From XMPP WIKI

1017: Additional Agenda Bashing



XMPP Developer Foundation



1019: Moved



XEP-0283 is hard to use due to security concerns (an attacker could move all contacts to another account)

Migration is done through presence stanzas, so only online clients get the specific payload, other get a roster push

Previous discussion lead to the idea of a "tombstone" stored on PEP for the former account

This is only for roster, what about subscriptions, MUC, etc

What about servers getting unavailable without prior notice?

Kev wants to do the out-of-band confirmation again in case of unavailable server

Ralph in favor of <gone/> reply to presence probe with a new location that would allow servers to do the right thing

Privacy concerns: how visible should the tombstone be? (and what about GDPR)

Daniel volunteers to specify the tombstoning for IBR

import/export (0227) to be used as a separate mechanism, from old to new account.



1050: Full-stanza encryption



Paul showing some slides (https://cloud.jabberhead.tk/s/Eqd3cKnjdHpqN4N)

Ralph asks if the XEP-0297 forwarding element could be reused to fit in the encrypted payload

Having fixed elements inside the encrypted payload could allow plaintext attacks

Decision on how to move forward postponed after lunch



1115: Show and tell session



Link Mauve: xmpp-account-manager: JS client to manage account settings and stuff xmpp-parsers-rs: it exists https://gitlab.com/xmpp-rs/xmpp-parsers/

Dave Side-project (https://github.com/surevine/Metre ) allowing to host components without a full XMPP server, and act as a lawful proxy, supporting DNSSEC & DANE, C++14, MIT license

Goffi Salut à toi file sharing using XMPP (either device-to-device, or using a filesharing/hosting to component), and media control using ad-hoc commands and MPRIS, event creation/invitation/sharing, and jp

Daniel Moya messenger for south africa, 90% conversations, based off phone numbers and everything, started quicksy afterwards Presentation of Quicksy user onboarding and Quicksy directory

OSSGuy Presenting jmp.chat, SMS gateway providing a phone number for your JID allowing you to send and receive messages, https://gitlab.com/ossguy/sgx-catapult

Debacle Meteorogical data transfer using XMPP, specific conditions: low-powered linux device, TLS required, compression very useful For everybody interested in IoT, please remember, that there is a MUC, that needs more participants and more discussion: xmpp:iot@muc.xmpp.org?join

MattJ Scansion: automated xmpp client, just describe actions, put XML input and output (can copy XEP examples). Used for prosody integration tests

Flow Non-blocking IO in smack using the reactor pattern, and smack integration tests are really good

Guus Setting up a full-blown openfire with a lot of things with plugins (inverse, jitsi meet) in one minute (and cheating)

Ralph https://ralphm.net/publications/xmpp_chat_voip/





1350: Discussing Agenda



1400: Developer foundation



Umbrella outside of the XSF that does not need to be neutral

Does it need to be a foundation? Try to avoid creating a legal entity until required

The idea of the XSF collecting funds and redistribute it for sprints and such

XSF's neutrality

XDF (Stuff on whiteboard) Sprints (Developer Meetings) `My first client` curated Teasers / Ice breakers UX Guidelines Software Recommendations and list of servers (curated) XMPP Conf Meetups

Daniel shared https://xmpp-developers.foundation/about/

xmpp:jsf@chat.cluxia.eu?join is the room we've been idling in[0] (this is not the case anymore)

1445: SPAM



Link Mauve uses honeypot accounts on Prosody (mod_firewall based)

https://github.com/JabberSPAM/blacklist describes a due process to blacklist servers contacting the server admins, wait for 7 days for a reply if no reply, contact ISP, wait for 14 days this takes time and needs (trusted) volunteers to contact admins and document the steps taken







1520: Compression



MattJ is waiting on a compression spec

Discussions on when it's safe to flush compression and when not

HTTP vs XMPP compression and authentication issues



1530: Summit Retro



Good stuff/Things that went well Better communication across the big table Clearer and simpler language Good attendance and involvement of people Show & Tell Minutes Time slotting/keeping Little talking over each other We got a lot of stuff discussed Quality of discussions and listening Good hosting location Lunch vouchers Remote participation WiFi Sponsors

Things we could improve Have agenda before the summit to read up on things Diversity Video Voices don't carry well in this room Discussion for show and tell Show and Tell before lunch (issue + helpful) Slots for Show and Tell Split up Show and Tell over 2 days Earlier hotels Hotel pricing Obvious room doubling Late wiki page finalisation Wiki? My first summit / Expectations / Easier on-boarding More sponsors Objectives for discussions / Not all discussions lead to concrete actions/results SCAM metadata unused Ventilation More breaks In room coffee/drinks PA system

Actions: MattJ + Winfried will write down guidelines/recommendations on how to have a good and successful Summit for participants

including my first summit

Advertise more (Twitter, Facebook, Website, etc.)

Three Shown and Tell slots (before lunch and end on day 1)

Speaking/Queueing mechanism

More sponsors

Sponsors (including dinner and summit sponsers) on website

Wiki? topics, summary, relevant XEPs/links in advance / interest and scheduling as before / expected outcomes

Ralph is sending a mail about A/V issues to Cisco

Evaluate venue

Show and Tell: 5 minutes time and includes questions

Attempt to finalize on hotel earlier

Consider if wiki is a sensible place for summit info colleciton and publish

More breaks / fresh air

Investigate snacks in room

Microphone / PA



[0]: Addition on 2019/03/30: Now moved to/split into xmpp:modernxmpp@rooms.modernxmpp.org?join as a set of guidelines on how to use the protocol as well as UX guidelines, and something to come under the XSF umbrella (as possible) to provide developer documentation on how to use the different available libraries.