Gajim - 2018-06-22


  1. lovetox reyhan, the file is on our server and you download it using https
  2. lovetox the only thing that we could additionally do is gpg sign the file
  3. lovetox but then you would have to get our key from somewhere, again a source that you would have to trust
  4. lovetox like our webpage
  5. lovetox so this goes in circles
  6. bot Philipp Hörist updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/273 >: Fix usage of loop variable in socks5.py
  7. bot Yann Leboulanger pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *d871dcdc* < https://dev.gajim.org/gajim/gajim/commit/d871dcdcb133ec397a15b88a71a37a995316281c > More spelling fixes
  8. bot Yann Leboulanger merged a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/276 >: More spelling fixes
  9. bot Philipp Hörist updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/273 >: Fix usage of loop variable in socks5.py
  10. bot Philipp Hörist pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *672f02b3* < https://dev.gajim.org/gajim/gajim/commit/672f02b3b0abf1e8851452a632a6d2b50ace0548 > Fix usage of loop variable in socks5.py Loop seems to be checking whether on_success callback is already called, but due to wrong variable used it did nothing.
  11. bot Philipp Hörist merged a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/273 >: Fix usage of loop variable in socks5.py
  12. asterix Sorry lovetox, I merge the spell chechink MR at the wrong moment 😁
  13. lovetox ^^ yeah 😃
  14. reyhan lovetox i'm familiar about this problem, but would assume that someone who takes this serious should and would check the pgp fingerprint against at least one more source, like you git. however i can understand that this isn't considered a common case and thanks for the answer anyway
  15. mrDoctorWho guuuuuys, Ctrl+N doesn't work anymore!
  16. mrDoctorWho Traceback (most recent call last): https://conference.gajim.org:5281/pastebin/53bba097-dc83-4ab4-90e1-ebb27c11907f
  17. asterix TB is not complete, but it should be: in ('away',):
  18. asterix Comma is missing
  19. mrDoctorWho oops sorry
  20. mrDoctorWho css_class = helpers.get_css_show_color(status) File "/home/mrdoctorwho/gajim/gajim/common/helpers.py", line 423, in get_css_show_color elif show in ('away'): TypeError: 'in <string>' requires string as left operand, not int
  21. mrDoctorWho asterix,
  22. opal i still dont see a comma there
  23. opal mrDoctorWho, ('away') there without a comma is a string. you probably want ('away',) which is a tuple
  24. mrDoctorWho It would have mattered if I changed the code
  25. mrDoctorWho I just pulled it from the git
  26. bluemoon anyone know the command or how to tell which permissions a flatpak app uses?
  27. bluemoon and lovtox did you get a chance to look at the code concerning global proxies and how they work?
  28. opal ctrl-n starts new conversation, right
  29. opal and are you using HEAD?
  30. opal might want to check out a stable tag and see if that fixes it
  31. mrDoctorWho yes, head in master
  32. lovetox the code seems indeed wrong
  33. lovetox but i wonder why this was not reported before
  34. lovetox i have many contacts that are away and it works fine to display the color
  35. lovetox hm no this is correct
  36. lovetox it seems show is a INT
  37. lovetox and a restart of Gajim does not fix that mrDoctorWho ?
  38. Link Mauve I don’t see how this code could work.
  39. Link Mauve Even if this is an int, it makes no sense to check if it is present in a string.
  40. lovetox hm?
  41. lovetox its the problem that it is an int
  42. lovetox because you cant do "int in string"
  43. Link Mauve Yes, but if it was a string it wouldn’t make sense either.
  44. lovetox it would not make sense, but it would work
  45. Link Mauve It would look for a substring.
  46. lovetox string in ('string')
  47. lovetox works
  48. Link Mauve For very few definitions of “work”. :x
  49. lovetox it does exactly what we need
  50. lovetox 'away' in ('away') is equal to 'away' == 'away'
  51. lovetox but of course its obvious that once this was a tuple, and we removed one value
  52. lovetox see thats a reason for setters and getters
  53. lovetox i could enforce show to be a string, now there are probably 100 points in code where we do contact.show = x
  54. lovetox more for setters, less for getters
  55. lovetox ^^
  56. Link Mauve You can do that without changing the code anywhere, with @property and @show.setter.
  57. lovetox yes
  58. lovetox which is a fancy way of having a setter :)
  59. Link Mauve Not a fancy way, the way.
  60. lovetox i think i will do this, because otherwise there is almost no hope we find out why at somepoint this is an int
  61. Link Mauve It avoids cluttering the code with ugly get_* and set_* and del_* functions.
  62. Link Mauve +1, better input validation is great!
  63. Link Mauve Is there any reason to use a string here rather than an enum, btw?
  64. lovetox yes i agree, i should do this more often
  65. Link Mauve Other than legacy.
  66. lovetox no, but show is used in ALOT of points
  67. lovetox if you change this just for fun, you introduce more bugs than you solve
  68. Link Mauve So legacy.
  69. Link Mauve Prosody recently made their XML node object more opaque, and imposed validation on input, it helped caught a bunch of bugs very nicely.
  70. Link Mauve Prosody recently made their XML node object more opaque, and imposed validation on input, it helped catch a bunch of bugs very nicely.
  71. lovetox yeah it would be nice to validate xml with some schemes that validate against the xeps
  72. Link Mauve Ah, I have a project for that.
  73. Link Mauve https://hg.linkmauve.fr/xmpp-parsers
  74. Link Mauve It does a lot more than following the schemas available in the XEPs.
  75. Link Mauve I’m planning to use it to validate the XEPs examples themselves.
  76. Link Mauve As part of the CI of xmpp.org.
  77. lovetox nice
  78. Link Mauve And also in some client (probably poezio), but this requires many changes.
  79. lovetox because right now i have lots of validating code for many different xeps
  80. Link Mauve It takes XML objects, and gives back a struct with the fields filled and in the correct type.
  81. Link Mauve And back.
  82. Link Mauve I’m still not very happy with the error case, but I’m improving that.
  83. Link Mauve The back part can’t fail, since the internal representation is correct.
  84. Link Mauve The serialisation back to XML objects part can’t fail, since the internal representation is correct.
  85. Link Mauve The serialisation back to XML objects part can’t fail, since the internal representation is correct at any point.
  86. lovetox hm yes sounds good i wonder why we dont do that
  87. lovetox i have the node obj, then i do getTag() often or getAttr()
  88. Link Mauve Yes, that’s explicitly what I want to avoid. ^^
  89. lovetox instead i could have one method that validates the whole thing, and puts all interesting elements into a dict
  90. lovetox or something like that
  91. Link Mauve I’d be glad to help you integrate it into Gajim, if you want to.
  92. Link Mauve My validation is probably too strong for what you want, I e.g. reject unknown attributes and tags, but these two are now very easy to disable.
  93. lovetox hm i think it would be enough for start if you could do a minimal example validating a stanza that is a nbxmpp node obj, in python
  94. Link Mauve Heh, I already started with a cElementTree instead. ^^
  95. lovetox or that
  96. lovetox this is the xml lib shipped with python or?
  97. Link Mauve Yes.
  98. Link Mauve xml.etree.cElementTree
  99. lovetox yeah if you have some minimal example with that, i would be interested to see it
  100. Link Mauve Started, I haven’t finished yet. :-°
  101. Link Mauve This was a few weeks ago, when pep. came to Paris.
  102. lovetox it feels wrong to test the type with a setter
  103. lovetox it somehow feels like its against spirit of python
  104. lovetox it somehow feels like its against the spirit of python
  105. Link Mauve Hmm, not really, validating your input can never go against a spirit.
  106. lovetox but its not validating the input
  107. lovetox validating the input would be if i do this when i get my xml
  108. Link Mauve No I mean, the input of your contact API.
  109. lovetox this is some object in the core of gajim, and i have to do this now because otherwise finding the bug is 1% chance or very much time needed
  110. lovetox type hints do not work for that problem i think
  111. lovetox because they are not evaluated at runtime
  112. Link Mauve Correct.
  113. Link Mauve You don’t have any other choice AFAIK.
  114. Link Mauve Type hints would help, if you would add them absolutely everywhere in your code, but that’ll take a huge lot of time.
  115. lovetox im sure this is some weird edge case
  116. lovetox never had the problem that show is not a string
  117. bot Philipp Hörist pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *af11aa98* < https://dev.gajim.org/gajim/gajim/commit/af11aa985b07d67953fd0a7039663960cb84662a > Make sure show is always a string This is so we hopefully can find some bugs
  118. lovetox mrDoctorWho, please pull HEAD again and tell me if Gajim throws some exceptions
  119. Link Mauve lovetox, you could also throw when the show isn’t one of the five defined shows.
  120. lovetox we validate this when we receive the xml
  121. lovetox but yes
  122. lovetox somewhere inbetween it gets fucked up
  123. lovetox :)
  124. lovetox lets see if mrDoctorWho finds it
  125. Daniel Link Mauve, lovetox, I really like where this is going. Validating the XEPs is an interesting starting point. But I see it needs a lot of effort to implement this into clients. In the long run it's probably worth it.
  126. bluemoon lovetox according to the permissions in flatpak you gave access to home?
  127. bluemoon or am i misreading that
  128. andrey.g If validation would be implemented using GObject, then it could be thanks to gobject-introspection efficiently used not only by Gajim but also many other jabber clients.
  129. Link Mauve andrey.g, that’s exactly what I was reading about. :)
  130. Link Mauve https://gitlab.gnome.org/federico/gnome-class/ looks nice for that, even though not complete yet.
  131. andrey.g Link Mauve, nice, that there is an effort to make a bridge between rust and well established GObject. For now I see in readme only missing features but no list with things which are already usable.
  132. Link Mauve Everything else, I assume.
  133. andrey.g A bit strange, why "gnome-class".
  134. Link Mauve (Yes, I am optimistic. :D)
  135. Link Mauve The original name was gnome_gen!(), now this has been renamed gobject_gen!().
  136. Link Mauve And the goal is to merge it into the glib crate once it’s finished enough.
  137. andrey.g Then good :)
  138. lovetox bluemoon, tell me where you readying that
  139. bluemoon lovetox flatpak info --show-permissions org.gajim.Gajim
  140. bluemoon it says home in filesystems
  141. bluemoon but i could be misreading it.
  142. lovetox that is the buildfile
  143. lovetox https://dev.gajim.org/gajim/gajim/blob/master/org.gajim.Gajim.json
  144. lovetox there is nowhere "home" in it
  145. lovetox but it could be accessable by default maybe, im not a flatpak expert
  146. bluemoon what does filesystem= home list there
  147. bluemoon filesystems=xdg-run/dconf;home;~/.config/dconf:ro;
  148. lovetox oh i see we removed it recently
  149. lovetox https://dev.gajim.org/gajim/gajim/commit/13e838b4c9c17331ac10811bea5e802c63935559
  150. lovetox so its not yet on flatpak
  151. bot Philipp Hörist updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/275 >: Flatpak: update dependencies
  152. bluemoon you mean restricting access to home? was recently added?
  153. lovetox yes
  154. bluemoon nice thats cool was wanting to know
  155. lovetox you can always build the flatpak from git
  156. bluemoon I like the restrict as much as you can while still allowing the program to run approach :)
  157. lovetox https://dev.gajim.org/gajim/gajim/tree/master/flatpak
  158. lovetox there is a manual for that
  159. bluemoon you mean to do it manually?
  160. bluemoon yes i heard about that i have not messed with hit yet.
  161. lovetox you can build the flatpak yourself
  162. lovetox flathub does this for you
  163. bluemoon yes i know
  164. lovetox you just download it
  165. bluemoon so you run the command man flatpak-override
  166. bluemoon or is there another way?
  167. lovetox its probably better you dont build this if you already use the version on flathub
  168. lovetox probably will fuck something up
  169. lovetox and im not the flatpak expert
  170. bluemoon im new to flatpak as well but if they recently made it more restrictive I may not mess with it
  171. bluemoon some it will probably come out on the next upgrade?
  172. lovetox not they made it more restrictive, we removed the permission from the gajim build
  173. lovetox and yes this will be in the next gajim version that will be on flathub
  174. bluemoon I like having my communications programs where it is hard for someone go around digging through my files /etc :)
  175. bluemoon home is a little broad to allow so i am glad they are fixing it
  176. lovetox it seems you misunderstand this
  177. lovetox not flatpak decides on the permission
  178. lovetox the application itself decides
  179. lovetox we removed the permission from the gajim build
  180. bluemoon yes i knew that why i think I was asking here :)
  181. bluemoon what you mean not more restrictive just removed the permission whats the difference?
  182. lovetox there is no difference, but you multiple times now said "they"
  183. lovetox which makes me think you think people on flathub or flatpak devs changed something
  184. bluemoon i probably said they because I was not sure based on some things you said whether or not you are the one doing the developing
  185. lovetox but its US the gajim project that changed something
  186. bluemoon they being Gajim with their flatpak build
  187. lovetox ah k
  188. lovetox ok that clears that up
  189. bluemoon :)
  190. lovetox yes im a developer for Gajim
  191. bluemoon oh okay
  192. bluemoon well i was confused because sometimes you say you need to look things up :P
  193. lovetox Gajim is a 15 year old project
  194. bluemoon not saying you need to retain everything
  195. lovetox i develop it for a year
  196. bluemoon but that was why i was a little confused
  197. Daniel Ha, did you see how many lines of code there are in Gajims sources? :D
  198. lovetox i dont know the whole codebase
  199. bluemoon i understand
  200. bluemoon well that clears that up then :)
  201. bluemoon you probably could easily sandbox Gagim to only access areas it really needs and that maybe what you have did on that new update.
  202. lovetox yes it looks now like this
  203. lovetox filesystems=xdg-run/dconf;~/.config/dconf:ro;
  204. lovetox "ro" means read only
  205. bluemoon nice
  206. lovetox so basically nothing
  207. bluemoon things like hexchat are more complicated to sandbox because it allows for scripting which could potentially need access to almost everything.
  208. lovetox hexchat is also on flathub i think
  209. bluemoon but I like firejail for hexchat and similiar its easier to change permissions around
  210. bluemoon yes it is
  211. bluemoon but tingping said there is not much restrictions because of the scripting aspects
  212. lovetox ah k
  213. bluemoon which makes sense
  214. lovetox yeah flatpak does not strictly try to be a security only thing
  215. lovetox it just trys to make permissions transparent
  216. lovetox and then you can decide or even limit it yourself
  217. lovetox but i think the "limit it yourself" aspect is not as userfriendly now, then firejail
  218. lovetox and probably not as good
  219. bluemoon i understand but like Gajim its easier to basically restrict to only what it needs because it probably does not have much user scripting.
  220. bluemoon firejail is really user friendly
  221. bluemoon i looked briefly at how to modify flatpak
  222. bluemoon with the sandboxing and depencies issue i think flatpak is going to do well.
  223. bot Philipp Hörist pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *7e1afd69* < https://dev.gajim.org/gajim/gajim/commit/7e1afd69df7ea281809470d3eda0cdc09789cb75 > Flatpak: update dependencies
  224. bot Philipp Hörist merged a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/275 >: Flatpak: update dependencies
  225. bot Andrey Gursky created an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9209 >: #9209: < Message can be sent during reconnection >
  226. bot Daniel modified an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9209 >: #9209: < Message can be sent during reconnection >
  227. bot André updated a merge request for _gajim-plugins/master_ < https://dev.gajim.org/gajim/gajim-plugins/merge_requests/83 >: [preview] Add flatpak manifest and metainfo
  228. bluemoon i think i fixed it on mine
  229. bluemoon permissions now say filesystems=xdg-run/dconf;!home;~/.config/dconf:ro;
  230. bluemoon actually pretty easy to change around
  231. lovetox but this permission was not put there by accident
  232. lovetox it will lead to problems if you open save/open file dialogs
  233. lovetox we had to switch the dialogs to another api, after that we removed the permission
  234. lovetox but this will only be in the next version of gajim
  235. rincewind Holger: Using mod_push with the paremeters you mentionend works pretty good so far, but my test contact gets too many notifications. The are notifications for the messages she sends me, which makes no sense. Would you have any hints?
  236. bluemoon I dont have any conversations logged
  237. rincewind bluemoon: deactivated logging?
  238. bluemoon yes
  239. bot Alexander Krotov proposed a new merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/278 >: Replace ad-hoc command radio buttons with a list