XSF Discussion - 2020-03-12

  1. jonas’

    https://mobile.twitter.com/jennafranke/status/1237493419510919168 > Not desperate enough to try WebEx, tho.

  2. rion

    xep-0371 has somewhat weird statement <p>In the unlikely event that one of the parties determines that it cannot establish connectivity even after sending and checking lower-priority candidates, it SHOULD terminate the session as described in <cite>XEP-0166</cite>.</p> But this may be content-remove or transport-replace as well. I'd remove this line at all.

  3. rion

    I'll update my ICE PR a little bit more this evening. What has to be done for it to be merged?

  4. rion

    I just asked psa on jabber to review it. Not response so far.

  5. rion

    oh. every time I write something to fippo, he is "*** fippo has been removed from the room due to technical problem" Where can I get his email?

  6. rion

    seems like found on wiki his jid :)

  7. rion

    I'll make an email threads afterwards, when I stop updating ICE PR. :)

  8. Guus

    I'm following government update on corona, want to keep following that

  9. Guus

    (re: board meeting)

  10. pep.


  11. ralphm

    same here

  12. pep.

    What does that mean re board meeting?

  13. ralphm

    shouldn't take more than a few minutes, I think

  14. Guus


  15. pep.

    There's some kind of announcement or sth?

  16. ralphm

    Yeah, additional measures.

  17. pep.


  18. ralphm

    E.g. shutdown of all events, venues >100 persons.

  19. nyco-2

    in France, it used to be 5 k, then 1k, Macron will speak on TV at 20:00

  20. pep.

    No but france is not in danger! number are way lower than other countries around! We can keep the economy going! Let's not disrupt the market :)

  21. moparisthebest

    New marketing strategy: meeting via XMPP prevents coronavirus

  22. Ge0rG ,oO( https://news.ycombinator.com/item?id=22554145 )

  23. moparisthebest

    Can't imagine a group that "smart" will come up with anything

  24. pep.

    How is the thing going?

  25. nyco-2

    Covid-19 growth goes quite fine 🙂

  26. pep.

    Talking about the announcement :P

  27. nyco-2


  28. nyco-2

    I gotta go, won't be able to do the minutes this time

  29. pep.

    nyco-2, plesae try to read commteam@ when you have some time

  30. Guus

    Board: are we still meeting today?

  31. pep.


  32. Guus

    ralphm MattJ Seve ?

  33. MattJ


  34. Seve

    Hello :)

  35. ralphm waves

  36. Guus

    full house

  37. ralphm

    0. Welcome

  38. ralphm

    Hi all, slightly delayed :-D

  39. ralphm

    Any additional items for the agenda?

  40. MattJ

    None from me

  41. Guus

    none here

  42. pep.


  43. ralphm

    1. Minute taker

  44. pep.

    If nobody I can do that afterwards

  45. ralphm

    Can somebody pick this up instead of nyco?

  46. ralphm

    Thanks pep

  47. ralphm

    2. Sponsors

  48. ralphm

    I'm almost done drafting the e-mails I promised. I will send them to the board list for review.

  49. ralphm

    Anything specific you'd like to put in there, in terms of funding things this year?

  50. Guus

    (none from me)

  51. pep.

    hmm, as an example, sure, I'd like to start discussions around that at least

  52. Guus

    We might want to avoid making the request to specific, which would tie us down.

  53. ralphm

    Sure, I'd note them as considerations.

  54. pep.

    Sprints is one that's in the process already. Sponsoring travel fees etc. to conferences I'd like to tackle at some point. Work in different teams that need it? iteam for example. Work on specifications that we deem necessary, etc.

  55. ralphm

    Without funding, making such choices might be harder.

  56. ralphm

    pep., I've already put in travel, sprints/meetups.

  57. pep.


  58. ralphm

    And was indeed considering iteam

  59. MattJ


  60. ralphm

    (as in paying somebody to do work there, which I think was mentioned earlier)

  61. Guus

    we could put in a generic refernce to marketing

  62. ralphm nods

  63. pep.

    Yes marketing

  64. pep.

    The community manager nyco mentioned at summit

  65. ralphm

    I don't recall that. Can you summarize that a bit?

  66. Guus

    "we need marketing" 😃

  67. pep.


  68. ralphm

    I meant specifically the community manager bit

  69. Seve


  70. pep.

    Somebody to be active on different social media platforms because commteam can't commit to it themselves

  71. ralphm

    I fully agreed on needing marketing :_D

  72. ralphm


  73. ralphm

    Thanks, I can work with that.

  74. pep.

    Even just a few hours a week

  75. Guus

    isn't Nyco teamlead of commteam

  76. Guus

    (hence the title that pep used)

  77. ralphm


  78. ralphm


  79. ralphm

    3. SCAM's Supporting Sprints proposal

  80. ralphm

    I've read the minutes on this. I'd indeed take this out of the SCAM budget. If that budget turns out to not be sufficient, it might be good to revise.

  81. Guus

    Is board in agreement that having compensation in some form is desirable?

  82. pep.

    Peter as the treasurer seems to say it's not an issue, and he's actually trying alternative ways to send money outside US

  83. MattJ

    I'm in favour of funding sprints (under the conditions of the proposal that's been put forward), and in favour of it coming from the SCAM budget, and in favour of increasing the SCAM budget if it's insufficient

  84. ralphm

    Guus, I'd say that if sprints, organized under the XSF "flag" incur costs, we should carry that.

  85. MattJ

    Obviously there should be a sensible cap on the number of events we fund per year, I think the proposal covered things like this fairly well

  86. Guus

    I'm in favor too.

  87. ralphm

    SCAM would get incoming sprints requests, assess costs, approve as a SCAM activity, and then arrange for refunding.

  88. Guus

    Having it taken out of the SCAM budget (which I dislike, but can agree with) does give us a natural cap / safety limit.

  89. MattJ


  90. Seve


  91. ralphm

    Guus: why do you dislike that? The S in SCAM is for sprints.

  92. pep.

    I don't see an issue with covering this with SCAM. We can indeed revise the budget later

  93. pep.

    heh, such backronym :p

  94. Guus

    scam budget was intended for out of pocket costs, in my opinion. Adding this would make it more of a financial entity.

  95. ralphm

    pep: S{prints,ummits} Conferences and Meetups.

  96. Guus

    but, as I said - I don't feel very strong about this.

  97. ralphm

    Guus: well, no, SCAM budget up till now has mostly been for paying for stuff at the Summit / FOSDEM, including renting a van, and buying materials such as banners.

  98. ralphm

    I wouldn't count those as pocket costs.

  99. MattJ


  100. Guus

    ralphm I really don't think it's worth our time to discuss this.

  101. Guus

    I'm fine with it.

  102. ralphm

    Ok, good.

  103. pep.

    heh, I'd be interested to know what exactly goes into the scam budget

  104. pep.

    I'll raise that in scam@

  105. ralphm

    Since we are in agreement this is already covered by the SCAM budget, I don't think we need to take action right now.

  106. ralphm

    Other than me putting in some expenses :-D

  107. Guus

    hehe, that makes three of us 🙂

  108. ralphm


  109. ralphm

    Since we're already delayed:

  110. ralphm

    4. AOB

  111. Guus

    do we want to do something around corona?

  112. Guus

    eg: advise to not have sprints?

  113. Guus

    (fwiw: I don't think so)

  114. pep.

    I think people are big enough to make their own decisions

  115. Guus


  116. ralphm

    I'd defer that to Sprint organisers.

  117. pep.

    We're not competent in this regard

  118. Seve

    > I'd defer that to Sprint organisers. That

  119. ralphm

    If the Summit would have been planned in the near future, it would surely be cancelled.

  120. pep.

    I don't think we've finished the discussion around board voting process etc., happy to defer to next week, but I'd like to come back to it at some point nonetheless

  121. ralphm

    pep., ok, let's do that next week.

  122. Guus


  123. pep.

    It should have been a 5mn talk but whatever

  124. Guus

    pep: maybe prepare on list?

  125. Seve


  126. ralphm

    I do have to go to other meetings unfortunately.

  127. Guus

    now, or next week?

  128. ralphm

    5. Date of Next

  129. Guus

    +1w wfm

  130. MattJ


  131. Seve


  132. pep.

    same here

  133. ralphm

    6. Close

  134. ralphm

    Thanks all!

  135. MattJ


  136. Seve

    Take care!

  137. pep.


  138. ralphm bangs gavel (once retroactively, once now)

  139. pep.

    https://sfconservancy.org/blog/2020/mar/12/virtualchat/ Software Freedom Conservancy inviting people to chat :)

  140. Daniel

    The golden age of IM

  141. jonas’


  142. rion

    are we gonna have coronavirus XEP for April 1 ?

  143. jonas’

    I’m sceptical about putting out a humurous document about an ongoing pandemic killing people daily.

  144. pep.


  145. pep.

    As an editor I'd definitely avoid that

  146. rion

    out guys already joking about deprecating handshakes for tcp

  147. rion

    too black humor?

  148. jonas’

    a matter of audience and placement

  149. pep.

    The TCP handshake is fun as a tweet

  150. jonas’


  151. jonas’

    it’s not fun as a standards document

  152. moparisthebest

    for april 1st this year I'm going to propose advancing DoX to draft

  153. moparisthebest

    keep everyone guessing as to how serious it is

  154. jonas’

    and I can make fun of corona despite my father-in-law being most certainly within the 2% if he got infected, but I’d not be comfortable with a Humorous Track XEP

  155. pep.

    Humorous draft?

  156. moparisthebest

    no it's standards track

  157. jonas’

    pep., it’s Standards Track.

  158. larma

    moparisthebest, fwiw, we plan to implement it in Dino at some point

  159. jonas’

    moparisthebest, if you wanna be fun, build a DoX frontend for dnsdist

  160. larma

    to circumvent Tor not having UDP for DNS SRV lookups

  161. moparisthebest

    good use-case larma ! :)

  162. Daniel

    And Do(XT) is not good enough?

  163. Daniel

    And Do(HT) is not good enough?

  164. larma

    Daniel, works as well, but why use HTTP in an XMPP client if we don't need to?

  165. Daniel

    Less rtt

  166. larma

    It's not a huge difference in implementation work

  167. larma

    Not really?

  168. jonas’

    Daniel, I guess that depends on whether you hold the connection or not

  169. jonas’

    I’d prefer DoT though

  170. jonas’

    it’s the least insane thing to do

  171. moparisthebest

    it's tricky, if you keep the XMPP connection up it's far less RTT/overhead than DoH, if you don't...

  172. moparisthebest

    what you really want to do is DoX over BOSH

  173. jonas’

    moparisthebest, problem is, though, when you need to do DNS lookups, you probably need to do that because you’re reconnecting. You’ll also have to cycle your DoX connection then.

  174. Daniel

    Realistically I'm not going to hold the connection uoen

  175. Daniel

    Realistically I'm not going to hold the connection upen

  176. Daniel

    Especially since most times when I need srv records I just switched networks

  177. moparisthebest

    I think for initial SRV lookup that's right

  178. Daniel

    Or coming back from suspend or whatever

  179. Daniel

    Are there non-initial srv lookups ml

  180. Daniel

    Are there non-initial srv lookups?

  181. jonas’

    I don’t think so

  182. Ge0rG

    *cough* 0198 resume *cough*

  183. jonas’

    I’d be surprised if DoX servers would support '198

  184. jonas’

    I mean, DoX servers for public use

  185. moparisthebest

    Daniel, I was about to say "not for a client" but, http upload, ICE, STUN, TURN etc ?

  186. jonas’

    none of that needs SRV

  187. moparisthebest

    but it needs DNS

  188. jonas’

    sure, but you can have that via Tor for TCP connections

  189. jonas’

    no need to do it yourself

  190. Daniel

    It's also questionable if you need stun or turn when connected over tor

  191. moparisthebest

    well I didn't exactly mean *only* over tor

  192. moparisthebest

    might be nice to have an XMPP client pull a firefox, let you hardcode IP+port to connect to for initial SRV bootstrap, and dns jid for all after-connection lookups, so no standard DNS ever comes from the client

  193. jonas’

    frankly, I don’t ever see a reason to prefer DoX or even DoH for non-browser software

  194. jonas’

    DoT is good enough

  195. moparisthebest

    extra connections, extra RTT

  196. jonas’

    you also need an extra connection for (initial) DoX

  197. moparisthebest

    just the once though

  198. jonas’

    same for DoT

  199. jonas’

    you can reuse your TLS connection for multiple requests

  200. moparisthebest

    that's only a maybe, in practice they'll disconnect you if you are quiet for any length of time

  201. jonas’

    I expect your DoX proxy to do the same

  202. jonas’

    and keeping the DoX connection alive is stupid, because you’ll need to ping it either way to keep it alive for NATs and stuff

  203. jonas’

    it’s expensive

  204. jonas’

    when you don’t need it, tear it down

  205. moparisthebest

    no? once you are connected you only keep the connection open to your server, then just exchange messages between dox jid and you

  206. jonas’

    ah, so you’re going to use your real JID to ask the DoX service?

  207. jonas’

    after you just asked for the SRV record?

  208. jonas’

    essentially de-anonymizing your initial request?

  209. moparisthebest

    I agree DoX doesn't have an advantage over DoH or DoT for initial SRV lookup

  210. jonas’

    I’m not convinced that associating your real JID with DNS lookups is a good idea

  211. moparisthebest

    JID, IP, what's the difference

  212. moparisthebest

    nothing says you are asking the same one either

  213. jonas’

    a huge when we’re talking about Tor

  214. pep.

    moparisthebest, "pull a firefox" :P

  215. jonas’

    moparisthebest, a JID is a stable identifier, an IP is not.

  216. jonas’

    if you’re a government or ISP, sure, you can do a lot with an IP

  217. moparisthebest

    eh, both those are shaky

  218. moparisthebest

    IP can be, JID may not be

  219. jonas’

    a JID is, period. Unless we’re talking about SASL ANONYMOUS, which will cut your connection after inactivity just like a DoT resolver will, to conserve resources

  220. moparisthebest

    maybe, maybe not

  221. moparisthebest

    I'm not convinced something@something.onion is an identifier you can tie back to an individual like an IP could be

  222. jonas’

    that’s assuming you’re connecting to an onion service. which will not be able to federate with lots of servers.

  223. moparisthebest

    we could also define something like "server de-identifying DoX IQs" or so, ie modify from=jid@domain to from=domain then put it back on reply

  224. jonas’

    ah, I want to write a generic IQ proxy XEP either way

  225. moparisthebest

    yea, I'd like to fix that (many servers not federating with .onion)

  226. jonas’

    in context of XEP-0433

  227. Ge0rG

    jonas’: you could write a generic XMPP proxy XEP.

  228. Ge0rG

    why only do IQs if you can do... ANYTHING!

  229. moparisthebest

    well, depending on the payload the other end probably cares about who sent it

  230. moparisthebest

    DoX should not, however

  231. moparisthebest

    I don't think a server should care about catering to evil DoX backends that send different answers to different JIDs :)

  232. jonas’

    Ge0rG, because the way I envision it it would be kind of like stateless NAT, so you need some context attached to the conversation. That means that message replies wouldn’t necessarily be routable

  233. moparisthebest

    but could be nice and make it opt-in for clients anyhow

  234. jonas’

    presence being even worse

  235. jonas’

    kind of like a generalised and reversed mod_client_proxy

  236. jonas’

    also standardised ;)

  237. Ge0rG

    just use sha256(real_jid)@proxy-component. Problem solved.

  238. jonas’

    how to revert that?

  239. jonas’

    (when the reply comes in)

  240. moparisthebest

    jonas’, ah, so like a client can specifically ask the component to "proxy this IQ to this JID for me please?" that would be ideal

  241. moparisthebest

    yea, if you do sha256(real_jid) you still have to keep a reverse lookup table, so it'd be better to use something the other end has no chance of reversing, a randomly generated per-account string or so

  242. jonas’

    you send your IQ to the component and the component sends it to the receiver

  243. Ge0rG

    jonas’: keep an eternal map ;)

  244. Ge0rG

    jonas’: how do you route the IQ reply? Or will you just keep all in-flight IQs in memory forever?

  245. Ge0rG

    Because, that never caused trouble in the past, you know.

  246. jonas’

    Ge0rG, in mod_client_proxy it’s easy, it’s 100% stateless. but it’s not anonymizing

  247. moparisthebest

    if each client has a stable identifier@proxy-component ^

  248. Ge0rG

    jonas’: yeah, you can't have both.

  249. moparisthebest

    but otherwise, hairy I guess

  250. jonas’

    in case of the proxy protocol, the only way would be to keep a temporary map (maybe generate a random ID per request?) and map based on that. and when the peer doesn’t reply in time, synthesize a specific timeout error

  251. jonas’

    moparisthebest, no need for identifier@, you can put it all in the IQ @id

  252. moparisthebest

    well it's 1 or the other right? identifier@ and stateless, or not and you have to keep track of IQs ?

  253. jonas’

    you can’t have it fully stateless

  254. jonas’

    (and nothing stops you from base64-encoding some kind of struct in the IQ @id and decoding that when translating back

  255. moparisthebest

    if bob@server 's proxy id was some-identifier-tied-to-bob@proxy-component, then it'd be fully stateless right?

  256. jonas’

    ahh, but that’d require registration with the proxy component

  257. jonas’

    and I’d rather not have people have persistent addresses behind the proxy

  258. jonas’

    though that’s actually an implementation detail

  259. moparisthebest

    yea, servers could rotate whenever

  260. jonas’

    the key part is specifying the protocol to wrap your IQ and letting the proxy handle it. how the proxy does the translation (and whether it, for example, requires registration or affiliation with a server or not) is up to the impl

  261. moparisthebest

    like it'd probably be sane to rotate every 24 hours but keep the last one active for incoming, or something

  262. jonas’

    there is no incoming after the IQ reply came back

  263. moparisthebest

    yea, but if you didn't want to track anything

  264. jonas’

    you have to track something at least

  265. moparisthebest

    tracking each IQ seems harder than just having a list of each JID that used you in the last 24 hours

  266. jonas’


  267. jonas’

    implementation details!

  268. moparisthebest

    yep I think so... as long as the spec doesn't push you into a corner, sounds like it'd be fine though

  269. moparisthebest

    rion, "joking about deprecating handshakes for tcp" my synpathies for anyone using it afterwards

  270. jonas’


  271. Alex

    hey guys, its meeting time. Are you ready?

  272. Ge0rG

    huh what?

  273. Alex


  274. Alex

    approving our voting results

  275. Guus


  276. Daniel

    I'm here

  277. Alex


  278. Alex bangs the gavel

  279. pep.


  280. pep.

    Just while Macron is speaking on TV!

  281. jonas’


  282. jonas’

    totally missed it, good thing I voted already ;)

  283. Alex

    here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2020-03-12

  284. jonas’

    dinner time now, won’t attend actively

  285. Alex

    pep.‎, cannot compete with your presedent ;-)

  286. pep.

    It's fine, probably bs as usual :)

  287. Alex

    1) Call for Quorum

  288. Ge0rG

    looks like I voted already as well. Phew!

  289. Alex

    as you can see 29 members voted via proxy, so we have a quorum

  290. Zash just voted

  291. Alex

    2) Items Subject to a Vote

  292. Alex

    new and returnign members, you can see the Wiki page for that here: https://wiki.xmpp.org/web/Membership_Applications_Q1_2020

  293. Alex

    3) Opportunity for XSF Members to Vote in the Meeting

  294. Alex

    memberbot is still online, so if someone has not voted yet this is your time now ;-)

  295. Alex

    zash, got your vote 3 minutes ago

  296. Zash


  297. Alex

    anyone else?

  298. Alex

    otherwise I will shuitdown the bot and work on the results

  299. pep.

    Alex, one sec, linkmauve is on it :P

  300. pep.

    Link Mauve, ^

  301. Link Mauve

    Yes, I’m on it.

  302. Alex

    no rush, nobody is waiting for you 😂

  303. Alex

    got your vote

  304. Alex

    more coming?

  305. Link Mauve

    There, I’m done!

  306. Alex


  307. Alex

    will shut down then and start counting

  308. Link Mauve

    Adding to memberbot’s TODO: accept LMC.

  309. Alex

    okay, I am ready

  310. Alex

    4) Announcement of Voting Results

  311. Alex

    when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2020-03-12#Announcement_of_Voting_Results you can see the results

  312. Alex

    all applicants and reappliers were accepted

  313. Alex

    congrats to everyone

  314. pep.

    Thanks Alex

  315. Alex

    5) Any Other Business?

  316. pep.

    And welcome emus :)

  317. Alex

    6) Formal Adjournment

  318. Alex

    I motion that we adjourn

  319. pep.


  320. Link Mauve

    Thanks Alex, and congrats everyone. :)

  321. Guus


  322. Guus


  323. Alex bangs the gavel

  324. Guus

    Thanks Alex!

  325. emus

    \o/ Hello, and thank you!

  326. Link Mauve

    emus, welcome to the XSF!

  327. Neustradamus


  328. emus

    Link Mauve: Thanks 👋🎉

  329. jonas’

    welcome emus

  330. jonas’

    all current council members got at least -2

  331. emus

    jonas’: Hello hello, thanks

  332. Daniel

    > all current council members got at least -2 We are too spammy with our Last calls 😂

  333. jonas’

    that’s clearly the editors fault

  334. jonas’

    though all the editors also got at least -2

  335. emus

    Daniel: Better dont read the next Newsletter 😅

  336. vanitasvitae

    Welcome Emus!

  337. emus

    😊 Muchas gracias!

  338. pep.

    I guess so, don't remember exactly how that works

  339. pep.

    ah fail pm

  340. pep.

    Sorry but that Conversations "feature" kills every single time

  341. pep.

    Sorry but that Conversations "feature" kills me every single time

  342. Ge0rG


  343. pep.

    https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill For US citizens. And for the rest, please send that to your friends in the US.

  344. lovetox

    i think they gonna have other problems coming next week :/

  345. emus

    lovetox: are talking about corona or what did I miss?

  346. lovetox


  347. lovetox

    i think it will hit the US pretty hard

  348. lovetox

    i think their health care system is in really bad shape to handle this

  349. emus

    Yes, just thought the same

  350. Daniel

    Good thing they have good leadership

  351. pep.

    lovetox, and bernie is less and less likely to win. We're going to laugh when we see their health care system fail to handle all of this..