ralphmI think the primary things are Elections and ED
ralphmSo let's start with those.
ralphm1. Elections
ralphmI am happy to see voting has started.
ralphm6 candidates for Board and 5 for Council
ralphmSo with that well on the way, and the general meeting on Nov 22, there will be at most two more meetings with the current Board.
GuusCurious: assuming that Council will consist of 5 people again: why vote on exactly 5 candidates?
tahas left
ralphmGuus: because if the Members really don't want a certain candidate they could vote them out.
GuusWhat's needed to vote someone out?
Guus0 votes?
ralphmHmm, that's a good point.
GuusI'm happy to have a vote, but I'm just curious what the point is 🙂
nycoswitching to Condorcet method?
ZashIn theory you could have done a single "Accept these 5 as council?" vote, but that gets messy with bot voting if it falls.
ralphmWell, in membership elections we have yes/no for each candidate
ralphmI don't recall why we use this other method for Council / Board
nycodo we have to improve? what would we be fixing?
ZashLack of an election committe that puts forward a coherent proposal?
ralphmI think previous elections we always had 6 or more candidates
GuusAssuming that council will have the exact same amount of seats as the number of candidates, a vote is nothing more than a popularity contest. We _might_ want to avoid that.
Guusbut I'm totally OK with just doing the dance, and be done with it.
nycoeven with more candidates than seats, it is a popularitt contest
ralphmSection 3.13 Voting Procedure for Election of Board and Council. Election of individuals to serve on the Board of Directors and on the XMPP Council shall proceed as follows. First, the number of individuals to serve on each body shall be limited beforehand by the Members as specified in Section 4.4 and Section 8.1 of these Bylaws for the Board and Council, respectively. Second, the Members shall vote on the candidates standing for election in accordance with Section 3.9 of these Bylaws. Third, the individuals elected shall be those receiving the highest percentage of votes cast, up to the limit set by the Members and with the proviso that no individual receiving less than a majority of votes cast shall be elected. Fourth, in the case of a tie for the final remaining position, the final individual shall be chosen in accordance with the procedures defined in “RFC 3797: Publicly Verifiable Nominations Committee (NomCom) Random Selection” published by the Internet Engineering Task Force.
ralphmSo yes, if there more than half of the voters abstain for a particular candidate, they don't get in
Guusok, good enough for me
Guusthanks for checking
ralphmMoving on then.
ralphm2. Executive Director
ralphmWe still haven't had a meeting, I think.
Guusnothing moved on that subject, afaik
ralphmGuus: should we send an e-mail to Peter to find a slot?
GuusDutch police recently announced that they were able to read end-to-end encrypted chats between criminals, on a dedicated network. They announced this, as police started to show up so often, that criminals started to make plans to assassinate 'snitches'
Guusfrom screenshots of the app that they use, it can be deduced that XMPP was used.
nycoIronthing?
Guusthe e2e technology was OTR
Guusyeah, that's it
Zashmod_otr?
Guusdunno, I got this from news clippings only
Guushttps://arstechnica.com/information-technology/2018/11/police-decrypt-258000-messages-after-breaking-pricey-ironchat-crypto-app/ <-- first non-Dutch google hit (I have not read it)
nycois this a real screenshot of the real app? or just a journalist taking a picture he likes?
nyconot board's duty, but I demand a technical/ethical debate
labdsfhas joined
GuusThe ironchat screenshots lists messages in Dutch that clearly are example / demo texts.
vanitasvitaehas left
mrdoctorwhohas joined
APachhas left
Guusnyco, did the XSF ever standardize OTR-usage in the first place? I can find only one XEP, which is deferred: XEP-0364
nycogood point
APachhas joined
ZashIsn't half the point of OTR that it works regardless of transport?
nycowe should use double-rot13 algo
GuusZash, I'm just trying to make the point that maybe there's nothing for us, the XSF, to obsolete, even if we wanted to.
mrdoctorwhohas joined
ZashGuus: Correct.
labdsfhas left
GuusI'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
nycoso any entity other than XSF should issue something? (oh gosh I am so clear and precise)
ZashThe XSF could issue an Informational XEP saying "OTR is bad and you should feel bad"
nycoor humourous
Zash:)
GuusI'm not knowledgeable enough to tell if OTR is actually that bad.
mrdoctorwhohas joined
GuusI do think it's a bad idea to start writing XEPs on what not to do.
GuusXEP-0999: "Don't do drugs"
nycowhat would be XEP-0666 ?
ZashXEP-0666 Selling your soul over XMPP
nyco😈
daniel> I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
My understanding is that they man in the middled that
danielAnd key verification wasn't very strong
ZashMagic crypto dust didn't save them?!
labdsfhas joined
GuusThe irony of successfully doing MIM on a technology that's designed to run in a federated setup... 💕
mrdoctorwhohas joined
sonnyhas joined
jjrhhas left
ThibGhas left
ThibGhas joined
moparisthebestit's not like that's exactly a new or unknown problem https://www.ejabberd.im/mod_otr 2007-03-30
moparisthebestI wouldn't be surprised if they simply installed an 11+ year old ejabberd module
jjrhhas left
moparisthebestbut that's not as good of a headline as DUTCH POLICE BREAK OTR
danielGiven the amount of refactoring that went into ejabberd I'd be a little bit surprised
danielBut I get your point
moparisthebestgiven how shoddy the app was at not caring about keys changing, they probably were running an ejabberd from 2007 :)
Guusthat's the (now seized) website of the company that sold the solution.
Guusindex_new.php <-- meh.
efrithas joined
moparisthebestif you are looking for secure code and the website is served from index_new.php I think that should be a sign
ZashGuus: index_new2.php
Guusah, yes.
GuusSo, an old Conversations? nice 🙂
daniel> I think it is a copy/fork of Conversations version 1.14.6
Far far from being the only one in that market fwiw
Zash> I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation
Edward Snowden [More Info \>\>](index_new2.php)
moparisthebestI don't think I used Conversations with OTR, how did it handle key changes?
danielmoparisthebest: not at all. Lol
moparisthebestwell, there you go :P
lnjhas left
jjrhhas left
daniel(that's an oversimplification. It would display a warning Snackbar if you had previously verified a key. But chances are you didn't. And by that point it would technically have already been to late. It didn't block the sending like omemo would these days)
APachhas left
APachhas joined
nycohas left
danielAlso the old version was a xabber clone. So it's a little bit unclear if those people decompiling on hackernews and the police are talking about the same app
j.rhas left
j.rhas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
lnjhas joined
efrithas left
Holgerhas left
tahas left
Valerianhas left
Valerianhas joined
Valerianhas left
Guushas left
danielhas left
danielhas left
lumihas joined
guusdkhas left
!xsf_martinhas joined
labdsfhas left
dwdhas left
jonas’15:05:19 Guus> The irony of successfully doing MIM on a technology that's designed to run in a federated setup...
The irony for something like that to happen to *Iron*(y)chat. Sorry.
danielhas left
guusdkhas left
guusdkhas joined
dwdhas joined
lovetoxhas joined
dwdhas left
MattJhas left
guusdkhas left
Andrew NenakhovI think they MitMed it after getting access to server console via hosting company.
Lancehas joined
jonas’seems plausible
Andrew NenakhovWanna hear a fascinating story?
jonas’always, although I’ll have to leave in a few minutes (I’ll read the backlog :))
Andrew NenakhovI think it was me who discovered they are MitMed
Andrew NenakhovThis guy made donations to Xabber development once in a couple of years, a year ago asked us to make file exchange into his extremely modified version of Xabber
Andrew NenakhovWe did
Andrew NenakhovSince that time he asked me some xmpp related questions from time to time
Andrew NenakhovThen one day he asks, my otr fingerprints don't match each other
Andrew NenakhovI say hmm maybe you fucked up code, let me see
Andrew NenakhovHis app was quite hardcore in geocities style
Andrew NenakhovSo I connected to his server with Xabber. Okk. Otr established. Fingerprints don't match.
sonnyhas joined
Andrew NenakhovI say hmm.
Andrew NenakhovLong story short, I started to suspect mitm (an idea I dismissed at first, because have to ever been MitMed, really?!)
Andrew NenakhovEspecially telling was that when connected from another server xmpp clients have established separate otr sessions
blablahas joined
Andrew NenakhovAnd messages did come through only after both client did establish sessions
Andrew NenakhovAaaand the most fascinating part, once I told him, it's definitely fucked up, I was kicked from openfire console! (he gave me access), he was kicked from all his terminals and our xmpp axxouts were blocked.
Valerianhas joined
danielAndrew Nenakhov: maybe *they* kicked you. Not him
ZashTHEY!
Andrew NenakhovOf course
dwdhas joined
Andrew NenakhovHe connected to me over XMPP, said he had disagreement with ex admin, so I suggested him shut down server and establish new one, bit then he went silent
danielSo there is an mod_otr for OpenFire as well. Not just ejabberd
danielInteresting...
Andrew NenakhovNext,I come here and hear this story.
Andrew NenakhovOops.
Andrew NenakhovSo I think it's nothing wrong with otr if you check fingerprints
marchas left
blablahas joined
Andrew NenakhovBut. Perhaps I should talk to dutch police now. 😱
Ge0rGhas left
SeveAndrew Nenakhov, thaaaaaaat is a great story, quite enjoyable :D (given the coincidences)
SeveThanks for explaining us :D
Andrew NenakhovU r welcome
jonas’Andrew Nenakhov, that’s a good campfire story :)
jonas’I like it
Andrew NenakhovI actually liked the guy. So, hope he doesn't get jailed for long.
guusdkhas left
guusdkhas joined
guusdkhas left
ThibGhas joined
ThibGhas joined
lovetoxlol 1500 euro phone and 100 euro per month for a mobile xmpp client with otr
lovetoxdaniel, i think you should rethink your business strategy
guusdkhas left
guusdkhas joined
Andrew NenakhovYeah. And someone said no one can make money from XMPP
guusdkhas left
Lancehas left
Guushas left
dwdhas left
Guushas left
blablahas joined
Ge0rGhas left
genofirehas left
labdsfhas joined
alacerhas left
SamWhitedhas left
tuxhas left
tuxhas joined
marchas joined
lnjhas left
lnjhas joined
jjrhhas left
jjrhhas left
valohas left
valohas joined
Tobiashas left
blablahas left
blablahas joined
guusdkhas left
guusdkhas joined
sonnyhas joined
lnjhas left
flowif it is expensive it has to be good, right?
lnjhas joined
Lancehas left
Lancehas joined
Valerianhas left
Alexhas left
Alexhas joined
Valerianhas joined
Valerianhas left
jonas’somebody around to put https://github.com/xsf/xeps/pull/719 on the Board agenda?
Lancehas left
Sevehas left
Zashhas left
Zashhas left
Zashhas left
Lancehas joined
Zashhas left
Valerianhas joined
Ge0rGhas left
Alexhas left
Steve Killehas left
Steve Killehas left
lnjhas left
goffihas left
labdsfhas left
labdsfhas joined
Lancehas left
rionhas left
Alexhas joined
Nekithas left
Nekithas joined
lovetoxhas left
marchas left
Tobiashas joined
Maranda1500 euro phone? IPhone XS Max 256 :O?
Marandaplaying the guess game :P
lorddavidiiihas left
MarandaGuus, I told some Meetecho fellows to contact you about a possible issue with OpenFire, and maybe that could "help 'em" stop flooding my server with s2s attempts with their things.
XSF Discussion - 2018-11-08