Gajim - 2024-08-05

Why the width of the chat history area can be longer than the width between its two boundaries since 1.9.0 ? It looks it happens only in Chinese chat environment, buggy, inconvenient.

Mike Yellow: It's due to a workaround for a bug. It is annoying. https://dev.gajim.org/gajim/gajim/-/issues/11854

it happens wherever there is a long word or string such as a long URL

Thank you.

hello everyone, its my first time using xmpp/jabber, and gajim is making it all really easy for me, really enjoying this piece of software :)

I'm happy to hear that misteki :)

thanks, i've already got a couple of friends on here as well, we're trying to move away from discord since, its discord :P

this has served as a really nice replacement so far

misteki: nice. I wish more discord users were willing to move to xmpp.

A gajim user called tyroz told me in a pm that he's trying to send messages here but is not able to. When he tries, he gets an omemo error message "the group should be non-anonymous or member-only". He says there is no option to use omemo in this chat. I can see his typing notifications when he is typing in the gajim chat. He is on gajim 1.7.3, debian bookworm.

> misteki: nice. I wish more discord users were willing to move to xmpp. what's the situation like with voice/video chat on xmpp? ↺

everyone claims it exists but I'm yet to see someone who did it

yeah, i heard about some sort of service that would provide something like that (forgot the name) but other than that it's been hard to find info

so may as well ask you guys

> what's the situation like with voice/video chat on xmpp? It's currently unsupported in gajim. There are two different merge requests for making 1 to 1 voice chat work, but they are incomplete and inactive. It's likely to get done some day but no one can say when. For now, voice chat supposedly works in Dino and Conversations (android). ↺

I believe it's 1 to 1 voice chat only for those

hm i see

> I believe it's 1 to 1 voice chat only for those Dino should support many to many call as well ↺

well we'll see how it goes lol

> Dino should support many to many call as well Oh, nice. I had no idea. Thanks for mentioning it. I really ought to try this stuff out. ↺

> A gajim user called tyroz told me in a pm that he's trying to send messages here but is not able to. When he tries, he gets an omemo error message "the group should be non-anonymous or member-only". He says there is no option to use omemo in this chat. I can see his typing notifications when he is typing in the gajim chat. He is on gajim 1.7.3, debian bookworm. lovetox: I just wanted to make sure you see this in case you have time for it later ↺

Diasable omemo?

Guy, when i try to discover new rooms on my conversations.im account with Gajim, the rooms are all displayed in chinese characters, no english ones. How can i fix it? ✏

from what they said, omemo cannot even be enabled for this chat

Will: how are you discovering rooms?

Will: Interesting. You are right. Every single public server on conversations.im is chinese. That is not the standard or expected way to discover chats. The way you are doing it with service discovery is only searching on your server, conversations.im. To do a global search, either go to the Gajim menu at top, or press the + button >Start Chat > press the globe icon, enter search term and press enter.

If I remember correctly, this channel listing method is truncated, so that's probably why we only see chinese characters. They sort to the top of the list

Ok, thanks, will try

fjklp: yes ejabberd only returns 100 entries, alphabetically sorted and apparently Chinese characters come first.

This question came up before.

The the response from the conversations.im admin was also: don't use that discovery option on our server.

> The the response from the conversations.im admin was also: don't use that discovery option on our server. why? ↺

Because it is not very helpful on a server with thousands of channels

hello, everyone here

Will: Maybe better check out interesting MUCs with the "Global Group Chat Search" (planet symbol upper right corner in the "Start / Join Chat..." dialog? It should have the same information as https://search.jabber.network/ ✏

> Yup https://conference.gajim.org:5281/pastebin/54b91e40-c13b-4455-86ae-0c3291182a11 ↺

As there already been a share here the latest article by Saotok about XMPP+OMEMO ? I'd rather avoid double posting Clarifying my intentions: Not interested in starting a heated debate or attacking anyone. But a constructive discussion interests me a lot if some are available/care to share their view I'm not knowledgeable much about all this, it seems most critics are fair (talking about facts, not the tone of said articles) Although, Soatok does seem to praise Signal without pointing some of its problems like potential compromising of phone number

Sorry for previous post (weirdly "pasted" on my end). Using Monocle and I don't know what I did for that behaviour

The tl;dr of that article is: would be nice if XMPP clients would update to the latest version of the OMEMO specs.

The rest is just opinion without much substance.

I don't think it has been shared here; so for those interested: https://soatok.blog/2024/08/04/against-xmppomemo/

Kris: indeed. 222m5 not worth sharing

I think it was an interesting read.

Good to have someone with crypto experience look at OMEMO and conclude that is is basically good specs with some minor implementation issues.

> The rest is just opinion without much substance. yep but we will pay for it for at least 5 years and we must prepare debunking it on wikis because every new one will bring it up to us now...

Their review of OLM was much worse.

now every newcomer interested in security will run away from XMPP if they don't see a direct counter-argument to this article

People that conclude from that article that xmpp+OMEMO is unsafe are security larpers. No real loss.

i think this is all security theater

It's politics. Anybody using a network spawned by Meta which can not be federated and enables metadata analysis as baseline does not have security as their primary focus.

the article feels more like a critice that many xmpp clients implement various protocol version and he/she does see this as some kind of risk that one of them does maybe something wrong

also the whole critice against conversations codebase sounds like that

of course thats true, if you have 72 people implementing the same crypto protocol your chances are high someone does it wrong in the end

but thats the nature of a decentralized protocol

they mention a practical attack vector on Omemo v0.3 in group chats. But that one is fixed in v0.8, and I don't see that many people using OMEMO in groupchats for other reasons anyways.

hm Kris, i dont read it that way

> Historically, this was exploited in “abuse reporting” scenarios, but as I explained in my Threema disclosures, it can sometimes come up in group messaging scenarios. > But if you’re in a setup where you only have one valid key for a given ciphertext, *that’s not really a problem*.

thats all so vague, something can happen *sometimes* in certain scenarios ..

yeah, nothing to lose sleep over

> Sorry for previous post (weirdly "pasted" on my end). Using Monocle and I don't know what I did for that behaviour It is a loss I feel Not the tech people The challenge I'm worried about with people like this presenting opinion with such authority, is that people very basic or no knowledge of security, people looking for tools to avoid so type of surveillance, coming for non technical background,... Might get wary of XMPP+OMEMO, shutting it down as a solution for organising and being more free from big tech actors This would make the work of convincing people and making them switch to such technologies harder And the article seem to not be careful of this. And the fact that the move to a better XMPP+OMEMO will Côme in conjunction with a wider adoption and people, knowing it's flaws, pushing and hopefully contributing to making it better ↺

they want everyone to move to Signal and are very clear about that.

the advantages of XMPP+OMEMO over signal are in regards to metadata, not e2ee.

people should not fear crypto problems in my opinion, people should fear platforms, as we see in the EU, its easy to just pass a law and then the platform weakens its security or simply cannot operate anymore in the EU

not sure what use signal is for people if they simply are not able to provide any service anymore

every platform service is one vote away from closing down or providing backdoors for agencys

And that's a major issue They gesticulate all along attacking "evangelist of a particular technology" while praising a particular app with seemingly no effort to explain Still think there's good points in there I avoided the talk about the tone, but it seems pretty provocative for no necessary reason

they have a whole series of articles on the topic.

that they don't repeat all that in each article is understandable

Oh yes, absolutely

wurstsalat pushed 1 commits to branch gajim/master feat: Integrate providers.xmpp.net into account creation wizard - https://dev.gajim.org/gajim/gajim/-/commit/479a17c0d6af410cf27b2e7a14d259e0bfde9697

> the advantages of XMPP+OMEMO over signal are in regards to metadata, not e2ee. what, how? ↺

> The tl;dr of that article is: would be nice if XMPP clients would update to the latest version of the OMEMO specs. yes, that's the one real issue that they pointed out ↺

at least from what I understood

the user being able to use OMEMO or not is a good feature

the person who wrote the article clearly just doesn't really like xmpp, and they don't like the user having agency over their own decisions in regards to privacy and security ✏

> of course thats true, if you have 72 people implementing the same crypto protocol your chances are high someone does it wrong in the end Btw why not only one omemo implementation in rust and all other lib relate to that through Wasm ?

> what, how? XMPP allows you much better to control where metadata is accessible and who has access to it. While Signal can claim to have overall less metadata, it's all centralized on US based AWS servers, which is much worse than having small bits and pieces of it scattered over many different servers mostly run by well meaning hobbyists in the EU. ↺

and if you want you can minimize the spread much more, with Signal you can only hope that there isn't some backdoor installed on those centralized servers.

yeah

sealed sender is still not fixed is it

seal sender is a nice idea, but pointless on centralized infra.

wurstsalat pushed 1 commits to branch gajim/master fix: Notifications: Prevent loading of windows_toasts on unsupported Windows versions - https://dev.gajim.org/gajim/gajim/-/commit/bf270763b64c79880e6c170b33643b85f575690e

hi

Ichtyx, you don’t need wasm outside of the browser, you can compile to native code instead.