jdev - 2020-02-18

  1. moparisthebest has joined

  2. debacle has left

  3. ivy42 has left

  4. ivy has left

  5. moparisthebest has left

  6. strar has left

  7. strar has joined

  8. zuk has joined

  9. zuk has left

  10. allie has left

  11. allie has joined

  12. pink has joined

  13. pink has left

  14. strar has left

  15. strar has joined

  16. paul has joined

  17. wurstsalat has joined

  18. Marc has left

  19. Marc has joined

  20. asterix has joined

  21. pulkomandy has left

  22. debacle has joined

  23. serge90 has left

  24. strar has left

  25. serge90 has joined

  26. strar has joined

  27. asterix has left

  28. asterix has joined

  29. goffi has joined

  30. Marc has left

  31. Marc has joined

  32. asterix has left

  33. asterix has joined

  34. asterix has left

  35. asterix has joined

  36. asterix has left

  37. asterix has joined

  38. asterix has left

  39. asterix has joined

  40. debacle has left

  41. asterix has left

  42. asterix has joined

  43. asterix has left

  44. asterix has joined

  45. Alex has joined

  46. asterix has left

  47. asterix has joined

  48. pulkomandy has joined

  49. debacle has joined

  50. larma has joined

  51. pulkomandy has left

  52. kikuchiyo has left

  53. asterix has left

  54. pulkomandy has joined

  55. asterix has joined

  56. asterix has left

  57. asterix has joined

  58. asterix has left

  59. asterix has joined

  60. ankit has joined

  61. kikuchiyo has joined

  62. kikuchiyo has left

  63. Alex has left

  64. kikuchiyo has joined

  65. pulkomandy has left

  66. hi has joined

  67. kikuchiyo has left

  68. paul has left

  69. hi has left

  70. kikuchiyo has joined

  71. tsk has left

  72. tsk has joined

  73. asterix has left

  74. asterix has joined

  75. strar has left

  76. strar has joined

  77. rion has left

  78. rion has joined

  79. moparisthebest has joined

  80. Alex has joined

  81. paul has joined

  82. kikuchiyo has left

  83. pulkomandy has joined

  84. kikuchiyo has joined

  85. pulkomandy has left

  86. pulkomandy has joined

  87. ankit has left

  88. Wojtek has joined

  89. Zash has left

  90. Zash has joined

  91. serge90 has left

  92. serge90 has joined

  93. kikuchiyo has left

  94. pulkomandy has left

  95. pulkomandy has joined

  96. kikuchiyo has joined

  97. pulkomandy has left

  98. pulkomandy has joined

  99. allie has left

  100. allie has joined

  101. Alex has left

  102. Alex has joined

  103. lovetox has joined

  104. serge90 has left

  105. serge90 has joined

  106. pulkomandy has left

  107. pulkomandy has joined

  108. pulkomandy has left

  109. pulkomandy has joined

  110. kikuchiyo has left

  111. lovetox has left

  112. strar has left

  113. debacle has left

  114. strar has joined

  115. lovetox has joined

  116. pulkomandy has left

  117. pulkomandy has joined

  118. goffi has left

  119. debacle has joined

  120. lovetox has left

  121. lovetox has joined

  122. pulkomandy has left

  123. pulkomandy has joined

  124. debacle

    Is there a good abstract about the 96 vs. 128 bits OMEMO mess? Which explains, why clients should move to 96 bits and how things went wrong? TIA!

  125. Ge0rG

    96 bits?

  126. Ge0rG

    ah, 12 bytes. I was confused for a brief moment

  127. kikuchiyo has joined

  128. Ge0rG

    debacle: https://twitter.com/iNPUTmice/status/1228950491805167617

  129. pep.

    debacle, TL;DR: You only need to move to 12 if you want Monal to read you

  130. debacle

    Ge0rG Nice, first people use a medium, that prevent them from communicating in complete sentences. Then they work around it by sending many messages :-) Thanks anway!

  131. debacle

    pep. Yes, and I think Monal 5.0.1 just solved the problem anyway.

  132. pep.

    did it?

  133. Ge0rG

    I still think that the best solution to the OMEMO problem is to disable OMEMO

  134. pep.

    I doubt that's an OMEMO-only issue

  135. debacle

    Ah, no that's the other way around!

  136. pep.

    I mean this one specifically yes. Not this kind of issue though

  137. debacle

    *ChatSecure* 5.0.1 fixed 12 bytes IV receiving.

  138. pep.

    debacle, yeah, so my TL;DR holds :)

  139. debacle

    Monal is still "broken" by not receiving 16 bytes.

  140. pulkomandy has left

  141. debacle

    let's hope, there is a way for a new Monal version to accept both

  142. debacle

    pep. Unfortunately, at least two of my contacts use Monal. And it's my fault!

  143. pep.

    Maybe an incentive to push Debian to do exceptional releases? :P

  144. debacle

    pep. exceptional Debian release because of an Apple app. I'm so ashamed :-)

  145. pep.

    ha ha ha

  146. rion has left

  147. rion has joined

  148. pulkomandy has joined

  149. larma has left

  150. pulkomandy has left

  151. pulkomandy has joined

  152. larma has joined

  153. sonny has left

  154. lovetox has left

  155. Marc has left

  156. Marc has joined

  157. paul has left

  158. Marc has left

  159. Marc has joined

  160. moparisthebest

    debacle: limitation in Apple's crypto API precludes them from accepting 16 byte IVs with it, and France's stupid laws prevent them from using another crypto lib, so I doubt monal will fix it

  161. lovetox has joined

  162. lovetox has left

  163. lovetox has joined

  164. jonas’


  165. pulkomandy has left

  166. pulkomandy has joined

  167. debacle

    moparisthebest Sounds horrible!

  168. pulkomandy has left

  169. moparisthebest

    jonas’, which bit do you want clarification on?

  170. jonas’

    moparisthebest, what’s got france to do with that? I mean, which law is that?

  171. moparisthebest

    https://monal.im/blog/omemo-and-french-laws/ and https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/

  172. moparisthebest

    as I understand it, france requires him to get approval from the prime minister to "distribute a crypto library" OR he can use apple's supplied API, since that's distributed by Apple who already has said approval

  173. jonas’

    that’s not really cleared anything up

  174. moparisthebest

    https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/#comment-29385 not even that one?

  175. pulkomandy has joined

  176. jonas’


  177. jonas’

    because that doesn’t explain which french law and with which rationale forces GCM implementations to register somewhere

  178. moparisthebest

    > import of a means of cryptology which does not exclusively provide authentication or integrity control functions are subject to a prior declaration to the Prime Minister (Google Translate of French law)

  179. moparisthebest

    larma pasted that in dino channel earlier ^

  180. lovetox

    yeah and why cant i distribute my app on appstore, but every distro in the world can ship as much crypto libs as it wants to france users

  181. moparisthebest

    jonas’, basically apple has to approve or deny your app right? and they would not approve it for france without said certificate

  182. moparisthebest

    lovetox, iirc it's about shipping crypto *from* france, not *to*, I don't know, ask Apple

  183. moparisthebest

    > use restrictive shit OS / Ecosystem

  184. moparisthebest

    > surprised when it turns out to be restrictive and shitty

  185. lovetox

    im not a smartphone user, but this appstore monopole leads to weird stuff

  186. jonas’

    ISTM that france is the problem here, not iOS

  187. Zash

    why not both?

  188. moparisthebest

    french laws require apple to do this though, I guess

  189. moparisthebest

    or at minimum apple believes they are required to do this per french law

  190. lovetox

    seems to be a law to just limit encryption on smartphones

  191. lovetox

    they probably dont care about desktop

  192. lovetox

    but still weird, at this point why would you still trust apples crypto lib?

  193. moparisthebest

    *yet (or don't have a great way to enforce it, yet)

  194. jonas’

    or desktop is irrelevant

  195. jonas’

    my bet for "the year of the linux desktop" is when the desktop has become so irrelevant that it’s only used by nerds ;)

  196. lovetox

    but yeah good plan, force all application to use a single lib

  197. moparisthebest

    it was 2009, when everyone had a phone, running linux, sitting on top of their desk (otherwise known as their desktop) :P

  198. lovetox

    then outlaw that lib

  199. lovetox

    boom no encryption anymore :)

  200. moparisthebest

    lovetox, why outlaw it, it's an "approved" lib (maybe even backdoored :))

  201. moparisthebest

    only thing better than outlawing encryption is telling everyone you are encrypting while secretly sending copies to yourself

  202. pulkomandy has left

  203. Wojtek has left

  204. pulkomandy has joined

  205. paul has joined

  206. Wojtek has joined

  207. pulkomandy has left

  208. pulkomandy has joined

  209. pulkomandy has left

  210. pulkomandy has joined

  211. sonny has joined

  212. kikuchiyo has left

  213. lovetox has left

  214. pulkomandy has left

  215. pulkomandy has joined

  216. pulkomandy has left

  217. pulkomandy has joined

  218. kikuchiyo has joined

  219. pulkomandy has left

  220. pulkomandy has joined

  221. kikuchiyo has left

  222. kikuchiyo has joined

  223. debacle has left

  224. pep.

    happy to see we're discussing the stupidity of French laws. I wonder if Anu would join us in protests. Anyone else interested? We have spare pitchforks!

  225. kikuchiyo has left

  226. Wojtek has left

  227. moparisthebest

    Anyone who willingly owns an iPhone is used to bending over I assume

  228. kikuchiyo has joined

  229. kikuchiyo has left

  230. paul has left

  231. asterix has left

  232. larma

    I think the reason why Apple cares so much about the apps in their App Store is that they are considered the entity importing when downloading the app on an iPhone in France. For Linux distributions and most desktop software, it is the end user doing the import when downloading the software. The reasons why Apple can not argue the same are probably that a) they don't allow any third party software to download apps from the app store, and b) they don't allow to download apps from third party sources. Their closed ecosystem kind of implies that they actually control what is downloaded and installed on the phone so they can be held liable. IANAL though ;)

  233. pep.

    So that would also happen with any other store thingy? Android, Microsoft? (Steam? etc., who knows what games include nowadays :p)

  234. moparisthebest

    But all those you can download apps without using the stores

  235. moparisthebest

    I don't know legally if that makes a difference or anything

  236. Zash

    Something like common carrier regulations where if you do mess with stuff, you're on the hook for the legality of it.

  237. sonny has left