XSF Discussion - 2018-09-25


  1. jjrh has left

  2. jjrh has left

  3. alacer has left

  4. jjrh has left

  5. UsL has joined

  6. jjrh has left

  7. Maranda has left

  8. Maranda has joined

  9. lumi has joined

  10. Dave Cridland has left

  11. Maranda

    SamWhited, and it's not falling back either on malformed request...

  12. Maranda

    I'll have to blacklist the mechanism

  13. efrit has joined

  14. SamWhited

    Oh yah, it doesn't do that, otherwise it would be a potential DOS

  15. SamWhited

    It only falls back if the feature isn't advertised at all and no successful auth has caused a mechanism to be pinned, IIRC

  16. SamWhited

    *a higher-priority mechanism to be pinned

  17. vanitasvitae has left

  18. Maranda has left

  19. Maranda has joined

  20. Maranda has left

  21. jjrh has left

  22. jjrh has left

  23. jjrh has left

  24. jjrh has left

  25. Maranda has joined

  26. jjrh has left

  27. jjrh has left

  28. Dave Cridland has left

  29. jjrh has left

  30. jjrh has left

  31. peter has left

  32. Maranda has left

  33. Maranda has left

  34. Maranda has left

  35. Maranda has left

  36. jjrh has left

  37. jjrh has left

  38. Maranda has left

  39. Maranda has joined

  40. Maranda has left

  41. Maranda has joined

  42. Maranda has left

  43. Maranda has joined

  44. alexis has joined

  45. Dave Cridland has left

  46. alexis has left

  47. jjrh has left

  48. jjrh has left

  49. peter has joined

  50. Maranda has left

  51. lskdjf has left

  52. l has left

  53. Maranda has joined

  54. alexis has joined

  55. alexis has left

  56. tux has left

  57. tux has joined

  58. jjrh has left

  59. Maranda has left

  60. jjrh has left

  61. l has left

  62. l has joined

  63. Maranda has joined

  64. Maranda has left

  65. Maranda has joined

  66. jjrh has left

  67. jjrh has left

  68. Dave Cridland has left

  69. Maranda has left

  70. jjrh has left

  71. Maranda has joined

  72. Maranda has left

  73. Maranda has joined

  74. Maranda has left

  75. Maranda has joined

  76. Neustradamus has left

  77. Neustradamus has joined

  78. jjrh has left

  79. SamWhited has left

  80. moparisthebest has left

  81. lskdjf has joined

  82. jjrh has left

  83. l has joined

  84. jjrh has left

  85. jjrh has left

  86. j.r has joined

  87. j.r has joined

  88. Dave Cridland has left

  89. alacer has joined

  90. alacer has left

  91. alacer has joined

  92. jjrh has left

  93. jjrh has left

  94. Yagiza has joined

  95. Yagiza has left

  96. labdsf has left

  97. labdsf has joined

  98. Yagiza has left

  99. jjrh has left

  100. jjrh has left

  101. alacer has left

  102. Dave Cridland has left

  103. jjrh has left

  104. Yagiza has left

  105. Yagiza has left

  106. Yagiza has joined

  107. Yagiza has left

  108. jjrh has left

  109. jjrh has left

  110. Dave Cridland has left

  111. alacer has joined

  112. Dave Cridland has left

  113. jjrh has left

  114. jjrh has left

  115. Yagiza has left

  116. alacer has left

  117. alacer has joined

  118. Dave Cridland has left

  119. jjrh has left

  120. jjrh has left

  121. peter has left

  122. jjrh has left

  123. jjrh has left

  124. Yagiza has left

  125. Yagiza has left

  126. Yagiza has joined

  127. labdsf has left

  128. labdsf has joined

  129. jjrh has left

  130. Yagiza has left

  131. Dave Cridland has left

  132. jjrh has left

  133. Yagiza has left

  134. Yagiza has joined

  135. Neustradamus has left

  136. jjrh has left

  137. Yagiza has left

  138. Neustradamus has joined

  139. muppeth has left

  140. Dave Cridland has left

  141. jjrh has left

  142. jjrh has left

  143. Dave Cridland has left

  144. Yagiza has left

  145. Yagiza has left

  146. jjrh has left

  147. jjrh has left

  148. labdsf has left

  149. jjrh has left

  150. jjrh has left

  151. lnj has joined

  152. labdsf has joined

  153. Dave Cridland has left

  154. Andrew Nenakhov has left

  155. Andrew Nenakhov has left

  156. Andrew Nenakhov has joined

  157. moparisthebest has joined

  158. Andrew Nenakhov has left

  159. jjrh has left

  160. Andrew Nenakhov has left

  161. jjrh has left

  162. Andrew Nenakhov has joined

  163. Andrew Nenakhov has left

  164. Andrew Nenakhov has left

  165. Andrew Nenakhov has joined

  166. Andrew Nenakhov has left

  167. Andrew Nenakhov has left

  168. Andrew Nenakhov has joined

  169. Andrew Nenakhov has left

  170. Andrew Nenakhov has left

  171. Andrew Nenakhov has joined

  172. Andrew Nenakhov has left

  173. Andrew Nenakhov has left

  174. Andrew Nenakhov has joined

  175. Andrew Nenakhov has left

  176. Andrew Nenakhov has left

  177. Andrew Nenakhov has joined

  178. labdsf has left

  179. daniel has left

  180. daniel has joined

  181. jjrh has left

  182. jjrh has left

  183. alacer has left

  184. alacer has joined

  185. daniel has left

  186. mimi89999 has left

  187. Andrew Nenakhov has left

  188. Andrew Nenakhov has left

  189. lorddavidiii has joined

  190. Andrew Nenakhov has joined

  191. daniel has joined

  192. andy has joined

  193. jjrh has left

  194. Dave Cridland has left

  195. labdsf has joined

  196. j.r has left

  197. j.r has joined

  198. jjrh has left

  199. alacer has left

  200. alacer has joined

  201. jjrh has left

  202. Andrew Nenakhov has left

  203. jjrh has left

  204. Andrew Nenakhov has joined

  205. labdsf has left

  206. SamWhited has left

  207. jjrh has left

  208. jjrh has left

  209. Andrew Nenakhov has left

  210. Dave Cridland has left

  211. Andrew Nenakhov has left

  212. jjrh has left

  213. jjrh has left

  214. daniel has left

  215. daniel has joined

  216. jjrh has left

  217. Dave Cridland has left

  218. Andrew Nenakhov has left

  219. jjrh has left

  220. jjrh has left

  221. alacer has left

  222. alacer has joined

  223. Dave Cridland has left

  224. Andrew Nenakhov has left

  225. j.r has joined

  226. vinx55 has joined

  227. ralphm has left

  228. Str4tocaster has joined

  229. karp has left

  230. karp has joined

  231. Zash has left

  232. ralphm has joined

  233. daniel has left

  234. daniel has joined

  235. jjrh has left

  236. jjrh has left

  237. jjrh has left

  238. vinx55 has left

  239. Andrew Nenakhov has left

  240. Andrew Nenakhov has joined

  241. Andrew Nenakhov has joined

  242. Str4tocaster has left

  243. vinx55 has joined

  244. Andrew Nenakhov has left

  245. Andrew Nenakhov has joined

  246. jjrh has left

  247. jjrh has left

  248. vinx55 has left

  249. valo has joined

  250. valo has joined

  251. thorsten has joined

  252. Dave Cridland has left

  253. jjrh has left

  254. Zash has left

  255. lorddavidiii has left

  256. karp has left

  257. karp has joined

  258. jjrh has left

  259. jjrh has left

  260. Dave Cridland has left

  261. lorddavidiii has joined

  262. Nekit has joined

  263. Dave Cridland has left

  264. jjrh has left

  265. Dave Cridland has left

  266. jjrh has left

  267. karp has left

  268. karp has joined

  269. Zash has left

  270. Guus has left

  271. Zash has joined

  272. Guus has joined

  273. Andrew Nenakhov has left

  274. flow has joined

  275. Andrew Nenakhov has joined

  276. lnj has left

  277. jjrh has left

  278. lnj has joined

  279. jjrh has left

  280. j.r has joined

  281. goffi has joined

  282. jjrh has left

  283. Dave Cridland has left

  284. Str4tocaster has joined

  285. Dave Cridland has left

  286. Str4tocaster has left

  287. Str4tocaster has joined

  288. Dave Cridland has left

  289. jjrh has left

  290. jjrh has left

  291. edhelas

    was there some discussions regarding the GDPR and the usage of transports with XMPP ?

  292. Seve/SouL has joined

  293. Dave Cridland has left

  294. Str4tocaster has left

  295. Dave Cridland has left

  296. Dave Cridland has joined

  297. 404.city has joined

  298. jjrh has left

  299. Dave Cridland has left

  300. Kev has joined

  301. Dave Cridland has joined

  302. Kev has left

  303. jjrh has left

  304. Neustradamus has left

  305. Dave Cridland has left

  306. Neustradamus has joined

  307. Dave Cridland has joined

  308. j.r has joined

  309. flow has left

  310. flow has joined

  311. Andrew Nenakhov has left

  312. Andrew Nenakhov has joined

  313. jjrh has left

  314. Andrew Nenakhov has joined

  315. Andrew Nenakhov has left

  316. Andrew Nenakhov has joined

  317. Andrew Nenakhov has left

  318. Andrew Nenakhov has joined

  319. Andrew Nenakhov has joined

  320. Andrew Nenakhov has left

  321. Andrew Nenakhov has joined

  322. flow has left

  323. jjrh has left

  324. jjrh has left

  325. UsL has joined

  326. mrdoctorwho has left

  327. Dave Cridland has left

  328. waqas has left

  329. jjrh has left

  330. jjrh has left

  331. jjrh has left

  332. karp has left

  333. jjrh has left

  334. winfried has joined

  335. jjrh has left

  336. Dave Cridland has left

  337. l has joined

  338. jjrh has left

  339. jjrh has left

  340. winfried has joined

  341. Dave Cridland has left

  342. Guus has left

  343. Dave Cridland has left

  344. winfried has joined

  345. jjrh has left

  346. jjrh has left

  347. Steve Kille has left

  348. Steve Kille has left

  349. Guus has joined

  350. Nekit has left

  351. Nekit has joined

  352. j.r has joined

  353. Dave Cridland has left

  354. lnj has left

  355. jjrh has left

  356. edhelas

    > and Mojave completes the transition by pulling out Jabber support

  357. Andrew Nenakhov has joined

  358. Zash

    Who

  359. vanitasvitae has left

  360. vanitasvitae has left

  361. jjrh has left

  362. jjrh has left

  363. edhelas

    macOS Mojave, the state of XMPP in iMessage was already bad, now it's gone

  364. jjrh has left

  365. edhelas

    so leave us with not much actually

  366. edhelas

    Dino doesn't has a stable built yet for macOS, Adium is based on libpurple, there's maybe Swift

  367. edhelas

    and Movim but it's an Electron client :p

  368. jonas’

    gajim?

  369. mrdoctorwho has joined

  370. edhelas

    yes indeed

  371. Andrew Nenakhov has left

  372. jjrh has left

  373. Andrew Nenakhov has left

  374. jjrh has left

  375. mrdoctorwho has left

  376. jjrh has left

  377. jjrh has left

  378. derdaniel has left

  379. derdaniel has joined

  380. efrit has left

  381. jjrh has left

  382. jjrh has left

  383. Zash has left

  384. equil has left

  385. Zash

    Monal?

  386. jjrh has left

  387. Neustradamus has left

  388. Str4tocaster has joined

  389. Zash has left

  390. Str4tocaster has left

  391. Str4tocaster has joined

  392. Neustradamus has joined

  393. jjrh has left

  394. moparisthebest has left

  395. jjrh has left

  396. flow has joined

  397. Dave Cridland has left

  398. jjrh has left

  399. Andrew Nenakhov has left

  400. jjrh has left

  401. Andrew Nenakhov has joined

  402. lskdjf has joined

  403. goffi

    Cagou (SàT) is working on Mac OS, but need people to test it (I have no Mac myself)

  404. Andrew Nenakhov has joined

  405. Dave Cridland has left

  406. jjrh has left

  407. lnj has left

  408. Dave Cridland has left

  409. Str4tocaster has left

  410. mrdoctorwho has joined

  411. Dave Cridland has left

  412. Dave Cridland has left

  413. Andrew Nenakhov has left

  414. Andrew Nenakhov has joined

  415. Dave Cridland has left

  416. Dave Cridland has left

  417. jjrh has left

  418. ThibG has left

  419. ThibG has joined

  420. Andrew Nenakhov has left

  421. Andrew Nenakhov has joined

  422. Zash has left

  423. lnj has joined

  424. jjrh has left

  425. muppeth has joined

  426. labdsf has joined

  427. Zash has left

  428. Seve/SouL has left

  429. jjrh has left

  430. Andrew Nenakhov has left

  431. Andrew Nenakhov has joined

  432. jjrh has left

  433. jjrh has left

  434. Nekit has left

  435. Dave Cridland has left

  436. Nekit has joined

  437. labdsf has left

  438. alacer has left

  439. alacer has joined

  440. Dave Cridland has left

  441. Dave Cridland has left

  442. Dave Cridland has left

  443. labdsf has joined

  444. Andrew Nenakhov has left

  445. jjrh has left

  446. jjrh has left

  447. alacer has left

  448. Andrew Nenakhov has joined

  449. j.r has joined

  450. jjrh has left

  451. labdsf has left

  452. jjrh has left

  453. labdsf has joined

  454. l has left

  455. jjrh has left

  456. jjrh has left

  457. Kev has joined

  458. Kev has left

  459. equil has left

  460. equil has left

  461. equil has left

  462. ThibG has joined

  463. ThibG has joined

  464. j.r has joined

  465. jjrh has left

  466. jjrh has left

  467. andy has left

  468. Zash has left

  469. jjrh has left

  470. Dave Cridland has left

  471. peter has joined

  472. Dave Cridland has left

  473. Str4tocaster has joined

  474. peter has left

  475. Nekit has left

  476. Nekit has joined

  477. daniel has left

  478. daniel has joined

  479. Str4tocaster has left

  480. labdsf has left

  481. labdsf has joined

  482. jjrh has left

  483. jjrh has left

  484. Alex has joined

  485. j.r has joined

  486. alacer has joined

  487. Nekit has left

  488. alacer has left

  489. alacer has joined

  490. jere has joined

  491. jjrh has left

  492. jjrh has left

  493. Nekit has joined

  494. Alex has left

  495. Tobias has joined

  496. Tobias has joined

  497. winfried has left

  498. Zash has left

  499. Steve Kille has joined

  500. jjrh has left

  501. jjrh has left

  502. j.r has joined

  503. Holger has left

  504. j.r has joined

  505. winfried has joined

  506. valo has left

  507. valo has joined

  508. jjrh has left

  509. jjrh has left

  510. labdsf has left

  511. Guus has joined

  512. Guus has joined

  513. j.r has left

  514. j.r has joined

  515. jjrh has left

  516. j.r has left

  517. j.r has joined

  518. jjrh has left

  519. moparisthebest has left

  520. !xsf_martin has left

  521. alacer has left

  522. alacer has joined

  523. dos

    there's Monal, but it still feels somewhat beta, especially regarding MUCs

  524. Ge0rG

    And it's absent from the EU.

  525. dos

    I've tried it when looking for a client for gf, but eventually opted to fixing movim's electron client, it really felt like the best xmpp chat option on macOS :P

  526. dos

    I'm in Poland and I downloaded it from the app store... month ago?

  527. dos

    but it might be absent on iOS

  528. Zash

    GDPR FUD ey?

  529. dos

    well, yeah, when I read the blog post on Monal site I facepalmed pretty hard xd

  530. ThibG has joined

  531. peter has joined

  532. dos

    it would be way more understandable for Movim to have such concerns, but Monal?

  533. jjrh has left

  534. dos

    I mean... unless there's something in Monal we don't know about ( ͡° ͜ʖ ͡°)

  535. alacer has left

  536. edhelas

    Maybe for Movim as well ( ͡° ͜ʖ ͡°)

  537. peter has left

  538. dos has left

  539. moparisthebest

    Speaking as a service operator who has 'banned EU residents' we don't really care if you use it, just don't want to be bothered with GDPR crap

  540. Link Mauve

    Because it’s so hard to just not sell our data, and to allow us to retrieve or delete it.

  541. dos has joined

  542. moparisthebest

    Will I can lie to your face and swear I've audited everything and I'm compliant

  543. moparisthebest

    Or just not bother

  544. moparisthebest

    I'm probably compliant, just don't care

  545. jjrh has left

  546. jjrh has left

  547. j.r has left

  548. j.r has joined

  549. j.r has left

  550. j.r has joined

  551. j.r has joined

  552. j.r has joined

  553. j.r has left

  554. j.r has joined

  555. Andrew Nenakhov has left

  556. ThibG has joined

  557. ThibG has joined

  558. j.r has left

  559. j.r has joined

  560. jjrh has left

  561. labdsf has joined

  562. Maranda

    Too bad that GDPR protects nothing basically, and causes only annoyances to operators and ultimately users. One of those proper "EU style" things.

  563. Andrew Nenakhov has left

  564. Andrew Nenakhov has left

  565. Andrew Nenakhov has joined

  566. Maranda

    Like the latest filter shit they came out with, that's just brilliant.

  567. Andrew Nenakhov has joined

  568. Andrew Nenakhov has joined

  569. Andrew Nenakhov has left

  570. lumi has joined

  571. Andrew Nenakhov has joined

  572. jjrh has left

  573. jjrh has left

  574. moparisthebest

    yep Maranda basically that

  575. moparisthebest

    GDPR compliance costs google and facebook nothing, they already have a million engineers, customer service, and lawyers

  576. Dave Cridland has left

  577. moparisthebest

    meanwhile now I have to know journald's default retention period, make sure it doesn't change with updates, document it somewhere public, hire an EU rep, then have a lawyer check over everything and declare if I'm GDPR compliant or not?

  578. SamWhited has left

  579. SamWhited has joined

  580. moparisthebest

    or... I can just tell EU residents to buzz off and not think about it. :D

  581. Maranda

    And they can pay the fines anyways or refuse to, and eventually just bury EU under tons of stamped paper.

  582. Zash

    It got kinda tiresome to read that kind of thing in May.

  583. jjrh has left

  584. Maranda

    🤣

  585. Ge0rG

    especially as most of it is wrong.

  586. Zash

    As I said before, > GDPR FUD ey?

  587. moparisthebest

    Ge0rG, allow me to simplify, if not required by law, is it easier to care about it or not care about it? :)

  588. Ge0rG

    moparisthebest: if you want to use my data, you better know where it's stored

  589. jjrh has left

  590. moparisthebest

    Ge0rG, so you know the retention period of every log on every server, and go line by line over all code changes every update to make sure it doesn't change?

  591. moparisthebest

    cause, that sounds like a lot of work compared to 'not caring'

  592. Yagiza has left

  593. dos

    GDPR doesn't care about your "every log"

  594. Ge0rG

    moparisthebest: in the strictest sense I've seen so far, you need to ensure that if you roll back a backup, all accounts deleted since that backup will be deleted after the rollback

  595. jjrh has left

  596. moparisthebest

    and that means what for IRC

  597. moparisthebest

    also, by definition, if my server explodes and I have to restore from backup, how would I ever know which accounts had been deleted in between date-of-last-backup and server-explosion

  598. moparisthebest

    that's an insane requirement

  599. Ge0rG

    moparisthebest: since when does an IRC server store *anything*?

  600. moparisthebest

    services and logs

  601. Ge0rG

    moparisthebest: I'm not sure if you are attempting to be ignorant or arrogant here. I'm sure you haven't missed first my and then the XSF announcement of an XMPP server data privacy template. You could have just copied the relevant section about logging from there.

  602. lumi has joined

  603. moparisthebest

    seriously though, with any type of service, if you are restoring from backup you presumably don't have any data from before that backup right?

  604. moparisthebest

    such as, what accounts were deleted

  605. Ge0rG

    Sorry, I have some real work to be done. If you need further assistance, I can ask my emplyer for a consulting offer :P

  606. moparisthebest

    thanks for confirming what I said about google/facebook being able to afford GDPR compliance and normal people not being able to

  607. SamWhited

    As far as I can tell the GDPR is mostly perfectly reasonable requirements, unlike most of the tech laws that come out of europe. If you can't afford compliance, you're probably either misunderstanding and aren't covered by it or shouldn't be operating a service that stores other peoples private data.

  608. Ge0rG

    moparisthebest: the good thing is that normal people will not be held to the same standards as Google.

  609. moparisthebest

    good thing is people outside the insanity that is EU won't be held to those insane standards at all

  610. Zash

    Yeah the requirements and therefore costs seemed to scale with size well enough

  611. SamWhited

    What's insane about requiring that you disclose who you're sharing user data with and making it easy for them to ask you to purge it? That seems perfectly reasonable.

  612. Ge0rG

    moparisthebest: oh, right. It's much better to live in a country where your ISP is free to datamine you, sell your location data to the highest bidder, to slow down your video streaming and to inject ads into your traffic.

  613. moparisthebest

    all networks are to be treated as an attacker, that's what encryption/authentication is for

  614. moparisthebest

    not 'please don't look at my data sir'

  615. SamWhited

    So encrypt your data? The law heavily encourages that because you're more responsible for losing your users data

  616. Ge0rG

    moparisthebest: oh, great. Now tell me about that magic protocol that will protect my traffic from all analysis, even from traffic pattern recognition

  617. Ge0rG

    and don't say "use VPN" because the VPN provider is obviously subject to the same (lack of) laws

  618. moparisthebest

    are ISPs doing that now, I thought only govts that aren't affected by these laws did that anyhow

  619. moparisthebest

    doesn't seem like there would be a lot of money in it

  620. Andrew Nenakhov has joined

  621. Ge0rG

    moparisthebest: https://eu.usatoday.com/story/tech/news/2017/04/04/isps-can-now-collect-and-sell-your-data-what-know-internet-privacy/100015356/

  622. SamWhited

    None of this has anything to do with the law other than that it encourages is by making you more responsible though. I'm not even sure what the encryption thing was about, are you suggesting the law should have been *more* specific and required it?

  623. Andrew Nenakhov has joined

  624. Ge0rG

    SamWhited: I think moparisthebest was speaking of encryption as a means for users to protect themselves from data collection

  625. SamWhited

    Ge0rG: which is fine, I just don't see what that has to do with this argument unless it's just a strawman

  626. moparisthebest

    SamWhited, I'm suggesting laws are useless with regard to internet privacy, and that encryption is the only option

  627. SamWhited

    If nothing else tons of companies have now put "Delete account" buttons on their product, which sounds great. That's not useless.

  628. Andrew Nenakhov has joined

  629. SamWhited

    They also are making lists of all the people that they're selling or otherwise sharing my data with, which has been very nice.

  630. Andrew Nenakhov has left

  631. Link Mauve

    moparisthebest, now please tell me how to encrypt my Facebook friends in a way to prevent Facebook from knowing them.

  632. Andrew Nenakhov has joined

  633. SamWhited

    So it doens't appear that laws related to the internet are useless, quite the contrary, it's been fantastic.

  634. Link Mauve

    And from selling this graph to some other companies.

  635. Andrew Nenakhov has left

  636. Ge0rG

    SamWhited: nice but illegal. Almost none of the big data-selling news outlets actually honor the opt-in requirement

  637. Ge0rG

    SamWhited: and most just say "if you don't want our tracking, delete your cookies"

  638. SamWhited

    Ge0rG: so your argument is that some people won't follow laws, so we shouldn't have any?

  639. Ge0rG

    SamWhited: not at all. As a user, I love the GDPR

  640. Link Mauve

    Ge0rG, now let’s wait until enough of their users sue them.

  641. Link Mauve

    Now that the EU introduced class actions too.

  642. Zash

    What if we have both laws and tech to back them up?

  643. moparisthebest

    Link Mauve, easy, if you don't give them the data, they don't have it

  644. Ge0rG

    moparisthebest: you can't not give your data to a web site you are visiting

  645. SamWhited

    Anyways, I'm a big fan. It gets me frustrated when people dismiss it as another link tax sort of law that doesn't make sense, having implemented it at two companies where it *definitely* made the users data safer

  646. Link Mauve

    moparisthebest, I can also throw away my computer and start growing potatoes, but that’s not something most people will want to do.

  647. Link Mauve

    Also, I am able to understand the implications of giving my data to Facebook, while most people aren’t.

  648. SamWhited

    Yah, if you have superpowers and can convince everyone to get off facebook, great, do that. In the mean time, since they're already on it, we need some sort of law that requires that Facebook plays nicely when they leave and cleans up their data.

  649. Ge0rG

    except that facebook isn't following the law, so we'll see some major fines in the next five to twenty years.

  650. moparisthebest

    so what's your opinion of latest EU laws? the actual link tax, and forced filtering of all uploaded content?

  651. moparisthebest

    are those good like GDPR too or is that over the line?

  652. moparisthebest

    I haven't seen the prosody or ejabberd modules to scan all stanzas for copyright violations that will be required either so

  653. Ge0rG

    moparisthebest: those are utter junk, pushed forward by big media lobbying

  654. SamWhited

    Those don't make any sense and are garbage because they're pretty much impossible to follow. The GDPR just lists basic data protections you should have been doing anyways

  655. SamWhited

    But I also haven't helped implement those anywhere, so I don't really know who has to follow them or what the specific details are.

  656. Dave Cridland has left

  657. moparisthebest

    I agree the general basis of the GDPR is good general data practice to follow, I think it's both unenforceable in general and onerous to small operators though, and shouldn't really be a law, meh

  658. SamWhited

    God I wish we had something similar here; I'm sure it's not perfect, but I'm pretty okay with it being onerous if those small operators weren't bothering to protect my data before

  659. Ge0rG

    moparisthebest: it wouldn't have become a law if everybody was respecting users' privacy from day 1

  660. SamWhited

    As for unenforceable, I have no idea. We'll see if fines start rolling out or not I guess. But even if it's unenforceable, it's made two companies I've worked for improve their practices, so it seems to be doing good either way.

  661. Ge0rG

    and I'm sure it will be enforced.

  662. Ge0rG

    It just takes time. Significant time. Have a look at the timeframe of the Google Android antitrust case.

  663. SamWhited

    yah, I don't see why it wouldn't be, it seems straight forward enough… we may not have similar laws in the U.S., but people complain to the FCC about Google and then Google gets fined all the time. This seems to be the same just with more teeth.

  664. Holger has left

  665. j.r has joined

  666. SamWhited

    (or whomever, Google's just a good stand in for "large company doing things they probably shouldn't be")

  667. Ge0rG

    Heh

  668. lskdjf has left

  669. lskdjf has joined

  670. Andrew Nenakhov has left

  671. j.r has left

  672. Andrew Nenakhov has left

  673. j.r has joined

  674. Andrew Nenakhov has joined

  675. Andrew Nenakhov has left

  676. Andrew Nenakhov has joined

  677. j.r has left

  678. j.r has joined

  679. Maranda has joined

  680. karp has left

  681. Andrew Nenakhov has left

  682. Andrew Nenakhov has joined

  683. Andrew Nenakhov has joined

  684. edhelas

    ok let's move the discussion there Link Mauve

  685. edhelas

    regarding https://xmpp.org/extensions/inbox/muc-avatars.html

  686. edhelas

    what is the current supports of the code 104 in XMPP clients ?

  687. peter has joined

  688. Yagiza has left

  689. Nekit has left

  690. waqas has joined

  691. lorddavidiii has left

  692. lorddavidiii has joined

  693. Yagiza has left

  694. ThibG has joined

  695. ThibG has joined

  696. Zash has left

  697. Andrew Nenakhov has left

  698. Andrew Nenakhov has joined

  699. Andrew Nenakhov has left

  700. Andrew Nenakhov has joined

  701. lovetox has joined

  702. Andrew Nenakhov has left

  703. Andrew Nenakhov has joined

  704. Andrew Nenakhov has left

  705. Andrew Nenakhov has left

  706. Andrew Nenakhov has joined

  707. Andrew Nenakhov has left

  708. alacer has joined

  709. Yagiza has left

  710. j.r has left

  711. j.r has joined

  712. ta has joined

  713. edhelas

    I'm currently having some though on that XEP and I'd like to propose some changes to generalize it

  714. ThibG has joined

  715. edhelas

    the core idea of this XEP is to expose the vcard hash in the bare MUC JID disco#info and notify it using a message 104

  716. edhelas

    I'd like to propose to do that for also disco#info of Pubsub nodes and all JIDs (including users ones)

  717. edhelas

    the notification will then be done using a message for MUC, presence or message for users and pubsub message for Pubsub nodes

  718. edhelas

    then we basically cover all the cases using the same core mechanism

  719. alacer has left

  720. SamWhited has left

  721. tux has left

  722. Kev has joined

  723. Kev has left

  724. Andrew Nenakhov has left

  725. l has joined

  726. l has joined

  727. marc has joined

  728. ta has joined

  729. SamWhited has left

  730. jjrh has left

  731. jjrh has left

  732. ta has left

  733. valo has left

  734. valo has joined

  735. labdsf has left

  736. labdsf has joined

  737. labdsf has left

  738. labdsf has joined

  739. SamWhited has left

  740. Maranda has left

  741. Maranda has joined

  742. jonas’ has left

  743. jonas’ has left

  744. SamWhited has left

  745. jonas’ has left

  746. jonas’ has joined

  747. jonas’ has left

  748. jonas’ has joined

  749. Ge0rG has joined

  750. ta has joined

  751. lskdjf has left

  752. lskdjf has joined

  753. jjrh has left

  754. jjrh has left

  755. marc has left

  756. alacer has joined

  757. Dave Cridland has left

  758. Dave Cridland has left

  759. marc has joined

  760. Maranda

    SamWhited, if eventually you wanna have some fun ™️ https://conference.gajim.org:5281/pastebin/cd179f64-2dff-4968-9b36-c45b874b48fa

  761. Maranda

    :D

  762. dwd has joined

  763. SamWhited

    My SCRAM implementation can take any generic hash algorithm, so they're already implemented. On the other hand, those aren't actually defined anywhere and haven't been vetted, so probably not a good idea to use them :)

  764. dwd has left

  765. jonas’

    which are not?

  766. SamWhited

    Anything other than SHA1 and SHA256, to my knowledge

  767. jonas’

    right

  768. jonas’

    although, I think SCRAM doesn’t care *too* much about the hash, as long as the hash is reversible; i.e. it should be as safe as any as long as the hash used is safe

  769. jonas’

    (that’s a property of PBKDF2 even)

  770. Dave Cridland has left

  771. SamWhited

    Yah, it should be safe, but probably best not to use random hash algorithms that aren't defined anywhere for no reason; SHA-1 and SHA-256 are both fine.

  772. dwd has joined

  773. dwd has left

  774. jonas’

    hmmm

  775. SamWhited

    Kafka supports SCRAM-SHA-512 for some reason, so I guess you could use it with that

  776. Dave Cridland has left

  777. dwd has joined

  778. Yagiza has left

  779. jonas’

    Maranda, if you just want to poke at your implementation, aioxmpp should support all of those (if your build of python has them).

  780. jonas’

    you’d have to play some tricks to force it to use a specific one of them though)

  781. j.r has joined

  782. SamWhited

    ugg, does aiosasl support all these too? That makes me sad

  783. Maranda

    👍

  784. jonas’

    SamWhited, I don’t see a convincing argument for *not* allowing other variants of the SHA-2 family if one variant of the SHA-2 family is specified

  785. SamWhited

    Where security is concerned, just randomly changing things because it has a bigger number or whatever probably isn't a good idea. I can't imagine how this would go wrong, but for compatibility if nothing else it makes me sad that people are implementing them and other people consuming the library who don't know any better will think it's osmething to use

  786. dwd has left

  787. SamWhited

    I don't see a convincing argument to implement them, and as far as I'm concerned the burden of proof should be on that side of things whenver auth is concerned.

  788. jonas’

    to be honest, I somewhat assumed that they were specified due to the wildcard in the IANA registry

  789. j.r has joined

  790. SamWhited

    Oh, interesting; I could be wrong. I didn't see an RFC though, does the IANA registry link to a document?

  791. jonas’

    yes, to the one for SCRAM-SHA-256

  792. jonas’

    https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml

  793. jonas’

    I guess technically this is just a reservation of the SCRAM- prefix

  794. SamWhited

    Oh, yah, that's just a reservation for the entire familyl

  795. jonas’

    Note to future SCRAM-mechanism designers: each new SASL SCRAM mechanism MUST be explicitly registered with IANA within the SASL SCRAM Family Mechanisms registry.

  796. jonas’

    yeah

  797. jonas’

    that’s pretty explicit

  798. jonas’

    also a very convincing argument to remove support

  799. jonas’

    SamWhited, there you go https://github.com/horazont/aiosasl/issues/6

  800. jonas’

    the "minimum iteration count" parameter of the registry is interesting, too

  801. Yagiza has left

  802. SamWhited

    ♡ thanks; between security concerns and standardization concerns this makes me very happy.

  803. Dave Cridland has left

  804. Yagiza has left

  805. dwd has joined

  806. Maranda

    hm, interesting, well the implementation in Metronome is SHA digesting algorithm agnostic as well so it doesn't matter.

  807. SamWhited

    It matters in the sense that this is auth which is extremely important and security sensitive. In crypto, tiny insubstantial changes can often have a big impact that we don't forsee; it's not exactly intuitive. I doubt this is a problem, but it doesn't help to add more algorithms for no reason and it *possibly* hurts. Might as well just leave it to the experts and not make up your own crypto.

  808. SamWhited has huge pet peeve about this sort of thing

  809. jonas’

    me too, normally, but I hadn’t seen this as "making up new crypto" to be honest

  810. SamWhited

    Well, "changing existing crypto", then. I agree, I can't imagine this possibly causes any problems, but it's also not necessary so why take the risk?

  811. jonas’

    yeah

  812. Maranda

    SamWhited, I didn't mean that way :P

  813. SamWhited

    Heh, cool; sorry I'm being grumpy about it.

  814. jonas’

    ’tis fine

  815. SamWhited

    This is just the kind of thing where I expect the longer hash will cause some buffer operation to behave slightly differently on some architecture and then suddenly you have a side channel, or something.

  816. Maranda

    I didn't know they weren't defined either, blame google for returning result on SCRAM-SHA-384 and SCRAM-SHA-512

  817. SamWhited

    (well, I don't "expect" it, but I could see it happening)

  818. Maranda

    I didn't know they weren't defined either, blame google for returning results on SCRAM-SHA-384 and SCRAM-SHA-512

  819. jonas’

    that doesn’t make sense to me, actually

  820. jonas’

    that would be a fundamental problem of pbkdf2 then

  821. jonas’

    which I think we would know about

  822. jonas’

    (we = the cryptography community, thus warning louder against it and deprecating pbkdf2 for that reason)

  823. SamWhited

    I was just making up a random example, I agree it's not likely

  824. jonas’

    sure

  825. Guus has left

  826. Guus has joined

  827. Yagiza has left

  828. MattJ has left

  829. Guus has left

  830. Guus has joined

  831. Yagiza has left

  832. ThibG has left

  833. ThibG has joined

  834. dwd has left

  835. dwd has left

  836. Yagiza has left

  837. Dave Cridland has left

  838. dwd has left

  839. dwd has joined

  840. Maranda has joined

  841. dwd has left

  842. l has joined

  843. lskdjf has joined

  844. !xsf_martin has joined

  845. j.r has left

  846. j.r has joined

  847. ThibG has left

  848. ThibG has joined

  849. marc has left

  850. Yagiza has left

  851. mimi89999 has joined

  852. Yagiza has left

  853. 404.city has left

  854. UsL has joined

  855. dwd has joined

  856. dwd has left

  857. Guus has left

  858. Guus has joined

  859. labdsf has left

  860. labdsf has joined

  861. SamWhited has left

  862. marc has left

  863. Dave Cridland has left

  864. dwd has left

  865. Dave Cridland has left

  866. dwd has left

  867. dwd has left

  868. lskdjf has joined

  869. Neustradamus has left

  870. Neustradamus has joined

  871. dwd has left

  872. alacer has left

  873. Dave Cridland has left

  874. dwd has left

  875. Yagiza has left

  876. dwd has joined

  877. thorsten has joined

  878. thorsten has left

  879. thorsten has joined

  880. Guus has left

  881. Guus has joined

  882. lnj has left

  883. Yagiza has left

  884. Dave Cridland has left

  885. Dave Cridland has left

  886. dwd has left

  887. tux has left

  888. dwd has left

  889. dwd has left

  890. ta has left

  891. j.r has left

  892. lnj has left

  893. j.r has joined

  894. dwd has joined

  895. dwd has left

  896. Dave Cridland has left

  897. Dave Cridland has left

  898. dwd has joined

  899. dwd has left

  900. Dave Cridland has left

  901. dwd has joined

  902. dwd has left

  903. Seve/SouL has left

  904. daniel has left

  905. dwd has left

  906. dwd has left

  907. lskdjf has left

  908. dwd has joined

  909. vanitasvitae has left

  910. dwd has left

  911. goffi has left

  912. ThibG has left

  913. ThibG has joined

  914. !xsf_martin has left

  915. Andrew Nenakhov has left

  916. Andrew Nenakhov has joined

  917. Andrew Nenakhov has left

  918. Andrew Nenakhov has joined

  919. lovetox has left

  920. ThibG has left

  921. ThibG has joined

  922. lovetox has joined

  923. j.r has joined

  924. daniel has left

  925. daniel has joined

  926. lovetox has left

  927. SamWhited has left

  928. lovetox has joined

  929. j.r has joined

  930. Tobias has left

  931. Tobias has joined

  932. lskdjf has joined

  933. moparisthebest has joined

  934. Dave Cridland has left

  935. js has joined

  936. j.r has joined

  937. Dave Cridland has left

  938. j.r has joined

  939. lorddavidiii has left

  940. dwd has joined

  941. Dave Cridland has left

  942. dwd has left

  943. Andrew Nenakhov has left

  944. Andrew Nenakhov has joined

  945. Andrew Nenakhov has left

  946. Andrew Nenakhov has joined

  947. Andrew Nenakhov has left

  948. Dave Cridland has left

  949. marc has left

  950. dwd has joined

  951. Dave Cridland has left

  952. dwd has left

  953. j.r has joined

  954. j.r has joined

  955. dwd has left

  956. Dave Cridland has left

  957. Dave Cridland has left

  958. dwd has left

  959. dwd has joined

  960. dwd has left

  961. thorsten has joined

  962. Dave Cridland has left

  963. Dave Cridland has left

  964. Dave Cridland has left

  965. Dave Cridland has left

  966. Dave Cridland has left

  967. lovetox has left

  968. Dave Cridland has left

  969. Dave Cridland has left

  970. Dave Cridland has left

  971. Dave Cridland has left

  972. thorsten has joined

  973. Dave Cridland has left

  974. Dave Cridland has left

  975. j.r has joined

  976. Dave Cridland has left

  977. j.r has joined

  978. jjrh has left

  979. dwd has joined

  980. dwd has left

  981. 404.city has joined

  982. Dave Cridland has left

  983. jjrh has left

  984. 404.city has left

  985. Dave Cridland has left

  986. Dave Cridland has left

  987. j.r has joined

  988. j.r has left

  989. j.r has joined

  990. Dave Cridland has left

  991. Dave Cridland has left

  992. Dave Cridland has left

  993. Dave Cridland has left

  994. jjrh has left

  995. j.r has joined

  996. dwd has joined

  997. MattJ has joined

  998. jjrh has left

  999. dwd has left

  1000. vanitasvitae has left

  1001. efrit has joined

  1002. vanitasvitae has joined

  1003. vanitasvitae has left

  1004. Maranda has left

  1005. Maranda has left

  1006. Maranda has left

  1007. vanitasvitae has joined

  1008. js has left

  1009. jjrh has left

  1010. Dave Cridland has left

  1011. valo has joined

  1012. Dave Cridland has left

  1013. Dave Cridland has left

  1014. thorsten has left

  1015. thorsten has joined

  1016. Dave Cridland has left

  1017. dwd has joined

  1018. Dave Cridland has left

  1019. dwd has left

  1020. jjrh has left

  1021. jjrh has left

  1022. Dave Cridland has left

  1023. Dave Cridland has left

  1024. dwd has joined

  1025. dwd has left

  1026. dwd has joined

  1027. SamWhited has left

  1028. UsL has left

  1029. UsL has joined

  1030. jjrh has left

  1031. Dave Cridland has left

  1032. dwd has left

  1033. dwd has joined

  1034. dwd has left

  1035. efrit has left

  1036. jjrh has left

  1037. peter has left

  1038. jjrh has left

  1039. jjrh has left

  1040. peter has joined

  1041. Maranda has left

  1042. peter has left