Gajim - 2017-02-06

  1. lovetox Link Mauve, if you have time in the next days would be cool if you could test
  2. lovetox
  3. lovetox of course everyone else on the gtk3 branch is also welcome to test this :)
  4. were there any changes recently in plugin code?
  5. http upload now crashes with:", line 622, in __init__ self.dialog.set_transient_for(plugin.chat_control.parent_win.window) AttributeError: 'NoneType' object has no attribute 'window'
  6. dafuq.... now it's suddenly working. same file. same everything.... strange. sorry about that. will try to debug harder if it happens again
  7. kimsehic3 activate: does gajim have a/v support at all?
  8. SaltyBones ugh
  9. SaltyBones I need to patch this secure connection dialog
  10. SaltyBones keeps bugging me to connect insecurely whenever I'm in a network with web based authentication
  11. Link Mauve kimsehic3, yes, when your contact supports it, click the button looking like a microphone or a camera at the bottom of the chat window.
  12. Link Mauve If they are grayed, keep the pointer on the button to know why.
  13. Link Mauve Also have a look at Help > Features to see if you are not missing some dependency.
  14. Link Mauve SaltyBones, I thought this had been fixed, are you up to date?
  15. SaltyBones Not dev
  16. SaltyBones This was .7
  17. bot Yann Leboulanger pushed 5 commits to branch _refs/heads/master_ of _python-nbxmpp_ <>: *5876bdf3* <> Implemented smacks 3 (xep revision 1.5), the location attribute is not implemented yet *34dccd23* <> Fix: request smacks ack AFTER sending out a stanza *870b5a22* <> Add delay tag to message stanzas when replayed by smacks *bb4cb499* <> Corrected some typo (syntax error) *5c2c0b22* <> Merge branch 'smacks_rev_1.5' into 'master' Implemented smacks 3 (xep revision 1.5) See merge request !1
  18. tm lovetox, I have an exception in "", line 669, in get_bookmarks_menu", bookmark['nick'] can be None as well
  19. lovetox ah didnt know that, thanks
  20. tm hmm, "History Manager" doesn't work, but that seems to be unrelated to your changes, i.e., there is a typo onfig_path instead config_path (since 2013!)
  21. lovetox wait i push this without need of merge request
  22. tm otherwise new appmenu looks fine to me (ignoring the plugins, but I suppose you already know that)
  23. tm one more thing: sometimes the application menu is inactive / grayed out - though, I am not sure why and when this happens exactly
  24. tm after some experimenting, it seems to happen just after moving gajim window to another desktop
  25. SaltyBones Link Mauve, which bug were you talking about exactly?
  26. Link Mauve SaltyBones, this one: “09:33:45 SaltyBones> I need to patch this secure connection dialog 09:34:09 SaltyBones> keeps bugging me to connect insecurely whenever I'm in a network with web based authentication”
  27. SaltyBones Yeah, but do you have a link to the issue that is supposed to be fixed?
  28. SaltyBones I couldn't find it in the tracker.
  29. Link Mauve Nope sorry, I don’t have this information available, maybe lovetox does.
  30. SaltyBones kk thx anyway :)
  31. Link Mauve lovetox, btw, when I try to launch the history manager from the appmenu: Traceback (most recent call last): File "", line 91, in <module> common.configpaths.gajimpaths.init(config_path) NameError: name 'config_path' is not defined
  32. Link Mauve Btw the bookmarks window doesn’t close with Escape, it probably should to make the UI more uniform.
  33. Link Mauve Same for the Help > Features window.
  34. Link Mauve Same for the XML console.
  35. lovetox ok thanks i have a list now with all those things to fix :)
  36. lovetox SaltyBones
  37. lovetox this does not have anything to do with a web that needs authentification
  38. SaltyBones well, they usually redirect everything to their website...
  39. lovetox its a bit complicated to explain, but you can fix this if you go to the advanced config editor
  40. lovetox search for connection types
  41. lovetox for every account there should be the allowed connection types
  42. lovetox delete everything except "tls"
  43. SaltyBones ooo
  44. SaltyBones that should totally be the default
  45. lovetox it is
  46. SaltyBones why do I get asked, then? :)
  47. lovetox because it trys to connect with tls, but fails because you have no network connection
  48. lovetox but gajim doesnt know that
  49. lovetox and believes its due to not working tls on the server
  50. lovetox so it trys other allowed connection types
  51. lovetox like ssl, and plain
  52. lovetox and its just luck that it trys the other connection types right when you get network connection again
  53. lovetox plain is also not in the options anymore for a new installation
  54. lovetox but on older ones we dont change the existing config
  55. lovetox tm: about the inactive application menu
  56. lovetox maybe this is intended somehow by your system?
  57. lovetox i wouldnt know how to change that
  58. lovetox we dont set something in the way that has to do with on which display the application is
  59. lovetox do you mean another workspace? or a second display
  60. Link Mauve lovetox, btw what Gajim calls “ssl” has recently been specified as XEP-0368, this option should be removed and “tls + ssl” should be made the only choice possible.
  61. Link Mauve lovetox, changing the existing configuration should be mandatory, since the old default was extremely insecure.
  62. Link Mauve (But removing the option does that already.)
  63. tm lovetox, another workspace; other apps don't have this issue
  64. lovetox Link Mauve im not sure its that easy
  65. lovetox but i look into it
  66. Link Mauve Removing the option will make it that easy.
  67. lovetox no i mean that ssl is pure tls and working out of the box on a tls only port
  68. Link Mauve Yes, that’s what XEP-0368 specifies.
  69. Link Mauve It’s sometimes called “SSL” or “legacy TLS”, but “immediate mode TLS” is more correct.
  70. lovetox yeah but i have to test this
  71. lovetox ssl is not just another mode in gajim
  72. lovetox its uses another lib
  73. lovetox if i set this, i cant connect on any server
  74. lovetox i have to do more testing :)
  75. Link Mauve Wut, why is it implemented that way? :|
  76. Asterix it's not another lib. but it uses another port (5223)
  77. Asterix which is no more opened in any server probably
  78. lovetox but we can specify the port ourself or?
  79. Asterix yes custom_port is used if specified IIRC
  80. tm lovetox, the problem occurs when using a single window for everything - maybe this is somehow related to the fact that actions are window scoped
  81. Link Mauve Asterix, it’s actually used quite a lot on port 443, often multiplexed with HTTPS and SSH in order to circumvent stupid enterprise proxies.
  82. lovetox but that doesnt work Asterix
  83. lovetox if i specify "ssl" as only connectiontype
  84. lovetox and set custom port 443
  85. lovetox and want to connect to my account on "" which definitly supports this on that port i cant connect
  86. Link Mauve lovetox, Asterix, if you want to experiment with that, you can try
  87. lovetox also on port 443?
  88. Link Mauve We set all of the SRV records, and also have XEP-0156 records and HTTP file for the other connexion methods.
  89. Link Mauve lovetox, no, only 5223 for now, 443 is planned.
  90. lovetox how to register
  91. lovetox i cant read anything on
  92. Link Mauve Use XEP-0077.
  93. SaltyBones lovetox, but gajim is giving me a message that the connection is untrusted not that it fails
  94. lovetox it doesnt because its configured to try to reconnect every X minutes
  95. lovetox i dont think it shows that it fails
  96. SaltyBones i ll have to check again
  97. Asterix Link Mauve: cert is expired on 5223
  98. Asterix but it works with ssl type (not tls)
  99. lovetox hm but weird
  100. lovetox if i set ssl for
  101. lovetox the setting is deleted after i connect
  102. Asterix it's not for me
  103. Link Mauve Asterix, I heard about that shortly before FOSDEM, I’ll investigate when I’ll be home tonight.
  104. JKing Link Mauve: Are you the administrator of
  105. Asterix Link Mauve: it expired 3 days ago
  106. Link Mauve JKing, yes, I am.
  107. lovetox yes seems to work asterix
  108. lovetox then i only have to find out why it doest with conversations
  109. Link Mauve Asterix, my letsencrypt script reloads Prosody’s mod_tls, but apparently that’s not enough to also update the immediate-mode TLS certificate, I’ll ask around how I should do that.
  110. lovetox and then it should be relative easy to implement 0368
  111. Link Mauve lovetox, I think Conversations is using 443, not 5223.
  112. Link Mauve lovetox, I think is using 443, not 5223.
  113. lovetox but its not working on 443
  114. Link Mauve lovetox, what is the error?
  115. lovetox maybe it has to do with the DNS resolution
  116. Asterix you have to set custom_host too of course
  117. JKing Link Mauve: Wiki points here, to a database error. :/
  118. Link Mauve JKing, that’s a known issue, for now you can use the listing of domains we host at while other servers maintained by other people aren’t listed yet.
  119. Link Mauve That was the reason for listing other known French-speaking services.
  120. lovetox ha!
  121. lovetox i found out
  122. lovetox we have to point to
  123. lovetox thats nice that this works out of the box, now we just have to resolve _xmpps-client
  124. lovetox and try to connect there
  125. lovetox then 0368 is implemented
  126. JKing Link Mauve: Sorry to spam, then. :)
  127. Link Mauve JKing, spam? Reporting valid issues is not spam. :p
  128. Asterix lovetox: I just got a (gajim:4889): Gtk-WARNING **: A node was inserted with a parent that's not in the tree. This possibly means that a GtkTreeModel inserted a child node before the parent was inserted. ** Gtk:ERROR:/build/gtk+3.0-9JqLNv/gtk+3.0-3.22.5/./gtk/gtkrbtree.c:471:_gtk_rbtree_insert_after: assertion failed: (_gtk_rbtree_is_nil (tree->root)) Aborted
  129. Asterix restarting Gajim instantly and no more crash
  130. lovetox Asterix what i forgot last time
  131. lovetox did you start gajim with only -p switch?
  132. lovetox because that does not separate the cache dir
  133. lovetox you have to use also -s
  134. Asterix no, with no argument and a clean cache.db
  135. lovetox ah k
  136. bot Philipp Hörist pushed 1 commit to branch _refs/heads/master_ of _gajim_ <>: *20c00041* <> Fix typo and remove unused import
  137. activate Hi all, when trying to upload a file using the http upload plugin I receive an error, same as image upload actually. But I am not sure if it's Gajim or my ejabberd server.
  138. lovetox hi, what error
  139. activate Gajim just returns a dialog with Error and ""
  140. lovetox can you open up the xml console
  141. lovetox clear
  142. lovetox then use the httpupload
  143. lovetox copy everything from that point on into pastebin
  144. activate And the last thing I see in the server log is
  145. lovetox and post it here
  146. activate Ok
  147. activate
  148. lovetox hm ok, can you start gajim with
  149. lovetox -l gajim.plugin_system.httpupload=DEBUG
  150. lovetox then upload something and see if we get something useful in the log
  151. activate Ok, I'll be back in a bit then since I am using Gajim atm :P
  152. lovetox you can start
  153. lovetox a second instance
  154. activate Oh ok
  155. lovetox tm: ignoring the plugins, what did you mean with that?
  156. lovetox the plugins menu should work
  157. activate lovetox, it might be me.. but I don't see any difference in the two XML Consoles. Perhaps I did run your command correctly
  158. activate Ow, but I do have output in the console I started it from
  159. lovetox no in console
  160. lovetox in real system console
  161. lovetox the gajim xml console is only for xml stream
  162. activate yes that's what I meant ;)
  163. activate
  164. lovetox yeah what does it say?
  165. activate It should be in that pastebin,
  166. lovetox hm
  167. lovetox from the doc
  168. lovetox httplib.BadStatusLine raised if a server responds with a HTTP status code that we don’t understand
  169. lovetox Based on Python Doc, httplib.BadStatusLine raised if a server responds with a HTTP status code that we don’t understand
  170. lovetox is the muc also slow for you
  171. lovetox i have lag
  172. lovetox what server do you use, and which httpupload module?
  173. activate ejabberd with the builtin mod_http_upload
  174. activate I have both mod_http_upload and http_fileserver running but respectively with "upload" and "files" handlers
  175. activate On https btw
  176. lovetox so can you see in you serverlogs what the response code is your server is sending?
  177. activate 2017-02-06 21:00:49.923 [info] <0.1138.0>@mod_http_upload:create_slot:599 Got HTTP upload slot for (file:
  178. lovetox yeah but thats the mod, not your http server or
  179. lovetox does the error occur before uploading, while, or at the end?
  180. activate At the end, according to Gajim the file is transferred 100%
  181. lovetox yeah, your http server is supposed to send us Http Status Code 200
  182. lovetox but we get none or one that is not a valid status code
  183. lovetox so i think this is a httpserver configuration issuer
  184. activate But the server is the ejabberd module right?
  185. activate When I just go the url's I get responses such as 404 from mod_fileserver and "Not found." from mod_http_upload. Guess I'll go and try to find a place for an ejabberd conference
  186. activate Last I tried does not exist anymore.. and #ejabberd on freenode does not look all to hopeful either.. but I'll keep trying. Thanks anyway lovetox
  187. lovetox one moment
  188. lovetox that are not the correct mucs
  189. lovetox hm
  190. lovetox i dont find it damn
  191. lovetox ah no its true
  192. lovetox thats the correct one
  193. lovetox according to a friend
  194. activate I looked on but could not find it
  195. lovetox you dont need to look
  196. lovetox just click join chatroom
  197. lovetox and supply the url
  198. lovetox the chatroom is there full of people :)
  199. activate Hmz, then I don't know what I did wrong at 1st.. but doing so many things simultaneously.. Thanks again!
  200. lovetox actually just click on my link
  201. activate yeah I did, that worked :)
  202. activate lovetox, I had SSL enabled for mod_http_upload but the put_url still had http://
  203. activate But after changing that to https:// and trying again with the debug from earlier I now get this:
  204. lovetox do you have a self signed certificate?
  205. Link Mauve Err, does it actually try to use an http: URL, instead of telling the user this server is insecure? :x
  206. lovetox what
  207. lovetox it does not tell the user its insecure
  208. lovetox it does tell what is the matter, that it couldnt verify the certificate
  209. Link Mauve lovetox, I mean, if the XMPP server returns a http: PUT or GET URI instead of an https: one, what does Gajim does?
  210. Link Mauve lovetox, I mean, if the XMPP server returns a http: PUT or GET URI instead of an https: one, what does Gajim do?
  211. lovetox upload the file
  212. lovetox you mean we should display a warning
  213. lovetox yeah good point :)
  214. Link Mauve No, it should outright forbid that.
  215. Link Mauve It’s 2017, no one should ever use http: anymore.
  216. lovetox so parse the url if it not starts with https fail?
  217. lovetox is this enough, or i am missing something
  218. Link Mauve Yeah.
  219. Link Mauve Also for your previewer plugin, make sure it does the same.
  220. Holger Being able to use http: can at the very least be useful for testing/tcpdumping.
  221. Link Mauve Well, having a super-hidden option for that obscure usecase might be acceptable, but imo you shouldn’t bloat the UI even more.
  222. Link Mauve Nor should you provide insane privacy defaults like that.
  223. Holger A warning wouldn't bloat the UI.
  224. Link Mauve A warning would be ignored by most end users.
  225. Holger Whatever you decide I think it makes sense to handle it like unencrypted c2s connections.
  226. Link Mauve While they would sigh and say “why do I always have to press this annoying button whenever I send a file”.
  227. Link Mauve Holger, as in not.
  228. Holger I seemed to remember that Gajim currently allows those with a warning. Though maybe not by default. I didn't check, sorry.
  229. activate Sweet, it was just a missing SSL certificate in the .pem file :) Thanks again lovetox!
  230. lovetox =)
  231. activate I don't seem to have a cursor in the text entry field, when I try to go left or right with cursor keys it does not respond. Is that normal behaviour btw?
  232. Holger Link Mauve: > as in not. Are you sure? I see a "Warn before using an insecure connection" knob in the 'Connection' tab of the account settings. Sounds to me like this toggles the warning, not like Gajim forbids unencrypted c2s.
  233. Link Mauve Holger, apparently nobody bothered updating the existing value when changing the extremely insecure default. :/
  234. Link Mauve We discussed that three hours ago.
  235. Holger So Gajim outright forbids unencrypted c2s?
  236. Holger I just don't think that's true.
  237. Link Mauve Try using a blank profile.
  238. Link Mauve I’ll fix the existing configuration not being updated later.
  239. Holger I will trust your words, I'm just not sure what you're saying :-)
  240. Link Mauve Or maybe just remove that option altogether.
  241. Holger I'm pretty sure I used unencrypted c2s maybe a week ago. I can well imagine I pressed some knob for that.
  242. Holger I'd need another client for testing then :-(
  243. lovetox Link Mauve, it just is not a default allowed connection type anymore
  244. lovetox it can be set manually still
  245. Link Mauve Allowing an attacker to trivially strip out starttls to obtain an unencrypted stream is an extremely bad idea.
  246. Holger I did not suggest anything like that.
  247. Link Mauve lovetox, you shouldn’t leave the old defaults for users who never touched it.
  248. lovetox yes i agree
  249. lovetox and we update it on the next version
  250. Link Mauve And imo, you shouldn’t let users do that at all, even when modifying the configuration, despite what Holger does.
  251. Holger I was asking about the current c2s behavior and suggesting to align the HTTP behavior with that.
  252. Link Mauve Holger, yes, current c2s behaviour is now what I am describing by default.
  253. Holger On top of that I would appreciate if non-TLS connections were possible one way or another.
  254. Holger I doubt I'm the only one interested in that.
  255. lovetox Seriously though Link Mauve, if someone goes into the advanced config editor, and places there a undocumented "plain" string under one of the settings, i think we dont have to save him. thats a informed decision
  256. Link Mauve Maybe yeah.
  257. Link Mauve But you should make that option a bit more explicit, something like i_really_want_to_allow_insecure_connexions defaulting to False.
  258. lovetox or dont_set_this_to_true_ever
  259. JKing would feel better about statements like "It’s 2017, no one should ever use http: anymore." if there were more free CAs.
  260. Link Mauve JKing, there is at least one, what is the issue?
  261. Link Mauve Also if Gajim would implement DNSSEC and DANE, it wouldn’t even need to trust any CA.
  262. lovetox Link Mauve could you quick test this
  263. lovetox
  264. Link Mauve (For well-configured servers, and on TLDs that are configured properly.)
  265. JKing Link Mauve: If that one shuts down or is compromised, then you have zero.
  266. Link Mauve JKing, then go implement DANE in all of your software, so you don’t need to depend on a CA anymore.
  267. JKing Link Mauve: You're just proving my point, but never mind. My purpose was not to antagonize.
  268. Link Mauve JKing, but in practice, this one won’t go under.
  269. Link Mauve Too many different entities are funding it for that to happen.
  270. JKing Link Mauve: I tend to agree, but a backup is always a good thing to have; that's all I meant.
  271. Link Mauve JKing, anyone can run the boulder infrastructure, the only issue then is getting another CA to sign your root.
  272. Link Mauve If anything were to happen to Let’s Encrypt, I’m sure someone would do that.
  273. activate Ok, that was unexpected.. sent a picture from Conversations to Gajim, and got a ?FILETRANSFER msg and received a file.
  274. Link Mauve activate, don’t use OTR.
  275. activate Then I chose http image upload to send a small picture but apparently Conversations does not know what to do with that and responded with 3 filetransfers back :P
  276. activate Ah ok
  277. Link Mauve OMEMO is a much better e2ee mechanism.
  278. activate Ah, ok. Will set it to that
  279. Link Mauve Don’t use it if you use any other client than these two or ChatSecure on iOS.
  280. Link Mauve Otherwise you’ll miss messages.
  281. activate Well indeed. Sending message from Conv to Gajim worked ok. Sending one back caused Conv to crash but I sent the stack trace :P
  282. activate Starting it again I do see the picture though so that worked still
  283. activate Thanks for narrowing down the clients as well. Now I can just tell them to all use those when they want to use the server. And perhaps Jitsi if they want to do audio/video.
  284. Link Mauve Gajim also supports audio/video, but only one to one.
  285. activate Well, on my distribution they have no packages for python-farstream or farstream-0.1
  286. activate So I'm kinda SOL