-
jonasw
Maranda, I don’t think so
-
jonasw
it also isn’t that much work to support both
-
Maranda
jonasw, Gajim uses it at least
-
pep.
gdpr meeting in about in hour?
-
Ge0rG
yeah
-
winfried
GDPR meeting in 3 minutes
-
jonasw
.
-
jonasw
🐈
-
pep.
Almost there!
-
Ge0rG
Uh-oh.
-
pep.
! I'm here
-
winfried
so am I ;-)
-
jonasw
me 2
- jonasw hands the gavel to winfried
- winfried bangs the gavel
-
winfried
I propose we take a look at LQ1 and subsequently continue filling the Wiki (though I have a little point we may have been forgetting)
-
jonasw
okay
-
jonasw
we aren’t lawyers, so how we’re supposed to deal with LQ1?
-
winfried
I must say, I haven't had time to update the wiki, don't know how up to date it is.
-
pep.
Sorry for the minutes last week, it's been a fun week
-
pep.
Maybe we want to start drafting a template data policy at some point?
-
winfried
pep.: I know the feeling... have double appointments on all days of this week
-
winfried
pep.: yes, I think so, but we first have to see what choices we can/have to make...
-
Ge0rG
I've had a chat with our GDPR expert, and he said that message content is similar to picture uploads. As long as we treat it as an opaque blob and don't analyze it, art9 doesn't apply. He is going to send me a reference to an according legal analysis some time today
-
jonasw
uh
-
pep.
nice
-
jonasw
that is amazing news.
-
winfried
Ge0rG: great
-
jonasw
--- except for your mod_firewall.
-
pep.
yes
-
pep.
I was thinking about that
-
jonasw
(which makes me wonder about bayes filters at big mail corps, but that’s another topic)
-
winfried
One reaction I got on LQ1 is art. 9.2e
-
winfried
but that one is without references
-
Ge0rG
From http://www.privacy-regulation.eu/en/recital-51-GDPR.htm > The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person.
-
winfried
I propose to treat (for now) LQ1 as: "not subject to 9.1"
-
jonasw
winfried, makes sense to me.
-
Ge0rG
winfried: 👍
-
pep.
mod_firewall is not making any derivative data from what it "analyses", and there's not way for us to know what triggered it right? I mean except it you log it
-
jonasw
with a huge "UNLESS you analyze the text in any way"
-
Ge0rG
jonasw: in a way that is allowed to extract art9 data✎ -
Ge0rG
jonasw: in a way that allows to extract art9 data ✏
-
winfried
Ge0rG: +1
-
jonasw
Ge0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendl@ or inadvertendly) message content which contains art 9 data?✎ -
Ge0rG
my mod_firewall isn't deriving information about sexual / religious beliefs, merely about mass-messages.
-
jonasw
Ge0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendly or inadvertendly) message content which contains art 9 data? ✏
-
jonasw
that was raised by Peter on list I think.
-
Ge0rG
jonasw: still pending.
-
jonasw
so you did ask, but not have a reply yet?
-
winfried
jonasw: does MAM have a consent mechanism? What is its default?
-
Ge0rG
jonasw: didn't have much time with him
-
jonasw
winfried, it is normally opt-in, except on Prosody ;-).✎ -
pep.
winfried, I don't think it has at all atm
-
Ge0rG
jonasw: we fixed that
-
pep.
jonasw, opt-in although most clients do it when available?
-
jonasw
winfried, it is normally opt-in (except on Prosody in the past ;-)). ✏
-
Ge0rG
winfried: there is no GDPR data consent dialog when you enable MAM. Servers and clients will auto-enable it on first use, typically
-
jonasw
pep., yes, although that’s a problem of the client then.
-
pep.
yeah..
-
Ge0rG
so it's rather opt-out
-
jonasw
not conceptually, and not on the server side.
-
pep.
Ge0rG, you fixed that in what version of prosody, and when is it going to be deployed :P
-
Zash
Opt-in by server operator
-
winfried
This may be a point for an implementation guide.... or so
-
jonasw
winfried, indeed, it should be mentioned in the MAM XEP.
-
jonasw
pep., can you add that to the technical TODO?
-
pep.
that?
-
Ge0rG
winfried: except that users don't like consent dialogs ;)
-
pep.
Ah, MAM
-
jonasw
pep., "Add a note to the MAM XEP about GDPR consent requirements."
-
Zash
And clients don't expose the settings
-
Ge0rG
> pep., "Add a note to the MAM XEP about GDPR consent requirements." 👍
-
pep.
Ge0rG, well.. they'll have no choice, everybody will want to cover their asses now
-
jonasw
Ge0rG, that message did not follow my reactions draft format!
-
jonasw
I know because JabberCat didn’t show it properly ;P
-
Ge0rG
Zash: and the XEP doesn't provide a way to differentiate between "explicitly set" and "enabled by default"
-
Ge0rG
jonasw: you mean my quote-with-yaxim format that you shamelessly copied?
-
winfried
jonasw: fix JabberCat :-P
-
jonasw
ahm. let’s continue with on-topic *whistles*
-
Ge0rG
yes please.
-
jonasw
Ge0rG 2018-04-17T10:46:55.668869: > yes please. 🤦🏿♀️
-
jonasw
derp.
-
Ge0rG
jonasw: `2018-04-17T10:46:55.668869`, seriously?
-
jonasw
okay, so LQ1 resolves to "Not 9.1, unless you extract 9.1-ish data from it somehow"
- jonasw looks at the wiki to find gaps to fill.
-
winfried
I was wondering if file transfer needs a special status in the processings XMPP does...
-
Ge0rG
winfried: I don't think so. it's a direct client-to-client transmission, and the server only sees metadata
-
Ge0rG
Were we done with Q1.1d S2S?
-
pep.
Ge0rG, unless BoB?
-
jonasw
Ge0rG, uhm. In-Band Bytestreams, BoB, HTTP Upload
-
Ge0rG
I'm pretty sure we have all of that covered by "user content"
-
jonasw
so unless you happen to do TURN-less jingle (rather rare), I don’t see how that’s client-to-client.
-
jonasw
possibly
-
Ge0rG
* typical: with account, MAM/files for a given amount of time
-
pep.
yeah
-
winfried
Ge0rG: adding that covers it all?
-
Ge0rG
winfried: it's in the wiki already
-
winfried
ah, switching back and forth on a small screen right now... (sitting in the middle of THE care ICT trade in NL right now)
-
winfried
Q1.1d s2s
-
pep.
hmm, there's a bit on 1.1d in the wiki, but that's not last week's
-
winfried
they are notes from earlier meetings
-
pep.
Also I propose we skip 1.1e, as I don't feel confident going into even more speculation
-
pep.
IANAL
-
winfried
looking at Q1.1d, I realized there are two things to cover
-
winfried
the transfer of the data itself
-
winfried
and the processing of the data on the other server
-
winfried
both need a legal ground
-
Ge0rG
winfried: I'd argue legitimate interest of the user to get messages delivered, for both points.
-
Ge0rG
winfried: that also implies that the other data processor may not apply processing to the data that goes beyond what's needed for that legitimate interest
-
winfried
Ge0rG: what article do you mean by legitimate interest?
-
Ge0rG
winfried: 6(1)b
-
winfried
Ge0rG: yes agree
-
winfried
and agree to the limitation you mention
-
pep.
But we can't assume that can we
-
Ge0rG
For Q1.1e we should probably write down all these things into a data processing policy
-
winfried
Ge0rG: exactly, this something we should cover in Q1.1e
-
winfried
pep.: in some way we need to 'safeguard' we can assume this
-
pep.
There might be server admins that will want to assume the worst and ask consent for most things
-
Ge0rG
pep.: for third-country servers, Art. 49(1)b should apply in the same way as 6(1)b for intra-EU
-
winfried
Ge0rG: +1
-
Ge0rG
I'm pretty sure we can say that the user has a contract with the server operator, and that sending data to another user on another server is part of the contract
-
winfried
Ge0rG: +1
-
winfried
Do we have Q1.1d covered like this?
-
Ge0rG
winfried: is incoming s2s different from outgoing s2s? What about spam protection?
-
winfried
That are two questions
-
winfried
lets brainstorm on the first one first
-
winfried
outgoing: the originating server operator is responsible for the transfer
-
Ge0rG
Are there any restrictions on data imported from third countries?
-
winfried
Ge0rG: no, because the EU has the best data protection laws :-D
-
pep.
yet
-
winfried
so outgoing the operator wants to know the incoming server stays to the 'legitimate interest'
-
Ge0rG
But there is COPA!
-
Ge0rG
winfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level.
-
Ge0rG
winfried: it might be sane to assume all data sent over s2s as "third country"
-
winfried
incoming: though you may have a different contract with your own users (e.g. we publish everything) you *have* to assume incoming limits to legitimate interest
-
jonasw
so no storage in MAM?
-
winfried
Ge0rG: no, that is something that needs to be legally enforced
-
Ge0rG
winfried: MAM is covered by legitimate interest of the receiver, I'd say
-
jonasw
even MAM forever?
-
Ge0rG
jonasw: how is MAM forever different from the receiver putting logs of the chat up into the cloud?
-
jonasw
it may not be
-
Ge0rG
jonasw: MAM is controlled by the user(s client)
-
Ge0rG
so from a legal PoV, the receiving user is responsible for MAM.
-
jonasw
and that’s what I’ve been saying a few weeks ago but I got shot down here :)
-
Ge0rG
jonasw: but not by me, as I do agree with that interpretation
-
jonasw
not sure, maybe I was simply unclear.
- winfried checks his guns if he accidently shot jonasw - oops, gun logs are purged
-
Ge0rG
so incoming s2s user data: might get stored in receiver's MAM
-
Ge0rG
also in offline storage, but I'd argue this is still part of the sender's legitimate interest
-
winfried
I am still chewing on: » [13:11:05] <jonasw> even MAM forever?
-
Ge0rG
winfried: what's your issue with that?
-
winfried
it is disproportionate in any way, but who's responsibility is it?
-
winfried
It is upon request of the user (hopefully)
-
jonasw
if it’s upon the request of the User, I’d argue that for the Purpose of storing the messages on the server, the User is the Controller and the Server (Operator) is merely the Processor.
-
Ge0rG
In theory, MAM should require consent from the user.
-
jonasw
and thus it’s the users responsibility
-
Ge0rG
jonasw: that means the user needs to have full control over the data processing, including a way to purge the data.
-
pep.
As long as there is consent I don't think it's disproprotionate. Now, that means we also need to provide means to alter this history?
-
Ge0rG
pep.: consent from the receiving user?
-
winfried
user can't be the controller (in the legal sense) but a controller may process when the user wants him too
-
pep.
Ge0rG, or just prune parts
-
jonasw
Ge0rG, we need that for MAM anyways, I think?
-
pep.
Ge0rG, yes receiving
-
jonasw
tombstoning is at least provisioned. purging everything *up to a date* is possible, too.
-
winfried
yes
-
Ge0rG
jonasw: will MAM auto-purge if you disable it?
-
jonasw
Ge0rG, I sure hope so :)
-
pep.
I find tombstones useless, as it will only be for this particular user, the rest don't have to respect that, but well. purging has different use-cases
-
winfried
Ge0rG: that should be added to the MAM-XEP too...
-
Ge0rG
winfried: I tend to agree.
-
pep.
Is there a way to disable even
-
pep.
Also MAM MUC is separate right?
-
Ge0rG
pep.: yes
-
Ge0rG
and yes
-
winfried
On a MAM MUC: policy of publishing logs should be published
-
pep.
winfried, publishing as in http-like?
-
pep.
Or just providing MAM for other participants
-
winfried
pep.: yes
-
Ge0rG
winfried: MUC MAM should mimic MUC access.
-
winfried
like: XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
Ge0rG
not sure if more hints are needed there.
-
pep.
Yeah I agree with Ge0rG on that
-
pep.
should we plan for next?
-
Ge0rG
yes please.
-
winfried
I would argue that it is not obvious that the logs are published and it is not necessary for 6.1b
-
Ge0rG
winfried: I think that like with MAM, this is a client UX todo
-
Ge0rG
so should be a tech todo for us
-
pep.
Ge0rG, hmm, publishing logs publicly (or even with some kind of auth) is server policy
-
Ge0rG
also please put the "spam handling" question on our TODO for next
-
winfried
Ge0rG: +1
-
pep.
(some kind of auth, not over xmpp**)
-
pep.
So, next?
-
Ge0rG
https://xmpp.org/extensions/xep-0045.html#enter-logging
-
Ge0rG
> If the user is entering a room in which the discussions are logged to a public archive (often accessible via HTTP), the service SHOULD allow the user to enter the room but MUST also warn the user that the discussions are logged.
-
winfried
(Yes, I can live with a tech todo on announcing log publication)
-
jonasw
winfried, MUC MAM access should be clearly defined (tech TODO), and there’s a presence status code for public logging (some clients already show that)
-
pep.
Ge0rG, yes, so that's handled already which is good, but it is a concern
-
winfried
Spam handling for next meeting
-
pep.
I can't do +1, can do +2 and more
-
Ge0rG
I can't do this time Wed or Thu.
-
winfried
this week is not possible for me... or it should be friday on 16:00 CEST
-
Ge0rG
+1 for Fri 1600CEST
-
pep.
Fine by me
-
winfried
jonasw: Friday 16:00 CEST?
-
pep.
The spam handling question is in relation to 9.1 right? or not just?
-
winfried
pep.: yes, we may enter the realms of 9.1 there, but we may also run into some different issues, like automated decision making
-
winfried
(to add more fun to it....)
-
pep.
Does that fall under anything? it's "analysing" right?
-
pep.
I mean worst that can happen to that is 9.1 right?
-
jonasw
winfried, hm, that’s tricky for me
-
jonasw
but I can arrange that once
-
winfried
jonasw: If possible, that would be great
-
jonasw
okay
-
Ge0rG
pep.: the question is probably whether we can do spam detection without going outside of 6.1
-
jonasw
will do
-
pep.
Ge0rG, yeah
-
winfried
jonasw: thanks
-
pep.
We should also try to see where we are with the goals at some point, regarding the "deadline"
-
pep.
Fri 1600CEST it is then
-
pep.
*bang*
-
winfried
I think we are chewing away slowly
-
winfried
but doing a great job, bit by bit things are getting clear
-
winfried
and I think we are closer then we expect!
-
pep.
I should try to come up with some requirements for the EULA XEP
-
winfried
keep up the job!
-
pep.
I have no idea what to use protocol-wise, but we can do that later
-
winfried
pep.: yes, think we are about at that point, Q1.1e
-
Ge0rG
pep.: I thik we should first create the general EULA/ToS structure, then see which parts of it need encoding
- winfried bangs the gavel once again, good work guys!
-
Ge0rG
There is also https://en.wikipedia.org/wiki/P3P
-
pep.
nice
-
pep.
I wonder why that is "obsolete"
-
winfried
yes, it is, but probably an overshoot for our purposes
-
pep.
"[..] P3P has not been implemented widely due to the difficulty and lack of value."
-
winfried
it is hard to uniquely encode legal stuf to computer code
-
pep.
Lack of value as in, every website has a privacy policy?
-
pep.
right
-
winfried
no pressing legal needs, not high enough fines ;-)
-
winfried
the GDPR may resurrect it...
-
pep.
nah I think everybody's got their own framework nowadays
-
pep.
At least the big ones
-
winfried
pep.: it tries to solve an esoteric problem that most people neatly try to ignore
-
winfried
even in the medical world (where legal status is a big issue), everybody loves to ignore the problems that come along with it
-
winfried
or to state it differently: if you can communicate about a problem, you also need to solve it...
-
Ge0rG
Ah, my coworker sent me some info re 9.1: profile photos of employees are not article9 related data as long as they are not analyzed
-
pep.
What does analyze mean here?
-
pep.
If they're displayed internally that's ..?
-
pep.
That requires consent I assume
-
winfried
pep.: categorized to categories like: 'gender, color of skin, skin-disorders, gaydar result' etc
-
winfried
displaying needs consent
-
winfried
have to go now, see you on friday
-
pep.
see you
-
UsL
gaydar haha
-
UsL
I guess its time to submerge in the gdpr stuff. Havn't really had the time yet. This metting made me curious
-
UsL
s/metting/meeting
-
pep.
Ge0rG, so if we regard messages as opaque, that means we can also do the same for emails right. That would definitely simplify things here at work
-
Ge0rG
pep.: yes, I'd say so
-
Ge0rG
pep.: same spam caveats apply
-
pep.
Yeah
-
pep.
Though, for company emails that's different right? Maybe the company can assume that everything that's done under company email is for work (even if I know it's never always the case)
-
Maranda
> winfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level. > winfried: it might be sane to assume all data sent over s2s as "third country" 🕺
-
moparisthebest
The watchdog’s actions prompted Kremlin officials to move from Telegram to the ICQ chat service, owned by billionaire Alisher Usmanov’s Mail.ru, for communications with Russian and international media.
-
moparisthebest
soooo, ICQ still exists? wow
-
Maranda
Yes
-
Ge0rG
ICQ is owned by Russia now? wow
-
vanitasvitae
Ge0rG: as is vKontakte :)
-
UsL
a far leap from the Israeli mirabilis..
-
Ge0rG
Mossad, CIA, FSB. It's been a long journey
-
UsL
indeed : )
-
moparisthebest
The expert believes that another way to blackmail inattentive server owners is by creating snapshots of the exposed servers and contacting companies after May 25, asking for a Bitcoin ransom not to report the company to EU authorities, where they stand to receive a hefty fine.
-
moparisthebest
ha who knew EU was introducing a new way to blackmail companies? thanks EU ! :)
-
Maranda
well so Cisco Jabber is actually capable of STARTTLS on s2s streams 🤔
-
Maranda
why not enabling that on cisco.com then
-
Maranda
pft
-
fippo
maranda: it is. iirc you only get that if you talk to the people over there though
-
Maranda
fippo I'm not sure I understand, a lot of users on my server have cisco.com contacts and cisco.com never encrypts, that's why I need to still have an exception for it.
-
Holger
Maranda: Same here. And yes Cisco Jabber does support STARTTLS on s2s.
-
fippo
maranda: s/people/admins/
-
Maranda
🤔
-
fippo
from what i heard they need to enable tls for a particular peer domain. but that was ~5 years ago
-
Maranda
fippo, and they don't enable it on cisco.com ? lol
-
waqas
I think he means they need to enable it for your domain
-
waqas
That seems like such a pain
-
Maranda
waqas, and I repeat: *and they don't enable it on cisco.com ? lol*
-
Maranda
😏
-
fippo
cisco.com admins have to enable tls for your domain.
-
Maranda
cisco.com *IS* the domain
-
fippo
you run cisco.com?
-
Maranda
No I don't
-
Maranda
But I'm connecting to it
-
Zash
...
-
Maranda
(via s2s)
-
Maranda
(and viceversa)
-
fippo
so cisco.com will look at your domain, check its config "is this guy trustworthy to enable tls?" and probably not find anything
-
Maranda
. . .
-
Zash
Maranda: Pretty sure you wrote a plugin that does exacly this.
-
Maranda
Ok sorry I got it now, and it's hilarious.
-
Maranda
So,
-
Maranda
*they* have to enable tls for s2s on a particular *remote* domain? *REALLY*?
- Maranda face desks.
-
fippo
job security for the admin. i've seen similar things in lync
-
Maranda
Zash, mine is an exception to make it work, this is just purely demented.
-
Maranda
fippo, and I didn't catch "peer" when reading, tired eyes/brain :)
-
fippo
at least you don't start scratching your eyes out now that you understood it :-)
-
moparisthebest
our lync only federates if the admins explicitly set it up for specific remote domains
-
moparisthebest
basically ruins the concept of federation, but ¯\_(ツ)_/¯
-
Maranda
that's fair
-
Maranda
not enabling tls *if offered* without admin intervention is dumb imho.
-
moparisthebest
yes that does seem far dumber
-
Zash
What's wrong with per remote feature settings? Other than the usuall _encrypt all the things_
-
Maranda
If I respond nothing other than, will that trigger some trap? 😎
-
Zash
You will be locked in a room along with a packet capture and not let out until you find the layer 8 problem in the encrypted stream.
-
Maranda
Disabling TLS does make sense if the other end does have issues with it or not support, the other way around: E_DOESNT_COMPUTE
-
Maranda
Hehe
-
Holger
You can enable TLS for all s2s connections in Cisco Jabber these days.
-
Maranda
Holger, yes I found out stumbling on buffalo.edu
-
Ge0rG
Hm. The only contact I had on Cisco.com changed his job recently, so I can't care much any more
-
edhelas
That's maybe a sign
-
Maranda
Ge0rG, I still see traffic, also there some more contacts from I think hosted domains, also nike.com
-
waqas
Lync was the other service I was thinking of where I had to deal with this. I'm happy I haven't had to deal with Lync in a few years…it's great for job security though
-
moparisthebest
it's "Skype for Business" now, and blue instead of green, still can't reliably send files though so at least some things don't change
-
waqas
It was very much enterprise, MS tech people helping us set it up failed (because we had a cloud based environment, and they had a very weird set of hardware and network topology requirements…)
-
Ge0rG
I'd love to know how to federate with Lync from my XMPP server. Or even how to login from XMPP as a given Lync user.
-
moparisthebest
the lync admins have to set up a special XMPP federation bridge
-
moparisthebest
and in practice it seems no one does this
-
Ge0rG
What if our Lync is hosted in O365?
-
moparisthebest
I used to have a lync transport from xmpp, using libpurple-sipe and such, but it broke years ago
-
Ge0rG
libpurple. I'm not going down that road.
-
waqas
MattJ: Had we succeeded in the Prosody-Lync bridge, or did we never manage it? I recall it being a works-with-ejabberd product, not proper XMPP.
-
moparisthebest
ours is on O365 and federation is still something they have to turn on manually, maybe it's just an admin setting there? don't know
-
waqas
IIRC it was sensitive to e.g., certain consecutive parts of the stream being in the same TCP packet or not, etc. Lots of other fun things we ran into. Skype for Business UX also is terrible.
-
waqas
(dumb stuff like sending an XMPP message to someone wouldn't show a notification, so they'd never know)
-
Maranda
🤔
-
moparisthebest
all the time we get a popup in the corner 'PERSONX sent you a message [accept] [ignore]'
-
moparisthebest
and then you click accept, and you don't see the first few messages they sent before you clicked accept
-
moparisthebest
I honestly don't know how people think this is a good system
-
Maranda
didn't you need some Lync Edge Server vattelapesca thing for xmpp federation?
-
waqas
moparisthebest: Ask your admins :P
-
waqas
Yes, it's a bridge
-
moparisthebest
the best thing is just a braindead policy decision
-
waqas
We were annoyed enough that we were considering if it'd be saner to use a Prosody->SIP->Lync setup
-
moparisthebest
we must use contractors for new development, contractors can have VPN access to our systems, contractors cannot have lync accounts, so we can't IM them
-
moparisthebest
I ended up setting up an IRC server and https://kiwiirc.com/ on a dev server :'(
-
Maranda
I don't wanna know the usual CAL junk in le MS Fashion behind something like Lync though (one of the reason everyone needing M$ going cloudy these days)
-
Maranda
(the CALs are "included")
-
moparisthebest
now corporate is spamming us with these emails to use "Yammer" which as far as I can tell is a microsoft workplace facebook/twitter clone or something
-
moparisthebest
who would seriously want to do this?????
-
Ge0rG
So everyone agrees Lync is a horrible mess. But nobody has an XMPP-based drop-in replacement with screen sharing and VoIP
-
Zash
Jitsi?
-
moparisthebest
doesn't matter, lync screen sharing and voip never works
-
moparisthebest
we use webex for that
-
Ge0rG
moparisthebest: screen sharing works well here, voip mostly
-
moparisthebest
voip on lync has *never* worked for us, we use conference calls or webex
-
moparisthebest
screen sharing used to work until about a month ago
-
moparisthebest
then they decided to fix the terrible latency by reducing quality to a point where you can't read letters anymore
-
moparisthebest
so, now it is also useless
-
waqas
Ge0rG: An XMPP replacement wouldn't help. Those who could already jumped over to Slack (I know a few orgs which migrated to Slack from enterprise IM solutions).
-
waqas
I think the Lync team has learned that given how their product is sold to enterprise exec teams, usability and quality doesn't actually impact the bottom line.
-
Ge0rG
moparisthebest: hm. interesting point. I had bad lags with a coworker today, but I blamed his wifi
-
moparisthebest
that seems correct waqas , it's just part of the exchange/outlook package
-
Ge0rG
waqas: I don't care about Slack and I'd love to migrate our 20-person business away.
-
Ge0rG
waqas: unfortunately, the Outlook / calendar integration is a huge selling point
-
waqas
And integration with the MS stack in general, the admin tools, policies, etc
-
Ge0rG
Yeah, but I suppose I could convince my coworkers with a better mobile UX if we keep screen sharing and possibly VoIP
-
waqas
How's skype for business on mobile? I've only seen it on desktop
-
Ge0rG
waqas: it sucks. Pretty bloated app, and you don't get messages to both Desktop and mobile
-
Ge0rG
So you have message loss along the way
-
Ge0rG
Kind of like xmpp without 0198 and carbons
-
Maranda
And crashes on startup sync in the best Skype tradition?
-
Maranda
:P
-
Maranda
or not?
-
moparisthebest
our stuff is hosted on O365 but still only allows connections from the work VPN
-
moparisthebest
so it's the worst of both worlds
-
jjrh
Kinda surprised enterprises are going slack considering it's like $8 a seat.
-
jjrh
I mean $80 a month for 10 users is pretty steep
-
Zash
That's probably nothing for an ENTERPRISE
-
Ge0rG
Yeah, or they just stick to the free plan somehow
-
jjrh
I'm not sure it's a great deal for enterprises who need like 1000 seats.
-
MattJ
Any idea how much Lync costs?
-
Maranda
jjrh, for 5000 users with M$ Exchange you may arrive to pay like $800k a year
-
Zash
Any idea how much the coffee consumed by 1k people costs?
-
jjrh
Maranda, yeah but exchange provides a whole lot more than chat.
-
Maranda
(that's licensing)
-
jjrh
I mean that's still nutty to me but considering email is in many cases more critical than even phones I can see businesses justifying it.
-
Maranda
jjrh, hmm not really beside some very nutty cases of course :P
-
Maranda
jjrh, and doesn't provide that much, spam wise for example Exchange doesn't support SPF, DMARC or DKIM iirc, only O365/OWA (Hotmail) does.
-
SamWhited
protip: enterprises don't care at all how much it costs as long as they can get a demo, good support, and a fixed and predictable price that includes the ability to expand service in the future. $8 per seat is *nothing* compared to the cost of the paycheck of all the people who will have to set it up and deal with it.
-
Maranda
SamWhited, not at that level :P, infact you won't see a single ISP (beside Microsoft itself) ever deploying Exchange.
-
jjrh
SamWhited, I mean I totally get that and i'm not suggesting enterprises deploy and support their own solution for chat, but it seems like $8 per seat (and their enterprise version is like $12) isn't a great deal when say https://about.mattermost.com/pricing/ has a $3.25 a seat and a 'custom pricing' for when you have a lot of users.
-
jjrh
I dunno maybe mattermost sucks never used it
-
Maranda
but of course 8*5000 = 40k so it's doable :P
-
Maranda
12 per seat as well
-
SamWhited
Does mattermost provide them with a person who flies out and does a demo?
-
SamWhited
Do they provide SLAs? Really good tech support?
-
jjrh
Probably
-
Maranda
I wonder how people will do with the recent Slack introductions
-
SamWhited
I have no idea, they might, but the price just doesn't matter at all.
-
Maranda
in terms of privacy
-
jjrh
I'd be curious how much profit slack is actually making. Maybe their pricing is to offset the free offerings and their hosting costs are dirt cheap so they don't really need many customers
-
SamWhited
Also, places that used to buy from a previous job I was in did heavy risk analysis: will mattermost go out of business tomorrow and we'll have to switch again? Not likely, but maybe. Will Slack? Probably not.
-
Maranda
(Like that a team owner or something has access to all the data, even private message)
-
SamWhited
Do you not have that with mattermost? Because that's also a plus for slack in the enterprise space if so
-
Zash
compliance logging and such, yeah
-
SamWhited
But anyways, point was that price doesn't matter at all. It's probably not even part of their considerations. Stuff like that does.
-
jjrh
I'm not sure I would bank on slack staying in business. Chat is fickle, and a logical thing for voip providers to start selling.
-
jjrh
I would think that enterprises would be a little nervous about having their chat data hosted in datacenters they don't own. Maybe if you're dropping half a million a year slack will do whatever you want.
-
SamWhited
Yah, that part is the tough one. Depending on who you are and what you do, a lot of places really have to have a behind-the-firewall version, which is why HipChat Server makes so much money.
-
fippo
cisco also had some fancy stuff about full encryption (including search) for spark. selling point apparently
-
SamWhited
oh nifty, I didn't know that; I really wanted to try to build something like that while at HipChat but couldn't convince anyone that it would be a selling point.
-
fippo
samwhited: https://www.cisco.com/c/dam/en/us/solutions/collateral/collaboration/cloud-collaboration/cisco-spark-security-white-paper.pdf
-
SamWhited
thanks
-
Ge0rG
Most BigCorp have adopted the cloud by now so on premise chat servers are only interesting for medical and military services now
-
jjrh
They have adopted the cloud but their own cloud
-
jjrh
and on premise is more "on our vpn"
-
Ge0rG
jjrh: not my experience with multiple big customers
-
jjrh
Interesting. I would have thought there would be legal implications depending on where the server is located and a risk that the SAS company could be compelled to give up your data if they run into issues.
-
SamWhited
Ge0rG: that's actually what I've found to be true for the most part. At ThreatGRID we couldn't do anything that wasn't a physical on-prem device because we serviced a lot of financial sector people, but at HipChat Server we *only* supported AWS, because basically everyone had their private networks hooked up to Amazon or entirely within Amazon.
-
Ge0rG
jjrh: that was my initial guess as well, but if you are an international company, you are susceptible to the laws of whoever wants your data anyway
-
SamWhited
So outside of finance and military stuff, everyone seemed to be fine with "private clouds"
-
Ge0rG
"private" networks.
-
SamWhited
They're private, because if they're not Amazon gets sued for billions of dollars. They have good insentive to make them as private as possible.
-
Ge0rG
Yeah, seeing an enterprise with 100k+ employees fully embracing O365 made my head spin.
-
SamWhited
0365?
-
Ge0rG
Microsoft Office 365, the cloud offering
-
Zash
0 or O
-
SamWhited
ahh,
-
SamWhited
I assumed you did not mean XEP-0365, or RFC 365, neither of which made sense but both of which I thought of in the context of this chat
-
jjrh
But isn't the difference here that if you use slack they are running 100% of the show - today they might be on AWS, tomorrow on some other service, but you as a customer really don't have any say regarding that.
-
Ge0rG
Zash: fix your font
-
SamWhited
heh, they look completely different in my terminal and I still didn't notice that that was an "O"
-
Ge0rG
Bummer.
-
Zash
ОO0ΟΘ
-
Ge0rG
Ω