XSF Discussion - 2023-04-19


  1. moparisthebest

    https://blog.whatsapp.com/an-open-letter

  2. vanitasvitae

    Cool to see that they listed Matthews signature first :D

  3. vanitasvitae

    Open Protocols!!! \o/

  4. Guus

    Why isn't the XSF on there?

  5. Seve

    My reaction ^

  6. Zash

    Probably because this is the first any of us are hearing about it

  7. Menel

    The ietf isn't there too...

  8. Guus

    Yeah, I worded that needlessly combative. What I do find annoying is that we seemingly aren't in a place where we are a natural invitee to the draft of something like this.

  9. Guus

    Menel; the IETF would make a great addition to that list, but I believe that the content of this letter is even more specifically applicable to the XSF

  10. Trung

    perhaps coz the XSF is not a technology company ?

  11. Guus

    Matthew: do you have any insight?

  12. Matthew

    > <@_xmpp_vanitasvitae=2fxsf=40muc.xmpp.org:matrix.org> Cool to see that they listed Matthews signature first :D alphabetic order. (plus we wrote the letter)

  13. Matthew

    > <@_xmpp_Guus=2fxsf=40muc.xmpp.org:matrix.org> Why isn't the XSF on there? Why isn't the Matrix.org Foundation on there?

  14. Ellenor Malik

    xd

  15. Guus

    That's for them to decide :)

  16. Matthew

    it was put together by the Element policy team, and I guess they just had their corporate hats on - plus reckon that the government is going to listen more to "these jobs and companies will be impacted if this goes ahead" than "these open source projects will be impacted"

  17. Matthew

    but given there isn't an Element-equivalent for XSF, it'd have made sense to reach out - sorry; i just didn't think of it.

  18. Matthew

    (i also forgot to reach out to Status.im, who are an investor in Element, which is a bit awks too)

  19. Guus

    Understood, thanks.

  20. Matthew

    i guess another aspect is that both the Matrix Foundation & XSF *won't* be directly impacted, given we'll just go and build our own FOSS matrix/xmpp clients and ignore the whole nightmare

  21. Guus

    In any case, nice job on the letter. The prospect of e2e encryption with backdoors is scary. Similar discussions are being had on this side of the channel.

  22. Matthew

    it's the companies who will get punched in the face by OFCOM to add GCHQ-accredited binary scanning blobs into their apps :|

  23. Matthew

    (and the reason why i'm leading the charge on this is that we're the only UK-based one, afaik)

  24. Matthew

    (and the reason why i'm leading the charge on this is that Element is the only UK-based one, afaik)

  25. Matthew

    and so will be doubly screwed by this :|

  26. Guus

    Still - standardization organizations are a knowledge holder here. Their voice matters more than what you appear to give them credit for with the above.

  27. Matthew

    yup. plus it would avoid accusations of "greedy CEOs of capitalist companies try to protect their business model"

  28. Matthew

    oh well

  29. Matthew

    bit late now.

  30. Guus

    we live and learn.

  31. Trung

    can't update ?

  32. Guus

    let's cooperate more on stuff like this in the future.

  33. Matthew

    the blog post has been and gone - it all happened yesterday, and got national press

  34. Matthew

    given the biggest pushback was "don't trust greedy corps", you're right that we should have aimed for more sigs - will pass it onto the guy organising it.

  35. Matthew

    (at least the fact we also didn't get the M.org Foundation to sign shows we weren't being anti-XMPP though :P)

  36. emus

    > Matthew: > 2023-04-19 11:48 (GMT+02:00) > i guess another aspect is that both the Matrix Foundation & XSF *won't* be directly impacted, given we'll just go and build our own FOSS matrix/xmpp clients and ignore the whole nightmare Thanks anyway for the letter. I wonder if it does not affect open protocol implementations.

  37. emus

    > Matthew: > 2023-04-19 11:54 (GMT+02:00) > given the biggest pushback was "don't trust greedy corps", you're right that we should have aimed for more sigs - will pass it onto the guy organising it. Happy to offer my contact for future collaborations

  38. emus

    Other feel free too (@board)

  39. Trung

    Breaking News: 2023-04-xx - Thousands of signatures from all over the place agaisnt the UK's e2ee policy and numbers are still rising

  40. Trung

    if we can update the kernel, i'm sure we can update the news

  41. Guus

    A question on DNS and SRV. I'm trying to help someone that wants to migrate an XMPP service to a new server that will have a new hostname. The XMPP domain name is equal to the hostname of the current machine. To prevent data migration, I'd rather not change the XMPP domain name. Can I get away with creating a set of DNS SRV records that look like `_xmpp-client._tcp.oldserver.example.org. 86400 IN SRV 5 0 5222 newserver.example.org.` ? My concern here is that I'm inconsistently using the same value (`oldserver.example.org`) as a domain name and a server name (in the `example.org` domain).

  42. Peter Waher

    host and service name do not need to be the same

  43. Peter Waher

    but, how many clients check SRV records? and how many assume domain = host name?

  44. Peter Waher

    (not all languages support checking of DNS SRV records)

  45. Guus

    100% of the clients that these people use, check SRV records (and to be honest, I assume that most in the wild also do?)

  46. Peter Waher

    (older) .NET clients would not, unless they used a custom library, to check DNS SRV records. But as long as that is not a problem it “shoult”™ work.

  47. Peter Waher

    (older) .NET clients would not, unless they used a custom library, to check DNS SRV records. But as long as that is not a problem it “should”™ work.

  48. Guus

    tx

  49. Peter Waher

    (also, depends on the certificate also, btw)

  50. Peter Waher

    we had this discussion earlier, about differences in checking domain names in certificates, depending on binding

  51. Guus

    true that, but that's under their own control. A wildcard cert should suffice there.

  52. Guus

    (and/or they can generate a new one)

  53. Guus

    it's an internal network

  54. moparisthebest

    Yep should work, and if any clients people use don't support SRV records (or hostmeta) we should bug devs or patch