So with that well on the way, and the general meeting on Nov 22, there will be at most two more meetings with the current Board.
Guus
Curious: assuming that Council will consist of 5 people again: why vote on exactly 5 candidates?
tahas left
ralphm
Guus: because if the Members really don't want a certain candidate they could vote them out.
Guus
What's needed to vote someone out?
Guus
0 votes?
ralphm
Hmm, that's a good point.
Guus
I'm happy to have a vote, but I'm just curious what the point is 🙂
nyco
switching to Condorcet method?
Zash
In theory you could have done a single "Accept these 5 as council?" vote, but that gets messy with bot voting if it falls.
ralphm
Well, in membership elections we have yes/no for each candidate
ralphm
I don't recall why we use this other method for Council / Board
nyco
do we have to improve? what would we be fixing?
Zash
Lack of an election committe that puts forward a coherent proposal?
ralphm
I think previous elections we always had 6 or more candidates
Guus
Assuming that council will have the exact same amount of seats as the number of candidates, a vote is nothing more than a popularity contest. We _might_ want to avoid that.
Guus
but I'm totally OK with just doing the dance, and be done with it.
nyco
even with more candidates than seats, it is a popularitt contest
ralphm
Section 3.13 Voting Procedure for Election of Board and Council. Election of individuals to serve on the Board of Directors and on the XMPP Council shall proceed as follows. First, the number of individuals to serve on each body shall be limited beforehand by the Members as specified in Section 4.4 and Section 8.1 of these Bylaws for the Board and Council, respectively. Second, the Members shall vote on the candidates standing for election in accordance with Section 3.9 of these Bylaws. Third, the individuals elected shall be those receiving the highest percentage of votes cast, up to the limit set by the Members and with the proviso that no individual receiving less than a majority of votes cast shall be elected. Fourth, in the case of a tie for the final remaining position, the final individual shall be chosen in accordance with the procedures defined in “RFC 3797: Publicly Verifiable Nominations Committee (NomCom) Random Selection” published by the Internet Engineering Task Force.
ralphm
So yes, if there more than half of the voters abstain for a particular candidate, they don't get in
Guus
ok, good enough for me
Guus
thanks for checking
ralphm
Moving on then.
ralphm
2. Executive Director
ralphm
We still haven't had a meeting, I think.
Guus
nothing moved on that subject, afaik
ralphm
Guus: should we send an e-mail to Peter to find a slot?
Dutch police recently announced that they were able to read end-to-end encrypted chats between criminals, on a dedicated network. They announced this, as police started to show up so often, that criminals started to make plans to assassinate 'snitches'
Guus
from screenshots of the app that they use, it can be deduced that XMPP was used.
nyco
Ironthing?
Guus
the e2e technology was OTR
Guus
yeah, that's it
Zash
mod_otr?
Guus
dunno, I got this from news clippings only
Guus
https://arstechnica.com/information-technology/2018/11/police-decrypt-258000-messages-after-breaking-pricey-ironchat-crypto-app/ <-- first non-Dutch google hit (I have not read it)
nyco
is this a real screenshot of the real app? or just a journalist taking a picture he likes?
not board's duty, but I demand a technical/ethical debate
labdsfhas joined
Guus
The ironchat screenshots lists messages in Dutch that clearly are example / demo texts.
vanitasvitaehas left
mrdoctorwhohas joined
APachhas left
Guus
nyco, did the XSF ever standardize OTR-usage in the first place? I can find only one XEP, which is deferred: XEP-0364
nyco
good point
APachhas joined
Zash
Isn't half the point of OTR that it works regardless of transport?
nyco
we should use double-rot13 algo
Guus
Zash, I'm just trying to make the point that maybe there's nothing for us, the XSF, to obsolete, even if we wanted to.
mrdoctorwhohas joined
Zash
Guus: Correct.
labdsfhas left
Guus
I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
nyco
so any entity other than XSF should issue something? (oh gosh I am so clear and precise)
Zash
The XSF could issue an Informational XEP saying "OTR is bad and you should feel bad"
nyco
or humourous
Zash
:)
Guus
I'm not knowledgeable enough to tell if OTR is actually that bad.
mrdoctorwhohas joined
Guus
I do think it's a bad idea to start writing XEPs on what not to do.
Guus
XEP-0999: "Don't do drugs"
nyco
what would be XEP-0666 ?
Zash
XEP-0666 Selling your soul over XMPP
nyco
😈
daniel
> I'm not sure by the way if Dutch police actually broke OTR - the article implies that it's just as likely that the implementation that was used was broken.
My understanding is that they man in the middled that
daniel
And key verification wasn't very strong
Zash
Magic crypto dust didn't save them?!
labdsfhas joined
Guus
The irony of successfully doing MIM on a technology that's designed to run in a federated setup... 💕
mrdoctorwhohas joined
sonnyhas joined
jjrhhas left
ThibGhas left
ThibGhas joined
moparisthebest
it's not like that's exactly a new or unknown problem https://www.ejabberd.im/mod_otr 2007-03-30
moparisthebest
I wouldn't be surprised if they simply installed an 11+ year old ejabberd module
jjrhhas left
moparisthebest
but that's not as good of a headline as DUTCH POLICE BREAK OTR
daniel
Given the amount of refactoring that went into ejabberd I'd be a little bit surprised
daniel
But I get your point
moparisthebest
given how shoddy the app was at not caring about keys changing, they probably were running an ejabberd from 2007 :)
that's the (now seized) website of the company that sold the solution.
Guus
index_new.php <-- meh.
efrithas joined
moparisthebest
if you are looking for secure code and the website is served from index_new.php I think that should be a sign
Zash
Guus: index_new2.php
Guus
ah, yes.
Guus
So, an old Conversations? nice 🙂
daniel
> I think it is a copy/fork of Conversations version 1.14.6
Far far from being the only one in that market fwiw
Zash
> I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation
Edward Snowden [More Info \>\>](index_new2.php)
moparisthebest
I don't think I used Conversations with OTR, how did it handle key changes?
daniel
moparisthebest: not at all. Lol
moparisthebest
well, there you go :P
lnjhas left
jjrhhas left
daniel
(that's an oversimplification. It would display a warning Snackbar if you had previously verified a key. But chances are you didn't. And by that point it would technically have already been to late. It didn't block the sending like omemo would these days)
APachhas left
APachhas joined
nycohas left
daniel
Also the old version was a xabber clone. So it's a little bit unclear if those people decompiling on hackernews and the police are talking about the same app
j.rhas left
j.rhas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
lnjhas joined
efrithas left
Holgerhas left
tahas left
Valerianhas left
Valerianhas joined
Valerianhas left
Guushas left
danielhas left
danielhas left
lumihas joined
guusdkhas left
!xsf_martinhas joined
labdsfhas left
dwdhas left
jonas’
15:05:19 Guus> The irony of successfully doing MIM on a technology that's designed to run in a federated setup...
The irony for something like that to happen to *Iron*(y)chat. Sorry.
danielhas left
guusdkhas left
guusdkhas joined
dwdhas joined
lovetoxhas joined
dwdhas left
MattJhas left
guusdkhas left
Andrew Nenakhov
I think they MitMed it after getting access to server console via hosting company.
Lancehas joined
jonas’
seems plausible
Andrew Nenakhov
Wanna hear a fascinating story?
jonas’
always, although I’ll have to leave in a few minutes (I’ll read the backlog :))
Andrew Nenakhov
I think it was me who discovered they are MitMed
Andrew Nenakhov
This guy made donations to Xabber development once in a couple of years, a year ago asked us to make file exchange into his extremely modified version of Xabber
Andrew Nenakhov
We did
Andrew Nenakhov
Since that time he asked me some xmpp related questions from time to time
Andrew Nenakhov
Then one day he asks, my otr fingerprints don't match each other
Andrew Nenakhov
I say hmm maybe you fucked up code, let me see
Andrew Nenakhov
His app was quite hardcore in geocities style
Andrew Nenakhov
So I connected to his server with Xabber. Okk. Otr established. Fingerprints don't match.
sonnyhas joined
Andrew Nenakhov
I say hmm.
Andrew Nenakhov
Long story short, I started to suspect mitm (an idea I dismissed at first, because have to ever been MitMed, really?!)
Andrew Nenakhov
Especially telling was that when connected from another server xmpp clients have established separate otr sessions
blablahas joined
Andrew Nenakhov
And messages did come through only after both client did establish sessions
Andrew Nenakhov
Aaaand the most fascinating part, once I told him, it's definitely fucked up, I was kicked from openfire console! (he gave me access), he was kicked from all his terminals and our xmpp axxouts were blocked.
Valerianhas joined
daniel
Andrew Nenakhov: maybe *they* kicked you. Not him
Zash
THEY!
Andrew Nenakhov
Of course
dwdhas joined
Andrew Nenakhov
He connected to me over XMPP, said he had disagreement with ex admin, so I suggested him shut down server and establish new one, bit then he went silent
daniel
So there is an mod_otr for OpenFire as well. Not just ejabberd
daniel
Interesting...
Andrew Nenakhov
Next,I come here and hear this story.
Andrew Nenakhov
Oops.
Andrew Nenakhov
So I think it's nothing wrong with otr if you check fingerprints
marchas left
blablahas joined
Andrew Nenakhov
But. Perhaps I should talk to dutch police now. 😱
Ge0rGhas left
Seve
Andrew Nenakhov, thaaaaaaat is a great story, quite enjoyable :D (given the coincidences)
Seve
Thanks for explaining us :D
Andrew Nenakhov
U r welcome
jonas’
Andrew Nenakhov, that’s a good campfire story :)
jonas’
I like it
Andrew Nenakhov
I actually liked the guy. So, hope he doesn't get jailed for long.
guusdkhas left
guusdkhas joined
guusdkhas left
ThibGhas joined
ThibGhas joined
lovetox
lol 1500 euro phone and 100 euro per month for a mobile xmpp client with otr
lovetox
daniel, i think you should rethink your business strategy
guusdkhas left
guusdkhas joined
Andrew Nenakhov
Yeah. And someone said no one can make money from XMPP
guusdkhas left
Lancehas left
Guushas left
dwdhas left
Guushas left
blablahas joined
Ge0rGhas left
genofirehas left
labdsfhas joined
alacerhas left
SamWhitedhas left
tuxhas left
tuxhas joined
marchas joined
lnjhas left
lnjhas joined
jjrhhas left
jjrhhas left
valohas left
valohas joined
Tobiashas left
blablahas left
blablahas joined
guusdkhas left
guusdkhas joined
sonnyhas joined
lnjhas left
flow
if it is expensive it has to be good, right?
lnjhas joined
Lancehas left
Lancehas joined
Valerianhas left
Alexhas left
Alexhas joined
Valerianhas joined
Valerianhas left
jonas’
somebody around to put https://github.com/xsf/xeps/pull/719 on the Board agenda?
Lancehas left
Sevehas left
Zashhas left
Zashhas left
Zashhas left
Lancehas joined
Zashhas left
Valerianhas joined
Ge0rGhas left
Alexhas left
Steve Killehas left
Steve Killehas left
lnjhas left
goffihas left
labdsfhas left
labdsfhas joined
Lancehas left
rionhas left
Alexhas joined
Nekithas left
Nekithas joined
lovetoxhas left
marchas left
Tobiashas joined
Maranda
1500 euro phone? IPhone XS Max 256 :O?
Maranda
playing the guess game :P
lorddavidiiihas left
Maranda
Guus, I told some Meetecho fellows to contact you about a possible issue with OpenFire, and maybe that could "help 'em" stop flooding my server with s2s attempts with their things.