Minutes of the 2019 Summit: Day two
Jump to navigation
Jump to search
1017: Additional Agenda Bashing
- XMPP Developer Foundation
1019: Moved
- XEP-0283 is hard to use due to security concerns (an attacker could move all contacts to another account)
- Migration is done through presence stanzas, so only online clients get the specific payload, other get a roster push
- Previous discussion lead to the idea of a "tombstone" stored on PEP for the former account
- This is only for roster, what about subscriptions, MUC, etc
- What about servers getting unavailable without prior notice?
- Kev wants to do the out-of-band confirmation again in case of unavailable server
- Ralph in favor of <gone/> reply to presence probe with a new location that would allow servers to do the right thing
- Privacy concerns: how visible should the tombstone be? (and what about GDPR)
- Daniel volunteers to specify the tombstoning for IBR
- import/export (0227) to be used as a separate mechanism, from old to new account.
1050: Full-stanza encryption
- Paul showing some slides (https://cloud.jabberhead.tk/s/Eqd3cKnjdHpqN4N)
- Ralph asks if the XEP-0297 forwarding element could be reused to fit in the encrypted payload
- Having fixed elements inside the encrypted payload could allow plaintext attacks
- Decision on how to move forward postponed after lunch
1115: Show and tell session
- Link Mauve:
- xmpp-account-manager: JS client to manage account settings and stuff
- xmpp-parsers-rs: it exists https://gitlab.com/xmpp-rs/xmpp-parsers/
- Dave
- Side-project (https://github.com/surevine/Metre ) allowing to host components without a full XMPP server, and act as a lawful proxy, supporting DNSSEC & DANE, C++14, MIT license
- Goffi
- Salut à toi file sharing using XMPP (either device-to-device, or using a filesharing/hosting to component), and media control using ad-hoc commands and MPRIS, event creation/invitation/sharing, and jp
- Daniel
- Moya messenger for south africa, 90% conversations, based off phone numbers and everything, started quicksy afterwards
- Presentation of Quicksy user onboarding and Quicksy directory
- OSSGuy
- Presenting jmp.chat, SMS gateway providing a phone number for your JID allowing you to send and receive messages, https://gitlab.com/ossguy/sgx-catapult
- Debacle
- Meteorogical data transfer using XMPP, specific conditions: low-powered linux device, TLS required, compression very useful
- For everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join
- MattJ
- Scansion: automated xmpp client, just describe actions, put XML input and output (can copy XEP examples). Used for prosody integration tests
- Flow
- Non-blocking IO in smack using the reactor pattern, and smack integration tests are really good
- Guus
- Setting up a full-blown openfire with a lot of things with plugins (inverse, jitsi meet) in one minute (and cheating)
- Ralph
1350: Discussing Agenda
1400: Developer foundation
- Umbrella outside of the XSF that does not need to be neutral
- Does it need to be a foundation? Try to avoid creating a legal entity until required
- The idea of the XSF collecting funds and redistribute it for sprints and such
- XSF's neutrality
- XDF (Stuff on whiteboard)
- Sprints (Developer Meetings)
- `My first client` curated
- Teasers / Ice breakers
- UX Guidelines
- Software Recommendations and list of servers (curated)
- XMPP Conf
- Meetups
- Daniel shared https://xmpp-developers.foundation/about/
- xmpp:jsf@chat.cluxia.eu?join is the room we've been idling in
1445: SPAM
- Link Mauve uses honeypot accounts on Prosody (mod_firewall based)
- https://github.com/JabberSPAM/blacklist describes a due process to blacklist servers
- contacting the server admins, wait for 7 days for a reply
- if no reply, contact ISP, wait for 14 days
- this takes time and needs (trusted) volunteers to contact admins and document the steps taken
1520: Compression
- MattJ is waiting on a compression spec
- Discussions on when it's safe to flush compression and when not
- HTTP vs XMPP compression and authentication issues
1530: Summit Retro
- Good stuff/Things that went well
- Better communication across the big table
- Clearer and simpler language
- Good attendance and involvement of people
- Show & Tell
- Minutes
- Time slotting/keeping
- Little talking over each other
- We got a lot of stuff discussed
- Quality of discussions and listening
- Good hosting location
- Lunch vouchers
- Remote participation
- WiFi
- Sponsors
- Things we could improve
- Have agenda before the summit to read up on things
- Diversity
- Video
- Voices don't carry well in this room
- Discussion for show and tell
- Show and Tell before lunch (issue + helpful)
- Slots for Show and Tell
- Split up Show and Tell over 2 days
- Earlier hotels
- Hotel pricing
- Obvious room doubling
- Late wiki page finalisation
- Wiki?
- My first summit / Expectations / Easier on-boarding
- More sponsors
- Objectives for discussions / Not all discussions lead to concrete actions/results
- SCAM metadata unused
- Ventilation
- More breaks
- In room coffee/drinks
- PA system
- Actions:
- MattJ + Winfried will write down guidelines/recommendations on
- how to have a good and successful Summit for participants
- including my first summit
- Advertise more (Twitter, Facebook, Website, etc.)
- Three Shown and Tell slots (before lunch and end on day 1)
- Speaking/Queueing mechanism
- More sponsors
- Sponsors (including dinner and summit sponsers) on website
- Wiki? topics, summary, relevant XEPs/links in advance / interest and scheduling as before / expected outcomes
- Ralph is sending a mail about A/V issues to Cisco
- Evaluate venue
- Show and Tell: 5 minutes time and includes questions
- Attempt to finalize on hotel earlier
- Consider if wiki is a sensible place for summit info colleciton and publish
- More breaks / fresh air
- Investigate snacks in room
- Microphone / PA