Kaidan 0.12.2 fixes some bugs. Have a look at the changelog for more details.
Bugfixes:
Or install Kaidan for your distribution:
Kaidan 0.12.1 fixes some bugs. Have a look at the changelog for more details.
Bugfixes:
Or install Kaidan for your distribution:
Release Highlights:
If you are upgrading from a previous version, please check the changes in SQL schemas; but there aren&apost changes in the configuration, API commands or hooks.
Other contents:
ejabberdctl: new option CTL_OVER_HTTPmod_configure: new option accessejabberd container image: admin accountmod_muc_occupantid enabled by defaultmod_http_api: return sorted list elementscreate_room_with_opts API command separatorsBelow is a detailed breakdown of the improvements and enhancements:
ejabberd can bridge communications to Matrix servers since version 24.02 thanks to mod_matrix_gw, but until now only one-to-one conversations were supported.
Starting with ejabberd 25.03, now you can receive invitations to Matrix rooms and join public Matrix rooms by yourself. The Matrix bridge will be seen a multi-user chat service, as default matrix.yourdomain.net.
For example, once you have enabled the Matrix bridge, if you wish to join the room #ejabberd-matrix-bridge:matrix.org, you can use XMPP MUC protocol to enter the XMPP room: #ejabberd-matrix-bridge%matrix.org@matrix.yourdomain.net
Caveats for this release:
mod_matrix_gw sends a presence for each of them, it depends on whether the xmpp client can handle thousands of muc members.Note that matrix.org server has also declared an XMPP service in its DNS entries. To communicate with the real Matrix server, you need to block it and add this rule in your firewall on your ejabberd instance:
iptables -A OUTPUT -d lethe.matrix.org -j REJECT
As a reminder, as encrypted payloads are different in Matrix and XMPP, Matrix payload cannot be end-to-end encrypted. In the future, it could be possible to join Matrix encrypted room, with the decryption happening on the server in the bridge, but it will not be end-to-end encrypted anymore. It would just be a convenience for those trusting their XMPP server. Please, let us know if this is an option you would like to see in the future.
Faithful to our commitment to help gradually ramp up messaging security, we added the ability to store passwords in multiple formats per account. This feature should help with migration to newer, more secure authentication methods. Using the option auth_stored_password_types, you can specify in what formats the password will be stored in the database. And the stored passwords will be updated each time user changes the password or when the user&aposs client provides the password in a new format using SASL Upgrade Tasks XEP specification.
This option takes a list of values, currently recognized ones are plain, scram_sha1, scram_sha256, scram_sha512. When this options is set, it overrides old options that allowed to specify password storage - auth_scream_hash and auth_password_format.
This release requires SQL database schema update to allow storage of multiple passwords per user. This task can be performed automatically by ejabberd, if your config has enabled update_sql_schema toplevel option.
If you prefer to perform the SQL schema update manually yourself, check the corresponding instructions, depending if your config has enabled new_sql_schema:
ALTER TABLE users ADD COLUMN type smallint NOT NULL DEFAULT 0;
ALTER TABLE users ALTER COLUMN type DROP DEFAULT;
ALTER TABLE users DROP PRIMARY KEY, ADD PRIMARY KEY (username(191), type);
ALTER TABLE users ADD COLUMN type smallint NOT NULL DEFAULT 0;
ALTER TABLE users ALTER COLUMN type DROP DEFAULT;
ALTER TABLE users DROP PRIMARY KEY, ADD PRIMARY KEY (server_host(191), username(191), type);
ALTER TABLE users ADD COLUMN "type" smallint NOT NULL DEFAULT 0;
ALTER TABLE users ALTER COLUMN type DROP DEFAULT;
ALTER TABLE users DROP CONSTRAINT users_pkey, ADD PRIMARY KEY (username, type);
ALTER TABLE users ADD COLUMN "type" smallint NOT NULL DEFAULT 0;
ALTER TABLE users ALTER COLUMN type DROP DEFAULT;
ALTER TABLE users DROP CONSTRAINT users_pkey, ADD PRIMARY KEY (server_host, username, type);
ALTER TABLE users ADD COLUMN type smallint NOT NULL DEFAULT 0;
CREATE TABLE new_users (
username text NOT NULL,
type smallint NOT NULL,
password text NOT NULL,
serverkey text NOT NULL DEFAULT &apos&apos,
salt text NOT NULL DEFAULT &apos&apos,
iterationcount integer NOT NULL DEFAULT 0,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (username, type)
);
INSERT INTO new_users SELECT * FROM users;
DROP TABLE users;
ALTER TABLE new_users RENAME TO users;
ALTER TABLE users ADD COLUMN type smallint NOT NULL DEFAULT 0;
CREATE TABLE new_users (
username text NOT NULL,
server_host text NOT NULL,
type smallint NOT NULL,
password text NOT NULL,
serverkey text NOT NULL DEFAULT &apos&apos,
salt text NOT NULL DEFAULT &apos&apos,
iterationcount integer NOT NULL DEFAULT 0,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (server_host, username, type)
);
INSERT INTO new_users SELECT * FROM users;
DROP TABLE users;
ALTER TABLE new_users RENAME TO users;
You may remember this paragraph from the ejabberd 24.06 release notes:
ejabberd already has around 200 commands to perform many administrative tasks, both to get information about the server and its status, and also to perform operations with side-effects. Those commands have its input and output parameters clearly described, and also documented.
Almost a year ago, ejabberd WebAdmin got support to execute all those 200 API commands... and now your XMPP client can execute them too!
The new mod_adhoc_api ejabberd module allows to execute all the ejabberd API commands using a XMPP client that supports XEP-0050 Ad-Hoc Commands and XEP-0030 Service Discovery.
Simply add this module to modules, setup api_permissions to grant some account permission to execute some command, or tags of commands, or all commands. Reload the ejabberd configuration and login with your client to that account.
Example configuration:
acl:
admin:
user: jan@localhost
api_permissions:
"adhoc commands":
from: mod_adhoc_api
who: admin
what:
- "[tag:roster]"
- "[tag:session]"
- stats
- status
modules:
mod_adhoc_api:
default_version: 2
Now you can execute the same commands in the command line, using ReST, in the WebAdmin, and in your XMPP client!
This feature has been tested with Gajim, Psi, Psi+ and Tkabber. Conversejs allows to list and execute the commands, but doesn&apost show the result to the user.
Some options in ejabberd supported the possibility to use hard-coded keywords. For example, many modules like mod_vcard could used HOST in their hosts option. Other example is the captcha_cmd toplevel option: it could use VERSION and SEMVER keywords. All this was implemented for each individual option.
Now those keywords are predefined and can be used by any option, and this is implemented in ejabberd core, no need to implement the keyword substitution in each option. The predefined keywords are: HOST, HOME, VERSION and SEMVER.
For example, this configuration is now possible without requiring any specific implementation in the option source code:
ext_api_url: "http://example.org/@VERSION@/api"
Additionally, now you can define your own keywords, similarly to how macros are defined:
define_keyword:
SCRIPT: "captcha.sh"
captcha_cmd: "tools/@SCRIPT@"
And finally, now macros can be used inside string options, similarly to how keywords can be used:
define_macro:
SCRIPT: "captcha.sh"
captcha_cmd: "tools/@SCRIPT@"
In summary, now macros and keywords can be defined and used very similarly, so you may be wondering what are their differences. That is explained in detail in the new section Macros and Keywords:
Macros are implemented by the yconf library: macros cannot be defined inside host_config.
Keywords are implemented by ejabberd itself: keywords can be defined inside host_config but only for usage in module options. And cannot be used in those toplevel options: hosts, loglevel, version.
The ejabberdctl script is useful not only to start and stop ejabberd, it can also execute the ~200 ejabberd API commands inside the running ejabberd node. For this, the script starts another erlang virtual machine and connects it to the already existing one that is running ejabberd.
This connection method is acceptable for performing a few administrative tasks (reload configuration, register an account, etc). However, ejabberdctl is noticeably slow for performing multiple calls, for example to register 1000 accounts. In that case, it is preferable to use other API frontend like mod_http_api or ejabberd_xmlrpc.
And now ejabberdctl can do exactly this! ejabberdctl can be configured to use an HTTP connection to execute the command, which is way faster than starting an erlang node, around 20 times faster.
To enable this feature, first configure in ejabberd.yml:
listen:
-
port: "unix:sockets/ctl_over_http.sock"
module: ejabberd_http
unix_socket:
mode: &apos0600&apos
request_handlers:
/ctl: ejabberd_ctl
Then enable the CTL_OVER_HTTP option in ejabberdctl.cfg:
CTL_OVER_HTTP=sockets/ctl_over_http.sock
Let&aposs register 100 accounts using the standard method and later using CTL_OVER_HTTP:
$ time for (( i=100 ; i ; i=i-1 )) ; do ejabberdctl register user-standard-$i localhost pass; done
...
real 0m43,929s
user 0m41,878s
sys 0m10,558s
$ time for (( i=100 ; i ; i=i-1 )) ; do CTL_OVER_HTTP=sockets/ctl_over_http.sock ejabberdctl register user-http-$i localhost pass; done
...
real 0m2,144s
user 0m1,377s
sys 0m0,566s
This feature is enabled by default in the ejabberd container image.
mod_configure always had support to configure what accounts can access its features: using the configure access rule. The name of that access rule was hard-coded. Now, thanks to the new access option, that can be configured.
Several improvements are added in the ejabberd and ecs container images to allow easier migration from one to the other. This also allows to use the same documentation file for both container images, as now there are very few usability differences between both images. Also, a new comparison table in that documentation describes all the differences between both images. The improvements are:
ecs into ejabberd container image, and viceversa: /opt/ linked to /home/ and /usr/local/bin/ linked to /opt/ejabberd/bin/ejabberdapi binary also in the ejabberd container image, as does ecs/usr/local/bin/ for easy calling, and it&aposs included in $PATH/opt/ejabberd/database/sql//opt/ejabberd/database/ for backwards compatibility with ecsCONTAINER.md now documents both images, as there are few differences. Also includes a comparison tableMacros are used in the default ejabberd.yml configuration files to define host, admin account and port numbers. This way you can overwrite any of them at starttime using environment variables:
env:
- name: PORT_HTTP_TLS
value: 5444
If you use the podman-desktop or docker-desktop applications, you may have noticed they show a button named "Open Browser". When you click that button, it opens a web browser with / URL and the lowest exposed port number. Now the default ejabberd.yml configuration file listens in port number 1880, the lowest of all, so the "Open Browser" button will open directly the ejabberd WebAdmin page.
In the ejabberd container image, you can grant admin rights to an account using the EJABBERD_MACRO_ADMIN environment variable. Additionally, if you set the REGISTER_ADMIN_PASSWORD environment variable, that account is automatically registered.
Example kubernetes yaml file in podman:
env:
- name: EJABBERD_MACRO_ADMIN
value: administrator@example.org
- name: REGISTER_ADMIN_PASSWORD
value: somePass0rd
When those environment variables are not set, admin rights are granted to a random account name in the default ejabberd.yml.
Alternatively, this can be done with the existing CTL_ON_CREATE variable, and then you would need to modify ejabberd.yml accordingly:
env:
- name: CTL_ON_CREATE
value: register administrator example.org somePass0rd
There are several minor improvements in the Unix Domain Socket support, the most notable being support for socket relative path: if the port option is set to "unix:directory/filename" without absolute path, then the directory and file are created in the Mnesia spool directory.
Two bugs related to XEP-0356: Privileged Entity have been solved:
Don&apost rewrite "self-addressed" privileged IQs as results
process_privilege_iq is meant to rewrite the result of a privileged IQ into the forwarded form required by XEP-0356 so it can be routed back to the original privileged requester. It checks whether the impersonated JID (ReplacedJid) of the original request matches the recipient of the IQ being processed to determine if this is a response to a privileged IQ (assuming it has privileged-IQ metadata attached).
Unfortunately, it doesn&apost check the packet type, and this check will also match a privileged-IQ request that is being sent to the same user that&aposs being impersonated. This results in the request itself being rewritten and forwarded back to the sending component, instead of being processed and having the result send back.
Instead, just check for IQ results (either a regular result or an error), and as long as it is marked as being a response to a privileged-IQ, always rewrite it and forward it to the sending component. There&aposs no circumstance under which we shouldn&apost forward a privileged-IQ response, so we don&apost need to be tricky about checking whether impersonated-user and recipient match.
Accept non-privileged IQs from privileged components
mod_privilege current drops any non-privileged IQ received from a component with an error about it not being properly wrapped. While this might represent a mistake on the part of the component, it means that well- behaved components can no longer send non-privileged IQs (something they normally can do if mod_privilege isn&apost enabled).
Since mod_privilege is intended to grant additional permissions, and not remove existing ones, route non-privileged IQs received from the component normally.
This also removes the special-case for roster-query IQ stanzas, since those are also non-privileged and will be routed along with any other non-privileged IQ packet. This mirrors the privileged-IQ/everything-else structure of the XEP, which defined the handling of privileged IQ stanzas and leaves all other IQ stanzas as defined in their own specs.
To make this clearer, the predicate function now returns distinct results indicating privileged IQs, non-privileged IQs, and error conditions, rather than treating non-privilege IQs as an error that gets handled by routing the packet normally.
mod_muc_occupantid was added to the list of modules enabled in the sample configuration file ejabberd.yml.example.
It&aposs not necessarily obvious that it&aposs required for using certain modern features in group chat, and there&aposs no downside in activating this module.
When mod_http_api returns a list of elements, now those elements are sorted alphabetically. If it is a list of tuples, the tuples are sorted alphabetically by the first element in that tuple.
Notice that the new module mod_adhoc_api uses internally mod_http_api to format the API command arguments and result, this means that mod_adhoc_api benefits from this feature too.
One of the arguments accepted by the create_room_with_opts API command is a list of room options, expressed as tuples of option name and option value. And some room option values are also list of tuples! This is the case of affiliations and subscribers.
That is not a problem for API frontends that accept structured arguments like mod_http_api and ejabberd_xmlrpc. But this is a problem in ejabberdctl, mod_adhoc_api and WebAdmin, because they don&apost use structured arguments, and instead separate list elements with , and tuple elements with :. In that case, a list of tuples of list of tuples cannot be parsed correctly if all them use the same separators.
Solution: when using the create_room_with_opts command to set affiliations and subscribers options:
, and now should be with ;: and now should be with =All the previous separators are still supported for backwards compatibility, but please use the new recommended separators, specially if using ejabberdctl, mod_adhoc_api and WebAdmin.
Let&aposs see side by side the old and the new recommended syntax:
affiliations:owner:user1@localhost,member:user2@localhost
affiliations:owner=user1@localhost;member=user2@localhost
In a practical example, instead of this (which didn&apost work at all):
ejabberdctl \
create_room_with_opts \
room_old_separators \
conference.localhost \
localhost \
"persistent:true,affiliations:owner:user1@localhost,member:user2@localhost"
please use:
ejabberdctl \
create_room_with_opts \
room_new_separators \
conference.localhost \
localhost \
"persistent:true,affiliations:owner=user1@localhost;member=user2@localhost"
Notice that both the old and new separators are supported by create_room_with_opts. For example, let&aposs use curl to query mod_http_api:
curl -k -X POST -H "Content-type: application/json" \
"http://localhost:5280/api/create_room_with_opts" \
-d &apos{"name": "room_old_separators",
"service": "conference.localhost",
"host": "localhost",
"options": [
{"name": "persistent",
"value": "true"},
{"name": "affiliations",
"value": "owner:user1@localhost,member:user2@localhost"}
]
}&apos
curl -k -X POST -H "Content-type: application/json" \
"http://localhost:5280/api/create_room_with_opts" \
-d &apos{"name": "room_new_separators",
"service": "conference.localhost",
"host": "localhost",
"options": [
{"name": "persistent",
"value": "true"},
{"name": "affiliations",
"value": "owner=user1@localhost;member=user2@localhost"}
]
}&apos
There are two new API commands: mnesia_list_tables and mnesia_table_change_storage.
In fact those commands were already implemented since ejabberd 24.06, but they were tagged as internal as they were only used by WebAdmin. Now they are available for any API frontend, including mod_adhoc_api.
Let&aposs review the supported Erlang/OTP versions:
Erlang/OTP 20.0 up to 24.3 are discouraged: ejabberd 25.03 is the last ejabberd release that fully supports those old erlang versions. If you are still using any of them, please upgrade it before the next ejabberd release.
Erlang/OTP 25.0 up to 27.3 are the recommended versions. For example Erlang/OTP 27.3 is used in the ejabberd binary installers and ejabberd container image.
Erlang/OTP 28.0-rc2 is mostly supported, but not yet recommended for production deployments.
Regarding Elixir supported versions:
Elixir 1.10.3 up to 1.12.3 are discouraged: ejabberd compilation is not tested with those old Elixir versions.
Elixir 1.13.4 up to 1.18.3 are the recommended versions; for instance Elixir 1.18.3 is used in the ejabberd binary installers and container images.
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
xmpp, mod_private, installersmod_privilegec2s_handle_bind eventejabberdapi compilation in containersext_mod fixes and otherAnd also to all the people contributing in the ejabberd chatroom, issue tracker...
Customers of the ejabberd Business Edition, in addition to all those improvements and bugfixes, also get the floowing fixes
mod_unread with s2s messagesserver_info commands when a cluster node is not availableThis is a more detailed list of changes in this ejabberd release:
ejabberdctl: New option CTL_OVER_HTTP (#4340)ejabberd_web_admin: Support commands with tuple argumentsmod_adhoc_api: New module to execute API Commands using Ad-Hoc Commands (#4357)mod_http_api: Sort list elements in a command resultchange_room_option: Add forgotten support to set enable_hats room optionchange_room_option: Verify room option value before setting it (#4337)create_room_with_opts: Recommend using ; and = separatorslist_cluster_detailed: Fix crash when a node is downmnesia_list_tables: Allow using this internal commandmnesia_table_change_storage: Allow using this internal commandstatus: Separate command result with newlineupdate_sql: Fix updating tables created by ejabberd internallyupdate_sql: Fix MySQL supportacl: Fix bug matching the acl shared_group: NAMEdefine_keyword: New option to define keywords (#4350)define_macro: Add option to globals() because it&aposs useless inside host_configejabberd.yml.example: Enable mod_muc_occupantid by defaultERL_FLAGS to compile elixir on qemu cross-platformsockets/ outside database/ejabberd.yml.example: Copy main example configuration fileejabberd.yml.example: Define and use macros in the default configuration fileejabberd.yml.example: Enable CTL_OVER_HTTP by defaultejabberd.yml.example: Listen for webadmin in a port number lower than any otherejabberdapi: Compile during buildCONTAINER.md: Include documentation for ecs container imageejabberd_auth: Add support for auth_stored_password_typesejabberd_router: Don&apost rewrite "self-addressed" privileged IQs as results (#4348)misc: Fix json version of json_encode_with_kv_list for nested kv lists (#4338)nodetree_tree_sql:set_nodemod_configure: Add option access to let configure the access namemod_mix_pam: Remove Channels roster group of mix channels (#4297)mod_muc: Document MUC room option vcard_xupdatemod_privilege: Accept non-privileged IQs from privileged components (#4341)mod_private: Improve exception handlingmod_private: Don&apost warn on conversion errorsmod_private: Handle invalid PEP-native bookmarksmod_private: Don&apost crash on invalid bookmarksmod_s2s_bidi: Stop processing other handlers in s2s_in_handle_info (#4344)mod_s2s_bidi: Fix issue with wrong namespaceex_doc: Bump to 0.37.2stringprep: Bump to 1.0.31provider_asn1: Bump to 0.4.1xmpp Bump to bring fix for ssdp hash calculationxmpp Bump to get support for webchat_url (#3041)xmpp Bump to get XEP-0317 Hats namespaces version 0.2.0xmpp Bump to bring SSDP to XEP version 0.4yconf Bump to support macro inside stringmix.exs: Keep debug info when building dev releasemix.exs: The ex_doc dependency is only relevant for the edoc Mix environmentext_mod: add $libdir/include to include pathext_mod: fix greedy include path (#4359)gen_mod: Support registering commands and hook_subscribe in start/2 resultc2s_handle_bind: New event in ejabberd_c2s (#4356)muc_disco_info_extras: New event mod_muc_room useful for mod_muc_webchat_url (#3041)define_macro and define_keywordct_runupdate_sqlmod_example when the tests has finishedmuc#user element to presences and an initial empty subjectgen_iq_handler:remove_iq_handler call/tmp for temporary socket, as path is restricted to 107 charsget_auto_url option: Don&apost build auto URL if port is unix domain socket (#4345)https://github.com/processone/ejabberd/compare/24.12...25.03
As usual, the release is tagged in the Git source code repository on GitHub.
The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags.
The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs. The alternative ejabberd container image is available in ghcr.io/processone/ejabberd.
If you consider that you&aposve found a bug, please search or fill a bug report on GitHub Issues.
When I explain to others what I do for a living, I often ask why it is that we are not surprised that one can use a Gmail account to send an email to someone who uses an Outlook account, yet many people fully accept that you can’t send a message to someone using WhatsApp from a Telegram account. We’re not surprised that we can use our phone to set up a call with someone who uses a different brand of phone (or is subscribed to a different provider), yet, for instant messaging, we find ourselves in a world of walled gardens.
Walled gardens refer to ecosystems where companies control access to their platforms and restrict users’ ability to freely interact with other services, creating barriers that prevent open communication and fair competition.
Recognizing this, legislation is slowly being put in place to improve things. The Digital Markets Act (DMA) is a regulatory framework established aimed at ensuring fair competition and improving the functioning of the digital economy. One of its primary objectives is to dismantle these walled gardens and promote messaging interoperability. The DMA seeks to break down barriers and ensure that users have more freedom to engage with different platforms and services, while also enabling interoperability between messaging services.
Meta (of WhatsApp and Facebook fame) is designated as a “gatekeeper” under the DMA. This means that Meta holds a dominant position in the market, controlling key access points that can potentially limit competition or consumer choice. The act outlines various obligations that Meta must comply with to ensure a fairer and more open digital environment.
The XMPP Standards Foundation is now publishing an Open Letter to Meta, to advocate for the adoption of XMPP for messaging interoperability. It argues that Meta’s proposal falls short: Meta’s current approach to interoperability, which relies on restrictive NDAs, proprietary APIs, and centralized control, is not true interoperability.
The XSF argues that Meta should adopt XMPP (eXtensible Messaging and Presence Protocol), a proven, open standard that allows for true federation, decentralization, enhanced privacy, and scalability. XMPP enables seamless communication between different services, akin to email or phone networks. Meta has previously utilized XMPP for WhatsApp and Messenger and has embraced federation for other services, showing that adoption and implementation are not only achievable, but has already been proven to work.
The XSF urges Meta to adopt XMPP for messaging interoperability to comply with the DMA and build a competitive, open messaging ecosystem. The XSF is ready to collaborate and evolve the protocol as needed.
The Ignite Realtime community is based on the strength and flexibility offered by XMPP. Projects like Openfire, Smack, Pade and Spark are direct implementations of the XMPP protocol. We have firsthand witnessed the flexibility, reliability and maturity of the protocol, and have been successfully applying it for years, if not decades. We should therefore fully endorse the XSF’s call to action!
It is time for real interoperability. Let’s make it happen!
You can find the Open Letter of the XSF here: XMPP | Open Letter to Meta: Support True Messaging Interoperability with XMPP
A accompanying technical briefing is also published: XMPP | Detailed technical briefing: The Case for XMPP – Why Meta Must Embrace True Messaging Interoperability
For other release announcements and news follow us on Mastodon or X
1 post - 1 participant
The XMPP Standards Foundation (XSF) has published an open letter to Meta, asking them to support true messaging interoperability using the XMPP protocol.
Meta had previously integrated this protocol, and WhatsApp was actually built on an XMPP-based server, and Meta has previously supported XMPP in Facebook Messenger, as explained in XSF&aposs technical briefing:
A Call to Meta: Build Your Interoperability Stack on XMPP
We at the XMPP Standards Foundation (XSF) urge Meta to build its interoperability framework on top of XMPP federation.
If Threads can implement the Fediverse protocol, there is no reason why Meta cannot do the same with XMPP for Facebook Messenger and WhatsApp—especially since WhatsApp itself was originally built on XMPP.
We support this initiative as it represents the best approach for genuine interoperability. The European Digital Markets Act (DMA) is specifically designed to break down walled gardens and enforce messaging interoperability across platforms.
XMPP has played a crucial role in shaping the modern messaging landscape, and its success demonstrates that true interoperability is achievable across different platforms and services. It remains the most viable and battle-tested solution to meet interoperability requirements.
As a free and open standard for building and deploying instant messaging systems, XMPP represents the ideal foundation for true messaging interoperability.
Federation is the way to go! Learn more by reading the announcement on the XSF website, where they provide both the open letter and a detailed technical briefing explaining the reasoning behind this call to action.
The XSF, as well as ProcessOne as a long time supporter, is ready to collaborate with Meta and continue to evolve the protocol to meet modern messaging needs.
About three years since the last version, poezio 0.15 (and 0.15.1 to address a small packaging mishap, version numbers are cheap) was released yesterday!
Poezio is a terminal-based XMPP client which aims to replicate the feeling of terminal-based IRC clients such as irssi or weechat; to this end, poezio originally only supported multi-user chats.
Not a lot this time around… Maybe next time?
For years, Ruby was my go-to language for building everything from small prototypes to full-fledged production apps. I fell in love with its elegance and expressiveness and how Ruby on Rails could turn an idea into a working web app in record time. The community—with its focus on kindness and collaboration—only deepened my appreciation. In short, Ruby felt like home.
But as my projects grew in complexity, I started running into bottlenecks. I had apps requiring real-time features, massive concurrency, and high availability. Scaling them with Ruby often meant juggling multiple processes, external services, or creative threading approaches—all of which worked but never felt truly seamless. That’s when I stumbled upon Elixir.
At first glance, Elixir’s syntax reminded me of Ruby. It looked approachable and developer-friendly. But beneath the surface lies a fundamentally different philosophy, heavily influenced by Erlang’s functional model and the concurrency power of the BEAM. Moving from Ruby’s object-oriented approach to Elixir’s functional core was eye-opening. Here’s how I made that transition and why I think it’s worth considering if you’re a fellow Rubyist.
In Ruby, I approached problems by modeling them as classes, bundling data and behavior together. It was second nature to create an @name instance variable in an initializer, mutate it, and rely on inheritance or modules to share behavior. This style allowed me to write expressive code, but it also hid state changes behind class boundaries.
Elixir flips that script. Data is immutable, and functions are the stars of the show. Instead of objects, I have modules that hold pure functions. Instead of inheritance, I rely on composition and pattern matching. This required me to unlearn some habits.
No more deep class hierarchies: In Elixir, code sharing happens via modules and function imports rather than extending base classes.
Ruby
class Greeter
def initialize(name)
@name = name
end
def greet
"Hello, #{@name}!"
end
end
greeter = Greeter.new("Ruby")
puts greeter.greet # => "Hello, Ruby!"
Elixir
defmodule Greeter do
def greet(name), do: "Hello, #{name}!"
end
IO.puts Greeter.greet("Elixir") # => "Hello, Elixir!"
At first, I missed the idea of storing state inside an object, but soon realized how clean and predictable code can be when data and functions are separated. Immutability drastically cut down on side effects, which in turn cut down on surprises.
Ruby concurrency typically means spinning up multiple processes or using multi-threading for IO-bound tasks. If you need to queue background jobs, gems like Sidekiq step in. Sidekiq runs in its own OS processes, separate from the main web server, and these processes can run on multiple cores for true parallelism. This approach is straightforward but often demands more memory and additional infrastructure for scaling.
On the plus side, Ruby can handle many simultaneous web requests if they’re primarily IO-bound (such as database queries). Even with the Global Interpreter Lock (GIL) limiting the parallel execution of pure Ruby code, IO tasks can still interleave, allowing a single OS process to serve multiple requests concurrently.
Elixir, on the other hand, was built for concurrency from the ground up, thanks to the BEAM virtual machine. It uses lightweight processes (not OS processes or threads) that are cheap to create and easy to isolate. These processes don’t share memory but communicate via message passing—meaning a crash in one process won’t cascade.
Ruby (Sidekiq)
class UserSyncJob
include Sidekiq::Worker
# This job fetches user data from an external API
# and updates the local database.
def perform(user_id)
begin
# 1. Fetch data from external service
external_data = ExternalApi.get_user_data(user_id)
# 2. Update local DB (pseudo-code)
user = User.find(user_id)
user.update(
name: external_data[:name],
email: external_data[:email]
)
puts "Successfully synced user #{user_id}"
rescue => e
# If something goes wrong, Sidekiq can retry
# automatically, or we can log the error.
puts "Error syncing user #{user_id}: #{e.message}"
end
end
end
# Trigger the job asynchronously:
UserSyncJob.perform_async(42)
Elixir (Oban)
Although GenServer is often used to showcase Elixir’s concurrency model, a more accurate comparison to Sidekiq would be Oban – a background job processing library.
defmodule MyApp.Workers.UserSyncJob do
use Oban.Worker, queue: :default
@impl Oban.Worker
def perform(%{args: %{"user_id" => user_id}}) do
with {:ok, external_data} <- ExternalApi.get_user_data(user_id),
%User{} = user <- MyApp.Repo.get(User, user_id) do
user
|> User.changeset(%{
name: external_data.name,
email: external_data.email
})
|> MyApp.Repo.update!()
IO.puts("Successfully synced user #{user_id}")
else
error -> IO.puts("Error syncing user #{user_id}: #{inspect(error)}")
end
:ok
end
end
# Enqueue the job asynchronously:
MyApp.Workers.UserSyncJob.new(%{"user_id" => 42})
|> Oban.insert()
With Oban, jobs are persistent, retried automatically on failure, and can survive restarts – just like Sidekiq. It leverages Elixir’s process model but gives you the robustness of a mature job queueing system. Since it stores jobs in PostgreSQL, you get full visibility into job states and histories without adding extra infrastructure. Both libraries offer paid tiers – Sidekiq Pro , Oban Pro.
Here are some notable features offered in the Pro versions of Sidekiq and Oban:
Sidekiq Pro:
Oban Pro:
Their open-source cores, however, already cover the most common background job needs and are well-suited for many production applications.
Error handling in Ruby typically involves begin/rescue blocks. If a critical background job crashes, I might rely on Sidekiq’s retry logic or external monitoring. It worked, but I always worried about a missed exception bringing down crucial parts of the app.
Elixir uses a concept called a supervision tree, inherited from Erlang’s OTP. Supervisors watch over processes, restarting them automatically if they crash. At first, I found it odd to let a process crash on purpose instead of rescuing the error. But once I saw how quickly the supervisor restarted a failed process, I was hooked.
defmodule Worker do
use GenServer
def start_link(_) do
GenServer.start_link(__MODULE__, %{}, name: __MODULE__)
end
def init(_), do: {:ok, %{}}
def handle_call(:risky, _from, state) do
raise "Something went wrong"
{:reply, :ok, state}
end
end
defmodule SupervisorTree do
use Supervisor
def start_link(_) do
Supervisor.start_link(__MODULE__, :ok, name: __MODULE__)
end
def init(:ok) do
children = [
{Worker, []}
]
Supervisor.init(children, strategy: :one_for_one)
end
end
Now, if Worker crashes, the supervisor restarts it automatically. No manual intervention, no separate monitoring service, and no global meltdown.
Rails made it trivial to spin up CRUD apps, handle migrations, and integrate with robust testing tools like RSpec. But building real-time interactions (like chat or real-time dashboards) could be tricky without relying heavily on JavaScript frameworks or ActionCable.
Elixir’s Phoenix framework parallels Rails in many ways: fast bootstrapping, a clear folder structure, and strong conventions. But Phoenix Channels and LiveView push it even further. With LiveView, I can build highly interactive, real-time features that update the DOM via websockets—all without a dedicated front-end framework.
Elixir (Phoenix LiveView)
defmodule ChatLive do
use Phoenix.LiveView
def mount(_params, _session, socket) do
{:ok, assign(socket, :messages, [])}
end
def handle_event("send", %{"message" => msg}, socket) do
{:noreply, update(socket, :messages, fn msgs -> msgs ++ [msg] end)}
end
def render(assigns) do
~H"""
<h1>Chat</h1>
<ul>
<%= for msg <- @messages do %>
<li><%= msg %></li>
<% end %>
</ul>
<form phx-submit="send">
<input type="text" name="message" placeholder="Type something"/>
<button type="submit">Send</button>
</form>
"""
end
end
This simple LiveView code handles real-time chat updates directly from the server, minimising the JavaScript I need to write. The reactive UI is all done through server-rendered updates.
At first, it was tough to break free from the habit of mutating data in place. But once I got comfortable returning new data structures, my code became far more predictable. I stopped chasing side effects and race conditions.
Ruby taught me to rescue and recover from every possible error. Elixir taught me to trust the supervisor process. This “let it crash” philosophy took some getting used to, but it simplifies error handling significantly.
LiveView drastically cut down my front-end overhead. I don’t need a full client framework for real-time updates. Seeing how quickly I could build a proof-of-concept live chat convinced me that Elixir was onto something big.
None of this means I dislike Ruby. I still think Rails is fantastic for many use cases, especially when you need to prototype something quickly or build a classic CRUD app. Ruby fosters a developer-friendly environment that many languages can only aspire to. I simply reached a point where concurrency and fault tolerance became a top priority—and that’s where Elixir really shines.
Ultimately, if you’re running into the same scaling or concurrency issues I did, Elixir might just be the upgrade you need. It brings a breath of fresh air to large-scale, real-time, and fault-tolerant applications while keeping developer happiness front and center. For me, it was worth the leap, and I haven’t looked back since. If you’re looking for a detailed comparison of Elixir and Ruby, our comprehensive Elixir vs. Ruby guide has you covered.
The post My Journey from Ruby to Elixir: Lessons from a Developer appeared first on Erlang Solutions.
It has been a little over a year since Meta announced their proposal for third-parties to achieve messaging interoperability with WhatsApp, with Facebook Messenger following half a year later. Not for everyone, and only because these services were designated as Gate Keepers under the recent Digital Markets Act (DMA) in the EU. So only in the EU, and then with many strings attached. In that time, a lot has been written. Element/Matrix have put in efforts to work with Meta to get some interoperability going. Unfortunately, the reference offers don’t provide what we would call true interoperability, and given that virtually nobody has taken up Meta on this offer, their proposal just falls short across the board.
Over at the IETF, the More Instant Messaging Interoperability (MIMI) working group is working on mechanisms for interoperability. While several of our members are involved with MIMI and working on the implementation of the related MLS protocol for end-to-end encryption, we believe it is time to have true interoperability using a well-tested and widely implemented set of standards: XMPP.
To that end, we today publish an Open Letter to Meta. A call to action, urging Meta to adopt XMPP for messaging interoperability. For a more in-depth reasoning, we also provide a detailed technical briefing.
We are ready. Let’s make it happen.
This new version does not have many new features, but it has quite a few breaking changes, which should not impact many people, as well as one important security fix.
Thanks to everyone who contributed with code, issues, suggestions, and reviews!
After working on TLS stuff, I noticed that we still allowed unencrypted SCRAM to be negociated, which is really not good. For packagers who only want this security fix, the commit fd66aef38d48b6474654cbe87464d7d416d6a5f3 should apply cleanly on any slixmpp version.
(most servers in the wild have unencrypted connections entirely disabled, so this is only an issue for Man in the Middle attacks)
The security issue mentioned above is a breaking change if you actively want to connect to servers without encryption. If that is a desired behavior, you can still set xmpp['feature_mechanisms'].unencrypted_scram = True on init.
Removal of the timeout_callback parameter anywhere it was present. Users are encouraged to await on the coroutine or the future returned by the function, which will raise an IqTimeout exception when appropriate.
Removal of the custom google plugins, which I am guessing have not worked in a very long time (both the google and gmail_notify plugin).
Removal of the Stream Compression (XEP-0138) plugin. It was not working at all and use of compression is actively discouraged for security reasons.
Due to the new connection code, the configuration of the connection parameters has changed quite a bit:
- The XMLStream (from which the ClientXMPP class inherits) does not have a use_ssl parameter anymore. Instead it has enable_direct_tls and enable_starttls as well as enable_plaintext attributes. Those attributes control whether we want to connect using starttls or direct TLS. The plaintext is for components since we only implement the jabber component protocol (XEP-0114).
- The connect() method signature has changed entirely, and it no longer takes any other parameters than host and port (which must be provided together to have an effect).
- Handling of custom addresses has changed a bit, now they are set through calling connect(), and kept until connect() is called without arguments again.
- The DNS code will now fetch both xmpps-client and xmpp-client records (unless direct TLS is explicitly disabled) and prefer direct TLS if it has the same priority as STARTTLS.
- The SRV targeted by the queries can be customized using the tls_services and starttls_services of ClientXMPP (but have no idea why anyone would do this)
Kaidan 0.12.0 looks and behaves better than ever before! Chats can now quickly be pinned and moved. In addition, the list of group chat participants to mention them is placed above the cursor if enough space is available. With this release, OMEMO can be used right after migrating an account and migrated contacts are correctly verified.
Have a look at the changelog for more details.
Features:
Bugfixes:
Notes:
Or install Kaidan for your distribution:
Lorena Mireles is an influential force in the BEAM community, known for her work as an Elixir developer and as a dedicated member of the Code BEAM America programme committee. She’s been instrumental in fostering connections and shaping discussions that help drive the future of Elixir.
In this interview, Lorena opens up about her journey with Elixir, her role on the committee, and what makes the BEAM community so unique.
The community was, without a doubt, the first reason I became interested in Elixir. I had no prior knowledge of Elixir the first time I attended a conference, but I felt very comfortable at the talks. The explanations were clear and interesting, which motivated me to investigate the programming language further.
Also, everyone was very kind and willing to share their knowledge. Over time, I discovered the advantages of this programming language for designing powerful systems. I’m still amazed at how easy it is to create projects with complex technical requirements, all thanks to the way Elixir and BEAM were created, and all the material available to learn about them.
I joined the committee at the invitation of the organisers, and I’m very grateful, as I’ve been a part of it for three consecutive editions, and I continue to learn and be surprised each time.
My work focuses primarily on promoting women’s participation at the conference and supporting the diversity program, which has allowed me to meet great women and learn about their projects and experiences. Overall, it’s a great opportunity to get to know the speakers a little better and get involved in the BEAM community.
I also learn about new topics, as seeing the talks they submit also motivates me to explore them.
I’ll start with my favourite- reconnecting with the BEAM community. I admire so many people and their work, so Code BEAM America was a great experience to learn more about it. I also loved seeing the new speakers and first-time attendees. I chatted with some of them, and they loved the experience. It was great to get their feedback.
The keynotes were also some of my favourites. Machine Learning and AI were discussed, which seemed very appropriate given the current relevance of these topics. There were also a couple of talks focused on social aspects, which are always necessary to foster continuous improvement in teams.
All the projects that will likely be happening this year. At this year’s Code BEAM, I met new speakers and saw new attendees, which means the knowledge continues to expand and the community grows, and that also means new projects and more material about Elixir and BEAM in general.
I’m excited to think about all the new things we’ll see and how we continue to encourage new people to participate because, without a doubt, Elixir is a programming language worth learning.
Lorena’s experience with Elixir and her role in the BEAM community shows just how powerful collaboration and innovation can be in shaping the ecosystem. Beyond that, her Women in BEAM survey and Women in Elixir webinar are amazing resources she’s put together to foster more inclusivity in the community.
The post Meet the team: Lorena Mireles appeared first on Erlang Solutions.
This release brings improvements to Gajim’s Start Chat window and fixes some issues in group chats. Thank you for all your contributions!
With Gajim 2.0, we migrated Gajim’s user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow.
With Gajim 2.0.4 you can sort contacts by their status when browsing the Start Chat window. This release also fixes some problems with contact sorting in general. Furthermore, this new version fixes some issues which may occur while trying to export messages.
A note for Windows users: At the time of writing, there are some issues with emoji rendering on Windows. That’s why there is no release of Gajim 2.0 for Windows yet. This issue should soon be resolved and we will post an update once Gajim 2.0 is released on Windows.
And much more! Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Welcome to a new major release of the Prosody XMPP server! While the 0.12 branch has served us well for a while now, this release brings a bunch of new features we’ve been busy polishing.
If you’re unfamiliar with Prosody, it’s an open-source project that implements XMPP, an open standard protocol for online communication. Prosody is widely used to power everything from small self-hosted messaging servers to worldwide real-time applications such as Jitsi Meet. It’s part of a large ecosystem of compatible software that you can use for realtime online communication.
The first thing anyone who has been following the project for a while will notice about this release is the version number.
Long adherents of the cult of 0ver, we finally decided it was time to break away. While, as Shakespeare wrote, “That which we call a rose, by any other name would smell as sweet”, such is true of version numbers. Prosody has been stable and used in production deployments for many years, however the ‘0.x’ version number occasionally misled people to believe otherwise. Apart from shifting the middle component leftwards, nothing has changed.
If you’re really curious, you can read full details in our versioning and support policy.
Our version numbers have also been in step with Debian’s for several versions now. Could this become a thing? Maybe!
This release brings a wide range of improvements that make Prosody more secure, performant, and easier to manage than ever before. Let’s review the most significant changes that administrators and users can look forward to across a range of different topics.
Security takes centre stage in this release with several notable improvements. Building on DNSSEC, the addition of full DANE support for server-to-server connections strengthens the trust between federating XMPP servers.
We’ve enhanced our support for channel binding, which is now compatible with TLS 1.3, and we’ve added support for XEP-0440 which helps clients know which channel binding methods the server supports. Channel binding protects your connection from certain machine-in-the-middle attacks, even if the server’s TLS certificate is compromised.
Administrators now have more granular control over user accounts with the ability to disable and enable them as needed. This can be particularly useful for public servers, where disabling an account can act as a reversible alternative to deletion.
In fact, we now have the ability to set a grace period for deleted accounts to allow restoring an account (within the grace period) in case of accidental deletion.
A new role and permissions framework provides more flexible access control. Prosody supplies several built-in roles:
For more details about how to use these roles, customize permissions, and more, read our new roles and permissions documentation. You will also find the link there for the development documentation, so module developers can make use of the new system.
Since the earliest releases, the prosodyctl command has been the admin’s primary way of managing and interacting with Prosody. In 0.12 we introduced the prosodyctl shell interface to send administrative commands to Prosody at runtime via a local connection. It has been a big success, and this release significantly extends its capabilities.
prosodyctl shell watch log command, which lets you stream debug logs in real-time without needing to store them on the filesystem.prosodyctl shell watch stanzas which lets you monitor stanzas to/from arbitrary JIDs, which is incredibly helpful for developers trying to diagnose various client issues.The MUC system has received a significant overhaul focusing on security and administrative control. By default, room creation is now restricted to local users, providing better control over who can create persistent and public rooms.
Server administrators get new shell commands to inspect room occupants and affiliations, making day-to-day operations more straightforward.
One notable change is that component admins are no longer automatically owners. This can be reverted to the old behaviour with component_admins_as_room_owners = true in the config, but this has known incompatibilities with some clients. Instead, admins can use the shell or ad-hoc commands to gain ownership of rooms when it’s necessary.
Network connectivity sees substantial improvements with the implementation of RFC 8305’s “Happy Eyeballs” algorithm, which enhances IPv4/IPv6 dual-stack performance and increases the chance of a successful connection.
Support for TCP Fast Open and deferred accept capabilities (in the server_epoll backend) can potentially reduce connection latency.
The server now also better handles SRV record selection by respecting the ‘weight’ parameter, leading to more efficient connection distribution.
Under the hood, Prosody now offers better query performance with its internal archive stores by generating indexes.
SQLite users now have the option to use LuaSQLite3 instead of LuaDBI, potentially offering better performance and easier deployment.
We’ve also added compatibility with SQLCipher, a fork of SQLite that adds support for encrypted databases.
The configuration system has been modernized to support referencing and appending to previously set options, making complex configurations more manageable.
While direct Lua API usage in the config file is now deprecated, it remains accessible through the new Lua.* namespace for those who need it.
Also new in this release is the ability to reference credentials or other secrets in the configuration file, without storing them in the file itself. It is compatible with the credentials mechanisms supported by systemd, podman and more.
The development experience has always been an important part of our project - we set out to make an XMPP server that was very easy to extend and customize. Our developer API has improved with every release. We’ve even had first-time coders write Prosody plugins!
There are too many improvements to list here, but some notable ones:
module:may() API call.prosodyctl shell is now much easier for module developers.Backwards compatibility is of course generally preserved, although is_admin() has been deprecated in favour of module:may(). Modules that want to remain compatible with older versions can use mod_compat_roles to enable (limited) permission functionality.
A few breaking changes are worth noting:
We’re very excited about this release, which represents a significant step forward for Prosody, and contains improvements for virtually every aspect of the server. From enhanced security to better performance and more flexible administration tools, there has never been a better time to deploy Prosody and take control of your realtime communications.
For full detailed information about the changes in this release, and advice for upgrading, view the Prosody 13.0.0 release notes.
As always, if you have any problems or questions with Prosody or the new release, drop by our community chat!
This release fixes some group chat issues and allows to store individual window sizes. Thank you for all your contributions!
With Gajim 2.0, we migrated Gajim’s user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow.
Gajim 2.0.3 will store dimensions for each window, so it always remembers your preferred window size. Furthermore, this release fixes issues with changing roles and affiliations in group chats.
A note for Windows users: At the time of writing, there are some issues with emoji rendering on Windows. That’s why there is no release of Gajim 2.0 for Windows yet. This issue should soon be resolved and we will post an update once Gajim 2.0 is released on Windows.
And much more! Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
XMPP Newsletter Banner
Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of February 2025.
Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these projects! Interested in supporting the Newsletter team? Read more at the bottom.
During February 1st and 2nd, the XSF was present at FOSDEM 25 in Brussels, Belgium. The XMPP community took part of the Realtime Lounge, a corner located on the 2nd floor of the K building, where several open source projects around Real Time Communication (RTC) can present themselves.
We are pleased to say that there was a lot of interaction at the XMPP booth! A rather large number of FOSDEM visitors had the opportunity to come say “Hi!”, meet, interact, talk and have interesting conversations with many of the developers of the most popular clients, servers, tools and libraries that power the whole XMPP ecosystem and bring it to life.
In addition to the activities that took place on the XMPP booth, Jérôme Poisson (Goffi) hosted a most interesting presentation in the Real Time Communication (RTC) room, titled: A Universal and Stable API to Everything: XMPP.
And, of course .. we had the coolest swag, and plenty of stickers! ;)
XMPP stand at FOSDEM 2025!
Be Real!
High quality XMPP hoodies and zipped cardigans!
The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective. For more information, see the announcement blog post. Current projects you can support:
Gajim 2.0: Chat window
Gajim 2.0: Mention a participant by typing @nickname
The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs. Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001, which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process. Communication around Standards and Extensions happens in the Standards Mailing List (online archive).
The XEP development process starts by writing up an idea and submitting it to the XMPP Editor. Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.
If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.
Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.
Please share the news on other networks:
Also check out our RSS Feed!
Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board.
This is a community effort, and we would like to thank translators for their contributions. Volunteers and more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):
This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad. At the end of each month, the pad’s content is merged into the XSF GitHub repository. We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.
Tasks we do on a regular basis:
To unsubscribe from this list, please log in first. If you have not previously logged in, you may need to set up an account with the appropriate email address.
This newsletter is published under CC BY-SA license.
Elixir and Haskell are two very powerful, very popular programming languages. However, each has its strengths and weaknesses. Whilst they are similar in a few ways, it’s their differences that make them more suitable for certain tasks.
Here’s an Elixir vs Haskell comparison.
Starting at a top-level view of both languages, the first difference we see is in their fundamental philosophies. Both are functional languages. However, their design choices reflect very different priorities.
Elixir is designed for the real world. It runs on the Erlang VM (BEAM), which was built to handle massive concurrency, distributed systems, and applications that can’t afford downtime, like telecoms, messaging platforms, and web apps.
Elixir prioritises:
Elixir is not designed for theoretic rigidness—it’s practical. It gives you the tools you need to build robust, scalable systems quickly, even if that means allowing some flexibility in functional integrity.
Haskell, on the other hand, is all about mathematical precision. It enforces a pure programming model. As a result, functions don’t have side effects, and data is immutable by default. This makes it incredibly powerful for provably correct, type-safe programs, but it also comes with a steeper learning curve.
We would like to clarify that Elixir’s data is also immutable, but it does a great job of hiding that fact. You can “reassign” variables and ostensibly change values, but the data underneath remains unchanged. It’s just that Haskell doesn’t allow that at all.
Haskell offers:
Haskell is a language for those who prioritise correctness, mathematical rigour, and abstraction over quick iterations and real-world flexibility. That does not mean it’s slower and inflexible. In fact, experienced Haskellers will use its strong type guarantees to iterate faster, relying on its compiler to catch any mistakes. However, it does contrast with Elixir’s gradual tightening approach. Here, interaction between processes is prioritised, and initial development is quick and flexible, becoming more and more precise as the system evolves.
The next significant difference between Elixir and Haskell is how they handle types.
Elixir is dynamically typed. It doesn’t require explicitly declared variable types; it will infer them at run time. As a result, it’s fast to write and easy to prototype. It allows you to focus on functionality rather than defining types up front.
Of course, there’s a cost attached to this flexibility. If variables are computed at run time, any errors are also only detected then. Mistakes that could have been caught earlier come up when the code is executed. In a large project, this can make debugging a nightmare.
For example:
def add(a, b), do: a + b
IO.puts add(2, 3) # Works fine
IO.puts add(2, "three") # Causes a runtime error
In this example, “three” is a string but should’ve been a number and is going to return an error. Since it doesn’t type check at compile time, the error will only be caught when the function runs.
Meanwhile, Haskell uses static typing, which means all variable types are checked at compile time. If there’s a mismatch, the code won’t compile. This is very helpful in preventing many classes of bugs before the code execution.
For example:
add :: Int -> Int -> Int
add a b = a + b
main = print (add 2 3) -- Works fine
main = print (add 2 "three") -- Compile-time error
Here, the compiler will immediately catch the type mismatch and prevent runtime errors.
Elixir’s dynamic typing gives you faster iteration and more flexible development. However, it doesn’t rely only on dynamic typing for its robustness. Instead, it follows Erlang’s “Golden Trinity” philosophy, which is:
Haskell’s static typing, on the other hand, gives you long-term maintainability and correctness up front. It’s particularly useful in high-assurance software projects, where errors must be kept to a minimum before execution.
In comparison, Elixir is a popular choice for high-availability systems. Both are highly reliable, but the former is okay with failure and relies on recovery at runtime, whilst the latter enforces correctness at compile-time.
When considering Haskell vs Elixir, concurrency is one of the biggest differentiators. Both Elixir and Haskell are highly concurrent but take different approaches to it. Elixir is built for carrying out a massive number of processes simultaneously. In contrast, Haskell gives you powerful—but more manual—tools for parallel execution.
Elixir manages effortless concurrency with BEAM. The Erlang VM is designed to handle millions of lightweight processes at the same time with high fault tolerance. These lightweight processes follow the actor model principles and are informally called “actors”, although Elixir doesn’t officially use this term.
Unlike traditional OS threads, these processes are isolated and communicate through message-passing. That means that if one process crashes, BEAM uses supervision trees to restart it automatically while making sure it doesn’t affect the others. This is typical of the ‘let it crash’ philosophy, where failures are expected and handled. There is no expectation to eliminate them entirely.
As a result, concurrency in Elixir is quite straightforward. You don’t need to manage locks, threads, or shared memory. Load balancing is managed efficiently by the BEAM scheduler across CPU cores, with no manual tuning required.
Haskell also supports parallelism and concurrency but it requires more explicit management. To achieve this, it uses several concurrency models, including software transactional memory (STM), lazy evaluations, and explicit parallelism to efficiently utilise multicore processors.
As a result, even though managing parallelism is more hands-on in Haskell, it also leads to some pretty significant performance advantages. For certain workloads, it can be several orders of magnitude faster than Elixir.
Additionally, Cloud Haskell extends Haskell’s concurrency model beyond a single machine. Inspired by Erlang’s message-passing approach, it allows distributed concurrency across multiple nodes, making Haskell viable for large-scale concurrent systems—not just parallel computations.
Scaling and parallelism continue to be one of the headaches of distributed programming. Find out what the others are.
[Read more]
Both Haskell and Elixir are highly capable, but the kinds of workloads for which they’re suitable are different. We’ve seen how running on the Erlang VM allows Elixir to be more fault-tolerant and support massive concurrency. It can also run processes along multiple nodes for seamless communication.
Since Elixir can scale horizontally very easily—across multiple machines—it works really well for real-time applications like chat applications, IoT platforms, and financial transaction processing.
Haskell optimises performance with parallel execution and smart use of system resources. It doesn’t have BEAM’s actor-based concurrency model but its powerful programming features that allow you to make fine-grained use of multi-core processors more than make up for it.
It’s perfect for applications where you need heavy numerical computations, granular control over multi-core execution, and deterministic performance.
So, where Elixir excels at processing high volumes of real-time transactions, Haskell works better for modelling, risk analysis, and regulatory compliance.
Both Elixir and Haskell have strong ecosystems, but you must have noticed the theme running through our narrative. Yes, both are designed for different industries and development styles.
Elixir’s ecosystem is practical and industry-focused, with a strong emphasis on web development and real-time applications. It has a growing community and a well-documented standard library, supplemented with production-ready libraries.
Meanwhile, Haskell has a highly dedicated community in academia, finance, human therapeutics, wireless communications and networking, and compiler development. It offers powerful libraries for mathematical modelling, type safety, and parallel computing. However, tooling can sometimes feel less user-friendly compared to mainstream languages.
For web development, Elixir offers the Phoenix framework: a high-performance web framework designed for real-time applications, which comes with built-in support for WebSockets and scalability. It follows Elixir’s functional programming principles but keeps development accessible with a syntax inspired by Ruby on Rails.
Haskell’s Servant framework is a type-safe web framework that leverages the language’s static typing to ensure API correctness. While powerful, it comes with a steeper learning curve due to Haskell’s strict functional nature.
Which one you should choose depends on your project’s requirements. If you’re looking for general web and backend development, Elixir’s Phoenix is the more practical choice. For research-heavy or high-assurance software, Haskell’s ecosystem provides formal guarantees.
It’s important to manage technical debt while keeping software maintainable. Part of this is improving quality and future-proofing the code. Elixir’s syntax is clean and intuitive. It offers dynamic typing, meaning you can write code quickly without specifying types. This can make runtime errors harder to track sometimes, but debugging tools like IEx (Interactive Elixir) and Logger make troubleshooting straightforward.
It’s also easier to refactor because of its dynamic nature and process isolation. Since BEAM isolates processes, refactoring can often be done incrementally without disrupting the rest of the system. This is particularly handy in long-running, real-time applications where uptime is crucial.
Haskell, on the other hand, enforces strict type safety and a pure functional model, which makes debugging less frequent but more complex. As we mentioned earlier, the compiler catches most issues before runtime, reducing unexpected behaviour.
However, this strictness means that refactoring in Haskell must be done carefully to maintain type compatibility, module integrity, and scope resolution. Unlike dynamically typed languages, where refactoring is often lightweight, Haskell’s strong type system and module dependencies can make certain refactorings more involved, especially when they affect function signatures or module structures.
Research on Haskell refactoring highlights challenges like name capture, type signature compatibility, and module-level dependency management, which require careful handling to preserve correctness.
Then, there’s pattern matching, which both languages use, but do it differently.
Elixir’s pattern matching is flexible and widely used in function definitions and control flow, making code more readable and expressive.
Haskell’s pattern matching is type-driven and enforced by the compiler, ensuring exhaustiveness but requiring a more upfront design.
So, which of the two is easier to maintain?
Elixir is better suited for fast-moving projects where codebases evolve frequently, thanks to its fault-tolerant design and incremental refactoring capabilities.
Haskell provides stronger guarantees of correctness, making it a better choice for mission-critical applications where stability outweighs development speed.
One often overlooked difference between Elixir and Haskell is how they handle compilation and code updates.
Elixir benefits from BEAM’s hot code swapping, where updates can be applied without stopping a running system. Additionally, Elixir compiles faster than Haskell because it doesn’t perform extensive type checking at compile time.
This speeds up development cycles, which is what makes Elixir well-suited for projects requiring frequent updates and rapid iteration. However, since BEAM uses Just-In-Time (JIT) compilation, some optimisations happen at runtime rather than during compilation.
Haskell, on the other hand, has a much stricter compilation process. The compiler performs heavy type inference and optimisation, which increases compilation time but results in highly efficient, predictable code.
Elixir is often considered easier to learn than Haskell. Its syntax is clean and approachable, especially if you’re coming from Ruby, Python, or JavaScript. The dynamic typing and friendly error messages make it easy to experiment without getting caught up in strict type constraints.
Haskell, on the other hand, has a notoriously steep learning curve. It requires a shift in mindset, especially for those unfamiliar with pure functional programming, monads, lazy evaluation, and advanced type systems. While it rewards those who stick with it, the initial learning experience can be challenging, even if you’re an experienced developer.
Both Elixir and Haskell allow you to write highly flexible code, but they take different approaches.
Elixir provides macros, which you can modify and extend the language at compile time. This makes it easy to generate boilerplate code, create domain-specific languages (DSLs), and build reusable abstractions. However, improper use of macros can make code harder to debug and maintain.
Haskell doesn’t have macros but compensates with powerful type-level programming. Features like type families and higher-kinded types allow you to enforce complex rules at the type level. This enables incredible flexibility, but it also makes the language even harder to learn.
As you’ve seen, both Elixir and Haskell can be great, if used correctly in the right circumstances.
If you do choose Elixir, we’ve got a great resource that discusses how Elixir and Erlang—the language that forms its foundation—can help in future-proofing legacy systems. Find out how their reliability and scalability make them great for modernising infrastructures.
Want to learn more? Drop the Erlang Solutions team a message.
The post Elixir vs Haskell: What’s the Difference? appeared first on Erlang Solutions.
This is mostly a bugfix release over version 1.9.0.
The main fix is the rust JID implementation that would behave incorrectly when hashed if the JID contained non-ascii characters. This is an important issue as using a non-ascii JID was mostly broken, and interacting with one failed in interesting ways.
This release updates message moderation in group chats, improves handling of URIs, and fixes some bugs. Thank you for all your contributions!
With Gajim 2.0, we migrated Gajim’s user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow.
Gajim 2.0.2 updates Gajim’s support for XEP-0425: Moderated Message Retraction in group chats to its newest version and fixes several issues.
A note for Windows users: At the time of writing, there are some issues with emoji rendering on Windows. That’s why there is no release of Gajim 2.0 for Windows yet. This issue should soon be resolved and we will post an update once Gajim 2.0 is released on Windows.
And much more! Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Healthcare generates large amounts of data every day. From patient records and medical scans to treatment plans and clinical trials. This information, known as big data, has the potential to improve patient care, improve efficiency, and drive innovation. But many organisations are still figuring out how to use it effectively.
With AI-driven analytics, wearable technology, and real-time monitoring, healthcare providers, insurers, and pharmaceutical companies are using data to make better decisions for patients, personalise treatments, and predict health trends. So how can you do the same?
Let’s explore the fundamentals of big data in healthcare, its real-world impact and what steps leaders can take to maximise its growing impact.
Big data refers to the vast amounts of structured and unstructured information from patient records, medical imaging, wearables, and clinical research. Proper analysis can improve patient care, support better decision-making, and reduce costs.
This data comes from a wide range of sources, including electronic health records (EHRs), test results, diagnoses, medical images, and real-time data from smart wearables. It also includes healthcare-related financial and demographic information. When properly analysed, it helps identify patterns, predict health trends, and support evidence-based decision-making.
The global healthcare market is expanding quickly and is expected to be worth USD 145.42 billion by 2033. As more organisations adopt AI-driven analytics and machine learning, data is becoming a key driver of innovation, helping healthcare professionals deliver more personalised and effective care.
To better understand big data, we can break it down into three key characteristics: volume, velocity, and variety.
The industry produces massive amounts of data, from electronic health records (EHRs) and medical imaging to clinical research and wearable devices. The total volume of healthcare data doubles every 73 days. Managing this requires advanced storage solutions, such as cloud computing and NoSQL databases, to handle both structured and unstructured data effectively.
Healthcare data is constantly being created. Real-time data streams from patient monitoring systems, wearable technology, and AI-powered diagnostics provide continuous updates. To be useful, this data must be processed instantly, allowing professionals to make fast, informed decisions that support better patient care.
Healthcare data comes in many formats, from structured databases to unstructured text, images, videos, and biometric data. Around 80% of healthcare data is unstructured, meaning it doesn’t fit neatly into traditional databases. A patient’s medical history might include lab results, prescriptions, clinician notes, and radiology reports, all in different formats. Integrating and analysing this diverse information is essential for identifying trends and improving treatments.
Mastering these three V’s helps healthcare organisations make better use of data, leading to more accurate diagnoses, personalised treatments, and improved patient outcomes.
Now that we’ve discussed the Three V’s, it’s important to explore where this data originates. The primary sources of healthcare data contribute to the massive volumes of information, real-time updates, and diverse formats that we’ve just covered.
Here are some of the key sources:
These sources contribute to the expanding pool of healthcare data, helping organisations make smarter decisions and deliver better care for patients.
As healthcare organisations continue to collect more data, big data is proving to be a game-changer in improving patient care, driving clinical outcomes, and making healthcare more efficient. By analysing vast amounts of information, providers can identify trends and patterns that may have otherwise gone unnoticed. Below are some of the key benefits that big data brings to healthcare, from better patient care to more effective operations.
| Benefit | Description | Impact |
| Improved Patient Care | Identifies patterns to predict and prevent diseases, enabling personalised care. | Could save the healthcare industry £230 billion to £350 billion annually through improved care and efficiency. |
| Cost Reduction | Optimises resource allocation, reduces waste, and improves efficiency. | Predictive analytics can cut hospital readmissions by up to 20%, leading to significant savings. |
| Enhanced Clinical Outcomes | Integrates data to identify the most effective treatments for patients. | Improves clinical decision-making with real-time insights and evidence-based recommendations. |
| Accelerated Medical Research | Offers large datasets for faster analysis, cutting clinical trial time and costs. | Reduces clinical trial times by 30% and associated costs by 50%. |
| Predictive Analytics | Forecasts patient needs, improving outcomes and reducing readmissions. | Helps optimise resources and reduce readmission rates, improving care and reducing costs. |
| Precision Medicine | Tailors treatments based on individual characteristics like genetics. | Big Data enables more targeted and effective treatment plans. |
| Population Health Management | Identifies at-risk populations for targeted interventions. | Reduces the prevalence of chronic diseases through early detection and personalised care. |
| Operational Efficiency | Improves processes like inventory management and reduces waste. | Enhances resource management, reduces costs, and improves service delivery. |
While big data enhances patient care and efficiency, it also brings critical data security challenges. IBM’s 2024 Cost of a Data Breach report highlights the average healthcare breach costs $9.77 million. Protecting patient data is crucial for maintaining trust and avoiding risks.
Source: Cost of Data Breach Report, IBM
Several issues make healthcare data security more difficult:
| Challenge | Details |
| Outdated Systems | Older systems may have security gaps that hackers can exploit. |
| Weak Passwords | Simple or reused passwords make it easier for unauthorised people to access sensitive data. |
| Internal Threats | Employees or contractors could accidentally or intentionally compromise data security. |
| Mobile and Cloud Security | As healthcare uses more mobile devices and cloud storage, keeping data safe across different platforms becomes harder. |
With so much data being collected and shared, these challenges are becoming more complex, making it crucial to stay on top of security measures.
In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) sets the rules for protecting patient data. While HIPAA covers the basics, healthcare organisations need to stay on top of evolving security threats and regulations as technology changes.
Besides HIPAA, other important regulations include the HITECH Act, which supports the use of electronic health records (EHRs) and strengthens privacy protections, and the General Data Protection Regulation (GDPR) in the European Union, which controls how personal data is used and gives patients more control over their information.
In our previous blog, The Golden Age of Data in Healthcare, we touched on the challenges that come with using new technologies like blockchain. While blockchain offers secure data storage, it also raises concerns around data ownership and staying compliant with rules like HIPAA and GDPR.
To better protect patient data, healthcare organisations should implement:
By following clear security measures and meeting regulatory requirements, organisations can prevent breaches and keep patient trust intact.
As we’ve seen, healthcare faces ongoing security challenges such as outdated systems, weak passwords, internal threats, and securing mobile and cloud data. Erlang and Elixir, by their very nature, offer solutions to these problems.
To further bolster security, SAFE (Security Audit for Erlang/Elixir) helps healthcare providers identify vulnerabilities in their systems. This service:
By combining the inherent security benefits of Erlang and Elixir with the proactive audit capabilities of SAFE, healthcare organisations can safeguard patient data, reduce risk, and stay compliant with regulations like HIPAA.
Big data is transforming healthcare by improving patient care and outcomes. However, with this growth comes the need to secure sensitive data and ensure compliance with regulations like HIPAA and GDPR.
Erlang and Elixir naturally address key security challenges, helping organisations protect patient information. Tools like SAFE identify vulnerabilities, reduce risks, and ensure compliance.
Ultimately, securing patient data is critical for maintaining trust and delivering quality care. If you would like to talk more about securing your systems or staying compliant, contact our team.
The post Understanding Big Data in Healthcare appeared first on Erlang Solutions.
This release resolves an issue with Gajim’s preferences window and fixes some bugs. Thank you for all your contributions!
With Gajim 2.0, we migrated Gajim’s user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow. Gajim 2.0.1 resolves an issue with Gajim’s preferences window and fixes some bugs.
A note for Windows users: At the time of writing, there are some issues with emoji rendering on Windows. That’s why there is no release of Gajim 2.0 for Windows yet. This issue should soon be resolved and we will post an update once Gajim 2.0 is released on Windows.
And much more! Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Gajim 2.0 is here and it comes with a big upgrade 🎉 Gajim migrated its user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow. Additionally, this release brings improved image previews, better tools for fighting spam, and much more. All of these changes were only possible by touching a lot of Gajim’s code base, and we appreciate all the feedback we got from you.
Switching Gajim’s major version from 1.x to 2.x is a step reserved for big changes. Upgrading from GTK 3 to GTK 4 is a great change, because it touches a big portion of Gajim’s code base. GTK is Gajim’s user interface toolkit. It provides building blocks, like windows, buttons and labels. Version 4 of this toolkit brings performance improvements to Gajim, e.g. faster rendering of user interface elements. Additionally, switching to GTK 4 allows Gajim to use newer widgets, like nice drop downs. Gajim 2.0 sets the ground for great features to follow.
A note for Windows users: At the time of writing, there are some issues with emoji rendering on Windows. That’s why there is no release of Gajim 2.0 for Windows yet. This issue should soon be resolved and we will post an update once Gajim 2.0 is released on Windows.
Historically, Gajim used a “buddy list” (internally called “roster”) for displaying chat contacts. Group chats were displayed in that list as well, forming a large tree view. Gajim moved away from that concept with Gajim 1.4, because it did not offer what users expect from a modern chat app, and because its user experience wasn’t really great. However, a basic version of that “roster” view still remained on Gajim’s account page for contact management purposes. In Gajim 2.0, all contact management actions are bundled in a new “Manage Contact List” window. The old “Synchronize Accounts” window has been integrated there as well.
With a growing community, the chance of witnessing spam increases. While the XMPP community develops measures to suppress spam effectively on the server level, clients can offer tools to assist moderators. Gajim now provides moderators with an improved voice request management and with an action to moderate all messages of a spammer at once.
Both Gajim’s Jingle File Transfer (direct peer-to-peer file transfers) and audio/video call implementations haven’t seen a maintainer for a long time. This lack of maintenance lead to what is called “bit-rot” in tech jargon, meaning these features stopped working properly over time. We decided to hide and disable both features until they have been reimplemented properly. File transfers via HTTP Upload (through your provider’s server) are of course still available.
:emoji:) and mentioning group chat participants by their nickname (triggered by @nickname)And much more! Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
It has not been too long since 1.8.6 and here we are with 1.9.0, which is kind of a major release (following the well-known pridever numbering scheme).
Long story short, there are at least two major changes warranting the new number (and plenty of other things, read on!):
Special thanks to nicoco and Link Mauve, as well as to anyone who contributed (code, reviews, bug reports or otherwise).
Backed by the rust jid crate, this code that is in the critical path of slixmpp as it is being called a lot (the reason it was already in cython), and the pure python fallback is both less correct and many orders of magnitude slower. It has been kept for practical reasons, but users have to keep in mind that its use is not recommended if they can avoid it.
This does mean that packaging may get a little bit trickier since providing the full package means having access to a rust compiler that is up-to-date enough to build the jid crate.
The new implementation should work just as the old one, or better (even pickling/unpickling objects should just work), but if we unknowingly broke your use case, do not hesitate to open an issue.
Nicoco also took the occasion to move our very old setup.py to a pyproject.toml. The recommended tooling to interact with slixmpp is now uv, but pip or other tools should work just fine.
This method has been a bit of a wart for a long time as it was directly inherited from sleekxmpp where the processing model is multi threaded. This hid away asyncio to our users, leading to much confusion in how they should interact with it.
Today all examples and documentation should have been updated accordingly. If anything is amiss, please reach out.
IoT is now a fundamental part of modern business. With more than 17 billion connected devices worldwide, IoT business security is more important than ever. A single breach can expose sensitive data, disrupt operations, and damage a company’s reputation.
To help safeguard your business, we’ll cover five essential IoT security insights: data encryption, strong password policies, regular security audits, employee awareness training, and disabling unnecessary features.
Weak passwords make IoT devices susceptible to unauthorised access, leading to data breaches, privacy violations and increased security risks. When companies install devices, without changing default passwords or by creating oversimplified ones, they create a gateway entry point for attackers. Implementing strong and unique passwords can ensure the protection of these potential threats.
Each device in a business should have its own unique password that should change on a regular basis. According to the 2024 IT Trends Report by JumpCloud, 83% of organisations surveyed use password-based authentication for some IT resources.
Consider using a business-wide password manager to store your passwords securely, and use unique passwords across multiple accounts.
Password managers are also incredibly important as they:
Multi-factor authentication (MFA) adds an additional layer of security. It requires additional verification beyond just a password, such as SMS codes, biometric data or other forms of app-based authentication. You’ll find that many password managers offer built-in MFA features for enhanced security.
Some additional security benefits include:
As soon as an IoT device becomes connected to a new network, it is strongly recommended that you reset any settings with a secure, complex password. Using password managers allows you to generate unique passwords for each device to secure your IoT endpoints optimally.
Why is data encryption so necessary? With the increased growth of connected devices, data protection is a growing concern. In IoT, sensitive information (personal data, financial, location etc) is vulnerable to cyber-attacks if transmitted over public networks.
When done correctly, data encryption renders personal data unreadable to those who don’t have outside access. Once that data is encrypted, it becomes safeguarded, mitigating unnecessary risks.
Additional benefits to data encryption
There are a few data encryption techniques available to secure IoT devices from threats. Here are some of the most popular techniques:
Triple Data Encryption Standard (Triple DES): Uses three rounds of encryption to secure data, offering a high-level of security used for mission-critical applications.
Advanced Encryption Standard (AES): A commonly used encryption standard, known for its high security and performance. This is used by the US federal government to protect classified information.
Rivest-Shamir-Adleman (RSA): This is based on public and private keys, used for secure data transfer and digital signatures.
Each encryption technique has its strengths, but it is crucial to choose what best suits the specific requirements of your business.
When implementing data encryption protocols for IoT security, Erlang and Elixir offer great support to ensure secure communication between IoT devices.
The capabilities that make them ideal for IoT applications are:
Erlang and Elixir can be powerful tools for businesses, enhancing the security of IoT devices and delivering high-performance systems that ensure robust encryption support for peace of mind.
Read more about IoT security with Erlang and Elixir here >>
Performing regular security audits of your systems can be critical in protecting against vulnerabilities. Keeping up with the pace of IoT innovation often means some IoT security considerations get pushed to the side. But identifying weaknesses in existing systems allows organisations to implement a much-needed strategy.
We’ve explained how IoT audits are key in maintaining secure systems. Now let’s take a look at some of the common types of IoT security testing options available:
Firmware analysis is a key part of IoT security testing. It explores the firmware, the core software embedded into the IoT hardware of IoT products (routers, monitors etc). Examining the firmware means security tests can identify any system vulnerabilities, that might not be initially apparent. This improves the overall security of business IoT devices.
In this popular testing method, security professionals create a checklist based on potential attack methods, and then suggest ways to mitigate them. This ensures the security of systems by offering analysis of necessary security controls.
This type of security testing finds and exploits security vulnerabilities in IoT devices. IoT penetration testing is used to check the security of real-world IoT devices, including the entire ecosystem, not just the device itself.
Incorporating these testing methods is essential to help identify and mitigate system vulnerabilities. Being proactive and addressing these potential security threats can help businesses maintain secure IoT infrastructure, enhancing operational efficiency and data protection.
Employees can be an entry point for network threats in the workplace.
The time of BYOD (bring your own devices) where an employee’s work supplies would consist of their laptops, tablets and smartphones in the office to assist with their tasks, is long gone. Now, personal IoT devices are also used in the workplace. Think of your popular wearables like smartwatches, fitness trackers, e-readers and portable game consoles. Even portable appliances like smart printers and smart coffee makers are increasingly popular in office spaces.
Example of increasing IoT devices in the office. Source: House of IT
The use of various IoT devices throughout your business network is the most vulnerable target for cybercrime, using techniques such as phishing and credential hacking or malware.
Phishing attempts are among the most common. Even the most ‘tech-savvy’ person can fall victim to them. Attackers are skilled at making phishing emails seem legitimate, forging real domains and email addresses to appear like a legitimate business.
Malware is another popular technique concealed in email attachments, sometimes disguised as Microsoft documents, unassuming to the recipient.
Threat or malicious actors are increasingly targeting remote workers. Research by Global Newswire shows that remote working increases the frequency of cyber attacks by a staggering 238%.
The nature of remote employees housing sensitive data on various IoT devices makes the need for training even more important. There is now a rise in companies moving to secure personal IoT devices that are used for home working, with the same high security as they would corporate devices.
How are they doing this? IoT management solutions. They provide visibility and control over other IoT devices. Key players across the IoT landscape are creating increasingly sophisticated IoT management solutions, helping companies administer and manage relevant updates remotely.
The use of IoT devices is inevitable if your enterprise has a remote workforce.
Regular remote updates for IoT devices are essential to ensure the software is up-to-date and patched. But even with these precautions, you should be aware of IoT device security risks and take steps to mitigate them.
Getting employees involved in the security process encourages awareness and vigilance for protecting sensitive network data and devices.
Comprehensive and regularly updated education and training are vital to prepare end-users for various security threats. Remember that a business network is only as secure as its least informed or untrained employee.
Here are some key points employees need to know to maintain IoT security:
Investing the time and effort to ensure your employees are well informed and prepared for potential threats can significantly enhance your business’s overall IoT security standing.
Enterprise IoT devices come with a range of functionalities. Take a smartwatch, for example. Its main purpose as a watch is of course to tell the time, but it might also include Bluetooth, Near-Field Communication (NFC), and voice activation. If you aren’t using these features, then you’re opening yourself up for hackers to potentially breach your device. Deactivation of unused features reduces the risk of cyberattacks, as it limits the ways for hackers to breach these devices.
If these additional features are not being used, they can create unnecessary security vulnerabilities. Disabling unused features helps to ensure IoT security for businesses in several ways:
The continued adoption of IoT is not stopping anytime soon. Neither are the possible risks. Implementing even some of the five tips we have highlighted can significantly mitigate the risks associated with the growing number of devices used for business operations.
Ultimately, investing in your business’s IoT security is all about safeguarding the entire network, maintaining the continuity of day-to-day operations and preserving the reputation of your business. Want to learn more about keeping your IoT offering secure? Don’t hesitate to drop the Erlang Solutions team a message.
The post Top 5 IoT Business Security Basics appeared first on Erlang Solutions.
The inaugural Code BEAM Lite London conference was held at CodeNode last month, featuring 10 talks, 80 attendees, and an Erlang Solutions booth. There, attendees had the chance to set a high score in a BEAM-based asteroid game created by ESL’s Hernán Rivas Acosta, and win an Atari replica.
Learning from and networking with experts across the BEAM world was an exciting opportunity. Here are the highlights from the talks at the event.
Louis Pilfold kicked things off with an opening keynote all about Gleam, the statically-typed BEAM language he designed and developed, and which announced its version 1.0 a year ago at FOSDEM in Brussels.
Louis laid out the primary goals of v1: productivity and sustainability, avoiding breaking changes and language bloat, and extensive, helpful, and easily navigable documentation. He then walked us through some of the progress made on Gleam in its first year of official release, with a particular focus on the many convenience and quality-of-life features of the language server, written in Rust. Finally, he measured Gleam’s success throughout 2024 in terms of Github usage and sponsorship money and looked forward to his goals for the language in 2025.
“Make it work, then make it beautiful, then if you really, really have to, make it fast. 90 per cent of the time, if you make it beautiful, it will already be fast. So really, just make it beautiful!” Most of us are likely familiar with this famous Joe Armstrong quote, but what does it actually mean to write beautiful code?
This question was the focus of Brujo Benavides’ talk, a tour through various examples of “ugly” code in Erlang, some of which may well be considered beautiful by programmers trying to avoid repeating code. If beauty is in the eye of the beholder, what’s more important is that each project has a consistent definition of what “beautiful” means. Brujo explored different methods of achieving this consistency, and how to balance it with the need for fast commits of important changes in a project.
Amplified’s Christopher Grainger took a more cerebral approach to his talk on Livebook, drawing on his background as both a historian and a data scientist to link the collaborative notebook software to a tradition of scientific collaboration dating back thousands of years.
In his view, the fragmentation of the digital age led to key components of this tradition being lost; he explored how LiveBook’s BEAM architecture brings it closer to being a digital equivalent of real-time collaboration in a lab than prior technologies like Jupyter Notebooks, and what further steps could be taken to get even closer to it in the future.
Matteo Gheri of Pocketworks provided an industrial example of Elixir in action, explaining how his company used Azure in the course of building a Phoenix app for UK-based taxi company Veezu.
Azure is used to host only 3.2% of Elixir apps, and Matteo walked through their journey figuring it out in detail, touching on deployment, infrastructure, CI/CD, and the challenges they encountered.
Erlang Solutions’ own Natalia Chechina took the stage next for a dive into the question of tests. She explored ways of convincing managers of the importance of testing, which types of test to prioritise depending on the circumstances of the project, and how to best structure testing in order to prevent developers from burning out, stressing the importance of both making testing a key component of the development cycle and cultivating a positive attitude towards testing.
Replacing Guillaume Duboc’s cancelled talk on Elixir types was Peter Saxton, developer of a new language called Eat Your Greens (EYG). The philosophy behind the title refers to doing things that may be boring or unenjoyable but which lead to benefits in the long run, such as eating vegetables; Peter cited types as an example of this, and as such EYG is statically, structurally, and soundly typed. He then walked through other main features of his language, such as closure serialisation as JSON, hot code reloading, and the ability for it to be run entirely through keyboard shortcuts.
Michał Muskała has a long history working with JSON on the BEAM, starting with his development of the Jason parser and generator, first released in 2017. He talked us through that history; writing Jason, turning his focus to Erlang/OTP and proposing a JSON module there, and then building on that for the Elixir JSON module, now part of the standard library in 1.18.
He discussed the features of this new module, why it was better to use wrappers while transitioning to Elixir instead of calling Erlang directly, and how to simplify migration from Jason to JSON in advance of OTP 27 eventually being required by Elixir.
A useless machine and a tiny, battery-free LED device played central roles in Paul Guyot’s dive into AtomVM, an Erlang- and Elixir-based virtual machine for microcontrollers. He kicked off by demonstrating La machine, the first commercial AtomVM product, albeit without an internet connection, before explaining AtomVM’s intended use in IoT devices, and the recent addition of distributed Erlang. This was backed up by another demonstration, this time of the appropriately named “2.5g of Erlang” device. Finally, he explained AtomVM’s advantages compared to other IoT VMs and identified the next steps for the project.
Katleho Kanyane from Erlang Solutions then provided another industry use case, discussing how he helped to implement a RabbitMQ publisher using the Erlang AMQP client library while working with a large fintech client. Katleho talked through some of the basics of RabbitMQ implementation, best practices, and two issues he ran into involving flow control, an overload prevention feature in RabbitMQ that throttles components and leads to drastically reduced transfer rates. He wrapped up by discussing lessons he learned from the process and laying out a few guidelines for designing a publisher.
The closing keynote was also the only talk of the day to kick off with a music video, though that should be expected when live coding artist and Sonic Pi creator Sam Aaron is the one delivering it. Sam spoke passionately about his goal to make programming something that everyone should be able to try without needing or wanting to become a professional and discussed his history of using Sonic Pi’s live coding software in education, including how he worked some complicated concepts such as concurrency in without confusing students or teachers.
He then discussed the limitations of Sonic Pi and how they are addressed by his new project, Tau5. While still in the proof-of-concept stage, Tau5 improves on Sonic Pi by being built on OTP from the ground up, being able to run in the browser, and including new features like visuals to add to live performances. He concluded with a demonstration of Tau5 and an explanation of his intentions for the project.
Code BEAM Lite London 2025 was a fantastic day filled with fascinating talks, cool demos, and plenty more to excite any BEAM enthusiast.
From hearing about the latest Gleam developments to diving into live coding with Tau5, it was clear that the community is thriving and full of creative energy. Whether it was learning tips for practical BEAM use or exploring cutting-edge new tools and languages, there was something for everyone.
If you missed out this time, don’t worry: you’ll be welcome at the next one, and we hope to see you there. Until then, keep building, keep experimenting, and above all keep having fun with the BEAM!
The post Highlights from Code BEAM Lite London 2025 appeared first on Erlang Solutions.
Kaidan supports Qt 6 now! In addition, this release improves the user interface and fixes some bugs. Have a look at the changelog for more details.
Features:
Bugfixes:
Notes:
Or install Kaidan for your distribution:
Planet Jabber is an aggregate of personal weblogs of Jabber/XMPP developers and contributors.
See Planet Jabber News for general and project news.
Last updated:
April 03, 2025 02:09
All times are UTC.
The maintainer of this Planet is Ralph Meijer. He can be contacted at ralphm@ik.nu (Jabber and e-mail).
Powered by:
