Planet Jabber

January 17, 2022

Peter Saint-Andre

MLK and Personalism

In my recent post on idealism and identity, I mentioned my attraction to the philosophy of personalism, with its emphasis on human dignity. It is perhaps a little-known fact that Martin Luther King, Jr., was greatly influenced by that very philosophy. Early in life he ventured north to study at Boston University, then the center of personalist thought in America, where he completed his doctorate under theologian Edgar Sheffield Brightman. We can see the deep influence of personalism on King's views in two quotes from his famous "I Have a Dream" speech:...

January 17, 2022 00:00

January 15, 2022

Peter Saint-Andre

Idealism and Identity

Personal identity is a deep, and deeply meaningful, subject: at some level, what's more important than what makes you you? Paradoxically, throughout history and across cultures, often personal identity has been a social construct, tied closely to tribe, clan, family, ethnic group, race, caste, class, societal role, and so on - usually in opposition to some Other ("I'm a Capulet, not a Montague", "I'm a proletarian, not a bourgeois", etc.)....

January 15, 2022 00:00

January 13, 2022

Prosodical Thoughts

Prosody 0.11.12 released

We are pleased to announce a new minor release from our stable branch.

This is a security release that addresses a denial-of-service vulnerability in Prosody’s mod_websocket. For more information, refer to the 20220113 advisory.

A summary of changes in this release:

Security

  • util.xml: Do not allow doctypes, comments or processing instructions

Download

As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!

by The Prosody Team at January 13, 2022 14:07

Snikket

Snikket Server - 2022-01-13 security release

Snikket Server - 2022-01-13 security release

A security flaw has been found and fixed in a core component of the Snikket server software, Prosody. A fix has been released today, and it is recommended that everyone upgrades as soon as possible to receive the fix.

The flaw would allow an attacker to trigger the Snikket server to consume extreme amounts of resources (CPU and RAM), resulting in a denial of service.

Upgrading

You can find instructions for upgrading to the latest release in our upgrade guide.

If you are a Snikket hosting customer, you will receive an email with information about upgrading your instance.

Questions

What is a “Denial of Service” attack?

A “Denial of Service” attack (DoS) is any attack that causes an internet service (such as Snikket) to become unavailable to its users, i.e. unable to handle requests. In Snikket’s case, this means users would be temporarily unable to exchange messages, make calls, or share media and files.

Is any data at risk?

This flaw does not expose any data to the attacker. It simply causes Snikket to consume large amounts of memory and stop responding.

What is the impact of this issue?

Snikket may use large amounts of CPU and RAM while trying to handle traffic that has been specially crafted by an attacker to trigger this flaw. If Snikket is running on a server alongside other services, Snikket’s excessive use of resources may negatively impact those services as well.

How was this issue discovered?

The issue was discovered by the Prosody development team during a review of the code. It is not known to have been actively exploited by anyone. However, now that the fix has been published, it may bring more attention to the flaw. It is recommended that you upgrade as soon as possible.

What other changes are in this release?

This security release only contains changes that fix the security issue. No features or other fixes have been introduced in this release.

Is there a workaround?

If you cannot upgrade immediately, you can run the following command in your Snikket directory (where docker-compose.yml is located) to disable WebSocket support temporarily:

docker-compose exec -it snikket prosodyctl shell module unload websocket

WebSockets are enabled by default, but not used by any of the official clients; they are only needed for Web-based clients. Web-based clients should in addition be able to (be configured to) fall back to the unaffected BOSH endpoint.

Note that the above workaround is temporary - it will be reset if you restart Snikket for any reason. It is recommended to upgrade Snikket to achieve a permanent fix.

How can I tell if my version is affected?

The fix has been released in ‘beta.20220113’.

To check your version, log in to the Snikket web portal with your admin account. Then click on the “Snikket service” text at the bottom of the page. View the section “Software Versions” and ensure that the ‘Prosody’ component reports Snikket test 48-3d061. If you see 0.dev, 37-e5d49 or any number lower than 48 then your Snikket is not up to date yet. Follow the upgrade guide.

Further information

If you have any questions or concerns about this release, you can join the Snikket community chat or contact us directly.

References

by Snikket Team (team@snikket.org) at January 13, 2022 14:00

January 10, 2022

JMP

How to use Jabber from SMS

The Soprani.ca project, and Cheogram in particular, is pretty big on bidirectional gateways.  The most popular Cheogram-hosted instance, so popular that it gets to own Jabber IDs on cheogram.com, is a bidirectional gateway to the telephone network.  How is it bidirectional?  Don’t you need a Jabber ID to use it?  Of course not!

Sending a Message

From any SMS-enabled device, add +12266669977, which is the gateway’s phone number.  Send the following SMS:

/msg someone@server.tld Hello!

The user with Jabber ID someone@server.tld should shortly receive your message.  If they reply, what you see will depend on their relationship to the gateway.  If they have a backend route set (such as JMP, Vonage, or Twilio) then you will get an SMS from their associated phone number.  If not, you will get a message from the gateway’s number like this:

<someone@server.tld says> Oh, fun!

Joining a Chatroom

An SMS user can also join exactly one chatroom at a time.  Send this to the gateway’s number:

/join someroom@conference.server.tld

You should receive a message with the current list of participants, after which you will start seeing messages sent to the room.  After this point, any SMS send to the gateway’s number that is not a valid command (such as /msg) will be sent to your joined room as a message.  You can send /help at any time to get a list of other commands for leaving, setting your nickname, etc.

Making a Voice Call

To call a Jabber ID, first enter it into this form then dial one of the access numbers and follow it up with the extension generated by the form.

The extensions are often very long, so the easiest way to dial them on Android is to create a contact with a phone number of the form:

+access_number,*10816etc

If you have trouble with one access number, try another one.  If the Jabber ID you wish to call is very long some access numbers may time-out waiting for you to dial all the digits.

by Stephen Paul Weber at January 10, 2022 08:30

January 08, 2022

Peter Saint-Andre

Cultivating Curiosity

In my drive to hold fewer opinions (or at least hold them less strongly), for a while I tried to cultivate a healthy skepticism about things I believe - for instance, by attempting to question one opinion every week. This didn't work, at least for me, because it felt too negative. Instead, now I'm working to cultivate curiosity. Here are a few thoughts on the process....

January 08, 2022 00:00

January 05, 2022

Ignite Realtime Blog

Openfire 4.5.6 is released

Openfire 4.5.6 has been released, that addresses an annoying issue that was affecting the earlier 4.5.5 release. We’ve updated the bundled log4j library to version 2.17.1 for good measure.

The changelog denotes the two Jira issues closed by this release. You can find Openfire build artifacts available for download here and they have the following sha256sum values

3cf7be64dec0ab0d410ec38b15fae00eecd681c72140a8ad3ccc48be52a88982  openfire-4.5.6-1.i686.rpm
16d1d487d852efd80312fa796ffbaa61dd16e7b0e6587234639e9716e82b0745  openfire-4.5.6-1.noarch.rpm
db0fa0f3b0c904f6b15bcac3b4dc60db2aed8f8275f5f6af886d0bc8dbcdaf9c  openfire-4.5.6-1.x86_64.rpm
d7f2bca0bc82ef6ad404d36dcf4c3ba65a6f9191a00873a83c6739658ce124c6  openfire_4.5.6_all.deb
c96f79db2a9e434cc08ef5989062eb352e57315a25765c2a4f1442072eadbe07  openfire_4_5_6_bundledJRE.exe
77061c8aae0a892d041b8695f38ba2fe91b2844259654bb2e55bf505b9debe27  openfire_4_5_6_bundledJRE_x64.exe
c65ccbf45a69c0babe2876a9c511910d2601ff301539e9a4c3d94dc1b82952c9  openfire_4_5_6.dmg
5990611b18b9ffff5ff46dc8bb398306fc6361893c230ee5d71ad852564dcd49  openfire_4_5_6.exe
1f155e858a924e54b172fd884ccd49521fc55d89260b2e074e2b39b4271667c4  openfire_4_5_6.tar.gz
6df1c063efd674c059323431f786e9e2a70a3c6573e1012e2b56f6db7877d28f  openfire_4_5_6_x64.exe
400269969398c6ed90322ea8d199225b0cdf87a90a840d9aa123c0b941b1cfae  openfire_4_5_6.zip

For other release announcements and news follow us on Twitter

3 posts - 2 participants

Read full topic

by guus at January 05, 2022 15:56

January 04, 2022

Erlang Solutions

FinTech Matters newsletter | January 2022

Subscribe to receive FinTech Matters and other great content, notifications of events and more to your inbox, we will only send you relevant, high-quality content and you can unsubscribe at any time.

Read on to discover what really matters for tech in financial services right now for the Erlang ecosystem and beyond.

We’re avoiding any fintech predictions for 2022, because who knows what will happen, right?

Michael Jaiyeola, FinTech Marketing Lead

[Subscribe now]

The Top Stories Right Now

Lloyds on-site technology is “not fit for purpose” according to their own senior exec, leaked video exposes problems at the bank

A recorded internal meeting made its way to the Mail on Sunday newspaper in the UK and indicates digital transformation to be a major concern at the bank. Nick Williams, group transformation director at Lloyds, is on the call speaking to employees about ‘real concern’ over some legacy infrastructure.

Read the full story

What is it with Amazon x Visa?

Amazon announced back in November that they would stop accepting Visa branded credit cards for purchases in the UK. While the bigger picture is surely more complicated than negotiation leverage over high processing fees and reducing costs, this is still quite an aggressive move. It is more to do with the changing face of online payments and the growth of buy-now-pay-later and (potentially) mainstream acceptance of cryptocurrency. Of course, both the ecommerce/retail and payments industries will be watching how things play out as it will inform decisions by other players down the line.

Read the full story

More content from us

Product Development in Healthtech – we returned to in-person events at Barclays Rise in London recently to present this case study with the team from Trifork, our parent company. [View the Slide Deck]

Complyteq – we were also joined at Rise by CEO and founder Eske Gerup to discuss the latest in digital ID and onboarding technology. [More About Complyteq]

Christmas cheer was in short supply in Ghana’s parliament as things got out of hand during a vote to add a new tax on mobile payments.

[Watch the video]

JPMorgan Chase fined $200 million for conducting business on WhatsApp

This substantial penalty was for a failure to follow US federal record-keeping laws by allowing Wall Street employees to use apps including WhatsApp. Employees also used text messages and personal email accounts to communicate about sensitive business matters. 

[Read the full story]

Erlang Solutions byte size

ElixirConf EU 2022 – Returns as a hybrid event 7-8 April from London and online. Elixir runs on the BEAM VM – the same virtual machine as Erlang – and can be adopted right throughout the tech stack. It’s been used to build the systems at the likes of Klarna, SumUp and Memo Bank. [Find out more]

To make sure you don’t miss out on any of our leading FinTech content, events and news, do subscribe for regular updates. We will only send you relevant high-quality content and you can unsubscribe at any time.

Connect with me on LinkedIn

Email: michael.jaiyeola@erlang-solutions.com

The post FinTech Matters newsletter | January 2022 appeared first on Erlang Solutions.

by Michael Jaiyeola at January 04, 2022 15:13

January 03, 2022

Ignite Realtime Blog

Openfire 4.6.7 released (Log4j 2.17.1 only change)

Openfire 4.6.7 has been released with only a single change to bump the bundled log4j library to version 2.17.1. Whilst we do not believe Openfire to be vulnerable to the CVEs associated with the log4j 2.17.0 and 2.17.1 releases, we realize that many folks are running naive security scanners that are simply checking for bundled jar versions.

The changelog denotes the one Jira issue closed by this release. You can find Openfire build artifacts available for download here and they have the following sha256sum values

1a8f1516a3d398b7701ec9a1c8b790a9ece8f3ea59265ccce4e769af5d485f26  openfire-4.6.7-1.i686.rpm
11972b17d60b828345b75fa049469085f22b9aa233082f8fb9bcac90ba0876a6  openfire-4.6.7-1.noarch.rpm
d802fbd9b1a4011fe23c6338d77642cfbc813760d1f5c805bc5934881635edfb  openfire-4.6.7-1.x86_64.rpm
4ab20cb022d5068c1dc0c7024350db4ac63b28a757e216e98ee6863d8ec7d253  openfire_4.6.7_all.deb
2157a17479acc12e6392ad10c2c61d38e478438a279c970a15313e1a49cce7ba  openfire_4_6_7_bundledJRE.exe
ac1e91d23742493a4d56f489e52f77ee5f1db138091600f84b406956e6b701ef  openfire_4_6_7_bundledJRE_x64.exe
baae9416e5979a7dc1c44dab156e540152baf3368e8afe838ee70a64dcaf2ca2  openfire_4_6_7.dmg
b76b304dcbca084830d52da900051f837f605ce22411033fae68a00d28dc0c34  openfire_4_6_7.exe
6b2ba7c4976dbd36249269a453eb176d71a1e7f80575951cdd173d0ec4247056  openfire_4_6_7.tar.gz
fec61e4a573faf634336e535c51112ab94c3f09388ea16948b8c6906ebbdf9ef  openfire_4_6_7_x64.exe
1a92b45968719b7de00181d8dcfc5ef10e335b02deafcf7d6a5053a968ed0646  openfire_4_6_7.zip

At this point and due to limited community usage, we do not plan to create an additional 4.5 series release with this associated change. Please note that the 4.7.0-beta release of Openfire was made prior to all the security vulnerabilities associated with log4j and is thus vulnerable. We hope to finalize a 4.7.0 release very soon, which will also bring log4j to version 2.17.1. Update: we needed a 4.5 release for a different issue. We pulled in the log4j update as we were releasing anyway.

Thanks for your usage and interest in Openfire!

For other release announcements and news follow us on Twitter

3 posts - 3 participants

Read full topic

by akrherz at January 03, 2022 21:46

January 01, 2022

Peter Saint-Andre

Cultivating Empathy

If you ask those I work with or mentor what my distinctive personal qualities are, I suspect that on the short list you might find empathy. For instance, I often reach out to work colleagues if I know that they face significant challenges, if their skills aren't being fully utilized, if they're not appreciated as much as they should be, if someone on their team has resigned, or on the positive side if they've been doing great work....

January 01, 2022 00:00

December 29, 2021

Paul Schaub

PGPainless 1.0.0 Released!

Close to the end of 2021 I’m excited to announce the release of PGPainless version 1.0.0! After a series of release candidates, it is finally time to party! The OpenPGP library successfully underwent a security audit in late November and I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a “1” at the front.

Photo by Francesco Gallarotti on Unsplash

The audit was carried out over a period of 2 weeks by the nice folks of cure53.de. The team swiftly discovered some security flaws most of which were quickly fixed in the library. Some other issues (such as lacking brute-force protection) were declared out of scope, as they are better fixed on the application level. Others unfortunately are the direct consequence of compliance to the OpenPGP standard, e.g. the fact that secret keys are not encrypted using authenticated encryption (this will hopefully change soon). The results of the security audit are publicly available for anyone to read.

In the light of the recent Log4j related events, I’d like to explicitly express my gratitude towards the fine folks of FlowCrypt, which perpetually financially support my work on PGPainless. Particularly they sponsored the security audit. Their support makes PGPainless a sustainable free software project and is a significant factor for its success. Thank you so much!

Throughout its development PGPainless has now reached a steady JUnit test coverage of 90% and around 90+% agreement with the OpenPGP Interoperability Test Suite. Furthermore, the project is now reuse compliant!

As always, the new release is available on Maven Central for you to download. Since the binaries are reproducible, you can also grab the source code, build them yourselves and compare the hashes against the known-good values.

Now whats left for me is to wish everyone a Better New Year 2022! Stay safe and encrypted!

Paul

by vanitasvitae at December 29, 2021 23:17

Peter Saint-Andre

Questions and Answers

Consider the following statements... "There are no answers, only questions." "Life is all about the journey, not the destination." "A teacher or a counselor should encourage dialogue, not provide direction." All true as far as they go. And yet....

December 29, 2021 00:00

2021 Readings

As best I can reconstruct it, here are the books I read in 2021. Not included are scholarly papers, essays, and other short works. I've provided links to books that are available online at my monadnock.net website for works in the public domain....

December 29, 2021 00:00

December 27, 2021

Peter Saint-Andre

Weekly Wisdom

Although I don't make New Year's resolutions, at this time of year I do tend to reconsider some of my goals and practices. One thing I'd like to improve on is the frequency of entries in my online journal, because writing them pushes me to think about how I'm living and what I'm learning. Thus going forward I'll strive to post such reflections at least once a week - most likely on Friday evenings or over the weekend, when it's easier to find time for reflection. You can receive these missives in your inbox by visiting my philosopher.coach website and typing your email address in the subscription form at the bottom of the page....

December 27, 2021 00:00

December 26, 2021

Peter Saint-Andre

Meditations on Bach #9: Musical Monadology

In meditation #7 of this series, I took note of some similarities between the aesthetics of Aristotle and the music of Bach. Another intriguing influence might be the monadology of Gottfried Wilhelm Leibniz (1646-1716), who directly influenced philosophers and musical theorists in the Bach's orbit: for instance, Bach's student Lorenz Mizler (1711-1778) was a follower of the Leibniz scholar Christian Wolff (1679-1754). In chapter 5 of his book Music in the Culture of the Renassiance and Other Essays, Edward Lowinsky makes the following observations:...

December 26, 2021 00:00

December 22, 2021

Erlang Solutions

Dynamic XMPP Domains in MongooseIM

Introduction

MongooseIM is a robust instant messaging server focused on scalability and performance. It makes use of XMPP (Extensible Messaging and Presence Protocol), an open technology used mainly to develop instant messaging solutions. The protocol is highly extensible and has a very active community supporting it, which results in a variety of possible use cases, be it one-to-one text messaging, mobile group chat or collecting data from IoT sensors.

MongooseIM is an XMPP server that is constantly evolving to meet the rapidly changing demands while remaining highly scalable to handle millions of messages per minute, which is confirmed by both our load tests and the existing production installations. Recently we have seen a growing demand for massive multi-tenancy, where one MongooseIM cluster would handle more and more independent XMPP domains. We have been working tirelessly for many months on this and the result is our latest 5.0 release, which implements a completely new concept of dynamic XMPP domains. This feature allows you to have literally thousands of XMPP servers in one. To see the difference it makes, let us start with the original concept of XMPP when one server used to equal one domain.

Single-domain setup

A typical use case of XMPP is for a mobile instant messaging app. Each user is identified by their JID (Jabber Identifier), which has a form similar to an email address, e.g. alice@example.com can communicate with bob@example.com by connecting to the server example.com. It is very easy to configure this in MongooseIM with the TOML configuration file. The default file already contains the basic configuration, but in this example, we will write it from scratch. Let’s start with the minimal general section with the domain example.com defined in the list of static hosts:

[general]
  hosts = ["example.com"]
  default_server_domain = "example.com"

The default_server_domain is the domain that appears as the sender of XMPP stream errors returned by the server when a user cannot connect and the XMPP domain of the client is not known yet. To make this example complete, let’s add the auth section to the file, enabling user authentication with their accounts stored in a relational database, e.g. PostgreSQL:

[auth]
  methods = ["rdbms"]
  [auth.rdbms]

We also need to define the default connection pool, so MongooseIM can connect to the database.

[outgoing_pools.rdbms.default]
  scope = "global"
  workers = 5

  [outgoing_pools.rdbms.default.connection]
    driver = "pgsql"
    host = "localhost"
    database = "mongooseim"
    username = "mongooseim"
    password = "mongooseim_secret"

Finally, we need to define a client-to-server (c2s) listener to allow the clients to connect:

[[listen.c2s]]
  port = 5222

Now you can start MongooseIM, create an account for alice@example.com and use an XMPP client app to connect to the server. This setup is very minimalistic and certainly not secure enough for production use (there is no TLS), please see the documentation for more details.

Static multi-domain setup

One service provider might maintain the XMPP servers for a few companies, each of them having their own XMPP domain, just like for email addresses. Similarly to email, these companies might share one server installation, which can be easier and cheaper than having one server per business. This is why several domains would be hosted on a single server. Let’s update the general section in the configuration file to introduce two more domains. [1]

[general]
  hosts = ["example.com", "example.org", "example.net"]
  default_server_domain = "example.com"

It is possible to configure each domain differently, e.g. example.com can have message archive management (MAM) enabled to allow the users to retrieve stored chat messages. To do this, let’s enable the mod_mam_meta extension module.[2] The module should be specified in the host_config section to enable it only for one domain:

[[host_config]]
  host = "example.com"

  [host_config.modules.mod_mam_meta]
    backend = "rdbms"
    pm = {}

Dynamic multi-domain setup

Software as a service (SaaS) has become the standard way of providing IT services. In this scenario, we can imagine not just a few large companies, but thousands of small businesses (e.g. with up to 100 users each) using the same corporate chat solution built with MongooseIM. Each business would need their own XMPP domain, but they would neither want nor need their own MongooseIM installations, so instead they could pay for a hosted SaaS solution. The provider of such a solution would need to host hundreds or even thousands of domains on a single XMPP server.

To do this with a typical XMPP server (and with MongooseIM before version 5.0), one would have to edit the configuration file and restart the server for the changes to take effect. This is best done as a rolling upgrade, restarting one node at a time, but this procedure is quite tedious and takes some time. Another issue is that for each statically configured domain there are multiple resources allocated as all extension modules are started independently for each domain. Furthermore, the configuration file would become unmanageably large. To solve this problem, we could use the latest feature of MongooseIM 5.0.0: dynamic XMPP domains. Instead of defining thousands of hosts in the configuration file, we list only one host type – let’s call it basic. All we need to do is to modify the general section of the configuration file[3]:

[general]
  host_types = ["basic"]
  default_server_domain = "example.com"

We still need a static default_server_domain to be able to respond with XMPP stream errors. To allow domain management, we need to enable a service called service_domain_db – by default it will reuse the globally defined default DB pool that we already defined. The domains will be stored in our PostgreSQL database.

[services.service_domain_db]

The last step is to define the HTTP listener that will handle the REST requests[4]. Let’s set it up only on the loopback interface for localhost:

[[listen.http]]
  ip_address = "127.0.0.1"
  port = 8088

  [[listen.http.handlers.mongoose_domain_handler]]
    host = "localhost"
    path = "/api"

New domains can be added with a simple REST call:

curl -i -X PUT -H 'Content-Type: application/json' -d '{"host_type": "basic"}' \
  localhost:8088/api/domains/example.org

Such a request might be sent by a web server that would expose a GUI used to manage the domains. To cut off the inter-domain traffic we could separate them with an extension module called mod_domain_isolation. You can have multiple host types, which may correspond to different levels of service, e.g. when a distinction between standard and premium services is needed, we would add an advanced host type for the premium customers by editing the general section once more:

[general]
  host_types = ["basic", "advanced"]
  default_server_domain = "example.com"

Now we can enable the message archive only for the advanced host type:

[[host_config]]
  host_type = "advanced"

  [host_config.modules.mod_mam_meta]
    backend = "rdbms"
    pm = {}

You can use static and dynamic domains at the same time – for example, for a big company that would have its own unique set of configuration options, such as a separate database or other special features, the domain can be configured statically:

[general]
  hosts = ["big-company.example.com"]
  host_types = ["basic", "advanced"]
  default_server_domain = "example.com"

The diagram above summarizes the resulting setup, showing some client connections as well. Please refer to the documentation for more details regarding your MongooseIM configuration.

Performance of dynamic domains

When it comes to performance testing, we always push MongooseIM to the limits using amoc, our load testing tool, and amoc-arsenal-xmpp, a set of scenarios designed for testing XMPP servers. For dynamic domains we decided to run several scenarios targeted at different metrics, increasing the load to the point of failure. The number of users was up to 100 k for the one-to-one messaging test and these users were actively chatting, resulting in high message rates[5]. We also decided that the system under load should be a three-node cluster of c5ad.xlarge AWS EC2 machines with an xlarge RDS instance of PostgreSQL, which is quite a small setup, to show that even this modest installation can handle a heavy load.

Initially, every test was executed for one static domain – the performance of version 5.0 was identical to the one of version 4.2. Then, the users got evenly distributed among 1,000 different domains, which did not result in any performance drop. Finally, the scenario was pushed to the extremes with as many domains as users. This meant up to 100,000 domains, but even that high number was not enough to cause any fall in performance other than a slight increase in memory usage. Domains were created on the fly at rates of up to 24 k / min without putting significant additional stress on the system. Selected test results are shown below. There were many more configurations tested, but they are omitted for the sake of simplicity. Results would vary with any difference in the setup, so if you need to determine the limits of your installation, please contact us.

Test scenarioMetricMaximum value
One-to-one chat with MAM enabledOne-to-one sent and received message rate600 k / min
Group chat with MUC LightMUC Light message rate with 5 members per roomsent: 420 k / min
recv: 2.1 M / min

MAM lookup for one-to-one and group chat archives
MAM request rate with 5 messages returned per request360 k / min
MAM lookup for one-to-one and group chat archivesRate of messages returned from MAM archive1.8 M / min

Conclusion 

Some XMPP servers allow you to add virtual hosts – this is usually done with configuration files and does not allow grouping domains into host types. What sets MongooseIM 5.0 apart is that the dynamic domains are seamlessly integrated with almost all[6] features and extensions, making it possible to easily set up and maintain thousands of domains without any performance penalty.

Load test results show that you can expect high performance from MongooseIM, no matter if you need to host one huge domain or thousands of smaller ones. The only thing to worry about is the design and implementation of your front-end application and MongooseIM will certainly take care of the traffic generated by the millions of connected devices.

If you would like to talk to us about how your project can benefit from using MongooseIM, you can contact us at general@erlang-solutions.com and one of our expert team will get right back to you.


[1] default_server_domain can be one of the defined hosts, but it can be a different domain name as well.

 [2] Such modules enable optional features of MongooseIM and they usually implement XMPP extension protocols, e.g. mod_mam_meta implements XEP-0313. More information about it can be found in the documentation.

[3] If you are following the examples, it is best to remove the host_config section as well, as it is no longer relevant.

[4]  This listener is already enabled in the default configuration file.

[5]  MongooseIM can handle many more connected users, especially on bigger instances, see our blog post on scalability. However, an extremely high number of users makes tests difficult to repeat, so it is better to have a lower number of users and a higher message rate per user. One could always add a lot of inactive users to the test, but there is little point in doing so.

[6]  Please see the documentation for a complete list of exceptions. 

The post Dynamic XMPP Domains in MongooseIM appeared first on Erlang Solutions.

by Pawel Chrzaszcz at December 22, 2021 14:40

December 21, 2021

Erlang Solutions

Blockchain Tech Deep Dive 3/4 | Meaning of Ownership

This is this third part of our ‘Making Sense of Blockchain’ blog post series, here we look back at a post originally authored by Dominic Perini on how our attitudes to ownership are changing and how this relates to the value we attach to digital assets in the blockchain space. You can read part 1 of this series on ‘6 Blockchain Principles’ here.

Join our FinTech mailing list for more great content and industry and events news, sign up here >>

Theme III

Digital Assets: Ownership in the Era of Blockchain

Ownership, provenance and handling
While physical goods contain an abstract element: the design, the capacity to model it, package it and make it appealing to the owners or consumers. Digital assets have a far stronger element of abstraction which defines their value while their physical element is often negligible and replaceable (e.g. software can be stored on disk, transferred or printed). These types of assets typically stimulate our intellect and imagination.

The peculiarity of digital goods is that they can be copied exactly at a very low cost: for example, they can be easily reproduced in multiple representations on heterogeneous physical platforms or substrates thanks to the discrete nature in which we store them (using a simplified binary format). The perceivable form can be reconstructed and derived from these equal representations an infinite number of times. This is a feature that dramatically influences how we value digital assets. The opportunity to create replicas implies that it is not the copy nor the rendering that should be valued, but rather the original digital work. In fact, this is one of the primary achievements that blockchain has introduced via the hash lock inherent to its data structure.

If used correctly the capacity to clone a digital item can increase confidence that it will exist indefinitely and therefore maintain its value. However, the immutability and perpetual existence of digital goods are not immune from facing destruction, as at present there is a dependence on a physical medium (e.g. hard disk storage) that is potentially subject to alteration, degradation or obsolescence.

A blockchain, such as that of the Bitcoin network, represents a model for vast replication and reinforcement of digital information via Distributed Ledger Technology (DLT). Here, repair mechanisms can intervene in order to restore integrity in the event that data gets corrupted by a degrading physical support (i.e. a hard disk failure) or a malicious actor.

However, as genetic evolution suggests, clones with equal characteristics can all face extinction by the introduction of an actor that makes the environment unfit for survival. Thus, it might be sensible to introduce heterogeneous types of ledgers to ensure their continued preservation on a variety of physical platforms and therefore enhance the likelihood of survival of information.

The evolution of services and their automation

Now let’s consider how we have started to attach value to services and how we are becoming increasingly demanding about their performance and quality.

Services are a form of abstract valuable commonly traded on the market. They represent the actions bound to the contractual terms under which a transformation takes place. This transformation can apply to physical goods, digital assets, other services themselves or to individuals. What we trade is the potential to exercise a transformation, which in some circumstances might have been applied already. For instance, a transformed commodity, such as refined oil, has already undergone a transformation from its original raw form.

As transformations are being automated more and more, and the human element is progressively being removed, even services are gradually taking the shape of automated algorithms that are yet another form of digital asset, as is the case with smart contracts. Note, however, that in order to apply the transformation, an algorithm is not enough, we need an executor such as a physical or virtual machine.


Sustainability and access to resources

Stimulation of the intellect and/or imagination isn’t the only motivator that explains the increasing interest in digital goods and consequently their rising market value. Physical goods are known to be quite costly to handle. In order to create, trade, own and preserve them there is a significant expenditure required for storage, transport, insurance, maintenance, extraction of raw materials etc.

There is a competitive and environmental cost involved, which makes access to physical resources inherently non-scalable and occasionally prohibitive, especially in concentrated urban areas. As a result, people are incentivised to own and trade digital goods and services. 

The high power consumption required by the Bitcoin network’s method of consensus would potentially negate these environmental benefits. However, Keith Bear from the Cambridge Centre for Alternative Finance (CCFA) recently discussed their publication of the Bitcoin Power Index with us. He told us that although power consumption is a concern it should be remembered that blockchain technology can act as a force for good, being used for environmentally beneficial projects.

Services traditionally require resources to be delivered (e.g. raw material processing). However, a subset of these (such as those requiring non-physical effort, for instance, stock market trading, legal or accounting services) are ideally suited to being carried out at a significantly lower cost via the application of algorithmic automation (assuming that the high carbon footprint required to drive the ‘Proof of Work’ consensus mechanism used in many DLT ecosystems can be avoided).

Barriers to acceptance of digital assets

Whereas it is sensible to forecast a significant expansion of the digital assets market in the coming years, it is also true that, at present, there are still several psychological barriers to overcome in order to get broader traction in the market.

The primary challenge relates to trust. A purchaser wants some guarantees that traded assets are genuine and that the seller owns them or acts on behalf of the owner. DLT provides a solid way to work out the history of a registered item without interrogating a centralised trusted entity. Provenance and ownership are inferable and verifiable from a number of replicated ledgers while block sequences can help ensure there is no double spending or double sale taking place within a certain time frame.

The second challenge is linked to the meaning of ownership outside of the context of a specific market. A good example of this is provided by the closure of Microsoft’s ebook store. Microsoft’s decision to pull out of the ebook market, presumably motivated by a lack of profit, could have an impact on all ebook purchases that were made on that platform. The perception of the customer was obviously that owning an ebook was the same as owning a physical book. What Microsoft might have contractually agreed through its End-User License Agreement (EULA), however, is that this is true only within the contextual existence of its platform.

There is a push, in this sense, towards forms of ownership that can break out from the restrictions of a specific market and be maintained in a broader context. Blockchain’s DLT in conjunction with smart contracts, that exist potentially indefinitely, can be used to serve this purpose allowing people to effectively retain their digital items’ use across multiple applications.

The transition to these new notions of ownership is particularly demanding when it comes to digital non-fungible assets. Meanwhile, embracing fungible assets, such as a cryptocurrency, has been somewhat easier for customers who are already used to relating to financial instruments. This is probably because fungible assets serve the unique function of paying for something, while in the case of non-fungible assets there is a range of functions that define their meaning in the digital or physical space.


What this will mean for blockchain adopters

In discussing the major emerging innovation that blockchain technology has influenced dramatically over the last two years, the ownership of digital assets, it is clear that what we are witnessing is a new era that is likely to revolutionise the perception of ownership and reliance on trusted and trustless forms of automation. This is driven by the need to increase interoperability, cost compression, sustainability, performance and customisation.

For any business size in any industry, we’re ready to investigate, build and deploy your blockchain-based project on time and to budget. Let us know about your blockchain project here.

Stay tuned for the final part of this deep dive blockchain series where we make the case for Erlang and Elixir programming languages to innovate with blockchain.

The post Blockchain Tech Deep Dive 3/4 | Meaning of Ownership appeared first on Erlang Solutions.

by Erlang Admin at December 21, 2021 10:04

December 20, 2021

Prosodical Thoughts

Prosody 0.11.11 released

We are pleased to announce a new minor release from our stable branch.

This release contains some fixes to PEP to control memory usage, along with a small batch of fixes for issues discovered since the last release.

This will likely be the last release of the 0.11 branch.

A summary of changes in this release:

Fixes and improvements

  • net.server_epoll: Prioritize network events over timers to improve performance under heavy load
  • mod_pep: Add some memory usage limits
  • mod_pep: Prevent creation of services for non-existent users
  • mod_pep: Free resources on user deletion (needed a restart previously)

Minor changes

  • mod_pep: Free resources on reload
  • mod_c2s: Indicate stream secure state in error text when no stream features to offer
  • MUC: Fix logic for access to affiliation lists
  • net.server_epoll: Improvements to shutdown procedure #1670
  • net.server_epoll: Fix potential issue with rescheduling of timers
  • prosodyctl: Fix to ensure LuaFileSystem is loaded when needed
  • util.startup: Fix handling of unknown command line flags (e.g. -h)
  • Fix version number reported as ‘unknown’ on *BSD

Download

As usual, download instructions for many platforms can be found on our download page

If you have any questions, comments or other issues with this release, let us know!

by The Prosody Team at December 20, 2021 21:57

December 19, 2021

Peter Saint-Andre

A Friend by Any Other Name

It is said that when the ancient Greek philosopher Epicurus died, he left behind thousands of friends. This was 2300 years before Facebook, so how could he have befriended so many people?...

December 19, 2021 00:00

December 16, 2021

Ignite Realtime Blog

Openfire 4.6.6 and 4.5.5 releases (Log4j-only changes)

As we’re monitoring developments around the recent Log4j vulnerabilities, we’ve decided to provide another update for Openfire to pull in the latests available updates from Log4j.

Since the previous release, the Log4j team released a new version (2.16.0) of their library, that provides better protection against the original vulnerability (CVE-2021-44228), but also guards against a newly discovered vulnerability (CVE-2021-45046) in Log4j.

The Ignite Realtime community has decided to immediately make available new releases of Openfire that include this newer version of Log4j: Openfire 4.6.6 and Openfire 4.5.5.

In addition to upgrading the Log4j libraries to version 2.16.0, we have put in place the mitigation measures that were defined for these CVEs. It’s important to note that these mitigation measures are known to be insufficient to fully protect against the vulnerabilities. However, the update to version 2.16.0 of Log4j makes these measures redundant. We have opted to include them anyway, as we know that many of you modify Openfire to a great extent. If such modifications would inadvertently re-introduce a vulnerable version of Log4j, at least some mitigation is in place. No changes other than these Log4j-related changes are included in the releases that we are publishing today.

We are aware that for some, the process of deploying a new major version of Openfire is not a trivial matter, as it may encompass a lot more than only performing the update of the executables. Depending on regulations that are in place, this process can require a lot of effort and take a long time to complete. To facilitate users that currently use an older version of Openfire, we are also making available a new release in the older 4.5 branch of Openfire that pulls in the Log4j update. An upgrade to that version will, for some, require a lot less effort. Note well: although we are making available a new version in the 4.5 branch of Openfire, we strongly recommend that you upgrade to the latest version of Openfire (currently in the 4.6 branch), as that includes important fixes and improvements that are not available in 4.5.

The following sha256 checksums are valid for the Openfire 4.6.6 distributables:

507b4899fb1c84b0ffd95c29278eeefd56ac63849bb730192b26779997ada21b  openfire-4.6.6-1.i686.rpm
d2913d913449a9e255b10ea6ee22a5967083a295038c21d3b761bb236c22e0cd  openfire-4.6.6-1.noarch.rpm
02aa7af09286f25fbceef1ea27940e1696ced1e3a6c28b5e0ae094d409580734  openfire-4.6.6-1.x86_64.rpm
3add3c877745dcc6aacd335cfc8fe1674567bb3b28728cfa6c008556c59a9e98  openfire_4.6.6_all.deb
00c5ecbbf725de1093bfe3e5774b8c0e532742435439f70a4435fc5bed828b99  openfire_4_6_6_bundledJRE.exe
4ff92208e62f0455295a8cf68d57e2d9e3ede15c71aaab26cf1a410dce5aba5b  openfire_4_6_6_bundledJRE_x64.exe
2584a6b61f0d9447a868f9bfadb5892d56d854198604b3ace9b638b8c217cac4  openfire_4_6_6.dmg
6cc42bfb60a5f8453c37d980c24c2a5ba48e1e1363ebfcc5d7f2e1deb6da5f17  openfire_4_6_6.exe
6431a22d2dd9f077b9b2ee8949238c0f076ab34d43ee200a6873fa5453630bd6  openfire_4_6_6.tar.gz
ec8da5fdc93065df9bf41c0f4aebd6bb47f1dea11dcc96665ac0105f035378b2  openfire_4_6_6_x64.exe
af68252b98b8af6afb0753b4054adcf4cab1968579eaaf644d4da663e9461dce  openfire_4_6_6.zip

For Openfire 4.5.5, the sha256 checksums are:

247f0769e0a449c698ac9c23b658a02131ac6f774f4394dc9bb4e7f114159cc8  openfire-4.5.5-1.i686.rpm
4603f92ce9822d1f43d27a9e15b859232cd09f391e9aeef0b99a782a03ecd12e  openfire-4.5.5-1.noarch.rpm
9df54cbef30664635ed2977a21beded56fa120c5ff9e89b4cfa7466171344517  openfire-4.5.5-1.x86_64.rpm
0815f07094fcfaf4e17aca3ea26f42835b5ff1b486475aff6b743e914709e788  openfire_4.5.5_all.deb
dff2e81da7457e3d8c1ee9e23ff43dd812f56db09df53588df7a5ea5622b1e6e  openfire_4_5_5_bundledJRE.exe
96c2a4f5ed94dda76942ec7e540430c505448a2625a10f52cdc91c2dae0f720a  openfire_4_5_5_bundledJRE_x64.exe
a1ddd675b24b661186645786d1489cb6d80c90c2cae178992af509b5241fb275  openfire_4_5_5.dmg
971b97bc9d405a03d2c3fba51a698cf92397b24104b28fec06b993b6d52568ce  openfire_4_5_5.exe
a5f199bf2347725b952a995c1cfbeb1b8e45c9a26c177100669eeed7679da742  openfire_4_5_5.tar.gz
b5b55c5938b430fa50c702da6b8336be7f79d2c97eb09623dc0c9bd59663aead  openfire_4_5_5_x64.exe
44f90a4f4f7ecebd7cffadc7f108e4bcb8b70dc77b36698d48efaf3eb7650c91  openfire_4_5_5.zip

The process of upgrading is outlined in the Openfire upgrade guide. If you would prefer to enlist support in applying this update, various professional partners are available that can help.

We are always happy to hear about your experiences, good or bad! Please consider dropping a note in the community forums or hang out with us in our web support groupchat.

For other release announcements and news follow us on Twitter!

13 posts - 7 participants

Read full topic

by guus at December 16, 2021 17:25

December 13, 2021

Erlang Solutions

Aleksander Lisiecki’s prize-winning eArangoDB at SpawnFest 2021

What is SpawnFest?

It’s tempting to say that SpawnFest is an event that doesn’t need an introduction, but we’ll give it one anyway. SpawnFest is an annual remote hackathon, where teams have exactly one weekend (48 hours to be exact) to create the best BEAM-related applications they can. It is the biggest event of its kind in the Erlang and Elixir community, with fantastic sponsors, prizes, participants and judges coming together to learn, inspire and hack. This year, we’re extremely proud to announce that our very own Aleksander Lisiecki claimed a podium finish in a number of categories for his project eArangoDB. His final haul was:  Maintainability – 1st 🥇, Correctness – 2nd 🥈 and Completion – 3rd 🥉. You can see the full results for overall winners and other categories here. We invited Aleksander to the blog to share more about his project, the inspiration and the competition as a whole: 

Why did you enter the competition?

Aleksander: I enjoy the convenience of participating in a remote competition, which is self-explanatory regarding the current COVID situation. Another advantage is that all teams are accepted, which is not the case in other hackathons. And last but not least the prizes this year are awesome!

What inspired this project?

I have had an interest in graph databases for a while. The possibilities they give are exciting, and they can be used in a variety of really interesting ways from social media modelling to fraud detection and many more. In last year’s SpawnFest I worked on a project to provide an API from Erlang to Noe4j, a graph database. This year I wanted to try doing a similar concept but for ArangoDB. It is a more complex challenge as it is not a pure graph but a multi-model database. There were many more API calls to be implemented. I wanted to have an option to choose between different databases picking the best one depending on the use case and requirements.

Sounds great, where can we see the work? 

A full demo with code and description is available here: https://github.com/spawnfest/eArangoDB/tree/master/demo/demo_cities

The judges loved your project, how did you feel it went?

Overall I am satisfied with the result. I managed to implement the main part of my project. There are some rough edges here and there, but that is always the case with hackathon-style projects.

Any thoughts for adding on how this project could be improved in the future? 

There is always space for improvements. The competition only lasts for 48 hours, which means that you are not able to polish the project with a shiny finish, but it is important to have the basic concept working. In the future, I think it will be beneficial to use property-based testing in test suites. Another thing left to do is to implement some validation options and some helpers regarding response handling, especially focusing on more readable error messages. The project might also benefit from adding logging or, even better, adding telemetry events.

How do you find remote vs in-person hackathons?

In a remote hackathon usually, all teams are accepted. That is not the case in most hackathons, as they happen in person, and organisers have to limit the number of participants due to limited room size. Moreover, you work from the comfort of your desk, using the equipment setup you have built and improved over the years. Last but not least, you can sleep in your bed, which is not the case for in-person hackathons. On the other hand, if a hackathon happens in person, there are some extra attractions available like free pizza and coffee, some games to be played in the break like foosball or some board games.

Any advice for participants for next year?

SpawnFest, like any other hackathon, is about two things: a great idea and bringing the idea to life, or at least a prototype of it. I highly recommend you start thinking about ideas as soon as possible. Do not go too big, it is better to pick a slightly smaller project and deliver it within a limited time than it is to try to implement a huge idea that you won’t have time to finish. Read the rules carefully and check what the prizes are awarded for, and focus on those aspects of your project.

Last but not least, do not forget that it is about having fun! See you next year at SpawnFest!

The post Aleksander Lisiecki’s prize-winning eArangoDB at SpawnFest 2021 appeared first on Erlang Solutions.

by Aleksander Lisiecki at December 13, 2021 16:31

Isode

Successfully Managing HF Radio Networks

With the potential for new technologies to cause interference to traditional communications networks and even space itself at the risk of becoming weaponised, it is important to make sure that you always have a backup plan for your communications ready and waiting.

Should the worst happen and your primary network, typically SatCom, go down you need to ensure that you can still communicate with your forces wherever they are, and that communication needs to be fast,  simple and reliable. It also needs to be suitable for operation within degraded and denied environments.

That’s where HF Radio has a distinct advantage, utilising the ionosphere itself to relay communications and long-range radio signals. If you’re interested you can read more about the benefits of communications over HF Radio and how Isode is developing HF technology here.

When implementing new technologies, one of the challenges you can always expect to face is how you manage them and control how the important systems connect with one another. For HF Radio, that has always been a factor limiting its deployment, how do you ensure that mobile units remain connected to your HF network as they move from one location to the next?

This can now be done by our latest HF Radio enhancement product, Icon Topo. 

Icon Topo is a state of the art, web-based management system for HF Radio networks. The management system allows an operator to monitor and control the location of Mobile Units such as ships or aircraft, ensuring that as they move from one HF Access Point to another they can remain connected to your communications network.

The Icon Topo system allows you to manage your Mobile Units across multiple HF Networks, and plan a connection route for them as they do so, all from an easy forms-based interface. Removing any interruptions to service or downtime from applications as the MU moves across its intended path.

You can read more on Icon Topo here.

Alongside our HF management system, we have also recently developed our Red/Black solution to manage encrypted data over HF networks.

Red/Black is a Web-based server that can provide control and monitoring of different devices and servers. This is intended to complement, not replace, primary device management tools. Red/Black servers can operate in a pair, to monitor and control devices across a secure boundary.

Our Red/Black servers are designed to support HF radio systems through the display and management of communication chains, as seen below. They allow separation of, and passage for encrypted information across restricted networks from a ‘high’ side to a ‘low’ side. 

You can read more about our Red/Black solution here

The above two products give you full oversight over your HF networks so that you can be confident you will retain complete control over what gets to connect to your HF network and how exactly they do it.

If you’d like more information on our HF products, or are interested in a product demo then get in touch with us on sales@isode.com, alternatively you can fill out a contact form on our website and one of our team will get back to you.

by admin at December 13, 2021 11:14

December 10, 2021

Ignite Realtime Blog

Openfire 4.6.5 released

Although we’re preparing for the Openfire 4.7.0 release, the recently discovered vulnerability in the Apache Log4j utility prompted us to push an immediate release of Openfire to address that issue. This release, Openfire 4.6.5, is available now.

We urge you to update as soon as possible. If that’s not feasible, then we advise you to apply the documented workaround (in the form of adding the following argument in the start script for Openfire: -Dlog4j2.formatMsgNoLookups=true) and/or look into applying other mitigating actions.

The process of upgrading is outlined in the Openfire upgrade guide. Please note that, if desired, a significant amount of professional partners is available that can provide commercial support.

You can find Openfire release artifacts on the download page. These are the the applicable sha256sums:

926e852abfe67970a4a64b7a58d16adbd3ae65269921288909d2a353457ac350  openfire-4.6.5-1.i686.rpm
5041fd66f5cf4642d25012642d827ad80c40057ba66f79aad04918edc94085ec  openfire-4.6.5-1.noarch.rpm
f1d7ed2d5d5bbd12c3af896329df48f97b73ae5435980b524248760a246552f6  openfire-4.6.5-1.x86_64.rpm
da113f737514457209194024f57a90f52f499fefbf0a9eb3e3d888b24f214ece  openfire_4.6.5_all.deb
c16e13348767b489aef905d912eafca9650428af16a729b63a208fdbe97c9783  openfire_4_6_5_bundledJRE.exe
e03cd4e5b2a76b203540580ca2714541ee86b1ef3b677d5c312d099567674f2d  openfire_4_6_5_bundledJRE_x64.exe
28d628db9cce3cfb7acfa19977235b569729bcebff65a511dd882a4c1b554d6c  openfire_4_6_5.dmg
cb1c4a5f888cbeeb6bbfd29460c8095941cecddd8c5f03b3d3f1ca412a995e81  openfire_4_6_5.exe
fcc3d45e9b80536b463fedbb959ff1e4f5fc5cef180502f6810c0f025a01f4ac  openfire_4_6_5.tar.gz
fe216d1eecb23050ebbf28f7afa8930ca167d99516051c3f5e03d545e183cf4c  openfire_4_6_5_x64.exe
fd0f853b249a8853da51b056f1e6b31d04c49763394321dbd60abb8cef9df940  openfire_4_6_5.zip

Apart from addressing the log4j issue, this release includes a small number of other modifications, as documented in the changelog.

We’re always happy to hear about your experiences, good or bad! Please consider dropping a note in the community forums or hang out with us in our web support groupchat.

For other release announcements and news follow us on Twitter

31 posts - 13 participants

Read full topic

by guus at December 10, 2021 18:40

December 09, 2021

ProcessOne

ejabberd 21.12

This new ejabberd 21.12 release comes after five months of work, contains more than one hundred changes, many of them are major improvements or features, and several bug fixes.

ejabberd 21.12 released

When upgrading from previous versions, please notice: there’s a change in mod_register_web behaviour, and PosgreSQL database, please take a look if they affect your installation.

A more detailed explanation of those topics:

Optimized MucSub and Multicast processing

More efficient processing of MucSub and Multicast (XEP-0033) messages addressed to big number of addresses.

Support MUC Hats

MUC Hats (XEP-0317) defines a more extensible model for roles and affiliations in Multi-User Chat rooms. This protocol was deferred, but it is supported by several clients and servers. ejabberd’s implementation supports both the XEP schema, and also the Conversejs/Prosody custom schema.

New mod_conversejs

This module serves a simple page to allow the Converse.js XMPP web browser client connect to ejabberd. It can use ejabberd’s Websockets or BOSH (HTTP-Bind).

By default this module points to the public online client available at converse.js. Alternatively, you can download the client and host it locally with a configuration like this:

hosts:
  - localhost

listen:
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    tls: false
    request_handlers:
      /websocket: ejabberd_http_ws
      /conversejs: mod_conversejs
      /converse_files: mod_http_fileserver

modules:
  mod_conversejs:
    websocket_url: "ws://localhost:5280/websocket"
    conversejs_script: "http://localhost:5280/converse_files/converse.min.js"
    conversejs_css: "http://localhost:5280/converse_files/converse.min.css"
  mod_http_fileserver:
    docroot: "/home/ejabberd/conversejs-9.0.0/package/dist"
    accesslog: "/var/log/ejabberd/fileserver-access.log"

Many PubSub improvements

Add delete_old_pubsub_items command.
Add a command for keeping only the specified number of items on each node and removing all older items. This might be especially useful if nodes may be configured to have no ‘max_items’ limit.

Add delete_expired_pubsub_items command
Support XEP-0060’s pubsub#item_expire feature by adding a command for deleting expired PubSub items.

Fix get_max_items_node/1 specification
Make it explicit that the get_max_items_node/1 function returns ?MAXITEMS if the ‘max_items_node’ option isn’t specified. The function didn’t actually fall back to ‘undefined’ (but to the ‘max_items_node’ default; i.e., ?MAXITEMS) anyway. This change just clarifies the behavior and adjusts the function specification accordingly.

Improvements in the ejabberd Documentation web

Added many cross-links between modules, options, and specific sections.

Added a new API Tags page similar to “ejabberdctl help tags”.

Improved the API Reference page, so commands show the tags and the definer module.

Configuration changes

mod_register_web is now affected by the restrictions that you configure in mod_register (#3688).

mod_register gets a new option, allow_modules, to restrict what modules can register new accounts. This is useful if you want to allow only registration using mod_register_web, for example.

PosgreSQL changes

Added to PgSQL’s new schema missing SQL migration for table push_session (#3656)

Fixed in PgSQL’s new schema the vcard_search definition (#3695).
How to update an existing database:

ALTER TABLE vcard_search DROP CONSTRAINT vcard_search_pkey;
ALTER TABLE vcard_search ADD PRIMARY KEY (server_host, lusername);

Summary of changes:

Commands

  • create_room_with_opts: Fixed when using SQL storage (#3700)

  • change_room_option: Add missing fields from config inside mod_muc_admin:change_options

  • piefxis: Fixed arguments of all commands

Modules

  • mod_caps: Don’t forget caps on XEP-0198 resumption

  • mod_conversejs: New module to serve a simple page for Converse.js

  • mod_http_upload_quota: Avoid ‘max_days’ race

  • mod_muc: Support MUC hats (XEP-0317, conversejs/prosody compatible)

  • mod_muc: Optimize MucSub processing

  • mod_muc: Fix exception in mucsub {un}subscription events multicast handler

  • mod_multicast: Improve and optimize multicast routing code

  • mod_offline: Allow storing non-composing x:events in offline

  • mod_ping: Send ping from server, not bare user JID (#3658)

  • mod_push: Fix handling of MUC/Sub messages (#3651)

  • mod_register: New allow_modules option to restrict registration modules

  • mod_register_web: Handle unknown host gracefully

  • mod_register_web: Use mod_register configured restrictions (#3688)

PubSub

  • Add delete_expired_pubsub_items command

  • Add delete_old_pubsub_items command

  • Optimize publishing on large nodes (SQL)

  • Support unlimited number of items

  • Support ‘max_items=max’ node configuration (#3666)

  • Bump default value for ‘max_items’ limit from 10 to 1000 (#3652)

  • Use configured ‘max_items’ by default

  • node_flat: Avoid catch-all clauses for RSM

  • node_flat_sql: Avoid catch-all clauses for RSM

SQL

  • Use INSERT … ON CONFLICT in SQL_UPSERT for PostgreSQL >= 9.5

  • mod_mam export: assign MUC entries to the MUC service (#3680)

  • MySQL: Fix typo when creating index (#3654)

  • PgSQL: Add SASL auth support, PostgreSQL 14 (#3691)

  • PgSQL: Add missing SQL migration for table push_session (#3656)

  • PgSQL: Fix vcard_search definition in pgsql new schema (#3695)

Other

  • captcha-ng.sh: “sort -R” command not POSIX, added “shuf” and “cat” as fallback (#3660)

  • Make s2s connection table cleanup more robust

  • Update export/import of scram password to XEP-0227 1.1 (#3676)

  • Update Jose to 1.11.1 (the last in hex.pm correctly versioned)

ejabberd 21.12 download & feedback

As usual, the release is tagged in the Git source code repository on Github.

The source package and binary installers are available at ejabberd XMPP & MQTT server download page.

If you suspect that you’ve found a bug, please search or fill a bug report on Github.

The post ejabberd 21.12 first appeared on ProcessOne.

by Jérôme Sautret at December 09, 2021 18:40