XSF Discussion - 2021-06-10

  1. moparisthebest

    https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers?

  2. qrpnxz

    wow they compromised FTP, what a surprise xD

  3. qrpnxz

    oh man i cannot take this attack srsly hahaha

  4. Menel

    > https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers? Is the question equivalent to "Can xmpp server be tricked into echoing random JavaScript code someone sends to them" ?

  5. jonas’

    Menel, I think so

  6. jonas’

    and the answer may surprise you

  7. jonas’

    given that many XMPP servers nowadays have open HTTP upload :)

  8. jonas’

    given that many XMPP servers nowadays have open (but authenticated) HTTP upload :)

  9. jonas’

    imagine a service which has both xmpp and email (let’s call it fancybox.org). It has webmail on webmail.fancybox.org and http upload on share.fancybox.org, both using a *.fancybox.org certificate :)

  10. marc

    Isn't one requirement that the fqdn must be equal?

  11. Zash

    Wildcard certificates are a thing.

  12. marc

    Ah, that's bad then 😗

  13. Alex

    memberbot is still online until our meeting later today. When you have not voted yet then you can still do so in out current voting period. Thanks.

  14. jonas’

    thanks for the reminder, done

  15. Zash

    Does https://archive.cabforum.org/pipermail/validation/2021-April/001651.html mean things might be moving wrt SRV certificates?

  16. şişio

    Hi. Now, is running my own server worse than Briar?

  17. şişio

    > mdosch wrote: > No idea, maybe tox or briar?

  18. arc

    I assume we're actually going to have a board meeting today? Serious question, not snark

  19. arc

    I know it is often hard to keep the weekly meetings going, we all tend to get busy

  20. mdosch

    arc: > memberbot is still online until our meeting later today Sounds like there will be one.

  21. arc

    And the draft coc is being discussed on email, too

  22. Zash

    That's the member meeting, not the board meeting.

  23. dwd

    arc, I'm certainly able to attend.

  24. MattJ

    Me too

  25. arc

    And Ralph is here because he just sent the email

  26. ralphm

    here as in cyberspace?

  27. dwd

    As in meeting time.

  28. arc

    Or xmpp virtual space?

  29. arc

    I think we are all here

  30. ralphm bangs gavel

  31. ralphm

    0. Welcome

  32. ralphm

    Hi all!

  33. MattJ


  34. ralphm

    What items do you bring?

  35. ralphm

    I have CoC

  36. arc

    I think that is really itch but is a really big topic

  37. MattJ

    A status check on the Open Collective stuff would be good

  38. arc


  39. dwd

    Nothing beyond the draft Code of COnduct for me.

  40. ralphm


  41. ralphm

    1. Minute taker

  42. ralphm

    I think MattJ is up

  43. ralphm

    2. CoC

  44. ralphm

    Dave made a draft and sent it to board. Jonas and I made some comments, and Dave some edits. I think we should move to submit to the XEP queue.

  45. ralphm

    Also thanks Dave

  46. dwd

    I hope you'll have seen the drafts I've sent to the Board list. I'd like to get this into the community as a XEP as early as possible, but I'd like to be assured that we all think this is at least the right starting point first.

  47. arc

    It also looked fine to me but I have not had a chance to really think about it too much

  48. ralphm

    arc: is it good enough as a starting point to publich as experimental XEP to work on in public?

  49. ralphm


  50. MattJ

    I'm partway through it, so I don't have any feedback at this point - but I'm unlikely to object to pushing it to the queue if others have read it and believe its ready

  51. arc

    Yeah as I said I think it's good

  52. Kev

    I’ve not seen it, but I’d just say that because it’s (I assume) contentious, it might be good to ensure Board are reasonably happy it’s a good direction, and not just publishing it (thereby creating potentially a lot of heat) if it’s likely to change direction significantly.

  53. arc

    I'm just also taking classes on becoming a foster parent and that has been a really big drain on my free time

  54. ralphm

    Kev: agreed, and that's why Dave posted it to the Board ML first.

  55. ralphm

    arc: ACK. No worries

  56. dwd

    Kev, Putting any Code of Conduct into place is contentious, but it'll be in Experimental first for community feedback of course, before having a Last Call and moving to Active when we believe it's ready.

  57. Kev

    dwd: Yes. But if one of Board were to raise issues in public that could have been addressed previously, that would probably be suboptimal.

  58. Kev

    I’d even suggest running it by Council quietly.

  59. jonas’

    council liaison has seen the draft at least

  60. jonas’

    council<->board liaison has seen the draft at least

  61. jonas’

    (and extensively commented and approved in general)

  62. Kev

    jonas’: I know, but it’s not clear to me that you speak for all of Council in this ;)

  63. jonas’

    I certainly don’t, as not all of council has seen the draft

  64. Kev

    It’s also possible I overestimate how contentious it’ll be, and everyone everywhere will just agree it’s sensible :)

  65. dwd

    Kev, I think Board members commenting on it in public is OK, as long as we agree it's a good start point.

  66. ralphm


  67. dwd

    Kev, I think the most contentious part is having it at all.

  68. arc

    It is relatively clear that a lot of thoughts was put into this, thank you for that!

  69. jonas’

    my cents on this: - I don’t think that diametral disagreement with the document as written is going to happen in any reasonable way - The more of the discussion around the draft happens in public the better – I feel putting a complete document in front of the community looks like trying to put things in place without discussion.

  70. MattJ

    Yeah, I'd rather get it open, given that several people who have read it are okay with this

  71. Kev

    I’ve made my point, I’m happy you’ve considered it :)

  72. ralphm

    With that, I make my initial suggestion a motion.

  73. ralphm


  74. arc

    I agree with that.

  75. arc


  76. dwd

    ralphm, I'm +1

  77. ralphm

    MattJ for completeness?

  78. MattJ


  79. ralphm

    Motion carries. dwd: make it so, please.

  80. dwd

    jonas’, In that case, you want to grab it off the Board list, or would you prefer a PR?

  81. jonas’

    dwd, if the latest .xml from the list is ok, I’ll just do it directly.

  82. dwd

    jonas’, Please, and thanks.

  83. ralphm


  84. ralphm

    2. Update on Open Collective

  85. jonas’

    dwd, on it

  86. ralphm


  87. MattJ

    I think the status is "waiting on Peter", but just want to check if there's anything else needed

  88. MattJ

    cc Sam

  89. Ge0rG

    I'm not sure what I'm supposed to do here?

  90. ralphm

    sorry, brain misfire

  91. ralphm

    but hi!

  92. arc

    One of us, one of us 😆

  93. MattJ

    Okay, well, we can proceed on list

  94. arc

    Are there any projects waiting on thisô

  95. jonas’

    I am going to give coc.xml a number right away because it was submitted by board, if that makes sense?

  96. jonas’

    it doesn’t seem sensible to have it go through ProtoXEP

  97. Kev

    jonas’: I believe it’s appropriate to publish.

  98. dwd

    jonas’, Arguably our vote does approve it.

  99. jonas’

    yes, that was my line of thought

  100. dwd

    jonas’, What number does it get?

  101. jonas’


  102. ralphm

    sorry, I was away a bit

  103. ralphm

    3. AOB

  104. arc

    Not from me

  105. MattJ

    None here

  106. dwd

    Just to note my change of employer, and I'm committing my now free Fridays to doing a bit of XSF and FLOSS work.

  107. MattJ


  108. ralphm


  109. jonas’


  110. ralphm

    4. Date of Next

  111. ralphm


  112. ralphm

    5. Close

  113. ralphm

    Thanks all!

  114. ralphm bangs gavel

  115. arc

    Thanks Ralph

  116. dwd

    Or "semi retirement" as my wife keeps calling it.

  117. ralphm


  118. MattJ

    By that definition I'm retired

  119. arc


  120. arc

    In 2021 does that even mean anything anymore?

  121. jonas’

    dwd, https://xmpp.org/extensions/xep-0458.html

  122. jonas’

    (and others)

  123. arc

    You should get some chickens. They're a great start to a midlife semi retirement. Both a source of laughter and sweetness. Like earlier this week.. https://youtu.be/lwzZ6wpH_5A

  124. Kev

    jonas’ - I’m upset the Editor didn’t fix typos on the way through ;D

  125. jonas’

    Kev, the editor has no time or energy to fix typos in any XEP at this point :)

  126. Zash

    "Patches welcome" ?

  127. arc

    Are they really typos or just exercising linguistic evolution? 😊

  128. Kev

    arc: Yes.

  129. dwd

    Are there typos?

  130. Kev

    "we wish the maximize the applicability” s/the/to/ presumably.

  131. John

    arc, nice chicken, when is the barbecue?

  132. arc

    They are pets. And generally you do not eat egg laying hens

  133. Kev

    dwd: Can I suggest “write a XEP” becomes “have a XEP published”?

  134. John

    I'm joking

  135. Kev

    To avoid potential confusion over whether people need the XSF’s permission to have non-standardised extensions from less familiar people.

  136. dwd

    Yeah, though it's also submit a XEP.

  137. Kev

    ‘submit a document for publication as a XEP’?

  138. dwd

    Oh, I see, that section.

  139. Kev

    ‘submit a XEP proposal'

  140. Kev

    Something along those lines.

  141. Kev

    I think the intent’s right, I’m just quibbling about verbiage.

  142. Kev

    "this guiding principle allows the XSF to partially or completely exclude anyone from any activity, for any reason” - I think that’s not *quite* true, because I don’t believe the XSF can prevent members from exercising their bylaws rights.

  143. dwd

    Ah, that's an interesting point. We could block a member from the member's mailing list, I suppose, but not from voting or attending the meeting.

  144. ralphm

    But it could for non-members, so for members 'partially' applies.

  145. Kev

    ralphm: I’m not sure that members can be even partially excluded from voting.

  146. dwd

    And the XSF, as a body, can remove members of course, though it'd be fun trying.

  147. ralphm


  148. Kev

    dwd: Yes, although not when taken with the accompanying claim that it’s the Board that gets to choose.

  149. Kev

    Anyway. I’ve read the whole thing. The intent seems good throughout. Thanks to Dave and whoever else has had input getting it there.

  150. dwd

    Lots of input from Board and elsewhere. Hopefully it reads OK.

  151. Kev

    I’d like to see the ‘write a XEP’ line tweaked, and I think the line about exclusion should be changed somehow. But I think that’s less quibbling than I expected.

  152. Alex

    he guys, its meeting time again. Let me get ready and start in 3 minutes

  153. Zash


  154. Alex


  155. Alex bangs the gavel

  156. Alex

    here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10

  157. Alex

    1) Call for Quorum

  158. Alex

    as you can see 35 members voted via memberbot. So we have a quorum already and a good amount of voters this time

  159. Kev


  160. Alex

    2) Items Subject to a Vote

  161. Alex

    new and retruning members, you can see al applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q2_2021

  162. Alex

    3) Opportunity for XSF Members to Vote in the Meeting

  163. Alex

    anyone here in the meeting who has not boted yet and wants to do so now?

  164. Kev

    Doesn’t sound like it.

  165. Alex

    look like I can shutdown memberbot then and start working on the results

  166. Alex

    4) Announcement of Voting Results

  167. Alex

    when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10#Announcement_of_Voting_Results you can see the results

  168. Alex

    all applicants and reappliers are acceped. Congrats to everyone

  169. Alex

    5) Any Other Business?

  170. Zash

    None from me.

  171. Kev

    Nor me.

  172. Alex

    6) Formal Adjournment

  173. Kev


  174. Alex

    I motion that we adjourn

  175. Kev


  176. eevvoor


  177. Alex bangs the gavel

  178. Kev

    Thanks Alex.

  179. Kev

    As always.

  180. Alex

    thanks everyone

  181. Zash

    Thanks Alex!

  182. wurstsalat

    Thanks Alex!

  183. mdosch

    Welcome wurstsalat 😃

  184. wurstsalat being a happy new member

  185. eevvoor

    congrats wurstsalat :)

  186. moparisthebest

    thanks alex and welcome wurstsalat :)

  187. eevvoor

    I am busy at the moment rewriting the research proposal with XMPP parts.

  188. emus


  189. emus


  190. John

    When are you going to vote next time?

  191. Zash

    They're quarterly meetings, so in 3 months

  192. John

    Not bad, I have 3 months

  193. emus

    Alex, are there stats on the voting rate?

  194. Alex

    emus: no, only the results in the minutes on the Wiki

  195. emus

    Thats not being evaluated usually? Well, one could do it themselves of course