Gaim 2.0.0beta1 Released

BerkeleyDude writes "Gaim 2.0.0beta1 has been released! Here is the changelog. New features include account status, away messages, etc, UPnP and NAT traversal support, new UI for buddylist, chat windows and preferences."

Re:and what about the passwords?

[Monkelectric]

To me, it seems like their stance on not encrypting passwords is a backwards. Having a non-encrypted passwords policy does not make sense to me, as it leaves things wide open.

Encrypting the passwords would mean the key would have to be stored in the program. The key could be retrieved from the program. This is *EXACTLY* how the DVD encryption was broken. It didnt work there, and its not gonna work here.

Re:and what about the passwords?

[wfberg]

Actually, if you read the page you're linking to, you should really find it makes perfect sense. Either you store the password in such a way that you need user interaction to retrieve it, or you use some sort of obscurity approach which is worse than nothing. As it is, gaim stores it in plain text, yes, but there's nothing to keep you from either not storing the password OR using file-system or file based encryption - which is actually perfectly feasible. If you're using windows XP for example, just right-click the accounts.xml, properties, advanced, encrypt. (The encryption key is linked to your XP login password)

On the other hand, yes, some sort of OS specific hooks to make this easier would be sensible. For example, using Mac OS's "keychain", or Windows XP's "secure storage".

Still, even using these built-in encrypted storages only protect against a very very short list of threats.

Now, if you just stored accounts.xml on a hard-ware level encrypted harddrive that needs a smart-card and a passphrase to work, you'd be getting somewhere..

Re:encryption

[Bodysurf]

"And it still doesn't support AIM encryption. The only way to have a secure IM with gaim is to talk to another gaim user.

I still don't understand why their developers chose to do this. One of the few things that is right with AIM is the secure-chat feature. It's fairly easy to set up, and its very secure.

Because:

1. AIM's encryption is closed-source and proprietory. How it works would have to be reverse engineered.
2. GAIM doesn't natively include ANY encryption support and doesn't want to. Stuff like that is to be done via plug-ins. Bothering the GAIM developers about something that is supposed to go in a plug-in will get you nowhere.

Re:i'll never use gaim

I think the biggest problem with gaim is that they have a reputation they don't deserve. If you look at their code it's not very exceptional. It's one of those projects that works by coincidence, not by design. But, it's still the most popular client for X11, mostly because they've solved a lot of ugly programming issues as far as protocol compatibility (not fun) and GUI, and so people are pretty comfortable with it, and the barrier for a new client is awfully steep.

As I've said, they don't deserve the recognition they have, and so it wouldn't surprise me if they're all full of themselves.

Re:Idle Time Reporting Option Removed

[junk]

It's not that you can't hide your idle time, it's that it doesn't allow you to choose what it uses to report idle time. Instead of giving you the report-idle-time-base-on options, it just uses your keyboard/mouse to determine how idle this you are. It used to also allow the option of reporting idle time based on gaim usage only (you could work on your computer all you want and it would consider you idle until you typed into a gaim chat window). If you don't want people to know whether your idle or ignoring them (don't debate it, you know you all use it to ignore people) then don't report your idle time at all. Or use idle maker like that one guy suggested...