Minutes of the 2019 Summit: Day two

Jump to navigation Jump to search

1017: Additional Agenda Bashing

  • XMPP Developer Foundation

1019: Moved

  • XEP-0283 is hard to use due to security concerns (an attacker could move all contacts to another account)
  • Migration is done through presence stanzas, so only online clients get the specific payload, other get a roster push
  • Previous discussion lead to the idea of a "tombstone" stored on PEP for the former account
  • This is only for roster, what about subscriptions, MUC, etc
  • What about servers getting unavailable without prior notice?
  • Kev wants to do the out-of-band confirmation again in case of unavailable server
  • Ralph in favor of <gone/> reply to presence probe with a new location that would allow servers to do the right thing
  • Privacy concerns: how visible should the tombstone be? (and what about GDPR)
  • Daniel volunteers to specify the tombstoning for IBR
  • import/export (0227) to be used as a separate mechanism, from old to new account.

1050: Full-stanza encryption

  • Paul showing some slides (https://cloud.jabberhead.tk/s/Eqd3cKnjdHpqN4N)
  • Ralph asks if the XEP-0297 forwarding element could be reused to fit in the encrypted payload
  • Having fixed elements inside the encrypted payload could allow plaintext attacks
  • Decision on how to move forward postponed after lunch

1115: Show and tell session

  • Link Mauve:
  • Dave
    • Side-project (https://github.com/surevine/Metre ) allowing to host components without a full XMPP server, and act as a lawful proxy, supporting DNSSEC & DANE, C++14, MIT license
  • Goffi
    • Salut à toi file sharing using XMPP (either device-to-device, or using a filesharing/hosting to component), and media control using ad-hoc commands and MPRIS, event creation/invitation/sharing, and jp
  • Daniel
    • Moya messenger for south africa, 90% conversations, based off phone numbers and everything, started quicksy afterwards
    • Presentation of Quicksy user onboarding and Quicksy directory
  • OSSGuy
  • Debacle
    • Meteorogical data transfer using XMPP, specific conditions: low-powered linux device, TLS required, compression very useful
    • For everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join
  • MattJ
    • Scansion: automated xmpp client, just describe actions, put XML input and output (can copy XEP examples). Used for prosody integration tests
  • Flow
    • Non-blocking IO in smack using the reactor pattern, and smack integration tests are really good
  • Guus
    • Setting up a full-blown openfire with a lot of things with plugins (inverse, jitsi meet) in one minute (and cheating)
  • Ralph

1350: Discussing Agenda

1400: Developer foundation

  • Umbrella outside of the XSF that does not need to be neutral
  • Does it need to be a foundation? Try to avoid creating a legal entity until required
  • The idea of the XSF collecting funds and redistribute it for sprints and such
  • XSF's neutrality
  • XDF (Stuff on whiteboard)
    • Sprints (Developer Meetings)
    • `My first client` curated
    • Teasers / Ice breakers
    • UX Guidelines
    • Software Recommendations and list of servers (curated)
    • XMPP Conf
    • Meetups
  • Daniel shared https://xmpp-developers.foundation/about/
  • xmpp:jsf@chat.cluxia.eu?join is the room we've been idling in[0] (this is not the case anymore)

1445: SPAM

  • Link Mauve uses honeypot accounts on Prosody (mod_firewall based)
  • https://github.com/JabberSPAM/blacklist describes a due process to blacklist servers
    • contacting the server admins, wait for 7 days for a reply
    • if no reply, contact ISP, wait for 14 days
    • this takes time and needs (trusted) volunteers to contact admins and document the steps taken

1520: Compression

  • MattJ is waiting on a compression spec
  • Discussions on when it's safe to flush compression and when not
  • HTTP vs XMPP compression and authentication issues

1530: Summit Retro

  • Good stuff/Things that went well
    • Better communication across the big table
    • Clearer and simpler language
    • Good attendance and involvement of people
    • Show & Tell
    • Minutes
    • Time slotting/keeping
    • Little talking over each other
    • We got a lot of stuff discussed
    • Quality of discussions and listening
    • Good hosting location
    • Lunch vouchers
    • Remote participation
    • WiFi
    • Sponsors
  • Things we could improve
    • Have agenda before the summit to read up on things
    • Diversity
    • Video
    • Voices don't carry well in this room
    • Discussion for show and tell
    • Show and Tell before lunch (issue + helpful)
    • Slots for Show and Tell
    • Split up Show and Tell over 2 days
    • Earlier hotels
    • Hotel pricing
    • Obvious room doubling
    • Late wiki page finalisation
    • Wiki?
    • My first summit / Expectations / Easier on-boarding
    • More sponsors
    • Objectives for discussions / Not all discussions lead to concrete actions/results
    • SCAM metadata unused
    • Ventilation
    • More breaks
    • In room coffee/drinks
    • PA system
  • Actions:
    • MattJ + Winfried will write down guidelines/recommendations on
    • how to have a good and successful Summit for participants
  • including my first summit
  • Advertise more (Twitter, Facebook, Website, etc.)
  • Three Shown and Tell slots (before lunch and end on day 1)
  • Speaking/Queueing mechanism
  • More sponsors
  • Sponsors (including dinner and summit sponsers) on website
  • Wiki? topics, summary, relevant XEPs/links in advance / interest and scheduling as before / expected outcomes
  • Ralph is sending a mail about A/V issues to Cisco
  • Evaluate venue
  • Show and Tell: 5 minutes time and includes questions
  • Attempt to finalize on hotel earlier
  • Consider if wiki is a sensible place for summit info colleciton and publish
  • More breaks / fresh air
  • Investigate snacks in room
  • Microphone / PA

[0]: Addition on 2019/03/30: Now moved to/split into xmpp:modernxmpp@rooms.modernxmpp.org?join as a set of guidelines on how to use the protocol as well as UX guidelines, and something to come under the XSF umbrella (as possible) to provide developer documentation on how to use the different available libraries.