XSF logo XSF Discussion - 2018-09-25


  1. jjrh has left
  2. jjrh has left
  3. alacer has left
  4. jjrh has left
  5. UsL has joined
  6. jjrh has left
  7. Maranda has left
  8. Maranda has joined
  9. lumi has joined
  10. Dave Cridland has left
  11. Maranda SamWhited, and it's not falling back either on malformed request...
  12. Maranda I'll have to blacklist the mechanism
  13. efrit has joined
  14. SamWhited Oh yah, it doesn't do that, otherwise it would be a potential DOS
  15. SamWhited It only falls back if the feature isn't advertised at all and no successful auth has caused a mechanism to be pinned, IIRC
  16. SamWhited *a higher-priority mechanism to be pinned
  17. vanitasvitae has left
  18. Maranda has left
  19. Maranda has joined
  20. Maranda has left
  21. jjrh has left
  22. jjrh has left
  23. jjrh has left
  24. jjrh has left
  25. Maranda has joined
  26. jjrh has left
  27. jjrh has left
  28. Dave Cridland has left
  29. jjrh has left
  30. jjrh has left
  31. peter has left
  32. Maranda has left
  33. Maranda has left
  34. Maranda has left
  35. Maranda has left
  36. jjrh has left
  37. jjrh has left
  38. Maranda has left
  39. Maranda has joined
  40. Maranda has left
  41. Maranda has joined
  42. Maranda has left
  43. Maranda has joined
  44. alexis has joined
  45. Dave Cridland has left
  46. alexis has left
  47. jjrh has left
  48. jjrh has left
  49. peter has joined
  50. Maranda has left
  51. lskdjf has left
  52. l has left
  53. Maranda has joined
  54. alexis has joined
  55. alexis has left
  56. tux has left
  57. tux has joined
  58. jjrh has left
  59. Maranda has left
  60. jjrh has left
  61. l has left
  62. l has joined
  63. Maranda has joined
  64. Maranda has left
  65. Maranda has joined
  66. jjrh has left
  67. jjrh has left
  68. Dave Cridland has left
  69. Maranda has left
  70. jjrh has left
  71. Maranda has joined
  72. Maranda has left
  73. Maranda has joined
  74. Maranda has left
  75. Maranda has joined
  76. Neustradamus has left
  77. Neustradamus has joined
  78. jjrh has left
  79. SamWhited has left
  80. moparisthebest has left
  81. lskdjf has joined
  82. jjrh has left
  83. l has joined
  84. jjrh has left
  85. jjrh has left
  86. j.r has joined
  87. j.r has joined
  88. Dave Cridland has left
  89. alacer has joined
  90. alacer has left
  91. alacer has joined
  92. jjrh has left
  93. jjrh has left
  94. Yagiza has joined
  95. Yagiza has left
  96. labdsf has left
  97. labdsf has joined
  98. Yagiza has left
  99. jjrh has left
  100. jjrh has left
  101. alacer has left
  102. Dave Cridland has left
  103. jjrh has left
  104. Yagiza has left
  105. Yagiza has left
  106. Yagiza has joined
  107. Yagiza has left
  108. jjrh has left
  109. jjrh has left
  110. Dave Cridland has left
  111. alacer has joined
  112. Dave Cridland has left
  113. jjrh has left
  114. jjrh has left
  115. Yagiza has left
  116. alacer has left
  117. alacer has joined
  118. Dave Cridland has left
  119. jjrh has left
  120. jjrh has left
  121. peter has left
  122. jjrh has left
  123. jjrh has left
  124. Yagiza has left
  125. Yagiza has left
  126. Yagiza has joined
  127. labdsf has left
  128. labdsf has joined
  129. jjrh has left
  130. Yagiza has left
  131. Dave Cridland has left
  132. jjrh has left
  133. Yagiza has left
  134. Yagiza has joined
  135. Neustradamus has left
  136. jjrh has left
  137. Yagiza has left
  138. Neustradamus has joined
  139. muppeth has left
  140. Dave Cridland has left
  141. jjrh has left
  142. jjrh has left
  143. Dave Cridland has left
  144. Yagiza has left
  145. Yagiza has left
  146. jjrh has left
  147. jjrh has left
  148. labdsf has left
  149. jjrh has left
  150. jjrh has left
  151. lnj has joined
  152. labdsf has joined
  153. Dave Cridland has left
  154. Andrew Nenakhov has left
  155. Andrew Nenakhov has left
  156. Andrew Nenakhov has joined
  157. moparisthebest has joined
  158. Andrew Nenakhov has left
  159. jjrh has left
  160. Andrew Nenakhov has left
  161. jjrh has left
  162. Andrew Nenakhov has joined
  163. Andrew Nenakhov has left
  164. Andrew Nenakhov has left
  165. Andrew Nenakhov has joined
  166. Andrew Nenakhov has left
  167. Andrew Nenakhov has left
  168. Andrew Nenakhov has joined
  169. Andrew Nenakhov has left
  170. Andrew Nenakhov has left
  171. Andrew Nenakhov has joined
  172. Andrew Nenakhov has left
  173. Andrew Nenakhov has left
  174. Andrew Nenakhov has joined
  175. Andrew Nenakhov has left
  176. Andrew Nenakhov has left
  177. Andrew Nenakhov has joined
  178. labdsf has left
  179. daniel has left
  180. daniel has joined
  181. jjrh has left
  182. jjrh has left
  183. alacer has left
  184. alacer has joined
  185. daniel has left
  186. mimi89999 has left
  187. Andrew Nenakhov has left
  188. Andrew Nenakhov has left
  189. lorddavidiii has joined
  190. Andrew Nenakhov has joined
  191. daniel has joined
  192. andy has joined
  193. jjrh has left
  194. Dave Cridland has left
  195. labdsf has joined
  196. j.r has left
  197. j.r has joined
  198. jjrh has left
  199. alacer has left
  200. alacer has joined
  201. jjrh has left
  202. Andrew Nenakhov has left
  203. jjrh has left
  204. Andrew Nenakhov has joined
  205. labdsf has left
  206. SamWhited has left
  207. jjrh has left
  208. jjrh has left
  209. Andrew Nenakhov has left
  210. Dave Cridland has left
  211. Andrew Nenakhov has left
  212. jjrh has left
  213. jjrh has left
  214. daniel has left
  215. daniel has joined
  216. jjrh has left
  217. Dave Cridland has left
  218. Andrew Nenakhov has left
  219. jjrh has left
  220. jjrh has left
  221. alacer has left
  222. alacer has joined
  223. Dave Cridland has left
  224. Andrew Nenakhov has left
  225. j.r has joined
  226. vinx55 has joined
  227. ralphm has left
  228. Str4tocaster has joined
  229. karp has left
  230. karp has joined
  231. Zash has left
  232. ralphm has joined
  233. daniel has left
  234. daniel has joined
  235. jjrh has left
  236. jjrh has left
  237. jjrh has left
  238. vinx55 has left
  239. Andrew Nenakhov has left
  240. Andrew Nenakhov has joined
  241. Andrew Nenakhov has joined
  242. Str4tocaster has left
  243. vinx55 has joined
  244. Andrew Nenakhov has left
  245. Andrew Nenakhov has joined
  246. jjrh has left
  247. jjrh has left
  248. vinx55 has left
  249. valo has joined
  250. valo has joined
  251. thorsten has joined
  252. Dave Cridland has left
  253. jjrh has left
  254. Zash has left
  255. lorddavidiii has left
  256. karp has left
  257. karp has joined
  258. jjrh has left
  259. jjrh has left
  260. Dave Cridland has left
  261. lorddavidiii has joined
  262. Nekit has joined
  263. Dave Cridland has left
  264. jjrh has left
  265. Dave Cridland has left
  266. jjrh has left
  267. karp has left
  268. karp has joined
  269. Zash has left
  270. Guus has left
  271. Zash has joined
  272. Guus has joined
  273. Andrew Nenakhov has left
  274. flow has joined
  275. Andrew Nenakhov has joined
  276. lnj has left
  277. jjrh has left
  278. lnj has joined
  279. jjrh has left
  280. j.r has joined
  281. goffi has joined
  282. jjrh has left
  283. Dave Cridland has left
  284. Str4tocaster has joined
  285. Dave Cridland has left
  286. Str4tocaster has left
  287. Str4tocaster has joined
  288. Dave Cridland has left
  289. jjrh has left
  290. jjrh has left
  291. edhelas was there some discussions regarding the GDPR and the usage of transports with XMPP ?
  292. Seve/SouL has joined
  293. Dave Cridland has left
  294. Str4tocaster has left
  295. Dave Cridland has left
  296. Dave Cridland has joined
  297. 404.city has joined
  298. jjrh has left
  299. Dave Cridland has left
  300. Kev has joined
  301. Dave Cridland has joined
  302. Kev has left
  303. jjrh has left
  304. Neustradamus has left
  305. Dave Cridland has left
  306. Neustradamus has joined
  307. Dave Cridland has joined
  308. j.r has joined
  309. flow has left
  310. flow has joined
  311. Andrew Nenakhov has left
  312. Andrew Nenakhov has joined
  313. jjrh has left
  314. Andrew Nenakhov has joined
  315. Andrew Nenakhov has left
  316. Andrew Nenakhov has joined
  317. Andrew Nenakhov has left
  318. Andrew Nenakhov has joined
  319. Andrew Nenakhov has joined
  320. Andrew Nenakhov has left
  321. Andrew Nenakhov has joined
  322. flow has left
  323. jjrh has left
  324. jjrh has left
  325. UsL has joined
  326. mrdoctorwho has left
  327. Dave Cridland has left
  328. waqas has left
  329. jjrh has left
  330. jjrh has left
  331. jjrh has left
  332. karp has left
  333. jjrh has left
  334. winfried has joined
  335. jjrh has left
  336. Dave Cridland has left
  337. l has joined
  338. jjrh has left
  339. jjrh has left
  340. winfried has joined
  341. Dave Cridland has left
  342. Guus has left
  343. Dave Cridland has left
  344. winfried has joined
  345. jjrh has left
  346. jjrh has left
  347. Steve Kille has left
  348. Steve Kille has left
  349. Guus has joined
  350. Nekit has left
  351. Nekit has joined
  352. j.r has joined
  353. Dave Cridland has left
  354. lnj has left
  355. jjrh has left
  356. edhelas > and Mojave completes the transition by pulling out Jabber support
  357. Andrew Nenakhov has joined
  358. Zash Who
  359. vanitasvitae has left
  360. vanitasvitae has left
  361. jjrh has left
  362. jjrh has left
  363. edhelas macOS Mojave, the state of XMPP in iMessage was already bad, now it's gone
  364. jjrh has left
  365. edhelas so leave us with not much actually
  366. edhelas Dino doesn't has a stable built yet for macOS, Adium is based on libpurple, there's maybe Swift
  367. edhelas and Movim but it's an Electron client :p
  368. jonas’ gajim?
  369. mrdoctorwho has joined
  370. edhelas yes indeed
  371. Andrew Nenakhov has left
  372. jjrh has left
  373. Andrew Nenakhov has left
  374. jjrh has left
  375. mrdoctorwho has left
  376. jjrh has left
  377. jjrh has left
  378. derdaniel has left
  379. derdaniel has joined
  380. efrit has left
  381. jjrh has left
  382. jjrh has left
  383. Zash has left
  384. equil has left
  385. Zash Monal?
  386. jjrh has left
  387. Neustradamus has left
  388. Str4tocaster has joined
  389. Zash has left
  390. Str4tocaster has left
  391. Str4tocaster has joined
  392. Neustradamus has joined
  393. jjrh has left
  394. moparisthebest has left
  395. jjrh has left
  396. flow has joined
  397. Dave Cridland has left
  398. jjrh has left
  399. Andrew Nenakhov has left
  400. jjrh has left
  401. Andrew Nenakhov has joined
  402. lskdjf has joined
  403. goffi Cagou (SàT) is working on Mac OS, but need people to test it (I have no Mac myself)
  404. Andrew Nenakhov has joined
  405. Dave Cridland has left
  406. jjrh has left
  407. lnj has left
  408. Dave Cridland has left
  409. Str4tocaster has left
  410. mrdoctorwho has joined
  411. Dave Cridland has left
  412. Dave Cridland has left
  413. Andrew Nenakhov has left
  414. Andrew Nenakhov has joined
  415. Dave Cridland has left
  416. Dave Cridland has left
  417. jjrh has left
  418. ThibG has left
  419. ThibG has joined
  420. Andrew Nenakhov has left
  421. Andrew Nenakhov has joined
  422. Zash has left
  423. lnj has joined
  424. jjrh has left
  425. muppeth has joined
  426. labdsf has joined
  427. Zash has left
  428. Seve/SouL has left
  429. jjrh has left
  430. Andrew Nenakhov has left
  431. Andrew Nenakhov has joined
  432. jjrh has left
  433. jjrh has left
  434. Nekit has left
  435. Dave Cridland has left
  436. Nekit has joined
  437. labdsf has left
  438. alacer has left
  439. alacer has joined
  440. Dave Cridland has left
  441. Dave Cridland has left
  442. Dave Cridland has left
  443. labdsf has joined
  444. Andrew Nenakhov has left
  445. jjrh has left
  446. jjrh has left
  447. alacer has left
  448. Andrew Nenakhov has joined
  449. j.r has joined
  450. jjrh has left
  451. labdsf has left
  452. jjrh has left
  453. labdsf has joined
  454. l has left
  455. jjrh has left
  456. jjrh has left
  457. Kev has joined
  458. Kev has left
  459. equil has left
  460. equil has left
  461. equil has left
  462. ThibG has joined
  463. ThibG has joined
  464. j.r has joined
  465. jjrh has left
  466. jjrh has left
  467. andy has left
  468. Zash has left
  469. jjrh has left
  470. Dave Cridland has left
  471. peter has joined
  472. Dave Cridland has left
  473. Str4tocaster has joined
  474. peter has left
  475. Nekit has left
  476. Nekit has joined
  477. daniel has left
  478. daniel has joined
  479. Str4tocaster has left
  480. labdsf has left
  481. labdsf has joined
  482. jjrh has left
  483. jjrh has left
  484. Alex has joined
  485. j.r has joined
  486. alacer has joined
  487. Nekit has left
  488. alacer has left
  489. alacer has joined
  490. jere has joined
  491. jjrh has left
  492. jjrh has left
  493. Nekit has joined
  494. Alex has left
  495. Tobias has joined
  496. Tobias has joined
  497. winfried has left
  498. Zash has left
  499. Steve Kille has joined
  500. jjrh has left
  501. jjrh has left
  502. j.r has joined
  503. Holger has left
  504. j.r has joined
  505. winfried has joined
  506. valo has left
  507. valo has joined
  508. jjrh has left
  509. jjrh has left
  510. labdsf has left
  511. Guus has joined
  512. Guus has joined
  513. j.r has left
  514. j.r has joined
  515. jjrh has left
  516. j.r has left
  517. j.r has joined
  518. jjrh has left
  519. moparisthebest has left
  520. !xsf_martin has left
  521. alacer has left
  522. alacer has joined
  523. dos there's Monal, but it still feels somewhat beta, especially regarding MUCs
  524. Ge0rG And it's absent from the EU.
  525. dos I've tried it when looking for a client for gf, but eventually opted to fixing movim's electron client, it really felt like the best xmpp chat option on macOS :P
  526. dos I'm in Poland and I downloaded it from the app store... month ago?
  527. dos but it might be absent on iOS
  528. Zash GDPR FUD ey?
  529. dos well, yeah, when I read the blog post on Monal site I facepalmed pretty hard xd
  530. ThibG has joined
  531. peter has joined
  532. dos it would be way more understandable for Movim to have such concerns, but Monal?
  533. jjrh has left
  534. dos I mean... unless there's something in Monal we don't know about ( ͡° ͜ʖ ͡°)
  535. alacer has left
  536. edhelas Maybe for Movim as well ( ͡° ͜ʖ ͡°)
  537. peter has left
  538. dos has left
  539. moparisthebest Speaking as a service operator who has 'banned EU residents' we don't really care if you use it, just don't want to be bothered with GDPR crap
  540. Link Mauve Because it’s so hard to just not sell our data, and to allow us to retrieve or delete it.
  541. dos has joined
  542. moparisthebest Will I can lie to your face and swear I've audited everything and I'm compliant
  543. moparisthebest Or just not bother
  544. moparisthebest I'm probably compliant, just don't care
  545. jjrh has left
  546. jjrh has left
  547. j.r has left
  548. j.r has joined
  549. j.r has left
  550. j.r has joined
  551. j.r has joined
  552. j.r has joined
  553. j.r has left
  554. j.r has joined
  555. Andrew Nenakhov has left
  556. ThibG has joined
  557. ThibG has joined
  558. j.r has left
  559. j.r has joined
  560. jjrh has left
  561. labdsf has joined
  562. Maranda Too bad that GDPR protects nothing basically, and causes only annoyances to operators and ultimately users. One of those proper "EU style" things.
  563. Andrew Nenakhov has left
  564. Andrew Nenakhov has left
  565. Andrew Nenakhov has joined
  566. Maranda Like the latest filter shit they came out with, that's just brilliant.
  567. Andrew Nenakhov has joined
  568. Andrew Nenakhov has joined
  569. Andrew Nenakhov has left
  570. lumi has joined
  571. Andrew Nenakhov has joined
  572. jjrh has left
  573. jjrh has left
  574. moparisthebest yep Maranda basically that
  575. moparisthebest GDPR compliance costs google and facebook nothing, they already have a million engineers, customer service, and lawyers
  576. Dave Cridland has left
  577. moparisthebest meanwhile now I have to know journald's default retention period, make sure it doesn't change with updates, document it somewhere public, hire an EU rep, then have a lawyer check over everything and declare if I'm GDPR compliant or not?
  578. SamWhited has left
  579. SamWhited has joined
  580. moparisthebest or... I can just tell EU residents to buzz off and not think about it. :D
  581. Maranda And they can pay the fines anyways or refuse to, and eventually just bury EU under tons of stamped paper.
  582. Zash It got kinda tiresome to read that kind of thing in May.
  583. jjrh has left
  584. Maranda 🤣
  585. Ge0rG especially as most of it is wrong.
  586. Zash As I said before, > GDPR FUD ey?
  587. moparisthebest Ge0rG, allow me to simplify, if not required by law, is it easier to care about it or not care about it? :)
  588. Ge0rG moparisthebest: if you want to use my data, you better know where it's stored
  589. jjrh has left
  590. moparisthebest Ge0rG, so you know the retention period of every log on every server, and go line by line over all code changes every update to make sure it doesn't change?
  591. moparisthebest cause, that sounds like a lot of work compared to 'not caring'
  592. Yagiza has left
  593. dos GDPR doesn't care about your "every log"
  594. Ge0rG moparisthebest: in the strictest sense I've seen so far, you need to ensure that if you roll back a backup, all accounts deleted since that backup will be deleted after the rollback
  595. jjrh has left
  596. moparisthebest and that means what for IRC
  597. moparisthebest also, by definition, if my server explodes and I have to restore from backup, how would I ever know which accounts had been deleted in between date-of-last-backup and server-explosion
  598. moparisthebest that's an insane requirement
  599. Ge0rG moparisthebest: since when does an IRC server store *anything*?
  600. moparisthebest services and logs
  601. Ge0rG moparisthebest: I'm not sure if you are attempting to be ignorant or arrogant here. I'm sure you haven't missed first my and then the XSF announcement of an XMPP server data privacy template. You could have just copied the relevant section about logging from there.
  602. lumi has joined
  603. moparisthebest seriously though, with any type of service, if you are restoring from backup you presumably don't have any data from before that backup right?
  604. moparisthebest such as, what accounts were deleted
  605. Ge0rG Sorry, I have some real work to be done. If you need further assistance, I can ask my emplyer for a consulting offer :P
  606. moparisthebest thanks for confirming what I said about google/facebook being able to afford GDPR compliance and normal people not being able to
  607. SamWhited As far as I can tell the GDPR is mostly perfectly reasonable requirements, unlike most of the tech laws that come out of europe. If you can't afford compliance, you're probably either misunderstanding and aren't covered by it or shouldn't be operating a service that stores other peoples private data.
  608. Ge0rG moparisthebest: the good thing is that normal people will not be held to the same standards as Google.
  609. moparisthebest good thing is people outside the insanity that is EU won't be held to those insane standards at all
  610. Zash Yeah the requirements and therefore costs seemed to scale with size well enough
  611. SamWhited What's insane about requiring that you disclose who you're sharing user data with and making it easy for them to ask you to purge it? That seems perfectly reasonable.
  612. Ge0rG moparisthebest: oh, right. It's much better to live in a country where your ISP is free to datamine you, sell your location data to the highest bidder, to slow down your video streaming and to inject ads into your traffic.
  613. moparisthebest all networks are to be treated as an attacker, that's what encryption/authentication is for
  614. moparisthebest not 'please don't look at my data sir'
  615. SamWhited So encrypt your data? The law heavily encourages that because you're more responsible for losing your users data
  616. Ge0rG moparisthebest: oh, great. Now tell me about that magic protocol that will protect my traffic from all analysis, even from traffic pattern recognition
  617. Ge0rG and don't say "use VPN" because the VPN provider is obviously subject to the same (lack of) laws
  618. moparisthebest are ISPs doing that now, I thought only govts that aren't affected by these laws did that anyhow
  619. moparisthebest doesn't seem like there would be a lot of money in it
  620. Andrew Nenakhov has joined
  621. Ge0rG moparisthebest: https://eu.usatoday.com/story/tech/news/2017/04/04/isps-can-now-collect-and-sell-your-data-what-know-internet-privacy/100015356/
  622. SamWhited None of this has anything to do with the law other than that it encourages is by making you more responsible though. I'm not even sure what the encryption thing was about, are you suggesting the law should have been *more* specific and required it?
  623. Andrew Nenakhov has joined
  624. Ge0rG SamWhited: I think moparisthebest was speaking of encryption as a means for users to protect themselves from data collection
  625. SamWhited Ge0rG: which is fine, I just don't see what that has to do with this argument unless it's just a strawman
  626. moparisthebest SamWhited, I'm suggesting laws are useless with regard to internet privacy, and that encryption is the only option
  627. SamWhited If nothing else tons of companies have now put "Delete account" buttons on their product, which sounds great. That's not useless.
  628. Andrew Nenakhov has joined
  629. SamWhited They also are making lists of all the people that they're selling or otherwise sharing my data with, which has been very nice.
  630. Andrew Nenakhov has left
  631. Link Mauve moparisthebest, now please tell me how to encrypt my Facebook friends in a way to prevent Facebook from knowing them.
  632. Andrew Nenakhov has joined
  633. SamWhited So it doens't appear that laws related to the internet are useless, quite the contrary, it's been fantastic.
  634. Link Mauve And from selling this graph to some other companies.
  635. Andrew Nenakhov has left
  636. Ge0rG SamWhited: nice but illegal. Almost none of the big data-selling news outlets actually honor the opt-in requirement
  637. Ge0rG SamWhited: and most just say "if you don't want our tracking, delete your cookies"
  638. SamWhited Ge0rG: so your argument is that some people won't follow laws, so we shouldn't have any?
  639. Ge0rG SamWhited: not at all. As a user, I love the GDPR
  640. Link Mauve Ge0rG, now let’s wait until enough of their users sue them.
  641. Link Mauve Now that the EU introduced class actions too.
  642. Zash What if we have both laws and tech to back them up?
  643. moparisthebest Link Mauve, easy, if you don't give them the data, they don't have it
  644. Ge0rG moparisthebest: you can't not give your data to a web site you are visiting
  645. SamWhited Anyways, I'm a big fan. It gets me frustrated when people dismiss it as another link tax sort of law that doesn't make sense, having implemented it at two companies where it *definitely* made the users data safer
  646. Link Mauve moparisthebest, I can also throw away my computer and start growing potatoes, but that’s not something most people will want to do.
  647. Link Mauve Also, I am able to understand the implications of giving my data to Facebook, while most people aren’t.
  648. SamWhited Yah, if you have superpowers and can convince everyone to get off facebook, great, do that. In the mean time, since they're already on it, we need some sort of law that requires that Facebook plays nicely when they leave and cleans up their data.
  649. Ge0rG except that facebook isn't following the law, so we'll see some major fines in the next five to twenty years.
  650. moparisthebest so what's your opinion of latest EU laws? the actual link tax, and forced filtering of all uploaded content?
  651. moparisthebest are those good like GDPR too or is that over the line?
  652. moparisthebest I haven't seen the prosody or ejabberd modules to scan all stanzas for copyright violations that will be required either so
  653. Ge0rG moparisthebest: those are utter junk, pushed forward by big media lobbying
  654. SamWhited Those don't make any sense and are garbage because they're pretty much impossible to follow. The GDPR just lists basic data protections you should have been doing anyways
  655. SamWhited But I also haven't helped implement those anywhere, so I don't really know who has to follow them or what the specific details are.
  656. Dave Cridland has left
  657. moparisthebest I agree the general basis of the GDPR is good general data practice to follow, I think it's both unenforceable in general and onerous to small operators though, and shouldn't really be a law, meh
  658. SamWhited God I wish we had something similar here; I'm sure it's not perfect, but I'm pretty okay with it being onerous if those small operators weren't bothering to protect my data before
  659. Ge0rG moparisthebest: it wouldn't have become a law if everybody was respecting users' privacy from day 1
  660. SamWhited As for unenforceable, I have no idea. We'll see if fines start rolling out or not I guess. But even if it's unenforceable, it's made two companies I've worked for improve their practices, so it seems to be doing good either way.
  661. Ge0rG and I'm sure it will be enforced.
  662. Ge0rG It just takes time. Significant time. Have a look at the timeframe of the Google Android antitrust case.
  663. SamWhited yah, I don't see why it wouldn't be, it seems straight forward enough… we may not have similar laws in the U.S., but people complain to the FCC about Google and then Google gets fined all the time. This seems to be the same just with more teeth.
  664. Holger has left
  665. j.r has joined
  666. SamWhited (or whomever, Google's just a good stand in for "large company doing things they probably shouldn't be")
  667. Ge0rG Heh
  668. lskdjf has left
  669. lskdjf has joined
  670. Andrew Nenakhov has left
  671. j.r has left
  672. Andrew Nenakhov has left
  673. j.r has joined
  674. Andrew Nenakhov has joined
  675. Andrew Nenakhov has left
  676. Andrew Nenakhov has joined
  677. j.r has left
  678. j.r has joined
  679. Maranda has joined
  680. karp has left
  681. Andrew Nenakhov has left
  682. Andrew Nenakhov has joined
  683. Andrew Nenakhov has joined
  684. edhelas ok let's move the discussion there Link Mauve
  685. edhelas regarding https://xmpp.org/extensions/inbox/muc-avatars.html
  686. edhelas what is the current supports of the code 104 in XMPP clients ?
  687. peter has joined
  688. Yagiza has left
  689. Nekit has left
  690. waqas has joined
  691. lorddavidiii has left
  692. lorddavidiii has joined
  693. Yagiza has left
  694. ThibG has joined
  695. ThibG has joined
  696. Zash has left
  697. Andrew Nenakhov has left
  698. Andrew Nenakhov has joined
  699. Andrew Nenakhov has left
  700. Andrew Nenakhov has joined
  701. lovetox has joined
  702. Andrew Nenakhov has left
  703. Andrew Nenakhov has joined
  704. Andrew Nenakhov has left
  705. Andrew Nenakhov has left
  706. Andrew Nenakhov has joined
  707. Andrew Nenakhov has left
  708. alacer has joined
  709. Yagiza has left
  710. j.r has left
  711. j.r has joined
  712. ta has joined
  713. edhelas I'm currently having some though on that XEP and I'd like to propose some changes to generalize it
  714. ThibG has joined
  715. edhelas the core idea of this XEP is to expose the vcard hash in the bare MUC JID disco#info and notify it using a message 104
  716. edhelas I'd like to propose to do that for also disco#info of Pubsub nodes and all JIDs (including users ones)
  717. edhelas the notification will then be done using a message for MUC, presence or message for users and pubsub message for Pubsub nodes
  718. edhelas then we basically cover all the cases using the same core mechanism
  719. alacer has left
  720. SamWhited has left
  721. tux has left
  722. Kev has joined
  723. Kev has left
  724. Andrew Nenakhov has left
  725. l has joined
  726. l has joined
  727. marc has joined
  728. ta has joined
  729. SamWhited has left
  730. jjrh has left
  731. jjrh has left
  732. ta has left
  733. valo has left
  734. valo has joined
  735. labdsf has left
  736. labdsf has joined
  737. labdsf has left
  738. labdsf has joined
  739. SamWhited has left
  740. Maranda has left
  741. Maranda has joined
  742. jonas’ has left
  743. jonas’ has left
  744. SamWhited has left
  745. jonas’ has left
  746. jonas’ has joined
  747. jonas’ has left
  748. jonas’ has joined
  749. Ge0rG has joined
  750. ta has joined
  751. lskdjf has left
  752. lskdjf has joined
  753. jjrh has left
  754. jjrh has left
  755. marc has left
  756. alacer has joined
  757. Dave Cridland has left
  758. Dave Cridland has left
  759. marc has joined
  760. Maranda SamWhited, if eventually you wanna have some fun ™️ https://conference.gajim.org:5281/pastebin/cd179f64-2dff-4968-9b36-c45b874b48fa
  761. Maranda :D
  762. dwd has joined
  763. SamWhited My SCRAM implementation can take any generic hash algorithm, so they're already implemented. On the other hand, those aren't actually defined anywhere and haven't been vetted, so probably not a good idea to use them :)
  764. dwd has left
  765. jonas’ which are not?
  766. SamWhited Anything other than SHA1 and SHA256, to my knowledge
  767. jonas’ right
  768. jonas’ although, I think SCRAM doesn’t care *too* much about the hash, as long as the hash is reversible; i.e. it should be as safe as any as long as the hash used is safe
  769. jonas’ (that’s a property of PBKDF2 even)
  770. Dave Cridland has left
  771. SamWhited Yah, it should be safe, but probably best not to use random hash algorithms that aren't defined anywhere for no reason; SHA-1 and SHA-256 are both fine.
  772. dwd has joined
  773. dwd has left
  774. jonas’ hmmm
  775. SamWhited Kafka supports SCRAM-SHA-512 for some reason, so I guess you could use it with that
  776. Dave Cridland has left
  777. dwd has joined
  778. Yagiza has left
  779. jonas’ Maranda, if you just want to poke at your implementation, aioxmpp should support all of those (if your build of python has them).
  780. jonas’ you’d have to play some tricks to force it to use a specific one of them though)
  781. j.r has joined
  782. SamWhited ugg, does aiosasl support all these too? That makes me sad
  783. Maranda 👍
  784. jonas’ SamWhited, I don’t see a convincing argument for *not* allowing other variants of the SHA-2 family if one variant of the SHA-2 family is specified
  785. SamWhited Where security is concerned, just randomly changing things because it has a bigger number or whatever probably isn't a good idea. I can't imagine how this would go wrong, but for compatibility if nothing else it makes me sad that people are implementing them and other people consuming the library who don't know any better will think it's osmething to use
  786. dwd has left
  787. SamWhited I don't see a convincing argument to implement them, and as far as I'm concerned the burden of proof should be on that side of things whenver auth is concerned.
  788. jonas’ to be honest, I somewhat assumed that they were specified due to the wildcard in the IANA registry
  789. j.r has joined
  790. SamWhited Oh, interesting; I could be wrong. I didn't see an RFC though, does the IANA registry link to a document?
  791. jonas’ yes, to the one for SCRAM-SHA-256
  792. jonas’ https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml
  793. jonas’ I guess technically this is just a reservation of the SCRAM- prefix
  794. SamWhited Oh, yah, that's just a reservation for the entire familyl
  795. jonas’ Note to future SCRAM-mechanism designers: each new SASL SCRAM mechanism MUST be explicitly registered with IANA within the SASL SCRAM Family Mechanisms registry.
  796. jonas’ yeah
  797. jonas’ that’s pretty explicit
  798. jonas’ also a very convincing argument to remove support
  799. jonas’ SamWhited, there you go https://github.com/horazont/aiosasl/issues/6
  800. jonas’ the "minimum iteration count" parameter of the registry is interesting, too
  801. Yagiza has left
  802. SamWhited ♡ thanks; between security concerns and standardization concerns this makes me very happy.
  803. Dave Cridland has left
  804. Yagiza has left
  805. dwd has joined
  806. Maranda hm, interesting, well the implementation in Metronome is SHA digesting algorithm agnostic as well so it doesn't matter.
  807. SamWhited It matters in the sense that this is auth which is extremely important and security sensitive. In crypto, tiny insubstantial changes can often have a big impact that we don't forsee; it's not exactly intuitive. I doubt this is a problem, but it doesn't help to add more algorithms for no reason and it *possibly* hurts. Might as well just leave it to the experts and not make up your own crypto.
  808. SamWhited has huge pet peeve about this sort of thing
  809. jonas’ me too, normally, but I hadn’t seen this as "making up new crypto" to be honest
  810. SamWhited Well, "changing existing crypto", then. I agree, I can't imagine this possibly causes any problems, but it's also not necessary so why take the risk?
  811. jonas’ yeah
  812. Maranda SamWhited, I didn't mean that way :P
  813. SamWhited Heh, cool; sorry I'm being grumpy about it.
  814. jonas’ ’tis fine
  815. SamWhited This is just the kind of thing where I expect the longer hash will cause some buffer operation to behave slightly differently on some architecture and then suddenly you have a side channel, or something.
  816. Maranda I didn't know they weren't defined either, blame google for returning result on SCRAM-SHA-384 and SCRAM-SHA-512
  817. SamWhited (well, I don't "expect" it, but I could see it happening)
  818. Maranda I didn't know they weren't defined either, blame google for returning results on SCRAM-SHA-384 and SCRAM-SHA-512
  819. jonas’ that doesn’t make sense to me, actually
  820. jonas’ that would be a fundamental problem of pbkdf2 then
  821. jonas’ which I think we would know about
  822. jonas’ (we = the cryptography community, thus warning louder against it and deprecating pbkdf2 for that reason)
  823. SamWhited I was just making up a random example, I agree it's not likely
  824. jonas’ sure
  825. Guus has left
  826. Guus has joined
  827. Yagiza has left
  828. MattJ has left
  829. Guus has left
  830. Guus has joined
  831. Yagiza has left
  832. ThibG has left
  833. ThibG has joined
  834. dwd has left
  835. dwd has left
  836. Yagiza has left
  837. Dave Cridland has left
  838. dwd has left
  839. dwd has joined
  840. Maranda has joined
  841. dwd has left
  842. l has joined
  843. lskdjf has joined
  844. !xsf_martin has joined
  845. j.r has left
  846. j.r has joined
  847. ThibG has left
  848. ThibG has joined
  849. marc has left
  850. Yagiza has left
  851. mimi89999 has joined
  852. Yagiza has left
  853. 404.city has left
  854. UsL has joined
  855. dwd has joined
  856. dwd has left
  857. Guus has left
  858. Guus has joined
  859. labdsf has left
  860. labdsf has joined
  861. SamWhited has left
  862. marc has left
  863. Dave Cridland has left
  864. dwd has left
  865. Dave Cridland has left
  866. dwd has left
  867. dwd has left
  868. lskdjf has joined
  869. Neustradamus has left
  870. Neustradamus has joined
  871. dwd has left
  872. alacer has left
  873. Dave Cridland has left
  874. dwd has left
  875. Yagiza has left
  876. dwd has joined
  877. thorsten has joined
  878. thorsten has left
  879. thorsten has joined
  880. Guus has left
  881. Guus has joined
  882. lnj has left
  883. Yagiza has left
  884. Dave Cridland has left
  885. Dave Cridland has left
  886. dwd has left
  887. tux has left
  888. dwd has left
  889. dwd has left
  890. ta has left
  891. j.r has left
  892. lnj has left
  893. j.r has joined
  894. dwd has joined
  895. dwd has left
  896. Dave Cridland has left
  897. Dave Cridland has left
  898. dwd has joined
  899. dwd has left
  900. Dave Cridland has left
  901. dwd has joined
  902. dwd has left
  903. Seve/SouL has left
  904. daniel has left
  905. dwd has left
  906. dwd has left
  907. lskdjf has left
  908. dwd has joined
  909. vanitasvitae has left
  910. dwd has left
  911. goffi has left
  912. ThibG has left
  913. ThibG has joined
  914. !xsf_martin has left
  915. Andrew Nenakhov has left
  916. Andrew Nenakhov has joined
  917. Andrew Nenakhov has left
  918. Andrew Nenakhov has joined
  919. lovetox has left
  920. ThibG has left
  921. ThibG has joined
  922. lovetox has joined
  923. j.r has joined
  924. daniel has left
  925. daniel has joined
  926. lovetox has left
  927. SamWhited has left
  928. lovetox has joined
  929. j.r has joined
  930. Tobias has left
  931. Tobias has joined
  932. lskdjf has joined
  933. moparisthebest has joined
  934. Dave Cridland has left
  935. js has joined
  936. j.r has joined
  937. Dave Cridland has left
  938. j.r has joined
  939. lorddavidiii has left
  940. dwd has joined
  941. Dave Cridland has left
  942. dwd has left
  943. Andrew Nenakhov has left
  944. Andrew Nenakhov has joined
  945. Andrew Nenakhov has left
  946. Andrew Nenakhov has joined
  947. Andrew Nenakhov has left
  948. Dave Cridland has left
  949. marc has left
  950. dwd has joined
  951. Dave Cridland has left
  952. dwd has left
  953. j.r has joined
  954. j.r has joined
  955. dwd has left
  956. Dave Cridland has left
  957. Dave Cridland has left
  958. dwd has left
  959. dwd has joined
  960. dwd has left
  961. thorsten has joined
  962. Dave Cridland has left
  963. Dave Cridland has left
  964. Dave Cridland has left
  965. Dave Cridland has left
  966. Dave Cridland has left
  967. lovetox has left
  968. Dave Cridland has left
  969. Dave Cridland has left
  970. Dave Cridland has left
  971. Dave Cridland has left
  972. thorsten has joined
  973. Dave Cridland has left
  974. Dave Cridland has left
  975. j.r has joined
  976. Dave Cridland has left
  977. j.r has joined
  978. jjrh has left
  979. dwd has joined
  980. dwd has left
  981. 404.city has joined
  982. Dave Cridland has left
  983. jjrh has left
  984. 404.city has left
  985. Dave Cridland has left
  986. Dave Cridland has left
  987. j.r has joined
  988. j.r has left
  989. j.r has joined
  990. Dave Cridland has left
  991. Dave Cridland has left
  992. Dave Cridland has left
  993. Dave Cridland has left
  994. jjrh has left
  995. j.r has joined
  996. dwd has joined
  997. MattJ has joined
  998. jjrh has left
  999. dwd has left
  1000. vanitasvitae has left
  1001. efrit has joined
  1002. vanitasvitae has joined
  1003. vanitasvitae has left
  1004. Maranda has left
  1005. Maranda has left
  1006. Maranda has left
  1007. vanitasvitae has joined
  1008. js has left
  1009. jjrh has left
  1010. Dave Cridland has left
  1011. valo has joined
  1012. Dave Cridland has left
  1013. Dave Cridland has left
  1014. thorsten has left
  1015. thorsten has joined
  1016. Dave Cridland has left
  1017. dwd has joined
  1018. Dave Cridland has left
  1019. dwd has left
  1020. jjrh has left
  1021. jjrh has left
  1022. Dave Cridland has left
  1023. Dave Cridland has left
  1024. dwd has joined
  1025. dwd has left
  1026. dwd has joined
  1027. SamWhited has left
  1028. UsL has left
  1029. UsL has joined
  1030. jjrh has left
  1031. Dave Cridland has left
  1032. dwd has left
  1033. dwd has joined
  1034. dwd has left
  1035. efrit has left
  1036. jjrh has left
  1037. peter has left
  1038. jjrh has left
  1039. jjrh has left
  1040. peter has joined
  1041. Maranda has left
  1042. peter has left