From hyc at symas.com Sat Dec 17 10:13:19 2011 From: hyc at symas.com (Howard Chu) Date: Sat, 17 Dec 2011 07:13:19 -0800 Subject: [OTR-dev] pidgin-otr rewrite Message-ID: <4EECB18F.9030305@symas.com> [Resending; I attached the patch before but at 80KB it was too big for the mailing list to accept. Contact me if you want a copy of my work-in-progress patch.] I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to only use libpurple, so that the plugin will work with finch. I've just now gotten something running, so I thought I'd post a snapshot of my changes to get some early feedback. You'll also need the latest finch source with my patch here http://developer.pidgin.im/ticket/14818 otherwise the conversation menu won't be installed. I've been trying to preserve the UI abstraction of the original code, but it's pretty awkward. I believe ultimately the abstraction could be removed, since the libpurple version will work in both finch and pidgin. (Even if its UI is not as sophisticated as the original pidgin code...) The two sections that are still unimplemented are management of buddies' fingerprints, and authentication of buddies. For the latter, I believe I'm just going to add another sub-menu to the conversation menu, with three choices "Secret Question" (SMP), "Shared Secret", and "Fingerprint" since I don't think I can update a dialog in realtime while changing a combo box like the pidgin/GTK code does. For the fingerprint list I believe the purple_notify_searchresults() API will let me create the multi-column list of fingerprint info, and the appropriate action buttons to go with. Going with the generic libpurple code sacrifices some of the widgets of the pidgin UI. Personally I can live with that, especially since I almost always use Finch anyway. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From ian at cypherpunks.ca Sat Dec 17 10:43:00 2011 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 17 Dec 2011 10:43:00 -0500 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EECB18F.9030305@symas.com> References: <4EECB18F.9030305@symas.com> Message-ID: <20111217154300.GP27624@yoink.cs.uwaterloo.ca> On Sat, Dec 17, 2011 at 07:13:19AM -0800, Howard Chu wrote: > [Resending; I attached the patch before but at 80KB it was too big > for the mailing list to accept. Contact me if you want a copy of my > work-in-progress patch.] > > I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to > only use libpurple, so that the plugin will work with finch. I've > just now gotten something running, so I thought I'd post a snapshot > of my changes to get some early feedback. You'll also need the > latest finch source with my patch here > > http://developer.pidgin.im/ticket/14818 > > otherwise the conversation menu won't be installed. > > I've been trying to preserve the UI abstraction of the original > code, but it's pretty awkward. I believe ultimately the abstraction > could be removed, since the libpurple version will work in both > finch and pidgin. (Even if its UI is not as sophisticated as the > original pidgin code...) > > The two sections that are still unimplemented are management of > buddies' fingerprints, and authentication of buddies. > > For the latter, I believe I'm just going to add another sub-menu to > the conversation menu, with three choices "Secret Question" (SMP), > "Shared Secret", and "Fingerprint" since I don't think I can update > a dialog in realtime while changing a combo box like the pidgin/GTK > code does. > > For the fingerprint list I believe the purple_notify_searchresults() > API will let me create the multi-column list of fingerprint info, > and the appropriate action buttons to go with. Very cool! The original reason for the UI separation in pidgin-otr is that Adium used to use the same codebase, but with different UI bits. It was envisioned that finch would also eventually do that. Did you find that there was gtk-specific stuff in the non-UI parts of pidgin-otr? [I believe Adium now has its own code, though. Not sure what will happen when libotr 4.0 comes out.] > Going with the generic libpurple code sacrifices some of the widgets > of the pidgin UI. Personally I can live with that, especially since > I almost always use Finch anyway. This worries me a bit; ideally, the refactored pidgin-otr that also worked with finch if compiled that way would be identical to the current pidgin-otr. You're saying that's not the case at the moment? Thanks, - Ian From hyc at symas.com Sat Dec 17 18:14:28 2011 From: hyc at symas.com (Howard Chu) Date: Sat, 17 Dec 2011 15:14:28 -0800 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <20111217154300.GP27624@yoink.cs.uwaterloo.ca> References: <4EECB18F.9030305@symas.com> <20111217154300.GP27624@yoink.cs.uwaterloo.ca> Message-ID: <4EED2254.50601@symas.com> Ian Goldberg wrote: > On Sat, Dec 17, 2011 at 07:13:19AM -0800, Howard Chu wrote: >> [Resending; I attached the patch before but at 80KB it was too big >> for the mailing list to accept. Contact me if you want a copy of my >> work-in-progress patch.] >> >> I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to >> only use libpurple, so that the plugin will work with finch. I've >> just now gotten something running, so I thought I'd post a snapshot >> of my changes to get some early feedback. You'll also need the >> latest finch source with my patch here >> >> http://developer.pidgin.im/ticket/14818 >> >> otherwise the conversation menu won't be installed. >> >> I've been trying to preserve the UI abstraction of the original >> code, but it's pretty awkward. I believe ultimately the abstraction >> could be removed, since the libpurple version will work in both >> finch and pidgin. (Even if its UI is not as sophisticated as the >> original pidgin code...) >> >> The two sections that are still unimplemented are management of >> buddies' fingerprints, and authentication of buddies. >> >> For the latter, I believe I'm just going to add another sub-menu to >> the conversation menu, with three choices "Secret Question" (SMP), >> "Shared Secret", and "Fingerprint" since I don't think I can update >> a dialog in realtime while changing a combo box like the pidgin/GTK >> code does. >> >> For the fingerprint list I believe the purple_notify_searchresults() >> API will let me create the multi-column list of fingerprint info, >> and the appropriate action buttons to go with. > > Very cool! The original reason for the UI separation in pidgin-otr is > that Adium used to use the same codebase, but with different UI bits. > It was envisioned that finch would also eventually do that. Did you > find that there was gtk-specific stuff in the non-UI parts of > pidgin-otr? [I believe Adium now has its own code, though. Not sure > what will happen when libotr 4.0 comes out.] No, no problems of that sort, the opposite really. It seems to me that there's a lot of code in the UI-specific portions that should be common. > >> Going with the generic libpurple code sacrifices some of the widgets >> of the pidgin UI. Personally I can live with that, especially since >> I almost always use Finch anyway. > > This worries me a bit; ideally, the refactored pidgin-otr that also > worked with finch if compiled that way would be identical to the current > pidgin-otr. You're saying that's not the case at the moment? Oh, I've left everything for the pidgin/GTK stuff intact so far, but I'd like to see some things changed. 1) I don't believe the options to Generate Private Keys and to manage Known Fingerprints should be hidden behind the "Configure Plugins" interface. (And I basically can't make that work, for Finch.) Instead, I've added them as two menu items to the generic plugin_actions entry point. If we keep things this way, then that part of the GTK code can disappear. (But I can also wrap this change with #ifdef USING_GTK etc. to preserve the original GTK code.) As a consequence of this change, the Configure Plugins interface is left with just a few boolean checkboxes. I move these into the generic plugin prefs_ui handler. But, the generic prefs handler doesn't let me do cascaded checkboxes, they're all just at a single level. It's a bit less pretty, but I don't think it has any impact on actual functionality or usability. The thing is, if built solely using libpurple, and installed as a purple-2 plugin, the single binary will work in all clients. It won't need to be recompiled specifically for pidgin and installed twice. But if you have the pidgin-specific build already enabled on your box, I believe the two may conflict. Right now I'm using the single plugin in both pidgin and finch, but first I had to manually edit my ~/.purple/prefs.xml to delete the pidgin plugin. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From otr.dev at bleeter.id.au Sat Dec 17 22:49:51 2011 From: otr.dev at bleeter.id.au (Peter Lawler) Date: Sun, 18 Dec 2011 14:49:51 +1100 Subject: [OTR-dev] Introduction and Question Message-ID: <4EED62DF.7040203@bleeter.id.au> Hi folks, I'd like to introduce myself. My name's Peter Lawler. Pidgin users may know of me from the Pidgin->Help->Developers->Retired Crazy Patch Writers as "Peter 'Bleeter' Lawler". I have also known to occasionally hack with the folks from Guifications.org, more specifically contributing to their 'Purple Plugin Pack' (a pack of 15 or more plugins of varying use and quality). I've signed on to this list using my generic bleeter.id.au domain as an anti-spam type 'feature', nothing personal I do this with practically every public email list I'm on these days and it kind of works for me. Mostly. Except when doing introductions as it makes it interesting in signing emails using RFC4880. However, I assert my usual public email fingerprint is 0xF83553FE85F88D84. Details are available from the usual keyservers. My interest in OTR and Twitter stemmed from a conversation I had on Twitter with Jacob Appelbaum, where we discussed Pidgin Bug #11110, 'Pidgin appears to leak DNS for Jabber accounts'. Although that's relevant to TOR (and I'm glad to say the bug was squashed as well as some code revision elsewhere squashing another bug [13928]), it lead me to be getting in the habit of using OTR more than I had previously. Before getting down to the business of slumming it in some of the OTR code (specifically, that covering Pidgin-OTR), I was wondering if there's a public Source Code Revision system of OTR code that is released on Cypherpunks? I usually prefer to be somewhat knowledgeable about a code's history before deciding whether to report a bug or request for enhancement. I've been over the site a few times and I still can't see it. I read the FAQ and that didn't mention where the SCCS is, nor why there is no SCCS for OTR. So here I am, asking. (FWIW, I had wanted to look at getting the OTR going with finch, but seems someone's beaten me too it. Thanks! :) Any comments, suggestions, pointers etc. would be greatly appreciated, Warm regards from a sunny Tasmania, Pete. From hyc at symas.com Sun Dec 18 00:12:21 2011 From: hyc at symas.com (Howard Chu) Date: Sat, 17 Dec 2011 21:12:21 -0800 Subject: [OTR-dev] Introduction and Question In-Reply-To: <4EED62DF.7040203@bleeter.id.au> References: <4EED62DF.7040203@bleeter.id.au> Message-ID: <4EED7635.4030807@symas.com> Peter Lawler wrote: > Before getting down to the business of slumming it in some of the OTR > code (specifically, that covering Pidgin-OTR), I was wondering if > there's a public Source Code Revision system of OTR code that is > released on Cypherpunks? I usually prefer to be somewhat knowledgeable > about a code's history before deciding whether to report a bug or > request for enhancement. I've been over the site a few times and I still > can't see it. I read the FAQ and that didn't mention where the SCCS is, > nor why there is no SCCS for OTR. So here I am, asking. I was puzzling over that myself too. (But my tendency is to shoot first and ask questions later.) Trolling thru the archives I found some mention of sourceforge, and lo and behold: http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/otr;a=tree Too bad I didn't find it before I started hacking at it. > (FWIW, I had wanted to look at getting the OTR going with finch, but > seems someone's beaten me too it. Thanks! :) If you're referring to me, don't thank me yet. The pidgin folks have to merge my patch before the plugin is usable... I also found another email from someone claiming to have started a port back in February, but nothing ever since that. http://lists.cypherpunks.ca/pipermail/otr-dev/2011-February/001151.html > Any comments, suggestions, pointers etc. would be greatly appreciated, > > Warm regards from a sunny Tasmania, -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From otr.dev at bleeter.id.au Sun Dec 18 00:31:26 2011 From: otr.dev at bleeter.id.au (Peter Lawler) Date: Sun, 18 Dec 2011 16:31:26 +1100 Subject: [OTR-dev] Introduction and Question In-Reply-To: <4EED7635.4030807@symas.com> References: <4EED62DF.7040203@bleeter.id.au> <4EED7635.4030807@symas.com> Message-ID: <4EED7AAE.6030500@bleeter.id.au> On 18/12/11 16:12, Howard Chu wrote: > Peter Lawler wrote: >> I read the FAQ and that didn't mention where the SCCS is, >> nor why there is no SCCS for OTR. So here I am, asking. > > I was puzzling over that myself too. (But my tendency is to shoot first > and ask questions later.) Trolling thru the archives I found some > mention of sourceforge, and lo and behold: > > http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/otr;a=tree > > Too bad I didn't find it before I started hacking at it. Hah, cheers. Thanks mate. Now you mention it, I do seem to recall finding the git repository at one stage, then promptly forgetting where it was. >> (FWIW, I had wanted to look at getting the OTR going with finch, but >> seems someone's beaten me too it. Thanks! :) > > If you're referring to me, don't thank me yet. The pidgin folks have to > merge my patch before the plugin is usable... Roger that. Will take up finch-otr discussion on the other thread. Regards, Pete. From otr.dev at bleeter.id.au Sun Dec 18 00:42:36 2011 From: otr.dev at bleeter.id.au (Peter Lawler) Date: Sun, 18 Dec 2011 16:42:36 +1100 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EECB18F.9030305@symas.com> References: <4EECB18F.9030305@symas.com> Message-ID: <4EED7D4C.8030806@bleeter.id.au> > I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to only use > libpurple, so that the plugin will work with finch. I've just now gotten > something running, so I thought I'd post a snapshot of my changes to get some > early feedback. You'll also need the latest finch source with my patch here > > http://developer.pidgin.im/ticket/14818 I've added some tags to that ticket and will try and catch up with the GNT/Finch folks over the coming week and see how they feel about it. My gut instinct is they'll be happy someone's supplied a patch to extend Finch's plugin support capabilities. Whether they'll be happy to merge it before 2.10.2, I can't possibly say. Will see how they feel about (as per your comment on the ticket) where in the source it should go. Regards, Pete. From hyc at symas.com Sun Dec 18 00:46:18 2011 From: hyc at symas.com (Howard Chu) Date: Sat, 17 Dec 2011 21:46:18 -0800 Subject: [OTR-dev] Introduction and Question In-Reply-To: <4EED7AAE.6030500@bleeter.id.au> References: <4EED62DF.7040203@bleeter.id.au> <4EED7635.4030807@symas.com> <4EED7AAE.6030500@bleeter.id.au> Message-ID: <4EED7E2A.5010007@symas.com> Peter Lawler wrote: > On 18/12/11 16:12, Howard Chu wrote: >> Peter Lawler wrote: > >>> I read the FAQ and that didn't mention where the SCCS is, >>> nor why there is no SCCS for OTR. So here I am, asking. >> >> I was puzzling over that myself too. (But my tendency is to shoot first >> and ask questions later.) Trolling thru the archives I found some >> mention of sourceforge, and lo and behold: >> >> http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/otr;a=tree >> >> Too bad I didn't find it before I started hacking at it. > > Hah, cheers. Thanks mate. Now you mention it, I do seem to recall > finding the git repository at one stage, then promptly forgetting where > it was. I'm a bit suspicious of this repo; the master branch claims to be OTR 4.0, and the Version_3_Dev branch is only 3.1.0. There's no sign of 3.2.0 in this git repo. Looks like the "real" repo is in CVS. https://sourceforge.net/scm/?type=cvs&group_id=128860 -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From hyc at symas.com Sun Dec 18 01:16:51 2011 From: hyc at symas.com (Howard Chu) Date: Sat, 17 Dec 2011 22:16:51 -0800 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EED7D4C.8030806@bleeter.id.au> References: <4EECB18F.9030305@symas.com> <4EED7D4C.8030806@bleeter.id.au> Message-ID: <4EED8553.5020808@symas.com> Peter Lawler wrote: >> I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to only use >> libpurple, so that the plugin will work with finch. I've just now gotten >> something running, so I thought I'd post a snapshot of my changes to get some >> early feedback. You'll also need the latest finch source with my patch here >> >> http://developer.pidgin.im/ticket/14818 > I've added some tags to that ticket and will try and catch up with the > GNT/Finch folks over the coming week and see how they feel about it. My > gut instinct is they'll be happy someone's supplied a patch to extend > Finch's plugin support capabilities. Whether they'll be happy to merge > it before 2.10.2, I can't possibly say. Will see how they feel about (as > per your comment on the ticket) where in the source it should go. Thanks for your help! In the meantime I've pushed my plugin code to gitorious if you want to build it in its current state. https://gitorious.org/purple-otr 1) Compile without USING_GTK defined 2) Don't compile gtk-*.c 3) Do compile purple-*.c (I'll tweak the Makefile as it gets closer to done.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From ian at cypherpunks.ca Sun Dec 18 11:41:31 2011 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 18 Dec 2011 11:41:31 -0500 Subject: [OTR-dev] Introduction and Question In-Reply-To: <4EED7E2A.5010007@symas.com> References: <4EED62DF.7040203@bleeter.id.au> <4EED7635.4030807@symas.com> <4EED7AAE.6030500@bleeter.id.au> <4EED7E2A.5010007@symas.com> Message-ID: <20111218164131.GU27624@yoink.cs.uwaterloo.ca> On Sat, Dec 17, 2011 at 09:46:18PM -0800, Howard Chu wrote: > Peter Lawler wrote: > >On 18/12/11 16:12, Howard Chu wrote: > >>Peter Lawler wrote: > > > >>>I read the FAQ and that didn't mention where the SCCS is, > >>>nor why there is no SCCS for OTR. So here I am, asking. > >> > >>I was puzzling over that myself too. (But my tendency is to shoot first > >>and ask questions later.) Trolling thru the archives I found some > >>mention of sourceforge, and lo and behold: > >> > >>http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/otr;a=tree > >> > >>Too bad I didn't find it before I started hacking at it. > > > >Hah, cheers. Thanks mate. Now you mention it, I do seem to recall > >finding the git repository at one stage, then promptly forgetting where > >it was. > > I'm a bit suspicious of this repo; the master branch claims to be > OTR 4.0, and the Version_3_Dev branch is only 3.1.0. There's no sign > of 3.2.0 in this git repo. Looks like the "real" repo is in CVS. > > https://sourceforge.net/scm/?type=cvs&group_id=128860 Rob, can you check where 3.2 is on the sourceforge git? Perhaps it's just not tagged? The intent is that the cvs will be deprecated in favour of the git repo. The 4.0 release will only be in git, not cvs. - Ian From otr.dev at bleeter.id.au Sun Dec 18 17:13:22 2011 From: otr.dev at bleeter.id.au (Peter Lawler) Date: Mon, 19 Dec 2011 09:13:22 +1100 Subject: [OTR-dev] Introduction and Question In-Reply-To: <20111218164131.GU27624@yoink.cs.uwaterloo.ca> References: <4EED62DF.7040203@bleeter.id.au> <4EED7635.4030807@symas.com> <4EED7AAE.6030500@bleeter.id.au> <4EED7E2A.5010007@symas.com> <20111218164131.GU27624@yoink.cs.uwaterloo.ca> Message-ID: <4EEE6582.8060108@bleeter.id.au> On 19/12/11 03:41, Ian Goldberg wrote: > Rob, can you check where 3.2 is on the sourceforge git? Perhaps it's > just not tagged? > > The intent is that the cvs will be deprecated in favour of the git repo. > The 4.0 release will only be in git, not cvs. > > - Ian Thanks for the info, Ian. One of the big things on my TODO list for the coming week is start using Pidgin's 3.0.0 development branch to help triage bug reports, RFEs etc. for implementing the 'Privacy Rewrite' (which has been talked about since ~2006 and was a Google SoC project in 2009 but implementation, as far as I know, needed to be put on hold for other reasons). Knowing where the official OTR repo is will help me in this effort greatly. Pete. From hyc at symas.com Sun Dec 18 23:48:21 2011 From: hyc at symas.com (Howard Chu) Date: Sun, 18 Dec 2011 20:48:21 -0800 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EED7D4C.8030806@bleeter.id.au> References: <4EECB18F.9030305@symas.com> <4EED7D4C.8030806@bleeter.id.au> Message-ID: <4EEEC215.60108@symas.com> Peter Lawler wrote: >> I've spent a couple days rewriting the pidgin-otr-3.2.0 plugin to only use >> libpurple, so that the plugin will work with finch. I've just now gotten >> something running, so I thought I'd post a snapshot of my changes to get some >> early feedback. You'll also need the latest finch source with my patch here >> >> http://developer.pidgin.im/ticket/14818 > I've added some tags to that ticket and will try and catch up with the > GNT/Finch folks over the coming week and see how they feel about it. My > gut instinct is they'll be happy someone's supplied a patch to extend > Finch's plugin support capabilities. Whether they'll be happy to merge > it before 2.10.2, I can't possibly say. Will see how they feel about (as > per your comment on the ticket) where in the source it should go. Add bugs 14820, 14821, and 14822 to my list... The rewrite is now code-complete and seems to be running OK. You can grab it from here https://gitorious.org/purple-otr (Still haven't tweaked the Makefile...) Feedback welcome. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From hyc at symas.com Mon Dec 19 07:25:08 2011 From: hyc at symas.com (Howard Chu) Date: Mon, 19 Dec 2011 04:25:08 -0800 Subject: [OTR-dev] [OTR-users] [bug] Pidgin does not notify of new unencrypted messages while encrypting Message-ID: <4EEF2D24.5030400@symas.com> http://lists.cypherpunks.ca/pipermail/otr-users/2011-June/001919.html Was browsing the list archives and stumbled over this. I see that in cvs/git the libotr API has changed quite a bit already, pushing the text of these messages out of the library and making it the plugin's responsibility to handle them. Seems like that's a good idea. I noticed that the git master for pidgin-otr has been adapted to this already, and it also has an additional "force_create" option added to the otrg_dialog_display_otr_message() function. It seems to me that's a bit wasteful and this should be a generic "flags" argument instead, with one value reserved for force_create, and another value to e.g. declare that the message should be treated as a PURPLE_MESSAGE_RECV instead of the default of PURPLE_MESSAGE_SYSTEM. That would allow the plugin to write the offending message as a normal message, and give the notification that the bug filers' are looking for. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From Byrd.B at insightcom.com Mon Dec 19 13:43:10 2011 From: Byrd.B at insightcom.com (Byrd, Brendan) Date: Mon, 19 Dec 2011 18:43:10 +0000 Subject: [OTR-dev] [OTR-users] [bug] Pidgin does not notify of new unencrypted messages while encrypting In-Reply-To: <4EEF2D24.5030400@symas.com> References: <4EEF2D24.5030400@symas.com> Message-ID: I've been requesting that this gets fixed for some time now. See: http://lists.cypherpunks.ca/pipermail/otr-users/2010-December/001889.html http://lists.cypherpunks.ca/pipermail/otr-users/2010-December/001891.html http://lists.cypherpunks.ca/pipermail/otr-dev/2011-August/001210.html Len White wrote a patch to fix the problem, but his compiled binaries seem to crash on my laptop for some reason. Given that it's already been reported on this ML and Debian's bug list, it would be nice to get an official patch out the door. -- Brendan Byrd System Integration Analyst (NOC Web Developer) -----Original Message----- From: otr-dev-bounces at lists.cypherpunks.ca [mailto:otr-dev-bounces at lists.cypherpunks.ca] On Behalf Of Howard Chu Sent: Monday, December 19, 2011 7:25 AM To: otr-dev at lists.cypherpunks.ca Subject: Re: [OTR-dev] [OTR-users] [bug] Pidgin does not notify of new unencrypted messages while encrypting http://lists.cypherpunks.ca/pipermail/otr-users/2011-June/001919.html Was browsing the list archives and stumbled over this. I see that in cvs/git the libotr API has changed quite a bit already, pushing the text of these messages out of the library and making it the plugin's responsibility to handle them. Seems like that's a good idea. I noticed that the git master for pidgin-otr has been adapted to this already, and it also has an additional "force_create" option added to the otrg_dialog_display_otr_message() function. It seems to me that's a bit wasteful and this should be a generic "flags" argument instead, with one value reserved for force_create, and another value to e.g. declare that the message should be treated as a PURPLE_MESSAGE_RECV instead of the default of PURPLE_MESSAGE_SYSTEM. That would allow the plugin to write the offending message as a normal message, and give the notification that the bug filers' are looking for. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ OTR-dev mailing list OTR-dev at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev From hyc at symas.com Mon Dec 19 19:37:19 2011 From: hyc at symas.com (Howard Chu) Date: Mon, 19 Dec 2011 16:37:19 -0800 Subject: [OTR-dev] [OTR-users] [bug] Pidgin does not notify of new unencrypted messages while encrypting In-Reply-To: References: <4EEF2D24.5030400@symas.com> Message-ID: <4EEFD8BF.7000901@symas.com> Byrd, Brendan wrote: > I've been requesting that this gets fixed for some time now. See: > > http://lists.cypherpunks.ca/pipermail/otr-users/2010-December/001889.html > http://lists.cypherpunks.ca/pipermail/otr-users/2010-December/001891.html > http://lists.cypherpunks.ca/pipermail/otr-dev/2011-August/001210.html > > Len White wrote a patch to fix the problem, but his compiled binaries seem to crash on my laptop for some reason. > > Given that it's already been reported on this ML and Debian's bug list, it would be nice to get an official patch out the door. I've posted a simple patch on the bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561865#25 Attached here as well. > -- > Brendan Byrd > System Integration Analyst (NOC Web Developer) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Treat-unencrypted-messages-as-normal.patch Type: text/x-diff Size: 1319 bytes Desc: not available URL: From hyc at symas.com Mon Dec 19 20:04:05 2011 From: hyc at symas.com (Howard Chu) Date: Mon, 19 Dec 2011 17:04:05 -0800 Subject: [OTR-dev] Introduction and Question In-Reply-To: <20111218164131.GU27624@yoink.cs.uwaterloo.ca> References: <4EED62DF.7040203@bleeter.id.au> <4EED7635.4030807@symas.com> <4EED7AAE.6030500@bleeter.id.au> <4EED7E2A.5010007@symas.com> <20111218164131.GU27624@yoink.cs.uwaterloo.ca> Message-ID: <4EEFDF05.5070808@symas.com> Ian Goldberg wrote: > On Sat, Dec 17, 2011 at 09:46:18PM -0800, Howard Chu wrote: >> I'm a bit suspicious of this repo; the master branch claims to be >> OTR 4.0, and the Version_3_Dev branch is only 3.1.0. There's no sign >> of 3.2.0 in this git repo. Looks like the "real" repo is in CVS. >> >> https://sourceforge.net/scm/?type=cvs&group_id=128860 > > Rob, can you check where 3.2 is on the sourceforge git? Perhaps it's > just not tagged? I see no tags at all in the git repo. Nor any actual revision history. It looks like someone just did an import of the last checkout from CVS, rather than using e.g. git-cvsimport. > The intent is that the cvs will be deprecated in favour of the git repo. > The 4.0 release will only be in git, not cvs. Sounds good, but it would be nice if all of the CVS history was migrated into git. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From hyc at symas.com Mon Dec 19 22:22:02 2011 From: hyc at symas.com (Howard Chu) Date: Mon, 19 Dec 2011 19:22:02 -0800 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EEEC215.60108@symas.com> References: <4EECB18F.9030305@symas.com> <4EED7D4C.8030806@bleeter.id.au> <4EEEC215.60108@symas.com> Message-ID: <4EEFFF5A.5060306@symas.com> Howard Chu wrote: > The rewrite is now code-complete and seems to be running OK. You can grab it > from here > > https://gitorious.org/purple-otr > > (Still haven't tweaked the Makefile...) Feedback welcome. > configure/Makefile/README/INSTALL etc. updated. Apply the requisite patches to the pidgin source, then configure/make/make install should be fine. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From dimitris at census-labs.com Tue Dec 20 05:02:38 2011 From: dimitris at census-labs.com (Dimitris Glynos) Date: Tue, 20 Dec 2011 12:02:38 +0200 Subject: [OTR-dev] private messages on dbus Message-ID: <4EF05D3E.5020907@census-labs.com> Hello all, I was wondering if pidgin could allow for certain chat types to be flagged as private and not transmit these over dbus. I don't know how much dbus is hardwired to pidgin (is it used also for capturing the messages displayed on the pidgin GUI?) but the fact that a local attacker can access OTR plaintext from a dbus session monitor is quite unnerving. I'm CC-ing this to otr-dev as well in the hope that an elegant solution might spring up from the discussion. Cheers, Dimitris From dimitris at census-labs.com Tue Dec 20 19:49:41 2011 From: dimitris at census-labs.com (Dimitris Glynos) Date: Wed, 21 Dec 2011 02:49:41 +0200 Subject: [OTR-dev] private messages on dbus In-Reply-To: References: <4EF05D3E.5020907@census-labs.com> Message-ID: <4EF12D25.1040403@census-labs.com> On 12/21/2011 01:11 AM, khc at hxbc.us wrote: > On Tue, 20 Dec 2011 12:02:38 +0200, Dimitris Glynos wrote: >> Hello all, >> >> I was wondering if pidgin could allow for certain chat types >> to be flagged as private and not transmit these over dbus. >> I don't know how much dbus is hardwired to pidgin (is it used >> also for capturing the messages displayed on the pidgin GUI?) >> but the fact that a local attacker can access OTR plaintext >> from a dbus session monitor is quite unnerving. > > a local attacker can already ptrace the pidgin process and do > pretty much anything. Yes, the word 'local' is used incorrectly in the original post. Consider a remote attacker that exploits some app running in the same desktop session as pidgin. It is trivial to fork-exec a dbus session monitor from there and retrieve the sensitive info. Now, regarding ptrace although it was generally possible in the past to attach to processes of the same user, this has been restricted somewhat in modern distro's. Specifically, distro's like Ubuntu allow (non-root) ptrace only to processes that are children of the ptrace-caller. For more info on this, have a look here: https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection Hope this clarifies things a bit, Dimitris From hyc at symas.com Thu Dec 22 01:46:26 2011 From: hyc at symas.com (Howard Chu) Date: Wed, 21 Dec 2011 22:46:26 -0800 Subject: [OTR-dev] pidgin-otr rewrite In-Reply-To: <4EEFFF5A.5060306@symas.com> References: <4EECB18F.9030305@symas.com> <4EED7D4C.8030806@bleeter.id.au> <4EEEC215.60108@symas.com> <4EEFFF5A.5060306@symas.com> Message-ID: <4EF2D242.7030504@symas.com> Howard Chu wrote: > Howard Chu wrote: >> The rewrite is now code-complete and seems to be running OK. You can grab it >> from here >> >> https://gitorious.org/purple-otr >> >> (Still haven't tweaked the Makefile...) Feedback welcome. >> > configure/Makefile/README/INSTALL etc. updated. Apply the requisite patches to > the pidgin source, then configure/make/make install should be fine. > PS: In case it's not clear, it's not my intention to fork this code; I'm just making it available here so that other OTR devs can get it and build it conveniently, so my changes can be reviewed and we can discuss what could be integrated into the mainline. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ From rob.smits at uwaterloo.ca Sun Dec 25 10:23:42 2011 From: rob.smits at uwaterloo.ca (Rob Smits) Date: Sun, 25 Dec 2011 10:23:42 -0500 Subject: [OTR-dev] Introduction and Question Message-ID: <006801ccc319$31087ba0$931972e0$@uwaterloo.ca> Hey, Unfortunately the cvs tags did not appear to get imported to git. Sorry about this. I've just added the same release tags to git that are in cvs. There is no 3.2 development branch currently. I think we will create one (soon-ish), and we just need to decide which commits should be backported. Somebody reported in this thread that they couldn't see any history in the git repo. When you're running a "git log " make sure you also include the "--follow" option. The history should all be there. Regards, Rob On Mon, 2011-12-19 at 06:28 -0500, otr-dev-request at lists.cypherpunks.ca wrote: > Rob, can you check where 3.2 is on the sourceforge git? Perhaps it's > just not tagged? > > The intent is that the cvs will be deprecated in favour of the git > repo. > The 4.0 release will only be in git, not cvs. > > - Ian -------------- next part -------------- An HTML attachment was scrubbed... URL: