TwistChat: Inline Messaging

The chatroom now has a few new features, most important among them being its new name: TwistChat. Because, let's face it, Chatroom is not the most thrilling of names. (Plus, all the variations of PyChat, ChatPy etc. were taken.)

Anyway, here's how it works currently - press play, then hit F to see the whole thing:

Cool, huh? The inline messaging feature is pretty useful (and also pretty easy to implement, given the structure of the program).

There's also a new way of specifying configuration options like the port to listen on and the default admin password: just edit /home/$USER/.twistchat/twistchat.yml. I chose YAML because it's incredibly easy to understand, and also has a great Python library called PyYAML.


Side note: Security Implications

It's very convenient for me to be able to make and populate a new folder in the home directory called .twistchat - assuming the user is following the instructions and installing the package with the --user option instead of root privileges.

It's easy, too: just add a data_files keyword argument to the setup() call. But isn't it a bit worrying that sudo pip install x or sudo python setup.py install of a malicious package could overwrite any file on your system - for instance, /bin/bash?

I know it's the user's responsibility to check what they're installing and use sudo with due diligence, but arbitrary file manipulation still isn't quite what I'd expect from a language-specific package manager. As this StackOverflow comment points out, it seems like security has been reduced in favour of convenience (N.B. the accepted answer is now outdated and wrong since Python 2.6 or earlier).