m&mFor the uninitiated: http://piratepad.net/L89H3Q8rao
bearhas joined
ZashRe this
> - authentication downgrades (SCRAM to PLAIN)
what if you put the list of available SASL mechs into a TXT field? (with DNSSEC)
ralphmset the topic toSummit 14, Portland | http://piratepad.net/L89H3Q8rao | https://plus.google.com/hangouts/_/f1eca0311bb12a659a2abbc58ee581d8e37eaa3d
Dave Cridlandhas joined
Dave CridlandZash, You could, but really you'll get that post-TLS anyway.
Dave CridlandZash, The problem is a subverted server that forces you to PLAIN to harvest passwords. The solution is that clients shouldn't switch *back* to a weaker auth without user intervention.
ZashAh
Dave CridlandOf course, that assumes a linear ordering of SASL mechs. :-)
m&mno
m&mthat doesn't help (-:
Ashley WardI can read about 50% of it
Dave CridlandNow it looks like the Blair Witch Project.
Ashley Ward:)
ralphmI blame stpeter's handwriting
m&myou need an HD camera, and we all need be connected with HD to have a shot
ZashWat
ralphmI think this is an HD camera
Ashley WardI can actually read it okay
Dave CridlandThere are parts I can't read from here anyway.
winfriedmy laptop screen is too small
Ashley WardYou're there aren't you Dave?
Dave CridlandRight.
Ashley WardDo we need to invest in some special XSF glasses for you?
m&mmaybe that'll be his first act on the next Board
Ashley Ward:)
m&m"Get Dave Glasses" (-:
Ashley WardI mean, I'm 4,900 miles away and I can just about read it.
winfriedwhere did you buy your glasses...
ralphmXEP-0259
Steffenblair witch prject 2
Steffenproject
bearthe work on carbons is just cleanup - making the errors make sense
bearmaking the text a little bit more understandable
bearif there is anything else he will take requests
bearhe saw that kim had posted something about wanting to switch over to this flag thing put together
bearrather not delay carbons or get another dependency
jabberjockeCould "attachments" be enabled on the pirate pad?
Steffenyes
Steffensee the clip icon
jabberjockecan't upload
lloydhttps://github.com/ashward/buddycloud-xep
bear(ash) I started drafting a xep around a kind of informal xep they had for buddycloud but it still needs a lot of work to finish
bear(ash) it's sitting in his personal github cloud and needs a lot of work to finish
bear20 min break
winfriedI will!
Ashley WardWife's just got back from Yoga, so 20 minute break is well timed :)
jabberjockeyea right it's -3C outside and pitchdark
Lancehttp://gowebrtc.me/demo.html#xsfsummit
darkrainhas left
Simonhas left
Lancehttp://gowebrtc.me/demo.html#tmc8n53d
ralphmhas left
ralphmhas joined
m&mI got the camera/mic request for both, but all I see is myself
m&mI think it's my local network
Zasherm
Zashwhat have you done?
m&mit could be worse
ZashI can't close the gowebrtc tabs
Zashfun
intosihas joined
fippowe're having an interesting network in here
m&mcan you combine the devil horns and angel halo?
ZashARE THERE SILLY HATS?
winfriedHATS?
ZashHATS!
Steffenha ha ha
Steffenbeware of black hats
Steffen;-)
Zashhttp://www.stupidgifs.com/images/full/352.gif
Ashley WardEdwin's stroking his cat like a Bond villain...
intosiI have yet to perfect my evil laughter
m&mgreat marketing
intosiIf only there was an open protocol that we could extend to have great conference capabilities with video and such...
Ashley WardI really fancy a coca-cola now...
Dave CridlandAnd now for close-ups of Bear and PSA's backsides.
Ashley WardNo comment
m&mbear's back
jabberjockeanyone knows what zoom.us <http://zoom.us> is doing
Steffenif there are slides. is it possible to them
Dave CridlandSteffan: URI above.
Steffenahh got it.. thanks dave
Dave CridlandSlide: CSS
SteffenI am on and off.. so I miss some stuff
Dave CridlandSlide: This requires rich content?
Dave CridlandSlide: So what's the fix?
Steffenwhy do we not make it XMPP "compatible".. and then share it by a room.. then waqas could click and we other could just view. :-)
Dave CridlandSlide: Templates!
Dave CridlandSlide: Templates: How they work
Dave CridlandSlide: Templates: Be aware
Dave CridlandSlide: (same title)
Dave CridlandSlide: Sandboxing
Dave CridlandSlide: Sandboxing : Support
Dave CridlandSlide: Sandboxing: Internet Explorer
Zashhas joined
Dave CridlandSlide: Sandboxing
Dave CridlandSlide: Rich Content
Dave CridlandSlide: Attacking XHTML-IM
Dave CridlandSlide: "" : URLS
Dave CridlandSlide: (same title)
Dave CridlandSlide: Attacking XMHTML-IM: Tags and attributes
Dave CridlandSlide: Attacking XHTML-IM: CSS
Dave CridlandSlide: CSS Sanitization: Values
Dave CridlandSlide: XHTML-IM.JS
Dave CridlandSlide: Don't Trust The Data
Dave CridlandSlide: Lessons...
Dave CridlandSlide: Lessons... (again)
waqashas left
Dave CridlandSlide: And we're done!
m&msource for xhtml-im.js? (and license?)
Zashhas joined
Dave CridlandGet that?
waqashas joined
intosiNo
m&mI did not get the license
intosiNot the license lbit
Dave CridlandMIT
intosiAh, gr8
stpeterMIT license
m&mgraze
Dave CridlandAnd will be on github
Dave CridlandAnd now everyone's talking at once.
intosiWe noticed ;)
m&myou need a speaking stick
intosiI'm about to get my cat and practice the evil laughter.
Ashley WardThis is actually a pretty useful presentation for web dev in general
intosiIndeed.
lloydYeah, lots of the issues apply outside of xmpp/bosh usage
Ashley WardAnd the number of devs that get it wrong is incredible.
lloydYup.
waqashas left
winfriedI did ;-)
Ashley WardXHTML-IM security?
winfriedBOSH/Websockets/XMPP creates another attack vector, vulnerable to this
Ashley WardMight be worth renaming the presentation as there may be people who think "I don't use BOSH, that's not for me", and yet it may well be useful for them.
m&mprecisely
winfriedyep
winfriedapplauds
sergey.dobrovhas joined
winfriedWould it be an idea to do a fast roundup on XMPP on the web developments
Zashhas left
stpeterLance is chatting about stanza.io and xmpp-ftw
bearxmpp over websockets draft has been adopted by the working grouop
bearthere are two open issues left
bearone is if there is an error and you need to send the client over to a uri
Zashhas joined
bearthe other issue is because in the browser we don't have a streaming parser should we have different flags to identify when the stream start/ends - lance feels that it's just fine as it is because the code that wraps it is a very thin item
bearthe additions to the last bosh rfc have not been applied yet and that should be picked up by the next council
Lancehttp://github.com/legastero/stanza.io
Lancehttp://github.com/lloydwatkin/xmpp-ftw
bearxmpp-ftw doesn't require you to give it a web socket, it will accept any socket or transport connection
sergey.dobrovhey guys, I have a similar topic talk, btw :)
lloydhttps://xmpp-ftw.jit.su is probably the best place to look
bearthe work being done for HTTP2 should be able to upgrade clean if we target websocket
Zashhas left
lloydIf anyone would like "live" demos I'm sure we could do these too during the summit
Ashley WardWe've lost the summit!
bearthey are trying to find his talk
jabberjockework fine
ralphmhttp://jrudevels.org/Trash/presentation.pdf
Steffenwell guys, I am off to bed. Have fun and see you later tomorrow
MattJ'night Steffen
stpeterbye Steffen
intosinn
Steffennight night
m&mciao
bearmany many clicks on this one
Steffenhas left
Dave CridlandSlide: whoami --verbose
Dave CridlandSlide: Why another library?
Dave CridlandSlide: Problems
Zashhas joined
Dave CridlandSlide: What can we do?
Dave CridlandSlide: Simple Example
Dave CridlandSlide: Possible Mapping
Dave CridlandSlide: Twilix Message
Dave CridlandSlide: (same title)
Dave Cridland(There's a lot of unfolding ofthe slide I'm not indicating, by the way)
Dave CridlandSlide: Twilix Message
Dave CridlandSlide: JSLiX Analogue
Dave CridlandSlide: Data Validation
Dave CridlandSlide: XML Fields
winfriedBTW: I can't see Sergeys head... he is quite a mystery like this ;-)
Dave CridlandSlide: Queries
Dave CridlandSlide: Dispatcher
Dave CridlandCamera better? Doing it blind.
intosiYes
Dave CridlandSlide: Dispatcher again. (no title though)
intosiA slight adjustment to the left perhaps.
intosiYay!
winfriedperfect, thanks!
Dave CridlandAce.
Dave CridlandSlide: Dispatcher, no title.
Dave CridlandWe should definitely do a XEP for slide coordination.
Dave CridlandCan you guys see the slide on-screen, by the way?
intosi<click xmlns="blah"/>
fippodave: i think there is an old H. standard fo rthis...
intosiSee, but not read.
winfriedyep
Dave CridlandSlide: Dispatcher. "Despite the fact XMPP [...]"
intosiWell, with a bit of imagination, you can probably understand what it says.
Dave CridlandEnough to identify? As in, is what I'm doing still useful?
intosiIt's very useful.
intosiIt's definitely enough to identify.
Dave CridlandDamn, I was hoping to get out of the typing. :-)
intosiAnd if you have the PDF, you can then make out what the blurry text was supposed to be even without going back to the PDF.
intosiGet a better camera.
m&mheh
intosiWe need Retina cameras ;)
m&mthat was suggested earlier
lloydRetina cameras == eyes?
Dave CridlandIt's RalphM's camera. Seems quite good, but I suspect the bandwidth has lowered the quality.
intosiWith actual retinas inside them.
Dave CridlandSlide: "Or in the case of handler"
m&mwe need HD-4K
Ashley WardI don't think the conference centre has retina bandwidth
bearyea, he is using a nice logitech external camera
Dave CridlandI'm using a telepresence solution powered by KLM.
Dave CridlandSlide: Table thing.
m&mhehe
intosiThe Dutch airline?
Ashley Ward:)
ZashThe table is sliding?
Dave CridlandAh. Slide: "Is it used anywhere now"
Dave CridlandSorry. Distracted.
ZashWhat slides now?
intosisame slide still
bearlast part of "Current State" slide
intosi'Is it used anywhere now?'
intosiSVP Implementation exmpl
Dave CridlandSlide: "Comparing Examples", "Software Bersion Protocol Implementation example"
Dave CridlandErm. "Version".
ZashAh, still Sergey
Dave CridlandSlide: (same title) "Then we'll need a method"
Dave CridlandSlide: "Now let's define the method to query" ...
Dave CridlandSlide: "as we can see the method"...
Dave CridlandSlide: "Finally we should define handlers"
Dave CridlandSlide: Counter-example PyXMPP2
Dave CridlandSlides are going thing and fast, sorry.
Dave CridlandJSLiX vs XMPP-FTW currently.
Dave Cridlandhas left
Dave Cridlandhas joined
Dave CridlandjTalk crashed, sorry
Dave CridlandNow on "Just an idea", from JSON-XMPP section