Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

XMPP Operators Begin Requiring Encryption, Google Still Not Allowing TLS

Unknown Lamer posted about 4 months ago | from the google-talk-is-the-new-internet-explorer dept.

Communications 121

Via El Reg comes news that major XMPP (formerly known as Jabber, likely the only widely used distributed instant messaging protocol other than IRC) operators have all begun requiring encryption for client-to-server and server-to-server connections. Quoting the Prosidy developers: "Last year Peter Saint-Andre laid out a plan for strengthening the security of the XMPP network. The manifesto, to date signed by over 70 XMPP service operators and software developers, offered a rallying point for those interested in ensuring the security of XMPP for its users. Today is the date that the manifesto gave for the final 'flip of the switch': as of today many XMPP services will begin refusing unencrypted connections. If you run an XMPP service, we encourage you to do the same. On the xmpp.org wiki you can find instructions for all the popular XMPP server software. While XMPP is an open distributed network, obviously no single entity can 'mandate' encryption for the whole network — but as a group we are moving in the right direction." There is a handy tool to test your server. A result worth noting is Google's: they still do not support TLS for server-to-server connections, and their sudden dropping of TLS s2s connections a few years ago is likely the primary reason operators switched off mandatory TLS for s2s (I know that's why I did it). Although Google Hangouts offers no federation, GTalk still does, but it appears that the XMPP network-at-large will now cease to federate with Google voluntarily.

cancel ×

121 comments

Sorry! There are no comments related to the filter you selected.

Google is dropping XMPP and Talk/Chat anyway (4, Informative)

The Cisco Kid (31490) | about 4 months ago | (#47045193)

So their lack of support for TLS with it is sort of a moot point.

http://tech.slashdot.org/story... [slashdot.org]

Re:Google is dropping XMPP and Talk/Chat anyway (5, Insightful)

nine-times (778537) | about 4 months ago | (#47045479)

You know, I can understand why Google might decide that XMPP isn't sufficient for the kinds of features they'd like to support, and so deciding to develop something new in-house with their desired feature set. I really wish, though, they they would open a protocol that still allowed outside people to communicate.

I just find it insane how much we're moving back in the direction of "walled gardens" everywhere. There was a time when most people's exposure to online interaction were services like Compuserve, AOL, and Prodigy, and those services couldn't talk to each other. I think we're headed back in that direction, except that soon we'll all be on services like Google+, Facebook, and Twitter, and those services won't talk to each other.

We really need a revolution soon, or I think we're going to find that we don't like where we end up. I know it sounds trivial because these are all free services, and most of what's communicated on them is trivial anyway. Still, it's transforming the Internet into a less free place, where we're all at the whim of a small handful of companies. I think it's a bigger problem than we've yet realized.

Re:Google is dropping XMPP and Talk/Chat anyway (2)

Charliemopps (1157495) | about 4 months ago | (#47045623)

It's about choice. I can understand that we should always have choice. But the idea that we shouldn't be able to "choose" a walled garden if we want one seems ass-backward to me. Do you remember CompuServe, AOL and prodigy? There were plenty of others as well... some of them were Awesome. I loved CompuServe. I wouldn't go back now... but if some people want to, why shouldn't they have the choice to do so? Googles pretty darned open compared to most other modern tech companies. If they want to offer some services that aren't as open, because it will make some people who don't care about openness have a better experience, why not? Let me know when "open" isn't a choice I can make. Then I'll get out my picket sign.

Re:Google is dropping XMPP and Talk/Chat anyway (0)

Anonymous Coward | about 4 months ago | (#47045997)

Let me know when "open" isn't a choice I can make. Then I'll get out my picket sign.

By that time it will be too late to get out do anything, you'll have to post your protests post on twitter/google+/facebook ...

Re:Google is dropping XMPP and Talk/Chat anyway (5, Insightful)

Pi1grim (1956208) | about 4 months ago | (#47046089)

That's BS. All this achieves is pushes you into the same zoo of IM clients that stretches from the 90-s. ICQ, Odigo, MSN, Gadu, Skype, XMPP and now all the mobile IMs are all dreaming of being The One. I'm so glad all this corporate "there can be only one and it should be us" broke out after email was standartized. Because right now, several decades from it's invention, we're still stuck with it. No matter how ugly or unsuitable for modern needs the protocol is and how many ugly hacks have been applied to it. Just because this is the only universal communication method. You can send a message and receiver will get it regardless of what mail service it uses.

Back in the day google's tech team though that something similar should be done for IM market and supported XMPP. But then, they decided that this product was too good, to let other people, who don't use google's services to use it to contact the ones already in the Google's web of services. "Everyone should get a google ID." And now hopes of other players are even dimmer than they ever were. Looks like my dream, where people from facebook, google, univercity network and some corporate IM system can get into one conference and chat is a pipe dream.

I don't care for internal protocols, features and such. I just want interoperability between servers. Let john@google.com message jane@facebook.com and any other server that has supported XMPP server. I worked great for email, by the hell do you try to introduce walled gardens and cause pain to your users?

Re:Google is dropping XMPP and Talk/Chat anyway (1)

dpilot (134227) | about 4 months ago | (#47046893)

Go ahead and choose your walled garden, I won't stop you.

But from where I sit, it looks like everything that connects to the home is going to walled gardens, and open as an option is fading away.

Serious proposal: Allow a "fast lane" by any/all ISPs. They've got such a hard-on for a fast lane that they're going to keep buying legislators until they get one. Then place a limit on it. The fast lane can only be X times faster than the "neutral net lane", and NO traffic shaping or limits are allowed on that lane, other than being 1/X the speed of the fast lane. Plus X needs to be a legally asserted and testable value.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

nine-times (778537) | about 4 months ago | (#47047017)

I'm not talking about taking away your choice to be in a walled garden. I haven't suggested any method to stop you from logging onto Facebook and only using Facebook.

But going with that example, I'm just suggesting that, as more and more of our communications get rammed into Facebook, and if Facebook doesn't have protocols to connect without outside systems, we're going to have a problem.

Re:Google is dropping XMPP and Talk/Chat anyway (2)

MoonlessNights (3526789) | about 4 months ago | (#47045669)

They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs. As far as I can tell, this was purely to thicken the walls on the garden.

This is the problem with anyone becoming too big within an otherwise open space: there is no reason for them to play nice when they have de facto control. Let's just hope that E-Mail doesn't suffer the same fate at the hands of GMail.

I have said almost word-for-word what you just said about walled gardens (even using Compuserve and AOL as examples) so I am totally in agreement with your concerns on that front.

Walled E-Mail: Facebook (2)

DrYak (748999) | about 4 months ago | (#47046101)

Let's just hope that E-Mail doesn't suffer the same fate at the hands of GMail.

You haven't been using Facebook Messaging, recently ?
The only reason it's not considered such by all is that they still tactfully manage to avoid calling it "E-Mail".
But the set of functionality is very similar to any other webmail system (including attachement, etc.) minus the interoperability.

Re:Walled E-Mail: Facebook (1)

Paco103 (758133) | about 4 months ago | (#47046573)

Yes, and I don't get flooded with Spam and Phishing, so I'm okay with it. And to be clear, there is a huge difference between spam and advertising. I don't mind advertising. It's clean and often targeted to something I may actually be interested in seeing or learning about. Spam on the other hand is a constant barrage of things that rarely even make sense, are only occasionally in a language I speak, and promise that a beautiful 10 right down the street from me is totally in to nerdy 5's, and I need to message her today. I get spam on ICQ and Yahoo pager, so I no longer use them. I don't get spam on Facebook (with the exception of friends and game invites that I can easily and effectively block), I get advertising.

I'll take that trade.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Pi1grim (1956208) | about 4 months ago | (#47046119)

They did explain. You just didn't listen good enough. XMPP interoperability wouldn't let google force people into their services and would let people run third-party services and yet enjoy the luxury of communicating with those, who used Google as their one-stop-shop for all online needs. Clearly that had to be stopped. I'm expecting a similar move for GMail, only much swifter (those damn users are too used to the stupid idea of email being cross-server, not being locked-in).

Re:Google is dropping XMPP and Talk/Chat anyway (1)

IamTheRealMike (537420) | about 4 months ago | (#47046869)

They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs. As far as I can tell, this was purely to thicken the walls on the garden.

I think it's obvious isn't it? The "Hangouts" product works in a fundamentally different way to XMPP. In particular, it's trying to be a WhatsApp competitor, which means users are identified by things which are not JIDs, like verified phone numbers and Google+ profiles. What's more the entire thing on mobile runs over the C2DM system which uses tightly packed binary protocols to save bandwidth and battery instead of XML. GTalk had been architecturally moving away from XMPP for years as the product evolved, it's hardly surprising that this trend continued.

As to why they stopped caring about federation, I'd guess the answer is: nobody uses it (except spammers). Heck, I'm a technical guy with lots of technical colleagues and friends, mostly using GTalk, and zero of them use a federated XMPP server. XMPP just is not competitive and is a market failure as a result. Or can you give me one good, solid reason why an ordinary person would want to use a non-Google XMPP server? No ideology please, just practical things. I can't think of one.

Re: Google is dropping XMPP and Talk/Chat anyway (1)

Dr_Marvin_Monroe (550052) | about 4 months ago | (#47047105)

Anonymity? In this age of spying on everyone, perhaps a verified name or phone number is a liability.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

psyclone (187154) | about 4 months ago | (#47048265)

Features? It's great to have the server manage groups so when a new user of Team X gets added, all of Team X shows up in their roster. File transfer is simpler and more secure using XMPP+TLS than requiring the "cloud". Persistent chat rooms (ala IRC channels) are a great way to keep people collaborating. Even IDEs like Intellij can help collaboration by sending "File Z line N" code pointers or diffs that show up right next to the code your team is working on.

That and by using OTR or trusting your own server to not log chats protects privacy. But does anyone care about privacy anymore?

Re:Google is dropping XMPP and Talk/Chat anyway (1)

nine-times (778537) | about 4 months ago | (#47047113)

They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs.

I'm not asserting that was why they did it. I'm just saying that I could understand if that was why.

It may be that if you could talk to the decision-maker inside of Google who made this decision, they'd tell you that XMPP is somehow inefficient, or it didn't offer features that they wanted. They might say that XMPP is poorly architected or something, and we might debate about whether their explanation made sense.

What I'm saying is that, if there's some technical explanation like that, then I don't object to the decision per se. However, then I would want to argue that Google should either fix it or offer a better alternative. IM, voice, and even video chats are such well understood problems at this point, that I don't believe there's a valid reason why there can't be open protocols that are shared among Hangouts, Facebook, Skype, AOL, and iMessage.

Re:Google is dropping XMPP and Talk/Chat anyway (0)

Anonymous Coward | about 4 months ago | (#47045793)

We really need a revolution soon, or I think we're going to find that we don't like where we end up.

If you want a revolution, the first step should be for you to A) use federated Jabber/XMPP, B) talk about the issue to as many people as you can and optionally C) don't use walled gardens.

Re:Google is dropping XMPP and Talk/Chat anyway (2)

Kimomaru (2579489) | about 4 months ago | (#47045839)

I hadn't really thought of it that way, that we're moving back to walled gardens. It's kinda funny. Anyway, I guess people like the comfort and convenience of walled gardens. What really bums me out isn't that the large majority of people like them, but that highly technical people do as well. I know people who, no question, can install anything including an XMPP server on extremely cheap, low power consumption hardware and yet they don't bother. They find smartphones, Windows and Apple products too delightful. When Apple insists that only Apple users can use iChat with their phones, tablets, and desktops, it compells others to buy these products as well to stay in the loop.

So, yeah, out of principle I avoid IOS and Android and stay Debian/Open Source everywhere I can. It's not a perfect solution, but it's the best one I know of.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Anonymous Coward | about 4 months ago | (#47046051)

Sure I could install my own XMPP server, no problem.

Of course, if I want to have a conversation with anyone other than myself, then I'll still need Google/Apple/Skype whatever, because let's face it, nobody uses XMPP. Sad but true.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Pi1grim (1956208) | about 4 months ago | (#47046231)

Universities, a lot of businesses, non-profits, all use XMPP because it's pretty mush the only solution that doesn't make you give up your information and can host inhouse (without costing an arm and a leg and forcing you into a vendor lock-in).

Even if you give up and drop XMPP, you will still need to use Skype, Google, WhatsApp and whatnot (all of them, not just one), because my communication circle stretches across target audiences of all those messengers and there is no silver bullet (one ideal messenger that would satisfy all people) as sometimes people want completely different things and one messenger cannot satisfy all of them.

Re: Google is dropping XMPP and Talk/Chat anyway (0)

Anonymous Coward | about 4 months ago | (#47046333)

Like it or not, facebook pretty much is that silver bullet. With the exception of places it's blocked (China is the biggest one) just about everyone has one. And the few who don't are privacy nuts who probably font use twitter or any other messaging programs either.

Re: Google is dropping XMPP and Talk/Chat anyway (1)

Pi1grim (1956208) | about 4 months ago | (#47046469)

Like it or not, but it's not a silver bullet. There is a lot of people who are disconent with Facebook as IM. Believe it or not, but around here people use Skype, WhatsApp and XMPP for IMs, facebook being the last place you'd think to reach a person.

As much as you (and Facebook execs) 'd like Facebook to be "one size fits all" - it's far from that.

Tell any decent IT security manager that you would like to use facebook as company IM and watch him laugh his behind off.

Re: Google is dropping XMPP and Talk/Chat anyway (0)

Anonymous Coward | about 4 months ago | (#47046639)

(Same AC you replied to)

True, Facebook might not be the "preferred" service, but it's a good option if you have no idea what a person uses, because just about everyone has one. I'm not 100% happy with it either, but between:

1) Its near ubiquity
2) The fact that I can use it through XMPP (not fully, but messaging works fine)
3) The fact I don't need a mobile app to access it (looking at you, WhatsApp/WeChat/etc) and the fact it also has a website

it's by far the best choice out of the current messaging choices. Jabber is better of course but fails number 1, and the others fail all 3.

And the privacy isn't THAT bad if your settings are configured right and you only use it as a messager (don't post stupid things there, and I can't see the ads in pidgin anyway, so it doesn't really matter to me)

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Pi1grim (1956208) | about 4 months ago | (#47046179)

>> Anyway, I guess people like the comfort and convenience of walled gardens.

People like comfort and convenience. Corporations love walled gardens, because they can use vendor lock-in to try and leverage their userbase into bringing more people into the same trap.

Most people won't care who pays for the services they use until the information they provided will be used against them, or until they'll lose everything at a blink of an eye for violating some ToS, it'll be too late by then, but, well, some people only learn the hard way.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

westlake (615356) | about 4 months ago | (#47046191)

What really bums me out isn't that the large majority of people like them, but that highly technical people do as well. I know people who, no question, can install anything including an XMPP server...

Not everyone wants to be technician or engineer 24-7-365.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Kimomaru (2579489) | about 4 months ago | (#47046569)

Joking? Don't need to be a 24-7-365 technician or engineer, any technical person knows this. Small, 5v server costs 80 dollars (cubieboard or cubietruck). Debian costs nothing. I run xmpp and mumble on it. System updates with cron. Can't remember when last I actually logged into it, it's just there and I use it. My toaster gives me more trouble.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

nine-times (778537) | about 4 months ago | (#47047811)

I actually think there's a bit of a cultural problem in the tech community, in that the issue of "openness" has become polarized. On one side, you have people who think openness absolutely doesn't matter, and they seem to have no problem with the "walled gardens". On the other side, you have FOSS advocates who seem to have a militant agenda to replace everything with Debian.

I would take the position that closed source software is fine, and in fact, it's good to have a diverse software ecosystem with different developers taking different approaches, open and closed source both. However, I think we should push a militant agenda for open formats and open protocols.

For example, if Google wants to have their own closed-source Hangouts app, and Facebook wants their Messenger app, and Pidgin wants to produce an open source messaging app, that's all fine. That's great, in fact. However, we should try to get them to round everyone up and agree on messaging protocols that allow users of one IM platform to communicate with users of another platform.

The equivalent for email would be if we all lived in a world where Gmail users could only email other Gmail users, and Hotmail users could only email other Hotmail users. I'm just saying, let's go ahead and develop something like SMTP so that they can talk to each other.

Re:Google is dropping XMPP and Talk/Chat anyway (0)

Anonymous Coward | about 4 months ago | (#47046535)

We don't need a revolution; we just need you to vote. We aren't moving toward walled gardens. Walled gardens exist, and some people are taking them seriously, although I don't actually know a single person who uses Google Talk, so these anecdotes are hardly confirmed. You don't have to do anything so silly. It is as effortless as Just Saying No. Keep running jabberd (or whatever yours is), and if you ever meet one of those Google Talk people (I bet you never well, but let's just say hypothetically) then tell 'em to upgrade their software.

Ballot box. If we can't establish a level of giving-a-fuck to that level, then there's no point in talking about ammo boxes and revolution.

Is Google blocking XMPP on their munical fiber networks, or something like that? What is the part you're leaving out? It's like you heard that your father's brother's nephew's cousin's former roommate bought a Windows Phone and that somehow means you're not allowed to use your N900 anymore.

Re:Google is dropping XMPP and Talk/Chat anyway (1)

Man On Pink Corner (1089867) | about 4 months ago | (#47047289)

We really need a revolution soon, or I think we're going to find that we don't like where we end up. I know it sounds trivial because these are all free services, and most of what's communicated on them is trivial anyway. Still, it's transforming the Internet into a less free place, where we're all at the whim of a small handful of companies. I think it's a bigger problem than we've yet realized.

(Shrug) The next revolution will be co-opted to sell ads, just like the last one was. I don't know what we need, but it's not another "revolution."

only now? (-1)

Anonymous Coward | about 4 months ago | (#47045199)

My company uses Lync. Glad we do too since it has been fully encrypted by default since about 2003.

Do the same for EMAIL (0)

Anonymous Coward | about 4 months ago | (#47045209)

We should do the same for all EMAIL. Require encrypted connections. Eliminate spam while we're at it.

Re: Do the same for EMAIL (1)

jackspenn (682188) | about 4 months ago | (#47045247)

How does requiring encryption for email ensure SPAM goes away?

Re: Do the same for EMAIL (1)

BradMajors (995624) | about 4 months ago | (#47045397)

It makes it easier to identify the source of the SPAM.

Re: Do the same for EMAIL (1)

SuricouRaven (1897204) | about 4 months ago | (#47045517)

There are proposed systems that require expensive-to-generate signatures - something where sending an email might require a minute or so of processor time. Not a real problem for most uses, but a serious hold-up for spammers. Never took off though, and there are some issues - it just gives spammers an incentive to control a botnet, and the calculation intended to be a minor inconvenience for desktops can be a serious problem for mobile devices.

Hashcash, now known as Bitcoin (1)

tepples (727027) | about 4 months ago | (#47045659)

There are proposed systems that require expensive-to-generate signatures - something where sending an email might require a minute or so of processor time.

The keyword is "hashcash".

the calculation intended to be a minor inconvenience for desktops can be a serious problem for mobile devices.

At first, I thought a mobile device could start generating hashcash once it charges past 80%. But then I tried Google hashcash mobile which brought up this article [cdixon.org] as the first result: "It seems plausible that if a system like stored Hashcash were developed, some people would prefer to purchase stored Hashcash directly instead of generating it themselves. A market for stored Hashcash would emerge, with the value being some function of the supply and demand of scarce Internet resources." Even before I started reading that article's comments, I realized that the Bitcoin network had implemented just that. Perhaps people with the money to pay the $336 per year difference between a dumbphone plan and a smartphone plan could spend a little more to buy hashcash.

Hashcash is bad for e-mail (1)

DrYak (748999) | about 4 months ago | (#47046237)

Not a real problem for most uses

It is, it's only "not a real problem" for user sending one-to-one e-mails.
As soon as you send one-to-many e-mails (newsletter, mailing-list, announcement, or just corresponding with lots of friends) this starts to be a problem, as you need to recalculate a new hash for all mail recipient.

but a serious hold-up for spammers.

Not a hold-up, at all.
No true spammer does still mail all his/her spam from home using a single mail server (the spam will be immediately detected and blacklisted).
Spammer do routinely use botnets. As each single bot doesn't send much SPAM itself alone, each single bot won't have much problem with hashcash.

Remember, the definite characteristic of SPAM isn't that it's addressed to multiple recipient, it's that it is unsolicited.
It happens that it used to be sent simultaneously to several recipient at a time, because back then, it was best done so.

But hashcash (like many other proposed systems) are not detector for "unwantedness" of e-mail, they don't address the fundamental problem with SPAM, they only address minute detail of the way it was done in the past.

Re: Do the same for EMAIL (1)

omnichad (1198475) | about 4 months ago | (#47045975)

That would come from requiring valid certificates, not from encryption. A common part of it, but not necessarily required.

Re: Do the same for EMAIL (1)

omnichad (1198475) | about 4 months ago | (#47046013)

And by valid, I mean signed by a trusted CA.

Re: Do the same for EMAIL (1)

koinu (472851) | about 4 months ago | (#47046463)

Point is, the only CA I trust is the one I created myself. And by this I mean: self-signed certificates are the most reliable. And by this, I imply: "net of trust" type trust is generally the best solution. And that's why I conclude that CAs are generally shitty, because I don't know who signs what there and I consider PGP as the best solution for handling of trust.

Re: Do the same for EMAIL (1)

omnichad (1198475) | about 4 months ago | (#47046557)

If you like being on an island in the Pacific of the Internet, I'm sure that's fine. It would certainly stop the spam.

Not evil, but definitely rotting from within (3, Interesting)

TrentTheThief (118302) | about 4 months ago | (#47045263)

Google is acquiring all of the arrogant bullshit attitudes and implementing arbitrary rules and standards just the same way that microsoft did.

It's a sad shame. But an evil empire smells not different from an empire that's rotting.

Re:Not evil, but definitely rotting from within (0)

LordLimecat (1103839) | about 4 months ago | (#47045463)

You're gonna have to explain that. They currently are behind development of the most popular (And open source!) mobile OS out there, the most popular (and "mostly" open source) desktop browser out there, the most popular (in the west) search engine out there, and one of the most popular (and very open) email systems out there.

It's notable that they continue to be a voice of reason in the security world (with this being a notable exception), having given very solid reasons for why they dont do security theatre with their Chrome password store, why they use CRLSets instead of an ineffective soft-fail CRL system, their rapid switch away from AES-CBC to RC4 when BEAST came out, and so on.

Probably the worst that could be said for them recently is that they went way overboard in their attempt to make Google+ a "thing".

In a lot of ways, Google continues to be a prime example of a company that "gets it" (when its not pushing failed social networks). Theyre embracing security, encryption, mobile computing, and wearable tech (which is coming whether anyone wants it or not). Im not clear in what sense you could consider them to be "rotting".

Re:Not evil, but definitely rotting from within (0)

Anonymous Coward | about 4 months ago | (#47045531)

They did, by the way, install some security theater for Chrome password store in the last few months.

Re:Not evil, but definitely rotting from within (1)

LordLimecat (1103839) | about 4 months ago | (#47045565)

Thats disappointing. I guess PR wins over well-reasoned policy every time.

Sure, I'll explain. (1)

Anonymous Coward | about 4 months ago | (#47045537)

They currently are behind development of the most popular (And open source!) mobile OS out there

... which is getting progressively less open, as more and more things move from the OS proper to Play Services (which is both closed and heavily license encumbered.)

, the most popular (and "mostly" open source) desktop browser out there

... which has forked its rendering engine, no longer uses standard widget toolkits, and incorporates a number of proprietary extensions (like DRM for HTML5 video).

and one of the most popular (and very open) email systems out there.

... which is a meaningless phrase, since it's just as "open" as every other functional e-mail service. Outlook.com is every bit as open, and every bit as closed as GMail.

Re:Sure, I'll explain. (0)

LordLimecat (1103839) | about 4 months ago | (#47045617)

... which is getting progressively less open, as more and more things move from the OS proper to Play Services (which is both closed and heavily license encumbered.)

Utter bull. Play store is included with AOSP. THe service itself is hosted, and most certainly not a "part of the OS" (particularly as you are able to side load and install third party stores, like Amazon's).

The Blink rendering engine was forked because it was being developed by Apple with a lot of apple-specific stuff, like the Safari-only JS engine (which chrome never used), and it made zero sense to continue to be tied down. Blink does, however, remain open source, so im not clear what your beef is.

... which is a meaningless phrase, since it's just as "open" as every other functional e-mail service

No, not even remotely. Try exporting your email and contacts out of AOL or Verizon. Google has always been one of (if not THE) best in terms of getting your data out of their systems. As a general rule, they tend to actually follow standards, and when the existing standard isnt working, they tend to make a new one and release the specs.

You mentioned Outlook: lets have a look at exporting data from them: [microsoft.com]
Export Outlook items to an Outlook Data File (.pst)

Yea, thats super open. A PST file: a proprietary, poorly understood format that requires Outlook to pull data from. Compare to Google [blogspot.com] , where you can get a zip file of all of your data to be used with whatever you want.

Re:Sure, I'll explain. (0)

LordLimecat (1103839) | about 4 months ago | (#47045627)

Looks like I was wrong-- there actually isnt a way to export from Outlook.com. You can use the Outlook client to pull everything and then create a PST, but they dont actually offer a way out without a client.

The comparison is ridiculous.

Re:Sure, I'll explain. (0)

Anonymous Coward | about 4 months ago | (#47045767)

The AC mentioned Outlook.com, not the Outlook client. Exporting data out from Outlook.com is very easy.

Google Play Store is closed and heavily encumbered. Unless you are a member of Open HAndset Alliance, you cannot ship Play Store in your custom Android fork.

Re:Sure, I'll explain. (1)

LordLimecat (1103839) | about 4 months ago | (#47045855)

Can you show how to export from Outlook.com? Because everything I found says you cant, except through the Outlook client and a PST export.

Re:Sure, I'll explain. (0)

Anonymous Coward | about 4 months ago | (#47045939)

Let say I want to migrate from Outlook.com to Gmail. All I have to do is to configure my Gmail account to pull all my Outlook.com messages via POP3. You can also do this via IMAP through Outlook client but you must have fast Internet access. I can also import calendars and address book from Outlook.com via the export/import method.

Re:Sure, I'll explain. (1)

oji-sama (1151023) | about 4 months ago | (#47045971)

Server: imap-mail.outlook.com Server port: 993 Encryption: SSL

Re:Sure, I'll explain. (1)

Archangel Michael (180766) | about 4 months ago | (#47046279)

Same is available with GMAIL as well.

Re:Sure, I'll explain. (1)

oji-sama (1151023) | about 4 months ago | (#47046789)

Yep, I'm not an Outlook mail user...

Re:Sure, I'll explain. (1)

LordLimecat (1103839) | about 4 months ago | (#47046683)

Pretty sure that doesnt cover contacts and calendar. That just does mail.

Re:Sure, I'll explain. (1)

oji-sama (1151023) | about 4 months ago | (#47046899)

And yet you can export your calendar in ics format as well from the page. Tried it myself (although I am pretty sure I have zero events nicely going along with the single welcome mail there)... The Calendar export might have been better named (share), but the contacts one was clearer.

Can you show how to export from Outlook.com? Because everything I found says you cant, except through the Outlook client and a PST export.

google: outlook.com export calendar

Re:Sure, I'll explain. (1)

LordLimecat (1103839) | about 4 months ago | (#47048479)

According to the results in the Microsoft forum,
  * Its not an official method-- nor is really supported (the mods recommend you ask for it in feedback tho!)
  * Its pretty roundabout,... and..
  * It doesnt actually fully work-- all imported events become read only and uneditable. You have to modify each event in the source calendar prior to export.

Gee, that sure is a lot more open than Google's "download archive" button.

Google Play Store in AOSP? (1)

tepples (727027) | about 4 months ago | (#47045783)

Play store is included with AOSP

Since when? I thought the Google Play Store client was the one app not included with AOSP. As I understand it, the Google Play Store client is lawfully available only as a preinstalled app on devices manufactured by OHA member companies. If you're an OHA member, you can't manufacture Android-fork for other companies, and all Android devices that you make must conform to the CDD. In the early days of Android (1.x and I think early 2.x), all devices had to include a working cellular modem, which ruled out an Android-based competitor to the iPod touch. And even now, the CDD requires that the screen size presented to an application never change after installation [slashdot.org] , which severely limits the sort of multitasking that can be done on an Android tablet.

Re:Google Play Store in AOSP? (1)

LordLimecat (1103839) | about 4 months ago | (#47045849)

Im running cyanogenmod with Play services. Theres a cryptographically-signed zip file you install which provides the services. I believe the restriction is on distributing it as a whole, and /or based on the fact that Cyanogenmod ISNT signed.

The restriction on android, AFAIK, is that you cant label a phone as "Android by Google' or anything like that without signing onto their program.

Restrictions on hardware dont bother me: theyre attempting to make it reasonable to create apps. Compromises over screen size are hardly an indication of being "less open"; im not even sure what "evil" spin you could put on that.

To sell twice as many devices (2)

tepples (727027) | about 4 months ago | (#47045915)

Compromises over screen size are hardly an indication of being "less open"; im not even sure what "evil" spin you could put on that.

If the screen size never changes, then it's impossible to have two applications on the screen at once. This means apps run all maximized all the time despite a 7" tablet's screen being big enough for two phone apps, and if you want to see two apps running at the same time, you have to pay for twice as many devices.

Re:Google Play Store in AOSP? (0)

Anonymous Coward | about 4 months ago | (#47045999)

Cyanogenmod does not ship Play Store by default, they are not an OHA member. The Play Store APK is copyrighted (close-source), and only OHA members can distribute it. If Cyanogenmod ship Play Store APK in a default install, they will be hauled to court by the rabid pack of lawyers at Mountain View.

Re:Google Play Store in AOSP? (1)

Archangel Michael (180766) | about 4 months ago | (#47046371)

Cyanogen does ship Cyanogenmod 11 with Playstore by default, on the OnePlus One, as those devices are certified. So, your answer used to be true, but no longer is.

Re:Google Play Store in AOSP? (0)

Anonymous Coward | about 4 months ago | (#47046479)

It doesn't with my Sony Xperia phone. And I believe if I were to change my Samsung Galaxy S3 firmware to Cyanogenmod, that would be the case too.

Re:Google Play Store in AOSP? (0)

Anonymous Coward | about 4 months ago | (#47046699)

Yes, they get away with the current situation of a separate install because most devices Cyanogenmod is targeting are already licensed for the Google Apps, so Google doesn't consider people reinstalling apps that came with the phone they bought after they flash an unofficial ROM to be enough of an infringement to go after. But when they originally bundled the Google apps preinstalled in Cyanogenmod, the letters from Google's lawyers came very promptly.

Re:Google Play Store in AOSP? (2)

Andy Dodd (701) | about 4 months ago | (#47046177)

In short, Play Store is NOT included with AOSP.

CM received a pretty nasty cease-and-desist letter from Google regarding gapps a few years ago. The "workaround" was that users could exctract the gapps suite from their device and reinstall it.

And yes, the current approach doesn't quite meet that legal definition, but what is protecting CM (and other projects) is that *they are not hosting gapps* - have you noticed that for any project, when you're instructed to get gapps, you're routed *elsewhere*?

Kinda screams "not included" to me.

(Note: CyanogenMod 10.2 on the Oppo N1 and CM 11S on the OnePlus One are special cases. These are the ONLY devices where CM has gone through the full GMS certification/approval process.)

Re:Google Play Store in AOSP? (1)

Pi1grim (1956208) | about 4 months ago | (#47046359)

Well, google sued CM to stop them distributing GPlay. And you can't sell any device with GPlay on it, if Google doesn't give OK for that and you don't negotiate some secret terms and pass their "certification".

And yes - Google Play Store is NOT included in AOSP and doesn't ship with AOSP or any derivatives, unless manufacturer passed the certifications, details of which are discussed on a per-case basis with Google and are subject to NDA.

Re:Google Play Store in AOSP? (0)

Anonymous Coward | about 4 months ago | (#47046653)

I thought the Google Play Store client was the one app not included with AOSP.

Not the one, one of many.

In the early days of Android (1.x and I think early 2.x), all devices had to include a working cellular modem

All 2.x devices had to have a cellular modem to be CDD compliant.

Re:Google Play Store in AOSP? (1)

tepples (727027) | about 4 months ago | (#47048069)

I thought the Google Play Store client was the one app not included with AOSP.

Not the one, one of many.

I meant it in the sense of being the linchpin. As I understand it, the other Gapps are available through, and exclusive to, Google Play Store.

All 2.x devices had to have a cellular modem to be CDD compliant.

Was Google aware at the time that this policy was granting essentially the entire pocket personal media player market to Apple?

Re:Google Play Store in AOSP? (1)

chihowa (366380) | about 4 months ago | (#47048553)

Was Google aware at the time that this policy was granting essentially the entire pocket personal media player market to Apple?

Probably, but Google's whole thing is always connected, cloud dependent appliances. Searching, streaming, and advertising/tracking wouldn't consistently work, which would make that whole market less interesting to them.

They don't really sell many physical products, like Apple, so there's no big push for Android on standalone devices. Then again, in the 2.x days they were still desperate for Android market penetration, so it is a little surprising that they didn't chase any market they could.

Re:Sure, I'll explain. (1)

chihowa (366380) | about 4 months ago | (#47046133)

Utter bull. Play store is included with AOSP.

Utter bull, indeed.

You're referring to the entirely closed-source bundle that you download from the not-at-all-sketchy-sounding site, goo-inside.me, right? The one that's signed with a self-signed certificate?

The same Google Apps that increasingly contains closed source versions of what used to be open source OS components [arstechnica.com] ? Yeah, I'm not sure what "evil" spin you could put on this totally "open" behavior of Google's...

Re:Not evil, but definitely rotting from within (1)

Curunir_wolf (588405) | about 4 months ago | (#47045579)

In a lot of ways, Google continues to be a prime example of a company that "gets it" (when its not pushing failed social networks). Theyre embracing security, encryption, mobile computing, and wearable tech (which is coming whether anyone wants it or not). Im not clear in what sense you could consider them to be "rotting".

The GP was comparing Google too Microsoft. He meant that Microsoft is "rotting", not Google. But was making the point that Google "smells" the same, because while they may not be rotting, they are clearly just as evil.

Re:Not evil, but definitely rotting from within (1)

LordLimecat (1103839) | about 4 months ago | (#47045647)

Yea, opensourcing all of that stuff, contributing to Linux, and offering exit strategies from their ecosystem ("heres a zipfile with all of your data!") is super evil.

Re: Not evil, but definitely rotting from within (0)

Anonymous Coward | about 4 months ago | (#47045697)

So how much does Google pay you anyway?

Re: Not evil, but definitely rotting from within (0)

Anonymous Coward | about 4 months ago | (#47045811)

probably a hell of a lot better than you get paid by microsoft to troll.

Re: Not evil, but definitely rotting from within (1)

LordLimecat (1103839) | about 4 months ago | (#47045821)

I just get upset when geeks insist on shooting themselves in the foot by decrying the only major internet company that actually FIGHTS requests for data from the government.

But hey if you want to run crying to Microsoft (who reports Skype calls to Chinese authorities) or Yahoo (who outs dissident bloggers in China), go right ahead. Myself, Id rather stick with the camp who actually has some degree of integrity. Have fun with whoever else you choose, and dont come crying to me when you end up in trouble with an authoritarian regime because of it.

Re: Not evil, but definitely rotting from within (0)

Anonymous Coward | about 4 months ago | (#47045979)

Lost it at 'FIGHTS'.

Re: Not evil, but definitely rotting from within (0)

Anonymous Coward | about 4 months ago | (#47046087)

How about not treating companies who just want to make money either by selling you stuff or using you as a product (Google) as being "in your camp" ?

disclaimer: I do use some Google services since they are convenient and work well, but never I would consider them to be my buddy. I also owned a Microsoft mouse once since it was good quality and worked well.

Re: Not evil, but definitely rotting from within (1)

Curunir_wolf (588405) | about 4 months ago | (#47047155)

I just get upset when geeks insist on shooting themselves in the foot by decrying the only major internet company that actually FIGHTS requests for data from the government.

Shows how gullible you are to think that Google actual does that. What, you didn't buy the exact same marketing from other companies making the same claim? Even Zuckerburg tried to imply that he did, too.

What about how Google puts your website behind a big red WARNING SECURITY VIOLATOR BAD WEBSITE banner because you linked to an image that was hosted on a site that Google claimed (unilaterally with no hope of appeal) violated their insane TOS?

Don't even get me started about Google's compliance with censorship regimes. Google are Internet bullies. Period.

Re:Not evil, but definitely rotting from within (1)

Anonymous Coward | about 4 months ago | (#47045891)

Google is racing to close every facet of Android they conceivably can.
Their browser may be mostly open source, but they certainly have evil intentions within (ie. search from address bar)
Their search engine being the most popular has nothing to do with their evil motives. Nothing about the search engine is "open" and it is certainly driven by ads and data mining.
How is gmail very "open"? Open in the sense that the content of every message is waded through for valuable statistics/data on you and the other end of your conversations?

The only thing Google "gets it" for, as you say, is making money. They are a big corporation driven by dollars like any other. Why are they such angels in your eyes?

Re:Not evil, but definitely rotting from within (1)

Kimomaru (2579489) | about 4 months ago | (#47045961)

Going to have to disagree. "Mostly" open source can be as much of a problem as no open source at all. It depends on what parts they don't subject to public scrutiny, no? Also, not sure why you would mention how popular a platform is as it is irrelevant to the central issue. Something can be popular and terrible. The biggest problem is that companies can afford to do whatever they like and be altruistic when they're small and struggling, but when they become giants they must inevitably play by a different set of rules. In previous generations, this used to be reffered to as "selling out", but millenials are not familiar with this term because it has become the standard in modern culture. I understand the need to succeed and excel, but what is our culture left with if we compromise our integrity for sports cars.

Personally, I'm highly suspicious of anything that is wildly popular. It's never long before that thing is covered in controversy.

Re:Not evil, but definitely rotting from within (1)

Pi1grim (1956208) | about 4 months ago | (#47046309)

>> They currently are behind development of the most popular (And open source!) mobile OS out there,

And they are quietly dragging all the open source parts into closed source framework called Google Services, trying to create a vendor lock-in for the apps, so that it's impossible to run software on AOSP without Google Services Framework, which is closed source and completely controled by google. Messaging app is gone (hangouts to the rescue), so is Gallery (hello Google+ Photos, yuck) and a lot of other, smaller things are all being sucked into closed source with their open source variants being left behind and abandoned.

>> the most popular (and "mostly" open source) desktop browser out there

_mostly_ open source. Do you even listen to yourself? Chrome has a fair share of closed source code with important functionality. Chromium is impaired compared to Chrome in terms of functionality.

>> having given very solid reasons for why they dont do security theatre with their Chrome password store

You mean encrypting user passwords with user key and allowing to self-host open source synchronization servers, like firefox does is "theater" ?

>> Im not clear in what sense you could consider them to be "rotting".

In the sense that google stopped being on the forefront of open web and started trying to become the web. Because it's easier to earn money this way. And in the short run, you might even score a nice bonus. As for the long run - who cares for the long run, when there is a nice cash bonus?

End to End is the goal (5, Interesting)

Anonymous Coward | about 4 months ago | (#47045269)

Why is why Google will drop XMPP. You can use plugins for true end-to-end encryption. This disallows Google from reading your chats which it will never stand for.

Re:End to End is the goal (0)

LordLimecat (1103839) | about 4 months ago | (#47045469)

I got the impression that they were dropping XMPP because it wasnt "Google+".

I also wonder whether theyre gonna change their stance now that theyre no longer going whole-hog on G+ integration with everything.

End-to-End vs. Server (1)

DrYak (748999) | about 4 months ago | (#47046295)

They both server different goals.

Server encryption, helps securing the service.
But it doesn't address privacy. (the channel is only secured between 2 servers, or between a client and a server).

End-to-End encryption (like OTR) is for privacy.
It make sure that, no matter what, the message will stay encrypted during the whole transit between one user to the other user.
Even during the time spent on servers, an OTR-encrypted message is still useless and not eavesdropable.

Catching up to Microsoft (0)

Anonymous Coward | about 4 months ago | (#47045277)

No one would ever have expected Google to make the transition from evil to incompetent so quickly.

Re: Catching up to Microsoft (1)

Anonymous Coward | about 4 months ago | (#47045339)

Fuck beta. When I press BACK from the Twitter login page you took me to against my will, it doesn't mean I want to immediately send my partially complete post anonymously.

kinda misses the point. (2, Informative)

nimbius (983462) | about 4 months ago | (#47045281)

Google is pretty well seated in the back pocket of the US government. Even if they were to endorse TLS it doesnt preclude them from silently forwarding all your conversations to the NSA.
Voluntarily ceasing to federate is the logical conclusion to a software project run by people who care about their users, so nothing special here. However, voluntarily ablating yourself from Google, Facebook, Twitter, snapchat, and other "social" sites is probably a longterm goal to which we should all strive.

adblock, noscript, and ssl everywhere are all valid tools. For Android users AdAway can be found on F-Droid.org. Your alternative search engine is Duckduckgo.com, and although its nowhere near as powerful openstreetmaps can be used in place of google maps quite often. Alternative free email can be found at freeshell.org (it includes webmail too.) Use unbound for DNS recursion instead of Google, or use www.opennicproject.org.

Re:kinda misses the point. (0)

Anonymous Coward | about 4 months ago | (#47045451)

Google completely broke XMPP federation anyway, so who cares. Google wants to keep everyone inside their walled trash yard.

Re:kinda misses the point. (1)

pr0fessor (1940368) | about 4 months ago | (#47045491)

Unless NSA stands for National Sales and Advertising I'm not sure they are the ones I would worry about. Google does an awful lot of targeted advertising.

Re:kinda misses the point. (0)

Anonymous Coward | about 4 months ago | (#47048371)

"Voluntarily ablating yourself" is not a useful way to defend democracy because most people will continue to use Google. I understand you are trying to reclaim power over your own life but this doesn't give you power over the future of the society you live in which is the more relevant thing here. so, actually it's you missing the point.

Catching up to Microsoft fast (0)

jrumney (197329) | about 4 months ago | (#47045297)

No one ever expected Google to make the transition from evil to incompetent so quickly. There must be some chairs flying in the boardroom of Microsoft.

Re:Catching up to Microsoft fast (0)

LordLimecat (1103839) | about 4 months ago | (#47045475)

You're going to have to explain how being behind the most popular
  * Smartphone OS
  * Desktop browser, and
  * Search engine

Makes one incompetent. Their market share of those things isnt declining, either.

Re:Catching up to Microsoft fast (1)

MoonlessNights (3526789) | about 4 months ago | (#47045685)

You are going to have to explain how popularity precludes incompetence.

Re: Catching up to Microsoft fast (0)

Anonymous Coward | about 4 months ago | (#47045735)

Will you shut up already? We get it. You're a Google lover. Great. Now fuck off.

Re:Catching up to Microsoft fast (0)

Anonymous Coward | about 4 months ago | (#47045941)

Please, stfu already. You're a shill and we get it. Go annoy other people with your lies and Google fallacies.

Re:Catching up to Microsoft fast (0)

Anonymous Coward | about 4 months ago | (#47045995)

When most everyone uses Android as a super feature phone and not an actual smart phone, it's incompetence.

Trust no-one. (1)

SuricouRaven (1897204) | about 4 months ago | (#47045609)

Use Retroshare.

Re:Trust no-one. (1)

bytestorm (1296659) | about 4 months ago | (#47046203)

Mom uses skype to talk to her friends. Mom asks why I'm not on skype because she wants to talk to me. Thus I'm running skype again.

But that's OK, she doesn't have my retroshare pgp pubkey. Nobody has the precious retroshare pgp pubkey. Trust no-one. My precious.

--
.PRECIOUS: theprecious %.gpg

.PHONY: hobbitses
hobbitses:
find $(HOME) -name '*.gpg' -exec sudo tar --remove-files rf /root/pocket.tar {} +

Re:Trust no-one. (1)

CronoCloud (590650) | about 4 months ago | (#47046963)

but you're supposed to share the precious gpg pubkeys! At one time, Slashdot made it easy to for slashdotters to share the precious pubkeys with a field in the profile for them. You can access them at http://slashdot.org/~username/... [slashdot.org] , but apparently they removed the field from the profile, so you can't change it if you revoke the old key and new users can't add theirs.

question (1)

carnivore302 (708545) | about 4 months ago | (#47045889)

We have a chat system at work, based upon xmpp. In the set up of my account it says 'encryption required'. Does this mean only my chat buddies can see the messages, and my employer cannot read those chats?

Re:question (1)

omnichad (1198475) | about 4 months ago | (#47046211)

If this is a serious question, it only means you can't sniff the messages from any network port in promiscuous mode. If work owns the server, then they have access to everything.

Re:question (1)

Pi1grim (1956208) | about 4 months ago | (#47046409)

The encryption you are talking about is client-to-server, the encryption the article is talking about is server-to-server. If both are on, the only parties who know about the content of chats is:
1 You
2 Whoever you are messaging
3 Server

To drop the server from the list, you will need end-to-end encryption. Like OTR or GPG.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>