XSF logo XSF Discussion - 2019-03-12


  1. dele has left
  2. karoshi has left
  3. lumi has left
  4. Guus has left
  5. Guus has joined
  6. lumi has joined
  7. Guus has left
  8. dwd has left
  9. dwd has joined
  10. dwd has left
  11. andrey.g has joined
  12. Lance has joined
  13. dwd has joined
  14. UsL has left
  15. UsL has joined
  16. !xsf_Martin has left
  17. !xsf_Martin has joined
  18. !xsf_Martin has left
  19. !xsf_Martin has joined
  20. !xsf_Martin has left
  21. !xsf_Martin has joined
  22. !xsf_Martin has left
  23. !xsf_Martin has joined
  24. !xsf_Martin has left
  25. !xsf_Martin has joined
  26. !xsf_Martin has left
  27. !xsf_Martin has joined
  28. !xsf_Martin has left
  29. !xsf_Martin has joined
  30. !xsf_Martin has left
  31. !xsf_Martin has joined
  32. !xsf_Martin has left
  33. !xsf_Martin has joined
  34. !xsf_Martin has left
  35. !xsf_Martin has joined
  36. !xsf_Martin has left
  37. !xsf_Martin has joined
  38. !xsf_Martin has left
  39. !xsf_Martin has joined
  40. !xsf_Martin has left
  41. !xsf_Martin has joined
  42. !xsf_Martin has left
  43. !xsf_Martin has joined
  44. !xsf_Martin has left
  45. !xsf_Martin has joined
  46. !xsf_Martin has left
  47. !xsf_Martin has joined
  48. !xsf_Martin has left
  49. !xsf_Martin has joined
  50. !xsf_Martin has left
  51. !xsf_Martin has joined
  52. !xsf_Martin has left
  53. !xsf_Martin has joined
  54. !xsf_Martin has left
  55. !xsf_Martin has joined
  56. !xsf_Martin has left
  57. !xsf_Martin has joined
  58. !xsf_Martin has left
  59. !xsf_Martin has joined
  60. !xsf_Martin has left
  61. !xsf_Martin has joined
  62. !xsf_Martin has left
  63. !xsf_Martin has joined
  64. !xsf_Martin has left
  65. !xsf_Martin has joined
  66. !xsf_Martin has left
  67. !xsf_Martin has joined
  68. !xsf_Martin has left
  69. !xsf_Martin has joined
  70. !xsf_Martin has left
  71. !xsf_Martin has joined
  72. !xsf_Martin has left
  73. !xsf_Martin has joined
  74. !xsf_Martin has left
  75. !xsf_Martin has joined
  76. !xsf_Martin has left
  77. !xsf_Martin has joined
  78. !xsf_Martin has left
  79. !xsf_Martin has joined
  80. !xsf_Martin has left
  81. !xsf_Martin has joined
  82. !xsf_Martin has left
  83. !xsf_Martin has joined
  84. !xsf_Martin has left
  85. !xsf_Martin has joined
  86. !xsf_Martin has left
  87. !xsf_Martin has joined
  88. !xsf_Martin has left
  89. !xsf_Martin has joined
  90. !xsf_Martin has left
  91. !xsf_Martin has joined
  92. !xsf_Martin has left
  93. !xsf_Martin has joined
  94. !xsf_Martin has left
  95. !xsf_Martin has joined
  96. !xsf_Martin has left
  97. !xsf_Martin has joined
  98. !xsf_Martin has left
  99. !xsf_Martin has joined
  100. !xsf_Martin has left
  101. !xsf_Martin has joined
  102. !xsf_Martin has left
  103. !xsf_Martin has joined
  104. !xsf_Martin has left
  105. !xsf_Martin has joined
  106. !xsf_Martin has left
  107. !xsf_Martin has joined
  108. !xsf_Martin has left
  109. !xsf_Martin has joined
  110. !xsf_Martin has left
  111. !xsf_Martin has joined
  112. !xsf_Martin has left
  113. !xsf_Martin has joined
  114. !xsf_Martin has left
  115. !xsf_Martin has joined
  116. !xsf_Martin has left
  117. !xsf_Martin has joined
  118. !xsf_Martin has left
  119. !xsf_Martin has joined
  120. !xsf_Martin has left
  121. !xsf_Martin has joined
  122. !xsf_Martin has left
  123. !xsf_Martin has joined
  124. !xsf_Martin has left
  125. !xsf_Martin has joined
  126. !xsf_Martin has left
  127. !xsf_Martin has joined
  128. !xsf_Martin has left
  129. !xsf_Martin has joined
  130. !xsf_Martin has left
  131. !xsf_Martin has joined
  132. dwd has left
  133. dwd has joined
  134. dwd has left
  135. Guus has joined
  136. dwd has joined
  137. !xsf_Martin has left
  138. debacle has left
  139. dwd has left
  140. dwd has joined
  141. Guus has left
  142. Guus has joined
  143. Guus has left
  144. dwd has left
  145. dwd has joined
  146. Guus has joined
  147. bowlofeggs has left
  148. bowlofeggs has joined
  149. Lance has left
  150. dwd has left
  151. dwd has joined
  152. dwd has left
  153. lorddavidiii has left
  154. lorddavidiii has joined
  155. lorddavidiii has left
  156. lorddavidiii has joined
  157. Lance has joined
  158. dwd has joined
  159. dwd has left
  160. dwd has joined
  161. Lance has left
  162. Lance has joined
  163. dwd has left
  164. lumi has left
  165. lumi has joined
  166. Guus has left
  167. Guus has joined
  168. Guus has left
  169. Lance has left
  170. mimi89999 has left
  171. alacer has joined
  172. peter has joined
  173. mimi89999 has joined
  174. dwd has joined
  175. vanitasvitae has left
  176. vanitasvitae has joined
  177. peter has left
  178. Lance has joined
  179. dwd has left
  180. dwd has joined
  181. dwd has left
  182. larma has left
  183. mimi89999 has left
  184. larma has joined
  185. Lance has left
  186. lumi has left
  187. mimi89999 has joined
  188. dwd has joined
  189. Lance has joined
  190. dwd has left
  191. Guus has joined
  192. Lance has left
  193. lskdjf has left
  194. Lance has joined
  195. Yagiza has joined
  196. moparisthebest what's the proper thing to use for a new namespace for a ProtoXEP ?
  197. moparisthebest like a URL I control, or make something up in urn:xmpp:X ?
  198. larma has left
  199. Lance has left
  200. oli has left
  201. wurstsalat has left
  202. Lance has joined
  203. wurstsalat has joined
  204. Lance has left
  205. contrapunctus has left
  206. contrapunctus has joined
  207. Lance has joined
  208. neshtaxmpp has joined
  209. moparisthebest went ahead with my own URL for now, if that's not right could someone let me know? https://github.com/xsf/xeps/pull/765
  210. Nekit has joined
  211. ThibG has left
  212. ThibG has joined
  213. Zash has left
  214. Zash has joined
  215. dwd has joined
  216. alacer has left
  217. dwd has left
  218. Syndace has left
  219. Yagiza has left
  220. contrapunctus has left
  221. contrapunctus has joined
  222. 404.city has joined
  223. wurstsalat has left
  224. Lance has left
  225. blabla has left
  226. blabla has joined
  227. 404.city has left
  228. wurstsalat has joined
  229. dwd has joined
  230. contrapunctus has left
  231. contrapunctus has joined
  232. dwd has left
  233. kokonoe has left
  234. kokonoe has joined
  235. oli has joined
  236. j.r has left
  237. Lance has joined
  238. zinid moparisthebest: `urn:xmpp:X:0`
  239. Guus has left
  240. Guus has joined
  241. Wiktor Isn't it `urn:xmpp:tmp:X`?
  242. zinid Wiktor: I think we got rid of tmp?
  243. Wiktor Oh, sorry then, I'm not up to date with this stuff
  244. zinid the problem with tmp is that it's quite possible that namespace wouldn't be bumped
  245. Guus has left
  246. zinid and tmp will go into final 😁
  247. Wiktor Yeah, that's the same with `X-*` headers in HTTP. They are discouraged now.
  248. Guus has joined
  249. waqas has left
  250. goffi has joined
  251. waqas has joined
  252. waqas has left
  253. wurstsalat has left
  254. waqas has joined
  255. contrapunctus has left
  256. contrapunctus has joined
  257. j.r has joined
  258. waqas has left
  259. andy has joined
  260. Yagiza has joined
  261. Guus has left
  262. Guus has joined
  263. Guus has left
  264. j.r has left
  265. j.r has joined
  266. Lance has left
  267. Guus has joined
  268. j.r has left
  269. karoshi has joined
  270. derdaniel has joined
  271. andrey.g has left
  272. andrey.g has joined
  273. jonas’ moparisthebest, use something which is sensible from the urn:xmpp: namespace
  274. zinid urn:xmpp:dox apparently
  275. jonas’ for example, yes
  276. jonas’ :dox:0 even
  277. zinid let's polute the namespace by april 1st jokes!
  278. jonas’ is that an april 1st joke?
  279. zinid yes
  280. jonas’ oh
  281. jonas’ I thought moparisthebest was serious.
  282. zinid yeah, you never know
  283. jonas’ indeed
  284. zinid probably worth adding "humor" to the namespace path 🙂
  285. Lance has joined
  286. jonas’ :tmp would be less obvious and still ok
  287. zinid whatever, I just think aquiring "dox" acronym is not a very good idea, because it sounds nice and may be reused in more serious xeps 😛
  288. jonas’ but it’s also fun because of doxing
  289. zinid yeah, so just append something to the namespace, don't let it be urn:xmpp:dox:*
  290. zinid urn:xmpp:humor:dox, whatever
  291. jonas’ moparisthebest, urn:xmpp:tmp:dox seems good for now
  292. jonas’ :tmp shouldn’t be used by serious protoxeps, and it looks innocent enough :)
  293. vaulor has left
  294. vaulor has joined
  295. j.r has joined
  296. Lance has left
  297. arc has left
  298. arc has joined
  299. wurstsalat has joined
  300. alacer has joined
  301. Tobias has joined
  302. intosi has joined
  303. arc has left
  304. Lance has joined
  305. arc has joined
  306. ralphm has left
  307. ralphm has joined
  308. dwd has joined
  309. ralphm has left
  310. ralphm has joined
  311. intosi has left
  312. intosi has joined
  313. alacer has left
  314. ralphm has left
  315. ralphm has joined
  316. yon has left
  317. wurstsalat has left
  318. contrapunctus has left
  319. contrapunctus has joined
  320. wurstsalat has joined
  321. alacer has joined
  322. oli has left
  323. yon has joined
  324. oli has joined
  325. karoshi has left
  326. contrapunctus has left
  327. contrapunctus has joined
  328. Lance has left
  329. contrapunctus has left
  330. contrapunctus has joined
  331. Holger has left
  332. lnj has joined
  333. Holger has joined
  334. andy has left
  335. andy has joined
  336. ralphm has left
  337. ralphm has joined
  338. alacer has left
  339. alacer has joined
  340. dwd We used to use :tmp: for all Experimental XEPs, but dropped it because it wasn't a stable namespace, and we wanted people to implement early and safely with Experimental. Of course, this has other downsides, like deployment pressure, but that's something I'm happier to live with.
  341. dwd But loosely, :tmp: was our X-.
  342. dwd zinid, urn:xmpp:humor is reserved for Officially Humourous Things, surely? Do we need a work team to decide what is Officially Funny?
  343. zinid dwd, sure we can schedule that work at April 1st
  344. contrapunctus has left
  345. contrapunctus has joined
  346. mfoss has joined
  347. mfoss has left
  348. Seve Not a fan of that personally
  349. oli has left
  350. contrapunctus has left
  351. debacle has joined
  352. Neustradamus has left
  353. Neustradamus has joined
  354. wurstsalat has left
  355. larma has joined
  356. UsL has left
  357. UsL has joined
  358. contrapunctus has joined
  359. mark has left
  360. mark has joined
  361. Syndace has joined
  362. Tobias has left
  363. !xsf_Martin has joined
  364. !xsf_Martin has left
  365. !xsf_Martin has joined
  366. !xsf_Martin has left
  367. !xsf_Martin has joined
  368. ralphm has left
  369. ralphm has joined
  370. alacer has left
  371. alacer has joined
  372. Guus Seve you might have missed the importance of the suggested date. 🙂
  373. !xsf_Martin has left
  374. alacer has left
  375. alacer has joined
  376. ralphm has left
  377. ralphm has joined
  378. Lance has joined
  379. Ge0rG https://matrix.org/blog/2019/03/12/breaking-the-100bps-barrier-with-matrix-meshsim-coap-proxy/ 😁
  380. j.r has left
  381. ralphm has left
  382. alacer has left
  383. zinid Ge0rG: already on HN?
  384. Ge0rG No idea. But it's 25bps higher than STANAG XMPP
  385. zinid damn
  386. Ge0rG Higher = worse.
  387. zinid ah, right
  388. zinid good then 😁
  389. zinid I use stanag all the time in the lift
  390. Guus How often are you in a lift?
  391. zinid I didn't count 🤔
  392. zinid a few times a day?
  393. zinid subway is also a good source of high quality stanags
  394. Guus Please add a "XMPP STANAG TESTING ZONE" sticker.
  395. Guus https://www.lemark.co.uk/custom-printing/printed-barrier-tape/ 😏
  396. Ge0rG 👍
  397. Lance has left
  398. karoshi has joined
  399. lskdjf has joined
  400. j.r has joined
  401. alacer has joined
  402. kokonoe has left
  403. kokonoe has joined
  404. alacer has left
  405. 404.city has joined
  406. alacer has joined
  407. vanitasvitae has left
  408. vanitasvitae has joined
  409. alacer has left
  410. efrit has joined
  411. j.r has left
  412. j.r has joined
  413. andy has left
  414. andy has joined
  415. alacer has joined
  416. Alex has joined
  417. efrit has left
  418. j.r has left
  419. Alex has left
  420. j.r has joined
  421. Alex has joined
  422. debacle has left
  423. alacer has left
  424. alacer has joined
  425. Alex has left
  426. alacer has left
  427. karoshi has left
  428. karoshi has joined
  429. alacer has joined
  430. neshtaxmpp has left
  431. neshtaxmpp has joined
  432. lskdjf has left
  433. lskdjf has joined
  434. Zash has left
  435. Andrew Nenakhov has left
  436. Andrew Nenakhov has joined
  437. Andrew Nenakhov has left
  438. Zash has joined
  439. Zash has left
  440. Zash has joined
  441. Andrew Nenakhov has joined
  442. alacer has left
  443. alacer has joined
  444. moparisthebest I updated the namespace on the PR jonas’
  445. moparisthebest also that was part of my evil plan all along, I'll push this thing all the way to final leaving everyone wondering forever more "wait a second, is this a joke or not" >:)
  446. jonas’ humorous track doesn’t have final
  447. moparisthebest I have it as Standards Track :D
  448. Zash Implement and deploy!
  449. Zash Like the JSON for BOSH XEP
  450. moparisthebest Zash, already done! https://github.com/moparisthebest/jDnsProxy/tree/dox deployed at xmpp:dns@moparisthebest.com/listener
  451. Zash !
  452. moparisthebest run it on your router, force your whole network DNS queries over XMPP
  453. MattJ and one day it will surface that DNS over HTTP was actually a similar joke that went too far?
  454. moparisthebest actually in ways this is better than DoH because of the long lived connection, no TLS setup each time etc
  455. jonas’ you can have long-lived connections with HTTP, too
  456. Zash You can.
  457. Zash But do you?
  458. moparisthebest not quite *as* long lived, or as easily
  459. moparisthebest that is to say, the server is gonna disconnect you regularly
  460. jonas’ a DoX server might as well
  461. MattJ DoXoH
  462. jonas’ DoX-over-BOSH?
  463. MattJ Yes
  464. moparisthebest DoX isn't necessarily a server, my implementation of it right now is a client
  465. Zash over IP-over-DNS?
  466. jonas’ moparisthebest, but you need a server as entry-point
  467. moparisthebest sure
  468. jonas’ and that might disconnect you
  469. moparisthebest use it in combination with ping?
  470. Ge0rG moparisthebest: does it respond to plaintext requests?
  471. Ge0rG You always need to introduce a legacy mode
  472. moparisthebest nope needs raw DNS bytes
  473. Ge0rG How am I supposed to operate it from mobile, then? 😜
  474. Andrew Nenakhov has left
  475. Alex has joined
  476. moparisthebest make a program to convert text to raw bytes, I use dig :D
  477. Alex has left
  478. moparisthebest from mobile, use dig from Termux
  479. Alex has joined
  480. Guus At some point I'm going to throw a bucket full of ice cold water over you guys.
  481. Andrew Nenakhov has joined
  482. jonas’ steps away
  483. jonas’ holds and caresses his sed(1)
  484. jonas’ my preciouuusssss
  485. Andrew Nenakhov has left
  486. alacer has left
  487. alacer has joined
  488. Guus adds more ice to the bucket.
  489. mark has left
  490. andy has left
  491. andy has joined
  492. jonas’ speaking of twisting stuff in ways to have fun with it: jslinux (<https://bellard.org/jslinux/vm.html?url=https://bellard.org/jslinux/buildroot-x86-xwin.cfg&graphic=1>) supports X11 and networking by now, networking happens via a general ethernet-layer WebSocket VPN (see http://www.benjamincburns.com/2013/11/10/jor1k-ethmac-support.html )
  493. lumi has joined
  494. ralphm has joined
  495. Andrew Nenakhov has joined
  496. debacle has joined
  497. flow moparisthebest, I am not sure that DoX should be humorous, it could prove useful
  498. moparisthebest I agree
  499. Andrew Nenakhov has left
  500. Lance has joined
  501. Andrew Nenakhov has joined
  502. flow uh, it is standards track
  503. moparisthebest yep I did that on purpose, I'd still like it released on April 1st just for the ensuing hilarity and confusion though :D
  504. flow I was assuming it to be a <type>humorous</type> XEP based on your comment to accept it on 1.4
  505. flow mission accomplished I'd say ;)
  506. Zash Master level trolling you got there :)
  507. moparisthebest yay
  508. ralphm moparisthebest: https://xmpp.org/extensions/xep-0053.html#namespaces
  509. j.r has left
  510. ralphm (for reference)
  511. j.r has joined
  512. Seve >Seve you might have missed the importance of the suggested date. 🙂 Yes, I was saying that I don't feel very comfortable using XEPs for humorous things, just my personal opinon. I would just use a blog page or something that 1st of April and that's all.
  513. ralphm What is officially funny is up to the Editor.
  514. Alex has left
  515. ralphm Seve: tough luck
  516. Guus who is German.
  517. Guus ducks, runs.
  518. ralphm Guus: tsk
  519. Seve ralphm, I'm not asking to change anything, just mentioning how I see it :) Never in my life encountered this, maybe that is english culture I don't know, but I'm not used to have official stuff being used for jokes, let's say. Again, this has been like that for ages, not going to ask for a change :)
  520. ralphm Seve: welcome to the world of standards bodies
  521. ralphm This might be a good start: https://tangentsoft.net/rfcs/humorous.html
  522. moparisthebest Seve, yea there is already a long history https://xmpp.org/extensions/xep-0183.html
  523. ralphm http://www.openrfc.org/humour.pl
  524. Seve moparisthebest, I'm aware :)
  525. ThibG has left
  526. ThibG has joined
  527. moparisthebest besides in my opinion DoX is no more or less silly than DoH and everyone and their brother implements that so... :)
  528. Andrew Nenakhov has left
  529. ralphm I'm not sure if I agree DoH is silly in and of itself. I do think that having only two services for it (Google and Cloudflare) is terrible.
  530. moparisthebest and that quad9 one and anyone else that wants to run one
  531. moparisthebest but I agree with what I think your point is, that sending all DNS queries to a much smaller number of resolvers is a bad idea :)
  532. ralphm Right
  533. alacer has left
  534. alacer has joined
  535. ralphm But as a protocol concept I'm not against.
  536. Zash But I am! HTTP-ification of all the things annoy me!
  537. moparisthebest start a DoX resolver now! be the change you want to see!
  538. Zash moparisthebest: Adding support to unbound you say?
  539. moparisthebest my resolver asks unbound yes
  540. moparisthebest which asks jdnsproxy, which asks a random dns-over-tls resolver over tor :)
  541. moparisthebest but you don't have to be *as* crazy
  542. moparisthebest you can just configure it to ask unbound
  543. alacer has left
  544. ralphm I thought this was a great overview of this topic: https://blog.powerdns.com/2019/02/07/the-big-dns-privacy-debate-at-fosdem/
  545. alacer has joined
  546. valo has left
  547. alacer has left
  548. Ge0rG Indeed, thanks for the link!
  549. ThibG has left
  550. ThibG has joined
  551. moparisthebest the way I solve that personally is by querying DNS-over-TLS servers from a range of providers over tor
  552. moparisthebest I can trust I'm talking to who I think I am and evil exit nodes aren't modifying anything, they don't know who I am, no 1 provider has all queries, and I validate DNSSEC myself anyway
  553. Lance has left
  554. Ge0rG That's... complicated
  555. moparisthebest what is?
  556. neshtaxmpp has left
  557. Ge0rG Your setup of DNS over Tor
  558. moparisthebest well I did end up writing jDnsProxy to support it yea, existing options weren't that great
  559. moparisthebest but *now* it's seamless :P
  560. Ge0rG Except for the 300ms latency?
  561. moparisthebest that's what serve-stale is for https://tools.ietf.org/html/draft-ietf-dnsop-serve-stale
  562. moparisthebest also unbound has various options to keep well used queries refreshed and such, overall it works quite well
  563. Andrew Nenakhov has joined
  564. Ge0rG Some days ago I realized that the smack socks proxy client doesn't work with orbot.
  565. ralphm moparisthebest: is DNSSEC really a good thing, though? I've always wondered about its true utility and this thread didn't make it better. https://news.ycombinator.com/item?id=19241225
  566. Zash Are you reading the comments? On HN of all places?
  567. andy has left
  568. moparisthebest ralphm, eh it's totally different, a CA can issue a cert, not put it in the (new) cert log, and browsers etc still mostly trust it
  569. moparisthebest while .com *could* falsely sign a bad key, it's crazy public to do so
  570. ralphm Because many comments are bad, that doesn't mean all of them are. If you take your position to the extreme, you can stop reading on the internet. Or anywhere, I suppose.
  571. moparisthebest basically impossible to do targetted attacks with DNSSEC
  572. ralphm moparisthebest: so I understand you trust the security aspects of DNSSEC itself?
  573. Zash HN seems to think that anything that isn't HTTPS needs to die. If it's not JSON over HTTPS, then why even care?
  574. moparisthebest ralphm, I think by itself it's better than the current CA setup we have now, but combining them would be even better
  575. Zash And in that world, where HTTPS protects you from everything harmful, there's no need for anything else. DNSSEC is useless. IPv6 is useless.
  576. Ge0rG moparisthebest: I think you can do a targeted attack if you have control over a TLD zone and mitm your victim.
  577. Zash And XMPP is the most useless thing of all, it's not even JSON over HTTPS. Why even bother!
  578. Zash SCRAM is also useless. Why not just send plain text passwords over HTTPS? Can't be more perfectly secure than that!
  579. Seve True dat
  580. Ge0rG I think the biggest selling point of DNSSEC got lost with letsencrypt.
  581. Zash Ge0rG: The price? Yes.
  582. Zash Let's Encrypt also killed CAcert.org
  583. Ge0rG (you can get a free trusted certificate for your deployment)
  584. Ge0rG Zash: that's not true. CACert perfectly killed itself.
  585. Zash And they're well on their way to killing all other CAs and becoming ultimate gatekeeper for everything. Especially since everything must be HTTPS
  586. Andrew Nenakhov has left
  587. Ge0rG Zash: you need to take your depression medicine! 😜
  588. moparisthebest Ge0rG: moparisthebest: I think you can do a targeted attack if you have control over a TLD zone and mitm your victim.
  589. moparisthebest if they also control a CA key and the victim isn't using DNS-over-$something_secure ???
  590. moparisthebest that seems like a pretty hard attack to pull off
  591. Ge0rG The second biggest selling point in my eyes would be secure delivery of client certificates, eg. for S/MIME
  592. Ge0rG moparisthebest: DANE can override Root CA trust. Any nobody is using Do# yet
  593. moparisthebest android ships by default using DNS-over-TLS so that's basically the opposite of nobody
  594. Andrew Nenakhov has joined
  595. Ge0rG The biggest problem of DNSSEC isn't browsers but lack of support on TLDs and in resolvers
  596. Ge0rG moparisthebest: android 8?
  597. ralphm Regarding the targeted attacks, doesn't that depend on who the attacker is? E.g. I think state level actors get more control if you depends on DNSSEC. This problem also exists in the current public CA system, with countries like mine running an included CA. I'm not saying this is bad per se, but interesting if you're making threat models.
  598. moparisthebest I *think* it started with android 9
  599. Ge0rG So it's like 0.5% of Android devices? 🤣🤣
  600. Andrew Nenakhov has left
  601. Ge0rG ralphm: yes, your conclusion is right. However, with certificate transparency, things have shifted again
  602. moparisthebest ralphm, I'm saying for a targeted attack with current CA setup, the attacker needs to MITM you and have *any* CA cert, with DNSSEC in the mix they'd need the DNSSEC root key, plus to compromise all the DNS servers from root all the way down to your domain, plus a CA cert
  603. ralphm Ge0rG: for CAs, yes
  604. moparisthebest it's just substantially harder
  605. ralphm moparisthebest: hence my reference to state actors
  606. Ge0rG moparisthebest: they only need to compromise one level of DNS on your domain path...
  607. moparisthebest and yes certificate transparency fixes a bit of that, but iirc only browsers check that?
  608. Ge0rG moparisthebest: if you have the signing key for domain.com from the crappy DNS cloud provider, you only need to mitm the victim
  609. ralphm Well certificate transparency fixes that for future occurrences by the same CA maybe, not individual cases.
  610. zinid moparisthebest: I think anyone can monitor CT logs?
  611. moparisthebest I pin the public key of my resolvers so owning any CA key won't help, they'd have to hack the specific provider
  612. Zash CT for DNSSEC. There, all problems with DNSSEC solved!! :)
  613. moparisthebest zinid, right but if you steal a CA cert and sign your own certificates those aren't in the CT logs, you have to check if it's in the CT log when deciding whether to trust it or not, I think only browsers do his right now
  614. ralphm I also like to point out that many companies have internal CAs to issue their own certs to be trusted. Once you include that in your list of trusted CAs, it also means that they can issue and thus MitM all the things.
  615. zinid stealing CA certificate sounds like a thing 😂
  616. ralphm Unless you have some form of cert/key/CA pinning
  617. Ge0rG ralphm: and they often do traffic inspection
  618. Ge0rG ralphm: luckily for them, modern browsers don't enforce pining if the server certificate is signed by a locally installed CA
  619. Ge0rG So corporate mitm still works
  620. Ge0rG Did I just spoil your day?
  621. ralphm No, I refused to install the company CA
  622. ralphm (or software that could do that)
  623. Ge0rG Not something one can typically do on company provided gear
  624. neshtaxmpp has joined
  625. ralphm Yes, this is another thing I managed to avoid for all employers so far. All of my machines (usually ThinkPads) came fresh out of the vendor-sealed box.
  626. Ge0rG Only intercepted by the government once.
  627. moparisthebest I just wipe the corporate windows image and install linux :/
  628. moparisthebest had a friendly sysadmin get me a virtualbox corporate windows image to use for skype etc
  629. moparisthebest he's gone now though, don't know what I'll do when the forced windows 10 upgrade comes around :'(
  630. Andrew Nenakhov has joined
  631. ralphm Upgrade the virtualbox?
  632. moparisthebest upgrade the windows 7 running in the virtualbox
  633. ralphm Or backup/clean your drive, have them install it, then convert the disk to a virtual one?
  634. moparisthebest I tried all ways of doing that before and none would work, always windows BSOD after conversion
  635. moparisthebest it might be different now though, that was windows 7 and also years ago
  636. Ge0rG Cool, Firefox now implemented HTTP upload! https://blog.mozilla.org/blog/2019/03/12/introducing-firefox-send-providing-free-file-transfers-while-keeping-your-personal-information-private/
  637. ralphm Make sure you keep hold of your license key
  638. ralphm Ge0rG: nice
  639. 404.city has left
  640. Andrew Nenakhov has left
  641. Lance has joined
  642. Andrew Nenakhov has joined
  643. Maranda has joined
  644. Lance has left
  645. alacer has joined
  646. Andrew Nenakhov has left
  647. 404.city has joined
  648. Lance has joined
  649. zinid Ge0rG, at what servers get those files uploaded?
  650. intosi has left
  651. intosi has joined
  652. Ge0rG the Firefox cloud servers!
  653. moparisthebest firefox has DoH implemented too I think
  654. moparisthebest just not on by default, yet
  655. nyco has left
  656. Holger has left
  657. zinid Ge0rG, wow such private, much security
  658. Holger has joined
  659. nyco has joined
  660. Andrew Nenakhov has joined
  661. mimi89999 has left
  662. zinid Why does Firefox Send require JavaScript? Firefox Send uses JavaScript to: Encrypt and decrypt files locally on the client instead of the server. Render the user interface. Manage translations on the website into various different languages. Collect data to help us improve Send in accordance with our Terms & Privacy. <------- PRIVACY
  663. mimi89999 has joined
  664. moparisthebest I was going to say firefox *probably* encrypts locally, that's how their sync stuff works, it's pretty good
  665. moparisthebest unlike google who's entire business model is scraping all your info
  666. zinid so far google's business model works better 😀
  667. karoshi has left
  668. karoshi has joined
  669. moparisthebest for google, not for users :)
  670. zinid right, that's _google's_ business model, not yours 😀
  671. Andrew Nenakhov has left
  672. zinid but collecting data?
  673. zinid "we collect your DNA to improve our DNA analyzer"
  674. jonas’ send us your nudes to help us protect them! #facebook
  675. bowlofeggs i hate the "are you a human" google things because you are helping them train their AI bots for free
  676. bowlofeggs they should pay me for doing that
  677. jonas’ they "pay" you by allowing you to access content \o/ (sarcasm)
  678. bowlofeggs well these things are often used by non-google sites
  679. bowlofeggs but yeah i catch your drift ☺
  680. bowlofeggs there was a planet money where they talked about the inequity between what google makes per user and what they give that user for that data
  681. bowlofeggs iirc, google makes something around $1200 per year per user
  682. bowlofeggs and in exchange, that user gets… e-mail
  683. Andrew Nenakhov has joined
  684. bowlofeggs anyways, they interviewed some economist who thinks that someone will eventualyl start to pay users to use the services, in actual cash
  685. bowlofeggs to compete
  686. bowlofeggs the only problem is it that it would require enormous capital to compete with google, and you'd be competing by undercutting them, which requires even more enormous capital
  687. bowlofeggs well, "only" problem
  688. bowlofeggs there's also the network effect too of course
  689. zinid "also"
  690. Andrew Nenakhov has left
  691. ralphm Imagine they'd be good at doing social.
  692. Zash Google? Haven't they repeatedly failed at "social" things?
  693. mimi89999 has left
  694. zinid bowlofeggs, paying money to users is a huge taxing problem, especially when users come from many different countries, not sure how the tax will be administered in any particular country
  695. bowlofeggs true
  696. bowlofeggs so yeah, lots of problems ☺
  697. bowlofeggs but the larger point was that users are not getting a good deal
  698. moparisthebest they have plenty of users using them for free...
  699. moparisthebest I don't honestly know the solution there, it's easy enough for me to run xmpp+email etc for family, but if I get hit by a bus they'll all move back to gmail for sure :'(
  700. moparisthebest at least until my kids get older and I train them >:)
  701. bowlofeggs well you could pay a company to host you, that has acceptable ToS
  702. bowlofeggs the key is that the company should make money from being paid for the service, instead of making money by selling data
  703. bowlofeggs obvs, you have to trust them too
  704. bowlofeggs but even if you self host, you have to trust the vendors for the software and hardware you use to do that
  705. bowlofeggs so you can't escape trust, it's just a matter of where you want to draw the line
  706. ralphm Zash: my point?
  707. bowlofeggs i personally self host, but it's more because i find it kind of satisfying
  708. moparisthebest also legally at least in the USA if your data is on a 3rd party server, the govt can access it any time without a warrant or notice, for any reason
  709. bowlofeggs it's sort of the proof of how cool open source software is ☺
  710. bowlofeggs moparisthebest, indeed
  711. moparisthebest https://en.wikipedia.org/wiki/Third-party_doctrine
  712. moparisthebest so just from a principle point of view, you have to self-host on a server in your house :'(
  713. mimi89999 has joined
  714. Andrew Nenakhov has joined
  715. pep. has left
  716. pep. has joined
  717. Andrew Nenakhov has left
  718. tux has left
  719. Andrew Nenakhov has joined
  720. waqas has joined
  721. karoshi has left
  722. karoshi has joined
  723. Alex has joined
  724. Alex has left
  725. waqas has left
  726. lovetox has joined
  727. goffi has left
  728. goffi has joined
  729. Andrew Nenakhov has left
  730. 404.city has left
  731. Lance has left
  732. 404.city has joined
  733. tux has joined
  734. waqas has joined
  735. Andrew Nenakhov has joined
  736. rainslide has joined
  737. valo has joined
  738. Andrew Nenakhov has left
  739. rainslide has left
  740. Andrew Nenakhov has joined
  741. 404.city has left
  742. Alex has joined
  743. Andrew Nenakhov has left
  744. Alex has left
  745. Andrew Nenakhov has joined
  746. wurstsalat has joined
  747. andrey.g has left
  748. andrey.g has joined
  749. Andrew Nenakhov has left
  750. Andrew Nenakhov has joined
  751. vaulor has left
  752. vaulor has joined
  753. andrey.g has left
  754. Andrew Nenakhov has left
  755. Andrew Nenakhov has joined
  756. Andrew Nenakhov has left
  757. Andrew Nenakhov has joined
  758. Andrew Nenakhov has left
  759. Andrew Nenakhov has joined
  760. Alex has joined
  761. Andrew Nenakhov has left
  762. Andrew Nenakhov has joined
  763. Alex hey guys, anyone ready for our member meeting?
  764. Zash Hey!
  765. Guus O/
  766. moparisthebest been waiting for it all day
  767. Alex LOL
  768. Alex okay
  769. Alex bangs the gavel
  770. Alex here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2019-03-12
  771. Alex 1) Call for Quorum
  772. Alex as you can see 31 members voted via memberbot. So we have a quorum
  773. Alex 2) Items Subject to a Vote
  774. Alex new and returning members. You can see all applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q1_2019
  775. Alex 3) Opportunity for XSF Members to Vote in the Meeting
  776. Alex anyone here who has not voted yet and wants to vote here in the meeting?
  777. Alex looks like nobody want to vote in the meeting
  778. Alex then I can start counting and work on the result
  779. Guus 🥁
  780. kokonoe has left
  781. Alex 4) Announcement of Voting Results
  782. Alex When you reload the page you can see the results: https://wiki.xmpp.org/web/Meeting-Minutes-2019-03-12#Announcement_of_Voting_Results
  783. Alex All applicants were accepted
  784. Alex All Reappliers except of Bartlomiej Gorny were accepted
  785. Kev has left
  786. Steve Kille has left
  787. Ge0rG Yay!
  788. Alex 5) Any Other Business?
  789. Neustradamus Thanks!
  790. Alex and congrats to everyone ;-)
  791. Ge0rG Congrats to everyone but the person who didn't fill out the application
  792. Alex 6) Formal Adjournment
  793. Alex I motion that we adjourn
  794. Zash 👍
  795. Guus Seconded
  796. Alex bangs the gavel
  797. Guus Thank you once again, Alex
  798. Alex I am travelling right now. Willl send out the minute sand create the application page for the next quarter asap
  799. rtq3 has joined
  800. Guus Alex: thanks, safe travels!
  801. Zash Thanks, Alex.
  802. kokonoe has joined
  803. benpa has left
  804. Half-Shot has left
  805. Matthew has left
  806. uhoreg has left
  807. Matthew has joined
  808. benpa has joined
  809. uhoreg has joined
  810. Half-Shot has joined
  811. j.r has left
  812. j.r has joined
  813. architekt has joined
  814. rtq3 has left
  815. Alex has left
  816. rtq3 has joined
  817. architekt has left
  818. Syndace Weee thanks :D Happy to be an official member now!
  819. Guus Welcome to the dark side
  820. wurstsalat has left
  821. Zash Welcome to the sharp side, here's your angles: <<<<<
  822. Ge0rG Zash: we also need the closing ones!
  823. Zash Just turn them around! :)
  824. Kev has joined
  825. wurstsalat has joined
  826. andrey.g has joined
  827. Neustradamus Syndace: Welcome :)
  828. Kev has left
  829. Kev has joined
  830. andrey.g has left
  831. Kev has left
  832. andrey.g has joined
  833. zinid > All applicants were accepted 🤣🤣🤣
  834. Alex has joined
  835. wurstsalat has left
  836. rtq3 has left
  837. rtq3 has joined
  838. Alex has left
  839. goffi has left
  840. intosi has left
  841. larma has left
  842. Yagiza has left
  843. larma has joined
  844. igoose has left
  845. igoose has joined
  846. Nekit has left
  847. oli has joined
  848. lorddavidiii has left
  849. efrit has joined
  850. lorddavidiii has joined
  851. efrit has left
  852. efrit has joined
  853. j.r has left
  854. j.r has joined
  855. oli has left
  856. oli has joined
  857. j.r has left
  858. j.r has joined
  859. rtq3 has left
  860. efrit has left
  861. efrit has joined
  862. ThibG has left
  863. ThibG has joined
  864. andrey.g has left
  865. lorddavidiii has left
  866. lorddavidiii has joined
  867. wurstsalat has joined
  868. lnj has left
  869. Neustradamus has left
  870. Neustradamus has joined
  871. ralphm Interesting blog post + comments (hi Zash)
  872. ralphm news.ycombinator.com/item?id=19370281
  873. oli has left
  874. Alex has joined
  875. lorddavidiii has left
  876. efrit has left
  877. wurstsalat has left
  878. karoshi has left
  879. karoshi has joined
  880. ralphm Surprisingly positive about (and reminiscent of) XMPP.
  881. vanitasvitae has left
  882. lorddavidiii has joined
  883. vanitasvitae has joined
  884. Ge0rG Represented by pidgin.
  885. matlag has left
  886. matlag has joined
  887. waqas has left
  888. waqas has joined
  889. waqas has left
  890. waqas has joined
  891. waqas has left
  892. waqas has joined
  893. lorddavidiii has left
  894. waqas has left
  895. ta has left
  896. ta has joined
  897. ThibG has left
  898. ThibG has joined
  899. rtq3 has joined
  900. Alex has left
  901. edhelas has left
  902. edhelas has joined
  903. karoshi has left
  904. karoshi has joined
  905. Zash Kev, my server tells me your cert expired
  906. andrey.g has joined
  907. lovetox has left
  908. lovetox has joined
  909. lovetox has left
  910. mathieui has joined
  911. debacle has left