XSF Discussion - 2020-02-18


  1. moparisthebest has joined

  2. Shell has left

  3. greenhive-jp has joined

  4. debacle has left

  5. greenhive-jp has left

  6. karoshi has left

  7. Ellenor Malik has left

  8. ellenor has left

  9. ellenor has joined

  10. Ellenor Malik has joined

  11. Ellenor Malik

    XMPP over XMPP

  12. pdurbin has joined

  13. greenhive-jp has joined

  14. greenhive-jp has left

  15. SubPub has joined

  16. krauq has left

  17. arc has joined

  18. mtavares has left

  19. mtavares has joined

  20. pdurbin has left

  21. SubPub has left

  22. moparisthebest has left

  23. krauq has joined

  24. pdurbin has joined

  25. arc has left

  26. arc has joined

  27. pdurbin has left

  28. arc has left

  29. arc has joined

  30. mukt2 has joined

  31. lskdjf has left

  32. zukzuk has joined

  33. mukt2 has left

  34. Yagiza has joined

  35. mukt2 has joined

  36. waqas has joined

  37. pdurbin has joined

  38. SubPub has joined

  39. arc has left

  40. arc has joined

  41. Nekit has joined

  42. zukzuk has left

  43. adiaholic has left

  44. adiaholic has joined

  45. mukt2 has left

  46. arc has left

  47. mtavares has left

  48. mtavares has joined

  49. andy has joined

  50. andy has left

  51. andy has joined

  52. lorddavidiii has joined

  53. Stefan has joined

  54. Stefan has left

  55. debxwoody has joined

  56. mimi89999 has left

  57. mimi89999 has joined

  58. Tobias has joined

  59. SubPub has left

  60. paul has joined

  61. Nekit has left

  62. Nekit has joined

  63. emus has joined

  64. mukt2 has joined

  65. SubPub has joined

  66. andy has left

  67. mukt2 has left

  68. vanitasvitae has left

  69. vanitasvitae has joined

  70. wurstsalat has joined

  71. j.r has left

  72. emus has left

  73. emus has joined

  74. Max has left

  75. Max has joined

  76. andy has joined

  77. mukt2 has joined

  78. karoshi has joined

  79. jonas’

    Ge0rG, in-band

  80. jonas’

    Ge0rG, out-of-band

  81. Ge0rG

    jonas’: you still have three weeks to reapply!

  82. Daniel

    jonas’: if you come to the meetup on Thursday I can remind you oob

  83. Marc has left

  84. andrey.g has left

  85. mukt2 has left

  86. Marc has joined

  87. emus has left

  88. emus has joined

  89. j.r has joined

  90. j.r has left

  91. j.r has joined

  92. j.r has left

  93. mathijs has left

  94. mathijs has joined

  95. j.r has joined

  96. Steve Kille has left

  97. j.r has left

  98. j.r has joined

  99. j.r has left

  100. j.r has joined

  101. LNJ has joined

  102. mukt2 has joined

  103. Steve Kille has joined

  104. mukt2 has left

  105. jonas’

    Ge0rG, no? reapplications close on Feb 23rd

  106. jonas’

    Daniel, that’d mean leaving the house

  107. jonas’

    I suppose

  108. andrey.g has joined

  109. mathijs has left

  110. mathijs has joined

  111. krauq has left

  112. debacle has joined

  113. lorddavidiii has left

  114. mukt2 has joined

  115. lorddavidiii has joined

  116. Ge0rG

    jonas’: I'm sorry, you are right

  117. jonas’

    nice try to get me kicked out of council! ;)

  118. MattJ

    Heh

  119. Ge0rG

    jonas’: not just you! :P

  120. serge90 has left

  121. serge90 has joined

  122. debxwoody has left

  123. mukt2 has left

  124. waqas has left

  125. LNJ has left

  126. LNJ has joined

  127. goffi has joined

  128. Marc has left

  129. Marc has joined

  130. krauq has joined

  131. mukt2 has joined

  132. DebXWoody has left

  133. DebXWoody has joined

  134. krauq has left

  135. nyco has joined

  136. Dele Olajide has joined

  137. debacle has left

  138. lorddavidiii has left

  139. lorddavidiii has joined

  140. Alex has joined

  141. pep.

    https://github.com/xsf/xmpp.org/pull/679 Anybody with superpowers to review plz? :)

  142. Ge0rG

    > The next Summit will happen next year. 😁

  143. emus

    Have you hear that the BND is financing open source projects with 5000€ similar to GSoC?

  144. Ge0rG

    Yes.

  145. dwd

    That's the German Foreign Intel agency?

  146. vanitasvitae

    emus: yeah

  147. Ge0rG

    dwd: yes

  148. pep.

    Ge0rG, I'm very hopeful!

  149. dwd

    I suppose it's possible that XMPP projects would be favoured there.

  150. mukt2 has left

  151. Ge0rG

    dwd: the ones that were "recently" uncovered to have backdoored Crypto AG

  152. mukt2 has joined

  153. Ge0rG

    (the involvement was known since 1997, but apparently it's big news in 2020)

  154. dwd

    Ge0rG, Hah. That's such an old story, and moreover a repeated pattern that's been occurring since after WW2.

  155. Ge0rG

    dwd: indeed

  156. edhelas

    > BND financing open source projects > OMEMO:2 incoming > 🤔

  157. dwd

    Ge0rG, First case I'm aware of is the UK selling Enigma systems post-war. However, I have a suspicion that there's a similar case after the Napoleonic wars.

  158. pep.

    edhelas, conspiracy!

  159. dwd

    edhelas, I'm not sure that wold be relevant. It's unclear to me if that would fit the threat model.

  160. pep.

    Daniel is an undercover agent

  161. dwd

    edhelas, I'm not sure that would be relevant. It's unclear to me if that would fit the threat model.

  162. pep.

    oops

  163. krauq has joined

  164. dwd

    edhelas, In particular, BND presumably do trust their server, and probably more than the mobile devices used in the field.

  165. vanitasvitae

    edhelas: shhhh

  166. pep.

    Curious to know if there's anything you can do to prevent messages leaking once a terminal is compromised :x (as long as it's not known to be)

  167. dwd

    pep., It's more that if you think a device might be compromised, with OMEMO/Signal/etc the device has a cleartext archive, whereas without it won't and you can cut access to the server-side archive.

  168. mathijs has left

  169. pep.

    without what e2ee it won't have a cleartext archive?

  170. pep.

    I'm not sure I understand

  171. pep.

    You mean the client won't explicitely store locally?

  172. lskdjf has joined

  173. dwd

    pep., For example, with WhatsApp, the device stores a database of all the message history.

  174. dwd

    pep., Whereas with Pando (for example) we explicitly don't, and instead pull that from the server.

  175. pep.

    That doesn't mean it doesn't see the cleartext messages

  176. dwd

    pep., Sure. But there's a matter of the effect of a compromise post-discovery.

  177. mathijs has joined

  178. pep.

    (you kinda have to, I don't have bionic e2ee-capable eyes)

  179. dwd

    pep., The question isn't who and what device can see the messages. The question is where the archive is kept at rest.

  180. pep.

    Well this assumes you have any doubts

  181. dwd

    pep., Well, only in as much as if someone compromises a device without your knowing all bets are off no matter what you do.

  182. pep.

    what I said above :)

  183. dwd

    pep., So not much point in considering that case. Instead, consider the cases where endpoint compromise is known.

  184. dwd

    pep., And decide which you think is the greater risk - for some, that'll be the server being compromised, for others, the client. Which you feel is the bigger risk means you might want OMEMO-style encryption or not.

  185. pep.

    Sure there's a point in considering it as well. It's certainly a lot easier to get a hold of a user terminal when that user is targetted. When the user is not targetted directly and people are just interested in data, it's probably faster to try and compromise the server and I bet there's lots of servers not that good security-wise

  186. dwd

    pep., Right, but for a foreign intel agency, I would suspect the risk of a compromised client is probably higher.

  187. dwd

    pep., Same for us, actually. I believe the risk of a community nurse leaving their phone in a patient's house is higher than someone breaking into our servers.

  188. dwd

    pep., But that won't be the same for everyone, of course.

  189. pep.

    Who knows.. One would hope they employ capable people and they give us the freedom to act

  190. pep.

    Who knows.. One would hope they employ capable people and they give them the freedom to act

  191. nyco-2 has joined

  192. adiaholic has left

  193. larma has joined

  194. adiaholic has joined

  195. Zash

    Myeah, forgetting my phone somewhere does seem more likely than someone breaking into my server room and/or server.

  196. dwd

    Zash, But if you ran your server for thousands on people, the risk profile might change.

  197. dwd

    Zash, But if you ran your server for thousands of people, the risk profile might change.

  198. dwd

    Zash, For you, if not for your users.

  199. Zash

    I don't, so my users == { me }

  200. lorddavidiii has left

  201. dwd

    My best understanding of why WhatsApp have encryption is to protect themselves from subpoena activity, not for security for their users as such.

  202. Zash

    Makes sense.

  203. lorddavidiii has joined

  204. lorddavidiii has left

  205. eevvoor has joined

  206. lorddavidiii has joined

  207. adiaholic has left

  208. adiaholic has joined

  209. lorddavidiii has left

  210. lorddavidiii has joined

  211. lorddavidiii has left

  212. eevvoor has left

  213. lorddavidiii has joined

  214. emus

    vanitasvitae, Ge0rG: I mean lets take away their money - modern problems need modern solutions :)

  215. mukt2 has left

  216. mukt2 has joined

  217. Ge0rG

    dwd: it has helped very much, hasn't it? https://www.reuters.com/article/us-facebook-brazil/facebook-executive-jailed-in-brazil-as-court-seeks-whatsapp-data-idUSKCN0W34WF

  218. pep.

    Open reuters > Get visually agressed by cookies' consent bs > Manage consent > JS error..

  219. Ge0rG has the "I don't care about cookies" extension and didn't notice anything

  220. pep.

    I have a similar extension but I still get their annoying popup

  221. Dele Olajide has left

  222. nyco-2 has left

  223. nyco-2 has joined

  224. Dele Olajide has joined

  225. lorddavidiii has left

  226. lorddavidiii has joined

  227. lorddavidiii has left

  228. lorddavidiii has joined

  229. mukt2 has left

  230. Alex has left

  231. Douglas Terabyte has left

  232. paul has left

  233. eevvoor has joined

  234. mukt2 has joined

  235. pdurbin has left

  236. rion has left

  237. rion has joined

  238. mukt2 has left

  239. mukt2 has joined

  240. moparisthebest has joined

  241. Douglas Terabyte has joined

  242. eevvoor has left

  243. mukt2 has left

  244. mukt2 has joined

  245. Alex has joined

  246. mukt2 has left

  247. Neustradamus

    I have a little request, can you open: https://nl.movim.eu/?feed/pubsub.movim.eu/Movim When you click on the publication titles, have you the publication or other?

  248. eevvoor has joined

  249. MattJ

    I get prompted to download the atom feed

  250. pep.

    Firefox?

  251. MattJ

    Yes

  252. pep.

    I'm not sure browsers parse this correctly anymore.. curl tells me "content-type: application/atom+xml; charset=UTF-8" so that's correct right?

  253. Neustradamus

    Thanks guys, you have confirmed the problem to edhelas, I am not alone ;)

  254. pep.

    Neustradamus, I'd say your client is the issue. Use a proper feed reader

  255. edhelas

    the problem is that the feed reader is not taking the alternate + text/html

  256. edhelas

    but only the first alternate, that is kinda an issue; so i'll fix that one

  257. Neustradamus

    The problem is linked to (for example): </content> <link rel="enclosure" type="image/png" href="https://upload.movim.eu/files/9d94237298995552fa13436420195fbca436dce7/jDBsJ9BW7g66gCZ3G3ARICSq5T3dsAg9j75CnNOr/image.png"/> <link rel="alternate" href="https://upload.movim.eu/files/9d94237298995552fa13436420195fbca436dce7/jDBsJ9BW7g66gCZ3G3ARICSq5T3dsAg9j75CnNOr/image.png"/> <link rel="alternate" type="text/html" href="https://nl.movim.eu/?node/pubsub.movim.eu/Movim/87633da7-3963-4923-aabc-54ac5f6ad1d8"/> </entry>

  258. pep.

    edhelas, if that's a problem to you then then I think it's before that.

  259. pep.

    HTTP Headers

  260. edhelas

    Neustradamus I actually told you 2min ago that I will fix the issue, why bothering the people here about that ?

  261. Neustradamus

    edhelas: I sent here before you understand the problem

  262. edhelas

    also, Atom implementation in Movim is definitly not a topic related to this chatroom

  263. mukt2 has joined

  264. Neustradamus

    edhelas: I can not join the main mucroom ;)

  265. pep.

    yes you've been banned, for reasons one can understand

  266. paul has joined

  267. Neustradamus

    I know that some people do not like when we inform about problems, we can see a new time today. If no people inform, no solution ;)

  268. MattJ

    Sometimes it's not about the information, but about the delivery

  269. eevvoor has left

  270. mukt2 has left

  271. mathijs has left

  272. mathijs has joined

  273. mathijs has left

  274. mathijs has joined

  275. Dele Olajide has left

  276. Dele Olajide has joined

  277. nyco-2 has left

  278. nyco-2 has joined

  279. mukt2 has joined

  280. pdurbin has joined

  281. nyco-2 has left

  282. nyco-2 has joined

  283. Alex

    Reminder that the current application period ends by the end of this week. In case you want to appy, recruit someone to apply, or need to reapply: https://wiki.xmpp.org/web/Membership_Applications_Q1_2020 Thanks

  284. Daniel

    jonas’: ^

  285. mukt2 has left

  286. mukt2 has joined

  287. mukt2 has left

  288. mukt2 has joined

  289. mukt2 has left

  290. mukt2 has joined

  291. LNJ has left

  292. LNJ has joined

  293. pdurbin has left

  294. mukt2 has left

  295. Guus

    Daniel is yours a haiku? 🙂

  296. Wojtek has joined

  297. Zash has left

  298. jonas’

    application done, thanks

  299. Zash has joined

  300. dwd

    jonas’, Any chance we can last call XEP-0345 again? I have no idea what happened to it last time. Board, BTW, not Council.

  301. serge90 has left

  302. pep.

    It's be voted in by board

  303. pep.

    Last board

  304. dwd

    pep., Has it? Showing as Proposed, currently.

  305. pep.

    I was the only one to answer the LC and board didn't take that into account anyway

  306. jonas’

    I must’ve missed that one, can you dig up records?

  307. dwd

    pep., And LC ending over two years ago.

  308. pep.

    hmm when was that again..

  309. moparisthebest

    again, many people aren't getting all mailing list posting because xsf's mailmain still breaks DKIM and SPF and therefore DMARC

  310. moparisthebest

    I get maybe half of the emails sent to the list, it depends on the email settings of the sender

  311. moparisthebest

    (please fix mailmain)

  312. jonas’

    I love how those "anti spam" technologies break valid usecases while not preventing spam.

  313. jonas’

    but yeah, we should probably get that fixed

  314. serge90 has joined

  315. moparisthebest

    why do I keep typing mailmain instead of mailman...

  316. Zash

    Those aren't anti-spam

  317. jonas’

    AFAIK it involves: - Turn off the footer - Turn off the subject prefix - Enable the masquerading of From for DMARC-protected domains

  318. moparisthebest

    so dmarc allows a pass if *either* SPF or DKIM passes, you can't not break SPF, so if you simply stop breaking DKIM that should fix everything

  319. nyco-2 has left

  320. moparisthebest

    which yes, turn off footer and subject prefix

  321. jonas’

    it will fix everything related to DMARC, but break the UX

  322. moparisthebest

    make sure the List-Unsubscribe header is set, and you'll be golden

  323. jonas’

    can we get a mailman admin, please?

  324. pep.

    What are the cons again of validating dkim at the mailing list level and having the mailing list then do dkim itself? Not being able to validate end-to-end?

  325. jonas’

    cc @ MattJ

  326. jonas’

    pep., the cons are that it doesn’t help

  327. pep.

    how so

  328. jonas’

    (also, operational cost)

  329. jonas’

    pep., you still break the DKIM signature of the original sender

  330. Zash

    Just masquerade the Sender and be done with it

  331. pep.

    You remove it even. The list signs itself

  332. moparisthebest

    you can do that too ^

  333. moparisthebest

    I mean, instead

  334. jonas’

    pep., and then the receiver looks up the DMARC record and sees that there should be a signature for that sender

  335. pep.

    jonas’, the sender being the list?

  336. jonas’

    depends

  337. jonas’

    I always get confused with Sender vs. MAIL-FROM vs. From:

  338. jonas’

    and also Return-Path

  339. mukt2 has joined

  340. Zash

    From is purely metadata, you can put whatever you want there

  341. pep.

    Well Return-Path is the list here, and I'd put both enveloppe and the other as the list anyway and sign with the list.

  342. Zash

    != routing data

  343. jonas’

    pep., requires setting up and maintaining a DKIM thing though

  344. pep.

    If I want to validate who sent what I'd use normal gpg signing

  345. jonas’

    pep., yeah, tell that please to the DKIM idiots

  346. pep.

    not what I'm saying

  347. Zash

    pep.: Footers can break gpg tho

  348. jonas’

    Zash, they’re attached as separate text/plain part

  349. Zash

    Right. Not on every list tho.

  350. pep.

    I always assume DKIM allows us to validate point-to-point. I'd expect the list to do the validation always, not a host at the other end of the chain

  351. Zash

    *mumble* Google Groups

  352. pep.

    assumed*

  353. moparisthebest

    I get people have opinions re: DKIM/SPF/DMARC but that's not really relevant, they are a thing most email providers implement, and if we want most people to be able to recieve mail to the list, it has to be fixed

  354. jonas’

    moparisthebest, yeah, help me get hands on a mailman admin

  355. pep.

    moparisthebest, yeah I'm proposing a practical solution :p

  356. jonas’

    pep., setting up and maintaining OpenDKIM is *not* practical

  357. jonas’

    (on the XSF resource budget either way)

  358. pep.

    semantics

  359. pep.

    Meaning I'm not just talking about protocols because I like to talk about protocols

  360. moparisthebest

    (I run rspamd which does DKIM+SPF+DMARC+spam stuff automatically, and is easier to set up than opendkim+spf+spamassassin+amavisd+everything else)

  361. jonas’

    I love especially how rspamd depends on redis, but doesn’t support redis clusters.

  362. moparisthebest

    but beside the point, there are basically 2 ways it can be fixed: 1. stop breaking DKIM signatures (don't add footer or mangle subject) 2. send from xmpp domain instead

  363. moparisthebest

    the XSF mail server *should* already be validating dmarc/dkim/spf or it can be used to forward unauthorized mail/spam

  364. moparisthebest

    does anything actually stop me from sending mail as a board member to a board-only mailing list?

  365. jonas’

    moparisthebest, this is a question I’ve been asking myself for quite some time and which I wanted to pen-test after having asked board, but I never got around to actually do that.

  366. moparisthebest

    what's the official way to get that on the board's agenda as a question?

  367. jonas’

    send a message to board@

  368. jonas’

    someone will hopefully fish it out of the moderation queue

  369. pep.

    moparisthebest, "as a board member"?

  370. jonas’

    aside from that I may still have +w on the board trello, or you can ask pep. who’s on board, too.

  371. pep.

    I don't think you can send stuff to board@ if you're not subscribed can you?

  372. moparisthebest

    pep., like, impersonating your email for instance

  373. jonas’

    pep., but the subscription only checks From

  374. jonas’

    (or maybe Sender)

  375. pep.

    ah I see

  376. pep.

    We're not using board@ anyway, and I don't like it

  377. moparisthebest

    and if it doesn't do dkim/dmarc/spf or something, then I can happily send "official board emails" from ralphm or pep. or whoever

  378. pep.

    So you can send what you want. Plus I always sign my emails :P

  379. jonas’

    email from is not to be trusted. news at 11.

  380. mathijs has left

  381. mathijs has joined

  382. pep.

    yeah

  383. moparisthebest

    right, and all those are terrible hacks to add authentication to it :/

  384. pep.

    yes

  385. moparisthebest

    it's getting better, but hacking that on after the fact is rough

  386. moparisthebest

    also ARC incoming...

  387. moparisthebest

    http://arc-spec.org/ ^

  388. pep.

    dwd, MR 20190307T15:16:48Z 000 <ralphm>  motion carries. Let the Editors go through to the mechanics to move XEP-0345 to Active.

  389. mukt2 has left

  390. MattJ

    http://logs.xmpp.org/xsf/2019-03-07#2019-03-07-e58b19e060a046e8

  391. pep.

    I was looking for that

  392. jonas’

    ah, that’s clearly my fault

  393. jonas’

    fixing that now

  394. pep.

    It's indeed not been processed by editors, but I wouldn't go as far as saying it's your fault. There are many other editors :x

  395. jonas’

    were there back then though?

  396. pep.

    No, but there are others

  397. jonas’

    reminds me to ask board to clean up editor membership

  398. pep.

    yeah

  399. mukt2 has joined

  400. jonas’

    I abused my privileges to create https://trello.com/c/8Q5XQWks/388-clean-up-editor-team-memberships

  401. pep.

    how dare you

  402. pep.

    Thanks, looks good

  403. adiaholic has left

  404. adiaholic has joined

  405. eevvoor has joined

  406. dwd

    I always sign my emails too - I put "Dave." at the bottom.

  407. Alex has left

  408. SubPub has left

  409. pep.

    Indeed. Just like signatures we use on legally binding documents, it's been proven it works very well

  410. Alex has joined

  411. pep.

    (I had a hard time making it less sarcastic)

  412. lovetox has joined

  413. wojtek has joined

  414. jonas’

    Subject: [Standards] ACTIVE: XEP-0345 (Form of Membership Applications)

  415. wojtek has left

  416. jonas’

    there we go

  417. pep.

    Thanks :)

  418. jonas’

    ah, I need to re-last-call '402

  419. mukt2 has left

  420. serge90 has left

  421. serge90 has joined

  422. calvin has joined

  423. lovetox

    dwd, the example in 402 for publish options is not the best

  424. lovetox

    you use max_items = 10000

  425. lovetox

    if you are a new client and there are existing bookmarks, this results 99% in a failed publish

  426. dwd

    lovetox, PRs welcome. I didn't actually write that one, I think Link Mauve did (he actually wrote most of that spec at this point, we should make him an author).

  427. Daniel

    Yeah I think that probably predates the max thing in pubsub

  428. lovetox

    ah k, yeah we should change that, there is a new max-items=max in pbusub

  429. lovetox

    though this probably also will fail, because no server supports that yet

  430. Daniel

    And having a 'magic' number was the best we good do before

  431. Zash

    Ugh

  432. Daniel

    Yes 'atomic bookmarks in pep' probably just depends on max being supported

  433. Daniel

    Which should be mentioned somewhere

  434. Ge0rG

    has the "max" bike shedding settled yet?

  435. dwd

    Daniel, "PEP Native Bookmarks". I bikeshedded the name a bit further.

  436. Ge0rG

    IIRC there was a revamp by server developers who objected because "max" is not a valid integer

  437. jonas’

    dwd, though I consider that name slightly confusing

  438. jonas’

    I plan to bikeshed on that one

  439. Daniel

    Yes you can name it whatever you want as long as it's called atomic bookmarks in pep

  440. dwd

    Daniel, NUCLEAR BOOKMARKS

  441. Zash

    QUANTUM BOOKMARKS

  442. Daniel

    That's a compromise I can live with

  443. Ge0rG

    http://www.quickmeme.com/img/ab/ab32ca63f3cf210c253a92780beda430d37b32bc0cc9e8a9856d1c2f72d8b56a.jpg

  444. Ge0rG

    Did we have "Schrödinger's Bookmarks" yet?

  445. dwd

    Ge0rG, Heisenberg's Bookmarks? You know how to store them or what they are, but not both?

  446. Ge0rG

    dwd: I appreciate that. +1

  447. Ge0rG

    Also what's the dance I need to perform to determine whether PEP on my server is persistent?

  448. Ge0rG

    (as in: stored to disk, not to RAM)

  449. krauq has left

  450. Daniel

    I think there is a feature

  451. mukt2 has joined

  452. Ellenor Malik

    > dwd has written: > edhelas, In particular, BND presumably do trust their server, and probably more than the mobile devices used in the field. Trusting the server does not seem like a viable threat model ever

  453. Zash

    Ge0rG, `#persistent-items` maybe?

  454. pep.

    I'd like the max_items=max thing to be settled so that we can actually use the feature :x

  455. Zash

    But muh validation code :(

  456. Ge0rG

    I wouldn't be opposed to make `-1` the new max.

  457. pep.

    I'll let you bikeshed the thing, I just need the feature

  458. Ge0rG

    because max_items=0 can obviously mean "you shall not pass", but -1 is actually something like "unlimited" in computerese

  459. Ge0rG

    But I suppose the author is already fed up with the unicode discussion

  460. dwd

    Ellenor Malik, At all? Ever? I trust my server because it's in the same room as me right now, and only I have access.

  461. Ellenor Malik

    Never ever.

  462. dwd

    Ellenor Malik, For anything?

  463. Ge0rG

    dwd: but you are not always in that room, are you?

  464. dwd

    Ge0rG, Pretty much. :-)

  465. Ge0rG

    dwd: I've heard rumors of you being in Brussels and not having your server room around you

  466. dwd

    Ge0rG, Lies.

  467. dwd

    Ge0rG, And/or a clone.

  468. Ge0rG

    maybe your server is an evil twin now.

  469. Ellenor Malik

    "Only I have access." Only true if you built the processor, hard disk, and everything yourself.

  470. Ge0rG

    or maybe the evil twin was in Brussels indeed, and told people embarassing stories about the origins of your na,e

  471. Ge0rG

    or maybe the evil twin was in Brussels indeed, and told people embarassing stories about the origins of your name

  472. jonas’

    Ellenor Malik, so you can’t trust the client either. Your argument is invalid.

  473. dwd

    Ellenor Malik, OK, but the same goes for your client device, so you're saying nobody can trust anything, and we may as well all go home.

  474. jonas’

    ^5, dwd

  475. Ellenor Malik

    > jonas’ has written: > Ellenor Malik, so you can’t trust the client either. Your argument is invalid. to be clear, the first part does not imply the second part

  476. Ellenor Malik

    it's best to trust as few links as possible

  477. dwd

    Ellenor Malik, Yes, I agree, keep the attack surface low etc. I just suggested that there were cases where the risk to the client device was higher than the risk to the server.

  478. dwd

    Ellenor Malik, Certainly not true in all cases.

  479. Ellenor Malik

    encrypt everything to the best of your ability

  480. dwd

    Ellenor Malik, Encryption doesn't solve any problems, though, it just moves problems around.

  481. Daniel

    If the BND can't trust their servers they probably have bigger issues

  482. dwd

    Daniel, Right, that.

  483. dwd

    Daniel, Well. Actually it's not that simple. But they probably trust the server more than the clients at least.

  484. Ellenor Malik

    assuming you can partially trust the endpoints, encryption makes problems smaller

  485. pep.

    Ellenor Malik, "it depends"

  486. pep.

    on the making problems smaller part

  487. Daniel

    Also something something accountability

  488. dwd

    Ellenor Malik, No, I disagree. The BND might not even trust its *users* as much as its server.

  489. mukt2 has left

  490. Maranda has left

  491. lovetox

    what is the idea behind

  492. Maranda has joined

  493. lovetox

    <conference xmlns='urn:xmpp:bookmarks:1'/> is a valid bookmark?

  494. lovetox

    why would someone publish this, and what should i do with that if i receive it

  495. dwd

    lovetox, The pubsub item id gives you the jid, remember.

  496. lovetox

    ahh

  497. lovetox

    kk thanks

  498. dwd

    lovetox, So probably quite obvious if you actually see it in the wild.

  499. edhelas has left

  500. edhelas has joined

  501. LNJ has left

  502. mukt2 has joined

  503. LNJ has joined

  504. mathijs has left

  505. mathijs has joined

  506. Dele Olajide has left

  507. Dele Olajide has joined

  508. mathijs has left

  509. mathijs has joined

  510. krauq has joined

  511. calvin has left

  512. lovetox has left

  513. LNJ has left

  514. LNJ has joined

  515. mathijs has left

  516. mathijs has joined

  517. calvin has joined

  518. mathijs has left

  519. calvin has left

  520. calvin has joined

  521. lovetox has joined

  522. Nekit has left

  523. calvin has left

  524. mukt2 has left

  525. Steve Kille has left

  526. Max has left

  527. goffi has left

  528. mukt2 has joined

  529. debacle has joined

  530. lovetox has left

  531. lovetox has joined

  532. Max has joined

  533. pdurbin has joined

  534. eevvoor has left

  535. Steve Kille has joined

  536. LNJ has left

  537. nyco-2 has joined

  538. LNJ has joined

  539. mathijs has joined

  540. Dele Olajide has left

  541. pdurbin has left

  542. Dele Olajide has joined

  543. mukt2 has left

  544. mukt2 has joined

  545. Tobias has left

  546. Tobias has joined

  547. rion has left

  548. rion has joined

  549. calvin has joined

  550. Dele Olajide has left

  551. Dele Olajide has joined

  552. Dele Olajide has left

  553. Dele Olajide has joined

  554. Dele Olajide has left

  555. Dele Olajide has joined

  556. mathijs has left

  557. larma has left

  558. mukt2 has left

  559. mukt2 has joined

  560. mathijs has joined

  561. waqas has joined

  562. Nekit has joined

  563. larma has joined

  564. Dele Olajide has left

  565. sonny has left

  566. mathijs has left

  567. lovetox has left

  568. Marc has left

  569. Marc has joined

  570. mukt2 has left

  571. mathijs has joined

  572. Yagiza has left

  573. paul has left

  574. Marc has left

  575. Marc has joined

  576. lovetox has joined

  577. lovetox has left

  578. lovetox has joined

  579. calvin has left

  580. calvin has joined

  581. wojtek has joined

  582. adiaholic has left

  583. wojtek has left

  584. Wojtek has left

  585. paul has joined

  586. Wojtek has joined

  587. calvin has left

  588. Nekit has left

  589. nyco-2 has left

  590. nyco-2 has joined

  591. nyco-2 has left

  592. sonny has joined

  593. Tobias has left

  594. karoshi has left

  595. karoshi has joined

  596. lovetox has left

  597. LNJ has left

  598. greenhive-jp has joined

  599. pdurbin has joined

  600. greenhive-jp has left

  601. pdurbin has left

  602. debacle has left

  603. Douglas Terabyte has left

  604. Wojtek has left

  605. paul has left

  606. moparisthebest

    vanitasvitae: (re: a/v) not even an Android phone or any laptop with internet and jitsi meet?

  607. vanitasvitae

    moparisthebest: we could try that, but I doubt it will be as good as Cisco's teleconferencing.

  608. moparisthebest

    WebEx is considered good???? Yikes

  609. vanitasvitae

    We'll see if we come up with something on site :)

  610. lorddavidiii has left

  611. mimi89999 has left

  612. mimi89999 has joined

  613. emus has left

  614. sonny has left