Gajim - 2016-07-29

  1. Nothing4You hey there
  2. Nothing4You is there a way to send monospaced stuff via jabber?
  3. Nothing4You something supported preferrably by at least gajim and pidgin
  4. Link Mauve You can use XHTML-IM and the pre tag.
  5. Link Mauve See
  6. Nothing4You ty i'll take a look at that
  7. Link Mauve I don’t know how to send it in an user-friendly way from Gajim, though.
  8. Nothing4You receiving is enough
  9. Nothing4You i'm working on a bot that creates commits in a git repo and i'm planning to send a diff stat as ping after committing
  10. Link Mauve Ah, perfect. :)
  11. de-facto Monospace
  12. SouL :O
  13. Link Mauve de-facto, no, that’s actually called full-width.
  14. de-facto haha jup ;)
  15. de-facto maybe like this: 𝙼𝚘𝚗𝚘𝚜𝚙𝚊𝚌𝚎 ?
  16. de-facto Monospace
  17. de-facto last one was html monospace (i guess)
  18. grin lookin' at this place it seems people are bound to periodically reinvent iRC 8-|
  19. grin by the way trac registration was invidible under firefox because the top div is called "banner", and nearly all adblock hides it. unlucky choice of name.
  20. SouL grin, what do you mean? Who want to reinvent IRC?
  21. moparisthebest would you guys accept a patch that changes the certificate fingerprint comparison/warning to a public key comparison/warning ?
  22. moparisthebest it wouldn't have security implications because if the cert changes but the public key doesn't, you can still trust it
  23. lovetox moparisthebest
  24. lovetox did you look at the code?
  25. lovetox maybe i missed something, but
  26. lovetox there was a patch 2 month ago to not warn on fingerprint changes
  27. lovetox if the certs hostname matches the hostname of the jabber server
  28. lovetox maybe you are not on the latest gajim nightly
  29. moparisthebest no I haven't compiled recently
  30. moparisthebest but that just removes the check all together?
  31. lovetox if the hostname is the same
  32. moparisthebest so just a regular certificate check every tls client should do?
  33. lovetox its a bit complicated
  34. moparisthebest that's not quite the level of security I was after :/
  35. lovetox first gajim does a regular certificate validation via OPENSSL
  36. lovetox if that gives no errors
  37. lovetox you shouldnt get any messages
  38. lovetox if it does give errors
  39. vorner Any plans to support DNSSEC+TLSA validation? O:-)
  40. lovetox then this hostname check is made
  41. lovetox vorner, you can do it
  42. moparisthebest lovetox, doesn't regular openssl cert validation do the hostname check?
  43. lovetox yes
  44. lovetox this is a check if your server has errors always
  45. moparisthebest I don't understand what doing it again adds?
  46. moparisthebest AH gotcha
  47. moparisthebest oh if it was the same bad hostname as before?
  48. moparisthebest that's not exactly awesome though
  49. lovetox na i think the idea is, if you use some own cert thats not validated through CA
  50. lovetox you will get always errors
  51. lovetox but you can click in gajim to ignore
  52. lovetox and if you this, and then the cert changes, you wouldnt get any ssl errors because you ignore
  53. lovetox but then this own made check comes in with the hostname
  54. moparisthebest wouldn't it be better to do a TOFU thing with the public key?
  55. lovetox which is not very secure, but if someone ignores all ssl errors, its the most we can do
  56. moparisthebest if you verify the public key once, it should be good forever
  57. lovetox thats also done
  58. lovetox thats why the message doesnt come on every connect
  59. lovetox i missunderstood
  60. moparisthebest at least in the version I have it's not the public key, it's the certificate fingerprint
  61. lovetox nah we save only the fingerprint
  62. moparisthebest and the cert can change and keep the same public key
  63. moparisthebest so I'm proposing don't save the cert fingerprint, save a public key hash instead
  64. lovetox hm yeah could be done
  65. moparisthebest I've only been annoyed by this since switching to letsencrypt :)
  66. lovetox but to be honest that you were seeing this message is not inteded anyway
  67. lovetox cause if you have a valid cert, there should be nothing to check for you
  68. lovetox that level of paranoia is not needed i thing
  69. moparisthebest I pin public keys with hpkp for http, and DANE for xmpp, so I keep the same public key, but change certs every ~60 days
  70. moparisthebest so now I get the warning every 60 days, when if I trusted just the key, I'd get it never
  71. moparisthebest or, whenever I change keys if ever in the future :)
  72. lovetox yeah many people complained, there is a bug report also
  73. moparisthebest a bit of paranoia isn't so bad :)
  74. lovetox i try since 2 days to pin the problem down
  75. lovetox i think most of the people dont have a gajim nightly thats younger than 2 months
  76. lovetox but i cant verify it, it could still be a bug
  77. lovetox but if i look at the current code, i think you should never see this on a cert change
  78. lovetox that is valid ssl
  79. moparisthebest I'm on 0.16.SOMETHING
  80. lovetox na the commit is not even in a official release
  81. lovetox so you need nightly
  82. lovetox maybe you could install the latest and tell me if you ever see it again :)
  83. moparisthebest looks like I am on a43f0fa77a26 from january
  84. moparisthebest well I won't see it for ~60 days now anyway :)
  85. lovetox how did you find this info
  86. lovetox ?
  87. lovetox so i can ask others to look for it
  88. moparisthebest hg log because I built it myself
  89. lovetox ah i see its in the about tab also
  90. moparisthebest I think they could go to help -> about maybe?
  91. moparisthebest yea but if you don't re-run after pull --update that doesn't change I found out :)
  92. lovetox but i guess it changes for people who use apt-get?
  93. moparisthebest yes
  94. Hermann hi all, in this room, when I change the color of the font, it doen't work. It stays black. Any idea what happens?
  95. Hermann also in font - color , the help button is not working
  96. Hermann ok, I'm on the latest nightly version, but the color thing also didn't work on 0.15.x
  97. lovetox Hermann, this has probably nothing to do with nightly
  98. lovetox never go back to 0.15
  99. lovetox Hermann i dont see a help button
  100. Mezu Hello
  101. lovetox hi
  102. Mezu Hello
  103. Mezu how are you
  104. Mezu ‏:-(