XSF Discussion - 2018-03-17

  1. pep.

    I think I'm late to the party, it's the xhtml-im thread all over again

  2. stuxnet

    Maybe you should ask a search engine of your trust

  3. Syndace

    My OMEMO library successfully decrypted its first message sent to it from conversations today!

  4. MattJ

    Yay :)

  5. Syndace

    Is my name Syndace currently? Little confused

  6. MattJ


  7. Syndace


  8. vanitasvitae

    Syndace: nice!

  9. goffi

    Syndace: great, looking forward to try it.

  10. Maranda

    Urm the OSX Messages App can do xmpp?

  11. Zash

    You don't remember iChat?

  12. Maranda

    Hmm yes but I don't know if it still has xmpp support

  13. Maranda

    Zash, apple stuff not really my thing tbh :P

  14. marc

    Syndace, what language do you use for your OMEMO lib?

  15. Syndace


  16. Syndace

    (2 and 3)

  17. goffi

    Syndace: which dependencies does it have?

  18. Syndace

    libsodium for the crypto and google protobuf for the wire format

  19. vanitasvitae

    Syndace: you know that OWS likes to consider implementations of the signal protocol as derivative work? :/

  20. Syndace

    vanitasvitae, the specification of the protocol is creative commons

  21. marc

    Syndace, what is your use case? are you also working on a xmpp client?

  22. iiro.laiho

    but can a protocol really be copyrightable?

  23. Syndace

    vanitasvitai, But I don't know a whole lot about licenses, I hope for a little help by you guys once it's public

  24. Syndace

    marc, I want to provide a solid alternative to the monopoly libsignal implementation, that does not use GPL.

  25. Zash

    Syndace: Have you as much as thought about looking at their implementation?

  26. moparisthebest

    iiro.laiho: Oracle lawyers would argue yes

  27. Syndace

    I hope it'll help OMEMO move forward

  28. moparisthebest

    Syndace: you probably can't accept help from anyone who looked at gpl signal code

  29. Syndace

    Damn what?

  30. Syndace

    I can't even look at it?

  31. marc

    vanitasvitae, wait, the OWS guys hinder open source devs implementing their protocol?

  32. moparisthebest

    Syndace: no you cannot look at it

  33. Syndace

    I did not reuse any of their code

  34. vanitasvitae

    marc: i remember they sued the wire guys

  35. vanitasvitae

    But that was before the protocol specs were released afaik

  36. Syndace

    I finished the library without looking at libsignal, only when I was done I had to look at it, to know how they serialize their data structures.

  37. Syndace

    I can't be compatible to their library without knowing that

  38. moparisthebest

    Syndace: that makes it a derivative work and gpl I think

  39. Syndace

    Why is GPL such cancer

  40. Syndace


  41. Syndace

    I guess if things get problematic it's okay to go with GPL until we maybe move away from libsignals wire format and we finally have our own OMEMO.

  42. marc

    Syndace, is there demand for a non-gpl lib?

  43. moparisthebest


  44. moparisthebest

    Check that Syndace

  45. Zash

    marc: You've not seen the looooooong threads about how OMEMO can't be used unless there's a non-GPL library?

  46. moparisthebest

    Gpl is the best, don't fight it, just let it's glory wash over you

  47. Syndace

    moparisthebest: Thanks, will do so later

  48. marc

    Zash, no, are you kidding me? :D

  49. SamWhited

    Please dear god don't make another GPL implementation…

  50. Zash

    marc: I don't know how long the threads were. Server dev, etc.

  51. Syndace

    Aaaaaaah haaalp :D

  52. Zash

    marc: But they existed.

  53. SamWhited

    I would absolutely *love* it if there was an Apache or BSD/MIT/similar licensed version.

  54. Zash

    Code in RFCs are usually some BSD license for a reason, after all.

  55. Syndace

    I really don't want GPL, but if just looking at their wire format makes the lib GPL, I have no choice

  56. marc

    Zash, what's the problem in a nutshell?

  57. SamWhited

    It doesn't as long as you're not redistributing their library or code.

  58. SamWhited

    (disclaimer: not a lawyer, etc.)

  59. Syndace

    Well the one thing that I kind of have to "copy" or at least recreate is their protobuf structure definition

  60. goffi

    Syndace: FSF can link you with a lawyer if you need advices

  61. Syndace

    That's just part of the current OMEMO specification and there's no way (I can think of) to avoid that

  62. Zash

    marc: It doesn't fit in a nutshell.

  63. SamWhited

    Are we still using their protobuf stuff? I thought daniel moved OMEMO off of that a while ago

  64. SamWhited

    Apparently I was mistaken

  65. Syndace

    SamWhited, nope, that's the current OMEMO xep

  66. Syndace

    including the protobuf stuff

  67. Syndace

    SamWhited: I think the other ones are still pr's on github

  68. SamWhited

    oh right, we never merged those.

  69. SamWhited

    Partially due to the disagreement about there not being a non-GPL library, IIRC :)

  70. Syndace


  71. moparisthebest

    Syndace: so the proper way to do that is have someone else look and document it, then you recreate it from docs

  72. Zash

    marc: Look for posts by Remko or Kev I guess

  73. moparisthebest

    But it's too late now...

  74. Syndace

    moparisthebest: Not too late, the wireformat is just a super small part, I might aswell release the lib without the wire format first.

  75. marc

    Zash, @standards

  76. Zash

    Implement only from documentation, while being locked in a room with only that documentation and an airgapped type writer.

  77. marc


  78. Zash

    marc: yes

  79. moparisthebest

    But then you can't write it since you looked Syndace , you could document it though

  80. Zash

    Or pray that they don't read these logs :)

  81. moparisthebest

    https://github.com/SirCmpwn/TrueCraft/blob/master/README.md#get-involved similarish problem explaining it Syndace

  82. moparisthebest

    OWS does have a history of suing people too

  83. Syndace

    So, following plan: The library is alreay split into multiple projects: The X3DH key agreement, the DoubleRatchet the XEdDSA and the final OMEMO library, putting it all together. All of the parts, except for the OMEMO library, were written without having a single look at the libsignal implementation. So, I could release huge parts under MIT, except for the OMEMO part, which I have to GPL apparently. That's what we could do as a transitional solution. And as soon as we merge a PR moving away from the libsignal wire format, we can swap the last part to MIT.

  84. vanitasvitae

    Syndace: you could define your own wire format

  85. vanitasvitae

    The we patch libsignal :D

  86. vanitasvitae

    Nevermind, thata what you just wrote :D

  87. lovetox

    Syndace, do you have your code public?

  88. Syndace

    not yet

  89. Syndace

    Expected in a few days, less than a week

  90. lovetox

    i currently use python-axolotl

  91. lovetox

    but it uses pycrypto which is bad, and also the project seems not maintained anymore

  92. lovetox

    so im looking forward to your work

  93. Syndace

    lovetox: Nice to hear, I'm super excited :D

  94. Syndace

    My phone is going to die, I'll read through the links you sent me later, in the worst case I'll just have to GPL it for now and we'll see what the future brings. I really don't want problems with the law.

  95. goffi

    Syndace: GPL is OK for me, looking forward to try it too, thanks to it I may implement OMEMO earlier than initially planed

  96. moparisthebest

    Honestly closed source e2e is worthless anyway

  97. goffi

    moparisthebest: GPL is an issue with Apple, AFAIK it's not compatible with apple store

  98. moparisthebest

    goffi: Apple can go to hell :)

  99. goffi

    I could do a IPhone frontend more or less easily without that

  100. Syndace

    goffi: libsignal has an exception for apply in their lib

  101. goffi

    moparisthebest: agreed, but still lot of people use it, and if we want XMPP to spread

  102. moparisthebest

    But libsignal etc has Apple store exceptions...

  103. moparisthebest

    goffi: chatsecure on iOS already does omemo

  104. goffi

    moparisthebest: yes, but would be nice to have alternative, and in our case we have many features not implemented in chat secure

  105. moparisthebest

    goffi: what's stopping anyone from improving it, forking it, or just creating a new one?

  106. moparisthebest

    Certainly not the gpl

  107. goffi

    moparisthebest: I have already a client which could work in iOS easily on the technical side, but not because of their stupid conditions, that's all I'm saying.

  108. moparisthebest

    goffi: so complain to Apple? Idk

  109. moparisthebest

    The solution to brain dead apple policy decisions is not to relicense all software with worse licences

  110. daniel

    iOS market share is in decline. Just sit it out

  111. goffi

    moparisthebest: I was saying that to explain why GPL could be a problem (I was not aware of the exception in libsignal), and I'm not willing to relicense because of apple.

  112. moparisthebest

    But that's an apple problem not a gpl one...

  113. goffi

    I agree, but that's a reason why people may want an non gpl OMEMO lib

  114. goffi

    I'm not blaming GPL in any way

  115. moparisthebest

    It's clear why Apple hates the GPL, they've made their Fortune off the backs of open source code that isn't GPL, if everything was GPL they wouldn't be a company

  116. Zash

    They haven't figured out how it goes both ways

  117. moparisthebest

    Well GPL makes it go both ways, MIT/ Apache etc it only goes one way, into Apple's pockets

  118. Zash

    I mean, the dual-licensing thing some do.

  119. Andrew Nenakhov

    goffi, > moparisthebest: GPL is an issue with Apple, AFAIK it's not compatible with apple store That is not true

  120. Andrew Nenakhov

    One can run open source app on AppStore pretty fine unless some of the contributors will issue a complaint. That was the reason of vlc takedown several years ago

  121. Andrew Nenakhov

    So we'll be forced to sign contributors to give us all rights to contributed code if we are to accept PRs

  122. moparisthebest

    Haha JC made it http://n-gate.com/hackernews/