XMPP Operators Begin Requiring Encryption, Google Still Not Allowing TLS

← Back to Stories (view on slashdot.org)

XMPP Operators Begin Requiring Encryption, Google Still Not Allowing TLS

Posted by Unknown on Tuesday May 20, 2014 @12:03AM from the google-talk-is-the-new-internet-explorer dept.

Via El Reg comes news that major XMPP (formerly known as Jabber, likely the only widely used distributed instant messaging protocol other than IRC) operators have all begun requiring encryption for client-to-server and server-to-server connections. Quoting the Prosidy developers: "Last year Peter Saint-Andre laid out a plan for strengthening the security of the XMPP network. The manifesto, to date signed by over 70 XMPP service operators and software developers, offered a rallying point for those interested in ensuring the security of XMPP for its users. Today is the date that the manifesto gave for the final 'flip of the switch': as of today many XMPP services will begin refusing unencrypted connections. If you run an XMPP service, we encourage you to do the same. On the xmpp.org wiki you can find instructions for all the popular XMPP server software. While XMPP is an open distributed network, obviously no single entity can 'mandate' encryption for the whole network — but as a group we are moving in the right direction." There is a handy tool to test your server. A result worth noting is Google's: they still do not support TLS for server-to-server connections, and their sudden dropping of TLS s2s connections a few years ago is likely the primary reason operators switched off mandatory TLS for s2s (I know that's why I did it). Although Google Hangouts offers no federation, GTalk still does, but it appears that the XMPP network-at-large will now cease to federate with Google voluntarily.

121 comments

Min score:

Reason:

Sort:

Google is dropping XMPP and Talk/Chat anyway by The+Cisco+Kid · 2014-05-20 00:19 · Score: 4, Informative

So their lack of support for TLS with it is sort of a moot point.
http://tech.slashdot.org/story...
1. Re:Google is dropping XMPP and Talk/Chat anyway by nine-times · 2014-05-20 01:16 · Score: 5, Insightful
  
  You know, I can understand why Google might decide that XMPP isn't sufficient for the kinds of features they'd like to support, and so deciding to develop something new in-house with their desired feature set. I really wish, though, they they would open a protocol that still allowed outside people to communicate.
  I just find it insane how much we're moving back in the direction of "walled gardens" everywhere. There was a time when most people's exposure to online interaction were services like Compuserve, AOL, and Prodigy, and those services couldn't talk to each other. I think we're headed back in that direction, except that soon we'll all be on services like Google+, Facebook, and Twitter, and those services won't talk to each other.
  We really need a revolution soon, or I think we're going to find that we don't like where we end up. I know it sounds trivial because these are all free services, and most of what's communicated on them is trivial anyway. Still, it's transforming the Internet into a less free place, where we're all at the whim of a small handful of companies. I think it's a bigger problem than we've yet realized.
2. Re:Google is dropping XMPP and Talk/Chat anyway by Charliemopps · 2014-05-20 01:37 · Score: 2
  
  It's about choice. I can understand that we should always have choice. But the idea that we shouldn't be able to "choose" a walled garden if we want one seems ass-backward to me. Do you remember CompuServe, AOL and prodigy? There were plenty of others as well... some of them were Awesome. I loved CompuServe. I wouldn't go back now... but if some people want to, why shouldn't they have the choice to do so? Googles pretty darned open compared to most other modern tech companies. If they want to offer some services that aren't as open, because it will make some people who don't care about openness have a better experience, why not? Let me know when "open" isn't a choice I can make. Then I'll get out my picket sign.
3. Re:Google is dropping XMPP and Talk/Chat anyway by MoonlessNights · 2014-05-20 01:43 · Score: 2
  
  They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs. As far as I can tell, this was purely to thicken the walls on the garden.
  This is the problem with anyone becoming too big within an otherwise open space: there is no reason for them to play nice when they have de facto control. Let's just hope that E-Mail doesn't suffer the same fate at the hands of GMail.
  I have said almost word-for-word what you just said about walled gardens (even using Compuserve and AOL as examples) so I am totally in agreement with your concerns on that front.
4. Re:Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 02:00 · Score: 0
  
  We really need a revolution soon, or I think we're going to find that we don't like where we end up.
  If you want a revolution, the first step should be for you to A) use federated Jabber/XMPP, B) talk about the issue to as many people as you can and optionally C) don't use walled gardens.
5. Re:Google is dropping XMPP and Talk/Chat anyway by Kimomaru · 2014-05-20 02:07 · Score: 2
  
  I hadn't really thought of it that way, that we're moving back to walled gardens. It's kinda funny. Anyway, I guess people like the comfort and convenience of walled gardens. What really bums me out isn't that the large majority of people like them, but that highly technical people do as well. I know people who, no question, can install anything including an XMPP server on extremely cheap, low power consumption hardware and yet they don't bother. They find smartphones, Windows and Apple products too delightful. When Apple insists that only Apple users can use iChat with their phones, tablets, and desktops, it compells others to buy these products as well to stay in the loop.
  
  So, yeah, out of principle I avoid IOS and Android and stay Debian/Open Source everywhere I can. It's not a perfect solution, but it's the best one I know of.
6. Re:Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 02:24 · Score: 0
  
  Let me know when "open" isn't a choice I can make. Then I'll get out my picket sign.
  By that time it will be too late to get out do anything, you'll have to post your protests post on twitter/google+/facebook ...
7. Re:Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 02:29 · Score: 1
  
  Sure I could install my own XMPP server, no problem.
  Of course, if I want to have a conversation with anyone other than myself, then I'll still need Google/Apple/Skype whatever, because let's face it, nobody uses XMPP. Sad but true.
8. Re:Google is dropping XMPP and Talk/Chat anyway by Pi1grim · 2014-05-20 02:32 · Score: 5, Insightful
  
  That's BS. All this achieves is pushes you into the same zoo of IM clients that stretches from the 90-s. ICQ, Odigo, MSN, Gadu, Skype, XMPP and now all the mobile IMs are all dreaming of being The One. I'm so glad all this corporate "there can be only one and it should be us" broke out after email was standartized. Because right now, several decades from it's invention, we're still stuck with it. No matter how ugly or unsuitable for modern needs the protocol is and how many ugly hacks have been applied to it. Just because this is the only universal communication method. You can send a message and receiver will get it regardless of what mail service it uses.
  Back in the day google's tech team though that something similar should be done for IM market and supported XMPP. But then, they decided that this product was too good, to let other people, who don't use google's services to use it to contact the ones already in the Google's web of services. "Everyone should get a google ID." And now hopes of other players are even dimmer than they ever were. Looks like my dream, where people from facebook, google, univercity network and some corporate IM system can get into one conference and chat is a pipe dream.
  I don't care for internal protocols, features and such. I just want interoperability between servers. Let john@google.com message jane@facebook.com and any other server that has supported XMPP server. I worked great for email, by the hell do you try to introduce walled gardens and cause pain to your users?
9. Re:Google is dropping XMPP and Talk/Chat anyway by Pi1grim · 2014-05-20 02:35 · Score: 1
  
  They did explain. You just didn't listen good enough. XMPP interoperability wouldn't let google force people into their services and would let people run third-party services and yet enjoy the luxury of communicating with those, who used Google as their one-stop-shop for all online needs. Clearly that had to be stopped. I'm expecting a similar move for GMail, only much swifter (those damn users are too used to the stupid idea of email being cross-server, not being locked-in).
10. Re:Google is dropping XMPP and Talk/Chat anyway by Pi1grim · 2014-05-20 02:40 · Score: 1
  
  >> Anyway, I guess people like the comfort and convenience of walled gardens.
  People like comfort and convenience. Corporations love walled gardens, because they can use vendor lock-in to try and leverage their userbase into bringing more people into the same trap.
  Most people won't care who pays for the services they use until the information they provided will be used against them, or until they'll lose everything at a blink of an eye for violating some ToS, it'll be too late by then, but, well, some people only learn the hard way.
11. Re:Google is dropping XMPP and Talk/Chat anyway by westlake · 2014-05-20 02:41 · Score: 1
  
  What really bums me out isn't that the large majority of people like them, but that highly technical people do as well. I know people who, no question, can install anything including an XMPP server...
  
  Not everyone wants to be technician or engineer 24-7-365.
12. Re:Google is dropping XMPP and Talk/Chat anyway by Pi1grim · 2014-05-20 02:45 · Score: 1
  
  Universities, a lot of businesses, non-profits, all use XMPP because it's pretty mush the only solution that doesn't make you give up your information and can host inhouse (without costing an arm and a leg and forcing you into a vendor lock-in).
  Even if you give up and drop XMPP, you will still need to use Skype, Google, WhatsApp and whatnot (all of them, not just one), because my communication circle stretches across target audiences of all those messengers and there is no silver bullet (one ideal messenger that would satisfy all people) as sometimes people want completely different things and one messenger cannot satisfy all of them.
13. Re: Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 02:55 · Score: 0
  
  Like it or not, facebook pretty much is that silver bullet. With the exception of places it's blocked (China is the biggest one) just about everyone has one. And the few who don't are privacy nuts who probably font use twitter or any other messaging programs either.
14. Re: Google is dropping XMPP and Talk/Chat anyway by Pi1grim · 2014-05-20 03:08 · Score: 1
  
  Like it or not, but it's not a silver bullet. There is a lot of people who are disconent with Facebook as IM. Believe it or not, but around here people use Skype, WhatsApp and XMPP for IMs, facebook being the last place you'd think to reach a person.
  As much as you (and Facebook execs) 'd like Facebook to be "one size fits all" - it's far from that.
  Tell any decent IT security manager that you would like to use facebook as company IM and watch him laugh his behind off.
15. Re:Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 03:14 · Score: 0
  
  We don't need a revolution; we just need you to vote. We aren't moving toward walled gardens. Walled gardens exist, and some people are taking them seriously, although I don't actually know a single person who uses Google Talk, so these anecdotes are hardly confirmed. You don't have to do anything so silly. It is as effortless as Just Saying No. Keep running jabberd (or whatever yours is), and if you ever meet one of those Google Talk people (I bet you never well, but let's just say hypothetically) then tell 'em to upgrade their software.
  Ballot box. If we can't establish a level of giving-a-fuck to that level, then there's no point in talking about ammo boxes and revolution.
  Is Google blocking XMPP on their munical fiber networks, or something like that? What is the part you're leaving out? It's like you heard that your father's brother's nephew's cousin's former roommate bought a Windows Phone and that somehow means you're not allowed to use your N900 anymore.
16. Re:Google is dropping XMPP and Talk/Chat anyway by Kimomaru · 2014-05-20 03:18 · Score: 1
  
  Joking? Don't need to be a 24-7-365 technician or engineer, any technical person knows this. Small, 5v server costs 80 dollars (cubieboard or cubietruck). Debian costs nothing. I run xmpp and mumble on it. System updates with cron. Can't remember when last I actually logged into it, it's just there and I use it. My toaster gives me more trouble.
17. Re: Google is dropping XMPP and Talk/Chat anyway by Anonymous Coward · 2014-05-20 03:27 · Score: 0
  
  (Same AC you replied to)
  True, Facebook might not be the "preferred" service, but it's a good option if you have no idea what a person uses, because just about everyone has one. I'm not 100% happy with it either, but between:
  1) Its near ubiquity
  2) The fact that I can use it through XMPP (not fully, but messaging works fine)
  3) The fact I don't need a mobile app to access it (looking at you, WhatsApp/WeChat/etc) and the fact it also has a website
  it's by far the best choice out of the current messaging choices. Jabber is better of course but fails number 1, and the others fail all 3.
  And the privacy isn't THAT bad if your settings are configured right and you only use it as a messager (don't post stupid things there, and I can't see the ads in pidgin anyway, so it doesn't really matter to me)
18. Re:Google is dropping XMPP and Talk/Chat anyway by IamTheRealMike · 2014-05-20 03:49 · Score: 1
  
  They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs. As far as I can tell, this was purely to thicken the walls on the garden.
  I think it's obvious isn't it? The "Hangouts" product works in a fundamentally different way to XMPP. In particular, it's trying to be a WhatsApp competitor, which means users are identified by things which are not JIDs, like verified phone numbers and Google+ profiles. What's more the entire thing on mobile runs over the C2DM system which uses tightly packed binary protocols to save bandwidth and battery instead of XML. GTalk had been architecturally moving away from XMPP for years as the product evolved, it's hardly surprising that this trend continued.
  As to why they stopped caring about federation, I'd guess the answer is: nobody uses it (except spammers). Heck, I'm a technical guy with lots of technical colleagues and friends, mostly using GTalk, and zero of them use a federated XMPP server. XMPP just is not competitive and is a market failure as a result. Or can you give me one good, solid reason why an ordinary person would want to use a non-Google XMPP server? No ideology please, just practical things. I can't think of one.
19. Re:Google is dropping XMPP and Talk/Chat anyway by dpilot · 2014-05-20 03:51 · Score: 1
  
  Go ahead and choose your walled garden, I won't stop you.
  But from where I sit, it looks like everything that connects to the home is going to walled gardens, and open as an option is fading away.
  Serious proposal: Allow a "fast lane" by any/all ISPs. They've got such a hard-on for a fast lane that they're going to keep buying legislators until they get one. Then place a limit on it. The fast lane can only be X times faster than the "neutral net lane", and NO traffic shaping or limits are allowed on that lane, other than being 1/X the speed of the fast lane. Plus X needs to be a legally asserted and testable value.
  
  --
  The living have better things to do than to continue hating the dead.
20. Re:Google is dropping XMPP and Talk/Chat anyway by nine-times · 2014-05-20 04:01 · Score: 1
  
  I'm not talking about taking away your choice to be in a walled garden. I haven't suggested any method to stop you from logging onto Facebook and only using Facebook.
  But going with that example, I'm just suggesting that, as more and more of our communications get rammed into Facebook, and if Facebook doesn't have protocols to connect without outside systems, we're going to have a problem.
21. Re: Google is dropping XMPP and Talk/Chat anyway by Dr_Marvin_Monroe · 2014-05-20 04:08 · Score: 1
  
  Anonymity? In this age of spying on everyone, perhaps a verified name or phone number is a liability.
22. Re:Google is dropping XMPP and Talk/Chat anyway by nine-times · 2014-05-20 04:09 · Score: 1
  
  They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs.
  I'm not asserting that was why they did it. I'm just saying that I could understand if that was why.
  It may be that if you could talk to the decision-maker inside of Google who made this decision, they'd tell you that XMPP is somehow inefficient, or it didn't offer features that they wanted. They might say that XMPP is poorly architected or something, and we might debate about whether their explanation made sense.
  What I'm saying is that, if there's some technical explanation like that, then I don't object to the decision per se. However, then I would want to argue that Google should either fix it or offer a better alternative. IM, voice, and even video chats are such well understood problems at this point, that I don't believe there's a valid reason why there can't be open protocols that are shared among Hangouts, Facebook, Skype, AOL, and iMessage.
23. Re:Google is dropping XMPP and Talk/Chat anyway by Man+On+Pink+Corner · 2014-05-20 04:23 · Score: 1
  
  We really need a revolution soon, or I think we're going to find that we don't like where we end up. I know it sounds trivial because these are all free services, and most of what's communicated on them is trivial anyway. Still, it's transforming the Internet into a less free place, where we're all at the whim of a small handful of companies. I think it's a bigger problem than we've yet realized.
  (Shrug) The next revolution will be co-opted to sell ads, just like the last one was. I don't know what we need, but it's not another "revolution."
24. Re:Google is dropping XMPP and Talk/Chat anyway by nine-times · 2014-05-20 05:05 · Score: 1
  
  I actually think there's a bit of a cultural problem in the tech community, in that the issue of "openness" has become polarized. On one side, you have people who think openness absolutely doesn't matter, and they seem to have no problem with the "walled gardens". On the other side, you have FOSS advocates who seem to have a militant agenda to replace everything with Debian.
  I would take the position that closed source software is fine, and in fact, it's good to have a diverse software ecosystem with different developers taking different approaches, open and closed source both. However, I think we should push a militant agenda for open formats and open protocols.
  For example, if Google wants to have their own closed-source Hangouts app, and Facebook wants their Messenger app, and Pidgin wants to produce an open source messaging app, that's all fine. That's great, in fact. However, we should try to get them to round everyone up and agree on messaging protocols that allow users of one IM platform to communicate with users of another platform.
  The equivalent for email would be if we all lived in a world where Gmail users could only email other Gmail users, and Hotmail users could only email other Hotmail users. I'm just saying, let's go ahead and develop something like SMTP so that they can talk to each other.
25. Re:Google is dropping XMPP and Talk/Chat anyway by psyclone · 2014-05-20 05:45 · Score: 1
  
  Features? It's great to have the server manage groups so when a new user of Team X gets added, all of Team X shows up in their roster. File transfer is simpler and more secure using XMPP+TLS than requiring the "cloud". Persistent chat rooms (ala IRC channels) are a great way to keep people collaborating. Even IDEs like Intellij can help collaboration by sending "File Z line N" code pointers or diffs that show up right next to the code your team is working on.
  
  That and by using OTR or trusting your own server to not log chats protects privacy. But does anyone care about privacy anymore?
26. Re:Google is dropping XMPP and Talk/Chat anyway by dj245 · 2014-05-20 07:03 · Score: 1
  
  You know, I can understand why Google might decide that XMPP isn't sufficient for the kinds of features they'd like to support, and so deciding to develop something new in-house with their desired feature set. I really wish, though, they they would open a protocol that still allowed outside people to communicate.
  I just find it insane how much we're moving back in the direction of "walled gardens" everywhere. There was a time when most people's exposure to online interaction were services like Compuserve, AOL, and Prodigy, and those services couldn't talk to each other. I think we're headed back in that direction, except that soon we'll all be on services like Google+, Facebook, and Twitter, and those services won't talk to each other.
  We really need a revolution soon, or I think we're going to find that we don't like where we end up. I know it sounds trivial because these are all free services, and most of what's communicated on them is trivial anyway. Still, it's transforming the Internet into a less free place, where we're all at the whim of a small handful of companies. I think it's a bigger problem than we've yet realized.
  Nobody has really made a service or software where an open standard was easy to use. Case in point- video calls. There are a lot of free alternatives out there, some seem to work OK, other seem to not work so well. None of the alternatives are easy to use however, so Skype is what we use. I would prefer to use a more open platform, but I have better things to do with my time than troubleshoot such a system for hours.
  
  --
  Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
27. Re:Google is dropping XMPP and Talk/Chat anyway by Charliemopps · 2014-05-20 07:19 · Score: 1
  
  Go ahead and choose your walled garden, I won't stop you.
  But from where I sit, it looks like everything that connects to the home is going to walled gardens, and open as an option is fading away.
  Serious proposal: Allow a "fast lane" by any/all ISPs. They've got such a hard-on for a fast lane that they're going to keep buying legislators until they get one. Then place a limit on it. The fast lane can only be X times faster than the "neutral net lane", and NO traffic shaping or limits are allowed on that lane, other than being 1/X the speed of the fast lane. Plus X needs to be a legally asserted and testable value.
  Congrats on joining the chorus of uninformed on the net neutrality topic. That's not what they are proposing and not what will happen. Don't get me wrong, I think it's a terrible idea for other reasons... but the ISPs can't simply use it to block content. They could try but they'd end up in court so fast their heads would snap back.
  Traffic shaping will give some content priority. This will increase latency to content that doesn't pay. As you likely already know, for a normal website like slashdot, the latency would have to be ridiculously high before you noticed it. But for streaming content like netflix, they pretty much will be required to pay it. Now that fee will be based on the amount of traffic they are sending across the network. This will give netflix its first financial incentive to reduce the amount of bandwidth they are using. Up until now they have been completely irresponsible in that regard.
  A much better solution would be to regulate content providers. Netflix is responsible for over 34% of peak traffic. There is no reason they shouldn't be regulated like any other content provider. CBS can't just start broadcasting on 20 separate channels without the FCC's approval ruining everyones ability to get other content... why can netflix? For some reason people expect ISPs to spend billions to upgrade their networks, but neither netflix nor the customers want to pay for it. They expect their prices to remain the same, and the ISPs to just take a hit. Well surprise surprise, they didn't want to pay either.
28. Re:Google is dropping XMPP and Talk/Chat anyway by nine-times · 2014-05-20 07:24 · Score: 1
  
  You're conflating a lot of different issues. First, video calls are notoriously painful for various reasons. So let's just get that out of the way: it wouldn't be weird if you were having lots of problems with Skype, too.
  Second, there's nothing inherently inferior about "open". If Skype were to publish a spec for how they negotiate video calls, then suddenly we have an open protocol that's as good as Skype. It's not suddenly worse because it's "open".
  Third, there's a difference between a "protocol" and a "platform". It seems you're talking about having tried different pieces of free software, and had problems with them. The problems might have had nothing to do with the protocol. It might be that the software is bad. I don't know, because I don't know what problems you've had on which platforms.
  We use "open standards" all the time. It's silly to suggest that open protocols don't work. How are you posting on this website? I'm guessing you're making some use of HTTP.
29. Re:Google is dropping XMPP and Talk/Chat anyway by DdJ · 2014-05-20 07:52 · Score: 1
  
  Or can you give me one good, solid reason why an ordinary person would want to use a non-Google XMPP server?
  Some employers provide on-site supported XMPP servers. Until recently, I've been able to use ours to collaborate with external partners on GTalk, using federation.
  Some vendors provide built-in XMPP servers as part of other products. I'm aware of one telephony platform that does so and one IT helpdesk service that does so. Using their servers enables certain useful features, like "they look like text messages to phone users" and "customers can open issues with the help desk by sending them IMs". Those are more useful when federation works.
  Some web service providers have XMPP support in their service platforms. I used to be able to have IFTTT send messages to me, due to federation. Google's announcement about turning off the service has caused them to remove the channel from their service entirely. Now I can't use it anymore.
  (Those are just the ones that have been impacting me personally as of late. I'm sure others could think of more. No, they're not mainstream. Yes, they're real.)
30. Re:Google is dropping XMPP and Talk/Chat anyway by Unknown+Lamer · 2014-05-20 08:44 · Score: 1
  
  SIP is a good protocol. There aren't very many great clients, but ekiga always worked fine for me.
  
  --
  
  HAL 7000, fewer features than the HAL 9000, but just as homicidal!
31. Re:Google is dropping XMPP and Talk/Chat anyway by dpilot · 2014-05-20 14:12 · Score: 1
  
  Good point on latency, I forgot about that. What's worse is that streaming media can readily compensate for latency, as long as it's reasonably consistent. On the other hand, I work from home a fair amount, sometimes with vnc, sometimes with remote X. I'm a heck of a lot more sensitive to latency.
  But even if you regulate Netflix like a content provider, it still leaves Comcast jealous, because none of the effects of that regulation wind up in Comcast's pockets. The reality is that Comcast doesn't want to be an ISP, they want to be a content provider, because that's where they're from. Being an ISP was just an "opportunity" they were well poised to take advantage of, with their infrastructure. Only problem is that in the real world, instead of Comcast's dream work, the "opportunity adder" is bigger than their core business. They're working really hard to impose their dream on reality, and since they own the pipes, they're getting away with it.
  Once upon a time there was talk of Internet2 - I believe it hooks some universities, national labs, and businesses together. Part of me wonders if at some point corporate US really will manage to turn the internet into a series of walled gardens, and we'll be back to the days of modems, bang-paths, and line-of-sight hacks.
  
  --
  The living have better things to do than to continue hating the dead.
Do the same for EMAIL by Anonymous Coward · 2014-05-20 00:22 · Score: 0

We should do the same for all EMAIL. Require encrypted connections. Eliminate spam while we're at it.
1. Re: Do the same for EMAIL by jackspenn · 2014-05-20 00:30 · Score: 1
  
  How does requiring encryption for email ensure SPAM goes away?
  
  --
  Respect the Constitution
2. Re: Do the same for EMAIL by BradMajors · 2014-05-20 00:58 · Score: 1
  
  It makes it easier to identify the source of the SPAM.
3. Re: Do the same for EMAIL by SuricouRaven · 2014-05-20 01:22 · Score: 1
  
  There are proposed systems that require expensive-to-generate signatures - something where sending an email might require a minute or so of processor time. Not a real problem for most uses, but a serious hold-up for spammers. Never took off though, and there are some issues - it just gives spammers an incentive to control a botnet, and the calculation intended to be a minor inconvenience for desktops can be a serious problem for mobile devices.
4. Re: Do the same for EMAIL by omnichad · 2014-05-20 02:21 · Score: 1
  
  That would come from requiring valid certificates, not from encryption. A common part of it, but not necessarily required.
5. Re: Do the same for EMAIL by omnichad · 2014-05-20 02:25 · Score: 1
  
  And by valid, I mean signed by a trusted CA.
6. Re: Do the same for EMAIL by koinu · 2014-05-20 03:07 · Score: 1
  
  Point is, the only CA I trust is the one I created myself. And by this I mean: self-signed certificates are the most reliable. And by this, I imply: "net of trust" type trust is generally the best solution. And that's why I conclude that CAs are generally shitty, because I don't know who signs what there and I consider PGP as the best solution for handling of trust.
7. Re: Do the same for EMAIL by omnichad · 2014-05-20 03:17 · Score: 1
  
  If you like being on an island in the Pacific of the Internet, I'm sure that's fine. It would certainly stop the spam.
8. Re: Do the same for EMAIL by Gavagai80 · 2014-05-20 08:49 · Score: 1
  
  Most computer-generated emails aren't spam. Email notifications from websites can't take a minute to generate.
  
  --
  This space intentionally left blank
Not evil, but definitely rotting from within by TrentTheThief · 2014-05-20 00:33 · Score: 3, Interesting

Google is acquiring all of the arrogant bullshit attitudes and implementing arbitrary rules and standards just the same way that microsoft did.
It's a sad shame. But an evil empire smells not different from an empire that's rotting.
1. Re:Not evil, but definitely rotting from within by LordLimecat · 2014-05-20 01:12 · Score: 0
  
  You're gonna have to explain that. They currently are behind development of the most popular (And open source!) mobile OS out there, the most popular (and "mostly" open source) desktop browser out there, the most popular (in the west) search engine out there, and one of the most popular (and very open) email systems out there.
  It's notable that they continue to be a voice of reason in the security world (with this being a notable exception), having given very solid reasons for why they dont do security theatre with their Chrome password store, why they use CRLSets instead of an ineffective soft-fail CRL system, their rapid switch away from AES-CBC to RC4 when BEAST came out, and so on.
  Probably the worst that could be said for them recently is that they went way overboard in their attempt to make Google+ a "thing".
  In a lot of ways, Google continues to be a prime example of a company that "gets it" (when its not pushing failed social networks). Theyre embracing security, encryption, mobile computing, and wearable tech (which is coming whether anyone wants it or not). Im not clear in what sense you could consider them to be "rotting".
2. Re:Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 01:24 · Score: 0
  
  They did, by the way, install some security theater for Chrome password store in the last few months.
3. Re:Not evil, but definitely rotting from within by LordLimecat · 2014-05-20 01:28 · Score: 1
  
  Thats disappointing. I guess PR wins over well-reasoned policy every time.
4. Re:Not evil, but definitely rotting from within by Curunir_wolf · 2014-05-20 01:31 · Score: 1
  
  In a lot of ways, Google continues to be a prime example of a company that "gets it" (when its not pushing failed social networks). Theyre embracing security, encryption, mobile computing, and wearable tech (which is coming whether anyone wants it or not). Im not clear in what sense you could consider them to be "rotting".
  The GP was comparing Google too Microsoft. He meant that Microsoft is "rotting", not Google. But was making the point that Google "smells" the same, because while they may not be rotting, they are clearly just as evil.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
5. Re:Not evil, but definitely rotting from within by LordLimecat · 2014-05-20 01:41 · Score: 1
  
  Yea, opensourcing all of that stuff, contributing to Linux, and offering exit strategies from their ecosystem ("heres a zipfile with all of your data!") is super evil.
6. Re: Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 01:48 · Score: 0
  
  So how much does Google pay you anyway?
7. Re: Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 02:03 · Score: 0
  
  probably a hell of a lot better than you get paid by microsoft to troll.
8. Re: Not evil, but definitely rotting from within by LordLimecat · 2014-05-20 02:04 · Score: 1
  
  I just get upset when geeks insist on shooting themselves in the foot by decrying the only major internet company that actually FIGHTS requests for data from the government.
  But hey if you want to run crying to Microsoft (who reports Skype calls to Chinese authorities) or Yahoo (who outs dissident bloggers in China), go right ahead. Myself, Id rather stick with the camp who actually has some degree of integrity. Have fun with whoever else you choose, and dont come crying to me when you end up in trouble with an authoritarian regime because of it.
9. Re:Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 02:13 · Score: 1
  
  Google is racing to close every facet of Android they conceivably can.
  Their browser may be mostly open source, but they certainly have evil intentions within (ie. search from address bar)
  Their search engine being the most popular has nothing to do with their evil motives. Nothing about the search engine is "open" and it is certainly driven by ads and data mining.
  How is gmail very "open"? Open in the sense that the content of every message is waded through for valuable statistics/data on you and the other end of your conversations?
  
  The only thing Google "gets it" for, as you say, is making money. They are a big corporation driven by dollars like any other. Why are they such angels in your eyes?
10. Re:Not evil, but definitely rotting from within by Kimomaru · 2014-05-20 02:20 · Score: 1
  
  Going to have to disagree. "Mostly" open source can be as much of a problem as no open source at all. It depends on what parts they don't subject to public scrutiny, no? Also, not sure why you would mention how popular a platform is as it is irrelevant to the central issue. Something can be popular and terrible. The biggest problem is that companies can afford to do whatever they like and be altruistic when they're small and struggling, but when they become giants they must inevitably play by a different set of rules. In previous generations, this used to be reffered to as "selling out", but millenials are not familiar with this term because it has become the standard in modern culture. I understand the need to succeed and excel, but what is our culture left with if we compromise our integrity for sports cars.
  
  Personally, I'm highly suspicious of anything that is wildly popular. It's never long before that thing is covered in controversy.
11. Re: Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 02:22 · Score: 0
  
  Lost it at 'FIGHTS'.
12. Re: Not evil, but definitely rotting from within by Anonymous Coward · 2014-05-20 02:32 · Score: 0
  
  How about not treating companies who just want to make money either by selling you stuff or using you as a product (Google) as being "in your camp" ?
  disclaimer: I do use some Google services since they are convenient and work well, but never I would consider them to be my buddy. I also owned a Microsoft mouse once since it was good quality and worked well.
13. Re:Not evil, but definitely rotting from within by Pi1grim · 2014-05-20 02:53 · Score: 1
  
  >> They currently are behind development of the most popular (And open source!) mobile OS out there,
  And they are quietly dragging all the open source parts into closed source framework called Google Services, trying to create a vendor lock-in for the apps, so that it's impossible to run software on AOSP without Google Services Framework, which is closed source and completely controled by google. Messaging app is gone (hangouts to the rescue), so is Gallery (hello Google+ Photos, yuck) and a lot of other, smaller things are all being sucked into closed source with their open source variants being left behind and abandoned.
  >> the most popular (and "mostly" open source) desktop browser out there
  _mostly_ open source. Do you even listen to yourself? Chrome has a fair share of closed source code with important functionality. Chromium is impaired compared to Chrome in terms of functionality.
  >> having given very solid reasons for why they dont do security theatre with their Chrome password store
  You mean encrypting user passwords with user key and allowing to self-host open source synchronization servers, like firefox does is "theater" ?
  >> Im not clear in what sense you could consider them to be "rotting".
  In the sense that google stopped being on the forefront of open web and started trying to become the web. Because it's easier to earn money this way. And in the short run, you might even score a nice bonus. As for the long run - who cares for the long run, when there is a nice cash bonus?
14. Re: Not evil, but definitely rotting from within by Curunir_wolf · 2014-05-20 04:13 · Score: 1
  
  I just get upset when geeks insist on shooting themselves in the foot by decrying the only major internet company that actually FIGHTS requests for data from the government.
  Shows how gullible you are to think that Google actual does that. What, you didn't buy the exact same marketing from other companies making the same claim? Even Zuckerburg tried to imply that he did, too.
  What about how Google puts your website behind a big red WARNING SECURITY VIOLATOR BAD WEBSITE banner because you linked to an image that was hosted on a site that Google claimed (unilaterally with no hope of appeal) violated their insane TOS?
  Don't even get me started about Google's compliance with censorship regimes. Google are Internet bullies. Period.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
End to End is the goal by Anonymous Coward · 2014-05-20 00:34 · Score: 5, Interesting

Why is why Google will drop XMPP. You can use plugins for true end-to-end encryption. This disallows Google from reading your chats which it will never stand for.
1. Re:End to End is the goal by LordLimecat · 2014-05-20 01:14 · Score: 0
  
  I got the impression that they were dropping XMPP because it wasnt "Google+".
  I also wonder whether theyre gonna change their stance now that theyre no longer going whole-hog on G+ integration with everything.
2. Re:End to End is the goal by Anonymous Coward · 2014-05-20 06:45 · Score: 0
  
  Why do people hate G+? The only fault I see with it is that it forces unwanted services on G+ users (crap like youtube or picassa).
3. Re:End to End is the goal by Cid+Highwind · 2014-05-20 08:56 · Score: 1
  
  Because I already have one Facebook profile, and it's more than enough. I don't want to have to maintain another one just to keep rating Android apps or commenting on Youtube cat videos.
  
  --
  0 1 - just my two bits
4. Re:End to End is the goal by allo · 2014-05-21 10:05 · Score: 1
  
  one word: realnames
Catching up to Microsoft by Anonymous Coward · 2014-05-20 00:36 · Score: 0

No one would ever have expected Google to make the transition from evil to incompetent so quickly.
1. Re: Catching up to Microsoft by Anonymous Coward · 2014-05-20 00:49 · Score: 1
  
  Fuck beta. When I press BACK from the Twitter login page you took me to against my will, it doesn't mean I want to immediately send my partially complete post anonymously.
kinda misses the point. by nimbius · 2014-05-20 00:36 · Score: 2, Informative

Google is pretty well seated in the back pocket of the US government. Even if they were to endorse TLS it doesnt preclude them from silently forwarding all your conversations to the NSA.
Voluntarily ceasing to federate is the logical conclusion to a software project run by people who care about their users, so nothing special here. However, voluntarily ablating yourself from Google, Facebook, Twitter, snapchat, and other "social" sites is probably a longterm goal to which we should all strive.

adblock, noscript, and ssl everywhere are all valid tools. For Android users AdAway can be found on F-Droid.org. Your alternative search engine is Duckduckgo.com, and although its nowhere near as powerful openstreetmaps can be used in place of google maps quite often. Alternative free email can be found at freeshell.org (it includes webmail too.) Use unbound for DNS recursion instead of Google, or use www.opennicproject.org.

--
Good people go to bed earlier.
1. Re:kinda misses the point. by Anonymous Coward · 2014-05-20 01:10 · Score: 0
  
  Google completely broke XMPP federation anyway, so who cares. Google wants to keep everyone inside their walled trash yard.
2. Re:kinda misses the point. by pr0fessor · 2014-05-20 01:18 · Score: 1
  
  Unless NSA stands for National Sales and Advertising I'm not sure they are the ones I would worry about. Google does an awful lot of targeted advertising.
3. Re:kinda misses the point. by Anonymous Coward · 2014-05-20 05:53 · Score: 0
  
  "Voluntarily ablating yourself" is not a useful way to defend democracy because most people will continue to use Google. I understand you are trying to reclaim power over your own life but this doesn't give you power over the future of the society you live in which is the more relevant thing here. so, actually it's you missing the point.
Catching up to Microsoft fast by jrumney · 2014-05-20 00:40 · Score: 0

No one ever expected Google to make the transition from evil to incompetent so quickly. There must be some chairs flying in the boardroom of Microsoft.
1. Re:Catching up to Microsoft fast by LordLimecat · 2014-05-20 01:15 · Score: 0
  
  You're going to have to explain how being behind the most popular
  * Smartphone OS
  * Desktop browser, and
  * Search engine
  Makes one incompetent. Their market share of those things isnt declining, either.
2. Re:Catching up to Microsoft fast by MoonlessNights · 2014-05-20 01:45 · Score: 1
  
  You are going to have to explain how popularity precludes incompetence.
3. Re: Catching up to Microsoft fast by Anonymous Coward · 2014-05-20 01:52 · Score: 0
  
  Will you shut up already? We get it. You're a Google lover. Great. Now fuck off.
4. Re:Catching up to Microsoft fast by Anonymous Coward · 2014-05-20 02:19 · Score: 0
  
  Please, stfu already. You're a shill and we get it. Go annoy other people with your lies and Google fallacies.
5. Re:Catching up to Microsoft fast by Anonymous Coward · 2014-05-20 02:24 · Score: 0
  
  When most everyone uses Android as a super feature phone and not an actual smart phone, it's incompetence.
Sure, I'll explain. by Anonymous Coward · 2014-05-20 01:25 · Score: 1

They currently are behind development of the most popular (And open source!) mobile OS out there
... which is getting progressively less open, as more and more things move from the OS proper to Play Services (which is both closed and heavily license encumbered.)

, the most popular (and "mostly" open source) desktop browser out there
... which has forked its rendering engine, no longer uses standard widget toolkits, and incorporates a number of proprietary extensions (like DRM for HTML5 video).

and one of the most popular (and very open) email systems out there.
... which is a meaningless phrase, since it's just as "open" as every other functional e-mail service. Outlook.com is every bit as open, and every bit as closed as GMail.
1. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 01:36 · Score: 0
  
  ... which is getting progressively less open, as more and more things move from the OS proper to Play Services (which is both closed and heavily license encumbered.)
  Utter bull. Play store is included with AOSP. THe service itself is hosted, and most certainly not a "part of the OS" (particularly as you are able to side load and install third party stores, like Amazon's).
  The Blink rendering engine was forked because it was being developed by Apple with a lot of apple-specific stuff, like the Safari-only JS engine (which chrome never used), and it made zero sense to continue to be tied down. Blink does, however, remain open source, so im not clear what your beef is.
  
  ... which is a meaningless phrase, since it's just as "open" as every other functional e-mail service
  No, not even remotely. Try exporting your email and contacts out of AOL or Verizon. Google has always been one of (if not THE) best in terms of getting your data out of their systems. As a general rule, they tend to actually follow standards, and when the existing standard isnt working, they tend to make a new one and release the specs.
  You mentioned Outlook: lets have a look at exporting data from them:
  Export Outlook items to an Outlook Data File (.pst)
  Yea, thats super open. A PST file: a proprietary, poorly understood format that requires Outlook to pull data from. Compare to Google, where you can get a zip file of all of your data to be used with whatever you want.
2. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 01:37 · Score: 0
  
  Looks like I was wrong-- there actually isnt a way to export from Outlook.com. You can use the Outlook client to pull everything and then create a PST, but they dont actually offer a way out without a client.
  The comparison is ridiculous.
3. Re:Sure, I'll explain. by Anonymous Coward · 2014-05-20 01:56 · Score: 0
  
  The AC mentioned Outlook.com, not the Outlook client. Exporting data out from Outlook.com is very easy.
  Google Play Store is closed and heavily encumbered. Unless you are a member of Open HAndset Alliance, you cannot ship Play Store in your custom Android fork.
4. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 02:09 · Score: 1
  
  Can you show how to export from Outlook.com? Because everything I found says you cant, except through the Outlook client and a PST export.
5. Re:Sure, I'll explain. by Anonymous Coward · 2014-05-20 02:19 · Score: 0
  
  Let say I want to migrate from Outlook.com to Gmail. All I have to do is to configure my Gmail account to pull all my Outlook.com messages via POP3. You can also do this via IMAP through Outlook client but you must have fast Internet access. I can also import calendars and address book from Outlook.com via the export/import method.
6. Re:Sure, I'll explain. by oji-sama · 2014-05-20 02:21 · Score: 1
  
  Server: imap-mail.outlook.com Server port: 993 Encryption: SSL
  
  --
  It is what it is.
7. Re:Sure, I'll explain. by chihowa · 2014-05-20 02:36 · Score: 1
  
  Utter bull. Play store is included with AOSP.
  Utter bull, indeed.
  You're referring to the entirely closed-source bundle that you download from the not-at-all-sketchy-sounding site, goo-inside.me, right? The one that's signed with a self-signed certificate?
  The same Google Apps that increasingly contains closed source versions of what used to be open source OS components? Yeah, I'm not sure what "evil" spin you could put on this totally "open" behavior of Google's...
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
8. Re:Sure, I'll explain. by Archangel+Michael · 2014-05-20 02:50 · Score: 1
  
  Same is available with GMAIL as well.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
9. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 03:32 · Score: 1
  
  Pretty sure that doesnt cover contacts and calendar. That just does mail.
10. Re:Sure, I'll explain. by oji-sama · 2014-05-20 03:42 · Score: 1
  
  Yep, I'm not an Outlook mail user...
  
  --
  It is what it is.
11. Re:Sure, I'll explain. by oji-sama · 2014-05-20 03:52 · Score: 1
  
  And yet you can export your calendar in ics format as well from the page. Tried it myself (although I am pretty sure I have zero events nicely going along with the single welcome mail there)... The Calendar export might have been better named (share), but the contacts one was clearer.
  
  Can you show how to export from Outlook.com? Because everything I found says you cant, except through the Outlook client and a PST export.
  google: outlook.com export calendar
  
  --
  It is what it is.
12. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 06:02 · Score: 1
  
  According to the results in the Microsoft forum,
  * Its not an official method-- nor is really supported (the mods recommend you ask for it in feedback tho!)
  * Its pretty roundabout,... and..
  * It doesnt actually fully work-- all imported events become read only and uneditable. You have to modify each event in the source calendar prior to export.
  Gee, that sure is a lot more open than Google's "download archive" button.
13. Re:Sure, I'll explain. by oji-sama · 2014-05-20 06:27 · Score: 1
  
  Would you mind elaborating what you are trying to do? I've never needed to export my calendar, but the ui behind the sharing seemed to be rather simple.[*] You probably have some valid criticism, but going from 'you can only get a pst file' to imported events (imported to where?) become read only (and uneditable) sounds like a non sequitur. And I wonder where you got the 'a lot more open' claim... Sorry if trying (and managing) to export my calendar from Outlook offended you.
  [*]And yet, to prevent causing further offence, exporting to files is simpler with google calendar.
  
  --
  It is what it is.
14. Re:Sure, I'll explain. by Anonymous Coward · 2014-05-20 06:31 · Score: 0
  
  Google has always been one of (if not THE) best in terms of getting your data out of their systems. As a general rule, they tend to actually follow standards, and when the existing standard isnt working, they tend to make a new one and release the specs.
  Have you tried to use Google Takeout lately? It's nearly impossible to get data out of it.
15. Re:Sure, I'll explain. by LordLimecat · 2014-05-20 07:57 · Score: 1
  
  The whole point is that Google makes it easy to say "screw you guys, I want to take my data and go somewhere else". With just about every one of their services-- including the ones they close down-- they provide an exit strategy.
  AOL, Outlook.com, and others tend to make it DIFFICULT to leave their ecosystems-- its called lock in, and its kind of a crummy strategy because no one really thinks about it until years of their data are locked up on someone's servers. The fact that theres an unofficial-and-only-partly-functional exit strategy from Outlook.com sort of reinforces this; Microsoft doesnt really value giving you an exit strategy, because theyre in favor of locking you into their system.
  In the context of Google being a "rotten" company, Im just pointing how relatively benevolent they are compared with just about any of their competitors. Im not even going into their competitor's collaboration with oppressive regimes, here, Im just looking at their relative openness.
16. Re:Sure, I'll explain. by oji-sama · 2014-05-20 08:26 · Score: 1
  
  While I understand your point, I still don't get what is so difficult with Outlook.com export.:
  Calendar (the ics is the one you want). Access to sharing is in the top bar of the page:
  
  Links to "[xxxxx] calendar" with event details Anyone with these links can view event details on this calendar View in a web browser (HTML) Import into other calendar applications (ICS) View in a feed reader (XML)
  The ICS is a http://en.wikipedia.org/wiki/W... uri, but if you want to import your calendar somewhere that doesn't understand it (most calendars do...), you can simply replace the webcal with https and do things manually...
  Mail: IMAP
  People / Contacts: There's an export function directly in the top-bar of the people page, which starts a download for .csv.
  And please note that I am not in the context of Google being a rotten company, just curious as I've visited the Outlook.com to see what it looks like. I only use OneDrive from there... most of my emails are in gmail..
  
  --
  It is what it is.
17. Re:Sure, I'll explain. by Anonymous Coward · 2014-05-20 16:54 · Score: 0
  
  The AC from http://tech.slashdot.org/comments.pl?sid=5178741&cid=47045767
  Exporting calendar events from Outlook.com to the industry standard .ics files is easy. Exporting contacts is easy too.
  Have you ever tried migrating from Outlook.com to Gmail yourself? I have done so quite some time ago, and the process is seamless and trouble-free to me.
  fact: outlook.com is just as open as Gmail is. Saying otherwise is definitely a FUD.
Trust no-one. by SuricouRaven · 2014-05-20 01:34 · Score: 1

Use Retroshare.
1. Re:Trust no-one. by bytestorm · 2014-05-20 02:42 · Score: 1
  
  Mom uses skype to talk to her friends. Mom asks why I'm not on skype because she wants to talk to me. Thus I'm running skype again.
  
  But that's OK, she doesn't have my retroshare pgp pubkey. Nobody has the precious retroshare pgp pubkey. Trust no-one. My precious.
  
  --
  .PRECIOUS: theprecious %.gpg
  
  .PHONY: hobbitses
  hobbitses:
  find $(HOME) -name '*.gpg' -exec sudo tar --remove-files rf /root/pocket.tar {} +
2. Re:Trust no-one. by CronoCloud · 2014-05-20 03:56 · Score: 1
  
  but you're supposed to share the precious gpg pubkeys! At one time, Slashdot made it easy to for slashdotters to share the precious pubkeys with a field in the profile for them. You can access them at http://slashdot.org/~username/..., but apparently they removed the field from the profile, so you can't change it if you revoke the old key and new users can't add theirs.
Hashcash, now known as Bitcoin by tepples · 2014-05-20 01:42 · Score: 1

There are proposed systems that require expensive-to-generate signatures - something where sending an email might require a minute or so of processor time.
The keyword is "hashcash".

the calculation intended to be a minor inconvenience for desktops can be a serious problem for mobile devices.
At first, I thought a mobile device could start generating hashcash once it charges past 80%. But then I tried Google hashcash mobile which brought up this article as the first result: "It seems plausible that if a system like stored Hashcash were developed, some people would prefer to purchase stored Hashcash directly instead of generating it themselves. A market for stored Hashcash would emerge, with the value being some function of the supply and demand of scarce Internet resources." Even before I started reading that article's comments, I realized that the Bitcoin network had implemented just that. Perhaps people with the money to pay the $336 per year difference between a dumbphone plan and a smartphone plan could spend a little more to buy hashcash.
Google Play Store in AOSP? by tepples · 2014-05-20 01:59 · Score: 1

Play store is included with AOSP
Since when? I thought the Google Play Store client was the one app not included with AOSP. As I understand it, the Google Play Store client is lawfully available only as a preinstalled app on devices manufactured by OHA member companies. If you're an OHA member, you can't manufacture Android-fork for other companies, and all Android devices that you make must conform to the CDD. In the early days of Android (1.x and I think early 2.x), all devices had to include a working cellular modem, which ruled out an Android-based competitor to the iPod touch. And even now, the CDD requires that the screen size presented to an application never change after installation, which severely limits the sort of multitasking that can be done on an Android tablet.
1. Re:Google Play Store in AOSP? by LordLimecat · 2014-05-20 02:08 · Score: 1
  
  Im running cyanogenmod with Play services. Theres a cryptographically-signed zip file you install which provides the services. I believe the restriction is on distributing it as a whole, and /or based on the fact that Cyanogenmod ISNT signed.
  The restriction on android, AFAIK, is that you cant label a phone as "Android by Google' or anything like that without signing onto their program.
  Restrictions on hardware dont bother me: theyre attempting to make it reasonable to create apps. Compromises over screen size are hardly an indication of being "less open"; im not even sure what "evil" spin you could put on that.
2. Re:Google Play Store in AOSP? by Anonymous Coward · 2014-05-20 02:24 · Score: 0
  
  Cyanogenmod does not ship Play Store by default, they are not an OHA member. The Play Store APK is copyrighted (close-source), and only OHA members can distribute it. If Cyanogenmod ship Play Store APK in a default install, they will be hauled to court by the rabid pack of lawyers at Mountain View.
3. Re:Google Play Store in AOSP? by Andy+Dodd · 2014-05-20 02:40 · Score: 2
  
  In short, Play Store is NOT included with AOSP.
  CM received a pretty nasty cease-and-desist letter from Google regarding gapps a few years ago. The "workaround" was that users could exctract the gapps suite from their device and reinstall it.
  And yes, the current approach doesn't quite meet that legal definition, but what is protecting CM (and other projects) is that *they are not hosting gapps* - have you noticed that for any project, when you're instructed to get gapps, you're routed *elsewhere*?
  Kinda screams "not included" to me.
  (Note: CyanogenMod 10.2 on the Oppo N1 and CM 11S on the OnePlus One are special cases. These are the ONLY devices where CM has gone through the full GMS certification/approval process.)
  
  --
  retrorocket.o not found, launch anyway?
4. Re:Google Play Store in AOSP? by Pi1grim · 2014-05-20 02:57 · Score: 1
  
  Well, google sued CM to stop them distributing GPlay. And you can't sell any device with GPlay on it, if Google doesn't give OK for that and you don't negotiate some secret terms and pass their "certification".
  And yes - Google Play Store is NOT included in AOSP and doesn't ship with AOSP or any derivatives, unless manufacturer passed the certifications, details of which are discussed on a per-case basis with Google and are subject to NDA.
5. Re:Google Play Store in AOSP? by Archangel+Michael · 2014-05-20 02:58 · Score: 1
  
  Cyanogen does ship Cyanogenmod 11 with Playstore by default, on the OnePlus One, as those devices are certified. So, your answer used to be true, but no longer is.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
6. Re:Google Play Store in AOSP? by Anonymous Coward · 2014-05-20 03:09 · Score: 0
  
  It doesn't with my Sony Xperia phone. And I believe if I were to change my Samsung Galaxy S3 firmware to Cyanogenmod, that would be the case too.
7. Re:Google Play Store in AOSP? by Anonymous Coward · 2014-05-20 03:28 · Score: 0
  
  I thought the Google Play Store client was the one app not included with AOSP.
  Not the one, one of many.
  
  In the early days of Android (1.x and I think early 2.x), all devices had to include a working cellular modem
  All 2.x devices had to have a cellular modem to be CDD compliant.
8. Re:Google Play Store in AOSP? by Anonymous Coward · 2014-05-20 03:33 · Score: 0
  
  Yes, they get away with the current situation of a separate install because most devices Cyanogenmod is targeting are already licensed for the Google Apps, so Google doesn't consider people reinstalling apps that came with the phone they bought after they flash an unofficial ROM to be enough of an infringement to go after. But when they originally bundled the Google apps preinstalled in Cyanogenmod, the letters from Google's lawyers came very promptly.
9. Re:Google Play Store in AOSP? by tepples · 2014-05-20 05:29 · Score: 1
  
  I thought the Google Play Store client was the one app not included with AOSP.
  Not the one, one of many.
  I meant it in the sense of being the linchpin. As I understand it, the other Gapps are available through, and exclusive to, Google Play Store.
  
  All 2.x devices had to have a cellular modem to be CDD compliant.
  
  Was Google aware at the time that this policy was granting essentially the entire pocket personal media player market to Apple?
10. Re:Google Play Store in AOSP? by chihowa · 2014-05-20 06:07 · Score: 1
  
  Was Google aware at the time that this policy was granting essentially the entire pocket personal media player market to Apple?
  Probably, but Google's whole thing is always connected, cloud dependent appliances. Searching, streaming, and advertising/tracking wouldn't consistently work, which would make that whole market less interesting to them.
  They don't really sell many physical products, like Apple, so there's no big push for Android on standalone devices. Then again, in the 2.x days they were still desperate for Android market penetration, so it is a little surprising that they didn't chase any market they could.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
11. Re:Google Play Store in AOSP? by dj245 · 2014-05-20 07:08 · Score: 1
  
  Was Google aware at the time that this policy was granting essentially the entire pocket personal media player market to Apple?
  Probably, but Google's whole thing is always connected, cloud dependent appliances. Searching, streaming, and advertising/tracking wouldn't consistently work, which would make that whole market less interesting to them.
  They don't really sell many physical products, like Apple, so there's no big push for Android on standalone devices. Then again, in the 2.x days they were still desperate for Android market penetration, so it is a little surprising that they didn't chase any market they could.
  It is a silly rule. There's no reason that such standalone devices couldn't use bluetooth to connect to a smartphone data plan. I'm dying to get my hands on a good car stereo based on Android, but all of the chinese units have flaws or are more expensive than what I want to pay for a chinese brand with no support. Putting a cell modem into a car stereo is prohibitively expensive and dumb when most people in such a market have a smartphone anyway.
  
  --
  Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
12. Re:Google Play Store in AOSP? by Unknown+Lamer · 2014-05-20 08:47 · Score: 1
  
  You are running Play because your phone came with Play, and the Cyanogenmod installer copies it from the stock image before installation.
  Play most assuredly is not part of AOSP.
  
  --
  
  HAL 7000, fewer features than the HAL 9000, but just as homicidal!
question by carnivore302 · 2014-05-20 02:13 · Score: 1

We have a chat system at work, based upon xmpp. In the set up of my account it says 'encryption required'. Does this mean only my chat buddies can see the messages, and my employer cannot read those chats?

--
Please login to access my lawn
1. Re:question by omnichad · 2014-05-20 02:43 · Score: 1
  
  If this is a serious question, it only means you can't sniff the messages from any network port in promiscuous mode. If work owns the server, then they have access to everything.
2. Re:question by Pi1grim · 2014-05-20 03:02 · Score: 1
  
  The encryption you are talking about is client-to-server, the encryption the article is talking about is server-to-server. If both are on, the only parties who know about the content of chats is:
  1 You
  2 Whoever you are messaging
  3 Server
  To drop the server from the list, you will need end-to-end encryption. Like OTR or GPG.
To sell twice as many devices by tepples · 2014-05-20 02:16 · Score: 2

Compromises over screen size are hardly an indication of being "less open"; im not even sure what "evil" spin you could put on that.
If the screen size never changes, then it's impossible to have two applications on the screen at once. This means apps run all maximized all the time despite a 7" tablet's screen being big enough for two phone apps, and if you want to see two apps running at the same time, you have to pay for twice as many devices.
Walled E-Mail: Facebook by DrYak · 2014-05-20 02:33 · Score: 2

Let's just hope that E-Mail doesn't suffer the same fate at the hands of GMail.
You haven't been using Facebook Messaging, recently ?
The only reason it's not considered such by all is that they still tactfully manage to avoid calling it "E-Mail".
But the set of functionality is very similar to any other webmail system (including attachement, etc.) minus the interoperability.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Walled E-Mail: Facebook by Paco103 · 2014-05-20 03:19 · Score: 1
  
  Yes, and I don't get flooded with Spam and Phishing, so I'm okay with it. And to be clear, there is a huge difference between spam and advertising. I don't mind advertising. It's clean and often targeted to something I may actually be interested in seeing or learning about. Spam on the other hand is a constant barrage of things that rarely even make sense, are only occasionally in a language I speak, and promise that a beautiful 10 right down the street from me is totally in to nerdy 5's, and I need to message her today. I get spam on ICQ and Yahoo pager, so I no longer use them. I don't get spam on Facebook (with the exception of friends and game invites that I can easily and effectively block), I get advertising.
  I'll take that trade.
2. Re:Walled E-Mail: Facebook by shutdown+-p+now · 2014-05-20 08:36 · Score: 1
  
  Didn't they say they're going to drop it recently?
Hashcash is bad for e-mail by DrYak · 2014-05-20 02:45 · Score: 1

Not a real problem for most uses
It is, it's only "not a real problem" for user sending one-to-one e-mails.
As soon as you send one-to-many e-mails (newsletter, mailing-list, announcement, or just corresponding with lots of friends) this starts to be a problem, as you need to recalculate a new hash for all mail recipient.

but a serious hold-up for spammers.
Not a hold-up, at all.
No true spammer does still mail all his/her spam from home using a single mail server (the spam will be immediately detected and blacklisted).
Spammer do routinely use botnets. As each single bot doesn't send much SPAM itself alone, each single bot won't have much problem with hashcash.
Remember, the definite characteristic of SPAM isn't that it's addressed to multiple recipient, it's that it is unsolicited.
It happens that it used to be sent simultaneously to several recipient at a time, because back then, it was best done so.
But hashcash (like many other proposed systems) are not detector for "unwantedness" of e-mail, they don't address the fundamental problem with SPAM, they only address minute detail of the way it was done in the past.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Hashcash is bad for e-mail by allo · 2014-05-21 10:02 · Score: 1
  
  > As soon as you send one-to-many e-mails (newsletter, mailing-list, announcement, or just corresponding with lots of friends) this starts to be a problem, as you need to recalculate a new hash for all mail recipient.
  This is a plus.
  If you have a legitimate use for such an amount of recipients, it will be worth the computing power. If not, it will stop your silly newsletter i do not want to receive anyway.
End-to-End vs. Server by DrYak · 2014-05-20 02:51 · Score: 1

They both server different goals.
Server encryption, helps securing the service.
But it doesn't address privacy. (the channel is only secured between 2 servers, or between a client and a server).
End-to-End encryption (like OTR) is for privacy.
It make sure that, no matter what, the message will stay encrypted during the whole transit between one user to the other user.
Even during the time spent on servers, an OTR-encrypted message is still useless and not eavesdropable.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
365? by jabberw0k · 2014-05-20 07:18 · Score: 1

Who covers leap years? (24/7 is sufficient.)
Certificate validation? by manu0601 · 2014-05-20 12:47 · Score: 1

How is certificate validation done? The server setup documentation mention no CA repository is to be configured, which suggests no validation is done.
And TLS without certificate validation is vulnerable to easy Man In The Middle attacks. It is barely more secure than plain text commuications