Gajim - 2016-03-27

  1. Kergma hello. How can I set up background color of chat? I don't like pure white background, but I cannot find possibility for changing it.
  2. mpan Kergma: I believe you can’t change the background w/o modifying the source code. It’s derived from your system’s theme.
  3. mpan Kergma: at best you may try to change theme for gajim alone, I believe.
  4. mpan Try setting `GTK_THEME` env variable for gajim to the theme of your choice. But that’s just my wild guess!
  5. Kergma Thanks! ~/.gtkrc is path to happyness.
  6. Kergma And some googling, of cource
  7. mpan Np. I’m happy I could help.
  8. Kergma But why so complex? :)
  9. Kergma All other colors can be changed from gajim...
  10. mpan All? Pretty none.
  11. mpan You can only change few of them.
  12. mpan You can’t even configure MUC nicknames colorset, and it’s very limited
  13. mpan You could posta a feature request for that. However I believe there are now much more important things to solve. Encryption is one of them.
  14. mpan Gajim supports PGP natively, but requires [broken+unmaintained] plugin for OTR. Pidgin supports OTR natively, but requires a plugin for PGP. JAJC supports PGP natively, can’t support other methods. Psi supports PGP, but OTR only via [broken+unmaintained] plugin. … no common denominator :<
  15. Link Mauve mpan, all of them support TLS natively. \o/
  16. mpan Link Mauve, great we have at least that… ;)
  17. mpan At least our passphrases are protected.
  18. Link Mauve You should run your own server, if you don’t trust your current one that much, really.
  19. mpan 1. This will not solve the issue on other participants’ servers. 2. Not everyone can get a local server running.
  20. mpan [Alice ←→ [Alice’s own server]] ←---→ [Server Bob uses] ←---→ [[Bob]]
  21. mpan The setup doesn’t solve anything.
  22. Link Mauve Well, my 15 years old self managed to run a full XMPP + email + web + DNS + files server, and I knew nothing about that nor about Linux at the time.
  23. Link Mauve You can check if Bob’s server enforces c2s encryption too.
  24. mpan Seems like your 15 years old self: 1. Wasn’t behind NAT. 2. Had money to run a server 24/7. 3. Had money for a domain. 4. Had money for a DV certificate (Let’s encrypt wasn’t there then)
  25. mpan I don’t care if the server Bob uses enforces c2s. The server itself is the problem.
  26. mpan On the server things are not encrypted.
  27. Link Mauve 1. Nope, NAT was here but I could just redirect some ports, and my ISP also started offering opt-in IPv6 at that time 2. Yeah, electricity wasn’t a main concern back then. 3. Yeah, something like 7€ per year, that’s not crazy expensive for most people, and you can pool with other people to buy one, or to get a subdomain for free from pretty much anybody. 4. Nope, I just used a self-signed one for about ten years, until this January.
  28. Link Mauve Also for 2., nowadays you get very low power servers, my current setup involves machines drawing just 1W.
  29. Link Mauve mpan, and neither PGP nor OTR nor OMEMO care about encrypting more than just the message’s body. The new OX spec does that though, which is why I started playing with it.
  30. Link Mauve I like this one, about metadata:
  31. mpan
  32. Link Mauve Really, I’d rather run my own server, since most of my friends are already doing so, and drop any pointless e2e encryption altogether.
  33. mpan As I said, not all people can do this. Actually pretty no one can.
  34. mpan Don’t forget that *we* are privileged, because we have knowledge and, quite often, enough of money.
  35. mpan Also by running your own server you’re atually making metadata collection much easier.
  36. mpan But it’s not only about the state.
  37. mpan I don’t explicitly point at the state as the Mallory. It's a general issue for me.
  38. mpan Could be even a bored or drunk server administrator.
  39. mpan Could be a boss at the work, spying on the company’s server.
  40. mpan Could be a collegue who wants to impersonate me to get me fired.
  41. mpan Plus I’m taling about both encryption and authentication. One without the other makes no sense for me in this scenario.
  42. Link Mauve Basically only PGP does that, if you trust the web of trust.
  43. Link Mauve Or the SMP part of OTR.
  44. Link Mauve Or the esessions short identifier, if you know another channel on which to exchange it.
  45. mpan I don’t need to trust WoT if I can just verify another person myself.
  46. mpan Whatever it is, it’s still better than plaintext.
  47. SouL What does WoT mean?
  48. mpan SouL: Web of Trust
  49. SouL mpan: ah.. Thanks 😀