I wonder if we should call it a day on our SimplePush efforts?
We had a 0.12.1 release in November 2014:
and the latest commit to the source code was in February 2015:
We do have some open JIRAs for a potential 0.13 release, as well as some future tickets:
Now, that there is a follow up standard on this, WebPush, and we have a more active community around that, and a Google Summer of Code student, I do see this being much more interesting than SimplePush, moving forward.
I think our friends at Mozilla are also seeing much more value in focusing on WebPush. I guess it's a bit different there as they have SimplePush in production.
Now... what we could do it, get a last release out and instead '0.13'call it 1.0.0, and put a note to the Github repository that this is the last release and we stop maintaining this stuff.
Or do some really feel they want to actively continue the SimplePush server ?
I think it was a good research project and I am happy we got some momentum around it, but I believe the future is WebPush instead of SimplePush
Feedback is more than welcome!
aerogear-dev mailing list
Well, Mozilla is indeed focusing more on WebPush rather than Simplepush. There are only a few products that use SimplePush at the moment, and frankly, the feature set for WebPush makes it far more interesting.
If I may, I'd suggest focusing on areas we've seen folks struggle with, including:
1) Data encryption -
Not terribly surprising, but folks have problems getting ECDH encryption and header
publication right. I can only presume that folks that have problems with this lead rich,
full lives surrounded by friends and loved ones and for some inexplicable reason, don't
enjoy delving into frustrating bouts of brain melting math.
Giving these poor souls a way to easily bundle up data that endpoints can decrypt so they
can continue their care-free lives of joy might be useful.
2) Subscriber management -
Somewhat in hand with the previous point, dealing with subscribers using WebPush is
a fair bit more complicated than it would first seem. Subscribers can have multiple endpoints
that may shift, or simply disappear in a puff of 410 smoke. Plus, there's the encryption keys
that need to persist and be safe-guarded from compromise, and all the fun that goes with
3) VAPID -
Mozilla currently uses VAPID to allow subscription providers a way to voluntarily provide
info about themselves. The process involves a bit more brain-tweaking ECDH crypto, and there
are some considerations that might escape the casual user (Keep your VAPID key separate from
your publication keys; Keep your private VAPID key private; Resubscribe your customers on key
VAPID is strongly favored for how subscriptions updates would be authorized for other service
So, yeah, full plate. More than enough to scrape SimplePush off to make room, and the nice bonus is that the new stuff isn't just for one provider, and will make your library that much more attractive.
I've got a few resources to help folks get going on this:
1) https://mozilla-services.github.io/WebPushDataTestPage/ - The WebPush Data Test Page, which is a stand alone page that encrypts a data block and shows you as much as possible for key auditing. I recommend opening the Browser Console, since I'm a bit verbose. That page includes VAPID header support, but if you just wanted to see that bit:
I'm also working on a document that (hopefully) lays out the various steps and considerations for App Servers / subscription providers.
Does that make sense to y'all?
On 5/24/2016 11:45 PM, Matthias Wessendorf wrote:
aerogear-dev mailing list
|Free forum by Nabble||Edit this page|