XSF Discussion - 2021-11-04


  1. edhelas

    https://news.ycombinator.com/item?id=29104292#29104744

  2. edhelas

    this might interest you

  3. emus

    Can someone tell what's "true" and whats not "true" about it

  4. Daniel

    > rvz 24 minutes ago | prev [–] > So the hype around XMPP is no better than Matrix then. Oh dear. Glad there is still hype apparently

  5. emus

    > If you pick a random XMPP server, you likely pick a German one. 😬

  6. flow

    "So the hype around XMPP is…" Did I miss something?

  7. MattJ

    Heh

  8. emus

    I think we should take those articles serious, even if we may disagree on some points. arent there xeps to prevent metadata to the server?

  9. emus

    and also the latest dtate of onemo?

  10. emus

    and also the latest dtate of omemo?

  11. flow

    nope

  12. flow

    And, as one hn user commented, that article is more a rant than a well written summary of the situation

  13. emus

    but then lets do it better?

  14. flow

    avoiding metadata on the server? hard, if not next to impossible

  15. flow

    I mean, we always try to do better, but there a just some things that you can't change without changing the fundamental design

  16. emus

    sure, but it could be made clear that this affects all technolgy

  17. flow

    well, not all technology

  18. emus

    agreed

  19. emus

    ok

  20. flow

    there are mostly metadata-less means of communication, but those have other drawbacks

  21. Daniel

    If meta data is your only or by far biggest concern then there are indeed other chat clients that do a better job at avoiding them

  22. emus

    I think XMPP is also much more. If people all host in the same server farm thats bad - but their decision. XMPP does not force one to do so. And also people here do it because it is a standard. I think thats also important to say. I would be happy to write something on this and maybe even updste the websites explainations. If people are interested to throw their arguments at me I can try to write sometjing. However, I lag many of the technical details and knowledge here.

  23. flow

    emus, sure, may I recommend an pad (cryptpad) somewhere? to collaborative work on the text?

  24. flow

    emus, sure, may I recommend a pad (cryptpad) somewhere? to collaborative work on the text?

  25. dwd

    Obviously we should ensure it's fully encrypted.

  26. flow

    I'd rather recommend and use cryptpad because it's a nice pad

  27. dwd

    :-)

  28. dwd

    Use double-rot13 on the text.

  29. dwd

    We should probably make https://xmpp.org/extensions/xep-0077.html#security more stern, too.

  30. emus

    flow: yes I can do so

  31. emus

    of course with double-rot13 😃

  32. dwd

    Or triple-rot13 twice.

  33. emus

    Everyone feel free to add their questions and responses / ideas / clues https://yopad.eu/p/xsf-collection-privacy-security

  34. dwd

    Daniel, In the Conversations screenshots, what are the German bits saying? I can't work out if he's got as far as spooinf OMEMO's initial leap of faith etc.

  35. emus

    flow:

  36. emus

    sperren means to block the contact

  37. Daniel

    dwd: that's the message from stranger dialog

  38. Daniel

    That pops up for non responded to non contacts

  39. dwd

    And the placeholder text? Is that saying anything about encryption?

  40. Daniel

    In the input field? That's saying the next message they'd send would be omemo encrypted. Gives no indication on whether or not they trusted any devices yet. Presumably not

  41. Daniel

    That fake account probably won't even have keys published

  42. dwd

    No, though that could be spoofed too of course.

  43. dwd

    Written some starter text. Feel free to edit.

  44. jonas’

    uhh

  45. larma

    If you fear metadata, you can just run a server on the same device as the clients and use Tor for s2s, basically making it a fully anonymized peer-to-peer messenger. UX will probably be terrible, but the metadata footprint will be incredibly low. XMPP already fully supports such setups, so the protocol can stay as is. If there is no client doing this out of the box, this might just be because it's a terrible idea, not because the protocol is bad.

  46. mjk

    > XMPP already fully supports such setups, so the protocol can stay as is. Isn't there some lack of specifics in the Stream Management xep concerning s2s connections? From what I heard, current implementations kinda handwave the issue, which can(?) result in message loss. I'd be glad to have misunderstood though. :)

  47. mjk

    From the pad: > Some will allow for federation, which inevitably increases the matadata involved. Increases compared to what? A p2p system? This isn't very clear

  48. mjk

    From the pad: > Some will allow for federation, which inevitably increases the matadata involved. Increases compared to what? A p2p system? This isn't very clear in the text

  49. mdosch

    Aitm time again?

  50. jonas’

    it is

  51. Alex

    Another reminder that we are coming close to the deadline for our board and council application period which is November 7th.   When you are interested to run for a board or council position then please apply here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021

  52. dwd

    mdosch, It feels like it comes earlier every year.

  53. wgreenhouse

    lol

  54. dwd

    Anyone fancy putting their names in for Board or Council? I'm happy to answer questions in public or in private about the workload, difficulty, or whatever else.

  55. jonas’

    same (for council)

  56. edhelas

    It's crazy how the Matrix guys are really aggressive in their comments. Like it was a religion to defend.

  57. Zash

    It's their livelihood, what do you expect?

  58. moparisthebest

    edhelas: https://www.moparisthebest.com/images/xmpp-vs-matrix.jpg

  59. edhelas

    Yup exactly

  60. phryk

    jonas’, re https://github.com/horazont/testxmpp/ nice, python. did you use an existing xmpp implementation or are you implementing the needed parts right in that project?

  61. jonas’

    phryk, https://github.com/horazont/aioxmpp for some XMPP things, but the workhorse is https://github.com/drwetter/testssl.sh

  62. phryk

    jonas’, oh, you're the author of aioxmpp? i think i mailed you once about me wanting to write a client with kivy :)

  63. jonas’

    maaaybe :)

  64. jonas’

    I remotely recall something, did I reply to you?

  65. phryk

    you did, even offered to help iirc. :)

  66. jonas’

    huh, interesting ;)

  67. phryk

    also nice flask, i'm building my custom invite/register/webclient service website with that ;)

  68. phryk

    i wanted to do something similar to xmppoke, but as cli tool… your project is definitely relevant to my interests. :3

  69. jonas’

    phryk, use testssl.sh

  70. jonas’

    it can do XMPP and testxmpp is mostly a fancy UI wrapper around that.

  71. phryk

    how extensive is its xmpp support? i also want to test if things are correctly set up for working audio/videocalls and nat traversal, file uploads, etcpp…

  72. jonas’

    okay, that it doesn't do at all

  73. Zash

    That's a bit out of scope for TLS tests

  74. jonas’

    but that also generally requires a user account

  75. phryk

    Yes and yes.

  76. Zash

    Use caas?

  77. phryk

    But that's the sort of tool I wanted to build.

  78. Zash

    https://github.com/iNPUTmice/caas

  79. jonas’

    while the goal of testxmpp is to work without a user account at this point in time, though I can imagine privileged tests with credentials, too

  80. phryk

    Zash, Yes, but I want that as CLI, or rather as a lib either in python or with python bindings. :P

  81. Zash

    It is a cli, tho in java

  82. phryk

    mweh. if i'm not of i have managed to have no java at all in my package repository^^

  83. jonas’

    phryk, so generally, I am interested in integrating more tools if they have a sane API (testssl.sh does not have a sane API, for instance, but it's so powerful that the cost of implementing a thing which extracts the test results was lower than the cost of reimplementing the tests)

  84. phryk

    yeah, i can understand that. i was kinda tempted just writing my own xmpp implementation, but i think then i will *definitely* never get this done ^^

  85. phryk

    tho if I'm not thinking about a full-fledged client but rather a tester, aioxmpp (+ existing plugins) probably already does all xmpp-specific stuff I'd need…

  86. jonas’

    yep, also aioxmpp is really easy to extend :)

  87. jonas’

    (and contributions for things like retrieving A/V stuff are really welcome, too)

  88. phryk

    heh, yeah. just wanted to say good to know it's easily extensible because last i checked there was no extension for a/v calls. or not for them with omemo? but these are all topics where I'm not sure I have the needed domain-specific knowledge to implement them^^

  89. jonas’

    well, that's exactly my problem ;)

  90. emus

    Thank you guys for the full text replies already. Haven't expected this!

  91. ralphm bangs gavel

  92. ralphm

    0 . Welcome

  93. ralphm

    Hi! Who do we have?

  94. MattJ

    Hey

  95. emus

    \emus listening as guest 👋️

  96. emus

    \me listening as guest 👋️

  97. emus listening as guest 👋️

  98. phryk

    is it office hours again?

  99. emus

    yes

  100. emus

    no

  101. emus

    Its board meetnig

  102. ralphm

    phryk: as per the room subject :D

  103. ralphm

    Except we don't yet have quorum

  104. phryk

    Ah, had dino in fullscreen mode, doesn't show topic then^^

  105. ralphm

    Because it has too much screen estate?

  106. ralphm

    Also, doesn't Dino show subject changes in-chat?

  107. phryk

    No, seems to be developer decision, i guess. It shows an extra bar with topic, search etc, but not in fullscreen mode.

  108. phryk

    No, doesn't do that either. :P At least the version I have, which might be outdated by a couple months…

  109. emus

    arc, dwd are you here?

  110. dwd

    Yes, sorry, hand;t noticed the time.

  111. ralphm

    ok, let's get going then

  112. ralphm

    Do we have any agenda items?

  113. ralphm

    emus: was there something specific you wanted talked about?

  114. emus

    Yes

  115. emus

    let me copy

  116. emus

    flow recommended to me to apply to Board as GSoC organisation administrator and hereby I would to do so. Of course, that would be my first time. If there are certain responsibilities or things I require to know or are to be discussed I would like to know. Other than that I am happy to support the organisation and during the GSoC in general

  117. emus

    flow said that he is happy to be a support in the background

  118. dwd

    emus, I got all hopeful you were intending on standing for Board then.

  119. ralphm

    :-D

  120. emus

    : D thanks you are so confident about me

  121. ralphm

    1. Minute taker

  122. ralphm

    dwd

  123. dwd

    OK

  124. ralphm

    2. GSoC

  125. emus

    I'm happy to support board where I can of course

  126. ralphm

    So, it seems we have somebody who'd love to be admin this time around!

  127. emus

    but I cannot tell right now that I can make it next year

  128. ralphm

    I haven't seen any chatter on GSoC 2022 yet. Did I miss an announcement?

  129. Kev

    I haven't noticed an announcement yet.

  130. dwd

    I'm all in favour of getting our act together sooner.

  131. emus

    No, you did not miss

  132. ralphm

    Was just going to say that.

  133. Kev

    So I think it's premature to do much before they've said there will be a 2022, especially given the magnitude of change in the 2021 program.

  134. emus

    but I want to start early as well as provide XMPP people to consider early

  135. emus

    otherwise they might go somewhere else

  136. ralphm

    So emus: yay. Thanks for offering. There are several individuals that have admined before that would likely be happy to assist you.

  137. dwd

    You could certainly work with the individual projects to get things ready.

  138. Kev

    Right, but what if they reversed the 2021 changes? Presumably any projects we'd suggested would be invalidated.

  139. Kev

    Anyway, I'm all in favour of someone willing to do adminny things :)

  140. dwd

    emus, Sorry, what's your proper name for the minutes?

  141. Kev

    (And I certainly won't have time to)

  142. emus

    you mean my full name?

  143. dwd

    emus, Something for the minutes. Unless you just want to be "emus" there. :-)

  144. ralphm

    :D

  145. emus

    emus is fine, but you find my full name also in the applications I made

  146. emus

    I would have one more question if you decline to start with GSoC now: So you do allow me to reach out to the projects and ask them to consider it?

  147. ralphm

    I'm sure dwd can get the minutes sorted

  148. emus

    and may I also call via social media? (acutally I did already in the Newsletter 😬️)

  149. ralphm

    Yes please go ahead.

  150. dwd

    I think that's fine, as long as it's understood how tentative it is at this stage.

  151. Kev

    From the peanut gallery, starting thinking about GSoC early, and especially getting interest from software projects is great. We just can't really go as far as sorting out ideas unless we know what form it'll take next year.

  152. Kev

    (Or if it'll happen at all, naturally)

  153. dwd

    Kev, I see your point, certainly, but I think we can go as far as gathering projects and getting them to start thinking about the areas they'd like to see, mentors, etc.

  154. ralphm

    yup

  155. emus

    Kev - sure, I did not intend this

  156. emus

    so I take way: do nothing official and everything as a tentative and elaborating action?

  157. ralphm

    Well, you can totally officially gather interest.

  158. Kev

    (In case anyone's following but not following GSoC, Google halved the scope of all projects last year, which is what I'm worried about being thrown by)

  159. ralphm

    It is just that Google hasn't announced the happening of GSoC 2022 yet, so make sure you communicate that everything is tentative.

  160. ralphm

    This is also very non-committal: https://groups.google.com/g/google-summer-of-code-discuss/c/HdlN9R81Spk

  161. Kev

    (Even assuming it goes ahead)

  162. Kev

    Ralph: That's also pretty standard for what's said every year before announcement, mind.

  163. ralphm

    yep

  164. ralphm

    Note that last year, they announced on Oct 26, so yeah, let's see

  165. ralphm

    emus: do you have enough to work with?

  166. phryk

    sorry if i'm junst bonking in as a guest, but can i know what emus approach you with? getting the xsf directly get funds from gsoc to distribute among projects?

  167. emus

    Just to be a hosting organisation (as others) during the GSoC 2022 as we did in the recent years

  168. emus

    ralphm yes I think so, thanks

  169. dwd

    Well, GSoC operates by paying students to work on open source projects directly, but the "organisation" gets money as well. The XSF would, in this case, be the organisation for all the projects.

  170. emus

    flow, if you are here - anything else?

  171. ralphm

    phryk: no, Google pays students directly and we then get compensation for mentoring as well

  172. ralphm

    yay lag

  173. phryk

    ralphm, ah, that sounds nice. :)

  174. flow

    emus, no, nothing to add at this stage

  175. ralphm

    Moving on

  176. ralphm

    3. AOB

  177. dwd

    Now we could hand our share over to the projects in some cases, of course - but that's really a choice for the next Board.

  178. ralphm

    Just wanted to mention two things:

  179. emus

    General question: All from the current board will not reapply?

  180. ralphm

    #1 note that messages that Alex sent out: applications for Board and Council elections are still open until the 7th

  181. dwd

    Oh. For some reason I had it in my head it was tomorrow, but it's Sunday, isn't it?

  182. ralphm

    You can find and edit applications here: https://wiki.xmpp.org/web/Board_and_Council_Elections_2021

  183. ralphm

    Yeah, I'm not sure what End of Business means on a Sunday, but whatver.

  184. ralphm

    e

  185. ralphm

    Of course there are societies with Sunday as a regular working day.

  186. dwd

    I feel you may have digressed.

  187. Alex

    we use the end of business term forever, maybe we need to change with a UTC time in the future

  188. ralphm

    #2 I saw the CfP for FOSDEM 2022 devrooms: https://fosdem.org/2022/news/2021-11-02-devroom-cfp/

  189. ralphm

    I haven't yet seen any chatter from the RTC people on this yet, though.

  190. ralphm

    I'll keep an eye on this.

  191. ralphm

    Anything else?

  192. ralphm

    4. Date of Next

  193. ralphm

    +1W

  194. ralphm

    5. Close

  195. dwd

    When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*.

  196. ralphm

    haha

  197. ralphm

    Thanks all!

  198. ralphm bangs gavel

  199. emus

    Thanks everyone!

  200. phryk

    To vote in that election, I'd have to be an XSF member, right? What would that entail and is it still possible?

  201. Sam

    phryk: see https://wiki.xmpp.org/web/Membership_Applications_Q4_2021

  202. Alex

    Sam, you can apply here for membership: https://wiki.xmpp.org/web/Membership_Applications_Q4_2021

  203. Alex

    but this is Q4, and we will elect on those applications after the upcoming board&council voting

  204. dwd

    phryk, You could stand for Board though. :-)

  205. dwd

    phryk, I mean, you can't vote, but you can *stand*...

  206. phryk

    dwd, Yes, I thought about that for like 2 nanoseconds, but naah.

  207. Sam

    Presumably you could stand for council too and it would just depend if you become a member.

  208. Sam

    It doesn't seem likely that everyone would vote for you for council, but against you as a member

  209. Zash

    Conditional elections? Maybe let's not do that

  210. Zash

    Again

  211. phryk

    I'm informed and vested enough to vote on things, I think, but apart from maybe some more prosody plugin stuff I don't think I'm a good fit for any official representative position for the XSF. :P

  212. dwd

    Sam, No, but you can't be a Council person without being a Member, so that precludes standing, I think, by any sane measure.

  213. dwd

    phryk, Please do become an XSF Member, then - in years where we aren't in pandemic status, we even get a nice meal out of it with lengthy discussions about linguistics.

  214. phryk

    dwd, mhh, can i ask for my membership application to not be public, but just visible internally tho? would like to keep public links of my nick and "official" name to a minimum…

  215. dwd

    phryk, Honestly, I don't know. We are technically a corporation, registered in Delaware, and by becoming an XSF Member you're becoming a Member of the Corporation. It's not clear to me if this is a matter of public record or not.

  216. emus

    FOSDEM devrooms are open for everyone?

  217. phryk

    Not 100% sure, but for soemthing as official as XSF it's definitely possible to get one.

  218. ralphm

    dwd: the position we have taken as Board up till now is that we require public applications.

  219. ralphm

    dwd: exactly because of what you wrote

  220. phryk

    dwd, Mhh, then I'll have to think about this. Tho, honestly, unless I move my server out of the EU it looks like I'll soon be identified by WHOIS anyhow :/

  221. ralphm

    emus: what do you mean: hosting, presenting, attending?

  222. dwd

    phryk, I have to admit that I lean toward publishing our membership as openly as possible because of a general lean toward transparency of organisation. I believe that's the right thing to do.

  223. emus

    all of it actually. So if we have a room people need to pay and register to join/attend/?

  224. dwd

    Not pay, certainly.

  225. dwd

    FOSDEM has always been riotously free.

  226. ralphm

    There's no payment involved with any of FOSDEM

  227. ralphm

    except of course, food and beer

  228. dwd

    Much beer.

  229. phryk

    dwd, I agree on that. But I do think that pseudonymous memberships should be possible. I'd be okay with identifying myself internally so things like people using this to gain multiple votes can be avoided.^^

  230. ralphm

    also, you can sponsor FOSDEM and receive merch as thanks

  231. Daniel

    Organizations apply for dev rooms. Individuals apply to dev rooms with talks. Anyone can listen

  232. Zash

    You can buy beer over matrix now? We're lost!

  233. Zash

    fg

  234. Zash

    this is not the terminal I was looking for!

  235. dwd

    phryk, I understand your viewpoint. But there's things like the orgnisation being seen not to have been taken over by Cisco, or Isode, or whoever - unlikely now, of course, but we've got to the point of needing to count a couple of times.

  236. phryk

    dwd, oh ew. that's an excellent point.

  237. Daniel

    Traditionally we don't apply for our own 'xmpp' devroom but instead share one called real time something

  238. ralphm

    We indeed also have affiliation limits

  239. Kev

    Well, *traditionally* we did apply for our own xmpp devroom. The realtime something is much more recent :)

  240. Zash

    We had devrooms?

  241. ralphm

    And we could

  242. dwd

    phryk, Obviously we do check internally, but we also need to be seen to be clear on these fronts. I think. :-)

  243. ralphm

    Zash: Edwin and I initially started, with the Jabber stand

  244. ralphm

    and then we had a Jabber/XMPP devroom for many years

  245. Kev

    In which people gave talks about how much they hated the JSF :)

  246. ralphm

    A good thing it can fly now

  247. Kev

    "Yes"

  248. emus

    Ah okay, yes I can only support Sam's attempt to get a devroom

  249. emus

    But we can also have talks in the devrooms?

  250. ralphm

    What else would you do in it

  251. Daniel

    Develop?

  252. emus

    _D

  253. emus

    yes

  254. emus

    😀

  255. Kev

    Uhm. You think we're some kind of Software Foundation? :)

  256. Sam

    My attempt? I don't think that was me :) I just asked who normally applies the other day, didn't know if that was us or someone else

  257. Daniel

    But yes dev rooms are the equivalent to tracks at other conferences

  258. Daniel

    So yes you'd usually use them for talks

  259. ralphm

    Normally I do the applications

  260. ralphm

    Except recently the devroom applications were done together with the RTC crowd, and I think it was Daniel Pocock or Saul who did the applications

  261. Sam

    *nods* thanks

  262. moparisthebest

    > When I said after 2019 that I could use a break from FOSDEM I didn't mean *this*. I didn't realize corona was dwd 's fault... But in hindsight it makes sense since he work(s/ed) in healthcare, new conspiracy!

  263. dwd

    Surprisingly, while Pando got *very* busy because of the pandemic, it didn't translate into revenue.

  264. dwd

    But yeah, during April 2020 we saw around a 500% increase in users.

  265. dwd

    Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages.

  266. dwd

    And then I got more or less fired by the new CTO. So yeah, mixed time. :-)

  267. Zash

    So stressed, they'd just sit there refreshing their inbox?

  268. dwd

    Zash, No, we could measure to millisecond accuracy between them getting sent the message (hence notification on their phone) and them opening it.

  269. dwd

    Zash, For Nurses, we could tell they would open the app between sessions and have bursty conversations as they walked from one patient to another. For Doctors, they'd just respond as and when they could.

  270. dwd

    (We could also tell fun things, like junior doctors responded to consultant messages much faster than messages from nursing staff... Healthcare is weirdly heirarchical)

  271. emus

    > Daniel wrote: > So yes you'd usually use them for talks Thanks for clarifying

  272. emus

    > dwd wrote: > Got some seriously fascinating insights though. You could more or less measure healthcare professional stress levels by how quickly they'd open messages. This is one of the most understood issues with meta data :-) But people still wonder about my sceptisim

  273. wurstsalat

    https://spacecloud.one/upload/66c0dd6e-69ed-4170-bc3e-bf6677ae8cd3/5f4982b2-b224-4e3d-8970-1fafcff5e840.png

  274. wurstsalat

    thoughts?

  275. emus

    pure love - wann heiraten wir?

  276. wurstsalat

    not what I expected :D

  277. flow

    wurstsalat, I think more states can lead to retracted

  278. flow

    wurstsalat, also 'rejected' leads back to experimental, maybe?

  279. emus

    > wurstsalat wrote: > not what I expected :D Oh I thought that was the private chat 😂😂😂

  280. moparisthebest

    Lifecycle in practice: ----> [Experimental (everything stays here forever)]

  281. Zash

    XEP-0280 and 0313 would like to object!

  282. moparisthebest

    in general though :)

  283. moparisthebest

    seriously though, really nice wurstsalat

  284. Zash

    moparisthebest, got stats to back up that? 🙂

  285. wurstsalat

    moparisthebest, theTedd connected the boxes, I embedded it and applied some cosmetics

  286. emus

    > moparisthebest wrote: > seriously though, really nice wurstsalat This!

  287. emus

    also thanks to theTedd

  288. emus

    "a good think" .... ahhh folks it was late... forgive me please