Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability)

ottothecow writes "While various attempts at video and voice support have been in the pipeline since long before GAIM became Pidgin, fully functioning support over XMPP is on its way. Lifehacker reports that Pidgin 2.6 adds voice and video support for GChat (and presumably any other XMPP network) for Mac and Linux. Windows still has a few bugs but they are being worked on. Pidgin 2.6.1 is only available as source at the moment (but precompiled versions are available at getdeb)." Less happily, an anonymous reader writes "A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration)."

Mac Binaries

[slummy]

Are not available yet.... :(

http://pdb.finkproject.org/pdb/package.php/pidgin [finkproject.org]

Re:

[Anonymous Coward]

Get a compiler, and make them.

Re:

[Ilgaz]

If he has Fink, he already has compiler, some .info file having all the necessary patches and fixes to possible linuxism but it is not the deal.

"compile your own" sounds more like "provide your .patch" which serves nothing to the purpose. We don't do such RTFM flames on OS X, at least yet.

The idea behind Fink and Macports is to provide end user access to the gigantic Unix/BSD layer of OS X otherwise left unused unless he is a Developer and having same class of citizenship among other *nix operating systems.

Re:

[blueskies]

Let me guess? You're own of the pidgin asshats? I thought your project imploded after everyone realized what the developers really thought about their users.

Re:

[thePowerOfGrayskull]

Get a compiler, and make them.

Alas, my friend. The Mac people have forgotten that they are Unix people. Or perhaps they have never known at all... Ah, the tragedy of it cuts me to the quick.

Re:

[nawcom]

Are not available yet.... :(

Bah, don't worry; Adium will quickly integrate support I'm sure. I don't know about you but I'd prefer Adium over the Pidgin design for ANY operating system any day. Unfortunately they use Mac only frameworks. Porting (and most likely using an easy OS independent toolkit like Qt) would be a great project for inactive coders. Dunno about you, but I find Skype's interface 20 times more attractive than Pidgin's. Skype uses Qt 4.

Re:

[chipxsd]

don't expect it any time soon: http://trac.adium.im/wiki/VoiceAndVideo [adium.im]

Re:

[am 2k]

Bah, don't worry; Adium will quickly integrate support I'm sure.

(I'm an Adium dev)

Actually, it doesn't look like that right now. We have a severe shortage of programming contributors, and the only ones that could do this (me included) don't have the time for it.

Re:Mac Binaries

[Ilgaz]

You must be new to OS X open source&freeware development. After certain amount of downloads of open source applications, Apple gives you a special quantum encrypted key to next gen OS X (OS X 10.9) and its XCode codes the open source application itself, automatically! They also donate automatically to keep up with the code&hosting expenses.So, all left to OS X users is click "download now" and use it.

Check your Junk Mail, key must be there.

Re:

[ottothecow]

I don't think that works when your product competes with one of apples products...then I think they block it from the app store (just wait until there is an osx app store)

Re:

[am 2k]

Here's the official blog post about the issue:

Pidgin introduces support for Audio and Video Chat in 2.6.0; what about Adium? [adium.im]

Re:

[outZider]

I doubt that has anything to do with GTK vs QT, people can make attractive or ugly UIs in any framework.

Re:

[Ilgaz]

Getting Mac binaries via Fink is relatively easy. Send a polite mail to package maintainer describing the security issue and if you are experienced in Fink, just simply say "I tried to build (via my .info in local), it builds fine just by updating source URL" or "it doesn't build since it needs xxxx package updated".

I bet in hours, it will popup in "fink selfupdate"

BTW, Fink doesn't provide a lot of "apt-get deb" type binaries as OS X is an ever changing OS with things beyond their control (e.g. Apple addin

ouch

[pha7boy]

"No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration).

ouch. that's a massive hole in security. I take it that would require re-write on the server side to prevent execution.

Re:

[Brian Gordon]

Server side? No.. it's a client issue.

Anyway as far as I'm concerned Pidgin abandoned its credibility a long time ago. I don't need an IM application anyway; if I need to contact someone I just open Gmail. If they're not online then email is right there.

Re:ouch

[Luke has no name]

-1 for not backing up your statement on Pidgin's credibility.

And good for you that all your contacts reside on GMail, and that you prefer a GMail's web app to a desktop app that centralizes the many forms of communication on the Net. If that works for you, fine. It does not work for me. I want faster response time, a unified UI for all my communication, more flexible message notification, logging, etc. that keeps me in control of my settings and data locally.

cp -a /home/me/.purple/ /media/Backup/Pidgin/

I have friends on AIM, Facebook, GMail, and one or two with their own XMPP address. Fortunately, I do not need MSN to contact anyone I know.

Re:

[blueskies]

Pidgin's credibility was thrown away when they decided their users didn't matter. Look it up. You'll find an epic bug report of the developers being asshats.

Re:ouch

[93 Escort Wagon]

I don't need an IM application anyway; if I need to contact someone I just open Gmail.

If I need to contact someone, I just yell really loud.

Re:

[icannotthinkofaname]

Are you serious? Why would you waste your energy like that? When I need to contact someone, I summon my minions and have them deliver the desired person for a conversation.

Re:

[Anonymous Coward]

Thanks, Vin Diesel.

The rest of us have to use whistles.

Re:

[Ilgaz]

Pidgin is way more than "AOL client works under X11" now. It has became some kind of IM kernel&low level framework for instant messengers. So, you are in extremely funny area if you call it crap, you don't care about it and use state of art UI Adium instead.

Mobile instant messengers, web services rely on Pidgin too.

I use Pidgin compiled via Fink instead of Adium for a simple reason. I use Mac Mini on a 720P HDTV and X11 is the only thing which reliably allows huge fonts I need. Lets not forget the absol

Re:ouch

[EvanED]

"Pidgin" is just a fancy word for the low-class broken English that most American blacks speak. Look it up if you don't believe me. So as far as I'm concerned, it never had any credibility in the first place.

What? Way to project your own biases. "Pidgin" languages are any sort of conglomeration languages that develop when you have two peoples that don't have a common language who have to communicate.

In fact, the "low-class broken English that most American blacks speak" (let's even ignore the glaring inaccuracy of that phrase) is really not a pidgin language at all.

Re:

[Anonymous Psychopath]

I've only ever heard pidgin in reference to something the locals in Hawaii speak, but never in reference to mainland black dialects. I think we're still calling that ebonics or some such made-up word?

Re:

[Anonymous Coward]

I think we're still calling that ebonics or some such made-up word?
As opposed to every other word out there that was found in nature?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[RichardJenkins]

No, you're thinking (I kid! I kid!) of the word "patois". Pidgin is quite a good name for an IM client that can be used for many different, incompatible protocols.

Re:

[V!NCENT]

Don't you think that a pidgin is just a bird that people used to send mail to each other when there was no post office, like they did in medieval times, you fucking retard?!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[V!NCENT]

Pidgin could be a pidgin word for pigeon as the logo of the IM client suggests. So I stand for 30% corrected.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[tecnico.hitos]

Don't worry.

Google is watching you.

Re:

[ottothecow]

I'm pretty sure gaim/pidgin have been big google summer of code projects in the past few years...that may even be what led to this release

You had better believe google is watching

Re:

[Ilgaz]

Using completely open and documented XMPP as the protocol for GTalk was one of the good things Google did. Nothing you say or they do in other areas can change it.

Re:

[TheLink]

But that's not a server side problem.

Think of pidgin as an exploitable email client. Just because the server by default passes messages from anyone (that's not blacklisted) to the client does not mean it's a server problem. And certainly does not mean the server should be rewritten.

I'm not surprised pidgin has security problems. I stopped using pidgin because it crashes or locks up for stupid reasons. Pidgin is written in C. With C (or C++), "crash bugs" often turn out to be "remote execution of arbitrary c

Re:

[kestasjk]

Well no, people who aren't buddies still need to be able to communicate, and you'd hope such communication would be checked extra thoroughly.

I'm on Windows and use Pidgin only because I hate Windows Live Messenger, the ads and tabs and needless features and static "Vista-esque" window borders make it feel like 90's RealPlayer's take on IM. When Pidgin was crashing all the time during the last major update I gave Windows Live Messenger another honest go, but couldn't bear it.

I even tried to get Pidgin

Re:

[i.of.the.storm]

Err, the bug was already fixed and no vulnerable builds were even built for Windows. And incidentally, it'd be easier to just use the WinPidgin build environment fetcher script and cygwin or msys (I prefer msys) than try to compile it with eclipse, although once you have the environment set up eclipse should be able to use it as a Makefile project.

Re:

[shutdown -p now]

If you're on Windows, why do you even bother with Pidgin? There are numerous better native solutions; for a multi-network client (yes, it includes MSN/Live), I prefer Miranda IM as a very lightweight and stable client.

Re:ouch

[Anonymous Coward]

It's like carbon credits.

It is for people who support FSF and feel guilty for running a closed source OS. Instead of actually installing Linux, they offset their use of closed source by installing an open source application. It helps to reduce the guilt and increase "street credentials" among their fellow dwellers of cubicles.

As an example I have Windows XP running Photoshop. In order to offset I looked up the FSF Source-Credits Guide Lines and Regulations Handbook (FSCGLRH) and found out:

Windows XP +10 Source Credits
Photoshop = +5 Source Credits

Offsets I selected:
Pidgin = -4 Source Credits
OpenOffice = -5 Source Credits
Gimp* = -3 Source Credits
Amaya** = -3 Source Credits

*I do not use Gimp, however by installing it, I offset my credits by 3. Thereby reducing my guilt by d6 with a +1 modifier.
** I commonly use FireFox, however, it provides only 0 credits, Amaya on the other hand offsets my credits by 3.

I am happy to say that I am Source Credit Neutral as defined by FSCGLRH. I am even thinking about installing X-Chat 2 in order to sell my credits to offset other people.

Re:

[shutdown -p now]

But Miranda IM is an Open Source client - it's GPL, and it doesn't get any more kosher than that.

Or is it ritually impure because it is coded as a native Win32 application?

Re:

[Ilgaz]

Ritually impure I think. No kidding, if it linked to GTK2 , it would have better credibility as "open source". Weird but true.

Also Miranda has tendency to stay simple, light and use whatever feature Windows frameworks provide to it. I remember it was one of the first (if not first) IM to use Win2k transparency feature among Windows clients. It had it because it made sense for an "always on top" thing to be transparent, not for show off purposes. Anyway, if you go to the author and suggest a "super cool" fea

Re:

[TheRaven64]

Not surprising. As someone who has written an XMPP library that has to be compatible with the pile of crap now known as libpurple, it's clear that the authors read 'MUST NOT' in a specification as 'is probably a good idea'. I wouldn't trust code written by them anywhere near a machine that contained any important information.

Re:

[skaet]

Love it when posters don't read the summary. The vulnerability was found in libpurple. Not the MSN service.

How about some autoupdate?

[QuantumG]

on windows... if you've got security vulnerabilities, you should be pushing updates.

Oh, and about a month ago MSN connectivity died anyway, so I switched to using the HTTP connecting method. From looking at the code, it seems this isn't affected by this issue.

Re:

[Anonymous Coward]

I'm not sure what platform you're on but that issue was related to the new version of nss turning off insecure hash algorithms, some of which are still used in MSN's cert. It just takes setting an environment variable to enable the hashes again.

As far as updates, the client can be set to notify you of new updates, but since only windows would need auto update no one's ever gone about writing the code to do it.

Re:

[i.of.the.storm]

Well, if you enable the Release Notifications plugin it will tell you about updates. I did once post to the mailing list about adding an auto-update feature, but since Pidgin is multiplatform and a built-in autoupdate doesn't make sense on Linux with package managers, the idea was rejected. But really, the Release Notifications plugin is more or less good enough.

Re:

[Anonymous Coward]

That reason makes no sense at all. Look at firefox as an example. Firefox that comes with my version of Ubuntu disables the update feature because it gets handled by the package manager. However, I run Firefox 3.5, which I downloaded from Mozilla's site and that lets me update when it is available. There is no reason at all why pidgin couldn't write a OS agnostic (It's network code for God sakes) for an update and set an option in compilation that lets distributions disable it. All in all, a very piss poor

Re:

[Korin43]

Or you could just use an operating system that does updates. Ubuntu apparently patched every version of pidgin that's available (even though for some reason they won't just update 2.5.9). Check out the notes [launchpad.net].

Re:

[i.of.the.storm]

on Linux with package manager

You were saying? It's not anything special about Ubuntu, most Linux distros have a package manager. But Ubuntu specifically seems to have a policy of not updating Pidgin except for security issues during releases. I'm surprised you haven't seen this: http://pidgin.im/download/ubuntu/ [pidgin.im]

Re:How about some autoupdate?

[RiotingPacifist]

Right if your running a vulnerable app, you should let it update itself, sigh!

Re:

[Runaway1956]

"you should be pushing updates"

That is NOT the open source way. I think that all open source advocates will agree (no matter which version of open source they advocate) that the strength of open source is CHOICE.

No code is perfect. Windows users know as well as anyone that aggressively pushing updates can break applications, and even the OS. Remember XP SP2 and SP3? The SP2 issues never affected me, but one of my XP machines totally barfed when SP3 was installed.

There is nothing to guarantee that pushing

ummmm?

[CRiMSON]

2.6.1 is only available as source at the moment?

http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.exe [sourceforge.net]

So that's magic? If you install that do the terrorists win?

Re:

[Desler]

It's even funnier because after it says that it's only available as source there is a link provided to compiled binaries. So which is it?

Holy contradictory stories, Batman!

[Rogerborg]

5. Non-vulnerable packages * Libpurple >= 2.5.9 (Pidgin >= 2.5.9)

But... but... which version of Pidgin has just been released? So hard to remember... must... concentrate, dammit!

Re:

[Anonymous Coward]

I think they released 2.5.9, 2.6.0 and 2.6.1 on the same day. They are really trying hard to look amateurish.

Re:

[i.of.the.storm]

No, they're trying to be professional and principled about things. Pidgin is one of the few projects that has standards about versioning, unlike eg. Firefox which goes more along the lines of whatever they feel like bumping the version by. More seriously, Firefox has a longer development cycle between major releases but in general they seem to just bump their version roughly proportionally to the amount of time a release was in development. In Pidgin land, major.minor.x releases are just security/bugfix rel

Re:

[i.of.the.storm]

So 2.5.9 is a stability release for distros/maintainers who don't want to upgrade to 2.6.0 for whatever reason. 2.6.0 was released at the same time as 2.5.9 but a bug was immediately found so then they released 2.6.1.

Re:

[CannonballHead]

Hardly unrelated. So related, in fact, that it would have been nice if the summary made mention of the fact that it only affects

It'd be like me saying "New Linux Kernel released! Also, Linux has a security hole that allows arbitrary code execution!" And then, in small print, "Oh, by the way, it only affects

Re:

[petermgreen]

I would agree with you if it wasn't for the fact that 2.5.9, 2.6.0 and 2.6.1 were released on the same day.

So unless you were very agressive with your updating you would most likely still be running an affected version.

Re:

[i.of.the.storm]

Nonono, you don't get it. 2.5.9 contains the bug fix for people/distros who don't want to move to a new major release. 2.6.0 was released, but it had a separate bug, so 2.6.1 was released later that day to fix that bug. Either way, most people should be safe, since 2.6.0 hardly had a chance to be recommended.

Re:

[petermgreen]

Nonono, you don't get it. 2.5.9 contains the bug fix for people/distros who don't want to move to a new major release.
Do you have anything to back up that claim or is it just a guess?

Re:

[i.of.the.storm]

Yes? It helps to read the Pidgin mailing list [pidgin.im]. It's generally a good idea to know what you're talking about when talking about security issues, which is something both you and the slashdot story editor failed to do.

Where is the source package?

[GPLHost-Thomas]

Ok, it's available from "getdeb". But where do I get it for plain Debian Stable (Lenny), or where do I get the .diff.gz and .dsc files to compile them myself?

Re:

[Raptor851]

same place it's always been http://sourceforge.net/projects/pidgin/ [sourceforge.net]

Re:

[petermgreen]

There are debianised source packages for 2.6.1 on getdeb (you have to follow the link for a particular distro release and then there is a source link there), dunno how well made they are.

2.5.9 is availible in debian sid and at least up until now i've found sid's pidgin packages compile fine on lenny.

Re:

[GPLHost-Thomas]

Got it: dget http://archive.getdeb.net/getdeb/ubuntu/jaunty/pi/pidgin_2.6.1-1~getdeb1.dsc [getdeb.net] Cheers!

Re:

[petermgreen]

Here is a recipie to build a set of 2.6.1 packages for debian lenny based on the packaging ari has done for sid (but not uploaded yet hence the download from svn.debian.org).

wget http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.tar.bz2 [sourceforge.net]
bunzip2 pidgin-2.6.1.tar.bz2
tar -xf pidgin-2.6.1.tar
gzip pidgin-2.6.1.tar
mv pidgin-2.6.1.tar.gz pidgin_2.6.1.orig.tar.gz
cd pidgin-2.6.1
svn export -r 14052 svn://svn.debian.org/svn/collab-maint/deb-maint/pidgin/trunk/debian
sed -i s/tcl8.6-dev/tcl8.5-dev/ debian/

So the msn server has to attack you?

[phantomcircuit]

A vulnerability that is ridiculously unlikely to ever be seen in the wild? Oh no!

So I don't know a damn thing about this. . .

[MagusSlurpy]

. . . but if it's going through the MSN server, doesn't that imply that one would have to be running an MSN login?

Does anyone actually use that anymore?

Re:

[Darkness404]

Yes, there are a lot of people still on MSN, and AIM, especially if they aren't that great with computers. A lot of them have Facebook, but Facebook chat is quite buggy and seems to fail on low-bandwith connections (and recently has forced me to spoof my user agents in order to use Facebook chat with alphas of Firefox....).

Re:

[petermgreen]

Sadly most non-technical users here in the UK do and most of them are very difficult to persude to either use a multiprotocol client or switch entirely.

Re:

[geckipede]

Yes, because you can't just decide to use something different one day. Convincing all your friends to switch to something else isn't worth the effort.

Re:

[sqrt(2)]

It's highly regional. Japan I'm told is mostly Live Messenger (MSN). I actually like the MSN protocol more than AIM or anything else. The client too is very nice once you patch it to remove the ads and some other things. Unfortunately all of my friends still use AIM and there is nothing I can do to get them to switch. Some started using Skype for VOIP but they usually only turn it on when they want to make a call, preferring to use AIM the rest of the time.

Re:

[Abreu]

Since the local telecom monopoly here, Telmex, has an agreement with Microsoft, most internet users in Mexico use MSN for IM and Hotmail for email...

Sad, but true... so I unavoidably have to have a MSN client if I want to IM with people here

Just say no!

[higuita]

Its simple... when asked for your IM address, say you use gtalk/gmail/jabber/xmpp and that you dont have MSM (you cant, you dont like, you dont agree with the MS policy, etc), then ask back if they have gmail or any other xmpp based service.If they complain that dont want to have 2 IM open, say they can install multiprotocol clients.

in the start, you will be joked, later you will see some people starting to use other IM networks and when reach the critical mass, you will see that people start using both n

2.5.9 and 2.6.1 are different releases

[Laven]

2.5.9 and 2.6.0 were both released Tuesday, August 18th addressing this security issue (CVE-2009-2694). 2.5.9 is 2.5.8 with only CVE-2009-2694 addressed and an unrelated crash bug fix. 2.6.0 contains CVE-2009-2694 in addition to many other bug fixes and the new Voice and Video support.

Unfortunately, another security issue was discovered with sending URL's over the Yahoo protocol and 2.6.1 was released on Wednesday, August 19th. According to the pidgin developers, 2.5.9 was not affected by separate bug.

Note: The Voice and Video support in pidgin-2.6.1 is a bit fragile. You MUST have the latest version of farsight2 and the stack of libraries it requires. You may also need to open ports on your firewall to allow it to connect.

Re:

[i.of.the.storm]

Yes, this is what I've been trying to say all over this thread. The slashdot summary is horribly incorrect.

Re:

[Tenebrarum]

Note: The Voice and Video support in pidgin-2.6.1 is a bit fragile. You MUST have the latest version of farsight2 and the stack of libraries it requires. You may also need to open ports on your firewall to allow it to connect.

To say the ruddy least. I've been trying to connect to friends' GTalk clients and it just doesn't work (although a couple of times I've managed to hear them).

Re:

[Ilgaz]

How come Google engineers doesn't give a hand to Pidgin developers on that GTalk issue? It has been months now, all they need is a SVN client or something.

Isn't it the main purpose of using an open source framework like XMPP and enhancing on top of it instead of stupidly (hear me MS,AOL) trying to maintain your own closed network?

One side of Google does a genius move as using XMPP for GTalk and other side doesn't take advantage of it on such a critical issue and leaves implementation to developers who are a

About time

[SilverHatHacker]

Pidgin got voice and video support? Add that to the list. [slashdot.org]
Too bad Ubuntu is switching to Empathy. Sure, just apt-get pidgin back if you want it, but Telepathy is a much better way to do IM'ing anyway.
I'm glad to see that Pidgin isn't as dead as we thought, but it's era is ending.

Change headline please. It's misleading.

[BikeHelmet]

Pidgin Adds Google Talk Voice and Video Support and patches a Vulnerability

Debian Lenny has already a fix!

[GPLHost-Thomas]

Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.

The first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the

That's not a vulnerability...

[koolfy]

that's google talk's default privacy policy !

Behind the times much?

[CarpetShark]

It's not the pidgin/purple/xmpp teams' fault(s), but this is astoundingly slow progress. That's one audio/video protocol out of many (msn, yahoo, etc. still need to be done from the sound of things). It's been years since the jingle reference library was opened up by google. In the meantime, google have moved on to Wave, twitter has happened, social networking has happened (granted, pidgin has a facebook IM extension), rapid download sites that compete with bittorrent have happened (and file transfers in

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cbhacking]

What really surprises me is lack of video over MSN, since Kopete (Konqueror's built-in IM client, which is in many ways comparable to Pidgin) has had MSN video chat for (about?) 2 years now, maybe longer. Both are open source, and while I'm not sure what Kopete's license is, surely they could share specifications even if they can't share code?

Re:

[LiquidFire_HK]

You mean KDE's client. Konqueror is a browser and does not include an IM client :)

FWIW, Kopete is GPL, like Pidgin. Qt used to be GPL (until 4.5 when it was also released as LGPL) so you'll find all KDE software is GPL as well.

freeballer

[freeballer]

only for linux, so windows people are --t out of luck

Not Entirely XMPP Friendly

[Zerocool3001]

Its a bit misleading to say that Pidgin now implements video and voice for XMPP networks. They have implemented video and voice for the protocols that Google Talk uses which are unique to Google Talk. Other services (such as iChat) use different video and voice protocols on XMPP (possible on the Google Talk network). Since there is no unified protocol for video and voice on XMPP each service uses their own "proprietary" protocols piggy backed on an XMPP network. I guess us snobby iChat users will just cont

Re:

[Paaskonijn]

I guess us snobby iChat users will just continue to talk to each other.

As if you'd have it any other way. ;)

Re:

[igjeff]

Uhm...to say that there is no unified protocol for video and voice on XMPP just doesn't match reality.

The jingle specs are fairly universal in the XMPP world. Google's, interestingly enough, is actually a bit out of date at this point, but they've promised to update to the jingle specs once the XSF has settled them, which has only really happened pretty recently.

Other clients that support some level of jingle A/V, where some of them may be audio only (and remember, there's basically no support needed at th

Re:

[uhoreg]

Telepathy/Empathy also supports Jingle. Coccinella (two "c"s) supports Jingle, but uses IAX [coccinella.im] as the transport, so you won't be able to chat with most other people.

By the way, the base Jingle spec is XEP-0166 [xmpp.org], and was just recently advanced to "Draft" status.

Soo MS!

[SpaghettiPattern]

Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability)

Yeah, get there where MS is I say!

Thank you, Pigdin developers!

[DrZook]

This is especially great news for those of us in places like the middle east, where greedy telephone monopolies block traditional VoIP traffic in order to hold on to their ancient business models. Google talk is increasingly becoming the de facto standard for international calls for the migrant population and the like.

Blaming the wrong ones

[Ilgaz]

First of all, to that security company. Good job really publicizing a vulnerability without checking with unpaid developers of a complete open source project. Also whatever junk you use to create the pages pages doesn't work with Opera 10 and I am too tired to fire up another browser.

Second: Where are you "web 2.0" cool privacy killing instant messenger sites built on Pidgin libraries, where is your patch to the security vulnerability? Can't you spare some of the entrepreneur provided millions to hire some actual developers and fix the issues with the core you rely on?

Third: How hard to assign couple of MSN, AOL, Yahoo developers to Pidgin project by respective companies and let them maintain their own mess which they call a "protocol"? It is not like 100s of millions of Win32 users will use a GTK2 client on their Windows while you already push your own with OS install right? I talk about 3 guys at most, who will at least oversee the protocol development.

All we "open standards" loving nerds are running bunch of closed source, proprietary, low quality, badly engineered IM protocols and at end, people who are unpaid, overworked struggling to keep up with the junk above gets the blame... It is a huge shame really.

w00t

[ottothecow]

hey look my first accepted story

Re:

[Darkness404]

Skype?

Pidgin is actually pretty good in the amount of things it supports, I have some friends on AIM, MSN, and others on various others. It helps centralize things.

Re:

[CarpetShark]

Trillian is probably your best bet. I've never tried the A/V support, but it's been there for quite a while. Also look into Gizmo.

Re:

[cparker15]

Is there a good, reliable program that's available for Windows and Mac OS X for voice and video communication?

And no, I'm not going to install anything from Microsoft.

You do know who develops Windows, don't you?

Re:

[NevarMore]

Easier fix. Don't use MSN.

Re:

[Jugalator]

That's one of those things that is very easy to fix for yourself, but not all your friends.

Oh wait, maybe I used an unknown word on Slashdot now. ;-)