[General] qTox meeting #5

Sat Jun 4 20:00:50 UTC 2016

qTox meeting 2016-06-04, #qtox @ freenode

Maintainers present:
* sudden6
* TheSpiritXIII (a.k.a. DaSpirit)
* tux3
* zetok

Maintainers absent without notification of absence:
* agilob (5th absence without notification)
* antis81 (5th absence without notification)

Short summary:
* meeting time changed -2h to 16:00 UTC±0
* it would be nice to get help with new qTox website: https://qtox.github.io

Log from the meeting (log time UTC+1):
########################################################################

[18:54:54] <sudden6> <<< Official qTox-dev meeting, logs can be found at
https://lists.tox.chat/pipermail/qtox-dev/ >>>
[18:55:25] <zetok> actually, link to logs is in the topic :P
[18:55:47] <sudden6> oh that's new ^^
[19:01:14] <zetok> tux3, DaSpirit: anything against changing meeting
time -2h, to 16 UTC?
[19:04:36] * josh98 has quit (Ping timeout: 260 seconds)
[19:06:45] <DaSpirit> If I'm here then changing the meeting time doesn't
matter to me.
[19:07:33] <tux3> zetok, it's fine by me
[19:07:40] <zetok> ok
[19:07:46] <sudden6> nice
[19:13:01] <zetok> I was wondering about inviting people to qTox org
[19:13:22] <sudden6> who do you want to invite?
[19:13:55] <zetok> I had Rowen_Stripe and abbat on mind
[19:15:43] <zetok> possibly someone who'd want to maintain & develop
website, no idea who would that be
[19:19:16] <sudden6> do you really think maintaining the website will
require that much work?
[19:19:41] <sudden6> most of the relevant stuff really happens on gh
[19:19:55] <zetok> it will require someone who'd maintain it
[19:22:08] <sudden6> of course, but I think the expected workload could
be handled by our core team in the near future
[19:22:16] <sudden6> so no need to rush anything
[19:22:34] <zetok> hmm
[19:22:56] <sudden6> if someone steps up and wants to do the website I
of course wouldn't say no :)
[19:25:15] <sudden6> as for Rowen_Stripe and abbat I think it would
honor their work
[19:25:41] <zetok> yeah :)
[19:27:13] <zetok> ok, made invitations
[19:29:04] * zetok wonders if there's anything else to discuss
[19:30:31] <zetok> oh, right
[19:31:27] <sudden6> I think there's https://github.com/tux3/qTox/pull/3351
[19:32:38] <zetok> on the packaging front, Gentoo users have it disabled
[19:33:09] <sudden6> I don't know if anybody manually compiles with
filteraudio enabled
[19:33:21] <zetok> probably not
[19:33:53] <sudden6> mhm
[19:34:10] <linuxmodder> regarding the site  maintaining it will be  big
issue if  its irrregularly checked
[19:36:10] <sudden6> linuxmodder: how do you mean?
[19:36:47] <linuxmodder> it can become a chore  fast to update shit
[19:38:49] <sudden6> I don't think the current website needs much
maintaining, because it mostly links to github, which well maintained
[19:39:33] <linuxmodder> its hsoted where again atm ?
[19:39:42] <zetok> github
[19:40:49] <linuxmodder> github.io or  ghpages?
[19:41:09] <linuxmodder> .com or .io I mean
[19:41:20] <zetok> both
[19:43:41] <zetok> https://github.com/tux3/qTox/issues/3314
[19:43:58] <zetok> sudden6: do you still think that locking wouldn't be
useful?
[19:45:00] <sudden6> pretty much yes
[19:45:24] <zetok> DaSpirit, tux3: ↑ ?
[19:46:07] <tux3> zetok, that sounds incredibly useless, use your screen
locker or logout
[19:46:50] <zetok> tux3: screen locker when you're showing something to
someone on your screen?
[19:47:29] <DaSpirit> If someone has access to your computer then having
a locked screen wouldn't be the best way of stopping them from getting
your stuff.
[19:48:04] <sudden6> DaSpirit: still better than just locking the
application tough
[19:48:30] <zetok> tux3: also, logging-out is not an option, given that
"log-in" is not instantaneous
[19:48:35] <DaSpirit> I agree with sudden6 on this matter.
[19:49:23] <linuxmodder> +1 to locking  hook
[19:50:18] <linuxmodder> and with a locked screen its harder (not
impossible tho ) to mine pass / configs
[19:50:53] <zetok> DaSpirit: it's not really about preventing someone
from getting stuff, but more like providing a curtain that will hide
private, possibly nsfw conversations when needed
[19:50:53] * linuxmodder uses two locks normally  a  gui locker and a
full getty lock form tty
[19:51:23] <zetok> * not limited to conversations
[19:51:26] <linuxmodder> zetok,  so you invision it more as  a 'Panic
button"
[19:51:43] <zetok> ~kinda
[19:51:46] * linuxmodder still reading issue thread
[19:53:27] <zetok> sudden6: um, mind providing a rationale?
[19:54:17] <zetok> sudden6: i.e. in the issue you've said that it's the
job of screensaver/locker, but then Getron provided a good use case that
screensaver/locker won't be able to handle
[19:55:06] <linuxmodder> another idea inactive or keybind  auto min to
tray and forces login pass to remax
[19:56:37] <linuxmodder> similar to both Telegram and skype in
omplementation
[19:57:45] <linuxmodder> so `on-boarding` those user should be minimal
efffort
[20:00:24] <zetok> btw, a reflection from yesterday; "a moment ago I was
looking at PR that doesn't zero out all the needed memory, and now I'm
looking at this bullshit comment in issue claiming that ability to
select area of shared desktop helps with security…"
[20:02:13] <zetok> upon reflecting further, one might realized that the
latter is a real issue, while the former isn't – that's IMO quite good
example of how programming makes one stop noticing real issues
[20:02:26] <zetok> realize*
[20:04:11] <zetok> So I'm just kinda wondering whether you've taken
proper correction on your PoV ;)
[20:05:11] <sudden6> commented
[20:06:39] <sudden6> well security isn't privacy altough both are used
interchangeably in everyday language
[20:07:32] <sudden6> the first part could be a security issue, but the
second part is only a privacy issue
[20:07:48] <zetok> mm
[20:07:58] <zetok> but it's important enough to make one make an issue
[20:09:17] <zetok> >I understand your point clearly, but I'm very much
against creating the false security provided by a password
[20:09:36] <zetok> I wonder about that
[20:10:33] <zetok> while creating false sense of security is obviously
wrong, is it wrong to give users some functionality, but not pretend
that given functionality isn't about security?
[20:10:54] <zetok> s/isn't/is/
[20:11:43] * Pharyngeal has quit (Ping timeout: 240 seconds)
[20:12:00] * Pharyngeal
(~Pharyngea at 2001:19f0:300:1643:dce8:9201:2f12:b8f7) has joined
[20:12:14] <sudden6> how would you ensure users knowing it isn't secure?
[20:12:18] <zetok> also, while it may feel ~wrong, is it really wrong to
provide for users functionality that they think will provide security,
but not claiming that it will provide security?
[20:12:22] <zetok> you don't
[20:12:54] <zetok> if something may go wrong, it will go wrong
[20:13:11] <zetok> thus, if there is a chance of users misunderstanding
something, they will misunderstand it
[20:13:31] <sudden6> > thus, if there is a chance of users
misunderstanding something, they will misunderstand it
[20:13:38] <sudden6> so not make it look secure
[20:13:47] <sysfu> I started getting this error message when launching
qtox from the terminal after doing recent 'apt-get upgrade'  error
"qtox: error while loading shared libraries: libqrencode.so.3: cannot
open shared object file: No such file or directory"
[20:14:00] <zetok> sysfu: yes, and you might want to learn to read
[20:14:26] <zetok> >[17:46:48] <zetok> sysfu: add the right repo
[20:14:28] <sudden6> ie no password, just a single click
[20:14:40] <sysfu> Well, I installed qrencode but that just changes the
error to "qtox: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version
`CXXABI_1.3.8' not found (required by qtox)"
[20:15:28] <sysfu> never did that before. Repo in use is 'deb
https://pkg.tox.chat/debian nightly release'
[20:15:48] <sysfu> I had to change it that that to get tox pkg to
install on elementary OS Freya 3.4.2.
[20:16:07] <sysfu> Should it read something else now? I was working fine
for about six months that way.
[20:16:14] <zetok> sysfu: https://qtox.github.io/ ← there's a big
"Download" button there, use it
[20:16:33] <zetok> and proceed from there
[20:16:43] * Pharyngeal has quit (Ping timeout: 240 seconds)
[20:17:02] <zetok> sudden6: right, qTox kinda guarantees that password
actually secures stuff
[20:17:05] <zetok> hmm :s
[20:17:17] <zetok> !
[20:17:40] <sysfu> So repository changed to antonbatenev then?
[20:17:49] * zetok thinks about something beside password
[20:17:55] <zetok> sysfu: yes
[20:18:01] <sysfu> thank you
[20:19:23] <zetok> you're welcome
[20:19:51] <zetok> >.<
[20:20:35] * zetok wonders if that took care of the qTox *buntu users
[20:23:29] * zetok can't think of something beside password that
wouldn't be outright misleading
[20:24:02] <zetok> I guess that woudl be it for the meeting.
[20:24:06] <zetok> would*
[20:24:13] <sudden6> ok
[20:25:02] <zetok> https://i.imgur.com/adXnS5Q.jpg :3
[20:25:41] <sysfu> zetok: sorry if you already responded to my same last
night and I missed it. I do not have an IRC bouncer setup at the moment.
[20:26:08] <zetok> sysfu: read the topic, logs are provided ;)
[20:26:18] <zetok> and no, I didn't manage to respond yesterday :)
[20:26:37] <sysfu> OK, nice.

more logs at https://github.com/qTox/qtox-irc-logs

-- 

Kind regards,
Zetok Zalbavar
----
My Tox ID:
29AE62F95C56063D833024B1CB5C2140DC4AEB94A80FF4596CACC460D7BAA062E0A92C3424A0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.tox.chat/pipermail/general/attachments/20160604/2ab0dc0a/attachment.sig>