sevvie Rose ๐ŸˆฒSep 6, 2018
@puffinux Hm. Looks fun.

Programs I use with my #linux (#archlinux) machines:

#GNOME3 (display mgr)
#Brave & #FirefoxNightly (browser, image viewer)
#LibreOffice (office)
#Riot (chat)
#nvim (editor)
#terminator (term emulator)
#tmux (term multiplexer)
#mutt (email)
#GIMP (image editor)
Puffinux (@[email protected])

402 Toots, 185 Following, 116 Followers ยท #Solarpunk, technology repairer, free software enthusiast. Maker of robots. Bicycles for transport. #Alternative. ๐Ÿค–๐ŸŒฟ๐ŸŽจ๐Ÿ–ฅ๐Ÿฐ๐ŸŒ…๐ŸŠ๐Ÿšด๐ŸŽฎ๐ŸŽฒ๐Ÿ’ฟ๐Ÿ“š

Show threadTheOuterLinux โœ…Sep 6, 2018

@sevvie @[email protected] GNOME3....?! On an Arch machine?! WHAT MADNESS IS THIS! Have ye no i3 fealty?!

#MXLinux (Linux distro)
#XFCE (desktop environment)
#Palemoon (browser)
#xviewer (image viewer)
#LibreOffice (office)
#irssi or a #tox client (chat)
#nano (because I'm a sane person)
#xfce4-terminal (term emulator)
#tmux (term multiplexer)
#alpine or #Thunderbird (email)
#GIMP, #Krita, #MyPaint, or #GrafX2 for image editing/painting

Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

I think that using Tox is crazier though xD

Show threadTheOuterLinux โœ…Sep 6, 2018
@danyspin97 I don't know. Most too clients support audio, video, text, and file sharing, as well as group messages. It uses a server temporarily to connect people as encrypted peer-to-peer. If you're worried about the IP part, you'd could just use a VPN or Tor. There's no signup either. You have a portable profile that kind of just knows how to talk to the relay servers. There are clients for almost a all systems, including mobile. Free and open source. Sounds good to me.
Show threadDanilo SpinellaSep 6, 2018

@TheOuterLinux

Yea, it did sound good to me too. Then some other users point me out to an issue on tox repository.

They're dumb asses, they don't know a thing about security, yet they don't accept critics and suggestions.

I've never used tox again.

https://github.com/TokTok/c-toxcore/issues/426

Tox Handshake Vulnerable to KCI ยท Issue #426 ยท TokTok/c-toxcore

Hello, I found this source code confusingly written (and downright scary at times) and the specification woefully underspecified and inexplicit, so it's entirely possible my understanding of the ha...

GitHub
Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> they don't know a thing about security, yet they don't accept critics and suggestions.

I'm just reading that issue, and that's not my interpretation. A number of TokTok devs engage with the technical issues raised. A number of the non-devs who chime in are patronizing and dismissive from the start, and most of their comments are along the lines of "you guys are amateurs, you suck, just give up". Despite this, all seem to be doing their best to reply respectfully.

Show threadStrypey
@danyspin97 @TheOuterLinux
As the TokTok devs make it clear, they know there are issues with the #Tox protocol, and have a plan to address them. They clearly state the limits of Tox on their TokTok website, and all the clients have "alpha software" disclaimers. Most of the projects the critics claim they should all work on instead of client/server, not #P2P. Tox, like #Ring or #Ricochet or #Briar, are attempting a totally different thing from #Signal / #Noise.
Sep 20, 2018 at 12:25pmWeb
Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux basically that thread looked to me like a bunch of jacked up crypto jocks bursting into someone else's party, and getting in everyone's face about how "my primitives are bigger than yours". Not a respectful discussion about improving the security of a #P2P chat protocol that exists, for better or for worse, and is not going away.
Show threadDanilo SpinellaSep 20, 2018

@strypey @TheOuterLinux

They have written their protocol, but why?
Is there any particular reason?

Yea, they want to change and improve it but changing the design afterward is not so easy and painless.

Something well designed first and implemented later is often better, a good analogy would be BRTFS VS ZFS.

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> They have written their protocol, but why?

Because at the time there was no protocol for a serverless chat network that provided voice/ video calling. So some people got together to create one, and my impression is the people working on it now are not exactly the same group. If you read that issue carefully, they didn't build completely from scratch ("roll-your-own crypto"). The criticisms are about the way their protocol uses it dependencies

Show threadStrypeySep 20, 2018

@danyspin97 @TheOuterLinux
> changing the design afterward is not so easy and painless

Sometimes true, but the situation is that the devs of a number of #Tox clients, and a few cryptographers, want to create and implement a new protocol, without throwing away the work they've done on their client apps. So they're not stuck with any part of the existing protocol design, as long as they can find consensus on what changes to, so they stay compatible with each other.

Show threadStrypeySep 20, 2018
@danyspin97 @TheOuterLinux in any case, as it stands, Tox is a serverless chat network that works (supposedly, I haven't tested it), and has #FreeCode clients for most platforms. As such, even without any encryption, it's already an improvement on back-doored corporate apps like Skype or FB Messenger, and in some ways better than client/server apps like Signal or Wire (which require us to trust their operators). Secure encryption that passes independent audit would be a bonus.