Online presentation: Diving deep into Briar: a closer look at its internals
If everything works well, the talk will be streamed over http://media.ccc.de.
@thomas @kubikpixel Trotz Hannos Untertitel geht's ja um Implementierungsfehler, nicht um Sicherheitsrisiken des STARTTLS-Verfahrens als solchem. Offensichtlich liegen diese Fehler nahe, wenn man SMTP/IMAP implementiert. Daraus kann man aus meiner Sicht nicht notwendigerweise schließen, dass sie auch im XMPP-Kontext naheliegen. Aus meiner Sicht spricht einiges dagegen, aber es wäre sicher gut, das zu prüfen.
Unabhängig davon ist XEP-0368 selbstredend schicker, mind. um Roundtrips zu sparen.
gnu software opinion
@polymerwitch In practice, copyleft is a popular choice for commercial entities who go for the “open core” model. Copyleft allows for publishing a full-featured proprietary variant of the open core while ensuring the competition cannot do the same thing.
Using #xmpp is simple, secure and easy. Just create an xmpp account, install an xmpp client, login and start chatting.
@benni Frage ist halt welche ökonomischen Folgen es hat wenn man nicht springt. Das muss die Politik gegen Deine Gravitationsperspektive abwägen.
Join us tomorrow at XMPP Office Hours 📢 for a talk by Conversations developer Daniel Gultsch on verifying A/V calls with OMEMO at 17:00 UTC (19th of March '21)
Join here: https://socialcoop.meet.coop/sam-pku-dud-niv
You also would like to give a talk? More info at:
Our next virtual #Berlin #XMPP meetup will take place on Wednesday, 18:00 CET. We'll give a short introduction to #OpenPGP for XMPP (#OX), followed by a discussion with one of the XEP authors and various implementors:
The video conference URL will be announced in our public channel:
@nvi Why do I feel like you're starting an entirely new topic with every message in this thread? 🙂 If it's not about auto-deployment of servers nor about client UX in general nor about key verification, but specifically about iOS clients being not quite usable yet, then I agree.
@nvi I guess the most relevant clients besides Conversations are currently Siskin, Monal, Converse.js, and Dino. I don't remember any of those bothering me with details about encryption, keys, or verification. They all do blind trust by default, just like WhatsApp, Signal & friends. You might view this as good or bad, but I think anything else is just asking way too much of end users.
@nvi Not sure how that's related to the protocol, maybe it's about avoiding verifications of additional devices? There's attempts to avoid those for OMEMO as well, but normal end users just avoid key verification altogether and go for blind trust.
@nvi As far as I can see, their client-side UX is good for team chat (à la Slack) but much less so for private chat (à la WhatsApp).
OK, time for me to make an apology.
I hadn't used XMPP for quite a while. While I liked it last time I used it there were issues keeping connections and the clients were less than stellar.
While the desktop clients for Linux are still a little shaky I can recommend Quicksy (thank you @moparisthebest for the recommendation).
I've been crabby when people recommend XMPP because I didn't realize that folks have taken XMPP from an early 21st century protocol to a joy to use.
Metalhead.club is a Mastodon instance hosted in Germany and powered by 100% green energy.