@dcc@sampo "Message read" only means it was visible on their screen, not that they actually digested it. And does your XMPP chat show you read counters for each message? How can you see which user read it at which timestamp?
Take your proselytizing elsewhere. Also, touch some grass and get some real friends
E.g., for work things it's important to do something like have every team member react with 👀 when they see your message about an important issue going on right now instead of spamming the chat with text
For personal: limits the chat from being spammed with LOL and other things
@dcc@sampo Monal: lots of terrible UI bugs causing the chat thread to jump around and keyboard to pop up when it shouldn't. This is known in their GitHub bug tracker. Go look up the issue for supporting "emoji reacts" where they admit it's impossible to do without rewriting the whole app in a new UI framework, so it's probably not gonna happen
Siskin: no updates for a year which means it's basically dead IMO, but has a better UX aesthetic. I had issues getting it to connect successfully to an XMPP server (can't remember if it was Mongoose or Prosody at the moment)
@sampo I'm really starting to think that Delta Chat has a chance to win because it ticks all the boxes with the smallest footprint, has working push notifications, and the cross-platform client is 90% there
XMPP on iOS is a trash fire and the servers are just too complicated. The XEPs are both the best and worst parts of the protocol. It's really sad
@kravietz Telegram provides reproducible build instructions for both iOS and Android
Signal refuses to provide reproducible build instructions for iOS
Why?
Yes, there are technical hurdles to do reproducible builds on iOS: you need a jailbroken device or one of the unlocked phones from the security research program. But it's possible to do.
@kravietz you should pay more attention to Yasha Levine who has done extensive research on the US Govt's role in subverting internet security back to the origins of it in Vietnam. Go pick up a copy of Surveillance Valley, plenty to learn in there.
@sun@mint there isn't one, it's just weird paranoia. You can't execute Elixir code by parsing <meta> tags; the content cannot inject JavaScript either as we don't permit inline in our CSP
@coin it has its own share of problems though. If it doesn't break their neck, they writhe and choke. If they're obese it can rip their heads off. Not good.
Uhhh I don't know if you know this, but it's 100% normal and more humane to shoot the dog than to take it to a vet to have them put down. This is how almost everyone who doesn't live in a city handles these situations. My own childhood dog was old and sick -- dad took him to the woods, tied to a tree, shot him, and buried him.
People have this fantasy that pumping harmful chemicals into animals is more humane because they don't like gore. But it's not more humane. It causes fear and stress and pain. It's well known that a firing squad is the most instant and reliable execution method but Americans for some unknown reason think it's too barbaric, but watching someone scream and writhe and gasp for several minutes is not? So weird.
@disarray maybe? but it's fallen so far behind Pleroma now so who knows.
earlier this year I put in several weekends of work grinding through static analysis on Pleroma to fix things, remove unused functions, making sure the correct types for data were being used everywhere, no dangling code that could never be reached, etc. This covers like 80% of security concerns. The remaining 20% are going to be simple logic things or "oops we forgot this security header" type stuff
Even if they can find an exploit to write to files on the filesystem and even overwrite Pleroma/Akkoma source files, it's useless because the app doesn't recompile code automatically when run in production mode.
You should deploy Pleroma/Akkoma with the files being readonly to the app anyway, but we can't enforce how people deploy their services. This has always been an issue with webservers. I fought this battle with Apache CGI/FCGI stuff 20 years ago.
If someone thinks they can pwn Pleroma that hard I will give an invitation to my server so they can demonstrate it. I am skeptical, though.
edit: we still have a lot of functions without typespecs, but it's in a good state right now IMO
Admin of bikeshed.party, not-active-enough FreeBSD developer and ports-secteam & portmgr alumni. My thoughts are my own, unless they're not. 🧐Team Pleroma 👯♀️Posts are probably satire.