XSF Discussion - 2018-03-17

I think I'm late to the party, it's the xhtml-im thread all over again

Maybe you should ask a search engine of your trust

My OMEMO library successfully decrypted its first message sent to it from conversations today!

Yay :)

Is my name Syndace currently? Little confused

Yes

Nice

Syndace: nice!

Syndace: great, looking forward to try it.

Urm the OSX Messages App can do xmpp?

You don't remember iChat?

Hmm yes but I don't know if it still has xmpp support

Zash, apple stuff not really my thing tbh :P

Syndace, what language do you use for your OMEMO lib?

Python

(2 and 3)

Syndace: which dependencies does it have?

libsodium for the crypto and google protobuf for the wire format

Syndace: you know that OWS likes to consider implementations of the signal protocol as derivative work? :/

vanitasvitae, the specification of the protocol is creative commons

Syndace, what is your use case? are you also working on a xmpp client?

but can a protocol really be copyrightable?

vanitasvitai, But I don't know a whole lot about licenses, I hope for a little help by you guys once it's public

marc, I want to provide a solid alternative to the monopoly libsignal implementation, that does not use GPL.

Syndace: Have you as much as thought about looking at their implementation?

iiro.laiho: Oracle lawyers would argue yes

I hope it'll help OMEMO move forward

Syndace: you probably can't accept help from anyone who looked at gpl signal code

Damn what?

I can't even look at it?

vanitasvitae, wait, the OWS guys hinder open source devs implementing their protocol?

Syndace: no you cannot look at it

I did not reuse any of their code

marc: i remember they sued the wire guys

But that was before the protocol specs were released afaik

I finished the library without looking at libsignal, only when I was done I had to look at it, to know how they serialize their data structures.

I can't be compatible to their library without knowing that

Syndace: that makes it a derivative work and gpl I think

Why is GPL such cancer

(sorry)

I guess if things get problematic it's okay to go with GPL until we maybe move away from libsignals wire format and we finally have our own OMEMO.

Syndace, is there demand for a non-gpl lib?

https://en.wikipedia.org/wiki/Clean_room_design?wprov=sfla1

Check that Syndace

marc: You've not seen the looooooong threads about how OMEMO can't be used unless there's a non-GPL library?

Gpl is the best, don't fight it, just let it's glory wash over you

moparisthebest: Thanks, will do so later

Zash, no, are you kidding me? :D

Please dear god don't make another GPL implementation…

marc: I don't know how long the threads were. Server dev, etc.

Aaaaaaah haaalp :D

marc: But they existed.

I would absolutely *love* it if there was an Apache or BSD/MIT/similar licensed version.

Code in RFCs are usually some BSD license for a reason, after all.

I really don't want GPL, but if just looking at their wire format makes the lib GPL, I have no choice

Zash, what's the problem in a nutshell?

It doesn't as long as you're not redistributing their library or code.

(disclaimer: not a lawyer, etc.)

Well the one thing that I kind of have to "copy" or at least recreate is their protobuf structure definition

Syndace: FSF can link you with a lawyer if you need advices

That's just part of the current OMEMO specification and there's no way (I can think of) to avoid that

marc: It doesn't fit in a nutshell.

Are we still using their protobuf stuff? I thought daniel moved OMEMO off of that a while ago

Apparently I was mistaken

SamWhited, nope, that's the current OMEMO xep

including the protobuf stuff

SamWhited: I think the other ones are still pr's on github

oh right, we never merged those.

Partially due to the disagreement about there not being a non-GPL library, IIRC :)

Ha!

Syndace: so the proper way to do that is have someone else look and document it, then you recreate it from docs

marc: Look for posts by Remko or Kev I guess

But it's too late now...

moparisthebest: Not too late, the wireformat is just a super small part, I might aswell release the lib without the wire format first.

Zash, @standards

Implement only from documentation, while being locked in a room with only that documentation and an airgapped type writer.

?

marc: yes

But then you can't write it since you looked Syndace , you could document it though

Or pray that they don't read these logs :)

https://github.com/SirCmpwn/TrueCraft/blob/master/README.md#get-involved similarish problem explaining it Syndace

OWS does have a history of suing people too

So, following plan: The library is alreay split into multiple projects: The X3DH key agreement, the DoubleRatchet the XEdDSA and the final OMEMO library, putting it all together. All of the parts, except for the OMEMO library, were written without having a single look at the libsignal implementation. So, I could release huge parts under MIT, except for the OMEMO part, which I have to GPL apparently. That's what we could do as a transitional solution. And as soon as we merge a PR moving away from the libsignal wire format, we can swap the last part to MIT.

Syndace: you could define your own wire format

The we patch libsignal :D

Nevermind, thata what you just wrote :D

Syndace, do you have your code public?

not yet

Expected in a few days, less than a week

i currently use python-axolotl

but it uses pycrypto which is bad, and also the project seems not maintained anymore

so im looking forward to your work

lovetox: Nice to hear, I'm super excited :D

My phone is going to die, I'll read through the links you sent me later, in the worst case I'll just have to GPL it for now and we'll see what the future brings. I really don't want problems with the law.

Syndace: GPL is OK for me, looking forward to try it too, thanks to it I may implement OMEMO earlier than initially planed

Honestly closed source e2e is worthless anyway

moparisthebest: GPL is an issue with Apple, AFAIK it's not compatible with apple store

goffi: Apple can go to hell :)

I could do a IPhone frontend more or less easily without that

goffi: libsignal has an exception for apply in their lib

moparisthebest: agreed, but still lot of people use it, and if we want XMPP to spread

But libsignal etc has Apple store exceptions...

goffi: chatsecure on iOS already does omemo

moparisthebest: yes, but would be nice to have alternative, and in our case we have many features not implemented in chat secure

goffi: what's stopping anyone from improving it, forking it, or just creating a new one?

Certainly not the gpl

moparisthebest: I have already a client which could work in iOS easily on the technical side, but not because of their stupid conditions, that's all I'm saying.

goffi: so complain to Apple? Idk

The solution to brain dead apple policy decisions is not to relicense all software with worse licences

iOS market share is in decline. Just sit it out

moparisthebest: I was saying that to explain why GPL could be a problem (I was not aware of the exception in libsignal), and I'm not willing to relicense because of apple.

But that's an apple problem not a gpl one...

I agree, but that's a reason why people may want an non gpl OMEMO lib

I'm not blaming GPL in any way

It's clear why Apple hates the GPL, they've made their Fortune off the backs of open source code that isn't GPL, if everything was GPL they wouldn't be a company

They haven't figured out how it goes both ways

Well GPL makes it go both ways, MIT/ Apache etc it only goes one way, into Apple's pockets

I mean, the dual-licensing thing some do.

goffi, > moparisthebest: GPL is an issue with Apple, AFAIK it's not compatible with apple store That is not true

One can run open source app on AppStore pretty fine unless some of the contributors will issue a complaint. That was the reason of vlc takedown several years ago

So we'll be forced to sign contributors to give us all rights to contributed code if we are to accept PRs

Haha JC made it http://n-gate.com/hackernews/