Holger boosted

Online presentation: Diving deep into Briar: a closer look at its internals

If everything works well, the talk will be streamed over media.ccc.de.

@radasbona @kuketzblog Wenn ich's recht sehe basiert's auf Reverse-Engineering der WhatsApp-Web-API. Sprich, es funktioniert nur, während WhatsApp auf Deinem Handy verbunden ist. Und geht kaputt, wenn WhatsApp was ändert.

@thomas @kubikpixel Trotz Hannos Untertitel geht's ja um Implementierungsfehler, nicht um Sicherheitsrisiken des STARTTLS-Verfahrens als solchem. Offensichtlich liegen diese Fehler nahe, wenn man SMTP/IMAP implementiert. Daraus kann man aus meiner Sicht nicht notwendigerweise schließen, dass sie auch im XMPP-Kontext naheliegen. Aus meiner Sicht spricht einiges dagegen, aber es wäre sicher gut, das zu prüfen.

Unabhängig davon ist XEP-0368 selbstredend schicker, mind. um Roundtrips zu sparen.

gnu software opinion 

@polymerwitch In practice, copyleft is a popular choice for commercial entities who go for the “open core” model. Copyleft allows for publishing a full-featured proprietary variant of the open core while ensuring the competition cannot do the same thing.

Holger boosted

@0@mamot.fr That's because that “sceneoftheaccident” is a single thing, not a “scene” and an “of” and a “the” and an “accident”! 😄

Holger boosted

Using #xmpp is simple, secure and easy. Just create an xmpp account, install an xmpp client, login and start chatting.

Holger boosted

Join us tomorrow (Tuesday, 13th April) at 16:00 UTC for a round table discussion about the features, changes, additions deletions, and policies we'd like to see in a hypothetical future "XMPP 2.0". More info at wiki.xmpp.org/web/XMPP_Office_ #XMPP

@benni Frage ist halt welche ökonomischen Folgen es hat wenn man nicht springt. Das muss die Politik gegen Deine Gravitationsperspektive abwägen.

Holger boosted

Join us tomorrow at XMPP Office Hours 📢 for a talk by Conversations developer Daniel Gultsch on verifying A/V calls with OMEMO at 17:00 UTC (19th of March '21)

Join here: socialcoop.meet.coop/sam-pku-d

You also would like to give a talk? More info at:

#federated #decentralization #standards #jabber #conversations #omemo

Our next virtual meetup will take place on Wednesday, 18:00 CET. We'll give a short introduction to for XMPP (), followed by a discussion with one of the XEP authors and various implementors:


The video conference URL will be announced in our public channel:


Holger boosted

@ColinTheMathmo @c47 As for XMPP, one option for muggles would be Quicksy. Android users go to the Play Store, install it, go through SMS verification like with WhatsApp, and that's it.

@nvi @holger What I don't agree with is that key verification UX would be relevant to end users. You seem to be interested in this topic and may well be right that verification is nice(r) in Element, I'm just saying that this is a geek topic.

@nvi Why do I feel like you're starting an entirely new topic with every message in this thread? 🙂 If it's not about auto-deployment of servers nor about client UX in general nor about key verification, but specifically about iOS clients being not quite usable yet, then I agree.

@nvi I guess the most relevant clients besides Conversations are currently Siskin, Monal, Converse.js, and Dino. I don't remember any of those bothering me with details about encryption, keys, or verification. They all do blind trust by default, just like WhatsApp, Signal & friends. You might view this as good or bad, but I think anything else is just asking way too much of end users.

@nvi Not sure how that's related to the protocol, maybe it's about avoiding verifications of additional devices? There's attempts to avoid those for OMEMO as well, but normal end users just avoid key verification altogether and go for blind trust.

@nvi As far as I can see, their client-side UX is good for team chat (à la Slack) but much less so for private chat (à la WhatsApp).

Holger boosted

OK, time for me to make an apology.

I hadn't used XMPP for quite a while. While I liked it last time I used it there were issues keeping connections and the clients were less than stellar.

While the desktop clients for Linux are still a little shaky I can recommend Quicksy (thank you @moparisthebest for the recommendation).

I've been crabby when people recommend XMPP because I didn't realize that folks have taken XMPP from an early 21st century protocol to a joy to use.

Show older
\m/ Metalhead.club \m/

Metalhead.club is a Mastodon instance hosted in Germany and powered by 100% green energy.