From regardful at googlemail.com Tue Oct 14 19:38:53 2008 From: regardful at googlemail.com (Hajo E.) Date: Wed, 15 Oct 2008 01:38:53 +0200 Subject: [OTR-users] OTR for Pidgin by default Message-ID: Because i would love to see OTR support integrated into Pidgin by default, i asked the Pidgin devs about why this has not been done: Q: I asked a couple of days ago if OTR could be integrated into Pidgin by default (like it is done in Adium) and i got a 'no' because there were bugs to be solved. what bugs are there? A: I don't think it's any particular bugs, but just that we didn't write the code and we don't feel like supporting code that we didn't write if OTR people came to us and interact with us directly, we may change our mind Now I write to you because i think it is in your interest that as many people as possible use OTR (and the number of people *will* increase if OTR is only a click away). Can I stir you into action in order to realize my idea? -- Hajo From perrin at apotheon.com Wed Oct 15 14:16:44 2008 From: perrin at apotheon.com (Chad Perrin) Date: Wed, 15 Oct 2008 12:16:44 -0600 Subject: [OTR-users] OTR for Pidgin by default In-Reply-To: References: Message-ID: <20081015181644.GC29837@kokopelli.hydra> On Wed, Oct 15, 2008 at 01:38:53AM +0200, Hajo E. wrote: > Because i would love to see OTR support integrated into Pidgin by > default, i asked the Pidgin devs about why this has not been done: > > Q: I asked a couple of days ago if OTR could be integrated into Pidgin > by default > (like it is done in Adium) and i got a 'no' because there were bugs to > be solved. what bugs are there? > > A: I don't think it's any particular bugs, but just that we > didn't write the code and we > don't feel like supporting code that we didn't write > if OTR people came to us and interact with us directly, we may > change our mind > > Now I write to you because i think it is in your interest that as many > people as possible use OTR (and the number of people *will* increase > if OTR is only a click away). > Can I stir you into action in order to realize my idea? I think it's in my best interest, too -- since I'm an OTR user, and the more people there are that use it the more likely I am to have the opportunity to use it. Plus, y'know, then I could stop having to tell people how to get Pidgin and get it working *and* how to get its OTR plugin and get it working. It'd cut my effort in half when I want to be able to communicate with someone else via OTR-encrypted IMs. . . . so count this as seconding the motion. -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Scott McNealy: "Microsoft is now talking about the digital nervous system. I guess I would be nervous if my system was built on their technology too." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From michaelgoerz at gmail.com Thu Oct 16 07:50:34 2008 From: michaelgoerz at gmail.com (Michael Goerz) Date: Thu, 16 Oct 2008 13:50:34 +0200 Subject: [OTR-users] Problem finding libotr Message-ID: <55c2e22f0810160450x587f6de6t9d505f99bcd6f07a@mail.gmail.com> Hi, I have some trouble installing the OTR plugin on linux. Before trying to compile pidgin-otr-3.2.0 from source, I manually installed (from source) libotr-3.2.0 with its prerequisites libgcrypt-1.2.4 and libgpg-error-1.6, all with '--prefix=$HOME' (I don't have root access on the machine I'm installing this). Now, when I do ./configure for pidgin-otr-3.2.0, it ends with the following messages: [...] checking for libotr CFLAGS... checking for libotr LIBS... -lotr checking for libotr headers version 3.x >= 3.2.0... not present. checking for otrl_message_receiving in -lotr... yes configure: error: libotr 3.2.0 or newer is required How can I convince configure to find the libotr library in my home folder? Thanks, Michael Goerz From konrad at tylerc.org Thu Oct 16 11:46:17 2008 From: konrad at tylerc.org (Conrad Meyer) Date: Thu, 16 Oct 2008 08:46:17 -0700 Subject: [OTR-users] Problem finding libotr In-Reply-To: <55c2e22f0810160450x587f6de6t9d505f99bcd6f07a@mail.gmail.com> References: <55c2e22f0810160450x587f6de6t9d505f99bcd6f07a@mail.gmail.com> Message-ID: <200810160846.17936.konrad@tylerc.org> On Thursday 16 October 2008 04:50:34 am Michael Goerz wrote: > Hi, > > I have some trouble installing the OTR plugin on linux. Before trying > to compile > pidgin-otr-3.2.0 from source, I manually installed (from source) > libotr-3.2.0 with its prerequisites libgcrypt-1.2.4 and > libgpg-error-1.6, all with '--prefix=$HOME' (I don't have root access > on the machine I'm installing this). > > Now, when I do ./configure for pidgin-otr-3.2.0, it ends with the > following messages: > > [...] > checking for libotr CFLAGS... > checking for libotr LIBS... -lotr > checking for libotr headers version 3.x >= 3.2.0... not present. > checking for otrl_message_receiving in -lotr... yes > configure: error: libotr 3.2.0 or newer is required > > How can I convince configure to find the libotr library in my home folder? > > Thanks, > Michael Goerz Check ./configure --help, but probably ./configure --with-otr-lib=/path/to/lib or such. Regards, -- Conrad Meyer From ananda.samaddar at gmx.co.uk Fri Oct 17 10:46:22 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Fri, 17 Oct 2008 15:46:22 +0100 Subject: [OTR-users] QQ is blocking OTR Message-ID: <20081017154622.0fa73db9@ananda-desktop> After some experimentation I do believe that the Chinese messaging service QQ provided by Tencent (http://en.wikipedia.org/wiki/Tencent_QQ) is blocking OTR. I signed up for two QQ ids and on two different PCs I installed Pidgin with the OTR plugin. I was able to send messages in English back and forth with no problems. I was not able to start a private conversation though. So knowing a little bit about how OTR works I decided to send the following short strings through QQ via a normal Pidgin chat window: ? ?O ?OT ?OTR The first three were sent and received the last one ?OTR wasn't, so Tencent must be blocking OTR sessions. Perhaps it might be worth informing potential users of OTR with QQ that it won't work and that if they want to use OTR they'll have to switch to a different IM provider. I use MSN + OTR to chat with a friend in the People's Republic of China, so Microsoft China don't appear to have blocked OTR, yet. I can't vouch for any other protocols w.r.t Chinese users as I haven't tested them. All things considered this is a big blow for privacy when communicating with Chinese internet users as QQ is the most used IM service over there. regards, Ananda Samaddar -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From gilles at gravier.org Fri Oct 17 11:06:34 2008 From: gilles at gravier.org (Gilles Gravier) Date: Fri, 17 Oct 2008 17:06:34 +0200 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081017154622.0fa73db9@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> Message-ID: <48F8A9FA.4000108@Gravier.org> Or maybe change the initial sequence to something random that is harder to identify with just pattern matching. Gilles. Ananda Samaddar wrote: > After some experimentation I do believe that the Chinese messaging > service QQ provided by Tencent > (http://en.wikipedia.org/wiki/Tencent_QQ) is blocking OTR. I signed up > for two QQ ids and on two different PCs I installed Pidgin with the OTR > plugin. > > I was able to send messages in English back and forth with no > problems. I was not able to start a private conversation though. So > knowing a little bit about how OTR works I decided to send the > following short strings through QQ via a normal Pidgin chat window: > > ? > ?O > ?OT > ?OTR > > The first three were sent and received the last one ?OTR wasn't, so > Tencent must be blocking OTR sessions. Perhaps it might be worth > informing potential users of OTR with QQ that it won't work and that if > they want to use OTR they'll have to switch to a different IM provider. > > I use MSN + OTR to chat with a friend in the People's Republic of > China, so Microsoft China don't appear to have blocked OTR, yet. I > can't vouch for any other protocols w.r.t Chinese users as I haven't > tested them. > > All things considered this is a big blow for privacy when communicating > with Chinese internet users as QQ is the most used IM service over > there. > > regards, > > Ananda Samaddar > > ------------------------------------------------------------------------ > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- /*Gilles Gravier*/ *=* *Gilles at Gravier.org* ICQ : *77488526* * || *MSN Messenger : Gilles at Gravier.org * *Skype : ggravier * || *Y! : ggravier || AOL : gillesgravier PGP Key ID : *0x8DE6D026* "Living on Earth is expensive, but it does include a free trip around the sun." From ananda.samaddar at gmx.co.uk Fri Oct 17 14:10:26 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Fri, 17 Oct 2008 19:10:26 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <48F8A9FA.4000108@Gravier.org> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> Message-ID: <20081017191026.6b55f603@ananda-desktop> On Fri, 17 Oct 2008 17:06:34 +0200 Gilles Gravier wrote: > Or maybe change the initial sequence to something random that is > harder to identify with just pattern matching. > It might be worth someone else testing this to make sure it's reproducible and not some quirk with my systems. For my test I used two different QQ ids on two different PCs. One a Linux machine using Pidgin 2.5.0 + OTR 3.2.0 and the other a Windows machine using Pidgin 2.5.1 + OTR 3.2.0. It's worth noting that in order to get QQ working properly in Pidgin for Windows you need to uninstall the include gtk+ runtime and use a different version as recommended in this bug report: http://developer.pidgin.im/ticket/6900 You can get a QQ id here: http://signup.qq.com/ If anyone wants to test this with me, e-mail me off list. My QQ id is: 858394729. I certainly wouldn't recommend using the official QQ software as it's infested with adware / spyware. Ananda -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ananda.samaddar at gmx.co.uk Sat Oct 18 16:35:35 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Sat, 18 Oct 2008 21:35:35 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081017191026.6b55f603@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> Message-ID: <20081018213535.58f2f318@ananda-desktop> > > It might be worth someone else testing this to make sure it's > reproducible and not some quirk with my systems. > > For my test I used two different QQ ids on two different PCs. One a > Linux machine using Pidgin 2.5.0 + OTR 3.2.0 and the other a Windows > machine using Pidgin 2.5.1 + OTR 3.2.0. It's worth noting that in > order to get QQ working properly in Pidgin for Windows you need to > uninstall the include gtk+ runtime and use a different version as > recommended in this bug report: > > http://developer.pidgin.im/ticket/6900 > > You can get a QQ id here: > > http://signup.qq.com/ > > If anyone wants to test this with me, e-mail me off list. My QQ id > is: 858394729. I certainly wouldn't recommend using the official QQ > software as it's infested with adware / spyware. > A user has e-mailed me off list to confirm he can reproduce my results w.r.t the strings ?, ?O, ?OT and ?OTR. This was using Adium 1.3.2 and Pidgin on Linux with OTR 3.1.0 on either end. As I've stated before there are issue with Pidgin + QQ on Windows so it would be helpful if someone with an up to date Pidgin + OTR on Linux could contact me to see if the results are replicated on Linux to Linux Pidgin clients. This could hopefully rule out a buggy QQ implementation in libpurple. As an aside, I entered the following terms and they were sent fine over the network even though reverse dns shows the QQ server I'm connected to is in China: Tibet Taiwan Falun Gong Democracy Tiananmen Square So if QQ are censoring they must be censoring in Mandarin not English, OTR strings aside. The ?OTR string use in OTR is definitely its biggest weakness. We currently have to rely on the goodwill of Microsoft / Yahoo / AOL / Google / Your Jabber admin not to block OTR. A weak point indeed. Other that OTR is probably one of the most useful privacy tools I've used (and continue to use) Ananda -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From smoothambiguity at aol.com Sat Oct 18 17:14:22 2008 From: smoothambiguity at aol.com (smoothambiguity at aol.com) Date: Sat, 18 Oct 2008 17:14:22 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081018213535.58f2f318@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop><48F8A9FA.4000108@Gravier.org><20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: <8CAFF7DA06AFC16-1270-3BCD@WEBMAIL-DY38.sysops.aol.com> Come'on my dude, of course if anybody's snarfing traffic and/or preventing anonymity it's China with their Deep Packet Inspecting Routers and what not.? I'm told by a deep source that there is a way to integrate TOR, OTR, QQ and some other application which tunnels IP-through-DNS but since this isn't precisely my cup of tea I don't know much more than that.? I think I recall them saying that this assumes a colluding server somewhere outside of the firewall, but I don't really know what I'm talking about. Shit, speaking of something related, I think I saw some academic paper by some stuffed shirt recently talking about something related to this.? I wonder if I can find it... ------------------------------------------------------------------------------- This E-mail and any of its attachments may contain SmoothAmbiguity proprietary information, which is privileged, confidential, or subject to copyright belonging to SmoothAmbiguity. This E-mail is intended solely for the use of the individual or entity to which it is addressed by SmoothAmbiguity. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited by SmoothAmbiguity and may be unlawful. If you have received this E-mail in error, please notify SmoothAmbiguity immediately and permanently delete the original and any copy of this E-mail and any printout. This message will self-destruct in your brain. This conversation never happened. Remember: loose lips sink tight ships. See also: SmoothAmbiguity. -----Original Message----- From: Ananda Samaddar To: otr-users at lists.cypherpunks.ca Sent: Sat, 18 Oct 2008 4:35 pm Subject: Re: [OTR-users] QQ is blocking OTR > > It might be worth someone else testing this to make sure it's > reproducible and not some quirk with my systems. > > For my test I used two different QQ ids on two different PCs. One a > Linux machine using Pidgin 2.5.0 + OTR 3.2.0 and the other a Windows > machine using Pidgin 2.5.1 + OTR 3.2.0. It's worth noting that in > order to get QQ working properly in Pidgin for Windows you need to > uninstall the include gtk+ runtime and use a different version as > recommended in this bug report: > > http://developer.pidgin.im/ticket/6900 > > You can get a QQ id here: > > http://signup.qq.com/ > > If anyone wants to test this with me, e-mail me off list. My QQ id > is: 858394729. I certainly wouldn't recommend using the official QQ > software as it's infested with adware / spyware. > A user has e-mailed me off list to confirm he can reproduce my results w.r.t the strings ?, ?O, ?OT and ?OTR. This was using Adium 1.3.2 and Pidgin on Linux with OTR 3.1.0 on either end. As I've stated before there are issue with Pidgin + QQ on Windows so it would be helpful if someone with an up to date Pidgin + OTR on Linux could contact me to see if the results are replicated on Linux to Linux Pidgin clients. This could hopefully rule out a buggy QQ implementation in libpurple. As an aside, I entered the following terms and they were sent fine over the network even though reverse dns shows the QQ server I'm connected to is in China: Tibet Taiwan Falun Gong Democracy Tiananmen Square So if QQ are censoring they must be censoring in Mandarin not English, OTR strings aside. The ?OTR string use in OTR is definitely its biggest weakness. We currently have to rely on the goodwill of Microsoft / Yahoo / AOL / Google / Your Jabber admin not to block OTR. A weak point indeed. Other that OTR is probably one of the most useful privacy tools I've used (and continue to use) Ananda _______________________________________________ OTR-users mailing list OTR-users at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Sat Oct 18 19:46:30 2008 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Sat, 18 Oct 2008 19:46:30 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081018213535.58f2f318@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: On Sat, Oct 18, 2008 at 4:35 PM, Ananda Samaddar wrote: [snip] > We > currently have to rely on the goodwill of Microsoft / Yahoo / AOL / > Google / Your Jabber admin not to block OTR. A weak point indeed. This is still true even if OTR never had a fixed string: they could always block anything that doesn't look like recognizable human language and while OTR data could be converted to something that looked like plaintext the overhead would be enormous and it would simply become a perceptual arms race. There is another type of goodwill involved here: If MSN/Yahoo/AOL/etc started blocking OTR it would make them look a little more evil. It would cost them goodwill from the public. So doing so doesn't make economic sense. If it ever does, then there is probably nothing we can reasonably do to stop them. This is a good reason to support Jabber: It doesn't depend on a single party controlled server. I think that the only thing we can do in regard to this is to make sure that the OTR blocking doesn't cause a silent failure for the client and thus encourage people to think OTR doesn't work and deinstall it. From degeneracypressure at gmail.com Sat Oct 18 20:20:54 2008 From: degeneracypressure at gmail.com (Eliah Kagan) Date: Sat, 18 Oct 2008 20:20:54 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: On Sat, Oct 18, 2008 at 7:46 PM, Gregory Maxwell wrote: > On Sat, Oct 18, 2008 at 4:35 PM, Ananda Samaddar (...) wrote: > [snip] >> We >> currently have to rely on the goodwill of Microsoft / Yahoo / AOL / >> Google / Your Jabber admin not to block OTR. A weak point indeed. > > This is still true even if OTR never had a fixed string: they could > always block anything that doesn't look like recognizable human > language and while OTR data could be converted to something that > looked like plaintext the overhead would be enormous and it would > simply become a perceptual arms race. We would have the upper hand in the "arms race". The complexity of blocking anything that doesn't look like human language would itself be very extensive, if you are going to allow things like URLs. Also, QQ supports many human languages. The overhead of concealing messages in what appears to be human language, while significant, would scale with the number of people using OTR, whereas the overhead of recognizing and blocking OTRlike patterns would quickly become taxing on QQ's servers. It should be difficult and costly to prevent people from communicating privately, and even if we cannot prevent OTR from being blocked in the long run, we can arrange for difficulty and cost on the part of those who would block it. -Eliah From degeneracypressure at gmail.com Mon Oct 20 20:33:09 2008 From: degeneracypressure at gmail.com (Eliah Kagan) Date: Mon, 20 Oct 2008 20:33:09 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081018213535.58f2f318@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: On Sat, Oct 18, 2008 at 4:35 PM, Ananda Samaddar said: > A user has e-mailed me off list to confirm he can reproduce my results > w.r.t the strings ?, ?O, ?OT and ?OTR. This was using Adium 1.3.2 and > Pidgin on Linux with OTR 3.1.0 on either end. As I've stated before > there are issue with Pidgin + QQ on Windows so it would be helpful if > someone with an up to date Pidgin + OTR on Linux could contact me to > see if the results are replicated on Linux to Linux Pidgin clients. > This could hopefully rule out a buggy QQ implementation in libpurple. It appears that, in spite of a reproducible problem sending ?OTR between libpurple-based clients running OTR, Tencent QQ is probably not deliberately blocking OTR after all. I am the user who initially contacted Ananda to confirm her findings. In all my tests described herein, separate QQ accounts were used on separate computers at different physical locations connecting to the Internet with different IP addresses. I was using Pidgin 2.5.0 on Xubuntu Linux 8.04. A friend of mine (hereafter to be referred to as "my associate") was using Adium X 1.3.2 on Mac OS X 10.5.5 (Intel). My OTR plugin was enabled, but set not to automatically initiate OTR conversations. Neither of us could send ?OTR to the other. When we then tried to actually start an OTR conversation (with either of us starting it--we tried it both ways), it would fail silently on my end and my associate got the error: "Could not send the last message because it was too large." That is what I reported to Ananda. Since then, Ananda and I have verified that OTR does not work over QQ (and fails silently) between two Linux Pidgin 2.5.0 clients. Today my associate and I tried both using Pidgin 2.5.0 on Xubuntu Linux 8.0.4. With the OTR plugin turned off, we were able to both send ?OTR to one another successfully. With the plugin turned on but set not to automatically initiate OTR conversations, neither of us was able to do so. We then found that whoever had OTR turned off completely was able to receive "?OTR" as an IM. We tested it with QQ for Windows, using QQ2005 v05.0.200.020 (English) on each end. Mine ran on Windows FLP Version 2006 SP3. My associate ran it on Windows XP Professional Version 2002 SP3. We were able to send ?OTR in both directions. We tried it with QQ2005 on my end and Adium X 1.3.2 on my associate's end, and I was able to receive ?OTR (i.e. my associate was able to send it), but my associate was not able to receive it (i.e. I was not able to send it). This further bolstered the hypothesis that the failure to send ?OTR is actually due to OTR not displaying incoming messages that start with that string. Finally, my associate and I tested that by sending ?OTR via AOL Instant Messenger (the service). I used Carrier 2.5.0 (a close fork of Pidgin) on Windows XP Professional Version 2002 SP3, and my associate used the original Adium setup. Neither was able to send ?OTR to the other when OTR was enabled but not being used (i.e. with an unencrypted connection). In light of this, it is unlikely that the failure to send ?OTR via QQ is related to QQ specifically. Therefore, I believe the explanation that remains is that the recent failure of QQ to work with OTR is due to a decrease by Tencent in the maximum message size you can send over QQ. This is consistent with the Adium error messages, and is an issue that could probably be addressed without too much difficulty. -Eliah From ananda.samaddar at gmx.co.uk Mon Oct 20 21:08:25 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Tue, 21 Oct 2008 02:08:25 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: <20081021020825.5b380782@ananda-desktop> > It appears that, in spite of a reproducible problem sending ?OTR > between libpurple-based clients running OTR, Tencent QQ is probably > not deliberately blocking OTR after all. > > I am the user who initially contacted Ananda to confirm her findings. I am actually male! I refer you to my namesake and Ravi Shankar's nephew, a sadly deceased but amazing sitar player: http://en.wikipedia.org/wiki/Ananda_Shankar > In all my tests described herein, separate QQ accounts were used on > separate computers at different physical locations connecting to the > Internet with different IP addresses. I was using Pidgin 2.5.0 on > Xubuntu Linux 8.04. A friend of mine (hereafter to be referred to as > "my associate") was using Adium X 1.3.2 on Mac OS X 10.5.5 (Intel). My > OTR plugin was enabled, but set not to automatically initiate OTR > conversations. Neither of us could send ?OTR to the other. When we > then tried to actually start an OTR conversation (with either of us > starting it--we tried it both ways), it would fail silently on my end > and my associate got the error: "Could not send the last message > because it was too large." A quick and dirty test by me has determined that QQ or at least libpurple's implementation of it has a maximum message size of 500 Latin / English characters. The test was done by composing messages with the string Abcdefghijklmnopqrstuvwxyz with no spaces repeated. > That is what I reported to Ananda. Since then, Ananda and I have > verified that OTR does not work over QQ (and fails silently) between > two Linux Pidgin 2.5.0 clients. > > Today my associate and I tried both using Pidgin 2.5.0 on Xubuntu > Linux 8.0.4. With the OTR plugin turned off, we were able to both send > ?OTR to one another successfully. With the plugin turned on but set > not to automatically initiate OTR conversations, neither of us was > able to do so. We then found that whoever had OTR turned off > completely was able to receive "?OTR" as an IM. > > We tested it with QQ for Windows, using QQ2005 v05.0.200.020 (English) > on each end. Mine ran on Windows FLP Version 2006 SP3. My associate > ran it on Windows XP Professional Version 2002 SP3. We were able to > send ?OTR in both directions. We tried it with QQ2005 on my end and > Adium X 1.3.2 on my associate's end, and I was able to receive ?OTR > (i.e. my associate was able to send it), but my associate was not able > to receive it (i.e. I was not able to send it). This further bolstered > the hypothesis that the failure to send ?OTR is actually due to OTR > not displaying incoming messages that start with that string. Good to hear but I would recommend removing the official QQ client ASAP as per my previous warnings about it. > Therefore, I believe the explanation that remains is that the recent > failure of QQ to work with OTR is due to a decrease by Tencent in the > maximum message size you can send over QQ. This is consistent with the > Adium error messages, and is an issue that could probably be addressed > without too much difficulty. > Hopefully this can be implemented quite painlessly Ananda -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From degeneracypressure at gmail.com Mon Oct 20 21:13:54 2008 From: degeneracypressure at gmail.com (Eliah Kagan) Date: Mon, 20 Oct 2008 21:13:54 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081021020825.5b380782@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> Message-ID: On Mon, Oct 20, 2008 at 9:08 PM, Ananda Samaddar wrote: >> I am the user who initially contacted Ananda to confirm her findings. > > I am actually male! I refer you to my namesake and Ravi Shankar's > nephew, a sadly deceased but amazing sitar player: > > http://en.wikipedia.org/wiki/Ananda_Shankar I apologize for my error! > A quick and dirty test by me has determined that QQ or at least > libpurple's implementation of it has a maximum message size of 500 > Latin / English characters. The test was done by composing messages > with the string Abcdefghijklmnopqrstuvwxyz with no spaces repeated. Excellent. It appears that OTR messages tend to be longer than this. > Good to hear but I would recommend removing the official QQ client ASAP > as per my previous warnings about it. We used virtual machines in VMware Workstation and VMware fusion, and created snapshots of the VMs before installing QQ. Once there appears to be no forthcoming need for further testing, we'll either revert or trash the VMs. -Eliah From ananda.samaddar at gmx.co.uk Mon Oct 20 21:35:29 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Tue, 21 Oct 2008 02:35:29 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> Message-ID: <20081021023529.4e0e3f5c@ananda-desktop> On Sat, 18 Oct 2008 19:46:30 -0400 "Gregory Maxwell" wrote: > There is another type of goodwill involved here: If MSN/Yahoo/AOL/etc > started blocking OTR it would make them look a little more evil. It > would cost them goodwill from the public. So doing so doesn't make > economic sense. If it ever does, then there is probably nothing we > can reasonably do to stop them. This sort of evil behaviour is already going on in the PRC. Under the pretence of supporting 'local laws' Yahoo has already turned over e-mail of a Chinese dissident to the authorities. He is now serving a prison sentence. Plus we probably all (should) know about the recent Skype China controversies. Although this only pertains to the PRC I certainly wouldn't count out the possibility of this happening in other countries. After all I live in the UK, the most surveillance happy nation on Earth it would seem, so you can forgive me for being a little cynical. > This is a good reason to support Jabber: It doesn't depend on a > single party controlled server. 100% agree. The ultra paranoid can even run their own Jabber server now that broadband has supplanted dial-up internet connections. > I think that the only thing we can do in regard to this is to make > sure that the OTR blocking doesn't cause a silent failure for the > client and thus encourage people to think OTR doesn't work and > deinstall it. Definitely, OTR has worked for me on every major IM provider I use and is a fantastic piece of software. It does however give a silent error when it doesn't work with QQ, see mine and Eliah's follow up posts on the issue. Ananda -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ian at cypherpunks.ca Mon Oct 20 22:05:28 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 20 Oct 2008 22:05:28 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081021020825.5b380782@ananda-desktop> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> Message-ID: <20081021020528.GK2826@yoink.cs.uwaterloo.ca> On Tue, Oct 21, 2008 at 02:08:25AM +0100, Ananda Samaddar wrote: > > Therefore, I believe the explanation that remains is that the recent > > failure of QQ to work with OTR is due to a decrease by Tencent in the > > maximum message size you can send over QQ. This is consistent with the > > Adium error messages, and is an issue that could probably be addressed > > without too much difficulty. > > > > Hopefully this can be implemented quite painlessly In recent libotr, it can be. There's a file you can stick in your .purple directory (or whatever it's called on Windows; the directory where your otr.fingerprints and otr.private_key file live). It's called otr.max_message_size and you can put a line in it that looks like: proto_namemms So: prpl-irc 417 (that's a tab between the prpl-irc and the 417). I don't know what the protocol name for qq is (prpl-qq, maybe?), but it should show up in your accounts.xml file. Try a few values for the MMS, but from what you say, something in the 400-500 range is probably good. Of course, both of you have to be using libotr 3.1.0 or later. - Ian From degeneracypressure at gmail.com Mon Oct 20 22:54:53 2008 From: degeneracypressure at gmail.com (Eliah Kagan) Date: Mon, 20 Oct 2008 22:54:53 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <20081021020528.GK2826@yoink.cs.uwaterloo.ca> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> <20081021020528.GK2826@yoink.cs.uwaterloo.ca> Message-ID: On Mon, Oct 20, 2008 at 10:05 PM, Ian Goldberg wrote: > In recent libotr, it can be. There's a file you can stick in your > .purple directory (or whatever it's called on Windows; the directory > where your otr.fingerprints and otr.private_key file live). > > It's called otr.max_message_size and you can put a line in it that looks > like: > > proto_namemms > > So: > > prpl-irc 417 > > (that's a tab between the prpl-irc and the 417). > > I don't know what the protocol name for qq is (prpl-qq, maybe?), but it > should show up in your accounts.xml file. Try a few values for the MMS, > but from what you say, something in the 400-500 range is probably good. > > Of course, both of you have to be using libotr 3.1.0 or later. It seems to me that it would be very appropriate for the default behavior to take this into account, so that otr would work for QQ out of the box. I know that this list isn't for feature requests, but this issue seems more to be of a bug than of a feature absence--otr comes by default in a non-functioning state for QQ. Should one of us submit a bug report for this issue? -Eliah From ian at cypherpunks.ca Tue Oct 21 07:32:31 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 21 Oct 2008 07:32:31 -0400 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> <20081021020528.GK2826@yoink.cs.uwaterloo.ca> Message-ID: <20081021113231.GR2826@yoink.cs.uwaterloo.ca> On Mon, Oct 20, 2008 at 10:54:53PM -0400, Eliah Kagan wrote: > On Mon, Oct 20, 2008 at 10:05 PM, Ian Goldberg wrote: > > In recent libotr, it can be. There's a file you can stick in your > > .purple directory (or whatever it's called on Windows; the directory > > where your otr.fingerprints and otr.private_key file live). > > > > It's called otr.max_message_size and you can put a line in it that looks > > like: > > > > proto_namemms > > > > So: > > > > prpl-irc 417 > > > > (that's a tab between the prpl-irc and the 417). > > > > I don't know what the protocol name for qq is (prpl-qq, maybe?), but it > > should show up in your accounts.xml file. Try a few values for the MMS, > > but from what you say, something in the 400-500 range is probably good. > > > > Of course, both of you have to be using libotr 3.1.0 or later. > > It seems to me that it would be very appropriate for the default > behavior to take this into account, so that otr would work for QQ out > of the box. I know that this list isn't for feature requests, but this > issue seems more to be of a bug than of a feature absence--otr comes > by default in a non-functioning state for QQ. Should one of us submit > a bug report for this issue? Work out what the correct MMS should be for QQ (be sure to try it with some unusually long screen names), and follow up to this post letting me know (along with the prpl id for it). I can add it to the default list for the next release. Thanks, - Ian From ananda.samaddar at gmx.co.uk Tue Oct 21 07:45:59 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Tue, 21 Oct 2008 12:45:59 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <48FDC009.9020904@gmx.co.uk> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> <20081021020528.GK2826@yoink.cs.uwaterloo.ca> <20081021113231.GR2826@yoink.cs.uwaterloo.ca> <48FDC009.9020904@gmx.co.uk> Message-ID: <48FDC0F7.9040806@gmx.co.uk> Forgot to CC this to the list: Ian Goldberg wrote: > > Work out what the correct MMS should be for QQ (be sure to try it with > some unusually long screen names), and follow up to this post letting me > know (along with the prpl id for it). I can add it to the default list > for the next release. > MMS of 500 works, I've managed to get an unverified conversation going with both Linux and Windows Pidgin clients over QQ. However the authentication process appears to have failed it's in the 'waiting for buddy status' and has been for nearly ten minutes now. I prefer the shared secret method of authentication. I'll do so more resting and report back. thanks, Ananda From ananda.samaddar at gmx.co.uk Tue Oct 21 07:55:01 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Tue, 21 Oct 2008 12:55:01 +0100 Subject: [OTR-users] QQ is blocking OTR In-Reply-To: <48FDC0F7.9040806@gmx.co.uk> References: <20081017154622.0fa73db9@ananda-desktop> <48F8A9FA.4000108@Gravier.org> <20081017191026.6b55f603@ananda-desktop> <20081018213535.58f2f318@ananda-desktop> <20081021020825.5b380782@ananda-desktop> <20081021020528.GK2826@yoink.cs.uwaterloo.ca> <20081021113231.GR2826@yoink.cs.uwaterloo.ca> <48FDC009.9020904@gmx.co.uk> <48FDC0F7.9040806@gmx.co.uk> Message-ID: <48FDC315.2060207@gmx.co.uk> Ananda Samaddar wrote: > Forgot to CC this to the list: > > Ian Goldberg wrote: >> >> Work out what the correct MMS should be for QQ (be sure to try it with >> some unusually long screen names), and follow up to this post letting me >> know (along with the prpl id for it). I can add it to the default list >> for the next release. >> > > > MMS of 500 works, I've managed to get an unverified conversation going > with both Linux and Windows Pidgin clients over QQ. However the > authentication process appears to have failed it's in the 'waiting for > buddy status' and has been for nearly ten minutes now. I prefer the > shared secret method of authentication. I'll do so more resting and > report back. > > thanks, > > Ananda > Forgot to mention, the prpl id is simply prpl-qq Ananda From michaelgoerz at gmail.com Thu Oct 23 07:06:10 2008 From: michaelgoerz at gmail.com (Michael Goerz) Date: Thu, 23 Oct 2008 13:06:10 +0200 Subject: [OTR-users] Problem finding libotr In-Reply-To: <200810160846.17936.konrad@tylerc.org> References: <55c2e22f0810160450x587f6de6t9d505f99bcd6f07a@mail.gmail.com> <200810160846.17936.konrad@tylerc.org> Message-ID: <55c2e22f0810230406h6813dca8m46c7edd63f5021ea@mail.gmail.com> On Thu, Oct 16, 2008 at 5:46 PM, Conrad Meyer wrote: > On Thursday 16 October 2008 04:50:34 am Michael Goerz wrote: >> Hi, >> >> I have some trouble installing the OTR plugin on linux. Before trying >> to compile >> pidgin-otr-3.2.0 from source, I manually installed (from source) >> libotr-3.2.0 with its prerequisites libgcrypt-1.2.4 and >> libgpg-error-1.6, all with '--prefix=$HOME' (I don't have root access >> on the machine I'm installing this). >> >> Now, when I do ./configure for pidgin-otr-3.2.0, it ends with the >> following messages: >> >> [...] >> checking for libotr CFLAGS... >> checking for libotr LIBS... -lotr >> checking for libotr headers version 3.x >= 3.2.0... not present. >> checking for otrl_message_receiving in -lotr... yes >> configure: error: libotr 3.2.0 or newer is required >> >> How can I convince configure to find the libotr library in my home folder? >> >> Thanks, >> Michael Goerz > > Check ./configure --help, but probably ./configure --with-otr-lib=/path/to/lib > or such. Yeah, I tried that, but it doesn't seem to work. When installing the prerequisite libraries, they ended up in /home/goerz/lib/. So for pidgin-otr, I tried ./configure --prefix=/home/goerz --with-libotr-prefix=/home/goerz/lib --with-libotr-inc-prefix=/home/goerz/src/libotr-3.2.0/src, and a number of other combinations, but none of them worked. What would you put in for --with-libotr-prefix and --with-libotr-inc-prefix? > Regards, > Conrad Meyer Thanks, Michael Goerz From ian at cypherpunks.ca Sat Oct 25 13:32:04 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 25 Oct 2008 13:32:04 -0400 Subject: [OTR-users] Problem finding libotr In-Reply-To: <55c2e22f0810230406h6813dca8m46c7edd63f5021ea@mail.gmail.com> References: <55c2e22f0810160450x587f6de6t9d505f99bcd6f07a@mail.gmail.com> <200810160846.17936.konrad@tylerc.org> <55c2e22f0810230406h6813dca8m46c7edd63f5021ea@mail.gmail.com> Message-ID: <20081025173204.GE2978@yoink.cs.uwaterloo.ca> On Thu, Oct 23, 2008 at 01:06:10PM +0200, Michael Goerz wrote: > On Thu, Oct 16, 2008 at 5:46 PM, Conrad Meyer wrote: > > On Thursday 16 October 2008 04:50:34 am Michael Goerz wrote: > >> Hi, > >> > >> I have some trouble installing the OTR plugin on linux. Before trying > >> to compile > >> pidgin-otr-3.2.0 from source, I manually installed (from source) > >> libotr-3.2.0 with its prerequisites libgcrypt-1.2.4 and > >> libgpg-error-1.6, all with '--prefix=$HOME' (I don't have root access > >> on the machine I'm installing this). > >> > >> Now, when I do ./configure for pidgin-otr-3.2.0, it ends with the > >> following messages: > >> > >> [...] > >> checking for libotr CFLAGS... > >> checking for libotr LIBS... -lotr > >> checking for libotr headers version 3.x >= 3.2.0... not present. > >> checking for otrl_message_receiving in -lotr... yes > >> configure: error: libotr 3.2.0 or newer is required > >> > >> How can I convince configure to find the libotr library in my home folder? > >> > >> Thanks, > >> Michael Goerz > > > > Check ./configure --help, but probably ./configure --with-otr-lib=/path/to/lib > > or such. > Yeah, I tried that, but it doesn't seem to work. When installing the > prerequisite libraries, they ended up in /home/goerz/lib/. So for pidgin-otr, > I tried ./configure --prefix=/home/goerz --with-libotr-prefix=/home/goerz/lib > --with-libotr-inc-prefix=/home/goerz/src/libotr-3.2.0/src, and a number of > other combinations, but none of them worked. What would you put in for > --with-libotr-prefix and --with-libotr-inc-prefix? I think your inc-prefix is wrong. When you did "make install" on libotr, it should have installed the header files into $HOME/include/libotr/*. Since pidgin-otr is trying to open , your -I should be $HOME/include. So try passing that to --with-libotr-inc-prefix, and see what happens. - Ian From ber61921076 at yahoo.de Sun Oct 26 15:12:03 2008 From: ber61921076 at yahoo.de (ber61921076) Date: Sun, 26 Oct 2008 20:12:03 +0100 (CET) Subject: [OTR-users] otr support in gajim? Message-ID: <856763.68104.qm@web23108.mail.ird.yahoo.com> hello Guys, i thought that "gajim" have otr-support. but i cant find it, i have tried it with an installation on gentoo with the normal install mode & under ubuntu feisty, but there is no possibillitie. is there another version who is not included in this distributions who proviedes gajim? Greetings, Karl From js-otrim at webkeks.org Sun Oct 26 15:55:32 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Sun, 26 Oct 2008 20:55:32 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: <856763.68104.qm@web23108.mail.ird.yahoo.com> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> Message-ID: <20081026205532.372f29cd@webkeks.org> ber61921076 wrote: > hello Guys, > > i thought that "gajim" have otr-support. but i cant > find it, i have tried it with an installation on > gentoo with the normal install mode & under ubuntu > feisty, but there is no possibillitie. > > is there another version who is not included in this > distributions who proviedes gajim? > > Greetings, > > Karl OTR was removed from Gajim because we consider the current libotr API unusably broken. It was not possible to have reliable message delivery when libotr was used, it silently dropped messages etc. The current API requires to pass every message to libotr, whether it's an OTR session or not. We tried some workarounds, until we decided to drop OTR support. We have GPG and ESessions anyway, so just try to convince your chat partner of XMPP, then you can use those :). We are currently hoping that libotr4 will fix those issues and might reconsider to revive the OTR support then. And there is a branch that still has OTR support (just Google for it) - however, it is totally unsupport, don't expect any support from the developers if it fails. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From perrin at apotheon.com Tue Oct 28 17:27:19 2008 From: perrin at apotheon.com (Chad Perrin) Date: Tue, 28 Oct 2008 15:27:19 -0600 Subject: [OTR-users] article about OTR Message-ID: <20081028212719.GA6605@kokopelli.hydra> I'm writing an article about OTR Messaging for the IT Security Weblog [1] at TechRepublic. I'd like to ask someone on the core OTR Development Team [2] some questions about it as soon as possible. If you're one of those people, and willing to provide some information, please contact me directly [3]. Thanks for your time. ########### References: [1]: http://blogs.techrepublic.com.com/security/ [2]: http://www.cypherpunks.ca/otr/people.php [3]: Use the address from which I sent this email, please. -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Common Reformulation of Greenspun's Tenth Rule: Any sufficiently complicated non-Lisp program contains an ad hoc informally-specified bug-ridden slow implementation of half of Common Lisp. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: