Things I can’t believe…
- Mark Shuttleworth didn’t turn up to SMASHED… Even though he said he would… Tsk Tsk! – Solution, bring two bottles next time…
- Google’s party was such a load of horse excrement that people didn’t even drink the free beer… Glad I wasn’t there! – Solution, don’t be so cheap!
- Pidgin/Purple stores all of my passwords in plain text in ~/.purple/accounts.xml! – Solution, use the frickin’ keyring already!!
This entry was posted on Thursday, July 17th, 2008 at 5:11 pm and is filed under Various.
You can follow any comments to this entry through the RSS 2.0 feed.
You can leave a comment, or trackback from your own site.
Didn’t know about pidgin. that’s really bad. Is tehre already a bug for it?
http://developer.pidgin.im/wiki/PlainTextPasswords
apparently they have their “reasons”, although they’re still retarded reasons… like “protocols aren’t secure so why should we be?”
Security is only as strong as the weakest link, its far more likely that a password will be stolen from a known file source than as it is being transmitted… Its not hard to construct a trojan to do this for windows, or even steal from any platform when a machine is left logged in somewhere.
There’s no excuse for passing the buck like this and they should be ashamed of themselves for it…
Pidgin justifies this in a way that, at least, satisfies me. You should read it, even before installing it: http://developer.pidgin.im/wiki/PlainTextPasswords
They also have a GSoC project to let GnomeKeyring handle this stuff: http://developer.pidgin.im/wiki/GSoC2008/MasterPassword
We have a Summer of Code project this year to make the storage of passwords pluggable, and to write plugins for the major keyring systems on supported platforms. See ; some work has been committed to .
We have a Summer of Code project this year to make the storage of passwords pluggable, and to write plugins for the major keyring systems on supported platforms. The relevant branch is im.pidgin.soc.2008.masterpassword.
(Your blog *really* needs a preview button and some information on what markup is permitted.)
I think the worst of it is that people do tend to reuse passwords for IM for more important things which may be being better protected.
I think SoCing your problems isn’t really a solution… Relying on SoC for something like this is obvious ignorance of a real issue at hand. Just like the page which I commented here regarding your reasoning. It’s just not an excuse, this is the 21st century!
I agree with the blog bit though :/
I’m no advocate of Google but I have to state that those GUADEC events were organised as a part of organisation and actually problems regarding them should not be associated with sponsors. Of course better funding and dedicated people from organisers would have made it even better. From my side I tried my best and tried to “fix” all bugs _reported_ abiut events. To sum up please offense me instead of sponsors because you won’t need me next year but need sponsors :/ Sorry for all annoyances.
Baris, I wasn’t at the party as I said, but hell people were seriously complaining about the venue, the beer… but most of all. That google didn’t show up!
All the parties I went to were great though, however I do think that google need to rethink where they stand. They could have specified in detail what kind of party they wanted to throw, and most importantly show up! As lefty said, a lot goes into google but not much comes out apart from the occasional cheque.
I was at that party and had a great time. People who didn’t appreciate the free beer and wanted to talk instead of dance should have stayed in their hotel rooms with their laptops or something.