Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2018-04-09 00:19:13 GMT <qwebirc6108> any activiti experts available?

2018-04-09 00:20:15 GMT <qwebirc6108> I'm trying to understand at what point you should consider introducing a rules engine such as drools within Activiti BPM

2018-04-09 07:00:25 GMT <alfbot> fcorti: Sent 13 hours and 55 minutes ago: <AxelFaust> I assume you and digcat were talking about the new AI documentary film from Chris Paine?

2018-04-09 07:00:27 GMT <alfbot> fcorti: Sent 11 hours and 7 minutes ago: <digcat> know that video is rather apocalyptic, but what was interesting was the actual tech/models came from the 80's its now all about the amount of servers you can throw at it which becomes interesting.

2018-04-09 07:04:47 GMT <fcorti> ~later tell AxelFaust Yes, you are right. The latest film by Chris Paine. It is slightly apocalyptic, but not too much. For sure it summarise some things that are happening or happened (i.e. Google using AI is not a news). In every case it's an interesting content. I still remain curious to see the future (not in 100 years, but in 5).

2018-04-09 07:04:47 GMT <alfbot> fcorti: The operation succeeded.

2018-04-09 08:24:58 GMT <bhagyas> good morning all

2018-04-09 08:24:58 GMT <bhagyas> is there any open source alfresco encryption module that encrypts data at rest?

2018-04-09 08:27:26 GMT <angelborroy> bhagyas what’s the different between that and SSL?

2018-04-09 08:27:45 GMT <bhagyas> ah, that means encryption on the disk, alf_data

2018-04-09 08:27:56 GMT <bhagyas> ssl only encrypts data on transit

2018-04-09 08:28:01 GMT <angelborroy> sure

2018-04-09 08:28:03 GMT <bhagyas> i was talking about rest, as in dormant

2018-04-09 08:28:52 GMT <angelborroy> I don’t see the requirement, but yes, Alfresco only encrypt at repo side

2018-04-09 08:29:32 GMT <bhagyas> I thought that module was enterprise only

2018-04-09 08:29:35 GMT <bhagyas> isn't it?

2018-04-09 08:29:41 GMT <angelborroy> yes, enterprise only

2018-04-09 08:30:38 GMT <angelborroy> https://digitalguardian.com/blog/data-protection-data-in-transit-vs-data-at-rest

2018-04-09 08:30:42 GMT <bhagyas> are there any community modules?

2018-04-09 08:30:56 GMT <angelborroy> no, I don’t know anyone

2018-04-09 08:31:16 GMT <angelborroy> so this is “mode paranoic on”, interesting

2018-04-09 08:32:04 GMT <bhagyas> haha, nah - it's going to be a key proposition for gdpr compliance

2018-04-09 08:32:15 GMT <angelborroy> GDPR

2018-04-09 08:32:21 GMT <angelborroy> Everyone talking about that, yes

2018-04-09 08:32:28 GMT <bhagyas> since breaches can lead to severe consequences,

2018-04-09 08:32:33 GMT <bhagyas> it's good to encrypt

2018-04-09 08:32:53 GMT <angelborroy> probably a simple HttpServletFilter is enough, right?

2018-04-09 08:32:59 GMT <bhagyas> not really

2018-04-09 08:33:20 GMT <bhagyas> end to end encryption should be the ideal way to deal with this

2018-04-09 08:33:39 GMT <bhagyas> ssl takes care of it on the other end, but on the server side, you're not

2018-04-09 08:33:47 GMT <angelborroy> yep

2018-04-09 08:33:51 GMT <bhagyas> also it can be a problem for system admins

2018-04-09 08:34:00 GMT <angelborroy> and what about a Servlet Filter?

2018-04-09 08:34:06 GMT <bhagyas> since they would have access to direct binary content, they would be more liable

2018-04-09 08:34:10 GMT <angelborroy> It looks “end to end” for me

2018-04-09 08:34:14 GMT <bhagyas> making administration difficult without encryption

2018-04-09 08:34:25 GMT <bhagyas> ah, end to end as in all the way to the disk

2018-04-09 08:34:31 GMT <angelborroy> ah

2018-04-09 08:34:40 GMT <angelborroy> wow

2018-04-09 08:34:49 GMT <angelborroy> Content and metadata?

2018-04-09 08:34:53 GMT <bhagyas> yeah

2018-04-09 08:35:06 GMT <angelborroy> Xenit was working on that

2018-04-09 08:35:10 GMT <bhagyas> metadata, i guess would be fine, since databases usually protect it with un/pw

2018-04-09 08:35:11 GMT <angelborroy> but I guess is a closed product

2018-04-09 08:35:21 GMT <bhagyas> yeah, but I doubt xenit one is considering all aspects

2018-04-09 08:35:47 GMT <angelborroy> disk encryption is not compliant, right?

2018-04-09 08:35:52 GMT <bhagyas> yeah

2018-04-09 08:35:56 GMT <bhagyas> https://www.mindk.com/blog/how-to-make-your-software-gdpr-compliant/

2018-04-09 08:35:58 GMT <alfbot> Title: How to Make Your Software GDPR Compliant: 15 Key Steps (at www.mindk.com)

2018-04-09 08:36:21 GMT <bhagyas> going through this list now, looking at this - some of our stuff will be even better

2018-04-09 08:36:46 GMT <bhagyas> if we can implement some of the recommendations

2018-04-09 08:38:13 GMT <bhagyas> under no,8 : alfresco's own website becomes non compliant :}

2018-04-09 08:39:11 GMT <angelborroy> it’s required personal encryption or just general encryption?

2018-04-09 08:39:34 GMT <angelborroy> so, you are the one in accesing your own documents or only the “system” is able to access that

2018-04-09 08:40:38 GMT <bhagyas> general encryption should work

2018-04-09 08:40:56 GMT <angelborroy> so you need to add the REST layer to Alfresco EE encryption

2018-04-09 08:41:15 GMT <bhagyas> nah, im talking about rest as in 'dormant'

2018-04-09 08:43:12 GMT <angelborroy> I don’t know this concept

2018-04-09 08:43:17 GMT <angelborroy> “dormant”?

2018-04-09 08:43:24 GMT <bhagyas> data that's non moving

2018-04-09 08:43:31 GMT <bhagyas> like the binary content on alf_data

2018-04-09 08:44:05 GMT <bhagyas> if someone snatches a file inside alf_data with personal data, that is enough to get reported for violation

2018-04-09 08:44:52 GMT <angelborroy> so what’s the difference between disk encryption and encryption done by Alfresco?

2018-04-09 08:44:56 GMT <angelborroy> For me, it’s the same

2018-04-09 08:45:07 GMT <angelborroy> both depends on a key that must be controlled by someone

2018-04-09 08:45:15 GMT <bhagyas> not really

2018-04-09 08:45:28 GMT <bhagyas> since the disk can be unlocked once someone hax into the shell

2018-04-09 08:46:01 GMT <bhagyas> https://docs.alfresco.com/5.0/concepts/encrypted-overview.html

2018-04-09 08:46:02 GMT <alfbot> Title: Encrypted Content Store overview | Alfresco Documentation (at docs.alfresco.com)

2018-04-09 08:46:06 GMT <angelborroy> and somenone haxing Alfresco can also unlock the contents in alf_data

2018-04-09 08:46:29 GMT <bhagyas> yeah

2018-04-09 08:46:45 GMT <bhagyas> but system administrators will have to prove they didn't hack it

2018-04-09 08:47:02 GMT <bhagyas> since otherwise, all your logins will need to be reported - every time you login to the server

2018-04-09 08:47:20 GMT <angelborroy> I don’t see the difference, but probably it’s me

2018-04-09 08:47:39 GMT <bhagyas> hehe

2018-04-09 08:47:51 GMT <bhagyas> its the difference between content store vs encrypted content store

2018-04-09 08:48:07 GMT <angelborroy> “content store” stored on a disk encrypted

2018-04-09 08:48:14 GMT <angelborroy> for me is the same as “encrypted content store"

2018-04-09 08:48:22 GMT <bhagyas> hehe

2018-04-09 08:48:53 GMT <bhagyas> but that's if the disk gets stolen

2018-04-09 08:49:00 GMT <bhagyas> what if someone logs into the shell

2018-04-09 08:49:06 GMT <bhagyas> then u have a problem

2018-04-09 08:49:20 GMT <angelborroy> if someone logs into the shell having root permissions

2018-04-09 08:49:48 GMT <angelborroy> is more or less the same as accessing the database to steal content encryption keys

2018-04-09 08:50:03 GMT <bhagyas> content encryption keys won't be in the database

2018-04-09 08:50:16 GMT <bhagyas> it would be asymmetric encryption with public/private pairs

2018-04-09 08:50:24 GMT <angelborroy> I know

2018-04-09 08:50:25 GMT <bhagyas> not with a symmetric\

2018-04-09 08:50:33 GMT <angelborroy> but where is the private stored?

2018-04-09 08:50:41 GMT <bhagyas> private would be in a CA

2018-04-09 08:50:45 GMT <angelborroy> nope

2018-04-09 08:50:48 GMT <angelborroy> this is not possible

2018-04-09 08:51:14 GMT <bhagyas> Alfresco uses a set of master keys, which are:

2018-04-09 08:51:14 GMT <bhagyas> • selected in a random fashion

2018-04-09 08:51:14 GMT <bhagyas> • stored in a password-protected keystore

2018-04-09 08:51:14 GMT <bhagyas> • can be retired, in the event of key theft or as part of a standard key retirement process. For more information, see https://docs.alfresco.com/5.0/tasks/encrypted-jmx.html.

2018-04-09 08:51:31 GMT <bhagyas> so its stored in a password protected keystore

2018-04-09 08:51:45 GMT <angelborroy> ok, this is not a CA

2018-04-09 08:51:47 GMT <bhagyas> not the database

2018-04-09 08:51:53 GMT <angelborroy> is a file protected by user/pass in the filesystem

2018-04-09 08:51:56 GMT <bhagyas> well, a CA is kind of a keystore

2018-04-09 08:52:07 GMT <bhagyas> might be, yeah

2018-04-09 08:52:13 GMT <angelborroy> nope, CA is an entity issuing certificates

2018-04-09 08:52:18 GMT <angelborroy> it’s not the same

2018-04-09 08:52:25 GMT <bhagyas> yeah

2018-04-09 08:52:29 GMT <angelborroy> I’m specialist in electronic signature, do you remember? :D

2018-04-09 08:52:37 GMT <bhagyas> yes

2018-04-09 08:52:38 GMT <bhagyas> ;)

2018-04-09 08:53:11 GMT <bhagyas> -= THIS MESSAGE NOT LOGGED =-

2018-04-09 08:53:48 GMT <angelborroy> -= THIS MESSAGE NOT LOGGED =-

2018-04-09 08:53:55 GMT <bhagyas> haha\

2018-04-09 08:53:59 GMT <bhagyas> u win ;)

2018-04-09 08:54:15 GMT <bhagyas> was busy building other things ;P

2018-04-09 08:54:28 GMT <bhagyas> anyways, so no open source encrypted content store :/

2018-04-09 08:54:32 GMT <angelborroy> seriously, I don’t see the difference in thers of security between encryption at disk level and encryption by using Alfresco stuff

2018-04-09 08:54:51 GMT <angelborroy> For me both have the same security level

2018-04-09 08:54:54 GMT <bhagyas> well, a sys admin can dump the alf_data

2018-04-09 08:55:10 GMT <bhagyas> but he won't be able to unlock if its encrypted

2018-04-09 08:55:20 GMT <angelborroy> and also an Alfresco admin can unlock it

2018-04-09 08:55:28 GMT <bhagyas> its a risk mitigation

2018-04-09 08:55:36 GMT <angelborroy> the secret is protected by a user/password in both scenarios

2018-04-09 08:55:36 GMT <bhagyas> it doesn't alleviate the risk, just makes it lower

2018-04-09 08:55:50 GMT <bhagyas> remove*

2018-04-09 08:56:07 GMT <angelborroy> you should be right

2018-04-09 08:56:30 GMT <bhagyas> :)

2018-04-09 08:58:32 GMT <bhagyas> fcorti: Is Alfresco working on enterprise compliance on GDPR?

2018-04-09 08:58:55 GMT <angelborroy> let me guess… it’s an EU regulation, so: NO!

2018-04-09 08:58:57 GMT <angelborroy> :)

2018-04-09 08:59:12 GMT <bhagyas> haha

2018-04-09 09:04:33 GMT <fcorti> bhagyas: Yes, more on Sales Engineers and Sales side. The Development Teams are involved to be sure all the features are there (and they are) and the Sales Eng + Partner + Sales ensure the solution built on top of it. I saw a demo from George Parapadakis (Director of Business Solutions) as an example.

2018-04-09 09:05:31 GMT <bhagyas> fcorti: Do you think they will provide this to all existing customers?

2018-04-09 09:08:24 GMT <fcorti> bhagyas: nope. Alfresco's position is to be a platform (we have heard this a lot of times). The solutions should be built "on top of it" and this is the case. I'm not aware Alfresco will deliver an official and supported solution of GDPR but it is ensuring all the features to build it on top of it. And this means that it would be something for Partners/Customers, mainly. So, don't expect to have an "Alfresco GDPR module"

2018-04-09 09:08:25 GMT <fcorti> but more solutions done by (certified) third parties.

2018-04-09 09:08:35 GMT <angelborroy> https://www.comparethecloud.net/watch/voices-of-gdpr/awareness-and-risks-of-stored-information-voices-of-gdpr-alfrescos-george-parapadakis/

2018-04-09 09:08:39 GMT <alfbot> Title: Awareness and risks of stored information - Voices of GDPR - Alfresco's George Parapadakis (at www.comparethecloud.net)

2018-04-09 09:09:34 GMT <fcorti> If interested I can ask George to jump in an Office Hours to talk about it. Be aware, it would be "more business" than technical but it could have sense, if you like it.

2018-04-09 09:09:41 GMT <bhagyas> fcorti: What about direct customers of Alfresco? Will they have to reach to a third party for their existing Alfresco installations to be compatible with GDPR?

2018-04-09 09:09:52 GMT <bhagyas> yeah, sounds good

2018-04-09 09:10:23 GMT <bhagyas> angelborroy: was listening to it when you posted the link :)

2018-04-09 09:10:57 GMT <bhagyas> 'customers who haven't bought into the platform hype'

2018-04-09 09:10:58 GMT <bhagyas> ;)

2018-04-09 09:11:18 GMT <bhagyas> like universities, government customers et al.

2018-04-09 09:11:28 GMT <bhagyas> etc*

2018-04-09 09:16:17 GMT <fcorti> bhagyas: there is no a single path to follow. Products or Modules should not be expected from Alfresco. If a Customer will ask for it, probably pointing on a Partner will be the solution. This is a Sales decision.

2018-04-09 09:16:53 GMT <bhagyas> fcorti: Does this mean you no longer sell Alfresco Share as a solution?

2018-04-09 09:16:55 GMT <angelborroy> IMO Afresco product has the right tools to manage GDPR requirements

2018-04-09 09:18:03 GMT <angelborroy> Also I’m thinking that UK will not be under GDPR law, so the market is even smaller

2018-04-09 09:18:11 GMT <bhagyas> Good for UK

2018-04-09 09:18:12 GMT <bhagyas> :p

2018-04-09 09:18:14 GMT <fcorti> angelborroy; I'm not an expert and if you say it, I'm happy with it. Again: Eng's Team worked to be sure that all the features are there (and they are).

2018-04-09 09:18:46 GMT <bhagyas> fcorti: as a platform, it does provide the extensibility required for compliance

2018-04-09 09:18:46 GMT <bhagyas> \

2018-04-09 09:44:36 GMT <bhagyas> https://youtu.be/_ZmFX6rJZ5E

2018-04-09 09:44:42 GMT <bhagyas> This one seems pretty good

2018-04-09 09:45:45 GMT <angelborroy> I told you: Xenit ;-)

2018-04-09 09:45:58 GMT <bhagyas> i mean the presentation :p

2018-04-09 09:46:36 GMT <bhagyas> can't comment on the software without seeing it for real

2018-04-09 11:55:26 GMT *** yreg is now known as Guest7795

2018-04-09 11:55:43 GMT <Guest7795> alfbot flushlog

2018-04-09 11:55:43 GMT <alfbot> Guest7795: Woooosh, your log has been flushed...

2018-04-09 12:01:31 GMT <tanwarm> hello everyone. I want to change the type (change type) of a document multiple times. currently I can change type only once. I am trying to override change-type.get.js file and I am able to see all the types in the list of change type action. but I am not able to change the type of the document again. can anyone help me with this ? Thanks.

2018-04-09 12:28:16 GMT <douglascrp> good morning

2018-04-09 13:26:57 GMT <mbui> How do I create a patch that on fail/error should not start Alfresco? (And set succeeded to false)

2018-04-09 19:19:54 GMT <digcat> ~later tell bhagyas, its interesting to hear alfresco's position on gdpr, seems that other solutions have a more supportive stance on gdpr, it seems alfresco's position is only a proprietary solution from a partner. surely this leaves us in the same boat as any closed source offering.

2018-04-09 19:19:55 GMT <alfbot> digcat: The operation succeeded.

2018-04-09 19:20:22 GMT <digcat> looking at nextcloud, https://nextcloud.com/blog/nextcloud-helps-you-being-gdpr-compliant/

2018-04-09 19:20:24 GMT <alfbot> Title: Nextcloud helps you being GDPR-compliant – The most popular self-hosted file share and collaboration platform (at nextcloud.com)

2018-04-09 19:21:13 GMT <digcat> or even drupal, https://www.drupal.org/project/gdpr https://www.drupal.org/project/gdpr_compliance

2018-04-09 19:21:47 GMT <digcat> https://www.nuxeo.com/gdpr/

2018-04-09 19:21:48 GMT <alfbot> Title: Nuxeo for GDPR Compliance | Nuxeo (at www.nuxeo.com)

2018-04-09 20:51:27 GMT <alfbot> AxelFaust: Sent 13 hours and 46 minutes ago: <fcorti> Yes, you are right. The latest film by Chris Paine. It is slightly apocalyptic, but not too much. For sure it summarise some things that are happening or happened (i.e. Google using AI is not a news). In every case it's an interesting content. I still remain curious to see the future (not in 100 years, but in 5).

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco