[Citadel Development] Re: security / js
On Thursday 05 January 2006 20:52, dothebart wrote: [...] > one question, what happenes to the js in html-emails? No sane email app runs Javascript embedded in email. Which is a pity, because I have an application that could actually *use* it. The problem is that most email apps don't have a sufficiently secure Javascript sandbox to make this feasible; there's no intrinsic reason why you couldn't safely use Javascript in email. But given that a lot of email apps still fetch remote images by default, Javascript, with all of its extra complexity, is just too risky.
[Citadel Development] Re: (no subject)
I have the suspicion that when Sun developed Java, they got a whole bunch of really good language designers in a room, told them to go wild, and then accidentally confused the 'Good Idea' pile with the 'Bad Idea' pile. It is just *so* broken...
[Citadel Development] Re: (no subject)
On Wednesday 07 September 2005 08:48, mcbridematt wrote: [...] > AUTHINFO PASS (pass) I'd just like to point out that if that password is sent in plain text, then NNTP authentication should only be supported via an encrypted channel, and lengths need to be taken to prevent the client from attempting to authenticate if it's not. I don't know enough about the protocol to know if it's possible to do this legally --- does returning an error code at the AUTHINFO USER stage prevent the client from continuing the authentication? Otherwise, it may be necessary to abruptly break the connection, which is horribly ugly but I don't see an alternative. (It's not even particularly reliable if the client's pipelining commands...)
[Citadel Development] Re: NNTP encrypted auth
On Saturday 10 September 2005 12:43, you wrote: [...] > Yes, I can put a reject into AUTHINFO to stop non-SSL connections (easy, > users without a clue will love us) Cool. I wasn't sure if NNTP supported such a thing --- I did look at the protocol once and was startled at how archaic it was. I'd love to read Uncensored via NNTP; posting messages through IMAP is a right pain...
[Citadel Development] Re: (no subject)
On Tuesday 04 October 2005 12:42, you wrote: > dothebart: yes, but as I've recently discovered, I am doing it the wrong > way. Whenever we do a release version, I bump the version number of > everything in CVS to (version number * 100), with a command like: cvs > commit -r655.0 > This is, of course, somewhat stupid. *twitch* Try reading up on tags. This solves this specific problem. Subversion has an equivalent feature, AFAIK. You may be consoled to know that it's not the most idiotic thing I've ever seen someone do with CVS. Someone on the Lua mailing list once told us that the place where they worked collapsed all CVS revisions together between each major release... so version 0.1 of a file corresponded to the first release, version 0.2 the second, etc, and that they *threw away* all the change information between that. Needless to say, we were a little startled.
[Citadel Development] Re: (no subject)
But it's such an important point it's worth telling him *again*... Sorry. Long, tiring day, spent tracking down !*%"&££"!! reference counting bugs at work. I should have realised you already knew that. The story's true, though, and I can find you the public mailing list archive to prove it.
[Citadel Development] Re: (no subject)
On Monday 07 November 2005 10:40, you wrote: > Nov 6 2005 5:23pm from hjalfi <[EMAIL PROTECTED]> in > 061860.Drafts> in home handyman > why does this message contain a text/plain attachment? is it postet via mua > that appends both? text and html body? Yeah, I've noticed that. I post via IMAP, using kmail; I compose a message, save it as a draft, and then move the message from the drafts folder into the target room. (Which is not particularly satisfactory, but does the job.) The messages *don't* contain HTML (unlike Thunderbird, which insists on saving HTML drafts regardless of what you tell it), but it *does* contain a Content-Type header. This could be confusing WebCit into thinking there's an attachment.
[Citadel Development] (no subject)
Interesting (and probably fairly straightforward) idea: I tend to read Uncensored via IMAP, because I don't like the web client or the text client and it's convenient having Uncensored simply appear in my mailer. (KMail, for reference.) However, posting is inconvenient --- I have to compose my message, save it as a draft, and then move the message from Drafts to the target room. This means it's error prone and there are weird side issues; I discovered that doing this with Thunderbird causes HTML messages to always be generated even if you ask it not to, because it only strips out the HTML when it actually sends the message. Since a Citadel room is basically a mailing list, why not have the system generate the standardised List-Id, List-Post, List-Archive etc mail headers? That way I could just select a message, press the Reply To Mailing List button, type my message, press Send, and it would automagically wend its way into the correct room via authenticated SMTP. Does this sound useful?
[Citadel Development] Re: (no subject)
List-Id is standard (RFC2919). Most open source mailers support it. Don't know about Outlook and Outlook Express. You also don't want to use Reply-To for this, because you may want to use Reply-To to reply to the sender of a particular message, not the list as a whole. (Ideally, this should be set on a per-list basis.)
[Citadel Development] (no subject)
I've done a WebCit translation into British English --- pretty much trivial, really, as you might expect. I enclose a diff file containing the differences from webcit.pot. There are seven, and one of them is to fix a typo in the original (accessible has two Ss). I hope this is useful to someone... --- webcit.pot 2006-01-19 04:10:19.0 + +++ en_gb.po 2006-01-25 12:41:03.0 + @@ -442,11 +442,11 @@ msgstr "" #: ../event.c:283 -msgid "Organizer" +msgid "Organiser" msgstr "" #: ../event.c:288 -msgid "(you are the organizer)" +msgid "(you are the organiser)" msgstr "" #: ../event.c:306 @@ -652,11 +652,11 @@ msgstr "" #: ../iconbar.c:318 -msgid "Customize this menu" +msgid "Customise this menu" msgstr "" #: ../iconbar.c:319 -msgid "customize this menu" +msgid "customise this menu" msgstr "" #: ../iconbar.c:386 @@ -664,7 +664,7 @@ msgstr "" #: ../iconbar.c:468 -msgid "Customize the icon bar" +msgid "Customise the icon bar" msgstr "" #: ../iconbar.c:480 @@ -723,7 +723,7 @@ #: ../iconbar.c:622 msgid "" -"Clicking this icon displays a list of all accesible rooms (or folders) " +"Clicking this icon displays a list of all accessible rooms (or folders) " "available." msgstr "" @@ -1083,7 +1083,7 @@ msgstr "" #: ../messages.c:372 -msgid " (cell)" +msgid " (mobile)" msgstr "" #: ../messages.c:383 ../vcard_edit.c:246
[Citadel Development] Re: (no subject)
Ta. You know, it seems vastly overkill to have to have a complete new .po file for a language which is mostly compatible with en_US... isn't there any better way of doing it? (Disclaimer: I know nothing about .po files, which was why I included the diff.)
[Citadel Development] Re: (no subject)
I used to use Python a lot, and wrote a fairly chunky application in it (http://sqmail.sf.net). These days, however, I've moved on to using Lua instead; while it doesn't have the huge set of libraries that Python has, it's way faster, has fairly similar semantics without a lot of Python's bizarrity (e.g. Python's distinction of methods vs. functions), has real coroutines and not just Python's crippled version, and the entire VM can fit into 80kB of compressed source. ..incidentally, pm (plug, plug) is distributed as a bootstrapping shell script that transparently decompresses a copy of the Lua VM source and compiles it on-the-fly. This means that the whole thing is just one file, which doesn't need installing to be usable. Could you use a similar trick?
[Citadel Development] (no subject)
I have vague memories that it's possible for a Citadel client to store settings in some special room somewhere --- doesn't WebCit do this? I have a Top Sikrit project for which it would be nice to be able to do this, so if anyone has any pointers to information, it would be gratefully appreciated.
[Citadel Development] (no subject)
I notice that WebCit doesn't attempt to create the room if it doesn't exist. Can I be guaranteed that it always will? (Incidentally, any chance of a _PREFERENCES_ magic room name for this?)
[Citadel Development] Re: Calling all Gaim users
> Here's what I had to change in Tolua's config file to get it to build > on my box (which is tracking Ubuntu dapper): I didn't know that was available yet --- I run breezy. I'll have a look. > Woo, no errors. Yay! *does a happy little dance* (The build tool is under development as well, you see...) There are some issues. The most important one is that I forgot to change the default poll interval setting from its debug value to a more sensible one. So by default, it's going to send an RWHO to Uncensored every ten seconds. Run, don't walk, to Accounts->Modify->Extra Options and change it to at least 60, please, or else Ig is going to kill me. You'll need to log out and log in again for the change to take effect. The other one is that there's quite a lot of debug tracing produced by the plugin. If you don't like it, edit ~/.gaim/plugindata/citadel.lua, go to line 64, and comment out the contents of the log() function (with double hyphens -- at the beginning of the line). Again, you need to log out and log in again. Ig, I could use some icons. May I explicitly violate the logo guidelines and tear off the little castle bit from the logo, or would you prefer something else?
[Citadel Development] (no subject)
I've just realised that there's another bug where it never notices that people go offline... so over time, your roster will gradually fill up as people appear. Sending messages to people who are offline will fail (Citadel doesn't support this).
[Citadel Development] (no subject)
Good idea, and done (as an optional setting). It took under five minutes. I love Lua. I'll push out another release this evening... incidentally, is anything supposed to happen if I send a message to "(not logged in)"? And is that string guaranteed never to change?
[Citadel Development] Re: (no subject)
Are you using Gaim 1.5.0? BTW, is there any chance of getting a module on Citadel's SVN server for this stuff?
[Citadel Development] Re: (no subject)
[...] > Our svn repository lives in /appl/svn. Off the root there is a > subdirectory for each project, "citadel" "webcit" etc. Please just create > a new one for your project. All checked in now; thanks.
[Citadel Development] Re: Gaim-Citadel 0.3.1
On Monday 20 February 2006 14:43, you wrote: [...] > I do seem to notice, though, that buddies are not removed when they log > out. The list just keeps growing, and it will even let me try to send > messages to users who are not logged in anymore (which fails, of course). *swears* You're right. I thought the place was a bit busy... I'll have a look.
[Citadel Development] Re: (no subject)
All AJAX lets you do is to push the View layer of your MVC app onto the browser --- previously, only the Controller layer was on the browser, and the View layer ran on the server. The reason why it's seen as such a huge step forward is that by putting your View logic on the browser you end up with a much more immediate, interactive application; it allows you to get away from the form-based transactional model of old web apps (which in turn is a reinvention of old mainframe apps). Of course, it also means that you're now exposing your Model to the outside world. When the View and the Model both ran on your own internal servers, you could harden the View-Controller interface to prevent the user from telling the View to do things they weren't allowed to, and then trust the View to issue the right commands to the Model. Now, you have to harden the Model-View interface. This is both easier (because most Model implementations allow constraints to be enforced more easily) and harder (because you have to protect against some malicious user sending the equivalent of 5000 BEGIN TRANSACTION commands and then hanging up the connection)...
[Citadel Development] (no subject)
This might be of interest to someone --- the Google Web Toolkit. Brief summary: write your application in Java. Test it in Java. Run it in Java. Once it's done, statically compile it to _javascript_ using the supplied tool, deploy it, and run on a client's web browser. More detailed overview. There's a rich set of components available --- see the Kitchen Sink demo for the full list; lots of RPC goodness for communicating with your host server; there' s big and vibrant developer community... did I mention yet that your application runs on the web browser, not on the server? So that interacting with the application only hits the server when it requests information? Oh, yeah, it's got extensive Eclipse integration too. Very, very neat. The GWT compiler is closed-source, but all deployed code is Apache 2.0 and there are no restrictions on what you can do with it.
[Citadel Development] Re: (no subject)
Who cares? What it is, is new for a web app. They've managed to put together half a dozen pieces of really crappy web technology (_javascript_, DHTML, XMLHttpRequest) and managed to build a real client-server platform out of it --- and the real beauty of it is that practically everyone's got the client software already. By choosing Java as the front-end language they get to exploit Servlets for the backend, and allow people to program in a real programming language; by compiling it into _javascript_ before deployment they get to avoid horrible web browser JVMs... sure, it's a nasty, hacky reinvention of the smart terminals we had in the 80s, but it's one that works, and from what I've seen works really well, too. And at the end of the day, that's the only thing that actually matters.
[Citadel Development] Re: (no subject)
My Linux box is set to Europe/London, and everything appears to work...
