XSF Discussion - 2019-03-12

  1. dele has left

  2. karoshi has left

  3. lumi has left

  4. Guus has left

  5. Guus has joined

  6. lumi has joined

  7. Guus has left

  8. dwd has left

  9. dwd has joined

  10. dwd has left

  11. andrey.g has joined

  12. Lance has joined

  13. dwd has joined

  14. UsL has left

  15. UsL has joined

  16. !xsf_Martin has left

  17. !xsf_Martin has joined

  18. !xsf_Martin has left

  19. !xsf_Martin has joined

  20. !xsf_Martin has left

  21. !xsf_Martin has joined

  22. !xsf_Martin has left

  23. !xsf_Martin has joined

  24. !xsf_Martin has left

  25. !xsf_Martin has joined

  26. !xsf_Martin has left

  27. !xsf_Martin has joined

  28. !xsf_Martin has left

  29. !xsf_Martin has joined

  30. !xsf_Martin has left

  31. !xsf_Martin has joined

  32. !xsf_Martin has left

  33. !xsf_Martin has joined

  34. !xsf_Martin has left

  35. !xsf_Martin has joined

  36. !xsf_Martin has left

  37. !xsf_Martin has joined

  38. !xsf_Martin has left

  39. !xsf_Martin has joined

  40. !xsf_Martin has left

  41. !xsf_Martin has joined

  42. !xsf_Martin has left

  43. !xsf_Martin has joined

  44. !xsf_Martin has left

  45. !xsf_Martin has joined

  46. !xsf_Martin has left

  47. !xsf_Martin has joined

  48. !xsf_Martin has left

  49. !xsf_Martin has joined

  50. !xsf_Martin has left

  51. !xsf_Martin has joined

  52. !xsf_Martin has left

  53. !xsf_Martin has joined

  54. !xsf_Martin has left

  55. !xsf_Martin has joined

  56. !xsf_Martin has left

  57. !xsf_Martin has joined

  58. !xsf_Martin has left

  59. !xsf_Martin has joined

  60. !xsf_Martin has left

  61. !xsf_Martin has joined

  62. !xsf_Martin has left

  63. !xsf_Martin has joined

  64. !xsf_Martin has left

  65. !xsf_Martin has joined

  66. !xsf_Martin has left

  67. !xsf_Martin has joined

  68. !xsf_Martin has left

  69. !xsf_Martin has joined

  70. !xsf_Martin has left

  71. !xsf_Martin has joined

  72. !xsf_Martin has left

  73. !xsf_Martin has joined

  74. !xsf_Martin has left

  75. !xsf_Martin has joined

  76. !xsf_Martin has left

  77. !xsf_Martin has joined

  78. !xsf_Martin has left

  79. !xsf_Martin has joined

  80. !xsf_Martin has left

  81. !xsf_Martin has joined

  82. !xsf_Martin has left

  83. !xsf_Martin has joined

  84. !xsf_Martin has left

  85. !xsf_Martin has joined

  86. !xsf_Martin has left

  87. !xsf_Martin has joined

  88. !xsf_Martin has left

  89. !xsf_Martin has joined

  90. !xsf_Martin has left

  91. !xsf_Martin has joined

  92. !xsf_Martin has left

  93. !xsf_Martin has joined

  94. !xsf_Martin has left

  95. !xsf_Martin has joined

  96. !xsf_Martin has left

  97. !xsf_Martin has joined

  98. !xsf_Martin has left

  99. !xsf_Martin has joined

  100. !xsf_Martin has left

  101. !xsf_Martin has joined

  102. !xsf_Martin has left

  103. !xsf_Martin has joined

  104. !xsf_Martin has left

  105. !xsf_Martin has joined

  106. !xsf_Martin has left

  107. !xsf_Martin has joined

  108. !xsf_Martin has left

  109. !xsf_Martin has joined

  110. !xsf_Martin has left

  111. !xsf_Martin has joined

  112. !xsf_Martin has left

  113. !xsf_Martin has joined

  114. !xsf_Martin has left

  115. !xsf_Martin has joined

  116. !xsf_Martin has left

  117. !xsf_Martin has joined

  118. !xsf_Martin has left

  119. !xsf_Martin has joined

  120. !xsf_Martin has left

  121. !xsf_Martin has joined

  122. !xsf_Martin has left

  123. !xsf_Martin has joined

  124. !xsf_Martin has left

  125. !xsf_Martin has joined

  126. !xsf_Martin has left

  127. !xsf_Martin has joined

  128. !xsf_Martin has left

  129. !xsf_Martin has joined

  130. !xsf_Martin has left

  131. !xsf_Martin has joined

  132. dwd has left

  133. dwd has joined

  134. dwd has left

  135. Guus has joined

  136. dwd has joined

  137. !xsf_Martin has left

  138. debacle has left

  139. dwd has left

  140. dwd has joined

  141. Guus has left

  142. Guus has joined

  143. Guus has left

  144. dwd has left

  145. dwd has joined

  146. Guus has joined

  147. bowlofeggs has left

  148. bowlofeggs has joined

  149. Lance has left

  150. dwd has left

  151. dwd has joined

  152. dwd has left

  153. lorddavidiii has left

  154. lorddavidiii has joined

  155. lorddavidiii has left

  156. lorddavidiii has joined

  157. Lance has joined

  158. dwd has joined

  159. dwd has left

  160. dwd has joined

  161. Lance has left

  162. Lance has joined

  163. dwd has left

  164. lumi has left

  165. lumi has joined

  166. Guus has left

  167. Guus has joined

  168. Guus has left

  169. Lance has left

  170. mimi89999 has left

  171. alacer has joined

  172. peter has joined

  173. mimi89999 has joined

  174. dwd has joined

  175. vanitasvitae has left

  176. vanitasvitae has joined

  177. peter has left

  178. Lance has joined

  179. dwd has left

  180. dwd has joined

  181. dwd has left

  182. larma has left

  183. mimi89999 has left

  184. larma has joined

  185. Lance has left

  186. lumi has left

  187. mimi89999 has joined

  188. dwd has joined

  189. Lance has joined

  190. dwd has left

  191. Guus has joined

  192. Lance has left

  193. lskdjf has left

  194. Lance has joined

  195. Yagiza has joined

  196. moparisthebest

    what's the proper thing to use for a new namespace for a ProtoXEP ?

  197. moparisthebest

    like a URL I control, or make something up in urn:xmpp:X ?

  198. larma has left

  199. Lance has left

  200. oli has left

  201. wurstsalat has left

  202. Lance has joined

  203. wurstsalat has joined

  204. Lance has left

  205. contrapunctus has left

  206. contrapunctus has joined

  207. Lance has joined

  208. neshtaxmpp has joined

  209. moparisthebest

    went ahead with my own URL for now, if that's not right could someone let me know? https://github.com/xsf/xeps/pull/765

  210. Nekit has joined

  211. ThibG has left

  212. ThibG has joined

  213. Zash has left

  214. Zash has joined

  215. dwd has joined

  216. alacer has left

  217. dwd has left

  218. Syndace has left

  219. Yagiza has left

  220. contrapunctus has left

  221. contrapunctus has joined

  222. 404.city has joined

  223. wurstsalat has left

  224. Lance has left

  225. blabla has left

  226. blabla has joined

  227. 404.city has left

  228. wurstsalat has joined

  229. dwd has joined

  230. contrapunctus has left

  231. contrapunctus has joined

  232. dwd has left

  233. kokonoe has left

  234. kokonoe has joined

  235. oli has joined

  236. j.r has left

  237. Lance has joined

  238. zinid

    moparisthebest: `urn:xmpp:X:0`

  239. Guus has left

  240. Guus has joined

  241. Wiktor

    Isn't it `urn:xmpp:tmp:X`?

  242. zinid

    Wiktor: I think we got rid of tmp?

  243. Wiktor

    Oh, sorry then, I'm not up to date with this stuff

  244. zinid

    the problem with tmp is that it's quite possible that namespace wouldn't be bumped

  245. Guus has left

  246. zinid

    and tmp will go into final 😁

  247. Wiktor

    Yeah, that's the same with `X-*` headers in HTTP. They are discouraged now.

  248. Guus has joined

  249. waqas has left

  250. goffi has joined

  251. waqas has joined

  252. waqas has left

  253. wurstsalat has left

  254. waqas has joined

  255. contrapunctus has left

  256. contrapunctus has joined

  257. j.r has joined

  258. waqas has left

  259. andy has joined

  260. Yagiza has joined

  261. Guus has left

  262. Guus has joined

  263. Guus has left

  264. j.r has left

  265. j.r has joined

  266. Lance has left

  267. Guus has joined

  268. j.r has left

  269. karoshi has joined

  270. derdaniel has joined

  271. andrey.g has left

  272. andrey.g has joined

  273. jonas’

    moparisthebest, use something which is sensible from the urn:xmpp: namespace

  274. zinid

    urn:xmpp:dox apparently

  275. jonas’

    for example, yes

  276. jonas’

    :dox:0 even

  277. zinid

    let's polute the namespace by april 1st jokes!

  278. jonas’

    is that an april 1st joke?

  279. zinid


  280. jonas’


  281. jonas’

    I thought moparisthebest was serious.

  282. zinid

    yeah, you never know

  283. jonas’


  284. zinid

    probably worth adding "humor" to the namespace path 🙂

  285. Lance has joined

  286. jonas’

    :tmp would be less obvious and still ok

  287. zinid

    whatever, I just think aquiring "dox" acronym is not a very good idea, because it sounds nice and may be reused in more serious xeps 😛

  288. jonas’

    but it’s also fun because of doxing

  289. zinid

    yeah, so just append something to the namespace, don't let it be urn:xmpp:dox:*

  290. zinid

    urn:xmpp:humor:dox, whatever

  291. jonas’

    moparisthebest, urn:xmpp:tmp:dox seems good for now

  292. jonas’

    :tmp shouldn’t be used by serious protoxeps, and it looks innocent enough :)

  293. vaulor has left

  294. vaulor has joined

  295. j.r has joined

  296. Lance has left

  297. arc has left

  298. arc has joined

  299. wurstsalat has joined

  300. alacer has joined

  301. Tobias has joined

  302. intosi has joined

  303. arc has left

  304. Lance has joined

  305. arc has joined

  306. ralphm has left

  307. ralphm has joined

  308. dwd has joined

  309. ralphm has left

  310. ralphm has joined

  311. intosi has left

  312. intosi has joined

  313. alacer has left

  314. ralphm has left

  315. ralphm has joined

  316. yon has left

  317. wurstsalat has left

  318. contrapunctus has left

  319. contrapunctus has joined

  320. wurstsalat has joined

  321. alacer has joined

  322. oli has left

  323. yon has joined

  324. oli has joined

  325. karoshi has left

  326. contrapunctus has left

  327. contrapunctus has joined

  328. Lance has left

  329. contrapunctus has left

  330. contrapunctus has joined

  331. Holger has left

  332. lnj has joined

  333. Holger has joined

  334. andy has left

  335. andy has joined

  336. ralphm has left

  337. ralphm has joined

  338. alacer has left

  339. alacer has joined

  340. dwd

    We used to use :tmp: for all Experimental XEPs, but dropped it because it wasn't a stable namespace, and we wanted people to implement early and safely with Experimental. Of course, this has other downsides, like deployment pressure, but that's something I'm happier to live with.

  341. dwd

    But loosely, :tmp: was our X-.

  342. dwd

    zinid, urn:xmpp:humor is reserved for Officially Humourous Things, surely? Do we need a work team to decide what is Officially Funny?

  343. zinid

    dwd, sure we can schedule that work at April 1st

  344. contrapunctus has left

  345. contrapunctus has joined

  346. mfoss has joined

  347. mfoss has left

  348. Seve

    Not a fan of that personally

  349. oli has left

  350. contrapunctus has left

  351. debacle has joined

  352. Neustradamus has left

  353. Neustradamus has joined

  354. wurstsalat has left

  355. larma has joined

  356. UsL has left

  357. UsL has joined

  358. contrapunctus has joined

  359. mark has left

  360. mark has joined

  361. Syndace has joined

  362. Tobias has left

  363. !xsf_Martin has joined

  364. !xsf_Martin has left

  365. !xsf_Martin has joined

  366. !xsf_Martin has left

  367. !xsf_Martin has joined

  368. ralphm has left

  369. ralphm has joined

  370. alacer has left

  371. alacer has joined

  372. Guus

    Seve you might have missed the importance of the suggested date. 🙂

  373. !xsf_Martin has left

  374. alacer has left

  375. alacer has joined

  376. ralphm has left

  377. ralphm has joined

  378. Lance has joined

  379. Ge0rG

    https://matrix.org/blog/2019/03/12/breaking-the-100bps-barrier-with-matrix-meshsim-coap-proxy/ 😁

  380. j.r has left

  381. ralphm has left

  382. alacer has left

  383. zinid

    Ge0rG: already on HN?

  384. Ge0rG

    No idea. But it's 25bps higher than STANAG XMPP

  385. zinid


  386. Ge0rG

    Higher = worse.

  387. zinid

    ah, right

  388. zinid

    good then 😁

  389. zinid

    I use stanag all the time in the lift

  390. Guus

    How often are you in a lift?

  391. zinid

    I didn't count 🤔

  392. zinid

    a few times a day?

  393. zinid

    subway is also a good source of high quality stanags

  394. Guus

    Please add a "XMPP STANAG TESTING ZONE" sticker.

  395. Guus

    https://www.lemark.co.uk/custom-printing/printed-barrier-tape/ 😏

  396. Ge0rG


  397. Lance has left

  398. karoshi has joined

  399. lskdjf has joined

  400. j.r has joined

  401. alacer has joined

  402. kokonoe has left

  403. kokonoe has joined

  404. alacer has left

  405. 404.city has joined

  406. alacer has joined

  407. vanitasvitae has left

  408. vanitasvitae has joined

  409. alacer has left

  410. efrit has joined

  411. j.r has left

  412. j.r has joined

  413. andy has left

  414. andy has joined

  415. alacer has joined

  416. Alex has joined

  417. efrit has left

  418. j.r has left

  419. Alex has left

  420. j.r has joined

  421. Alex has joined

  422. debacle has left

  423. alacer has left

  424. alacer has joined

  425. Alex has left

  426. alacer has left

  427. karoshi has left

  428. karoshi has joined

  429. alacer has joined

  430. neshtaxmpp has left

  431. neshtaxmpp has joined

  432. lskdjf has left

  433. lskdjf has joined

  434. Zash has left

  435. Andrew Nenakhov has left

  436. Andrew Nenakhov has joined

  437. Andrew Nenakhov has left

  438. Zash has joined

  439. Zash has left

  440. Zash has joined

  441. Andrew Nenakhov has joined

  442. alacer has left

  443. alacer has joined

  444. moparisthebest

    I updated the namespace on the PR jonas’

  445. moparisthebest

    also that was part of my evil plan all along, I'll push this thing all the way to final leaving everyone wondering forever more "wait a second, is this a joke or not" >:)

  446. jonas’

    humorous track doesn’t have final

  447. moparisthebest

    I have it as Standards Track :D

  448. Zash

    Implement and deploy!

  449. Zash

    Like the JSON for BOSH XEP

  450. moparisthebest

    Zash, already done! https://github.com/moparisthebest/jDnsProxy/tree/dox deployed at xmpp:dns@moparisthebest.com/listener

  451. Zash


  452. moparisthebest

    run it on your router, force your whole network DNS queries over XMPP

  453. MattJ

    and one day it will surface that DNS over HTTP was actually a similar joke that went too far?

  454. moparisthebest

    actually in ways this is better than DoH because of the long lived connection, no TLS setup each time etc

  455. jonas’

    you can have long-lived connections with HTTP, too

  456. Zash

    You can.

  457. Zash

    But do you?

  458. moparisthebest

    not quite *as* long lived, or as easily

  459. moparisthebest

    that is to say, the server is gonna disconnect you regularly

  460. jonas’

    a DoX server might as well

  461. MattJ


  462. jonas’


  463. MattJ


  464. moparisthebest

    DoX isn't necessarily a server, my implementation of it right now is a client

  465. Zash

    over IP-over-DNS?

  466. jonas’

    moparisthebest, but you need a server as entry-point

  467. moparisthebest


  468. jonas’

    and that might disconnect you

  469. moparisthebest

    use it in combination with ping?

  470. Ge0rG

    moparisthebest: does it respond to plaintext requests?

  471. Ge0rG

    You always need to introduce a legacy mode

  472. moparisthebest

    nope needs raw DNS bytes

  473. Ge0rG

    How am I supposed to operate it from mobile, then? 😜

  474. Andrew Nenakhov has left

  475. Alex has joined

  476. moparisthebest

    make a program to convert text to raw bytes, I use dig :D

  477. Alex has left

  478. moparisthebest

    from mobile, use dig from Termux

  479. Alex has joined

  480. Guus

    At some point I'm going to throw a bucket full of ice cold water over you guys.

  481. Andrew Nenakhov has joined

  482. jonas’ steps away

  483. jonas’ holds and caresses his sed(1)

  484. jonas’

    my preciouuusssss

  485. Andrew Nenakhov has left

  486. alacer has left

  487. alacer has joined

  488. Guus adds more ice to the bucket.

  489. mark has left

  490. andy has left

  491. andy has joined

  492. jonas’

    speaking of twisting stuff in ways to have fun with it: jslinux (<https://bellard.org/jslinux/vm.html?url=https://bellard.org/jslinux/buildroot-x86-xwin.cfg&graphic=1>) supports X11 and networking by now, networking happens via a general ethernet-layer WebSocket VPN (see http://www.benjamincburns.com/2013/11/10/jor1k-ethmac-support.html )

  493. lumi has joined

  494. ralphm has joined

  495. Andrew Nenakhov has joined

  496. debacle has joined

  497. flow

    moparisthebest, I am not sure that DoX should be humorous, it could prove useful

  498. moparisthebest

    I agree

  499. Andrew Nenakhov has left

  500. Lance has joined

  501. Andrew Nenakhov has joined

  502. flow

    uh, it is standards track

  503. moparisthebest

    yep I did that on purpose, I'd still like it released on April 1st just for the ensuing hilarity and confusion though :D

  504. flow

    I was assuming it to be a <type>humorous</type> XEP based on your comment to accept it on 1.4

  505. flow

    mission accomplished I'd say ;)

  506. Zash

    Master level trolling you got there :)

  507. moparisthebest


  508. ralphm

    moparisthebest: https://xmpp.org/extensions/xep-0053.html#namespaces

  509. j.r has left

  510. ralphm

    (for reference)

  511. j.r has joined

  512. Seve

    >Seve you might have missed the importance of the suggested date. 🙂 Yes, I was saying that I don't feel very comfortable using XEPs for humorous things, just my personal opinon. I would just use a blog page or something that 1st of April and that's all.

  513. ralphm

    What is officially funny is up to the Editor.

  514. Alex has left

  515. ralphm

    Seve: tough luck

  516. Guus

    who is German.

  517. Guus ducks, runs.

  518. ralphm

    Guus: tsk

  519. Seve

    ralphm, I'm not asking to change anything, just mentioning how I see it :) Never in my life encountered this, maybe that is english culture I don't know, but I'm not used to have official stuff being used for jokes, let's say. Again, this has been like that for ages, not going to ask for a change :)

  520. ralphm

    Seve: welcome to the world of standards bodies

  521. ralphm

    This might be a good start: https://tangentsoft.net/rfcs/humorous.html

  522. moparisthebest

    Seve, yea there is already a long history https://xmpp.org/extensions/xep-0183.html

  523. ralphm


  524. Seve

    moparisthebest, I'm aware :)

  525. ThibG has left

  526. ThibG has joined

  527. moparisthebest

    besides in my opinion DoX is no more or less silly than DoH and everyone and their brother implements that so... :)

  528. Andrew Nenakhov has left

  529. ralphm

    I'm not sure if I agree DoH is silly in and of itself. I do think that having only two services for it (Google and Cloudflare) is terrible.

  530. moparisthebest

    and that quad9 one and anyone else that wants to run one

  531. moparisthebest

    but I agree with what I think your point is, that sending all DNS queries to a much smaller number of resolvers is a bad idea :)

  532. ralphm


  533. alacer has left

  534. alacer has joined

  535. ralphm

    But as a protocol concept I'm not against.

  536. Zash

    But I am! HTTP-ification of all the things annoy me!

  537. moparisthebest

    start a DoX resolver now! be the change you want to see!

  538. Zash

    moparisthebest: Adding support to unbound you say?

  539. moparisthebest

    my resolver asks unbound yes

  540. moparisthebest

    which asks jdnsproxy, which asks a random dns-over-tls resolver over tor :)

  541. moparisthebest

    but you don't have to be *as* crazy

  542. moparisthebest

    you can just configure it to ask unbound

  543. alacer has left

  544. ralphm

    I thought this was a great overview of this topic: https://blog.powerdns.com/2019/02/07/the-big-dns-privacy-debate-at-fosdem/

  545. alacer has joined

  546. valo has left

  547. alacer has left

  548. Ge0rG

    Indeed, thanks for the link!

  549. ThibG has left

  550. ThibG has joined

  551. moparisthebest

    the way I solve that personally is by querying DNS-over-TLS servers from a range of providers over tor

  552. moparisthebest

    I can trust I'm talking to who I think I am and evil exit nodes aren't modifying anything, they don't know who I am, no 1 provider has all queries, and I validate DNSSEC myself anyway

  553. Lance has left

  554. Ge0rG

    That's... complicated

  555. moparisthebest

    what is?

  556. neshtaxmpp has left

  557. Ge0rG

    Your setup of DNS over Tor

  558. moparisthebest

    well I did end up writing jDnsProxy to support it yea, existing options weren't that great

  559. moparisthebest

    but *now* it's seamless :P

  560. Ge0rG

    Except for the 300ms latency?

  561. moparisthebest

    that's what serve-stale is for https://tools.ietf.org/html/draft-ietf-dnsop-serve-stale

  562. moparisthebest

    also unbound has various options to keep well used queries refreshed and such, overall it works quite well

  563. Andrew Nenakhov has joined

  564. Ge0rG

    Some days ago I realized that the smack socks proxy client doesn't work with orbot.

  565. ralphm

    moparisthebest: is DNSSEC really a good thing, though? I've always wondered about its true utility and this thread didn't make it better. https://news.ycombinator.com/item?id=19241225

  566. Zash

    Are you reading the comments? On HN of all places?

  567. andy has left

  568. moparisthebest

    ralphm, eh it's totally different, a CA can issue a cert, not put it in the (new) cert log, and browsers etc still mostly trust it

  569. moparisthebest

    while .com *could* falsely sign a bad key, it's crazy public to do so

  570. ralphm

    Because many comments are bad, that doesn't mean all of them are. If you take your position to the extreme, you can stop reading on the internet. Or anywhere, I suppose.

  571. moparisthebest

    basically impossible to do targetted attacks with DNSSEC

  572. ralphm

    moparisthebest: so I understand you trust the security aspects of DNSSEC itself?

  573. Zash

    HN seems to think that anything that isn't HTTPS needs to die. If it's not JSON over HTTPS, then why even care?

  574. moparisthebest

    ralphm, I think by itself it's better than the current CA setup we have now, but combining them would be even better

  575. Zash

    And in that world, where HTTPS protects you from everything harmful, there's no need for anything else. DNSSEC is useless. IPv6 is useless.

  576. Ge0rG

    moparisthebest: I think you can do a targeted attack if you have control over a TLD zone and mitm your victim.

  577. Zash

    And XMPP is the most useless thing of all, it's not even JSON over HTTPS. Why even bother!

  578. Zash

    SCRAM is also useless. Why not just send plain text passwords over HTTPS? Can't be more perfectly secure than that!

  579. Seve

    True dat

  580. Ge0rG

    I think the biggest selling point of DNSSEC got lost with letsencrypt.

  581. Zash

    Ge0rG: The price? Yes.

  582. Zash

    Let's Encrypt also killed CAcert.org

  583. Ge0rG

    (you can get a free trusted certificate for your deployment)

  584. Ge0rG

    Zash: that's not true. CACert perfectly killed itself.

  585. Zash

    And they're well on their way to killing all other CAs and becoming ultimate gatekeeper for everything. Especially since everything must be HTTPS

  586. Andrew Nenakhov has left

  587. Ge0rG

    Zash: you need to take your depression medicine! 😜

  588. moparisthebest

    Ge0rG: moparisthebest: I think you can do a targeted attack if you have control over a TLD zone and mitm your victim.

  589. moparisthebest

    if they also control a CA key and the victim isn't using DNS-over-$something_secure ???

  590. moparisthebest

    that seems like a pretty hard attack to pull off

  591. Ge0rG

    The second biggest selling point in my eyes would be secure delivery of client certificates, eg. for S/MIME

  592. Ge0rG

    moparisthebest: DANE can override Root CA trust. Any nobody is using Do# yet

  593. moparisthebest

    android ships by default using DNS-over-TLS so that's basically the opposite of nobody

  594. Andrew Nenakhov has joined

  595. Ge0rG

    The biggest problem of DNSSEC isn't browsers but lack of support on TLDs and in resolvers

  596. Ge0rG

    moparisthebest: android 8?

  597. ralphm

    Regarding the targeted attacks, doesn't that depend on who the attacker is? E.g. I think state level actors get more control if you depends on DNSSEC. This problem also exists in the current public CA system, with countries like mine running an included CA. I'm not saying this is bad per se, but interesting if you're making threat models.

  598. moparisthebest

    I *think* it started with android 9

  599. Ge0rG

    So it's like 0.5% of Android devices? 🤣🤣

  600. Andrew Nenakhov has left

  601. Ge0rG

    ralphm: yes, your conclusion is right. However, with certificate transparency, things have shifted again

  602. moparisthebest

    ralphm, I'm saying for a targeted attack with current CA setup, the attacker needs to MITM you and have *any* CA cert, with DNSSEC in the mix they'd need the DNSSEC root key, plus to compromise all the DNS servers from root all the way down to your domain, plus a CA cert

  603. ralphm

    Ge0rG: for CAs, yes

  604. moparisthebest

    it's just substantially harder

  605. ralphm

    moparisthebest: hence my reference to state actors

  606. Ge0rG

    moparisthebest: they only need to compromise one level of DNS on your domain path...

  607. moparisthebest

    and yes certificate transparency fixes a bit of that, but iirc only browsers check that?

  608. Ge0rG

    moparisthebest: if you have the signing key for domain.com from the crappy DNS cloud provider, you only need to mitm the victim

  609. ralphm

    Well certificate transparency fixes that for future occurrences by the same CA maybe, not individual cases.

  610. zinid

    moparisthebest: I think anyone can monitor CT logs?

  611. moparisthebest

    I pin the public key of my resolvers so owning any CA key won't help, they'd have to hack the specific provider

  612. Zash

    CT for DNSSEC. There, all problems with DNSSEC solved!! :)

  613. moparisthebest

    zinid, right but if you steal a CA cert and sign your own certificates those aren't in the CT logs, you have to check if it's in the CT log when deciding whether to trust it or not, I think only browsers do his right now

  614. ralphm

    I also like to point out that many companies have internal CAs to issue their own certs to be trusted. Once you include that in your list of trusted CAs, it also means that they can issue and thus MitM all the things.

  615. zinid

    stealing CA certificate sounds like a thing 😂

  616. ralphm

    Unless you have some form of cert/key/CA pinning

  617. Ge0rG

    ralphm: and they often do traffic inspection

  618. Ge0rG

    ralphm: luckily for them, modern browsers don't enforce pining if the server certificate is signed by a locally installed CA

  619. Ge0rG

    So corporate mitm still works

  620. Ge0rG

    Did I just spoil your day?

  621. ralphm

    No, I refused to install the company CA

  622. ralphm

    (or software that could do that)

  623. Ge0rG

    Not something one can typically do on company provided gear

  624. neshtaxmpp has joined

  625. ralphm

    Yes, this is another thing I managed to avoid for all employers so far. All of my machines (usually ThinkPads) came fresh out of the vendor-sealed box.

  626. Ge0rG

    Only intercepted by the government once.

  627. moparisthebest

    I just wipe the corporate windows image and install linux :/

  628. moparisthebest

    had a friendly sysadmin get me a virtualbox corporate windows image to use for skype etc

  629. moparisthebest

    he's gone now though, don't know what I'll do when the forced windows 10 upgrade comes around :'(

  630. Andrew Nenakhov has joined

  631. ralphm

    Upgrade the virtualbox?

  632. moparisthebest

    upgrade the windows 7 running in the virtualbox

  633. ralphm

    Or backup/clean your drive, have them install it, then convert the disk to a virtual one?

  634. moparisthebest

    I tried all ways of doing that before and none would work, always windows BSOD after conversion

  635. moparisthebest

    it might be different now though, that was windows 7 and also years ago

  636. Ge0rG

    Cool, Firefox now implemented HTTP upload! https://blog.mozilla.org/blog/2019/03/12/introducing-firefox-send-providing-free-file-transfers-while-keeping-your-personal-information-private/

  637. ralphm

    Make sure you keep hold of your license key

  638. ralphm

    Ge0rG: nice

  639. 404.city has left

  640. Andrew Nenakhov has left

  641. Lance has joined

  642. Andrew Nenakhov has joined

  643. Maranda has joined

  644. Lance has left

  645. alacer has joined

  646. Andrew Nenakhov has left

  647. 404.city has joined

  648. Lance has joined

  649. zinid

    Ge0rG, at what servers get those files uploaded?

  650. intosi has left

  651. intosi has joined

  652. Ge0rG

    the Firefox cloud servers!

  653. moparisthebest

    firefox has DoH implemented too I think

  654. moparisthebest

    just not on by default, yet

  655. nyco has left

  656. Holger has left

  657. zinid

    Ge0rG, wow such private, much security

  658. Holger has joined

  659. nyco has joined

  660. Andrew Nenakhov has joined

  661. mimi89999 has left

  662. zinid

    Why does Firefox Send require JavaScript? Firefox Send uses JavaScript to: Encrypt and decrypt files locally on the client instead of the server. Render the user interface. Manage translations on the website into various different languages. Collect data to help us improve Send in accordance with our Terms & Privacy. <------- PRIVACY

  663. mimi89999 has joined

  664. moparisthebest

    I was going to say firefox *probably* encrypts locally, that's how their sync stuff works, it's pretty good

  665. moparisthebest

    unlike google who's entire business model is scraping all your info

  666. zinid

    so far google's business model works better 😀

  667. karoshi has left

  668. karoshi has joined

  669. moparisthebest

    for google, not for users :)

  670. zinid

    right, that's _google's_ business model, not yours 😀

  671. Andrew Nenakhov has left

  672. zinid

    but collecting data?

  673. zinid

    "we collect your DNA to improve our DNA analyzer"

  674. jonas’

    send us your nudes to help us protect them! #facebook

  675. bowlofeggs

    i hate the "are you a human" google things because you are helping them train their AI bots for free

  676. bowlofeggs

    they should pay me for doing that

  677. jonas’

    they "pay" you by allowing you to access content \o/ (sarcasm)

  678. bowlofeggs

    well these things are often used by non-google sites

  679. bowlofeggs

    but yeah i catch your drift ☺

  680. bowlofeggs

    there was a planet money where they talked about the inequity between what google makes per user and what they give that user for that data

  681. bowlofeggs

    iirc, google makes something around $1200 per year per user

  682. bowlofeggs

    and in exchange, that user gets… e-mail

  683. Andrew Nenakhov has joined

  684. bowlofeggs

    anyways, they interviewed some economist who thinks that someone will eventualyl start to pay users to use the services, in actual cash

  685. bowlofeggs

    to compete

  686. bowlofeggs

    the only problem is it that it would require enormous capital to compete with google, and you'd be competing by undercutting them, which requires even more enormous capital

  687. bowlofeggs

    well, "only" problem

  688. bowlofeggs

    there's also the network effect too of course

  689. zinid


  690. Andrew Nenakhov has left

  691. ralphm

    Imagine they'd be good at doing social.

  692. Zash

    Google? Haven't they repeatedly failed at "social" things?

  693. mimi89999 has left

  694. zinid

    bowlofeggs, paying money to users is a huge taxing problem, especially when users come from many different countries, not sure how the tax will be administered in any particular country

  695. bowlofeggs


  696. bowlofeggs

    so yeah, lots of problems ☺

  697. bowlofeggs

    but the larger point was that users are not getting a good deal

  698. moparisthebest

    they have plenty of users using them for free...

  699. moparisthebest

    I don't honestly know the solution there, it's easy enough for me to run xmpp+email etc for family, but if I get hit by a bus they'll all move back to gmail for sure :'(

  700. moparisthebest

    at least until my kids get older and I train them >:)

  701. bowlofeggs

    well you could pay a company to host you, that has acceptable ToS

  702. bowlofeggs

    the key is that the company should make money from being paid for the service, instead of making money by selling data

  703. bowlofeggs

    obvs, you have to trust them too

  704. bowlofeggs

    but even if you self host, you have to trust the vendors for the software and hardware you use to do that

  705. bowlofeggs

    so you can't escape trust, it's just a matter of where you want to draw the line

  706. ralphm

    Zash: my point?

  707. bowlofeggs

    i personally self host, but it's more because i find it kind of satisfying

  708. moparisthebest

    also legally at least in the USA if your data is on a 3rd party server, the govt can access it any time without a warrant or notice, for any reason

  709. bowlofeggs

    it's sort of the proof of how cool open source software is ☺

  710. bowlofeggs

    moparisthebest, indeed

  711. moparisthebest


  712. moparisthebest

    so just from a principle point of view, you have to self-host on a server in your house :'(

  713. mimi89999 has joined

  714. Andrew Nenakhov has joined

  715. pep. has left

  716. pep. has joined

  717. Andrew Nenakhov has left

  718. tux has left

  719. Andrew Nenakhov has joined

  720. waqas has joined

  721. karoshi has left

  722. karoshi has joined

  723. Alex has joined

  724. Alex has left

  725. waqas has left

  726. lovetox has joined

  727. goffi has left

  728. goffi has joined

  729. Andrew Nenakhov has left

  730. 404.city has left

  731. Lance has left

  732. 404.city has joined

  733. tux has joined

  734. waqas has joined

  735. Andrew Nenakhov has joined

  736. rainslide has joined

  737. valo has joined

  738. Andrew Nenakhov has left

  739. rainslide has left

  740. Andrew Nenakhov has joined

  741. 404.city has left

  742. Alex has joined

  743. Andrew Nenakhov has left

  744. Alex has left

  745. Andrew Nenakhov has joined

  746. wurstsalat has joined

  747. andrey.g has left

  748. andrey.g has joined

  749. Andrew Nenakhov has left

  750. Andrew Nenakhov has joined

  751. vaulor has left

  752. vaulor has joined

  753. andrey.g has left

  754. Andrew Nenakhov has left

  755. Andrew Nenakhov has joined

  756. Andrew Nenakhov has left

  757. Andrew Nenakhov has joined

  758. Andrew Nenakhov has left

  759. Andrew Nenakhov has joined

  760. Alex has joined

  761. Andrew Nenakhov has left

  762. Andrew Nenakhov has joined

  763. Alex

    hey guys, anyone ready for our member meeting?

  764. Zash


  765. Guus


  766. moparisthebest

    been waiting for it all day

  767. Alex


  768. Alex


  769. Alex bangs the gavel

  770. Alex

    here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2019-03-12

  771. Alex

    1) Call for Quorum

  772. Alex

    as you can see 31 members voted via memberbot. So we have a quorum

  773. Alex

    2) Items Subject to a Vote

  774. Alex

    new and returning members. You can see all applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q1_2019

  775. Alex

    3) Opportunity for XSF Members to Vote in the Meeting

  776. Alex

    anyone here who has not voted yet and wants to vote here in the meeting?

  777. Alex

    looks like nobody want to vote in the meeting

  778. Alex

    then I can start counting and work on the result

  779. Guus 🥁

  780. kokonoe has left

  781. Alex

    4) Announcement of Voting Results

  782. Alex

    When you reload the page you can see the results: https://wiki.xmpp.org/web/Meeting-Minutes-2019-03-12#Announcement_of_Voting_Results

  783. Alex

    All applicants were accepted

  784. Alex

    All Reappliers except of Bartlomiej Gorny were accepted

  785. Kev has left

  786. Steve Kille has left

  787. Ge0rG


  788. Alex

    5) Any Other Business?

  789. Neustradamus


  790. Alex

    and congrats to everyone ;-)

  791. Ge0rG

    Congrats to everyone but the person who didn't fill out the application

  792. Alex

    6) Formal Adjournment

  793. Alex

    I motion that we adjourn

  794. Zash


  795. Guus


  796. Alex bangs the gavel

  797. Guus

    Thank you once again, Alex

  798. Alex

    I am travelling right now. Willl send out the minute sand create the application page for the next quarter asap

  799. rtq3 has joined

  800. Guus

    Alex: thanks, safe travels!

  801. Zash

    Thanks, Alex.

  802. kokonoe has joined

  803. benpa has left

  804. Half-Shot has left

  805. Matthew has left

  806. uhoreg has left

  807. Matthew has joined

  808. benpa has joined

  809. uhoreg has joined

  810. Half-Shot has joined

  811. j.r has left

  812. j.r has joined

  813. architekt has joined

  814. rtq3 has left

  815. Alex has left

  816. rtq3 has joined

  817. architekt has left

  818. Syndace

    Weee thanks :D Happy to be an official member now!

  819. Guus

    Welcome to the dark side

  820. wurstsalat has left

  821. Zash

    Welcome to the sharp side, here's your angles: <<<<<

  822. Ge0rG

    Zash: we also need the closing ones!

  823. Zash

    Just turn them around! :)

  824. Kev has joined

  825. wurstsalat has joined

  826. andrey.g has joined

  827. Neustradamus

    Syndace: Welcome :)

  828. Kev has left

  829. Kev has joined

  830. andrey.g has left

  831. Kev has left

  832. andrey.g has joined

  833. zinid

    > All applicants were accepted 🤣🤣🤣

  834. Alex has joined

  835. wurstsalat has left

  836. rtq3 has left

  837. rtq3 has joined

  838. Alex has left

  839. goffi has left

  840. intosi has left

  841. larma has left

  842. Yagiza has left

  843. larma has joined

  844. igoose has left

  845. igoose has joined

  846. Nekit has left

  847. oli has joined

  848. lorddavidiii has left

  849. efrit has joined

  850. lorddavidiii has joined

  851. efrit has left

  852. efrit has joined

  853. j.r has left

  854. j.r has joined

  855. oli has left

  856. oli has joined

  857. j.r has left

  858. j.r has joined

  859. rtq3 has left

  860. efrit has left

  861. efrit has joined

  862. ThibG has left

  863. ThibG has joined

  864. andrey.g has left

  865. lorddavidiii has left

  866. lorddavidiii has joined

  867. wurstsalat has joined

  868. lnj has left

  869. Neustradamus has left

  870. Neustradamus has joined

  871. ralphm

    Interesting blog post + comments (hi Zash)

  872. ralphm


  873. oli has left

  874. Alex has joined

  875. lorddavidiii has left

  876. efrit has left

  877. wurstsalat has left

  878. karoshi has left

  879. karoshi has joined

  880. ralphm

    Surprisingly positive about (and reminiscent of) XMPP.

  881. vanitasvitae has left

  882. lorddavidiii has joined

  883. vanitasvitae has joined

  884. Ge0rG

    Represented by pidgin.

  885. matlag has left

  886. matlag has joined

  887. waqas has left

  888. waqas has joined

  889. waqas has left

  890. waqas has joined

  891. waqas has left

  892. waqas has joined

  893. lorddavidiii has left

  894. waqas has left

  895. ta has left

  896. ta has joined

  897. ThibG has left

  898. ThibG has joined

  899. rtq3 has joined

  900. Alex has left

  901. edhelas has left

  902. edhelas has joined

  903. karoshi has left

  904. karoshi has joined

  905. Zash

    Kev, my server tells me your cert expired

  906. andrey.g has joined

  907. lovetox has left

  908. lovetox has joined

  909. lovetox has left

  910. mathieui has joined

  911. debacle has left