Wire (https://wire.com/) is end-to-end encrypted, based on Signal protocol. It's open-source and cross-platform with mobile apps. I've been using it instead of Skype for two years and I don't regret that decision.
You meet a random person and wish to connect on a chat/presence system - that is what I mean by "beyond team communications". Acceptability of such a system for that purpose either requires overwhelming adoption of a single provider (Whatsapp, Facebook Messenger) or federation (SMS, SMTP, XMPP back when Google had not yet killed it). Team communications does not suffer that acceptability requirement because tooling is hierarchically mandated.
I've been eying Wire for the interface and ease of installation. In terms of looks and handling it seems like one of the best options to hand to people with little technical interest/aptitude/patience.
Moxie Marlinspike has commented that Wire does not use the Signal Protocol but only took some components from it and created their own protocol, which he did "not recommend"
https://news.ycombinator.com/item?id=12690148
Has there been any changes to that situation?
I did the same and I'm also sticking with El Capitan. I have no use of Siri, Sierra broke Karabiner (Karabiner Elements mappings are not sufficient for my keyboard), and mouse scroll was also behaving weird on Sierra. f.lux is showing artifacts with fullscreen video. It feels like this will be my last Mac, which sucks because I bought my first Mac three years ago and completely stopped using Windows last year. It might be time to embrace Linux for desktop when it's time to replace the 2015 MacBook Pro.
I've been looking for a Skype alternative since the security of Skype was weakened after it was acquired by Microsoft. I've had my account stolen multiple times because their support has changed the primary e-mail address of my account, I had to use the same method the social engineers used to get my account back. Since then I've avoided sharing anything slightly sensitive over Skype, as chat history is synced with anyone who accesses your account.
Finding a replacement isn't easy, but I've used Wire (wire.com) for a year now and find it good enough feature-wise, and excellent security-wise. It has its quirks and can be a resource hog at times (the desktop app uses Electron IIRC), but it's worth switching from the security disaster that is Skype.
You should definitely consider the matrix protocol (https://matrix.org) that is used with riot (https://riot.im).
Matrix allows for a complete decentralization and both the the protocol and the client are open source. There are even many other clients as matrix also works with for example weechat.
One of it's biggest strength are the support for bridges to other messengers like slack, irc and gitter.
I personally haven't yet tried group calls or video chat, but considering that those also use end to end encryption just as messages and attachement and that this encryption has been fully audited, I could barely be any less hyped about all this.
As the author of this article pointed out, all of skype's flaws are more or less inherent of big centralized messengers and this is exactly what we get around with matrix. It's really amazing in what a great state it already is. Sure there is still lots of work left, but to me it appears to be the currently most promising project.
I just had a look at Jitsi and it seems like the Android app is in alpha stage, and that there won't be any iOS app (https://jitsi.org/Documentation/FAQ#ios). Smartphone apps are important to convince my contacts to make the switch, and to be able to communicate with them over the same channel when they're away from the computer.
I too switched from Skype to Wire, but it has been a challenge to convince other people to move to Wire. It has further been frustrating that it almost seems like the people running Wire have been trying to avoid marketing or letting people know that Wire exists.
That makes me wonder about their long term intentions (and if I'll lose credibility with my contacts that finally migrate to Wire just before wire vanishes or gets bought out by Facebook or Microsoft...)
I wouldn't say that they've avoided marketing, they're active on Twitter. I made the switch over a single day by sending a message to all my contacts informing them about it and then proceeded to delete all contacts from my list. The people I speak to regularly were quick to switch, others have switched over the months. I still have to use Skype from time to time for conference calls with certain people, but I avoid it as much as I can and don't consider any conversation I have on Skype as private.
Wire has also open-sourced their clients and a lot of components, so even if they were to vanish as a company, all work is not lost.
Wire also recently added an username feature[1], where you choose a certain username and don't need to disclose your name or phone number for others to find you on it. This replaced looking up contacts per e-mail.
I've looked at alternatives too, tried Jitsi.org and Ring.cx so far, with Jitsi seeming to be more robust when establishing connections through NAT.
Thanks for the suggestion about Wire, will have to try that too.
I tried to use Wire with Zhovner (the author of this article) and it consumed 2 full CPU power for a simple voice call. My laptop heated up to 83°C, Zhovner's laptop was also hot.
That's pretty strange since Wire has only interface written in javascript, all the core things are in Rust.
In order to secure nginx against privilege escalation attacks, we are
changing the way log file owners & permissions are handled so that www-data
is not allowed to symlink a logfile. /var/log/nginx is now owned by root:adm
and its permissions are changed to 0755. The package checks for such symlinks
on existing installations and informs the admin using debconf.
That unfortunately may come at a cost in terms of privacy. /var/log/nginx is
now world-readable, and nginx hardcodes permissions of non-existing logs to
0644. On systems running logrotate log files are private after the first
logrotate run, since the new log files are created with 0640 permissions.
-- Christos Trochalakis <yatiohi@ideopolis.gr> Tue, 04 Oct 2016 15:20:33 +0300
If you have www-data access you can probably grab those from memory. This vulnerability is about escalating to root. But if all your juicy data is already available to / passing through your nginx, then this patch isn't doing much to improve your situation.
Except one requires the attacker to read from the processes memory in an organized way for an extended amount of time to snoop data while the other just puts its conveniently onto your disk.
It still seems to need to at least check for the latest version after that first install, I have a ~4 second wait before evaluation of the first expression on every single launch of the REPL while it hits up their package server.
And if you have no internet connection or the package server is down, the REPL will not evaluate any expressions at all, it just shows an HTTP error message on every input (after a timeout).
The only option for offline usage seems to be running the REPL inside a configured elm project directory which has had the core packages downloaded/installed: https://github.com/elm-lang/elm-repl/issues/54
I agree with this to the extent that I will say it's the sensical answer. I think that tabs are an obvious choice because they are semantic intendation rather than generic spacing. For this reason the front-end can render them with 2, 4, 8 or whatever amount of spaces, without requiring the code be changed.
I think it's the relation between upvotes/comments and also maybe many were upvoting from the submission page (which triggers vote ring detection or something, read about that somewhere)
