Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability) 127
ottothecow writes "While various attempts at video and voice support have been in the pipeline since long before GAIM became Pidgin, fully functioning support over XMPP is on its way. Lifehacker reports that Pidgin 2.6 adds voice and video support for GChat (and presumably any other XMPP network) for Mac and Linux. Windows still has a few bugs but they are being worked on. Pidgin 2.6.1 is only available as source at the moment (but precompiled versions are available at getdeb)." Less happily, an anonymous reader writes "A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration)."
Re:ouch (Score:2, Insightful)
Server side? No.. it's a client issue.
Anyway as far as I'm concerned Pidgin abandoned its credibility a long time ago. I don't need an IM application anyway; if I need to contact someone I just open Gmail. If they're not online then email is right there.
Re:ouch (Score:4, Insightful)
-1 for not backing up your statement on Pidgin's credibility.
And good for you that all your contacts reside on GMail, and that you prefer a GMail's web app to a desktop app that centralizes the many forms of communication on the Net. If that works for you, fine. It does not work for me. I want faster response time, a unified UI for all my communication, more flexible message notification, logging, etc. that keeps me in control of my settings and data locally.
cp -a /home/me/.purple/ /media/Backup/Pidgin/
I have friends on AIM, Facebook, GMail, and one or two with their own XMPP address. Fortunately, I do not need MSN to contact anyone I know.
Re:Holy contradictory stories, Batman! (Score:3, Insightful)
Re:How about some autoupdate? (Score:5, Insightful)
Right if your running a vulnerable app, you should let it update itself, sigh!
Re:Not Entirely XMPP Friendly (Score:3, Insightful)
I guess us snobby iChat users will just continue to talk to each other.
As if you'd have it any other way. ;)
Re:How about some autoupdate? (Score:1, Insightful)
That reason makes no sense at all. Look at firefox as an example. Firefox that comes with my version of Ubuntu disables the update feature because it gets handled by the package manager. However, I run Firefox 3.5, which I downloaded from Mozilla's site and that lets me update when it is available. There is no reason at all why pidgin couldn't write a OS agnostic (It's network code for God sakes) for an update and set an option in compilation that lets distributions disable it. All in all, a very piss poor excuse.
Re:Mac Binaries (Score:3, Insightful)
Bah, don't worry; Adium will quickly integrate support I'm sure.
(I'm an Adium dev)
Actually, it doesn't look like that right now. We have a severe shortage of programming contributors, and the only ones that could do this (me included) don't have the time for it.
Blaming the wrong ones (Score:4, Insightful)
First of all, to that security company. Good job really publicizing a vulnerability without checking with unpaid developers of a complete open source project. Also whatever junk you use to create the pages pages doesn't work with Opera 10 and I am too tired to fire up another browser.
Second: Where are you "web 2.0" cool privacy killing instant messenger sites built on Pidgin libraries, where is your patch to the security vulnerability? Can't you spare some of the entrepreneur provided millions to hire some actual developers and fix the issues with the core you rely on?
Third: How hard to assign couple of MSN, AOL, Yahoo developers to Pidgin project by respective companies and let them maintain their own mess which they call a "protocol"? It is not like 100s of millions of Win32 users will use a GTK2 client on their Windows while you already push your own with OS install right? I talk about 3 guys at most, who will at least oversee the protocol development.
All we "open standards" loving nerds are running bunch of closed source, proprietary, low quality, badly engineered IM protocols and at end, people who are unpaid, overworked struggling to keep up with the junk above gets the blame... It is a huge shame really.