Planet Jabber

The blog posts have slipped somewhat, last blog post covering two weeks. Let’s try to fix that.

The next step for file transfers was to implement more Jingle transport methods. Currently, only in-band bytestreams are implemented as transport methods. The inefficiencies have been discussed already, it mostly boils down to the fact that in-band bytestreams exchange base64-encoded data over the XMPP stream.

The next transport method to be implemented are SOCKS5 bytestreams (S5B, XEP-0065, XEP-0260). They can work in direct (peer-to-peer) or mediated (via a proxy server) mode, depending on whether the clients are visible to each other or whether they want to share their IP address.

SOCKS5 is a relatively simple protocol, it can basically be implemented after reading its Wikipedia page: After establishing a TCP connection to the proxy server, the client sends its available authentication methods, the server chooses one, the authentication happens. After successful authentication, the client specifies where it wants to connect to and the server acks that. Thereafter, one can use the TCP connection as if it was connected to the previously specified IP address, sending and receiving data as if one were connected directly.

SOCKS5 bytestreams use this protocol in a somewhat peculiar way. Instead of specifying IP addresses to connect to, the SOCKS5 proxy more or less acts like a rendez-vous point. Both sides that want to use the proxy as mediator connect to it, and specify a common but somewhat random fictional domain name to connect to. After one of the clients “activates” the connection via XMPP, data can flow between these clients.

In theory, this is just another Jingle transport method, so one wouldn’t have to modify the Jingle code to add it. However, since we only have one transport method yet, the abstractions are probably not quite right yet: For example, S5B needs support for <jingle action="transport-info">, which IBB didn’t.

Let’s see how this works out.

@Flow wrote:

The Ignite Realtime developer community is proud to announce the availability of Smack 4.4.0-alpha2 .

This is the second alpha release of the upcoming Smack 4.4 version. Users are encouraged to test this version in their development branches. We are happy about our feedback.

Posts: 1

Participants: 1

Read full topic

On this weekend of Bastille day some of us gathered and worked around some interesting new features in XMPP implementations. Wisolv – tailor-made software development company – generously sponsored the venue and provided us with their office in Villeurbanne (next to Lyon). I think most of us are happy with this sprint, we managed to get quite some work done. On the agenda were DOAP, Message Reactions, Occupant-id, various fixes and discussions, also including work on a Jabber client for Haiku!

After some problems were encountered in Kaidan 0.4.1, we tried to fix the most urgent bugs.

Changelog

• Fix SSL problems for AppImage (lnj)
• Fix connection problems (lnj)
• Keep QXmpp v0.8.3 compatibility (lnj)

Download

• Source code (.tar.xz)
• Linux AppImage (x64)
• Windows (x64)
• macOS (x64)
• Android (armv7) (experimental!)
• Ubuntu Touch (armv7) (experimental!)
• Flatpak builds are only available as nightlies: Installing the Kaidan Flatpak

@wroot wrote:

The Ignite Realtime community is happy to announce the release of two plugins that happened a few weeks ago (better later than never:))!

Monitoring Service 1.8.0 version brought plugin’s MAM implementation more up to date, fixed some bugs and improved performance.

inVerse 4.2.0.1 version updated underlying Converse library to the latest 4.2.0 version, which has lots of fixes and improvements.

Your instance of Openfire should automatically display the availability of updates. Alternatively, you can download the new releases from the plugins downloads page.

For other release announcements and news follow us on Twitter

Posts: 2

Participants: 2

Read full topic

In the last two weeks, file receiving over Jingle has been implemented. This means that basic Jingle file transfers are available in Dino now (at least once the pull request #577 has been merged).

As predicted by the Jingle implementation gist, this was actually a bit more than I would have guessed – you basically have to implement the Jingle and file transfer protocol again, but this time from the other side. Doing so involved some refactoring of the original code in order to fit better with Dino’s internals. I moved the code from signal-style callbacks to async IOStreams.

It’s finally here!

After more than one and a half years there finally is a new release. Kaidan 0.4.0 is the biggest update until now and apart from some bug-fixes and many minor and major features increasing the usability, Kaidan now has multiplatform-support for all common operating systems like Linux, Windows, Android and macOS.

But have a look at the changelog yourself:

Changelog

Build system:

• Support for Android (ilyabizyaev)
• Support for Ubuntu Touch (jbb)
• Support for macOS (ilyabizyaev)
• Support for Windows (ilyabizyaev)
• Support for iOS (ilyabizyaev)
• Add KDE Flatpak (jbb)
• Switch Android builds to CMake with ECM (ilyabizyaev)
• Improve Linux AppImage build script (ilyabizyaev)
• Add additional image formats in AppImage (jbb)

New features:

• Show proper notifications using KNotifications (lnj)
• Add settings page for changing passwords (jbb, lnj)
• Add XEP-0352: Client State Indication (gloox/QXmpp) (lnj)
• Add media/file (including GIFs) sharing (lnj, jbb)
• Full back-end rewrite to QXmpp (lnj)
• Implement XEP-0363: HTTP File Upload and UploadManager for QXmpp (lnj)
• Use XEP-0280: Message Carbons from QXmpp (lnj)
• Use XEP-0352: Client State Indication from QXmpp (lnj)
• Check incoming messages for media links (lnj)
• Implement XEP-0308: Last Message Correction (lnj, jbb)
• Make attachments downloadable (lnj)
• Implement XEP-0382: Spoiler messages (xavi)
• Kaidan is now offline usable (lnj)
• Kaidan is able to open xmpp: URIs (lnj)
• New logo (ilyabizyaev)
• Show presence information of contacts (lnj, melvo)
• Add EmojiPicker from Spectral with search and favorites functionality (jbb, fazevedo)
• Highlight links in chat and make links clickable (lnj)
• New about dialog instead of the about page (ilyabizyaev)
• Add image preview in chat and before sending (lnj)
• Send messages on Enter, new line on Ctrl-Enter (ilyabizyaev)
• ‘Add contact’ is now the main action on the contacts page (lnj)
• Elide contact names and messages in roster (lnj)
• Chat page redesign (ilyabizyaev)
• Display passive notifications when trying to use online actions while offline (lnj)
• Automatically reconnect on connection loss (lnj)
• Contacts page: Display whether online in title (lnj)
• Add different connection error messages (jbb)
• Use QApplication when building with QWidgets (notmart)
• Ask user to approve subscription requests (lnj)
• Remove contact action: Make JIDs bold (lnj)
• Add contact sheet: Ask for optional message to contact (lnj)
• Add empty chat page with help notice to be displayed on start up (jbb)
• Redesign log in page (sohnybohny)
• Add Copy Invitaion URL action (jbb)
• Add ‘press and hold’ functionality for messages context menu (jbb)
• Add copy to clipboard function for messages (jbb)
• Add mobile file chooser (jbb)
• Highlight the currently opened chat on contacts page (lnj)
• Remove predefined window sizes (lnj)
• Use new Kirigami application header (nicofee)
• Make images open externally when clicked (jbb)
• Use QtQuickCompiler (jbb)
• Display upload progress bar (lnj)
• Add text+color avatars as fallback (lnj, jbb)
• Remove diaspora log in option (lnj)

Misc:

• Forget passwords on log out (lnj)
• Append four random chars to resource (lnj)
• Save passwords in base64 instead of clear text (lnj)
• Generate the LICENSE file automatically with all git authors (lnj)
• Store ubuntu touch builds as job artifacts (lnj)
• Add GitLab CI integration (jbb)

Fixes:

• Fix blocking of GUI thread while database interaction (lnj)
• Fix TLS connection bug (lnj)
• Don’t send notifications when receiving own messages via. carbons (lnj)
• Fix timezone bug of message timestamps (lnj)
• Fix several message editing bugs (lnj)
• Fix black icons (jbb)
• Fix rich text labels in Plasma Mobile (lnj)
• Small Plasma Mobile fixes (jbb)

Bug reports go to our issue tracker as always and translations are managed on Weblate.

Download:

• Source code (.tar.xz)
• Windows (x64)
• macOS (x64)
• Android (armv7) (experimental!)
• Ubuntu Touch (armv7) (experimental!)
• Flatpak builds are only available as nightlies: Installing the Kaidan Flatpak

PS: We’re searching for someone with an iPhone who can build & test Kaidan for iOS: contact us!

One of the lesser-known terms in Aristotle's ethical treatises is εὐπραξία (eupraxia) along with its sister εὐπραγία (eupragia). Both terms mean doing well, faring well, having success. Aristotle's use is connected to εὐδαιμονία, which he defines as "living well and doing well" (τὸ εὖ ζῆν καὶ τὸ εὖ πράττειν). But what are the metrics for "success" here? He leaves us several clues. First is the verb πράττειν, which for Aristotle means not merely engaging in activity but taking action, typically as the outcome of making a decision (this is why he thinks that, strictly speaking, animals and children do not "take action" even though they are clearly active physically and biologically). Second is that Aristotle contrasts εὐπραξία with εὐτυχία or good fortune; success is a matter of achievement, not luck....

When you are running one of the top sport brands, launching a new innovative app always means it comes with great expectations from your fans.

That’s why highly recognised brands turn to ProcessOne. They need to be sure that the project will launch in time, will perform well and will not collapse under the load, no matter what happens.

In early 2014, a top brand contacted us with a clear and ambitious project in mind. We had 6 months to develop and host the infrastructure for a large-scale realtime communication and messaging project. The deadline was not flexible. The app needed to be live just before the FIFA World Cup in Brazil.

ProcessOne worked with the customer mobile team to help them accelerate their development. XMPP can be a complex protocol and if you wish to launch with a tight deadline, you need to take a “fast lane” approach and get help directly from experts.

We also had to host the project, providing low-latency for connection and messaging everywhere in the world. We deployed a geocluster, handling a single XMPP domain in four data centers across the world. We operated our deployment in 4 AWS regions: USA to serve North America, Brazil to serve South America, Singapour to serve Asia and Ireland to serve Europe.

We used our custom Erlang component to deploy a geocluster at scale, handling ourselves all database synchronization across regions and auto-recovery in case of netsplits.

The application was ready just in time to handle the load of fans installing and trying the app. Soon after the launch we had to handle an unexpected 10x peak load when Cristiano Rolnaldo, with tens of millions of followers, retweeted about the app — and the platform handled it without a flinch!

With a 100% uptime, the project was a success, and the app gathered hundreds of thousands of football fans from all over the world. Did you guess which brand it was?

Areas of expertise:
– Realtime messaging
– Push notifications
– Platform management / hosting

Technologies:
– Backend: Erlang / XMPP / ejabberd

If you run an open fire server and want to use Monal, use this plugin to get push support.

https://www.igniterealtime.org/projects/openfire/plugin-archive.jsp?plugin=pushnotification

We are currently testing a plugin that has been developed to support push on oepnfire .I am happy to report preliminary tests have been positive. This is something that will help a lot of people use monal on their existing servers.

@akrherz wrote:

The Ignite Realtime Community is thrilled to announce the release of Openfire version 4.4.0. This is a major release featuring stability improvements and new features. You can find a full changelog listing over 100 Jira Issues resolved. Our beta announcement of this release highlighted some of the most significant changes. Of note is that this release should properly work with Java 11 and using OpenJDK as well. The minimum requirement is Java 8.

You can find downloads for Openfire with the following sha1sum values for the release artifacts.

c0d92cf54b02fe005b83a90256ddcfdfadad3c3c  openfire-4.4.0-1.i686.rpm
70b7570ae3f5ef48e3a2f4772dbeacaf22360b70  openfire-4.4.0-1.noarch.rpm
0ba75846af64b4379130b0b1835ba17899bb3593  openfire-4.4.0-1.x86_64.rpm
36cd9fd38e3840f9afa0d2cc5c86bbbe4a029569  openfire_4.4.0_all.deb
e4687a8f346741de9e4a502ddd63e2c55c7f4c3c  openfire_4_4_0_bundledJRE.exe
1437874597334f534e7d7882b02d550c3d5daec0  openfire_4_4_0_bundledJRE_x64.exe
8b579ca4441c6ca2502ffe9d2e3fdd27bc4190a6  openfire_4_4_0.dmg
e9b311e4d44b53f796a65c8f75abf4e39890dccb  openfire_4_4_0.exe
3205889dc1e7251b15d2dedacea3cfbbbf594810  openfire_4_4_0.tar.gz
00e1f28db47fd82653af6e1736bc036b344ecae2  openfire_4_4_0_x64.exe
e71edcf72f3baf3439aed46e0b8261d50d5aaa30  openfire_4_4_0.zip
285176004dccf7d07361064d558ee48579b65c5f  openfire_src_4_4_0.tar.gz
c4aab7c48b7a467dbec3b175ba21dc2a25539cf8  openfire_src_4_4_0.zip

The previous release of Openfire 4.3.2 was made on January 31rst, 2019 and here’s a simple accounting of the 100,000+ downloads made of the software!

Openfire Download Stats for Release: 4.3.2
             openfire-4.3.2-1.i686.rpm   2038
           openfire-4.3.2-1.noarch.rpm   2508
           openfire-4.3.2-1.x86_64.rpm   9869
                openfire_4.3.2_all.deb  18521
                    openfire_4_3_2.dmg   2406
                    openfire_4_3_2.exe   9492
                 openfire_4_3_2.tar.gz   6861
                    openfire_4_3_2.zip   2938
         openfire_4_3_2_bundledJRE.exe   4158
     openfire_4_3_2_bundledJRE_x64.exe  19909
                openfire_4_3_2_x64.exe  24528
             openfire_src_4_3_2.tar.gz    319
                openfire_src_4_3_2.zip    773
                                       ======
                                       104320

With the release, our Github master branch now reflects a future potential release version of Openfire 4.5.0 and we have also created a 4.4 branch signifying our intention to produce a 4.4.x series of bug fixes. We presently do not have plans of making a 4.3.3 release from the 4.3 branch.

Massive thanks for this release go to @gdt and @guus. They both did lots of great work knocking out some nagging issues and improving the already great administration console. It was also encouraging to see a number of first time contributors submitting pull requests with fixes and new features.

We certainly would encourage folks to test out the new release and report issues in the community forums. Please also free free to stop by our group chat and tell us now the new release is going. We are always looking for people interested in helping out with development, documentation, and testing.

Thank you for your support and usage of Openfire!

Posts: 8

Participants: 4

Read full topic

Welcome to a bumper edition of the the XMPP newsletter, containing news from the last two months.

If you have an article, tutorial or blog post you'd like us to include in the newsletter, please submit it on the XMPP wiki.

News

Mickaël Rémond from ProcessOne has written about how the Nintendo Switch uses ejabberd for push notifications. He explains why XMPP was chosen as protocol, why ejabberd was chosen as the server and the performance tuning they had to do so that the Nintendo Switch push service can now handle 10 million simultaneous connections and 2 billion messages per day.

Recently a German politician, Katarina Barley of the Social Democrats, tweeted that she'd like to see regulation in the instant messaging space where messengers are forced to interoperate similarly to wireless carriers. Many people responded to her tweet, saying that this is impossible or undesirable. Daniel Gultsch, author of the Conversations and Quicksy Android clients, has written a thoughtful post on why he thinks regulation is indeed necessary to create interoperability between instant messengers.

Subscribe to receive the next edition in your inbox

Peter Saint-Andre wrote a short post on being invited to become co-author of RFC 8600 XMPP Grid.

Kaidan, an XMPP client, has joined KDE.

Movim is the the first XMPP-based app that has added emoji reactions to messages, in both one-on-one conversations and groupchats, by making use of XEP-0367: Message Attaching. You can now support the project on Patreon.

Heather Ellsworth from Purism has written a progress note for the Librem 5. A notable messaging-related change is that the Lurch OMEMO plugin, used in Librem's Chatty messenger, has received a lot of updates recently.

Goffi is keeping us informed about his progress on Salut à Toi by writing weekly progress notes. Recently he published notes for weeks 24, 25 and 26.

Kiran Jasvanee has written an introductory piece on XMPP, explaining protocol features such as Jabber IDs, extensibility and streams.

Mickaël Rémond wrote down some thoughts on code style in library design focusing on designing an API for the Fluux XMPP library.

Anurodh Pokharel (aka Anu) has written about a first experimental Mac Build of Monal using Catalyst.

Arnaud Joset has written guides to using sat-pubsub, the PubSub component from the Salut à Toit project, and JP, a powerful command line interface for Salut à Toit.

Events

Openfire developer Guus der Kinderen has written a summary of the recent XMPP Sprint in The Hague. Much of the work revolved around better support for push notifications. Multiple clients and servers were represented and being worked on.

Another XMPP Sprint is coming in Lyon, France, on 13-14th of July.

Software releases

Servers

ProcessOne has released ejabberd 19.05, improving MIX and MucSub.

Ignite Realtime has released Openfire 4.4.0 beta.

Erlang Solutions has released MongooseIM 3.4.0 with a strong focus on GDRP compliance.

Clients

Conversations 2.5.0, 2.5.1, 2.5.2 added public channel search via search.jabbercat.org and reworked onboarding screens.

Monal 3.8 for iOS makes onboarding easier for non-technical users, as the new registration screen is easier and faster.

BeagleIM (for macOS) and SiskinIM (for iOS), brought to you by Tigase, now both support the OMEMO end-to-end encryption protocol.

Libraries

Strophe.js, the JavaScript XMPP library (published under the MIT license) has released version 1.3.3.

Google Summer of Code

The XSF has announced its participation in the Google Summer of Code 2019. The selected projects are:

Prosody plugin installer, by João Duarte Poezio infinite scrolling using MAM, by Madhur Garg Jingle File Transfer for Dino, by hrxi

Other

The Debian XMPP Team has launched a blog.

Conversation's server compliance tester has been redesigned and is now easier to navigate.

Tigase is now a Gold sponsor of the XSF.

Working on the terminal

One example

Using ZeroBrane Studio

For starters

Project -> Project Directory -> Choose

Interpreter is important!

project -> Lua interpreter
I had the the lua5.3 interpreter selected. Adding the line
print(_VERSION)
At the beginning of the script also confirmed I was using lua's 5.3 version, which is different from what I had in the terminal, which was lua5.2.4 Stubbornly, even when I chose the lua5.2 interpreter I still couldn't run the script
Program 'lua52' started in '/home/joao/Documents/prosody_development/prosody-contrib' (pid: 10896).
**************************
Prosody was unable to find luaexpat
This package can be obtained in the following ways:
Source: http://matthewwild.co.uk/projects/luaexpat
Debian/Ubuntu: sudo apt-get install lua-expat
luarocks: luarocks install luaexpat
luaexpat is required for Prosody to run, so we will now exit.
More help can be found on our website, at https://prosody.im/doc/depends
**************************
Program completed in 0.07 seconds (pid: 10896).
Lets fix this problem by linking ZeroBrane directly to the same lua executable that our terminal is using. Usually, it will be located at
/usr/bin/lua
If, for whatever reason, you installed it somewhere else, you will have to find it. We will then reconfigure our 5.2 lua interpreter at ZBS by going to:
Edit -> Preferences -> Settings: User
This will open a file, where we'll paste this:
path.lua52 = "/usr/bin/lua"

Debugging

We start debugging here

Green triangle indicates which part of the script we are currently executing

1 - We place the cursor here 2 - This button will make the script execute until the line were the cursor currently is 3 - Notice we have no output at this point. That startup process isn't were the problem is

Those four similar buttons near arrow 2 allows us to use the debugger. Each one is useful and has a specific purpose, like stepping into a function or going right over it. On top of that we have a lot of extra functionality, which I'll not cover here because we are focusing on the workflow, instead of explaining all the functionality, which is very well detailed here!

Understanding prosodyctl

• We go through a startup process, which sets and loads everything we need
• Next, we have the script's main functions, like 'adduser', 'start' and my 'list'
• Some stuff related to ejabberdctl and certificates
• Declaration of the command_runner object
• The command_runner call, which starts everything

The "commands" variable in the stack. We can see some of my functions, admin_remove and local_plugins

Notice how the command "adduser"'s code starts and how my "local_plugins" lacks that functionality

Wrapping it up

Let’s face it. We are living in an age where all technology players gather and process huge piles of user data, starting from our behavioural patterns and finishing on our location data. Hence, we receive personalized emails from online retail stores we have visited for just a second or personalized ads of stores in our vicinity that are displayed in our social media streams.

Consequently, more and more people become aware of how their privacy could be at risk with all of that data collection. In turn, the European Union strived to fight for consumer rights by implementing privacy guidelines in the form of the General Data Protection Regulation (GDPR), which governs how consumer data can be handled by third parties. In fact, over 200,000 privacy violation cases have been filed during the course of the last year followed with over €56m in fines for data breaches. Therefore, the stakes are high for all messaging service providers out there.

You might wonder: “Why should this matter to me? After all, my company is not in Europe.” Well, if any of the users of your messaging service are located in the EU, you are affected by GDPR as if you would host your service right there. Feeling uneasy? Don’t worry, MongooseIM team has got you covered. Please welcome MongooseIM release 3.4 that brings us full GDPR compliance.

Privacy by Design

A new concept has been defined with the dawn of GDPR - privacy by default. It is assumed that the software solution being used follows the principles of minimising and limiting, hiding and protecting, separating, aggregating, as well as, providing privacy by default.

Minimise and limit

The minimise and limit principle regards the amount of personal data gathered by a service. The general principle here is to take only the bare minimum required for a service to run instead of saving unnecessary data just in case. If more data is taken out, the unnecessary part should be deleted. Luckily, MongooseIM is using only the bare minimum of personal data provided by the users and relies on the users themselves to provide more if they wish to - e.g. by filling out the roster information. Moreover, since it is implementing XMPP and is open source, everybody has an insight as to how the data is processed.

Hide and protect

The hide and protect principle refers to the fact that user data should not be made public and should be hidden from plain view disallowing third parties to identify users through personal data or its interrelation. We have tackled that by handling the creation of JIDs and having recommendations regarding log collection and archiving.

What is this all about? See, JIDs are the central and focal point of MongooseIM operation as they are user unique identifiers in the system. As long as the JID does not contain any personally identifiable information like a name or a telephone number, the JID is far more than pseudo-anonymous and cannot be linked to the individual it represents. This is why one should refrain from putting personally identifiable information in JIDs. For that reason, our 3.4 release includes a mechanism that allows automatic user creation with random JIDs that you can invoke by typing ‘register’ in the console. Specific JIDs are created by intentionally invoking a different command (register_identified).

Still, it is possible that MongooseIM logs contain personally identifiable information such as IP addresses that could correlate to JIDs. Even though the JID is anonymous, an IP address next to a JID might lead to the person behind it through correlation. That is why we recommend that installations with privacy in mind have their log level set to at least ‘warning’ level in order to avoid breaches of privacy while still maintaining log usability.

Separate and aggregate

The separate principle boils down to partitioning user data into chunks rather than keeping them in a monolithic DB. Each chunk should contain only the necessary private data for its own functioning. Such a separation creates issues when trying to identify a person through correlation as the data is scattered and isolated - hence the popularity of microservices. Since MongooseIM is an XMPP server written in Erlang, it is naturally partitioned into modules that have their own storage backends. In this way, private data is separated by default in MongooseIM and can be also handled individually - e.g. by deleting all the private data relating to one function.

The aggregation principle refers to the fact that all data should be processed in an aggregated manner and not in one focused on detailed personal cases. For instance, behavioural patterns should be representative of a concrete, not identifiable cohort rather than of a certain Rick Sanchez or Morty Smith. All the usage data being processed by MongooseIM is devoid of any personally identifiable traits and instead tracks metrics relevant to the health of the server. The same can be said for WombatOAM if you pair it with MongooseIM. Therefore, aggregation is supported by default.

Privacy by default

It is assumed that the user should be offered the highest degree of privacy by default. This is highly dependant on your own implementation of the service running on top of MongooseIM. However, if you follow our recommendations laid out in this post, you can be sure you implement it well on the backend side, as we do not differentiate between the levels of privacy being offered.

The Right of Access

According to GDPR, each user has the right of access to their own data that’s being kept by a service provider. That data includes not only personal data provided by the user but also all the derivate data generated by MongooseIM on its basis. That includes data held in mod_vcard, mod_roster, mod_mam, mod_offline, mod_pubsub, mod_private, mod_inbox, and logs. If we add a range of PubSub backends and MAM backends to the fray, one can see it gets complicated.

With MongooseIM 3.4 we have put a lot of effort in order to make the retrieval as painless as possible for system administrators that oversee the day to day operations. That is why we have developed a mechanism you can start by executing the retrieve_personal_data command in order to collect all the personal and derivative data belonging to a user behind a specific JID. The command will execute for all the modules no matter if they are enabled or disabled. Then, all the relevant data is extracted per module and is returned to the user in the form of an archive.

In order to facilitate the data collection, we have changed the schemas for all of our MAM backends. This has been done to allow a swift data extraction since up till now it was very inefficient and resource hungry to run such a query. Of course, we have prepared migration strategies for the affected backends.

The Right to be Forgotten

The right to be forgotten is another one that goes alongside the right of access. Each user has the right to remove their footprint from the service. Since we know retrieval from all the modules listed above is problematic, removal is even worse.

We have implemented a mechanism that removes the user account leaving behind only the JID. You can run it by executing the “unregister” command. All of the private data not shared with other users is deleted from the system. In contrast, all of the private data that is shared with other users - e.g. group chats messages or PubSub flat nodes - is left intact as the content is not only owned by one party.

Logs are not a part of this action. If the log levels are set at least to ‘warning’, there is no personal data that can be tied to the JIDs in the first place so there is no need for removal.

Final Words on GDPR

The elements above make MongooseIM fully compliant with the current GDPR. However, you have to remember that this is only a piece of the puzzle. Since MongooseIM is a backend to a service there are other considerations that have to be fulfilled in order for the entire service to be GDPR compliant. Some of these considerations include process-oriented requirements of informing, enforcing, controlling, and demonstrating that have to be taken into consideration during service design.

Changelog

Please feel free to read the detailed changelog. Here, you can find a full list of source code changes and useful links.

Test our work on MongooseIM 3.4 and share your feedback

Help us improve MongooseIM:

1. Star our repo: esl/MongooseIM
2. Report issues: esl/MongooseIM/issues
3. Share your thoughts via Twitter
4. Download Docker image with new release.
5. Sign up to our dedicated mailing list to stay up to date about MongooseIM, messaging innovations and industry news.
6. Check out our MongooseIM product page for more information on the MongooseIM platform.

File sending over Jingle (with in-band-bytestream transport) has now been integrated into the UI. This has fortunately been quite easy as Dino already had support for file sending, via HTTP uploads. Thus I only needed to hook into the existing UI to also offer Jingle file transfers. This means that now you can click on the “attach” paper clip to send a file. Since prioritization of different transport methods and file receiving haven’t been implemented so far, these changes aren’t in the master branch yet.

Prioritization is important so that HTTP file uploads are preferred where possible (file small enough, server supports it): Jingle file transfers only work to a single target and only when it is online at the same time as the sender.

Since the ability to receive files via Jingle can also be reasonably expected if the client supports sending them, we basically have two blockers for merging.

Above you can see the chat window after some testing. ;)

Sometimes you provide so much feedback on an Internet-Draft that the authors ask you to become a co-author. Such was the case with draft-ietf-mile-xmpp-grid, which defines a method for using XMPP to exchange information about security incidents (e.g., via the IODEF format) on a controlled-access network. The resulting standard (RFC 8600) is a rare example of what the IETF standards process document defines as an "Applicability Statement" (another recent example is RFC 8036). This is the 45th RFC I've authored or co-authored, which shockingly enough is one more than Vint Cerf - not that my contributions to the Internet are nearly as important as his!...

In 2012, BBC needed to add a push notification service to its portfolio of mobile applications, with main focus on BBC News and BBC Sports. At the scale of the BBC, there was several key requirements that made it difficult to use an off-the-shelf application:

1. A large number of deployed applications, in tens of millions. By adding push notification support to their new app, they would expect all updated apps to immediately contact the push notification backend. They needed to be 100% sure that the push backend would handle that massive load from day one.

2. Ability to send as many pushes as the News would require. Most platforms pricing is based on the number of push delivered. It means that if you want to control your budget, you have to micro manage the push notifications you would send. This was not acceptable for the BBC.

3. Pushes should be delivered quickly and faster than the competition. When sending breaking news, the news outlet having the most impact is the one getting its notifications first on user devices. The push platform needed to be able to send at least 2.5 million notifications per minute. This is a non trivial problem. If you think about the fact you need to select and read the information for each mobile device you would like to reach, that scale is demanding even if you only consider the database part, let alone the fact that we needed to reach that speed end-to-end.

4. A need for a sophisticated topic subscription mechanism for push notifications and detailed analytics. On BBC Sports, for example, for football you need to be able to subscribe to very fine grained notifications: users select the team of interest and for each team, the type of notifications they are interested in (line up, kick-off, goals, final score). You also need to ensure that delivery of the push will only arrive once for a given device, no matter what topic combination they are subscribed to.

ProcessOne fully developed this system within three months. It included a highly scalable backend with configurable delivery speed, able to handle several millions of push notifications per minute. To operate the platform at the BBC level, ProcessOne created a management web interface, with application administration, push credentials management, user rights and detailed analytics.

Since the push notification platform ought to deliver breaking news without delay, ProcessOne implemented a fully-featured push API for communication with BBC editorial tooling. Finally, to help the BBC tech team with mobile application integration, ProcessOne prepared a set of mobile SDK for iOS and Android, and later for Amazon Push notification service and Cordova.

ProcessOne also fully managed the platform for the BBC, handling its operations and maintenance. The project launch for the BBC News was a success. It then expanded to BBC Sports. The platform covered many events, from the FIFA World Cup to the Olympics Games in London, as well as the UK Elections.

Over the first five years of the project, ProcessOne delivered a 100% uptime. The platform delivered more than 25 trillion notifications. It handled up to 150 million push notifications on a single day. This platform led to ProcessOne releasing its push notification service as a SaaS platform, under the Boxcar name.

Areas of expertise:

• Realtime messaging
• Push notifications
• Mobile development
• Platform management and hosting

Technologies:

• Backend: Erlang / Ruby + Rails
• Mobile: Objective C / Java

@akrherz wrote:

The Ignite Realtime Community is thrilled to announce the promotion of a beta quality release of Openfire 4.4.0! Please test out this release and let us know how it goes by reporting your feedback in the Community Forums. We’d like to turn around a formal release sooner than later!

So what’s in this release you ask? The Changelog denotes many Jira issues resolved. Much of this work is thanks to @guus and @gdt! The highlights include:

• Numerous improvements and bug fixes around Openfire’s caching. The administrative console now provides a detailed look into cache usage as well as the ability to selectively remove individual cache entries.
• Improvements to Openfire’s stability and performance whilst in clustering mode.
• The Admin Console will now show software versions, whenever possible, of the remotely connected client and server.
• Java 11 should be fully supported and usable with this release. This includes using OpenJDK.
• Plugin loading should be much more robust and the Admin Console now reports more information about the plugins loaded along with better UI interaction whilst updating plugins.
• Openfire makes heavy usage of Apache MINA and Jetty, both of which libraries have been updated for this release.

Here’s a listing of sha1sums for the release and you can find the downloads here.

b44a621f491b33d35d138b8a9d1c041558dacf8f  openfire-4.4.0-0.2.beta.i686.rpm
ddb4871e2dbb83b10d4d6e227869f0294253d8f8  openfire-4.4.0-0.2.beta.noarch.rpm
172c9aa94353717d824bfdf13741a9be614f7e54  openfire-4.4.0-0.2.beta.x86_64.rpm
72b4ab488fb7a0116482fbb53709887b41213377  openfire_4.4.0.beta_all.deb
ceb8f315e6327d34887685b7630eba273202cf5b  openfire_4_4_0_beta_bundledJRE.exe
3e5e384d3677da30f9817a10474c75579f6b606d  openfire_4_4_0_beta_bundledJRE_x64.exe
9ff49a74679a14156c3331c7bc5ff64ed7ab8635  openfire_4_4_0_beta.dmg
4bbe3de332c44fd046ad078a7f86717611baead5  openfire_4_4_0_beta.exe
5a8cfd20a99c9c41ca6ce1a21017e36950540c36  openfire_4_4_0_beta.tar.gz
214c211b8be412c0ff75c8f59b9ce3f0bfd8d248  openfire_4_4_0_beta_x64.exe
370c897170d180744316a77beadc7452aa45120d  openfire_4_4_0_beta.zip
759dc5ad17aee48cd7eecbd6b8656abd4f9f2d63  openfire_src_4_4_0_beta.tar.gz
d79c1daf07ae1f07e819d6e324628d6a6aea4918  openfire_src_4_4_0_beta.zip

Thanks for your interest and usage of Openfire! Our live group chat is also useful to swing by and let us know how the beta is going for you! We are always interested in folks wishing to help out with development. Please stop by and say hi!

Posts: 1

Participants: 1

Read full topic

Monal builds and runs with catalyst. This was an initial experiment to see what the process would be like. Hilariously, as I was Googling the issues I encountered I noticed that Chris from chat secure was in the process of doing the same thing. I already know that this is going to be great for the Mac eco system. Mac users, don’t be dismayed by the very iOS look here, it starts like this and then you add more and more native Mac like components. This is the bare minimum. Even all the dark themes stuff from iOS worked perfectly on Mac. Even at the bare minimum this should perform better and have more features than the current Mac app. Targeting only one UI framework will reduce my work load by half. The good news is everything builds and runs. I disabled OMEMO for this build for a few reasons, mainly because it wouldn’t build with the SSL library I was using but them I am planning on changing the way I do crypto in ios13/Catalina so that I can ship in France so this isn’t really an issue.

• 

• 

I have updated the Mac app in the app store. It has all of the fixes made to the iOS client as well as some ui bugs people have reported. I am focusing on catalina and catalyst now the old app will not go away, but since it will require additional work there may be delays in feature releases. Catalyst will have the same version number as the iOS. It will be a big jump .