From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Zelphir Kaltstahl Newsgroups: gmane.lisp.guile.user Subject: Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile] Date: Wed, 23 Oct 2019 02:57:03 +0200 Message-ID: <52f11940-4770-86fe-d669-0287c62becd8@posteo.de> References: <-IsD5PBFie-kW2VJSYNHx00LodtSHflKNWtY2vjNVQDN126iTMsqHrdxl8zeWE8a53TzM_27wskjsrylIh4bN5jIGVNYOBC6zmE3p1RGyBg=@protonmail.com> <87ftjk1us3.fsf@netris.org> <907270af-1f2f-42f3-ec36-047fdd48a74f@posteo.de> <20191023002427.f91e23fa3475223c648487b4@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="214550"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 To: guile-user@gnu.org Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Wed Oct 23 02:57:42 2019 Return-path: Envelope-to: guile-user@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iN4y6-000thY-3l for guile-user@m.gmane.org; Wed, 23 Oct 2019 02:57:42 +0200 Original-Received: from localhost ([::1]:50056 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iN4y4-0007s5-Sb for guile-user@m.gmane.org; Tue, 22 Oct 2019 20:57:40 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:39790) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iN4xa-0007qE-1Y for guile-user@gnu.org; Tue, 22 Oct 2019 20:57:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iN4xY-0008O4-L8 for guile-user@gnu.org; Tue, 22 Oct 2019 20:57:09 -0400 Original-Received: from mout02.posteo.de ([185.67.36.66]:60329) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iN4xY-0008MY-03 for guile-user@gnu.org; Tue, 22 Oct 2019 20:57:08 -0400 Original-Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 851562400E6 for ; Wed, 23 Oct 2019 02:57:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1571792225; bh=V0X/LYdtE2xq3zVOsMA+4Xjf9qu0vts9zfgM5vGZlNI=; h=Subject:To:From:Date:From; b=CBNec5hY4T3dHANPS3Kn7SsKelDAiVBu7RJdvWQOD1DdLTr/EyuG8w372JRzv2Fh6 SIpxVKpP8JRIdZtxrHXq9NnzjHIAOIRU1rh/ekLWWoJZqvIWvkdo2KD58NtVIvCj6A 0JgUP3i5jhvxim1klkvJ2GclQJwAC9816/1xBRGqDTpYLUIWaGcy4vTvmdiE51X0gT HpaYfy4paVz8y3flfYyO+VDdCZe+lBhNWQJysOUjvaHumymr1tqwemMd0ATkoSEyTL 24Y6O0M9Ic0ARu3nrk3eRHJ/Mx7PQzQUoEYXTJbQ0mg3ylKdxOGodTH0/EjnMOw4/F tmVNSrAV3CxBg== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 46yX5X5kl1z9rxD for ; Wed, 23 Oct 2019 02:57:04 +0200 (CEST) In-Reply-To: <20191023002427.f91e23fa3475223c648487b4@gmail.com> Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 185.67.36.66 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Original-Sender: "guile-user" Xref: news.gmane.org gmane.lisp.guile.user:15784 Archived-At: On 10/23/19 1:24 AM, Chris Vine wrote: > On Tue, 22 Oct 2019 21:23:32 +0200 > Zelphir Kaltstahl wrote: > [snip] >> The reason however, why I have only ever used Riot with one person is, >> surprise surprise, that most people are not willing to sacrifice the >> tiniest bit of comfort, for enhanced security. This one person I used = it >> with tried to get 2 more people on board, who were even less tech-savy >> and whom I did not have the chance of helping directly, to get things >> set up and so we remained 1-on-1 on Riot.IM. >> >> Let me explain further: >> >> To verify another person's device, one has to exchange information via= a >> second trusted channel. That information is a sequence of icons being >> shown. If they are the same, that the other person sends you via the >> second trusted channel, you can reasonably assume, that the device you >> are communicating with is under their control. >> >> When it comes to the step of exchanging information about what icons a= re >> displayed, most people will close the app and say "it's too >> complicated", because they do not understand it ("Huh? How strange! Wh= y >> I have to do that? Are icons secure?") or do not want to do anything i= n >> order to have security. They are not willing to invest as much as 5min >> of effort, to have encrypted chat. What makes matters worse is, that >> when you use Riot.IM in the browser, it might happen, that every time >> you log in, the other person has to re-verify your device. Guess what >> people will do when facing that workflow =E2=80=A6 > This is a public mailing list, and any replacement of it is going to be > a mailing-list-alike. Why do they (or chats) need to be encrypted or > have the sender verified? No one should be posting sensitive personal > information here so I don't understand the point of it. Lack of > understanding of (or disagreement with) the purpose may be what is > holding your idea back. If you want to set up private mailing lists or > chat servers, fair enough, but that's not what this is. > > Discord seems a reasonably popular chat medium with a bridge to IRC and > discourse seems reasonably popular as a web based mailing-list-ish > medium with a somewhat more vibey feel than traditional mailing lists. > Hi! My example was about private conversation and a friend. So you are right, that the example does not quite match the mailing list example. Maybe we should clear up the question what kind of communication would happen over such a new channel first, before making any decisions. In Riot you will notice, that you see warning, when the devices are not verified. That confuses users. Not sure what you can do about it in terms of making settings default, as I have not used Riot in a public communication scenario. You did not address the other point I raised though: Dependency on a third party server (and all the implications, when/if it gets hacked again). Same goes for Discord. It would not be under our control whether the server is running. In case of Discord: While we only need a mail client for posting on a mailing list, using Discord requires to use a bloated Electron app. When you start Discord and log in, the first thing that happens is, that your CPU fan starts rotating, because of Discord showing ads with videos. Do we really want to let people go through this to interact with the rest of us? There is also the problem of non-searchable content. You cannot, as far as I know, search in a search engine through Discord or Riot messages. If content by tendency of "quickly solving the problem in chat" moves to non-searchable medium, it will mean, that searching in search engines does not benefit from those solutions. Another problem are the company policies of Discord. Not exactly a place where you'd expect free software to happen. However, like I said, I personally would be willing to try it, for sure! Some communities already actively use Discord (Pharo community for exampl= e). Best regards, Zelphir