jdev - 2022-01-05


  1. qy

    What do you think about using message colours to denote encryption type in weechat?

  2. qy

    Alternatively, what would work well as a one character indicator for {plain,pgp,otr,omemo}

  3. Ge0rG

    I think that might be confusing, at least if color is the only indicator.

  4. Ge0rG

    A padlock with different letters / symbols in it?

  5. qy

    I considered: 🔏 pgp 🔐 otr 🔒 omemo 🔓 plain

  6. qy

    But it's a bit small

  7. qy

    I suppose if i add a letter after it, it could disambiguate, just leaves even less room per line

  8. Sam

    omemo and plain look basically identical to me on Snikket which has a mustard looking background

  9. qy

    Yeah

  10. qy

    Irritatingly not much seems to respect unicode variant 15 selector FE0E anymore, or i'd make the padlocks grayscale and then just colour them

  11. qy

    Neat, ok ⚿ works

  12. flow

    qy, are you working on an xmpp plugin for weechat?

  13. qy

    I am, yes

  14. qy

    Typing from it now actually

  15. qy

    https://0x0.st/ozeN.jpg

  16. flow

    qy, source or it didn't happen :)

  17. qy

    https://github.com/bqv/weechat-xmpp but have an alka-seltzer ready

  18. flow

    ha :)

  19. edhelas

    that font-size 🔍

  20. qy

    Yeah i like it small, more to see

  21. Link Mauve

    qy, fyi, in my libvte3-based terminal I get a tofu character instead.

  22. Link Mauve

    Maybe just because I haven’t installed a needed font; I do see the PNG emojis though.

  23. Link Mauve

    Maybe just because I haven’t installed a needed font; I do see the PNG emoji though.

  24. qy

    Link Mauve: with ⚿?

  25. qy

    Ack, that would be a pain

  26. Link Mauve

    Yes.

  27. nephele

    I'm already confused by Gajim anotationg every public chat with a padlock and a "warning" sign next to it, as if something was wrong with my TLS setup, do you suppose more icons would help users much? :)

  28. Sam

    Is that some plugin thing? I don't think gajim does that for me (but I also don't use it except to test things on occasion)

  29. qy

    Sam: how does mcabber indicate enc?

  30. Sam

    I don't know, I don't use e2e encryption (except on occasion in Gajim for testing things, as I mentioned)

  31. qy

    I think i'll just leave it to what i have now if there's no easier way, weechat users are power users, they'll notice anyway

  32. nephele

    Sam: No idea it's "whatever ubuntu ships", I've never used e2ee in XMPP really, but Gajim shows this in every chat

  33. Sam

    nephele: screenshot? I'd just be curious what it is since I don't think I've ever seen it

  34. nephele

    https://xmpp.gryphno.de/upload/OLhuL6uQL3wSQu_h/gajim.png

  35. nephele

    That's with the hover text visible, I've never used that option and clicking it does nothing (It doesn't behave like a button, but then it's incredibly hard to tell because the rest doesn't look like a button either...)

  36. Sam

    oh yah, I do have that button but it's so low contrast on my theme at least that I can't even see it. It just looks like a blank spot on the panel.

  37. Sam

    *slowclap* for GTK themes, I guess.

  38. Sam

    Or that icon, rather (it definitely should be a button being there in the middle of other buttons and it's surprising that it does nothing unlike everything around it)

  39. nephele

    I always assumed that it's supposed to be a button of sorts, but then... I also don't know what the rest does. There is a smiley which I assume is an emoji picker, a B that i assumed... is one too (it's probably formatted text, but it reminded me too much of blood type B) and then a plus and a clip thing which both mean "upload file" to me, but presumeably do different things..

  40. Martin

    Because here is a public semi anon muc.

  41. Martin

    You can't activate omemo or PGP.

  42. Martin

    It should work in 1-1 I guess.

  43. nephele

    It might work, yes. But showing this button when there is no use just trains me as a user to ignore it

  44. Sam

    Seems to not do anything in any 1-1 for me, but maybe this is its greyed out mode and I just don't have any compatible contact or something

  45. Martin

    Or no e2ee plugin.

  46. Martin

    > It might work, yes. But showing this button when there is no use just trains me as a user to ignore it Maybe to remind you that it's not e2e encrypted. No idea, I'm no gajim dev.

  47. wurstsalat

    The orange exclamation mark comes from your theme. It should be an open padlock. The button is most likely disabled because there are no encryption plugins installed. And you cannot enable omemo for example if it's a public group chat. We're looking into whether it's a good idea to hide that button completely in public group chats

  48. qy

    Oh, i wouldnt be so sure

  49. qy

    Wait, ignore that

  50. qy

    1

  51. Martin

    2

  52. qy

    Martin: 3

  53. qy

    [PGP encrypted message (XEP-0027)]

  54. qy

    [PGP encrypted message (XEP-0027)]

  55. Link Mauve

    Who did you encrypt those to?

  56. Zash

    https://cerdale.zash.se/s/t3ObGgBLg8yoprbYTCCV1Aze/deec6ed5-0077-4c2d-96c8-87b5833dbc75.png

  57. nephele

    wurstsalat‎: I don't really know what theme it is, i assume the gnome default one... but then ubuntu randomly changes stuff sometimes

  58. qy

    [PGP encrypted message (XEP-0027)]

  59. qy

    Link Mauve: * ellenor@umbrellix.net

  60. qy

    Only person in my keyring atm

  61. qy

    Tried larma but then remembered don't have their key

  62. qy

    --> larma (https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk) entered jdev@muc.xmpp.org as participant with PGP:072E9235DB996F2A

  63. qy

    Anyway, point was, pgp does work in mucs, its just pointless outside of muc pms :p

  64. Zash

    It can work. Awkwardly and with scaling issues tho.

  65. Ge0rG

    PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection...

  66. qy

    Yeah...

  67. Ge0rG

    qy: how much is rich xmpp support limited by weechat's internal protocol? i.e. XEP-0184 message delivery receipts or media uploads?

  68. Ge0rG

    qy: also your paste of larma's join has the https://dino.im#xmJ5qsm8JMe65pw0zN5qmUNgjPk URL embedded as an oob element, meaning it's supposed to be an inline file ;)

  69. qy

    Delivery reports i send on activity, but don't really have a way to receive, but they're indicated in a sense by chatstate anyway. Media uploads, work fine with weechat-android at least, as you see earlier, i just hackily scan the message for http links and oob them

  70. qy

    Yeah that has somehow gone wrong

  71. qy

    But AIUI thanks to conversations, embeds are ignored unless the body matches them anyway

  72. Ge0rG

    qy: s/thanks to conversations/in conversations/

  73. Ge0rG

    yaxim will embed OOB URLs if they are *contained in* the body

  74. qy

    Oh, just them? I should fix it then

  75. Ge0rG

    the whole oob mess is horrible

  76. Zash

    OOB also supports inclusion of a description in a `<desc/>`, but nothing supports that

  77. Zash

    And then we have SIMS and XEP-0447

  78. qy

    Ge0rG: whats the ui like? If inline file, does it still show the body?

  79. Link Mauve

    Zash, Gajim used to support it, until it aligned to Conversations’s lack of support.

  80. Ge0rG

    qy: https://mail.jabber.org/pipermail/standards/2020-October/037828.html for context

  81. Ge0rG

    qy: if body==url, only show the inline element, unless downloading fails, in which case show the url

  82. Ge0rG

    qy: if body.contains(url), show body and embed url

  83. Ge0rG

    qy: else: show body only

  84. qy

    Thats what i first expected, much better than what C does

  85. qy

    Good

  86. qy

    I'll aim for that

  87. Ge0rG

    qy: but you need to be compatible with conversations because it's the standard™️

  88. nephele

    I heard the "mood" stuff is getting removed from Gajim aswell?

  89. qy

    True... I think i'll go with the logic that if the url is at the start, embed it, otherwise don't. Then, even just a space can block that

  90. Zash

    embed :- body == ${oob.desc}\s{oob.url} || ${oob.url}\s${oob.desc} || ${oob.url} maybe?

  91. qy

    But then C users would always miss the desc

  92. qy

    No, they'd miss the embed if there's a desc

  93. Zash

    Yes

  94. lovetox

    mood makes not much sense in a world where you can put 3000 emojis into your status message to express your mood, rather then choosing from 40 possible moods

  95. nephele

    Well, funnily enough I wanted to see if using emoji was possible for the mood stuff, but... it really isn't, there is only a couple emoji that are for a specific emotion :)

  96. nephele

    but then with the ones in gajim i can't tell from the pictures what they would be either, i suppose the thing is too complex

  97. lovetox

    it its, give people a simple text field, and they can put in there all the emojis they want and some text

  98. lovetox

    its enough, no need for complicated protocol

  99. lovetox

    and we already have that with normal presence status message

  100. nephele

    There are no emoji for most moods, and you'd make the /exact/ same argument for smileys, so why was mood okay then but not so much now?

  101. lovetox

    there were no emojis back then, or like 20

  102. lovetox

    the word emoji was not even in existence probably

  103. nephele

    text emotiocons were widely used then already, no?

  104. lovetox

    yeah of course everybody used like 5

  105. lovetox

    smile, sad, lol

  106. lovetox

    thats about it

  107. nephele

    So, if 5 were sufficient. why were then 80 moods defined?

  108. lovetox

    in that world, providing a xe with 40 emotions

  109. lovetox

    seems to be nice

  110. nephele

    Anyhow. I was talking about the status message

  111. lovetox

    why are there now 3000?

  112. nephele

    I don't think I even know how to make an UI to attach a mood to a message

  113. nephele

    emoji you mean?

  114. nephele

    The answer is simple: emoji don't convey just emotions, emoji are an non-phonetic alphabet by themselves

  115. lovetox

    its pretty easy, ever used teams?

  116. lovetox

    or facebook?

  117. nephele

    You mean like group sports?

  118. lovetox

    you can attach all kind of emojis to all posts on facebook

  119. nephele

    I don't use facebook, no

  120. nephele

    the UI of a multi user chat and a facebook post seem widely different to me, each "post" is given much more room in that paradigm, no?

  121. flow

    > Ge0rG> PGP over xmpp has a bunch of significant security issues, doesn't it? Like lack of replay protection.. only if you use the old pgp xep, mind

  122. nephele

    And in that context it seems that the emoji are for /other/ people to attach, not for yourself to express the mood of a post

  123. lovetox

    https://share.hoerist.com/philipp/AvQnLoiUsLsATtV4/aa0707da-7530-4b61-af69-38b0a6408a2d.png

  124. lovetox

    there you go, thats how UI looks like to attach a mood to a message

  125. nephele

    That only looks to work if you give each message much more room than in a chat :)

  126. lovetox

    no, it works fine, microsoft teams does it for each chat message

  127. lovetox

    just imagine the smilies half that size

  128. nephele

    So if teams does it and facebook, then I am even more confused why you use the existence of emoji /against/ moods

  129. lovetox

    https://blog.simbiox.com.br/wp-content/uploads/2020/04/emoji_chat_teams-1024x640.png

  130. nephele

    You managed to fit 12 lines of text on the screen :)

  131. nephele

    Krock: http://iteroni.com/watch?v=uKRAcBjn0Gs

  132. nephele

    wrong channel, sorry

  133. nephele

    I don't suppose xmpp has an equivalent to a redaction request?

  134. lovetox

    yes it has

  135. Sam

    (but nothing supports it)

  136. lovetox

    but you cant do it, only moderators

  137. lovetox

    Sam with Gajim unreleased you can

  138. nephele

    Heh, doesn't seem very usefull if only moderators can do that, oh well

  139. lovetox

    its against spam

  140. lovetox

    not against accidental sending a message

  141. nephele

    In matrix you can use this for your own messages, it's undestood to "only" be a request, but it works fairly well for that usecase in my experience

  142. lovetox

    the mood xep allows you to attach a mood to your own message

  143. lovetox

    which is useless becasue you can just attach as many emojis as you want, without any xep

  144. lovetox

    so this has nothing to do with what facebook and teams can do

  145. nephele

    But... they do exactly that: allow you to "attach" stuff that isn't in the message body directly, no?

  146. lovetox

    to messages of *other* people

  147. lovetox

    the mood xep allows you only to attach stuff to a message you are currently sending

  148. lovetox

    not even afterwards

  149. Zash

    You don't need to "attach" at all, just add emojis like 🙂 😉 😭️

  150. nephele

    Lovetox: Yes, I said that I don't see any good UI to display that, you contered with the teams UI.. so it's not that after all?

  151. nephele

    Anyhow: I still don't think there is any good way to implement this UI way in the chat, but i don't see why it would have to go for the status stuff

  152. Zash

    Pretty sure retraction (what you call redaction) aka XEP-0424 is supported by some clients, I think the Tigase ones maybe?

  153. lovetox

    then i misunsterstood

  154. Zash

    While XEP-0425 is about moderator-invoked message redaction

  155. lovetox

    but mood is not your status

  156. lovetox

    status is one thing where people put in there mood, and then there is the mood xep which puts it at another place

  157. lovetox

    so oyu have 2 places where you can publish that

  158. lovetox

    and thats ... nobody needs it

  159. nephele

    Zash: Neat, I'll add that to my list of stuff to implement

  160. nephele

    lovetox: In theory having a selector for emotions could be funky, but every such thing lives and dies with the UI :) I wonder if it would have gotten more exposure or more useage if the UI was any better

  161. nephele

    Maybe XMPP will get more of that stuff the discord api uses to display ingame status, hmm.

  162. Zash

    https://xmpp.org/extensions/xep-0196.html

  163. lovetox

    for what, people dont care about the protocol, there is a textfield and an emoji chooser, every client has that

  164. lovetox

    so put in your mood in textform and if you want add 20 emojis

  165. Zash

    2006 called, but you couldn't answer because you only support Jingle+WebRTC

  166. lovetox

    every client can do this now, without any XEP

  167. nephele

    I defy you on the grounds that Renga has no emoji picker :P

  168. qy

    > lovetox wrote: > so put in your mood in textform and if you want add 20 emojis 👌

  169. qy

    ^ Look, a reaction!

  170. lovetox

    ah that reminds me, we even have that reactions xep somewhere

  171. nephele

    Anyhow: The custom status message does work for this case indeed. But it's not the same as publishing game status

  172. larma

    https://xmpp.org/extensions/xep-0444.html

  173. Zash

    Hamming distance("reaction", "retraction") 😕

  174. Sam

    That reaction generates the same alert as any other message and demands my attention. Lots of identical ones will also take up a lot of vertical screen space and be confusing as opposed to "👌 2+" or whatever on the message which won't necessarily generate an alert or anything because clients know it's less important than a real message.

  175. nephele

    as for the other things the activity stuff had... I honestly don't know anyone who spends enough time infront of their chat client that they need to set and unset a status of showering or making breakfast :)

  176. Zash

    qy: What did you do?!

  177. nephele

    Sam: In matrix that was my only real reason to support reactions aswell, it gives people an outlet for their smappy messages and i can more easily ignore them :D

  178. Zash

    https://cerdale.zash.se/s/4fv4DtV65v71aOW1wYUoDCLE/2ea95475-2d23-49e7-ba1c-c77de16d54f9.png

  179. qy

    Haha

  180. Sam

    Yah, when GitHub added reactions the number of "+1" emails I got went down *drastically* (note that it did not eliminate them, but I probably get 1 a week instead of dozens every day)

  181. nephele

    Zash: why does your client not display my avatar?

  182. Zash

    🤷️

  183. qy

    Mine doesnt either

  184. nephele

    Ah... I see the "ressource" of my account for the iOS client has leaked my device name also... that's cool...

  185. Zash mutters something about using resources for device identity instead of temporary random session identifiers

  186. qy

    Ressource?

  187. Zash

    qy, localpart@hostpart/resourcepart ?

  188. nephele

    Not sure what the thing is called exactly, the part after the slash of the bare jid

  189. qy

    oh, leaked privately

  190. Martin

    Resource in englisch, Ressource in german…

  191. qy

    I thought you meant here

  192. Zash

    Reßource?

  193. Sam

    huh, that's new "New OpenPGP messages found" and then if I hit decrypt it goes away but also I can't see any new messages or anything, congrats to whomever broke this chat :)

  194. qy

    Hahaha

  195. qy

    Sorry

  196. Martin

    Reßørce…

  197. nephele

    If you put RTL unicode chars into the iOS device name apple will send emails with the device name with it included and mess up the rendering... but then again I'm only messing up my own emails with such shenanigans

  198. nephele

    but maybe I can inject trash into the ressource siskin uses that way, hehe

  199. nephele

    qy: Isn't that visible generally? Atleast in the buddy list I can see the ressource of other peopls devices

  200. qy

    Yeah, but not to us

  201. qy

    Muc hides jids

  202. qy

    So unless you add me, i cant see it

  203. nephele

    I see. For most people Here I do see avatars, I'm wondering if there is some configuration thing on my end that makes my avatar not shared or something

  204. qy

    I can differentiate devices on weechat, but only by abusing caps identifiers

  205. nephele

    Well, I can't find anything in Gajim about sharing avatars if that is the reason. Oh well

  206. Zash

    Server? Config?

  207. nephele

    No Idea, I'd have to ask what server it is :)

  208. Zash

    Gajim version?

  209. nephele

    1.3.3

  210. Zash

    Did this thing exist then?

  211. Zash

    https://cerdale.zash.se/s/QO8Ym6mEk4GGpYq2wG_lJhVB/4713a6eb-59db-407c-9d6a-b4c746f1928d.png

  212. nephele

    Uhh, I don't see any material style buttons anywhere?

  213. Zash

    That may just be my theme.

  214. Zash

    Accounts → Profile anyways

  215. qy

    Back to the embeds discussion, why was what i currently do wrong again? If i want to embed something for everything and C, i just send url only, otherwise, if body != url, sensible clients will show embed and body, and C will at least show the full body

  216. qy

    Isn't that best?

  217. nephele

    ... How is that different to the account settings? No wonder I didn't find it

  218. nephele

    Anyhow, supposedly it is now shared :D

  219. Zash

    I'm on the bleeding edge git version, lots of new stuff and I don't remember when this thing was introduced

  220. nephele

    Well, I would test but then I don't know if my feedback is that usefull, I don't understand how to use it in the released version either *shrug*

  221. nephele

    Like how there is two lists of chats and I have to move every chat back to the other list on start... it feels like i'm using it wrong, but i have no idea what I'm supposed to do instead

  222. Zash

    Looks like your profile picture should be visible now. You might have to poke the status setting or leave and join to make it show for everyone

  223. qy

    I see it

  224. Sam

    What is a good set of XMPP features to group SASL EXTERNAL with? I thought about making an "auth" package, but pretty much only EXTERNAL would be in it (since other SASL stuff is already implemented elsewhere), or maybe an "s2s" package (where bidi lives) but EXTERNAL isn't just used for s2s (even if it mostly is)… no idea where to put this.

  225. Sam

    Maybe I could have some sort of "security" package, I expect that would have other things in it eventually.

  226. Zash

    Where's the TLS stuff? Why isn't the other SASL stuff in an "auth" package?

  227. Sam

    Other SASL stuff isn't XMPP specific (whereas EXTERNAL checks the xmpp_address fields and what not) so it lives in the sasl library already

  228. Sam

    TLS stuff is in the "dialer" package with all the connection options

  229. Zash

    Is client cert auth (for actual clients) a thing considered?

  230. Zash

    Maybe split the EXTERNAL stuff into something generic that takes a callback or somesuch that does the specific certificate validation?

  231. Sam

    I guess I could upstream something like that into the SASL library, but it would be the same problem (where does this callback belong for users to find it easily?)

  232. Sam

    But yah, this validates both clients and servers

  233. Sam

    Oh, I lied too, direct TLS is just an option on the dialer, but StartTLS just lives in the base "xmpp" package for <reasons>. Too late to move it now though either way.

  234. Sam

    I feel like I've been thinking about this on and off for a long time; no idea where users would expect to find this functionality though. Maybe it's an indication that I grouped things badly from the get-go.

  235. Zash

    API design is hard :)

  236. Zash

    Isn't SASL EXTERNAL used by email and IRC?

  237. Sam

    Yes, but it's so generic as to be almost meaningless to call them the same thing. "Validate some other external thing" is the extent of the definition. XMPP's validation will be very different from emails, most likely.

  238. Sam

    For all you know from the name it's validating ipsec instead of TLS, both are suggested implementations by the RFC IIRC :)

  239. Zash

    Is this client or server side btw? Or both?

  240. Zash

    Wouldn't any SASL method have some way to hook it up with something that verifies the credentials?

  241. Sam

    Both. Sure, this has that

  242. Sam

    I'm just saying, that's why it's in the XMPP package, almost all the code is very XMPP specific.

  243. Zash

    Things using channel bindings would also depend on the state of the TLS session, so maybe there's common ground there to design an API around?

  244. Sam

    in an XMPP library, not the upstream SASL library I mean.

  245. Sam

    Hmm, good idea, I hadn't thought of that

  246. Zash

    And validating a TLS certificate should already support some variations to account for different procedures in different protocols

  247. Sam

    Right now the channel binding support is just built into the SCRAM mechanisms in the upstream SASL library, but if I added a way to select between them or something that would potentially be a candidate to go in whatever this new package is called

  248. Sam

    Maybe I'll have a "security" or "auth" package then that includes both EXTERNAL and eventually a mechanism for selecting channel bindings if that ever becomes a thing; at least I'd know there's one other thing in the future so I don't end up with a single package with one tiny thing in it

  249. Sam

    Thanks; feels like that's the first progress I've made towards a decision in a while, gotta think about that a bit.

  250. Zash

    np :)

  251. qy

    Yeah im gonna leave my embeds system as is

  252. qy

    Not sure anything else is an improvement

  253. Link Mauve

    lovetox, have you thought about suggesting to deprecate User Mood and User Activity as specifications?

  254. Link Mauve

    “19:12:21 nephele> I don't suppose xmpp has an equivalent to a redaction request?”, XEP-0424?

  255. Link Mauve

    That’s for your own messages.