XSF Discussion - 2020-03-12

https://mobile.twitter.com/jennafranke/status/1237493419510919168 > Not desperate enough to try WebEx, tho.

xep-0371 has somewhat weird statement <p>In the unlikely event that one of the parties determines that it cannot establish connectivity even after sending and checking lower-priority candidates, it SHOULD terminate the session as described in <cite>XEP-0166</cite>.</p> But this may be content-remove or transport-replace as well. I'd remove this line at all.

I'll update my ICE PR a little bit more this evening. What has to be done for it to be merged?

I just asked psa on jabber to review it. Not response so far.

oh. every time I write something to fippo, he is "*** fippo has been removed from the room due to technical problem" Where can I get his email?

seems like found on wiki his jid :)

I'll make an email threads afterwards, when I stop updating ICE PR. :)

I'm following government update on corona, want to keep following that

(re: board meeting)

!

same here

What does that mean re board meeting?

shouldn't take more than a few minutes, I think

regarding

There's some kind of announcement or sth?

Yeah, additional measures.

k

E.g. shutdown of all events, venues >100 persons.

in France, it used to be 5 k, then 1k, Macron will speak on TV at 20:00

No but france is not in danger! number are way lower than other countries around! We can keep the economy going! Let's not disrupt the market :)

New marketing strategy: meeting via XMPP prevents coronavirus

Can't imagine a group that "smart" will come up with anything

How is the thing going?

Covid-19 growth goes quite fine 🙂

Talking about the announcement :P

:-p

I gotta go, won't be able to do the minutes this time

nyco-2, plesae try to read commteam@ when you have some time

Board: are we still meeting today?

Please

ralphm MattJ Seve ?

Here

Hello :)

full house

0. Welcome

Hi all, slightly delayed :-D

Any additional items for the agenda?

None from me

none here

nope

1. Minute taker

If nobody I can do that afterwards

Can somebody pick this up instead of nyco?

Thanks pep

2. Sponsors

I'm almost done drafting the e-mails I promised. I will send them to the board list for review.

Anything specific you'd like to put in there, in terms of funding things this year?

(none from me)

hmm, as an example, sure, I'd like to start discussions around that at least

We might want to avoid making the request to specific, which would tie us down.

Sure, I'd note them as considerations.

Sprints is one that's in the process already. Sponsoring travel fees etc. to conferences I'd like to tackle at some point. Work in different teams that need it? iteam for example. Work on specifications that we deem necessary, etc.

Without funding, making such choices might be harder.

pep., I've already put in travel, sprints/meetups.

k

And was indeed considering iteam

sgtm

(as in paying somebody to do work there, which I think was mentioned earlier)

we could put in a generic refernce to marketing

Yes marketing

The community manager nyco mentioned at summit

I don't recall that. Can you summarize that a bit?

"we need marketing" 😃

That

I meant specifically the community manager bit

😁

Somebody to be active on different social media platforms because commteam can't commit to it themselves

I fully agreed on needing marketing :_D

ok

Thanks, I can work with that.

Even just a few hours a week

isn't Nyco teamlead of commteam

(hence the title that pep used)

yes

ok

3. SCAM's Supporting Sprints proposal

I've read the minutes on this. I'd indeed take this out of the SCAM budget. If that budget turns out to not be sufficient, it might be good to revise.

Is board in agreement that having compensation in some form is desirable?

Peter as the treasurer seems to say it's not an issue, and he's actually trying alternative ways to send money outside US

I'm in favour of funding sprints (under the conditions of the proposal that's been put forward), and in favour of it coming from the SCAM budget, and in favour of increasing the SCAM budget if it's insufficient

Guus, I'd say that if sprints, organized under the XSF "flag" incur costs, we should carry that.

Obviously there should be a sensible cap on the number of events we fund per year, I think the proposal covered things like this fairly well

I'm in favor too.

SCAM would get incoming sprints requests, assess costs, approve as a SCAM activity, and then arrange for refunding.

Having it taken out of the SCAM budget (which I dislike, but can agree with) does give us a natural cap / safety limit.

Yes

Right

Guus: why do you dislike that? The S in SCAM is for sprints.

I don't see an issue with covering this with SCAM. We can indeed revise the budget later

heh, such backronym :p

scam budget was intended for out of pocket costs, in my opinion. Adding this would make it more of a financial entity.

pep: S{prints,ummits} Conferences and Meetups.

but, as I said - I don't feel very strong about this.

Guus: well, no, SCAM budget up till now has mostly been for paying for stuff at the Summit / FOSDEM, including renting a van, and buying materials such as banners.

I wouldn't count those as pocket costs.

brb

ralphm I really don't think it's worth our time to discuss this.

I'm fine with it.

Ok, good.

heh, I'd be interested to know what exactly goes into the scam budget

I'll raise that in scam@

Since we are in agreement this is already covered by the SCAM budget, I don't think we need to take action right now.

Other than me putting in some expenses :-D

hehe, that makes three of us 🙂

Good.

Since we're already delayed:

4. AOB

do we want to do something around corona?

eg: advise to not have sprints?

(fwiw: I don't think so)

I think people are big enough to make their own decisions

agreed.

I'd defer that to Sprint organisers.

We're not competent in this regard

> I'd defer that to Sprint organisers. That

If the Summit would have been planned in the near future, it would surely be cancelled.

I don't think we've finished the discussion around board voting process etc., happy to defer to next week, but I'd like to come back to it at some point nonetheless

pep., ok, let's do that next week.

right.

It should have been a 5mn talk but whatever

pep: maybe prepare on list?

Okay

I do have to go to other meetings unfortunately.

now, or next week?

5. Date of Next

+1w wfm

wfm

Alright!

same here

6. Close

Thanks all!

Thanks!

Take care!

Thanks

https://sfconservancy.org/blog/2020/mar/12/virtualchat/ Software Freedom Conservancy inviting people to chat :)

The golden age of IM

#corona?

are we gonna have coronavirus XEP for April 1 ?

I’m sceptical about putting out a humurous document about an ongoing pandemic killing people daily.

yeah

As an editor I'd definitely avoid that

out guys already joking about deprecating handshakes for tcp

too black humor?

a matter of audience and placement

The TCP handshake is fun as a tweet

yeah

it’s not fun as a standards document

for april 1st this year I'm going to propose advancing DoX to draft

keep everyone guessing as to how serious it is

and I can make fun of corona despite my father-in-law being most certainly within the 2% if he got infected, but I’d not be comfortable with a Humorous Track XEP

Humorous draft?

no it's standards track

pep., it’s Standards Track.

moparisthebest, fwiw, we plan to implement it in Dino at some point

moparisthebest, if you wanna be fun, build a DoX frontend for dnsdist

to circumvent Tor not having UDP for DNS SRV lookups

good use-case larma ! :)

And Do(HT) is not good enough? ✏

Daniel, works as well, but why use HTTP in an XMPP client if we don't need to?

Less rtt

It's not a huge difference in implementation work

Not really?

Daniel, I guess that depends on whether you hold the connection or not

I’d prefer DoT though

it’s the least insane thing to do

it's tricky, if you keep the XMPP connection up it's far less RTT/overhead than DoH, if you don't...

what you really want to do is DoX over BOSH

moparisthebest, problem is, though, when you need to do DNS lookups, you probably need to do that because you’re reconnecting. You’ll also have to cycle your DoX connection then.

Realistically I'm not going to hold the connection upen ✏

Especially since most times when I need srv records I just switched networks

I think for initial SRV lookup that's right

Or coming back from suspend or whatever

Are there non-initial srv lookups? ✏

I don’t think so

*cough* 0198 resume *cough*

I’d be surprised if DoX servers would support '198

I mean, DoX servers for public use

Daniel, I was about to say "not for a client" but, http upload, ICE, STUN, TURN etc ?

none of that needs SRV

but it needs DNS

sure, but you can have that via Tor for TCP connections

no need to do it yourself

It's also questionable if you need stun or turn when connected over tor

well I didn't exactly mean *only* over tor

might be nice to have an XMPP client pull a firefox, let you hardcode IP+port to connect to for initial SRV bootstrap, and dns jid for all after-connection lookups, so no standard DNS ever comes from the client

frankly, I don’t ever see a reason to prefer DoX or even DoH for non-browser software

DoT is good enough

extra connections, extra RTT

you also need an extra connection for (initial) DoX

just the once though

same for DoT

you can reuse your TLS connection for multiple requests

that's only a maybe, in practice they'll disconnect you if you are quiet for any length of time

I expect your DoX proxy to do the same

and keeping the DoX connection alive is stupid, because you’ll need to ping it either way to keep it alive for NATs and stuff

it’s expensive

when you don’t need it, tear it down

no? once you are connected you only keep the connection open to your server, then just exchange messages between dox jid and you

ah, so you’re going to use your real JID to ask the DoX service?

after you just asked for the SRV record?

essentially de-anonymizing your initial request?

I agree DoX doesn't have an advantage over DoH or DoT for initial SRV lookup

I’m not convinced that associating your real JID with DNS lookups is a good idea

JID, IP, what's the difference

nothing says you are asking the same one either

a huge when we’re talking about Tor

moparisthebest, "pull a firefox" :P

moparisthebest, a JID is a stable identifier, an IP is not.

if you’re a government or ISP, sure, you can do a lot with an IP

eh, both those are shaky

IP can be, JID may not be

a JID is, period. Unless we’re talking about SASL ANONYMOUS, which will cut your connection after inactivity just like a DoT resolver will, to conserve resources

maybe, maybe not

I'm not convinced something@something.onion is an identifier you can tie back to an individual like an IP could be

that’s assuming you’re connecting to an onion service. which will not be able to federate with lots of servers.

we could also define something like "server de-identifying DoX IQs" or so, ie modify from=jid@domain to from=domain then put it back on reply

ah, I want to write a generic IQ proxy XEP either way

yea, I'd like to fix that (many servers not federating with .onion)

in context of XEP-0433

jonas’: you could write a generic XMPP proxy XEP.

why only do IQs if you can do... ANYTHING!

well, depending on the payload the other end probably cares about who sent it

DoX should not, however

I don't think a server should care about catering to evil DoX backends that send different answers to different JIDs :)

Ge0rG, because the way I envision it it would be kind of like stateless NAT, so you need some context attached to the conversation. That means that message replies wouldn’t necessarily be routable

but could be nice and make it opt-in for clients anyhow

presence being even worse

kind of like a generalised and reversed mod_client_proxy

also standardised ;)

just use sha256(real_jid)@proxy-component. Problem solved.

how to revert that?

(when the reply comes in)

jonas’, ah, so like a client can specifically ask the component to "proxy this IQ to this JID for me please?" that would be ideal

yea, if you do sha256(real_jid) you still have to keep a reverse lookup table, so it'd be better to use something the other end has no chance of reversing, a randomly generated per-account string or so

you send your IQ to the component and the component sends it to the receiver

jonas’: keep an eternal map ;)

jonas’: how do you route the IQ reply? Or will you just keep all in-flight IQs in memory forever?

Because, that never caused trouble in the past, you know.

Ge0rG, in mod_client_proxy it’s easy, it’s 100% stateless. but it’s not anonymizing

if each client has a stable identifier@proxy-component ^

jonas’: yeah, you can't have both.

but otherwise, hairy I guess

in case of the proxy protocol, the only way would be to keep a temporary map (maybe generate a random ID per request?) and map based on that. and when the peer doesn’t reply in time, synthesize a specific timeout error

moparisthebest, no need for identifier@, you can put it all in the IQ @id

well it's 1 or the other right? identifier@ and stateless, or not and you have to keep track of IQs ?

you can’t have it fully stateless

(and nothing stops you from base64-encoding some kind of struct in the IQ @id and decoding that when translating back

if bob@server 's proxy id was some-identifier-tied-to-bob@proxy-component, then it'd be fully stateless right?

ahh, but that’d require registration with the proxy component

and I’d rather not have people have persistent addresses behind the proxy

though that’s actually an implementation detail

yea, servers could rotate whenever

the key part is specifying the protocol to wrap your IQ and letting the proxy handle it. how the proxy does the translation (and whether it, for example, requires registration or affiliation with a server or not) is up to the impl

like it'd probably be sane to rotate every 24 hours but keep the last one active for incoming, or something

there is no incoming after the IQ reply came back

yea, but if you didn't want to track anything

you have to track something at least

tracking each IQ seems harder than just having a list of each JID that used you in the last 24 hours

*shrug*

implementation details!

yep I think so... as long as the spec doesn't push you into a corner, sounds like it'd be fine though

rion, "joking about deprecating handshakes for tcp" my synpathies for anyone using it afterwards

QUIC?

hey guys, its meeting time. Are you ready?

huh what?

membership

approving our voting results

ack

I'm here

great

!

Just while Macron is speaking on TV!

whoopsie

totally missed it, good thing I voted already ;)

here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2020-03-12

dinner time now, won’t attend actively

pep.‎, cannot compete with your presedent ;-)

It's fine, probably bs as usual :)

1) Call for Quorum

looks like I voted already as well. Phew!

as you can see 29 members voted via proxy, so we have a quorum

2) Items Subject to a Vote

new and returnign members, you can see the Wiki page for that here: https://wiki.xmpp.org/web/Membership_Applications_Q1_2020

3) Opportunity for XSF Members to Vote in the Meeting

memberbot is still online, so if someone has not voted yet this is your time now ;-)

zash, got your vote 3 minutes ago

:D

anyone else?

otherwise I will shuitdown the bot and work on the results

Alex, one sec, linkmauve is on it :P

Link Mauve, ^

Yes, I’m on it.

no rush, nobody is waiting for you 😂

got your vote

more coming?

There, I’m done!

okay

will shut down then and start counting

Adding to memberbot’s TODO: accept LMC.

okay, I am ready

4) Announcement of Voting Results

when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2020-03-12#Announcement_of_Voting_Results you can see the results

all applicants and reappliers were accepted

congrats to everyone

Thanks Alex

5) Any Other Business?

And welcome emus :)

6) Formal Adjournment

I motion that we adjourn

\o/

Thanks Alex, and congrats everyone. :)

+1 ✏

Thanks Alex!

\o/ Hello, and thank you!

emus, welcome to the XSF!

🤘

Link Mauve: Thanks 👋🎉

welcome emus

all current council members got at least -2

jonas’: Hello hello, thanks

> all current council members got at least -2 We are too spammy with our Last calls 😂

that’s clearly the editors fault

though all the editors also got at least -2

Daniel: Better dont read the next Newsletter 😅

Welcome Emus!

😊 Muchas gracias!

I guess so, don't remember exactly how that works

ah fail pm

Sorry but that Conversations "feature" kills me every single time ✏

🤐

https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill For US citizens. And for the rest, please send that to your friends in the US.

i think they gonna have other problems coming next week :/

lovetox: are talking about corona or what did I miss?

yes

i think it will hit the US pretty hard

i think their health care system is in really bad shape to handle this

Yes, just thought the same

Good thing they have good leadership

lovetox, and bernie is less and less likely to win. We're going to laugh when we see their health care system fail to handle all of this..