Afficher plus

Very good talk of Tom Hacohen about the pleasures of developing a really serious privacy-oriented application.

* everything is done on the client : changing the protocol requires to upgrade all clients
* data is encrypted client-side, the developer never sees the data, so cannot debug data-related issues.

Now, a guy with a french accent on stage. " and the right to data portability"

RFC 171 on screen (about transfer of datas between centralized silos).

Now, Veronika Nad on , and how it could benefit from free software.

(The room is not full, which is very rare for the Decentralized Internet and Privacy devroom.)

Now, panel about at . Christopher Webber, Gualter Barbas Baptista "How many people in the room have read the specification?" [Several hands, including mine] "Wow, that's a lot for a specification."

"What interested you in ?"

"It is simple to understand"

"Because it is used in "

"It is about distributing power"

" has a good model as a foundation: everything is actors sending messages to each other."

With such vague description, any protocol is ActivityPub...

"It would be cool to have a documentation of 'MastodonPub' [the actual protocol(s) needed to work with Mastodon] but we must not forget that could be used for very different things, too."

By the way, are there women working on ? The panel seems, at first glance, be all-male.

has a client-to-server protocol but nobody uses it, every ActivityPub server has its API. Is it a bad thing?

"Use cases are too different [Mastodon for chatting, Funkwhale to listen music], a common client would lead to a poor user experience."

"What I don't like in is that it uses ." Troll incoming, flame war ahead.

What is needed for the fediverse to talk to alice@7j3ncmar4jm2r3e7.onion? Webfinger and ActivityPub can work over Tor but most Mastodon instances cannot talk Tor.

Philip Homburg certifies results from his application, with .
He starts with a comparison with X.509 (1) with X.5909, you need to trust a lot of other parties 2) if the attacker controls DNS,it controls X.509 anyway). getdnsapi.net/

Speaking of , a volunteer to write a monitoring plugin with getdns? monitoring-plugins.org/

Existing plugins call dig or nslookup :-(

0952 local time: the devroom at is now full (we got refugees from other, more popular, rooms).

9 is 18 years-old. "Dealing with software that can drink legally" by Witold Kręcicki

Among the funny things: one function (2.5 kLOC) doing everything, and with goto going into switch statements).

Testing 9 with pmccabe ( complexity calculation, available in Debian). Results are bad.

Advices for : 1) Don't be smart (don't assume you've understand the code) 2) Be slow (because small changes can have inattended consequences, test often).

Claiming that enables applications to do name resolution themselves while we had a talk one hour before... Not serious.
(Another joke was pretending that you can talk to your ISP about the things they do...)

Also, the talk completely mixes the DoH protocol with its usage and its servers. The concentration in Gmail is not because of the SMTP protocol!

And saying that traffic is protected in Europe by privacy laws like is a joke: data protection authoritities (like in France) are overloaded and not interested at all in DNS, they already have a lot of work with HTTP.

Another fundamental error in that talk: mixing two very different technical issues: the protocol and the fact that each application will do its own name resolution. They are unrelated.

The last trend at : making fun of projects. Too easy: you just say "blockchain" and everybody laughes.

Petr Špaček on administration and maintenance at . Executive summary: very simple and without risk (no, I was joking).

What's is in common between Costa-Rica, Czech republic, and Switzerland ?

These three TLDs implement RFC 7344 and RFC 8078 (CDS and CDNSKEY) for automatic provisioning and maintenance.

Suivre

It is only now that I see that the default Wifi network at is -only. Proof that it works: nobody noticed.

@bortzmeyer it was broke as shit for me, and I had to disable it to do half of my things.

Ironically, some of those services do have ipv6, but they didn't get the route in bgp. Unclear why.

@phessler @bortzmeyer it was broken for me as well which looks like a regression to me, as I was able to use the IPv6-only on both computer and phone a few years ago during a previous FOSDEM

@bortzmeyer Had to enable DNS64 on my resolver last year (to check last century social network¹)

¹ Twitter

Inscrivez-vous pour prendre part à la conversation
Mastodon - Gougère Network

Vive les gougères ! mnt-by: @yapret @papaeng89