Index: classes.fs
==================================================================
--- classes.fs
+++ classes.fs
@@ -135,10 +135,11 @@
 
 cmd-class class{ msg
     $10 +field dummy
     $value: name$ \ group name
     $value: id$
+    $value: msg$  \ decrypted message
     field: peers[]
     field: keys[]
     field: log[]
     field: mode
     \ mode bits:

Index: msg.fs
==================================================================
--- msg.fs
+++ msg.fs
@@ -72,11 +72,11 @@
 	REPEAT  drop ;] msglog-sema c-section ;
 
 : serialize-log ( addr u -- $addr )
     [: bounds ?DO
 	    I $@ check-date 0= IF  net2o-base:$, net2o-base:nestsig
-	    ELSE   2drop  THEN
+	    ELSE   msg( ." removed entry " dump )else( 2drop )  THEN
       cell +LOOP ;]
     gen-cmd ;
 
 Variable saved-msg$
 64Variable saved-msg-ticks
@@ -459,11 +459,11 @@
     0 .v-dec$ dup IF
 	msg-key!  msg-group-o .msg:+lock
 	<info> ." chat is locked" <default>
     ELSE  2drop
 	<err> ." locked out of chat" <default>
-    THEN ;   msg-class is msg:lock
+    THEN ; msg-class is msg:lock
 :noname ( -- )  msg-group-o .msg:-lock
     <info> ." chat is free for all" <default> ; msg-class is msg:unlock
 ' drop msg-class is msg:away
 :noname ( addr u type -- )
     space <warn> case
@@ -639,18 +639,17 @@
 
 : ?pkgroup ( addr u -- addr u )
     \ if no group has been selected, use the pubkey as group
     last# 0= IF  2dup + sigpksize# - keysize >group  THEN ;
 
-: handle-msg ( addr u -- )
-    ?pkgroup >msg-log
-    2dup d0<> \ do something if it is new
-    IF  replay-mode @ 0= IF
-	    2dup show-msg
-	    2dup parent .push-msg
-	THEN
-    THEN  2drop ;
+: handle-msg ( addr-o u-o addr-dec u-dec -- )
+    ?pkgroup 2swap >msg-log
+    2dup d0<> replay-mode @ 0= and \ do something if it is new
+    IF
+	2over show-msg
+	2dup parent .push-msg
+    THEN  2drop 2drop ;
 
 \g 
 \g ### messaging commands ###
 \g 
 
@@ -679,13 +678,13 @@
     parent .wait-task @ ?query-task over select event> ;
 +net2o: msg-last? ( start end n -- ) 64>n msg:last? ;
 +net2o: msg-last ( $:[tick0,msgs,..tickn] n -- ) 64>n msg:last ;
 
 net2o' nestsig net2o: msg-nestsig ( $:cmd+sig -- ) \g check sig+nest
-    $> nest-sig ?dup-0=-IF
+    $> 2dup nest-sig ?dup-0=-IF
 	handle-msg
-   ELSE  replay-mode @ IF  drop 2drop
+    ELSE  replay-mode @ IF  drop 2drop 2drop
 	ELSE  !!sig!!  THEN \ balk on all wrong signatures
     THEN ;
 
 : msg-sig? ( addr u -- addr u' flag )
     skip-sig? @ IF   quicksig( pk-quick-sig? )else( pk-date? )
@@ -701,11 +700,11 @@
 	I $@ 2over pksig decrypt-sig?
 	dup -5 <> IF
 	    >r 2nip r> unloop  EXIT
 	THEN  drop 2drop
     cell +LOOP
-    sigpksize# +  -5 ;
+    sigpksize# +  -5  replay-mode @ 0= and ;
 
 : msg-dec?-sig? ( addr u -- addr' u' flag )
     2dup 2 - + c@ $80 and IF  msg-dec-sig?  ELSE  msg-sig?  THEN ;
 
 \ generate an encryt+sign packet
@@ -1008,19 +1007,20 @@
     nest-cmd-loop msg:end ;
 ' msg-tdisplay msg-class is msg:display
 ' msg-tdisplay msg-notify-class is msg:display
 : msg-tredisplay ( n -- )
     reset-time
-    msg-group-o .msg:mode dup @ msg:otr# invert and swap
+    msg-group-o >o msg:?otr msg:-otr o> >r
     [:  cells >r msg-log@ 2dup { log u }
 	dup r> - 0 max /string bounds ?DO
 	    I log - cell/ to log#
 	    I $@ { d: msgt }
 	    msgt ['] msg:display catch IF  ." invalid entry" cr
 		2drop  THEN
 	cell +LOOP
-	log free throw ;] !wrapper ;
+	log free throw ;] catch
+    r> IF  msg-group-o .msg:+otr  THEN  throw ;
 ' msg-tredisplay msg-class is msg:redisplay
 
 msg-class class
 end-class textmsg-class
 
@@ -1355,10 +1355,13 @@
     \U lock {@nick}         lock down
     \G lock: lock down communication to list of nicks
 umethod /unlock ( addr u -- )
     \U unlock               stop lock down
     \G unlock: stop lock down
+umethod /lock? ( addr u -- )
+    \U lock?                check lock status
+    \G lock?: report lock status
 umethod /bye ( addr u -- )
     \U bye
     \G bye: leaves the current chat
 umethod /chat ( addr u -- )
     \U chat [group][@user]  switch/connect chat
@@ -1484,10 +1487,13 @@
     vkey keysize $make msg-group-o .msg:keys[] >back
     msg-group-o .msg:+lock
 ; is /lock
 :noname ( addr u -- )
     2drop msg-group-o .msg:-lock ; is /unlock
+:noname ( addr u -- )
+    2drop msg-group-o .msg:?lock 0= IF  ." un"  THEN  ." locked" forth:cr
+; is /lock?
 
 :noname ( addr u -- )
     2drop -1 [IFDEF] android android:level# [ELSE] level# [THEN] +! ; is /bye
 }scope
 

Index: rng.fs
==================================================================
--- rng.fs
+++ rng.fs
@@ -52,16 +52,16 @@
     tuck r@ read-file r> close-file throw
     throw <> !!insuff-rnd!! ;
 
 : read-rnd ( addr u -- )
     \G read in entropy bytes from the systems entropy source
-    [ [defined] getentropy [defined] linux and [IF]
-	"getentropy" "libc.so.6" open-lib lib-sym 0<>
+    [ [defined] getrandom [defined] linux and [IF]
+	"getrandom" "libc.so.6" open-lib lib-sym 0<>
     [ELSE] false [THEN] ]
     [IF]
-	bounds U+DO \ getentropy reads $100 bytes at maximum
-	    I I' over - $100 umin getentropy
+	bounds U+DO \ getrandom reads $100 bytes at maximum
+	    I I' over - $100 umin 0 getrandom
 	    dup -1 = IF  errno #38 = IF  drop
 		    \ oops, we don't have getentropy in the kernel
 		    I I' over - $100 umin read-urnd
 		ELSE  BUT  THEN \ resolve the other IF
 		?ior  THEN