Conversation:
Notices
-
This is how !gs !gnusocial now works An #OStatus server produces an #Atom feed of status-update messages, which are pushed to subscribers using #PubSubHubbub. Replies to status updates are sent using the #Salmon protocol…
- MMN-o ✅⃠ repeated this.
-
I don't think one should be very prophetic about which specific standards and formats are used, but yes - federation and distribution is the future. If !ostatus lives on or if something else swoops in and takes over is for the future to tell :)
-
@andresinmp Direct Messages currently don't federate in !GNUsocial. If we're going to adapt to #Diaspora's flavour of !ostatus we will get encrypted transfer of private messages between nodes. That does not necessarily mean they are protected though - only trust that if you trust the admins on both nodes. .)
-
Has #zot been peer reviewed by experienced cryptographers and security specialists yet? I had some glances on the protocol spec but didn't feel very comfortable. But I'm not a security or cryptography specialist either, just a paranoid conservatist.
-
@manuel Thanks for publishing this!
-
@diegogz Do what with LibreJS code? I think javascript is a horrible language and even worse when used in web browsers.
-
@sergiodj Gnome Shell etc. uses javascript, afaik without random remote connection capabilities and untrusted eval() executions. That is more ok than sneaky stalking, remote resource fetching and behavioral analysis with unverified code transferred over http which is highly susceptible to MITM attacks ;)
-
@diegogz Never trust javascript todo crypto. How about actual applications? You know, underneith your browser you've got a _real_ operating system...
-
@aroque I think @mike holds a grudge to previous #StatusNet dev team. Apparently they had strifes. I think they're doing good work with #RedMatrix for a different use-case than for !gnusocial. There are different kinds of secure, private etc. and there is some overlap but our implementations are not necessarily trying to solve the same problem. I have several times co…
-
@r7 I'm not sure what you mean would be a showstopper. I was just pointing out that crypto in the web browser cannot be trusted because you cannot trust the messenger (I have no reason to believe that the server sends me a valid implementation).
-
The "grudge" comment was based on @mike's comment in the question thread, http://status.hackerposse.com/url/7094 "I just find it hilarious that we get so much critique from statusnet/gnusocial". I've got essentially nothing to do with the previous developers ;) My uncertainty stems from the fact that there's - afaik - no client side encryption (and if there was, it'd …
-
@manuel@lamatriz.org Thank you for a very interesting view on GNU Social federation and its usage. The article reminded me "Security through obscurity" approach :-) but anyway I could look at GNU Social limitations at another angle...
http://english.lasindias.com/gnu-social-federation-against-the-social-model-twitter
@andresinmp@loadaverage.org
-
@yvolk What we are trying to point is that the federation issues or limitations as you said may look like a "bug", but they are really the result of an agreement, an implicit contract: to be part of a conversation on anot…
-
@laemeur Great! We are really happy to read your message and see how this idea is not new at all and already exists things working this way. Our desire is to move forward in this direction and use !gnusocial as a «sharing economy operative system» for what we want to develop new plugins to empower hospitality networks and all kind of #p2p interchanges Â