XSF Discussion - 2018-11-08

  1. mrdoctorwho has joined
  2. !xsf_martin has joined
  3. lskdjf has joined
  4. lskdjf has joined
  5. lskdjf has left
  6. matlag has left
  7. MattJ has left
  8. vanitasvitae has left
  9. UsL has left
  10. UsL has joined
  11. j.r has joined
  12. j.r has joined
  13. Maranda has joined
  14. moparisthebest has joined
  15. j.r has joined
  16. jjrh has left
  17. jjrh has left
  18. peter has joined
  19. j.r has joined
  20. lskdjf has joined
  21. j.r has joined
  22. jjrh has left
  23. j.r has joined
  24. Zash has left
  25. l has joined
  26. peter has left
  27. karp has left
  28. karp has joined
  29. labdsf has left
  30. labdsf has joined
  31. labdsf has left
  32. labdsf has joined
  33. jjrh has left
  34. Zash has left
  35. sonny has left
  36. sonny has joined
  37. peter has joined
  38. labdsf has left
  39. labdsf has joined
  40. jjrh has left
  41. labdsf has left
  42. labdsf has joined
  43. labdsf has left
  44. labdsf has joined
  45. krauq has joined
  46. krauq has joined
  47. alacer has joined
  48. Lance has joined
  49. Yagiza has joined
  50. jjrh has left
  51. dwd has joined
  52. labdsf has left
  53. dwd has left
  54. labdsf has joined
  55. jjrh has left
  56. Lance has left
  57. efrit has left
  58. Yagiza has left
  59. alacer has left
  60. alacer has joined
  61. j.r has joined
  62. j.r has joined
  63. jjrh has left
  64. moparisthebest has left
  65. Ge0rG has left
  66. Ge0rG has left
  67. alacer has left
  68. alacer has joined
  69. guusdk has left
  70. Guus has left
  71. Yagiza has joined
  72. Yagiza has left
  73. Yagiza has joined
  74. Guus has joined
  75. guusdk has joined
  76. Str4tocaster has joined
  77. waqas has left
  78. Str4tocaster has left
  79. Str4tocaster has joined
  80. Nekit has joined
  81. Str4tocaster has left
  82. Str4tocaster has joined
  83. karp has left
  84. Str4tocaster has left
  85. Str4tocaster has joined
  86. Str4tocaster has left
  87. Str4tocaster has joined
  88. lorddavidiii has left
  89. lorddavidiii has joined
  90. dwd has joined
  91. labdsf has left
  92. dwd has left
  93. lnj has joined
  94. lnj has left
  95. lskdjf has joined
  96. Str4tocaster has left
  97. lnj has joined
  98. Str4tocaster has joined
  99. peter has left
  100. andy has joined
  101. lnj has left
  102. Str4tocaster has left
  103. Str4tocaster has joined
  104. lnj has joined
  105. Str4tocaster has left
  106. Str4tocaster has joined
  107. l has left
  108. alacer has left
  109. blabla has joined
  110. alacer has joined
  111. tux has left
  112. tux has joined
  113. guusdk has left
  114. goffi has joined
  115. guusdk has left
  116. guusdk has joined
  117. lnj has left
  118. labdsf has joined
  119. lnj has joined
  120. lnj has left
  121. lnj has joined
  122. APach has left
  123. APach has joined
  124. lskdjf has left
  125. lskdjf has joined
  126. Yagiza has left
  127. !xsf_martin has joined
  128. lorddavidiii has left
  129. krauq has left
  130. lorddavidiii has joined
  131. marc has joined
  132. Steve Kille has left
  133. Steve Kille has left
  134. blabla has joined
  135. APach has left
  136. APach has joined
  137. !xsf_martin has left
  138. !xsf_martin has joined
  139. Steve Kille has joined
  140. Valerian has joined
  141. krauq has left
  142. marc has left
  143. rion has left
  144. alacer has left
  145. alacer has joined
  146. labdsf has left
  147. labdsf has joined
  148. Tobias has left
  149. Ge0rG has left
  150. Ge0rG has left
  151. Alex has joined
  152. dwd has joined
  153. Ge0rG has left
  154. alacer has left
  155. alacer has joined
  156. mrdoctorwho has left
  157. lorddavidiii has left
  158. Valerian has left
  159. Valerian has joined
  160. mrdoctorwho has joined
  161. l has left
  162. l has joined
  163. Valerian has left
  164. labdsf has left
  165. Str4tocaster has left
  166. Str4tocaster has joined
  167. Str4tocaster has left
  168. Str4tocaster has joined
  169. Yagiza has joined
  170. labdsf has joined
  171. genofire has left
  172. Str4tocaster has left
  173. Str4tocaster has joined
  174. Str4tocaster has left
  175. Str4tocaster has joined
  176. lorddavidiii has joined
  177. labdsf has left
  178. genofire has left
  179. genofire has joined
  180. labdsf has joined
  181. Str4tocaster has left
  182. Str4tocaster has joined
  183. genofire has left
  184. genofire has joined
  185. Str4tocaster has left
  186. Str4tocaster has joined
  187. Str4tocaster has left
  188. Str4tocaster has joined
  189. l has joined
  190. lskdjf has joined
  191. j.r has joined
  192. marc has joined
  193. ThibG has joined
  194. ThibG has joined
  195. Str4tocaster has left
  196. Str4tocaster has joined
  197. l has left
  198. labdsf has left
  199. lskdjf has joined
  200. Steve Kille has left
  201. Steve Kille has left
  202. labdsf has joined
  203. labdsf has left
  204. 404.city has joined
  205. Str4tocaster has left
  206. Str4tocaster has joined
  207. guusdk has left
  208. guusdk has joined
  209. Str4tocaster has left
  210. Str4tocaster has joined
  211. guusdk has left
  212. Ge0rG has joined
  213. jjrh has left
  214. labdsf has joined
  215. Steve Kille has left
  216. Str4tocaster has left
  217. Str4tocaster has joined
  218. Ge0rG has left
  219. blabla has joined
  220. genofire has left
  221. Str4tocaster has left
  222. Str4tocaster has joined
  223. Str4tocaster has left
  224. alacer has left
  225. Str4tocaster has joined
  226. Str4tocaster has left
  227. Str4tocaster has joined
  228. lorddavidiii has left
  229. moparisthebest has joined
  230. labdsf has left
  231. mimi89999 has left
  232. blabla has joined
  233. !xsf_martin has joined
  234. jjrh has left
  235. Nekit has left
  236. j.r has joined
  237. labdsf has joined
  238. Valerian has joined
  239. Valerian has left
  240. Valerian has joined
  241. 404.city has left
  242. Str4tocaster has left
  243. Str4tocaster has joined
  244. labdsf has left
  245. labdsf has joined
  246. Yagiza has left
  247. Zash has left
  248. Zash has joined
  249. valo has left
  250. valo has joined
  251. matlag has left
  252. andy has left
  253. daniel has left
  254. Str4tocaster has left
  255. Str4tocaster has joined
  256. l has joined
  257. Valerian has left
  258. Str4tocaster has left
  259. Str4tocaster has joined
  260. Str4tocaster has left
  261. Str4tocaster has joined
  262. lskdjf has joined
  263. Str4tocaster has left
  264. Str4tocaster has joined
  265. Str4tocaster has left
  266. Str4tocaster has joined
  267. Str4tocaster has left
  268. Str4tocaster has joined
  269. Str4tocaster has left
  270. Str4tocaster has joined
  271. Str4tocaster has left
  272. Str4tocaster has joined
  273. Str4tocaster has left
  274. Str4tocaster has joined
  275. Str4tocaster has left
  276. Str4tocaster has joined
  277. Str4tocaster has left
  278. Str4tocaster has joined
  279. Str4tocaster has left
  280. Str4tocaster has joined
  281. Str4tocaster has left
  282. Str4tocaster has joined
  283. dwd has left
  284. moparisthebest has joined
  285. moparisthebest has joined
  286. alacer has joined
  287. Str4tocaster has left
  288. Str4tocaster has joined
  289. Valerian has joined
  290. Str4tocaster has left
  291. moparisthebest has left
  292. dwd has joined
  293. alacer has left
  294. alacer has joined
  295. Alex has left
  296. Seve has left
  297. matlag has left
  298. nyco has joined
  299. Maranda has joined
  300. Maranda has joined
  301. Alex has joined
  302. alacer has left
  303. andy has joined
  304. blabla has joined
  305. lorddavidiii has joined
  306. alacer has joined
  307. MattJ Hey folks, I won't be able to make the meeting today - sorry for the short notice
  308. nyco thx for telling
  309. labdsf has left
  310. vanitasvitae has joined
  311. nyco time?
  312. nyco ralphm Guus
  313. Guus I'm here
  314. ralphm Here
  315. ralphm set the topic to XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
  316. ralphm bangs gavel
  317. ralphm 0. Welcome + Agenda
  318. ralphm Hi all
  319. Guus o/
  320. nyco hey
  321. ralphm I think the primary things are Elections and ED
  322. ralphm So let's start with those.
  323. ralphm 1. Elections
  324. ralphm I am happy to see voting has started.
  325. ralphm 6 candidates for Board and 5 for Council
  326. ralphm So with that well on the way, and the general meeting on Nov 22, there will be at most two more meetings with the current Board.
  327. Guus Curious: assuming that Council will consist of 5 people again: why vote on exactly 5 candidates?
  328. ta has left
  329. ralphm Guus: because if the Members really don't want a certain candidate they could vote them out.
  330. Guus What's needed to vote someone out?
  331. Guus 0 votes?
  332. ralphm Hmm, that's a good point.
  333. Guus I'm happy to have a vote, but I'm just curious what the point is 🙂
  334. nyco switching to Condorcet method?
  335. Zash In theory you could have done a single "Accept these 5 as council?" vote, but that gets messy with bot voting if it falls.
  336. ralphm Well, in membership elections we have yes/no for each candidate
  337. ralphm I don't recall why we use this other method for Council / Board
  338. nyco do we have to improve? what would we be fixing?
  339. Zash Lack of an election committe that puts forward a coherent proposal?
  340. ralphm I think previous elections we always had 6 or more candidates
  341. Guus Assuming that council will have the exact same amount of seats as the number of candidates, a vote is nothing more than a popularity contest. We _might_ want to avoid that.
  342. Guus but I'm totally OK with just doing the dance, and be done with it.
  343. nyco even with more candidates than seats, it is a popularitt contest
  344. ralphm Section 3.13 Voting Procedure for Election of Board and Council. Election of individuals to serve on the Board of Directors and on the XMPP Council shall proceed as follows. First, the number of individuals to serve on each body shall be limited beforehand by the Members as specified in Section 4.4 and Section 8.1 of these Bylaws for the Board and Council, respectively. Second, the Members shall vote on the candidates standing for election in accordance with Section 3.9 of these Bylaws. Third, the individuals elected shall be those receiving the highest percentage of votes cast, up to the limit set by the Members and with the proviso that no individual receiving less than a majority of votes cast shall be elected. Fourth, in the case of a tie for the final remaining position, the final individual shall be chosen in accordance with the procedures defined in “RFC 3797: Publicly Verifiable Nominations Committee (NomCom) Random Selection” published by the Internet Engineering Task Force.
  345. ralphm So yes, if there more than half of the voters abstain for a particular candidate, they don't get in
  346. Guus ok, good enough for me
  347. Guus thanks for checking
  348. ralphm Moving on then.
  349. ralphm 2. Executive Director
  350. ralphm We still haven't had a meeting, I think.
  351. Guus nothing moved on that subject, afaik
  352. ralphm Guus: should we send an e-mail to Peter to find a slot?
  353. Guus yes
  354. labdsf has joined
  355. ralphm Ok, I'll do so
  356. mrdoctorwho has joined
  357. Guus tx
  358. ralphm 3. AOB
  359. mrdoctorwho has joined
  360. ralphm Anything?
  361. ralphm Other?
  362. Guus nothing here
  363. ralphm nyco: ?
  364. nyco nothing
  365. ralphm Good.
  366. ralphm 4. Date of Next
  367. ralphm Our penultimate: +1W
  368. Guus wfm
  369. ralphm 5. Close
  370. ralphm Thanks!
  371. nyco wow
  372. nyco that was fast
  373. Guus So, on an interesting XMPP tidbit
  374. nyco thx
  375. ralphm bangs gavel
  376. ralphm set the topic to XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
  377. mrdoctorwho has joined
  378. Valerian has left
  379. Valerian has joined
  380. Guus Dutch police recently announced that they were able to read end-to-end encrypted chats between criminals, on a dedicated network. They announced this, as police started to show up so often, that criminals started to make plans to assassinate 'snitches'
  381. Guus from screenshots of the app that they use, it can be deduced that XMPP was used.
  382. nyco Ironthing?
  383. Guus the e2e technology was OTR
  384. Guus yeah, that's it
  385. Zash mod_otr?
  386. Guus dunno, I got this from news clippings only
  387. Guus https://arstechnica.com/information-technology/2018/11/police-decrypt-258000-messages-after-breaking-pricey-ironchat-crypto-app/ <-- first non-Dutch google hit (I have not read it)
  388. nyco is this a real screenshot of the real app? or just a journalist taking a picture he likes?
  389. labdsf has left
  390. nyco https://en.wikipedia.org/wiki/Off-the-Record_Messaging#Client_support
  391. nyco https://news.ycombinator.com/item?id=18401561
  392. mrdoctorwho has joined
  393. waqas has joined
  394. nyco so, should we obsolete OTR?
  395. andy has left
  396. nyco not board's duty, but I demand a technical/ethical debate
  397. labdsf has joined
  398. Guus The ironchat screenshots lists messages in Dutch that clearly are example / demo texts.
  399. vanitasvitae has left
  400. mrdoctorwho has joined
  401. APach has left
  402. Guus nyco, did the XSF ever standardize OTR-usage in the first place? I can find only one XEP, which is deferred: XEP-0364
  403. nyco good point
  404. APach has joined
  405. Zash Isn't half the point of OTR that it works regardless of transport?
  406. nyco we should use double-rot13 algo
  407. Guus Zash, I'm just trying to make the point that maybe there's nothing for us, the XSF, to obsolete, even if we wanted to.
  408. mrdoctorwho has joined
  409. Zash Guus: Correct.
  410. labdsf has left
  411. Guus I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
  412. nyco so any entity other than XSF should issue something? (oh gosh I am so clear and precise)
  413. Zash The XSF could issue an Informational XEP saying "OTR is bad and you should feel bad"
  414. nyco or humourous
  415. Zash :)
  416. Guus I'm not knowledgeable enough to tell if OTR is actually that bad.
  417. mrdoctorwho has joined
  418. Guus I do think it's a bad idea to start writing XEPs on what not to do.
  419. Guus XEP-0999: "Don't do drugs"
  420. nyco what would be XEP-0666 ?
  421. Zash XEP-0666 Selling your soul over XMPP
  422. nyco 😈
  423. daniel > I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken. My understanding is that they man in the middled that
  424. daniel And key verification wasn't very strong
  425. Zash Magic crypto dust didn't save them?!
  426. labdsf has joined
  427. Guus The irony of successfully doing MIM on a technology that's designed to run in a federated setup... 💕
  428. mrdoctorwho has joined
  429. sonny has joined
  430. jjrh has left
  431. ThibG has left
  432. ThibG has joined
  433. moparisthebest it's not like that's exactly a new or unknown problem https://www.ejabberd.im/mod_otr 2007-03-30
  434. moparisthebest I wouldn't be surprised if they simply installed an 11+ year old ejabberd module
  435. jjrh has left
  436. moparisthebest but that's not as good of a headline as DUTCH POLICE BREAK OTR
  437. daniel Given the amount of refactoring that went into ejabberd I'd be a little bit surprised
  438. daniel But I get your point
  439. moparisthebest given how shoddy the app was at not caring about keys changing, they probably were running an ejabberd from 2007 :)
  440. Guus https://web.archive.org/web/20180419140229/http://blackbox-security.com/index_new.php
  441. tux has left
  442. Zash https://news.ycombinator.com/item?id=18403477
  443. Guus that's the (now seized) website of the company that sold the solution.
  444. Guus index_new.php <-- meh.
  445. efrit has joined
  446. moparisthebest if you are looking for secure code and the website is served from index_new.php I think that should be a sign
  447. Zash Guus: index_new2.php
  448. Guus ah, yes.
  449. Guus So, an old Conversations? nice 🙂
  450. daniel > I think it is a copy/fork of Conversations version 1.14.6 Far far from being the only one in that market fwiw
  451. Zash > I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation Edward Snowden  [More Info \>\>](index_new2.php)
  452. moparisthebest I don't think I used Conversations with OTR, how did it handle key changes?
  453. daniel moparisthebest: not at all. Lol
  454. moparisthebest well, there you go :P
  455. lnj has left
  456. jjrh has left
  457. daniel (that's an oversimplification. It would display a warning Snackbar if you had previously verified a key. But chances are you didn't. And by that point it would technically have already been to late. It didn't block the sending like omemo would these days)
  458. APach has left
  459. APach has joined
  460. nyco has left
  461. daniel Also the old version was a xabber clone. So it's a little bit unclear if those people decompiling on hackernews and the police are talking about the same app
  462. j.r has left
  463. j.r has joined
  464. Valerian has left
  465. Valerian has joined
  466. j.r has joined
  467. j.r has joined
  468. lnj has joined
  469. efrit has left
  470. Holger has left
  471. ta has left
  472. Valerian has left
  473. Valerian has joined
  474. Valerian has left
  475. Guus has left
  476. daniel has left
  477. daniel has left
  478. lumi has joined
  479. guusdk has left
  480. !xsf_martin has joined
  481. labdsf has left
  482. dwd has left
  483. jonas’ 15:05:19 Guus> The irony of successfully doing MIM on a technology that's designed to run in a federated setup... The irony for something like that to happen to *Iron*(y)chat. Sorry.
  484. daniel has left
  485. guusdk has left
  486. guusdk has joined
  487. dwd has joined
  488. lovetox has joined
  489. dwd has left
  490. MattJ has left
  491. guusdk has left
  492. Andrew Nenakhov I think they MitMed it after getting access to server console via hosting company.
  493. Lance has joined
  494. jonas’ seems plausible
  495. Andrew Nenakhov Wanna hear a fascinating story?
  496. jonas’ always, although I’ll have to leave in a few minutes (I’ll read the backlog :))
  497. Andrew Nenakhov I think it was me who discovered they are MitMed
  498. Andrew Nenakhov This guy made donations to Xabber development once in a couple of years, a year ago asked us to make file exchange into his extremely modified version of Xabber
  499. Andrew Nenakhov We did
  500. Andrew Nenakhov Since that time he asked me some xmpp related questions from time to time
  501. Andrew Nenakhov Then one day he asks, my otr fingerprints don't match each other
  502. Andrew Nenakhov I say hmm maybe you fucked up code, let me see
  503. Andrew Nenakhov His app was quite hardcore in geocities style
  504. Andrew Nenakhov So I connected to his server with Xabber. Okk. Otr established. Fingerprints don't match.
  505. sonny has joined
  506. Andrew Nenakhov I say hmm.
  507. Andrew Nenakhov Long story short, I started to suspect mitm (an idea I dismissed at first, because have to ever been MitMed, really?!)
  508. Andrew Nenakhov Especially telling was that when connected from another server xmpp clients have established separate otr sessions
  509. blabla has joined
  510. Andrew Nenakhov And messages did come through only after both client did establish sessions
  511. Andrew Nenakhov Aaaand the most fascinating part, once I told him, it's definitely fucked up, I was kicked from openfire console! (he gave me access), he was kicked from all his terminals and our xmpp axxouts were blocked.
  512. Valerian has joined
  513. daniel Andrew Nenakhov: maybe *they* kicked you. Not him
  514. Zash THEY!
  515. Andrew Nenakhov Of course
  516. dwd has joined
  517. Andrew Nenakhov He connected to me over XMPP, said he had disagreement with ex admin, so I suggested him shut down server and establish new one, bit then he went silent
  518. daniel So there is an mod_otr for OpenFire as well. Not just ejabberd
  519. daniel Interesting...
  520. Andrew Nenakhov Next,I come here and hear this story.
  521. Andrew Nenakhov Oops.
  522. Andrew Nenakhov So I think it's nothing wrong with otr if you check fingerprints
  523. marc has left
  524. blabla has joined
  525. Andrew Nenakhov But. Perhaps I should talk to dutch police now. 😱
  526. Ge0rG has left
  527. Seve Andrew Nenakhov, thaaaaaaat is a great story, quite enjoyable :D (given the coincidences)
  528. Seve Thanks for explaining us :D
  529. Andrew Nenakhov U r welcome
  530. jonas’ Andrew Nenakhov, that’s a good campfire story :)
  531. jonas’ I like it
  532. Andrew Nenakhov I actually liked the guy. So, hope he doesn't get jailed for long.
  533. guusdk has left
  534. guusdk has joined
  535. guusdk has left
  536. ThibG has joined
  537. ThibG has joined
  538. lovetox lol 1500 euro phone and 100 euro per month for a mobile xmpp client with otr
  539. lovetox daniel, i think you should rethink your business strategy
  540. guusdk has left
  541. guusdk has joined
  542. Andrew Nenakhov Yeah. And someone said no one can make money from XMPP
  543. guusdk has left
  544. Lance has left
  545. Guus has left
  546. dwd has left
  547. Guus has left
  548. blabla has joined
  549. Ge0rG has left
  550. genofire has left
  551. labdsf has joined
  552. alacer has left
  553. SamWhited has left
  554. tux has left
  555. tux has joined
  556. marc has joined
  557. lnj has left
  558. lnj has joined
  559. jjrh has left
  560. jjrh has left
  561. valo has left
  562. valo has joined
  563. Tobias has left
  564. blabla has left
  565. blabla has joined
  566. guusdk has left
  567. guusdk has joined
  568. sonny has joined
  569. lnj has left
  570. flow if it is expensive it has to be good, right?
  571. lnj has joined
  572. Lance has left
  573. Lance has joined
  574. Valerian has left
  575. Alex has left
  576. Alex has joined
  577. Valerian has joined
  578. Valerian has left
  579. jonas’ somebody around to put https://github.com/xsf/xeps/pull/719 on the Board agenda?
  580. Lance has left
  581. Seve has left
  582. Zash has left
  583. Zash has left
  584. Zash has left
  585. Lance has joined
  586. Zash has left
  587. Valerian has joined
  588. Ge0rG has left
  589. Alex has left
  590. Steve Kille has left
  591. Steve Kille has left
  592. lnj has left
  593. goffi has left
  594. labdsf has left
  595. labdsf has joined
  596. Lance has left
  597. rion has left
  598. Alex has joined
  599. Nekit has left
  600. Nekit has joined
  601. lovetox has left
  602. marc has left
  603. Tobias has joined
  604. Maranda 1500 euro phone? IPhone XS Max 256 :O?
  605. Maranda playing the guess game :P
  606. lorddavidiii has left
  607. Maranda Guus, I told some Meetecho fellows to contact you about a possible issue with OpenFire, and maybe that could "help 'em" stop flooding my server with s2s attempts with their things.
  608. Maranda has left
  609. Valerian has left
  610. labdsf has left
  611. Zash Most likely a cheap android phone.
  612. moparisthebest has joined
  613. Seve has joined
  614. Seve has joined
  615. daniel has left
  616. !xsf_martin has left
  617. Guus Maranda: k
  618. thorsten has left
  619. thorsten has joined
  620. lumi has left
  621. moparisthebest has left
  622. moparisthebest has joined
  623. j.r has left
  624. Nekit has joined
  625. j.r has joined
  626. !xsf_martin has joined
  627. j.r has joined
  628. matlag has left
  629. j.r has joined
  630. moparisthebest has left
  631. moparisthebest has joined
  632. moparisthebest has left
  633. moparisthebest has joined
  634. Zash has left
  635. j.r has joined
  636. j.r has joined
  637. UsL has left
  638. UsL has joined
  639. j.r has joined
  640. Alex has left
  641. j.r has joined