jonaswit also isn’t that much work to support both
lnjhas joined
Guushas left
andyhas left
andyhas joined
la|r|mahas left
la|r|mahas joined
nycohas left
edhelashas left
edhelashas joined
andyhas left
andyhas joined
edhelashas left
edhelashas joined
jerehas left
jerehas joined
Dave Cridlandhas left
marchas left
Timhas joined
Dave Cridlandhas left
Guushas left
marmistrzhas left
Dave Cridlandhas left
andyhas left
Dave Cridlandhas left
andyhas joined
Dave Cridlandhas left
Guushas left
tahas joined
Guushas left
ludohas left
ludohas joined
Dave Cridlandhas left
ralphmhas joined
sezuanhas left
Guushas left
marmistrzhas left
SaltyBoneshas left
ralphmhas joined
Dave Cridlandhas left
Dave Cridlandhas left
Chobbeshas left
Chobbeshas joined
Dave Cridlandhas left
Dave Cridlandhas left
danielhas left
ralphmhas joined
Andrew Nenakhovhas left
marmistrzhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
lumihas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Steve Killehas left
Steve Killehas left
lnjhas left
Andrew Nenakhovhas joined
Alexhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Marandajonasw, Gajim uses it at least
waqashas left
lskdjfhas joined
Dave Cridlandhas left
ludohas left
ludohas joined
winfriedhas left
winfriedhas left
winfriedhas left
winfriedhas left
ibikkhas left
winfriedhas left
winfriedhas left
winfriedhas left
tahas left
winfriedhas left
tahas joined
Timhas joined
efrithas joined
vanitasvitaehas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jonaswhas left
danielhas left
Timhas joined
SaltyBoneshas left
SaltyBoneshas joined
Guushas left
Dave Cridlandhas left
Marandahas left
Marandahas joined
SaltyBoneshas left
SaltyBoneshas joined
SaltyBoneshas left
SaltyBoneshas joined
Valerianhas left
SaltyBoneshas left
SaltyBoneshas joined
Valerianhas joined
Marandahas left
SaltyBoneshas left
SaltyBoneshas joined
ibikkhas joined
remkohas joined
Guushas left
Guushas left
ludohas left
ludohas joined
triidihas joined
rtq3has joined
edhelashas left
edhelashas joined
danielhas left
Guushas left
SaltyBoneshas left
rtq3has left
rtq3has joined
Guushas left
SaltyBoneshas joined
winfriedhas left
Steve Killehas joined
winfriedhas left
Andrew Nenakhovhas left
Steve Killehas left
winfriedhas left
Steve Killehas joined
winfriedhas left
Andrew Nenakhovhas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
efrithas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
rtq3has left
rtq3has joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
vanitasvitaehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
marmistrzhas left
Steve Killehas left
Steve Killehas joined
Steve Killehas left
@Alacerhas joined
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
pep.gdpr meeting in about in hour?
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Ge0rGyeah
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Timhas joined
Steve Killehas left
Steve Killehas joined
Marandahas joined
Steve Killehas left
SaltyBoneshas left
Steve Killehas joined
Steve Killehas left
Marandahas joined
mrdoctorwhohas left
Yagizahas left
triidihas left
danielhas left
Nekithas left
Nekithas joined
Steve Killehas joined
Yagizahas joined
tuxhas left
winfriedhas left
danielhas left
marmistrzhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
moparisthebesthas joined
moparisthebesthas joined
efrithas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
@Alacerhas left
@Alacerhas joined
lskdjfhas joined
Andrew Nenakhovhas joined
vanillahas joined
lskdjfhas joined
Valerianhas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Guushas left
danielhas left
SaltyBoneshas joined
winfriedGDPR meeting in 3 minutes
jonasw.
jonasw🐈
pep.Almost there!
lskdjfhas joined
Ge0rGUh-oh.
pep.! I'm here
winfriedso am I ;-)
jonaswme 2
Guushas left
Steve Killehas left
jonaswhands the gavel to winfried
winfriedbangs the gavel
winfriedI propose we take a look at LQ1 and subsequently continue filling the Wiki (though I have a little point we may have been forgetting)
jonaswokay
jonaswwe aren’t lawyers, so how we’re supposed to deal with LQ1?
winfriedI must say, I haven't had time to update the wiki, don't know how up to date it is.
pep.Sorry for the minutes last week, it's been a fun week
pep.Maybe we want to start drafting a template data policy at some point?
winfriedpep.: I know the feeling... have double appointments on all days of this week
winfriedpep.: yes, I think so, but we first have to see what choices we can/have to make...
Ge0rGI've had a chat with our GDPR expert, and he said that message content is similar to picture uploads. As long as we treat it as an opaque blob and don't analyze it, art9 doesn't apply. He is going to send me a reference to an according legal analysis some time today
jonaswuh
pep.nice
jonaswthat is amazing news.
winfriedGe0rG: great
jonasw--- except for your mod_firewall.
pep.yes
pep.I was thinking about that
jonasw(which makes me wonder about bayes filters at big mail corps, but that’s another topic)
winfriedOne reaction I got on LQ1 is art. 9.2e
winfriedbut that one is without references
Ge0rGFrom http://www.privacy-regulation.eu/en/recital-51-GDPR.htm
> The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person.
winfriedI propose to treat (for now) LQ1 as: "not subject to 9.1"
rtq3has left
jonaswwinfried, makes sense to me.
Ge0rGwinfried: 👍
pep.mod_firewall is not making any derivative data from what it "analyses", and there's not way for us to know what triggered it right? I mean except it you log it
jonaswwith a huge "UNLESS you analyze the text in any way"
Ge0rGjonasw: in a way that is allowed to extract art9 data
Ge0rGjonasw: in a way that allows to extract art9 data
winfriedGe0rG: +1
jonaswGe0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendl@ or inadvertendly) message content which contains art 9 data?
Ge0rGmy mod_firewall isn't deriving information about sexual / religious beliefs, merely about mass-messages.
jonaswGe0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendly or inadvertendly) message content which contains art 9 data?
jonaswthat was raised by Peter on list I think.
Ge0rGjonasw: still pending.
jonaswso you did ask, but not have a reply yet?
winfriedjonasw: does MAM have a consent mechanism? What is its default?
Ge0rGjonasw: didn't have much time with him
jonaswwinfried, it is normally opt-in, except on Prosody ;-).
pep.winfried, I don't think it has at all atm
Ge0rGjonasw: we fixed that
pep.jonasw, opt-in although most clients do it when available?
jonaswwinfried, it is normally opt-in (except on Prosody in the past ;-)).
Ge0rGwinfried: there is no GDPR data consent dialog when you enable MAM. Servers and clients will auto-enable it on first use, typically
jonaswpep., yes, although that’s a problem of the client then.
pep.yeah..
Ge0rGso it's rather opt-out
jonaswnot conceptually, and not on the server side.
marmistrzhas joined
pep.Ge0rG, you fixed that in what version of prosody, and when is it going to be deployed :P
ZashOpt-in by server operator
winfriedThis may be a point for an implementation guide.... or so
jonaswwinfried, indeed, it should be mentioned in the MAM XEP.
jonaswpep., can you add that to the technical TODO?
lskdjfhas joined
pep.that?
Ge0rGwinfried: except that users don't like consent dialogs ;)
pep.Ah, MAM
jonaswpep., "Add a note to the MAM XEP about GDPR consent requirements."
lskdjfhas joined
ZashAnd clients don't expose the settings
Ge0rG> pep., "Add a note to the MAM XEP about GDPR consent requirements."
👍
pep.Ge0rG, well.. they'll have no choice, everybody will want to cover their asses now
jonaswGe0rG, that message did not follow my reactions draft format!
jonaswI know because JabberCat didn’t show it properly ;P
Ge0rGZash: and the XEP doesn't provide a way to differentiate between "explicitly set" and "enabled by default"
Ge0rGjonasw: you mean my quote-with-yaxim format that you shamelessly copied?
winfriedjonasw: fix JabberCat :-P
@Alacerhas left
@Alacerhas joined
jonaswahm. let’s continue with on-topic *whistles*
Ge0rGI'm pretty sure we have all of that covered by "user content"
jonaswso unless you happen to do TURN-less jingle (rather rare), I don’t see how that’s client-to-client.
jonaswpossibly
Ge0rG* typical: with account, MAM/files for a given amount of time
pep.yeah
Marandahas joined
winfriedGe0rG: adding that covers it all?
Ge0rGwinfried: it's in the wiki already
winfriedah, switching back and forth on a small screen right now... (sitting in the middle of THE care ICT trade in NL right now)
winfriedQ1.1d s2s
pep.hmm, there's a bit on 1.1d in the wiki, but that's not last week's
winfriedthey are notes from earlier meetings
pep.Also I propose we skip 1.1e, as I don't feel confident going into even more speculation
pep.IANAL
winfriedlooking at Q1.1d, I realized there are two things to cover
vanillahas joined
winfriedthe transfer of the data itself
winfriedand the processing of the data on the other server
winfriedboth need a legal ground
Ge0rGwinfried: I'd argue legitimate interest of the user to get messages delivered, for both points.
Ge0rGwinfried: that also implies that the other data processor may not apply processing to the data that goes beyond what's needed for that legitimate interest
alexishas left
alexishas joined
winfriedGe0rG: what article do you mean by legitimate interest?
Ge0rGwinfried: 6(1)b
winfriedGe0rG: yes agree
alexishas left
alexishas joined
winfriedand agree to the limitation you mention
pep.But we can't assume that can we
Ge0rGFor Q1.1e we should probably write down all these things into a data processing policy
winfriedGe0rG: exactly, this something we should cover in Q1.1e
winfriedpep.: in some way we need to 'safeguard' we can assume this
alexishas left
edhelashas left
alexishas joined
edhelashas joined
@Alacerhas left
@Alacerhas joined
pep.There might be server admins that will want to assume the worst and ask consent for most things
Ge0rGpep.: for third-country servers, Art. 49(1)b should apply in the same way as 6(1)b for intra-EU
winfriedGe0rG: +1
Ge0rGI'm pretty sure we can say that the user has a contract with the server operator, and that sending data to another user on another server is part of the contract
winfriedGe0rG: +1
winfriedDo we have Q1.1d covered like this?
Ge0rGwinfried: is incoming s2s different from outgoing s2s?
What about spam protection?
winfriedThat are two questions
danielhas left
winfriedlets brainstorm on the first one first
winfriedoutgoing: the originating server operator is responsible for the transfer
Ge0rGAre there any restrictions on data imported from third countries?
winfriedGe0rG: no, because the EU has the best data protection laws :-D
pep.yet
winfriedso outgoing the operator wants to know the incoming server stays to the 'legitimate interest'
Ge0rGBut there is COPA!
Andrew Nenakhovhas left
Ge0rGwinfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level.
Ge0rGwinfried: it might be sane to assume all data sent over s2s as "third country"
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
winfriedincoming: though you may have a different contract with your own users (e.g. we publish everything) you *have* to assume incoming limits to legitimate interest
jonaswso no storage in MAM?
winfriedGe0rG: no, that is something that needs to be legally enforced
Ge0rGwinfried: MAM is covered by legitimate interest of the receiver, I'd say
jonasweven MAM forever?
Ge0rGjonasw: how is MAM forever different from the receiver putting logs of the chat up into the cloud?
jonaswit may not be
Ge0rGjonasw: MAM is controlled by the user(s client)
Ge0rGso from a legal PoV, the receiving user is responsible for MAM.
jonaswand that’s what I’ve been saying a few weeks ago but I got shot down here :)
Ge0rGjonasw: but not by me, as I do agree with that interpretation
jonaswnot sure, maybe I was simply unclear.
winfriedchecks his guns if he accidently shot jonasw - oops, gun logs are purged
Ge0rGso incoming s2s user data: might get stored in receiver's MAM
Ge0rGalso in offline storage, but I'd argue this is still part of the sender's legitimate interest
winfriedI am still chewing on:
» [13:11:05] <jonasw> even MAM forever?
vanillahas joined
Ge0rGwinfried: what's your issue with that?
moparisthebesthas joined
winfriedit is disproportionate in any way, but who's responsibility is it?
winfriedIt is upon request of the user (hopefully)
jonaswif it’s upon the request of the User, I’d argue that for the Purpose of storing the messages on the server, the User is the Controller and the Server (Operator) is merely the Processor.
Ge0rGIn theory, MAM should require consent from the user.
ludohas left
jonaswand thus it’s the users responsibility
ludohas joined
Ge0rGjonasw: that means the user needs to have full control over the data processing, including a way to purge the data.
pep.As long as there is consent I don't think it's disproprotionate. Now, that means we also need to provide means to alter this history?
Ge0rGpep.: consent from the receiving user?
winfrieduser can't be the controller (in the legal sense) but a controller may process when the user wants him too
pep.Ge0rG, or just prune parts
jonaswGe0rG, we need that for MAM anyways, I think?
pep.Ge0rG, yes receiving
jonaswtombstoning is at least provisioned. purging everything *up to a date* is possible, too.
winfriedyes
Valerianhas joined
Guushas left
Ge0rGjonasw: will MAM auto-purge if you disable it?
jonaswGe0rG, I sure hope so :)
pep.I find tombstones useless, as it will only be for this particular user, the rest don't have to respect that, but well. purging has different use-cases
jonaswhas left
winfriedGe0rG: that should be added to the MAM-XEP too...
Ge0rGwinfried: I tend to agree.
pep.Is there a way to disable even
pep.Also MAM MUC is separate right?
Ge0rGpep.: yes
Ge0rGand yes
rtq3has joined
winfriedOn a MAM MUC: policy of publishing logs should be published
Ge0rG> If the user is entering a room in which the discussions are logged to a public archive (often accessible via HTTP), the service SHOULD allow the user to enter the room but MUST also warn the user that the discussions are logged.
andyhas joined
winfried(Yes, I can live with a tech todo on announcing log publication)
jonaswwinfried, MUC MAM access should be clearly defined (tech TODO), and there’s a presence status code for public logging (some clients already show that)
Andrew Nenakhovhas joined
Holgerhas left
pep.Ge0rG, yes, so that's handled already which is good, but it is a concern
winfriedSpam handling for next meeting
pep.I can't do +1, can do +2 and more
rtq3has left
rtq3has joined
Ge0rGI can't do this time Wed or Thu.
winfriedthis week is not possible for me... or it should be friday on 16:00 CEST
Ge0rG+1 for Fri 1600CEST
pep.Fine by me
winfriedjonasw: Friday 16:00 CEST?
pep.The spam handling question is in relation to 9.1 right? or not just?
andyhas left
winfriedpep.: yes, we may enter the realms of 9.1 there, but we may also run into some different issues, like automated decision making
winfried(to add more fun to it....)
pep.Does that fall under anything? it's "analysing" right?
pep.I mean worst that can happen to that is 9.1 right?
jonaswwinfried, hm, that’s tricky for me
jonaswbut I can arrange that once
winfriedjonasw: If possible, that would be great
jonaswokay
Ge0rGpep.: the question is probably whether we can do spam detection without going outside of 6.1
jonaswwill do
pep.Ge0rG, yeah
winfriedjonasw: thanks
pep.We should also try to see where we are with the goals at some point, regarding the "deadline"
pep.Fri 1600CEST it is then
pep.*bang*
winfriedI think we are chewing away slowly
winfriedbut doing a great job, bit by bit things are getting clear
winfriedand I think we are closer then we expect!
pep.I should try to come up with some requirements for the EULA XEP
winfriedkeep up the job!
pep.I have no idea what to use protocol-wise, but we can do that later
winfriedpep.: yes, think we are about at that point, Q1.1e
Ge0rGpep.: I thik we should first create the general EULA/ToS structure, then see which parts of it need encoding
winfriedbangs the gavel once again, good work guys!
Ge0rGThere is also https://en.wikipedia.org/wiki/P3P
pep.nice
pep.I wonder why that is "obsolete"
winfriedyes, it is, but probably an overshoot for our purposes
Holgerhas joined
andyhas joined
pep."[..] P3P has not been implemented widely due to the difficulty and lack of value."
winfriedit is hard to uniquely encode legal stuf to computer code
pep.Lack of value as in, every website has a privacy policy?
pep.right
winfriedno pressing legal needs, not high enough fines ;-)
winfriedthe GDPR may resurrect it...
pep.nah I think everybody's got their own framework nowadays
pep.At least the big ones
winfriedpep.: it tries to solve an esoteric problem that most people neatly try to ignore
danielhas left
Dave Cridlandhas left
winfriedeven in the medical world (where legal status is a big issue), everybody loves to ignore the problems that come along with it
Dave Cridlandhas left
winfriedor to state it differently: if you can communicate about a problem, you also need to solve it...
Ge0rGAh, my coworker sent me some info re 9.1: profile photos of employees are not article9 related data as long as they are not analyzed
pep.What does analyze mean here?
pep.If they're displayed internally that's ..?
pep.That requires consent I assume
marchas joined
winfriedpep.: categorized to categories like: 'gender, color of skin, skin-disorders, gaydar result' etc
winfrieddisplaying needs consent
winfriedhave to go now, see you on friday
pep.see you
UsLgaydar haha
winfriedhas left
Dave Cridlandhas left
UsLI guess its time to submerge in the gdpr stuff. Havn't really had the time yet. This metting made me curious
UsLs/metting/meeting
pep.Ge0rG, so if we regard messages as opaque, that means we can also do the same for emails right. That would definitely simplify things here at work
Dave Cridlandhas left
Guushas left
winfriedhas left
Ge0rGpep.: yes, I'd say so
Ge0rGpep.: same spam caveats apply
winfriedhas left
Holgerhas left
danielhas left
rtq3has left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas left
tuxhas joined
Guushas left
Dave Cridlandhas left
pep.Yeah
winfriedhas left
jjrhhas left
pep.Though, for company emails that's different right? Maybe the company can assume that everything that's done under company email is for work (even if I know it's never always the case)
winfriedhas left
Holgerhas left
marchas left
winfriedhas left
winfriedhas left
Steve Killehas left
andyhas joined
winfriedhas left
Dave Cridlandhas left
winfriedhas left
winfriedhas left
Dave Cridlandhas left
Holgerhas left
winfriedhas left
winfriedhas left
vanitasvitaehas left
Dave Cridlandhas left
winfriedhas left
winfriedhas left
winfriedhas left
Dave Cridlandhas left
danielhas left
Holgerhas left
winfriedhas left
Dave Cridlandhas left
Dave Cridlandhas left
winfriedhas left
winfriedhas left
Dave Cridlandhas left
Ge0rGhas joined
winfriedhas left
winfriedhas left
vanillahas joined
vanillahas joined
Steve Killehas joined
rtq3has joined
Dave Cridlandhas left
Dave Cridlandhas left
winfriedhas left
jerehas joined
Dave Cridlandhas left
tahas joined
tahas joined
andyhas left
andyhas joined
Dave Cridlandhas left
vanillahas joined
andyhas left
andyhas joined
vanillahas joined
winfriedhas left
jubalhhas joined
jubalhhas left
Dave Cridlandhas left
lnjhas left
Dave Cridlandhas left
vanillahas joined
vanillahas joined
winfriedhas left
Dave Cridlandhas left
andyhas left
winfriedhas left
winfriedhas left
andyhas joined
Dave Cridlandhas left
andyhas left
andyhas joined
Dave Cridlandhas left
lskdjfhas left
p4kg866xxhas joined
p4kg866xxhas left
winfriedhas left
winfriedhas left
rtq3has left
winfriedhas left
winfriedhas left
andyhas left
andyhas joined
Guushas left
Guushas left
andyhas left
andyhas joined
Dave Cridlandhas left
winfriedhas left
rionhas left
rionhas joined
winfriedhas left
vanillahas joined
rtq3has joined
Dave Cridlandhas left
Guushas left
andyhas left
andyhas joined
vanillahas joined
alexishas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
winfriedhas left
@Alacerhas left
winfriedhas left
vanillahas joined
vanillahas joined
winfriedhas left
@Alacerhas joined
andyhas left
andyhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Dave Cridlandhas left
Dave Cridlandhas left
winfriedhas left
winfriedhas left
winfriedhas left
alexishas joined
winfriedhas left
Dave Cridlandhas left
Steve Killehas left
winfriedhas left
Valerianhas left
Maranda> winfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level.
> winfried: it might be sane to assume all data sent over s2s as "third country"
🕺
@Alacerhas left
@Alacerhas joined
Dave Cridlandhas left
alexishas left
lnjhas left
ThibGhas left
ThibGhas joined
alexishas joined
winfriedhas left
Dave Cridlandhas left
lnjhas joined
edhelashas left
winfriedhas left
mrdoctorwhohas left
edhelashas joined
winfriedhas left
jubalhhas joined
Valerianhas joined
jubalhhas left
jubalhhas joined
winfriedhas left
winfriedhas left
winfriedhas left
moparisthebesthas left
winfriedhas left
winfriedhas left
andyhas left
andyhas joined
moparisthebestThe watchdog’s actions prompted Kremlin officials to move from Telegram to the ICQ chat service, owned by billionaire Alisher Usmanov’s Mail.ru, for communications with Russian and international media.
Guushas left
Guushas left
moparisthebestsoooo, ICQ still exists? wow
jjrhhas left
jjrhhas left
MarandaYes
alexishas left
rtq3has left
alexishas joined
jjrhhas left
Dave Cridlandhas left
Ge0rGICQ is owned by Russia now? wow
winfriedhas left
vanitasvitaeGe0rG: as is vKontakte :)
Dave Cridlandhas left
ThibGhas joined
lnjhas joined
alexishas left
alexishas joined
tahas joined
Dave Cridlandhas left
UsLa far leap from the Israeli mirabilis..
Ge0rGMossad, CIA, FSB. It's been a long journey
moulhas joined
rtq3has joined
jubalhhas joined
UsLindeed : )
j.rhas left
Steve Killehas joined
marmistrzhas left
j.rhas joined
andyhas left
efrithas left
Dave Cridlandhas left
SamWhitedhas left
Alexhas left
SamWhitedhas joined
Dave Cridlandhas left
jjrhhas left
Andrew Nenakhovhas left
jjrhhas left
Andrew Nenakhovhas joined
efrithas joined
Dave Cridlandhas left
jjrhhas left
Guushas left
jerehas left
tuxhas joined
Dave Cridlandhas left
jerehas joined
j.rhas left
alexishas left
alexishas joined
vanitasvitaehas left
vanitasvitaehas joined
Guushas left
ludohas left
ludohas joined
Dave Cridlandhas left
blablahas joined
Dave Cridlandhas left
Guushas left
rtq3has left
ludohas left
ludohas joined
Dave Cridlandhas left
lskdjfhas joined
Dave Cridlandhas left
winfriedhas left
winfriedhas joined
@Alacerhas left
@Alacerhas joined
Dave Cridlandhas left
blablahas left
Dave Cridlandhas left
efrithas left
SaltyBoneshas left
Steve Killehas left
rtq3has joined
waqashas joined
lskdjfhas joined
moparisthebesthas left
Dave Cridlandhas left
danielhas left
vanitasvitaehas joined
rtq3has left
rtq3has joined
Dave Cridlandhas left
matlaghas left
blablahas left
Steve Killehas joined
Dave Cridlandhas left
alexishas left
jjrhhas left
alexishas joined
jjrhhas left
Valerianhas left
jjrhhas left
lumihas left
jubalhhas joined
jubalhhas left
lovetoxhas joined
mrdoctorwhohas left
rionhas left
rionhas joined
rtq3has left
jubalhhas joined
waqashas left
waqashas joined
jerehas joined
sezuanhas left
ibikkhas joined
vanitasvitaehas left
Dave Cridlandhas left
andyhas joined
Timhas left
Timhas left
alexishas left
Dave Cridlandhas left
alexishas joined
Guushas left
Timhas joined
jerehas joined
marchas joined
alexishas left
alexishas joined
lskdjfhas left
alexishas left
alexishas joined
Guushas left
moparisthebestThe expert believes that another way to blackmail inattentive server owners is by creating snapshots of the exposed servers and contacting companies after May 25, asking for a Bitcoin ransom not to report the company to EU authorities, where they stand to receive a hefty fine.
Timhas joined
moparisthebestha who knew EU was introducing a new way to blackmail companies? thanks EU ! :)
jerehas left
jerehas joined
Timhas joined
Guushas left
Guushas left
Guushas left
rtq3has joined
Valerianhas joined
Valerianhas left
Valerianhas joined
ralphmhas left
Dave Cridlandhas left
edhelashas left
edhelashas joined
Dave Cridlandhas left
Dave Cridlandhas left
Marandawell so Cisco Jabber is actually capable of STARTTLS on s2s streams 🤔
Marandawhy not enabling that on cisco.com then
Marandapft
Dave Cridlandhas left
Dave Cridlandhas left
rtq3has left
lovetoxhas left
j.rhas joined
ludohas left
ludohas joined
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
marchas left
ludohas left
ludohas joined
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
SamWhitedhas left
Dave Cridlandhas left
jubalhhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
vanitasvitaehas joined
sezuanhas left
sezuanhas joined
rtq3has joined
rtq3has left
rtq3has joined
Dave Cridlandhas left
Dave Cridlandhas left
vanitasvitaehas left
vanitasvitaehas joined
Dave Cridlandhas left
Dave Cridlandhas left
marchas joined
Dave Cridlandhas left
Dave Cridlandhas left
Valerianhas left
rtq3has left
ralphmhas joined
vanitasvitaehas left
la|r|mahas joined
jerehas left
ibikkhas left
tuxhas joined
Dave Cridlandhas left
Valerianhas joined
lnjhas left
ralphmhas left
jerehas joined
Guushas left
Tobiashas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Dave Cridlandhas left
Andrew Nenakhovhas joined
fippomaranda: it is. iirc you only get that if you talk to the people over there though
edhelashas left
Marandafippo I'm not sure I understand, a lot of users on my server have cisco.com contacts and cisco.com never encrypts, that's why I need to still have an exception for it.
Dave Cridlandhas left
Dave Cridlandhas left
HolgerMaranda: Same here. And yes Cisco Jabber does support STARTTLS on s2s.
fippomaranda: s/people/admins/
Dave Cridlandhas left
vanitasvitaehas joined
lnjhas joined
rtq3has joined
Dave Cridlandhas left
Dave Cridlandhas left
ThibGhas left
ThibGhas joined
marchas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
ludohas left
ludohas joined
Maranda🤔
fippofrom what i heard they need to enable tls for a particular peer domain. but that was ~5 years ago
Marandafippo, and they don't enable it on cisco.com ? lol
waqasI think he means they need to enable it for your domain
waqasThat seems like such a pain
Marandawaqas, and I repeat: *and they don't enable it on cisco.com ? lol*
Maranda😏
fippocisco.com admins have to enable tls for your domain.
Marandacisco.com *IS* the domain
fippoyou run cisco.com?
MarandaNo I don't
MarandaBut I'm connecting to it
Zash...
Maranda(via s2s)
Maranda(and viceversa)
fipposo cisco.com will look at your domain, check its config "is this guy trustworthy to enable tls?" and probably not find anything
Maranda. . .
ZashMaranda: Pretty sure you wrote a plugin that does exacly this.
lnjhas left
MarandaOk sorry I got it now, and it's hilarious.
MarandaSo,
Dave Cridlandhas left
Maranda*they* have to enable tls for s2s on a particular *remote* domain? *REALLY*?
Dave Cridlandhas left
Marandaface desks.
fippojob security for the admin. i've seen similar things in lync
MarandaZash, mine is an exception to make it work, this is just purely demented.
Dave Cridlandhas left
Marandafippo, and I didn't catch "peer" when reading, tired eyes/brain :)
marchas left
fippoat least you don't start scratching your eyes out now that you understood it :-)
rtq3has left
rtq3has joined
lumihas joined
Alexhas joined
Valerianhas left
Valerianhas joined
moparisthebestour lync only federates if the admins explicitly set it up for specific remote domains
moparisthebestbasically ruins the concept of federation, but ¯\_(ツ)_/¯
Marandathat's fair
Marandanot enabling tls *if offered* without admin intervention is dumb imho.
moparisthebestyes that does seem far dumber
Valerianhas left
Valerianhas joined
ZashWhat's wrong with per remote feature settings? Other than the usuall _encrypt all the things_
Alexhas left
MarandaIf I respond nothing other than, will that trigger some trap? 😎
ZashYou will be locked in a room along with a packet capture and not let out until you find the layer 8 problem in the encrypted stream.
MarandaDisabling TLS does make sense if the other end does have issues with it or not support, the other way around: E_DOESNT_COMPUTE
MarandaHehe
j.rhas joined
HolgerYou can enable TLS for all s2s connections in Cisco Jabber these days.
jjrhhas left
MarandaHolger, yes I found out stumbling on buffalo.edu
Dave Cridlandhas left
jjrhhas left
Guushas left
jjrhhas left
jjrhhas left
lskdjfhas left
Ge0rGHm. The only contact I had on Cisco.com changed his job recently, so I can't care much any more
edhelasThat's maybe a sign
lskdjfhas joined
jjrhhas left
Dave Cridlandhas left
lnjhas joined
MarandaGe0rG, I still see traffic, also there some more contacts from I think hosted domains, also nike.com
lskdjfhas left
Tobiashas joined
lskdjfhas left
SamWhitedhas left
lskdjfhas joined
lskdjfhas left
Guushas left
Tobiashas joined
lskdjfhas joined
Marandahas joined
marmistrzhas joined
SamWhitedhas joined
waqasLync was the other service I was thinking of where I had to deal with this. I'm happy I haven't had to deal with Lync in a few years…it's great for job security though
@Alacerhas left
moparisthebestit's "Skype for Business" now, and blue instead of green, still can't reliably send files though so at least some things don't change
Guushas left
Guushas left
@Alacerhas joined
waqasIt was very much enterprise, MS tech people helping us set it up failed (because we had a cloud based environment, and they had a very weird set of hardware and network topology requirements…)
Ge0rGI'd love to know how to federate with Lync from my XMPP server. Or even how to login from XMPP as a given Lync user.
edhelashas left
moparisthebestthe lync admins have to set up a special XMPP federation bridge
moparisthebestand in practice it seems no one does this
Dave Cridlandhas left
Ge0rGWhat if our Lync is hosted in O365?
moparisthebestI used to have a lync transport from xmpp, using libpurple-sipe and such, but it broke years ago
Ge0rGlibpurple. I'm not going down that road.
waqasMattJ: Had we succeeded in the Prosody-Lync bridge, or did we never manage it? I recall it being a works-with-ejabberd product, not proper XMPP.
moparisthebestours is on O365 and federation is still something they have to turn on manually, maybe it's just an admin setting there? don't know
waqasIIRC it was sensitive to e.g., certain consecutive parts of the stream being in the same TCP packet or not, etc. Lots of other fun things we ran into. Skype for Business UX also is terrible.
waqas(dumb stuff like sending an XMPP message to someone wouldn't show a notification, so they'd never know)
Maranda🤔
moparisthebestall the time we get a popup in the corner 'PERSONX sent you a message [accept] [ignore]'
moparisthebestand then you click accept, and you don't see the first few messages they sent before you clicked accept
moparisthebestI honestly don't know how people think this is a good system
Marandadidn't you need some Lync Edge Server vattelapesca thing for xmpp federation?
waqasmoparisthebest: Ask your admins :P
marchas joined
waqasYes, it's a bridge
moparisthebestthe best thing is just a braindead policy decision
waqasWe were annoyed enough that we were considering if it'd be saner to use a Prosody->SIP->Lync setup
moparisthebestwe must use contractors for new development, contractors can have VPN access to our systems, contractors cannot have lync accounts, so we can't IM them
moparisthebestI ended up setting up an IRC server and https://kiwiirc.com/ on a dev server :'(
MarandaI don't wanna know the usual CAL junk in le MS Fashion behind something like Lync though (one of the reason everyone needing M$ going cloudy these days)
tahas joined
Maranda(the CALs are "included")
moparisthebestnow corporate is spamming us with these emails to use "Yammer" which as far as I can tell is a microsoft workplace facebook/twitter clone or something
moparisthebestwho would seriously want to do this?????
remkohas left
lovetoxhas joined
danielhas left
Ge0rGSo everyone agrees Lync is a horrible mess. But nobody has an XMPP-based drop-in replacement with screen sharing and VoIP
Dave Cridlandhas left
ZashJitsi?
moparisthebestdoesn't matter, lync screen sharing and voip never works
moparisthebestwe use webex for that
Ge0rGmoparisthebest: screen sharing works well here, voip mostly
moparisthebestvoip on lync has *never* worked for us, we use conference calls or webex
moparisthebestscreen sharing used to work until about a month ago
moparisthebestthen they decided to fix the terrible latency by reducing quality to a point where you can't read letters anymore
moparisthebestso, now it is also useless
waqasGe0rG: An XMPP replacement wouldn't help. Those who could already jumped over to Slack (I know a few orgs which migrated to Slack from enterprise IM solutions).
waqasI think the Lync team has learned that given how their product is sold to enterprise exec teams, usability and quality doesn't actually impact the bottom line.
Ge0rGmoparisthebest: hm. interesting point. I had bad lags with a coworker today, but I blamed his wifi
moparisthebestthat seems correct waqas , it's just part of the exchange/outlook package
Ge0rGwaqas: I don't care about Slack and I'd love to migrate our 20-person business away.
Ge0rGwaqas: unfortunately, the Outlook / calendar integration is a huge selling point
waqasAnd integration with the MS stack in general, the admin tools, policies, etc
Guushas left
j.rhas joined
j.rhas left
j.rhas joined
Ge0rGYeah, but I suppose I could convince my coworkers with a better mobile UX if we keep screen sharing and possibly VoIP
waqasHow's skype for business on mobile? I've only seen it on desktop
j.rhas joined
j.rhas joined
j.rhas joined
blablahas joined
Valerianhas left
Valerianhas joined
Guushas left
Valerianhas left
jubalhhas joined
j.rhas joined
j.rhas joined
j.rhas left
j.rhas joined
j.rhas left
j.rhas joined
Guushas left
j.rhas left
j.rhas joined
Ge0rGwaqas: it sucks. Pretty bloated app, and you don't get messages to both Desktop and mobile
Ge0rGSo you have message loss along the way
j.rhas joined
Ge0rGKind of like xmpp without 0198 and carbons
Yagizahas left
Dave Cridlandhas left
j.rhas joined
j.rhas joined
j.rhas joined
jubalhhas left
j.rhas joined
MarandaAnd crashes on startup sync in the best Skype tradition?
Maranda:P
j.rhas joined
Marandaor not?
Dave Cridlandhas left
j.rhas joined
j.rhas joined
tahas joined
j.rhas left
j.rhas joined
moparisthebestour stuff is hosted on O365 but still only allows connections from the work VPN
moparisthebestso it's the worst of both worlds
j.rhas joined
j.rhas joined
Dave Cridlandhas left
j.rhas joined
jerehas joined
j.rhas joined
j.rhas joined
j.rhas joined
jerehas joined
j.rhas joined
sezuanhas left
j.rhas joined
j.rhas joined
j.rhas left
j.rhas joined
ludohas left
lskdjfhas joined
lskdjfhas left
ibikkhas left
marmistrzhas left
andyhas left
ibikkhas joined
lumihas left
lumihas joined
lumihas left
lumihas joined
jjrhKinda surprised enterprises are going slack considering it's like $8 a seat.
jjrhI mean $80 a month for 10 users is pretty steep
ZashThat's probably nothing for an ENTERPRISE
Ge0rGYeah, or they just stick to the free plan somehow
jjrhI'm not sure it's a great deal for enterprises who need like 1000 seats.
MattJAny idea how much Lync costs?
Marandajjrh, for 5000 users with M$ Exchange you may arrive to pay like $800k a year
ZashAny idea how much the coffee consumed by 1k people costs?
jjrhMaranda, yeah but exchange provides a whole lot more than chat.
Maranda(that's licensing)
lskdjfhas left
Dave Cridlandhas left
jjrhI mean that's still nutty to me but considering email is in many cases more critical than even phones I can see businesses justifying it.
remkohas joined
Marandajjrh, hmm not really beside some very nutty cases of course :P
jjrhhas left
jjrhhas left
lovetoxhas left
lovetoxhas joined
Marandajjrh, and doesn't provide that much, spam wise for example Exchange doesn't support SPF, DMARC or DKIM iirc, only O365/OWA (Hotmail) does.
SamWhitedprotip: enterprises don't care at all how much it costs as long as they can get a demo, good support, and a fixed and predictable price that includes the ability to expand service in the future. $8 per seat is *nothing* compared to the cost of the paycheck of all the people who will have to set it up and deal with it.
lskdjfhas left
Zashhas left
MarandaSamWhited, not at that level :P, infact you won't see a single ISP (beside Microsoft itself) ever deploying Exchange.
jjrhSamWhited, I mean I totally get that and i'm not suggesting enterprises deploy and support their own solution for chat, but it seems like $8 per seat (and their enterprise version is like $12) isn't a great deal when say https://about.mattermost.com/pricing/ has a $3.25 a seat and a 'custom pricing' for when you have a lot of users.
jjrhI dunno maybe mattermost sucks never used it
Marandabut of course 8*5000 = 40k so it's doable :P
Maranda12 per seat as well
SamWhitedDoes mattermost provide them with a person who flies out and does a demo?
SamWhitedDo they provide SLAs? Really good tech support?
jjrhProbably
jubalhhas joined
MarandaI wonder how people will do with the recent Slack introductions
SamWhitedI have no idea, they might, but the price just doesn't matter at all.
Marandain terms of privacy
jubalhhas left
jubalhhas joined
jjrhI'd be curious how much profit slack is actually making. Maybe their pricing is to offset the free offerings and their hosting costs are dirt cheap so they don't really need many customers
Guushas left
SamWhitedAlso, places that used to buy from a previous job I was in did heavy risk analysis: will mattermost go out of business tomorrow and we'll have to switch again? Not likely, but maybe. Will Slack? Probably not.
Maranda(Like that a team owner or something has access to all the data, even private message)
SamWhitedDo you not have that with mattermost? Because that's also a plus for slack in the enterprise space if so
Zashcompliance logging and such, yeah
SamWhitedBut anyways, point was that price doesn't matter at all. It's probably not even part of their considerations. Stuff like that does.
efrithas joined
rtq3has left
rtq3has joined
jjrhI'm not sure I would bank on slack staying in business. Chat is fickle, and a logical thing for voip providers to start selling.
marchas left
remkohas left
jjrhI would think that enterprises would be a little nervous about having their chat data hosted in datacenters they don't own. Maybe if you're dropping half a million a year slack will do whatever you want.
rtq3has left
SamWhitedYah, that part is the tough one. Depending on who you are and what you do, a lot of places really have to have a behind-the-firewall version, which is why HipChat Server makes so much money.
rtq3has joined
fippocisco also had some fancy stuff about full encryption (including search) for spark. selling point apparently
Dave Cridlandhas left
SamWhitedoh nifty, I didn't know that; I really wanted to try to build something like that while at HipChat but couldn't convince anyone that it would be a selling point.
Ge0rGMost BigCorp have adopted the cloud by now so on premise chat servers are only interesting for medical and military services now
jjrhThey have adopted the cloud but their own cloud
jjrhand on premise is more "on our vpn"
SaltyBoneshas left
ThibGhas joined
@Alacerhas left
@Alacerhas joined
Dave Cridlandhas left
remkohas left
Ge0rGjjrh: not my experience with multiple big customers
jjrhInteresting. I would have thought there would be legal implications depending on where the server is located and a risk that the SAS company could be compelled to give up your data if they run into issues.
Syndacehas joined
valohas left
SamWhitedGe0rG: that's actually what I've found to be true for the most part. At ThreatGRID we couldn't do anything that wasn't a physical on-prem device because we serviced a lot of financial sector people, but at HipChat Server we *only* supported AWS, because basically everyone had their private networks hooked up to Amazon or entirely within Amazon.
Ge0rGjjrh: that was my initial guess as well, but if you are an international company, you are susceptible to the laws of whoever wants your data anyway
efrithas left
SamWhitedSo outside of finance and military stuff, everyone seemed to be fine with "private clouds"
Ge0rG"private" networks.
SamWhitedThey're private, because if they're not Amazon gets sued for billions of dollars. They have good insentive to make them as private as possible.
Ge0rGYeah, seeing an enterprise with 100k+ employees fully embracing O365 made my head spin.
SamWhited0365?
Ge0rGMicrosoft Office 365, the cloud offering
Zash0 or O
SamWhitedahh,
Dave Cridlandhas left
SamWhitedI assumed you did not mean XEP-0365, or RFC 365, neither of which made sense but both of which I thought of in the context of this chat
jjrhBut isn't the difference here that if you use slack they are running 100% of the show - today they might be on AWS, tomorrow on some other service, but you as a customer really don't have any say regarding that.
Ge0rGZash: fix your font
SamWhitedheh, they look completely different in my terminal and I still didn't notice that that was an "O"
XSF Discussion - 2018-04-17