cover photo

Mike Macgirvin

mike@macgirvin.com

Mike Macgirvin
  
Make sure you're running the latest code. Then click the lock.


Encrypted content

Mike Macgirvin
  
I tried to upload a photo and then use the key, and it seemed to work, but decryption showed only the link.


Is it a private photo? I've just barely just now got zid links working, but some links will break because we can't do regex callbacks.

We support a small subset of the normal server-side bbcode constructs on the client. I'm trying to get the important stuff and running into a lot of hurdles. Some bbcode constructs will never work on the client (like observer stuff and event microformats and possible reshares). I'm not going to document which ones at the moment because it's a moving target. We have probably 150-200 bbcodes total and we've currently got support on the client for somewhere around 50.

I've moved the bbcode translator to another file so you shouldn't need to login to see decrypted text, but I question whether we want to provide this ability. We really want people to be members to make use of member features.
Mike Macgirvin
  
Ah bloody hell. Yeah this is going to be a hard problem. In order to make "uploaded into post" photo privacy match the post privacy, we set the photo permissions to visible to nobody but you. When the post is posted we see who it's being sent to and alter the photo permissions accordingly.

The problem is that the photo url is now heavily encrypted - and if we don't know there's a local photo in the post, we can't fix the permissions. So the photo is going to stay totally private and nobody but you can see it. (As a workaround you can manually fix the photo permissions once the post is posted).

Any clever thoughts out there?
Mike Macgirvin
  
We really don't have a way of relating the two from the client side except through the link to the media that we store in the post.

As a quick solution I'm now writing the uploaded media links to a string and I'll use the links in the string (instead of links in the message body) to set permissions if the post was encrypted. The string contains nothing but media pointers (no text content) and is discarded once the post is saved.

The truly paranoid will fetch all of the url's referenced in the post and attach them as data url's so that the receiver's traffic can't be analyzed. I'll leave that for future development.
Mike Macgirvin
  
Red: I'm changing the private mail obfuscation in an incompatible way (it's being fully encrypted like the posts). If you have private messages from the last week which you haven't read - please read them now. Reply by using a private post, until everybody is updated.
Mike Macgirvin
  
Not quite. One more leak...
zottel
 
That's really, really great. :like

Some chat-like interface to it would be wonderful, like Facebook had (or has, I don't know) where chat and private message are the same thing (but with the two interfaces of private message and chat window).

This would make an extra chat system superfluous. The only thing that would have to be added (besides a chat window, which would probably be the hardest thing to do) would be some kind of "show if I'm online" system.

Are these messages realtime enough for that to make sense?
Olivier M.
 
Wouldn't straight browser-to-browser chat scale better? I'm thinking WebRTC here...