Facebook chat disabled for no clear reason
If you're having troubles using Facebook chat with BitlBee, that's a known issue. Facebook have revoked BitlBee's API keys last night without giving any reason. All I received is two mysterious e-mails. Also, my Facebook account was disabled. But that might have been for different reasons since I don't remember the last time I used it. TBH I'm impressed I recognised enough pictures of my contacts to be able to restore it. :>
To make matters worse, in their communication to users connected to their chat from BitlBee, they say "You can contact the app admin for more information". I can assure you, I know as much as you do.
I've heard rumours that a whole bunch of chat apps were disabled, not just BitlBee. No clue what's going on, but in the meantime you can switch back to password-based authentication.
No clue whether it will come back. I've clicked the Appeal button so let's find out whether anyone reads what ends up there other than character device 1:3. We'll see, I'm not going to waste too much effort on it myself.
Update: As always, pay attention to the date on posts like this. This problem got resolved within a day or so IIRC.
BitlBee 3.2
Now available: BitlBee 3.2. Get it while it's hot! It adds support for Twitter API version 1.1, which will be required from March this year. But even without that it's a huge improvement over previous versions, with support for the streaming API and direct messages.
BitlBee 3.0.6
BitlBee 3.0.6 is available for download now. If you want to know what's new, just read the changelog.
(Yes, this post is a copy-paste of the one for the last release. :-)
BitlBee 3.0.5
BitlBee 3.0.5 is available for download now. If you want to know what's new, just read the changelog.
Twitter problems?
If you have problems keeping your Twitter connection open, this is a known issue caused by bad behaviour on Twitter's end. In some cases this may also cause crashes due to faulty error handling in BitlBee.
A fix to work around this annoying behaviour was committed to bzr and is live on the two main public servers for a while now. Also, the nightly builds have the fix.
If the problems with Twitter persist, a 3.0.5 release may come soon.
BitlBee 3.0.4
It took a while, but BitlBee 3.0.4 is finally ready. Get it while it's hot, if you aren't already running bzr snapshots anyway. :-)
BitlBee 3.0.3
BitlBee 3.0.3 is ready. Rushed out a bit because Twitter broke for many of us. This release should fix it, by using the "new" and preferred way to download your contact list.
For now, you should also be able to use the following work-around to make older versions work: account twitter set base_url http://api.twitter.com/1. This workaround isn't perfect though. Please upgrade, if you can.
3.0.3 has some other nice changes. If you want to know it all, just read the changelog.
BitlBee 3.0.2
Keeping it short again: BitlBee 3.0.2 is ready! Mostly bug fixes, and a few new toys.
BitlBee 3.0.1
BitlBee 3.0.1 is ready! Mostly bug fixes, not a lot of new stuff.
ICQ issues
As you may or may not know, AOL sold ICQ a little while ago. The new owner, DST, is moving the service to their own servers around now. The result is that you (or at least some people) can no longer log into ICQ via the AOL servers.
BitlBee currently defaults to using login.messaging.aol.com for all OSCAR accounts, both AIM and ICQ. This is fixed in bzr. You don't have to upgrade to get ICQ to work again, just tell BitlBee to use login.icq.com again. You can do this using a command like this:
acc icq set server login.icq.com
See help account set for details; if you don't run BitlBee 3.0 yet, or if you have multiple ICQ accounts, this may not work.
BitlBee 3.0, more Bitl than ever.
Finally, the next major release is there! Almost five years after the last major release, it was about time. Who would've thought that this one would take even longer than going from 0.7 to 1.0 (which "only" took three years)?
There are so many changes in this version, including some very old major requests like a complete core rewrite, OTR encryption, a significant upgrade of the MSN protocol module, optional support for libpurple, file transfers.. The last one used to be the "Duke Nukem Forever" in the BitlBee community. Looks like we won!
This all seems enough to bump the major version number. Since, looking at the timing of previous versions, it's waaaay late to release a BitlBee 2 at this point, let's go for 3.0 immediately. :-)
This release doesn't come with the traditional "release speech" (see the speech that came with 1.2), but with a comic as you can see on your right. Many thanks to Randall Munroe for drawing it!
For the curious, there's also a short screencast that demonstrates some of the new features. If you haven't tried the multi-channel stuff yet, do take a look!
Anyway, go and download the thing. Many people were running this stuff from Bazaar already, so join the club. :-) Have fun, and thanks everyone for your continued support! (And in all modesty, let me remind you guys that we're also on Flattr. :-)
Finally, a ui-fix dev snapshot
The ui-fix branch was mentioned here a few times already, now here's the promised development snapshot. This code's quite stable already (possibly just as stable as 1.2.8), but needs a just little bit more polishing before it can be declared a new major release.
People who don't care about the last pieces but don't really like running code from version control can now download BitlBee 1.3dev as a proper tarball.
See the changelog and the Wiki page for a full list of changes. And if anything does seem broken, don't forget to file a bug!
If you use Debian or Ubuntu, remember that you can also just use the nightly builds. No need to pull stuff from version control or to compile anything. Just run apt-get and you're up to date.
ui-fix merged into mainline.
All the stuff described in the earlier article about ui-fix (see also the wiki page) is now available in mainline, and running on testing.bitlbee.org. Expect a 1.3 development release soon, while the last remaining features/fixes for the next major release are done!
BitlBee 1.2.8
BitlBee 1.2.8 is ready! Most likely this release is the last one in the 1.2.x series. A lot of work has happened in other branches (killerbee, ui-fix, etc.) recently, in preparation for the next major release. Since that code diverted so much from the current stable release branch, it's about time to focus on that.
For now, enjoy extra bits of Twitter functionality, and some more bugfixes and minor feature enhancements. If you want more new stuff, feel free to try out the ui-fix branch now already (also running on testing.bitlbee.org) or wait for a development snapshot that will hopefully come out in the near future.
The IRC core rewrite, almost done.
Over the last month I've rewritten most of the IRC core of BitlBee. This was on the roadmap for a long time, but more a long term plan. Many feature requests (the most important ones being separate control channels per account or per contact group) were postponed "until the IRC core rewrite is done", etc. Now, this work is finally done (or at least nearing completion).
The branch can be found at http://code.bitlbee.org/wilmer/ui-fix/. Debian packages are also available, as usual. The branch is based on the killerbee branch, so it also has the file transfer/libpurple functionality.
Read more on the BitlBee Wiki.
Update (2010-06-08 21:31 (UTC)): testing.bitlbee.org is now running this code on port 6669. Feel free to give it a try!
File transfers and libpurple support
Today I merged libpurple support into the killerbee branch. The killerbee branch is the slightly more bleeding edge branch of BitlBee. It has things that are fairly usable but need a little bit more polishing before making it into a release. See the branch at http://code.bitlbee.org/killerbee/, browse it via Loggerhead or download it using Bazaar.
Debian packages are available, as always, via http://code.bitlbee.org/debian/. Install the plain bitlbee package if you want the regular code with file transfer support for currently just Jabber and the bitlbee-libpurple branch to use any libpurple protocol module you want.
For those who don't know, libpurple is the library used by Pidgin (and Adium, Finch, etc.), allowing BitlBee to connect to several instant messaging networks not currently supported by BitlBee (like Gadu Gadu and QQ), and adding features to current protocols that are currently not supported (like MSN status messages and file transfer support for most protocols).
Note that libpurple is much heavier on resource usage, and may also be less stable. The native BitlBee IM protocol modules will always continue to exist.
Bug reports for this code are welcome on our bug tracker, and if you have problems getting this to work, feel free to come to #bitlbee on irc.oftc.net.
BitlBee Wiki
Several years ago already, we ran a poll on if BitlBee should have a Wiki or not. Over the last few months, it appeared that many people think there's not enough clear documentation on-line on how to do stuff with BitlBee. Although BitlBee has fairly comprehensive help built-in, it's more a reference than anything else. Docs are available on-line but mostly in the form of some fragmented HOWTOs and blog posts, often with information that has become obsolete.
Having one BitlBee Wiki will hopefully fix that problem. I seeded the Wiki with two common FAQs, but there are more. Please, anyone with some time, please add stuff to it. It's open for anyone to edit as long as you can solve the (hopefully) simple textchas.
BitlBee 1.2.7
BitlBee 1.2.7 was just released with the fix for the MSN Messenger login issues.
It includes some other changes (mostly IM module fixes and a show_offline setting that lets you have your offline contacts in the control channel as well.
MSN Messenger login problems: fixed.
If you're getting the following error message while trying to use your MSN account:
Error during Passport authentication: Could not parse Passport server response
This is caused by BitlBee being a little bit too restrictive in the responses it gets from the authentication server. This bug is fixed in bzr and this code is live on im.bitlbee.org and testing.bitlbee.org. A fix will most likely come out as a version 1.2.7 very soon.
BitlBee 1.2.6, with Twitter support.
The code's fairly stable now, so ready for a release: Here is BitlBee 1.2.6!
The most important new feature must be support for Twitter. Although not all Twitter features are supported yet, you can already use it now to see Tweets of people you follow, and post Tweets and direct messages.
One note for people who were using the testing version already: The "use_groupchat" setting was replaced with the "mode" setting, and another mode was added where all Tweets come from one virtual user. Also, you should post Tweets via this user. Messages to other Twitter contacts become direct messages.
Apart from Twitter support, this release adds a few other features and bug fixes. If you want to know it all, just read the changelog.
Twitter support getting ready!
Thanks to hard work done by Geert Mulders, BitlBee now has native support for Twitter! Stuff will be merged into mainline soon and available on testing.bitlbee.org. If you'd like to test it now already, please do!
bzr branch http://code.bitlbee.org/contrib/geert-twitter/ and compile.
Quick howto: Add the account (account add twitter <username> <password>), turn it on and see how your contacts appear. By default they will appear in the control channel and Tweets will be normal messages. You can post Tweets by sending them to any of your Twitter contacts.
If you prefer to keep these things in a separate channel, try account set twitter/use_groupchat on. Anything you write in that channel will also be converted to Tweets.
Please report bugs in #bitlbee and/or just use the bug tracker.
Update (2010-04-07 20:03 (UTC)): testing.bitlbee.org is now running a BitlBee with Twitter support!
Happy St. Patrick's Day, here's BitlBee 1.2.5!
St. Patrick's Day has already started in Dublin and instead of getting wasted in the pub, I give you a new release of BitlBee today!
What's new? Nothing huge, but a few nice enhancements and fixes for many bugs that I finally closed over the last few weeks. The ability to see and set status messages on protocols that support them, improved compatibility with Facebook XMPP servers, etc.
Get it while it's still hot!
im.bitlbee.org troubles again. Twitter account created.
Twitter seems like the right way to track this kind of stuff: https://twitter.com/BitlBee
Please look for status updates there from now on.
im.bitlbee.org is having issues
im.bitlbee.org is currently down for what was supposed to be a quick reboot to switch power supplies. Sadly things don't seem to go that well, and five hours later the machine is still down.
Unfortunately there's not much else I can tell since I don't own the machine. It's after midnight local time by now so possibly it's going to be down at least until local morning.
Of course there are still many more public servers available. Unfortunately BitlBee accounts are not yet universal though, so you will have to recreate it if you switch. (Fixing this is on our TODO for a long time and some code already exists.)
Update (2009-11-02 08:55 (UTC)): Something went very wrong apparently. The server owner (IIIVX) will move a backup of everything to a virtual machine somewhere and get things back working in the next few hours.
BitlBee 1.2.4, finally.
I just released BitlBee 1.2.4. It's been more than a year since the last release and sadly not that much changed. But Yahoo! support is back, the program is more stable than ever (running in daemon mode on the testing server for more than a year already with little problems), and there are some other nice changes like a better UI for managing chatrooms and support for automatically joining rooms when you connect.
Get it while it's hot!
Yahoo! fix ready, but not yet released
The question "is BitlBee dead?" has come up a few times recently, and I kept denying it, but it's true that it's been a long while since I worked on it. Until today! I took the time to fix the Yahoo! module, based on work from Siddhesh Poyarekar on the libyahoo2 mailing list and an anonymous submitter on ticket about this issue.
It's now running on testing.bitlbee.org (non-SSL only) and if it keeps working well, I'll hopefully be able to release it soon. If you run your own server, just get the code from bzr.
The bugs we've been hunting
With all the noise around "the bug" behind us a little bit, I guess it's now time to stop being so vague about the "account hijacking" bugs we've fixed. I didn't want to give all details right away, to give public server maintainers some time to upgrade. Only a few maintainers picked up the fixes, and I don't want to wait any longer.
A few weeks ago, while redoing the "set" command a little bit, I discovered something I didn't really like. When you connect to a BitlBee server and immediately use "set password" to change your password, even though you haven't used identify/register yet to get yourself authenticated, BitlBee just said "Password changed successfully". Although it didn't actually create an account file yet, one could then use "save" to then get this done. While the "register" command checks if an account exists before writing to disk, the "save" command doesn't (and shouldn't). Quickly, 1.2.2 was released. Why did this happen? It turns out that this problem was with us for some time already. Previously, the "password" setting was disabled until the user registers/identifies. This was changed in this bzr revision.
Unfortunately, this wasn't the only problem. It turned out the "register" command was also not working very well. Although it checked for the existence of an account before creating it, it did leave a password set in the BitlBee state structure. This allowed for a very similar exploit, where after failing to register an account, one could use the "save" command to get his account saved anyway. This problem was introduced somewhere in the migration to the storage abstraction layer.
All these issues should be gone now, and I'm working on a blackbox testing system that will continuously check for bugs like this (and also test other various pieces of BitlBee functionality) to (hopefully) prevent nasty bugs in the future.
Also, I see security advisories about this issue are often wrong about the "hijacking" part, so I have to repeat this once more: Although this exploit indeed allows one to create an account on a BitlBee, bypassing all safety checks (including AuthMode=Registered), it is not possible to use this bug to gain access to other people's accounts! When someone performs this attack, he will simply get the victim's account deleted. IM passwords in BitlBee configuration files are encrypted using the user's password. There is absolutely no way to figure out these passwords without cracking the person's BitlBee password.
BitlBee 1.2.3, unfortunately another important bugfix
Unfortunately 1.2.2 did not fix all possible account hijacking loopholes. Another very similar flaw was found by Tero Marttila. In the migration to the user configuration storage abstraction layer, a few safeguards that prevent overwriting existing accounts disappeared. Over the week I went over all the related code to make sure that everything's done in a sane, safe and consistent way.
It looks like not all public servers are up to date yet. If you own one, please update it as soon as you can to save your users any inconvenience from losing their account.
BitlBee 1.2.2 fixes security bug
I just released BitlBee 1.2.2, and I advice public server maintainers to upgrade their BitlBee daemons as soon as possible, since this release fixes a security bug that was probably there for a long time already.
It's not a serious bug, it doesn't allow anyone to compromise your server. It does allow people to hijack accounts, though. Not with gaining access to the IM accounts or settings of the existing user, it only allows people to recreate an existing account.
Again, your machine (and for the users, your privacy) is not in danger. But please upgrade anyway to make sure this gap is closed.
Update (2008-08-30 14:23 (UTC)): Some testing showed that the bug does not exist in any 1.0.x release or older. BitlBee 1.1dev/1.2 were the first releases with this vulnerability.
MSN issues - resolved
Both testing.bitlbee.org and im.bitlbee.org are now running a bzr snapshot version of BitlBee that does MSN Passport authentication the old way. This should resolve the login problems. A 1.2.2 release will probably come soon, I want this to be stable on the public servers for a few days first.
Update (2008-08-02 11:04 (UTC)): Actually, I rolled back in vain, just hours after I did this, Microsoft fixed their bug. 1.2.x users should be fine again.
MSN issues
This is known for a few days already, but a post on the webpage still can't hurt, I think. Apparently BitlBee has issues logging into the MSN Messenger network these days, if your password contains non-alphanumeric characters or even capitals. It affects some people, others can still log in. The problem is discussed in the bug tracker.
This seems to affect other clients too. There's one easy fix, which is reverting to the old non-SOAP authentication method. I'm trying to avoid doing that since that code was messy. If I can't find any better solution soon, I'll probably do that and roll it out to the public servers.
If you absolutely need MSN to work, you can change your password or switch back to BitlBeee 1.1.1dev for a while.
Happy birthday, BitlBee 1.2.1!
Today (on my watch this day is going to end in five minutes already, actually..) BitlBee reached the age of six years! Since it's been a while since the 1.2 release and since there are fixes for a lot of bugs in bzr by now, I decided to make this a release.
This code is running on testing for a while already, with not too many changes, and it's extremely stable. For the first time, we're actually running BitlBee in daemon mode for all SSL connections. It's serving thirty users from just one process, running without any issues for weeks in a row. This is quite an improvement over the unstable unreliable program the Bee once used to be!
Of course I'm not saying that the program is perfect now, please keep sending those bug reports. :-) But first, enjoy BitlBee 1.2.1!
im.bitlbee.org stability issues
Over the last month, we had some problems with the machine that hosts im.bitlbee.org. It looks like the machine doesn't have enough RAM to be a mail- and webserver and also have hundreds of BitlBee processes running. From time to time, it was necessary to kill some BitlBee processes to free some RAM.
In the next few days the machine will get a memory upgrade, we're quite sure that this will solve this problem. This means that the server is going to be down for about an hour this week, but after that, it will hopefully run perfectly again without any interruptions.
Update (2008-05-06 15:41 (UTC)): The memory was upgraded successfully with only around twenty minutes downtime. We're quite confident that all stability issues are over now.
Account cleanup on im.bitlbee.org
Now that the main public server is running BitlBee version 1.2, I had to do a little cleanup there. One of the changes between 1.2 and older versions is that BitlBee is no longer case sensitive about your username. In other words, previously there could be two accounts, "Peter" and "peter". From version 1.2, this isn't possible anymore, it doesn't matter if you log in as "Peter" or "peter", it will always be the same account.
There is one problem in this transition: There were many "double" accounts on the server. Sometimes more than just doubles ("Peter", "peter" and "PETER"). Only one of those accounts could stay. I tried to keep the accounts that were used the most recently and remove the other versions. So if you can't log in on im.bitlbee.org anymore and your nickname may not be unique, this could be the reason.
Our apologies for this inconvenience, there's no good way to solve this without some damage. However, there are backups, so just join #bitlbee or send a mail, and your account can be restored with a different name. Nothing should be lost permanently.
BitlBee 1.2 is Bitl
"I CAN HAS SPEEECH?" This is how Wilmer announced to me that he was going to do another BitlBee release. I was as surprised as you are. I thought he had given up on this whole releasing business.
BitlBee 1.1.1dev
Just another development snapshot, mainly for the people who like Jabber chatrooms but don't like bzr. :-)
Skype support
For the first time in almost five years, there's a new protocol supported by BitlBee! If you want to talk to people on Skype, that's now possible. See the Skype ticket in the bug tracker. Thanks a lot to vmiklos for all the work! Note that this isn't integrated in BitlBee and probably won't ever be integrated because it depends on an external Skype instance and a proxy daemon. However, the plugin should work just as well as any built-in protocol, and no patching is required!
BitlBee 1.0.4
There was a call to sethostent() in BitlBee that caused many people on *BSD some headaches. It was removed the day after 1.0.3 was released (yes, just one day late :-(), and there were no plans to ever release a 1.0.4 because by now the development tree diverged too much from 1.0.x which makes backporting changes very hard. But since sethostent() is still a common cause of problems, here's a release to fix this (and not much more than this).
Five years of BitlBee and a new site!
From the README file: "So when Wilmer got the ingenious thought in his mind while farming, to create an IRC to other chatnetworks gateway ..."
That's exactly five years ago now. The first code was written that very same evening. It was just an IRC framework, but five days later it could actually talk to people on MSN, and the more complex Gaim modules were added pretty soon after that. About two months later the first public release was there. With a lot more work to do, but even back then the Bee gained in popularity very quickly, more than we expected.
It took a few more years to reach the 1.0 version number. Things may have seemed pretty quiet after that, there weren't too many stable releases. But the Bee is certainly not dead! Lots of cool things are happening in the development tree, including a Jabber module rewrite, finally adding the most important missing feature in BitlBee: Support for Jabber chatrooms. It will take a little while before this code will be ready for a stable release, but impatient people can soon download a new 1.1dev snapshot to try it out!
Anyway, to celebrate the fifth birthday of BitlBee, here's a shiny new website designed by Erik Bosman. Thanks a lot for all your time, Erik! Most pages should work properly now, some might still look a bit funny. If you see anything strange, please report it by IRC/mail.
BitlBee 1.1dev
It's a long time ago since the last BitlBee release. Lots of things happened, but just in the development branch, which diverted too much from the 1.0.x branch by now. To encourage people to try out this new code, we decided to release BitlBee 1.1dev. The 1.1.x branch will be a bit like what odd-versioned Linux kernels used to be (except that with BitlBee they should be pretty safe and stable, just with some rough edges).
This code is running on testing.bitlbee.org and some other servers for some time already and seems to be pretty good. Two major improvements are a better (and more secure) file format used to store your accounts and buddy information, and a rewrite of the Jabber module. Also, for people who don't like inetd, there's a ForkDaemon mode now. It's like daemon mode, but every client gets its own process, to prevent blocking/crashing problems from affecting other users.
Please try it out and report any problem you find!
im.bitlbee.org will be moved
Tonight (around 17:00 UTC) the machine that runs im.bitlbee.org will be moved to a different datacenter. Expect a downtime of at most two hours. If your ISP's DNS servers are well-behaved (and don't ignore TTL values) you should be able to connect to the server again around 19:00 UTC.
testing.bitlbee.org is back!
At last, we got access to the old user account files! Also, Tom Laermans/Sid3windr donated some CPU cycles and bandwidth to host the brand new testing.bitlbee.org. IOW, everything's up and running again, and hopefully stable! There are some stability issues with libevent on Linux 2.6 (problems with the epoll() system call) so for now we'll stick with GLib for event handling. Apologies for the long downtime, we hope that it won't happen again in the near future!
testing.bitlbee.org down for now
Okay, things are a bit messy. testing.bitlbee.org is down for a couple of days already, and for now we can't tell when it'll be back. The machine was going down in the beginning of 2007 anyway, but just a few days too early the hardware died. Currently we can't access the files on the server, but most likely the datacenter operator will give access to these files soon, so then people can hopefully transfer their accounts.
Unfortunately we don't have another machine available to host this service. So unfortunately it's impossible to give an ETA. My apologies for posting this a bit late, I'm in the middle of a relocation, moved my server and needed some time to get everything back on its place.
Upgraded testing.bitlbee.org
The public testing server now runs a bzr snapshot of the new Jabber module, which also includes the XML storage backend. This means there can be problems. Possibly you're using a Jabber server BitlBee can't deal with yet. Also there can be problems in the XML backend. Both the new Jabber module and the XML storage backend seem to be stable and reliable, but they both certainly do need testing.
If you find any problem, please do report it! Also, if you have problems logging into the server your account might have been removed. Because the new XML backend is case insensitive when it comes to nicknames and the old one wasn't, we had to remove some dupes. See the MOTD for more information.
Thanks to all the users for their testing! :-)
The Bee is not as dead as it seems!
Today I finally merged the storage-xml branch into the main development version of BitlBee. There weren't any changes for a long time and the code seems to be pretty reliable. Hopefully this way more people will test it, so that it'll soon be good enough for a release.
It's not clear yet what the next release will be. Possibly there are still some more improvements that can be backported to the 1.0.x branch, but it's getting harder and harder because of many code changes. Maybe there will soon be a 1.1 pre-release for the impatient and curious people.
Meanwhile the Jabber module is also being rewritten completely. Things look good. The rewrite fixes many problems we had with the old module and will eventually also support Jabber groupchats. The improvements right now are: Real XMPP 1.0 support (including SASL authentication and TLS instead of SSL), better handling of buddies using multiple clients at once, proper handling of SRV records (so connecting to Google Talk is just a matter of account add jabber account@gmail.com password), typing notifications (using XEP85, which isn't supported by all Jabber clients yet) and probably more.
One last improvement in the new module I'm very happy about: Way more compact code. The old Jabber module imported a huge XML parser from Mozilla, consisting of at least 9000 lines of code. The new module implements its own very compact XML tree handler (and uses the SAX XML parser from GLib), and as a result the new module consists of only 3019 lines of code at the moment (compare this to the 13926 lines in the old module!). A bzr branch with this new Jabber module can be found here (or via hgweb).
BitlBee file transfers before Windows Vista!
It must pretty cold in hell, now that there's a bzr branch of BitlBee with file transfer support available! It's there for some time already, but it looks like a news posting is necessary to draw some more attention. It only works for MSN so far (and only supports incoming file transfers). If you feel like trying it out, just give it a shot!
Many thanks to Marijn Kruisselbrink (Mek) for implementing this all!
Broken accounts on im.bitlbee.org
Sometimes it happens that some user accounts gets damaged when the im.bitlbee.org server is shutting down. We don't know why this happens exactly, but most likely it's because all (over 400) BitlBee processes receive a SIGTERM at once and there's not enough time for all of them to save their accounts and settings.
So if, after downtime, your accounts seems to be unusable, please report the problem to us by e-mail or on IRC (see the contact page) so we can fix it for you and to all the other accounts that got damaged.
But of course, we'll do our best to make sure it won't be necessary. Hopefully giving the BitlBee processes some more time to clean up will be enough.
Happy birthday BitlBee! Here's your 24th release!
Happy birthday BitlBee! Your first line of code was written four years ago today! And to celebrate it, today BitlBee 1.0.3 came out. With lots of small changes and bugfixes, including more stability improvements. People who are getting sick of ICQ authorization requests from spammers will also like this release. Just read the changelog for more information.
Oh well, I admit, actually this release on this day is a pure coincidence, I only noticed the date when writing the changelog entry. ;-)
im.bitlbee.org down
Just a quick note, because probably many people will check this news page and expect to see an item about it: im.bitlbee.org went down again about an hour ago. It's not completely down, most people who are still connected can still use it. However, it doesn't accept new connections anymore, and we can't SSH into the box either ATM.
The owner of the box will take a look at it in the morning/afternoon (CEST, it's midnight here now), and he'll hopefully be able to bring the box back up pretty quickly. Our apologies for the inconvenience, and we hope everything will be back to normal ASAP!
BitlBee 1.0.2
Even though today might be a bad day to release anything, we're doing it anyway. :-) See the changelog if you want to know what's new. Probably not much, it's another maintenance release. If you're really interested in new stuff, try our development version! It has a lot of nice things, especially for public servers.
At last, webcam support!
All the complaints and all the begging didn't help, but now that Wilmer's girlfriend bought a webcam, he finally realized that having webcam support is indeed essential for the average IRC geek (or at least, for him). So we've been thinking, and thought of the following possibilities.
First of all, we've found a patched version of MS Comic Chat with webcam extensions! With webcam DCC channels between your IRC client and BitlBee, BitlBee can send and receive complete webcam streams from and to your computer!
For the unfortunate people who can't run Comic Chat (those poor people still waiting for Comic Chat .NET), there's also hope. Obviously we don't want to leave them behind. Hey, we don't even run Windows ourselves! So we found some great software to display webcam pictures in usual DCC chats. As you see you can't see everything very well, but of course we're working on it!
If you want to beta-test this code, get it from BZR and have fun! Unfortunately the Comic Chat extensions are a bit hard-to-find because of legal reasons, but you should be able to find it using your favourite P2P file swapping program.
BitlBee and PSP
As seen on some PlayStation Portable sites, there's now a PSP instant messaging applet called AFKIM. Cool thing is, the program relies on BitlBee public servers for the IM-protocol part. So although this isn't a port of BitlBee to the PSP, it'll be a nice one for the screenshots page (which certainly needs some updates soon). :-)
Not too much activity in BitlBee development lately, but this might change soon. Also, a 1.0.2 release might come soon, since there are quite a few bugfixes again. And maybe some new features...
"BitlBack": No ICQ problems, BTS a success!
Just some quick notes. First of all, as far as we know right now, BitlBee is not affected by the ICQ/OSCAR protocol change. Many people asked about it by now, but nobody reported problems yet. We talked to the people of Gaim and they said something similar. A project as big as Gaim should've had reports by now. Since BitlBee and Gaim both use the same OSCAR protocol code, most likely BitlBee also won't need fixing.
Also, it's maybe nice to mention that there are already over 100 bugs (or feature requests, mainly) in the bug tracking system! Some of them are a bit useless, but still, it seems the BTS was a good idea!
Meanwhile, BitlBee development is a bit slower these days. It'll surely come back, actually there is some code for LDAP support already, but it will need a lot of testing. Stay tuned! :-)
Testing server now running in daemon mode
Tonight we upgraded BitlBee on the testing server to the IPC branch. It's now running in ForkDaemon mode, which might soon replace inetd mode. The traditional BitlBee daemon mode is still not very reliable. The risk of all connections going down because of a problem with only one of them is still too big. So now, in the development branch, there's a ForkDaemon mode, which is basically daemon mode with a call to fork() before creating the client structures, to make sure every client gets its own process.
So it's pretty much the same as inetd/bitlbeed, but it might decrease the memory footprint, and it's easier to set up. Also, in this IPC branch there is code that allows the BitlBee processes to talk to each other. This is mainly interesting for people who maintain public servers because they can now announce downtime, upgrades etc to their users.
If you maintain a public server, feel free to try this out!
Google Talk opens up for the Jabber world
Ever since the introduction of Google Talk people complained that, although it uses the open Jabber protocol, it was a very limited implementation, with no support for server-to-server connections. In other words, Google Talk users could only talk to other Google Talk users so far. It seemed Google did this to control who can get on the network, and who can't. Spam prevention. Probably because Google accounts can't be created automatically, while most other Jabber servers don't, and in fact it should be easy to write a program that pretends to be a Jabber server and you can send IM-spam as easily as it is for e-mail.
Anyway, it seems like Google changed their mind, since this evening someone with a GMail.com address added me (JID wilmer@gaast.net) to his contact list. We had a conversation without any problems. Way to go, Google!
Just to be sure, I tested this myself. I added a Google Talk user to my Jabber.Com test account contact list, and it also works! :-)
Update: Now also covered on the Google Talk Blog.
1.0.1
Oops, 1.0.1 came out two days ago, and there wasn't a news item about it! Well, here it is... :-) It's mainly a bugfix release (the only real addition is groupchat support for AIM). Meanwhile there's a lot of work going on in the development branch. If you're curious, feel free to take a look. Have fun!
code.bitlbee.org
All development branches can now be found on code.bitlbee.org. See the page for more information. Or take a look at the web interface, if you prefer. For people who don't have bzr, this might be convenient, since it can also automatically generate tarballs.
Problems with im.bitlbee.org solved?
As you might have noticed, the server is back for a while already. You might have noticed too, that it was running on a different host for a while. Arnie, from #bitlbee, was kind enough to donate some of his server resources to BitlBee and host the server for a while. At the time I write this, around 150 people are still connected to it.
However, the original server is back now. There's a new hard-drive installed, hopefully this will solve most of the problems. It will be down for a short while again in a week or two, when they will move the servers to a new rack. But after then, hopefully everything will work as normal again for a long time.
Meanwhile, we started working on some storage abstraction layer, the first step to full LDAP support. When we finish this, server downtime shouldn't be a big issue anymore, since accounts will be stored on an LDAP-server, so your account should be usable on multiple servers. Until then, we hope there won't be too many problems anymore. Thanks for all your patience, and have a buzzing time! :-)
Note: It's possible that your account might be missing or corrupted. There was some pretty serious filesystem corruption on the machine. Also, settings you save on Arnie's server will stick there, so if you're currently connected to that machine, you might notice some lost settings when you reconnect. Of course you can choose to stay connected to Arnie's server. Just set your IRC client to connect to im.okkernoot.net instead. Lots of thanks to Arnie for his help!
Problems with im.bitlbee.org
The maintainer of the im.bitlbee.org mailed me that there are hardware problems with the server. The hard drive is getting too hot. In one or two weeks, there will probably be a new rack available for the server, with better cooling. Until then, im.bitlbee.org will be down (or at least not running on this machine).
You can use one of the other servers instead. Unfortunately, your account will probably not exist there yet. We'll try to make this possible too. We apologize for the inconvenience.
Update: From time to time you might be able to connect to the server now. However, the server is still having serious stability issues, with reboots from time to time. It seems that the HDD is dying. We're trying to get a new box up to run im.bitlbee.org (with the right account files) for a couple of weeks while waiting for the current box to get fixed. This will take a day or two, until then the stability of the im.bitlbee.org won't be fantastic. There's nothing we can do about this, unfortunately.
Some BitlBee source statistics
In case you're interested, Sjoerd, our former team member, made some interesting sloccount-like statistics about all BitlBee releases so far. Possibly you can use the sources to create similar statistics for your own project.
Watch out for BitlBee Forever!
Yeah, we did it! We managed to release BitlBee 1.0 before Duke Nukem Forever! We hope this will be a worthy 1.0 release. We did our best for it, and we tried to get rid of all serious bugs we could find before this release. Considering the stability of BitlBee on the public servers, it seems we succeeded, so this will hopefully not be the typical 1.0-beta release.
Unfortunately, there are no 1.0 shirts yet. We'll hopefully have them later! But there is a release speech. Well, a release letter actually.
1.0 really getting close?
Well, with the latest release being called 0.99, we don't have much of a choice anyway. :-) But as you can see on the roadmap page, it indeed is pretty close to being finished.
We'd like to ask everyone who feels like it to test out the current development version (download a tarball, get it from bzr or connect to testing.bitlbee.org) and report any bug you find. We want to be sure to have a worthy 1.0 release, and we need all the help we can get to make that happen!
A bug tracker!
From now on, please submit bugs at our bug tracker, not via e-mail. We use Trac as our bug tracker, since it doesn't require you to create an account before doing anything, because it has a nice integration with bzr, which we use these days as our version control system, and because it just looks good.
So if there's any bug you reported some time ago that didn't get fixed yet, feel free to report it!
0.99 install problems on *BSD
There's a small problem with the Makefiles in 0.99 that causes problems when running make install on *BSD systems. This patch should fix the problem.
0.99
As promised, here's the 0.99 release. Pretty soon indeed, and if nothing bad happens with this one, there will be 1.0 soon. :-)
0.93 stability issues
On our testing server we noticed quite a lot of crashes with the new version. Turns out that there's a small memory initialization problem in the OSCAR module. Fortunately this only seems to cause problems when closing BitlBee (or possibly the OSCAR connection), so most people won't even notice.
We're planning another release pretty soon, so we won't do a release now to fix just this problem. However, for the people who have problems, we got a patch.
0.93
Version 1.0 and file transfer support are becoming the "Duke Nukem Forever" in #bitlbee. This is fine, but this doesn't mean we can at least release 0.93. Basically this release is because we had too much in -devel to keep it unreleased for so long. I took this evening to take a closer look at the one bug that is stopping us from releasing 1.0. Maybe it'll come before the end of the year. :-)
NOTE: Forgot to change the version string in 0.93. Don't want to replace the 0.93 tarball anymore since people already downloaded it, so instead, here we got 0.93a. :-)
BitlBee and Google Talk
Many people already asked if BitlBee can connect to Google Talk. To answer this question correctly: Now it can. You have to keep two things in mind to make it work. First of all, the Google server requires SSL-connections. Without SSL it won't do any authentication. Also, BitlBee didn't handle situations where the part after the @ in the Jabber handle is not the Jabber server very well. There's a patch available for this. If you're in a rush, you can also make a small change to your hosts file. Just add gmail.com and make it resolve to the IP of talk.google.com.
If you decided to use the patch, you can specify an alternate server as an extra argument to account add. For example, to add your Google Talk account you can type:
account add jabber myaccount@gmail.com mypass talk.google.com:5222:ssl
NOTE: (Update, added 12:20 UTC) For some people the line also works without the 5222 part, but for many it doesn't. Google says on their site they only accept Jabber connections via port 5222, while BitlBee uses port 5223 by default for SSL-connections. If BitlBee hangs for you when trying to connect, you probably forgot to specify this port number. Update: (added 2005-09-04 13:56 UTC) Apparently for some other people only port 5223 works, not 5222. It's probably best to just try out what works best for you. Hopefully this will get better later.
im.bitlbee.org down for maintenance
The server was back for a short while, but right now it's down again. Fortunately this is just maintenance downtime for a few hours. We hope there won't be any more downtime in the next few months. We thank you for your patience.
im.bitlbee.org in trouble
Many people noticed already that our main public server, im.bitlbee.org, is down. By now it's down for almost 48 hours already, and unfortunately we can't tell exactly when it'll come back. The owner told us the hard drive died and will be replaced, but we don't have an ETA. Also, we don't know what's left of the user accounts.
We apologize for the inconvenience, but we'd also like to point out that there are many more public servers available. It can't hurt to spread the load a bit, so if you want your buddies back, you can switch.
(Unfortunately public servers don't share user accounts yet, but that's also a thing on our long-term TODO.)
Still no 1.0. What about 0.92?
Although most voters seemed to prefer a late 1.0 release, we decided to release 0.92 now. Because it fixes lots of bugs, including some that were bothering many people already. Also, there are some security fixes (although none of the security problems is really serious). Getting this code out gives us more time to fix the last problem left that keeps us from finally releasing version 1.0.
So in this 0.92 version, we work around this problem. It might be a dirty work-around, but in the end it's not any different from 0.91 or any other previous version. It's a long story, if you really want to know what this problem is about exactly, just ask.
Oh well, what else to say? Have fun with probably the longest-awaited BitlBee release ever! :-)
Still no 1.0
Although we'd love to release 1.0, it's still not possible. There are some stability issues, we see them happen every day on the testing server (even though most other people don't seem to have these problems), and obviously we don't want those bugs in a release, certainly not a 1.0 release.
Fixing this problem will probably be pretty hard, so 1.0 is not getting close. Working around the problem is possible though, so maybe we'll release BitlBee 0.92 soon. Stay tuned! :-)
We're not dead, we're just sleeping!
Although we sometimes promised to release BitlBee 1.0 before the end of the year, we're probably not going to make it. Mainly because the lead developer is busy with work and will be on vacation for about a month. There are quite a lot of changes in -devel already, waiting to be released, but unfortunately there are too many nasty bugs in it to release it right now.
We hope everyone can wait for just a short while longer for BitlBee 1.0 to come out. It'll come out eventually, we just don't want to hurry it and release something that isn't worth releasing (especially as 1.0) yet.
About the im.bitlbee.org/net24 incident from last Saturday.
David Pashley wrote a little post on his weblog about the im.bitlbee.org/net24 incident from last Saturday. I posted a (quite long) response to explain the situation a bit. For the people who also got bitten by this stupid mistake, it might be interesting to read.
im.bitlbee.org moved again.
We moved to a new server again. After two days of downtime, im.bitlbee.org should be back up now. We're sorry for the troubles caused during the last two days (sorry for everyone who accidentally joined the real IRC server also running on that machine, possibly sharing their passwords with everyone else) and hope things will be stable for the next few months now.
Again, to all the people who switched to the testing server, please go back to im. Although there's no problem with using that server, it's not really capable of hosting 200 users.
Not solved...
Unfortunately, it seems the problem isn't solved yet. :-( We don't know for how long this will last, but for now it's probably best to switch to a different server. If you need your account data, ask us by mail or IRC because we got a backup of all the userfiles from im.bitlbee.org.
Reboot problem solved?
Just received a mail from the person who owns the im.bitlbee.org machine. He said they swapped hardware and that things seem to be more stable now. So hopefully this means the end of the endless reboots and downtime. People who switched to the testing server because of the downtime, please go back to im now, because testing isn't supposed to host over 150 users. :-)
Lots of reboots on im.bitlbee.org
Lately, the server hosting im.bitlbee.org seems to reboot quite often for an unknown reason. Because BitlBee doesn't run as a system service on that machine, it isn't restarted automatically after a reboot, so the server has been unusuable for quite long periods a couple of times by now.
We're sorry for the inconvenience, and we'll try to make BitlBee start automatically from now on and/or find a better place for im.bitlbee.org. If you notice the server is down again (and doesn't get up in fifteen minutes), please warn us in #bitlbee on OFTC (irc.oftc.net).
Interview with the developers
As mentioned by SlashDot already, there's an interview with us on LinuxReviews. For the people who haven't read it yet, it might be interesting.
im.bitlbee.org moved
And in other news, we moved im.bitlbee.org to a new server. Most users won't really notice a difference, but we expect this server to be more capable of handling the large amount of users (over 200) we have lately.
Users of the server might notice that they lost some settings they saved on the old server, because they won't be copied to the new server after now.
Update: If you're having trouble connecting to the new server, try to connect via port number 6666 instead of 6667. This should fix the problem. We hope this will be a temporary solution, we'll try to find out why some people can't access BitlBee on the new server at the usual port.
0.91 released
BitlBee 0.91 is finally ready! With support for server-side buddy lists on ICQ, a lot of bug fixes, SSL support for Jabber and some other new features, this release is hopefully a big improvement over 0.90(a) for most users.
What's next, 0.92 or 1.0? We don't know yet... But 1.0 is getting close, probably. (And sorry, without filetransfers. :-)
RSS feed
Maybe not extremely useful, but if you're interested, there's an RSS-feed for the BitlBee newspage now. You might've noticed this already if you use a very recent version of Mozilla/FireFox.
Soon, this RSS feed might be the first to tell you about the 0.91 release! :-)
Poll, win32.bitlbee.org
As you can see there's a little poll box on the left now. The first poll is not too interesting, and it's not that the winner of the poll will be the next new feature. Not necessarily, at least.
And in other news, the Win32 port seems to be getting more stable lately. We now have a public server running as win32.bitlbee.org. If you're brave and/or curious, you can try it out. Although you probably won't notice any difference between this and any other public server...
ICQ support getting closer to perfect?
The server-side buddy list support seems to be stable. Also, there is better Unicode support now. You should now be able to every non-ASCII character you can think of in your ICQ conversations - as long as the client on the other side also has Unicode support.
The new code is running on testing.bitlbee.org, please try it out if you used to experience problems with non-ASCII characters in ICQ conversations! If we don't receive any bug reports in the next week and don't see any weird crashes on the server, we can finally release 0.91!
Working support for ICQ server-side buddy lists!
-devel had them for some time already, but until now there were some serious problems with them. However, all the problems are fixed now, so we're confident that it's now safe for people who depend on ICQ to use -devel. Because we want as many people as possible to test the support, testing.bitlbee.org runs a development version now. Please give it a shot if you want, and if you find any problems, just report them. Or of course you can download a development version and test it on your own machine.
0.90a fixes Yahoo! support
And it just does that. We thought this is worth doing a new release though.
Yahoo! problems
Obviously, Yahoo! wouldn't be Yahoo! if they didn't cause third party IM-client developers some troubles from time to time. They just did it again.
It's very likely that another change by Yahoo! will also render this patch useless, but for now it might be helpful. This patch is already applied to the BitlBee running on im.bitlbee.org. Unfortunately the patch isn't perfect, it is said that you won't be able to see who's on-line.
Update: Apparently it's not only impossible to see who's online with this patch, it's also impossible to actually send messages...
Update: New patch available: yahoo-fix-200406.diff. Not extremely well tested, but it works for Gaim and libyahoo2. Thanks to Cerulean Studios and Gaim for finding out how to fix this.
By the way, happy birthday BitlBee! The first line of code for BitlBee was written exactly two years ago today! (Even though the first public release was almost two months later.)
0.90 released
After eleven months of development, we just did the next milestone release. Contrary to previous development versions, ICQ server-side buddy lists aren't in this release because it wasn't ready for prime time yet. Obviously, as with every other milestone release, there's a release speech. Please don't forget to download the tarball after reading it! ;-)
Getting closer to 0.90
After two months of "silence", 0.90 is getting closer and closer. If you're curious, you can try it out already. With a rewrite of the MSN module, support for ICQ server-side buddy lists (not yet perfect in -devel right now, but we'll sort that out before the final release), lots of usability improvements and bug fixes, this will probably be one of the coolest BitlBee releases ever.
Stay tuned! ;-)
Also, have you checked out this soon-to-be-released O'Reilly title "IRC Hacks" yet? It has two hacks about BitlBee! (And obviously most of the other 98 hacks are quite interesting too!)
im.bitlbee.org moved
And for real, now. Everything seems to work. im.maniacallaughter.com is now also known as im.bitlbee.org. Some accounts might have gotten lost when we were merging the accounts of both servers, but we did our best to avoid that.
If anything seems to go wrong with the new server, please warn us by mail or on the #bitlbee channel on OFTC.
stunnel and BitlBee
Now that the April Fool's fun is over (we hope you didn't get too fond of Clippy ;-), there's some, possibly, more interesting news. It appears that stunnel can be used to provide SSL-protected access to BitlBee servers to IRC clients (as long as they support SSL, of course...). People who want to try out can connect to testing.bitlbee.org:6668.
Obviously, this doesn't mean ultimate security. At least parts of the traffic between the BitlBee server and the IM-services are still unencrypted, and so is the traffic between the IM-services and the person you're talking to. But it's a nice start, and this way people won't be able to sniff your passwords from your BitlBee connection anymore.
By the way, as some people might've found out, im.bitlbee.org and testing.bitlbee.org currently point at one and the same host, because there were still some problems with the new server. We hope to have this fixed soon.
im.bitlbee.org moved
Because the old server didn't seem to handle the large number of users on the server very well anymore, we moved the official stable public BitlBee server to a new home. Niacin offered us to use his server with too many spare CPU cycles.
The development BitlBee server still runs on the old machine for now. Obviously, this one is not reachable at im.bitlbee.org:6668 anymore, so you'll have to change your configuration a bit. For the development version, you now have to connect to testing.bitlbee.org:6667.
So for im.bitlbee.org:6667 users, nothing really changed. Obviously, all the configuration files have been copied from the old server to the new one, but some changes might've gotten lost. We hope this is not too much of a problem for you all.
cgi.bitlbee.org back online
cgi.bitlbee.org was taken offline some time ago because of bandwidth overuse. Now it's running on a server with less restrictive bandwidth limitations. All the accounts from the old server have been moved to this server, so former cgi.bitlbee.org users can just use this server now.
0.85a released
0.85a is just a little bugfix release, with some bugfixes from the current -devel backported to 0.85. We just thought there were too many small bugs in 0.85.
We'll hopefully not have to release anything else before 0.90.
MSN login problem fixed
Some people reported problems when trying to log into MSN with BitlBee ≥0.84. This problem is fixed now, and we recommend people experiencing this kind of problems to try a recent development version or apply this patch.
Although we're working on 0.90, we might release a 0.85a soon, to fix all the little problems 0.85 has.
Back to two
One of the BitlBee team members resigned from the project: Sjoerd Hemminga, also known as lucumo. We want to thank him for everything he's done for the project, and we're glad that he's still willing to write the release speeches. However, since 0.90 is far from being released right now, you'll have to live with just a goodbee speech. ;-)
Some 0.85 release notes
There are some small problems again when compiling on some non-Linux systems (*BSD). BitlBee uses strndup() at some places, but that call is GNU libc specific. If you experience problems when trying to compile BitlBee on non-Linux systems, replace every call to strndup() to g_strndup(). Or just use this patch.
0.85 released
Probably the last release in the 0.8x series, with quite a nice list of new features and bugfixes. We'll be preparing for 0.90 now, see you in a couple of months, hopefully!
Additionally, there's a brand new MSN module in the current -devel tree. (20040314 and newer) It is supposed to be more stable than the old one, and it will have some cool features the previous version didn't have. It wasn't ready to be released with 0.85 yet, but it's running on im.bitlbee.org:6668 now. Everyone is more than welcome to test this version, because we want to be sure that it does everything the old module did, and more, and we can't do that without help. Especially people who experienced stability problems when using the old MSN module are "wanted".
Native Win32 port and new server
After running this site on a cable box for half a year, we have moved it to a heavier server now. The people at MediaDesign offered us free hosting for the project, which we really appreciate. The site used to have a slow link to the other continents, we hope to have this problem fixed now. Thanks to MediaDesign, and of course Martin, who used to host this site.
And in other news today, there is a native Win32 port of BitlBee now. See the BitlBee-win site for some nifty screenshots and the port. It's still experimental, but it certainly looks promising!
Support for Yahoo! groupchats
Yahoo! groupchats work with BitlBee now. If you want to try them, get the latest version or connect to im.bitlbee.org:6668. Obviously, since this functionality is quite experimental, it requires lots of testing, and please report any bug/problem you find.
Actually, there are many more changes in -devel, so if you feel like experimenting and testing things a bit, please help.
0.84 released, the Friday the 13th release...
Now again with Yahoo! support, and finally without libsoup annoyances. Of course MSN will still work, but it uses libgnutls directly now. This also means we can upload a BitlBee with MSN support to Debian and other systems. Have fun!
(Fink package will come later, I'll have to find out how it works exactly first... GnuTLS is still uninstallable, it seems.)
Yahoo!
We got Yahoo! support again. We'll keep it in -devel for a couple of days to see how it works. 0.84 will probably come out in (less than) a week. If you can't wait, just go for the development version.
Also, now that we don't use the Gaim code for Yahoo! anymore (we use libyahoo2 now), we're sure BitlBee is not affected by any of the Gaim security bugs mentioned before. Except for the bug with proxy server handling, but BitlBee doesn't use this code at the moment. We fixed this bug anyway.
New site
Welcome to the new BitlBee site. The content isn't any different, most parts of the layout are still the same too, but the navigation is improved, and we got a separate news page now. We hope you like it.
Sick of patching libsoup?
See the patch repository (or pick a recent development version) for a patch which removes the libsoup dependency from BitlBee. Seems to work well, BitlBee 0.84 will probably have this patch.
Gaim Security Announcement
According to this mailinglist post, there are some security issues with the current version of Gaim. We haven't yet thoroughly checked which of these also apply to BitlBee, but we're quite sure that only the first six items affect BitlBee. And since the Yahoo! module still doesn't work completely, there is no hurry in fixing this. Just FYI.
We're making a bit progress on getting Yahoo! back to work. You can find a patch in the patch repository, although it doesn't seem to work for everyone yet.