XSF Discussion - 2021-02-04

New sudo exploit. Same as old one, basically, but affects MacOS: https://www.bleepingcomputer.com/news/security/latest-macos-big-sur-also-has-sudo-root-privilege-escalation-flaw/amp/

dwd, holy, I just saw the "new sudo exploit" in the dino preview and you scared me

Well, after multiple years of CPU cache exploitations, nobody should be sharing the same piece of hardware with multiple untrusted users.

Ge0rG, back to ssh login as root?

my root is my castle.

Ge0rG, also, isn’t yax.im running in a LXC-but-worse?

jonas’: yes, it is.

Which is also why I don't host my own private account on yax.im ;)

> back to ssh login as root? Or back to su(1).

Single-user mode is the new multiuser mode?

The return of Personal Computing!

J symbol-shift+P symbol-shift+P

it's less of an issue on mac since apple just has permanent root to do whatever they want whenever they want anyway :)

> Does anyone have a client recommendation that actually works for Windows? Got a friend asking and, sadly, I have no idea what to tell them I haven’t used this but seems like a viable choice, and is under active development: https://uwpx.org

OMEMO in group-chats is apparently still WIP, though, as are a few other pieces.

Gajim

Well, as an alternative to Gajim that was already mentioned. UWPX also seems to specifically target Windows 10 UX, which might make it a better choice.

Though it's likely less mature than Gajim.

Cool, thanks. I seriously doubt they want or need OMEMO, so that doesn't matter. I'll send it their way

there is also Dino

if you want some bleeding edge stuff, someone has been providing windows builds

The Dino UI has been too buggy to recommend it yet in my experience

Mostly around MAM stuff. It locks up constantly, creates thousands of notifications, etc. some of that may have been fixed of course since last time, I don't use it every day.

But At least the last time I tried it it still did the thing where for a minute or two all the chats were constantly flashing and slowly refreshing and moving around while it imported messages

gajim does that for me too

same as Movim

I haven't actually noticed issues with Gajim, but maybe it's because I don't have the chats actively opened and it doesn't re-order by last message in the left hand bar thing

it's really difficult to clearly retrieve the MAM archive without bringing those performances issues, UI refreshes or some refresh bugs ("holes in the logs")

Actually, I wonder how UWPX handles bookmarks? Gajim they already got confused because they left a room, but then it was still in their list in other clients (because Gajim leaves the bookmark and just parts you from the room)

edhelas: I dunno, just pause updates while MAM syncs in the background and then do the update atomically. I don't know how Dino or Gajim in particular handle their chat history, but it can't be that hard to just pause re-ording and showing previews or whatever until MAM is doing syncing

Then again, any time anyone says "it can't be that hard" it will have been designed in such a way that it is :)

MAM: surprisingly hard

MAM: Surprisingly easy, or near impossible, depending which way you try to bend it ;)

(It's fairly easy if you're not trying to fill a local archive, but rely entirely on MAM. It's very difficult if you want to render from a local archive and use MAM to fill holes)

I kind of think as a general UI principle "things that are clickable should never, ever, move unless the user drags them" is a good one actually. Just joined with Dino and it didn't lock up fetching history, so maybe that's solved, but it still moved this room away from my mouse twice and I clicked on the wrong thing

> Actually, I wonder how UWPX handles bookmarks? Gajim they already got confused because they left a room, but then it was still in their list in other clients (because Gajim leaves the bookmark and just parts you from the room) I would be furious if leaving a room deleted my bookmark. Don't delete my bookmarks until I tell you to!

I guess it doesn't have to delete it entirely, but in one client it shows bookmarks in the list and in another it hides them unless you're actually joined to the room, so it's more that which confused them.

SamWhited, Gajim 1.3 sets autojoin to false when you leave the room.

yah, that seems to be working, so I guess it was more the inconsistency they were confused about. It didn't join, but it still showed up in the list in another client (presumably because that client just always shows all bookmarks in its sidebar or whatever)

I was just looking through modernxmpp to see if it had any guidance for what to show in the buddy list view, but no such luck. Might try to write something about that.

I think sensible behaviour is that when you join a room you autoBM and auto-autojoin it.

And when you leave the room you either delete the BM or remove autojoin.

I think it was a mistake that many clients including Gajim exposed bookmarks to the users

obviously every messenger out there has a concept like bookmarks in xmpp

but no messenger exposes that to users

At least in Gajim we got almost rid of it

Conversations *sort* of does. It differentiates between the open chats menu which is only rooms you've joined and then when you hit "join a room" or whatever the list of rooms to join is your bookmarks

But I guess if everything doesn't do something like that the confusion would still exist. Eg. I just noticed that McAbber does this, I have a bunch of rooms I'm not joined to listed on the left.

Bookmarks can only serv as a synced list of joined rooms in my opinion

lovetox: I don't think I agree that our mistake was bookmarks being exposed, I think it was MUCs being non-persistent so bookmarks have to be used as a bandaid, rather than as bookmarks.

it does not matter whats in bookmarks, if you joined once a MUC, i have a local archive of that chat

so i have to show that conversation forever to the user

until he actively says "Delete all conversations from this MUC"

SamWhited, > "things that are clickable should never, ever, move unless the user drags them"

i find that interesting, so you would want a button that says "sort on activity"

or sort unread

And chat logs shouldn't scroll, because you could click the nicknames in them? :)

I could see "unread at the top" (but still lexical within read/unread) being less painful than rooms constantly reshuffling if two or three of them are active

scrolling == dragging. "user provides the input that moves them"

no i agree that is unnessary

if i would do something like that

i would have a "active" sub category in the list

and once a chat has unread stuff, the chat moves there

but in there evrething is sorted alphabetical

As I said in the modernxmpp room, look at what browsers do with tabs when you close them.

That's basically what the Swift preview I'm working with at the moment does. Has as UNREAD section in the pseudo-roster.

I still think that would be annoying personally, just less annoying. But I dunno, as long as the user can say "sort by X" instead of it just moving around semi-randomly by default

So UNREAD, ROOMS and PEOPLE are each internally sorted.

And it's working pretty well for me at the moment.

Hello, I would like to kindly call for reviewers of the Newsletter draft: https://github.com/xsf/xmpp.org/pull/851/files 🧐️

Uh, I hope comments from randoms are appreciated. Are things like spelling/general pedantry worth calling out?

Great to see so much content BTW

deuill: sure feel free! The more help the better

Added a few, awesome work!