Slashdot Mirror

How to normally chat? That is using Free protocols like XMPP which is best done by Pidgin/libpurple? Apple forbids too Free software in AppStore. We ended up with my girlfriend using proprietary GoogleTalk==Hangouts but that has its own flaws.

https://pidgin.im/ still updated and supported

May I interest you in Pidgin?

If you end up regretting using it, you can get a full refund.

Pidgin (or any other libpurple-based client, like Adium) with the purple-hangouts plugin works fine for my requirements.

Trillian was garbage. Even 'a decade ago', we had GAIM, which is now Pidgin. Exactly the same idea, except it works.

For desktop, use Pidgin with the Off-The-Record plugin: https://pidgin.im/

For mobile, use Signal by Open Whisper Systems.

https://pidgin.im/

Firefox Hello bundles this kind of thing right into the web browser. I kind of like this idea for allowing basic functionality (think of the browser-based IM in Google and Facebook) and even extending that to voice and video (the way Google Hangouts does), but I'd ideally like to see a more powerful stand-alone client for people that want more than just a few casual conversations here and there. (This is an even better idea for Thunderbird, since your contact list lives there.)

Fortunately, we have pidgin, a stand-alone IM client with a great feature set and wonderful cross-platform support (Adium is merely an OS X implementation of Pidgin). Pidgin desperately needs help, as it hasn't successfully had an easy-to-use voice (let alone video) capability. I'm hoping that WebRTC (which powers Firefox Hello and, I think, Google Hangouts) can provide this, at least for using Firefox Hello and/or bridging between two Pidgin/Adium/Libpurple users.

Add this as reason #2'175 on the long list of why one should definitely use end-to-end encryption.

If you use a well designed end-to-end encryption, that has been validated by cryptologist (think OTR for chat, ZRTP for voice), I doesn't matter what the quality of the underlying link is or if telcos are helping breaking the link.

Best part? These technology can work over your already existing systems (though ZRTP can't work over Skype's voice and video. It only works over SIP or XMPP/Jingle - i.e.: the standards that the whole rest of the internet is using).
So you can OTR encrypt your chats over your Google Talk's XMPP session.

And there are clients supporting them either out-of-the-box (jitsi, adium) or with a plugin (pidgin), over your existing accounts (XMPP like Google Talk, or any random SIP provider).

This list is part of a much longer list that I maintain and sometimes publish.

* 7-ZIP -- Create/Extra ZIP and many other other file compression formats, very powerful. Note can open some installer EXE and MSI files (see Microsoft Orca for more MSI options) (free, open source, Windows, there may be Linux/Mac variants). http://www.7-zip.com/

* CCleaner -- System optimization, privacy and cleaning tool. (free, closed source, Windows) http://www.ccleaner.com/ **Alternate Tool** BleachBit -- Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. (free, open source Linux/Windows) http://bleachbit.sourceforge.n...

* Greenshot -- Good Screen Shot tool with simple annotation options. (free, open source, Windows) http://greenshot.sourceforge.n...

* IrfanView -- Image Program View, convert, crop, optimize, sideshow, batch Processing etc (free noncommercial, closed source, Windows) http://www.irfanview.com/

Instantbird -- Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) **Alternate Tool** Pidgin - Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) http://pidgin.im/

* KeePass Password Safe -- Good Quality secure password manager, stores passwords encrypted. (free, open source, Windows Linux/Mac with Mono) http://keepass.info/

* LibreOffice -- Power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production. Excellent replacement for other Office Suites, can open many different and sometimes odd file types -- (free, open source, Linux/Mac/Windows) http://www.libreoffice.org/

* Mozilla.org FireFox -- Web browser for more security then Internet Explore (free, open source, Linux/Mac/Windows) http://www.mozilla.com/ http://www.mozilla.org/

* SpeedCrunch -- fast, high-precision and powerful cross-platform desktop calculator (free, open source, Linux/Mac/Windows) http://www.speedcrunch.org/ & http://speedcrunch.blogspot.co...

* UltraEdit -- Probably the absolute best most powerful text editors around, edit huge files, FTP, column mode, and more (shareware, closed source, Win/Mac/Linux) http://www.ultraedit.com/ **Alternate Tool** Noteppad++ -- Good Text / Source Code Editor replacement for Microsoft Windows Notepad/Wordpad (free, open source) http://notepad-plus.sourceforg...

* VLC Media Player -- One of the best media players out there. Highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network. (free, oen source, Linux/Mac/Windows)
http://www.videolan.org/

This list is part of a much longer list that I maintain and sometimes publish. There are few others, but some are more as needed special use cases. * 7-ZIP -- Create/Extra ZIP and many other other file compression formats, very powerful. Note can open some installer EXE and MSI files (see Microsoft Orca for more MSI options) (free, open source, Windows, there may be Linux/Mac variants). http://www.7-zip.com/ * CCleaner -- System optimization, privacy and cleaning tool. (free, closed source, Windows) http://www.ccleaner.com/ **Alternate Tool** BleachBit -- Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. (free, open source Linux/Windows) http://bleachbit.sourceforge.n... * Greenshot -- Good Screen Shot tool with simple annotation options. (free, open source, Windows) http://greenshot.sourceforge.n... * IrfanView -- Image Program View, convert, crop, optimize, sideshow, batch Processing etc (free noncommercial, closed source, Windows) http://www.irfanview.com/ Instantbird -- Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) **Alternate Tool** Pidgin - Multi Protocol Instant Messaging (IM) Client - AOL, MSM, Yahoo, etc (free, open source, Linux/Mac/Windows) http://pidgin.im/ * KeePass Password Safe -- Good Quality secure password manager, stores passwords encrypted. (free, open source, Windows Linux/Mac with Mono) http://keepass.info/ * LibreOffice -- Power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production. Excellent replacement for other Office Suites, can open many different and sometimes odd file types -- (free, open source, Linux/Mac/Windows) http://www.libreoffice.org/ * Mozilla.org FireFox -- Web browser for more security then Internet Explore (free, open source, Linux/Mac/Windows) http://www.mozilla.com/ http://www.mozilla.org/ * SpeedCrunch -- fast, high-precision and powerful cross-platform desktop calculator (free, open source, Linux/Mac/Windows) http://www.speedcrunch.org/ & http://speedcrunch.blogspot.co... * UltraEdit -- Probably the absolute best most powerful text editors around, edit huge files, FTP, column mode, and more (shareware, closed source, Win/Mac/Linux) http://www.ultraedit.com/ **Alternate Tool** Noteppad++ -- Good Text / Source Code Editor replacement for Microsoft Windows Notepad/Wordpad (free, open source) http://notepad-plus.sourceforg... * VLC Media Player -- One of the best media players out there. Highly portable multimedia player for various audio and video formats ) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network. (free, open source, Linux/Mac/Windows) http://www.videolan.org/

Not necessarily, credentials are often stored in plain text but in restricted access files. The Debian MySQL admin password, for example, is stored plain-text in /etc/mysql/debian.cnf This might be of some interest as well: https://developer.pidgin.im/wiki/PlainTextPasswords

Facebook chat can be accessed via XMPP. So use a good IM client like Pidgin with the OTR plugin and you have nice, encrypted chats via FB. I use it daily, and it works great.

It is about layers of true security, not of layers of security through obscurity. It has been argued many times that any layer of obfuscation would be trivial for any luser to bypass -- just read out about the many pages that list how to recover Windows Wi-Fi passwords. And if I'm not able to "cat password_file" to reveal my passwords, then I might fail into the trap of feeling confident and passing this file around, so there's a clear disadvantage and no clear advantages.

I'm not the only one making saying this. https://developer.pidgin.im/wiki/PlainTextPasswords . It's been trolled to death on every other Slashdot mis-discussion about plain-text passwords.

And among other things: WEP is worse than no protection. At least no one is to have any sense of security when running a completely open network. It's people like you that are the problem.

The issue of passwords being stored unencrypted on media has come up before with Android email passwords, Pidgin passwords and so on. If your attacker can bypass filesystem permissions you are already in a world of pain. One way to mitigate this would be to use a password protected keychain/keyring but this only works if you don't automatically unlock it...

Say that I want my Windows machine to automatically log in as a user when I turn it on. Because of the way Windows works it needs to be able to unlock my account (almost certainly to be able to unlock credential stores that would be otherwise locked), which means that when I enable Windows auto-login my password is going to be saved into the registry in plain text.

Perhaps Mac OS X can magically do better? Well not really - OS X XOR's your password with a fixed key and saves into /etc/kcpassword. For an attacker this is not a big hurdle over what Windows does. Unless your password is available OS X would be unable to unlock your keychain and all sorts of things would have to start prompting you if they wished to work.

If the keys to reverse the encryption are stored alongside the encrypted object you have not gained any more security but are just obfuscating your data - an attacker can simply steal both at the same time, run the decryption algorithm and use the object. To be secure you need to have something your attacker doesn't have access to which is at odds with unattended operation. If you want to have something happen completely unattended (i.e. from power on) fashion you are going to need ALL the information available in a directly usable form at some point and it's going to have to be "unprotected". While saving things like hashes are bit better (as they don't reveal the underlying password which may have been reused elsewhere) someone can still steal the hash and use it as is for accessing that service and in many cases a hash is no good as challenge response is being used to prevent the whole secret from having to be passed.

I do have one question though - what do OS X and Windows when you save things like WiFi/802.11x passwords that are accessible to every user? To what extent do they try and protect their system "keychains" and wouldn't such protection be obfuscation?

And if you think it is, maybe you should read what Pidgin developers have to say about this..

These yearly "$PROGRAM is storing my passwords in plain text! Won't somebody think of the children!" stories are very tiresome...

Pidgin (formerly gaim) also keeps unencrypted creds. This is their reasoning..

I understand their logic, and it makes sense I guess because they don't want to roll their own keyring system, but they really should make every attempt to integrate with any available system keyring out there.

A centralized backup system could easily hoover up these files in a corporate environment and expose the information to an additional set of access controls and people.
It's just an unnecessary additional attack vector that can allow people to impersonate other people in a complex environment. Your Kerberos stuff will expire somewhat quickly, but your password is sensitive for much longer.

Pidgin (formerly gaim) also keeps unencrypted creds. This is their reasoning..

For most of my personal communication I use the pidgin instant messaging client with the Off-The Record plugin for easy encrypted messaging on (nearly) any OS. The tough part is talking friends into using it as well. Of course, the NSA could still break into this stuff, but it would certainly waste their time and resources.

This has been going on for a long time - Skype was banned or crippled in the UAE for a long time, but recently unblocked:

http://english.alarabiya.net/en/business/technology/2013/04/08/Etisalat-unblocks-Skype-website-in-the-UAE.html

At the time, it was more about securing revenue from the lucrative expat market than locking-down protest movements.
Of course, these latter do exist, but less so in Saudi & UAE than, say, Egypt.

I guess this latest move will just drive more interest in alternatives, which are often 'open' and perhaps more secure...

http://www.pidgin.im/

http://www.makeuseof.com/tag/fed-up-with-skype-here-are-6-of-the-best-free-alternatives/

The thing I most care about is if the "hangout protocol" will be supported by libpurple, preferably by google written code. It would be great if the protocol was open source to ease the implementation.

I don't mind having a variety of IM protocols because it adds fault tolerance, but I want to run only one client. Several clients use libpurple now so it is even resistant to one development team's idea of what is the next best GUI idea.

In addition to the Google Talk client, there are many other clients out there that provide a great communications experience. We believe users should have choice in which clients they use to connect to the Google Talk service and we want to encourage the developer community to create new and innovative applications that leverage our service. To enable this, Google Talk uses the standard XMPP protocol for authentication, presence, and messaging.

What does this mean for those who care about security? For one, you can choose software that includes Off-the-Record end-to-end encryption (OTR) such as Pidgin with the OTR plugin on GNU+Linux or Windows, or Adium (which has OTR built-in and enabled by default) on Mac OS X. On Android you can use Beem or Gibberbot, although I personally recommend Beem (and if you are using iOS you obviously don't give a shit about security anyway). By using OTR, Google has no idea what you are typing, even as you use their servers to send & receive XMPP data. As a bonus, you can proxy any of these applications over Tor, so Google has no idea where you are even connecting from, anonymising your IP address.

Because of the benefits of an open protocol, the fact that Google is in the US is far less of a problem than Microsoft being in the US because Skype by design restricts your ability to know how it communicates with Microsoft's supernodes and other Skype clients. This is the very nature of proprietary software: to subjugate you, keep you ignorant, and wield power over you. Google may not be perfect, but at least they are committed to using open standards as the base level of their communication networks, and explicitely encourage people to use what software they want, allow proxied and/or Torified connections to their services, & allow you to use end-to-end encryption with crypto keys that YOU control.

TL,DR:

I am very happy to find out a friend has a Google account, so that as soon as they use it with OTR encryption, I can communicate with them safely & securely from my own XMPP server with end-to-end encryption using an standard, open protocol. Incomparably better than Skype.

In order for this not to happen again do the following:

Stop using Windows and MacOSX.

So you are saying that full disk encryption on Windows and Mac OS X has backdoors? Any link to back that up?

Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.

Now you are saying that Fedora has no backdoors. But the only way the Syrian activists will be sure is if they download the code, check it themselves, and compile everything, as it is pretty much impossible to know that the precompiled binaries haven't been tampered with. But the code for the relevant parts of Mac OS X is also available. In any case, the Syrian activists, being social activists and not hackers most likely lack the skills and the time to understand the code and to compile it themselves, nullifying the advantage.

Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'

Pidgin? You mean the open source messaging client that also runs on Windows and Mac OS X?

Generate keys and verify them before communicating.

Yeah, cause we all know there is no SSH nor GPG for Mac OS X or for Windows. Oh, wait...

And not using major OSes will keep you away from the most common exploits and trojans.

Except that there is far more malware for Linux than for Mac OS X. (Why? Because Linux is widely used in servers that the "evil doers" specifically want to crack.)

Also, try to use TOR, HTTPS-everywhere and other good tools.

Again, tools available for Mac OS X and Windows.

In many cases some free software licenses conflict with the terms of app stores. For instance, Pidgin can't be ported to the iPhone for this (and other) reasons.

I don't know of any authors who refused to publish their apps to an app store because of issues not related to licensing. Do you know of any?

It was on that basis, said that both the FSF and Stallman are being misleading and hypocritical, and don't even meet their standard for what "free software" is.

Now, here, I don't think we're ever going to agree. I think the definition they intend us to use is the one in the Free Software Definition. As opposed to 29 words in an attention grabbing blurb. Aside from the clue in the name, it's also the definition they actually say they use on the page in question. Always assuming anyone bothers to read beyond the big blue PNG, obviously.

See my point? In this case "share" software == "distribute" software.

That still seems like a bit of a stretch to me. If I copy a windows disc and give it to a friend to copy, then I am breaking the law. If I copy, let's say Pidgin onto a USB stick and give it to a friend, I'm fine. OK, strictly speaking he's entitled to ask me for the source code, and if he does, I'll probably just point him at the repository. I'd say those two cases probably cover 99.9% of all user experience of the GPL. It just doesn't seem like a big deal.

Now if I set up a server somewhere and offer the same code for download, then I have a few additional responsibilities, and if I ignore them, I run the risk of getting an email from the copyright holders asking me to kindly comply with the licence. If I'm determined to flout the terms of the licence, it may end up going to court, but on the whole, I either offer the source code as a download, or else stop distributing it, and it's still not that big a deal.

It's okay to have licenses that contain restrictions such as the GPL, but to claim that they're "free as in free speech", and to blatantly market them as such is dishonest.

Personally, I doubt there's any intent to deceive here. I also doubt there's any particularly dire consequence if someone does misunderstand, and I really can't see how misleading distributors would benefit anyone, Stallman included.

Honestly, I think you're letting your personal dislike of the man colour your judgement.

You're thinking of the Psychic Mode plugin that comes with Pidgin of which is also used by the Bot Sentry plugin to filter out spam messages. I remember the first time I got Bot Sentry working and noticed that it pretty much eliminated the spam problem coming from both ICQ and MSN networks, but the first time I saw "You feel a disturbance in the force" a week later kind of freaked me out as I didn't realize that was Psychic Mode's default behavior.

"Does Pidgin support voice or video? Yes, Pidgin does support voice and video, but this is limited to Unix-like platforms and the XMPP protocol (including GoogleTalk)." http://developer.pidgin.im/wiki/Using%20Pidgin#DoesPidginsupportvoiceorvideo

This is the first time I've ever seen a feature come out on *nix FIRST, then go to windows.

Let me check the web site... I wonder what the big orange download link that says "Windows" means... Surely it doesn't mean that it runs on Windows?!

The difference is that Diaspora is to be released under the aGPL license. Making it free software

...and its whole architecture is distributed (as is the case of other opens-source social networks systems cited elsewhere).
Just like Jabber, and other nice standard which emerged from opensource projects.

Thus you could run one instance ("seed" in Diaspora parlance) on your own server.
Or if you don't have the knowledge and/or resources to do it, create a profile on some Dispora-provider.
As it's distributed and open, it will still let you communicate with other users from other seeds running elsewhere on the web.

If the provider goes "Zuckerberg" on its privacy ? Just move to another seeds and continue from there. As the system is open and distributed all seeds can communicate.
Whereas, with Facebook, well, if you don't like the privacy and decide to move to Buzz, well good luck. You can't bring all your friends with you, unless you encourage everyone to switch along with you.

With any luck, if such a distributed system becomes popular enough, the current big players might get forced to interoperate with the main system (be it OneSocialWeb, Dispora, or whatever else). Just like what's hapenning with Jabber and GoogleTalk versus FaceBook and StudiVZ, who are slowly moving to XMPP/Jabber for their chat systems.

Although the current situation is subpar :
- Facebook is using a non-encrypted XMPP/Jabber interface which lacks compared to (for example) Pidgin's Plugin (the list-to-group mapping is really bad).
- and StudiVZ has outsourced part chat capabilities to Nimbuzz (namely to make a newer web-app and mobile support) which in turn operates as a Jabber gateway (a rather circumvented way to support it).

But still its a move in the right direction. So if they feel threatened enough by newer "Social" standard, they might follow again.

Have you checked out Pidgin? Also, think you could email a copy of the installer to me? I absolutely loved the customization features on the Mirabillis clients.

It was mine to begin with.
I just happened to hit "Reply" in the wrong thread and wanted to move where appropriate. I fucked up the copy-paste. And of course it does look the same in the preview pane, which didn't help.

Here are the missing links :
- Adium : http://adium.im/
- Pidgin : http://pidgin.im/
- OTR: http://www.cypherpunks.ca/otr/
- plugins downloads : http://www.cypherpunks.ca/otr/index.php#downloads middle column. It offers a Windows installer. For Linux there's source code (I use it), but it should be much simpler to use the package provided by your distribution's repository (it's in OpenSUSE, Ubuntu, Debian and Gentoo. Don't know about the others)

(Checking in preview pane : Yup this time I didn't fuck up the URLs ;-) )

First of all, he is advocating pessimization of install on good operating systems (like BSDs or Linux) for the sake of the bad ones (like Windows). Second, and most important, is that the changes need not be so invasive as to change the entire APIs. If one must rely on a 3rd-party packages, one may provide that 3rd-party product — but without bundling it with one's own.

Most of the changes seem to be very small or necessary.

Look, for example, how pidgin installs itself on Windows — the GTK and spell-checker(s) are necessary and usually are installed during the pidgin install. But they aren't forked by the pidgin developers...

I don't think the comparison is valid. Pidgin is a Gnome project, so patches can go directly to the gnome source.

The extent, to which Google modifies the bundled 3rd-party stuff is also too great: go through the guy's own list and look for his own "fork severity" ratings...

Most severities are low, the ones that are high seem justified.

Not to mention, that things like JPEG, XML, and PNG, probably, didn't have to be installed on Windows at all — such basic building blocks are available from Microsoft themselves...

There certainly aren't any high-quality platform-independent libraries from Microsoft, otherwise Pidgin wouldn't require the GTK runtime.

Google could have picked GTK or Qt as the Framework, but I think they decided against it because they wanted to have more control over the libraries and maybe because of licensing issues.

Why aren't you convinced by their argument if I may ask?

First of all, he is advocating pessimization of install on good operating systems (like BSDs or Linux) for the sake of the bad ones (like Windows). Second, and most important, is that the changes need not be so invasive as to change the entire APIs. If one must rely on a 3rd-party packages, one may provide that 3rd-party product — but without bundling it with one's own.

Look, for example, how pidgin installs itself on Windows — the GTK and spell-checker(s) are necessary and usually are installed during the pidgin install. But they aren't forked by the pidgin developers...

The extent, to which Google modifies the bundled 3rd-party stuff is also too great: go through the guy's own list and look for his own "fork severity" ratings...

Not to mention, that things like JPEG, XML, and PNG, probably, didn't have to be installed on Windows at all — such basic building blocks are available from Microsoft themselves...

I'm not a professional in the field (yet), but here's just a thought:

Pidgin keeps its passwords in plaintext. Their justification boils down to "If the system is sanely setup, nobody else should be able to see your user-only files anyway, and encrypting just gives a false sense of security."

I suppose their justification depends precisely on the assumption that the system is setup securely (at least as far as permissions are concerned) to begin with, which is the assumption that is violated by NFS.

That is, wouldn't it be better, instead of changing svn, to stop using NFS instead? Or is my lack of experience in the field causing me to miss something here?

The quote itself is referencing third-party apps. Try comparing Adium to Pidgin, or TextMate to pretty much any other GUI text editor, or iWork to OpenOffice (not really a third-party app, but you get the picture). As a general rule of thumb, apps written for the Mac are better thought-out visually, are more consistent both with themselves and with the rest of the system, and often manage to do this without sacrificing power or features.

Hell, even Microsoft is susceptible to this: just look at their Bing iPhone app, and compare it to their own WinMo equivalent. It's like night and day.

Who moded this interesting? Pidgin most certainly does video, I've used it, it works. Try it for yourself if you don't believe.

In case you missed it, the newer versions of Pidgin support voice/video via XMPP/GTalk/etc. http://pidgin.im/

On every platform but Windows.

In case you missed it, the newer versions of Pidgin support voice/video via XMPP/GTalk/etc. http://pidgin.im/

Is there any good skype alternative? Something that works in linux, windows, and mac?

Depends on what exactly you need. If it's just voice chat, then the recent release of Pidgin supports GTalk voice and video these days, so you can use that on Linux / OS X, and GTalk itself on Windows.

For cheap calls to landlines, not sure.

Either your just trolling or you really mean what you say in that post

The solutions that I provided are just as worthless as the excuses that an incompetent Internet service provider might give. Devil's advocacy is a common exercise of brainstorming to find counter-arguments so that their refutations can strengthen your argument. If it's looked down upon to consider how opponents are likely to reply, how can any argument be made strong?

True

Homemade as in I took it with my own camera, or is a freinds picture, or I made it myself

Copyright in your own photograph of a sculpture made since 1923 belongs to the sculptor, not you.

Not sure about that one, but if I take a picture of the sky, or make something entirely new with ms paint or something or another, that'd be mine...

homemade [movie], as in I made it, I own it

If a homemade movie can be shown to be a homemade derivative work of something else that you did not make, you don't in fact own copyright in the homemade movie. For example, a video of your child dancing to copyrighted music isn't yours unless you dub in different music. See Derivative work.

What if there is no music? lol and fair use would probably preside there as long as you're not selling it or publically displaying it for everyone to see. But say I make a video of myself mowing my lawn, that'd be mine, lol.

Homemade [music] you know what that means right?

It means you made a homemade recording of some song, but you can't necessarily prove that someone else didn't write the song first.

Neither can they, if you wanna play that game.

but back to what I was talking about, are in fact games that are free not stolen

Can you show me some examples of these free, not-stolen games? Several popular PC games released as free software infringe at least one copyright or patent. For example, StepMania 3.9 includes music and graphics ripped from Konami's DDRMAX: Dance Dance Revolution 6th Mix, and Konami has taken a StepMania licensee to court (Konami v. Roxor) over essential patents on dance video games.

http://www.google.com/search?hl=en&safe=off&q=yahoo+games&aq=f&oq=&aqi=g-e1g9

http://games.yahoo.com/all-games

Um there's free software around

Any free software that can, for example, encode MP3 audio violates U.S. patents because Thomson has never licensed the MP3 patents in a way consistent with the free software definition.

I'm pretty sure encoding is fine, its decoders that you have to pay for, but I can't exactly remember off hand.

ogg
xvid
pidgin
maybe something here "Free Downloads of over 14000 free software programs."

So what happens when I get sent so many packets that I either can't send and/or recieve them fast enough therefore causing me to lag, what then?

You don't request as many packets from the servers. Most video games that I know of don't use a lot of packets; instead, like VoIP, they use fewer packets but expect them to arrive quickly.

Quickly as in speed, if they cut that down then it's not gonna work very well, like I said I don't want to be stuck doing 1 thing at a time, I might be grabbing a game, up

on Linux with package manager

You were saying? It's not anything special about Ubuntu, most Linux distros have a package manager. But Ubuntu specifically seems to have a policy of not updating Pidgin except for security issues during releases. I'm surprised you haven't seen this: http://pidgin.im/download/ubuntu/

Yes? It helps to read the Pidgin mailing list. It's generally a good idea to know what you're talking about when talking about security issues, which is something both you and the slashdot story editor failed to do.

It looks like this reported vulnerability was fixed in 2.5.9 already:

http://developer.pidgin.im/wiki/ChangeLog#version2.5.908182009

Another thing to note is that the link in the post also states this:

4. Vulnerable packages

        * Gaim >= 0.79
        * Libpurple = 2.5.8 (Pidgin = 2.5.8 and Adium = 1.3.5)
        * Other Libpurple frontends such as Finch might be vulnerable as well.

However, the latest version of Pidgin that adds the voice and video support is 2.6.1. I would say that this makes 2.6.1 much safer and feature rich than the versions we are currently running.

Then there's Pidgin (multiplatform, free open source) which is also an excellent and mature IM which is also very extensible.

And crashes twice a week, thrice if the wind blows hard. What made me finally stop using it was the 4 crashes in one day.

Who the hell is Digsby and why should I care, when there's other perfectly free alternatives available that don't bundle crapware with them.

Why not use one of the many free competing IM clients?

My favourite is Miranda (Windows only, free but not open source)) because it's incredibly lightweight, uses the default Windows UI, and has an incredibly active plugin community.

Then there's Pidgin (multiplatform, free open source) which is also an excellent and mature IM which is also very extensible.

No crapware whatsoever on these similar apps. Support the projects that contribute to the initiatives of free software with your downloads and your dollars. Snub the software that steals control of your computer for monetary gain.

Perhaps this is a good point in time to switch to Pidgin (multi-platform and my personal choice), Adium (Mac OS X), Empathy (Gnome), Kopete (KDE), or some other, more trustworthy client?

The power of choice: change IM client. There are tons of free IM client, just change it to something else like Pidgin.

How about a list of more apps?

• Calibre ebook manager
• Last.fm streaming music client
• VLC media player
• CDex CD ripping software
• MusicBrainz Picard for tagging audio files
• Pidgin IM client
• OpenPandora to put Pandora on your desktop and scrobble to Last.fm
• VirtualDub for simple video editing

Anyone else have any good recommendations?

The whole premise that better usability will come out of getting usability designers involved in the free software development process is fundamentally misguided. It's really easy to get such feedback for most open source software. Just look at the forums and mailing list of people using the software, and it's trivial to find out exactly what are the confusing parts and what really needs to be improved. As for motivating improvements, most developers working on open-source software want their software to be better. But what does "better" mean?

The problem is that the developers working on the software don't use it the way everybody else does, which means there will always be a clash between their priorities and tastes and what regular users want. This means the people capable of fixing the usability problem believe many requests are misguided, and therefore don't do anything about them. I see this all the time, in projects big and small. On the open source project I contribute the most to, PostgreSQL, some of this disconnect is warranted. For example, users want the software to be super easy to use out of the box, while developers want it to be secure out of the box; that's a very hard split to reconcile. Sometimes instead you'll see features requested by DBAs that make perfect sense to other DBAs, but are shouted down as a bad idea too. This is because many of the most influential developers are not DBAs of large databases, which you'd expect almost by definition. They don't have the right context to fully appreciate some usability decisions. If the development community is healthy, when enough such requests come in eventually some concessions will get made, even if some of the developers don't quite get the motivating reason fully. Enough people complain about something, you just accept that's what everybody wants and bow to community pressure.

But there are plenty of communities where this doesn't seem to happen, and usually it's due to arrogance on the part of the developer rather than them not having design feedback. A classic example was last year's Pidgin UI disaster. Look at that ticket--the entirety of the user community was lined up against the developers, and the lack of response to that feedback even forced a fork whose tagline was "we work for you" as a noteworthy difference from the original project. Completely ridiculous.

I'm suffering from a similar bit of developer arrogance right now, with the standard GNOME terminal app. A change was made recently, first showing up on a lot of people's desktops via Ubuntu Jaunty, which reduces the ability to overload common function keys (like control-C) to either execute terminal functions (like "copy") and still work as terminal input if no text to copy has been selected. There's been a stack of bug reporters, and it turns out the only reason for the change was the developer thought it was a bug--there were no user complaints driving the change. The only right response in this situation, which is strictly a UI decision, is to man up, admit the change was wrong and you were wrong for thinking it, and thank your community for pointing it out. As you can see, that's certainly not happening here. (Yes, I can fix it myself. Not, that doesn't matter, because the thing I'm annoyed about is that it's a step backwards on the most popular default terminal people new to Linux use, which hurts the OS as a whole.)

You can collect usability data all day, that's easy. Doesn't take a designer, it just takes listening to your users. From where I'm sitting it looks like the hard problem is getting open-source developers to pay attention to what they're saying.