tomApparently Zoom is based on XMPP. yet another evil tech corp taking free software & open interoperable standards, ripping out the interoperability, and adding in spyware https://upload.nuegia.net/e33e0872-eda4-49c3-9dd2-715e668c98a1/screenshot.png
ralphmhas left
tom
» Elastic Search, Elastic cache, DynamoDB, SQS and S3
I can't think of why these tools would be required to running an XMPP server
tomMy guess is that they are storing absolutely EVERYTHING to an amazon S3 bucket
tomEven videocalls
tomRunning ""analytics"" on them
tomDid you know that Egypt was found to record ALL IP traffic egressing the country to disk?
stvnhas left
holgerhas left
tom
» Running ""analytics"" on them
to """improve our services"""
Licaon_Kterhas joined
Licaon_Kter [yaxim refugee for mucs]has joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
thndrbvrZoom has also said they want to be able to share everything with the US gov't. They kept flip flopping with how any sort of encryption was being done.
stpeterhas joined
stvnhas joined
tomSooner or later that giant bucket of userdata is going to leak
tomEspecially with their security track record
tomIt will probably be the next Cambridge analytica
tomPossibly worse
mss_cyclisthas left
tomI'm tempted to download the binary on a separate machine, do a little blackboxing myself. Maybe throw it into Ghirda
mss_cyclisthas joined
stpeterhas left
ralphmhas joined
holgerhas joined
stvnhas left
stvnhas joined
seandreashas joined
thndrbvrhas left
jayteeukhas left
jayteeukhas joined
Nils (10rokita)has left
jayteeukhas left
jayteeukhas joined
cuchas joined
Nils (10rokita)has joined
lorddavidiiihas joined
cuchas left
cuchas joined
cuchas left
cuchas joined
schorschhas left
seandreashas left
Pingu from Woodquarterhas joined
mehdihas left
mehdihas joined
seandreashas joined
thndrbvrhas joined
madmalkavhas joined
perflysthas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
karimhas joined
perflysthas left
stpeterhas joined
stvnhas left
mightyBroccolihas left
stvnhas joined
maineshas left
maineshas joined
stpeterhas left
Marandahas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
perflysthas joined
colochonhas joined
lorddavidiiihas left
lorddavidiiihas joined
mightyBroccolihas joined
sgergerhas joined
10rokitahas joined
Beherithas left
Beherithas joined
thndrbvrhas left
mightyBroccolihas left
stvnhas left
Beherithas left
perflysthas left
mightyBroccolihas joined
stvnhas joined
Beherithas joined
karimhas left
stvnhas left
colochonhas left
stvnhas joined
vu764hd68fxthas joined
thndrbvrhas joined
seandreashas left
maineshas left
maineshas joined
insanityhas left
Huxxhas joined
colochonhas joined
mehdihas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
stvnhas left
vu764hd68fxthas left
vu764hd68fxthas joined
stvnhas joined
stvnhas left
Beherithas left
Beherithas joined
Melhas left
insanityhas joined
Douglas Terabytehas joined
seantoddhas left
seantoddhas joined
karimhas joined
andrey.utkinhas joined
thndrbvrhas left
stvnhas joined
perflysthas joined
stvnhas left
Melhas joined
stpeterhas joined
schorschhas joined
schorschhas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
perflysthas left
stvnhas joined
stpeterhas left
jayteeukhas left
jayteeukhas joined
Melhas left
Melhas joined
jayteeukhas left
jayteeukhas joined
stvnhas left
schorschhas joined
stvnhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
Martinhas left
Martinhas joined
ksuxat.has joined
schorschhas left
schorschhas joined
schorschhas left
nawhas joined
Douglas Terabytehas left
karimhas left
karimhas joined
solhas left
solhas joined
nawhas left
ajeremiashas joined
insanityhas left
insanityhas joined
schorschhas joined
andrey.utkinhas left
andrey.utkinhas joined
schorschhas left
insanityhas left
solhas left
solhas joined
insanityhas joined
insanityhas left
perflysthas joined
Link Mauvehas joined
stpeterhas joined
insanityhas joined
perflysthas left
kikuchiyohas joined
stvnhas left
stvnhas joined
kikuchiyohas left
kikuchiyohas joined
stpeterhas left
Viktor Lindberghas left
Viktor Lindberghas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
kikuchiyohas left
sonnyhas left
sonnyhas joined
jayteeukhas left
jayteeukhas joined
kikuchiyohas joined
abidal3has left
abidal3has joined
stvnhas left
schorschhas joined
stvnhas joined
insanityhas left
schorschhas left
ajeremiashas left
stvnhas left
stvnhas joined
maineshas left
sakhmatdhas left
sakhmatdhas joined
kikuchiyohas left
sakhmatdhas left
stvnhas left
sakhmatdhas joined
benhas left
jayteeukhas left
jayteeukhas joined
abidal3has left
abidal3has joined
stvnhas joined
jayteeukhas left
jayteeukhas joined
maineshas joined
benhas joined
calvinhas joined
calvinhas left
calvinhas joined
schorschhas joined
ahas left
stpeterhas joined
schorschhas left
ahas joined
schorschhas joined
sonnyhas left
sonnyhas joined
schorschhas left
stpeterhas left
schorschhas joined
kikuchiyohas joined
kikuchiyohas left
schorschhas left
schorschhas joined
stvnhas left
schorschhas left
abidal3has left
lorddavidiiihas left
abidal3has joined
lorddavidiiihas joined
solhas left
stvnhas joined
solhas joined
musashihas left
musashihas joined
insanityhas joined
insanityhas left
Marandahas left
Marandahas joined
kikuchiyohas joined
insanityhas joined
insanityhas left
insanityhas joined
Melhas left
Melhas joined
abidal3has left
holgerhas left
stvnhas left
stvnhas joined
stvnProsody or ejabberd ?
Licaon_Kterstvn: yes...
stvnHaha, so both are good ?
Licaon_Kterstvn: yes, depends on stuff, what's your usecase?
stvnhas left
stvnhas joined
stvnPersonal server, vps hosted, id also open registration for other people to use
holgerhas joined
stvnthndrbvr: now on zoom you have to pay for e2e
cuchas left
insanityhas left
insanityhas joined
MattJstvn: running a public server involves some amount of work - dealing with spammers, and so on
MattJI'd recommend against it generally, unless you're really prepared for that
aor not dealing with spammers at all
aI was told about day Tigase can automatically detect and block spam accounts
aI was told another day Tigase can automatically detect and block spam accounts
asadly I don't use Tigase
MattJNot sure what Tigase does exactly, but Prosody has similar capabilities
abut I'm pretty sure a similar feature will be available in ejaaberd eventually
abut I'm pretty sure a similar feature will be available in ejabberd eventually
Ge0rG"automatically detect and block spammers" - ha, I wish there'd be such a thing
Beherithas left
Ge0rGthe best you can get is automatically block people who registered throuh potential proxy servers
aso... go for it. go for the open server. the more the merrier
MattJhttps://yaxim.org/blog/2020/05/12/new-anti-spam-measures/ - example write-up from Ge0rG for Prosody
Licaon_Kterstvn: open for other people does not mean public necessary, eg. You can create the account and share the credentials.
MattJLicaon_Kter: noooooooooooo
MattJWhy do XMPP folk think that handing around passwords is acceptable in 2020?
Ge0rGMattJ: because there is no other way with an UX that is understandable by users
MattJGe0rG: that's demonstrably not true?
stvnhas left
Ge0rGMattJ: ...in XMPP
Beherithas joined
MattJEasy invites work great
Ge0rGMattJ: I tried it once with a family member, and it wasn't perfect.
MattJOh?
MattJI tried it with 8 family members and about 20 people at FOSDEM
stvnhas joined
Ge0rGMattJ: maybe it's better if we push the JID and token through Google Play.
MattJThat's what Snikket does, works great
stvnDont think id had much public traffic tbh
stvnBut id defently allow public acces, i will look around spam protection then
MattJstvn: spam bots scan for servers that allow registration and can register thousands of accounts each day
stvnIs there some xmpp monitor ?
MattJAlso see https://prosody.im/doc/public_servers
Ge0rGMattJ: it still lacks a big bold 30pt statement about the rule #1 of running public xmpp servers
cuchas joined
Licaon_Kter> I tried it with 8 family members and about 20 people at FOSDEM
I'm not doing this ^^^ so it scales :))
Licaon_KterAlso clients can change passwords...c'mon
cuchas left
cuchas joined
Licaon_KterGe0rG: what's that? _"DON'T"_?
pep.Licaon_Kter, how many of these users are going to it (change passwords)
stvnhas left
stvnhas joined
Licaon_KterLet's not move the goalpost :))
stpeterhas joined
mehdihas joined
derventiohas joined
stvnhas left
pep."Why do XMPP folk think that handing around passwords is acceptable in 2020?" < I'm not moving this one. I agree with the statement behind the question and I was just continuing to highlight pitfalls of your approach :)
Licaon_Kter¯\_(ツ)_/¯
Licaon_Kterejabberd lol
Beherithas left
Martin> Why do XMPP folk think that handing around passwords is acceptable in 2020?
I had to do those for my apples.
Beherithas joined
Licaon_KterMattJ:
> Why do XMPP folk think that handing around passwords is acceptable in 2020?
Having one client on one platform and one server...is acceptable? What is this now, Matrix?
seandreashas joined
pep.I agree that's a fair point. Neither protocols nor implementations are close to fixing this. That doesn't make handling around passwords more acceptable though
MattJMartin: Siskin has supported invite links since FOSDEM
Ge0rGLicaon_Kter: exactly!
MattJAnd the invite page allows you to enter a password manually to create the account
MattJSo no, I don't think a single implementation is healthy, and I don't think it's what we have
cuchas left
pep.MattJ, prosody's original mod_invite you mean?
MartinMattJ: Hmm, didn't know that.
Licaon_KterMattJ: I do want all this ofcourse, but I can't erlang so there's that....
MattJpep.: original and the Snikket one
pep.ok
MattJSo from the user perspective the only difference with the new stuff is that you can register right within the app instead of on the site