moose-team / friends Goto Github PK

It would be super radical if I could one-click share my screen with one or more people in a chat room via screen cat.

we should cache avatars so they work offline

Trusted users (moose team) should be able to send messages that show up HUGE and in RED for everyone. This is so we can tell people to upgrade if there's a security issue, or if we're making a backwards-incompatible data model change.

Eventually, we'll get auto-update working, but that's harder than this. This is a good stop-gap.

Maybe on hover?

It would be pretty cool if it was possible to chat alone in an organization. So that it would only be moose-team that could chat. It would also be interesting if it was locked down to the collaborators of a repo.

Then it could replace whatever chat layer most projects/organizations have.

Other opinions?

if you use :shipit: for example it turns the :s into a smilie first

I could log in first, it doesn't work anymore. The only error message is the following:

[25612:0429/231242:WARNING:backend_impl.cc(1775)] Destroying invalid entry. [25612:0429/231242:WARNING:backend_impl.cc(1775)] Destroying invalid entry.

It also cranks up my one of my CPUs. If there are debug flags, I'm happy to provide more info.

get a 403 when trying to download https://atom.io/download/atom-shell/v0.25.1/iojs-v0.25.1.tar.gz

Hi nice moose-team people!

I wanted to file an issue suggesting that you consider using a different private key for message signing as for SSH protocol signing.

@kentonv discusses signing oracles here https://plus.google.com/+KentonVarda/posts/J3vcacmUUc1, which is a problem where if I can get someone to say something in a moose chat, and that message is also meaningful in a different context, now I can show their signed message to someone else and claim they signed something with different meaning in the new context.

TLS 1.3 has some built-in protections around this, and GPG's standard approach is to use sub-keys. I imagine a sensible approach for moose would also to be create a subkey that is specific for the purpose of signing messages in moose.

Note that I haven't dug into the moose code yet, so if you already do create a sub-key for signing messages in moose, OK; please accept my apologies. I'm writing this based on the description I see at moose-team.github.io/friends/ website, which I am hoping is up-to-date.

(I'm also generally a little weirded-out by your remark that it is "secure" at the top of that page, which isn't a super meaningful thing to say without a clear threat model. One example of a great threat model document is this -- https://pond.imperialviolet.org/threat.html -- which reads basically like a collection of user stories, so should be a reasonably approachable thing to write in an aspirational way about the properties you want the software to have. If you want, I can file a separate bug requesting a threat model; I thought I'd merely point out the concept here, and if you feel that's in-scope for the project, great.)

Cheers!

for a case where we can't verify your private key (e.g. if you are on someone elses computer and your private key isnt there)

you should be able to login with username/personal access token to the app and have it verify you

starting friends produces the following warning for me currently,

[5949:0429/234914:INFO:CONSOLE(232)] "(node) warning: possible EventEmitter memory leak detected. %d %s listeners added. Use emitter.setMaxListeners() to increase limit.", source: events.js (232)

Understandably not a desired feature, but I appreciate link/og parsing found in apps like slack and hipchat. Happy to work on it, but looking for some feedback on if this is wanted before I spend some time on it.

we need to track how many messages are in each room

when we refactor the rooms to be independent graphs this should be nice because then when you are syncing on startup you can ask the other side to first tell you how many total messages there are in their room graph, and you can subtract how many you have to get a rough estimate for showing a progress bar during sync

also we can use these numbers to show message counts in the sidebar next to room names etc

when @Flet switched to twemoji we got their crappy cat2 emoji

this is the true cat2 emoji:

Error:

[23896:0429/133016:INFO:renderer_main.cc(200)] Renderer process started
[23364:0429/133022:INFO:CONSOLE(14)] "[object Object]", source: c:\Users\Jason\dev\patches\github-current-user\github-current-user.js (14)
[23364:0429/134045:INFO:CONSOLE(333)] "Uncaught TypeError: Cannot read property 'setBadge' of undefined", source: C:\Users\Jason\dev\patches\friends\app.js (333)

New messages were not being drawn on screen (I didn't delve deeper to see if they were being received, but I think they were). The peers counter continued to fluctuate, so I know there was some sort of network activity.

I was still able to send a new message, but could not see it locally. When I restarted and reconnected, I could see the message I sent.

Currently we are passing app into the UI elements to send events up. But this will create peer dependencies to app and make it harder to split out the UI elements into their own modules.

Instead we should just create a target callback for sending actions up. Such as:

function action (name, params) {
  /* Handle action name */
}
self.views = {
    channels: new Channels({ target: action })
}

and then in the UI element:

function Composer (opts) {
  opts = opts || {}
  this.target = opts.target || function() {}
}

Composer.prototype.render = function () {
  var self = this

  var input = h('input', {
    placeholder: 'Send a message...',
    autofocus: true
  })

  return h('form.composer', {
    onsubmit: function (e) {
      e.preventDefault()
      var input = this.querySelector('input')
      self.target('sendMessage', input.value)
      input.value = ''
    }
  }, input)
}

Or get more fancy and have the actions bubble up: https://gist.github.com/shama/33f7aaeb902a001637e8

npm install fails for me (Ubuntu 15.04):

…
npm http 304 https://registry.npmjs.org/view-list
npm http 304 https://registry.npmjs.org/leveldown
npm http 304 https://registry.npmjs.org/raf
npm ERR! notarget No compatible version found: leveldown@'maxogden/leveldown#newnan'
npm ERR! notarget Valid install targets:
npm ERR! notarget ["0.0.0","0.0.1","0.0.2","0.1.0","0.1.1","0.1.2","0.2.0-b00","0.2.0-b01","0.2.0-b02","0.1.3","0.1.4","0.2.0","0.2.1","0.3.0","0.3.1","0.4.0","0.4.1","0.2.3","0.4.2","0.4.3","0.4.4","0.2.4","0.5.0","0.6.0","0.6.1","0.6.2","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.9.0","0.9.1","0.9.2","0.10.0","0.10.1","0.10.2","1.0.0","1.0.1","0.10.3","0.10.4","1.0.2"]
npm ERR! notarget 
npm ERR! notarget This is most likely not a problem with npm itself.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! System Linux 3.19.0-15-generic
npm ERR! command "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! cwd /home/jan/friends/app
npm ERR! node -v v0.10.28
npm ERR! npm -v 1.4.9
npm ERR! code ETARGET
npm http 304 https://registry.npmjs.org/node-gyp
npm http 304 https://registry.npmjs.org/autolinker
npm http 304 https://registry.npmjs.org/webrtc-swarm
npm http 304 https://registry.npmjs.org/subleveldown
npm http 304 https://registry.npmjs.org/virtual-dom
npm http 304 https://registry.npmjs.org/cat-names
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /home/jan/friends/app/npm-debug.log
npm ERR! not ok code 0

npm ERR! [email protected] install: `cd app && npm install`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is most likely a problem with the friends package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     cd app && npm install
npm ERR! You can get their info via:
npm ERR!     npm owner ls friends
npm ERR! There is likely additional logging output above.
npm ERR! System Linux 3.19.0-15-generic
npm ERR! command "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! cwd /home/jan/friends
npm ERR! node -v v0.10.28
npm ERR! npm -v 1.4.9
npm ERR! code ELIFECYCLE
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /home/jan/friends/npm-debug.log
npm ERR! not ok code 0

Relevant parts of the debug log:

…
558 verbose addNamed [ 'raf', '2.0.4' ]
559 verbose addNamed [ '2.0.4', '2.0.4' ]
560 silly lockFile dc0b33b6-raf-2-0-4 [email protected]
561 verbose lock [email protected] /home/jan/.npm/dc0b33b6-raf-2-0-4.lock
562 error notarget No compatible version found: leveldown@'maxogden/leveldown#newnan'
562 error notarget Valid install targets:
562 error notarget ["0.0.0","0.0.1","0.0.2","0.1.0","0.1.1","0.1.2","0.2.0-b00","0.2.0-b01","0.2.0-b02","0.1.3","0.1.4","0.2.0","0.2.1","0.3.0","0.3.1","0.4.0","0.4.1","0.2.3","0.4.2","0.4.3","0.4.4","0.2.4","0.5.0","0.6.0","0.6.1","0.6.2","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.9.0","0.9.1","0.9.2","0.10.0","0.10.1","0.10.2","1.0.0","1.0.1","0.10.3","0.10.4","1.0.2"]
562 error notarget
562 error notarget This is most likely not a problem with npm itself.
562 error notarget In most cases you or one of your dependencies are requesting
562 error notarget a package version that doesn't exist.
563 error System Linux 3.19.0-15-generic
564 error command "/usr/bin/node" "/usr/bin/npm" "install"
565 error cwd /home/jan/friends/app
566 error node -v v0.10.28
567 error npm -v 1.4.9
568 error code ETARGET
569 verbose exit [ 1, true ]

Fedora 20
default browser: Mozilla Firefox 39.0a2 (developer edition)

Edit: It seems to only happen if I don't already have an instance of firefox running.

You pick a random secret, giving somebody access means posting a message with somebodies name and the Secret encrypted with that person's public key

Benefits would be it would be truly end to end, as decreypted data would only be stored on the users computer in memory. Whoever sending the message would be able to see all the people who can decrypt it.

Cons: theoretically could be non deterministic as different users could see things in different order (maybe key would also include an ID so you could say what key was used to encrypt message?). No ability to restrict users, any user could leak key.

Nuts and bolts, since we are already signing messages we can just sign the encrypted ones in the same way (after encrypting them) of we used ctr mode we could randomly generate the nonce per message.

• Typing expands the input textarea automatically, but this overlaps and hides recent messages.

I'd argue that chat programs are likely to be open alongside other windows, so a thin window is a use case worth considering.

• There is no reason a user would manually resize the textarea when it automatically resizes to content. Consider removing it?
• Textarea for typing has a resize tab in the bottom right hand corner
• Typing a message in the textarea draws focus to the right of the textarea, which expands beyond the right side of the screen on small windows.

It feels like /lib/rich-message.js could be a nice little separate module that could be useful outside of friends too.

Any thoughts around separating it into another module at this time? Maybe moose-team/enrich-message? Or is this still premature?

[24899:0429/095427:INFO:socket_host_udp.cc(337)] sendto() has failed twice returning a transient error. Dropping the packet. fills up my console (on a mac)

This would be a good platform for using web-components, since this is an installed app and speed isn't such an issue or number of bytes for the payload.

This would also allow reusing existing customelements.io content and maybe polymer paper elements (if using polymer).

Apart from that, it would allow for a wider audience to understand the code-base and contribute more freely.

• style your own messages differently (so it's easy to see "what's been said since I last sent a message")
• multiple sequential messages within a short time (2 minutes?) from the same person are collapsed (don't repeat name/avatar for each message)

since channels became their own thing you know can't see them unless you manually type them in. We could have a default channel that is only used to announce chancels (and maybe entering and leaving channels which might also have the benefit of letting you remember where you where logged in accross comps)

I'm getting a 403 error when running the command cd node_modules/leveldown && HOME=~/.electron-gyp node-gyp rebuild --target=0.25.1 --arch=x64 --dist-url=https://atom.io/download/atom-shell

I've included the output from my console and the relevant npm-debug.log in a gist (https://gist.github.com/byronhulcher/4e2df5c57294a6857832). Looks like it could be related to #23 but I'm unfamiliar with nvm unfortunately.

I'm running io.js v1.8.1 and npm 2.8.3. I'd be happy to provide anything else you might need for debug, unfortunately I'm pretty nub when it comes to node. The app looks very cool, congrats on the soft launch!

after I get a notification and click on the client the counter does not go down.

OSX

Currently it will scroll to the bottom of the messages when a new message is received making it difficult to scroll back when people are talking.

It should scroll to the bottom automatically unless the user has scrolled up.

mafi<tab> should expand to mafintosh: like irc cloud. if more than one user has the same prefix it could just cycle through them on subsequent <tab>s

I'm lazy... if I could have tab completion for my thoughts I would

While public channels are all well and good, they aren't suitable for every purpose. It would be nice to have hidden/private/invite only channels

Typing a message in the textarea draws focus to the right of the textarea, which expands beyond the right side of the screen on small windows.

I'd argue that chat programs are likely to be open alongside other windows, so a thin window is a use case worth considering.

First up - you had me at hello, this is awesome.

Second - I was getting a failure trying to run the npm run rebuild under iojs but after switching nvm back to 0.12 it was happy. Is that something specific to my setup or is iojs support for atom (seemed to be the problem) still in the works?

> [email protected] rebuild /home/doehlman/code/github/friends/app
> cd node_modules/leveldown && HOME=~/.electron-gyp node-gyp rebuild --target=0.25.1 --arch=x64 --dist-url=https://atom.io/download/atom-shell

gyp http GET https://atom.io/download/atom-shell/v0.25.1/iojs-v0.25.1.tar.gz
gyp http 403 https://atom.io/download/atom-shell/v0.25.1/iojs-v0.25.1.tar.gz
...

Basically joining a room would be the equivalent subscribing to a feed.

Would allow for more complex irc style permissions, E. G. Being voiced would be a white list of users allowed to post with replicating clients rejecting posts not signed by them, owner would be the root node etc.

No idea how feasible it is to do in hyper log

• get keys + email of a user (by username)
• get keys + emails of users that a user follows (by username)
• get keys + emails of users in an org (by name)

idea is to run then when you first see someone, so you can gather all the public keys related to them

Then they can be reused by others and get more focused attention.

Doing #16 will help make this easier.

using hyperlog now, but would be better to use dat so we can replicate graph data out in a standard way

Typing expands the input textarea automatically, but this overlaps and hides recent messages.

Currently you are blasted with all the messages from for ever when joining a channel. It would be nice to be able to page and only see the latest sub set when joining. This could be a great feature to include in Friends golden platinum edition, or potential keep in a roadmap to pitch to investors.

e.g. you are ngoldman

replace any instances of ngoldman in message text with <span class="highlight">ngoldman</span>

trying to figure this out but virtual-dom is making the solution not obvious to me

• ability to make a simple friends CLI chat app
• makes web UI easier