Posted by
ryuzaki0
on from the oops-they-did-it-again dept.
thedude13 writes " Infoworld is running a story about a major security hole in AOL ® Instant Messenger(TM) and how it handles away messages. AIM is vulnerable to a buffer overflow via the auto-response away message mechanism. Yet another reason to switch to, IMHO, a better client such as gaim."
Major erratum in article
by
Eponymous+Cowboy
·
· Score: 5, Informative
Unfortunately, the article this story links to has a rather large mistake. It states:
However, AIM users would have to click on the URL to trigger the vulnerability, which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said.
This is completely and totally wrong.
Any web page can launch URLs of the form aim:goaway?message=Anything+goes+here by many different means without user intervention:
Redirect response codes
Meta redirect tags
Frames
iframes
Javascript popups
Any one of those methods will change your away message automatically, without any confirmation on your part. And if the part in the message= section is more than 1024 characters, arbitrary code can be executed on your machine.
The only sure way to protect yourself against this is to remove the HKEY_CLASSES_ROOT\aim registry key, which will disable the AIM protocol altogether, as explained here.
-- It's hard for thee to kick against the pricks.
Re:Major erratum in article
by
alexatrit
·
· Score: 2, Interesting
That error being noted, most users of AIM that I know will click on just about anything.
Re:Major erratum in article
by
shird
·
· Score: 3, Insightful
And, ahem, how do you get to that launch page in the first place? magic?
Its not as if anyone can just post a meta-refresh onto the front page of google. A page/server would have to host that javascript/iframe/redirect/etc and you would have to convince someone to visit that in the first place.
Sure, you can use social engineering to get people to visit mysite.com/hack.htm or whatever, but thats exactly what the article is saying - you need to manually visit a malicious page in the first place.
-- I.O.U One Sig.
Re:Major erratum in article
by
Ieshan
·
· Score: 3, Insightful
Right, because no one who uses AOL Instant Messenger ever visits websites without trying.
Seriously, a combo exploit that affected webservers and AIM would net not only thousands of servers but thousands upon thousands of PCs. Individual PCs with no services are difficult to infect by worm with even the most minimal security settings, this would tank thousands of PCs because people are so naive when it comes to the 'net. AIM has always been "safe", they don't want to listen to how it might be "dangerous".
Of course, AOL can push out an update to the client tomorrow, and as long as the next version has more flashing lights, people will download it right away.
Re:Major erratum in article
by
glenkim
·
· Score: 2, Interesting
you're right.. i made a page that crashes AIM. when i first ran the page though, an error message pops up that says a buffer overrun was detected. does that mean that the code wouldn't have executed anyway?
Re:Major erratum in article
by
moonbender
·
· Score: 2, Insightful
The dangerous bit isn't with the AIM side of this exploit. The dangerous bit is with the browser side.
Not really. A browser seeing an internet protocol it doesn't know how to use basically has two choices: ignore it or let somebody else worry about it. Ignoring it is not a Good Thing, since there clearly are cases where externel URLs are useful (mail:, news:, ed2k:, irc:, and so on). And considering there already is a database of protocols and installed programs that handle them in the Windows registry it makes a lot of sense to use it and let the program associated with the protocol deal with it.
Opera apparently has gone a middle route for some time now, since it allows you to specify trusted external protocols and associated applications. Protocols not on that list are ignored (I assume). This works very well, but of course it's really quite redundant, the same things already in the registry. Unfortunately there are protocols in the registry that shouldn't be, such as the shell thingie discussed some weeks ago.
No, the fault really totally lies with AIM in this case. For one thing, it should be blindingly obvious that having urls like aim:goaway?message=x are really insane, even if they worked as advertised without any bugs: it effectively allows any site you visit to set you AIM status. And potentially other things depending on what other commands the protocol knows (aim:run?)... And of course the buffer overflow is also an AIM bug.
Re:Major erratum in article
by
Causemos
·
· Score: 5, Informative
Except it appears no one checked this fix out completely. So long as your account has privileges to that area the registry (which many do). AIM re-creates the key the next time you restart it. I've also tried breaking the key and AIM corrects this also.
Basically unless you run as a regular "User" or other restricted account in Windows, the AIM fix is only good for one session of AIM.
Victor
A reason to sit at the computer?
by
asciono
·
· Score: 5, Funny
Whatever you do, don't leave the computer. Oh, nice reason to sit more at the computer.:)
October of 2003 wasn't "just found" not to mention you have to install a plugin that doesn't come with gaim by default. We're talking default configuration on windows compared to a nonstandard configuration on some OS. Apples and oranges.
I'm not disagreeing with you, but apples and oranges can be compared quite well;-)
more buffer over flows
by
RLW
·
· Score: 5, Insightful
When are we going to learn to incorporate bounds checking in to everything ? We have the CPU cyclces.
Re:more buffer over flows
by
maximilln
·
· Score: 2, Insightful
When are we going to learn to incorporate bounds checking in to everything ?
I always validated my input, even when learning to program BASIC out of the C=64 User's Guide and the advanced Programmer's Reference Guide in my early teens before taking any formal classes in it. I don't think it's too much to ask for people who actually get paid to write this stuff to validate input, no matter where it comes from.
-- +++ATHZ
99:5:80
Re:more buffer over flows
by
bs_testability
·
· Score: 3, Insightful
I'm not having any more luck getting developers to incorporate self test, bounds checking,
and testability access points than I am trying to get my kids to eat vegetables.
Even tying bonuses to it motivates few.
Re:more buffer over flows
by
Bedouin+X
·
· Score: 3, Interesting
I wonder if my newly acquired NX protection (just installed XP SP2) will protect me from this. I use Trillian Pro anyway but if anybody has a link, I'd like to see.
-- Dissolve... Resolve... Evolve...
Re:more buffer over flows
by
pjt33
·
· Score: 3, Insightful
When everyone uses Java or OCAML rather than C(++).
Re:more buffer over flows
by
Proaxiom
·
· Score: 4, Interesting
I don't think it's too much to ask for people who actually get paid to write this stuff to validate input, no matter where it comes from.
Validating input against assumptions is easy. The hard part is identifying all the assumptions we have to validate against. We often assume things about input without realizing we are assuming them.
For instance: Not too long ago few programmers had any idea they should check input values for SQL control characters before passing it to a database script. They assumed input wouldn't contain any, without realizing they were so assuming.
It's true that many bugs arise from unchecked string lengths, and those are usually pretty easy catch (and to fix), but resolving those problems will only take care of a subset -- though probably a large subset -- of the input-related security flaws out there.
Do many people put links in away messages anyway? Wouldn't people think it was strange that there is a link to something they've never heard about in an away message? I've never used AOL, so can someone tell me if you can use a text link, or is it only a URL?
Needs user assistance
by
LostCluster
·
· Score: 3, Informative
There is not going to be an auto-spreading worm based on this hole. From the article: "AIM users would have to click on the URL to trigger the vulnerability..."
AIM-based worms that need user clicks to spread have already existed for a while. I've already seen one that tempts people to a page that offers a malware ActiveX download, and if the user accepts their AIM profile is changed to advertise the malware site without them realizing what they've done.
So, in short, this one's bad, but there's a pretty easy workaround that'll keep you safe: Hover over the hyperlink before you click on it to see the URL. If it's a mile long, don't click on it.
Re:Needs user assistance
by
Ieshan
·
· Score: 2, Insightful
The real solution is to teach people not to accept ActiveX Downloads and other such things without reading the screen.
I'm not really sure what the problem is. Reading the computer screen is not a difficult or scary task. Understanding words like "install" and "security hazard" and "caution" are not that difficult.
I know it would be terrible UI design, but IE should really scramble the buttons at the bottom of ActiveX Dialogue boxes to keep people from instinctively clicking without reading. There are one or two ActiveX Components on the ENTIRE (effing) INTERNET that need to be installed.
Teaching people basic computer security along with their basic computer skills is a useful and worthwhile thing.
GAIM? Fire too
by
ShatteredDream
·
· Score: 2, Informative
For Mac users there is Fire which since going 1.0 is quite nice and polished.
Re:GAIM? Fire too
by
slamb
·
· Score: 2, Interesting
For Mac users there is Fire which since going 1.0 is quite nice and polished.
Looks like the Mac version is not vulnerable to this specific bug, as it deals with the way Windows has pluggable protocols for URLs. (Which is not to say that I'm confident the official Mac client has no security problems. I'm not.)
Also, as long as we're mentioning IM clients for the Mac: my favorite is Adium. I'm a little biased, but it has a great UI. (See the About page for screenshots.) libgaim backend, so support for many protocols.
Don't forget about Trillian for Windoze users
by
suckass
·
· Score: 2, Informative
http://www.trillian.cc
Think Gaim but pretty!
-- blah, blah, blah
Re:Internet Provider
by
Chess_the_cat
·
· Score: 2, Informative
You don't have to be an AOL subscriber to use AIM.
-- Support the First Amendment. Read at -1
Jabber & Google
by
MarcoPon
·
· Score: 3, Insightful
I just hope that Google launch a Jabber based IM system; it will be a major boost to the adoption of Jabber's servers as an open standard.
It could also seamlessy integrated with GMail, using the same id both as the e-mail address and as JID.
I use Gaim because it's the best in Linux
by
xutopia
·
· Score: 2, Insightful
But I wouldn't tells Windows users to jump right away to Gaim. It is still in beta and has a slew of bugs. Telling Windows users who have no idea what Open Source Software is that they should use bug-ridden software is the wrong way to get them to like it. Gaim is only in version 0.81. Wait till it hits 1.0 before telling people to use it.
Re:I use Gaim because it's the best in Linux
by
the_rev_matt
·
· Score: 5, Informative
I've been using GAIM on XP at work for 4 months now. It has had a total of one problem, when Yahoo changed protocols to screw third party IM clients. Downloaded the new version of GAIM less than 24 hours later and it worked fine.
I have encountered zero bugs with GAIM, which I consider very unusual for anything running on Windows.
Fortunately, most of AOL users are known to be savvy enough to find some work-around until patches are available.
Coincidental...
by
GillBates0
·
· Score: 4, Interesting
I've been assigned a task of choosing the best IM service/client for our group at work and will be recommending Gaim (correct capitalization) at a meeting today.
The decision was mostly because of it's cross-platform, cross-service compatibility and "Buddy Pounce" features (and because it's my personal favorite too:)). This way folks can continue to use their personal MSN/AIM IDs without a problem. The Buddy Pounce feature allows a script/macro to be run in response to an event - this feature is particularly useful for us because we can kick of an SMS message for example in response to a message or another event.
Though they don't release Solaris binaries, I did get it to build on Solaris/SPARC with a little effort. I know the Yahoo Messenger UNIX version is open source now, so I could probably try and build it for obscure platforms, but it is IMHO severely cripped compared to the Windows counterpart.
-- An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Re:Coincidental...
by
accessdeniednsp
·
· Score: 3, Informative
And don't forget about the gaim-encryption plugin!
http://gaim-encryption.sf.net
Cross-platform, and uses the mozilla NSS libraries which gaim already uses too!
"However, AIM users would have to click on the URL to trigger the vulnerability, which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said."
Yeah, this wouldn't be such a problem if the average IQ of an AIM user was above 2
MizzIz283334: "LIke, OMG Iz just gots a linky from somewhere!!!11!!oneoneone"
IzLikeBoizzz435435: "OMG u clic it?"
MizzIZ 283334: "OMG WTF BBQ My computer died!!!"
seriously is gaim really a better client? It alwasys seems to me like the unauthorized clients are a generation behind the real ones. Back when file sharing was big, gaim could not do it. Then buddy icons, gaim could not do it. No gaim can do those, but the big thing is voice and video, gaim cant do those.
-- The war with islam is a war on the beast
The war on terror is a war for peace
I'm sure you already know this, but gaim-vv is a friendly fork concentrating on the video and voice stuff, so at least they're making an attempt to catch up.
As an aside, I can think of many features where the official clients are/have been behind. When logging was big, the official clients couldn't do that! Another good example is buddy pouncing. Not to mention all the plugins...
-- You know you've been IMing too long when you almost say 'lol' out loud to a non-geeky friend...
One of our users posted a walkthrough of this fix this morning. Supposedly there is a new beta version of aim that has been released without this exploit... but I've not seen it yet.
that they should use bug-ridden software is the wrong way to get them to like it. Gaim is only in version 0.81. Wait till it hits 1.0 before telling people to use it.
{thongue in cheek mode:ON} Apparently you have no idea what Open Source Software is either {/thongue in cheek mode:OFF}
More seriously : Unlike proprietary software, a opensource software whose version number is less than 1.x usually means more "warning: Not all cool function you would like to see are implemented yet" rather than "This software is an expreminental piece of crap, that will keep crashing your OS, please wait until we get out of beta stage before testing it, unless you backup your data often".
Personnaly I've been using Gaim since version 0.5x both under linux at home and under windows at work, and I can say : It's pretty stable. I've been telling my brother and my friends about it and they are happy too. The only reason it hasn't reached the 1.x milestone isn't because of the bugs, but because there are some features it's still missing (Mainly : some kind of file upload are missing, although things are a lot better since 0.80 ; Support for Webcams, etc...)
This is a common misconception, and a lot of newbie users can be heard complaining "Linux distro sucks, It' only full of bug ridden software : everything is version 0.xy"
-- "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Client for your IM needs
by
xiando
·
· Score: 2, Interesting
My personal preference:
screen + aterm + irssi + bitlbee
Screen is a full screen window manager, keep something running on a server and detach/attach from anywayere
Bitlbee is a IRC gateway server. Basically it's a irc server where you can add IM accounts. The gateway gives you a "irc channel" with ALL your contacts, whatever they are using.
NOTE: The setup has TWO flaws:
1) You can not exchange files (no filetransfer).
2) Bitlbee does not support GPG encryption for secure commuciation (available in jabber clients like gjabber and psi).
Rule of thumb: Original IM providers clients are never the best choice.
Re:Bugfree OSS
by
signingis
·
· Score: 2, Interesting
What was the response time for developers to release fixes for GAIM? We're going on 3 weeks now for AOL to release the fix for AIM. Not to mention that some of the vulnerabilities in GAIM were found in older versions of the program when upgrades were available.
--
I prefer a void in conversation to a vacuous one.
Re:Bugfree OSS
by
brianerst
·
· Score: 3, Informative
Well, according to e-matters, a series of 8 different buffer overflow bugs were disclosed to gaim developers on January 4, 2004. A new gaim client (0.75) was released on January 10, but this only fixed one of the overflows and introduced four new ones.
On January 15, gaim development was emailed patches for all 11 existing bugs. A patch was added to CVS that evening, but there was no 0.76 release and no public disclosure by gaim dev (at least on their Sourceforge page - there may have been something sent to the mailing list). On January 23, e-matters let gaim dev know that they would release the bug report on January 26. On January 25, gaim dev replies that there is no timeframe for a 0.76 or bug-fix release. On January 26, e-matters publishes the bug report.
On January 28, gaim dev responds with a note saying they are far from a 0.76 release and provides a link to the FreeBSD source patch. Not much use to your average teenage Windows IMer. There may have been an executable patch, but I can't find any evidence of one.
On April 1, gaim release 0.76, the first release with the bug fixes is released. This has taken so long because:
This is no slam on gaim - the devs have lives outside of gaim and I'm glad they're providing a great OSS client. But like anything, there are pros and cons to both OSS and commercially developed software. Assuming that OSS is always more responsive, more bugfree, and better in every other way is naive. There are tradeoffs involved in libre software - most are well worth it, but there can be downsides occassionally too.
Browser does matter.
by
Chuck+Chunder
·
· Score: 2, Informative
Opera for example doesn't just action any URL type.
It will only pass on those that have been configured to be trusted.
-- Boffoonery - downloadable Comedy Benefit for Bletchley Park
I use gaim regularly, but I still haven't weened myself off the official AOL Linux AIM client because gaim still crashes every time I try to send or receive a file. Never have I seen a feature for an OSS program be so seemingly painful and difficult to implement.
--Stephen
-- Did you ever notice that *nix doesn't even cover Linux?
Gaim not a full-featured alternative
by
mccalli
·
· Score: 3, Insightful
The smug "switch to Gaim" comment rather let the side down there, I think. Gaim is not a full-featured replacement. The particular deficiency I'm referring to is common to many alternative IM clients - yes, they all handle chat but very few go the whole hog and support video chats. Alternative MSN client supporting video? Not that I can find, though I'd be happy to be proved wrong here.
A quick search reveals a fork of the Gaim project here, which, err, aims to add video functionality. Looks good from the shots, though I haven't tried it myself.
The point of this is that people should think things through before just spouting off the top of their head. It doesn't help to have people say "yeah, use this free alternative!" and then have people turn round and say it doesn't work. I'd love to recommend a non-AOL AIM client to people, but until AV is handled I simply can't. Same for MSN -all very nice for text and file transfer, but not up to scratch for the advanced functions yet.
Because FLOSS software has always spread by word-of-mouth. Commercial vendors have a thing called a budget and part of it will be money for advertising and other promotional gimmicks. Most FLOSS doesn't have any of that but still need to "get the word out". It's just different methods used by two different systems of software development. I'm a long-time Linux and FLOSS user/supporter so I usually know about the things they mention. But occasionally someone will mention a package or project I haven't heard of before. It's useful information.
Re:Gaim security
by
Xoder
·
· Score: 2, Informative
None of those are recent. There's one that's dated august 4, but it only refers to gaim 0.75 and earlier (and many versions of Trillian, I might add!). 0.81 is here, and dear goodness is it tasty! (AIM file sending now works [slowly, but AIM-ftp was always slow])
-- The previous sig has been removed due to/. protecting your best interests
a more secure approach
by
feepcreature
·
· Score: 4, Interesting
I don't think it's too much to ask for people who actually get paid to write this stuff to validate input, no matter where it comes from.
Validating input against assumptions is easy. The hard part is identifying all the assumptions we have to validate against. We often assume things about input without realizing we are assuming them.
The more secure approach is not stripping out possibly dangerous input - it is only permitting the minimum necessary. It's not always possible, but it should be applied where possible.
So if it's a phone number, just numbers (and brackets and a plus for international numbers, and maybe minuses for the transatlantic cousins).
Naturally there is a tradeoff between security and usability - especially if you make a mistake in the permitted characters:-(
Even if you're not going that far, anything that looks like an escape character of any sort should generally be banned. Of course, some names have apostrophes, which could look like 'close quotes' if your app is especially dim.
Just as well there is no strict liability for software bugs!
-- Paul
"Say no to feeping creaturism"
Why all the AOL bashing?
by
huchida
·
· Score: 4, Funny
I use AOL broadband and love it. Sure, I could have bought Earthlink and connected to the Internet... But with with AOL I can connect to both the Internet AND the World Wide Web!
Open Source Pimpdaddio
by
Mulletproof
·
· Score: 2, Interesting
"Yet another reason to switch to, IMHO, a better client such as gaim."
I know we're all open-source whores here, but even the free version of Trillian is a much better omnipotent IM product as long as we're suggesting alternatives. The level of refinment between the two is lightyears apart. And yes, I'm using Firefox to jot this, thankyouverymuch.
Slashdot Mirror
Any web page can launch URLs of the form aim:goaway?message=Anything+goes+here by many different means without user intervention:
- Redirect response codes
- Meta redirect tags
- Frames
- iframes
- Javascript popups
Any one of those methods will change your away message automatically, without any confirmation on your part. And if the part in the message= section is more than 1024 characters, arbitrary code can be executed on your machine.The only sure way to protect yourself against this is to remove the HKEY_CLASSES_ROOT\aim registry key, which will disable the AIM protocol altogether, as explained here.
It's hard for thee to kick against the pricks.
Whatever you do, don't leave the computer. Oh, nice reason to sit more at the computer. :)
Wasnt a exploitable bug just found in gaim ? Or to be accurate in the "festival" plugin... See: http://seclists.org/lists/bugtraq/2003/Oct/0205.ht ml
Spelling mistakes: My is english spoken not tongue of mother.
When are we going to learn to incorporate bounds checking in to everything ? We have the CPU cyclces.
This vulnerability only affects those rare few that actually leave their computers and do things in the "real" world.
Those rebels deserve whatever they get.
Do many people put links in away messages anyway? Wouldn't people think it was strange that there is a link to something they've never heard about in an away message? I've never used AOL, so can someone tell me if you can use a text link, or is it only a URL?
There is not going to be an auto-spreading worm based on this hole. From the article: "AIM users would have to click on the URL to trigger the vulnerability..."
AIM-based worms that need user clicks to spread have already existed for a while. I've already seen one that tempts people to a page that offers a malware ActiveX download, and if the user accepts their AIM profile is changed to advertise the malware site without them realizing what they've done.
So, in short, this one's bad, but there's a pretty easy workaround that'll keep you safe: Hover over the hyperlink before you click on it to see the URL. If it's a mile long, don't click on it.
For Mac users there is Fire which since going 1.0 is quite nice and polished.
Click here or a puppy gets stomped!
http://www.trillian.cc
Think Gaim but pretty!
blah, blah, blah
You don't have to be an AOL subscriber to use AIM.
Support the First Amendment. Read at -1
It could also seamlessy integrated with GMail, using the same id both as the e-mail address and as JID.
Bye!
SeqBox
Trillian
But I wouldn't tells Windows users to jump right away to Gaim. It is still in beta and has a slew of bugs. Telling Windows users who have no idea what Open Source Software is that they should use bug-ridden software is the wrong way to get them to like it. Gaim is only in version 0.81. Wait till it hits 1.0 before telling people to use it.
Miranda. Choice is good. :)
They can use Trillian, too.
-- Liberalism is a mental disorder.
Fortunately, most of AOL users are known to be savvy enough to find some work-around until patches are available.
The decision was mostly because of it's cross-platform, cross-service compatibility and "Buddy Pounce" features (and because it's my personal favorite too :)). This way folks can continue to use their personal MSN/AIM IDs without a problem. The Buddy Pounce feature allows a script/macro to be run in response to an event - this feature is particularly useful for us because we can kick of an SMS message for example in response to a message or another event.
Though they don't release Solaris binaries, I did get it to build on Solaris/SPARC with a little effort. I know the Yahoo Messenger UNIX version is open source now, so I could probably try and build it for obscure platforms, but it is IMHO severely cripped compared to the Windows counterpart.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
"However, AIM users would have to click on the URL to trigger the vulnerability, which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said."
Yeah, this wouldn't be such a problem if the average IQ of an AIM user was above 2
MizzIz283334: "LIke, OMG Iz just gots a linky from somewhere!!!11!!oneoneone"
IzLikeBoizzz435435: "OMG u clic it?"
MizzIZ 283334: "OMG WTF BBQ My computer died!!!"
Slashdot sucks
seriously is gaim really a better client? It alwasys seems to me like the unauthorized clients are a generation behind the real ones. Back when file sharing was big, gaim could not do it. Then buddy icons, gaim could not do it. No gaim can do those, but the big thing is voice and video, gaim cant do those.
The war with islam is a war on the beast
The war on terror is a war for peace
One of our users posted a walkthrough of this fix this morning. Supposedly there is a new beta version of aim that has been released without this exploit... but I've not seen it yet.
Walkthrough of registry fix for AIM hack
Look like a good reason to upgrade to trillian to me.
Davak
{thongue in cheek mode:ON}
Apparently you have no idea what Open Source Software is either
{/thongue in cheek mode:OFF}
More seriously : Unlike proprietary software, a opensource software whose version number is less than 1.x usually means more "warning: Not all cool function you would like to see are implemented yet" rather than "This software is an expreminental piece of crap, that will keep crashing your OS, please wait until we get out of beta stage before testing it, unless you backup your data often".
Personnaly I've been using Gaim since version 0.5x both under linux at home and under windows at work, and I can say : It's pretty stable. I've been telling my brother and my friends about it and they are happy too.
The only reason it hasn't reached the 1.x milestone isn't because of the bugs, but because there are some features it's still missing (Mainly : some kind of file upload are missing, although things are a lot better since 0.80 ; Support for Webcams, etc
This is a common misconception, and a lot of newbie users can be heard complaining "Linux distro sucks, It' only full of bug ridden software : everything is version 0.xy"
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
My personal preference:
screen + aterm + irssi + bitlbee
Screen is a full screen window manager, keep something running on a server and detach/attach from anywayere
aterm is a nice terminal for X11.
irssi is a CLI irc client. Since Bitlbee acts as a normal IRC server, any IRC client can be used. Even CGI::IRC, there are several sites that allow you to use MSN/ICQ/JABBER/AIM/etc from a web page.
Bitlbee is a IRC gateway server. Basically it's a irc server where you can add IM accounts. The gateway gives you a "irc channel" with ALL your contacts, whatever they are using.
More: BitlBee Guide - Talk to msn, icq and jabber contacts using any IRC client.
NOTE: The setup has TWO flaws:
1) You can not exchange files (no filetransfer).
2) Bitlbee does not support GPG encryption for secure commuciation (available in jabber clients like gjabber and psi).
Rule of thumb: Original IM providers clients are never the best choice.
9/11: Never forget it was a false-flag operation
but the UI is pretty lousy
We can all sleep better now.
Opera for example doesn't just action any URL type. It will only pass on those that have been configured to be trusted.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
I use gaim regularly, but I still haven't weened myself off the official AOL Linux AIM client because gaim still crashes every time I try to send or receive a file. Never have I seen a feature for an OSS program be so seemingly painful and difficult to implement.
--Stephen
Did you ever notice that *nix doesn't even cover Linux?
A quick search reveals a fork of the Gaim project here, which, err, aims to add video functionality. Looks good from the shots, though I haven't tried it myself.
The point of this is that people should think things through before just spouting off the top of their head. It doesn't help to have people say "yeah, use this free alternative!" and then have people turn round and say it doesn't work. I'd love to recommend a non-AOL AIM client to people, but until AV is handled I simply can't. Same for MSN -all very nice for text and file transfer, but not up to scratch for the advanced functions yet.
Cheers,
Ian
Would't you have to be a "less knowledgeable" user to use AOL in the first place?
Because FLOSS software has always spread by word-of-mouth. Commercial vendors have a thing called a budget and part of it will be money for advertising and other promotional gimmicks. Most FLOSS doesn't have any of that but still need to "get the word out". It's just different methods used by two different systems of software development. I'm a long-time Linux and FLOSS user/supporter so I usually know about the things they mention. But occasionally someone will mention a package or project I haven't heard of before. It's useful information.
None of those are recent. There's one that's dated august 4, but it only refers to gaim 0.75 and earlier (and many versions of Trillian, I might add!). 0.81 is here, and dear goodness is it tasty! (AIM file sending now works [slowly, but AIM-ftp was always slow])
The previous sig has been removed due to
So if it's a phone number, just numbers (and brackets and a plus for international numbers, and maybe minuses for the transatlantic cousins).
Naturally there is a tradeoff between security and usability - especially if you make a mistake in the permitted characters :-(
Even if you're not going that far, anything that looks like an escape character of any sort should generally be banned. Of course, some names have apostrophes, which could look like 'close quotes' if your app is especially dim.
Just as well there is no strict liability for software bugs!
Paul "Say no to feeping creaturism"
I use AOL broadband and love it. Sure, I could have bought Earthlink and connected to the Internet... But with with AOL I can connect to both the Internet AND the World Wide Web!
"Yet another reason to switch to, IMHO, a better client such as gaim."
I know we're all open-source whores here, but even the free version of Trillian is a much better omnipotent IM product as long as we're suggesting alternatives. The level of refinment between the two is lightyears apart. And yes, I'm using Firefox to jot this, thankyouverymuch.
You need a FREE iPod Nano