| 14 Jul 2019 |
 gentile | i wonder if using pantalaimon is a better approach for e2e aware bot | 16:09:00 |
| gentile | what do you guys use for logging e2e rooms? ideally i want a bot that saves the room to a html file. there's a ruby project on gitlab but i dont know ruby and it needs work. | 16:19:07 |
 poljar | i just log them using weechat, so plaintext file like an irc log; it's not perfect since i can get duplicate messages there | 17:47:35 |
| poljar | dunno what's better for a bot, on one hand pantalaimon does all the e2ee for you, on the other hand nio is nowadays quite easy to use | 17:48:20 |
| gentile | i like that idea but all my rooms are e2e encrypted and when i tried weechat last week it couldn't read e2e rooms unless i did something wrong. | 17:48:27 |
| gentile | im going to try nio for a e2e bot. thanks for the advice. | 17:49:28 |
| poljar | that sounds weird, if you have the time feel free to report a bug | 17:51:14 |
| poljar | now weechat can't yet request old keys -> decrypt already printed messages, so you might be hitting that | 17:52:00 |
| gentile | i build weechat from src, clone weechat-matrix and make install that. then in weechat /script load matrix.py. that's the correct process right? i will test it again now. | 17:53:19 |
| poljar | it is | 17:59:41 |
| gentile | ok one more dumb question. i really hate having to make all my friends re-verify keys when i add a new device. even logging out creates a new device and can ruin a afternoon. if i wrote .py to parse my browser local storage and extract keys, in theory they could be imported into a keystore weechat-matrix uses so i could 'clone' another session | 18:06:47 |
 swedneck | just wait for cross-signing | 18:08:26 |
| poljar | yeah, cross-signing is a solution to this, i don't know how feasible it is to export the trust database from riot, weechat uses a plain text file that is similar to the ssh known hosts file | 18:09:49 |
| gentile | ok looking forward to that. i never log out and clear sessions in my browser because i dont want to trigger a new device. really bad practice. | 18:10:04 |
| gentile | if you use inspect element in riot and look at local storage you can see all the keys. there are tons of them. should be straight forward though. | 18:12:05 |
| gentile | i really dislike using local storage too. when riot was compromised a couple of months ago, it would have been easy for the hacker to modify .js to send all keys from local storage to a remote server. good thing he wasn't too bright. | 18:12:38 |
 tulir | what else would a web app use 🤔 | 18:13:25 |
| gentile | yeah thats the problem. i want to get on weechat soon because that's a pretty big risk. | 18:14:19 |
| tulir | the solution is easy though: just don't use an instance hosted by someone else | 18:15:08 |
