Minutes of the 2019 Summit: Day two

1017: Additional Agenda Bashing


 * XMPP Developer Foundation

1019: Moved


 * XEP-0283 is hard to use due to security concerns (an attacker could move all contacts to another account)
 * Migration is done through presence stanzas, so only online clients get the specific payload, other get a roster push
 * Previous discussion lead to the idea of a "tombstone" stored on PEP for the former account
 * This is only for roster, what about subscriptions, MUC, etc
 * What about servers getting unavailable without prior notice?
 * Kev wants to do the out-of-band confirmation again in case of unavailable server
 * Ralph in favor of reply to presence probe with a new location that would allow servers to do the right thing
 * Privacy concerns: how visible should the tombstone be? (and what about GDPR)
 * Daniel volunteers to specify the tombstoning for IBR
 * import/export (0227) to be used as a separate mechanism, from old to new account.

1050: Full-stanza encryption


 * Paul showing some slides (https://cloud.jabberhead.tk/s/Eqd3cKnjdHpqN4N)
 * Ralph asks if the XEP-0297 forwarding element could be reused to fit in the encrypted payload
 * Having fixed elements inside the encrypted payload could allow plaintext attacks
 * Decision on how to move forward postponed after lunch

1115: Show and tell session


 * Link Mauve:
 * xmpp-account-manager: JS client to manage account settings and stuff
 * xmpp-parsers-rs: it exists https://gitlab.com/xmpp-rs/xmpp-parsers/
 * Dave
 * Side-project (https://github.com/surevine/Metre ) allowing to host components without a full XMPP server, and act as a lawful proxy, supporting DNSSEC & DANE, C++14, MIT license
 * Goffi
 * Salut à toi file sharing using XMPP (either device-to-device, or using a filesharing/hosting to component), and media control using ad-hoc commands and MPRIS, event creation/invitation/sharing, and jp
 * Daniel
 * Moya messenger for south africa, 90% conversations, based off phone numbers and everything, started quicksy afterwards
 * Presentation of Quicksy user onboarding and Quicksy directory
 * OSSGuy
 * Presenting jmp.chat, SMS gateway providing a phone number for your JID allowing you to send and receive messages, https://gitlab.com/ossguy/sgx-catapult
 * Debacle
 * Meteorogical data transfer using XMPP, specific conditions: low-powered linux device, TLS required, compression very useful
 * For everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join
 * MattJ
 * Scansion: automated xmpp client, just describe actions, put XML input and output (can copy XEP examples). Used for prosody integration tests
 * Flow
 * Non-blocking IO in smack using the reactor pattern, and smack integration tests are really good
 * Guus
 * Setting up a full-blown openfire with a lot of things with plugins (inverse, jitsi meet) in one minute (and cheating)
 * Ralph
 * https://ralphm.net/publications/xmpp_chat_voip/

1350: Discussing Agenda

1400: Developer foundation


 * Umbrella outside of the XSF that does not need to be neutral
 * Does it need to be a foundation? Try to avoid creating a legal entity until required
 * The idea of the XSF collecting funds and redistribute it for sprints and such
 * XSF's neutrality
 * XDF (Stuff on whiteboard)
 * Sprints (Developer Meetings)
 * `My first client` curated
 * Teasers / Ice breakers
 * UX Guidelines
 * Software Recommendations and list of servers (curated)
 * XMPP Conf
 * Meetups
 * Daniel shared https://xmpp-developers.foundation/about/
 * xmpp:jsf@chat.cluxia.eu?join is the room we've been idling in

1445: SPAM


 * Link Mauve uses honeypot accounts on Prosody (mod_firewall based)
 * https://github.com/JabberSPAM/blacklist describes a due process to blacklist servers
 * contacting the server admins, wait for 7 days for a reply
 * if no reply, contact ISP, wait for 14 days
 * this takes time and needs (trusted) volunteers to contact admins and document the steps taken

1520: Compression


 * MattJ is waiting on a compression spec
 * Discussions on when it's safe to flush compression and when not
 * HTTP vs XMPP compression and authentication issues

1530: Summit Retro


 * Good stuff/Things that went well
 * Better communication across the big table
 * Clearer and simpler language
 * Good attendance and involvement of people
 * Show & Tell
 * Minutes
 * Time slotting/keeping
 * Little talking over each other
 * We got a lot of stuff discussed
 * Quality of discussions and listening
 * Good hosting location
 * Lunch vouchers
 * Remote participation
 * WiFi
 * Sponsors
 * Things we could improve
 * Have agenda before the summit to read up on things
 * Diversity
 * Video
 * Voices don't carry well in this room
 * Discussion for show and tell
 * Show and Tell before lunch (issue + helpful)
 * Slots for Show and Tell
 * Split up Show and Tell over 2 days
 * Earlier hotels
 * Hotel pricing
 * Obvious room doubling
 * Late wiki page finalisation
 * Wiki?
 * My first summit / Expectations / Easier on-boarding
 * More sponsors
 * Objectives for discussions / Not all discussions lead to concrete actions/results
 * SCAM metadata unused
 * Ventilation
 * More breaks
 * In room coffee/drinks
 * PA system
 * Actions:
 * MattJ + Winfried will write down guidelines/recommendations on
 * how to have a good and successful Summit for participants
 * including my first summit
 * Advertise more (Twitter, Facebook, Website, etc.)
 * Three Shown and Tell slots (before lunch and end on day 1)
 * Speaking/Queueing mechanism
 * More sponsors
 * Sponsors (including dinner and summit sponsers) on website
 * Wiki? topics, summary, relevant XEPs/links in advance / interest and scheduling as before / expected outcomes
 * Ralph is sending a mail about A/V issues to Cisco
 * Evaluate venue
 * Show and Tell: 5 minutes time and includes questions
 * Attempt to finalize on hotel earlier
 * Consider if wiki is a sensible place for summit info colleciton and publish
 * More breaks / fresh air
 * Investigate snacks in room
 * Microphone / PA