From: Jeff F. <je...@di...> - 2002-07-22 21:44:17
|
Will you guys be integrating with the libyahoo2 now that it's been released separately from everybuddy? The announcement was on freshmeat today: http://freshmeat.net/releases/91640/ http://libyahoo2.sourceforge.net/ It seems to surpass the current yahoo functionality which gaim includes. -Jeff |
From: Sean E. <bj...@bi...> - 2002-07-25 01:34:40
|
Um, well we *WROTE* "libyahoo2," and the EB code it comes from, We will certainly NOT be using "libyahoo2" (nor will the Jabber transport I'm in the process of writing) nor can I reccomend anyone else use it. Nor can I understand how it "seems to surpass the current yahoo functionality" -Sean > On Mon, 2002-07-22 at 17:44, Jeff Frost wrote: > > Will you guys be integrating with the libyahoo2 now that it's been released > > separately from everybuddy? The announcement was on freshmeat today: > > > > http://freshmeat.net/releases/91640/ > > http://libyahoo2.sourceforge.net/ > > > > It seems to surpass the current yahoo functionality which gaim includes. > > > > -Jeff > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Gaim-devel mailing list > > Gai...@li... > > https://lists.sourceforge.net/lists/listinfo/gaim-devel > > > |
From: Jeff F. <je...@di...> - 2002-07-25 04:05:26
|
Sorry if I touched a nerve there Sean. Here are things that libyahoo2 purports to do that I cannot do in gaim now with the current yahoo functionality: * Ignore buddy * Unignore buddy * Create new conference * Join existing conference * Invite members to join existing conference * Decline joining a conference * Leave a conference * Send message to conference * Send file via Yahoo file transfer server * Receive files via Yahoo file transfer server * Receive files directly from another client Perhaps I just don't know how to do these in gaim, but they do not seem to be in there from initial inspection. On 23 Jul 2002, Sean Egan wrote: > Um, well we *WROTE* "libyahoo2," and the EB code it comes from, We will > certainly NOT be using "libyahoo2" (nor will the Jabber transport I'm in > the process of writing) nor can I reccomend anyone else use it. > > Nor can I understand how it "seems to surpass the current yahoo > functionality" > > -Sean > > > On Mon, 2002-07-22 at 17:44, Jeff Frost wrote: > > > Will you guys be integrating with the libyahoo2 now that it's been released > > > separately from everybuddy? The announcement was on freshmeat today: > > > > > > http://freshmeat.net/releases/91640/ > > > http://libyahoo2.sourceforge.net/ > > > > > > It seems to surpass the current yahoo functionality which gaim includes. > > > > > > -Jeff > > > > > > > > > > > > ------------------------------------------------------- > > > This sf.net email is sponsored by:ThinkGeek > > > Welcome to geek heaven. > > > http://thinkgeek.com/sf > > > _______________________________________________ > > > Gaim-devel mailing list > > > Gai...@li... > > > https://lists.sourceforge.net/lists/listinfo/gaim-devel > > > |
From: Luke S. <lsc...@re...> - 2002-07-25 13:47:53
|
On Wed, Jul 24, 2002 at 09:05:17PM -0700, Jeff Frost wrote: > Sorry if I touched a nerve there Sean. Here are things that libyahoo2 > purports to do that I cannot do in gaim now with the current yahoo > functionality: Everybuddy, trillian, libyahoo2, and gaim itself of course are only able to connect to yahoo servers still because of work sean did figuring out the new authentation method. > > * Ignore buddy > * Unignore buddy > * Create new conference > * Join existing conference > * Invite members to join existing conference > * Decline joining a conference > * Leave a conference > * Send message to conference > * Send file via Yahoo file transfer server > * Receive files via Yahoo file transfer server > * Receive files directly from another client we might support ignoring and unignoring, but i don't think so. the rest, you are correct, we don't support yet for yahoo. however we are more likely to use libyahoo2 as a reference to implement it ourselves than to use libyahoo2. I trust sean's code far more than an unknown. luke > > Perhaps I just don't know how to do these in gaim, but they do not seem to be > in there from initial inspection. > > > On 23 Jul 2002, Sean Egan wrote: > > > Um, well we *WROTE* "libyahoo2," and the EB code it comes from, We will > > certainly NOT be using "libyahoo2" (nor will the Jabber transport I'm in > > the process of writing) nor can I reccomend anyone else use it. > > > > Nor can I understand how it "seems to surpass the current yahoo > > functionality" > > > > -Sean > > > > > On Mon, 2002-07-22 at 17:44, Jeff Frost wrote: > > > > Will you guys be integrating with the libyahoo2 now that it's been released > > > > separately from everybuddy? The announcement was on freshmeat today: > > > > > > > > http://freshmeat.net/releases/91640/ > > > > http://libyahoo2.sourceforge.net/ > > > > > > > > It seems to surpass the current yahoo functionality which gaim includes. > > > > > > > > -Jeff > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > This sf.net email is sponsored by:ThinkGeek > > > > Welcome to geek heaven. > > > > http://thinkgeek.com/sf > > > > _______________________________________________ > > > > Gaim-devel mailing list > > > > Gai...@li... > > > > https://lists.sourceforge.net/lists/listinfo/gaim-devel > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: Jabber - The world's fastest growing > real-time communications platform! Don't just IM. Build it in! > http://www.jabber.com/osdn/xim > _______________________________________________ > Gaim-devel mailing list > Gai...@li... > https://lists.sourceforge.net/lists/listinfo/gaim-devel -- -This email is made of 100% recycled electrons. -If something can go wrong.... FIX IT! If it's Microsoft...delete it. -There are three ways to get something done: (1) Do it yourself. (2) Hire someone to do it for you. (3) Forbid your kids to do it. |
From: Jeff F. <je...@di...> - 2002-07-25 16:49:30
|
On Thu, 25 Jul 2002, Luke Schierer wrote: > On Wed, Jul 24, 2002 at 09:05:17PM -0700, Jeff Frost wrote: > > Sorry if I touched a nerve there Sean. Here are things that libyahoo2 > > purports to do that I cannot do in gaim now with the current yahoo > > functionality: > > Everybuddy, trillian, libyahoo2, and gaim itself of course are only able to connect to > yahoo servers still because of work sean did figuring out the new authentation method. That's awesome. I guess I didn't understand why if Sean wrote libyahoo2 he opted to use a different method for the gaim yahoo functionality. Sorry again if I stepped on any toes. > we might support ignoring and unignoring, but i don't think so. the rest, you are correct, > we don't support yet for yahoo. however we are more likely to use libyahoo2 as a reference to > implement it ourselves than to use libyahoo2. I trust sean's code far more than an unknown. > luke You'd be correct, gaim does not support ignoring or unignoring for yahoo either, but does for at least AIM and MSN. Thanks for the insight Luke! I'll let you guys get back to developing now. :-) |
From: Sean M. E. <bj...@bi...> - 2002-07-25 17:39:21
|
------------------- > Sorry if I touched a nerve there Sean. Here are things that libyahoo2 > purports to do that I cannot do in gaim now with the current yahoo > functionality: Heh, no nerve touched. > * Ignore buddy > * Unignore buddy Privacy in Gaim is being reworked entirely. Rest assured that "ignore buddy" is no remarkable feat of programming. > * Create new conference > * Join existing conference > * Invite members to join existing conference > * Decline joining a conference > * Leave a conference > * Send message to conference You could have just said "conferencing" (Sounds like you're copying from something Tellis wrote). We already know how conferencing works, and when I get some spare time, I'm going to make a UI for it (and for MSN) more befitting to conferencing than our plain-ol chat UI. > * Send file via Yahoo file transfer server > * Receive files via Yahoo file transfer server > * Receive files directly from another client All that is is HTTP. When our in-progress file transfer GUI is completed, it will take 3 or 4 lines of code to impliment this. It really make no sense to abandon our code which is custom-built for Gaim to impliment a "library" based on the above code just to support a few features that don't yet have UI's -Sean |
From: Jeff F. <je...@di...> - 2002-07-25 17:44:42
|
On Thu, 25 Jul 2002, Sean M. Egan wrote: > Privacy in Gaim is being reworked entirely. Rest assured that "ignore > buddy" is no remarkable feat of programming. > > > * Create new conference > > * Join existing conference > > * Invite members to join existing conference > > * Decline joining a conference > > * Leave a conference > > * Send message to conference > > You could have just said "conferencing" (Sounds like you're copying > from something Tellis wrote). We already know how conferencing works, > and when I get some spare time, I'm going to make a UI for it (and for > MSN) more befitting to conferencing than our plain-ol chat UI. Yah, copying and pasting from the features list. You're right conferencing is what I was getting at. I wonder if you guys intend to interface with the yahoo chat servers sometime in the future for supporting yahoo chat. The best thing I've seen for yahoo chat on linux so far is byach which isn't too good. > It really make no sense to abandon our code which is custom-built for > Gaim to impliment a "library" based on the above code just to support > a few features that don't yet have UI's See, that was my mistake. I thought this libyahoo2 was derived from the libyahoo that was included in gaim currently and possibly just a branch of it (which might get merged back in in the future), but it sounds like that is not the case at all. That's just me showing my ignorance about the development efforts. |
From: Luke S. <lsc...@re...> - 2002-07-25 17:55:11
|
On Thu, Jul 25, 2002 at 10:44:36AM -0700, Jeff Frost wrote: <snip> > > Yah, copying and pasting from the features list. You're right conferencing is > what I was getting at. I wonder if you guys intend to interface with the > yahoo chat servers sometime in the future for supporting yahoo chat. The best > thing I've seen for yahoo chat on linux so far is byach which isn't too good. as sean said, as soon as he has some free time to get a gui working that will support it better than the current aim-ish group chat gui we currently have. He also said he knows how it works, so it won't be hard once the gui is in place. > > > It really make no sense to abandon our code which is custom-built for > > Gaim to impliment a "library" based on the above code just to support > > a few features that don't yet have UI's > > See, that was my mistake. I thought this libyahoo2 was derived from the > libyahoo that was included in gaim currently and possibly just a branch of it > (which might get merged back in in the future), but it sounds like that is not > the case at all. That's just me showing my ignorance about the development > efforts. that's what's really really odd. Gaim has had the protocols as plugins almost as long as we've supported multiple protocols, and except for jabber's use of libfaim (oscar) for the aim transport, no one else wants to touch them, so alot of work gets re-done instead of people working together to extend our joint capabilities. luke -- -This email is made of 100% recycled electrons. -If something can go wrong.... FIX IT! If it's Microsoft...delete it. -There are three ways to get something done: (1) Do it yourself. (2) Hire someone to do it for you. (3) Forbid your kids to do it. |
From: Sean M. E. <bj...@bi...> - 2002-07-25 18:26:47
|
> Yah, copying and pasting from the features list. You're right conferencing is > what I was getting at. I wonder if you guys intend to interface with the > yahoo chat servers sometime in the future for supporting yahoo chat. The best > thing I've seen for yahoo chat on linux so far is byach which isn't too good. Yes. We will impliment Chat and Conferencing at the same time. > > It really make no sense to abandon our code which is custom-built for > > Gaim to impliment a "library" based on the above code just to support > > a few features that don't yet have UI's > > See, that was my mistake. I thought this libyahoo2 was derived from the > libyahoo that was included in gaim currently and possibly just a branch of it > (which might get merged back in in the future), but it sounds like that is not > the case at all. That's just me showing my ignorance about the development > efforts. Understood. The original libyahoo was not used by Gaim either (although it was used as a reference for the old Yahoo protocol) Gaim started using the new protocol in October or November, shortly after Yahoo started using it. We started using the new authentication routine in April, one week after they started blocking Indians using the old one. It is this block on India which caused Philip Tellis to move our code to EB and then later release it as a "library" -Sean |
From: Aaron S. <ajs...@st...> - 2002-07-25 18:10:49
|
> Privacy in Gaim is being reworked entirely. Since it seems to be actually-use-the-gaim-devel-mailing-list-time, and since this comment reminded me of it, I'll ask: Passwords for messaging ID's are stored in plaintext (.gaimrc) when saved... (Correct me if I'm wrong, but they are on my machine...) Would it be possible/is it already being worked on to encrypt them somehow (maybe like real passwords)? Or something else? Just thought I'd throw that out there. - Aaron |
From: Christian H. <ch...@gn...> - 2002-07-25 18:14:16
|
On Thu, Jul 25, 2002 at 01:10:40PM -0500, Aaron Schumacher wrote: > > Privacy in Gaim is being reworked entirely. > > Since it seems to be actually-use-the-gaim-devel-mailing-list-time, and > since this comment reminded me of it, I'll ask: > > Passwords for messaging ID's are stored in plaintext (.gaimrc) when > saved... (Correct me if I'm wrong, but they are on my machine...) > Would it be possible/is it already being worked on to encrypt them > somehow (maybe like real passwords)? Or something else? Just thought > I'd throw that out there. > > - Aaron There are no plans at the moment for doing this. However, if your permissions are set correctly, your .gaimrc will be safe from everybody but root (and if you aren't root and don't trust root, maybe it's time to find a new system :) It's been asked about a lot. I'm sure it's only a matter of time until somebody writes a patch to do this. Christian -- Christian Hammond <> The GNUpdate Project ch...@gn... <> http://www.gnupdate.org/ It is generally agreed that "Hello" is an appropriate greeting, because if you entered a room and said "Goodbye," it would confuse a lot of people. |
From: Sean M. E. <bj...@bi...> - 2002-07-25 18:33:10
|
> There are no plans at the moment for doing this. However, if your > permissions are set correctly, your .gaimrc will be safe from > everybody but root (and if you aren't root and don't trust root, maybe > it's time to find a new system :) > > It's been asked about a lot. I'm sure it's only a matter of time until > somebody writes a patch to do this. People have written patches that did this, and I've rejected them without question (as I'm sure my predecessors did). Passwords in .gaimrc will never be encrypted ever. It's a terrible idea. If you feel strongly about it, gpg your entire .gaimrc file before and after using Gaim. -Sean |
From: Luke S. <lsc...@re...> - 2002-07-25 19:12:08
|
On Thu, Jul 25, 2002 at 01:10:40PM -0500, Aaron Schumacher wrote: > > Privacy in Gaim is being reworked entirely. > > Since it seems to be actually-use-the-gaim-devel-mailing-list-time, and > since this comment reminded me of it, I'll ask: > > Passwords for messaging ID's are stored in plaintext (.gaimrc) when > saved... (Correct me if I'm wrong, but they are on my machine...) > Would it be possible/is it already being worked on to encrypt them > somehow (maybe like real passwords)? Or something else? Just thought > I'd throw that out there. I agree with Sean, its a horrible idea. if someone can see your .gaimrc file, encrypting it won't help. they'll just copy it and use gaim itself, or a decrypter based on gaim's decryption of the passwds to read your passwords anyway. you should not be using gaim on machines from which you cannot trust the security of the unix permissions. encrypting .gaimrc would only provide a FALSE sense of greater security. luke -- -This email is made of 100% recycled electrons. -If something can go wrong.... FIX IT! If it's Microsoft...delete it. -There are three ways to get something done: (1) Do it yourself. (2) Hire someone to do it for you. (3) Forbid your kids to do it. |
From: Robert S. <rk...@re...> - 2002-07-26 18:21:18
|
On Thu, 25 Jul 2002 15:11:59 -0400 Luke Schierer <lsc...@re...> wrote: LS> I agree with Sean, its a horrible idea. I disagree. Storing plain text passwords are a terrible idea. LS> if someone can see your .gaimrc file, encrypting it won't help. LS> they'll just copy it and use gaim itself, The ability to see a file does not imply the ability to copy it. LS> or a decrypter based on gaim's decryption of the passwds to read your LS> passwords anyway. This assumes a certain level of knowledge on the part of the attacker. The number of people who can copy down plain text far exceeds the number of people who can find/run a decrypter. LS> cannot trust the security of the unix permissions. encrypting.gaimrc would LS> only provide a FALSE sense of greater security. No, it is not a FALSE sense of greater security. It is greater security. Just because it isn't perfect doesn't mean it isn't better. Having a door on my house provides a greater sense of security. Having a lock on the door provides an even greater sense of security. Just because some criminals can pick the lock doesn't mean I shouldn't lock it too keep out the ones that can't. |
From: Christian H. <ch...@gn...> - 2002-07-26 18:28:17
|
On Fri, Jul 26, 2002 at 02:19:59PM -0400, Robert Story wrote: > On Thu, 25 Jul 2002 15:11:59 -0400 Luke Schierer > <lsc...@re...> wrote: > LS> I agree with Sean, its a horrible idea. > > I disagree. Storing plain text passwords are a terrible idea. The whole problem is that even if you store a plain-text password, all it takes is for somebody to copy your .gaimrc, log into your accounts, and change your passwords. The way to prevent this is to set the permissions on your .gaimrc so it can only be seen by you. And amazingly, this prevents the need for them to be encrypted. > LS> if someone can see your .gaimrc file, encrypting it won't help. > LS> they'll just copy it and use gaim itself, > > The ability to see a file does not imply the ability to copy it. If you can read it, you can copy it. > LS> or a decrypter based on gaim's decryption of the passwds to read your > LS> passwords anyway. > > This assumes a certain level of knowledge on the part of the attacker. The > number of people who can copy down plain text far exceeds the number of people > who can find/run a decrypter. Those people would have to be root. Don't trust root? Find a new computer, or just don't run it there. > LS> cannot trust the security of the unix permissions. encrypting.gaimrc would > LS> only provide a FALSE sense of greater security. > > No, it is not a FALSE sense of greater security. It is greater security. Just > because it isn't perfect doesn't mean it isn't better. Having a door on my > house provides a greater sense of security. Having a lock on the door provides > an even greater sense of security. Just because some criminals can pick the lock doesn't mean I shouldn't lock it too keep out the ones that can't. It is no security. People can still change your passwords, mess with your accounts, or whatever. It DOES provide a false sense of security, because you think encrypted passwords will keep your accounts safe. In reality, a simple `cp /home/mrfoo/.gaimrc /home/ev1lh4x0r && gaim` would give access to all your accounts and buddy lists. However, if the account is chmod 600, only YOU can see it, and nobody can copy it. That is, of course, unless somebody breaks into your account or root is a BOFH, but then you have much, much bigger problems to worry about. Christian -- Christian Hammond <> The GNUpdate Project ch...@gn... <> http://www.gnupdate.org/ If you ever drop your keys into a river of molten lava, let'em go, because, man, they're gone. -- Bill Austin |
From: <lsc...@re...> - 2002-07-26 18:29:14
|
On Fri, Jul 26, 2002 at 02:19:59PM -0400, Robert Story wrote: > On Thu, 25 Jul 2002 15:11:59 -0400 Luke Schierer > <lsc...@re...> wrote: > LS> I agree with Sean, its a horrible idea. > > I disagree. Storing plain text passwords are a terrible idea. > > LS> if someone can see your .gaimrc file, encrypting it won't help. > LS> they'll just copy it and use gaim itself, > > The ability to see a file does not imply the ability to copy it. if you can see it, you can read it. if you can read it, now can you NOT be able to copy it. > > LS> or a decrypter based on gaim's decryption of the passwds to read your > LS> passwords anyway. > > This assumes a certain level of knowledge on the part of the attacker. The > number of people who can copy down plain text far exceeds the number of people > who can find/run a decrypter. no. it assumes that the atacker can copy the file, stick it in his/her home directory, and use gaim's change password option. secondly, your attacker already beat the unix file permissions via some exploit, so he or she has a level of knowledge to do something far more trivial. > > LS> cannot trust the security of the unix permissions. encrypting.gaimrc would > LS> only provide a FALSE sense of greater security. > > No, it is not a FALSE sense of greater security. It is greater security. Just > because it isn't perfect doesn't mean it isn't better. Having a door on my > house provides a greater sense of security. Having a lock on the door provides > an even greater sense of security. Just because some criminals can pick the lock doesn't mean I shouldn't lock it too keep out the ones that can't. i repeat, it is no greater security. the only way it would be greater security is if the passwords were not decrypted by gaim. its not even a valid lock. its like saying you've locked something by using rot13. you've made it harder for someone to accidentally see your passwd yes, but no ones going to be accidentally seeing a .file in your home directory. anyone who has the know-how to get to your .gaimrc file would be able to get to the password. luke -- -This email is made of 100% recycled electrons. |
From: <lsc...@re...> - 2002-07-26 18:37:40
|
On Fri, Jul 26, 2002 at 02:29:12PM -0400, lsc...@re... wrote: > On Fri, Jul 26, 2002 at 02:19:59PM -0400, Robert Story wrote: > > On Thu, 25 Jul 2002 15:11:59 -0400 Luke Schierer > > <lsc...@re...> wrote: > > LS> I agree with Sean, its a horrible idea. > > > > I disagree. Storing plain text passwords are a terrible idea. > > > > LS> if someone can see your .gaimrc file, encrypting it won't help. > > LS> they'll just copy it and use gaim itself, > > > > The ability to see a file does not imply the ability to copy it. > > if you can see it, you can read it. if you can read it, now can you NOT be able to copy it. ugh. i can't type it seems, "how" not "now". > <snip> > > i repeat, it is no greater security. the only way it would be greater security is > if the passwords were not decrypted by gaim. its not even a valid lock. its like > saying you've locked something by using rot13. you've made it harder for someone to > accidentally see your passwd yes, but no ones going to be accidentally seeing a .file > in your home directory. anyone who has the know-how to get to your .gaimrc file would > be able to get to the password. > luke and even then, it would still be a mostly false sense of security because gaim would still give you access to the change password option for the various protocols. so the attacker would still have access to your account itself, and your buddy lists by simply copying the .gaimrc file complete with encrypted passwords to a computer or account from which he or she can run gaim. keeping the passwords in plain text forces people who are security concious, and thus are the people noticing that gaim has plain text passwords, to evaluate whether or not they want to be storing passwords (it IS an option) on a given computer PERIOD. and THAT is a greater security than allowing people to think they have secured things by having an encrypted .gaimrc that anyone with half a brain can work around. luke -- -This email is made of 100% recycled electrons. |
From: Luke S. <lsc...@re...> - 2002-07-27 00:50:25
|
On Fri, Jul 26, 2002 at 05:26:54PM -0700, Morgan Collins [Ax0n] wrote: > I think that if you encrypted the password, it would be wise to require > the user to enter their previous password before changing their password > anyways. um... no. the users who select to save passwords don't want to remember thier passwords. that's why they select that option. users who care about security realize that not storing the password at all is far more secure than even an encrypted .gaimrc would be. only clueless people think that a compromise possition is necessary. luke |