Gajim - 2016-04-21


  1. lovetox started gajim on a second user on my windows pc
  2. lovetox all hell broke loose
  3. lovetox couldnt even send one message to conversations
  4. lovetox does anyone know what it means when a red X is besides a message in gajim
  5. lovetox does that mean that the message is not send by this device
  6. tmolitor Lovetox: No, this simply means a message receipt was Not received For this message...but this could mean everything (including a correctly delivered message)
  7. tmolitor andrey.utkin@decent.im: no, Not really...IT would help if you could reproduce the error...maybe the fix is incomplete and there is another place in the Code that has to be fixed, too...
  8. tmolitor andrey.utkin@decent.im: please try to apply this Patch before reproducing the Bug: https://paste.gajim.org/view/b7b13b8c
  9. tmolitor andrey.utkin@decent.im: Start gajim in the console and send me the complete output after the Bug Has triggered...
  10. moparisthebest in gajim what does the 'use gpg agent' option do exactly? I have it checked, and I have a gpg-agent open and unlocked, but still when I open gajim I have to type my gpg password in twice for some reason?
  11. Dekádě толпа
  12. Dekádě как на майдане
  13. Dekádě :-D
  14. mpan > @‎moparisthebest: in gajim what does the 'use gpg agent' option do exactly? I have it checked, and I have a gpg-agent open and unlocked, but still when I open gajim I have to type my gpg password in twice for some reason? Possibly your gpg-agent is configured this way or isn’t started at all? See its configuration, especially `default-cache-ttl` and `max-cache-ttl` values.
  15. moparisthebest mpan, my gpg-agent I believe is configured correctly, enigmail from thunderbird uses it all the time without ever asking for a password?
  16. moparisthebest I am using gpg-agent (GnuPG) 2.1.5 does that matter? (gpg2)
  17. mpan Have you tested this manually, using gpg2 from command line?
  18. moparisthebest mpan, yes gpg2 works from the command line without prompts too
  19. moparisthebest is gajim using gpg or gpg2? I'm not sure what gpg does
  20. mpan There is no `gpg`, only `gpg2`.
  21. mpan I mean: there is a symlink named `gpg` for backward compatibility, but that’s all.
  22. mpan If gpg2 works fine from command line, then I have no ideas. Sorry :/
  23. mpan There are some strange things around GnuPG support in Gajim. For example one can’t sign anything after even a single signature fails — one has to log off from all services and then log in again. But I had no time yet to track this in the code.
  24. moparisthebest well, my gpg and gpg2 are different programs
  25. moparisthebest $ gpg --version gpg (GnuPG) 1.4.16
  26. moparisthebest $ gpg2 --version gpg (GnuPG) 2.1.5
  27. moparisthebest maybe that's my whole problem? :/
  28. mpan Then I don’t know which one Gajim uses. However I doubt this to be of any significance. gpg-agent should cache credentials for both.
  29. Link Mauve mpan, Gajim is using gnupg.py, I recently tried to add OX support to slixmpp and it wasn’t working properly with my gpg version, I then switched to pygpgme and it was much better.
  30. mpan Link Mauve, send this to moparisthebest, he has the problem, not me. But thanks for the info :)
  31. Link Mauve gnupg.py would for example give a non-working encrypted-looking message when I failed to give it my passphrase.
  32. Link Mauve mpan, I consider moparisthebest pinged.
  33. Link Mauve I told that to Asterix already.
  34. mpan k
  35. Link Mauve The conclusion was “I don’t have the time to do that”.
  36. moparisthebest thanks Link Mauve
  37. Link Mauve mpan, moparisthebest, the reason pygpgme works better is that gpgme is developped in tandem with gnupg, so it always knows about newer options and how it communicates.
  38. Link Mauve While gnupg.py is always playing catch-up.
  39. moparisthebest and gajim with pgp *works*, it's just annoying to have to type in my password once when I login for gpg-agent, then twice everytime I start gajim
  40. andrey.utkin@decent.im moparisthebest, i'm stuck with passphrase-less pgp keys, because I believe Joanna Rutkowska is right about adversary having access to my workstation being Game Over point anyway (see bottom of http://blog.invisiblethings.org/keys/ )
  41. mpan I definetly don’t agree with her. The machine may be compromised in many other ways than just “executing code”.
  42. mpan And while a stolen key should be considered bad no matter if it had passphrase on it or no, the extend of damage is different in both cases.
  43. mpan And while a stolen key should be considered bad no matter if it had passphrase on it or no, the extent of damage is different in both cases.
  44. mpan Stating this otherwise: she’s perfectly right, just the premises are wrong.
  45. andrey.utkin@decent.im mpan, what other ways of compromising you mean, specifically (at least one)?
  46. moparisthebest I use keepass, so my gpg password is in there, so I have a script that asks me my keepass password, unlocks my keepass database, and uses it to unlock my gpg agent
  47. mpan andrey.utkin@decent.im: just downloading the file with the key, as an example.
  48. moparisthebest yea andrey.utkin@decent.im in my case my keyring is backed up to my server at home automatically with syncthing
  49. moparisthebest it's not unlocked on there, therefore a passphrase does protect it
  50. mpan andrey.utkin@decent.im: actually no attack is even required: one can even send their private key merely by accident, by selecting wrong file during some other operation.
  51. mpan There are N private keys sent this way to gist, for example.
  52. andrey.utkin@decent.im well, i mean there's a lot of things which won't work if you gpg them, so you should still consider your workstation non-compromised only if you guard it with proper log-in passwords (or other stuff like physical auth token), including screensaver
  53. mpan So many that bots scan gists 24/7 to find them.
  54. andrey.utkin@decent.im consider my login/screensaver password a "master passphrase". So I don't type in any password to unlock my password database to unlock my gpg key passphrase
  55. andrey.utkin@decent.im every time
  56. moparisthebest do you use full disk encryption too?
  57. andrey.utkin@decent.im yes
  58. mpan Link Mauve, will Gajim detect pygpgme automatically if I install it in the system, or should I somehow configure it?
  59. moparisthebest mpan, I think Link Mauve was saying gajim needs re-written to use it instead
  60. andrey.utkin@decent.im got boot partition & key on separate trusted usb stick.
  61. mpan Oh, ok. Misunderstood that.
  62. mpan thx
  63. mpan andrey.utkin@decent.im, another example of losing a private key without code being executed is having it on a memory stick, and physically losing it.
  64. mpan I doubt she walks with her VMs around, but many people need their private keys in multiple places.
  65. andrey.utkin@decent.im mpan, backup medium and/or spare decryption password
  66. mpan ?
  67. mpan How would that prevent malicious use of the private key? >_>
  68. andrey.utkin@decent.im mpan, i thought you mean "physically losing it" outside of context of it getting into adversary's hands
  69. andrey.utkin@decent.im well, losing a disk-entryption-key medium doesn't itself compromise your workstation and your PGP keys unless you lose control over your workstation itself
  70. mpan No, I’m just giving you examples you have asked for. In the context of Rutkowska’s statement. I believe she’s just too bold in here, possibly not realizing that her statement could be used out-of-context, in non-VM environment.
  71. andrey.utkin@decent.im of course having your crypto keys encrypted *at rest* has its benefits, but i got sick with constant typing-in passwords all the time (like for ssh, for local logins etc.) that i made it a principle to avoid password/passphrase typing physically.
  72. andrey.utkin@decent.im and using GPG for chatting promises A LOT of passphrase typing-in
  73. andrey.utkin@decent.im mpan, i'm following her way in non-VM env :) i'm just using SELinux for a sort of substitute of her Qubes OS. And also i have ditched Skype and Acrobat Reader so that nothing spies on my clipboard buffer.
  74. mpan Just set your TTL to some high value.
  75. mpan No need to re-type you passphrase over and over again.
  76. andrey.utkin@decent.im i don't like typing passwords to that degree that i won't go that way. I'm happy with what I have set up. But thank you for mentioning that there's configurable TTL.
  77. moparisthebest andrey.utkin@decent.im, yea my ttl is set for like weeks or something, it's effectively for as long as my computer is on
  78. mpan moparisthebest, don’t you have two separate private keys set? Maybe this is the cause you’re being asked for a passphrase twice?
  79. mpan (and, in such case, you should be asked twice)
  80. bot RSS: Feeds for Gajim • Ticket #8043 (Systray icon missing with Plasma 5) updated The appindicator plugin is working, but without a visible icon it's hard to use, you can't even see when new messages arrives. I tried to fix the appindicator plugin, but there is only few and old documentation for the appindicator stuff at all. Is this a Plasma 5 only problem? As the systray icon is a feature of Gajim itself, shouldn't it be supp[…] https://trac.gajim.org/ticket/8043#comment:20
  81. Marzanna I switched e2e encryption and OTR autostart off. Now I see OMEMO encrypted messages in Conversations and Gajim. looks like it was a conflict.
  82. Marzanna But one question bothers me. When I send a message from Gajim, I see it in Conversations but if I send message from Conversations, I don't see it in Gajim. Why? Is some XEP missing?
  83. Asterix Marzanna: XML logs would help answering
  84. Marzanna Asterix, when I send a message from Conversations, XML log in Gajim shows nothing.
  85. Asterix then the problems seems to be in conversation ... Gajim will have difficulties showing message that it doesn't receive
  86. Marzanna Asterix, thanks. I'll test with another Android client.
  87. Asterix I don't think another client supports OMEMO
  88. Marzanna Asterix, I don't need OMEMO to see all my messages in all connected clients. Right?
  89. Asterix no, you need MAM and carbons
  90. Asterix OMEMO is forencryption
  91. Asterix OMEMO is for encryption
  92. Marzanna Hmm... I use Movim, Conversations and Gajim simultaneously. When I send a message from Movim, I see it in Conversations and vice versa. But I don't see my message in Gajim...
  93. Asterix Marzanna: check the option in accounts window, General tab
  94. Marzanna Asterix, all options are checked.
  95. Marzanna They are enabled by default afaik.
  96. Asterix no, I don't think receive conversations from other resources is checked by default
  97. Asterix but it's checked (and if your server supports that) and if other clients (conversation does) supports it, when sending a message from one, you'll receive it in all your clients
  98. Marzanna Asterix, can you tell me what option exactly I need to check?
  99. Asterix receive conversations from other resources
  100. Marzanna Asterix, um... I don't have such option in General tab... I'm using Gajim 0.16.
  101. castRo Asterix, hello
  102. Asterix Marzanna: then upgrade to latest version, or go in ACE and look for carbon
  103. Asterix Hi castRo
  104. castRo Asterix, i want talk with u , can me add u ?
  105. Marzanna Asterix, you're right. I have latest Gajim version on my laptop, but I completely forgot to update it on my desktop!
  106. Asterix castRo: we can talk here, or in private if you want, no need to add me to be able to talk to me
  107. castRo Asterix: oky
  108. Marzanna Asterix, thank you! Now I'm seeing my messages in Gajim too!