XSF Discussion - 2021-01-26

It looks like you're going to have a foss foundations drinkup on BigBlueButton video conference on Feb 5 at 7pm Brussels time.

There is a problem with xmpp.com/www.xmpp.com, on Google, when we search XEP, the results can be https://www.xmpp.com instead of https://xmpp.org.

Does the xsf own that domain?

It looks like it points to our servers, but the certs are wrong

Yes

Needs cert and a 301 redirect

those are our nameservers, so yeah

Crash?

Hi, did anyone ever try to make Google replace the term Jabber with XMPP in the Android contacts?

i guess that would first require us to have a clear stance that this is what we want

anyhow, I am not aware of any such attempt

flow, According to a discussion I initiated in this MUC some days ago the Jabber term should not be used anymore.

says who?

my impression was that we’re split in two fractions: one fraction who wishes to market XMPP, one fraction who wishes to market a different term, and for lack of a better one, Jabber is currently their favourite.

Market to whom, is a key deciding factor, I feel.

that, too

given that this is about android contacts and the other discussion the other day, I inferred "to (IM) users" though ✏

Ah, right. Yes, if we're marketing to users than XMPP is not ideal.

Especially as the XMPP Standards Foundation doesn't appear to want to market to users.

FWIW it's not only Android, iOS also has a Jabber field

It probably stems from vCard

Probably not; we added in jabber as a non-standard extension in our standard.

Oh really?

IIRC, anyway.

Yeah, XEP-0054§2, third para.

vCard 4 has IMPP it seems

https://tools.ietf.org/html/rfc6350#section-6.4.3

Does Android actually use vCard4?

I'd be surprised

https://tools.ietf.org/html/rfc4770 applies to earlier vCard too I think

Zash, hm, https://tools.ietf.org/html/rfc4770 just mentions XMPP.

Marketing Jabber is also a problem as you scare away people who associate it with 'Cisco Jabber' (happened to me twice) and it's a trademark from Cisco. So as long as there is no better term I call it XMPP even if this is not ideal.

stp, the abstract says that it's an URI, the Introduction lists a number of examples

Only mention of XMPP I see is that + informative reference to the xmpp URI spec

While the term XMPP may not be ideal, how many products world wide became very successful using names which were probably not ideal? Having *two* names for the *same* thing though is way worse, near fatal even especially since with XMPP there are also all those client names in the mix and to an extent XMPP provider names. I also think XMPP isn't that bad actually.

The IETF would never refer to XMPP as Jabber. The name XMPP was literally invented to avoid that.

Zash, ok, but no mention of Jabber.

But that wasn't what that tangent was about

stp, You might notice that "HTTP" and "The Web" are two different names, yet seem to work OK.

dwd, those are two different things though.

That was about the IMPP vCard property predating vCard4, and is what's used to store Jabber/XMPP addresses in address books, unless some non-standard property like X-JABBER is used

Since I lack the knowledge I'm confused now regarding the Android contacts/Vcard topic. So to clear that up: Does Google just follow what the vCard standard specifies?

I think it was labeled "Jabber" in Android many, many years ago

Back then Jabber was more used. And nobody ever revisited the name

flow, I can confirm that in 2011 is was already labeled Jabber.

flow, so probably since Android was started.

Looks like this old Android uses X-JABBER in vCard 2.1

In my legacy Android XMPP code from ten years ago, I have support for imto://jabber/ URIs

That's still useful today

but it looks like I have no code to actually handle those intents.

oh, it just ignores the scheme. If host == "jabber" then chatWith(path[0])

So is there any place where it would make sense to file an issue regrading the use of Jabber or XMPP in Android contacts?

stp: I think that'd be a task for the Jabber Software Foundation

Cisco?

moparisthebest: oh please no

I figured "Jabber Software Foundation" was "Cisco", don't know who else it'd be :)

moparisthebest, old name of the XSF, nowadays nonexistent.

I'm not even sure there is anything in 'android' calling it Jabber. Isn't it just the contacts apps

right, nowadays it's Cisco

You can probably PR the aosp contact apps

Or other relevant open source contacts apps

But that only buys you so much

As a member of the "use Jabber™ for the federated IM network, XMPP for the protocol" faction, I oppose that change.

Isn't IMPP the vcard standard for im?

The XMPP network :)

Daniel, since all contacts app I came across called that field "Jabber" I suspected that that is baked into a layer below the contact apps. Or also possible that all those apps were just reskinned AOSP contact apps.

I have written multiple SMTP messages about that which can be obtained from the IMAP and the HTTPS networks.

stp: yes a lot of them are probably forked from the asop app

> Isn't IMPP the vcard standard for im? But at lest Wikipedia mentions X-JABBER as extension.

if "email" were owned by google I'd be opposed to using the word "email" too

Have fun: https://github.com/aosp-mirror/platform_packages_apps_contacts/search?q=Jabber

> Daniel, since all contacts app I came across called that field "Jabber" I suspected that that is baked into a layer below the contact apps. Or also possible that all those apps were just reskinned AOSP contact apps. Let's have a look at RFC6350 😃

Ge0rG, That's the worst solution of the four for marketing the system to the general public.

stp: What do you mean by "that", and what four solutions are you talking about?

As the developer of Bruno the Jabber™ Bear, I am proud to say that I have both the XSF's and bear's approval to use that name.

https://tools.ietf.org/html/rfc6350#section-6.4.3

So, shouldn't X-JABBER be dropped in favour of IMPP;PREF=1:xmpp:alice@example.com ? ✏

mdosch, this is the way

Zash, The IETF Has Spoken.

Ge0rG, Those four being | XMPP | Jabber | Jabber for the network, XMPP for the protocol | Jabber-XMPP or vice versa.

stp: #5 is "zimpy" :P

I don't especially care what we call the public network (Jabber or something else) as long as we don't call it "XMPP", so I'm with Ge0rG. They are two different things and shouldn't share a name.

Ge0rG, never heard that, but by four I meant the possiblities without introducing an entirely new name.

(and also XMPP is a fine name for a protocol, because "who cares?", it's not a fine name for a product. See also the "email/IMAP" example others have also given)

stp: "zimpy" is a joke, some people pronounce "XMPP" that way.

SamWhited: it's only half a joke

Heh, I was just typing "well, I duno if Ge0rG means it as a joke or not"

It's all fun and games until Big Corporation owns the trademark.

SamWhited: I think it's a good serious alternative name for jabber in case that one day Cisco wakes up and retracts the XSFs rights

The E-Mail comparison is wrong, since E-Mail covers multiple protocols.

I don't see what that has to do with anything

But I'm pretty sure that we have enough power to use and re-license Jabber™ in a fashion appropriate for the federated network

email is the network, IMAP/SMTP/JMAP are protocols, I wouldn't lump them all together under one name.

stp, X.400?

as long as Cisco doesn't stand up to threaten us or users of the name, I think the permissions given by Jabber Inc to the XSF are sufficient and safe enough to keep the well-established Jabber™ name

stp: so why do you think using "Jabber" for the network is bad?

relying on the goodwill of cisco once the name is in widespread use seems like a terrible plan

Ge0rG: because jabber is the crappy Cisco product

and that ^

Daniel: most people don't even know it.

also IIRC Cisco has been rebranding it to WebEx-something

I tend to agree with Ge0rG that XMPP is a bad name for general users, but also with Daniel et al. that relying on the good will of Cisco seems like a bad idea.

SamWhited: stpeter repeatedly made the claim that we are not relying on their goodwill but on our contracts with them.

I've been telling people to install either Quicksy or Snikket, depending if they want to host it themselves or not...

Ge0rG: it's the same thing when one side has billions of dollars and lawyers and the other side doesn't.

Ge0rG, I don't think it's bad, but the legal uncertainty make it a no-go and the XMPP term already became too prominent by the constant use of terms like Jabber/XMPP and more recently you come across the XMPP more often even than Jabber.

moparisthebest: yes, but people then don't understand that they can use Quicksy to talk to Snikket users

stp: I think this is only true among protocol nerds

I explain that with an analogy to email where they can email someone @outlook.com with their @gmail.com address

And regarding the legal uncertainity, yes, we are in a sh*tty place. If we (the Jabber Software Foundation) had a million dollars, we could establish Zimpy as the new name of Jabber

There would probably be a better use for a million dollars though.

Personally, if I were making a chat service I probably just wouldn't mention either at all. Maybe a blurb that says "Also chat with your friends on these networks and more!" and stick the conversations logo or what not at the bottom

Ge0rG, I don't think so when websites of public XMPP servers don't even mention Jabber.

Sam: Like Snikket!

Probably wouldn't even mention Jabber and *definitely* wouldn't mention XMPP, so maybe it wouldn't matter at all to me.

Zash: indeed!

SamWhited, I think that at some point, a list of networks becomes unweildy, and you need a collective name.

Tho if you read until the very end of the page about "The Snikket Network", it does say XMPP there

dwd: I don't have to actually list every possible thing, just a handful of nice products with good logos. Maybe the last one is the XSF logo and it links to the list of public servers or something.

stp: is that a personal impression or do you have stats? Jabber is a very common term in some Jabber communities, e.g. in Russia

Something something chat-network-interconnect? Inter-chat-net? Internet?

some people call xmpp "part of the fediverse" but that's confusing to me too

SamWhited: that only achieves the effect that only people interested in protocols will realize the important fact that it's federated and interoparble, but they already know that.

Ge0rG, no stats, but by personal impression the term jabber get's used less and less.

Ge0rG: no, it means nobody has to care and users will just see "Oh, my friend used that fancy Snikket logo, maybe I can talk to him too!"

Only people interested in protocols will care what "federated" means in the first place

SamWhited: users will think "oh no, please not yet another chat app!"

stp, It feels as though you have decided your conclusion and are now working on supporting it with evidence.

I don't see why that would be the case if it lists a bunch of shiny logos. If it just says "Compatible with Jabber" though they now have to know that it's not a specific service.

stp, Also, nearly all of my work for the past decade has been with XMPP, but virtually none of it with public chat networks.

But I dunno, I have zero idea how a marketing person would approach this

stp, regardless you have your answer, a small group of protocol enthusiasts can't agree on what to call it, good luck convincing anyone else :D

We are getting beaten to death by Matrix marketing.

Ge0rG, matrix marketing or element or riot or ?

naming, it's hard

I think the approach that snikket and to an extend Conversations are taking (establish your own brand) is the way to go

moparisthebest: for some reason they don't have any issue with just re-using other brands' names.

And just put xmpp compatible in a corner somewhere

moparisthebest, it does not matter, they are marketing it as a bundle (and element = riot nowadays)

mathieui, Aren't both of them New Vector?

Daniel: from each project's perspective, focusing on its own marketing is the most reasonable. But from an ecosystem perspective, everybody will profit from a common name.

Calling SMS just that worked too, so the general public should've enough brain power to remember a four letter acronym.

Something something local maxima

dwd, Matrix is not New Vector, even if it is by and large the same people, they have nonprofit UK foundation

stp: I don't think that's true. It's completely anecdotal, but everyone I know knows what "text messaging" are but have no idea what "SMS" or "MMS" are

Daniel, "And just put xmpp compatible in a corner somewhere" I would agree on that, though in the current state there would still be a debate to rather put "Jabber-compatible" there.

If it's just a brand with a tiny XSF logo in the corner I'm not sure that it matters as much if I put "Jabber" and someone else puts "XMPP"

SamWhited: well, let's use the XSF logo then!

actually not a bad idea

"Bruno, the XSF-compatible Chat Bear"

SamWhited, in which part of the world is that?

My biggest (but rather small) point with that is that XMPP is more than just federated IM

stp: U.S.

Ge0rG, I'm not convinced by "Chat". Or "Bear".

Ge0rG, And yes, as I noted above, I've done a lot with XMPP, some of it federated, none of it on the Internet for consumer chat.

Well, almost none.

Why does the XSF not do a democratic vote to settle the matter before it's too late (if it isn't already)?

stp: it's probably too late by 17 years.

probably get a different answer today vs tommorow

and you are asking for a democratic vote between what? 30 people?

What is the goal of actually picking one for everybody to use when saying what their messenger is?

stp, The XSF doesn't market consumer chat *at all*.

stp, So a vote would be largely pointless.

SamWhited: to make people understand that their messenger can messenge with other messengers that are not named the same

dwd, except for when it does? :) https://xmpp.org/2021/01/instant-messaging-its-not-about-the-app/

stp, You'd need to get the membership to agree to start marketing consumer (and/or enterprise) chat first.

moparisthebest, I'm not sure that is either, actually.

I dunno, I'm pretty convinced it won't matter at all unless we get one or two big well known networks using it again. "XMPP" or "Jabber" as a marketable concept basically died with Google Talk IMO. If you don't have a popular brand to advertise compatibility with, it hardly matters if that compatibility is called "Jabber" or "XMPP".

So let's get Conversations or Snikket really popular or something first, then we can hash out what logo to put in the corner when it actually matters.

SamWhited, but it matters if it's called both variantly.

I've been advocating for 'Conversations compatible' for a while

dwd, I mean it's certainly not an article targeting developers "Several people have recently reached out to me asking what kind of messenger they should be using now" (first sentence) sounds like consumer chat to me

stp: I don't think it does if no one cares about the compatibility anyways

I'm not even really convinced it does if there were a giant popular service using it, but at least then there's maybe an argument that it actually maters in some real way

the point I've seen everyone (including me) trying to push lately is that *federation* is what matters

moparisthebest, And then it goes onto suggest that the technology matters more than anything else. If that's marketing to consumers, it's terrible marketing. :-)

What dwd said. Nobody outside of a fairly tiny tech crowd cares what federation is or what technology is in use under the hood as long as they can chat with their friends and it has shiny features.

moparisthebest, And broadly, yes, I agree that Federation is a crucial feature.

they do care about federation though, they just don't know the word

they would care if they couldn't email people at different domains though

SamWhited, so how would an Monal on iOS user figure out that he can chat with his Conversations using friend?

moparisthebest, SamWhited - I think moparisthebest is right here, users don't know the word federation, but they do understand the outcome.

Yah, that's fair, but the point is that still means we shouldn't market federation as a feature (at least not by that name).

Get a big popular chat product, then market as "compatible with other big popular chat product!" and people will use it and still won't know that it's federated.

It also created a mess when consumer electronic manufacturer all introduced their own name for HDMI-CEC.

right, I think the question is how to say "this app federates with all the other XMPP app" in a way a normal person would understand

moparisthebest, Exactly that.

Call it "bridges" for confusion bonus

Small XSF badge on app's, server's and provider's logos would be a start.

Exactly. And I doubt they'd understand "Jabber" or "XMPP", so that's why I suspect it would need a big popular service everything can glomp on to (that's a technical term) first.

But sure, put the badge in the corner for those that understand it. They'll probably understand it whether it says "XMPP" or "Jabber", so I doubt it matters the more I think about it.

the point is to *not* get a big popular service though, it's to get a healthy distributed/federated service going, at least in my mind anyhow

"you can use any or all of these and still be able to communicate with everyone who chose differently"

I didn't say it had to be the only service, but if literally none of them are popular at all it's not helpful

Because it doesn't matter what we do, Google or whomever *will* develop a big popular chat service. The question isn't "can we compete with them as a network", because the answer to that is "no". The question is "can we be compatible with them because we convinced them to use a federated protocol"

And then use that to our advantage and get people on other nodes.

I think there are actually two big "Magical Things"; one is federation (You can talk to us with any compatible service!) and the other is the End To End Principle (If you're both using our great app Discussions, you can use our great new feature).

I'm not so sure, it's obvious people will switch en-masse very quickly

Even better "then can we also convince <other big popular messenger> to be compatible because Google is" or whatever. Then again, maybe we've already seen that the answer to that is also "no", I'm not sure.

SamWhited, Actually, it was other things starting to hook into Google Talk that appeared to pressure Google into dropping interop.

SamWhited: Google is developing a big popular chat service once a year.

dwd: "other things" being spambots?

Ge0rG, Also true Probably XMPP again next year.

Ge0rG, No, Microsoft, for one.

Ge0rG: exactly, so let's convince them to do new ones that are actually compatible

dwd: how so? I thought their argument was "no one else will federate with us, so why bother?"

SamWhited: I'm sure you know as well as I do that federated messaging is the opposite of the vendor lock-in goals the bigcorps are following

Ge0rG: of course? I don't understand your point

SamWhited: unless by "convince" you meant "create legislation"

If you want people to understand federation and actually switch to smaller providers, they have to be able to talk to their friends on the big providers. If they start on the big providers, then their friend says "I use small provider with more features", they can switch easily. Also it makes it easier for us to say "Compatible with Google Talk 2.0!" or whatever because everyone will know and care what that is.

Ge0rG: sure, I dunno if it's possible or even easy, I just think it's the necessary thing we should be working towards if we're going to talk about marketing names.

err, "easy or even possible", you know what I mean.

SamWhited: if it would align with their business interests, we would have it for decades now. If it would be orthogonal to their business needs, we'd have somthing like google talk 1.0

Unfortunately, it's opposite to their business needs

I'm not sure that it is, we just have to position it correctly.

I'm sure Google would disable federation for gmail as soon as they could get away with it.

SamWhited: please tell me more!

There were murmors interanlly at HipChat (though I never convinced anyone to let me start on it before it all went under) that if we were federated people would use us because their contractors could be on a different instance, for example. That made handling security between the two domains easy. It also made it easy to bring in a random one-off customer or something into a chat without having to buy them a seat

We never got buy in because the feature would have been so expensive to develop, but there were at least a lot of discussions about how it could be a selling point.

SamWhited: good point; it's important to the business customers

I'm using MS Teams day-to-day, and its "federation" is just a cruel joke.

And technically it's not even federation because it's all in the same clown.

I think you could argue the same for a lot of individual chats too though. Chat isn't where you're making your money if you're Google, it's a value add. Is it a bigger value add if your friends can talk to their friends on Microsoft Chat and say "wow, yours is doing that? That's terrible! You should switch your email to Google, I'm chatting on them right now and it will keep working with all your other friends"

SamWhited, I disagree, just have to make it easy to convince your friends on big providers to talk with you from not-big-provider account

(or whatever the thing you're actually competing on is, I suspect email isn't a money maker for them either)

Gaim is the old name of Pidgin Jabber is the old name of XMPP

moparisthebest: that's the point, if they can still talk to their friends you can move them over 1 by 1 based on a feature or something they'd like and not have the complete blocker (for most people) of adding another chat app and moving their entire network at once.

all big providers actively block 3rd parties from connecting, that's a non-starter

you make it easy for them to install an app to talk to you

SamWhited: vendor lock-in means that once you have a critical mass, federation is harmful to your growth

That was the whole point, I was aruging we shoudl be trying to convince them that federation is in their best interest, and then it's also in the interest of the smaller providers

you'll never get there

Ge0rG: not if it's only a value add and not your primary product (I think)

I mean, it's a good goal, wouldn't hurt to try, I'd just bet money it wouldn't happen

"hey buddy I know your entire goal is vendor lock-in but how about you implement this thing that works against vendor lock-in as a favor to me?"

SamWhited: if it's only a value add, then it's a means to get people onto your vendor solution

Ge0rG: sure, so Google wins because they convince people to switch to Google Docs or whatever without losing their social networking bits, and we win because we can convince people to switch to smaller providers by saying "Wow, compatible with Google Talk 2!" or whatever

that's how you get people who hate crappy XMPP because pidgin+google talk sucked

Sure, but that's not a problem that we're going to solve by calling it "XMPP" vs "Jabber" and trying to market direct to consumer either.

Pidgin and Google Talk sucked? I think it was great at the time.

Anyways, I've pretty much convinced myself that we need someone marketing to big providers, but I'm not sure who that is, and the best thing for smaller services is to just ignore XMPP/Jabber and create their own brand, because ours isn't going to do them any favors.

stp: at least for me a lot of people I know really liked it at the time, but everyone moved off of it when other providers came along with more features and Google Talk / Pidgin never moved on.

maybe modernxmpp can agree on a logo that means "compatible", perhaps also host a page it can link to to explain in human words what it means, that all projects that want to can link to? cc MattJ

Pidgin and GTalk was probably great ... in 2006. And then it stayed mostly the same.

Good idea! I like that

whether that's XSF logo or not no idea

moparisthebest: ModernXMPP is even more cumbersome than XMPP

Ge0rG, Now there's a statement we can all get behind.

moparisthebest, I agree with that sentiment, for sure

SamWhited, Yes, same for our circle of people allthough we only changed when Goolge announced they would scrap their federating XMPP service and we left Pidgin when it couldn't keep up with XMPP developments.

Ge0rG: it doesn't have to say "ModernXMPP", it just has to be a pretty page with some logos on it that says "This service is compatible with all these other services!" o

Or be a page that has some general advice on how to do that, which seems like something ModernXMPP would be good at providing

.oO(Snikket?)

A new logo that tesselated might be a fun thing.

yes exactly what SamWhited said

Might be something to learn from "The Fediverse" aka ActivityPub/MastoPub

ModernXMPP probably isn't the best term for users, but that can be solved

I mean it'd be cool if xmpp.org could host the page too/instead but that seems more controversial :)

SamWhited: let me remind you of XMPP Compliance Suite Compliance Badges.

What ModernXMPP is missing most is wider participation. A few people have contributed a few things, and that's great. But for it to work it needs to be far more comprehensive, well-structured and supported/reviewed by XMPP developers

Badgers! ✏

Ge0rG: is your argument that because one thing never materialized another project shouldn't bother making a page or providing guidance?

I also would like some actual UX people involved

SamWhited: not at all. I think that ModernXMPP is a good home for this kind of effort (only second to the Jabber Software Foundation)

My other problem with ModernXMPP is that moving an open ecosystem is like herding cats... it can be done, but it's painful and takes time

we got that solved, I think Neustradamus can create issues for each project to link the new page+logo ? :D

moparisthebest: oh dear god please no

this logo seems pretty good https://en.wikipedia.org/wiki/Fediverse#/media/File:Fediverse_logo_proposal.svg

Please don't even joke about that 😤

moparisthebest: the xmpp network logo needs to have client tentacles on all those circles

moparisthebest: A colorful pentagram? > this logo seems pretty good https://en.wikipedia.org/wiki/Fediverse#/media/File:Fediverse_logo_proposal.svg

tentacles!

fediverse has clients too and they aren't on that logo

moparisthebest: ITYM web browsers

https://share.samwhited.com/sam/wAUrEUtGPcemFGBL/bestlogointheworld.png

Done!

we got those clients too!

SamWhited: missing "Zimpy"

Damn it. It was so close to perfect too.

https://www.quickcompany.in/trademarks/3620784-zimpy-label

I'd like the pentagram turned 180° 🤘🏽

I'd just like to mention this glorious logo: https://en.wikipedia.org/wiki/File:NROL_39_vector_logo.svg

oh man, the US military and intelligence agencies come up with awesome logos all the time

maybe we need to hire a designer to make an awesome logo

Ge0rG, worked for Snikket

if it has some pyramid-eye or kraken symbol, it will trigger the fediverse, and as we all know bad press = good press

all press is good press indeed

IDGI, is that some fedivserse conspiracy theory iconography?

just don't mention "the competition"

Zash: the snikket logo is cute, not controversial

Actually, I probably don't want to know

Ge0rG, I mean the "hire a designer" part

SamWhited: nah, it's just the usual conspiracy theory iconography

*sigh* okay, TIL. I do not need or want to know more.

The garage I've been trying to find funds to open for years uses a font from an old CIA operation. So far no one has noticed, but I'm waiting for the day that people decide we're a front for a secret government takeover of auto mechanics or something

SamWhited, But that's just what you *want* me to think, right?

dwd: how'd you know? Who's been talking?

SamWhited, https://xkcd.com/2169/

Everyone knows it, educate yourself!!!11!!eleven

classic

Obs: That was satire. Do not use in actual debates.

MattJ what if you toot out a call to the fediverse for logo proposals, seem to be a fair share of graphic-ly inclined people on there? or lazily use the XSF logo, I have no opinions :)

I think using the XSF logo would confuse matters too much :)

Using the XSF logo for what exactly?

Ge0rG, Everything.

I tend to lazily use the XSF logo and see a lot of other sites doing it, but I tend to agree that having something else for "compatible with lots of other things" would be better if we can manage it and make it catch on somehow

the image+link to simple "explains why this is compatible to normal person" page

SamWhited: I agree that the logo is actually good enough for that.

XMPP logo on top of a globe and the text "NOBODY IS BEYOND YOUR REACH"

the logo, embedded into a catchy compliance badge

Zash: and a kraken.

can we put a pyramid with an eye into the bottom half of the "X"?

Kraken in the XMPP logo colors?

Zash: yeah, or the fediverse rainbow. Your choice.

I am concerned that there is no discussion of Cthulu in our logo plans.

(Also amused that Kraken was, after all, a popular XMPP-to-anything transport gateway back in the day)

this is why we need graphic-ly inclined people and not developers

Iͬ̿̋͡҉̸̩̩̣'̸̶̛̹͖̳̐̇̋m̛̜͙̳͐͒̽̀͢ ̧ͬ͑ͥ͏̟̮̟̀h̽̈́͌҉̛̲̜̖͝ę̶̼̭̰̄ͣ̿̕ȓ́ͩ҉̡̢̣̮͕e̡̘̥͋ͪ̊͠͠ͅ ̸̵̪̺̦ͤͣ̇͡t̶̸̨̬̠̤̂͛̈ơ̡̧͕̰͇̄ͦ̚ ̢̹̙̬̾ͭ̊͞͡s̴̸̭͉̲̐̒͑͝t̵̫̰̞̃̍ͭ͟͜ä̛̰͈̞͋̚͝͠ņ̶̨̜͉̜͒ͦ͊d̴͕͙͚ͯ̈̓́͞ạ̢̠̹̏ͪͫ́́r͔͕̫ͬ͗̓́́͢ḍ̴̴̛̱̺̎͑̿i̵ͨͭ̚͏̹̝̝͢ž̸̹̣̬̔ͪ̀͘ȩ̶̵̫͎̹̌͐͆ ̧̢̩̯̙̓̒̑͜y̷̛̮̠͍̏ͬ͌͠ơ̢͕̜̦̊͐ͬ͞u̴̶̷̻̭̗̾̅̚r̵̓̈̚̕҉̲̫͇ ̧̧̠̹̠͆̋ͬ̀c̴̓̊ͧ͏̵̹͚̙o̡̰̙̺̓̏ͣ͠͝m̨̨̛̹̞̝̽̈̓m̸̙̥̖̽̂̄͘͟ų̸̱̝̜̉̿̋͜n̴̴̪̘̲͊̈́̈́͞i̴̸͎͎̩̐̄́͝c̴͚͈̫͒̌͌́͞à̖͍̼̓ͨ͡͡͡t͕̺̂͆̍͘͢͠ͅi̗̘͙̋͆̅̕͞͡o͕̰̮ͨ͋̈́͝͠ņ̶̆ͯ͗҉̳̦̭s̴̡͔̲̪ͮ͛ͥ͜

that looks fun in the dino preview :D

Hello vanitasvitae

mimi89999: hello there!

Zimpy, the brother of Zalgo

vanitasvitae: that's my quote of the day

🏆

vanitasvitae: just one minor nitpick. We need to be gender-neutral, so it should be "sister/brother/sibling"

Or given how dusty XMPP as a protocol is, simply its Ancestor

XMPP: Supporting Zalgo since 1999 and Emoji since 2010.

/nick :robotface:

Hello fellows, it would be great to have a second reviewer for the French translation: https://github.com/xsf/xmpp.org/pull/875 For all of the other translation I have enough

emus: the translation is currently under review on linuxfr, and I hope it will be synced quite soon with the XSF github repo ✏

Ah okay, thats good to know

Thanks

Hello, I would like to arrange an official mail for the CommTeam. What would be the steps?

emus, like in email address?

I think that topic came up in the past

Yes, but we stopped talking about it

I’m trying to find the discussion

I think we came to the conclusion that for the use case back then, it wasn’t necessary or useful

what has changed on your side?

several social network accounts with several private or non related mails

And I would like to have a direct an clear address for the organisation etc. ✏

some orgs use private mailing lists for this

I don't need a have private mail list. I (we) need an email address which is related to XSF and not hosted on any private servers somewhere

I don't know if we even have that capability currently

We host mailing lists, I'm not sure if we host any actual mailboxes. I don't think we run an IMAP server, for example.

But I could be wrong, I haven't looked

no IMAP

port 143 timeouts

members@xmpp.org so those are all only mail list adresses

Yes

yes, the contact addresses are all mailing lists

which, if you think about it, has some advantages (you can easily add/remove people with access for example)

Ok, then that confused me. So there is no official email for xsf etc?

but you obviously cannot send messages from that address(*)

emus, there is. I think there’s info@ and board@ and trademark@…

Yes, and I cannot register with that

though the latter may actually just be an alias for a single person

Okay, but apart from capacities, I think it should be dealt with the account registrations and the XSF "sovereignty" on this

running a mail server is not easy™

Ok, I thought there is one running already

I’m doing that for myself and I’ve got it automated to large parts. I could replicate that setup for the XSF, but then I’d be the SPOF

SPOF?

emus, partially. it only does inbound (SMTP) and mailing lists

single point of failure

it doesn’t do outbound (Submission) or mailboxes (IMAP)

Yes - I see

so while it is technically a mail server, it is not a full mail setup

isn't that really all you need for registering/maintaining accounts though? (a mailing list, recieve-only) ?

moparisthebest, in general, yes.

but emus seems to have special requirements?

Okay, but I think the maintenance topic is severe already in general when I hear MattJ (also before). I think this is something that need kinda action. We cannot let basic infrastructure down (at least it sounds like this to me)

I thought emus just wanted an email to use for, say, the twitter account? if so he's asking for a private email list for commteam ?

No, receiving is minimum - sending would be "good", but for the moment I could work. But it does not make sense to create it on any non-XSF mail servers

As has already been suggested, a private mailing list will suffice for that

That's how the info@xmpp.org contact address for the XSF works

*hopefully* no website exists where you have to *send* an email to verify identity, because email doesn't work that way

Point is, when I register with an email to a service, they will only accept this mail in case there are any inquiries to the service

yes, what mopar says

emus, do you have a concrete example of a service where that is the case and there is no contact form on the website or similar?

emus, it's ok because you can fake the sender from any email account :)

I dont know jonas' but, I prefer not to register such a one-way email realizing one day that there is a case where I "need" to sent an email.

No, thanks moparistthebest

But in general, I think it is kind of weird and I am also a bit amazed, that we (the teams, responsible etc) don't have this possibility

emus, ftr, I’ve been registering on ~all services with one-way addreses for a few years now

In terms of Single Points of Failures: I think that is an important topic if the infrastructure capabilities are low.

after I built a thing which allows me to get a throwaway, one-way email address via an XMPP ad-hoc command ;)

jonas' okay, then I do so

emus, exactly, hence I propose we try to make do with what we have :)

at least a way to have it collected

emus, if a service EVER requires you SEND them an email, drop them, they are totally insecure and vulnerable to impersonation

jonas', I see but I think even this is not good

there is no way to validate an email you just recieved came from who you think sent it

email is not xmpp

so, recieve-only is fine 100% of the time

moparisthebest, I think maybe one day I (we) want to reach out to someone else via such an email.

1. anyone can fake such an email right now 2. don't, just use it for twitter password resets

I hope so. I think as a commteam... one wants to be able to send an email or provide this contact 🤷‍♂️️

Okay, wait, I cannot use it as account email?

a mailing list will just take whatever email was sent to it and forward it to your personal email (and everyone else's on the list)

No, Im on what jonas' suggested

no maillist (at least for now)

you can send an email as bigboss@xmpp.org right now though and it's fairly likely to get through, maybe in spam, but probably will get through

I thought jonas’ suggested a mailing list ?

He suggested a receiving email only

(I think)

emus, in case of the XSF infrastructure using a mailing list

But I thought I cannot use this for account reference?

why not?

Because any response to this is public I thought?

response?

you can also have mailing lists which are not (publicly) archived

and which are essentially just forwarders to one or more other email addresses

emus, twitter emails a password reset link to commteam@xmpp.org, it gets forwarded to your email, and 2 other members of the commteam, that's it

If I place this email to the XSF Fosstodon account, any they send any password or private stuff, then its public

no

just don’t enable (public) archives for the list, done.

Okay, but there is still a non public archive for XSF responsibles?

like, if you want to review a year later

depends on the configuration

you can have a public archive, a members only archive, or no archive at all

Would member only be legit for that purpose

?

seems perfect for it

yep, I agree

Then I would like to request such a list

Should be better commteam_internal@xmpp.org

I’ll see what I can do

Okay, take your time of course

But generally asking do we have real known Single Point of Failure?

plenty

also depends what you mean by "we"

XSF

but, xmpp.org infrastructure-wise, or organization-wise, or this-muc-wise, or?

XSF-wise, all critical points

offtopic PSA https://www.openwall.com/lists/oss-security/2021/01/26/3 looks like any user can get root using sudo since 2011, fun

damn, couldn’t you have told me 10 minutes ago?

also, holy fuck

I always knew locales were a mistake :)

brb updating all my boxes ✏

Quite a few people knew sudo is a mistake but nobody ever listened ...

I always knew C was a mistake

rust-sudo when

seriously, everytime someone says to me, why dont you write that in C

i think of these reports

and then i think, nahh dont really want to get into this mess

moparisthebest, looks like that is a thing that exists, but all it does is make a program run itself with sudo....