XSF Discussion - 2018-04-17


  1. jonasw

    Maranda, I don’t think so

  2. jonasw

    it also isn’t that much work to support both

  3. Maranda

    jonasw, Gajim uses it at least

  4. pep.

    gdpr meeting in about in hour?

  5. Ge0rG

    yeah

  6. winfried

    GDPR meeting in 3 minutes

  7. jonasw

    .

  8. jonasw

    🐈

  9. pep.

    Almost there!

  10. Ge0rG

    Uh-oh.

  11. pep.

    ! I'm here

  12. winfried

    so am I ;-)

  13. jonasw

    me 2

  14. jonasw hands the gavel to winfried

  15. winfried bangs the gavel

  16. winfried

    I propose we take a look at LQ1 and subsequently continue filling the Wiki (though I have a little point we may have been forgetting)

  17. jonasw

    okay

  18. jonasw

    we aren’t lawyers, so how we’re supposed to deal with LQ1?

  19. winfried

    I must say, I haven't had time to update the wiki, don't know how up to date it is.

  20. pep.

    Sorry for the minutes last week, it's been a fun week

  21. pep.

    Maybe we want to start drafting a template data policy at some point?

  22. winfried

    pep.: I know the feeling... have double appointments on all days of this week

  23. winfried

    pep.: yes, I think so, but we first have to see what choices we can/have to make...

  24. Ge0rG

    I've had a chat with our GDPR expert, and he said that message content is similar to picture uploads. As long as we treat it as an opaque blob and don't analyze it, art9 doesn't apply. He is going to send me a reference to an according legal analysis some time today

  25. jonasw

    uh

  26. pep.

    nice

  27. jonasw

    that is amazing news.

  28. winfried

    Ge0rG: great

  29. jonasw

    --- except for your mod_firewall.

  30. pep.

    yes

  31. pep.

    I was thinking about that

  32. jonasw

    (which makes me wonder about bayes filters at big mail corps, but that’s another topic)

  33. winfried

    One reaction I got on LQ1 is art. 9.2e

  34. winfried

    but that one is without references

  35. Ge0rG

    From http://www.privacy-regulation.eu/en/recital-51-GDPR.htm > The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person.

  36. winfried

    I propose to treat (for now) LQ1 as: "not subject to 9.1"

  37. jonasw

    winfried, makes sense to me.

  38. Ge0rG

    winfried: 👍

  39. pep.

    mod_firewall is not making any derivative data from what it "analyses", and there's not way for us to know what triggered it right? I mean except it you log it

  40. jonasw

    with a huge "UNLESS you analyze the text in any way"

  41. Ge0rG

    jonasw: in a way that is allowed to extract art9 data

  42. Ge0rG

    jonasw: in a way that allows to extract art9 data

  43. winfried

    Ge0rG: +1

  44. jonasw

    Ge0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendl@ or inadvertendly) message content which contains art 9 data?

  45. Ge0rG

    my mod_firewall isn't deriving information about sexual / religious beliefs, merely about mass-messages.

  46. jonasw

    Ge0rG, did you ask your GDPR expert about the fact that MAM archives are unencrypted and thus operators may access (advertendly or inadvertendly) message content which contains art 9 data?

  47. jonasw

    that was raised by Peter on list I think.

  48. Ge0rG

    jonasw: still pending.

  49. jonasw

    so you did ask, but not have a reply yet?

  50. winfried

    jonasw: does MAM have a consent mechanism? What is its default?

  51. Ge0rG

    jonasw: didn't have much time with him

  52. jonasw

    winfried, it is normally opt-in, except on Prosody ;-).

  53. pep.

    winfried, I don't think it has at all atm

  54. Ge0rG

    jonasw: we fixed that

  55. pep.

    jonasw, opt-in although most clients do it when available?

  56. jonasw

    winfried, it is normally opt-in (except on Prosody in the past ;-)).

  57. Ge0rG

    winfried: there is no GDPR data consent dialog when you enable MAM. Servers and clients will auto-enable it on first use, typically

  58. jonasw

    pep., yes, although that’s a problem of the client then.

  59. pep.

    yeah..

  60. Ge0rG

    so it's rather opt-out

  61. jonasw

    not conceptually, and not on the server side.

  62. pep.

    Ge0rG, you fixed that in what version of prosody, and when is it going to be deployed :P

  63. Zash

    Opt-in by server operator

  64. winfried

    This may be a point for an implementation guide.... or so

  65. jonasw

    winfried, indeed, it should be mentioned in the MAM XEP.

  66. jonasw

    pep., can you add that to the technical TODO?

  67. pep.

    that?

  68. Ge0rG

    winfried: except that users don't like consent dialogs ;)

  69. pep.

    Ah, MAM

  70. jonasw

    pep., "Add a note to the MAM XEP about GDPR consent requirements."

  71. Zash

    And clients don't expose the settings

  72. Ge0rG

    > pep., "Add a note to the MAM XEP about GDPR consent requirements." 👍

  73. pep.

    Ge0rG, well.. they'll have no choice, everybody will want to cover their asses now

  74. jonasw

    Ge0rG, that message did not follow my reactions draft format!

  75. jonasw

    I know because JabberCat didn’t show it properly ;P

  76. Ge0rG

    Zash: and the XEP doesn't provide a way to differentiate between "explicitly set" and "enabled by default"

  77. Ge0rG

    jonasw: you mean my quote-with-yaxim format that you shamelessly copied?

  78. winfried

    jonasw: fix JabberCat :-P

  79. jonasw

    ahm. let’s continue with on-topic *whistles*

  80. Ge0rG

    yes please.

  81. jonasw

    Ge0rG 2018-04-17T10:46:55.668869: > yes please. 🤦🏿‍♀️

  82. jonasw

    derp.

  83. Ge0rG

    jonasw: `2018-04-17T10:46:55.668869`, seriously?

  84. jonasw

    okay, so LQ1 resolves to "Not 9.1, unless you extract 9.1-ish data from it somehow"

  85. jonasw looks at the wiki to find gaps to fill.

  86. winfried

    I was wondering if file transfer needs a special status in the processings XMPP does...

  87. Ge0rG

    winfried: I don't think so. it's a direct client-to-client transmission, and the server only sees metadata

  88. Ge0rG

    Were we done with Q1.1d S2S?

  89. pep.

    Ge0rG, unless BoB?

  90. jonasw

    Ge0rG, uhm. In-Band Bytestreams, BoB, HTTP Upload

  91. Ge0rG

    I'm pretty sure we have all of that covered by "user content"

  92. jonasw

    so unless you happen to do TURN-less jingle (rather rare), I don’t see how that’s client-to-client.

  93. jonasw

    possibly

  94. Ge0rG

    * typical: with account, MAM/files for a given amount of time

  95. pep.

    yeah

  96. winfried

    Ge0rG: adding that covers it all?

  97. Ge0rG

    winfried: it's in the wiki already

  98. winfried

    ah, switching back and forth on a small screen right now... (sitting in the middle of THE care ICT trade in NL right now)

  99. winfried

    Q1.1d s2s

  100. pep.

    hmm, there's a bit on 1.1d in the wiki, but that's not last week's

  101. winfried

    they are notes from earlier meetings

  102. pep.

    Also I propose we skip 1.1e, as I don't feel confident going into even more speculation

  103. pep.

    IANAL

  104. winfried

    looking at Q1.1d, I realized there are two things to cover

  105. winfried

    the transfer of the data itself

  106. winfried

    and the processing of the data on the other server

  107. winfried

    both need a legal ground

  108. Ge0rG

    winfried: I'd argue legitimate interest of the user to get messages delivered, for both points.

  109. Ge0rG

    winfried: that also implies that the other data processor may not apply processing to the data that goes beyond what's needed for that legitimate interest

  110. winfried

    Ge0rG: what article do you mean by legitimate interest?

  111. Ge0rG

    winfried: 6(1)b

  112. winfried

    Ge0rG: yes agree

  113. winfried

    and agree to the limitation you mention

  114. pep.

    But we can't assume that can we

  115. Ge0rG

    For Q1.1e we should probably write down all these things into a data processing policy

  116. winfried

    Ge0rG: exactly, this something we should cover in Q1.1e

  117. winfried

    pep.: in some way we need to 'safeguard' we can assume this

  118. pep.

    There might be server admins that will want to assume the worst and ask consent for most things

  119. Ge0rG

    pep.: for third-country servers, Art. 49(1)b should apply in the same way as 6(1)b for intra-EU

  120. winfried

    Ge0rG: +1

  121. Ge0rG

    I'm pretty sure we can say that the user has a contract with the server operator, and that sending data to another user on another server is part of the contract

  122. winfried

    Ge0rG: +1

  123. winfried

    Do we have Q1.1d covered like this?

  124. Ge0rG

    winfried: is incoming s2s different from outgoing s2s? What about spam protection?

  125. winfried

    That are two questions

  126. winfried

    lets brainstorm on the first one first

  127. winfried

    outgoing: the originating server operator is responsible for the transfer

  128. Ge0rG

    Are there any restrictions on data imported from third countries?

  129. winfried

    Ge0rG: no, because the EU has the best data protection laws :-D

  130. pep.

    yet

  131. winfried

    so outgoing the operator wants to know the incoming server stays to the 'legitimate interest'

  132. Ge0rG

    But there is COPA!

  133. Ge0rG

    winfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level.

  134. Ge0rG

    winfried: it might be sane to assume all data sent over s2s as "third country"

  135. winfried

    incoming: though you may have a different contract with your own users (e.g. we publish everything) you *have* to assume incoming limits to legitimate interest

  136. jonasw

    so no storage in MAM?

  137. winfried

    Ge0rG: no, that is something that needs to be legally enforced

  138. Ge0rG

    winfried: MAM is covered by legitimate interest of the receiver, I'd say

  139. jonasw

    even MAM forever?

  140. Ge0rG

    jonasw: how is MAM forever different from the receiver putting logs of the chat up into the cloud?

  141. jonasw

    it may not be

  142. Ge0rG

    jonasw: MAM is controlled by the user(s client)

  143. Ge0rG

    so from a legal PoV, the receiving user is responsible for MAM.

  144. jonasw

    and that’s what I’ve been saying a few weeks ago but I got shot down here :)

  145. Ge0rG

    jonasw: but not by me, as I do agree with that interpretation

  146. jonasw

    not sure, maybe I was simply unclear.

  147. winfried checks his guns if he accidently shot jonasw - oops, gun logs are purged

  148. Ge0rG

    so incoming s2s user data: might get stored in receiver's MAM

  149. Ge0rG

    also in offline storage, but I'd argue this is still part of the sender's legitimate interest

  150. winfried

    I am still chewing on: » [13:11:05] <jonasw> even MAM forever?

  151. Ge0rG

    winfried: what's your issue with that?

  152. winfried

    it is disproportionate in any way, but who's responsibility is it?

  153. winfried

    It is upon request of the user (hopefully)

  154. jonasw

    if it’s upon the request of the User, I’d argue that for the Purpose of storing the messages on the server, the User is the Controller and the Server (Operator) is merely the Processor.

  155. Ge0rG

    In theory, MAM should require consent from the user.

  156. jonasw

    and thus it’s the users responsibility

  157. Ge0rG

    jonasw: that means the user needs to have full control over the data processing, including a way to purge the data.

  158. pep.

    As long as there is consent I don't think it's disproprotionate. Now, that means we also need to provide means to alter this history?

  159. Ge0rG

    pep.: consent from the receiving user?

  160. winfried

    user can't be the controller (in the legal sense) but a controller may process when the user wants him too

  161. pep.

    Ge0rG, or just prune parts

  162. jonasw

    Ge0rG, we need that for MAM anyways, I think?

  163. pep.

    Ge0rG, yes receiving

  164. jonasw

    tombstoning is at least provisioned. purging everything *up to a date* is possible, too.

  165. winfried

    yes

  166. Ge0rG

    jonasw: will MAM auto-purge if you disable it?

  167. jonasw

    Ge0rG, I sure hope so :)

  168. pep.

    I find tombstones useless, as it will only be for this particular user, the rest don't have to respect that, but well. purging has different use-cases

  169. winfried

    Ge0rG: that should be added to the MAM-XEP too...

  170. Ge0rG

    winfried: I tend to agree.

  171. pep.

    Is there a way to disable even

  172. pep.

    Also MAM MUC is separate right?

  173. Ge0rG

    pep.: yes

  174. Ge0rG

    and yes

  175. winfried

    On a MAM MUC: policy of publishing logs should be published

  176. pep.

    winfried, publishing as in http-like?

  177. pep.

    Or just providing MAM for other participants

  178. winfried

    pep.: yes

  179. Ge0rG

    winfried: MUC MAM should mimic MUC access.

  180. winfried

    like: XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  181. Ge0rG

    not sure if more hints are needed there.

  182. pep.

    Yeah I agree with Ge0rG on that

  183. pep.

    should we plan for next?

  184. Ge0rG

    yes please.

  185. winfried

    I would argue that it is not obvious that the logs are published and it is not necessary for 6.1b

  186. Ge0rG

    winfried: I think that like with MAM, this is a client UX todo

  187. Ge0rG

    so should be a tech todo for us

  188. pep.

    Ge0rG, hmm, publishing logs publicly (or even with some kind of auth) is server policy

  189. Ge0rG

    also please put the "spam handling" question on our TODO for next

  190. winfried

    Ge0rG: +1

  191. pep.

    (some kind of auth, not over xmpp**)

  192. pep.

    So, next?

  193. Ge0rG

    https://xmpp.org/extensions/xep-0045.html#enter-logging

  194. Ge0rG

    > If the user is entering a room in which the discussions are logged to a public archive (often accessible via HTTP), the service SHOULD allow the user to enter the room but MUST also warn the user that the discussions are logged.

  195. winfried

    (Yes, I can live with a tech todo on announcing log publication)

  196. jonasw

    winfried, MUC MAM access should be clearly defined (tech TODO), and there’s a presence status code for public logging (some clients already show that)

  197. pep.

    Ge0rG, yes, so that's handled already which is good, but it is a concern

  198. winfried

    Spam handling for next meeting

  199. pep.

    I can't do +1, can do +2 and more

  200. Ge0rG

    I can't do this time Wed or Thu.

  201. winfried

    this week is not possible for me... or it should be friday on 16:00 CEST

  202. Ge0rG

    +1 for Fri 1600CEST

  203. pep.

    Fine by me

  204. winfried

    jonasw: Friday 16:00 CEST?

  205. pep.

    The spam handling question is in relation to 9.1 right? or not just?

  206. winfried

    pep.: yes, we may enter the realms of 9.1 there, but we may also run into some different issues, like automated decision making

  207. winfried

    (to add more fun to it....)

  208. pep.

    Does that fall under anything? it's "analysing" right?

  209. pep.

    I mean worst that can happen to that is 9.1 right?

  210. jonasw

    winfried, hm, that’s tricky for me

  211. jonasw

    but I can arrange that once

  212. winfried

    jonasw: If possible, that would be great

  213. jonasw

    okay

  214. Ge0rG

    pep.: the question is probably whether we can do spam detection without going outside of 6.1

  215. jonasw

    will do

  216. pep.

    Ge0rG, yeah

  217. winfried

    jonasw: thanks

  218. pep.

    We should also try to see where we are with the goals at some point, regarding the "deadline"

  219. pep.

    Fri 1600CEST it is then

  220. pep.

    *bang*

  221. winfried

    I think we are chewing away slowly

  222. winfried

    but doing a great job, bit by bit things are getting clear

  223. winfried

    and I think we are closer then we expect!

  224. pep.

    I should try to come up with some requirements for the EULA XEP

  225. winfried

    keep up the job!

  226. pep.

    I have no idea what to use protocol-wise, but we can do that later

  227. winfried

    pep.: yes, think we are about at that point, Q1.1e

  228. Ge0rG

    pep.: I thik we should first create the general EULA/ToS structure, then see which parts of it need encoding

  229. winfried bangs the gavel once again, good work guys!

  230. Ge0rG

    There is also https://en.wikipedia.org/wiki/P3P

  231. pep.

    nice

  232. pep.

    I wonder why that is "obsolete"

  233. winfried

    yes, it is, but probably an overshoot for our purposes

  234. pep.

    "[..] P3P has not been implemented widely due to the difficulty and lack of value."

  235. winfried

    it is hard to uniquely encode legal stuf to computer code

  236. pep.

    Lack of value as in, every website has a privacy policy?

  237. pep.

    right

  238. winfried

    no pressing legal needs, not high enough fines ;-)

  239. winfried

    the GDPR may resurrect it...

  240. pep.

    nah I think everybody's got their own framework nowadays

  241. pep.

    At least the big ones

  242. winfried

    pep.: it tries to solve an esoteric problem that most people neatly try to ignore

  243. winfried

    even in the medical world (where legal status is a big issue), everybody loves to ignore the problems that come along with it

  244. winfried

    or to state it differently: if you can communicate about a problem, you also need to solve it...

  245. Ge0rG

    Ah, my coworker sent me some info re 9.1: profile photos of employees are not article9 related data as long as they are not analyzed

  246. pep.

    What does analyze mean here?

  247. pep.

    If they're displayed internally that's ..?

  248. pep.

    That requires consent I assume

  249. winfried

    pep.: categorized to categories like: 'gender, color of skin, skin-disorders, gaydar result' etc

  250. winfried

    displaying needs consent

  251. winfried

    have to go now, see you on friday

  252. pep.

    see you

  253. UsL

    gaydar haha

  254. UsL

    I guess its time to submerge in the gdpr stuff. Havn't really had the time yet. This metting made me curious

  255. UsL

    s/metting/meeting

  256. pep.

    Ge0rG, so if we regard messages as opaque, that means we can also do the same for emails right. That would definitely simplify things here at work

  257. Ge0rG

    pep.: yes, I'd say so

  258. Ge0rG

    pep.: same spam caveats apply

  259. pep.

    Yeah

  260. pep.

    Though, for company emails that's different right? Maybe the company can assume that everything that's done under company email is for work (even if I know it's never always the case)

  261. Maranda

    > winfried: I don't think we can enforce any kind of remote server processing restrictions at the protocol / logical level. > winfried: it might be sane to assume all data sent over s2s as "third country" 🕺

  262. moparisthebest

    The watchdog’s actions prompted Kremlin officials to move from Telegram to the ICQ chat service, owned by billionaire Alisher Usmanov’s Mail.ru, for communications with Russian and international media.

  263. moparisthebest

    soooo, ICQ still exists? wow

  264. Maranda

    Yes

  265. Ge0rG

    ICQ is owned by Russia now? wow

  266. vanitasvitae

    Ge0rG: as is vKontakte :)

  267. UsL

    a far leap from the Israeli mirabilis..

  268. Ge0rG

    Mossad, CIA, FSB. It's been a long journey

  269. UsL

    indeed : )

  270. moparisthebest

    The expert believes that another way to blackmail inattentive server owners is by creating snapshots of the exposed servers and contacting companies after May 25, asking for a Bitcoin ransom not to report the company to EU authorities, where they stand to receive a hefty fine.

  271. moparisthebest

    ha who knew EU was introducing a new way to blackmail companies? thanks EU ! :)

  272. Maranda

    well so Cisco Jabber is actually capable of STARTTLS on s2s streams 🤔

  273. Maranda

    why not enabling that on cisco.com then

  274. Maranda

    pft

  275. fippo

    maranda: it is. iirc you only get that if you talk to the people over there though

  276. Maranda

    fippo I'm not sure I understand, a lot of users on my server have cisco.com contacts and cisco.com never encrypts, that's why I need to still have an exception for it.

  277. Holger

    Maranda: Same here. And yes Cisco Jabber does support STARTTLS on s2s.

  278. fippo

    maranda: s/people/admins/

  279. Maranda

    🤔

  280. fippo

    from what i heard they need to enable tls for a particular peer domain. but that was ~5 years ago

  281. Maranda

    fippo, and they don't enable it on cisco.com ? lol

  282. waqas

    I think he means they need to enable it for your domain

  283. waqas

    That seems like such a pain

  284. Maranda

    waqas, and I repeat: *and they don't enable it on cisco.com ? lol*

  285. Maranda

    😏

  286. fippo

    cisco.com admins have to enable tls for your domain.

  287. Maranda

    cisco.com *IS* the domain

  288. fippo

    you run cisco.com?

  289. Maranda

    No I don't

  290. Maranda

    But I'm connecting to it

  291. Zash

    ...

  292. Maranda

    (via s2s)

  293. Maranda

    (and viceversa)

  294. fippo

    so cisco.com will look at your domain, check its config "is this guy trustworthy to enable tls?" and probably not find anything

  295. Maranda

    . . .

  296. Zash

    Maranda: Pretty sure you wrote a plugin that does exacly this.

  297. Maranda

    Ok sorry I got it now, and it's hilarious.

  298. Maranda

    So,

  299. Maranda

    *they* have to enable tls for s2s on a particular *remote* domain? *REALLY*?

  300. Maranda face desks.

  301. fippo

    job security for the admin. i've seen similar things in lync

  302. Maranda

    Zash, mine is an exception to make it work, this is just purely demented.

  303. Maranda

    fippo, and I didn't catch "peer" when reading, tired eyes/brain :)

  304. fippo

    at least you don't start scratching your eyes out now that you understood it :-)

  305. moparisthebest

    our lync only federates if the admins explicitly set it up for specific remote domains

  306. moparisthebest

    basically ruins the concept of federation, but ¯\_(ツ)_/¯

  307. Maranda

    that's fair

  308. Maranda

    not enabling tls *if offered* without admin intervention is dumb imho.

  309. moparisthebest

    yes that does seem far dumber

  310. Zash

    What's wrong with per remote feature settings? Other than the usuall _encrypt all the things_

  311. Maranda

    If I respond nothing other than, will that trigger some trap? 😎

  312. Zash

    You will be locked in a room along with a packet capture and not let out until you find the layer 8 problem in the encrypted stream.

  313. Maranda

    Disabling TLS does make sense if the other end does have issues with it or not support, the other way around: E_DOESNT_COMPUTE

  314. Maranda

    Hehe

  315. Holger

    You can enable TLS for all s2s connections in Cisco Jabber these days.

  316. Maranda

    Holger, yes I found out stumbling on buffalo.edu

  317. Ge0rG

    Hm. The only contact I had on Cisco.com changed his job recently, so I can't care much any more

  318. edhelas

    That's maybe a sign

  319. Maranda

    Ge0rG, I still see traffic, also there some more contacts from I think hosted domains, also nike.com

  320. waqas

    Lync was the other service I was thinking of where I had to deal with this. I'm happy I haven't had to deal with Lync in a few years…it's great for job security though

  321. moparisthebest

    it's "Skype for Business" now, and blue instead of green, still can't reliably send files though so at least some things don't change

  322. waqas

    It was very much enterprise, MS tech people helping us set it up failed (because we had a cloud based environment, and they had a very weird set of hardware and network topology requirements…)

  323. Ge0rG

    I'd love to know how to federate with Lync from my XMPP server. Or even how to login from XMPP as a given Lync user.

  324. moparisthebest

    the lync admins have to set up a special XMPP federation bridge

  325. moparisthebest

    and in practice it seems no one does this

  326. Ge0rG

    What if our Lync is hosted in O365?

  327. moparisthebest

    I used to have a lync transport from xmpp, using libpurple-sipe and such, but it broke years ago

  328. Ge0rG

    libpurple. I'm not going down that road.

  329. waqas

    MattJ: Had we succeeded in the Prosody-Lync bridge, or did we never manage it? I recall it being a works-with-ejabberd product, not proper XMPP.

  330. moparisthebest

    ours is on O365 and federation is still something they have to turn on manually, maybe it's just an admin setting there? don't know

  331. waqas

    IIRC it was sensitive to e.g., certain consecutive parts of the stream being in the same TCP packet or not, etc. Lots of other fun things we ran into. Skype for Business UX also is terrible.

  332. waqas

    (dumb stuff like sending an XMPP message to someone wouldn't show a notification, so they'd never know)

  333. Maranda

    🤔

  334. moparisthebest

    all the time we get a popup in the corner 'PERSONX sent you a message [accept] [ignore]'

  335. moparisthebest

    and then you click accept, and you don't see the first few messages they sent before you clicked accept

  336. moparisthebest

    I honestly don't know how people think this is a good system

  337. Maranda

    didn't you need some Lync Edge Server vattelapesca thing for xmpp federation?

  338. waqas

    moparisthebest: Ask your admins :P

  339. waqas

    Yes, it's a bridge

  340. moparisthebest

    the best thing is just a braindead policy decision

  341. waqas

    We were annoyed enough that we were considering if it'd be saner to use a Prosody->SIP->Lync setup

  342. moparisthebest

    we must use contractors for new development, contractors can have VPN access to our systems, contractors cannot have lync accounts, so we can't IM them

  343. moparisthebest

    I ended up setting up an IRC server and https://kiwiirc.com/ on a dev server :'(

  344. Maranda

    I don't wanna know the usual CAL junk in le MS Fashion behind something like Lync though (one of the reason everyone needing M$ going cloudy these days)

  345. Maranda

    (the CALs are "included")

  346. moparisthebest

    now corporate is spamming us with these emails to use "Yammer" which as far as I can tell is a microsoft workplace facebook/twitter clone or something

  347. moparisthebest

    who would seriously want to do this?????

  348. Ge0rG

    So everyone agrees Lync is a horrible mess. But nobody has an XMPP-based drop-in replacement with screen sharing and VoIP

  349. Zash

    Jitsi?

  350. moparisthebest

    doesn't matter, lync screen sharing and voip never works

  351. moparisthebest

    we use webex for that

  352. Ge0rG

    moparisthebest: screen sharing works well here, voip mostly

  353. moparisthebest

    voip on lync has *never* worked for us, we use conference calls or webex

  354. moparisthebest

    screen sharing used to work until about a month ago

  355. moparisthebest

    then they decided to fix the terrible latency by reducing quality to a point where you can't read letters anymore

  356. moparisthebest

    so, now it is also useless

  357. waqas

    Ge0rG: An XMPP replacement wouldn't help. Those who could already jumped over to Slack (I know a few orgs which migrated to Slack from enterprise IM solutions).

  358. waqas

    I think the Lync team has learned that given how their product is sold to enterprise exec teams, usability and quality doesn't actually impact the bottom line.

  359. Ge0rG

    moparisthebest: hm. interesting point. I had bad lags with a coworker today, but I blamed his wifi

  360. moparisthebest

    that seems correct waqas , it's just part of the exchange/outlook package

  361. Ge0rG

    waqas: I don't care about Slack and I'd love to migrate our 20-person business away.

  362. Ge0rG

    waqas: unfortunately, the Outlook / calendar integration is a huge selling point

  363. waqas

    And integration with the MS stack in general, the admin tools, policies, etc

  364. Ge0rG

    Yeah, but I suppose I could convince my coworkers with a better mobile UX if we keep screen sharing and possibly VoIP

  365. waqas

    How's skype for business on mobile? I've only seen it on desktop

  366. Ge0rG

    waqas: it sucks. Pretty bloated app, and you don't get messages to both Desktop and mobile

  367. Ge0rG

    So you have message loss along the way

  368. Ge0rG

    Kind of like xmpp without 0198 and carbons

  369. Maranda

    And crashes on startup sync in the best Skype tradition?

  370. Maranda

    :P

  371. Maranda

    or not?

  372. moparisthebest

    our stuff is hosted on O365 but still only allows connections from the work VPN

  373. moparisthebest

    so it's the worst of both worlds

  374. jjrh

    Kinda surprised enterprises are going slack considering it's like $8 a seat.

  375. jjrh

    I mean $80 a month for 10 users is pretty steep

  376. Zash

    That's probably nothing for an ENTERPRISE

  377. Ge0rG

    Yeah, or they just stick to the free plan somehow

  378. jjrh

    I'm not sure it's a great deal for enterprises who need like 1000 seats.

  379. MattJ

    Any idea how much Lync costs?

  380. Maranda

    jjrh, for 5000 users with M$ Exchange you may arrive to pay like $800k a year

  381. Zash

    Any idea how much the coffee consumed by 1k people costs?

  382. jjrh

    Maranda, yeah but exchange provides a whole lot more than chat.

  383. Maranda

    (that's licensing)

  384. jjrh

    I mean that's still nutty to me but considering email is in many cases more critical than even phones I can see businesses justifying it.

  385. Maranda

    jjrh, hmm not really beside some very nutty cases of course :P

  386. Maranda

    jjrh, and doesn't provide that much, spam wise for example Exchange doesn't support SPF, DMARC or DKIM iirc, only O365/OWA (Hotmail) does.

  387. SamWhited

    protip: enterprises don't care at all how much it costs as long as they can get a demo, good support, and a fixed and predictable price that includes the ability to expand service in the future. $8 per seat is *nothing* compared to the cost of the paycheck of all the people who will have to set it up and deal with it.

  388. Maranda

    SamWhited, not at that level :P, infact you won't see a single ISP (beside Microsoft itself) ever deploying Exchange.

  389. jjrh

    SamWhited, I mean I totally get that and i'm not suggesting enterprises deploy and support their own solution for chat, but it seems like $8 per seat (and their enterprise version is like $12) isn't a great deal when say https://about.mattermost.com/pricing/ has a $3.25 a seat and a 'custom pricing' for when you have a lot of users.

  390. jjrh

    I dunno maybe mattermost sucks never used it

  391. Maranda

    but of course 8*5000 = 40k so it's doable :P

  392. Maranda

    12 per seat as well

  393. SamWhited

    Does mattermost provide them with a person who flies out and does a demo?

  394. SamWhited

    Do they provide SLAs? Really good tech support?

  395. jjrh

    Probably

  396. Maranda

    I wonder how people will do with the recent Slack introductions

  397. SamWhited

    I have no idea, they might, but the price just doesn't matter at all.

  398. Maranda

    in terms of privacy

  399. jjrh

    I'd be curious how much profit slack is actually making. Maybe their pricing is to offset the free offerings and their hosting costs are dirt cheap so they don't really need many customers

  400. SamWhited

    Also, places that used to buy from a previous job I was in did heavy risk analysis: will mattermost go out of business tomorrow and we'll have to switch again? Not likely, but maybe. Will Slack? Probably not.

  401. Maranda

    (Like that a team owner or something has access to all the data, even private message)

  402. SamWhited

    Do you not have that with mattermost? Because that's also a plus for slack in the enterprise space if so

  403. Zash

    compliance logging and such, yeah

  404. SamWhited

    But anyways, point was that price doesn't matter at all. It's probably not even part of their considerations. Stuff like that does.

  405. jjrh

    I'm not sure I would bank on slack staying in business. Chat is fickle, and a logical thing for voip providers to start selling.

  406. jjrh

    I would think that enterprises would be a little nervous about having their chat data hosted in datacenters they don't own. Maybe if you're dropping half a million a year slack will do whatever you want.

  407. SamWhited

    Yah, that part is the tough one. Depending on who you are and what you do, a lot of places really have to have a behind-the-firewall version, which is why HipChat Server makes so much money.

  408. fippo

    cisco also had some fancy stuff about full encryption (including search) for spark. selling point apparently

  409. SamWhited

    oh nifty, I didn't know that; I really wanted to try to build something like that while at HipChat but couldn't convince anyone that it would be a selling point.

  410. fippo

    samwhited: https://www.cisco.com/c/dam/en/us/solutions/collateral/collaboration/cloud-collaboration/cisco-spark-security-white-paper.pdf

  411. SamWhited

    thanks

  412. Ge0rG

    Most BigCorp have adopted the cloud by now so on premise chat servers are only interesting for medical and military services now

  413. jjrh

    They have adopted the cloud but their own cloud

  414. jjrh

    and on premise is more "on our vpn"

  415. Ge0rG

    jjrh: not my experience with multiple big customers

  416. jjrh

    Interesting. I would have thought there would be legal implications depending on where the server is located and a risk that the SAS company could be compelled to give up your data if they run into issues.

  417. SamWhited

    Ge0rG: that's actually what I've found to be true for the most part. At ThreatGRID we couldn't do anything that wasn't a physical on-prem device because we serviced a lot of financial sector people, but at HipChat Server we *only* supported AWS, because basically everyone had their private networks hooked up to Amazon or entirely within Amazon.

  418. Ge0rG

    jjrh: that was my initial guess as well, but if you are an international company, you are susceptible to the laws of whoever wants your data anyway

  419. SamWhited

    So outside of finance and military stuff, everyone seemed to be fine with "private clouds"

  420. Ge0rG

    "private" networks.

  421. SamWhited

    They're private, because if they're not Amazon gets sued for billions of dollars. They have good insentive to make them as private as possible.

  422. Ge0rG

    Yeah, seeing an enterprise with 100k+ employees fully embracing O365 made my head spin.

  423. SamWhited

    0365?

  424. Ge0rG

    Microsoft Office 365, the cloud offering

  425. Zash

    0 or O

  426. SamWhited

    ahh,

  427. SamWhited

    I assumed you did not mean XEP-0365, or RFC 365, neither of which made sense but both of which I thought of in the context of this chat

  428. jjrh

    But isn't the difference here that if you use slack they are running 100% of the show - today they might be on AWS, tomorrow on some other service, but you as a customer really don't have any say regarding that.

  429. Ge0rG

    Zash: fix your font

  430. SamWhited

    heh, they look completely different in my terminal and I still didn't notice that that was an "O"

  431. Ge0rG

    Bummer.

  432. Zash

    ОO0ΟΘ

  433. Ge0rG

    Ω