-
edhelas
https://news.ycombinator.com/item?id=29104292#29104744
-
edhelas
this might interest you
-
emus
Can someone tell what's "true" and whats not "true" about it
-
Daniel
> rvz 24 minutes ago | prev [–] > So the hype around XMPP is no better than Matrix then. Oh dear. Glad there is still hype apparently
-
emus
> If you pick a random XMPP server, you likely pick a German one. 😬
-
flow
"So the hype around XMPP is…" Did I miss something?
-
MattJ
Heh
-
emus
I think we should take those articles serious, even if we may disagree on some points. arent there xeps to prevent metadata to the server?
-
emus
and also the latest dtate of onemo?✎ -
emus
and also the latest dtate of omemo? ✏
-
flow
nope
-
flow
And, as one hn user commented, that article is more a rant than a well written summary of the situation
-
emus
but then lets do it better?
-
flow
avoiding metadata on the server? hard, if not next to impossible
-
flow
I mean, we always try to do better, but there a just some things that you can't change without changing the fundamental design
-
emus
sure, but it could be made clear that this affects all technolgy
-
flow
well, not all technology
-
emus
agreed
-
emus
ok
-
flow
there are mostly metadata-less means of communication, but those have other drawbacks
-
Daniel
If meta data is your only or by far biggest concern then there are indeed other chat clients that do a better job at avoiding them
-
emus
I think XMPP is also much more. If people all host in the same server farm thats bad - but their decision. XMPP does not force one to do so. And also people here do it because it is a standard. I think thats also important to say. I would be happy to write something on this and maybe even updste the websites explainations. If people are interested to throw their arguments at me I can try to write sometjing. However, I lag many of the technical details and knowledge here.
-
flow
emus, sure, may I recommend an pad (cryptpad) somewhere? to collaborative work on the text?✎ -
flow
emus, sure, may I recommend a pad (cryptpad) somewhere? to collaborative work on the text? ✏
-
dwd
Obviously we should ensure it's fully encrypted.
-
flow
I'd rather recommend and use cryptpad because it's a nice pad
-
dwd
:-)
-
dwd
Use double-rot13 on the text.
-
dwd
We should probably make https://xmpp.org/extensions/xep-0077.html#security more stern, too.
-
emus
flow: yes I can do so
-
emus
of course with double-rot13 😃
-
dwd
Or triple-rot13 twice.
-
emus
Everyone feel free to add their questions and responses / ideas / clues https://yopad.eu/p/xsf-collection-privacy-security
-
dwd
Daniel, In the Conversations screenshots, what are the German bits saying? I can't work out if he's got as far as spooinf OMEMO's initial leap of faith etc.
-
emus
flow:
-
emus
sperren means to block the contact
-
Daniel
dwd: that's the message from stranger dialog
-
Daniel
That pops up for non responded to non contacts
-
dwd
And the placeholder text? Is that saying anything about encryption?
-
Daniel
In the input field? That's saying the next message they'd send would be omemo encrypted. Gives no indication on whether or not they trusted any devices yet. Presumably not
-
Daniel
That fake account probably won't even have keys published
-
dwd
No, though that could be spoofed too of course.
-
dwd
Written some starter text. Feel free to edit.
-
jonas’
uhh
-
larma
If you fear metadata, you can just run a server on the same device as the clients and use Tor for s2s, basically making it a fully anonymized peer-to-peer messenger. UX will probably be terrible, but the metadata footprint will be incredibly low. XMPP already fully supports such setups, so the protocol can stay as is. If there is no client doing this out of the box, this might just be because it's a terrible idea, not because the protocol is bad.
-
mjk
> XMPP already fully supports such setups, so the protocol can stay as is. Isn't there some lack of specifics in the Stream Management xep concerning s2s connections? From what I heard, current implementations kinda handwave the issue, which can(?) result in message loss. I'd be glad to have misunderstood though. :)
-
mjk
From the pad: > Some will allow for federation, which inevitably increases the matadata involved. Increases compared to what? A p2p system? This isn't very clear✎ -
mjk
From the pad: > Some will allow for federation, which inevitably increases the matadata involved. Increases compared to what? A p2p system? This isn't very clear in the text ✏
-
mdosch
Aitm time again?
-
jonas’
it is
-
Alex
Another reminder that we are coming close to the deadline for our board and council application period which is November 7th. When you are interested to run for a board or council position then please apply here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021
-
dwd
mdosch, It feels like it comes earlier every year.
-
wgreenhouse
lol
-
dwd
Anyone fancy putting their names in for Board or Council? I'm happy to answer questions in public or in private about the workload, difficulty, or whatever else.
-
jonas’
same (for council)
-
edhelas
It's crazy how the Matrix guys are really aggressive in their comments. Like it was a religion to defend.
-
Zash
It's their livelihood, what do you expect?
-
moparisthebest
edhelas: https://www.moparisthebest.com/images/xmpp-vs-matrix.jpg
-
edhelas
Yup exactly
-
phryk
jonas’, re https://github.com/horazont/testxmpp/ nice, python. did you use an existing xmpp implementation or are you implementing the needed parts right in that project?
-
jonas’
phryk, https://github.com/horazont/aioxmpp for some XMPP things, but the workhorse is https://github.com/drwetter/testssl.sh
-
phryk
jonas’, oh, you're the author of aioxmpp? i think i mailed you once about me wanting to write a client with kivy :)
-
jonas’
maaaybe :)
-
jonas’
I remotely recall something, did I reply to you?
-
phryk
you did, even offered to help iirc. :)
-
jonas’
huh, interesting ;)
-
phryk
also nice flask, i'm building my custom invite/register/webclient service website with that ;)
-
phryk
i wanted to do something similar to xmppoke, but as cli tool… your project is definitely relevant to my interests. :3
-
jonas’
phryk, use testssl.sh
-
jonas’
it can do XMPP and testxmpp is mostly a fancy UI wrapper around that.
-
phryk
how extensive is its xmpp support? i also want to test if things are correctly set up for working audio/videocalls and nat traversal, file uploads, etcpp…
-
jonas’
okay, that it doesn't do at all
-
Zash
That's a bit out of scope for TLS tests
-
jonas’
but that also generally requires a user account
-
phryk
Yes and yes.
-
Zash
Use caas?
-
phryk
But that's the sort of tool I wanted to build.
-
Zash
https://github.com/iNPUTmice/caas
-
jonas’
while the goal of testxmpp is to work without a user account at this point in time, though I can imagine privileged tests with credentials, too
-
phryk
Zash, Yes, but I want that as CLI, or rather as a lib either in python or with python bindings. :P
-
Zash
It is a cli, tho in java
-
phryk
mweh. if i'm not of i have managed to have no java at all in my package repository^^
-
jonas’
phryk, so generally, I am interested in integrating more tools if they have a sane API (testssl.sh does not have a sane API, for instance, but it's so powerful that the cost of implementing a thing which extracts the test results was lower than the cost of reimplementing the tests)
-
phryk
yeah, i can understand that. i was kinda tempted just writing my own xmpp implementation, but i think then i will *definitely* never get this done ^^
-
phryk
tho if I'm not thinking about a full-fledged client but rather a tester, aioxmpp (+ existing plugins) probably already does all xmpp-specific stuff I'd need…
-
jonas’
yep, also aioxmpp is really easy to extend :)
-
jonas’
(and contributions for things like retrieving A/V stuff are really welcome, too)
-
phryk
heh, yeah. just wanted to say good to know it's easily extensible because last i checked there was no extension for a/v calls. or not for them with omemo? but these are all topics where I'm not sure I have the needed domain-specific knowledge to implement them^^
-
jonas’
well, that's exactly my problem ;)
-
emus
Thank you guys for the full text replies already. Haven't expected this!
- ralphm bangs gavel
-
ralphm
0 . Welcome
-
ralphm
Hi! Who do we have?
-
MattJ
Hey
-
emus
\emus listening as guest 👋️✎ -
emus
\me listening as guest 👋️ ✏
- emus listening as guest 👋️
-
phryk
is it office hours again?
-
emus
yes
-
emus
no
-
emus
Its board meetnig
-
ralphm
phryk: as per the room subject :D
-
ralphm
Except we don't yet have quorum
-
phryk
Ah, had dino in fullscreen mode, doesn't show topic then^^
-
ralphm
Because it has too much screen estate?
-
ralphm
Also, doesn't Dino show subject changes in-chat?
-
phryk
No, seems to be developer decision, i guess. It shows an extra bar with topic, search etc, but not in fullscreen mode.
-
phryk
No, doesn't do that either. :P At least the version I have, which might be outdated by a couple months…
-
emus
arc, dwd are you here?
-
dwd
Yes, sorry, hand;t noticed the time.
-
ralphm
ok, let's get going then
-
ralphm
Do we have any agenda items?
-
ralphm
emus: was there something specific you wanted talked about?
-
emus
Yes
-
emus
let me copy
-
emus
flow recommended to me to apply to Board as GSoC organisation administrator and hereby I would to do so. Of course, that would be my first time. If there are certain responsibilities or things I require to know or are to be discussed I would like to know. Other than that I am happy to support the organisation and during the GSoC in general
-
emus
flow said that he is happy to be a support in the background
-
dwd
emus, I got all hopeful you were intending on standing for Board then.
-
ralphm
:-D
-
emus
: D thanks you are so confident about me
-
ralphm
1. Minute taker
-
ralphm
dwd
-
dwd
OK
-
ralphm
2. GSoC
-
emus
I'm happy to support board where I can of course
-
ralphm
So, it seems we have somebody who'd love to be admin this time around!
-
emus
but I cannot tell right now that I can make it next year
-
ralphm
I haven't seen any chatter on GSoC 2022 yet. Did I miss an announcement?
-
Kev
I haven't noticed an announcement yet.
-
dwd
I'm all in favour of getting our act together sooner.
-
emus
No, you did not miss
-
ralphm
Was just going to say that.
-
Kev
So I think it's premature to do much before they've said there will be a 2022, especially given the magnitude of change in the 2021 program.
-
emus
but I want to start early as well as provide XMPP people to consider early
-
emus
otherwise they might go somewhere else
-
ralphm
So emus: yay. Thanks for offering. There are several individuals that have admined before that would likely be happy to assist you.
-
dwd
You could certainly work with the individual projects to get things ready.
-
Kev
Right, but what if they reversed the 2021 changes? Presumably any projects we'd suggested would be invalidated.
-
Kev
Anyway, I'm all in favour of someone willing to do adminny things :)
-
dwd
emus, Sorry, what's your proper name for the minutes?
-
Kev
(And I certainly won't have time to)
-
emus
you mean my full name?
-
dwd
emus, Something for the minutes. Unless you just want to be "emus" there. :-)
-
ralphm
:D
-
emus
emus is fine, but you find my full name also in the applications I made
-
emus
I would have one more question if you decline to start with GSoC now: So you do allow me to reach out to the projects and ask them to consider it?
-
ralphm
I'm sure dwd can get the minutes sorted
-
emus
and may I also call via social media? (acutally I did already in the Newsletter 😬️)
-
ralphm
Yes please go ahead.
-
dwd
I think that's fine, as long as it's understood how tentative it is at this stage.
-
Kev
From the peanut gallery, starting thinking about GSoC early, and especially getting interest from software projects is great. We just can't really go as far as sorting out ideas unless we know what form it'll take next year.
-
Kev
(Or if it'll happen at all, naturally)
-
dwd
Kev, I see your point, certainly, but I think we can go as far as gathering projects and getting them to start thinking about the areas they'd like to see, mentors, etc.
-
ralphm
yup
-
emus
Kev - sure, I did not intend this
-
emus
so I take way: do nothing official and everything as a tentative and elaborating action?
-
ralphm
Well, you can totally officially gather interest.
-
Kev
(In case anyone's following but not following GSoC, Google halved the scope of all projects last year, which is what I'm worried about being thrown by)
-
ralphm
It is just that Google hasn't announced the happening of GSoC 2022 yet, so make sure you communicate that everything is tentative.
-
ralphm
This is also very non-committal: https://groups.google.com/g/google-summer-of-code-discuss/c/HdlN9R81Spk
-
Kev
(Even assuming it goes ahead)
-
Kev
Ralph: That's also pretty standard for what's said every year before announcement, mind.
-
ralphm
yep
-
ralphm
Note that last year, they announced on Oct 26, so yeah, let's see
-
ralphm
emus: do you have enough to work with?
-
phryk
sorry if i'm junst bonking in as a guest, but can i know what emus approach you with? getting the xsf directly get funds from gsoc to distribute among projects?
-
emus
Just to be a hosting organisation (as others) during the GSoC 2022 as we did in the recent years
-
emus
ralphm yes I think so, thanks
-
dwd
Well, GSoC operates by paying students to work on open source projects directly, but the "organisation" gets money as well. The XSF would, in this case, be the organisation for all the projects.
-
emus
flow, if you are here - anything else?
-
ralphm
phryk: no, Google pays students directly and we then get compensation for mentoring as well
-
ralphm
yay lag
-
phryk
ralphm, ah, that sounds nice. :)
-
flow
emus, no, nothing to add at this stage
-
ralphm
Moving on
-
ralphm
3. AOB
-
dwd
Now we could hand our share over to the projects in some cases, of course - but that's really a choice for the next Board.
-
ralphm
Just wanted to mention two things:
-
emus
General question: All from the current board will not reapply?
-
ralphm
#1 note that messages that Alex sent out: applications for Board and Council elections are still open until the 7th
-
dwd
Oh. For some reason I had it in my head it was tomorrow, but it's Sunday, isn't it?
-
ralphm
You can find and edit applications here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021
-
ralphm
Yeah, I'm not sure what End of Business means on a Sunday, but whatver.
-
ralphm
e
-
ralphm
Of course there are societies with Sunday as a regular working day.
-
dwd
I feel you may have digressed.
-
Alex
we use the end of business term forever, maybe we need to change with a UTC time in the future
-
ralphm
#2 I saw the CfP for FOSDEM 2022 devrooms: https://fosdem.org/2022/news/2021-11-02-devroom-cfp/
-
ralphm
I haven't yet seen any chatter from the RTC people on this yet, though.
-
ralphm
I'll keep an eye on this.
-
ralphm
Anything else?
-
ralphm
4. Date of Next
-
ralphm
+1W
-
ralphm
5. Close
-
dwd
When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*.
-
ralphm
haha
-
ralphm
Thanks all!
- ralphm bangs gavel
-
emus
Thanks everyone!
-
phryk
To vote in that election, I'd have to be an XSF member, right? What would that entail and is it still possible?
-
Sam
phryk: see https://wiki.xmpp.org/web/Membership_Applications_Q4_2021
-
Alex
Sam, you can apply here for membership: https://wiki.xmpp.org/web/Membership_Applications_Q4_2021
-
Alex
but this is Q4, and we will elect on those applications after the upcoming board&council voting
-
dwd
phryk, You could stand for Board though. :-)
-
dwd
phryk, I mean, you can't vote, but you can *stand*...
-
phryk
dwd, Yes, I thought about that for like 2 nanoseconds, but naah.
-
Sam
Presumably you could stand for council too and it would just depend if you become a member.
-
Sam
It doesn't seem likely that everyone would vote for you for council, but against you as a member
-
Zash
Conditional elections? Maybe let's not do that
-
Zash
Again
-
phryk
I'm informed and vested enough to vote on things, I think, but apart from maybe some more prosody plugin stuff I don't think I'm a good fit for any official representative position for the XSF. :P
-
dwd
Sam, No, but you can't be a Council person without being a Member, so that precludes standing, I think, by any sane measure.
-
dwd
phryk, Please do become an XSF Member, then - in years where we aren't in pandemic status, we even get a nice meal out of it with lengthy discussions about linguistics.
-
phryk
dwd, mhh, can i ask for my membership application to not be public, but just visible internally tho? would like to keep public links of my nick and "official" name to a minimum…
-
dwd
phryk, Honestly, I don't know. We are technically a corporation, registered in Delaware, and by becoming an XSF Member you're becoming a Member of the Corporation. It's not clear to me if this is a matter of public record or not.
-
emus
FOSDEM devrooms are open for everyone?
-
phryk
Not 100% sure, but for soemthing as official as XSF it's definitely possible to get one.
-
ralphm
dwd: the position we have taken as Board up till now is that we require public applications.
-
ralphm
dwd: exactly because of what you wrote
-
phryk
dwd, Mhh, then I'll have to think about this. Tho, honestly, unless I move my server out of the EU it looks like I'll soon be identified by WHOIS anyhow :/
-
ralphm
emus: what do you mean: hosting, presenting, attending?
-
dwd
phryk, I have to admit that I lean toward publishing our membership as openly as possible because of a general lean toward transparency of organisation. I believe that's the right thing to do.
-
emus
all of it actually. So if we have a room people need to pay and register to join/attend/?
-
dwd
Not pay, certainly.
-
dwd
FOSDEM has always been riotously free.
-
ralphm
There's no payment involved with any of FOSDEM
-
ralphm
except of course, food and beer
-
dwd
Much beer.
-
phryk
dwd, I agree on that. But I do think that pseudonymous memberships should be possible. I'd be okay with identifying myself internally so things like people using this to gain multiple votes can be avoided.^^
-
ralphm
also, you can sponsor FOSDEM and receive merch as thanks
-
Daniel
Organizations apply for dev rooms. Individuals apply to dev rooms with talks. Anyone can listen
-
Zash
You can buy beer over matrix now? We're lost!
-
Zash
fg✎ -
Zash
this is not the terminal I was looking for! ✏
-
dwd
phryk, I understand your viewpoint. But there's things like the orgnisation being seen not to have been taken over by Cisco, or Isode, or whoever - unlikely now, of course, but we've got to the point of needing to count a couple of times.
-
phryk
dwd, oh ew. that's an excellent point.
-
Daniel
Traditionally we don't apply for our own 'xmpp' devroom but instead share one called real time something
-
ralphm
We indeed also have affiliation limits
-
Kev
Well, *traditionally* we did apply for our own xmpp devroom. The realtime something is much more recent :)
-
Zash
We had devrooms?
-
ralphm
And we could
-
dwd
phryk, Obviously we do check internally, but we also need to be seen to be clear on these fronts. I think. :-)
-
ralphm
Zash: Edwin and I initially started, with the Jabber stand
-
ralphm
and then we had a Jabber/XMPP devroom for many years
-
Kev
In which people gave talks about how much they hated the JSF :)
-
ralphm
A good thing it can fly now
-
Kev
"Yes"
-
emus
Ah okay, yes I can only support Sam's attempt to get a devroom
-
emus
But we can also have talks in the devrooms?
-
ralphm
What else would you do in it
-
Daniel
Develop?
-
emus
_D
-
emus
yes
-
emus
😀
-
Kev
Uhm. You think we're some kind of Software Foundation? :)
-
Sam
My attempt? I don't think that was me :) I just asked who normally applies the other day, didn't know if that was us or someone else
-
Daniel
But yes dev rooms are the equivalent to tracks at other conferences
-
Daniel
So yes you'd usually use them for talks
-
ralphm
Normally I do the applications
-
ralphm
Except recently the devroom applications were done together with the RTC crowd, and I think it was Daniel Pocock or Saul who did the applications
-
Sam
*nods* thanks
-
moparisthebest
> When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*. I didn't realize corona was dwd 's fault... But in hindsight it makes sense since he work(s/ed) in healthcare, new conspiracy!
-
dwd
Surprisingly, while Pando got *very* busy because of the pandemic, it didn't translate into revenue.
-
dwd
But yeah, during April 2020 we saw around a 500% increase in users.
-
dwd
Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages.
-
dwd
And then I got more or less fired by the new CTO. So yeah, mixed time. :-)
-
Zash
So stressed, they'd just sit there refreshing their inbox?
-
dwd
Zash, No, we could measure to millisecond accuracy between them getting sent the message (hence notification on their phone) and them opening it.
-
dwd
Zash, For Nurses, we could tell they would open the app between sessions and have bursty conversations as they walked from one patient to another. For Doctors, they'd just respond as and when they could.
-
dwd
(We could also tell fun things, like junior doctors responded to consultant messages much faster than messages from nursing staff... Healthcare is weirdly heirarchical)
-
emus
> Daniel wrote: > So yes you'd usually use them for talks Thanks for clarifying
-
emus
> dwd wrote: > Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages. This is one of the most understood issues with meta data :-) But people still wonder about my sceptisim
-
wurstsalat
https://spacecloud.one/upload/66c0dd6e-69ed-4170-bc3e-bf6677ae8cd3/5f4982b2-b224-4e3d-8970-1fafcff5e840.png
-
wurstsalat
thoughts?
-
emus
pure love - wann heiraten wir?
-
wurstsalat
not what I expected :D
-
flow
wurstsalat, I think more states can lead to retracted
-
flow
wurstsalat, also 'rejected' leads back to experimental, maybe?
-
emus
> wurstsalat wrote: > not what I expected :D Oh I thought that was the private chat 😂😂😂
-
moparisthebest
Lifecycle in practice: ----> [Experimental (everything stays here forever)]
-
Zash
XEP-0280 and 0313 would like to object!
-
moparisthebest
in general though :)
-
moparisthebest
seriously though, really nice wurstsalat
-
Zash
moparisthebest, got stats to back up that? 🙂
-
wurstsalat
moparisthebest, theTedd connected the boxes, I embedded it and applied some cosmetics
-
emus
> moparisthebest wrote: > seriously though, really nice wurstsalat This!
-
emus
also thanks to theTedd
-
emus
"a good think" .... ahhh folks it was late... forgive me please