jdev - 2022-01-05

What do you think about using message colours to denote encryption type in weechat?

Alternatively, what would work well as a one character indicator for {plain,pgp,otr,omemo}

I think that might be confusing, at least if color is the only indicator.

A padlock with different letters / symbols in it?

I considered: 🔏 pgp 🔐 otr 🔒 omemo 🔓 plain

But it's a bit small

I suppose if i add a letter after it, it could disambiguate, just leaves even less room per line

omemo and plain look basically identical to me on Snikket which has a mustard looking background

Yeah

Irritatingly not much seems to respect unicode variant 15 selector FE0E anymore, or i'd make the padlocks grayscale and then just colour them

Neat, ok ⚿ works

qy, are you working on an xmpp plugin for weechat?

I am, yes

Typing from it now actually

https://0x0.st/ozeN.jpg

qy, source or it didn't happen :)

https://github.com/bqv/weechat-xmpp but have an alka-seltzer ready

ha :)

that font-size 🔍

Yeah i like it small, more to see

qy, fyi, in my libvte3-based terminal I get a tofu character instead.

Maybe just because I haven’t installed a needed font; I do see the PNG emoji though. ✏

Link Mauve: with ⚿?

Ack, that would be a pain

Yes.

I'm already confused by Gajim anotationg every public chat with a padlock and a "warning" sign next to it, as if something was wrong with my TLS setup, do you suppose more icons would help users much? :)

Is that some plugin thing? I don't think gajim does that for me (but I also don't use it except to test things on occasion)

Sam: how does mcabber indicate enc?

I don't know, I don't use e2e encryption (except on occasion in Gajim for testing things, as I mentioned)

I think i'll just leave it to what i have now if there's no easier way, weechat users are power users, they'll notice anyway

Sam: No idea it's "whatever ubuntu ships", I've never used e2ee in XMPP really, but Gajim shows this in every chat

nephele: screenshot? I'd just be curious what it is since I don't think I've ever seen it

https://xmpp.gryphno.de/upload/OLhuL6uQL3wSQu_h/gajim.png

That's with the hover text visible, I've never used that option and clicking it does nothing (It doesn't behave like a button, but then it's incredibly hard to tell because the rest doesn't look like a button either...)

oh yah, I do have that button but it's so low contrast on my theme at least that I can't even see it. It just looks like a blank spot on the panel.

*slowclap* for GTK themes, I guess.

Or that icon, rather (it definitely should be a button being there in the middle of other buttons and it's surprising that it does nothing unlike everything around it)

I always assumed that it's supposed to be a button of sorts, but then... I also don't know what the rest does. There is a smiley which I assume is an emoji picker, a B that i assumed... is one too (it's probably formatted text, but it reminded me too much of blood type B) and then a plus and a clip thing which both mean "upload file" to me, but presumeably do different things..

Because here is a public semi anon muc.

You can't activate omemo or PGP.

It should work in 1-1 I guess.

It might work, yes. But showing this button when there is no use just trains me as a user to ignore it

Seems to not do anything in any 1-1 for me, but maybe this is its greyed out mode and I just don't have any compatible contact or something

Or no e2ee plugin.

> It might work, yes. But showing this button when there is no use just trains me as a user to ignore it Maybe to remind you that it's not e2e encrypted. No idea, I'm no gajim dev.

The orange exclamation mark comes from your theme. It should be an open padlock. The button is most likely disabled because there are no encryption plugins installed. And you cannot enable omemo for example if it's a public group chat. We're looking into whether it's a good idea to hide that button completely in public group chats

Oh, i wouldnt be so sure

Wait, ignore that

1

2

Martin: 3

[PGP encrypted message (XEP-0027)]

[PGP encrypted message (XEP-0027)]

Who did you encrypt those to?

https://cerdale.zash.se/s/t3ObGgBLg8yoprbYTCCV1Aze/deec6ed5-0077-4c2d-96c8-87b5833dbc75.png

wurstsalat‎: I don't really know what theme it is, i assume the gnome default one... but then ubuntu randomly changes stuff sometimes

[PGP encrypted message (XEP-0027)]

Link Mauve: * ellenor@umbrellix.net

Only person in my keyring atm

Tried larma but then remembered don't have their key

--> larma (https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk) entered jdev@muc.xmpp.org as participant with PGP:072E9235DB996F2A

Anyway, point was, pgp does work in mucs, its just pointless outside of muc pms :p

It can work. Awkwardly and with scaling issues tho.

PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection...

Yeah...

qy: how much is rich xmpp support limited by weechat's internal protocol? i.e. XEP-0184 message delivery receipts or media uploads?

qy: also your paste of larma's join has the https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk URL embedded as an oob element, meaning it's supposed to be an inline file ;)

Delivery reports i send on activity, but don't really have a way to receive, but they're indicated in a sense by chatstate anyway. Media uploads, work fine with weechat-android at least, as you see earlier, i just hackily scan the message for http links and oob them

Yeah that has somehow gone wrong

But AIUI thanks to conversations, embeds are ignored unless the body matches them anyway

qy: s/thanks to conversations/in conversations/

yaxim will embed OOB URLs if they are *contained in* the body

Oh, just them? I should fix it then

the whole oob mess is horrible

OOB also supports inclusion of a description in a `<desc/>`, but nothing supports that

And then we have SIMS and XEP-0447

Ge0rG: whats the ui like? If inline file, does it still show the body?

Zash, Gajim used to support it, until it aligned to Conversations’s lack of support.

qy: https://mail.jabber.org/pipermail/standards/2020-October/037828.html for context

qy: if body==url, only show the inline element, unless downloading fails, in which case show the url

qy: if body.contains(url), show body and embed url

qy: else: show body only

Thats what i first expected, much better than what C does

Good

I'll aim for that

qy: but you need to be compatible with conversations because it's the standard™️

I heard the "mood" stuff is getting removed from Gajim aswell?

True... I think i'll go with the logic that if the url is at the start, embed it, otherwise don't. Then, even just a space can block that

embed :- body == ${oob.desc}\s{oob.url} || ${oob.url}\s${oob.desc} || ${oob.url} maybe?

But then C users would always miss the desc

No, they'd miss the embed if there's a desc

Yes

mood makes not much sense in a world where you can put 3000 emojis into your status message to express your mood, rather then choosing from 40 possible moods

Well, funnily enough I wanted to see if using emoji was possible for the mood stuff, but... it really isn't, there is only a couple emoji that are for a specific emotion :)

but then with the ones in gajim i can't tell from the pictures what they would be either, i suppose the thing is too complex

it its, give people a simple text field, and they can put in there all the emojis they want and some text

its enough, no need for complicated protocol

and we already have that with normal presence status message

There are no emoji for most moods, and you'd make the /exact/ same argument for smileys, so why was mood okay then but not so much now?

there were no emojis back then, or like 20

the word emoji was not even in existence probably

text emotiocons were widely used then already, no?

yeah of course everybody used like 5

smile, sad, lol

thats about it

So, if 5 were sufficient. why were then 80 moods defined?

in that world, providing a xe with 40 emotions

seems to be nice

Anyhow. I was talking about the status message

why are there now 3000?

I don't think I even know how to make an UI to attach a mood to a message

emoji you mean?

The answer is simple: emoji don't convey just emotions, emoji are an non-phonetic alphabet by themselves

its pretty easy, ever used teams?

or facebook?

You mean like group sports?

you can attach all kind of emojis to all posts on facebook

I don't use facebook, no

the UI of a multi user chat and a facebook post seem widely different to me, each "post" is given much more room in that paradigm, no?

> Ge0rG> PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection.. only if you use the old pgp xep, mind

And in that context it seems that the emoji are for /other/ people to attach, not for yourself to express the mood of a post

https://share.hoerist.com/philipp/AvQnLoiUsLsATtV4/aa0707da-7530-4b61-af69-38b0a6408a2d.png

there you go, thats how UI looks like to attach a mood to a message

That only looks to work if you give each message much more room than in a chat :)

no, it works fine, microsoft teams does it for each chat message

just imagine the smilies half that size

So if teams does it and facebook, then I am even more confused why you use the existence of emoji /against/ moods

https://blog.simbiox.com.br/wp-content/uploads/2020/04/emoji_chat_teams-1024x640.png

You managed to fit 12 lines of text on the screen :)

Krock: http://iteroni.com/watch?v=uKRAcBjn0Gs

wrong channel, sorry

I don't suppose xmpp has an equivalent to a redaction request?

yes it has

(but nothing supports it)

but you cant do it, only moderators

Sam with Gajim unreleased you can

Heh, doesn't seem very usefull if only moderators can do that, oh well

its against spam

not against accidental sending a message

In matrix you can use this for your own messages, it's undestood to "only" be a request, but it works fairly well for that usecase in my experience

the mood xep allows you to attach a mood to your own message

which is useless becasue you can just attach as many emojis as you want, without any xep

so this has nothing to do with what facebook and teams can do

But... they do exactly that: allow you to "attach" stuff that isn't in the message body directly, no?

to messages of *other* people

the mood xep allows you only to attach stuff to a message you are currently sending

not even afterwards

You don't need to "attach" at all, just add emojis like 🙂 😉 😭️

Lovetox: Yes, I said that I don't see any good UI to display that, you contered with the teams UI.. so it's not that after all?

Anyhow: I still don't think there is any good way to implement this UI way in the chat, but i don't see why it would have to go for the status stuff

Pretty sure retraction (what you call redaction) aka XEP-0424 is supported by some clients, I think the Tigase ones maybe?

then i misunsterstood

While XEP-0425 is about moderator-invoked message redaction

but mood is not your status

status is one thing where people put in there mood, and then there is the mood xep which puts it at another place

so oyu have 2 places where you can publish that

and thats ... nobody needs it

Zash: Neat, I'll add that to my list of stuff to implement

lovetox: In theory having a selector for emotions could be funky, but every such thing lives and dies with the UI :) I wonder if it would have gotten more exposure or more useage if the UI was any better

Maybe XMPP will get more of that stuff the discord api uses to display ingame status, hmm.

https://xmpp.org/extensions/xep-0196.html

for what, people dont care about the protocol, there is a textfield and an emoji chooser, every client has that

so put in your mood in textform and if you want add 20 emojis

2006 called, but you couldn't answer because you only support Jingle+WebRTC

every client can do this now, without any XEP

I defy you on the grounds that Renga has no emoji picker :P

> lovetox wrote: > so put in your mood in textform and if you want add 20 emojis 👌

^ Look, a reaction!

ah that reminds me, we even have that reactions xep somewhere

Anyhow: The custom status message does work for this case indeed. But it's not the same as publishing game status

https://xmpp.org/extensions/xep-0444.html

Hamming distance("reaction", "retraction") 😕

That reaction generates the same alert as any other message and demands my attention. Lots of identical ones will also take up a lot of vertical screen space and be confusing as opposed to "👌 2+" or whatever on the message which won't necessarily generate an alert or anything because clients know it's less important than a real message.

as for the other things the activity stuff had... I honestly don't know anyone who spends enough time infront of their chat client that they need to set and unset a status of showering or making breakfast :)

qy: What did you do?!

Sam: In matrix that was my only real reason to support reactions aswell, it gives people an outlet for their smappy messages and i can more easily ignore them :D

https://cerdale.zash.se/s/4fv4DtV65v71aOW1wYUoDCLE/2ea95475-2d23-49e7-ba1c-c77de16d54f9.png

Haha

Yah, when GitHub added reactions the number of "+1" emails I got went down *drastically* (note that it did not eliminate them, but I probably get 1 a week instead of dozens every day)

Zash: why does your client not display my avatar?

🤷️

Mine doesnt either

Ah... I see the "ressource" of my account for the iOS client has leaked my device name also... that's cool...

Ressource?

qy, localpart@hostpart/resourcepart ?

Not sure what the thing is called exactly, the part after the slash of the bare jid

oh, leaked privately

Resource in englisch, Ressource in german…

I thought you meant here

Reßource?

huh, that's new "New OpenPGP messages found" and then if I hit decrypt it goes away but also I can't see any new messages or anything, congrats to whomever broke this chat :)

Hahaha

Sorry

Reßørce…

If you put RTL unicode chars into the iOS device name apple will send emails with the device name with it included and mess up the rendering... but then again I'm only messing up my own emails with such shenanigans

but maybe I can inject trash into the ressource siskin uses that way, hehe

qy: Isn't that visible generally? Atleast in the buddy list I can see the ressource of other peopls devices

Yeah, but not to us

Muc hides jids

So unless you add me, i cant see it

I see. For most people Here I do see avatars, I'm wondering if there is some configuration thing on my end that makes my avatar not shared or something

I can differentiate devices on weechat, but only by abusing caps identifiers

Well, I can't find anything in Gajim about sharing avatars if that is the reason. Oh well

Server? Config?

No Idea, I'd have to ask what server it is :)

Gajim version?

1.3.3

Did this thing exist then?

https://cerdale.zash.se/s/QO8Ym6mEk4GGpYq2wG_lJhVB/4713a6eb-59db-407c-9d6a-b4c746f1928d.png

Uhh, I don't see any material style buttons anywhere?

That may just be my theme.

Accounts → Profile anyways

Back to the embeds discussion, why was what i currently do wrong again? If i want to embed something for everything and C, i just send url only, otherwise, if body != url, sensible clients will show embed and body, and C will at least show the full body

Isn't that best?

... How is that different to the account settings? No wonder I didn't find it

Anyhow, supposedly it is now shared :D

I'm on the bleeding edge git version, lots of new stuff and I don't remember when this thing was introduced

Well, I would test but then I don't know if my feedback is that usefull, I don't understand how to use it in the released version either *shrug*

Like how there is two lists of chats and I have to move every chat back to the other list on start... it feels like i'm using it wrong, but i have no idea what I'm supposed to do instead

Looks like your profile picture should be visible now. You might have to poke the status setting or leave and join to make it show for everyone

I see it

What is a good set of XMPP features to group SASL EXTERNAL with? I thought about making an "auth" package, but pretty much only EXTERNAL would be in it (since other SASL stuff is already implemented elsewhere), or maybe an "s2s" package (where bidi lives) but EXTERNAL isn't just used for s2s (even if it mostly is)… no idea where to put this.

Maybe I could have some sort of "security" package, I expect that would have other things in it eventually.

Where's the TLS stuff? Why isn't the other SASL stuff in an "auth" package?

Other SASL stuff isn't XMPP specific (whereas EXTERNAL checks the xmpp_address fields and what not) so it lives in the sasl library already

TLS stuff is in the "dialer" package with all the connection options

Is client cert auth (for actual clients) a thing considered?

Maybe split the EXTERNAL stuff into something generic that takes a callback or somesuch that does the specific certificate validation?

I guess I could upstream something like that into the SASL library, but it would be the same problem (where does this callback belong for users to find it easily?)

But yah, this validates both clients and servers

Oh, I lied too, direct TLS is just an option on the dialer, but StartTLS just lives in the base "xmpp" package for <reasons>. Too late to move it now though either way.

I feel like I've been thinking about this on and off for a long time; no idea where users would expect to find this functionality though. Maybe it's an indication that I grouped things badly from the get-go.

API design is hard :)

Isn't SASL EXTERNAL used by email and IRC?

Yes, but it's so generic as to be almost meaningless to call them the same thing. "Validate some other external thing" is the extent of the definition. XMPP's validation will be very different from emails, most likely.

For all you know from the name it's validating ipsec instead of TLS, both are suggested implementations by the RFC IIRC :)

Is this client or server side btw? Or both?

Wouldn't any SASL method have some way to hook it up with something that verifies the credentials?

Both. Sure, this has that

I'm just saying, that's why it's in the XMPP package, almost all the code is very XMPP specific.

Things using channel bindings would also depend on the state of the TLS session, so maybe there's common ground there to design an API around?

in an XMPP library, not the upstream SASL library I mean.

Hmm, good idea, I hadn't thought of that

And validating a TLS certificate should already support some variations to account for different procedures in different protocols

Right now the channel binding support is just built into the SCRAM mechanisms in the upstream SASL library, but if I added a way to select between them or something that would potentially be a candidate to go in whatever this new package is called

Maybe I'll have a "security" or "auth" package then that includes both EXTERNAL and eventually a mechanism for selecting channel bindings if that ever becomes a thing; at least I'd know there's one other thing in the future so I don't end up with a single package with one tiny thing in it

Thanks; feels like that's the first progress I've made towards a decision in a while, gotta think about that a bit.

np :)

Yeah im gonna leave my embeds system as is

Not sure anything else is an improvement

lovetox, have you thought about suggesting to deprecate User Mood and User Activity as specifications?

“19:12:21 nephele> I don't suppose xmpp has an equivalent to a redaction request?”, XEP-0424?

That’s for your own messages.