Re: [liberationtech] secure text collaboration platforms
Sorry, I misremembered the problem I ran into when trying to configure Etherpad Lite with SSL support - the problem was with my certificate, not with Etherpad Lite. Thanks for the correction. Cheers, Michael Pavol Luptak wil...@trip.sk wrote: On Wed, Oct 03, 2012 at 01:10:28PM +0100, Michael Rogers wrote: As far as I know, the pad software used by PiratePad and similar services doesn't support SSL. It might be possible to combine the This is not true - etherpad supports SSL natively (directives sslKeyStore and sslStorePassword ). I run it without problems. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
Hi, On Wed, Oct 03, 2012 at 04:25:39PM +0700, Sam de Silva wrote: Can someone help me out - Is http://www.piratepad.net secure? I thought it was, but I can't seem to access it via SSL. Download the source code of etherpad ( http://code.google.com/p/etherpad/ ), perform its security audit and run it on your own hardened server. No reason to trust to http://www.piratepad.net. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
On Wed, Oct 03, 2012 at 01:10:28PM +0100, Michael Rogers wrote: As far as I know, the pad software used by PiratePad and similar services doesn't support SSL. It might be possible to combine the This is not true - etherpad supports SSL natively (directives sslKeyStore and sslStorePassword ). I run it without problems. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
sorry I meant, obviously Provided that you are NOT worried about a subpoena from a US court/surveillance by US intelligence agencies. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3 Oct 2012, at 10:25, Sam de Silva wrote: Hi there, Can someone help me out - Is http://www.piratepad.net secure? I thought it was, but I can't seem to access it via SSL. It'll also be really useful to know of 'piratepad' type platforms that are secure, and there's controls over deleting the collaborative pads/docs. Thanks, Sam. Hi there, While it doesn't answer the question is Piratepad.net secure?, the functionality on Piratenpad.de seems to be exactly the same - ie a hosted Etherpad software website. Piratenpad.de is however accessible via HTTPS. [1] Make of that what you wish :) hth, Bernard [1] https://osterholz.piratenpad.de/test - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQbDMQAAoJENsz1IO7MIrrEFsIAIAVfpmkN3cCGht03/VlzLiq L50rLBa0+L8uQL2HMQbW/nZZ1qZs2K5+YleuaOea6JEujHaIhRWv8UciYtMzq9It NXsdydfgi+yyIx8goD8xu4oVdJldovLTaukWSx4ThOj8rxKBqddxdoStMMfQFR7j Q6ZK4eZMR/4YHoLVJnDdT6dtRP1G+0AK/Q6oUkn95u0FZsPlkLIANzl8NQgpkgRv cpcCVWAqMjVZiv1Z19K7QdBA2Se30EjFt5ilqy3H0ozRXsR7s/8ZdI/GmUIiHn2x lXZjb2UuOx86U9E951mC3kjLZwOoOk0dQ0xhB4fyXjgJydyOPm7hgv0KzWkVP1g= =/JiR -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
Alex Comninos alex.comni...@gmail.com writes: Why not just use Google docs? I'd turn that around and instead ask you why just use Google docs? Does not really seem like a tool built for security, rather it is designed for public pastes/publishing/cooperation It depends on what you are trying to achieve and your definition of security. For example, being concerned that the provider of the service is keeping IP logs of those who connect to it seems to me like a reasonable concern. Can someone help me out - Is http://www.piratepad.net secure? I thought it was, but I can't seem to access it via SSL. I can't speak about piratepad itself, I can speak about https://pad.riseup.net and tell you that it: it can only be connected to over https (the piratepad URL you cite is not https); it is run by an organization that is committed to protecting your privacy; does not store IP addresses; pads are automatically deleted after non-use for 30 days; and can be reached over a tor hidden service. It'll also be really useful to know of 'piratepad' type platforms that are secure, and there's controls over deleting the collaborative pads/docs. As always, it depends on what your criteria are for 'secure'. Most all of these services provide an open pad that anyone can join, if they know the address. The pad addresses are randomized, so it would be really hard to guess such a pad name, but something to keep in mind. micah -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
Am 03.10.2012 17:28, schrieb Griffin Boyce: If you're looking to use it all the time (eg with your class, group, organization), then it might be worthwhile to host your own [1]. I advise against it. While many groups started to do that only few services are left operational. Most servers went down to their knews. The minimum is a dedicated server. Resilience of these early adopters was generally very low. A neutrally branded and reliable service is titanpad.com. Pro accounts are a must for use by groups) but most installations do not enable them by default. --- A -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
we were able to instantiate our own https etherpad lite service at: https://notes.occupy.net though we've had some trial and error, including data loss on the pads themselves. It can be tricky. Self-signed cert is being used on the domain; some services are being relocated of the the next week or tow) code: https://github.com/occupynet/etherpad-lite The rise-up service is good. Andrew Mallis #ows Tech Ops | FGA | Occupy Directory On Oct 3, 2012, at 11:47 AM, André Rebentisch wrote: Am 03.10.2012 17:28, schrieb Griffin Boyce: If you're looking to use it all the time (eg with your class, group, organization), then it might be worthwhile to host your own [1]. I advise against it. While many groups started to do that only few services are left operational. Most servers went down to their knews. The minimum is a dedicated server. Resilience of these early adopters was generally very low. A neutrally branded and reliable service is titanpad.com. Pro accounts are a must for use by groups) but most installations do not enable them by default. --- A -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
Hi All, Thanks for your comments and feedback. I am often in low bandwidth contexts, and find Google Docs just too heavy. I looked at installing Etherpad on a server - but perhaps will hold off on that and utilise Riseup's install. @Micah - often 30 days will be too long for my use, or in some other cases too short. It'd be great to be presented with an option - at the time of selecting the name of the pad - to let the user determine the life of the pad. Just a suggestion. Thanks again. Best, Sam. On 03/10/2012, at 10:45 PM, Michael Zeltner wrote: Excerpts from micah anderson's message of 2012-10-03 17:29:44 +0200: I can't speak about piratepad itself, I can speak about https://pad.riseup.net and tell you that it: it can only be connected to over https (the piratepad URL you cite is not https); it is run by an organization that is committed to protecting your privacy; does not store IP addresses; pads are automatically deleted after non-use for 30 days; and can be reached over a tor hidden service. riseup.net are great, however please note that 'non-use' means 'non-edit' not 'non-access'. We had a collaborative piece that wasn't backed up and was meant to be published on http://hackerequality.org/ go missing unexpectedly... Misunderstood their policy :/ Best, Michael -- http://niij.org/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Sam de Silva skype: samonthenet s...@media.com.au +61 412 238 041 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
