Alfresco discussion and collaboration. Stick around a few hours after asking a question.
Official support for Enterprise subscribers: support.alfresco.com.
Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.
More information about the channel is in the wiki.
More help is available in this list of resources.
2018-04-09 00:19:13 GMT <qwebirc6108> any activiti experts available?
2018-04-09 00:20:15 GMT <qwebirc6108> I'm trying to understand at what point you should consider introducing a rules engine such as drools within Activiti BPM
2018-04-09 07:00:25 GMT <alfbot> fcorti: Sent 13 hours and 55 minutes ago: <AxelFaust> I assume you and digcat were talking about the new AI documentary film from Chris Paine?
2018-04-09 07:00:27 GMT <alfbot> fcorti: Sent 11 hours and 7 minutes ago: <digcat> know that video is rather apocalyptic, but what was interesting was the actual tech/models came from the 80's its now all about the amount of servers you can throw at it which becomes interesting.
2018-04-09 07:04:47 GMT <fcorti> ~later tell AxelFaust Yes, you are right. The latest film by Chris Paine. It is slightly apocalyptic, but not too much. For sure it summarise some things that are happening or happened (i.e. Google using AI is not a news). In every case it's an interesting content. I still remain curious to see the future (not in 100 years, but in 5).
2018-04-09 07:04:47 GMT <alfbot> fcorti: The operation succeeded.
2018-04-09 08:24:58 GMT <bhagyas> good morning all
2018-04-09 08:24:58 GMT <bhagyas> is there any open source alfresco encryption module that encrypts data at rest?
2018-04-09 08:27:26 GMT <angelborroy> bhagyas what’s the different between that and SSL?
2018-04-09 08:27:45 GMT <bhagyas> ah, that means encryption on the disk, alf_data
2018-04-09 08:27:56 GMT <bhagyas> ssl only encrypts data on transit
2018-04-09 08:28:01 GMT <angelborroy> sure
2018-04-09 08:28:03 GMT <bhagyas> i was talking about rest, as in dormant
2018-04-09 08:28:52 GMT <angelborroy> I don’t see the requirement, but yes, Alfresco only encrypt at repo side
2018-04-09 08:29:32 GMT <bhagyas> I thought that module was enterprise only
2018-04-09 08:29:35 GMT <bhagyas> isn't it?
2018-04-09 08:29:41 GMT <angelborroy> yes, enterprise only
2018-04-09 08:30:38 GMT <angelborroy> https://digitalguardian.com/blog/data-protection-data-in-transit-vs-data-at-rest
2018-04-09 08:30:42 GMT <bhagyas> are there any community modules?
2018-04-09 08:30:56 GMT <angelborroy> no, I don’t know anyone
2018-04-09 08:31:16 GMT <angelborroy> so this is “mode paranoic on”, interesting
2018-04-09 08:32:04 GMT <bhagyas> haha, nah - it's going to be a key proposition for gdpr compliance
2018-04-09 08:32:15 GMT <angelborroy> GDPR
2018-04-09 08:32:21 GMT <angelborroy> Everyone talking about that, yes
2018-04-09 08:32:28 GMT <bhagyas> since breaches can lead to severe consequences,
2018-04-09 08:32:33 GMT <bhagyas> it's good to encrypt
2018-04-09 08:32:53 GMT <angelborroy> probably a simple HttpServletFilter is enough, right?
2018-04-09 08:32:59 GMT <bhagyas> not really
2018-04-09 08:33:20 GMT <bhagyas> end to end encryption should be the ideal way to deal with this
2018-04-09 08:33:39 GMT <bhagyas> ssl takes care of it on the other end, but on the server side, you're not
2018-04-09 08:33:47 GMT <angelborroy> yep
2018-04-09 08:33:51 GMT <bhagyas> also it can be a problem for system admins
2018-04-09 08:34:00 GMT <angelborroy> and what about a Servlet Filter?
2018-04-09 08:34:06 GMT <bhagyas> since they would have access to direct binary content, they would be more liable
2018-04-09 08:34:10 GMT <angelborroy> It looks “end to end” for me
2018-04-09 08:34:14 GMT <bhagyas> making administration difficult without encryption
2018-04-09 08:34:25 GMT <bhagyas> ah, end to end as in all the way to the disk
2018-04-09 08:34:31 GMT <angelborroy> ah
2018-04-09 08:34:40 GMT <angelborroy> wow
2018-04-09 08:34:49 GMT <angelborroy> Content and metadata?
2018-04-09 08:34:53 GMT <bhagyas> yeah
2018-04-09 08:35:06 GMT <angelborroy> Xenit was working on that
2018-04-09 08:35:10 GMT <bhagyas> metadata, i guess would be fine, since databases usually protect it with un/pw
2018-04-09 08:35:11 GMT <angelborroy> but I guess is a closed product
2018-04-09 08:35:21 GMT <bhagyas> yeah, but I doubt xenit one is considering all aspects
2018-04-09 08:35:47 GMT <angelborroy> disk encryption is not compliant, right?
2018-04-09 08:35:52 GMT <bhagyas> yeah
2018-04-09 08:35:56 GMT <bhagyas> https://www.mindk.com/blog/how-to-make-your-software-gdpr-compliant/
2018-04-09 08:35:58 GMT <alfbot> Title: How to Make Your Software GDPR Compliant: 15 Key Steps (at www.mindk.com)
2018-04-09 08:36:21 GMT <bhagyas> going through this list now, looking at this - some of our stuff will be even better
2018-04-09 08:36:46 GMT <bhagyas> if we can implement some of the recommendations
2018-04-09 08:38:13 GMT <bhagyas> under no,8 : alfresco's own website becomes non compliant :}
2018-04-09 08:39:11 GMT <angelborroy> it’s required personal encryption or just general encryption?
2018-04-09 08:39:34 GMT <angelborroy> so, you are the one in accesing your own documents or only the “system” is able to access that
2018-04-09 08:40:38 GMT <bhagyas> general encryption should work
2018-04-09 08:40:56 GMT <angelborroy> so you need to add the REST layer to Alfresco EE encryption
2018-04-09 08:41:15 GMT <bhagyas> nah, im talking about rest as in 'dormant'
2018-04-09 08:43:12 GMT <angelborroy> I don’t know this concept
2018-04-09 08:43:17 GMT <angelborroy> “dormant”?
2018-04-09 08:43:24 GMT <bhagyas> data that's non moving
2018-04-09 08:43:31 GMT <bhagyas> like the binary content on alf_data
2018-04-09 08:44:05 GMT <bhagyas> if someone snatches a file inside alf_data with personal data, that is enough to get reported for violation
2018-04-09 08:44:52 GMT <angelborroy> so what’s the difference between disk encryption and encryption done by Alfresco?
2018-04-09 08:44:56 GMT <angelborroy> For me, it’s the same
2018-04-09 08:45:07 GMT <angelborroy> both depends on a key that must be controlled by someone
2018-04-09 08:45:15 GMT <bhagyas> not really
2018-04-09 08:45:28 GMT <bhagyas> since the disk can be unlocked once someone hax into the shell
2018-04-09 08:46:01 GMT <bhagyas> https://docs.alfresco.com/5.0/concepts/encrypted-overview.html
2018-04-09 08:46:02 GMT <alfbot> Title: Encrypted Content Store overview | Alfresco Documentation (at docs.alfresco.com)
2018-04-09 08:46:06 GMT <angelborroy> and somenone haxing Alfresco can also unlock the contents in alf_data
2018-04-09 08:46:29 GMT <bhagyas> yeah
2018-04-09 08:46:45 GMT <bhagyas> but system administrators will have to prove they didn't hack it
2018-04-09 08:47:02 GMT <bhagyas> since otherwise, all your logins will need to be reported - every time you login to the server
2018-04-09 08:47:20 GMT <angelborroy> I don’t see the difference, but probably it’s me
2018-04-09 08:47:39 GMT <bhagyas> hehe
2018-04-09 08:47:51 GMT <bhagyas> its the difference between content store vs encrypted content store
2018-04-09 08:48:07 GMT <angelborroy> “content store” stored on a disk encrypted
2018-04-09 08:48:14 GMT <angelborroy> for me is the same as “encrypted content store"
2018-04-09 08:48:22 GMT <bhagyas> hehe
2018-04-09 08:48:53 GMT <bhagyas> but that's if the disk gets stolen
2018-04-09 08:49:00 GMT <bhagyas> what if someone logs into the shell
2018-04-09 08:49:06 GMT <bhagyas> then u have a problem
2018-04-09 08:49:20 GMT <angelborroy> if someone logs into the shell having root permissions
2018-04-09 08:49:48 GMT <angelborroy> is more or less the same as accessing the database to steal content encryption keys
2018-04-09 08:50:03 GMT <bhagyas> content encryption keys won't be in the database
2018-04-09 08:50:16 GMT <bhagyas> it would be asymmetric encryption with public/private pairs
2018-04-09 08:50:24 GMT <angelborroy> I know
2018-04-09 08:50:25 GMT <bhagyas> not with a symmetric\
2018-04-09 08:50:33 GMT <angelborroy> but where is the private stored?
2018-04-09 08:50:41 GMT <bhagyas> private would be in a CA
2018-04-09 08:50:45 GMT <angelborroy> nope
2018-04-09 08:50:48 GMT <angelborroy> this is not possible
2018-04-09 08:51:14 GMT <bhagyas> Alfresco uses a set of master keys, which are:
2018-04-09 08:51:14 GMT <bhagyas> • selected in a random fashion
2018-04-09 08:51:14 GMT <bhagyas> • stored in a password-protected keystore
2018-04-09 08:51:14 GMT <bhagyas> • can be retired, in the event of key theft or as part of a standard key retirement process. For more information, see https://docs.alfresco.com/5.0/tasks/encrypted-jmx.html.
2018-04-09 08:51:31 GMT <bhagyas> so its stored in a password protected keystore
2018-04-09 08:51:45 GMT <angelborroy> ok, this is not a CA
2018-04-09 08:51:47 GMT <bhagyas> not the database
2018-04-09 08:51:53 GMT <angelborroy> is a file protected by user/pass in the filesystem
2018-04-09 08:51:56 GMT <bhagyas> well, a CA is kind of a keystore
2018-04-09 08:52:07 GMT <bhagyas> might be, yeah
2018-04-09 08:52:13 GMT <angelborroy> nope, CA is an entity issuing certificates
2018-04-09 08:52:18 GMT <angelborroy> it’s not the same
2018-04-09 08:52:25 GMT <bhagyas> yeah
2018-04-09 08:52:29 GMT <angelborroy> I’m specialist in electronic signature, do you remember? :D
2018-04-09 08:52:37 GMT <bhagyas> yes
2018-04-09 08:52:38 GMT <bhagyas> ;)
2018-04-09 08:53:11 GMT <bhagyas> -= THIS MESSAGE NOT LOGGED =-
2018-04-09 08:53:48 GMT <angelborroy> -= THIS MESSAGE NOT LOGGED =-
2018-04-09 08:53:55 GMT <bhagyas> haha\
2018-04-09 08:53:59 GMT <bhagyas> u win ;)
2018-04-09 08:54:15 GMT <bhagyas> was busy building other things ;P
2018-04-09 08:54:28 GMT <bhagyas> anyways, so no open source encrypted content store :/
2018-04-09 08:54:32 GMT <angelborroy> seriously, I don’t see the difference in thers of security between encryption at disk level and encryption by using Alfresco stuff
2018-04-09 08:54:51 GMT <angelborroy> For me both have the same security level
2018-04-09 08:54:54 GMT <bhagyas> well, a sys admin can dump the alf_data
2018-04-09 08:55:10 GMT <bhagyas> but he won't be able to unlock if its encrypted
2018-04-09 08:55:20 GMT <angelborroy> and also an Alfresco admin can unlock it
2018-04-09 08:55:28 GMT <bhagyas> its a risk mitigation
2018-04-09 08:55:36 GMT <angelborroy> the secret is protected by a user/password in both scenarios
2018-04-09 08:55:36 GMT <bhagyas> it doesn't alleviate the risk, just makes it lower
2018-04-09 08:55:50 GMT <bhagyas> remove*
2018-04-09 08:56:07 GMT <angelborroy> you should be right
2018-04-09 08:56:30 GMT <bhagyas> :)
2018-04-09 08:58:32 GMT <bhagyas> fcorti: Is Alfresco working on enterprise compliance on GDPR?
2018-04-09 08:58:55 GMT <angelborroy> let me guess… it’s an EU regulation, so: NO!
2018-04-09 08:58:57 GMT <angelborroy> :)
2018-04-09 08:59:12 GMT <bhagyas> haha
2018-04-09 09:04:33 GMT <fcorti> bhagyas: Yes, more on Sales Engineers and Sales side. The Development Teams are involved to be sure all the features are there (and they are) and the Sales Eng + Partner + Sales ensure the solution built on top of it. I saw a demo from George Parapadakis (Director of Business Solutions) as an example.
2018-04-09 09:05:31 GMT <bhagyas> fcorti: Do you think they will provide this to all existing customers?
2018-04-09 09:08:24 GMT <fcorti> bhagyas: nope. Alfresco's position is to be a platform (we have heard this a lot of times). The solutions should be built "on top of it" and this is the case. I'm not aware Alfresco will deliver an official and supported solution of GDPR but it is ensuring all the features to build it on top of it. And this means that it would be something for Partners/Customers, mainly. So, don't expect to have an "Alfresco GDPR module"
2018-04-09 09:08:25 GMT <fcorti> but more solutions done by (certified) third parties.
2018-04-09 09:08:35 GMT <angelborroy> https://www.comparethecloud.net/watch/voices-of-gdpr/awareness-and-risks-of-stored-information-voices-of-gdpr-alfrescos-george-parapadakis/
2018-04-09 09:08:39 GMT <alfbot> Title: Awareness and risks of stored information - Voices of GDPR - Alfresco's George Parapadakis (at www.comparethecloud.net)
2018-04-09 09:09:34 GMT <fcorti> If interested I can ask George to jump in an Office Hours to talk about it. Be aware, it would be "more business" than technical but it could have sense, if you like it.
2018-04-09 09:09:41 GMT <bhagyas> fcorti: What about direct customers of Alfresco? Will they have to reach to a third party for their existing Alfresco installations to be compatible with GDPR?
2018-04-09 09:09:52 GMT <bhagyas> yeah, sounds good
2018-04-09 09:10:23 GMT <bhagyas> angelborroy: was listening to it when you posted the link :)
2018-04-09 09:10:57 GMT <bhagyas> 'customers who haven't bought into the platform hype'
2018-04-09 09:10:58 GMT <bhagyas> ;)
2018-04-09 09:11:18 GMT <bhagyas> like universities, government customers et al.
2018-04-09 09:11:28 GMT <bhagyas> etc*
2018-04-09 09:16:17 GMT <fcorti> bhagyas: there is no a single path to follow. Products or Modules should not be expected from Alfresco. If a Customer will ask for it, probably pointing on a Partner will be the solution. This is a Sales decision.
2018-04-09 09:16:53 GMT <bhagyas> fcorti: Does this mean you no longer sell Alfresco Share as a solution?
2018-04-09 09:16:55 GMT <angelborroy> IMO Afresco product has the right tools to manage GDPR requirements
2018-04-09 09:18:03 GMT <angelborroy> Also I’m thinking that UK will not be under GDPR law, so the market is even smaller
2018-04-09 09:18:11 GMT <bhagyas> Good for UK
2018-04-09 09:18:12 GMT <bhagyas> :p
2018-04-09 09:18:14 GMT <fcorti> angelborroy; I'm not an expert and if you say it, I'm happy with it. Again: Eng's Team worked to be sure that all the features are there (and they are).
2018-04-09 09:18:46 GMT <bhagyas> fcorti: as a platform, it does provide the extensibility required for compliance
2018-04-09 09:18:46 GMT <bhagyas> \
2018-04-09 09:44:36 GMT <bhagyas> https://youtu.be/_ZmFX6rJZ5E
2018-04-09 09:44:42 GMT <bhagyas> This one seems pretty good
2018-04-09 09:45:45 GMT <angelborroy> I told you: Xenit ;-)
2018-04-09 09:45:58 GMT <bhagyas> i mean the presentation :p
2018-04-09 09:46:36 GMT <bhagyas> can't comment on the software without seeing it for real
2018-04-09 11:55:26 GMT *** yreg is now known as Guest7795
2018-04-09 11:55:43 GMT <Guest7795> alfbot flushlog
2018-04-09 11:55:43 GMT <alfbot> Guest7795: Woooosh, your log has been flushed...
2018-04-09 12:01:31 GMT <tanwarm> hello everyone. I want to change the type (change type) of a document multiple times. currently I can change type only once. I am trying to override change-type.get.js file and I am able to see all the types in the list of change type action. but I am not able to change the type of the document again. can anyone help me with this ? Thanks.
2018-04-09 12:28:16 GMT <douglascrp> good morning
2018-04-09 13:26:57 GMT <mbui> How do I create a patch that on fail/error should not start Alfresco? (And set succeeded to false)
2018-04-09 19:19:54 GMT <digcat> ~later tell bhagyas, its interesting to hear alfresco's position on gdpr, seems that other solutions have a more supportive stance on gdpr, it seems alfresco's position is only a proprietary solution from a partner. surely this leaves us in the same boat as any closed source offering.
2018-04-09 19:19:55 GMT <alfbot> digcat: The operation succeeded.
2018-04-09 19:20:22 GMT <digcat> looking at nextcloud, https://nextcloud.com/blog/nextcloud-helps-you-being-gdpr-compliant/
2018-04-09 19:20:24 GMT <alfbot> Title: Nextcloud helps you being GDPR-compliant – The most popular self-hosted file share and collaboration platform (at nextcloud.com)
2018-04-09 19:21:13 GMT <digcat> or even drupal, https://www.drupal.org/project/gdpr https://www.drupal.org/project/gdpr_compliance
2018-04-09 19:21:47 GMT <digcat> https://www.nuxeo.com/gdpr/
2018-04-09 19:21:48 GMT <alfbot> Title: Nuxeo for GDPR Compliance | Nuxeo (at www.nuxeo.com)
2018-04-09 20:51:27 GMT <alfbot> AxelFaust: Sent 13 hours and 46 minutes ago: <fcorti> Yes, you are right. The latest film by Chris Paine. It is slightly apocalyptic, but not too much. For sure it summarise some things that are happening or happened (i.e. Google using AI is not a news). In every case it's an interesting content. I still remain curious to see the future (not in 100 years, but in 5).
The other logs are at http://esplins.org/hash_alfresco