Planet Jabber

December 02, 2021

Ignite Realtime Blog

inVerse plugin for Openfire version 9.0.0.1 released!

The Ignite Realtime community is happy to announce the immediate availability of a an update to the inVerse plugin for Openfire, which makes the Converse.js web client available to your users.

This release updates Converse to version 9.0.0.

Your Openfire instance should automatically display the availability of the update. Alternatively, you can download the new release of the plugin at the inVerse plugin’s archive page. If you’ve got feedback or ideas about this plugin, come and join the conversation on Discourse!

For other release announcements and news follow us on Twitter

1 post - 1 participant

Read full topic

by guus at December 02, 2021 17:47

November 30, 2021

Jérôme Poisson

Libervia v0.8 « La Cecília »

I'm proud to announce the release of Libervia 0.8 « La Cecília » (formerly known as « Salut à Toi »), after more than 2 years of development.

This version is a big milestone preparing the future of the project. Let's have an overview of some major changes.

Project Renaming

In the interest of simplicity, the project has been renamed to " Libervia " (with was formerly the name of the web frontend), and all official frontends have now a straightforward name such as Libervia Web , Libervia Desktop / Mobile (same frontend for both), Libervia CLI for Command-Line Interface , and Libervia TUI for Terminal User Interface. The backend is, as you can guess, Libervia Backend. The former names are for now still used as aliases.

Beside simplicity, the name change was also due to concerns with international audience: some people were thinking that "Salut à Toi" was dedicated to French-speaking people only. Hopefully, it will be easier for everybody, and people won't get confused any more by all the names which were previously used.

Note that the renaming has implications on your configuration file which is now named libervia.conf (sat.conf is still working for now). The sections have been updated with new names (to configure the CLI frontend you now use [cli] section instead of [jp], for the web frontend it's now [web] instead of [libervia]). Please check documentation in case of doubt.

Technical Changes

Libervia has been ported to Python 3, which has opened the door to other changes.

Brython has been integrated to Libervia Web, to replace the unmaintained "Pyjamas" (which was a Python port of GWT).

Nunjucks is also now integrated in Libervia Web, making it possible to share some templates with Jinja. This is notably useful to make some pages working with or without JavaScript.

OMEMO implementation has been completed with support for MUCs (group chats) and files (via XEP-0454: OMEMO Media Sharing).

Many other changes are not explained in this note to avoid it being indigestible, you can check the CHANGELOG for more information.

Libervia Web New Default Theme

A new theme for Libervia Web based on the nice Bulma CSS framework has been made and is now the default one. Thanks to it the interface is clearer and more pleasant to use.

Events list with the new theme

Invitations

An easy to use invitation system has been implemented in Web frontend, and can be used either to give access to something to somebody with an existing XMPP account, or to invite somebody by email. The goal is to be able to share things (e.g. photo album, event) with family or friends without having to expect them to install a software or create an account.

Inviting people to see a photo album

Lists

A decentralised issue tracking system was implemented since version 0.7, which was notably used to manage Libervia's own tickets. It was using a non-standard feature available only in Libervia Pubsub (formerly "SàT Pubsub", server independent Pubsub/PEP component, a side project).

This feature has been renamed to "Lists" and now uses XEP-0346: Form Discovery and Publishing which makes it usable with a generic Pubsub service.

Any kind of list can be created, from project tickets to keep track of bug report of feature requests, to To-do list, grocery list, etc. Being based on XMPP pubsub, lists can be federated, and permissions can be managed easily (for instance to allow various family members to modify a shopping list).

Grocery List on Libervia Web

For the moment 3 kinds of lists are available (generic tickets, To-Do, grocery), but more are expected to come in future versions.

Photo albums

Lots of improvements have been made on the photo albums in the web frontend. They can now be created or deleted from Libervia Web, photos or videos can be uploaded, a touch/mobile-friendly slideshow is available, ogv.js has been integrated to make possible the viewing of videos in Ogg Vorbis/Opus/Theora ans WebM VP8/VP9/AV1 on platforms not supporting them natively, and the invitation system mentioned above has been integrated.

you can now use a slideshow to see your photos and videos

Desktop

Libervia Desktop UI has also been updated, the top menu has been removed, file dropping is now possible on suitable platforms, chat has infinite scrolling, a new "chat selector" screen makes it easier to select entity to chat with or room to join, message attachments are show in a more user-friendly way, and several other improvements has been done.

Chat Selector on Libervia Desktop

Work has also been done on Libervia Mobile (which is Android only for now), but this frontend is not user-friendly enough yet for end-user.

Attachment on Libervia Mobile

CLI

The CLI frontend is now fully documented and following the renaming can now be accessed either by libervia-cli or the shorter li (legacy jp is still working for now). Among new commands we can highlight li file get which retrieve a file with support of aesgcm scheme (i.e. OMEMO Media Sharing), which makes it a kind of OMEMO enabled wget like. li file upload also handle end-to-end encryption, it's thus easy to share an encrypted file from command-line or a script.

Background colour is now automatically detected on compatible terminal emulator, and theme is adapted consequently.

But Also…

File Sharing Component

Libervia can act as a component (which can be seen as generic XMPP server plugins), and it includes a File Sharing Component.

This component store files which can be retrieved either according to given permissions or publicly.

Files can be uploaded or downloaded via XEP-0234: Jingle File Transfer and XEP-0363: HTTP File Upload is now also implemented, making it possible to share files via HTTPS link.

This component can now be used to replace internal XMPP servers HTTP File Upload implementations. In addition to the fine permission management, it does not have a size limit and user quotas can be set, check the documentation to see how to set them. Files uploaded can be retrieved using XEP-0329: File Information Sharing and deleted with XEP-0050: Ad-Hoc Commands.

This component is necessary to use the Photo Album feature.

Libervia Pubsub

A Pubsub/PEP component (formerly named "SàT Pubsub") is developed next to Libervia. It aims to provide a server independent feature-full implementation.

Libervia Pubsub is released at the same time as the Libervia XMPP client, and has also been ported to Python 3.

Among novelties, Full-Text Search has been implemented (XEP-0431: Full Text Search in MAM), as well as XEP-0346: Form Discovery and Publishing which replaces the former non-standard node schema, and PEP is now working for the server itself, making it usable for XEP-0455: Service Outage Status.

Docker Images

Docker images have been updated and moved directly to libervia-backend repository (in docker subdirectory).

Official Website

The Official Website has been updated with a new theme (based on Libervia Web new theme).

Installation

Libervia is available on several GNU/Linux distributions (at least Debian and derivative and Arch Linux). Unfortunately, the current Debian version is outdated (due to incompatible Debian and Libervia release dates), hopefully the new version will be available as a backport soon.

You can easily install Libervia on any distribution by using pipx:

$ pipx install libervia-backend
$ pipx install libervia-desktop

Then launch libervia-backend, and a frontend (e.g. libervia-cli or libervia-desktop). Check the documentation for details.

Docker images are available, and notably a web-demo.yml file can be used with docker-compose to quickly try a local demo:

$ hg clone https://repos.goffi.org/libervia-backend 
$ cd libervia-backend/docker
$ docker-compose -f web-demo.yml up

Then open your browser on http://localhost:8880 and use the login demo with password demo.

What's Next

A Libervia based project has been selected by NLnet for a grant. This project is in 2 parts: working on an XMPP ⟺ ActivityPub gateway, then on pubsub and files end-to-end encryption. You'll find more information on this blog post and on NLnet project page. The project has already well started, and you can follow the progress on my blog (which is Libervia/XMPP powered) or on the ticket tracker (which is also Libervia/XMPP powered). A huge thanks to NLnet/NGI0 Discovery Fund!

Besides, work is planned to improve user experience and instant messaging feature (notably on Web frontend). Libervia aims to be a good fit for private networks for family and friends.

Last but not least, I've been pleased to see that Libervia Web is used to power jmp.chat blog. JMP is a company which give you a real phone number which can be used with XMPP and SIP (you can call this number from a traditional phone and get the voice call from a XMPP client).

This concludes this release post. Stay tuned!

by goffi at November 30, 2021 22:54

JMP

Newsletter: New website, new forums, new app feature

Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; Share one number with multiple people.

This month we launched a full rewrite of our website.  While this rewrite was mostly precipitated by changes at our primary carrier partner, we managed to get a few improvements in there as well.  First of all, the search box on the homepage now accepts more than just area codes: a city then comma then two-letter state or province code is accepted, as well as zip codes or vanity patterns (like ~woof or ~1234).  This search is also now powered by XMPP commands in the backend, so you can now get a JMP number entirely without ever visiting the website, just talk to cheogram.com and send register jmp.chat to get started.

Next, our community has been testing more features in the pre-release Cheogram app.  This app is available to anyone who wants to test it by coming by the chatroom and asking for access.  When the app is a bit more ready, it will be released on F-Droid, hopefully in Q1 2022.  The big new feature right now is dialer integration.  This allows anyone using the app with cheogram.com added to their contacts to head to their native Android dialer and visit Settings > Calls > Calling accounts in the menu.  From there it should be possible to enable the calling account associated with your Jabber ID and then dial out directly from your native Android dialer app over JMP!  Any questions about this feature or the Cheogram app in general should be directed to the chatroom.

As our community grows it makes sense to reach more people where they are at, and not just hang out where we are most comfortable.  This month the freedomware project we sponsor and rely on, Sopranica, is opening two more venues where you will be able to get news from JMP or discuss the project generally: Lemmy and Reddit.  Here is the new complete list of official ways to communicate with our community:

Thanks for reading and have a wonderful rest of your week!

by Stephen Paul Weber at November 30, 2021 01:00

November 29, 2021

Gajim

Development News November 2021

Annoyed of spam messages in public channels? Gajim just gained support for Message Moderation! Also this month: better message corrections and improved notifications.

Changes in Gajim

If you’re participating in public channels you might have witnessed spam from time to time. Someone comes along and pastes some URL about a promising business opportunity, or leaves an offending picture. Moderators can kick/ban spammers, but that does not remove those messages. With XEP-0425 Message Moderation, there is a standard for retracting messages from a group chat. Both server and client have to support this standard, and you have to be Moderator/Admin/Owner in order to be able to retract messages. Gajim 1.4 will support message moderation in both ways: by offering moderation actions for messages, and by displaying a disclaimer for message which have been moderated.

Message Moderation in action

Message Moderation in action

Coming with Gajim 1.4, message corrections done via XEP-0308 Last Message Correction will be stored in the database. Up until now, each correction has been stored as a separate message. From now on, the original message text will be stored, and each subsequent correction will replace the message’s text. This way, Gajim can restore message corrections when loading messages from the database while showing the original message in a tooltip. While working on this, we also updated Gajim to the latest version of the Last Message Correction standard, which allows to edit the same message multiple times.

Many of you asked about how to clean up the list of chats in Gajim’s Start Chat window. We went ahead an added a “Forget Group Chat” menu item for each group chat. This effectively obsoletes the bookmarks management window, which is now read-only.

What else happened:

  • Windows installer is ready for Gajim 1.4
  • Notifications now show details of received files instead of a plain https:// or aesgcm:// link
  • Avatars: non-square images are now displayed correctly by zooming in before cutting out a circle

Plugin updates

Almost all plugins are now ready for Gajim 1.4.

Changes in python-nbxmpp

XEP-0425 Message Moderation is now supported by python-nbxmpp.

There is a huge change for python-nbxmpp coming, which involves a new XML parser and a lot of type checking. Read more about that in upcoming posts.

As always, feel free to join gajim@conference.gajim.org to discuss with us.

Gajim

November 29, 2021 00:00

November 28, 2021

Peter Saint-Andre

Aristotle Research Report #17: Let the Re-Reading Begin

Just under two years ago, I thought I was done with phase one of my research into Aristotle's views o human flourishing, having at that point read around 120 distinct works by or related to Aristotle (including all of Plato's dialogues). Well, I was wrong: since then I've read an additional 150 works, almost exclusively in the scholarly literature on Aristotle. Now I have three whole shelves of books about Aristotle in my office....

November 28, 2021 00:00

November 22, 2021

Erlang Solutions

Blockchain Tech Deep Dive 1/4 | 6 Principles

INTRODUCTION

Blockchain technology is transforming nearly every industry, whether it be banking,  government, fashion or logistics. The benefits of using blockchain are substantial – businesses can lower transaction costs, free up capital, speed up processes, and enhance security and trust. So it’s no surprise that more and more companies and developers are interested in working with the technology and leveraging its potential than ever before.

This blog post series will cover some of the thinking from Erlang Solutions’ subject matter experts on blockchain technology published over the last couple of years. Across four main themes, we will explore how companies and developers are working with blockchain, the principles behind the technology, what we can expect in the future and where we fit into things. 

To join our FinTech mailing list for more great content and industry and events news, sign up here >>

Theme I – 6 Principles – Blockchain Guidance

Theme II – Blockchain Myths vs Reality

Theme III – Digital Asset Ownership

Theme IV – How Erlang Optimises Blockchain

Blockchain – an overview

The world is becoming decentralised. 

A multitude of platforms, technologies, and services are moving from centralised proprietary systems to decentralised, open ones. This is being driven by several powerful social and psychological factors which you can find discussed later in Blockchain: Myths vs Reality and Digital Asset Ownership in the Era of Blockchain by Dominic Perini and MIchael Jaiyeola.

A blockchain is one architectural design of the broader concept of distributed ledger technology (DLT). Essentially, a blockchain is an expanding list of cryptographically signed, irrevocable transactional records that are shared by all participants in a network. Each record is time-stamped and references links to previous transactions. Anyone with access rights can trace back a transactional event, at any point in its history, belonging to any participant. 

For organisations, blockchain presents an opportunity for a fundamental change in how data is managed; from where every company has its own copy of a data set to a scenario in which all parties in a network have controlled access to a shared copy.

The key benefit of this is that traditional independent institutions can collaboratively work together to integrate and optimise existing processes to mutual advantage while, crucially, not compromising on the security of sensitive data.

We view it as vital that relevant parties from every industry are across the latest in debate surrounding blockchain as the technology is set to become increasingly prevalent in all of our lives.

Theme I

6 Principles – Blockchain Guidance

1. Software Engineering

Embrace the best practices in software engineering, in particular, the exploitation of functional programming and the design patterns that emerge from it. Develop and optimise code that speeds up the software development process, its evolution and adaptation, delivering on critical time-to-market business requirements, which is essential when it comes to blockchain!

Take a modern approach to testing ensuring that a high degree of quality is preserved throughout the lifecycle of a system. Leverage auto-generated Property-Based Test and continuous stress tests combined with traditional Test-Driven Development.

Empower your software engineers to embrace modern agile software development methodologies that support scaling the workforce whenever and however needed. Practising agile ways of deployment automation, type checks, sensible naming conventions and documentation is extremely important, especially during handovers or when onboarding new developers.

2. Distributed Systems

Work with engineers previously involved in the development of massively scalable systems. Their experience working on messaging systems or distributed databases gives you the confidence that they will choose the correct partitioning, sharding and replica parameters. 

The need for engineering highly scalable and distributed systems has grown, and this is what we do every day. Building distributed systems to cater to billions of users and transactions on a daily basis. Delivering solutions that are resilient against node crashes or bad actors, and therefore exclude single points of failure. 

“Having numerous clients around the globe spanning from startups to Fortune 500 companies, Erlang Solutions has gained invaluable experience and thrives when working on complex cases and providing solutions to distributed systems.” 

Yanislav Malahov, æternity founder

View the æternity case study >>

3. Networking

Find a team with vast experience in growing automated network traffic management and dynamic topologies. Check if their monitoring capacity and expertise can be embedded to allow adaptation to changing scenarios, and identify problems before they occur (preemptive adaptation).

Does their approach also ensure that back-pressure control protects the system’s capacity against overloads and increases its robustness? These modern approaches are valid for centralised, decentralised and distributed peer-to-peer (p2p) networks, often associated with bespoke service discovery mechanisms, and should be something that you clear with your team early on.

4. Security & Resilience

Make sure that you have the right people to monitor your system and repair mechanisms, and strategies using important resilience components. Dedicated secure p2p protocols, static analysis and property-based testing are among the techniques you should adopt to drive the security of a system. Information validation is used to protect against the man in the middle (MitM) attacks. Back pressure mechanisms protect against distributed denial of service attacks (DDOS).

Both symmetrical and asymmetrical encryptions are used to achieve the highest level of security possible. It’s also worth checking on hardware security ensuring that sensitive private keys are only accessible via hardware security modules (HSM). 

Erlang is a high-level language that avoids a lot of the security issues that are an issue with C/C++ (no buffer overflows, no dangling pointers, etc)

Dal Gemmell, Head of Product at Helium Inc.

5. Integration

Integrating applications on top of complex backends, as well as providing synchronous and asynchronous interfaces among backends, is a serious job. So it’s worth checking if your team uses frontend facing APIs such as REST and Websocket to implement responsive applications. They should comply with industry standards for compatibility and security to drive message exchanges on top of a variety of AMQP and JMS queuing mechanisms.

In the Blockchain space, we are highly competent in designing cross-chain smart contracts capable of changing anchor data to major networks such as Bitcoin, leveraging its security against history revisions. We can provide guidance to plan effective and reliable integration tests, ensuring the compliance of data validation and communication protocols is preserved throughout the development process.

Erlang can easily interface with C/C++/Rust libraries using Native Implemented Functions (NIFs), and we do that a lot to talk to cryptographic libraries and for performance-critical code.

Dal Gemmell, Head of Product at Helium Inc.

6. Programming Language

Engage with us as true polyglots! We specialise in Erlang and Elixir, but we are highly competent in every other language in the industry, this could be Java/Scala, JS, C/C++, Python, Rust or Go, we stay relevant! 

Vast expertise in language interpretation and virtual machines has proven to be critical know-how in a variety of modern blockchain solutions. 

“Erlang Solutions is renowned for its technical talent, and having already embedded some of its engineers and architects in our development team, we have no doubt that Erlang Solutions will play a crucial part in building out an extremely strong core team.” 

Yanislav Malahov, æternity founder

For any business size in any industry, we’re ready to investigate, build and deploy your blockchain-based project on time and to budget.

Get in touch with your blockchain project queries general@erlang-solutions.com or via the contact us form. Stay tuned for the next theme in this series ‘Blockchain: Myths vs Reality by Dominic Perini.

The post Blockchain Tech Deep Dive 1/4 | 6 Principles appeared first on Erlang Solutions.

by Erlang Admin at November 22, 2021 16:36

November 18, 2021

Snikket

November 2021 server release

We’re excited to introduce a new release of the Snikket server! The Snikket server is an easy-to-install server package that allows you to run your own private messaging service for family, friends and other small groups.

Since the previous server release, we’ve been focusing our work mainly on the Snikket apps, especially the first release of our iOS app. We’ve continued work on the server part of Snikket though, and we’re glad to share a range of new improvements with you now.

For information on how to upgrade from a previous release, see our quick upgrade guide.

iOS improvements

In case you missed it, we released the first version of our iOS app to the app store a couple of months ago. We’ve been continuing to develop the app, and more releases are already in the pipeline.

Upon the app’s initial release there were still a few “rough edges”, such as the lack of notifications for group messages while the app is closed. Fixing a number of these issues required work on the server, and so that has been a big focus of this release.

In particular:

  • Encrypted messages show a nicer notification (“You have received an encrypted message”). Displaying the contents of encrypted messages without opening the app is not yet possible, but is planned.
  • The app can now show notifications from group chats even while the app is closed. A couple more small changes are required before this works seamlessly, and these will be included in a future app update.

Now that these issues are resolved, a link to the iOS app will be shown by default on the Snikket invitation page, starting from this release.

File sharing limit increased

You can now share files up to 100MB using Snikket! Previously this was limited to 16MB for technical reasons. Although most shared files are much smaller than 16MB, there is the occasional need to share larger files. Now you’re covered.

To help server operators plan their system resources, it’s now possible to set a service-wide quota for the storage of uploaded files. This means that even if your users have a little too much fun with the new limits, you can be sure your system won’t run out of disk space.

Limited accounts

In the previous release we introduced the ability to select whether an account is an administrator or a normal user. In this release we add one further type: “limited” accounts.

A limited account has a number of restrictions. In particular they:

  • may only communicate with users and group chats on the same server,
  • may not create public channels,
  • may not invite new users to the server.

The purpose of limited accounts is to allow you to grant use of the server for communication with other users of the server only. This can be applied to accounts for children or guest users, for example.

For more information, see the documentation on User Roles.

Resource monitoring

The web admin dashboard now shows some basic statistics about your server resources, such as system load and memory usage of the various Snikket components. This can be helpful to ensure Snikket is performing well and you have enough resources available to serve your users.

Screenshot of the resources panel in the Snikket web interface

Screenshot of the resources panel in the Snikket web interface

Server announcements

In the same system health area of the admin dashboard, you can also now send an announcement message to all users of your server - e.g. to inform them about upgrades and maintenance.

Support and questions

As usual if you need any help or have questions about the new release, you’re welcome to join our community chat where folk will be glad to help you out.

Stay tuned for more upcoming releases, and… happy chatting!

by Snikket Team (team@snikket.org) at November 18, 2021 17:45

November 05, 2021

The XMPP Standards Foundation

The XMPP Newsletter October 2021

Welcome to the XMPP Newsletter covering the month of October 2021.

Many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, especially throughout the current situation, please consider to say thanks or help these projects!

Read this Newsletter via our RSS Feed!

Interested in supporting the Newsletter team? Read more at the bottom.

Other than that — enjoy reading!

Newsletter translations

Translations of the XMPP Newsletter will be released here (with some delay):

Many thanks to the translators and their work! This is a great help to spread the news! Please join them in their work or start over with another language!

XSF Announcements

  • The XSF members have to elect the upcoming XSF Board and Council soon. If you are interested in running for XSF Board (business related) or XSF Council (technical related) for the 2021—2022 term, please create an appropriate Wiki page by November 7th, 2021 and link it from here

  • The XSF offers fiscal hosting for XMPP projects now! Please apply via Open Collective. For more information, see the announcement blog post.

    • Moreover, the XSF has accepted its first project to the fiscal hosting program! A big welcome to the MAM Plugin for XMPP.js (note that this is unaffiliated with the upstream xmpp.js project)! They will be working on adding MAM support to xmpp.js with the eventual goal of adding it to the Matrix Bifrost bridge, allowing XMPP users to fetch history from their favorite Matrix channels. You can donate to the effort here.
  • The XSF is planning to participate the Google Summer of Code 2022 (GSoC). If you are interested in participating as a student, mentor or as project in general please add your ideas and reach out to us!

  • Blog and newsletter pages at xmpp.org/blog now support multiple languages. We are happy for volunteers to support translating!

Events

XMPP Office Hours - Also, checkout our new YouTube channel!

Berlin XMPP Meetup (remote): Monthly Meeting of XMPP Enthusiasts in Berlin - always 2nd Wednesday of the month.

Videos

Sam Whited gave a talk for the XMPP Office Hours about the XSF’s new fiscal hosting service!

Guest talk at Berlin XMPP Meetup: Diving deep into Briar at the XMPP Meetup Berlin

Articles

After being featured in the September 2021 newletter with a Movim & Element web client comparison, Ade Malsasa Akbar is back with a short tutorial on how to use Audio and Video calls in these clients.

Have you heard about Bad XMPP? Well, it is actually good - you can test your clients and servers against a set of intentionally badly configured XMPP services. Happy debugging!

BadXMPP

The jmp.chat service blog announced some changes to the SIP inbound calling feature, so users are advised to configure it via the new interactive bot. On the iOS side Snikket is now the recommended app as some helpful functions (like calling tones) got sponsored.

Aria Network wrote a follow-up blog post on UX improvements such as avatars of the Bifrost bridge to Matrix. The previous article was “Conversion of communities to spaces, new Bifrost features”.

Software news

Clients and applications

Following last month’s Conversations and Quicksy releases of 2.10.0, a 2.10.1 point release comes with a new internal library for video compression, which allows more devices to send smaller files. Conversations will now be included in Android backups (be it Seedvault or Google’s) but only if encrypted. Furthermore, there have been address book fixes so contact addresses are picked up easier. Finally there have been fixes for notifications, which allow to start downloads properly and send MUC PMs to the right contact.

Gajim 1.3.3 has been released. This release features improved Ad-Hoc Commands and brings back spell checking. Gajim 1.3.3 includes many bug fixes and improvements. Also this month: two years of Gajim Development News! In October, Gajim’s event system received significant changes. These changes lead to improvements in notifications mainly, but also made it possible to display Jingle File Transfers directly in the chat view. Another nice addition: search filters which help narrow down your search.

Version 2.10.2 of the Snikket Android app has been released! The main highlight of this release is the new dialpad which allows you to navigate automated call systems when using a Jingle to PSTN bridge.

New beta versions of Beagle IM and Siskin IM have been released for MacOS and iOS with support for location sharing.

Beagle IM Locations

Servers

The Openfire plugin for Push Notification got a small bug fix, so server admins are advised to update to the new 0.9.0 version.

Libraries

Development on mellium.im/xmpp (an XMPP library in Go) has been slower than usual this month. We’ve primarily been focused on rolling out basic pubsub, PEP, and PEP Native Bookmarks support and the basics are already merged into the main branch. For more information, see the latest Dev Communiqué.

Extensions and specifications

Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001, which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process. Communication around Standards and Extensions happens in the Standards Mailing List (online archive).

Proposed

The XEP development process starts by writing up an idea and submitting it to the XMPP Editor. Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.

  • No XEPs proposed this month.

New

  • No new XEPs this month.

Deferred

If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.

  • No XEPs deferred this month.

Updated

  • Version 0.8.0 of XEP-0392 (Consistent Color Generation)

    • Remove Color Vision Deficiency correction algorithms and substitute them with a better recommendation. (jsc)
  • Version 0.5 of XEP-0355 (Namespace Delegation)

    • delegation of Remaining Discovery Infos
    • delegation of Bare JID Disco Items
    • Security Consideration about disco requests
    • namespace bump
    • typos (jp)
  • Version 0.8.0 of XEP-0313 (Message Archive Management)

    • Update groupchat-messages-in-user-archive advice, introducing fields and disco features to make behaviour explicit in future implementations, in light of Last Call feedback. (ks)
  • Version 0.4.0 of XEP-0450 (Automatic Trust Management (ATM))

    • Update to XEP-0434 version 0.6.0 and XEP-0384 version 0.8.0
    • Use Base64-encoded key identifiers in examples
    • Update TM’s namespace to urn:xmpp:tm:1
    • Update OMEMO’s namespace to urn:xmpp:omemo:2 (melvo)
  • Version 0.6.0 of XEP-0434 (Trust Messages (TM))

    • Specify key identifier encoding, improve glossary and update to XEP-0384 version 0.8.0
    • Specify usage of Base64 encoding for key identifiers within trust messages
    • Specify usage of Base16 encoding for key identifiers within Trust Message URIs
    • Use Base64-encoded key identifiers in examples
    • Add ‘hash value’ as example of key identifier
    • Update OMEMO’s namespace to urn:xmpp:omemo:2
    • Update namespace to urn:xmpp:tm:1 (melvo)
  • Version 0.5.0 of XEP-0401 (Ad-hoc Account Invitation Generation)

Last Call

Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call help improving the XEP before returning it to the Council for advancement to Draft.

  • XEP-0379 Pre-Authenticated Roster Subscription
  • XEP-0401 Ad-hoc Account Invitation Generation
  • XEP-0445 Pre-Authenticated In-Band Registration

Stable (formerly known as Draft)

Info: The XSF has decided to rename ‘Draft’ to ‘Stable’. Read more about it here.

  • Version 1.0.0 of XEP-0280 (Message Carbons)
    • Advance to Stable as per Council Vote from 2021-09-29. Unbelievable. (jsc (XEP Editor))

Deprecated

  • Version 1.1.0 of XEP-0411 (Bookmarks Conversion)
    • Deprecated by vote of Council on 2020-10-06. (XEP Editor (jsc))

Call for Experience

A Call For Experience - like a Last Call, is an explicit call for comments, but in this case it’s mostly directed at people who’ve implemented, and ideally deployed, the specification. The Council then votes to move it to Final.

  • No Call for Experience this month.

Thanks all!

This XMPP Newsletter is produced collaboratively by the XMPP community.

Therefore many thanks to Adrien Bourmault (neox), Anoxinon e.V., Benoît Sibaud, emus, Julien Jorge, Licaon_Kter, MattJ, mdosch, Nicola Fabiano, seveso, Sam Whited, SouL, wojtek, wurstsalat3000, Ysabeau for their support and help in creation, review and translation!

Spread the news!

Please share the news via other networks:

Find and place job offers in the XMPP job board.

Also check out our RSS Feed!

Help us to build the newsletter

We started drafting in this simple pad in parallel to our efforts in the XSF Github repository. We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. We really need more support!

You have a project and write about it? Please consider sharing your news or events here, and promote it to a large audience! And even if you can only spend a few minutes of support, these would already be helpful!

Tasks we do on a regular basis are for example:

  • Aggregation of news in the XMPP universe
  • Short formulation of news and events
  • Summary of the monthly communication on extensions (XEP)
  • Review of the newsletter draft
  • Preparation for media images
  • Translations: especially German, French, Italian and Spanish

License

This newsletter is published under CC BY-SA license.

November 05, 2021 00:00

JMP

How to Subscribe to This Blog Using Movim

This blog is powered by XMPP. That means it is federated over the Jabber network, it has a Jabber ID, and you can subscribe to it using a supporting Jabber client. One such client with support for subscribing, liking, and commenting is Movim. There are several public Movim instances including one hosted by upstream and one by chatterboxtown. Once you are logged in with a Movim instance, you can follow these steps to discover this blog and subscribe.

  1. Click Explore

    in the left navigation menu
  2. Click

    Communitites Servers
  3. If blog.jmp.chat is not yet known to this instance, you can use the search box to add it

    Search for a new server
  4. After entering blog.jmp.chat in the search box and hitting enter, you may need to click away to any other Movim page and then come back to the Communities Servers area as before.
  5. Click

    blog.jmp.chat
  6. Click

    JMP Blog
  7. Click

    subscribe
  8. New posts from the blog will now show up under News

    in the left navigation menu 

by Stephen Paul Weber at November 05, 2021 00:00

November 04, 2021

Peter Saint-Andre

Philosophy vs. Ideology

Today I'd like to explore some implications of my recent series of posts about the nature of opinion; specifically, the dangers of ideology. (As a reminder, so far I've discussed holding fewer opinions, opinions about opinions, holding multiple opinions, opinions vs. truths, and opinions weak and strong.)...

November 04, 2021 00:00

November 01, 2021

Ignite Realtime Blog

Smack 4.4.4 released

We are happy to announce the release of Smack 4.4.4. Thanks to numerous contributors this patch level release includes many fixes and improvements. I’d like to especially thank the folks from Jitsi, namely Boris Grozev, Damian Minkov, Ingo Bauersachs, and Jonathan Lennox. Who tracked down multiple bugs, including a nasty concurrency bug. Furthermore, thanks to Ingo, Smack and its important dependencies jxmpp and MiniDNS are now, again, OSGi compatible.

For a high-level overview of what’s changed in Smack 4.4.4, check out Smack’s changelog.

The shortlog for the 4.4.4 release is

flo@neo-pc ~/code/smack $ git shortlog -n --no-merges 4.4.3..4.4.4 
Florian Schmaus (23):
      Smack 4.4.4-SNAPSHOT
      [xdata] Add missing ensureAtMostSingleValue() to parseBooleanFormField
      [xdata] Safe the raw character data of form field values
      [caps] Use the raw character data of form fields when caclulating the hash
      [pubsub] FormNode(Provider) should not fail if there is no DataForm
      [socks5] Ensure that the local SOCKS5 proxy is running (if enabled)
      [core] Assert that 'event' is not END_DOCUMENT in forwardToEndTagOfDepth()
      [socks5] Fix javadoc of getLocalStreamHost()
      [socks5] Remove stale null check
      [disco] Add DisocverInfo.nullSafeContainsFuture(DiscoverInfo, CharSequence)
      [muc] Check mucServicedDiscoInfo for null in serviceSupportsStableIds()
      [carbons] Remove erroneous assert statement in connectionClosed()
      [muc] Check for self-presence first in presence listener
      [muc] Call userHasLeft() *after* the leave presence was sent
      [jingle] Add empty element optimization for <content/>
      [core] Pass down the XML environment in IQChildElementXmlStringBuilder
      [jingle] Mimic Manager.connection() in JingleTransportManager
      [jingle] Make Jingle.Builder extend IqBuilder
      [jingle] Add unit test to check that there are no redundant namespaces
      [build] Remove OSS Sonatype Snapshot repository
      Update NOTICE file
      [resources] Rename get-contributors.sh to generate-notice-file
      Smack 4.4.4

Ingo Bauersachs (5):
      Prevent password enforcement for SASL anonymous
      Fix BOSH connection establishment
      Make Smack jars OSGi bundles
      Add getter for the stanza associated with the exception
      Add missing stream namespace to xml declaration

Jonathan Lennox (2):
      Update documentation of default SecurityMode.
      Add removeExtension methods to StanzaBuilder.

Damian Minkov (1):
      [muc] Also process destory message if it contains <status/>

Guus der Kinderen (1):
      SMACK-908: Don't use components to count tabs in Debugger

Simon Abykov (1):
      Accept an empty string as the label value

As always, this Smack release is available via Maven Central.

We would like to use this occasion to point at that Smack now ships with a NOTICE file. Please note that this adds some requirements when using Smack as per the Apache License 2.0. The content of Smack’s NOTICE file can conveniently be retrieved using Smack.getNoticeStream().

2 posts - 2 participants

Read full topic

by Flow at November 01, 2021 18:06

October 30, 2021

Gajim

Development News October 2021

This post marks two years of Gajim development news 🥳 In October, Gajim’s event system received significant changes. These changes lead to improvements in notifications mainly, but also made it possible to display Jingle File Transfers directly in the chat view! Also this month: search filters which help narrow down your search.

Changes in Gajim

Cleaning up Gajim’s internal event system offered an opportunity to rework notifications. There is a decision tree Gajim has to go through until a notification is actually issued. For example, a user might set their status to “Busy”, which should suppress showing notifications (and possibly sounds). Chats and group chats need different handling as well, because group chats can have individual notification settings, which depend on various conditions: is it a private or a public group chat, are we being mentioned by other users, etc. These decisions have been centralized at one place in order to reduce code duplication and to make notification handling easier for developers.

While simplifying Gajim’s event system, Jingle File Transfers came into focus. File transfer event processing had been spread across many places in Gajim, making it hard to migrate away from the “File Transfers” window, which is exclusively used for Jingle File Transfers. After working on this, it is now possible to have multiple widgets process events around file transfers. This means we can have a file transfer widget in the chat view as well! With the new conversation view based on a Gtk.Listbox, it was easy to add a file transfer widget for Jingle File Transfers. Similar to HTTP Upload file transfers, Jingle File Transfers (file offer, progress, success, and error) are now displayed directly in the chat view.

Thanks to first time contributor wtas, Gajim 1.4 will feature search filters! There are several filters for narrowing down your search: after: and before: for filtering by time, from: for filtering by user, and has: for filtering by content. This allows for example to search for a specific file you received some time ago. Here is what a search could look like:

after:2021-08-01 has:file

What else happened:

The service Bad XMPP offers a set of badly configured XMPP services for testing against. Running Gajim against this service uncovered an issue where Gajim’s account wizard became stuck.

Plugin updates

Both Quick Replies and Syntax Highlighting plugins have received a bug fix for an issue where inserting text into the message input failed.

With Gajim 1.4, many things have changed under the hood. These changes affect how plugins interact with Gajim or how they can access data. Starting this month, we’re adapting plugins to all the changes coming with Gajim 1.4.

Changes in python-nbxmpp

python-nbxmpp received code annotations in various places.

As always, feel free to join gajim@conference.gajim.org to discuss with us.

Gajim

October 30, 2021 00:00

October 27, 2021

Ignite Realtime Blog

Push Notification Openfire plugin 0.9.0 released

I’m happy to be able to announce that we’ve released version 0.9.0 of the Push Notifications plugin for Openfire!

This version does not bring new functionality. It does fix a bug that older versions of this plugin had, when running on Openfire 4.6.4 or later.

For other release announcements and news follow us on Twitter

1 post - 1 participant

Read full topic

by guus at October 27, 2021 16:09

October 26, 2021

Peter Saint-Andre

Meditations on Bach #8: Two Quotes from Pablo Casals

Here are two quotes from the great cellist Pablo Casals, who re-introduced the Bach Cello Suites to the world in the early twentieth century......

October 26, 2021 00:00

October 20, 2021

JMP

Newsletter: Action required for SIP accounts, new inbound call features, and more!

Hi everyone!

Welcome to the latest edition of your pseudo-monthly https://jmp.chat update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; Share one number with multiple people.

The biggest announcement this month is the launch of our new inbound voice and SIP account system! Due to changes at our major carrier partner, all inbound call handling had to be rewritten and the SIP accounts some people use are moving to a new server with a new server name. As part of this rewrite you can now use the configure calls command to set call forwarding to any XMPP, SIP, or tel URI without involving support. If you haven’t used the JMP bot before, you do so by sending a message to your cheogram.com contact with the text of the command you want to run. You can send help for a list.

If you have not tried it yet, now would be a great time to try our features allowing calling from your Jabber account. All your regular SMS contacts can be called as well with no changes on your part, from any client that supports voice calls. Inbound calls can be routed to your Jabber ID using the configure calls command.

If you still need a SIP account for some reason (such as to use with a device that does not support Jabber calls) you will need to use the reset sip account command to get a username and password on the new server, as the old server will be going away soon. Be sure to use UDP as the transport!

In other news, our founder Denver Gingerich (ossguy) has returned from his leave and is rejoining us in day-to-day operations. You will see him more often in the chatroom and sometimes answering support.

There has also been a bit of movement on the mobile app front. We have been partially sponsoring development work on the now-released Snikket iOS which is now our recommended client for all iOS users. When paired with a Snikket server this client should receive calls and messages reliably, and also supports DTMF (entering digits for phone menus) during calls.

We’ve also had a volunteer working with us to clean up some of the features in our prototype app for Android. Not many visible changes yet (except for a much better icon to open the DTMF pad) but watch this space for updates.

As always, if you have any questions, feel free to reply to this email or find us in the group chat per below. We’re happy to chat whenever we’re available!

To learn what’s happening with JMP between emails like this, here are some ways you can find out:

Thanks for reading and have a wonderful rest of your week!

by Stephen Paul Weber at October 20, 2021 02:00

October 17, 2021

Peter Saint-Andre

There's No Such Thing as a Kudo

It always warms my heart when we import a word directly from ancient Greek into English. Often they are philosophical locutions, such as eudaimonia and ataraxia. Yet at times more mundane terms make the leap; these days perhaps the most common one is kudos (e.g., "kudos to you on aceing that algebra test!"). Consistent with modern English usage, people tend to pronounce it "koo-doze" and think of it as a plural ("that algebra test was really hard so you deserve many kudos for aceing it"). However, in ancient Greek κῦδος was pronounced "koo-doss" and was a singular noun (meaning fame, honor, renown). Just as we give praise (not "a praise") to a friend or colleague, so an ancient Greek might have given κῦδος. I'm sorry to disappoint you, but as a result there is no such thing as a kudo....

October 17, 2021 00:00

October 10, 2021

Paul Schaub

A Simple OpenPGP API

In this post I want to share how easy it is to use OpenPGP using the Stateless OpenPGP Protocol (SOP).

I talked about the SOP specification and its purpose and benefits already in past blog posts. This time I want to give some in-depth examples of how the API can be used in your application.

There are SOP API implementations available in different languages like Java and Rust. They have in common, that they are based around the Stateless OpenPGP Command Line Specification, so they are very similar in form and function.

For Java-based systems, the SOP API was defined in the sop-java library. This module merely contains interface definitions. It is up to the user to choose a library that provides an implementation for those interfaces. Currently the only known implementation is pgpainless-sop based on PGPainless.

The single entry point to the SOP API is the SOP interface (obviously). It provides methods for OpenPGP actions. All we need to get started is an instantiation of this interface:

// This is an ideal candidate for a dependency injection framework!
SOP sop = new SOPImpl(); // provided by pgpainless-sop

Let’s start by generating a secret key for the user Alice:

byte[] key = sop.generateKey()
        .userId("Alice <alice@example.org>")
        .generate()
        .getBytes();

The resulting byte array now contains our OpenPGP secret key. Next, lets extract the public key certificate, so that we can share it with out contacts.

// public key
byte[] cert = sop.extractCert()
        .key(key) // secret key
        .getBytes();

There we go! Both byte arrays contain the key material in ASCII armored form (which we could disable by calling .noArmor()), so we can simply share the certificate with our contacts.

Let’s actually create an encrypted, signed message. We obviously need our secret key from above, as well as the certificate of our contact Bob.

// get bobs certificate
byte[] bobsCert = ...

byte[] message = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);

byte[] encryptedAndSigned = sop.encrypt()
        .signWith(key) // sign with our key
        .withCert(cert) // encrypt for us, so that we too can decrypt
        .withCert(bobsCert) // encrypt for Bob
        .plaintext(message)
        .getBytes();

Again, by default this message is ASCII armored, so we can simply share it as a String with Bob.

We can decrypt and verify Bobs reply like this:

// Bobs answer
byte[] bobsEncryptedSignedReply = ...

ByteArrayAndResult<DecryptionResult> decrypted = sop.decrypt()
        .verifyWithCert(bobsCert) // verify bobs signature
        .withKey(key) // decrypt with our key
        .ciphertext(bobsEncryptedSignedReply)
        .toByteArrayAndResult();

// Bobs plaintext reply
byte[] message = decrypted.getBytes();
// List of signature verifications
List<Verification> verifications = decrypted.getResult().getVerifications();

Easy! Signing messages and verifying signed-only messages basically works the same, so I’ll omit examples for it in this post.

As you can see, performing basic OpenPGP operations using the Stateless OpenPGP Protocol is as simple as it gets. And the best part is that the API is defined as an interface, so swapping the backend can simply be done by replacing the SOP object with an implementation from another library. All API usages stay the same.

I want to use this opportunity to encourage YOU the reader: If there is no SOP API available for your language of choice, consider creating one! Take a look at the specification and an API definition like sop-java or the sop Rust crate to get an idea of how to design the API. If you keep your SOP API independent from any backend library it will be easy to swap backends out for another library later in the process.

Let’s make OpenPGP great again! Happy Hacking!

by vanitasvitae at October 10, 2021 15:45

Gajim

Gajim 1.3.3

This release features improved Ad-Hoc Commands and brings back spell checking. Gajim 1.3.3 includes many bug fixes and improvements. Thanks everyone for reporting issues!

What’s New

The Ad-Hoc Commands window has been ported to Gajim’s new Assistant. This unifies the look and feel with other actions using an Assistant and it also fixes some issues.

Windows users please note: Windows builds are now based on Python 3.9, which does not run on Windows 7 or older.

More Changes

New

  • Profile: A NOTE entry has been added

Changes

  • API JID for search.jabber.network integration has been updated
  • Provider list: blabber.im has been removed (service is gone)

Fixes

  • #10441 Reload CSS after switching dark/light theme
  • #10477 Migration routine for portable installer
  • #10540 Windows: Added GSSAPI dependency
  • Fixed starting History Manager in standalone mode

Have a look at the changelog for the complete list.

Known Issues

  • Zeroconf (serverless messaging) has not been re-implemented yet
  • Client certificate setup is not possible yet

Gajim

As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.

October 10, 2021 00:00

October 05, 2021

The XMPP Standards Foundation

The XMPP Newsletter September 2021

Welcome to the XMPP Newsletter covering the month of September 2021.

Many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, especially throughout the current situation, please consider to say thanks or help these projects!

Read this Newsletter via our RSS Feed!

Interested in supporting the Newsletter team? Read more at the bottom.

Other than that - enjoy reading!

Newsletter translations

Translations of the XMPP Newsletter will be released here (with some delay):

Many thanks to the translators and their work! This is a great help to spread the news! Please join them in their work or start over with another language!

XSF Announcements

The XSF offers fiscal hosting for XMPP projects now! Please apply via Open Collective. For more information, see the announcement blog post.

The XSF is planning to participate the Google Summer of Code 2022 (GSoC). If you are interested in participating as a student, mentor or as project in general please add your ideas and reach out to us!

Furthermore, the xmpp.org website received an update. It’s now built using Hugo (instead of Pelican) which reduces maintenance effort significantly. The new website is based on Bootstrap 5, and has been developed with simplicity in mind. We also made sure to make contributions as easy as possible. Building the website locally requires a minimum of dependencies, and is possible via Docker and Vagrant as well.

Events

XMPP Office Hours - Also, checkout our new YouTube channel!

Berlin XMPP Meetup (remote): Monthly Meeting of XMPP Enthusiasts in Berlin - always 2nd Wednesday of the month.

Articles

OpenPGP for XMPP (OX) is slowly getting client implementations. In a German blog post, DebXWoody walks us step by step through the process of enabling OX and using it in Profanity.

The Libervia ActivityPub Gateway work continues, with a report about Full-Text Search for PubSub cache and an early, but functional, ActivityPub XMPP Component.

Libervia

Matthew Wild has published a web utility for exploring XEP-0392 “Consistent Color Generation”. This XEP advises clients on how to colourize a user’s contacts (e.g. their nicknames or default avatars) for easier visual identification. The XEP describes a standard algorithm that aims to provide a distinctive colour for any contact, with considerations for colour vision deficiencies, and allowing all of a user’s clients to display the same colour for a given contact. Check out the XEP-0392 colour explorer and the Modern XMPP colour guidance.

Ever wanted a web clients comparison between XMPP and Matrix? You’re in luck as Ade Malsasa Akbar has written a simple overview of two group chat messengers from the decentralization family, Element of Matrix and Movim of XMPP. This is a discussion of usability from an end user perspective without talking about technology stuff like security or protocols.

Software news

Clients and applications

Dino v0.2.2 has been released. This version is a maintenance release and includes bug fixes.

UWPX v.0.35.1.0 and v.0.36.0.0 have been released. v.0.35.1.0 finally added push support with the push server developed by COM8. v.0.36.0.0 of UWPX fixes a bunch of bugs and updated the UI to WinUI 2.7. Besides that, a new OMEMO status indicator got introduced which should help you check if your contacts support the latest OMEMO standard.

XMPP-DNS, a tool to look up XMPP SRV records and test connectivity, had its initial release of v0.1.0. The release was directly followed by v0.2.0, bringing support for the XMPPS-server SRV records and a small bugfix release v0.2.1.

Gajim development news: September brought many updates under the hood. With big changes coming up in Gajim 1.4, many parts of the code have to be touched. These changes remain mostly invisible for users, but make Gajim more robust. In some cases, this results in visible improvements as well: Both Add Contact and Start Chat windows are now detecting the type of chat behind an address.

Go-sendxmpp, one of various alternatives to the original sendxmpp, released versions v0.1.0 and v0.1.1.

Conversations and Quicksy got version 2.10.0 out this month, with a short changelog: black bars on video calls (so you know when “you’re holding it wrong”), search performance improvements and a new setting to block app screenshots. Under the hood there was more: two bugs fixed for file attachments (specially for users with a lot of media files), touching the titlebar will open chat details and nested quotes (not yet the default, but you can “copy” and then “paste as quote” to use them).

Converse is going forward after a lot of development. Version 8 of this JavaScript XMPP chat client that runs in your browser was released. JC Brand’s blog post covers the visible changes (message styling, OMEMO encrypted files, URL previews) but also the internal changes (IndexDB by default, web components). 8.0.1 followed shortly with bug fixes to the polished product.

Converse

Profanity 0.11.1 has been released improving upon themes, notifications and OMEMO handling.

The Mellium Dev Communiqué for September has been published. It includes minor updates to the Communiqué TUI client as well as the mellium.im/xmpp library. Full details in Dev Communiqué for September 2021 on their Open Collective page.

Servers

No news on XMPP servers have reached us this month. :-(

Libraries

Mellium has released v0.20.0 of their Go XMPP library. The release announcement can be found on Open Collective. Some of the bigger features include group chat (MUC), chat history (MAM), and ad-hoc command support!

Extensions and specifications

Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001, which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process. Communication around Standards and Extensions happens in the Standards Mailing List (online archive).

Proposed

The XEP development process starts by writing up an idea and submitting it to the XMPP Editor. Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.

  • No XEPs proposed this month.

New

  • No new XEPs this month.

Deferred

If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.

  • No XEPs deferred this month.

Updated

  • Version 0.8.0 of XEP-0384 (OMEMO Encryption)

    • Update to XEP-0420 version 0.4.0 and adjust namespace
    • Replace SCE’s old ‘content’ element by its new ‘envelope’ element
    • Replace SCE’s old ‘payload’ element by its new ‘content’ element
    • Update SCE’s namespace to ‘urn:xmpp:sce:1’
    • Update namespace to ‘urn:xmpp:omemo:2’ (melvo)
  • Version 0.14.0 of XEP-0280 (Message Carbons)

    • Incorporate LC feedback: Remove requirement to remove “private” elements (and add interop note), completely reword mobile considerations to fit modern reality. (gl)
  • Version 1.1 of XEP-0227 (Portable Import/Export Format for XMPP-IM Servers)

    • Discourage use of ‘password’, provide a way to include SCRAM credentials, PEP nodes and message archives. (mw)
  • Version 1.22.0 of XEP-0060 (Publish-Subscribe)

    • Remove exception for last item when purging a node: all items must be removed. (jp)

Last Call

Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call help improving the XEP before returning it to the Council for advancement to Draft.

Stable (formerly known as Draft)

Info: The XSF has decided to rename ‘Draft’ to ‘Stable’. Read more about it here.

  • No Stable this month.

Call for Experience

A Call For Experience - like a Last Call, is an explicit call for comments, but in this case it’s mostly directed at people who’ve implemented, and ideally deployed, the specification. The Council then votes to move it to Final.

  • No Call for Experience this month.

Thanks all!

This XMPP Newsletter is produced collaboratively by the XMPP community.

Therefore many thanks to Adrien Bourmault (neox), Benoît Sibaud, emus, palm123, Licaon_Kter, MattJ, mdosch, nicola, seveso, Sam Whited, SouL, wurstsalat3000, Ysabeau for their support and help in creation, review and translation!

Spread the news!

Please share the news via other networks:

Find and place job offers in the XMPP job board.

Also check out our RSS Feed!

Help us to build the newsletter

We started drafting in this simple pad in parallel to our efforts in the XSF Github repository. We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. We really need more support!

You have a project and write about it? Please consider sharing your news or events here, and promote it to a large audience! And even if you can only spend a few minutes of support, these would already be helpful!

Tasks which need to be done on a regular basis are for example:

  • Aggregation of news in the XMPP universe
  • Short formulation of news and events
  • Summary of the monthly communication on extensions (XEP)
  • Review of the newsletter draft
  • Preparation for media images
  • Translations: especially German and Spanish

License

This newsletter is published under CC BY-SA license.

October 05, 2021 00:00

September 29, 2021

Gajim

Development News September 2021

September brought many updates under the hood. With big changes coming up in Gajim 1.4, many parts of the code have to be touched. These changes remain mostly invisible for users, but make Gajim more robust. In some cases, this results in visible improvements as well: Both Add Contact and Start Chat windows are now detecting the type of chat behind an address.

Changes in Gajim

Since development on Gajim 1.4 started, a lot has changed under the hood. Window management and contacts interface both received a complete makeover. These are essential components, which means almost every part of Gajim has to be adapted. This is also an opportunity to clean up old code and to revise features.

Jingle File Transfer for example received a new resource selector widget, which allows users to select a resource/device to send the file to. But this is just one of many features which needed to be updated.

Surprisingly often there have been issue reports about joining group chats. It turns out these are a result of Gajim’s Start Chat window offering two actions for new addresses: either start a chat or join a group chat. Choosing the first action for group chats results in a mess. In order to fix this, Gajim will now try to do some discovery magic before actually starting a chat. The same goes for the new Add Contact window, which will now detect group chats and gateways. If a gateway (i.e. IRC) is detected, Gajim will offer registering options or Ad-Hoc Commands to configure the gateway, depending on its capabilities.

Plugin updates

No plugin updates this month.

Changes in python-nbxmpp

Parsing XEP-0050 Ad-Hoc Commands is now more robust against unknown or duplicated actions.

Furthermore, an issue with message corrections has been fixed.

As always, feel free to join gajim@conference.gajim.org to discuss with us.

Gajim

September 29, 2021 00:00

September 28, 2021

Jérôme Poisson

Libervia progress note 2021-W38

Hello,

it's time for a new progress note. The work is currently focused on ActivityPub Gateway, and progress has been done on pubsub cache search and the base component.

Pubsub Cache Full-Text Search

Next to the pubsub cache implementation, it was necessary to have a good way to search among items.

So far, Libervia was doing pubsub search using pubsub service's capabilities, and notably the XEP-0431(Full Text Search in MAM) implementation. This is working well (it's what is currently used on this very blog when you do use the search box), but has some pitfalls: the pubsub service must implement this XEP (and as far as I know, Libervia Pubsub is the only one which does it at the moment), the search can be done in a single node at a time only, each search request imply a new XMPP request to the pubsub service, and pubsub items must be in plain text (which is currently always the case, but pubsub end-to-end encryption is planned as second part of the granted NLNet project on which I'm working).

In regard to that, a local search is necessary. SQLAlchemy doesn't really have Full-Text Search (or FTS) support for SQLite out of the box, but it allows to use any SQL directly, thus I could use the really nice FTS engine available within it (FTS5). This is an extension, but in practice it is already installed most of the time (it is part of the SQLite amalgamation).

Thanks to the JSON support in SQLite, it is also possible to filter search requests on parsed data. That's really useful for features like blogs where you often want to do that (e.g. filtering on tags).

The cache search can be operated on all data in cache, that means that you can do search on items coming from multiple nodes and even multiple services. That opens the door to features like hashtags or blog suggestions.

Last but not least, search requests can be ordered by any parsed field. In other terms it will be possible to order a blog by declared publication date — which may be important if you want to import a blog —, or events by location.

To have an idea of the possibilities, you can check the documentation of the CLI search command.

Base ActivityPub Component

Once the preparatory steps have been done, the ActivityPub component itself could be started. In short, for people not used to XMPP, a "component" is a kind of generic plugin to server. You declare it in your server configuration, choose a JID and a "shared secret" (a password), run it with those parameters, and voilà.

For the AP gateway, Libervia runs the component. There is documentation to explain how to launch it, don't worry it's simple.

As I've got questions about this, here is a small schema giving an overview on how the whole thing is working:

global overview of Libervia ActivityPub Gateway

I hope that it makes the whole thing more clear, otherwise don't hesitate to ask me for clarification.

As you can see, the gateway includes an HTTP server to communicate with AP software, but in many cases there will already be an HTTP server (website, XMPP web client, etc.). In this case, you'll have to redirect /.well-known/webfinger and /_ap requests to the gateway server.

For the development, I'm using Prosody as reference XMPP server implementation, and Mastodon as reference ActivityPub server implementation. I've set a local Mastodon installation, and I've chosen to use Docker for that, as it makes things easy to have a reproducible environment and to save and restore a specific state. It was not as trivial as I would expect to find the right configuration to use, I've found outdated tutorials, but I could manage to run the thing relatively easily.

Because we work with HTTPS, I've made a custom docker image with locale certification authority, so Mastodon could validate my gateway HTTP server certificate. I'm already doing that for docker image used for end-to-end tests of Libervia, nothing difficult. Surprisingly though, Mastodon could not resolve my instance, when HTTPie running from the same container could do it flawlessly. I've quickly realised that Mastodon was not respecting hosts declared in /etc/hosts (and added via extra_hosts in Compose file) and found a relevant bug report on Mastodon tracker. That was annoying, and I had to find a way to work around that. I've done it by running a local DNS Server, and Twisted offers a nice built-in one. Twisted DNS can easily use /etc/hosts to direct my local domains to my local IP, it's just a one liner such as twistd3 -n dns --hosts-file=/etc/hosts -r.

After that the domain was resolving, but to my surprise, Mastodon was still not able to communicate with my gateway, and even more bizarre my server was receiving no request at all. After a quick round of tcpdump/wireshark, I saw that indeed nothing was sent to my server.

Thanks to the Libre nature of Mastodon, I could resolve this by reading the source code, the Mastodon::HostValidationError
led me to a section that made the whole picture clear: my server is on a local IP and Mastodon by default refuses to reach it (to avoid the confused deputy attack). With the ALLOWED_PRIVATE_ADDRESSES setting I could finally make Mastodon communicate with my server.

The How to implement a basic ActivityPub server tutorial made by Eugen Rochko (Mastodon original developer) is a nice article to start an ActivityPub implementation, it has been useful to build the base component (despite being a bit outdated, notably regarding signature).

I have to rant a bit, though, as the ActivityPub specification are not available in EPUB or PDF, making it difficult to read on an e-book reader. I could overcome that thanks to pandoc (git clone https://github.com/w3c/activitypub.git then pandoc index.html --pdf-engine=xelatex -o activitypub.pdf), it's really more comfortable to keep the reference like this.

So the base component is now available but only usable by developers (and only capable of sending message to ActivityPub for now). Things will be really exiting with the next 2 steps, as bidirectional communications will be available, and the gateway will be usable for early adopters. I don't expect those steps to be really long.

test message sent with Libervia AP Gateway

Oh, and to answer another question that I've had, yes you can use the same ActivityPub actor identifier as your XMPP JID. I'll explain next time how everything is accessed.

That's all for today.

by goffi at September 28, 2021 06:57

September 27, 2021

Erlang Solutions

5 Erlang and Elixir Use Cases In FinTech 2/2

We talked in our recent blog post about some of the success stories of FinTechs and banks leveraging the Erlang, Elixir and the BEAM virtual machine – including Vocalink, Goldman Sachs and others. In this post let’s examine a further 5 interesting use cases spanning building a bank from scratch in Elixir to using the most deployed open source message broker in the world (built in Erlang) in one of the world’s largest financial data companies.

Klarna

Why Erlang? 

To power the core system

Klarna is the uber-successful European FinTech unicorn that is going from strength to strength in the BNPL space. They operate as an intermediary between customer and agent making it simpler for both to buy – settlement takes place later using any of various payment methods.  Klarna’s main payment system has been running for over 10 years, serving millions of customers.

Originally a monolith entirely built in Erlang, Klarna has since moved out to some different services, with a technology stack of Erlang, Scala, Clojure and Haskell, combined with a serverless architecture.

Where Erlang has been key in this success story, is that it has enabled the core Klarna system to demonstrate extremely high availability over the years with zero downtime. Erlang has allowed the flexibility to grow massively and restructure the system without having to stop operating. 

Kivra

Why Erlang/Elixir?  

For innovative backend services

Kivra exists to develop sustainable and convenient solutions for everyday life. They do this by ensuring the secure, reliable delivery of digital financial information that previously would have been sent in paper form by traditional mail.

They are a fast-growing and ambitious FinTech scaleup operating in Sweden and Finland enabling over 37,000 companies, public authorities and organisations to service 5 million users (including half of the adult Swedish population) with over 200 million important digital documents every year. 

A key part of Kivra’s product offering is their Sender Platform, where Kivra’s B2B clients send important content and communications to end-users. Erlang Solutions have worked in close collaboration with Kivra in a fully remote team consisting of backend developers, frontend developers and UX specialists. We provided domain expertise in Erlang/Elixir technologies as well as contributing with advanced modern design and development practices such as design thinking and pair/team programming to deliver the solutions quickly in an iterative and incremental way. 

Bloomberg

Why RabbitMQ?

To help scale financial applications.

Bloomberg is one of the largest private networks in the world. They provide current financial data (around 120 billion pieces at a peak of more than 10 million messages per second) to leaders and decision-makers worldwide at very low latency. 

They make extensive use of middleware, including queues and use RabbitMQ (built in Erlang) for hundreds of teams at Bloomberg. Their model of messaging middleware as a service frees up application developers time to be used on other tasks and achieve scalability, flexibility, and maintainability, without needing to focus on the RabbitMQ Server details. 

OTP Bank

Why Erlang?

To build modern, digital banking infrastructure

OTP Bank has 13 million customers in central & eastern Europe and has worked closely with us on ambitious projects to disrupt and modernise their model to great success. They were refactoring their complete legacy IT backend system to secure a future-proof full banking infrastructure for secure, reliable, scalable real-time transactions – Erlang was identified as the right tool for the job.

Erlang Solutions were engaged to help with speeding up the delivery of innovative services to their customers by implementing LuErl, a new technology created by Erlang Solution’s engineer and co-creator of Erlang, Robert Virding, to shorten the customer feedback cycle from weeks to hours. The Erlang based immediate payment system was already using elements of the new design and has achieved zero downtime.

Memo Bank

Why Elixir?

To build a scalable reliable banking core system

Memo Bank is the first independent bank to be created in France in the last fifty years. It was founded in 2017 and serves the European small and medium businesses (SMB) market, helping them to manage cash flows and fund their growth as a bank. They provide all the services you’d expect from a business bank, from current accounts to credit lines. 

The Memo team chose Elixir as the right tool for the job as building a system that is available anytime, from any device was mission-critical for success. They also have identified Elixir systems’ scalability and availability as necessary to absorb real-time transactions reliably. Read more about Memo Bank’s story on our blog.

SUMMARY

So there you go. These success stories, along with those mentioned in part 1 of this blog series, provide a compelling argument for leveraging the BEAM VM, Erlang and Elixir for all manner of development projects and use cases within FinTech, and there are many more too which we cannot detail due to NDAs.

If you have development needs in the industry then we remain willing and available to offer expert consultancy to help you get your FinTech products to market faster while using fewer resources. You can contact us to speak with one of our expert consultants at any time across time zones.

The post 5 Erlang and Elixir Use Cases In FinTech 2/2 appeared first on Erlang Solutions.

by Michael Jaiyeola at September 27, 2021 08:32

September 26, 2021

The XMPP Standards Foundation

The XSF as a Fiscal Host

Managing funds is easy when you’re a large project owned by an incorporated entity with accountants at your disposal, or when you’re a small project run by one person who accepts and uses all donations. When you’re in between, however, it can be difficult to handle. If you’re a project with a few regular contributors but no bank account, who handles the money? For many projects the answer is a fiscal host.

Fiscal hosts accept donations on behalf of a smaller organization and then earmark the donations for that smaller groups use. This way the larger organization handles taxes and accounting and the smaller group doesn’t have to incorporate or pay lots of money for accountants.

Many fiscal hosts exist for software projects, some focused on particular areas of the software world that they want to see developed. Many general software focused hosts such as the Software Freedom Conservancy and the Open Source Collective have requirements that put them out of the reach of most small XMPP related projects. Until now no fiscal host has existed specifically to nurture and grow new XMPP related projects.

Today the XSF is announcing that it will change this by acting as a fiscal host for XMPP related projects. A new organization has been created on Open Collective and will be using their platform to accept donations on behalf of hosted projects. Funds are currently handled in USD (since the XSF is based in the U.S.) but projects from all over the world are welcome to apply! We can’t wait to see what small XMPP projects are able to do once they are given the tools they need to raise money under the umbrella of a 501(c)(3) non-profit organization like the XSF!

Screenshot of the XSF Open Collective page showing an Actions mnenu with “Apply” visible at the bottom.

The new terms of fiscal sponsorship can be found on the website, and you can apply for sponsorship by creating a collective for your project on Open Collective, then navigating to the XMPP organization and clicking “Apply”. This will present you with a form where you can enter the required information:

Screenshot of the application form that allows you to select an account to apply from as well as enter information about the project applying.

For more information about fiscal hosts, see the Open Collective Fiscal Hosts FAQ.

If you run an XMPP related open source project or organization and think you could benefit from a fiscal host to help you manage and distribute funds, consider applying!

September 26, 2021 00:00

September 24, 2021

Peter Saint-Andre

Opinions Weak and Strong

Continuing a thread that I started to explore earlier this year, I'd like to take a closer look at the intensity of opinions. Here as almost everywhere, there is a continuum: we all have opinions we hold strongly and opinions we hold weakly. Not only do the specific contents of these buckets change over time, but in general the intensity of one's opinions can change over time, too. We're all familiar with the sophomoric young adult who has strong opinions about everything (yes, I resembled that remark). Such an individual can be contrasted with the more mature person, who understands what truly matters in life and doesn't hold strong opinions about matters that are less important or positively unimportant....

September 24, 2021 00:00

September 17, 2021

Erlang Solutions

FinTech Matters newsletter | September 2021

Subscribe to receive FinTech Matters and other great content, notifications of events and more to your inbox, we will only send you relevant, high-quality content and you can unsubscribe at any time.

Read on to discover what really matters for tech in financial services right now for the Erlang ecosystem and beyond.

It’s back to school season following what was a disrupted summer for most, but one where the FinTech world has continued to innovate and grow – global investment in H1 reached $98bn (£18bn in the UK) and Revolut raised a funding round of $800m at a valuation of $33bn. 

Michael Jaiyeola, FinTech Marketing Lead

[Subscribe now]

The Top Stories Right Now

Study To Investigate The Impact Of Open Source Software On The EU Economy

This detailed report from the EU examines the technological independence, competitiveness and innovation around open source software. The main breakthrough of the study is described as being the ‘identification of open source as a public good’. The value of open source technologies for many modern industries is well recognised but financial services have lagged behind somewhat. It is true that in highly regulated industries the compliance requirements may require some extra work when it comes to open source, but the idea that to be successful you must build using proprietary technology is finally being dispelled. A report at the beginning of the year by ResearchAndMarkets.com forecast The Open Source Service Market to grow by 24 % by 2025. 

Communities like those of Erlang and Elixir offer collaboration and information sharing to raise standards for all – it’s not about free software. Where financial services infrastructure leverages open source technology that meets shared requirements then individual companies can focus on adding differential value to their products and services. For FinTech faster innovations while driving down development costs and speed to market is the holy trinity and open source technology enables this in the right use cases where being agile, responsive and scalable will determine competitiveness and success. 

Get the report

Solarisbank raises $224M at a $1.65B valuation

Solarisbank, the tech company with a banking license, (whose platform is built using Erlang and Elixir) will use the new funding to acquire Contis and expand API-based embedded banking tech in Europe. Solaris was one of the first to be a fully-fledged bank that offers Banking-as-a-Service which is one of the FinTech segments (along with embedded finance) that has thrived over the pandemic period.

Read more

FCA loses £300k worth of electronic devices

In a do as I say not as I do comedy own goal, the FCA has misplaced a total of 323 electronic devices (estimated worth £310,600) over the past three years, according to a freedom of information request.  The devices are predominantly made up of hundreds of laptops, tablets, desktops and mobile phones reported lost or stolen by FCA employees. Unsurprisingly, this raises questions about data protection standards at the industry regulator. 

Read more

Verizon and Mastercard partner to bring 5G capabilities to payments

The strategic aim is to integrate 5G into payments focusing on contactless shopping, checkout automation and Point of Sale (POS) experience solutions. It is stated that this will be achieved by harnessing the latest in IoT technology alongside real-time edge computing.

Read more

More content from us

Kivra – Nordic FinTech case study for digital document sending platform

Memo Bank’s story  – How they used Elixir to build a bank from scratch

State of play in FinTech – I take a high-level look at some of the industry trends of 2021 so far

Kim Kardashian’s cryptocurrency Instagram post – the ‘financial promotion with the single biggest audience reach in history’!

When ultra influential influencers meet newly developed tokens, what could possibly go wrong? Well potentially plenty according to the head of the FCA, Charles Randell, who called Ethereum Max (nothing to do with the Ethereum platform) ‘a speculative digital token created a month before by unknown developers’. Read more

One in four UK financial services workers want to work from home full-time

 A new survey from Accenture has found 24 per cent of the UK’s 1m financial services workers “would prefer to work entirely from home once a full return to office is possible”. Read more

Klarna joins leading climate change programmes

The Swedish BNPL unicorn is the first FinTech to sign up for The Climate Change Pledge and the Race to Zero campaign. Read more

Erlang Solutions byte size

Did you miss joining our livestream of “What’s Next for Blockchain in Financial Services’ during FinTech Week London? Well, don’t worry you can get exclusive early access to the full video of the panel debate here.

Code BEAM America – Created for developers, by developers, the conference is dedicated to bringing the best minds in the Erlang and Elixir communities together to SHARE. LEARN. INSPIRE. over two days November 4-5

Trifork Group (our parent company) reports revenue growth of 55% in Q2 and 46% in H1 2021. The Q2-2021 Interim Report can be downloaded here. In Q2, Trifork Labs continued its active investment strategy and increased investments in the new Fintech startups Kashet, a new mobile-first challenger bank in Switzerland, as well as in a joint-venture Fintech startup (Money), co-owned by three mid-sized banks. Trifork has entered an integration partnership with Modularbank, a cloud-native core banking as a service solution.

To make sure you don’t miss out on any of our leading FinTech content, events and news, do subscribe for regular updates. We will only send you relevant high-quality content and you can unsubscribe at any time.

Connect with me on LinkedIn

Email: michael.jaiyeola@erlang-solutions.com

The post FinTech Matters newsletter | September 2021 appeared first on Erlang Solutions.

by Michael Jaiyeola at September 17, 2021 11:44