On Fri, 9 May 2014 21:35:44 +0200
"Dmitrij D. Czarkoff" wrote:
> Why do you need xdg at all then?
For all X-Apps which call it.
> Your software calls xdg-open, so either you install soap as
> $PREFIX/xdg-open or it is not used. In former case you overwrite
> $PREFIX/xdg-open from xdg-utils.
R
FRIGN said:
> This is a solution, but who likes dealing with this xdg-crap if he
> doesn't even have desktop-icons.
Why do you need xdg at all then?
> Soap doesn't break it either. If the package-manager overwrites the
> soap-xdg-open, you just go to your soap-repo and reinstall it.
Your softwa
On Thu, 8 May 2014 10:37:39 +0200
"Dmitrij D. Czarkoff" wrote:
> But this is easy to work around with a shell script. Having something
> like "http-helper.sh" below, you may make a simple .desktop file and (...)
This is a solution, but who likes dealing with this xdg-crap if he
doesn't even hav
FRIGN said:
> > I did not investigate issue in detail, but apparently xdg-open treats
> > all http links as "text/html". "xdg-open http:" starts Firefox.
>
> Yes, that's the problem. That's why I wrote soap in the first place.
But this is easy to work around with a shell script. Having somethin
On Wed, 7 May 2014 00:02:42 +0200
"Dmitrij D. Czarkoff" wrote:
> I did not investigate issue in detail, but apparently xdg-open treats
> all http links as "text/html". "xdg-open http:" starts Firefox.
Yes, that's the problem. That's why I wrote soap in the first place.
> I edit my ~/.mailcap m
FRIGN said:
> > You can. Use "text/html" mime type and a script to parse URLs. (You'll
> > need to parse URLs anyway, if you want to do anything useful with them.)
>
> Well, Youtube-links don't end with .html. That's the problem with
> MIME-detectors.
I did not investigate issue in detail, but a
On Tue, 6 May 2014 21:58:40 +0200
"Dmitrij D. Czarkoff" wrote:
> You can. Use "text/html" mime type and a script to parse URLs. (You'll
> need to parse URLs anyway, if you want to do anything useful with them.)
Well, Youtube-links don't end with .html. That's the problem with
MIME-detectors.
>
FRIGN said:
> mailcap files come pretty close, but only offer detection by mime (you
> couldn't for instance parse youtube-links if you wanted or
> differentiate between a file:// and http://-URL).
You can. Use "text/html" mime type and a script to parse URLs. (You'll
need to parse URLs anyway, i
On Tue, 6 May 2014 14:06:21 +0200
Branislav Blaskovic wrote:
> Just take a look at ranger and it's sub-app rifle. It does what you
> are describing but have a lot of more options.
> http://ranger.nongnu.org/
> Branislav Blaškovič
> www.blaskovic.sk
Ranger is a fine piece of software, but written
On Tue, 6 May 2014 02:36:58 +0200
"Dmitrij D. Czarkoff" wrote:
> Am I missing something, or mailcap files already do that?
mailcap files come pretty close, but only offer detection by mime (you
couldn't for instance parse youtube-links if you wanted or
differentiate between a file:// and http:/
Just take a look at ranger and it's sub-app rifle. It does what you
are describing but have a lot of more options.
http://ranger.nongnu.org/
Branislav Blaškovič
www.blaskovic.sk
On Sat, May 3, 2014 at 5:18 PM, FRIGN wrote:
> Good evening,
>
> unless you are using only terminals with dwm, you soo
On Tue, May 06, 2014 at 02:36:58AM +0200, Dmitrij D. Czarkoff wrote:
> FRIGN said:
>
> Am I missing something, or mailcap files already do that?
>
Agreed, that would be amazing! I would certainly use that!
Yeah, mailcap format would be amazing, I would use that!
On Tue, May 06, 2014 at 02:36:58AM +0200, Dmitrij D. Czarkoff wrote:
> FRIGN said:
> > A configuration can look like this:
> >
> > { "\.mp3","st -e mplayer %s" },
> > { "\.(jpg|png|tiff)$","feh %s"},
> > { "\.gif
FRIGN said:
> A configuration can look like this:
>
> { "\.mp3","st -e mplayer %s" },
> { "\.(jpg|png|tiff)$","feh %s"},
> { "\.gif","wget -O /tmp/tmp.gif %s && gifview -a
> /tmp/tmp.gif" },
> { "^(http://|https://)?(www\.)?(youtube.com/watch\?|youtu\.b
On Mon, 5 May 2014 01:23:03 -0400
"Eon S. Jeon" wrote:
Hey Eon,
> Indeed, this is a huge concern, even though the argument gets escaped
> befored being tossed into the shell.
no, this is not a huge concern, as discussed. Mentioning this
considerably minimal pitfall in the manual is totally suf
suckless is not about having free lunch. telco companies did a better
job than you with your incompetent free software community. yes, my
replacemente doesn't have video including nudity. but i would even say
that is actually a good technical prevention of trolling. just
concentrate on the importan
"Eon S. Jeon" writes:
> Luckily, I came up with an alternative way of passing the argument. This
> one uses an environment variable to store the argument, and lets the
> shell expand the string for us. I've already implemented it, so you can
> check it out.
>
> https://github.com/esjeon/soap/comm
Hello,
On Sun, May 04, 2014 at 06:52:25PM +0800, Chris Down wrote:
> FRIGN writes:
> > A configuration can look like this:
> >
> > { "\.mp3","st -e mplayer %s" },
> > { "\.(jpg|png|tiff)$","feh %s"},
> > { "\.gif","wget -O /tmp/tmp.gif %s && gifview -a
yeah, in rural america with the next brothel a 5 hour flight away,
that might be an alternative to some people.
On 5/4/14, Manolo Martínez wrote:
>> telephone
>
> Video calls are nice, though.
>
>
> telephone
Video calls are nice, though.
telephone
On Sun, 4 May 2014 18:55:25 +0100
Chris Down wrote:
> You appear to have not understood my concern -- this has nothing to do
> with writing an obviously insecure config.h; to anyone writing one, the
> following seems perfectly reasonable because there is no documented
> reason that it should not
FRIGN writes:
> If you mess up your damn soap-config.h, you almost deserve to get your
> bloody hard drive wiped.
> I designed soap to handle user input safely in the manner of that the
> person who configures the program knows what he is dealing with.
>
> There's no denying you can exploit this b
Thanks everyone.
M
On Sun, 04 May 2014 18:01:22 +0200
7heo <7...@mail.com> wrote:
> That's something any suckless software should never do. User
> hand-holding is contrary to the suckless philosophy, as far as I know,
> and any command that can execute other commands (such as watch(1),
> sudo(8), exec (shell buil
Quoth Chris Down:
> I'm not really interested in engaging in some Google soapboxing
> when we are discussing something entirely unrelated.
I am, a bit ;)
> 7heo writes:
> > I don't trust Google, and I'm not going to take any definition from them.
>
> Google does not define this word, this word
On Sun, 4 May 2014 16:41:49 +0100
Chris Down wrote:
> I'm not really interested in engaging in some Google soapboxing when we
> are discussing something entirely unrelated.
Nice pun, Chris.
I'm glad you are at least self-aware: The topic we are discussing is
completely unrelated to the security
On 5/4/2014 5:25 PM, FRIGN wrote:
What Chris is concerned about is making a mistake in the config.h,
calling a program like watch(1), which accepts arguments like this:
watch 'ls -l /tmp | grep tmp'
Now, Chris' concern is, if you put watch like this in your config.h,
which means:
7heo writes:
> I don't trust Google, and I'm not going to take any definition from them.
Google does not define this word, this word is defined by those who
speak English. If you want to believe they are trying to undermine the
course of language, or something, you are nuts.
> Ever read 1984? You
On 5/4/2014 4:58 PM, Chris Down wrote:
That's a rather convoluted way of putting it, I meant what Google gives
as definition 1 for "instance": "an example".
I don't trust Google, and I'm not going to take any definition from
them. Ever read 1984? You should. https://en.wikipedia.org/wiki/Newsp
On Sun, 4 May 2014 17:06:51 +0200
Markus Wichmann wrote:
> Did you even read the code? Of course it does: Every existing single
> quote within the string argument is replaced by a single quote, followed
> by a backslash, followed by two single quotes. No way for that to turn
> out to be wrong as
Markus Wichmann writes:
> Did you even read the code?
Uh, yes.
> Of course it does: Every existing single quote within the string
> argument is replaced by a single quote, followed by a backslash,
> followed by two single quotes. No way for that to turn out to be wrong
> as far as I can see!
You
On Sun, May 04, 2014 at 03:58:39PM +0100, Chris Down wrote:
> My seconds use is perhaps a little unclear, sorry. I meant "the shell
> quoting [method used in soap] does not handle existing instances [of
> single quotes] inside single quotes".
>
Did you even read the code? Of course it does: Every
7heo writes:
> Your first use of the word 'instance' in your answer is very probably
> intended to have the sense 4 in this definition:
> http://www.merriam-webster.com/dictionary/instance.
That's a rather convoluted way of putting it, I meant what Google gives
as definition 1 for "instance": "an
Quoth Manolo Martínez:
> > Yes, I educated my family and most of my friends.
>
> And what's the protocol/client you educate them in? My family is
> Windows-only. Tox, perhaps?
FYI for me it's Jitsi with https://ostel.co/ (SIP) or
https://jit.si/ (XMPP). It's java, so not pretty, but it works
pr
Your first use of the word 'instance' in your answer is very probably
intended to have the sense 4 in this definition:
http://www.merriam-webster.com/dictionary/instance. However, I can't
understand what the second "instance" means. Especially due to the
presence of the word "existing" prior to
7heo writes:
> open "; rm -rf /; .jpg" would be translated as `feh '; rm -rf /; .jpg'`
> which would open the `; .jpg` in the `; rm -rf ` directory. I'm not sure I
> see the problem here.
I'm not talking about that specific instance, but in general. The shell
quoting does not handle existing insta
On Sun, May 04, 2014 at 02:09:58PM +0200, Manolo Martínez wrote:
> And what's the protocol/client you educate them in? My family is
> Windows-only. Tox, perhaps?
For group chats IRC, for private conversations XMPP with OTR. I am not
so much concerned about cryptographic details of OTR, but the TO
open "; rm -rf /; .jpg" would be translated as `feh '; rm -rf /; .jpg'`
which would open the `; .jpg` in the `; rm -rf ` directory. I'm not sure
I see the problem here.
On 5/4/2014 12:52 PM, Chris Down wrote:
FRIGN writes:
A configuration can look like this:
{ "\.mp3","st -e
On Sun, 4 May 2014 14:09:58 +0200
Manolo Martínez wrote:
> And what's the protocol/client you educate them in? My family is
> Windows-only. Tox, perhaps?
I'd recommend Tox in 6 months to 1 year, when the clients received some
more polishing. It's so promising, I wouldn't waste it by recommending
> > > You are not using Skype really, right? I hope I am just unable to
> > > properly decode the sarcasm here.
> >
> > Alex, don't you have relatives or friends who don't know better? Or do
> > you succeed in educating them to use better solutions? No sarcasm, I'm
> > really curious :)
>
> Yes,
On Sun, 4 May 2014 12:48:38 +0100
Chris Down wrote:
> I did not see that, however that still doesn't really resolve the
> problem. You don't know which shell the user is using.
I suppose taking care of a properly-fortified regex + the included
security from the shell-escapes is sufficient.
Can y
On Sun, May 04, 2014 at 01:41:08PM +0200, Manolo Martínez wrote:
> On 05/04/14 at 01:04pm, Alexander Huemer wrote:
>
> > You are not using Skype really, right? I hope I am just unable to
> > properly decode the sarcasm here.
>
> Alex, don't you have relatives or friends who don't know better? O
FRIGN writes:
> Wait a second: Don't forget I also do a shell-escape of the incoming
> string.
I did not see that, however that still doesn't really resolve the
problem. You don't know which shell the user is using.
This does not resolve all problems, anyway. Consider `foo 'bar %s'`.
pgpk4AuMrC
On 05/04/14 at 01:04pm, Alexander Huemer wrote:
> You are not using Skype really, right? I hope I am just unable to
> properly decode the sarcasm here.
Alex, don't you have relatives or friends who don't know better? Or do
you succeed in educating them to use better solutions? No sarcasm, I'm
r
On Sun, 4 May 2014 12:23:11 +0100
Chris Down wrote:
> That also doesn't really work, as a basic example, "&" is a perfectly
> valid character in a URI without encoding, but it has other meaning to
> most shells (it is a backgrounding operator).
>
> I just think there are too many potential pitf
On Sun, 4 May 2014 13:04:00 +0200
Alexander Huemer wrote:
> You are not using Skype really, right? I hope I am just unable to
> properly decode the sarcasm here.
Unfortunately, this is true. I'm switching over to IRC and XMPP, but
like the Ubuntu sysadmin, I'm forced to use what my colleagues u
FRIGN writes:
> That's definitely a good point. However, fortifying the regexes to
> strictly match URIs solves this problem instantly (Hell, just check for
> spaces!).
That also doesn't really work, as a basic example, "&" is a perfectly
valid character in a URI without encoding, but it has other
On Sun, 4 May 2014 18:52:25 +0800
Chris Down wrote:
> FRIGN writes:
> > A configuration can look like this:
> >
> > { "\.mp3","st -e mplayer %s" },
> > { "\.(jpg|png|tiff)$","feh %s"},
> > { "\.gif","wget -O /tmp/tmp.gif %s && gifview -a
> > /tmp/tmp.
On Sat, May 03, 2014 at 05:18:59PM +0200, FRIGN wrote:
> […]
> I thought that it would be awesome to press a youtube-link in Skype
> […]
You are not using Skype really, right? I hope I am just unable to
properly decode the sarcasm here.
Kind regards,
-Alex
FRIGN writes:
> A configuration can look like this:
>
> { "\.mp3","st -e mplayer %s" },
> { "\.(jpg|png|tiff)$","feh %s"},
> { "\.gif","wget -O /tmp/tmp.gif %s && gifview -a
> /tmp/tmp.gif" },
> { "^(http://|https://)?(www\.)?(youtube.com/watch\?|youtu\
Good evening,
unless you are using only terminals with dwm, you sooner or later get
in touch with xdg-open. It's a tool which manages your default
applications by assigning applications to mime-types.
My colleague and I thought that it would be awesome to press a
youtube-link in Skype to have it d
52 matches
Mail list logo
