XSF Discussion - 2021-11-04

https://news.ycombinator.com/item?id=29104292#29104744

this might interest you

Can someone tell what's "true" and whats not "true" about it

> rvz 24 minutes ago | prev [–] > So the hype around XMPP is no better than Matrix then. Oh dear. Glad there is still hype apparently

> If you pick a random XMPP server, you likely pick a German one. 😬

"So the hype around XMPP is…" Did I miss something?

Heh

I think we should take those articles serious, even if we may disagree on some points. arent there xeps to prevent metadata to the server?

and also the latest dtate of omemo? ✏

nope

And, as one hn user commented, that article is more a rant than a well written summary of the situation

but then lets do it better?

avoiding metadata on the server? hard, if not next to impossible

I mean, we always try to do better, but there a just some things that you can't change without changing the fundamental design

sure, but it could be made clear that this affects all technolgy

well, not all technology

agreed

ok

there are mostly metadata-less means of communication, but those have other drawbacks

If meta data is your only or by far biggest concern then there are indeed other chat clients that do a better job at avoiding them

I think XMPP is also much more. If people all host in the same server farm thats bad - but their decision. XMPP does not force one to do so. And also people here do it because it is a standard. I think thats also important to say. I would be happy to write something on this and maybe even updste the websites explainations. If people are interested to throw their arguments at me I can try to write sometjing. However, I lag many of the technical details and knowledge here.

emus, sure, may I recommend a pad (cryptpad) somewhere? to collaborative work on the text? ✏

Obviously we should ensure it's fully encrypted.

I'd rather recommend and use cryptpad because it's a nice pad

:-)

Use double-rot13 on the text.

We should probably make https://xmpp.org/extensions/xep-0077.html#security more stern, too.

flow: yes I can do so

of course with double-rot13 😃

Or triple-rot13 twice.

Everyone feel free to add their questions and responses / ideas / clues https://yopad.eu/p/xsf-collection-privacy-security

Daniel, In the Conversations screenshots, what are the German bits saying? I can't work out if he's got as far as spooinf OMEMO's initial leap of faith etc.

flow:

sperren means to block the contact

dwd: that's the message from stranger dialog

That pops up for non responded to non contacts

And the placeholder text? Is that saying anything about encryption?

In the input field? That's saying the next message they'd send would be omemo encrypted. Gives no indication on whether or not they trusted any devices yet. Presumably not

That fake account probably won't even have keys published

No, though that could be spoofed too of course.

Written some starter text. Feel free to edit.

uhh

If you fear metadata, you can just run a server on the same device as the clients and use Tor for s2s, basically making it a fully anonymized peer-to-peer messenger. UX will probably be terrible, but the metadata footprint will be incredibly low. XMPP already fully supports such setups, so the protocol can stay as is. If there is no client doing this out of the box, this might just be because it's a terrible idea, not because the protocol is bad.

> XMPP already fully supports such setups, so the protocol can stay as is. Isn't there some lack of specifics in the Stream Management xep concerning s2s connections? From what I heard, current implementations kinda handwave the issue, which can(?) result in message loss. I'd be glad to have misunderstood though. :)

From the pad: > Some will allow for federation, which inevitably increases the matadata involved. Increases compared to what? A p2p system? This isn't very clear in the text ✏

Aitm time again?

it is

Another reminder that we are coming close to the deadline for our board and council application period which is November 7th.   When you are interested to run for a board or council position then please apply here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021

mdosch, It feels like it comes earlier every year.

lol

Anyone fancy putting their names in for Board or Council? I'm happy to answer questions in public or in private about the workload, difficulty, or whatever else.

same (for council)

It's crazy how the Matrix guys are really aggressive in their comments. Like it was a religion to defend.

It's their livelihood, what do you expect?

edhelas: https://www.moparisthebest.com/images/xmpp-vs-matrix.jpg

Yup exactly

jonas’, re https://github.com/horazont/testxmpp/ nice, python. did you use an existing xmpp implementation or are you implementing the needed parts right in that project?

phryk, https://github.com/horazont/aioxmpp for some XMPP things, but the workhorse is https://github.com/drwetter/testssl.sh

jonas’, oh, you're the author of aioxmpp? i think i mailed you once about me wanting to write a client with kivy :)

maaaybe :)

I remotely recall something, did I reply to you?

you did, even offered to help iirc. :)

huh, interesting ;)

also nice flask, i'm building my custom invite/register/webclient service website with that ;)

i wanted to do something similar to xmppoke, but as cli tool… your project is definitely relevant to my interests. :3

phryk, use testssl.sh

it can do XMPP and testxmpp is mostly a fancy UI wrapper around that.

how extensive is its xmpp support? i also want to test if things are correctly set up for working audio/videocalls and nat traversal, file uploads, etcpp…

okay, that it doesn't do at all

That's a bit out of scope for TLS tests

but that also generally requires a user account

Yes and yes.

Use caas?

But that's the sort of tool I wanted to build.

https://github.com/iNPUTmice/caas

while the goal of testxmpp is to work without a user account at this point in time, though I can imagine privileged tests with credentials, too

Zash, Yes, but I want that as CLI, or rather as a lib either in python or with python bindings. :P

It is a cli, tho in java

mweh. if i'm not of i have managed to have no java at all in my package repository^^

phryk, so generally, I am interested in integrating more tools if they have a sane API (testssl.sh does not have a sane API, for instance, but it's so powerful that the cost of implementing a thing which extracts the test results was lower than the cost of reimplementing the tests)

yeah, i can understand that. i was kinda tempted just writing my own xmpp implementation, but i think then i will *definitely* never get this done ^^

tho if I'm not thinking about a full-fledged client but rather a tester, aioxmpp (+ existing plugins) probably already does all xmpp-specific stuff I'd need…

yep, also aioxmpp is really easy to extend :)

(and contributions for things like retrieving A/V stuff are really welcome, too)

heh, yeah. just wanted to say good to know it's easily extensible because last i checked there was no extension for a/v calls. or not for them with omemo? but these are all topics where I'm not sure I have the needed domain-specific knowledge to implement them^^

well, that's exactly my problem ;)

Thank you guys for the full text replies already. Haven't expected this!

0 . Welcome

Hi! Who do we have?

Hey

\me listening as guest 👋️ ✏

✏

is it office hours again?

yes

no

Its board meetnig

phryk: as per the room subject :D

Except we don't yet have quorum

Ah, had dino in fullscreen mode, doesn't show topic then^^

Because it has too much screen estate?

Also, doesn't Dino show subject changes in-chat?

No, seems to be developer decision, i guess. It shows an extra bar with topic, search etc, but not in fullscreen mode.

No, doesn't do that either. :P At least the version I have, which might be outdated by a couple months…

arc, dwd are you here?

Yes, sorry, hand;t noticed the time.

ok, let's get going then

Do we have any agenda items?

emus: was there something specific you wanted talked about?

Yes

let me copy

flow recommended to me to apply to Board as GSoC organisation administrator and hereby I would to do so. Of course, that would be my first time. If there are certain responsibilities or things I require to know or are to be discussed I would like to know. Other than that I am happy to support the organisation and during the GSoC in general

flow said that he is happy to be a support in the background

emus, I got all hopeful you were intending on standing for Board then.

:-D

: D thanks you are so confident about me

1. Minute taker

dwd

OK

2. GSoC

I'm happy to support board where I can of course

So, it seems we have somebody who'd love to be admin this time around!

but I cannot tell right now that I can make it next year

I haven't seen any chatter on GSoC 2022 yet. Did I miss an announcement?

I haven't noticed an announcement yet.

I'm all in favour of getting our act together sooner.

No, you did not miss

Was just going to say that.

So I think it's premature to do much before they've said there will be a 2022, especially given the magnitude of change in the 2021 program.

but I want to start early as well as provide XMPP people to consider early

otherwise they might go somewhere else

So emus: yay. Thanks for offering. There are several individuals that have admined before that would likely be happy to assist you.

You could certainly work with the individual projects to get things ready.

Right, but what if they reversed the 2021 changes? Presumably any projects we'd suggested would be invalidated.

Anyway, I'm all in favour of someone willing to do adminny things :)

emus, Sorry, what's your proper name for the minutes?

(And I certainly won't have time to)

you mean my full name?

emus, Something for the minutes. Unless you just want to be "emus" there. :-)

:D

emus is fine, but you find my full name also in the applications I made

I would have one more question if you decline to start with GSoC now: So you do allow me to reach out to the projects and ask them to consider it?

I'm sure dwd can get the minutes sorted

and may I also call via social media? (acutally I did already in the Newsletter 😬️)

Yes please go ahead.

I think that's fine, as long as it's understood how tentative it is at this stage.

From the peanut gallery, starting thinking about GSoC early, and especially getting interest from software projects is great. We just can't really go as far as sorting out ideas unless we know what form it'll take next year.

(Or if it'll happen at all, naturally)

Kev, I see your point, certainly, but I think we can go as far as gathering projects and getting them to start thinking about the areas they'd like to see, mentors, etc.

yup

Kev - sure, I did not intend this

so I take way: do nothing official and everything as a tentative and elaborating action?

Well, you can totally officially gather interest.

(In case anyone's following but not following GSoC, Google halved the scope of all projects last year, which is what I'm worried about being thrown by)

It is just that Google hasn't announced the happening of GSoC 2022 yet, so make sure you communicate that everything is tentative.

This is also very non-committal: https://groups.google.com/g/google-summer-of-code-discuss/c/HdlN9R81Spk

(Even assuming it goes ahead)

Ralph: That's also pretty standard for what's said every year before announcement, mind.

yep

Note that last year, they announced on Oct 26, so yeah, let's see

emus: do you have enough to work with?

sorry if i'm junst bonking in as a guest, but can i know what emus approach you with? getting the xsf directly get funds from gsoc to distribute among projects?

Just to be a hosting organisation (as others) during the GSoC 2022 as we did in the recent years

ralphm yes I think so, thanks

Well, GSoC operates by paying students to work on open source projects directly, but the "organisation" gets money as well. The XSF would, in this case, be the organisation for all the projects.

flow, if you are here - anything else?

phryk: no, Google pays students directly and we then get compensation for mentoring as well

yay lag

ralphm, ah, that sounds nice. :)

emus, no, nothing to add at this stage

Moving on

3. AOB

Now we could hand our share over to the projects in some cases, of course - but that's really a choice for the next Board.

Just wanted to mention two things:

General question: All from the current board will not reapply?

#1 note that messages that Alex sent out: applications for Board and Council elections are still open until the 7th

Oh. For some reason I had it in my head it was tomorrow, but it's Sunday, isn't it?

You can find and edit applications here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021

Yeah, I'm not sure what End of Business means on a Sunday, but whatver.

e

Of course there are societies with Sunday as a regular working day.

I feel you may have digressed.

we use the end of business term forever, maybe we need to change with a UTC time in the future

#2 I saw the CfP for FOSDEM 2022 devrooms: https://fosdem.org/2022/news/2021-11-02-devroom-cfp/

I haven't yet seen any chatter from the RTC people on this yet, though.

I'll keep an eye on this.

Anything else?

4. Date of Next

+1W

5. Close

When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*.

haha

Thanks all!

Thanks everyone!

To vote in that election, I'd have to be an XSF member, right? What would that entail and is it still possible?

phryk: see https://wiki.xmpp.org/web/Membership_Applications_Q4_2021

Sam, you can apply here for membership: https://wiki.xmpp.org/web/Membership_Applications_Q4_2021

but this is Q4, and we will elect on those applications after the upcoming board&council voting

phryk, You could stand for Board though. :-)

phryk, I mean, you can't vote, but you can *stand*...

dwd, Yes, I thought about that for like 2 nanoseconds, but naah.

Presumably you could stand for council too and it would just depend if you become a member.

It doesn't seem likely that everyone would vote for you for council, but against you as a member

Conditional elections? Maybe let's not do that

Again

I'm informed and vested enough to vote on things, I think, but apart from maybe some more prosody plugin stuff I don't think I'm a good fit for any official representative position for the XSF. :P

Sam, No, but you can't be a Council person without being a Member, so that precludes standing, I think, by any sane measure.

phryk, Please do become an XSF Member, then - in years where we aren't in pandemic status, we even get a nice meal out of it with lengthy discussions about linguistics.

dwd, mhh, can i ask for my membership application to not be public, but just visible internally tho? would like to keep public links of my nick and "official" name to a minimum…

phryk, Honestly, I don't know. We are technically a corporation, registered in Delaware, and by becoming an XSF Member you're becoming a Member of the Corporation. It's not clear to me if this is a matter of public record or not.

FOSDEM devrooms are open for everyone?

Not 100% sure, but for soemthing as official as XSF it's definitely possible to get one.

dwd: the position we have taken as Board up till now is that we require public applications.

dwd: exactly because of what you wrote

dwd, Mhh, then I'll have to think about this. Tho, honestly, unless I move my server out of the EU it looks like I'll soon be identified by WHOIS anyhow :/

emus: what do you mean: hosting, presenting, attending?

phryk, I have to admit that I lean toward publishing our membership as openly as possible because of a general lean toward transparency of organisation. I believe that's the right thing to do.

all of it actually. So if we have a room people need to pay and register to join/attend/?

Not pay, certainly.

FOSDEM has always been riotously free.

There's no payment involved with any of FOSDEM

except of course, food and beer

Much beer.

dwd, I agree on that. But I do think that pseudonymous memberships should be possible. I'd be okay with identifying myself internally so things like people using this to gain multiple votes can be avoided.^^

also, you can sponsor FOSDEM and receive merch as thanks

Organizations apply for dev rooms. Individuals apply to dev rooms with talks. Anyone can listen

You can buy beer over matrix now? We're lost!

this is not the terminal I was looking for! ✏

phryk, I understand your viewpoint. But there's things like the orgnisation being seen not to have been taken over by Cisco, or Isode, or whoever - unlikely now, of course, but we've got to the point of needing to count a couple of times.

dwd, oh ew. that's an excellent point.

Traditionally we don't apply for our own 'xmpp' devroom but instead share one called real time something

We indeed also have affiliation limits

Well, *traditionally* we did apply for our own xmpp devroom. The realtime something is much more recent :)

We had devrooms?

And we could

phryk, Obviously we do check internally, but we also need to be seen to be clear on these fronts. I think. :-)

Zash: Edwin and I initially started, with the Jabber stand

and then we had a Jabber/XMPP devroom for many years

In which people gave talks about how much they hated the JSF :)

A good thing it can fly now

"Yes"

Ah okay, yes I can only support Sam's attempt to get a devroom

But we can also have talks in the devrooms?

What else would you do in it

Develop?

_D

yes

😀

Uhm. You think we're some kind of Software Foundation? :)

My attempt? I don't think that was me :) I just asked who normally applies the other day, didn't know if that was us or someone else

But yes dev rooms are the equivalent to tracks at other conferences

So yes you'd usually use them for talks

Normally I do the applications

Except recently the devroom applications were done together with the RTC crowd, and I think it was Daniel Pocock or Saul who did the applications

*nods* thanks

> When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*. I didn't realize corona was dwd 's fault... But in hindsight it makes sense since he work(s/ed) in healthcare, new conspiracy!

Surprisingly, while Pando got *very* busy because of the pandemic, it didn't translate into revenue.

But yeah, during April 2020 we saw around a 500% increase in users.

Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages.

And then I got more or less fired by the new CTO. So yeah, mixed time. :-)

So stressed, they'd just sit there refreshing their inbox?

Zash, No, we could measure to millisecond accuracy between them getting sent the message (hence notification on their phone) and them opening it.

Zash, For Nurses, we could tell they would open the app between sessions and have bursty conversations as they walked from one patient to another. For Doctors, they'd just respond as and when they could.

(We could also tell fun things, like junior doctors responded to consultant messages much faster than messages from nursing staff... Healthcare is weirdly heirarchical)

> Daniel wrote: > So yes you'd usually use them for talks Thanks for clarifying

> dwd wrote: > Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages. This is one of the most understood issues with meta data :-) But people still wonder about my sceptisim

https://spacecloud.one/upload/66c0dd6e-69ed-4170-bc3e-bf6677ae8cd3/5f4982b2-b224-4e3d-8970-1fafcff5e840.png

thoughts?

pure love - wann heiraten wir?

not what I expected :D

wurstsalat, I think more states can lead to retracted

wurstsalat, also 'rejected' leads back to experimental, maybe?

> wurstsalat wrote: > not what I expected :D Oh I thought that was the private chat 😂😂😂

Lifecycle in practice: ----> [Experimental (everything stays here forever)]

XEP-0280 and 0313 would like to object!

in general though :)

seriously though, really nice wurstsalat

moparisthebest, got stats to back up that? 🙂

moparisthebest, theTedd connected the boxes, I embedded it and applied some cosmetics

> moparisthebest wrote: > seriously though, really nice wurstsalat This!

also thanks to theTedd

"a good think" .... ahhh folks it was late... forgive me please