-
Neustradamus
https://github.com/xsf/xmpp.org/issues/608#issuecomment-638522416
-
MattJ
From an iteam perspective Docker would be preferred
-
Yagiza
Hello!
-
Yagiza
I have a question regarding XEP-0420: Stanza Content Encryption
-
Yagiza
My client software is plugin-based, so I need to know the way of plugin interaction.
-
Yagiza
Should XEP-420 be implemented as blacklist or whitelist based?
-
Daniel
I think you need both
-
Daniel
a whitelist for the outer elements
-
Daniel
and a blacklist for the inner
-
Daniel
(outer those that were not encrypted. inner those that are)
-
Daniel
when decrypting i mean
-
Yagiza
In the first case I have a list on elements, that should be ignored when encrypting: left in stanza, not moved into encrypted <content /> element.
-
Daniel
yeah I'd do that with a whitelist approach
-
Daniel
you only need elements that the server needs for routing
-
Daniel
meaning message processing hints
-
Daniel
et al
-
Yagiza
In second case we have a list of elements (reported by other plugins), which must be moved from stanza into encrypted <content/> element.
-
Yagiza
Daniel, so, you see the second way is better?
-
Daniel
imho yes
-
Yagiza
Ok, thanx
-
Daniel
i'd encrypt everything but [store, no-copy, …]
-
Daniel
the decrypting side however is more dangerous. that's where you can fuck up and create security issues
-
Yagiza
Daniel, I'm discussing encrypting side right now.
-
Yagiza
Daniel, if we encrypt "everything but..." it's a whitelist approach!
-
Yagiza
Daniel, *blacklist* I mean.
-
dwd
Some elements you want to have outside *and* duplicate inside. XEP-0258, for example.
-
dwd
Sorry, that's unclear "outisde" versus "inside" the SCE, so unencrypted versus encrypted.
-
dwd
MattJ, Ack.
-
Yagiza
dwd, why may I want to have Security Label both encrypted and unencrypted?
-
Daniel
server needs it for routing. but the recipient also wants to verify
-
Guus
flow I lost my gsoc MUC bookmark, so I'll be lazy and post it here. Can you confirm that we filled out the GSoC 2020 Org payment request form? Google sent out a reminder (I think the reminder went out to every participating org, but I'm not sure).
-
Zash
sign( meta, encrypt( more stuff ) ) ?
-
Daniel
SCE is way more complicated than some people think it is
-
Daniel
and it's really easy to srew up
-
dwd
Daniel, More fun than that, even - the security label may need to be re-written between policies and things by servers, but you still want the original. Email deals with this by triple-wrapping, but I'm really not sure we'd want to go there.
-
dwd
Zash, And yes, that's halfway to triple wrapping, which is sign[server]{ meta, sign[sender]{ more_meta, encrypt{ data }}}
-
dwd
(If you'll pardon my newly-invented pseudo-syntax)
-
flow
Guus, yes PSA filled out the form before the deadline :)
-
Guus
👍
-
flow
Zash> sign( meta, encrypt( more stuff ) ) should probably be sign(normalize(meta), encrypt(more stuff)) and the "problem" is the normalize(meta) part
-
Zash
Mmmmm XML c14n
-
flow
exactly
-
flow
it's a design decission involving balancing the tradeoff, but I actually think having something as optional experimental feature can't hurt to get some insights about potential issues✎ -
flow
it's a design decission involving balancing the tradeoff, but I actually think having something sign(normalize(meta), more bytes) as optional experimental feature can't hurt to get some insights about potential issues ✏
-
flow
I think, for example that XML normaliziation is trivial in Java SE, while it may would require another, likely heavy-weight, dependency on Android (if something is available there at all)✎ -
flow
I think, for example, that XML normaliziation is trivial with Java SE, while it may would require another, likely heavy-weight, dependency on Android (if something is available there at all) ✏
-
Yagiza
I still wonder, why Message Reactions uses emoji instead of reusing XEP-0107: User Mood?
-
flow
Yagiza, I guess because that is because its what github, gitlab, etc do✎ -
Zash
and slack and mattermost and matrix and everything
-
Yagiza
Zash, so, someone's just trying to mimic other IMs and networks instead of improving XMPP?
-
flow
Yagiza, I guess because that is what github, gitlab, etc do ✏
-
flow
Yagiza, that reads like it implies that with mimicing others one can not improve XMPP✎ -
flow
Yagiza, that reads like it implies that by mimicing others one can not improve XMPP ✏
-
Yagiza
flow, well... I like XMPP because it's powerful. Other networks are forced to use Emoji, 'cause they don't have such nice things, like User Mood or User Activity. But why should we?
-
flow
Yagiza, I am not sure which one of using unicode code points or xep user mood as enumeration of possible reactions is "better". both approaches appear to have advantages and disadvantages
-
Zash
Why limit yourself to moods?
-
Zash
IIRC in Matrix it's just a piece of text. It doesn't have to be emoji, that's just an UI decision
-
flow
Zash, right, but then, on the other side, is it really good that you can react with all types of code points?
-
Zash
Just let me react with "cool" and "!" and I'll be happy
-
flow
e.g. github limits the kind of reactions
-
Yagiza
flow, yes. But I think that advantages of reusing User Mood instead of emoji prevail over disadvantages.
-
Zash
flow, still, I'd leave that as an UI decision
-
flow
Zash, I always wonder how I have to read "!" as reaction? Is it positive? Negative? Danger?
-
Zash
flow, !
-
Zash
How would you read *anything*?
-
flow
Zash, sure, but is that enough? don't you have to be able to negoiate allowed reaction kinds on the protocol level?
-
Zash
Tons of emoji is incredibly ambigous
-
flow
Sure, but not all
-
Yagiza
Zash, 'cause most of emoji are meaningless as reactions to messages. Also, they may lead to confuse, 'cause sender may mean different thing, than receiver may think of.
-
Zash
And there's never one that means what I'm trying to say anyways
-
flow
A thumbs up on a comment can be hardly misinterpreted
-
Zash
Sure it can
-
flow
hmm, ok, care to elaborate how?
-
Zash
No
-
Zash
Language and communication is complicated.
-
flow
and often not unambiguous in particular
-
dwd
https://github.com/xsf/memberbot/pull/6 -- this is running on memberbot@dave.cridland.net, anyone fancy helping me test? (I'll need the jid you want to test from to add you as an "XSF Member").
-
Guus
dwd, sure
-
Guus
use mine
-
Guus
guus.der.kinderen at ignite
-
dwd
Added. You should be able to send it a subscription request and then start voting.
-
Guus
dwd, it acknowledges me, but does not offer things to vote on.
-
Guus
https://igniterealtime.org:443/httpfileupload/680d2838-390d-4d9f-beba-577ecf7dbbbc/image.png
-
dwd
Ah, great, that's a bug.
-
dwd
Did you add it to your roster? Or just send?
-
Guus
I added to my roster
-
Guus
subscription status 'both'
-
Zash
> error<wait:remote-server-timeout:Server-to-server connection failed: Error during negotiation of encrypted connection: sslv3 alert bad record mac>
-
Zash
The what
-
dwd
That's exciting.
-
pep.
> flow> A thumbs up on a comment can be hardly misinterpreted "Somebody should ..". "👍" Do you like what I said? Are you ok with it? Are you gonna do it?
-
pep.
language is complicated
-
dwd
OK, so, memberbot bug is that here: https://github.com/dwd/memberbot/blob/memberbot-fixes/memberbot/chat_voting.py#L360 slixmpp ends up trying to wrap a future into an IQ and everything breaks.
-
dwd
pep., Does that "supports" call ever work?
-
pep.
maybe slix broke it, dunno
-
dwd
OK, that maybe works now. Seems not to break with Inverse anymore at least.
-
dwd
Guus, want to see if that works for you as well now?
-
Guus
dwd: Remind me after lunch please
-
Neustradamus
dwd: have you seen my PRs?
-
Guus
dwd seems to work now. I got three votes, with (the same) three candidates each.
-
Neustradamus
dwd: You have commented, can you test it?
-
Guus
I've applied yes, no and abstain - seems to all work as expected.
-
Neustradamus
I can test the bot?
-
Neustradamus
Note: When I look the vCard, the XSF logo is always the old...
-
dwd
Neustradamus, You should be able to add memberbot@dave.cridland.net to your roster and vote (it's intentionally the same three candidates).
-
ralphm
Have a conflicting meeting (again). Can't make it to Board today.
-
Guus
ralphm: should we think about another time slot?
-
pep.
!
-
Seve
o/
-
MattJ
o/
-
pep.
Especially since the two agenda items I added concern ralph. Well one definitely, the second one all of us
-
pep.
# Welcome
-
pep.
Any other agenda item to add?
-
pep.
I guess we'll leave the two I added for when ralph is present
-
Guus
I have nothing
-
Seve
neither do I
-
MattJ
Nothing here, except a query for whether the commteam have thought any more about their requirements
-
pep.
Even though some commteam members were present last time (Seve, emus), I haven't poked anybody yet
-
pep.
So it's also partly my fault
-
pep.
(I still need to send minutes for last week even.)
-
Guus
is the outside person waiting for us?
-
Guus
if so, we should try to get some momentum
-
pep.
Seve, maybe as a board and commteam member it'd be better if you did that?
-
emus
Hi
-
MattJ
Guus, yes and no, I don't think we've given a 'no' but we have let her know not to expect an imminent 'yes'
-
Seve
pep., I haven't offered my self to do that because I feel you guys have more context than me on this. As I said didn't know nyco asked for a plan. I would not be good at leading this. I can try to start a conversation in the commteam though, that's for sure.
-
Guus
Let's try and focus on this to get to a conclusion. We have a bad habit of letting things linger to long.
-
pep.
Seve, ok. I'll try to send last time's minutes quickly (to summarize last time's chat) I'll poke commteam :x
-
Seve
pep., very much appreciated!
-
Guus
Seve if only to get more of a conversation started, you approaching commteam members might be good.
-
Guus
oh, or that. 🙂
-
pep.
I have a question for board, not related to commteam but minutes: I see in other communities / organizations that acknowledging minutes is a thing, is that something that's been done before here? That some would want to do
-
pep.
At the beginning of a meeting these orgs I've seen ask their board (or equivalent) to ack last meeting's minutes
-
Guus
If we do have proper meetings, we should. But, as our minutes are often absent, and we're having a verbatim log of each meeting, I don't really see the point.
-
pep.
So maybe a topic for once we've sorted out the "minutes" problem.
-
pep.
I'm fine with no official answer anyway. I was just curious
-
MattJ
+1
-
Seve
We have the logs, so yes, everyone can confirm the minutes. Although it makes sense to do that.
-
Guus
When meetings are used to record the meeting (and record decisions), we should verify/acknowledge them, I think. I don't think that's how we're currently using the minutes though.
-
pep.
# AOB?
-
MattJ
None here
-
Guus
nor me
-
pep.
Next: +1w
-
pep.
# Close
-
Guus
thanks
-
Seve
Thank you guys
-
emus
pep.: So you could not find time to sunmarize the recent meeting on the hireing topic?
-
pep.
You mean the meeting we've had in the other room? No. I think I'll just include a few lines in minutes I send for last week's board meeting to give some context. I don't think it needs much more
-
emus
At least I would like to summarize the few points we agree in general on
-
pep.
tbh I don't especially want to be flagged "minute person", I don't like minutes :P
-
pep.
(Well I don't like writing them)
-
emus
pep.: I dont take it as this, but I thought from the recent one you said you gonna do it
-
pep.
No, I said I wouldn't do it :x
-
emus
Maybe we can make that as a rotation system? Some documenation is important pep.: ok then I try
-
pep.
"I won't do minutes just now. There's lots of things in there". I was planning to wait for a next meeting
-
emus
pep.: Sorry, Im talking about the other chat on hiring only
-
pep.
yes
-
pep.
I'm quoting myself in that chat✎ -
pep.
I'm quoting myself from that chat ✏
-
emus
Ah okay, I think I got confused. If I can do something or help let me know
-
Neustradamus
dwd: Thanks, can you add my PRs?
-
Neustradamus
The goal is to test and confirm that it is good: - https://github.com/xsf/memberbot/pull/4 - https://github.com/xsf/memberbot/pull/5
-
Steve Kille
k
-
Daniel
can someone enlighten me on the role of MUC in Jitsi? looking at the various parts that make up jitsi there is the jitsi video bridge which takes the role of a SFU and there is the jicofo which is a compontent that you talk COLIBRI to.
-
Daniel
but what role does MUC take here?
-
Daniel
the jitsi documentation require me to set up a muc server; and also give jicofo admin (owner) rights to that muc server
-
Daniel
but it doesn’t really say what the muc rooms are used for
-
MattJ
The MUC is used for the signaling and chat between conference participants
-
Daniel
ok; chat i get
-
Daniel
but isn’t colibri the signaling?
-
MattJ
(including jicofo AIUI)
-
Neustradamus
It uses Prosody
-
Daniel
i'm essentially wondering (text chat aside) if there is a different set of protocols aside from colibri (which is not muc or message based) that i need to understand
-
MattJ
Not that I'm aware of, not sure if they stick some stuff in presence though
-
Daniel
so hypotically if i wanted to experiment with video conferencing i'd just need jicofo and the video bridge?
-
Zash
jonas’ did some trickery to get a chat bot into Jitsi conferences iirc
-
jonas’
Daniel, I *think* you need to go through a MUC to talk to Jicofo, since it uses the MUC identity
-
jonas’
but that’s just casual observation from jicofo and jvb logs as well as a bit of MUC traffic
-
Daniel
jonas’, ok thanks. that probably makes some sense in front of the background that jitsi meet is
-
jonas’
15:36:40 jonas’> and yeah, weird stuff happens (with Jitsi Meet at least) if you have a participant which doesn’t speak the protocols 15:36:48 jonas’> I had to hide presence to make the web ui not misbehave✎ -
jonas’
15:36:40 jonas’> and yeah, weird stuff happens (with Jitsi Meet at least) if you have a participant which doesn’t speak the protocols 15:36:48 jonas’> I had to hide presence to make the web ui not misbehave ✏
-
jonas’
(those two messages went into the wrong room initially, sorry)
-
!XSF_Martin
He, I didn't realize you sent them to the wrong MUC and wondered why you quoted yourself. 😂
-
Daniel
(fwiw i'm not interested in being compatible with jitsi meet the webinterface but just reusing the compontents to make video conferencing happening. or at least understand what that would entail)
-
jonas’
Daniel, I recommend setting up Jitsi Meet first to get a feeling on how intertwined it all is
-
jonas’
everything is extremely picky about everything
-
!XSF_Martin
Daniel: So you consider adding a/v conferences to conversations?
-
Daniel
no
-
Daniel
i'm trying to understand how that would work
-
MattJ
When will it be ready?
-
Guus
COIN and Colibiri are two XEPs they use, I think
-
Guus
As Jonas said, they add an occupant to the muc (nicknamed 'focus') that is used for signalling.
-
!XSF_Martin
> When will it be ready? Yesterday would be a good date, otherwise xmpp is UNUSABLE!!!1!
-
Daniel
Guus, neither COIN nor colibri mention MUC though
-
Daniel
so that was kinda the missing piece that i needed to understand all that
-
Guus
You can join the MUC through XMPP for chat, but in Openfire, we decided against that. It offers very disturbing user experience, as there's then a set of occupants that only chat, and a set of occupants that both chat, but also have a video conference in which communication takes place.
-
Guus
It's technically entirely possible though (or at least it was in the state of the code ~2 years ago, when I last looked)
-
Guus
got to feed the kids. later
-
MattJ
https://faq.whatsapp.com/general/chats/how-to-format-your-messages/ :)
-
MattJ
curl !$ > xep-xxxx.xml
-
Zash
MattJ: pandoc !$ -o modernxmpp/how-to-format-your-messages.md
-
Daniel
> https://faq.whatsapp.com/general/chats/how-to-format-your-messages/ :) Isn't that literally what we are doing?
-
MattJ
Yep, pretty much
-
!XSF_Martin
Maybe they thought adding that xep would be *fun*.
-
Seve
Doesn't mean it is a good example :)
-
lbocquet
What do you think if we change the name of https://commons.wikimedia.org/wiki/File:XMPP_logo.svg to XSF_logo.svg? And add XMPP_logo.svg without XMPP text?
-
pep.
lbocquet, why? I don't think the XSF has a logo. And XMPP is no property of the XSF, it's an IETF standard
-
lbocquet
How we can publish the logo with text and without?
-
lbocquet
I have seen XSF_logo.svg (which is not good) without XMPP text...
-
lbocquet
The XMPP_logo.svg has MIT licence and it is "Copyright © XMPP Standards Foundation"✎ -
lbocquet
The XMPP_logo.svg has MIT license and it is "Copyright © XMPP Standards Foundation" ✏
-
pep.
So the XSF has copyrights for the XMPP logo, that doesn't make it the XSF logo :)