ralphmI think the primary things are Elections and ED
ralphmSo let's start with those.
ralphmI am happy to see voting has started.
ralphm6 candidates for Board and 5 for Council
ralphmSo with that well on the way, and the general meeting on Nov 22, there will be at most two more meetings with the current Board.
GuusCurious: assuming that Council will consist of 5 people again: why vote on exactly 5 candidates?
ralphmGuus: because if the Members really don't want a certain candidate they could vote them out.
GuusWhat's needed to vote someone out?
ralphmHmm, that's a good point.
GuusI'm happy to have a vote, but I'm just curious what the point is 🙂
nycoswitching to Condorcet method?
ZashIn theory you could have done a single "Accept these 5 as council?" vote, but that gets messy with bot voting if it falls.
ralphmWell, in membership elections we have yes/no for each candidate
ralphmI don't recall why we use this other method for Council / Board
nycodo we have to improve? what would we be fixing?
ZashLack of an election committe that puts forward a coherent proposal?
ralphmI think previous elections we always had 6 or more candidates
GuusAssuming that council will have the exact same amount of seats as the number of candidates, a vote is nothing more than a popularity contest. We _might_ want to avoid that.
Guusbut I'm totally OK with just doing the dance, and be done with it.
nycoeven with more candidates than seats, it is a popularitt contest
ralphmSection 3.13 Voting Procedure for Election of Board and Council. Election of individuals to serve on the Board of Directors and on the XMPP Council shall proceed as follows. First, the number of individuals to serve on each body shall be limited beforehand by the Members as specified in Section 4.4 and Section 8.1 of these Bylaws for the Board and Council, respectively. Second, the Members shall vote on the candidates standing for election in accordance with Section 3.9 of these Bylaws. Third, the individuals elected shall be those receiving the highest percentage of votes cast, up to the limit set by the Members and with the proviso that no individual receiving less than a majority of votes cast shall be elected. Fourth, in the case of a tie for the final remaining position, the final individual shall be chosen in accordance with the procedures defined in “RFC 3797: Publicly Verifiable Nominations Committee (NomCom) Random Selection” published by the Internet Engineering Task Force.
ralphmSo yes, if there more than half of the voters abstain for a particular candidate, they don't get in
Guusok, good enough for me
Guusthanks for checking
ralphmMoving on then.
ralphm2. Executive Director
ralphmWe still haven't had a meeting, I think.
Guusnothing moved on that subject, afaik
ralphmGuus: should we send an e-mail to Peter to find a slot?
GuusDutch police recently announced that they were able to read end-to-end encrypted chats between criminals, on a dedicated network. They announced this, as police started to show up so often, that criminals started to make plans to assassinate 'snitches'
Guusfrom screenshots of the app that they use, it can be deduced that XMPP was used.
Guusthe e2e technology was OTR
Guusyeah, that's it
Guusdunno, I got this from news clippings only
Guushttps://arstechnica.com/information-technology/2018/11/police-decrypt-258000-messages-after-breaking-pricey-ironchat-crypto-app/ <-- first non-Dutch google hit (I have not read it)
nycois this a real screenshot of the real app? or just a journalist taking a picture he likes?
nyconot board's duty, but I demand a technical/ethical debate
GuusThe ironchat screenshots lists messages in Dutch that clearly are example / demo texts.
Guusnyco, did the XSF ever standardize OTR-usage in the first place? I can find only one XEP, which is deferred: XEP-0364
ZashIsn't half the point of OTR that it works regardless of transport?
nycowe should use double-rot13 algo
GuusZash, I'm just trying to make the point that maybe there's nothing for us, the XSF, to obsolete, even if we wanted to.
GuusI'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
nycoso any entity other than XSF should issue something? (oh gosh I am so clear and precise)
ZashThe XSF could issue an Informational XEP saying "OTR is bad and you should feel bad"
GuusI'm not knowledgeable enough to tell if OTR is actually that bad.
GuusI do think it's a bad idea to start writing XEPs on what not to do.
GuusXEP-0999: "Don't do drugs"
nycowhat would be XEP-0666 ?
ZashXEP-0666 Selling your soul over XMPP
daniel> I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
My understanding is that they man in the middled that
danielAnd key verification wasn't very strong
ZashMagic crypto dust didn't save them?!
GuusThe irony of successfully doing MIM on a technology that's designed to run in a federated setup... 💕
moparisthebestit's not like that's exactly a new or unknown problem https://www.ejabberd.im/mod_otr 2007-03-30
moparisthebestI wouldn't be surprised if they simply installed an 11+ year old ejabberd module
moparisthebestbut that's not as good of a headline as DUTCH POLICE BREAK OTR
danielGiven the amount of refactoring that went into ejabberd I'd be a little bit surprised
danielBut I get your point
moparisthebestgiven how shoddy the app was at not caring about keys changing, they probably were running an ejabberd from 2007 :)
Guusthat's the (now seized) website of the company that sold the solution.
Guusindex_new.php <-- meh.
moparisthebestif you are looking for secure code and the website is served from index_new.php I think that should be a sign
GuusSo, an old Conversations? nice 🙂
daniel> I think it is a copy/fork of Conversations version 1.14.6
Far far from being the only one in that market fwiw
Zash> I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation
Edward Snowden [More Info \>\>](index_new2.php)
moparisthebestI don't think I used Conversations with OTR, how did it handle key changes?
danielmoparisthebest: not at all. Lol
moparisthebestwell, there you go :P
daniel(that's an oversimplification. It would display a warning Snackbar if you had previously verified a key. But chances are you didn't. And by that point it would technically have already been to late. It didn't block the sending like omemo would these days)
danielAlso the old version was a xabber clone. So it's a little bit unclear if those people decompiling on hackernews and the police are talking about the same app
jonas’15:05:19 Guus> The irony of successfully doing MIM on a technology that's designed to run in a federated setup...
The irony for something like that to happen to *Iron*(y)chat. Sorry.
Andrew NenakhovI think they MitMed it after getting access to server console via hosting company.
Andrew NenakhovWanna hear a fascinating story?
jonas’always, although I’ll have to leave in a few minutes (I’ll read the backlog :))
Andrew NenakhovI think it was me who discovered they are MitMed
Andrew NenakhovThis guy made donations to Xabber development once in a couple of years, a year ago asked us to make file exchange into his extremely modified version of Xabber
Andrew NenakhovWe did
Andrew NenakhovSince that time he asked me some xmpp related questions from time to time
Andrew NenakhovThen one day he asks, my otr fingerprints don't match each other
Andrew NenakhovI say hmm maybe you fucked up code, let me see
Andrew NenakhovHis app was quite hardcore in geocities style
Andrew NenakhovSo I connected to his server with Xabber. Okk. Otr established. Fingerprints don't match.
Andrew NenakhovI say hmm.
Andrew NenakhovLong story short, I started to suspect mitm (an idea I dismissed at first, because have to ever been MitMed, really?!)
Andrew NenakhovEspecially telling was that when connected from another server xmpp clients have established separate otr sessions
Andrew NenakhovAnd messages did come through only after both client did establish sessions
Andrew NenakhovAaaand the most fascinating part, once I told him, it's definitely fucked up, I was kicked from openfire console! (he gave me access), he was kicked from all his terminals and our xmpp axxouts were blocked.
danielAndrew Nenakhov: maybe *they* kicked you. Not him
Andrew NenakhovOf course
Andrew NenakhovHe connected to me over XMPP, said he had disagreement with ex admin, so I suggested him shut down server and establish new one, bit then he went silent
danielSo there is an mod_otr for OpenFire as well. Not just ejabberd
Andrew NenakhovNext,I come here and hear this story.
Andrew NenakhovSo I think it's nothing wrong with otr if you check fingerprints
Andrew NenakhovBut. Perhaps I should talk to dutch police now. 😱
SeveAndrew Nenakhov, thaaaaaaat is a great story, quite enjoyable :D (given the coincidences)
SeveThanks for explaining us :D
Andrew NenakhovU r welcome
jonas’Andrew Nenakhov, that’s a good campfire story :)
jonas’I like it
Andrew NenakhovI actually liked the guy. So, hope he doesn't get jailed for long.
lovetoxlol 1500 euro phone and 100 euro per month for a mobile xmpp client with otr
lovetoxdaniel, i think you should rethink your business strategy
Andrew NenakhovYeah. And someone said no one can make money from XMPP
flowif it is expensive it has to be good, right?
jonas’somebody around to put https://github.com/xsf/xeps/pull/719 on the Board agenda?
Steve Killehas left
Steve Killehas left
Maranda1500 euro phone? IPhone XS Max 256 :O?
Marandaplaying the guess game :P
MarandaGuus, I told some Meetecho fellows to contact you about a possible issue with OpenFire, and maybe that could "help 'em" stop flooding my server with s2s attempts with their things.