I am running Gaim 0.75 under SuSE 9 Pro. It suddenly stopped working (will not connect, no error message, just sits at the connecting window) yesterday. I notice that YaST shows a Security Patch for 0.67 but that version of Gaim was unstable in the experience of many -- esp. given the tinkering of Yahoo. Will that security patch work OK for 0.75? Any ideas what might be tripping up Gaim this time? Thanks! dmc
It suddenly stopped working (will not connect, no error message, just sits at the connecting window) yesterday.
Guessing you're using Yahoo! through it yes? The Yahoo! authentication stuff still doesn't work right, it's actually one of the things blocking a 0.76 release at the moment, sometimes it works, sometimes it doesn't.
I notice that YaST shows a Security Patch for 0.67 but that version of Gaim was unstable in the experience of many -- esp. given the tinkering of Yahoo. Will that security patch work OK for 0.75?
The latest package of 0.75 at www.usr-local-bin.org has the security holes patched. The version available via YOU is a patch package that will only patch the SuSE-supplied 0.67 package. (There is also a full patched 0.67 package as well, but again, it's still only version 0.67) -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 9.0) GNOME updates for SuSE: http://www.usr-local-bin.org
Does this mean that the 0.75 I downloaded and installed a few weeks back may not contain the security patches? If so I will download again and reinstall. Thanks! dmc James Ogley wrote:
The latest package of 0.75 at www.usr-local-bin.org has the security holes patched. The version available via YOU is a patch package that will only patch the SuSE-supplied 0.67 package. (There is also a full patched 0.67 package as well, but again, it's still only version 0.67)
Does this mean that the 0.75 I downloaded and installed a few weeks back may not contain the security patches? If so I will download again and reinstall.
It does, the holes were discovered after the release of 0.75 -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 9.0) GNOME updates for SuSE: http://www.usr-local-bin.org
First, on Wednesday 04 February 2004 16.10, Dr. David M. Colburn wrote:
I am running Gaim 0.75 under SuSE 9 Pro.
It suddenly stopped working (will not connect, no error message, just sits at the connecting window) yesterday.
I notice that YaST shows a Security Patch for 0.67 but that version of Gaim was unstable in the experience of many -- esp. given the tinkering of Yahoo. Will that security patch work OK for 0.75?
Any ideas what might be tripping up Gaim this time?
Thanks! dmc
and then on Wednesday 04 February 2004 18.14, Jim Sabatke wrote:
You're not the only one. It was working for me, then stopped.
I'm beginning to think Microsoft was right: as soon as linux desktop use hits a high enough number we're going to have the same virus problem as they do
* Anders Johansson (andjoh@rydsbo.net) [040204 09:20]:
First, on Wednesday 04 February 2004 16.10, Dr. David M. Colburn wrote:
I am running Gaim 0.75 under SuSE 9 Pro.
It suddenly stopped working (will not connect, no error message, just sits at the connecting window) yesterday.
I notice that YaST shows a Security Patch for 0.67 but that version of Gaim was unstable in the experience of many -- esp. given the tinkering of Yahoo. Will that security patch work OK for 0.75?
Any ideas what might be tripping up Gaim this time?
Thanks! dmc
and then on Wednesday 04 February 2004 18.14, Jim Sabatke wrote:
You're not the only one. It was working for me, then stopped.
I'm beginning to think Microsoft was right: as soon as linux desktop use hits a high enough number we're going to have the same virus problem as they do
I doubt that. And here is some food for thought as far as other OS's. I've been using my Powerbook more and more the last couple months and just sshing to my Linux box for various things. Well, I use Fire on OSX for Instant Message services. It's quite a bit like Gaim and it's even distributed under the GPL, but here's the kicker. The Yahoo issue came up on January 8th and it took the 20 days to fix the issue even though Kopete and Gaim had a fix in. I'm not saying that Yahoo! hasn't been tweaking their protocol to screw with people since then and that Gaim doesn't have issues here and there. What I am saying is that the Linux/*BSD communities have a much better record in my book for fixing problems ASAP. *shrug* Anyone who says Linux can not have worms and trojans is either stupid or just uneducated. A user can execute code that could do the same thing this MyDoom worm is doing and as the stupid and uncaring people come over from the Windows world we shall have more of this. They might not destroy their machines because this code wouldn't have root privs but they can do a shitload of damage in other ways. With Linux and OSX it's 99% user stupidity that will cause this...but with Windows I think it's about 50/50...stupid people vs. crappy software. In any event. That's my 0.02. -Ben -- Linux User #147972 ---===--- mailto:ben@whack.org -- "There is no need to teach that stars can fall out of the sky and land on a flat Earth in order to defend religious faith."
On Wednesday 04 February 2004 12:05, Anders Johansson wrote:
I'm beginning to think Microsoft was right: as soon as linux desktop use hits a high enough number we're going to have the same virus problem as they do
Don't totally agree. Since Apache, which is open source has about two thirds of the web servers (netcraft.com) and has almost none of the worms and virii, I don't think the comparison between open source and Microsoft is valid. I think there are two problems. 1) The inevitable bugs in any complex software. I've seen and written programs of only a few hundred lines with stupid things in them despite my best efforts. These seem to be patched pretty quickly in Linux land. 2) The "ya can't always get it all in one place all the time for Linux" which confuses the h_ll out of folks that don't know the inner workings. I'd like to upgrade to the latest and greatest _with_ security patches (SUSE 8.2 version is very unstable and missing features), however, when compiling the source, I found I needed GTK+2.0 (IIRC that's the error.). Packman didn't have anything I could see that would help. James' fine repository of RPMs only covers 9.0 as he does have a life. I have to figure out: a) Where do I get GTK+2.0? Which RPM or set of RPMs get me what I need. b) If I install GTK+2.0, do I hose my present system? I only have one and can't afford for it to be down while I futz with these things. c) Is there a patch for the version I'm running (0.72) and how the blue blazes do I apply it since I installed it from an RPM? d) Can I afford to use software with a known hole in it? (That's why I got away from Windows was to avoid security holes) For the price (I bought a boxed set), SUSE Linux is great, so don't ask me if I'd like some cheese and crackers with my whine. I knew there would be days like this. This kind of stuff will help keep folks who really haven't gotten their feet very wet from upgrading and help bolster the idea that Linux isn't that much better than Windows. It will scare the living daylights out of Grandma and Grandpa. Answers to that kind of stuff are what I hope the list is for, otherwise I would not have opened my big mouth. Problem is, not everybody joins lists and as such, sooner or later something will cause folks in Linux land to get burned. I don't have any suggestions on how to fix that. BTW any help on the above questions would be appreciated as well as any hints on options needed to compile Gaim 0.75 for SUSE 8.2. I've already gotten a lot of very good information off of the list.
On Wednesday 04 February 2004 14:26, Charles Kunce wrote:
on how to fix that. BTW any help on the above questions would be appreciated as well as any hints on options needed to compile Gaim 0.75 for SUSE 8.2. I've already gotten a lot of very good information off of the list.
I have RPMs of 0.75 for SuSE 8.2 at my site. Direct link is http://scott.exti.net/files.html . This includes the security patch released on Jan. 28. -- Homepage http://scott.exti.net XFce desktop environment http://www.xfce.org Goodies for the XFce desktop http://xfce-goodies.berlios.de GPG public key ID: 811B00AB
On Wednesday 04 February 2004 15:58, Scott Jones wrote:
I have RPMs of 0.75 for SuSE 8.2 at my site. Direct link is http://scott.exti.net/files.html . This includes the security patch released on Jan. 28.
Thanks Scott. I pulled the files down, they work great. They have the reported problem with Yahoo that started this thread, but at least I have a security patch installed and I mostly use AOL anyway so no great loss for me. I still want to figure out how to install GTK+ 2.0 for the next version of Gaim or whatever if that is possible without hosing my system. The www.gtk.org download directory frankly is a bit intimidating and the documentation on the site is for programming GTK (I looked). Maybe I should start another thread to keep this from getting way off topic. Thanks again
On Wednesday 04 February 2004 16:06, Charles Kunce wrote:
On Wednesday 04 February 2004 15:58, Scott Jones wrote:
I have RPMs of 0.75 for SuSE 8.2 at my site. Direct link is http://scott.exti.net/files.html . This includes the security patch released on Jan. 28.
Thanks Scott. I pulled the files down, they work great. They have the reported problem with Yahoo that started this thread, but at least I have a security patch installed and I mostly use AOL anyway so no great loss for me.
Same here.
I still want to figure out how to install GTK+ 2.0 for the next version of Gaim or whatever if that is possible without hosing my system. The www.gtk.org download directory frankly is a bit intimidating and the documentation on the site is for programming GTK (I looked). Maybe I should start another thread to keep this from getting way off topic.
If you were able to install Gaim, you have GTK2 installed, as that is what I build it against (same as James). scott@nostromo:~> rpm -qa | grep gtk2 gtk2-themes-0.1-347 gtk2-engines-2.2.0-39 gtk2-devel-2.2.4-SuSE.ulb.1 rep-gtk2-0.17-19 gtk2-doc-2.2.4-SuSE.ulb.1 gtk2-2.2.4-SuSE.ulb.1
Thanks again
No problem. -- Homepage http://scott.exti.net XFce desktop environment http://www.xfce.org Goodies for the XFce desktop http://xfce-goodies.berlios.de GPG public key ID: 811B00AB
On Wednesday 04 February 2004 21.26, Charles Kunce wrote:
On Wednesday 04 February 2004 12:05, Anders Johansson wrote:
I'm beginning to think Microsoft was right: as soon as linux desktop use hits a high enough number we're going to have the same virus problem as they do
Don't totally agree. Since Apache, which is open source has about two thirds of the web servers (netcraft.com) and has almost none of the worms and virii, I don't think the comparison between open source and Microsoft is valid.
I think both you and Ben were missing my point by about a mile. We had two users, one even said that he saw the security notice. And yet he continued to run a version that he *knew* had a remotely exploitable vulnerability in it. And others too. And they just kept trying and trying because even though they had read the security alert "there's no other version to try" With attitudes like that we're *very* close to "hey, an attachment, cool, let's click it and see what happens"
Anders Johansson wrote:
I think both you and Ben were missing my point by about a mile. We had two users, one even said that he saw the security notice. And yet he continued to run a version that he *knew* had a remotely exploitable vulnerability in it. And others too. And they just kept trying and trying because even though they had read the security alert "there's no other version to try"
With attitudes like that we're *very* close to "hey, an attachment, cool, let's click it and see what happens"
Actually the problem is the same chronic one that has long plagued the efforts of Linux to penetrate the non-geek world, poor docs. When the security notice was posted one of two things should have been included, either a pointer to the new sub-versions of Gaim 0.67 and 0.75 (e.g. 0.67a, 0.75a, or whatever the appropriate version number sequence that would be appropriate) that included the fix OR specific instructions that versions of Gaim with the same version number (really dumb) may or may not contain the security fixes and what date-range to look for (and hopefully get one that really contains the security fix). Absent those instructions it is folly to presume that the majority of non-geek SuSE users would know what to do, especially if they had updated to 0.75 due to the Yahoo failure of 0.67. Also, since SuSE was issuing online a replacement version of Gaim 0.67 why not post the 0.75 upgrade with security fix versus wasting time on the outdated v. 0.67? (Who wouldn't update while they were running the security update?) IMHO, YMMV ... dmc
* David Colburn (kd4e@arrl.net) [040204 17:30]:
Actually the problem is the same chronic one that has long plagued the efforts of Linux to penetrate the non-geek world, poor docs.
Well, that isn't much of an excuse. If Microsoft has such wonderful docs why don't MS users update regularly? It's not the docs. It's either people know or don't care to know how to keep up with things properly.
When the security notice was posted one of two things should have been included, either a pointer to the new sub-versions of Gaim 0.67 and 0.75 (e.g. 0.67a, 0.75a, or whatever the appropriate version number sequence that would be appropriate) that included the fix OR specific instructions that versions of Gaim with the same version number (really dumb) may or may not contain the security fixes and what date-range to look for (and hopefully get one that really contains the security fix).
SUSE only does security fixes..hence the reason for the patched 0.67 pkg. They don't do feature upgrades or upgrades that aren't security related..ie..Yahoo! screwing the public by changing their protocols. The 0.75 pkgs come from www.usr-local-bin.org an James has it spelled out quite nicely on his site. If you want to know the patched version vs what you have then you can do this.. rpm -q gaim This will tell you what version you have. What you pay attention to is the build number not the version of the software of it's the same. For example.. Previous build of 0.75: gaim-0.75-100.SuSE.ulb.1.i586.rpm ^ New build of 0.75: gaim-0.75-100.SuSE.ulb.3.i586.rpm, ^ You'll notice the ^ under the build number. If you did "rpm -q gaim" and compared that to what you got off the ulb site that is what denotes the difference. This was done because it was patched because no 0.76 version exists...so no build of newer software could be made available to anyone.
Absent those instructions it is folly to presume that the majority of non-geek SuSE users would know what to do, especially if they had updated to 0.75 due to the Yahoo failure of 0.67.
If a "non-geek" upgraded to 0.75 and it was a SUSE pkg then they most likely got it from ulb and James gives detailed announcements of new pkgs when he posts them on his site. So for a "non-geek" to be confused that SUSE's bug fix 0.67 was better, newer and faster then 0.75 would be just silly and I'd say they should box their computer up and return it..or something of that nature since lower version numbers do not mean more features in ANY OS environment.
Also, since SuSE was issuing online a replacement version of Gaim 0.67 why not post the 0.75 upgrade with security fix versus wasting time on the outdated v. 0.67? (Who wouldn't update while they were running the security update?)
I explained this in the above paragraphs. SUSE just patches for security reasons and releases the same numbered version that shipped with the distro. It's company policy with all their pkgs as not to break things. They aren't selective in this policy very often at all. -Ben -- Linux User #147972 ---===--- mailto:ben@whack.org -- "There is no need to teach that stars can fall out of the sky and land on a flat Earth in order to defend religious faith."
Onsdag 04 februar 2004 21:26 skrev Charles Kunce:
On Wednesday 04 February 2004 12:05, Anders Johansson wrote:
I'm beginning to think Microsoft was right: as soon as linux desktop use hits a high enough number we're going to have the same virus problem as they do
Don't totally agree. Since Apache, which is open source has about two thirds of the web servers (netcraft.com) and has almost none of the worms and virii, I don't think the comparison between open source and Microsoft is valid.
I think there are two problems.
1) The inevitable bugs in any complex software. I've seen and written programs of only a few hundred lines with stupid things in them despite my best efforts. These seem to be patched pretty quickly in Linux land.
2) The "ya can't always get it all in one place all the time for Linux" which confuses the h_ll out of folks that don't know the inner workings. I'd like to upgrade to the latest and greatest _with_ security patches (SUSE 8.2 version is very unstable and missing features), however, when compiling the source, I found I needed GTK+2.0 (IIRC that's the error.). Packman didn't have anything I could see that would help. James' fine repository of RPMs only covers 9.0 as he does have a life. I have to figure out:
Well support open source development and get the ½-year upgrades at half the full price ..... ;-) Couldn't resist this posting this little note Johan
a) Where do I get GTK+2.0? Which RPM or set of RPMs get me what I need. b) If I install GTK+2.0, do I hose my present system? I only have one and can't afford for it to be down while I futz with these things. c) Is there a patch for the version I'm running (0.72) and how the blue blazes do I apply it since I installed it from an RPM? d) Can I afford to use software with a known hole in it? (That's why I got away from Windows was to avoid security holes)
For the price (I bought a boxed set), SUSE Linux is great, so don't ask me if I'd like some cheese and crackers with my whine. I knew there would be days like this. This kind of stuff will help keep folks who really haven't gotten their feet very wet from upgrading and help bolster the idea that Linux isn't that much better than Windows. It will scare the living daylights out of Grandma and Grandpa. Answers to that kind of stuff are what I hope the list is for, otherwise I would not have opened my big mouth. Problem is, not everybody joins lists and as such, sooner or later something will cause folks in Linux land to get burned. I don't have any suggestions on how to fix that. BTW any help on the above questions would be appreciated as well as any hints on options needed to compile Gaim 0.75 for SUSE 8.2. I've already gotten a lot of very good information off of the list.
Dr. David M. Colburn wrote:
I am running Gaim 0.75 under SuSE 9 Pro.
It suddenly stopped working (will not connect, no error message, just sits at the connecting window) yesterday.
I notice that YaST shows a Security Patch for 0.67 but that version of Gaim was unstable in the experience of many -- esp. given the tinkering of Yahoo. Will that security patch work OK for 0.75?
Any ideas what might be tripping up Gaim this time?
Thanks! dmc
You're not the only one. It was working for me, then stopped. -- Jim Sabatke Hire Me!! - See my resume at http://my.execpc.com/~jsabatke Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup.
participants (9)
-
Anders Johansson -
Ben Rosenberg -
Charles Kunce -
David Colburn -
Dr. David M. Colburn -
James Ogley -
Jim Sabatke -
Scott Jones -
yep@osterbo-net.dk