else if (!isAllowedExtension)
error = { title: 'This file type is not acceptable.', details: 'Please check the requirements, save your file in one of the accepted
formats, and resubmit.' }
Or, maybe theverge is just lying or relying on the misconception. If you think renaming your file is the same as converting your file, maybe you are misplaced in the advanced placement program...
Out of curiosity which office did you work in between 2007 and 2018 when you started working for stripe? How is your teams WFH experience within stripe?
You would be surprised how many students use an iphone and a macbook but are unwilling to use safari (or icloud, photos) because of privacy concerns.
If you stay in the "regular" apple workflow everything is fine: iphone camera -> icloud/photos (airdrop/photos) -> safari. If you deviate at certain points though the workflow breaks down. Whose fault is that?
Sadly, it's not. I've had lots students who would use the Opera VPN or one of the "free" anti-virus providers VPNs because they got sold (by adds or dumb friends) that it would be safer.
You seriously over-estimate the "tech-savviness" of the average student and that really is part of the issue I'm pointing out here.
I can confirm. The average graduating high school senior or first-year college student is woefully inept at technical tasks. They grew up with tablets and smart phones, but outside the common apps, they aren't any more tech-savvy than anybody else.
This whole blame game is weird. Could the college board have handled this better or have a better upload mechanism? Sure. Could apple be more clear about the way they are storing and transferring photos? Sure, finder on my macbook actually does worse in handling .heic files than my windows 10 desktop unless I sync using photos.
But if I got this right the upload page stated the accepted file formats, why should they accept anything else? Sure, there are workarounds to handle uploading .heic files and automatic conversion works in certain cases but why should they care? The onus is on the user to ensure his submission is correct.
EDIT: I just tried .heic files on my Surface and had to install an MS store app to actually be able to open .heic files in full resolution.
EDIT2: I guess for me it boils down to, why should we coddle the applicants? Being able to understand the conditions of a test is not an unreasonable hardship. From that I gathered the website stated the accepted file formats. The uploader source suggests it did refuse certain file formats. There are technical solutions for this/these problem(s) and of course it would be nice if every system would be perfect. But it would also be nice if people would just work within the given constraints of a system.
If I may restate your position: "If a student uploads an image in the wrong format then it is acceptable for their entire test to be invalid and they can retake the entire exam."
Rather I think what is acceptable is HEIC is not accepted by the system, and if a student attempts to submit this format they receive an error saying that only JPG images are allowed.
> If I may restate your position: "If a student uploads an image in the wrong format then it is acceptable for their entire test to be invalid and they can retake the entire exam."
Yes, being able to understand the conditions should maybe be part of passing the test. Like I said, could the upload form have handled this better? Sure, although I have not read enough to understand if this was actually the upload form failing. The OP article claims "Spencer ... tried to convert it by renaming the HEIC file to PNG" which is not how you convert files. Maybe students learning that early on is not a bad thing?
> Yes, being able to understand the conditions should maybe be part of passing the test.
I agree, when It's part of the subject in test. I don't see any reasonable cause for a student to have to know about file types to submit a test, if that test isn't about file types. I don't, for example, expect my doctor to know how to convert an image file because that's not his job.
> The OP article claims "Spencer ... tried to convert it by renaming the HEIC file to PNG" which is not how you convert files.
This highlights the level of knowledge the users of this application have in this area. The developers should have made it Painfully Clear that uploading directly from an iPhone isn't supported.
> Maybe students learning that early on is not a bad thing?
I agree they should learn this stuff, but don't think it should cost them their grade to do so.
Now, I'm not saying that we shouldn't increase public understanding of these "slightly-technical" topics but I think we're a long way off and we can't expect that understanding just yet.
>I agree, when It's part of the subject in test. I don't see any reasonable cause for a student to have to know about file types to submit a test, if that test isn't about file types. I don't, for example, expect my doctor to know how to convert an image file because that's not his job.
Understanding the conditions of your test is part of the test. And your doctor doesn't have to know. His toolchain forces him to use certain programs and settings. If anything is set up wrong, your MRI image is just a worthless CD-R.
>This highlights the level of knowledge the users of this application have in this area. The developers should have made it Painfully Clear that uploading directly from an iPhone isn't supported.
They did. The supported file formats were clearly stated. Your issue here is with apple.
>I agree they should learn this stuff, but don't think it should cost them their grade to do so.
It doesn't. They can retake the test without punishment.
>Now, I'm not saying that we shouldn't increase public understanding of these "slightly-technical" topics but I think we're a long way off and we can't expect that understanding just yet.
I disagree. The sooner people learn that renaming a file does not constitute conversion the better. When I was a student 15 years ago it was painfully clear you could not upload the 50MB .tif file your scanner spat out (silly websites at the time would just not take 50MB uploads most of the time...). I think this "slightly-technical" knowledge is something akin to correct spelling and grammar. It's fine if you disagree but, in my opinion (even if that was not the intent of the college board), this is not a bad lesson to teach.
You're still supporting that computer knowledge of what image file formats are and how to convert them should be part of the test. They can learn that later when their high school or college makes them take basic computer classes (hopefully), right now they just want to upload their image.
Either Apple or College Board is at fault here but it isn't the user.
Yes, if you want to use a cell phone and/or a computer to complete your tasks you should have some basic knowledge about how it operates.
You can shift responsibility for that knowledge wherever you want but I would say that at the age between 16 and 19 (which google tells me is the average age for AP classes) I would expect that knowledge from someone applying for AP credit. And if someone didn't know what the accepted file types (as stated in the FAQ) meant at that age I'd expect them to figure it out for themselves.
I'm unsure that any of these students wanted to take their AP exams on their phone or computer. That this is a new problem suggests that this is something they've been newly forced to deal with.
It's certainly not a well engineered user experience. Passing a physics test should require physics knowledge, not knowledge of image formats. I think understanding of image formats is actually fairly obscure outside of technical circles.
No one rational makes absolute comments on the internet.
Maybe university IT departments are staffed by people. Maybe even at the college board it's just some IT guys trying to keep a shitty platform working. Maybe they did the best they could working within their constraints and they expected the same from students who have a vested interest in getting their results submitted. Maybe this is just much ado about nothing.
I'm pretty damn technical and I never heard of HEIC before today. Maybe I would have if I had an Iphone, but in general if I take a photo with my phone I assume it writes a JPEG to the file system somewhere. If that's not the case, the software -- not the students -- should have been able to handle the issue. Computers are the servants of people; not the other way around.
Ever see a student get scolded for not using a #2 pencil? Can't use a pen. Can't use a marker. Can't use a #9 pencil. Must be a a #2 pencil.
Ever fill out a government form that must be done in non erasable black or blue ink. A pencil is unacceptable. A red pen, green pen, purple pen is unacceptable. An erasable pen is also unacceptable.
Not saying users should have to know what a .JPG from an .HEIC but just saying there is plenty of precedent of technical requirements for things in real life. I've had forms rejected at the immigration office for using the wrong type of pen an I've been in classes where students didn't have the correct type of pencil and caused issues.
Knowing a file type is an "esoteric technical requirement" ?
Yes, this comment is for real. I'm the head of IT for a university and we do online applications. We actually accept everything within a given size requirement (which people are unable to respect). I have a bunch of scripts that run over all applications in the end to put them in the right formats, to do OCR for the photos of a printed PDF form that has been filled out by hand in pencil, I even run a script to scrape annotations in PDF portfolios to scrape video links and pass them to youtube-dl, to ensure everything submitted gets picked up and is provided for evaluation.
This is why I think it would be nice if there was at least some responsibility on the part of the student.
> Knowing a file type is an "esoteric technical requirement" ?
Yes, when it is outside of the scope of the test. Unless they're testing the students on their knowledge of data storage, or similar, this is out of scope.
Well, I disagree. I think "media competence" is more important than spelling or grammar and should be something expected of someone entering tertiary education.
By default, both Windows and MacOS hide file extensions. Smart phones almost universally hide them, if they give you a file explorer at all.
I suspect most teenagers (and that's what we're talking about here - 17, 18 years olds finishing secondary school) would have a notion that jpg and gif are image formats, and pdf and dcx are a document formats. I suspect few would know much beyond that, and most would not have had much reason to worry about converting between formats. [I work in higher ed tech, my gut feeling here is based on performing usability testing of other software]
Add in an unexpected file format glitch during the most important test of their life? Yeah, I'm not at all surprised that some/many screwed up.
This is 100% on College Board for failing to handle the situation gracefully. They didn't need to accept heif files. They did need to provide detailed instructions ahead of time, including possible issues with unsupported formats.
> I suspect few would know much beyond that, and most would not have had much reason to worry about converting between formats.
Ok, first of, why should I (as an institution) care about the people unable to fulfil the conditions of my test? Maybe I only want people with a basic understanding of file formats because chances are they will have less issues with future applications?
> They did need to provide detailed instructions ahead of time, including possible issues with unsupported formats.
They send out a message a week before the tests. The website only accepted the allowed formats. You could complain about them using Twitter to send out that message but you are not.
> They didn't need to accept heif files. They did need to provide detailed instructions ahead of time, including possible issues with unsupported formats.
They did not accept .heic files (see the source from the upload js file). They did provide a list of supported files. Maybe the handholding should stop at some point?
It's not the institution giving the test. It's a for-profit corporation that has a de facto monopoly on standardized testing in the US. It's also a company who has been slow to modernize their test (both content, scoring, and process) and has slowly lost the faith of many colleges/unis. And the students are paying for the "privilege" because their test is the gateway to higher ed.
The at-home test format is new. It's usually given in a test center (either private or at the secondary school) with a proctor. Students usually prep for years for this exam, but all that prep would be for the on-site proctored exam. This was new for everybody, and appears to be poorly executed by the company that profits handsomely from these exams.
Based on the article linked, the message went out the day of the exam, after some students were already mid-test. That's not helpful.
It's not an explicit category on the test and I never debated that. It might be an implicit requirement though.
Just how when you take your drivers test you should actually be able to operate your vehicle and know the laws around operating a motor vehicle aside from the explicit knowledge required from you in the test. But I understand how this might be a foreign concept for someone from the US.
> But I understand how this might be a foreign concept for someone from the US.
What? In the US, knowing how to operate your vehicle and the laws around operating a motor vehicle IS the drivers test.
Your argument is not reasonable. Knowing the nuances of file formats is irrelevant to AP exams in US History, Calculus, Physics, etc. This is a failure of the administrators to make a proper test. The College Board specializes in tests- that's what they do, and they screwed up.
Yes. Your average user knows nothing of file types. They know about pictures. Ask your average iPhone users whether their pictures are stored as JPEG, HEIC or TIFF files and you'll get a blank stare most of the time.
You’re vastly overestimating the competence of the average computer user. There’s a sizeable minority of people out there that don’t know what file extensions are, and even if they do know about them, they might not understand how they work (hence students attempting to convert file types by changing the extension).
File extensions are an implementation detail that, ideally, end users should never be forced to think about. There are graceful solutions to this problem; the College Board just didn’t do their due diligence.
I'm not overestimating them. I see lots of college admission files, I know how inept most high school graduates are. I would like to see a higher base standard because frankly these issues are not going away for them and I don't see it as a tertiary education issue. 3 to 6 years later they will still have to submit resumes and portfolios and they will suck at it but the places they submit these to now longer offer any grace periods. File size to large? Fuck you. Wrong file type? Fuck you. Unsigned PDF? Fuck you. Missing a document? Fuck you. Missed a dead line? Fuck you.
Out of curiosity, why did/do you not use the Zoom web version? I haven't tried their linux client but if it sucks there is an alternative. The "it just works" crowd probably uses mostly Windows/Mac OS, iOS/Android or the web version.
Getting the join by browser link apparently can be an issues but at least in the edu account I manage there is an admin setting to always provide the join with browser link.
As someone who has recently adopted Zoom and who has to justify this decision quite a lot, my question is where are all the exploits? If any of this is easily exploitable there would be such a shitstorm about it. Considering the current usage everybody would know about it.
To me, these look like things that could be used for local escalation or MITM attacks. This is not good but frankly, for most of Zooms use cases, it's not an issue. The only frightening thing is the turbojpeg.dll one. A POC that leads to an RCE or even a crash would be devastating for Zoom, especially considering the amount of edu setups that don't enforce passwords even now.
IDK, for me and the edu organization I'm responsible for Zoom has been a great offering (especially considering the pricing they were able to offer by default for edu and after very little negotiation) but we are actively looking at teams as a successor for the next semester. Zoom has had 3 killer features over teams (virtual background, easy dial-in, no effort guests) and all of them have gone away now with the recent teams changes. If teams finally gets customer skype calling figured out Zoom will most likely be done in the edu field because that's quite a big part of switching to teams for an all out integrated comms solution, especially since you can't use your office 365 account for consumer skype.
There are exploits though - for example, the lowest barrier to exploit vulns like 'zoom bombing' are being exploited quite often.
Others, like perhaps an RCE, are not being seen. This is for a lot of reasons.
* Many are being found by whitehats/ researchers, so by the time they're made public an attacker is already playing catch-up - it can take days or weeks to build a good exploit chain, so starting from "A patch is out" or "The vuln is disclosed" is not encouraging.
* In general, exploitation of vulnerabilities is actually quite rare. Patching practices, mitigation strategies, etc, have radically improved over the last decade. It isn't that the attackers can't do it, but the majority of attacks will just phish you, install malware, and try to make money the simplest way possible.
Does that mean you accept that risk of vulnerable software? These are not strong mitigating factors and are mostly about risk profiling and motivation. So that decision is up to you.
This is a great article, but as an educational provider it fails to answer one question: Why should I care?
The only concerning thing for me is, why would they lie about using AES-256 when none of my users (and I assume most of their users) would care in any way about AES-256 vs. AES-128 in ECB mode. Why would they lie?
Even after this, having my users conducting university lessons over something that might be decrypted in China is honestly not that big of an issue. I would of course prefer it if these meetings would be private from the PRCs scrutiny but at least in my situation (and I think most educational contexts) this is not really that important.
The students log in via email and from home, they both count as personal identifiers.
Now, China knows who is attending which lesson. And how much activity each individual shows. And also, what happens on the side like environment sounds, environment at the camera (e.g., how generous the student's apartment is). Also, the client can analyze the mouse cursor movement, see what other apps are running and how (on native clients), and on mobile clients there is for example the gravitational sensor.
Moreover, a voice (and the face, of course) is like a fingerprint of a person. Hence you now have a reverse lookup table from voice/face to person.
Just as an FYI 2 weeks later... We decided on not enforcing Zoom accounts for our students for various reasons. So the PRC might have IP address access to a SIP/Zoom server but this is not something we, as a small university, can solve. Even without Zoom the PRC could trace access to our bigbluebutton server or a jitsi videobridge and I don't presume that using Webex or Vidyo or what have you would solve this issue (and honestly all other solutions would have ended up being more expensive).
We still do not have any evidence that the PRC has access to unencrypted Zoom server logs and frankly I assume we would have the same (or worse) issues I had with my tests from Iran that either SIP/WebRTC doesn't work or appears to be intercepted. So, at least for me and my users, Zoom is the most accessible and "least worst" solution.
Thank you for the follow-up. No, we don't have evidence that they have access to the server logs, or even more, the streams. I guess that an intelligence would compromise one of Zoom's employees, then gaining access without any further evidence. This gives them to possibility to sneak on any Zoom call that is routed to the respective servers.
And indeed, an intelligence could possibly hack your bigbluebutton server. This involves, however, a targeted attack instead. I think this is a different scenario, though.
Which 404's and basically represents my experience with Cisco: "We don't give a shit about you, you already payed us.". Frankly Webex could host the next coming of Jesus and I would not give them any more money.
Correct, and if a Zoom representative would have lied to me that would factor into my decision. Frankly though, for student lectures and faculty meetings I don't care about their encryption (as long as they do TLS for client->server to protect my users in a public wifi situation) and a certain encryption level was never a basis for my decision. As long as they provide transport security I don't really care.
Webex is so bad that nobody would consider using it based on technical merits, security track record or being backed by a competent organisation, so it's kind of immune from the kind of critique that is being leveled against Zoom.
I have a feeling computer accessible Webex is just there because of the dedicated videoconf HW that Cisco makes. The software is to provide a feature checkmark and make its victims miserable enough to buy the HW.
Frankly, Cisco can post whatever they like I will not give them any more money. You are certainly right that I was disingenuous and I do not care what they do with Webex. My link was cherry picked from their press release for encryption in Webex that I though it was funny that that link would 404.
Good job discrediting my post though. It's not like Cisco basically told everybody in a KB that if you want to use the same features Zoom provides (or a Linux client, or desktop sharing or breakout rooms or audio transcription or waiting rooms or...) you would have to give up every encryption feature Webex provides. But I assume you are a seasoned Webex admin and can provide us some insight into why you are using webex in contrast any other solution. Or you are trolling, whatever.
Lets say these lessons are a politics seminar discussing whatever PRC finds objectionable, then family of the student back in the old country get their social credit score deducted.
Or even better use those recording in the future as compromat as needed.
I don't know how much free time they have over there, but snooping in on courses that a relative outside the country is taking and storing all of them... I mean, if you want to peg someone's social credit score, just stakeout their house and wait for them to spit outside or something. Hell, just make something up and dare them to come argue. Why go to all that effort?
Doesnt go exactly like that. More like: CCTV captures someone going to an area where known rebels or political activists live. (Look up videos on chinas face recognition, its insane.) Police decide to look through the person's zoom meeting transcripts, making a search on certain keywords. They find evidence of rebellious activities, and order further surveillance on the individual or arrest them.
In a surveillance state of the scope you've described, triangulating the zoom transcripts of an international relative's course work back to someone you spotted on CCTV is still hardly worth the extra trouble. At that level of erosion of civil liberties, they can already send the jackboots to break down the door when they make the CCTV match. Don't find anything? You plant something or coerce them into ratting on someone else. Why would you go mining terabytes of data that's mostly boring meetings and calls from grandma?
It's all take data collection and they mine it later. 10 years from now they go looking for video from you. And yes, if you don't think people have weird incentives and time on their hands, have a look at the shitshow of US Presidential politics.
Because big orgs check for a minimum list of features and that list will nowadays always include some element of encryption/data protection. Many companies use zoom, or e.g. I've seen the OECD host seminars there. Have they done due diligence and an independent audit of the software? No, Robert and Lucy from procurement had a week to read through 8 different bids describing software features and support modalities, assured they fit the checklist and then calculated which one is the lowest bid (or "best value for money" which is checklist points/price) as they are obliged to choose that.
Then zoom can go around and claim OECD and IBM and the UN (all made up) use them, which lends credence, even if it's just that one training team in Nairobi that trialed the software once.
I (en_GB) lived in that weird place called West Germany for about 10 years on and off back in the 70s and 80s. We have many friends (Hi Wurms, int al) who also have family, friends and acquaintances that lived through those days directly, shall we say, and of course my own family members who did from another side and perspective. You may want to take another look at my username and make of that what you will.
My point really does stand. You might gradually allow erosion of your rights until you find that none are left. It is so easy to say "I have nothing to hide" until you find that actually you do have something to hide for reasons that are not immediately obvious.
I am not saying that using Zoom will have nasty consequences but I am saying that the attitude that abrogates responsibility for your own privacy might have unintended consequences. If it becomes common place to simply say "meh" we might not like the world we get instead of the world we might wish for.
My Old Saxon friends have a rather more robust attitude to privacy concerns than you mate!
I'm not going to play "guess what my username means" with you, sorry. I'm also not going to play "who knows more people that lived through the 3rd reich" with you.
Me administering a Zoom account for my fellow employees and my students does not erode anybodies right. For me it is a choice between a GDPR compliant vendor and a vendor that does not care about the GDPR. Personally I have had good experiences with the GDPR (Facebook finally having to delete my account even though I would not verify it with a personal ID and cell phone number after I went through the irish data protection authority) and Zoom claims to be GDPR compliant.
So, frankly I'm not sure what you are talking about. It seems like you are going for a slippery slope argument I don't agree with.
Zoom also claims to have end-to-end encryption and yet they don't, their marketing and even their clarification post being a lie.
Companies like Zoom can claim that they are GDPR compliant however truth of the matter is that compliance offices are overwhelmed. And until Zoom will have a huge data leak or something nobody is going to investigate their compliance.
So a company like Zoom might claim GDPR compliance and that's something, but only if you can trust them.
And a company that lies in their marketing and press releases can't be trusted, sorry.
Google's Meet btw is also GDPR compliant, Google tries to be GDPR compliant nowadays with everything they do because they are a huge target. They also don't use bullshit in their marketing and are pretty good at security, so I personally trust them more, even if I actively avoid Google's products out of privacy concerns.
Nitpick: he's not talking about the Drittes Reich, he clearly must be talking about the experience people had in eastern German DDR / "German people's republic".
Kids! How on earth would a Brit end up in the DDR? OK we did:
My dad was a British soldier (so was mum but that's another story). We were posted to exotic places like "Reindahln" (MG) and Paderborn and Soltau etc. We went on a holiday to West Berlin in around 1980ish. We were allowed through Check Point Charlie to see the DDR for a short while. Funnily enough exactly the same arrangement as getting into Northern Cyprus. ie the Turkish bit.
Anyway, we saw the Brandenburg Gate from both sides, when it was mined all around but rather nicely flood lit. I have to say the east side looked a bit shag back then.
Our German friends always used to look forwards to reunification but the cost when it came used to cause a few remarks cough. For me a unified Germany is a good and beneficial thing, regardless of cost. I saw first hand what life was like in E Berlin in the early 80s.
"Guess the username" (you didn't even try and it was pretty bloody obvious):
Gerdes (my family name) means the same as the word German. A ger is a spear - https://en.wikipedia.org/wiki/Migration_Period_spear. A ger-man is a spear bearing man and gerdes is an old form of that. You lot had a habit of trundling around with spears - hence the name in English.
Using Zoom is of course not an awful thing to do. Just be careful me old fruit. Please.
That's the thing, though. Zoom also claimed to be end-to-end encrypting with AES-256. If they were willing to lie about that, what's not to say they're willing to lie about GDPR compliance?
Doesn’t Germany have specific data privacy laws based on the massive surveillance state that operated in the East up through 1990 or so? And you’re not concerned with using services that go through a country that, by all accounts, is trying to outdo the old Stasi with modern technology?
Zoom claims to be GDPR compliant (https://zoom.us/de-de/gdpr.html). Frankly, ensuring a company claims compliance is as far as I can go. I'm still hoping that if a company intentionally lies about this they will get sued out of existence. If I'm wrong about this the GDPR is worthless anyway and there isn't really anything I can do.
If you’re not especially worried about having a communist police state intercept your private conversations, that’s your personal business. All I can ask is that you don’t go out of your way trying to legitimize that for everyone else as you have here.
No, but it will when the next generation of Nazi, Stalinist, and Maoist regimes arise and gain access to the data in question because we weren't fanatical enough about E2E privacy today.
And just as Niemoeller's verse warns, by then it will be too late.
> And just as Niemoeller's verse warns, by then it will be too late.
But, this is just wrong. In Germany we did speak out when they came for the communists, the socialists, the unions and the jews. Niemöllers argument was relevant in 1937 when he was arrested and I appreciate that you picked up on it but frankly it's different here in Germany. We do still speak out against discrimination against all of them. Maybe E2E encryption in a chat application is just not as pressing as the things Niemöller talked about at the time.
You should care because Zoom is a company run by and within China. What's troubling for the west is having so much IP and information flowing through a bad state actor without knowing about it.
I kind of doubt it was intentional. Developers are not marketing, typically, and it seems reasonable to assume that a technical person said "aes" when a marketing person asked "do we have encryption?". And then the marketing person searched for "aes" and assumed that meant "aes-256".
I'm the sole it guy for a small university in Germany (~40 FTE users and ~200 students) and here is my take on these tools. I used or tried to use most of them and have a, what I think is, good take on what I can burden my users with. I'm also bored this Friday evening because I can't go anywhere, so...
Mumble: Mumble is amazing. I used it extensively playing EVE Online and what can be done with mumble with regards to external authentication and integration is really great. As an enterprise solution, if I have to weigh my time versus expenditure, it's not worth it though, I'll go with MS Teams or Slack.
Asterisk/SIP: I actually ran an asterisk PBX with a self made IVR solution for a project at my previous employer and handled a lot of calls with it and saved a load of money compared to what the callcenter would have charged. Asterisk is great but we are back to the time/expenditure calculation again. I can buy a PBX solution and pay someone to maintain it for far less then me setting up Asterisk. I'd rather just buy a PBX and a support contract. For IVR the calculation gets more complicated.
Jitsi: Jitsi meet is really great. It's right in that sweetspot where Skype begins to fail for decent conferences (>4 people) and where I'm invested that much that I want someone to blame and a service contract if my meetings get large enough. If you exceed that threshold (in my testing it has been somewhere between 15 and 30 participants) you want to pay someone for this service or run your own server/videobridge (still curious why BigBlueButton isn't mentioned here anywhere in all these Zoom topics). As an educational institution with my amount of users, hosting a videobridge or bbb the hosting budget alone would have exceeded our Zoom licensing cost not to mention my time. At least in Germany there is also the issue with not having a contract with the provider and problems this creates with regard to the GDPR.
Jami: I don't actually know this one.
OBS: Nothing can touch OBS. It's an incredibly flexible tool and while it could use some usability improvements it just really is that great. With it's usability downfalls it's also not something you can suggest to a casual user, which is kinda sad. Someone please figure out whatever Zoom is doing with the virtual camera background. Setting a simple picture as background without a green screen frankly is one of their killer features. No one talks bout it but so many people are using this that it has got to be one of their killer features.
XMPP: Is a weird mention for me, since it's not an application but a protocol. Jabber sucks, most XMPP clients suck for normal users. I'm not aware of any decent enterprise solutions.
IRC: Well, IRC is fucking great. I spend so much time on IRC in my youth and I'm fairly certain my earliest linux contact was an IRC bouncer on a friends machine. In the end it's kind of a weird mention as well though, since it's a protocol and not an application. It is also a protocol that is kinda caught between the "I want link preview, VoIP, file sharing, whatever" crowd and the "why is that noobs client spamming my channel with un-interpretable messages" crowd. IRC with a spec upgrade, even if it would induce a permanent netsplit would be great.
I'm not gonna talk about the rest. Nextcloud is great, and with Univentions app server (https://www.univention.de/) is a usable solution that just suffers at scale. Of course I could set up a univention server and nextcloud and imap email and ldap and lots of other things mentioned above but it would cost me a significant amount of money and time and I can have Office 365 basically for free. So, considering I'm spending tax payers money, and I'm in the EU and MS claims to be GDPR compliant... what is my incentive to do any of this?
If I'd have one complaint about Zoom, I'd would be that we had one student unable to join from Iran (which is either because of his ISP blocking certain connections or Zoom actively blocking users from Iran). Zoom excludes users from Iran in their ToU but we assumed that would just be for paying users and have a currently open ticket to figure out what could be the issue.
So, this is my take. Basically if you have the time and money and want to tinker most of these OSS solutions are great and worth it. If you are operating within budget or time constraints there a valid reasons to choose a commercial provider.
Thanks for the great summary. I should've been more clear. I've learned a lot about OBS in the past couple of weeks and it really seems to be the king (for streamers).
I'm already familiar with XMPP but feel Matrix is a much better and more modern successor.
I grew up on IRC but it probably needs a lot of modern security enhancements.
Well, at least in my opinion, it was a good question and the answer across the board is "Yes, these solutions need to be more accessible".
A good part of that is corporations not giving back to OSS but I also think that a large part of OSS developers are missing the point (I keep remembering the story of that one these OSS guy trying to get his printer working but I can't remember his name to find the link).
RMS said one of the inspirations for free software was a particular printer he couldn’t get to work because of a driver issue. The company refused to give him the source code, and iirc said he was not allowed to write his own for it. He did not forgive or forget this slight, and we live in the world he helped create as a result
