[Bug 811729] New: What is fcitx doing opening and maintaining a TCP connection to 123.126.68.165 ?
https://bugzilla.novell.com/show_bug.cgi?id=811729 https://bugzilla.novell.com/show_bug.cgi?id=811729#c0 Summary: What is fcitx doing opening and maintaining a TCP connection to 123.126.68.165 ? Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tdh@thetdh.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Network 123.112.0.0/255.240.0.0 appears to belong to Communist China. Reproducible: Always Steps to Reproduce: 1. log in and open an xterm window 2. wait a little, perhaps run Firefox 3. run netstat -t -p -n Actual Results: I see an attempted "HTTP" connection (SYN_SENT, CLOSE_WAIT), after I router-firewalled the address off; previously, I saw an open connection. It seems that interference with the movement of my mouse has lessened after the firewall update. Expected Results: I don't expect to see connections that I don't control, especially to a bellicose country involved in intensive espionage. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c1
Weng Xuetian
https://bugzilla.novell.com/show_bug.cgi?id=811729 https://bugzilla.novell.com/show_bug.cgi?id=811729#c2 Marguerite Su changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |i@marguerite.su --- Comment #2 from Marguerite Su 2013-03-26 17:21:13 UTC --- Hi, there. I'm fcitx packager for openSUSE. 0. I explained it in #opensuse-factory just the day after 12.2 release to a curious foreign people. It means this is a public acceptable affair. 1. It's not installed by default for all. Provides: locale(fcitx:zh_CN;zh_SG) Here's what we've done. This code means: if you set your lang to zh_CN and zh_SG during the installation, it will be installed by default. The only usage of it is to include this package in our DVD/Live CD ISO, because there's no manual pick-up logic in openSUSE. 2. About The IP. Literally it's not _Communist_ China. It's just China. I think personally you owe me an apology. It hurts. If it's _Communist_ China, why you chose to learn Chinese? I'm born to be a Chinese, I have no choice. But why you? It's so rediculous, if I'm devil just because I'm posting using a Chinese IP, oh my, devils never sacrifice for open source communities, they just eat'em. If you judge things with prejudice, then sorry I can't help you at all. 2.1 It's a Pinyin server, and by its name, you'll know it means `pinyin on the cloud`. It's a Pinyin server provided Tencent/Sougou/Google to do things below: You input Chinese, right? like "woshimarguerite". Then it'll send this string to the servers, the servers will return you: "我是marguerite",”卧室marguerite"....and many. If people using this service select "我是marguerite" most, Then the server will memorize "oh, it's the most popular". Next time when you input the same string, it'll return the most popular one, which maybe just what you want. It's a probability game. That's how it works. Because Chinese is a "one to many" language, "woshimarguerite" can match too many things. How many? 15! = 1307674368000 (I'm not good at math) And it's just a very small Chinese sentence, with only 2 Chinese word + 1 English word. So do you think the Chinese server can monitor all such things all over the world? 2.2 The server only store such strings and the actual Chinese word. And the server locates in China. So basically it means: If it hosts the sensitive actual Chinese word, it'll be offline immediately. You can't even use it. So if there's no sensitive words on that server? how does it know that you input one of them? So it's not technically possible. 2.3 Google is an American company. Tecent is a Chinese company listed on NSDAQ. 3. About the usage As reasons above, and this: It's installed by default for Chinese people, what's wrong if you are in China and visit a Chinese server? Marguerite -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c3
--- Comment #3 from Weng Xuetian
https://bugzilla.novell.com/show_bug.cgi?id=811729 https://bugzilla.novell.com/show_bug.cgi?id=811729#c4 --- Comment #4 from Marguerite Su 2013-03-26 18:15:36 UTC --- Hi, 1. People have it installed by default have already known that it will send data to Internet servers from day one. Actually it's their request that push you develop it. That's why there's no bug reports and critiques from them. It's common knowledge among them. Since it satisifies people and there's no legal affair in it, It's acceptable from openSUSE side. To those who install it manually, it's your responsiblity to warn them(although I can't see any advantage of doing this). not our side. 2. Even not all websites are in HTTPS. I can't see the advantage to use Google by default. It's not technically possible to sniffer all the people. So how can the cracker pick you as a pity example ? Even if the cracker picks you as his target: * He can't hack your system. there's no system weakness at all. * He can't get what you're trying to say. because: ** He can only get the raw string and the return word, he has a lot of probability to guess, and even if he's right, he can't even know if the "right" word is the one you want. ** He can only get some strings in the sentence. Not all strings are sent to the servers. it's based on length. Basically it means it's not technically possible to get your mind. I can't see any possibility to take so much efforts to do such an useless thing. He can just sniffer your page visiting activites and easily get the correct word you type. So in my point of view, It's a non-existent bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c
FeiXiang Zhang
https://bugzilla.novell.com/show_bug.cgi?id=811729 https://bugzilla.novell.com/show_bug.cgi?id=811729#c5 Marguerite Su changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #5 from Marguerite Su 2013-03-28 10:51:21 UTC --- Please feel free to reopen it if there're any further questions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c6
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c7
--- Comment #7 from T.David Hudson
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c8
--- Comment #8 from Weng Xuetian
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c9
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c10
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=811729
https://bugzilla.novell.com/show_bug.cgi?id=811729#c11
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=811729 https://bugzilla.novell.com/show_bug.cgi?id=811729#c12 Marguerite Su changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|i@marguerite.su | Resolution| |UPSTREAM --- Comment #12 from Marguerite Su 2014-01-14 11:52:16 UTC --- (In reply to comment #11)
Hi Marguerite, can you have another (final) look at this? See comment 9. Thanks.
Hi, Alexander, This has been adjusted in newer fcitx. We turn off "web dictionary" function by default, even if users have fcitx-cloudpinyin installed. Those who willing to use that function have to enable it in input method settings. This "fix" has been landed in openSUSE 12.3 and above. As 12.2 is EOL. I think this bug can be closed as "upstream fixed". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com