debacle, TL;DR: You only need to move to 12 if you want Monal to read you
debacle
Ge0rG Nice, first people use a medium, that prevent them from communicating in complete sentences. Then they work around it by sending many messages :-) Thanks anway!
debacle
pep. Yes, and I think Monal 5.0.1 just solved the problem anyway.
pep.
did it?
Ge0rG
I still think that the best solution to the OMEMO problem is to disable OMEMO
pep.
I doubt that's an OMEMO-only issue
debacle
Ah, no that's the other way around!
pep.
I mean this one specifically yes. Not this kind of issue though
debacle
*ChatSecure* 5.0.1 fixed 12 bytes IV receiving.
pep.
debacle, yeah, so my TL;DR holds :)
debacle
Monal is still "broken" by not receiving 16 bytes.
pulkomandyhas left
debacle
let's hope, there is a way for a new Monal version to accept both
debacle
pep. Unfortunately, at least two of my contacts use Monal. And it's my fault!
pep.
Maybe an incentive to push Debian to do exceptional releases? :P
debacle
pep. exceptional Debian release because of an Apple app. I'm so ashamed :-)
pep.
ha ha ha
rionhas left
rionhas joined
pulkomandyhas joined
larmahas left
pulkomandyhas left
pulkomandyhas joined
larmahas joined
sonnyhas left
lovetoxhas left
Marchas left
Marchas joined
paulhas left
Marchas left
Marchas joined
moparisthebest
debacle: limitation in Apple's crypto API precludes them from accepting 16 byte IVs with it, and France's stupid laws prevent them from using another crypto lib, so I doubt monal will fix it
lovetoxhas joined
lovetoxhas left
lovetoxhas joined
jonas’
wat?
pulkomandyhas left
pulkomandyhas joined
debacle
moparisthebest Sounds horrible!
pulkomandyhas left
moparisthebest
jonas’, which bit do you want clarification on?
jonas’
moparisthebest, what’s got france to do with that? I mean, which law is that?
moparisthebest
https://monal.im/blog/omemo-and-french-laws/ and https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/
moparisthebest
as I understand it, france requires him to get approval from the prime minister to "distribute a crypto library" OR he can use apple's supplied API, since that's distributed by Apple who already has said approval
jonas’
that’s not really cleared anything up
moparisthebest
https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/#comment-29385 not even that one?
pulkomandyhas joined
jonas’
no
jonas’
because that doesn’t explain which french law and with which rationale forces GCM implementations to register somewhere
moparisthebest
> import of a means of cryptology which does not exclusively provide authentication or integrity control functions are subject to a prior declaration to the Prime Minister
(Google Translate of French law)
moparisthebest
larma pasted that in dino channel earlier ^
lovetox
yeah and why cant i distribute my app on appstore, but every distro in the world can ship as much crypto libs as it wants to france users
moparisthebest
jonas’, basically apple has to approve or deny your app right? and they would not approve it for france without said certificate
moparisthebest
lovetox, iirc it's about shipping crypto *from* france, not *to*, I don't know, ask Apple
moparisthebest
> use restrictive shit OS / Ecosystem
moparisthebest
> surprised when it turns out to be restrictive and shitty
lovetox
im not a smartphone user, but this appstore monopole leads to weird stuff
jonas’
ISTM that france is the problem here, not iOS
Zash
why not both?
moparisthebest
french laws require apple to do this though, I guess
moparisthebest
or at minimum apple believes they are required to do this per french law
lovetox
seems to be a law to just limit encryption on smartphones
lovetox
they probably dont care about desktop
lovetox
but still weird, at this point why would you still trust apples crypto lib?
moparisthebest
*yet (or don't have a great way to enforce it, yet)
jonas’
or desktop is irrelevant
jonas’
my bet for "the year of the linux desktop" is when the desktop has become so irrelevant that it’s only used by nerds ;)
lovetox
but yeah good plan, force all application to use a single lib
moparisthebest
it was 2009, when everyone had a phone, running linux, sitting on top of their desk (otherwise known as their desktop) :P
lovetox
then outlaw that lib
lovetox
boom no encryption anymore :)
moparisthebest
lovetox, why outlaw it, it's an "approved" lib (maybe even backdoored :))
moparisthebest
only thing better than outlawing encryption is telling everyone you are encrypting while secretly sending copies to yourself
pulkomandyhas left
Wojtekhas left
pulkomandyhas joined
paulhas joined
Wojtekhas joined
pulkomandyhas left
pulkomandyhas joined
pulkomandyhas left
pulkomandyhas joined
sonnyhas joined
kikuchiyohas left
lovetoxhas left
pulkomandyhas left
pulkomandyhas joined
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas joined
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas left
kikuchiyohas joined
debaclehas left
pep.
happy to see we're discussing the stupidity of French laws. I wonder if Anu would join us in protests. Anyone else interested? We have spare pitchforks!
kikuchiyohas left
Wojtekhas left
moparisthebest
Anyone who willingly owns an iPhone is used to bending over I assume
kikuchiyohas joined
kikuchiyohas left
paulhas left
asterixhas left
larma
I think the reason why Apple cares so much about the apps in their App Store is that they are considered the entity importing when downloading the app on an iPhone in France.
For Linux distributions and most desktop software, it is the end user doing the import when downloading the software. The reasons why Apple can not argue the same are probably that a) they don't allow any third party software to download apps from the app store, and b) they don't allow to download apps from third party sources. Their closed ecosystem kind of implies that they actually control what is downloaded and installed on the phone so they can be held liable. IANAL though ;)
pep.
So that would also happen with any other store thingy? Android, Microsoft? (Steam? etc., who knows what games include nowadays :p)
moparisthebest
But all those you can download apps without using the stores
moparisthebest
I don't know legally if that makes a difference or anything
Zash
Something like common carrier regulations where if you do mess with stuff, you're on the hook for the legality of it.