What do you think about using message colours to denote encryption type in weechat?
qy
Alternatively, what would work well as a one character indicator for {plain,pgp,otr,omemo}
Ge0rG
I think that might be confusing, at least if color is the only indicator.
Ge0rG
A padlock with different letters / symbols in it?
qy
I considered:
🔏 pgp
🔐 otr
🔒 omemo
🔓 plain
qy
But it's a bit small
qy
I suppose if i add a letter after it, it could disambiguate, just leaves even less room per line
Sam
omemo and plain look basically identical to me on Snikket which has a mustard looking background
qy
Yeah
catphonehas joined
qy
Irritatingly not much seems to respect unicode variant 15 selector FE0E anymore, or i'd make the padlocks grayscale and then just colour them
qy ⚿has left
qy⚿has left
qy
Neat, ok ⚿ works
catphonehas left
flow
qy, are you working on an xmpp plugin for weechat?
qy
I am, yes
qy
Typing from it now actually
qy
https://0x0.st/ozeN.jpg
jubalhhas left
flow
qy, source or it didn't happen :)
qy
https://github.com/bqv/weechat-xmpp but have an alka-seltzer ready
jubalhhas joined
flow
ha :)
edhelas
that font-size 🔍
Wojtekhas left
Wojtekhas joined
qy
Yeah i like it small, more to see
Link Mauve
qy, fyi, in my libvte3-based terminal I get a tofu character instead.
Link Mauve
Maybe just because I haven’t installed a needed font; I do see the PNG emojis though.✎
Link Mauve
Maybe just because I haven’t installed a needed font; I do see the PNG emoji though. ✏
qy
Link Mauve: with ⚿?
qy
Ack, that would be a pain
Link Mauve
Yes.
alacerhas left
Wojtekhas left
Wojtekhas joined
alacerhas joined
xeckshas left
jubalhhas left
homebeachhas left
Matrix Traveler (bot)has left
Matrix Traveler (bot)has joined
homebeachhas joined
Wojtekhas left
nephele
I'm already confused by Gajim anotationg every public chat with a padlock and a "warning" sign next to it, as if something was wrong with my TLS setup, do you suppose more icons would help users much? :)
Sam
Is that some plugin thing? I don't think gajim does that for me (but I also don't use it except to test things on occasion)
Alexhas left
qy
Sam: how does mcabber indicate enc?
Sam
I don't know, I don't use e2e encryption (except on occasion in Gajim for testing things, as I mentioned)
qy
I think i'll just leave it to what i have now if there's no easier way, weechat users are power users, they'll notice anyway
nephele
Sam: No idea it's "whatever ubuntu ships", I've never used e2ee in XMPP really, but Gajim shows this in every chat
Sam
nephele: screenshot? I'd just be curious what it is since I don't think I've ever seen it
That's with the hover text visible, I've never used that option and clicking it does nothing (It doesn't behave like a button, but then it's incredibly hard to tell because the rest doesn't look like a button either...)
jgarthas joined
dogehas left
Sam
oh yah, I do have that button but it's so low contrast on my theme at least that I can't even see it. It just looks like a blank spot on the panel.
Sam
*slowclap* for GTK themes, I guess.
Sam
Or that icon, rather (it definitely should be a button being there in the middle of other buttons and it's surprising that it does nothing unlike everything around it)
nephele
I always assumed that it's supposed to be a button of sorts, but then... I also don't know what the rest does. There is a smiley which I assume is an emoji picker, a B that i assumed... is one too (it's probably formatted text, but it reminded me too much of blood type B) and then a plus and a clip thing which both mean "upload file" to me, but presumeably do different things..
Martin
Because here is a public semi anon muc.
Martin
You can't activate omemo or PGP.
Martin
It should work in 1-1 I guess.
nephele
It might work, yes. But showing this button when there is no use just trains me as a user to ignore it
Sam
Seems to not do anything in any 1-1 for me, but maybe this is its greyed out mode and I just don't have any compatible contact or something
Martin
Or no e2ee plugin.
Martin
> It might work, yes. But showing this button when there is no use just trains me as a user to ignore it
Maybe to remind you that it's not e2e encrypted. No idea, I'm no gajim dev.
emushas joined
jgarthas left
xeckshas joined
wurstsalat
The orange exclamation mark comes from your theme. It should be an open padlock. The button is most likely disabled because there are no encryption plugins installed. And you cannot enable omemo for example if it's a public group chat. We're looking into whether it's a good idea to hide that button completely in public group chats
wurstsalat: I don't really know what theme it is, i assume the gnome default one... but then ubuntu randomly changes stuff sometimes
qy
[PGP encrypted message (XEP-0027)]
qy
Link Mauve: * ellenor@umbrellix.net
qy
Only person in my keyring atm
qy
Tried larma but then remembered don't have their key
qy
--> larma (https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk) entered jdev@muc.xmpp.org as participant with PGP:072E9235DB996F2A
qy
Anyway, point was, pgp does work in mucs, its just pointless outside of muc pms :p
antranigvhas left
antranigvhas joined
Zash
It can work. Awkwardly and with scaling issues tho.
goffihas left
goffihas joined
Ge0rG
PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection...
qy
Yeah...
Ge0rG
qy: how much is rich xmpp support limited by weechat's internal protocol? i.e. XEP-0184 message delivery receipts or media uploads?
Ge0rG
qy: also your paste of larma's join has the https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk URL embedded as an oob element, meaning it's supposed to be an inline file ;)
qy
Delivery reports i send on activity, but don't really have a way to receive, but they're indicated in a sense by chatstate anyway. Media uploads, work fine with weechat-android at least, as you see earlier, i just hackily scan the message for http links and oob them
qy
Yeah that has somehow gone wrong
qy
But AIUI thanks to conversations, embeds are ignored unless the body matches them anyway
Ge0rG
qy: s/thanks to conversations/in conversations/
Ge0rG
yaxim will embed OOB URLs if they are *contained in* the body
qy
Oh, just them? I should fix it then
Ge0rG
the whole oob mess is horrible
Zash
OOB also supports inclusion of a description in a `<desc/>`, but nothing supports that
Zash
And then we have SIMS and XEP-0447
qy
Ge0rG: whats the ui like? If inline file, does it still show the body?
Link Mauve
Zash, Gajim used to support it, until it aligned to Conversations’s lack of support.
Ge0rG
qy: https://mail.jabber.org/pipermail/standards/2020-October/037828.html for context
Ge0rG
qy: if body==url, only show the inline element, unless downloading fails, in which case show the url
Ge0rG
qy: if body.contains(url), show body and embed url
Ge0rG
qy: else: show body only
qy
Thats what i first expected, much better than what C does
qy
Good
qy
I'll aim for that
Ge0rG
qy: but you need to be compatible with conversations because it's the standard™️
nephele
I heard the "mood" stuff is getting removed from Gajim aswell?
qy
True... I think i'll go with the logic that if the url is at the start, embed it, otherwise don't. Then, even just a space can block that
jubalhhas joined
Zash
embed :- body == ${oob.desc}\s{oob.url} || ${oob.url}\s${oob.desc} || ${oob.url} maybe?
qy
But then C users would always miss the desc
qy
No, they'd miss the embed if there's a desc
Zash
Yes
lovetox
mood makes not much sense in a world where you can put 3000 emojis into your status message to express your mood, rather then choosing from 40 possible moods
nephele
Well, funnily enough I wanted to see if using emoji was possible for the mood stuff, but... it really isn't, there is only a couple emoji that are for a specific emotion :)
nephele
but then with the ones in gajim i can't tell from the pictures what they would be either, i suppose the thing is too complex
lovetox
it its, give people a simple text field, and they can put in there all the emojis they want and some text
lovetox
its enough, no need for complicated protocol
lovetox
and we already have that with normal presence status message
nephele
There are no emoji for most moods, and you'd make the /exact/ same argument for smileys, so why was mood okay then but not so much now?
lovetox
there were no emojis back then, or like 20
lovetox
the word emoji was not even in existence probably
nephele
text emotiocons were widely used then already, no?
lovetox
yeah of course everybody used like 5
lovetox
smile, sad, lol
lovetox
thats about it
nephele
So, if 5 were sufficient. why were then 80 moods defined?
lovetox
in that world, providing a xe with 40 emotions
lovetox
seems to be nice
nephele
Anyhow. I was talking about the status message
lovetox
why are there now 3000?
nephele
I don't think I even know how to make an UI to attach a mood to a message
nephele
emoji you mean?
homebeachhas left
Matrix Traveler (bot)has left
Matrix Traveler (bot)has joined
homebeachhas joined
nephele
The answer is simple: emoji don't convey just emotions, emoji are an non-phonetic alphabet by themselves
lovetox
its pretty easy, ever used teams?
lovetox
or facebook?
nephele
You mean like group sports?
lovetox
you can attach all kind of emojis to all posts on facebook
nephele
I don't use facebook, no
nephele
the UI of a multi user chat and a facebook post seem widely different to me, each "post" is given much more room in that paradigm, no?
flow
> Ge0rG> PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection..
only if you use the old pgp xep, mind
nephele
And in that context it seems that the emoji are for /other/ people to attach, not for yourself to express the mood of a post
You managed to fit 12 lines of text on the screen :)
nephele
Krock: http://iteroni.com/watch?v=uKRAcBjn0Gs
nephele
wrong channel, sorry
machas joined
nephele
I don't suppose xmpp has an equivalent to a redaction request?
lovetox
yes it has
Sam
(but nothing supports it)
lovetox
but you cant do it, only moderators
lovetox
Sam with Gajim unreleased you can
nephele
Heh, doesn't seem very usefull if only moderators can do that, oh well
lovetox
its against spam
lovetox
not against accidental sending a message
nephele
In matrix you can use this for your own messages, it's undestood to "only" be a request, but it works fairly well for that usecase in my experience
lovetox
the mood xep allows you to attach a mood to your own message
lovetox
which is useless becasue you can just attach as many emojis as you want, without any xep
lovetox
so this has nothing to do with what facebook and teams can do
nephele
But... they do exactly that: allow you to "attach" stuff that isn't in the message body directly, no?
lovetox
to messages of *other* people
lovetox
the mood xep allows you only to attach stuff to a message you are currently sending
lovetox
not even afterwards
Zash
You don't need to "attach" at all, just add emojis like 🙂 😉 😭️
nephele
Lovetox: Yes, I said that I don't see any good UI to display that, you contered with the teams UI.. so it's not that after all?
nephele
Anyhow: I still don't think there is any good way to implement this UI way in the chat, but i don't see why it would have to go for the status stuff
Zash
Pretty sure retraction (what you call redaction) aka XEP-0424 is supported by some clients, I think the Tigase ones maybe?
lovetox
then i misunsterstood
Zash
While XEP-0425 is about moderator-invoked message redaction
lovetox
but mood is not your status
lovetox
status is one thing where people put in there mood, and then there is the mood xep which puts it at another place
lovetox
so oyu have 2 places where you can publish that
lovetox
and thats ... nobody needs it
nephele
Zash: Neat, I'll add that to my list of stuff to implement
nephele
lovetox: In theory having a selector for emotions could be funky, but every such thing lives and dies with the UI :) I wonder if it would have gotten more exposure or more useage if the UI was any better
nephele
Maybe XMPP will get more of that stuff the discord api uses to display ingame status, hmm.
Zash
https://xmpp.org/extensions/xep-0196.html
lovetox
for what, people dont care about the protocol, there is a textfield and an emoji chooser, every client has that
lovetox
so put in your mood in textform and if you want add 20 emojis
Zash
2006 called, but you couldn't answer because you only support Jingle+WebRTC
lovetox
every client can do this now, without any XEP
jubalhhas left
nephele
I defy you on the grounds that Renga has no emoji picker :P
qy
> lovetox wrote:
> so put in your mood in textform and if you want add 20 emojis
👌
qy
^ Look, a reaction!
lovetox
ah that reminds me, we even have that reactions xep somewhere
nephele
Anyhow: The custom status message does work for this case indeed. But it's not the same as publishing game status
larma
https://xmpp.org/extensions/xep-0444.html
Zash
Hamming distance("reaction", "retraction") 😕
Sam
That reaction generates the same alert as any other message and demands my attention. Lots of identical ones will also take up a lot of vertical screen space and be confusing as opposed to "👌 2+" or whatever on the message which won't necessarily generate an alert or anything because clients know it's less important than a real message.
nephele
as for the other things the activity stuff had... I honestly don't know anyone who spends enough time infront of their chat client that they need to set and unset a status of showering or making breakfast :)
Zash
qy: What did you do?!
nephele
Sam: In matrix that was my only real reason to support reactions aswell, it gives people an outlet for their smappy messages and i can more easily ignore them :D
Yah, when GitHub added reactions the number of "+1" emails I got went down *drastically* (note that it did not eliminate them, but I probably get 1 a week instead of dozens every day)
nephele
Zash: why does your client not display my avatar?
Zash
🤷️
qy
Mine doesnt either
nephele
Ah... I see the "ressource" of my account for the iOS client has leaked my device name also... that's cool...
Zashmutters something about using resources for device identity instead of temporary random session identifiers
qy
Ressource?
Zash
qy, localpart@hostpart/resourcepart ?
nephele
Not sure what the thing is called exactly, the part after the slash of the bare jid
qy
oh, leaked privately
Martin
Resource in englisch, Ressource in german…
qy
I thought you meant here
Zash
Reßource?
Sam
huh, that's new "New OpenPGP messages found" and then if I hit decrypt it goes away but also I can't see any new messages or anything, congrats to whomever broke this chat :)
qy
Hahaha
qy
Sorry
Martin
Reßørce…
jgarthas joined
nephele
If you put RTL unicode chars into the iOS device name apple will send emails with the device name with it included and mess up the rendering... but then again I'm only messing up my own emails with such shenanigans
nephele
but maybe I can inject trash into the ressource siskin uses that way, hehe
nephele
qy: Isn't that visible generally? Atleast in the buddy list I can see the ressource of other peopls devices
qy
Yeah, but not to us
qy
Muc hides jids
qy
So unless you add me, i cant see it
nephele
I see. For most people Here I do see avatars, I'm wondering if there is some configuration thing on my end that makes my avatar not shared or something
qy
I can differentiate devices on weechat, but only by abusing caps identifiers
nephele
Well, I can't find anything in Gajim about sharing avatars if that is the reason. Oh well
Uhh, I don't see any material style buttons anywhere?
Zash
That may just be my theme.
Zash
Accounts → Profile anyways
emushas left
jubalhhas joined
qy
Back to the embeds discussion, why was what i currently do wrong again? If i want to embed something for everything and C, i just send url only, otherwise, if body != url, sensible clients will show embed and body, and C will at least show the full body
qy
Isn't that best?
nephele
... How is that different to the account settings? No wonder I didn't find it
nephele
Anyhow, supposedly it is now shared :D
Zash
I'm on the bleeding edge git version, lots of new stuff and I don't remember when this thing was introduced
nephele
Well, I would test but then I don't know if my feedback is that usefull, I don't understand how to use it in the released version either *shrug*
nephele
Like how there is two lists of chats and I have to move every chat back to the other list on start... it feels like i'm using it wrong, but i have no idea what I'm supposed to do instead
Zash
Looks like your profile picture should be visible now. You might have to poke the status setting or leave and join to make it show for everyone
thomaslewishas joined
thomaslewishas left
thomaslewishas joined
qy
I see it
thomaslewishas left
xeckshas joined
sonnyhas left
goffihas left
pulkomandyhas left
pulkomandyhas joined
sonnyhas joined
me9has left
me9has joined
Sam
What is a good set of XMPP features to group SASL EXTERNAL with? I thought about making an "auth" package, but pretty much only EXTERNAL would be in it (since other SASL stuff is already implemented elsewhere), or maybe an "s2s" package (where bidi lives) but EXTERNAL isn't just used for s2s (even if it mostly is)… no idea where to put this.
Sam
Maybe I could have some sort of "security" package, I expect that would have other things in it eventually.
Zash
Where's the TLS stuff? Why isn't the other SASL stuff in an "auth" package?
Sam
Other SASL stuff isn't XMPP specific (whereas EXTERNAL checks the xmpp_address fields and what not) so it lives in the sasl library already
Sam
TLS stuff is in the "dialer" package with all the connection options
Zash
Is client cert auth (for actual clients) a thing considered?
Zash
Maybe split the EXTERNAL stuff into something generic that takes a callback or somesuch that does the specific certificate validation?
Sam
I guess I could upstream something like that into the SASL library, but it would be the same problem (where does this callback belong for users to find it easily?)
Sam
But yah, this validates both clients and servers
Sam
Oh, I lied too, direct TLS is just an option on the dialer, but StartTLS just lives in the base "xmpp" package for <reasons>. Too late to move it now though either way.
Sam
I feel like I've been thinking about this on and off for a long time; no idea where users would expect to find this functionality though. Maybe it's an indication that I grouped things badly from the get-go.
COM8has joined
COM8has left
Zash
API design is hard :)
Zash
Isn't SASL EXTERNAL used by email and IRC?
Sam
Yes, but it's so generic as to be almost meaningless to call them the same thing. "Validate some other external thing" is the extent of the definition. XMPP's validation will be very different from emails, most likely.
Sam
For all you know from the name it's validating ipsec instead of TLS, both are suggested implementations by the RFC IIRC :)
debaclehas left
Zash
Is this client or server side btw? Or both?
Zash
Wouldn't any SASL method have some way to hook it up with something that verifies the credentials?
Sam
Both. Sure, this has that
Sam
I'm just saying, that's why it's in the XMPP package, almost all the code is very XMPP specific.
Zash
Things using channel bindings would also depend on the state of the TLS session, so maybe there's common ground there to design an API around?
Sam
in an XMPP library, not the upstream SASL library I mean.
Sam
Hmm, good idea, I hadn't thought of that
Zash
And validating a TLS certificate should already support some variations to account for different procedures in different protocols
Sam
Right now the channel binding support is just built into the SCRAM mechanisms in the upstream SASL library, but if I added a way to select between them or something that would potentially be a candidate to go in whatever this new package is called
Sam
Maybe I'll have a "security" or "auth" package then that includes both EXTERNAL and eventually a mechanism for selecting channel bindings if that ever becomes a thing; at least I'd know there's one other thing in the future so I don't end up with a single package with one tiny thing in it
machas joined
Sam
Thanks; feels like that's the first progress I've made towards a decision in a while, gotta think about that a bit.
Zash
np :)
Yagizаhas left
xnamedhas left
qy
Yeah im gonna leave my embeds system as is
qy
Not sure anything else is an improvement
larmahas left
machas left
lovetoxhas left
machas joined
marmistrzhas joined
goffihas joined
lovetoxhas joined
x51has left
goffihas left
marmistrzhas left
wurstsalathas left
Petehas left
Petehas joined
xnamedhas joined
wurstsalathas joined
goffihas joined
larmahas joined
Kevhas left
Kevhas joined
goffihas left
marmistrzhas joined
edhelashas left
edhelashas joined
goffihas joined
9lakeshas left
thomaslewishas joined
thomaslewishas left
xnamedhas left
xnamedhas joined
9lakeshas joined
Neustradamushas joined
Neustradamushas left
xeckshas left
xeckshas joined
Neustradamushas joined
marmistrzhas left
Kevhas left
Kevhas joined
Link Mauve
lovetox, have you thought about suggesting to deprecate User Mood and User Activity as specifications?
Link Mauve
“19:12:21 nephele> I don't suppose xmpp has an equivalent to a redaction request?”, XEP-0424?