rG, awesome!

marc: the invitation module is live on yax.im

Ge0rG: you can also add the same play store referrer for the Conversations on that landing page if you haven't already

Daniel: I had to quirk around the new play installer library, it crashed the Play app with an xmpp: URI

Daniel: so I switched to "https://yax.im/i/%23" + jid + params

Didn't have any problems with that

Daniel: a referrerized version of the landing page is on https://yaxim.org/invite/

Daniel: maybe the Play client on my Android 6 is too old?

I had a bunch of crashes and dubious Play errors when trying to record that video

what you see is the sixth or so attempt

Ge0rG, awesome, tbh I dislike the current implementation (separate IQ) but since end users don't care we can implement a proper version based on SASL in parallel?

marc: based on SASL2. SASL isn't flexible enough

marc: and SASL2 is early beta at best

Ge0rG, I meant SASL2 ;)

somebody ought to work on it

marc: I'm sure we can add a SASL2 flow into 0401 when SASL2 is ready

Please add yourself to the list of participants at https://wiki.xmpp.org/web/Conferences/Summit_24 if you're attending the summit. I need that list to be complete, to arrange for access to the Cisco building.

Ge0rG: so what do you propose for 401? Wait until SASL2 is ready or use the hack for now and update it later?

I mean 401 as XEP not the implementation

marc: use the hack and update it when SASL2 becomes ready

as SASL2 is not standardized, I'm sure we won't even need to bump anything when it appears

Ge0rG, not even bump 401?

Ge0rG, What's missing in SASL2?

Implementations?

marc: I don't see a need

Zash, Sure. I need to find time to test the one I have for Openfire and PR it.

marc: the new feature is feature-namespaced and nobody implemented 0401 before anyway

Ge0rG, I'm not in SASL2 but when we change the wire protocol from the "hacky" to SASL2-version, we need to bump 401, no?

New version of the XEP?

marc: I'm not sure about that

XEP-0232 is the only one that tell others my client version, right?

jubalh: https://xmpp.org/extensions/xep-0092.html and there is also disco identity

whats disco identity?

jubalh: https://xmpp.org/extensions/xep-0030.html#example-2 has one for servers, but clients often contain the respective name in there

But don't use that to communicate your version

yeah, don't add anything dynamic in there, as it breaks disco#info caching

Having your version in XEP-0232 does that too

So 92 it is

I'll read all of them now before asking more questions :)

"breaks" is a bit harsh, but we don't need to shove too much stuff into disco#info

so we need a special push protocol specifically for new apple induced constraints? that's nice

moparisthebest: another one beyond the Push XEP?

yep, see https://mail.jabber.org/pipermail/standards/2020-January/036925.html

Yeah, Apple are cracking down on silent/straight-to-app notifications. This affects features like fully encrypted stanzas rather badly, since only the app knows if a stanza arriving is of the sort you'd want to use a visible notification for. Facebook/Whatsapp and others are rather annoyed about it all.

Personally, I think it's part and parcel of not using open standards.

and it does hurt to cripple an open standard to support a closed platform made up almost entirely of users who don't care about open anything

dwd: we need to get back to the "contains actual message" push payload then?

on the other hand "xmpp sucks, doesn't even have a useable ios client"

Ge0rG, Well, for us (Pando) we don't display message content in the notifications anyway, and we'll never do full stanza encryption because of metadata analysis (we offer that back to the hospitals). So it somewhat depends on what UX you're trying to get versus what securiy model you're aiming for.

moparisthebest, And yes, this second is important. But note it'll affect WhatsApp as well.

and signal from the link in that thread, I suppose everyone

the more annoying bit for xmpp specifically is, it's easier to just change all your servers if you control all the servers haha

moparisthebest, Likewise with clients. Open Standards is a harder path.

clients are easier to change there because none really work today anyway, but yep

I'd take the ramblings of Mr. Nenakhov with a grain of salt. I know that Anu had to do significant work on Monal for iOS 13, but he managed to make it work, so...

not reliably from what I've heard, and only with the voip hack which is well documented as gone now

Ge0rG, I heard all the same things from Facebook and Wire people.

just follow the links, you don't have to take his word for it

Ge0rG, I think Andrew's right in this case.

Well, we can thank Facebook for that, then. But maybe the faceless automaton that is the Apple approval process will be kind to Free and Federated IM clients.

Ge0rG, Hahahaha!

Ge0rG, But seriously, please do let me know what you think is missing from SASL2. Once I've an implementation in Openfire, I was considering Last Calling, so if you think tere are important things to do first, please say.

dwd: essentially what Zash said. It only exists in theory.

dwd: for me to make use of it somebody would have to convince flow to implement it in smack in a way that can be back ported to the previous release

Ge0rG, Zash has half an implementation, and it's on flow's roadmap. Openfire has an implementation, though it's not yet in master (having rescured it I need to test it a bit before makign the PR, but the code is there).

Ge0rG, flow's aim is to get it working for ISR etc, which seems like a major effort - I doubt it'll backport cleanly, though a simplistic implementation should work.

dwd: also with it being a security algorithm, somebody with a background in security needs to vet it

I'm not yet ready to upgrade my minimum sdk level to smack 4.4 equivalent

Ge0rG, Well, it's not a security algorithm. It packages existing security algorithms in the same way as the existing SASL binding.

dwd im interested in SASL2

if you have a server impl, i would try to impl it in Gajim

im most interested in the password reset thing

Wasn't there also a discussion about SASL being IETF territory?

lovetox, I did have half an implementation; I just couldn't figure out how to prevent the stream restart.

Ge0rG, Any SASL mechanism, yes. SASL2 isn't one. It's borderline, I'll accept, being a binding, and I'd like some review from IETF folks, but we can get Alexey to look quite easily - and he designed the original.

dwd what was the XEP again?

dwd: that sounds like a reasonable plan indeed. Is asking Alexey blocked by needing more implementations?

Ge0rG, Well, if Kev considers implementing, I think Alexey would pretty much get sucked in...

lovetox, XEP-0388.

oh that was the one about 2FA

not the one with password reset

also useful though

although i dont know how this works in practice

if you have a bad connection, you need to 2FA every minute?

lovetox, Though my Openfire code at https://github.com/dwd/Openfire/tree/dwd/sasl2 has SASL2 (XEP-0388), TOTP-2FA (XEP-0400), and I genuinely can't recall what else right now.

lovetox, That was why I did CLIENT-KEY, so you could get a "Remember this device" thing.

that might also just resolve itself with QUIC

since you can keep the same connection across network disconnects or networks

lovetox, XEP-0399. I do have code that's very similar to XEP-0399, but not quite. And there's SASL-HT* as well which could be used in much the same way, and, as moparisthebest says, QUIC.

I suppose 2FA only makes sense at the moment when you have to enter a password.

FWIW, if I were to do CLIENT-KEY again, I'd probably do something weird based aorund HPKE instead.

Why not just x.509 client certificates