sevvie Rose ๐Ÿˆฒ
@puffinux Hm. Looks fun.

Programs I use with my #linux (#archlinux) machines:

#GNOME3 (display mgr)
#Brave & #FirefoxNightly (browser, image viewer)
#LibreOffice (office)
#Riot (chat)
#nvim (editor)
#terminator (term emulator)
#tmux (term multiplexer)
#mutt (email)
#GIMP (image editor)
Puffinux (@[email protected])

402 Toots, 185 Following, 116 Followers ยท #Solarpunk, technology repairer, free software enthusiast. Maker of robots. Bicycles for transport. #Alternative. ๐Ÿค–๐ŸŒฟ๐ŸŽจ๐Ÿ–ฅ๐Ÿฐ๐ŸŒ…๐ŸŠ๐Ÿšด๐ŸŽฎ๐ŸŽฒ๐Ÿ’ฟ๐Ÿ“š

Sep 6, 2018 at 1:08amWeb
Show threadTheOuterLinux โœ…Sep 6, 2018

@sevvie @[email protected] GNOME3....?! On an Arch machine?! WHAT MADNESS IS THIS! Have ye no i3 fealty?!

#MXLinux (Linux distro)
#XFCE (desktop environment)
#Palemoon (browser)
#xviewer (image viewer)
#LibreOffice (office)
#irssi or a #tox client (chat)
#nano (because I'm a sane person)
#xfce4-terminal (term emulator)
#tmux (term multiplexer)
#alpine or #Thunderbird (email)
#GIMP, #Krita, #MyPaint, or #GrafX2 for image editing/painting

Show threadsevvie Rose ๐ŸˆฒSep 6, 2018
@TheOuterLinux @puffinux What can I say? I've held love for GNOME for a long time. Though I love xmonad just as much. Admittedly, 75-85% of all I do occurs within a terminal, so I could probably go back to xmonad.
Puffinux (@[email protected])

402 Toots, 185 Following, 116 Followers ยท #Solarpunk, technology repairer, free software enthusiast. Maker of robots. Bicycles for transport. #Alternative. ๐Ÿค–๐ŸŒฟ๐ŸŽจ๐Ÿ–ฅ๐Ÿฐ๐ŸŒ…๐ŸŠ๐Ÿšด๐ŸŽฎ๐ŸŽฒ๐Ÿ’ฟ๐Ÿ“š

Show threadTheOuterLinux โœ…Sep 6, 2018
@sevvie @[email protected] Check this out then: https://gitlab.com/theouterlinux/command-line
TheOuterLinux / Command-Line

Command-line notes on various topics and software

Show threadsevvie Rose ๐ŸˆฒSep 6, 2018
@TheOuterLinux @puffinux I like it. Definitely gonna bookmark it.
Puffinux (@[email protected])

402 Toots, 185 Following, 116 Followers ยท #Solarpunk, technology repairer, free software enthusiast. Maker of robots. Bicycles for transport. #Alternative. ๐Ÿค–๐ŸŒฟ๐ŸŽจ๐Ÿ–ฅ๐Ÿฐ๐ŸŒ…๐ŸŠ๐Ÿšด๐ŸŽฎ๐ŸŽฒ๐Ÿ’ฟ๐Ÿ“š

Show threadA.L. Sep 6, 2018

@TheOuterLinux @sevvie @puffinux @codesections

On #Fedora 28:

#XFCE (desktop environment)
#qutebrowser (web browser)
#Spacemacs (text editor)
#KeepassXC (password manager)
#Whalebird (mastodon)

Show threadcodesectionsSep 6, 2018

@TheOuterLinux @sevvie @puffinux

Just curious, what is the appeal of #nano? I've always thought of it as the simple, lightweight, but low-featured editor for quick edits over #ssh or something, but I've seen a few people on here that use it at a primary editor. I get that #vim/#emacs are acquired tastes, but what makes #nano stand out from more "modern" editors like #sublime or #vscode? Is it just being on the command line? (Which, don't get me wrong, I value too!)

Show threadDanilo SpinellaSep 6, 2018

@codesections @TheOuterLinux @sevvie @puffinux

Note also that lot of people use #vim for quick edits over #ssh, because ever systems have vi/vim installed. The same people then use a more complex system to develop on, or #emacs too.

Show threadcodesectionsSep 6, 2018

@danyspin97 @TheOuterLinux @sevvie @puffinux

Yeah, I'm in that camp myself, actually. I just meant that I'd thought of nano as filling that role for people who didn't like vim keybindings (it's the $EDITOR on a number of distros these days). But clearly there's more to it than that.

Show threadDanilo SpinellaSep 6, 2018

@codesections @TheOuterLinux @sevvie @puffinux

It's because nano is the simplest terminal editor(considering the learning curve), and it usually comes preinstalled with the system. So if you don't want to learn vim, and have only #ssh access, then nano is your editor of choice.

The same if you want a mininal terminal editor.

There is also a modern replacement, called micro.

https://micro-editor.github.io/

Micro - Home

Show threadcodesectionsSep 6, 2018

@danyspin97 @TheOuterLinux @sevvie @puffinux

Yeah, I get all that. That's exactly what I thought nano was for/how I've seen it used.

But @TheOuterLinux said they use it as their primary editor, and I've seen a couple other people say the same thing. (Or maybe I've seen @TheOuterLinux say the same thing a couple times beforeโ€ฆ). So I'm curious why they use it even when *not* constrained by SSH or anything elseโ€”there must be some feature set I'm missing.

Show threadTheOuterLinux โœ…Sep 6, 2018
@codesections @sevvie @[email protected] Nano supports syntax highlighting, but make sure to include !#/bin/bash kind of thing at the top and save with the proper file extension. It is much easier to use than vim/emacs and why install a plugin when you can use an actually program to do it? If the editor itself breaks after an update, then what? Also, for GUI, I recommend good ol' Geany. And, it's not always about programming. People like to write with it too.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

I think that using Tox is crazier though xD

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 I don't know. Most too clients support audio, video, text, and file sharing, as well as group messages. It uses a server temporarily to connect people as encrypted peer-to-peer. If you're worried about the IP part, you'd could just use a VPN or Tor. There's no signup either. You have a portable profile that kind of just knows how to talk to the relay servers. There are clients for almost a all systems, including mobile. Free and open source. Sounds good to me.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

Yea, it did sound good to me too. Then some other users point me out to an issue on tox repository.

They're dumb asses, they don't know a thing about security, yet they don't accept critics and suggestions.

I've never used tox again.

https://github.com/TokTok/c-toxcore/issues/426

Tox Handshake Vulnerable to KCI ยท Issue #426 ยท TokTok/c-toxcore

Hello, I found this source code confusingly written (and downright scary at times) and the specification woefully underspecified and inexplicit, so it's entirely possible my understanding of the ha...

GitHub
Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 Well, I like it and definitely trust it more than Skype or even Signal. Microsoft decides to talk to Whisper/Signal people about using their software in Skype and then shortly afterwards, Signal gets a $50M donation from Facebook. They're all compromised to some degree. They're all a mess, be it security or legal stuff, but at least Tox is a fairly unknown one.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

if they are dumb asses, they would fuck up in many ways. Not today, not tomorrow, but someday.

I agree about Skype and whatever. But I can't move my friends to new messanger too much, because they would just stay on whatsapp.

I think the best choice is picking the one that has the most potential, that has the most funds and the the better developer. By better developers, I means that ones that best accept critics and try to improve their software.

Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

Tox developers don't want to improve it, and to me it means that it is a dead project.

Sadly, the only one left is Matrix, which seems anyway a saner system than tox. They have specifications, you can host whatever server that follow those specifications.

I'd like to have more more competition, but there is none, so I'd rather help Matrix then help dumb asses.

This is just my opinion. As always, anyone is free to use what he prefers ^^

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 Well, I've helped out just a tiny bit with the MacOS version of qTox. There was an ffmpeg location issue and it got fixed really quick. I've never had an issue talking with them. But if you're referring to the core components like toxcore, then I have no idea. It all just works for me and I like being able to easily make phone calls from the command-line with toxic. I hate signing up for things knowing that it's "free" because they're tracking everything.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

Yea it sucks. That's why I've just setup a Matrix homeserver, so I know where my data is.

Since you're a Tox user, I'd like to have your opinion on Matrix. Just hit me up if you ever want to try it out; you can register on mine.

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 I probably should look more into Matrix since I plan on getting a Librem 5. However, and please don't take an offense to this, but I don't really know you well enough to trust my communications on a self-hosted server. Also, self-hosting isn't right for me at all. Creeps me out. I lockdown my systems to were I can't even ssh anymore. https://gitlab.com/TheOuterLinux/Command-Line/raw/master/System/Security/Harden%20System.txt
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

There is no problem :) As you said, you should trust the server, as always, and after all I am just a stranger.

Btw did you already pre-order the librem 5? I want to buy it but I'm not sure if I should wait for the release or just preorder it already.

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 Nah, I'm waiting on an actual physical, working product to come out first. $500 or whatever it was is too rich for my blood for something that could fail. I'm worried that Google and Apple are going to wait until the last minute to pull out a patent troll and shut them down. Think of how discouraging that would be to anyone else. No one would dare try again for probably another 5-10 years.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

That's true, I am in the same position as you.

We can only wait and hope for the best.

Show threadStrypeySep 20, 2018
@TheOuterLinux @danyspin97 I haven't tried #Tox, mainly due to a lack of someone to test with. What's your ID on there? I will install it and see if I can connect with you there.
Show threadStrypeySep 20, 2018
@TheOuterLinux @danyspin97 have you tried #Wire and #Ring? Wire relies on a centralized server, but Ring is #P2P (like #Tox). They're both #FreeCode and both work pretty well for text chat, one-to-one voice calls (although I had persistent echo on Ring the one time I've tesed it so far). I've also tested file-transfer and image sharing on Wire, which work fine. Haven't test conference calling or video chat on either yet.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

Wire is centralized and is really similar to Telegram in design (correct me if I'm wrong, I haven't used it).

#Ring is really interesting, I've downloaded it but I've never tried it.

In the end #Matrix still seems the most promising one to me, due to the presence of both a public community and a IM.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> Wire is centralized and is really similar to Telegram in design

Yes, in that both are server/client and not federated. The difference is that #Telegram server source code is non-free. #Wire has released all their source code under copyleft licenses (GPL/AGPL). So, I could run my own Wire server instead of using theirs, but users would probably have to download a modified client to use my server, and they wouldn't be able to chat to users on Wire's server with it.

Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

Yea, I'm aware of this. I'm currently using Telegram but I'm not tempted to switch to Wire. If I'm gonna use something that is centralized, I prefer Telegram that has a lot of features and Pavel Durov has proved to stand for privacy many times.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux that would be an argument for using a #P2P solution like Ring or Tox though, since there's no servers, and thus no network operator whose respect for privacy you need to trust. But they're both young technologies, and will need a lot more dev and security audits before their protocols and client apps can be trusted.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

I would instead go for #Matrix anyway or some chat app that runs on the new distributed protocols.

In the end a Matrix server is like a Mastodon server: you use it for communication and if you don't trust it, you just selfhost it. #P2P while being secure might be or might not be the solution to secure private messaging.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux but what about the people you are talking to? Unless they are all geeks confident with sysadmin practices, they have to trust a host. With a #P2P app, all they have to do is install it.
Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux There's also the question of #UX. When I used Matrix the UI was based around group chat, not the contact list UI people are familiar with from apps like Skype. I just got my family to install Wire apps, no hand-holding required. I wouldn't even try to get them to use Matrix, for the same reason I wouldn't try to get them to use Mumble. wire has client apps for all major platforms. Does Matrix have native clients?
Show threadDanilo SpinellaSep 20, 2018

@strypey

The best client atm is the electron one, Riot web. Many other (native and cross platform) clients are being developed.

I am not getting my friends on it, for the same reasons I am not getting them to use Tox. But I'm hoping that slowly the tech based communities will start using Matrix, while it gets better UI/UX for all the non tech people.

https://matrix.org/docs/projects/clients-matrix

Clients Matrix | Matrix.org

Show threadDanilo SpinellaSep 20, 2018

@strypey

Afaik, with E2E encryption you don't need to trust the host.

Show threadStrypeySep 20, 2018
@danyspin97 if you haven't compiled the apps from source yourself, you have to trust that the host who provided them used the same code that's on their repo. Also, even if they did (and the code is good) and the contents are unreadable by the host, what about metadata? Who you talked to can be just an sensitive as what you said to each other. With P2P apps, as long as the E2E security is sound, no third party has access to either your content *or* your metadata.
Show threadStrypeySep 20, 2018
@danyspin97 this is why I don't trust Signal. Why is Moxie so opposed to F-Droid (or even Debian) compiling #Signal clients from source rather than using his binaries? If he does all the compiling, it doesn't matter that both the client and server source code are on public repos, because we only have his word for it that this is the code he's actually compiling from. Every claimed virtue of Signal, including passing an audit, depends on us trusting that he is compiling from the audited code.
Show threadStrypeySep 20, 2018
@danyspin97 that's a lot of trust to put in one person, who seems to have a very prickly and dismissive attitude towards issues of user trust and software freedom, and a lot of praise for Apple (especially iOS) and goOgle non-free libraries and Play store. This is one reason I've never used #Signal, even once he liberated all the code for both client and server. Another is that I can't use it without a mobile device, like WeChat, which I also find suspicious.
Show threadDanilo SpinellaSep 20, 2018

@strypey

There is one problem about P2P, how can the message delivers when devices are offline?

Show threadStrypeySep 20, 2018
@danyspin97 yeah, this is a tricky problem. AFAIK Ring just doesn't support asynchronous messaging, which I agree is not ideal #UX. This is why I posted earlier about the idea of XMPP clients implementing the Ring protocols for voice/ video calls. By the same token, Ring could implement XMPP (or even email protocols) for delayed delivery of text messages. But they could also experiment with a P2P text protocols like whatever #BitMessage uses?
Show threadDanilo SpinellaSep 20, 2018

@strypey

How does Tox support it?

Show threadStrypeySep 20, 2018
@danyspin97 don't know if Tox supports asynchronous messages or not. As I said earlier, I haven't actually tried it yet, due to a lack of people to try it with. If they do, maybe with some kind of relay system? Having a few other peers store them until they're retrieved (maybe with a time limit) would use essentially the same delivery channel as immediate delivery, so as long as the messages are #E2E encrypted (and the code is good), I don't see how message privacy would be compromised by that.
Show threadDanilo SpinellaSep 20, 2018

@strypey

The key exchange can be done in #P2P too, also in other protocols. The actual IM doesn't need to be P2P, the key exchange does it.

Or at least this is what I think, I am not really into security so I don't really know.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> #Ring is really interesting, I've downloaded it but I've never tried it.

I've only used it once. The distro I have been using up until recently was too old to support it. Ring did a reasonable job of a one-to-one voice call (bit of echo at my end that I could work out how to fix), but it doesn't seem to support delivery of messages if the receiver was offline when it was sent. If you're keen to test, my Ring ID is 'strypey'

Show threadHugo Lefeuvre ไบŽๆท‰Sep 23, 2018
@strypey @danyspin97 @TheOuterLinux Right, Ring does not support offline messaging at the moment. This is one of the next "big features" we're planning to work on, though
Show threadStrypeySep 23, 2018
@hle @danyspin97 @TheOuterLinux cool! Are you intending to re-use any existing #P2P messaging protocols (eg #BitMessage or #SSB), or develop something from first principles?
Show threadHugo Lefeuvre ไบŽๆท‰Sep 29, 2018
@strypey @danyspin97 @TheOuterLinux woops, missed your toot. Well, there are many ways to implement it, but #ipfs might be a good candidate. We have a design draft on the wiki in case you are interested ! https://git.ring.cx/savoirfairelinux/ring-project/wikis/Group-chat-feature-(design-draft)
Group chat feature (design draft) ยท Wiki ยท savoirfairelinux / ring-project

This repo groups all parts of GNU Ring.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> In the end #Matrix still seems the most promising one to me, due to the presence of both a public community and a IM.

#Matrix is client/server, so quite a different beast from #Tox / #Ring, which are serverless. Matrix seems like a good candidate for replacing both #IRC and #Slack, given that it's federated by default (unlike IRC which needs a bunch of extra stuff to support federation), and it's an open protocol (unlike Slack which is a #DataFarm).

Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

It could replace both #IRC and #XMPP. And it's only a single application. That's a blowing thing for me. Have you read "Banquets and Barbecues" on GNOME blog about Matrix client?

https://blogs.gnome.org/tbernard/2018/05/16/banquets-and-barbecues/

Banquets and Barbecues

tl;dr: We're splitting up Fractal into two separate apps: One to replace IRC, the other to replace Telegram. This is an in-depth post on the thinking behind the split of the Fractal app, which was decided at the hackfest in Strasbourg last week. For more information about the hackfest, have a look at my other...

Space and Meaning
Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux just reading it now.
> tl;dr: Weโ€™re splitting up Fractal into two separate apps: One to replace IRC, the other to replace Telegram.

OK, now you've got my attention ...

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> they don't know a thing about security, yet they don't accept critics and suggestions.

I'm just reading that issue, and that's not my interpretation. A number of TokTok devs engage with the technical issues raised. A number of the non-devs who chime in are patronizing and dismissive from the start, and most of their comments are along the lines of "you guys are amateurs, you suck, just give up". Despite this, all seem to be doing their best to reply respectfully.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux
As the TokTok devs make it clear, they know there are issues with the #Tox protocol, and have a plan to address them. They clearly state the limits of Tox on their TokTok website, and all the clients have "alpha software" disclaimers. Most of the projects the critics claim they should all work on instead of client/server, not #P2P. Tox, like #Ring or #Ricochet or #Briar, are attempting a totally different thing from #Signal / #Noise.
Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux basically that thread looked to me like a bunch of jacked up crypto jocks bursting into someone else's party, and getting in everyone's face about how "my primitives are bigger than yours". Not a respectful discussion about improving the security of a #P2P chat protocol that exists, for better or for worse, and is not going away.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

They have written their protocol, but why?
Is there any particular reason?

Yea, they want to change and improve it but changing the design afterward is not so easy and painless.

Something well designed first and implemented later is often better, a good analogy would be BRTFS VS ZFS.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> They have written their protocol, but why?

Because at the time there was no protocol for a serverless chat network that provided voice/ video calling. So some people got together to create one, and my impression is the people working on it now are not exactly the same group. If you read that issue carefully, they didn't build completely from scratch ("roll-your-own crypto"). The criticisms are about the way their protocol uses it dependencies

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> changing the design afterward is not so easy and painless

Sometimes true, but the situation is that the devs of a number of #Tox clients, and a few cryptographers, want to create and implement a new protocol, without throwing away the work they've done on their client apps. So they're not stuck with any part of the existing protocol design, as long as they can find consensus on what changes to, so they stay compatible with each other.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux in any case, as it stands, Tox is a serverless chat network that works (supposedly, I haven't tested it), and has #FreeCode clients for most platforms. As such, even without any encryption, it's already an improvement on back-doored corporate apps like Skype or FB Messenger, and in some ways better than client/server apps like Signal or Wire (which require us to trust their operators). Secure encryption that passes independent audit would be a bonus.