Gajim - 2013-08-26

  1. bot RSS: Feeds for Gajim • Changeset [14937:58b0f93e4ce1]: [Darlan]Fix gajim-history-manager -help and gajim-remote -help. See #7439 [Darlan]Fix gajim-history-manager -help and gajim-remote -help. See #7439
  2. Darlan dicson, did you made "Usage" and "Command is one of" of gajim-remote translatable?
  3. dicson all string translatable
  4. dicson s = _('Usage:\n %s command [arguments]\n\nCommand is one of:\n' )
  5. Darlan So it seems; I do not remember if I ever read them in .po
  6. dicson need split string?
  7. Darlan I think no
  8. dicson ok
  9. bot RSS: Feeds for Gajim • Changeset [14938:413c07ee9f49]: [Darlan]Fix gajim-remote -help. [Darlan]Fix gajim-remote -help.
  10. bot RSS: Feeds for Gajim • Changeset [14939:2e4d14f22026]: Update russian translation Update russian translation
  11. bot RSS: Feeds for Gajim • Ticket #4486 (Show contact when offline) updated R[…] • Ticket #7441 (View > Show Observers) created This is just a thought. Do you think we should have a Show Observers menu entry or an ACE preference, so that we would not have to use Show Offline Contacts to see Observers contacts? As we know, the difference between the two is that Observers are always[…]
  12. Darlan Maranda: Please, ping me when you are here.
  13. pvtlth it's so quiet in here. no problems with the download page?
  14. Asterix pvtlth: just arrived, not pushed it yet.
  15. pvtlth ok
  16. bot RSS: Feeds for Gajim • Ticket #7441 (View > Show Observers) updated If they are observer it means you don't want to see his status. Else you can use roster search very easily to find theme. It's very easy to implement (same as transports group) but is it really usefull?
  17. bot RSS: Feeds for Gajim • Ticket #7441 (View > Show Observers) closed wontfix: Replying to asterix: It's very easy to implement (same as transports group) but is it really usefull? I guess not, because I do not think that one would have enough observers to follow. I only have two observers. What I am actually requesting here is what originally was requested at #1615, so I will focus on always displaying a contact option. I once had a subscription problem with a[…][…]
  18. Asterix
  19. kcchouette Asterix, doesn't open the information windows for debian
  20. Asterix it works for me ...
  21. kcchouette :-/
  22. kcchouette I have firefox aurora (25)
  23. Darlan Why is the sidebar available?
  24. Asterix Darlan: useless indeed
  25. bot RSS: Feeds for Gajim • Ticket #7329 (Compact download page) closed fixed: Thanks, it's ready for 0.16 release.
  26. Darlan Asterix, indeed, but I think Adding to contact/group context menus Show When Offline is useful for certain period of times. This is why I referred to ticket #1152
  27. Asterix which is dup of #16xx
  28. Darlan Actually #1615 is a dup of #1152 and, I think, if the reporter of #1615 did not elaborate so much, his wish would have been granted.
  29. Asterix 1615 is not dup of any other, it is wontfix
  30. bot RSS: Feeds for Gajim • Ticket #7440 (Respect Web Standards) closed fixed: html and css is now valid in new_download_page branch, which I'll publish with 0.16 release
  31. pvtlth how does the gajim bot work? what can i tell it to do?
  32. Asterix pvtlth:
  33. Asterix _ver pvtlth
  34. bot Asterix: Error! Remote server not found!
  35. Asterix _ver pvtlth
  36. bot Asterix: Error! Remote server not found!
  37. Asterix pvtlth: tell him "commands" in pm
  38. pvtlth ok
  39. Asterix pvtlth: I cleaned a little your cod and made it XHTML valid
  40. pvtlth ok
  41. Asterix cleaned = make a loop for OSes and put css in css fle
  42. pvtlth thank you. what is "loop for OSes"?
  43. Asterix
  44. Link Mauve Firefox gives me a lot of errors on that page.
  45. Asterix I could have done the same for details, but putting all details in an array doesn't sound very nice ...
  46. Asterix Link Mauve: which page?
  47. Link Mauve You serve is as text/html, while it is XHTML.
  48. Link Mauve view-source:
  49. Asterix w3c validator doesn't give any error
  50. Link Mauve Maybe it doesn’t detect this one.
  51. Asterix I don't see what's wrong
  52. Asterix apache configuration?
  53. Link Mauve Ow, putting javascript: links in href is a terrible way to do what you want; just use addEventListener('click', …) on them.
  54. Link Mauve Asterix, since it is PHP, I guess you instead want to use header('Content-Type: application/xhtml+xml');.
  55. Link Mauve Do that before any data is sent.
  56. Asterix better now?
  57. Link Mauve Doesn’t seem so.
  58. Asterix I just put that line after session_start (but I don't remember why I need sessions ...
  59. Asterix ho for langue it seems
  60. Link Mauve I don’t like the JS part, I’ll try to do it better.
  61. Asterix at least it works
  62. Link Mauve Yeah, but it is very inelegent.
  63. Link Mauve Do you want to hide the currents details when a non-OS hash is selected?
  64. Link Mauve For example #coucou while the coucou OS doesn’t exist.
  65. Link Mauve Yeah, I think it’s better.
  66. Asterix yep sounds better
  67. Link Mauve Here:
  68. Link Mauve I also fixed the markup a bit.
  69. Asterix I never saw a site with a .xhtml ...
  70. Link Mauve The extension doesn’t matter, it’s the MIME type.
  71. Asterix ho ... and it's not the php file ...
  72. Link Mauve I don’t have the php file, I can give you a patch instead, if you prefer.
  73. Link Mauve I don’t even have a php interpreter on my server. :p
  74. Asterix source is there. But a patch is ok, I'll apply it manually to php file
  75. Asterix (I could also do the patch myself :) )
  76. Link Mauve
  77. bot RSS: Feeds for Gajim Plugins • pidgin_text_replacement.png attached to Ticket #65 Apparently, Pidgin has a plugin called Text Replacement which its dictionary is editable via GUI. IMHO, buttons Add/Delete should be close to each other.
  78. bot RSS: Feeds for Gajim • contact_show_offline.png attached to Ticket #1152[] • contact_hide_offline.png attached to Ticket #1152[] • group_show_offline.png attached to Ticket #1152[] • group_hide_offline.png attached to Ticket #1152[] • Ticket #1152 (Contact Always Visible) updated Priority, OS change[…]
  79. Link Mauve I basically removed the class='os-logo' on td, to make it easier to get a single image, and replaced the awful <a name="…"/> with a simple id on the div.
  80. Link Mauve Also Asterix, you should add the current lang as an xml:lang attribute to the html tag.
  81. Link Mauve Oh, I forgot to remove the wrong <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />, which is useless with the addition of the prolog.
  82. Asterix and no modification of the css?
  83. Link Mauve I didn’t try the CSS.
  84. Link Mauve Do you want me to?
  85. Asterix I don't see the icons on your page but it seems that it's not nice: width of agila is too wide because of the long text compared to others
  86. Asterix and it's not centered
  87. Asterix it's why there was this os-logo class
  88. Asterix ha you put os-logo in the <a>
  89. Asterix <div id='agilialinux'> doesn't work when you do page.html#agilialinux
  90. Asterix it's why we have <a name='agilialinux'/>
  91. Link Mauve Here are the modifications to the last four rules in that CSS file:
  92. Link Mauve Asterix, err, it does.
  93. Asterix phew .. too hard to follow diffs like that ...
  94. Asterix will try ...
  95. Asterix you removes the .os in css but keep <table class='os'> ?
  96. Link Mauve Oh sorry, I forgot to refresh the patch.
  97. Link Mauve Here, new version.
  98. Link Mauve Also in the CSS, you should use the > operator, it’s much more efficient than the space operator.
  99. Link Mauve The space operator will recurse over every child, while the > operator will only try to match the direct children.
  100. Asterix <?xml version='1.0' encoding='utf-8'?> doesn't work. My browser doesn't recognize it as utf-8
  101. Link Mauve Which browser do you use?
  102. Asterix ff
  103. Asterix iceweasel
  104. Link Mauve Do you serve the document as application/xhtml+xml instead of text/html?
  105. Link Mauve Err, the opposite.
  106. Link Mauve You have to use the correct Content-Type header, or else the document will be parsed as HTML instead of XHTML.
  107. MatthL hey guys, I was wondering are there any plans to sign the plugins one of these days?
  108. Asterix I don't understand what you mean
  109. Link Mauve Just add the header('Content-Type: application/xhtml+xml'); call at the top of your files.
  110. Asterix MatthL: not planned ... but we do ftps ...
  111. Asterix Link Mauve: seems ok now
  112. Asterix but it's ugly
  113. Asterix
  114. Asterix (js not updated yet)
  115. Link Mauve You left class="os" instead of id="os-logos".
  116. Asterix better with corret id
  117. Asterix but still not centered
  118. Link Mauve You left the .os-logo in the previous to last CSS rule.
  119. Asterix as it is there:
  120. Link Mauve Ah, true.
  121. Link Mauve Err, you put id="os-logo" instead of id="os-logos".
  122. Asterix haaa ok
  123. bot RSS: Feeds for Gajim Plugins • Ticket #66 (Short descriptive introduction for OTR) created I suggest to copy the introduction paragraph from ​ to gotr description. Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: Encryption No one else can read your instant messages. Authentication You are assured the correspondent is who you think it is. Deniability The messages you send do no[…][…]
  124. Asterix Link Mauve: seems all is ok
  125. Link Mauve Great. :)
  126. Asterix Link Mauve: commited on www2. thanks!
  127. Link Mauve Yw. :)
  128. kcchouette Asterix, and when is release the 0.16/www2 on www ?
  129. Asterix when 0.16 will be released
  130. Asterix so not before some weeks
  131. Asterix translators needs to start working (when I'll ask them)
  132. Asterix so we first need to freeze strings
  133. bot RSS: Feeds for Gajim Plugins • Ticket #66 (Short descriptive introduction for OTR) updated Priority, Type changed
  134. kcchouette Asterix, and why french translat isn't mark as complet ?
  135. dicson You can also browse SVN repository. -
  136. Asterix because it's not in hg version ...
  137. Asterix SVN ?
  138. Asterix ha dev.php
  139. Asterix fixed
  140. MatthL Asterix: and the certificate fingerprint is pinned so that if one were to get MITM'ed it would fail to download plugins?
  141. Asterix MatthL: no ...
  142. Asterix we don't check the certificate
  143. Asterix but if we want to change the certificate, you can't download an updated plugin downloader ...
  144. MatthL so what you are saying is that the certificate is essentially useless...
  145. MatthL might as well transfer OTR plugin, unsigned, over cleartext and hope that no one who needs OTR is gonna be under active surveillance
  146. Asterix arf ... not completly ... at lease a simple sniffer can't know what we do ...
  147. MatthL yeah I don't really care if they know I'm downloading an emoticon pack
  148. MatthL I'm much more worried about someone injecting malicious code
  149. Asterix of course patches are welcome :)
  150. Asterix has to go, CU
  151. bot RSS: Feeds for Gajim • Ticket #7442 (Provide two sizes of emoticon in one package) created problem In order to provide two different sizes of emoticon theme, developers need to provide two separate emoticon packages. solution To overcome this problem, add to Gajim an option to use larger size of currently used emoticon set. enhancement recommendation filename.png (smaller size) filename@2x.png (larger size) This will a[…]
  152. Asterix MatthL: I'm thinking that even if we aff the fingerprint hardcoded in the plugin downloader, the attacker can still change it to its own fingerprint at the moment we d/l the plugin installer ...
  153. dicson Darlan, Do you want add new emoticons?
  154. MatthL yeah the plugin installer should probably be signed/packaged with the rest
  155. Darlan Yes, and many are from; I do not want to make separate package for each size which would result in too many entries which can be reduced by 50%, at least.
  156. dicson :-/
  157. Asterix MatthL: and how does it auto-check securely?
  158. Asterix Darlan: then just choose one size
  159. Darlan Why :-/ ? We can do it after 016 release :-)
  160. Asterix what is the po file you sent me?
  161. Darlan website
  162. MatthL Asterix: I get Gajim from a repo, signed. if the plugin installer was built in it would get signed too
  163. pvtlth me too
  164. Asterix Darlan: transfer fails
  165. Asterix send again ?
  166. pvtlth are gajim and its plugin installer two different things?
  167. Darlan Asterix, the larger size provided for Adium is for users with smaller or perhaps for users with bigger screens who are far from their screen. I think @2x it is a good idea.
  168. Darlan Yay! Programming Error Dialog!
  169. Asterix MatthL: Gajim and plugin installer are not the same thing. Gajim don't d/l plugins, plaugin installer (which is a plugin itself) can d/l and check plugins, including an update of itself
  170. Darlan File transfer error message
  171. pvtlth i see
  172. bot RSS: Feeds for Gajim • Ticket #7442 (Provide two sizes of emoticon in one package) closed wontfix: what's the difference between toggling a button or chossing another icon theme? • Ticket #7435 (Unresponsive tabs on E2E error) updated Milestone changed
  173. MatthL ashka: yes I understand that, I'm just trying to expose solutions to a HUGE security issue with it
  174. Asterix Darlan: maybe it's #7403 bug
  175. MatthL possible arbitrary remote code execution seems like a _bad thing_
  176. Darlan Do you want me to paste my output there?
  177. MatthL something that should not exist, ever
  178. Asterix MatthL: ok but I still don't understand how to make it secure. if plugin downloader must have the fingerprinted hardcoded that doesn't help
  179. MatthL Asterix: as I suggested packaging the plugin installer with gajim and pinning the certificate fingerprint would help *a lot*
  180. Asterix and how do we update plugin installer?
  181. MatthL how often is the plugin updater updated?
  182. Asterix the packaging is not our job, it's distributors' job
  183. Asterix sometime twice a day ...
  184. MatthL by packaging I mean make it part of the core project
  185. Asterix recently we added HTML support in description
  186. pvtlth what's the problem? Is it a man in the middle attack while downloading plugins or is it a encrypted connection problem?
  187. Asterix if we do that we can't update it anymore
  188. MatthL maybe do less updates to it and ship them with Gajim updates
  189. Asterix pvtlth: MITM
  190. pvtlth thx
  191. MatthL I'd rather have less updates and not get arbitratry code executed on my machine
  192. Asterix MatthL: we moved to to plugins repository on purpose to be able to update it
  193. Darlan I will
  194. MatthL Asterix: unless there's something I don't understand the plugin installer != the repository itself
  195. MatthL I'm not talking about every plugin
  196. Asterix and when we want to change the certificate, that means older versions of Gajim can't get plugins anymore?
  197. MatthL only the installer plugin
  198. MatthL that would be fine
  199. MatthL or at the very very least it could pop up an error
  200. Asterix we move the plugin installer plugin to plugins repository on purpose to be able to update it
  201. MatthL well maybe that was a bad move.
  202. MatthL sometimes security trumps convenience
  203. MatthL specially when youa re talking about pushing executables on people'
  204. MatthL people's machines
  205. MatthL it's a HUGE hole.
  206. Asterix my question remain: ‎[17:53] ‎Asterix‎: and when we want to change the certificate, that means older versions of Gajim can't get plugins anymore?
  207. Asterix as plugin installer won't be updated ...
  208. Asterix so new fingerprint won't be propagated
  209. mathieui Asterix, gpg signatures for the developers w/ each release?
  210. pvtlth does the plugin installer have to be a plugin or is it possible to tell gajim itself how to install plugins?
  211. mathieui (those tend to change less often than X.509 certs)
  212. MatthL Asterix: in that case push a Gajim update, not that hard
  213. Asterix MatthL: That is hard. I can't ask gajim users from the world to updated all its Gajim in the same second so I can sign new plugins with new cert
  214. Asterix mathieui: and plugin installer checks the gpg signature?
  215. mathieui yeah
  216. Asterix pvtlth: it is a plugin
  217. pvtlth i know
  218. mathieui e.g. gajim could have a function to check signatures and then everything that is retrieved from is checked for authenticity
  219. Asterix mathieui: same as verifying cert ... no way to update the gpg key if it's compromised ...
  220. MatthL Asterix: pidgin seems to get away with it
  221. MatthL most pidgin plugins are packaged
  222. MatthL (at least in debian)
  223. MatthL most users don't care if it takes an extra day for updates to get to them
  224. Asterix MatthL: then ask the debian maintainer to package plugins :)
  225. Asterix I'm totally ok that we're not very secure, 'm just searching a way to improve thinga
  226. Asterix I'm totally ok that we're not very secure, 'm just searching a way to improve things
  227. MatthL there's "not very secure" and "we're allowing anyone to push arbitrary code to any of our users"
  228. MatthL the main reason I heard people switching to gajim is that pidgin is FULL OF HOLEs
  229. MatthL were I you, I would try to avoid that pitfall
  230. Darlan Good point, MatthL.
  231. bot RSS: Feeds for Gajim • Ticket #7442 (Provide two sizes of emoticon in one package) updated I want to port emoticon sets from; I do not want to make separate package for each size which would result in a longer list of entries in Emoticon category wiki page, which can be reduced by 50%, at least. I assume the larger size provided for Adium is for users with smaller screens or perhaps for users with bigger screens who are[…]
  232. Asterix MatthL: yes, it's so easy to to an MITM attack and put arbitrary code that nobody should even touch to Gajim.
  233. Asterix that doesn't make things progress
  234. dicson What about TLS? It does not help?
  235. Asterix only if we check certificate, which we don't
  236. Darlan Asterix, why would not you create distro repositories for plugins? I can make a Slackware repository.
  237. MatthL Asterix: because not everyone can pull off this attack you shouldn't protect against it?
  238. MatthL following that logic, not everyone has HIV so everyone should stop using condoms
  239. kcchouette Gajim can be installed on a usb key ?
  240. Asterix Darlan: because I won't package all plugins for all distro. It's clearly not my job
  241. Asterix kcchouette: yes with -c option
  242. Darlan I can package them for Slackware, if you would.
  243. Darlan I can package them for Slackware, if you would want.
  244. MatthL but I'm not asking you to package all the plugins
  245. MatthL but only the plugins installer plugin
  246. kcchouette Asterix, and on windows ?
  247. Darlan kcchouette, I guess you need to add -c PATH into gajim.exe file.
  248. dicson I vote for adding warning message.
  249. Asterix MatthL: You don't seem to understand what I'm saying. For the last time, (after I leave because I'm becoming nervous): I know we're not secure, I'm searching a way to improve things. If you don't have other ideas, no need to insist on saying we're the less secure in the world, that don't make things progress
  250. Darlan kcchouette, I suggest you to push on people at or to assist you.
  251. Asterix MatthL: I won't package even only this plugin for all distro
  252. Asterix and users won't add my repository
  253. kcchouette thanks, Darlan
  254. Darlan No problem
  255. Darlan It would be wonderful to have Gajim featured in
  256. Asterix dicson: based on a fingerprint hardcoded in plugin installer? That can be modified while downloading it if we're under MITM attack? that won't work
  257. Asterix kcchouette: yes on win too, just install it on your key, than run it with -c option
  258. kcchouette ok, thanks
  259. dicson Asterix, I understood
  260. Darlan Perhaps Gajim for Windows should have a gajim-portable.bat file that executes gajim.exe with -c?
  261. Asterix hmm needs test. Not sure -c . will work. I don't know from where is run the .bat when you dubble click on it ...
  262. dicson
  263. Asterix yes, but using TLS without verifying the cert is not secure
  264. louiz’ "a TLS connection that only allows the connection if the fingerprint of the remote server is exactly as is expected"
  265. louiz’ he wants gajim to contain an hardcoded fingerprint of gajim’s TLS cert
  266. louiz’ so, there’s a certificate check
  267. louiz’ if I understand correctly
  268. Asterix yes ... but that means no way to update plugin installer
  269. louiz’’s TLS cert
  270. louiz’ yeah
  271. Asterix what about getting the cert fingerprint over https (so we trust the CA)?
  272. MattJ Sure
  273. Asterix or simply have a valid ftp cert and trust its CA
  274. Asterix except python FTP lib doesn't seem to allow cert verification :/
  275. Darlan TorChat uses Gajim's iconset, according to screenshot
  276. Asterix haha :)
  277. Asterix it seems it's doable in python3 as we can provite a ssl context
  278. Asterix so I don't think we'll do something for 0.16, but we'll do in gtk3 branch
  279. MattJ Asterix, why FTP?
  280. dicson FTP - 1.file transfer protocol.2 not need parse html. Discussed some time ago. There is a desire to rewrite - Patch welcome
  281. Link Mauve HTTP doesn’t mean HTML.
  282. Link Mauve If that’s what you were thinking about.
  283. Darlan I think we can use a Packages.TXT file like Slackware repositories.
  284. dicson patch welcome anyway
  285. Darlan PACKAGES.TXT*
  286. kcchouette Hello, I have some problem with the select of my file (to transfert a file) :
  287. Asterix MattJ: main reason I think it that it's easy to get file list. no need to create a file that have this list
  288. Asterix kcchouette: ho right, I see somthing wrong, will discuss that with Jef
  289. kcchouette Asterix, and it affect too gajim alpha 2
  290. kcchouette *affects
  291. Asterix kcchouette: or maybe you could try to convert self.file_props['sid'] to self.file_props.sid line 98 of src/common/
  292. kcchouette ok, I must re-start gajim after that ?
  293. Asterix yep
  294. Darlan Asterix, what do you need in order to make an official port of Gajim to MacOS?
  295. kcchouette Asterix, it works with >‎[20:17:56] ‎Asterix‎: kcchouette: or maybe you could try to convert self.file_props['sid'] to self.file_props.sid line 98 of src/common/
  296. Asterix everything, I don't know anything about OSX, so no idea
  297. Darlan Testers?
  298. Asterix I don't know the exact status of GTK for OSX ...
  299. Asterix kcchouette: cool thx, I commit that
  300. kcchouette Asterix, but how force a pull with hg ?
  301. dicson kcchouette, hg up -C ?
  302. Darlan Linphone has a MacOS version based on GTK, even Pidgin, but Pidgin devs recommend to use Adium. There is a Adium user who is visiting this chat room, but he did not reply to my messages.
  303. Asterix hg pull -u
  304. Asterix pushed
  305. Darlan Asterix, duplicated tab with pocek Traceback (most recent call last): File "/usr/share/gajim/src/", line 800, in _on_notebook_switch_page old_ctrl.set_control_active(False) AttributeError: 'NoneType' object has no attribute 'set_control_active'
  306. bot RSS: Feeds for Gajim • Changeset [14940:618cda1142ae]: fix traceback with new fileprops. fix traceback with new fileprops.
  307. dicson Darlan, pocek changed nick?
  308. Darlan I think not.
  309. Darlan A duplicated tab has occurred once again and this time I have a programming error message available.
  310. Darlan Each time I click on the original tab of pocek I get a Programming Error pops up; also when I switch from pocek tab to a new tab.
  311. Darlan Different messages - I will post to trac
  312. Asterix not needed
  313. Asterix once again (I don't count anymore) the problem is the duplicate tab. What hppens after doesn't matter
  314. Darlan ok
  315. bot RSS: Feeds for Gajim • Ticket #7435 (U[] • Ticket #7403 (wrong candidate choosen when doing Jingle FT) updated This might be relevant - a file transfer problem between you and I Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nbxmpp/", line 534, in _process_events return IdleQueue._proc[…] • Ticket #7435 (Un/responsive duplicated tabs) updated Summary changed From Programming Error Dia[…][…]