XSF Communications Team - 2018-11-30


  1. Neustradamus has left

  2. Link Mauve has left

  3. Link Mauve has joined

  4. arnaudj has left

  5. Neustradamus has left

  6. arnaudj has joined

  7. Neustradamus has joined

  8. jc has left

  9. vanitasvitae has left

  10. vanitasvitae has joined

  11. vanitasvitae has left

  12. vanitasvitae has joined

  13. arnaudj has left

  14. arnaudj has joined

  15. jc has joined

  16. vanitasvitae has left

  17. vanitasvitae has joined

  18. vanitasvitae has left

  19. vanitasvitae has joined

  20. vanitasvitae has left

  21. vanitasvitae has joined

  22. vanitasvitae has left

  23. vanitasvitae has joined

  24. arnaudj has left

  25. arnaudj has joined

  26. ArnaudJ has joined

  27. 404.city has joined

  28. vanitasvitae has left

  29. vanitasvitae has joined

  30. 404.city has left

  31. vanitasvitae has left

  32. vanitasvitae has joined

  33. ArnaudJ has left

  34. winfried has joined

  35. winfried has joined

  36. vanitasvitae has left

  37. vanitasvitae has joined

  38. jc

    arnaudj I'm writing the newsletter currently, will ping you once I'm done, if you'd like to translate

  39. arnaudj

    hi jc‎ !

  40. arnaudj

    thank you for pinging me!

  41. jc

    Sure! 🙂

  42. arnaudj

    what is the estimated date of publication?

  43. jc

    Today, this afternoon

  44. jc

    We always publish on the last Friday of the month

  45. jc

    "always' being interpreted loosely

  46. arnaudj

    OK :-)

  47. jc

    Sorry that you don't get much time

  48. jc

    Ideally we should write the newsletter throughout the month

  49. arnaudj

    no problem

  50. jc

    That would also make it easier for you and require less crunch time at the end of the month

  51. jc

    but so far I haven't been able to get into the habit of doing it like that

  52. jc

    By nature I procrastinate until the last minute

  53. SouL

    What I wanted to add to this newsletter

  54. SouL

    was to mention the section of translated newsletters

  55. SouL

    I also wanted to translate some, so we would have more content

  56. SouL

    apart from French

  57. arnaudj

    I've added a reminder in my calendar, to put some time aside every last Friday

  58. jc

    cool

  59. jc

    Would you guys describe Movim as an XMPP client?

  60. jc

    Or should it be mentioned under "Other software"? 🙂

  61. jc

    I'm adding this month's releases

  62. vanitasvitae has left

  63. vanitasvitae has joined

  64. vanitasvitae has left

  65. vanitasvitae has joined

  66. arnaudj

    jc‎: I asked edhelas‎

  67. jc

    tx

  68. jc

    This has been a good month, lots of stuff happening

  69. arnaudj

    he said "other" is perhaps the best choice

  70. arnaudj

    since it's a bit more than a client

  71. jc

    ok thanks, I thought so

  72. jc

    arnaudj, SouL: Here's the latest newsletter https://github.com/xsf/xmpp.org/blob/newsletter-2018-11-30/content/posts/newsletter/2018-11-30.md

  73. jc

    I would appreciate a proofread. I'll take a break and then read it again myself

  74. SouL

    THe Monal..

  75. SouL

    Just that capital H

  76. MattJ

    jc, the link in the Monal part to "empty state screens" appears to have the incorrect URL

  77. MattJ

    It links to feeds.opkode and prompts for auth

  78. jc

    Thanks SouL and MattJ. Fixed

  79. SouL

    Sorry for not better proofread, I'm ina meeting I can't escape :(

  80. jc

    no problem

  81. arnaudj has left

  82. jc

    Guus is worried about this section: https://github.com/xsf/xmpp.org/pull/484/files#diff-45ce3b70f855ee8884f189d7b4742fa6R28

  83. jc

    That it might look like XMPP is insecure, even though their server might have been hacked in all kinds of ways unrelated to XMPP

  84. jc

    Any suggestions on how to change the wording?

  85. jc

    I personally think it's kind of OK the way it is

  86. vanitasvitae

    jc: are you sure iron chat is a conversations fork?

  87. vanitasvitae

    It doesn't look like that at all

  88. jc

    I read it in twitter

  89. jc

    I can remove that part

  90. MattJ

    jc, the problem was users not verifying fingerprints, at the end of the day

  91. jc

    MattJ: Yes, that's mentioned in the paragraph

  92. jc

    That and the fact that their server (the OS) was somehow compromised

  93. MattJ

    Every end-to-end encryption method is vulnerable to this (you need to identify the other end somehow)

  94. MattJ

    No, I don't think that covers it

  95. arnaudj

    I read the newsletter and did not find any error

  96. MattJ

    OTR and OMEMO are precisely valuable because they can remain secure in the event of server compromise

  97. jc

    In theory 🙂

  98. vanitasvitae

    Wasn't there an essay by a gchq guy recently who proposed to make mitm the new standard way of intercepting comms?

  99. jc

    But as was shown here... users don't verify so they get compromised

  100. MattJ

    jc, in practice, if users verify fingerprints

  101. jc

    I think the fact that the server was compromised is relevant though

  102. jc

    Because it's a necessary (but not sufficient) first step

  103. MattJ

    In practice, they don't. And I think this is the point that should be called out in the newsletter, the server compromise is not the weak point

  104. jc

    Ok but did you read the paragraph? I do mention that they didn't verify

  105. MattJ

    As far as preventing any perception that XMPP is insecure

  106. jc

    I can update it further

  107. jc

    I'm being called for lunch now though 🙂

  108. MattJ

    Oh, I didn't see that when I read it earlier

  109. MattJ

    I'll work an an alternative proposal for that paragraph

  110. MattJ

    Another source online says IronChat was based on Xabber

  111. MattJ

    iirc the Xabber author confirmed this in xsf@

  112. vanitasvitae has left

  113. vanitasvitae has joined

  114. pep.

    "jc> I think the fact that the server was compromised is relevant though" < I think it's very important to specify that, if this gets in the newsletter. Not verifying fingerprints is one thing and we know users don't care anyway but still want e2ee [blah blah], but if the server wasn't under an $evil party in the first place, they would have had to break TLS. (or use the law)

  115. pep.

    "jc> I think the fact that the server was compromised is relevant though" < I think it's very important to specify that, if this gets in the newsletter. Not verifying fingerprints is one thing and we know users don't care anyway but still want e2ee [blah blah], but if the server wasn't maintained by an $evil party in the first place, they would have had to break TLS. (or use the law)

  116. pep.

    As I understand it the police (or gouvernment entity) controlled the server right?

  117. pep. has left

  118. jc

    pep. yes

  119. vanitasvitae has left

  120. vanitasvitae has joined

  121. Guus has left

  122. Guus has joined

  123. vanitasvitae has left

  124. vanitasvitae has joined

  125. jc has left

  126. jc has left

  127. jc has left

  128. arnaudj has left

  129. jc has left

  130. jc has left

  131. arnaudj has joined

  132. arnaudj has left

  133. arnaudj has joined

  134. jc has left

  135. Neustradamus has left

  136. Nÿco has left

  137. Nÿco has joined

  138. Guus has joined

  139. Guus has joined

  140. vanitasvitae has left

  141. Neustradamus has left

  142. jc has left

  143. jc has left

  144. arnaudj has left

  145. arnaudj has joined

  146. jc has left

  147. Neustradamus has left

  148. vanitasvitae has left

  149. Neustradamus has joined

  150. jc has left

  151. jc has left

  152. jc has joined

  153. vanitasvitae has left

  154. vanitasvitae has left