Minutes of the 2019 Summit: Day two

From XMPP WIKI
Jump to: navigation, search

1017: Additional Agenda Bashing

  • XMPP Developer Foundation


1019: Moved

  • XEP-0283 is hard to use due to security concerns (an attacker could move all contacts to another account)
  • Migration is done through presence stanzas, so only online clients get the specific payload, other get a roster push
  • Previous discussion lead to the idea of a "tombstone" stored on PEP for the former account
  • This is only for roster, what about subscriptions, MUC, etc
  • What about servers getting unavailable without prior notice?
  • Kev wants to do the out-of-band confirmation again in case of unavailable server
  • Ralph in favor of <gone/> reply to presence probe with a new location that would allow servers to do the right thing
  • Privacy concerns: how visible should the tombstone be? (and what about GDPR)
  • Daniel volunteers to specify the tombstoning for IBR
  • import/export (0227) to be used as a separate mechanism, from old to new account.


1050: Full-stanza encryption

  • Paul showing some slides (https://cloud.jabberhead.tk/s/Eqd3cKnjdHpqN4N)
  • Ralph asks if the XEP-0297 forwarding element could be reused to fit in the encrypted payload
  • Having fixed elements inside the encrypted payload could allow plaintext attacks
  • Decision on how to move forward postponed after lunch


1115: Show and tell session

  • Link Mauve:
  • Dave
    • Side-project (https://github.com/surevine/Metre ) allowing to host components without a full XMPP server, and act as a lawful proxy, supporting DNSSEC & DANE, C++14, MIT license
  • Goffi
    • Salut à toi file sharing using XMPP (either device-to-device, or using a filesharing/hosting to component), and media control using ad-hoc commands and MPRIS, event creation/invitation/sharing, and jp
  • Daniel
    • Moya messenger for south africa, 90% conversations, based off phone numbers and everything, started quicksy afterwards
    • Presentation of Quicksy user onboarding and Quicksy directory
  • OSSGuy
  • Debacle
    • Meteorogical data transfer using XMPP, specific conditions: low-powered linux device, TLS required, compression very useful
    • For everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join
  • MattJ
    • Scansion: automated xmpp client, just describe actions, put XML input and output (can copy XEP examples). Used for prosody integration tests
  • Flow
    • Non-blocking IO in smack using the reactor pattern, and smack integration tests are really good
  • Guus
    • Setting up a full-blown openfire with a lot of things with plugins (inverse, jitsi meet) in one minute (and cheating)
  • Ralph


1350: Discussing Agenda

1400: Developer foundation

  • Umbrella outside of the XSF that does not need to be neutral
  • Does it need to be a foundation? Try to avoid creating a legal entity until required
  • The idea of the XSF collecting funds and redistribute it for sprints and such
  • XSF's neutrality
  • XDF (Stuff on whiteboard)
    • Sprints (Developer Meetings)
    • `My first client` curated
    • Teasers / Ice breakers
    • UX Guidelines
    • Software Recommendations and list of servers (curated)
    • XMPP Conf
    • Meetups
  • Daniel shared https://xmpp-developers.foundation/about/
  • xmpp:jsf@chat.cluxia.eu?join is the room we've been idling in


1445: SPAM

  • Link Mauve uses honeypot accounts on Prosody (mod_firewall based)
  • https://github.com/JabberSPAM/blacklist describes a due process to blacklist servers
    • contacting the server admins, wait for 7 days for a reply
    • if no reply, contact ISP, wait for 14 days
    • this takes time and needs (trusted) volunteers to contact admins and document the steps taken


1520: Compression

  • MattJ is waiting on a compression spec
  • Discussions on when it's safe to flush compression and when not
  • HTTP vs XMPP compression and authentication issues


1530: Summit Retro

  • Good stuff/Things that went well
    • Better communication across the big table
    • Clearer and simpler language
    • Good attendance and involvement of people
    • Show & Tell
    • Minutes
    • Time slotting/keeping
    • Little talking over each other
    • We got a lot of stuff discussed
    • Quality of discussions and listening
    • Good hosting location
    • Lunch vouchers
    • Remote participation
    • WiFi
    • Sponsors
  • Things we could improve
    • Have agenda before the summit to read up on things
    • Diversity
    • Video
    • Voices don't carry well in this room
    • Discussion for show and tell
    • Show and Tell before lunch (issue + helpful)
    • Slots for Show and Tell
    • Split up Show and Tell over 2 days
    • Earlier hotels
    • Hotel pricing
    • Obvious room doubling
    • Late wiki page finalisation
    • Wiki?
    • My first summit / Expectations / Easier on-boarding
    • More sponsors
    • Objectives for discussions / Not all discussions lead to concrete actions/results
    • SCAM metadata unused
    • Ventilation
    • More breaks
    • In room coffee/drinks
    • PA system
  • Actions:
    • MattJ + Winfried will write down guidelines/recommendations on
    • how to have a good and successful Summit for participants
  • including my first summit
  • Advertise more (Twitter, Facebook, Website, etc.)
  • Three Shown and Tell slots (before lunch and end on day 1)
  • Speaking/Queueing mechanism
  • More sponsors
  • Sponsors (including dinner and summit sponsers) on website
  • Wiki? topics, summary, relevant XEPs/links in advance / interest and scheduling as before / expected outcomes
  • Ralph is sending a mail about A/V issues to Cisco
  • Evaluate venue
  • Show and Tell: 5 minutes time and includes questions
  • Attempt to finalize on hotel earlier
  • Consider if wiki is a sensible place for summit info colleciton and publish
  • More breaks / fresh air
  • Investigate snacks in room
  • Microphone / PA