-
qy
What do you think about using message colours to denote encryption type in weechat?
-
qy
Alternatively, what would work well as a one character indicator for {plain,pgp,otr,omemo}
-
Ge0rG
I think that might be confusing, at least if color is the only indicator.
-
Ge0rG
A padlock with different letters / symbols in it?
-
qy
I considered: 🔏 pgp 🔐 otr 🔒 omemo 🔓 plain
-
qy
But it's a bit small
-
qy
I suppose if i add a letter after it, it could disambiguate, just leaves even less room per line
-
Sam
omemo and plain look basically identical to me on Snikket which has a mustard looking background
-
qy
Yeah
-
qy
Irritatingly not much seems to respect unicode variant 15 selector FE0E anymore, or i'd make the padlocks grayscale and then just colour them
-
qy
Neat, ok ⚿ works
-
flow
qy, are you working on an xmpp plugin for weechat?
-
qy
I am, yes
-
qy
Typing from it now actually
-
qy
https://0x0.st/ozeN.jpg
-
flow
qy, source or it didn't happen :)
-
qy
https://github.com/bqv/weechat-xmpp but have an alka-seltzer ready
-
flow
ha :)
-
edhelas
that font-size 🔍
-
qy
Yeah i like it small, more to see
-
Link Mauve
qy, fyi, in my libvte3-based terminal I get a tofu character instead.
-
Link Mauve
Maybe just because I haven’t installed a needed font; I do see the PNG emojis though.✎ -
Link Mauve
Maybe just because I haven’t installed a needed font; I do see the PNG emoji though. ✏
-
qy
Link Mauve: with ⚿?
-
qy
Ack, that would be a pain
-
Link Mauve
Yes.
-
nephele
I'm already confused by Gajim anotationg every public chat with a padlock and a "warning" sign next to it, as if something was wrong with my TLS setup, do you suppose more icons would help users much? :)
-
Sam
Is that some plugin thing? I don't think gajim does that for me (but I also don't use it except to test things on occasion)
-
qy
Sam: how does mcabber indicate enc?
-
Sam
I don't know, I don't use e2e encryption (except on occasion in Gajim for testing things, as I mentioned)
-
qy
I think i'll just leave it to what i have now if there's no easier way, weechat users are power users, they'll notice anyway
-
nephele
Sam: No idea it's "whatever ubuntu ships", I've never used e2ee in XMPP really, but Gajim shows this in every chat
-
Sam
nephele: screenshot? I'd just be curious what it is since I don't think I've ever seen it
-
nephele
https://xmpp.gryphno.de/upload/OLhuL6uQL3wSQu_h/gajim.png
-
nephele
That's with the hover text visible, I've never used that option and clicking it does nothing (It doesn't behave like a button, but then it's incredibly hard to tell because the rest doesn't look like a button either...)
-
Sam
oh yah, I do have that button but it's so low contrast on my theme at least that I can't even see it. It just looks like a blank spot on the panel.
-
Sam
*slowclap* for GTK themes, I guess.
-
Sam
Or that icon, rather (it definitely should be a button being there in the middle of other buttons and it's surprising that it does nothing unlike everything around it)
-
nephele
I always assumed that it's supposed to be a button of sorts, but then... I also don't know what the rest does. There is a smiley which I assume is an emoji picker, a B that i assumed... is one too (it's probably formatted text, but it reminded me too much of blood type B) and then a plus and a clip thing which both mean "upload file" to me, but presumeably do different things..
-
Martin
Because here is a public semi anon muc.
-
Martin
You can't activate omemo or PGP.
-
Martin
It should work in 1-1 I guess.
-
nephele
It might work, yes. But showing this button when there is no use just trains me as a user to ignore it
-
Sam
Seems to not do anything in any 1-1 for me, but maybe this is its greyed out mode and I just don't have any compatible contact or something
-
Martin
Or no e2ee plugin.
-
Martin
> It might work, yes. But showing this button when there is no use just trains me as a user to ignore it Maybe to remind you that it's not e2e encrypted. No idea, I'm no gajim dev.
-
wurstsalat
The orange exclamation mark comes from your theme. It should be an open padlock. The button is most likely disabled because there are no encryption plugins installed. And you cannot enable omemo for example if it's a public group chat. We're looking into whether it's a good idea to hide that button completely in public group chats
-
qy
Oh, i wouldnt be so sure
-
qy
Wait, ignore that
-
qy
1
-
Martin
2
-
qy
Martin: 3
-
qy
[PGP encrypted message (XEP-0027)]
-
qy
[PGP encrypted message (XEP-0027)]
-
Link Mauve
Who did you encrypt those to?
-
Zash
https://cerdale.zash.se/s/t3ObGgBLg8yoprbYTCCV1Aze/deec6ed5-0077-4c2d-96c8-87b5833dbc75.png
-
nephele
wurstsalat: I don't really know what theme it is, i assume the gnome default one... but then ubuntu randomly changes stuff sometimes
-
qy
[PGP encrypted message (XEP-0027)]
-
qy
Link Mauve: * ellenor@umbrellix.net
-
qy
Only person in my keyring atm
-
qy
Tried larma but then remembered don't have their key
-
qy
--> larma (https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk) entered jdev@muc.xmpp.org as participant with PGP:072E9235DB996F2A
-
qy
Anyway, point was, pgp does work in mucs, its just pointless outside of muc pms :p
-
Zash
It can work. Awkwardly and with scaling issues tho.
-
Ge0rG
PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection...
-
qy
Yeah...
-
Ge0rG
qy: how much is rich xmpp support limited by weechat's internal protocol? i.e. XEP-0184 message delivery receipts or media uploads?
-
Ge0rG
qy: also your paste of larma's join has the https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk URL embedded as an oob element, meaning it's supposed to be an inline file ;)
-
qy
Delivery reports i send on activity, but don't really have a way to receive, but they're indicated in a sense by chatstate anyway. Media uploads, work fine with weechat-android at least, as you see earlier, i just hackily scan the message for http links and oob them
-
qy
Yeah that has somehow gone wrong
-
qy
But AIUI thanks to conversations, embeds are ignored unless the body matches them anyway
-
Ge0rG
qy: s/thanks to conversations/in conversations/
-
Ge0rG
yaxim will embed OOB URLs if they are *contained in* the body
-
qy
Oh, just them? I should fix it then
-
Ge0rG
the whole oob mess is horrible
-
Zash
OOB also supports inclusion of a description in a `<desc/>`, but nothing supports that
-
Zash
And then we have SIMS and XEP-0447
-
qy
Ge0rG: whats the ui like? If inline file, does it still show the body?
-
Link Mauve
Zash, Gajim used to support it, until it aligned to Conversations’s lack of support.
-
Ge0rG
qy: https://mail.jabber.org/pipermail/standards/2020-October/037828.html for context
-
Ge0rG
qy: if body==url, only show the inline element, unless downloading fails, in which case show the url
-
Ge0rG
qy: if body.contains(url), show body and embed url
-
Ge0rG
qy: else: show body only
-
qy
Thats what i first expected, much better than what C does
-
qy
Good
-
qy
I'll aim for that
-
Ge0rG
qy: but you need to be compatible with conversations because it's the standard™️
-
nephele
I heard the "mood" stuff is getting removed from Gajim aswell?
-
qy
True... I think i'll go with the logic that if the url is at the start, embed it, otherwise don't. Then, even just a space can block that
-
Zash
embed :- body == ${oob.desc}\s{oob.url} || ${oob.url}\s${oob.desc} || ${oob.url} maybe?
-
qy
But then C users would always miss the desc
-
qy
No, they'd miss the embed if there's a desc
-
Zash
Yes
-
lovetox
mood makes not much sense in a world where you can put 3000 emojis into your status message to express your mood, rather then choosing from 40 possible moods
-
nephele
Well, funnily enough I wanted to see if using emoji was possible for the mood stuff, but... it really isn't, there is only a couple emoji that are for a specific emotion :)
-
nephele
but then with the ones in gajim i can't tell from the pictures what they would be either, i suppose the thing is too complex
-
lovetox
it its, give people a simple text field, and they can put in there all the emojis they want and some text
-
lovetox
its enough, no need for complicated protocol
-
lovetox
and we already have that with normal presence status message
-
nephele
There are no emoji for most moods, and you'd make the /exact/ same argument for smileys, so why was mood okay then but not so much now?
-
lovetox
there were no emojis back then, or like 20
-
lovetox
the word emoji was not even in existence probably
-
nephele
text emotiocons were widely used then already, no?
-
lovetox
yeah of course everybody used like 5
-
lovetox
smile, sad, lol
-
lovetox
thats about it
-
nephele
So, if 5 were sufficient. why were then 80 moods defined?
-
lovetox
in that world, providing a xe with 40 emotions
-
lovetox
seems to be nice
-
nephele
Anyhow. I was talking about the status message
-
lovetox
why are there now 3000?
-
nephele
I don't think I even know how to make an UI to attach a mood to a message
-
nephele
emoji you mean?
-
nephele
The answer is simple: emoji don't convey just emotions, emoji are an non-phonetic alphabet by themselves
-
lovetox
its pretty easy, ever used teams?
-
lovetox
or facebook?
-
nephele
You mean like group sports?
-
lovetox
you can attach all kind of emojis to all posts on facebook
-
nephele
I don't use facebook, no
-
nephele
the UI of a multi user chat and a facebook post seem widely different to me, each "post" is given much more room in that paradigm, no?
-
flow
> Ge0rG> PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection.. only if you use the old pgp xep, mind
-
nephele
And in that context it seems that the emoji are for /other/ people to attach, not for yourself to express the mood of a post
-
lovetox
https://share.hoerist.com/philipp/AvQnLoiUsLsATtV4/aa0707da-7530-4b61-af69-38b0a6408a2d.png
-
lovetox
there you go, thats how UI looks like to attach a mood to a message
-
nephele
That only looks to work if you give each message much more room than in a chat :)
-
lovetox
no, it works fine, microsoft teams does it for each chat message
-
lovetox
just imagine the smilies half that size
-
nephele
So if teams does it and facebook, then I am even more confused why you use the existence of emoji /against/ moods
-
lovetox
https://blog.simbiox.com.br/wp-content/uploads/2020/04/emoji_chat_teams-1024x640.png
-
nephele
You managed to fit 12 lines of text on the screen :)
-
nephele
Krock: http://iteroni.com/watch?v=uKRAcBjn0Gs
-
nephele
wrong channel, sorry
-
nephele
I don't suppose xmpp has an equivalent to a redaction request?
-
lovetox
yes it has
-
Sam
(but nothing supports it)
-
lovetox
but you cant do it, only moderators
-
lovetox
Sam with Gajim unreleased you can
-
nephele
Heh, doesn't seem very usefull if only moderators can do that, oh well
-
lovetox
its against spam
-
lovetox
not against accidental sending a message
-
nephele
In matrix you can use this for your own messages, it's undestood to "only" be a request, but it works fairly well for that usecase in my experience
-
lovetox
the mood xep allows you to attach a mood to your own message
-
lovetox
which is useless becasue you can just attach as many emojis as you want, without any xep
-
lovetox
so this has nothing to do with what facebook and teams can do
-
nephele
But... they do exactly that: allow you to "attach" stuff that isn't in the message body directly, no?
-
lovetox
to messages of *other* people
-
lovetox
the mood xep allows you only to attach stuff to a message you are currently sending
-
lovetox
not even afterwards
-
Zash
You don't need to "attach" at all, just add emojis like 🙂 😉 😭️
-
nephele
Lovetox: Yes, I said that I don't see any good UI to display that, you contered with the teams UI.. so it's not that after all?
-
nephele
Anyhow: I still don't think there is any good way to implement this UI way in the chat, but i don't see why it would have to go for the status stuff
-
Zash
Pretty sure retraction (what you call redaction) aka XEP-0424 is supported by some clients, I think the Tigase ones maybe?
-
lovetox
then i misunsterstood
-
Zash
While XEP-0425 is about moderator-invoked message redaction
-
lovetox
but mood is not your status
-
lovetox
status is one thing where people put in there mood, and then there is the mood xep which puts it at another place
-
lovetox
so oyu have 2 places where you can publish that
-
lovetox
and thats ... nobody needs it
-
nephele
Zash: Neat, I'll add that to my list of stuff to implement
-
nephele
lovetox: In theory having a selector for emotions could be funky, but every such thing lives and dies with the UI :) I wonder if it would have gotten more exposure or more useage if the UI was any better
-
nephele
Maybe XMPP will get more of that stuff the discord api uses to display ingame status, hmm.
-
Zash
https://xmpp.org/extensions/xep-0196.html
-
lovetox
for what, people dont care about the protocol, there is a textfield and an emoji chooser, every client has that
-
lovetox
so put in your mood in textform and if you want add 20 emojis
-
Zash
2006 called, but you couldn't answer because you only support Jingle+WebRTC
-
lovetox
every client can do this now, without any XEP
-
nephele
I defy you on the grounds that Renga has no emoji picker :P
-
qy
> lovetox wrote: > so put in your mood in textform and if you want add 20 emojis 👌
-
qy
^ Look, a reaction!
-
lovetox
ah that reminds me, we even have that reactions xep somewhere
-
nephele
Anyhow: The custom status message does work for this case indeed. But it's not the same as publishing game status
-
larma
https://xmpp.org/extensions/xep-0444.html
-
Zash
Hamming distance("reaction", "retraction") 😕
-
Sam
That reaction generates the same alert as any other message and demands my attention. Lots of identical ones will also take up a lot of vertical screen space and be confusing as opposed to "👌 2+" or whatever on the message which won't necessarily generate an alert or anything because clients know it's less important than a real message.
-
nephele
as for the other things the activity stuff had... I honestly don't know anyone who spends enough time infront of their chat client that they need to set and unset a status of showering or making breakfast :)
-
Zash
qy: What did you do?!
-
nephele
Sam: In matrix that was my only real reason to support reactions aswell, it gives people an outlet for their smappy messages and i can more easily ignore them :D
-
Zash
https://cerdale.zash.se/s/4fv4DtV65v71aOW1wYUoDCLE/2ea95475-2d23-49e7-ba1c-c77de16d54f9.png
-
qy
Haha
-
Sam
Yah, when GitHub added reactions the number of "+1" emails I got went down *drastically* (note that it did not eliminate them, but I probably get 1 a week instead of dozens every day)
-
nephele
Zash: why does your client not display my avatar?
-
Zash
🤷️
-
qy
Mine doesnt either
-
nephele
Ah... I see the "ressource" of my account for the iOS client has leaked my device name also... that's cool...
- Zash mutters something about using resources for device identity instead of temporary random session identifiers
-
qy
Ressource?
-
Zash
qy, localpart@hostpart/resourcepart ?
-
nephele
Not sure what the thing is called exactly, the part after the slash of the bare jid
-
qy
oh, leaked privately
-
Martin
Resource in englisch, Ressource in german…
-
qy
I thought you meant here
-
Zash
Reßource?
-
Sam
huh, that's new "New OpenPGP messages found" and then if I hit decrypt it goes away but also I can't see any new messages or anything, congrats to whomever broke this chat :)
-
qy
Hahaha
-
qy
Sorry
-
Martin
Reßørce…
-
nephele
If you put RTL unicode chars into the iOS device name apple will send emails with the device name with it included and mess up the rendering... but then again I'm only messing up my own emails with such shenanigans
-
nephele
but maybe I can inject trash into the ressource siskin uses that way, hehe
-
nephele
qy: Isn't that visible generally? Atleast in the buddy list I can see the ressource of other peopls devices
-
qy
Yeah, but not to us
-
qy
Muc hides jids
-
qy
So unless you add me, i cant see it
-
nephele
I see. For most people Here I do see avatars, I'm wondering if there is some configuration thing on my end that makes my avatar not shared or something
-
qy
I can differentiate devices on weechat, but only by abusing caps identifiers
-
nephele
Well, I can't find anything in Gajim about sharing avatars if that is the reason. Oh well
-
Zash
Server? Config?
-
nephele
No Idea, I'd have to ask what server it is :)
-
Zash
Gajim version?
-
nephele
1.3.3
-
Zash
Did this thing exist then?
-
Zash
https://cerdale.zash.se/s/QO8Ym6mEk4GGpYq2wG_lJhVB/4713a6eb-59db-407c-9d6a-b4c746f1928d.png
-
nephele
Uhh, I don't see any material style buttons anywhere?
-
Zash
That may just be my theme.
-
Zash
Accounts → Profile anyways
-
qy
Back to the embeds discussion, why was what i currently do wrong again? If i want to embed something for everything and C, i just send url only, otherwise, if body != url, sensible clients will show embed and body, and C will at least show the full body
-
qy
Isn't that best?
-
nephele
... How is that different to the account settings? No wonder I didn't find it
-
nephele
Anyhow, supposedly it is now shared :D
-
Zash
I'm on the bleeding edge git version, lots of new stuff and I don't remember when this thing was introduced
-
nephele
Well, I would test but then I don't know if my feedback is that usefull, I don't understand how to use it in the released version either *shrug*
-
nephele
Like how there is two lists of chats and I have to move every chat back to the other list on start... it feels like i'm using it wrong, but i have no idea what I'm supposed to do instead
-
Zash
Looks like your profile picture should be visible now. You might have to poke the status setting or leave and join to make it show for everyone
-
qy
I see it
-
Sam
What is a good set of XMPP features to group SASL EXTERNAL with? I thought about making an "auth" package, but pretty much only EXTERNAL would be in it (since other SASL stuff is already implemented elsewhere), or maybe an "s2s" package (where bidi lives) but EXTERNAL isn't just used for s2s (even if it mostly is)… no idea where to put this.
-
Sam
Maybe I could have some sort of "security" package, I expect that would have other things in it eventually.
-
Zash
Where's the TLS stuff? Why isn't the other SASL stuff in an "auth" package?
-
Sam
Other SASL stuff isn't XMPP specific (whereas EXTERNAL checks the xmpp_address fields and what not) so it lives in the sasl library already
-
Sam
TLS stuff is in the "dialer" package with all the connection options
-
Zash
Is client cert auth (for actual clients) a thing considered?
-
Zash
Maybe split the EXTERNAL stuff into something generic that takes a callback or somesuch that does the specific certificate validation?
-
Sam
I guess I could upstream something like that into the SASL library, but it would be the same problem (where does this callback belong for users to find it easily?)
-
Sam
But yah, this validates both clients and servers
-
Sam
Oh, I lied too, direct TLS is just an option on the dialer, but StartTLS just lives in the base "xmpp" package for <reasons>. Too late to move it now though either way.
-
Sam
I feel like I've been thinking about this on and off for a long time; no idea where users would expect to find this functionality though. Maybe it's an indication that I grouped things badly from the get-go.
-
Zash
API design is hard :)
-
Zash
Isn't SASL EXTERNAL used by email and IRC?
-
Sam
Yes, but it's so generic as to be almost meaningless to call them the same thing. "Validate some other external thing" is the extent of the definition. XMPP's validation will be very different from emails, most likely.
-
Sam
For all you know from the name it's validating ipsec instead of TLS, both are suggested implementations by the RFC IIRC :)
-
Zash
Is this client or server side btw? Or both?
-
Zash
Wouldn't any SASL method have some way to hook it up with something that verifies the credentials?
-
Sam
Both. Sure, this has that
-
Sam
I'm just saying, that's why it's in the XMPP package, almost all the code is very XMPP specific.
-
Zash
Things using channel bindings would also depend on the state of the TLS session, so maybe there's common ground there to design an API around?
-
Sam
in an XMPP library, not the upstream SASL library I mean.
-
Sam
Hmm, good idea, I hadn't thought of that
-
Zash
And validating a TLS certificate should already support some variations to account for different procedures in different protocols
-
Sam
Right now the channel binding support is just built into the SCRAM mechanisms in the upstream SASL library, but if I added a way to select between them or something that would potentially be a candidate to go in whatever this new package is called
-
Sam
Maybe I'll have a "security" or "auth" package then that includes both EXTERNAL and eventually a mechanism for selecting channel bindings if that ever becomes a thing; at least I'd know there's one other thing in the future so I don't end up with a single package with one tiny thing in it
-
Sam
Thanks; feels like that's the first progress I've made towards a decision in a while, gotta think about that a bit.
-
Zash
np :)
-
qy
Yeah im gonna leave my embeds system as is
-
qy
Not sure anything else is an improvement
-
Link Mauve
lovetox, have you thought about suggesting to deprecate User Mood and User Activity as specifications?
-
Link Mauve
“19:12:21 nephele> I don't suppose xmpp has an equivalent to a redaction request?”, XEP-0424?
-
Link Mauve
That’s for your own messages.