Dave Cridland

Metre is an XMPP Server, but not one that serves XMPP. Instead, it lives in the nether regions between servers - being a Man In The Middle by design and intent - filtering and securing traffic as required.

Metre supports pretty well every bell, whistle, and in fact any other musical instrument of XMPP Server to Server security. It then filters traffic, drops stanzas you don't want, eliding it totally on occasion.

It'll throw your traffic over TLS, over DANE, over SATCOM.

It'll log it all.

It'll protect your autonomous security domain.

It'll wag its little tail when it sees you in the morning, but you won't have to take it for walks.

Spiffing is a modern C++ MIT-licensed library for handling machine-readable security labels, of the type used by military, government, and intelligence systems throughout the world. Ever wanted to understand those "TOP SAUSAGE SIGINT RODEO" things you see in the news? Come along and find out.

This lightning talk is not classified, but if it were, Spiffing could tell you not only what classification it was, but what categories were used as well, how to represent that as text and colour, and who would be allowed to see it.

These techniques have been the cornerstone of "multi-level security", the gold standard for high-security systems, for the past three decades, but the specifications are hard to find, often not public, and up until now there have been no freely available implementations. This has limited not only the use of open-source within high-security markets, but also the use of these very useful security practises throughout industry. Spiffing opens this technology to everyone.

This talk will give a crash-dive into what a security label really is, how clearances work, what a security policy is and how it's represented, and what Spiffing can do with them. I'll end with a rapid demo, showing a secure collaboration system built on open-source, that I'll be showing in more detail in the Real-time Lounge throughout the weekend.

Openfire is almost universally recognised as the worst XMPP server, and well known as having been dropped by its original authors, and left to rot, unmaintained and buggy. So why has it just made a 4.0 release, and who cares, anyway?

Many years ago, when the majority of this audience were still in school, there used to be an amazing server called Jive Messenger. After two renames, it was called Openfire, and everyone loved its powerful admin interface, full modern featureset, and astounding integration capability.

Then Jive decided they didn't want to be in the XMPP business anymore, and threw it over the wall, leaving it to languish in the bitrot bin. Everyone - and I mean everyone - knew that using Openfire was a bad idea.

Now, it's back - but did it ever go away, and does it really deserve the reputation of the worst XMPP server?

Dave Cridland is the Project Lead of Openfire, despite hating Java and being not very good at it, and in this talk will attempt to take credit for the revival of a much-loved server that he has had nothing much to do with.

A new project whose distinguishing feature is not reinventing the wheel.

Recently, Dave discovered a batch processing protocol called Hututupuh. Looking into it (it's apparently quite popular), he noticed a habit of Hututupuh developers to reinvent often key areas, such as endpoint identifiers, authentication, and notifications. Since the XMPP world has had these working just fine for quite a while (usually by reusing things like SASL), Dave wondered what would happen if you let XMPP do some of the heavy lifting. Hututupuh developers will, now doubt, rejoice at having a simple, ready-made solution available to them, with a pre-existing global infrastructure and wide support.

A short introduction to the Jabber/XMPP devroom.