XSF Discussion - 2020-06-04

  1. Neustradamus


  2. MattJ

    From an iteam perspective Docker would be preferred

  3. Yagiza


  4. Yagiza

    I have a question regarding XEP-0420: Stanza Content Encryption

  5. Yagiza

    My client software is plugin-based, so I need to know the way of plugin interaction.

  6. Yagiza

    Should XEP-420 be implemented as blacklist or whitelist based?

  7. Daniel

    I think you need both

  8. Daniel

    a whitelist for the outer elements

  9. Daniel

    and a blacklist for the inner

  10. Daniel

    (outer those that were not encrypted. inner those that are)

  11. Daniel

    when decrypting i mean

  12. Yagiza

    In the first case I have a list on elements, that should be ignored when encrypting: left in stanza, not moved into encrypted <content /> element.

  13. Daniel

    yeah I'd do that with a whitelist approach

  14. Daniel

    you only need elements that the server needs for routing

  15. Daniel

    meaning message processing hints

  16. Daniel

    et al

  17. Yagiza

    In second case we have a list of elements (reported by other plugins), which must be moved from stanza into encrypted <content/> element.

  18. Yagiza

    Daniel, so, you see the second way is better?

  19. Daniel

    imho yes

  20. Yagiza

    Ok, thanx

  21. Daniel

    i'd encrypt everything but [store, no-copy, …]

  22. Daniel

    the decrypting side however is more dangerous. that's where you can fuck up and create security issues

  23. Yagiza

    Daniel, I'm discussing encrypting side right now.

  24. Yagiza

    Daniel, if we encrypt "everything but..." it's a whitelist approach!

  25. Yagiza

    Daniel, *blacklist* I mean.

  26. dwd

    Some elements you want to have outside *and* duplicate inside. XEP-0258, for example.

  27. dwd

    Sorry, that's unclear "outisde" versus "inside" the SCE, so unencrypted versus encrypted.

  28. dwd

    MattJ, Ack.

  29. Yagiza

    dwd, why may I want to have Security Label both encrypted and unencrypted?

  30. Daniel

    server needs it for routing. but the recipient also wants to verify

  31. Guus

    flow I lost my gsoc MUC bookmark, so I'll be lazy and post it here. Can you confirm that we filled out the GSoC 2020 Org payment request form? Google sent out a reminder (I think the reminder went out to every participating org, but I'm not sure).

  32. Zash

    sign( meta, encrypt( more stuff ) ) ?

  33. Daniel

    SCE is way more complicated than some people think it is

  34. Daniel

    and it's really easy to srew up

  35. dwd

    Daniel, More fun than that, even - the security label may need to be re-written between policies and things by servers, but you still want the original. Email deals with this by triple-wrapping, but I'm really not sure we'd want to go there.

  36. dwd

    Zash, And yes, that's halfway to triple wrapping, which is sign[server]{ meta, sign[sender]{ more_meta, encrypt{ data }}}

  37. dwd

    (If you'll pardon my newly-invented pseudo-syntax)

  38. flow

    Guus, yes PSA filled out the form before the deadline :)

  39. Guus


  40. flow

    Zash> sign( meta, encrypt( more stuff ) ) should probably be sign(normalize(meta), encrypt(more stuff)) and the "problem" is the normalize(meta) part

  41. Zash

    Mmmmm XML c14n

  42. flow


  43. flow

    it's a design decission involving balancing the tradeoff, but I actually think having something as optional experimental feature can't hurt to get some insights about potential issues

  44. flow

    it's a design decission involving balancing the tradeoff, but I actually think having something sign(normalize(meta), more bytes) as optional experimental feature can't hurt to get some insights about potential issues

  45. flow

    I think, for example that XML normaliziation is trivial in Java SE, while it may would require another, likely heavy-weight, dependency on Android (if something is available there at all)

  46. flow

    I think, for example, that XML normaliziation is trivial with Java SE, while it may would require another, likely heavy-weight, dependency on Android (if something is available there at all)

  47. Yagiza

    I still wonder, why Message Reactions uses emoji instead of reusing XEP-0107: User Mood?

  48. flow

    Yagiza, I guess because that is because its what github, gitlab, etc do

  49. Zash

    and slack and mattermost and matrix and everything

  50. Yagiza

    Zash, so, someone's just trying to mimic other IMs and networks instead of improving XMPP?

  51. flow

    Yagiza, I guess because that is what github, gitlab, etc do

  52. flow

    Yagiza, that reads like it implies that with mimicing others one can not improve XMPP

  53. flow

    Yagiza, that reads like it implies that by mimicing others one can not improve XMPP

  54. Yagiza

    flow, well... I like XMPP because it's powerful. Other networks are forced to use Emoji, 'cause they don't have such nice things, like User Mood or User Activity. But why should we?

  55. flow

    Yagiza, I am not sure which one of using unicode code points or xep user mood as enumeration of possible reactions is "better". both approaches appear to have advantages and disadvantages

  56. Zash

    Why limit yourself to moods?

  57. Zash

    IIRC in Matrix it's just a piece of text. It doesn't have to be emoji, that's just an UI decision

  58. flow

    Zash, right, but then, on the other side, is it really good that you can react with all types of code points?

  59. Zash

    Just let me react with "cool" and "!" and I'll be happy

  60. flow

    e.g. github limits the kind of reactions

  61. Yagiza

    flow, yes. But I think that advantages of reusing User Mood instead of emoji prevail over disadvantages.

  62. Zash

    flow, still, I'd leave that as an UI decision

  63. flow

    Zash, I always wonder how I have to read "!" as reaction? Is it positive? Negative? Danger?

  64. Zash

    flow, !

  65. Zash

    How would you read *anything*?

  66. flow

    Zash, sure, but is that enough? don't you have to be able to negoiate allowed reaction kinds on the protocol level?

  67. Zash

    Tons of emoji is incredibly ambigous

  68. flow

    Sure, but not all

  69. Yagiza

    Zash, 'cause most of emoji are meaningless as reactions to messages. Also, they may lead to confuse, 'cause sender may mean different thing, than receiver may think of.

  70. Zash

    And there's never one that means what I'm trying to say anyways

  71. flow

    A thumbs up on a comment can be hardly misinterpreted

  72. Zash

    Sure it can

  73. flow

    hmm, ok, care to elaborate how?

  74. Zash


  75. Zash

    Language and communication is complicated.

  76. flow

    and often not unambiguous in particular

  77. dwd

    https://github.com/xsf/memberbot/pull/6 -- this is running on memberbot@dave.cridland.net, anyone fancy helping me test? (I'll need the jid you want to test from to add you as an "XSF Member").

  78. Guus

    dwd, sure

  79. Guus

    use mine

  80. Guus

    guus.der.kinderen at ignite

  81. dwd

    Added. You should be able to send it a subscription request and then start voting.

  82. Guus

    dwd, it acknowledges me, but does not offer things to vote on.

  83. Guus


  84. dwd

    Ah, great, that's a bug.

  85. dwd

    Did you add it to your roster? Or just send?

  86. Guus

    I added to my roster

  87. Guus

    subscription status 'both'

  88. Zash

    > error<wait:remote-server-timeout:Server-to-server connection failed: Error during negotiation of encrypted connection: sslv3 alert bad record mac>

  89. Zash

    The what

  90. dwd

    That's exciting.

  91. pep.

    > flow> A thumbs up on a comment can be hardly misinterpreted "Somebody should ..". "👍" Do you like what I said? Are you ok with it? Are you gonna do it?

  92. pep.

    language is complicated

  93. dwd

    OK, so, memberbot bug is that here: https://github.com/dwd/memberbot/blob/memberbot-fixes/memberbot/chat_voting.py#L360 slixmpp ends up trying to wrap a future into an IQ and everything breaks.

  94. dwd

    pep., Does that "supports" call ever work?

  95. pep.

    maybe slix broke it, dunno

  96. dwd

    OK, that maybe works now. Seems not to break with Inverse anymore at least.

  97. dwd

    Guus, want to see if that works for you as well now?

  98. Guus

    dwd: Remind me after lunch please

  99. Neustradamus

    dwd: have you seen my PRs?

  100. Guus

    dwd seems to work now. I got three votes, with (the same) three candidates each.

  101. Neustradamus

    dwd: You have commented, can you test it?

  102. Guus

    I've applied yes, no and abstain - seems to all work as expected.

  103. Neustradamus

    I can test the bot?

  104. Neustradamus

    Note: When I look the vCard, the XSF logo is always the old...

  105. dwd

    Neustradamus, You should be able to add memberbot@dave.cridland.net to your roster and vote (it's intentionally the same three candidates).

  106. ralphm

    Have a conflicting meeting (again). Can't make it to Board today.

  107. Guus

    ralphm: should we think about another time slot?

  108. pep.


  109. Seve


  110. MattJ


  111. pep.

    Especially since the two agenda items I added concern ralph. Well one definitely, the second one all of us

  112. pep.

    # Welcome

  113. pep.

    Any other agenda item to add?

  114. pep.

    I guess we'll leave the two I added for when ralph is present

  115. Guus

    I have nothing

  116. Seve

    neither do I

  117. MattJ

    Nothing here, except a query for whether the commteam have thought any more about their requirements

  118. pep.

    Even though some commteam members were present last time (Seve, emus), I haven't poked anybody yet

  119. pep.

    So it's also partly my fault

  120. pep.

    (I still need to send minutes for last week even.)

  121. Guus

    is the outside person waiting for us?

  122. Guus

    if so, we should try to get some momentum

  123. pep.

    Seve, maybe as a board and commteam member it'd be better if you did that?

  124. emus


  125. MattJ

    Guus, yes and no, I don't think we've given a 'no' but we have let her know not to expect an imminent 'yes'

  126. Seve

    pep., I haven't offered my self to do that because I feel you guys have more context than me on this. As I said didn't know nyco asked for a plan. I would not be good at leading this. I can try to start a conversation in the commteam though, that's for sure.

  127. Guus

    Let's try and focus on this to get to a conclusion. We have a bad habit of letting things linger to long.

  128. pep.

    Seve, ok. I'll try to send last time's minutes quickly (to summarize last time's chat) I'll poke commteam :x

  129. Seve

    pep., very much appreciated!

  130. Guus

    Seve if only to get more of a conversation started, you approaching commteam members might be good.

  131. Guus

    oh, or that. 🙂

  132. pep.

    I have a question for board, not related to commteam but minutes: I see in other communities / organizations that acknowledging minutes is a thing, is that something that's been done before here? That some would want to do

  133. pep.

    At the beginning of a meeting these orgs I've seen ask their board (or equivalent) to ack last meeting's minutes

  134. Guus

    If we do have proper meetings, we should. But, as our minutes are often absent, and we're having a verbatim log of each meeting, I don't really see the point.

  135. pep.

    So maybe a topic for once we've sorted out the "minutes" problem.

  136. pep.

    I'm fine with no official answer anyway. I was just curious

  137. MattJ


  138. Seve

    We have the logs, so yes, everyone can confirm the minutes. Although it makes sense to do that.

  139. Guus

    When meetings are used to record the meeting (and record decisions), we should verify/acknowledge them, I think. I don't think that's how we're currently using the minutes though.

  140. pep.

    # AOB?

  141. MattJ

    None here

  142. Guus

    nor me

  143. pep.

    Next: +1w

  144. pep.

    # Close

  145. Guus


  146. Seve

    Thank you guys

  147. emus

    pep.: So you could not find time to sunmarize the recent meeting on the hireing topic?

  148. pep.

    You mean the meeting we've had in the other room? No. I think I'll just include a few lines in minutes I send for last week's board meeting to give some context. I don't think it needs much more

  149. emus

    At least I would like to summarize the few points we agree in general on

  150. pep.

    tbh I don't especially want to be flagged "minute person", I don't like minutes :P

  151. pep.

    (Well I don't like writing them)

  152. emus

    pep.: I dont take it as this, but I thought from the recent one you said you gonna do it

  153. pep.

    No, I said I wouldn't do it :x

  154. emus

    Maybe we can make that as a rotation system? Some documenation is important pep.: ok then I try

  155. pep.

    "I won't do minutes just now. There's lots of things in there". I was planning to wait for a next meeting

  156. emus

    pep.: Sorry, Im talking about the other chat on hiring only

  157. pep.


  158. pep.

    I'm quoting myself in that chat

  159. pep.

    I'm quoting myself from that chat

  160. emus

    Ah okay, I think I got confused. If I can do something or help let me know

  161. Neustradamus

    dwd: Thanks, can you add my PRs?

  162. Neustradamus

    The goal is to test and confirm that it is good: - https://github.com/xsf/memberbot/pull/4 - https://github.com/xsf/memberbot/pull/5

  163. Steve Kille


  164. Daniel

    can someone enlighten me on the role of MUC in Jitsi? looking at the various parts that make up jitsi there is the jitsi video bridge which takes the role of a SFU and there is the jicofo which is a compontent that you talk COLIBRI to.

  165. Daniel

    but what role does MUC take here?

  166. Daniel

    the jitsi documentation require me to set up a muc server; and also give jicofo admin (owner) rights to that muc server

  167. Daniel

    but it doesn’t really say what the muc rooms are used for

  168. MattJ

    The MUC is used for the signaling and chat between conference participants

  169. Daniel

    ok; chat i get

  170. Daniel

    but isn’t colibri the signaling?

  171. MattJ

    (including jicofo AIUI)

  172. Neustradamus

    It uses Prosody

  173. Daniel

    i'm essentially wondering (text chat aside) if there is a different set of protocols aside from colibri (which is not muc or message based) that i need to understand

  174. MattJ

    Not that I'm aware of, not sure if they stick some stuff in presence though

  175. Daniel

    so hypotically if i wanted to experiment with video conferencing i'd just need jicofo and the video bridge?

  176. Zash

    jonas’ did some trickery to get a chat bot into Jitsi conferences iirc

  177. jonas’

    Daniel, I *think* you need to go through a MUC to talk to Jicofo, since it uses the MUC identity

  178. jonas’

    but that’s just casual observation from jicofo and jvb logs as well as a bit of MUC traffic

  179. Daniel

    jonas’, ok thanks. that probably makes some sense in front of the background that jitsi meet is

  180. jonas’

    15:36:40 jonas’> and yeah, weird stuff happens (with Jitsi Meet at least) if you have a participant which doesn’t speak the protocols 15:36:48 jonas’> I had to hide presence to make the web ui not misbehave

  181. jonas’

    15:36:40 jonas’> and yeah, weird stuff happens (with Jitsi Meet at least) if you have a participant which doesn’t speak the protocols 15:36:48 jonas’> I had to hide presence to make the web ui not misbehave

  182. jonas’

    (those two messages went into the wrong room initially, sorry)

  183. !XSF_Martin

    He, I didn't realize you sent them to the wrong MUC and wondered why you quoted yourself. 😂

  184. Daniel

    (fwiw i'm not interested in being compatible with jitsi meet the webinterface but just reusing the compontents to make video conferencing happening. or at least understand what that would entail)

  185. jonas’

    Daniel, I recommend setting up Jitsi Meet first to get a feeling on how intertwined it all is

  186. jonas’

    everything is extremely picky about everything

  187. !XSF_Martin

    Daniel: So you consider adding a/v conferences to conversations?

  188. Daniel


  189. Daniel

    i'm trying to understand how that would work

  190. MattJ

    When will it be ready?

  191. Guus

    COIN and Colibiri are two XEPs they use, I think

  192. Guus

    As Jonas said, they add an occupant to the muc (nicknamed 'focus') that is used for signalling.

  193. !XSF_Martin

    > When will it be ready? Yesterday would be a good date, otherwise xmpp is UNUSABLE!!!1!

  194. Daniel

    Guus, neither COIN nor colibri mention MUC though

  195. Daniel

    so that was kinda the missing piece that i needed to understand all that

  196. Guus

    You can join the MUC through XMPP for chat, but in Openfire, we decided against that. It offers very disturbing user experience, as there's then a set of occupants that only chat, and a set of occupants that both chat, but also have a video conference in which communication takes place.

  197. Guus

    It's technically entirely possible though (or at least it was in the state of the code ~2 years ago, when I last looked)

  198. Guus

    got to feed the kids. later

  199. MattJ

    https://faq.whatsapp.com/general/chats/how-to-format-your-messages/ :)

  200. MattJ

    curl !$ > xep-xxxx.xml

  201. Zash

    MattJ: pandoc !$ -o modernxmpp/how-to-format-your-messages.md

  202. Daniel

    > https://faq.whatsapp.com/general/chats/how-to-format-your-messages/ :) Isn't that literally what we are doing?

  203. MattJ

    Yep, pretty much

  204. !XSF_Martin

    Maybe they thought adding that xep would be *fun*.

  205. Seve

    Doesn't mean it is a good example :)

  206. lbocquet

    What do you think if we change the name of https://commons.wikimedia.org/wiki/File:XMPP_logo.svg to XSF_logo.svg? And add XMPP_logo.svg without XMPP text?

  207. pep.

    lbocquet, why? I don't think the XSF has a logo. And XMPP is no property of the XSF, it's an IETF standard

  208. lbocquet

    How we can publish the logo with text and without?

  209. lbocquet

    I have seen XSF_logo.svg (which is not good) without XMPP text...

  210. lbocquet

    The XMPP_logo.svg has MIT licence and it is "Copyright © XMPP Standards Foundation"

  211. lbocquet

    The XMPP_logo.svg has MIT license and it is "Copyright © XMPP Standards Foundation"

  212. pep.

    So the XSF has copyrights for the XMPP logo, that doesn't make it the XSF logo :)