Gajim - 2016-12-10


  1. SaltyBones alright
  2. SaltyBones reinstalling windows didn't help
  3. lovetox haha are you serious?
  4. lovetox help with what?
  5. SaltyBones but reducing that timeout or whatever it is did help somewhat :p
  6. lovetox :D
  7. SaltyBones well, I didn't seriously expect it to help
  8. SaltyBones I reinstalled for other reasons...
  9. lovetox win 10?
  10. SaltyBones fucking windows 10 is so creepy...it still has hardware like my headphone installed even though it's not plugged in
  11. SaltyBones well I've been upgrading this since win 7
  12. SaltyBones and when I found installed software earlier called "TrustworthyToolbar" I decided it was long over due for a reinstall j)
  13. SaltyBones ;)
  14. lovetox haha
  15. lovetox the name
  16. lovetox legend
  17. SaltyBones not even kidding :)
  18. lovetox ThisIsNotaVirusToolbar
  19. lovetox :D
  20. SaltyBones It's such a shameless name.
  21. SaltyBones Not even trying...
  22. Br0nek I pushed anti_spam plugin for grk3 branch
  23. Br0nek And made merge request
  24. lovetox thanks
  25. lovetox one thing
  26. lovetox the version should not be the same
  27. Br0nek I know)
  28. Br0nek for gtk2 is 0.4.3 and for gtk3 is 1.4.3
  29. lovetox ah sorry ^^
  30. lovetox asd
  31. Asterix it's not really really required ... but that's a bit nicer indeed. I'll read that ASAP, I really need that. I get more and more spam Thanks a lot Br0nek
  32. Br0nek you're welcome:)
  33. lovetox never got a single spam message ever
  34. lovetox and with jabber.at im probably on one of the bigger servers
  35. Br0nek Lucky
  36. Asterix Br0nek: merged
  37. Br0nek Excellent)
  38. zak What does it mean if one of the own OMEMO-fingerprints in Gajim is grey instead of green? (both are trusted)
  39. lovetox_ grey means
  40. lovetox_ your contact has removed this device from his published device list
  41. lovetox_ a reason could be that he doesnt use this device anymore
  42. zak Hi lovetox. It's my own key!
  43. lovetox_ or maybe it was stolen or lost
  44. zak And I certainly use both!
  45. lovetox_ are both devices online?
  46. zak yes
  47. lovetox_ maybe your devicelist is getting corrupted
  48. lovetox_ go to the config menu
  49. lovetox_ and press "clear devices"
  50. zak now both of my keys are grey
  51. lovetox_ yeah wait a bit
  52. lovetox_ restart gajim
  53. zak Should I push "Update" (Aktualisieren)
  54. zak ?
  55. lovetox_ yeah you could
  56. lovetox_ this shows you your publish devices
  57. lovetox_ are there any?
  58. zak Yes, one. Before clearing, there were two
  59. lovetox_ 2 device is conversations?
  60. zak Yes
  61. lovetox_ log off with conversations and log in again
  62. zak Now I see two device IDs again.
  63. zak And the one fingerprint is grey again, as before.
  64. lovetox_ yeah then it should be good
  65. lovetox_ :)
  66. lovetox_ if you have 2 fingerprints under "own devices"
  67. lovetox_ or own fingerprints
  68. lovetox_ that would mean you have 3 devices
  69. lovetox_ because the own fingerprint is not in the list
  70. zak "Own Fingerprints" or "Published Devices"?
  71. lovetox_ if you go to a chat window
  72. lovetox_ fingerprint -> own Devices
  73. lovetox_ if you have 2 devices active, in this window should only be one green fingerprint
  74. lovetox_ the one of the other device
  75. zak Okay. Green is the Gajim fingerprint then?
  76. lovetox_ your own device is above under Own Fingerprint, its not in the colored list
  77. lovetox_ no
  78. lovetox_ the fingerprint of gajim is under "Own Fingerprint"
  79. lovetox_ the fingerprints in the list are fingerprints of other devices you have
  80. zak Okay, so what's with the grey one?
  81. lovetox_ probably a device you once used?
  82. lovetox_ maybe you installed gajim somewhere else and logged in with your account
  83. lovetox_ as soon as you do this fingerprints are generated and published
  84. zak Ah, now I remember, that was the Conversations key from an old phone.
  85. zak I removed it.
  86. zak So I can safely delete it in Gajim as well, I suppose.
  87. lovetox_ this is a matter of taste :)
  88. zak Why?
  89. lovetox_ if you delete it, it could theoretically come back
  90. lovetox_ if you mark it as not trusted
  91. lovetox_ it cant
  92. zak But I should have full control over my fingerprints, shouldn't I?
  93. zak If I *know* that a phone is wiped and they key with it, I want to remove all its traces.
  94. lovetox_ yeah you have, i just metioned it, because if you delete a fingerprint in conversations
  95. lovetox_ it means its banned forever
  96. lovetox_ untrusted forever
  97. lovetox_ you cant bring it back ever
  98. zak Is there a reason, if the key is actually deleted irreversible?
  99. lovetox_ in Gajim this is not the case, if you delete it , its just like it never existed
  100. lovetox_ the reason is potential security concerns, if someone deletes a key, it probably means he doesnt trust it
  101. lovetox_ at least thats why conversations does it
  102. lovetox_ but this is a matter of taste, i just wanted to tell you what deleting actually does
  103. zak Can you tell me a reason to *not* want to delete a published key, where you removed the private key?
  104. lovetox_ for example if your device is stolen
  105. lovetox_ you would want to mark it untrusted, so it can never be injected into your list, and probably mistakenly accepted by you again
  106. zak Yes, I meant if I personally deleted the (private) key.
  107. lovetox_ in that case i see no reason to not delete it :)
  108. zak ok
  109. zak This whole key handling is really a mess for users. At least in Gajim the average user probably doesn't understand any of it.
  110. lovetox_ thats why conversations made the blind trust change :)
  111. lovetox_ so the average user doesnt really have to think about it
  112. lovetox_ but if you really want to be save, there is no way around understanding all of the mechanics
  113. lovetox_ there is no easy way
  114. zak Yes, I understand that you do have to get some insight in this.
  115. zak But it should be explained somehow in Gajim. For example what the colors mean, etc.
  116. lovetox_ also if you would be an average user, you wouldnt care about a "grey" key aslong as everything works ^^
  117. zak True ;)
  118. lovetox_ yeah i could add it to the readme
  119. zak Are there any plans to implement the verification in Gajim as well in some way?
  120. lovetox_ like with a usb barcode scanner?
  121. lovetox_ :D
  122. lovetox_ i dont think that makes much sense for a desktop client
  123. lovetox_ i think its already so, that if someone scans your barcode in conversations
  124. lovetox_ he verifys the desktop with it automatically
  125. zak Yes, but only if you scanned your own desktop key as well before.
  126. lovetox_ so do it ..
  127. zak Already done.
  128. lovetox_ i think thats a very good system
  129. zak Yes, it is indeed. I just try to keep my keys organized.
  130. zak It gets complicated if there are too many keys and you don't know which is which.
  131. zak Is the "device id" something that the OMEMO plugin in Gajim invented, or is that an "official" OMEMO device id?
  132. lovetox_ thats from the xep
  133. lovetox_ in conversations its not shown i believe
  134. zak yes, that's why I ask
  135. lovetox_ because it probably would confuse most people
  136. zak The device id differs between XMPP accounts. That's something you wouldn't think of when thinking about a "device" id.
  137. lovetox_ thats true
  138. lovetox_ the device id is nothing secret, its just a number with that we can request the keys of a contact from the server
  139. zak Yes, no problem, I am just recognizing things and try to understand :)
  140. lovetox_ your server hots a device list, we query the device list, and query afterwards all keys for the devices with the device id from the same server
  141. lovetox_ if you hit clear devices
  142. lovetox_ this list get set to zero
  143. lovetox_ which gets immediatly send to all your contacts
  144. lovetox_ than they set all your keys "inactive"
  145. lovetox_ but if a device of your own gets a devicelist from your own server that has zero devices in it
  146. lovetox_ then it knows this is wrong, and writes itself again into the least
  147. lovetox_ which gets immediatly pushed to all your contacts again
  148. lovetox_ and the one key of the device that wrote itself into the list again, gets set to "active
  149. lovetox_ every other online device of yours does the same
  150. lovetox_ and in the end you end up with a list of active devices
  151. lovetox_ because inactive or offline devices, cant write themself into the list again
  152. lovetox_ this all happens in a few seconds of course
  153. zak ok, how are inactive devices handled with other contacts? No messages are sent to them?
  154. lovetox_ if you send a message its only encrypted for active devices
  155. zak ok
  156. zak is it correct that each device has exactly one key/fingerprint?
  157. zak for OMEMO I mean
  158. lovetox_ yes for every device id there is a key published on the server
  159. lovetox_ there can be only one key for a device id
  160. zak So what for is the device ID? couldn't you just use the fingerprint instead?
  161. lovetox_ yes
  162. lovetox_ but its a waste of bandwidth
  163. lovetox_ the public key is big
  164. lovetox_ and the "device list" or then "public key list" is sent very often
  165. lovetox_ on every login for example
  166. lovetox_ or everytime something changes
  167. lovetox_ so we send only this small device ids, it saves bandwith and we can achieve the same thing :)
  168. zak Yes, I meant using the fingerprint. Not the whole key of course.
  169. lovetox_ there is no difference i think
  170. zak Ah,...
  171. lovetox_ the fingerprint is just another way to display it
  172. lovetox_ fingerprint is still 8 times bigger then the device id
  173. zak if the fingerprint is 8 times bigger, the device ID is not the same... but okay.
  174. lovetox_ no you misunderstood me
  175. lovetox_ the publik key is equal to the fingerprint
  176. lovetox_ public key base64 converted is fingerprint
  177. zak ah, ok
  178. lovetox_ and fingerprint is 8 times bigger then device id
  179. lovetox_ so hence device id is used as a replacement for sending between devices, and keys are only pulled from the server if not already on the device
  180. lovetox_ in most of all circumstances you already have all keys saved on your harddisk from your contacts
  181. lovetox_ the device list still has to be sent on every login to all of your contacts
  182. lovetox_ so it would be waste to include everytime the big keys they already have
  183. lovetox_ so we send small integeres, and if they cant map the device id in theire database to a public key, they request the key from the server with that device id
  184. zak ok, understood