ClueCon has just finished. Here are some of my photos.
Seven Du from China won the Macbook. Congratulations.
Welcome to our first-ever Elixir blog round-up!
This is your guide to some of our most insightful articles on the Elixir programming language. Our experts have written several posts to further your knowledge, regardless of where you’re at in your Elixir journey.
So whether you’re a business leader looking to discover Elixir’s benefits, a seasoned developer looking for the latest Elixir updates, or just new to the language, we’ll have an article to keep you covered.
New to Elixir? ‘What is Elixir?’ is an in-depth introduction to the renowned programming language. It details Elixir’s history and its foundation on the Erlang Virtual Machine (BEAM). It also breaks down the practical application of Elixir across various domains, including web development, embedded systems and real-time applications.
You can also find out more about Elixir’s vibrant community, extensive tools, and practical applications in major companies, proving its undeniable relevance to the community.
Are you curious to learn how Elixir stacks up against Java in real-world applications?
In ‘Comparing Elixir vs Java’ by Attila Stragli, read about why Elixir’s lightweight processes, built-in fault tolerance, and concurrency make it the go-to choice for scalable, resilient systems—particularly when compared to Java’s more traditional approach.
Explore the nuances of its performance, ease of use, and which language truly shines under pressure.
Choosing the right programming language is key to defining a long-term business strategy. If you’re weighing out Elixir and Ruby, understanding each language’s strengths and potential trade-offs can hugely impact your decision.
In ‘A Comprehensive Guide to Elixir v Ruby’, we explore how Elixir’s scalability and fault tolerance might serve your growing business needs. Meanwhile, Ruby’s ease of use and mature ecosystem could streamline your operations. Our detailed analysis can help you make an informed choice that aligns with your company’s strategic goals and future growth.
Concerned about speed?
Choosing the fastest programming language can significantly impact a business’s performance and adaptability. In ‘Fastest Programming Language: Making the Case for Elixir,’ the team explains why Elixir as a language stands out among its peers. Discover how its unique features can elevate your development process and why it might be the ideal choice for your next project.
We might be more than halfway through the year, but it’s never too late to develop your skills!
Discover ‘Why Elixir Programming is the Language You Should Learn in 2024’ might be your ideal next step. We explore Elixir’s user-friendly nature, its robust performance under high traffic, and promising career opportunities.
That combined with its vibrant community, versatile tooling, and full-stack development capabilities makes it an attractive choice for modern developers.
Thank you for exploring our first Elixir blog round-up! We hope that our curated guide provides valuable information to support your Elixir journey. If you’d discuss how Elixir can benefit your projects, feel free to contact the team.
The post Elixir Blog Round-Up appeared first on Erlang Solutions.
As currently many other organisations doing, the XMPP Standards Foundation (XSF) has decided to also sign the Open Letter to the European Commission.
Initially published by petites singularités. English translation provided by OW2.
If you want to sign the letter, please publish the letter on your website and complete the table below.
Since 2020, Next Generation Internet (NGI) programmes, part of European Commission’s Horizon programme, fund free software in Europe using a cascade funding mechanism (see for example NGI0 Commons Fund). This year, according to the Horizon Europe working draft detailing funding programmes for 2025, we notice that Next Generation Internet is not mentioned any more as part of Cluster 4.
NGI programmes have shown their strength and importance to supporting the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organisations.
Previous Cluster 4 allocated 27 million euros to:
In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organisations managing these European funding consortia.
NGI contributes to a vast ecosystem, as most of its budget is allocated to fund third parties by the means of open calls, to structure commons that cover the whole Internet scope - from hardware to application, operating systems, digital identities or data traffic supervision. This third-party funding is not renewed in the current program, leaving many projects short on resources for research and innovation in Europe.
Moreover, NGI allows exchanges and collaborations across all the Euro zone countries as well as “widening countries” 1, currently both a success and an ongoing progress, likewise the Erasmus programme before us. NGI also contributes to opening and supporting longer relationships than strict project funding does. It encourages implementing projects funded as pilots, backing collaboration, identification and reuse of common elements across projects, interoperability in identification systems and beyond, and setting up development models that mix diverse scales and types of European funding schemes.
While the USA, China or Russia deploy huge public and private resources to develop software and infrastructure that massively capture private consumer data, the EU can’t afford this renunciation. Free and open source software, as supported by NGI since 2020, is by design the opposite of potential vectors for foreign interference. It lets us keep our data local and favors a community-wide economy and know-how, while allowing an international collaboration.
This is all the more essential in the current geopolitical context: the challenge of technological sovereignty is central, and free software allows to address it while acting for peace and sovereignty in the digital world as a whole.
In this perspective, we urge you to claim for preserving the NGI programme as part of the 2025 funding programme.
The XMPP Standards Foundation supports this initiative as well as the statements made. In the past, many XMPP projects have been funded by NGI programmes to enhance realtime infrastructure using established XMPP standards. These funds significantly helped drive innovation in a community with two decades of history in the European digital landscape.
These are some of the funded projects:
The XMPP Standards Foundation (also known as the XSF and formerly the Jabber Software Foundation) is an independent, nonprofit standards development organisation whose primary mission is to define open protocols for presence, instant messaging, and real-time communication and collaboration on top of the IETF’s Extensible Messaging and Presence Protocol (XMPP).
As defined by Horizon Europe, widening Member States are Bulgaria, Croatia, Cyprus, the Czech Republic, Estonia, Greece, Hungary, Latvia, Lituania, Malta, Poland, Portugal, Romania, Slovakia and Slovenia. Widening associated countries (under condition of an association agreement) include Albania, Armenia, Bosnia, Feroe Islands, Georgia, Kosovo, Moldavia, Montenegro, Morocco, North Macedonia, Serbia, Tunisia, Turkey and Ukraine. Widening overseas regions are : Guadeloupe, French Guyana, Martinique, Reunion Island, Mayotte, Saint-Martin, The Azores, Madeira, the Canary Islands. ↩︎
XMPP Newsletter Banner
Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of July 2024.
If you are interested to join the XMPP Standards Foundation as a member, please apply until August 18th, 2024!.
The XSF has been accepted as a hosting organisation at GSoC in 2024 again! These XMPP projects have received a slot and have kicked-off with coding:
XSF and Google Summer of Code 2024
The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective. For more information, see the announcement blog post. Current projects you can support:
Movim 0.26 with custom emojis
The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs.
Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001, which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process. Communication around Standards and Extensions happens in the Standards Mailing List (online archive).
The XEP development process starts by writing up an idea and submitting it to the XMPP Editor. Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.
If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.
'' vs. </> for elements, etc. (egp)Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.
Please share the news on other networks:
Also check out our RSS Feed!
Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board.
This is a community effort, and we would like to thank translators for their contributions. Volunteers an more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):
This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad. At the end of each month, the pad’s content is merged into the XSF Github repository. We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.
Tasks we do on a regular basis:
To unsubscribe from this list, please log in first. If you have not previously logged in, you may need to set up an account with the appropriate email address.
This newsletter is published under CC BY-SA license.
Erlang Solutions, a world-leading provider of software development and consultancy services, is pleased to announce its latest customer win with BoardClic, the leading platform for digital board performance reviews.
Following a successful Elixir code and architecture review, Erlang Solutions has been appointed to deliver advanced Elixir development for BoardClic.
Commenting on the latest partnership, Erik Schön, Business Unit Leader at Erlang Solutions said: ”We are excited to continue our relationship with BoardClic.Their innovative approach to board performance software aligns perfectly with our commitment to delivering robust and scalable solutions.”
Johan Tell, VP of Engineering at BoardClic, added “After receiving a comprehensive code and architecture review from Erlang Solutions, we quickly identified that they had the expertise needed to enhance our platform capabilities. We look forward to continuing to work with the team to further our growth goals.”
BoardClic is recognised as one of the top 30 fastest-growing technology companies in Sweden in 2023, experiencing an impressive growth rate of 1112% over the past four years.
With over 20 years of expertise, Erlang Solutions is renowned for its world-leading consultants in Erlang, Elixir, and beyond. The company delivers efficient and reliable system solutions for some of the world’s most ambitious companies.
The post Erlang Solutions wins business with BoardClic in a new era of collaboration appeared first on Erlang Solutions.
Gajim 1.9.3 fixes an issue with the MS Store installer and brings some improvements. Thank you for all your contributions!
If you had issues starting Gajim from the Microsoft Store, Gajim 1.9.3 should fix these issues.
Thanks to our contributors @nicoco and @mesonium, Gajim received some improvements regarding message Displayed Markers and highlight colors. Furthermore, drag and drop for file transfers has been fixed in Flatpak installs.
Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Hi everyone!
Welcome to the latest edition of your pseudo-monthly JMP update!
In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; Share one number with multiple people.
Access to our new SMS routes is slowly rolling out, with some users having been moved over already. The process of moving people is a bit slower than we’d hoped, but it is coming along. Let support know if this is a priority for you.
The JMP Data Plan has for some time been providing an option for people who want a privacy-conscious mobile data option for small usage. We do receive feedback from time to time that people would like a similar plan built for heavy data users. We are contemplating adding an “unlimited” (100GB full speed, throttled after) plan to the lineup. If this is you, please reach out to us at support or in the chatroom to let us know of your interest. Pricing is still being worked out, but will likely be in the $80-90 per month range. We may also have an option to access JMP voice and SMS services over the SIM if there is interest.
We have quietly rolled out a feature to allow any JMP customer to receive incoming voice calls from only SIP. While Cheogram SIP has allowed calls to your Jabber network app for some time, calls routed to sip:+yournumber@jmp.chat now ring according to your JMP account settings, including going to your JMP voicemail if not answered. This can be useful in conjunction with services that support forwarding to SIP, or from any sip-broker compatible service dial *10869 followed by a JMP number. This includes calling from any phone number in the world using the SIP Broker access numbers.
Cheogram Android 2.15.3-2 was released this month, with bug fixes and new features including:
Come out and see us at FOSSY 2024! JMP will have a booth and several of us will be giving talks as well.
To learn what’s happening with JMP between newsletters, here are some ways you can find out:
Thanks for reading and have a wonderful rest of your week!
We are pleased to announce that we got selected in another funding round by the EU’s NGI via the NLnet Foundation NGI0 Entrust Fund to work on some important features in Monal.
In short this consists of the following tasks (in no special order).
Thanks again to NLNet for fund this!
Gajim 1.9.2 brings an important OMEMO encryption fix, native notifications on Windows, usability improvements, and many bugfixes. Thank you for all your contributions!
For some versions now, Windows offers a native notification system, including a notification center for unread notifications, notification settings, etc. If you are running Windows 10 (specifically build 10240) or later versions, Gajim will now use these native notifications.
Thanks to our contributor @nicoco, notifications for new messages from group chats now show the group chat’s avatar including the sender’s avatar.
Last but not least, an annoying issue with OMEMO encrypted messages has been fixed, where people would have broken sessions after being offline for a while.
This release also comes with many bugfixes. Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Introducing ejabberd 24.02: A Huge Release!
ejabberd 24.02 has just been release and well, this is a huge release with 200 commits and more in the libraries. We’ve packed this update with a plethora of new features, significant improvements, and essential bug fixes, all designed to supercharge your messaging infrastructure.
– 
Matrix Federation Unleashed: Imagine seamlessly connecting with Matrix servers – it’s now possible! ejabberd breaks new ground in cross-platform communication, fostering a more interconnected messaging universe. We have still some ground to cover and for that we are waiting for your feedback.
– 
Cutting-Edge Security with TLS 1.3 & SASL2: In an era where security is paramount, ejabberd steps up its game. With support for TLS 1.3 and advanced SASL2 protocols, we increase the overall security for all platform users.
– Performance Enhancements with Bind 2: Faster connection times, especially crucial for mobile network users, thanks to Bind 2 and other performance optimizations.
– 
User gains better control over on their messages: The new support for XEP-0424: Message Retraction allows users to manage their message history and remove something they posted by mistake.
– 
Optimized server pings by relying on an existing mechanism coming from XEP-0198
– 
Streamlined API Versioning: Our refined API versioning means smoother, more flexible integration for your applications.
– 
Enhanced Elixir, Mix and Rebar3 Support
If you upgrade ejabberd from a previous release, please review those changes:
A more detailed explanation of those topics and other features:
ejabberd is now able to federate with Matrix servers. Detailed instructions to setup Matrix federation with ejabberd will be detailed in another post.
Here is a quick summary of the configuration steps:
First, s2s must be enabled on ejabberd. Then define a listener that uses mod_matrix_gw:
listen:
-
port: 8448
module: ejabberd_http
tls: true
certfile: "/opt/ejabberd/conf/server.pem"
request_handlers:
"/_matrix": mod_matrix_gw
And add mod_matrix_gw in your modules:
modules:
mod_matrix_gw:
matrix_domain: "domain.com"
key_name: "somename"
key: "yourkeyinbase64"
With the new support for XEP-0424: Message Retraction, users of MAM message archiving can control their message archiving, with the ability to ask for deletion.
If stream management is enabled, let mod_ping trigger XEP-0198 <r/>equests rather than sending XEP-0199 pings. This avoids the overhead of the ping IQ stanzas, which, if stream management is enabled, are accompanied by XEP-0198 elements anyway.
The table archive has a text column named origin_id (see commit 975681). You have two methods to update the SQL schema of your existing database:
If using MySQL or PosgreSQL, you can enable the option update_sql_schema and ejabberd will take care to update the SQL schema when needed: add in your ejabberd configuration file the line update_sql_schema: true
If you are using other database, or prefer to update manually the SQL schema:
ALTER TABLE archive ADD COLUMN origin_id varchar(191) NOT NULL DEFAULT '';
ALTER TABLE archive ALTER COLUMN origin_id DROP DEFAULT;
CREATE INDEX i_archive_username_origin_id USING BTREE ON archive(username(191), origin_id(191));
ALTER TABLE archive ADD COLUMN origin_id varchar(191) NOT NULL DEFAULT '';
ALTER TABLE archive ALTER COLUMN origin_id DROP DEFAULT;
CREATE INDEX i_archive_sh_username_origin_id USING BTREE ON archive(server_host(191), username(191), origin_id(191));
ALTER TABLE archive ADD COLUMN origin_id text NOT NULL DEFAULT '';
ALTER TABLE archive ALTER COLUMN origin_id DROP DEFAULT;
CREATE INDEX i_archive_username_origin_id ON archive USING btree (username, origin_id);
ALTER TABLE archive ADD COLUMN origin_id text NOT NULL DEFAULT '';
ALTER TABLE archive ALTER COLUMN origin_id DROP DEFAULT;
CREATE INDEX i_archive_sh_username_origin_id ON archive USING btree (server_host, username, origin_id);
ALTER TABLE [dbo].[archive] ADD [origin_id] VARCHAR (250) NOT NULL;
CREATE INDEX [archive_username_origin_id] ON [archive] (username, origin_id)
WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON);
ALTER TABLE [dbo].[archive] ADD [origin_id] VARCHAR (250) NOT NULL;
CREATE INDEX [archive_sh_username_origin_id] ON [archive] (server_host, username, origin_id)
WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON);
ALTER TABLE archive ADD COLUMN origin_id text NOT NULL DEFAULT '';
CREATE INDEX i_archive_username_origin_id ON archive (username, origin_id);
ALTER TABLE archive ADD COLUMN origin_id text NOT NULL DEFAULT '';
CREATE INDEX i_archive_sh_username_origin_id ON archive (server_host, username, origin_id);
This ejabberd release includes support for XEP-0474: SASL SCRAM Downgrade Protection, and some clients may not support it correctly yet.
If you are using Converse.js 10.1.6 or older, Movim 0.23 Kojima or older, or any other client based in Strophe.js v1.6.2 or older, you may notice that they cannot authenticate correctly to ejabberd.
To solve that problem, either update to newer versions of those programs (if they exist), or you can enable temporarily the option disable_sasl_scram_downgrade_protection in the ejabberd configuration file ejabberd.yml like this:
disable_sasl_scram_downgrade_protection: true
Until now, when a new ejabberd release changed some API command (an argument renamed, a result in a different format…), then you had to update your API client to the new API at the same time that you updated ejabberd.
Now the ejabberd API commands can have different versions, by default the most recent one is used, and the API client can specify the API version it supports.
In fact, this feature was implemented seven years ago, included in ejabberd 16.04, documented in ejabberd Docs: API Versioning… but it was never actually used!
This ejabberd release includes many fixes to get API versioning up to date, and it starts being used by several commands.
Let’s say that ejabberd 23.10 implemented API version 0, and this ejabberd 24.02 adds API version 1. You may want to update your API client to use the new API version 1… or you can continue using API version 0 and delay API update a few weeks or months.
To continue using API version 0:
– if using ejabberdctl, use the switch --version 0. For example: ejabberdctl --version 0 get_roster admin localhost
– if using mod_http_api, in ejabberd configuration file add v0 to the request_handlers path. For example: /api/v0: mod_http_api
Check the details in ejabberd Docs: API Versioning.
When you want to update your API client to support ejabberd API version 1, those are the changes to take into account:
– Commands with list arguments
– mod_http_api does not name integer and string results
– ejabberdctl with list arguments
– ejabberdctl list results
All those changes are described in the next sections.
Several commands now use list argument instead of a string with separators (different commands used different separators: ; : \\n ,).
The commands improved in API version 1:
– add_rosteritem
– oauth_issue_token
– send_direct_invitation
– srg_create
– subscribe_room
– subscribe_room_many
For example, srg_create in API version 0 took as arguments:
{"group": "group3",
"host": "myserver.com",
"label": "Group3",
"description": "Third group",
"display": "group1\\ngroup2"}
now in API version 1 the command expects as arguments:
{"group": "group3",
"host": "myserver.com",
"label": "Group3",
"description": "Third group",
"display": ["group1", "group2"]}
There was an incoherence in mod_http_api results when they were integer/string and when they were list/tuple/rescode…: the result contained the name, for example:
$ curl -k -X POST -H "Content-type: application/json" -d '{}' "http://localhost:5280/api/get_loglevel/v0"
{"levelatom":"info"}
Staring in API version 1, when result is an integer or a string, it will not contain the result name. This is now coherent with the other result formats (list, tuple, …) which don’t contain the result name either.
Some examples with API version 0 and API version 1:
$ curl -k -X POST -H "Content-type: application/json" -d '{}' "http://localhost:5280/api/get_loglevel/v0"
{"levelatom":"info"}
$ curl -k -X POST -H "Content-type: application/json" -d '{}' "http://localhost:5280/api/get_loglevel"
"info"
$ curl -k -X POST -H "Content-type: application/json" -d '{"name": "registeredusers"}' "http://localhost:5280/api/stats/v0"
{"stat":2}
$ curl -k -X POST -H "Content-type: application/json" -d '{"name": "registeredusers"}' "http://localhost:5280/api/stats"
2
$ curl -k -X POST -H "Content-type: application/json" -d '{"host": "localhost"}' "http://localhost:5280/api/registered_users/v0"
["admin","user1"]
$ curl -k -X POST -H "Content-type: application/json" -d '{"host": "localhost"}' "http://localhost:5280/api/registered_users"
["admin","user1"]
ejabberdctl now supports list and tuple arguments, like mod_http_api and ejabberd_xmlrpc. This allows ejabberdctl to execute all the existing commands, even some that were impossible until now like create_room_with_opts and set_vcard2_multi.
List elements are separated with , and tuple elements are separated with :.
Relevant commands:
– add_rosteritem
– create_room_with_opts
– oauth_issue_token
– send_direct_invitation
– set_vcard2_multi
– srg_create
– subscribe_room
– subscribe_room_many
Some example uses:
ejabberdctl add_rosteritem user1 localhost testuser7 localhost NickUser77l gr1,gr2,gr3 both
ejabberdctl create_room_with_opts room1 conference.localhost localhost public:false,persistent:true
ejabberdctl subscribe_room_many user1@localhost:User1,admin@localhost:Admin room1@conference.localhost urn:xmpp:mucsub:nodes:messages,u
Until now, ejabberdctl returned list elements separated with ;. Now in API version 1 list elements are separated with ,.
For example, in ejabberd 23.10:
$ ejabberdctl get_roster admin localhost
jan@localhost jan none subscribe group1;group2
tom@localhost tom none subscribe group3
Since this ejabberd release, using API version 1:
$ ejabberdctl get_roster admin localhost
jan@localhost jan none subscribe group1,group2
tom@localhost tom none subscribe group3
it is still possible to get the results in the old syntax, using API version 0:
$ ejabberdctl --version 0 get_roster admin localhost
jan@localhost jan none subscribe group1;group2
tom@localhost tom none subscribe group3
ejabberd supports around 200 administrative commands, and probably you consult them in the ejabberd Docs -> API Reference page, where all the commands documentation is perfectly displayed…
The ejabberdctl command-line script already allowed to consult the commands documentation, consulting in real-time your ejabberd server to show you exactly the commands that are available. But it lacked some details about the commands. That has been improved, and now ejabberdctl shows all the information, including arguments description, examples and version notes.
For example, the connected_users_vhost command documentation as seen in the ejabberd Docs site is equivalently visible using ejabberdctl:
$ ejabberdctl help connected_users_vhost
Command Name: connected_users_vhost
Arguments: host::binary : Server name
Result: connected_users_vhost::[ sessions::string ]
Example: ejabberdctl connected_users_vhost "myexample.com"
user1@myserver.com/tka
user2@localhost/tka
Tags: session
Module: mod_admin_extra
Description: Get the list of established sessions in a vhost
Erlang/OTP 27.0-rc1 was recently released, and ejabberd can be compiled with it. If you are developing or experimenting with ejabberd, it would be great if you can use Erlang/OTP 27 and report any problems you find. For production servers, it’s recommended to stick with Erlang/OTP 26.2 or any previous version.
In this sense, the rebar and rebar3 binaries included with ejabberd are also updated: now they support from Erlang 24 to Erlang 27. If you want to use older Erlang versions from 20 to 23, there are compatible binaries available in git: rebar from ejabberd 21.12 and rebar3 from ejabberd 21.12.
Of course, if you have rebar or rebar3 already installed in your system, it’s preferable if you use those ones, because probably they will be perfectly compatible with whatever erlang version you have installed.
ejabberd container imageThe binary installers now include the recent and stable Erlang/OTP 26.2.2 and Elixir 1.16.1. Many other dependencies were updated in the installers, the most notable is OpenSSL that has jumped to version 3.2.1.
The ejabberd container image and the ecs container image have gotten all those version updates, and also Alpine is updated to 3.19.
By the way, this container image already had support to run commands when the container starts… And now you can setup the commands to allow them fail, by prepending the character !.
When compiling ejabberd from source code, you may have noticed there are a lot of possibilities. Let’s take an overview before digging in the new improvements:
make install: copies the files to the systemmake prod: prepares a self-contained OTP production release in _build/prod/, and generates a tar.gz file. This was previously named make relmake dev: prepares quickly an OTP development release in _build/dev/make relive: prepares the barely minimum in _build/relive/ to run ejabberd and starts itejabberdctl with erlang shell: start/foreground/liveejabberdctl with elixir shell: iexliveejabberd console/start (this script is generated by rebar3 or mix, and does not support ejabberdctl configurable options)For example:
– the CI dynamic tests use rebar3, and Runtime tries to test all the possible combinations
– ejabberd binary installers are built using: mix + make prod
– container images are built using: mix + make prod too, and started with ejabberdctl foreground
Several combinations didn’t work correctly until now and have been fixed, for example:
– mix + make relive
– mix + make prod/dev + ejabberdctl iexlive
– mix + make install + ejabberdctl start/foregorund/live
– make uninstall buggy has an experimental alternative: make uninstall-rel
– rebar + make prod with Erlang 26
ejabberd uses Rebar to manage dependencies and compilation since ejabberd 13.10 4d8f770. However, that tool is obsolete and unmaintained since years ago, because there is a complete replacement:
Rebar3 is supported by ejabberd since 20.12 0fc1aea. Among other benefits, this allows to download dependencies from hex.pm and cache them in your system instead of downloading them from git every time, and allows to compile Elixir files and Elixir dependencies.
In fact, ejabberd can be compiled using mix (a tool included with the Elixir programming language) since ejabberd 15.04 ea8db99 (with improvements in ejabberd 21.07 4c5641a)
For those reasons, the tool selection performed by ./configure will now be:
– If --with-rebar=rebar3 but Rebar3 not found installed in the system, use the rebar3 binary included with ejabberd
– Use the program specified in option: --with-rebar=/path/to/bin
– If none is specified, use the system mix
– If Elixir not found, use the system rebar3
– If Rebar3 not found, use the rebar3 binary included with ejabberd
Support for Elixir 1.1 was added as a dependency in commit 01e1f67 to ejabberd 15.02. This allowed to compile Elixir files. But since Elixir 1.4.5 (released Jun 22, 2017) it isn’t possible to get Elixir as a dependency… it’s nowadays a standalone program. For that reason, support to download old Elixir 1.4.4 as a dependency has been removed.
When Elixir support is required, better simply install Elixir and use mix as build tool:
./configure --with-rebar=mix
Or install Elixir and use the experimental Rebar3 support to compile Elixir files and dependencies:
./configure --with-rebar=rebar3 --enable-elixir
It is now possible to compile ejabberd using Rebar3 and support Elixir compilation. This compiles the Elixir files included in ejabberd’s lib/ path. There’s also support to get dependencies written in Elixir, and it’s possible to build OTP releases including Elixir support.
It is necessary to have Elixir installed in the system, and configure the compilation using --enable-elixir. For example:
apt-get install erlang erlang-dev elixir
git clone https://github.com/processone/ejabberd.git ejabberd
cd ejabberd
./autogen.sh
./configure --with-rebar=rebar3 --enable-elixir
make
make dev
_build/dev/rel/ejabberd/bin/ejabberdctl iexlive
Elixir 1.10.3 is the minimum supported, but:
– Elixir 1.10.3 or higher is required to build an OTP release with make prod or make dev
– Elixir 1.11.4 or higher is required to build an OTP release if using Erlang/OTP 24 or higher
– Elixir 1.11.0 or higher is required to use make relive
– Elixir 1.13.4 with Erlang/OTP 23.0 are the lowest versions tested by Runtime
For all those reasons, if you want to use Elixir, it is highly recommended to use Elixir 1.13.4 or higher with Erlang/OTP 23.0 or higher.
make rel is renamed to make prodWhen ejabberd started to use Rebar2 build tool, that tool could create an OTP release, and the target in Makefile.in was conveniently named make rel.
However, newer tools like Rebar3 and Elixir’s Mix support creating different types of releases: production, development, … In this sense, our make rel target is nowadays more properly named make prod.
For backwards compatibility, make rel redirects to make prod.
make install-rel and make uninstall-relThis is an alternative method to install ejabberd in the system, based in the OTP release process. It should produce exactly the same results than the existing make install.
The benefits of make install-rel over the existing method:
– this uses OTP release code from rebar/rebar3/mix, and consequently requires less code in our Makefile.in
– make uninstall-rel correctly deletes all the library files
This is still experimental, and it would be great if you are able to test it and report any problem; eventually this method could replace the existing one.
Just for curiosity:
– ejabberd 13.03-beta1 got support for make uninstall was added
– ejabberd 13.10 introduced Rebar build tool and code got more modular
– ejabberd 15.10 started to use the OTP directory structure for ‘make install’, and this broke make uninstall
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
And also to all the people contributing in the ejabberd chatroom, issue tracker…
Customers of the ejabberd Business Edition, in addition to all those improvements and bugfixes, also get:
x:oob data as source for image delivered in pushesTooManyProviderTokenUpdated errorget_push_logs command generate better error if mod_push_logger not availableget_push_logs that can be used to retrieve info about recent pushes and errors reported by push servicesmod_mam_http_access API to also accept range of messagesmod_muc_state_query to fix subject_author room state fieldxdata in mod_muc_state_queryThis is a more detailed list of changes in this ejabberd release:
mod_matrix_gwdisable_sasl_scram_downgrade_protection: New option to disable XEP-0474negotiation_timeout: Increase default value from 30s to 2mEJABBERD_OPTS and logger options"", and use previous flags as exampleeldap tls_verify=soft and falsefail_if_no_peer_cert for eldap ssl client connectionsmax_items node options on readsha256_password auth pluginsql_flags: right now only useful to enable mysql_alternative_upsertCTL_ON_* commandsprint_sql_schema: New command available in ejabberdctl command-line scriptmuc_sub tag to all the relevant commandsset_presence: switch priority argument from string to integervX--enable-group option (#4135)--enable-toolsinstall-rel and uninstall-relmake rel to make prodmake edoc to use ExDoc, requires mixescript to run rebar|rebar3|mix--with-rebar=rebar3 but rebar3 not system-installed, use local one--enable-elixiriexdev profile/environment, enable tools automaticallyFORMATTER ERROR: bad return value (#4087)Elixir Hex APIvars.config not foundvars_config_path to set path to vars.config (#4128)https://github.com/processone/ejabberd/compare/23.10…24.02
As usual, the release is tagged in the Git source code repository on GitHub.
The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags.
The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs. The alternative ejabberd container image is available in ghcr.io/processone/ejabberd.
If you consider that you’ve found a bug, please search or fill a bug report on GitHub Issues.
The post ejabberd 24.02 first appeared on ProcessOne. Introducing ejabberd 24.07: Bugfix Release
This ejabberd 24.07 is mostly a bugfix release for the recent 24.06, and also includes a few improvements.
If you upgrade ejabberd from a previous release, please check the WebAdmin Config Changes.
A more detailed explanation of those topics and other features:
The ejabberd 24.06 release notes announced the Improved WebAdmin with commands usage, and mentioned some api_permissions configuration details, but it was not explicit enough about this fact: with the default ejabberd configuration, an admin was allowed to log in to WebAdmin from any machine, but was only allowed to run commands from the loopback IP address! The WebAdmin showed the page sections, but they were all empty. In addition, there was a bug that showed similar symptoms when entering the WebAdmin from one host and then logging in as an account in another host. Both problems and their solutions are described in #4249.
Please update your configuration accordingly, adding permission from web admin to execute all commands to accounts logged in with admin privilege:
api_permissions:
"webadmin commands":
from: ejabberd_web_admin
who: admin
what: "*"
Of course you can customize that access as much as you want: only from specific IP addresses, only to certain accounts, only for specific commands…
update_sql_schema_timeoutThe new option update_sql_schema_timeout allows the schema update process to use longer timeouts. The default value is set to 5 minutes.
This also makes batch of schema updates to single table use transaction. This should help in not leaving table in inconsistent state if some update steps fail (unless you use MySQL where you can’t rollback changes to table schemas).
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
mysql.sql archive origin_idAnd also to all the people contributing in the ejabberd chatroom, issue tracker…
This is a more detailed list of changes in this ejabberd release:
ejabberd_options: Add trailing @ to @VERSION@ parsingmod_http_api: Fix problem parsing tuples when using OTP 27 json library (#4242)mod_http_api: Restore args conversion of {"k":"v"} to tuple listsmod_matrix_gw: Add misc:json_encode_With_kv_lists and use it in matrix sign functionmod_muc: Output muc#roominfo_avatarhash in room disco info as per updated XEP-0486 (#4234)mod_muc: Improve cross version handling of muc retractionsnode_pep: Add missing feature item-ids to node_pepmod_register: Send welcome message as chat too (#4246)ejabberd_hooks: Support for ejabberd hook subscribers, useful for mod_prometheusejabberd.app: Don’t add iex to included_applicationsmake-installers: Fix path in scripts in regular user install (#4258)mod_matrix_gw: Fix matrix_id_as_jid option documentationmod_register: Add example configuration of welcome_message optionmix.exs: Add ejabberd example config files to the hex packageCODE_OF_CONDUCT.md*.ex and no *.erlmix.exs: Include Elixir’s Logger in the OTP release, useful for mod_libclusterupdate_sql_schema_timeout to allow schema update use longer timeoutssql_transaction()mysql.sql, fix update instructions for the archive table, origin_id column (#4259)ejabberd.yml.example: Add api_permissions group for webadmin (#4249)https://github.com/processone/ejabberd/compare/24.06…24.07
As usual, the release is tagged in the Git source code repository on GitHub.
The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags.
The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs. The alternative ejabberd container image is available in ghcr.io/processone/ejabberd.
If you consider that you’ve found a bug, please search or fill a bug report on GitHub Issues.
The post ejabberd 24.07 first appeared on ProcessOne.Welcome to our first-ever “Meet the Team” series! In this first edition, we’ll be shining the spotlight on Nico Gerpe, the Business Unit Lead for the Americas team at Erlang Solutions.
Nico discusses his role at Erlang Solutions, his latest explorations in the IoT and machine learning space and most importantly- fun Argentinian summer traditions!
What is your role at Erlang Solutions and where are you based?
My role is Business Unit Lead for the Americas team and I am based out of Buenos Aires, Argentina.
What are the current priorities for the Americas team? Are there any specific markets you are focusing on?
Our priorities are growing our practices related to IoT, ML and DevOps on top of our main consultancy area of business. Our services and products benefit customers the most when they have already begun their digital journey and face challenges with their current tech stack. We help them overcome these obstacles and support their growth.
Which specific areas of IoT and machine learning are you planning to explore?
With regards to IoT, we are quite flexible and knowledgeable in managing multiple distributed devices, securing connections and handling vast areas of intercommunication. When it comes to machine learning, we are focusing on data processing/learning and computer vision.
Have you noticed any recent changes in the IoT and machine learning markets that have caught your attention?
Machine learning is evolving beyond training models. It is a way to consolidate and share data from multiple sources, creating significant value. What captured my attention was that it naturally gave me the solution as to how our IoT and ML practices were connected, to provide a comprehensive solution to our customers.
Do you have any fun plans for summer?
Going to the beach for at least a week.
Are there any fun summer Argentinian traditions during summertime?
A commonly accepted plan for any given Sunday is to gather at a house and light up a barbecue while enjoying the swimming pool. Eat late lunch, around 2 pm ish, for about 2 hours starting with picada, which is a mix of sausages, fries, pickles and white bread. Then a proper lunch consisting of barbecued cow, pork and/or chicken meat with salad options. After eating for almost two hours, we have a round of coffee and go back to the swimming pool. To sit back again and eat cake, candies, cookies, etc for another hour or so.
That’s a wrap for our chat with Nico!
The Americas team at Erlang Solutions is diving into some exciting areas of IoT and machine learning, helping businesses tackle their tech challenges and grow.
From managing distributed devices to advancing in computer vision, there’s a lot to look forward to. Stay tuned for more fun and insightful conversations with our amazing team in the next editions of our “Meet the Team” series.
If you’d like to chat about anything IoT, drop the team a line.
The post Meet the team: Nico Gerpe appeared first on Erlang Solutions.
Introducing ejabberd 24.06: Deep Work Release!
This new ejabberd 24.06 includes four months of work, close to 200 commits, including several minor improvements in the core ejabberd, and a lot of improvements in the administrative parts of ejabberd, like the WebAdmin and new API commands.
If you upgrade ejabberd from a previous release, please review those changes:
A more detailed explanation of those topics and other features:
ejabberd support for Erlang/OTP 27.0 has been improved. In this sense, when using Erlang/OTP 27, the jiffy dependency is not needed, as an equivalent feature is already included in OTP.
The lowest supported Erlang/OTP version continues being 20.0, and the recommendation is using 26.2, which is in fact the one included in the binary installers and container images.
Regarding Elixir, the new 1.17 works correctly. The lowest Elixir supported version is 1.10.3… but in order to benefit from all the ejabberd features, it is highly recommended to use Elixir 1.13.4 or higher with Erlang/OTP 23.0 or higher.
There are no changes in the SQL schemas in this release.
Notice that ejabberd can take care to update your MySQL, PostgreSQL and SQLite database schema if you enable the update_sql_schema toplevel option.
That feature was introduced for beta-testing in ejabberd 23.10 and announced in the blog post Automatic schema update in ejabberd.
Starting in this ejabberd 24.06, the update_sql_schema feature is considered stable and the option is enabled by default!
The sql_server top-level option now accepts the path to a unix socket domain, expressed as "unix:/path/to/socket", as long as you are using mysql or pgsql in the option sql_type.
This ejabberd 24.06 release introduces ejabberd Commands API v2. You can continue using API v1; or if you want to update your API client to use APIv2, those are the commands that changed and you may need to update in your client:
Support for banning an account has been improved in API v2:
– ban_account stores the ban information in the account XML private storage, so that command requires mod_private to be enabled
– get_ban_details shows information about the account banning, if any.
– unban_account performs the reverse operation, getting the account to its previous status.
The result value of those two commands was modified to allow their usage in WebAdmin:
– kick_user instead of returning an integer, it returns a restuple.
– rooms_empty_destroy instead of returning a list of rooms that were destroyed, it returns a restuple.
As a side note, this command has been improved, but this change doesn’t affect the API:
– join_cluster has been improved to work not only with the ejabberdctl command line script, but also with any other command frontend (mod_http_api, ejabberd_xmlrpc, ejabberd_web_admin, …).
Several new commands have been added, specially useful to generate WebAdmin pages:
ejabberd already has around 200 commands to perform many administrative tasks, both to get information about the server and its status, and also to perform operations with side-effects. Those commands have its input and output parameters clearly described, and also documented.
This release includes a set of functions (make_command/2 and /4, make_command_raw_value/3, make_table/2 and /4) to use all those commands to generate HTML content in the ejabberd WebAdmin: instead of writing again erlang code to perform those operations and then write code to format it and display as HTML… let’s have some frontend functions to call the command and generate the HTML content. With that new feature, writing content for WebAdmin is much easier if a command for that task already exists.
In this sense, most of the ejabberd WebAdmin pages have been rewritten to use the new make_command feature, many new pages are added using the existing commands. Also a few commands and pages are added to manage Shared Roster Groups.
Most WebAdmin pages use commands to generate the content, and access to those commands can be restricted using the api_permissions toplevel option.
The default ejabberd.yml configuration file already defines "admin access" that allows access from loopback IP address and accounts in the admin ACL to execute all commands except stop and start. So, no changes are required in the default configuration file to use the upgrade WebAdmin pages.
Now ejabberd_web_admin is another valid command frontend that can be specified in the from section. You can define fine-grained restrictions for accounts in WebAdmin, for example:
api_permissions:
"webadmin commands":
from:
- ejabberd_web_admin
who: admin
what:
- "*"
- "![tag:oauth]"
There are several changes in WebAdmin hooks that now provide the whole HTTP request instead of only some of its elements.
You can update your code easily, see:
webadmin_page_node: instead of Path, Query and Lang, gets Request-webadmin_page_node(Acc, Node, Path, Query, Lang) ->
+webadmin_page_node(Acc, Node, #request{path = Path, q = Query, lang = Lang}) ->
webadmin_page_hostnode: instead of Path, Query and Lang gets Request-webadmin_page_hostnode(Acc, Host, Node, Path, Query, Lang) ->
+webadmin_page_hostnode(Acc, Host, Node, #request{path = Path, q = Query, lang = Lang}) ->
webadmin_user: instead of just the Lang, gets the whole Request-webadmin_user(Acc, User, Server, Lang) ->
+webadmin_user(Acc, User, Server, #request{lang = Lang}) ->
webadmin_menu_hostuser: new hook added:+webadmin_menu_hostuser(Acc, Host, Username, Lang) ->
webadmin_page_hostuser: new hook added:+webadmin_page_hostuser(Acc, Host, Username, Request) ->
internal command tag and any argument/resultDuring the development of the WebAdmin commands feature, it was noticed the necessity to define some commands that will be used by WebAdmin (or maybe also by other ejabberd code), but should NOT be accessed by command frontends (like ejabberdctl, mod_http_api, ejabberd_xmlrpc).
Such commands are identified because they have the internal tag.
Those commands can use any arbitrarily-formatted arguments/results, defined as any in the command.
make format and indentIf you use Emacs with erlang-mode, Vim with some Erlang indenter, VSCode, … they indent erlang code more or less similarly, but sometimes have some minor differences.
The new make format uses rebar3_format to format and indent files, with those restrictions:
@format-begin
Formatting can be disabled later in the file by adding another line that contains @format-end
Furthermore, it is later possible to enable formatting again in the same file, in case there is another piece of the file that should be automatically formatted.
Alternatively, the new make indent indents files using Emacs, it also replaces tabs with blankspaces and removes ending spaces. It can only indent one piece of code per file, the lines that finds between:
%% @indent-begin
...
%% @indent-end
mod_muc_room now uses hooks instead of function calls to mod_muc_log, see #4191.
The new hooks available, in case you want to write an ejabberd module that logs MUC room messages:
muc_log_check_access_log(Acc, Host, From)muc_log_get_url(Acc, StateData)muc_log_add(Host, Type, Data, RoomJid, Opts)When running ejabberd in an interactive development shell started using relive, it automatically compiles and reloads the source code when you modify a source code file.
How to use this:
make reliveRebar3 notes:
src_dirs option is used. However, now it only works if the parent directory is named “ejabberd”
Sync requires at least Erlang/OTP 21, which introduced the new try-catch syntax to retrieve the stacktrace
Mix note:
Several changes in ejabberd source code were done to produce markdown suitable for the new ejabberd Docs site, as announced two months ago: ejabberd Docs now using MkDocs
We would like to thank the contributions to the source code, documentation, and translation provided for this release by:
And also to all the people contributing in the ejabberd chatroom, issue tracker…
Customers of the ejabberd Business Edition, in addition to all those improvements and bugfixes, also get:
mod_gcmmod_applepushtls_verify option to mod_applepushmod_applepushsetup_push, get_push_setup and delete_push_setup for managing push setup, with support for Apple Push, Android Push, Pushy.me and Webpush/WebhookThis is a more detailed list of changes in this ejabberd release:
econf: Add ability to use additional custom errors when parsing optionsejabberd_logger: Reloading configuration will update logger settingsgen_mod: Add support to specify a hook global, not vhost-specificmod_configure: Retract Get User Password command to update XEP-0133 1.3.0mod_conversejs: Simplify support for @HOST@ in default_domain option (#4167)mod_mam: Document that XEP-0441 is implemented as wellmod_mam: Update support for XEP-0425 version 0.3.0, keep supporting 0.2.1 (#4193)mod_matrix_gw: Fix support for @HOST@ in matrix_domain option (#4167)mod_muc_log: Hide join/leave lines, add method to show themmod_muc_log: Support allowpm introduced in 2bd61abmod_muc_room: Use ejabberd hooks instead of function calls to mod_muc_log (#4191)mod_private: Cope with bookmark decoding errorsmod_vcard_xupdate: Send hash after avatar get set for first timeprosody2ejabberd: Handle the approved attribute. As feature isn’t implemented, discard it (#4188)update_sql_schema: Enable this option by defaultmqtt_pub table definition from mysql.sql and fix should_update_schema/1 in ejabberd_sql_schema.erlupdate_primary_key command to sql schema updaterexport2sql when MAM enabled but MUC disabledjoin_cluster_here: New command to join a remote node into our local clusterget_user_subscriptions: Fix validation of user field in that commandmod_admin_extra: Handle case when mod_private is not enabled (#4201)mod_muc_admin: Improve validation of arguments in several commandsejabberdctl: Comment ERTS_VSN variable when not used (#4194)ejabberdctl: Fix iexlive after make prod when using Elixirejabberdctl: If INET_DIST_INTERFACE is IPv6, set required option (#4189)ejabberdctl: Make native dynamic node names work when using fully qualified domain namesrebar.config.script: Support relaxed dependency version (#4192)rebar.config: Update deps version to rebar3’s relaxed versioningrebar.lock: Track file, now that rebar3 uses loose dependency versioningconfigure.ac: When using rebar3, unlock dependencies that are disabled (#4212)configure.ac: When using rebar3 with old Erlang, unlock some dependencies (#4213)mix:exs: Move xmpp from included_applications to applications.gitignore: Ignore ctags/etags filesmake dialyzer: Add support to run Dialyzer with Mixmake format|indent: New targets to format and indent source codemake relive: Add Sync tool with Rebar3, ExSync with Mixhook_deps: Use precise name: hooks are added and later deleted, not removedhook_deps: Fix to handle FileNo as tuple {FileNumber, CharacterPosition}code:lib_dir call to work with Erlang/OTP 27.0-rc2... in example configuration: it is assumed and reduces verbositynoteCTL_ON_CREATE usage in docker-compose examplehttps://github.com/processone/ejabberd/compare/24.02…24.06
As usual, the release is tagged in the Git source code repository on GitHub.
The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity.
For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags.
The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs. The alternative ejabberd container image is available in ghcr.io/processone/ejabberd.
If you consider that you’ve found a bug, please search or fill a bug report on GitHub Issues.
The post ejabberd 24.06 first appeared on ProcessOne.
The Ignite Realtime community is pleased to announce the release of Openfire 4.8.3. This release contains an important fix for thread lock situation described with OF-2845. If you have noticed clients getting logged out or unable to connect with Openfire 4.8.1 or 4.8.2, please do try this release and report in the community forums if your issue is persisting.
The changelog denotes a few other issues addressed with this release. You can find download artifacts available with the following sha256sum values.
b86bf8c01ede9cb2ae4f43dfd2f49239d9af2d73f650c7c2d52e5a936035e520 openfire-4.8.3-1.noarch.rpm
3f6da6c89ce701d974f6a1afe5ac0245f7112c5d165934eb1a85a749a1f040e2 openfire_4.8.3_all.deb
4fce60210033216556881fd9c988bea3ce30c0ed845f4dec3d4284ee835e8208 openfire_4_8_3.dmg
28b64c144001b0f6fb6eb4705d0bb1a92581774369378196182b8d35237b83be openfire_4_8_3.exe
43d3b042357a5c975785f3f223490e3dd18b1f499c206be6cd0857172cc005fc openfire_4_8_3.tar.gz
a09752fbe1226724d466028036fc65d31fe88e60a0efb27a87f1e10ab100fbb1 openfire_4_8_3_x64.exe
5c0638f150ccb61471b4b5152743b6d18cbe008473f454ed0091a13d7b80cb85 openfire_4_8_3.zip
For those of you curious, here are the 4.8.2 artifact download statistics (released 8 days ago)
| Variant | Filename | Downloads |
|---|---|---|
| Linux RPM | openfire-4.8.2-1.noarch.rpm | 195 |
| Debian | openfire_4.8.2_all.deb | 635 |
| Mac | openfire_4_8_2.dmg | 56 |
| Windows 32bit | openfire_4_8_2.exe | 241 |
| Windows 64bit | openfire_4_8_2_x64.exe | 840 |
| Tarball | openfire_4_8_2.tar.gz | 135 |
| Zip Archive | openfire_4_8_2.zip | 72 |
| Total | 2,174 |
Thanks for your interest and usage of Openfire.
For other release announcements and news follow us on Mastodon or X
6 posts - 5 participants
XMPP Newsletter Banner
Welcome to the XMPP Newsletter, great to have you here again! This issue covers the month of June 2024.
The XSF has been accepted as a hosting organisation at GSoC in 2024 again! These XMPP projects have received a slot and have kicked-off with coding:
XSF and Google Summer of Code 2024
The XSF offers fiscal hosting for XMPP projects. Please apply via Open Collective. For more information, see the announcement blog post. Current projects you can support:
Debian and XMPP in Wind and Solar Measurement talk at MiniDebConf Berlin 2024.
Psi+ 1.5.1947 through 1.5.2012 installer and Psi+ 1.5.1979 through 1.5.2000 portable have been released.
Gajim 1.9.0 and 1.9.1 have been released. Half a year after the last release, Gajim 1.9.0 is finally here. This release brings long awaited support for message replies and message reactions. Message Moderation has been improved as well. Say hello to voice messages!
Gajim message reactions
Monal 6.4.0 has been released for iOS an macOS, with quite an impressive list of improvements. Monal was also running a fundraising campaign.
Movim 0.25 “Nagata” and 0.25.1 small bugfix have been released.
away, ability to moderate MUCs and support for xmppbl.org.
ejabberd WebAdmin interface
The XMPP Standards Foundation develops extensions to XMPP in its XEP series in addition to XMPP RFCs.
Developers and other standards experts from around the world collaborate on these extensions, developing new specifications for emerging practices, and refining existing ways of doing things. Proposed by anybody, the particularly successful ones end up as Final or Active - depending on their type - while others are carefully archived as Deferred. This life cycle is described in XEP-0001, which contains the formal and canonical definitions for the types, states, and processes. Read more about the standards process. Communication around Standards and Extensions happens in the Standards Mailing List (online archive).
The XEP development process starts by writing up an idea and submitting it to the XMPP Editor. Within two weeks, the Council decides whether to accept this proposal as an Experimental XEP.
If an experimental XEP is not updated for more than twelve months, it will be moved off Experimental to Deferred. If there is another update, it will put the XEP back onto Experimental.
<USERID> element”. (egp)Last calls are issued once everyone seems satisfied with the current XEP status. After the Council decides whether the XEP seems ready, the XMPP Editor issues a Last Call for comments. The feedback gathered during the Last Call can help improve the XEP before returning it to the Council for advancement to Stable.
Please share the news on other networks:
Also check out our RSS Feed!
Looking for job offers or want to hire a professional consultant for your XMPP project? Visit our XMPP job board.
This is a community effort, and we would like to thank translators for their contributions. Volunteers an more languages are welcome! Translations of the XMPP Newsletter will be released here (with some delay):
This XMPP Newsletter is produced collaboratively by the XMPP community. Each month’s newsletter issue is drafted in this simple pad. At the end of each month, the pad’s content is merged into the XSF Github repository. We are always happy to welcome contributors. Do not hesitate to join the discussion in our Comm-Team group chat (MUC) and thereby help us sustain this as a community effort. You have a project and want to spread the news? Please consider sharing your news or events here, and promote it to a large audience.
Tasks we do on a regular basis:
To unsubscribe from this list, please log in first. If you have not previously logged in, you may need to set up an account with the appropriate email address.
This newsletter is published under CC BY-SA license.
I will comment on an interesting article from Meredith Whittaker and Joshua Lund breaking down the cost of running a large-scale messaging platform.
It estimates that the cost to operate Signal messaging will reach 50 million dollars per year in 2025.
Privacy is Priceless, but Signal is Expensive
As of the end of 2023, the cost breakdown for running a large messaging platform like Signal was as follows:
Infrastructure Costs (as of November 2023): Approximately $14 million per year, to support between 40 and 50 million monthly active users.
And this is just for the infrastructure costs ! You need to add all the associated costs to operate an organization employing more than 50 people.
This article is interesting on several accounts:
The technical design of a messaging service significantly impacts the operational costs of the platform. Therefore, it’s crucial to make business model and technical choices simultaneously and be flexible to adapt to platform growth, as they are two sides of the same coin. Aligning these decisions ensures that both financial sustainability and technical feasibility are achieved.
The post Breaking Down the Costs of Large Messaging Services first appeared on ProcessOne.We’re in the midst of some rapid technological changes (AI, IoT, machine learning etc) and businesses are facing new obstacles. There is now a demand to balance company time and budgets amid all day-to-day responsibilities. Because of this, outsourcing services have become a strategic move for many.
Let’s look into how Erlang and Elixir programming languages help with business outsourcing. We’ll discuss their expertise in security, scalability and flexibility and how they support business goals.
Before we get into its benefits, it’s important to understand the growing importance of outsourcing tech for businesses. Gartner describes outsourcing as a way to “deliver IT-enabled processes, application services, and infrastructure solutions for business outcomes.”
According to the global Business Process Outsourcing (BPO) market, outsourcing reached $280.64bn in 2023 and is projected to grow 9.6% from 2024 to 2030.
This rise is driven by digital transformation, a focus on cost optimisation, and the increasing demand for specialised services. Companies are focusing more on efficiency and agility for long-term success. Outsourcing provides that much-needed flexibility. They are able to leverage top-tier expertise, without the need for full-time in-house commitment.
All businesses have sensitive data. To manage this, it must be understood that compliance and security go hand in hand. Compliance is all about adhering to standards and regulations within a given sector. These sectors are external laws (regulatory compliance) and internal policies (corporate compliance). Some of the most common include:
External laws:
Internal policies:
These are all designed to safeguard organisational data and systems from breaches and misuse.
An important benefit of Erlang and Elixir and functional languages lies in their flexibility. They focus on code clarity and predictability, which is important for providing enhanced security. So even if your business is operating on the most complex of systems, both languages allow for clear and easy testing. This allows developers to identify and rectify any system vulnerabilities effectively.
Another feature of a functional programming language is immutability, meaning it cannot change once created. For businesses, it ensures that data integrity is maintained, preventing any unauthorised changes to the system.
Both languages excel in handling concurrent connections and processes. This is crucial for environments where multiple devices are needed to communicate simultaneously, without performance bottlenecks.
Erlang and Elixir are equipped with powerful libraries that support industry-standard encryption protocols. It allows developers to implement strong encryption mechanisms quickly and effectively. This safeguards precious business data against unauthorised access and breaches.
Their strengths collectively ensure that business devices can communicate securely and reliably. Business data is supported and protected without compromise. To learn more about encryption support, take a look at our five tips to ensure business security.
According to Deloitte, the top reason (70%) for business outsourcing is cost reduction. Outsourcing ensures that you are only paying for the services you need when you need them, leading to cost management and savings.
Businesses are paying external providers to:
Concerns over training expenses, workspaces, and further equipment are also alleviated, as your team already has the necessary resources to maintain your systems.
Elixir’s expressive syntax and the high developer productivity of Phoenix and LiveView can deliver more with less code, in less time, and with smaller teams. Its modern language features, such as pattern matching and powerful metaprogramming capabilities, enhance developer efficiency and reduce the complexity of codebases. The concurrency model inherited from Erlang allows for efficient handling of many simultaneous tasks, which can lead to cost savings on infrastructure. Also, its vibrant community and extensive libraries allow for rapid development and quick problem-solving. This is another great pro for businesses as it further reduces development time and associated costs.
Erlang’s lightweight process model allows developers to handle numerous simultaneous operations with minimal resource consumption. This leads to significant infrastructure cost savings.
The language’s robust error-handling capabilities and “let it crash” philosophy simplify the development of reliable, self-healing systems, reducing the need for extensive debugging and maintenance efforts. Erlang’s mature ecosystem and extensive libraries also enable developers to quickly implement complex features, decreasing development time and allowing smaller teams to achieve more with less. This overall efficiency translates into lower long-term operational and development costs for businesses.
Businesses that outsource their tech stack get value for money in expertise. Outsourcing provides a range of skills and knowledge of a dedicated team.
Expertise is one of the largest benefits of outsourcing your Erlang and Elixir. Erlang in particular has been around for over two decades, so businesses have the added benefit of known reliability and an established reputation.
The rise of Elixir in the programming language space has been impressive, to say the least. It leverages the strengths of the Erlang Virtual Machine (BEAM). So while it hasn’t been around for as long as Erlang, it has inherited the same fault-tolerant, concurrent and distributed computing capabilities.
The expertise of developers alleviates dealing with complex technical issues, resulting in improved operational efficiency, cost savings, and a stronger competitive edge in the market.
Businesses outsource to concentrate on their competencies and strategic initiatives. They are reducing time-consuming tasks, which allows their internal teams to focus on core business activities.
This enhanced focus can lead to higher productivity, improved quality, and scope for accelerated innovation.
Here are just some examples of how Erlang and Elixir support business focus:
Scalability and performance
Both languages are designed to handle levels of concurrency with ease. This allows businesses to seamlessly build and maintain applications, in line with increasing demand. It frees up time to focus on growth instead of worrying about the limitations of infrastructure.
For more on the benefits of scalability, you can check out our post on scalable systems.
Fault tolerance
Erlang and Elixir have built-in features for fault tolerance, such as supervision trees and isolated processes. This allows applications built within either language to recover almost from failures. It reduces downtime and allows businesses to run smoothly without manual intervention.
Rapid development
Elixir in particular shines in this department. Leveraging its productivity on Erlang’s underlying BEAM virtual machine, it provides a much more readable syntax and metaprogramming, allowing for faster development cycles which in turn, enables a faster time to market.
Maintainable code
We have already touched on the functional nature of both Erlang and Elixir. It encourages clear, modular, and maintainable code. This allows businesses to easily update and extend their applications, reducing the risk of bugs and improving the overall long-term maintainability.
We’ve shown how utilising Erlang and Elixir can provide a host of strategic advantages for businesses. These languages provide expertise, enhanced security, cost-effective solutions, and scalability that allow businesses to offload day-to-day activities to concentrate on the bigger picture. If you’d like to learn more about how to make the most of your existing Erlang and Elixir tech stack, feel free to drop the team a line.
The post The Strategic Advantage of Outsourcing with Erlang and Elixir appeared first on Erlang Solutions.
Openfire 4.8.2 has landed!
This release addresses a number of issues in the real time collaboration server created by the Ignite Realtime Community that aim to reduce bugs and increase stability and performance.
Interested in getting started? You can download installers of Openfire here. Our documentation contains an upgrade guide that helps you update from an older version.
sha256sum checksum values for the release artifacts are as follows
4c2674fbf00768cf7ca9ccc9a6ef7e4aa693c19d9885ca469771677934634a40 openfire-4.8.2-1.noarch.rpm
76665dc80607516d12f1c8b7b323417e7993d2f87de2e82deeef43dd6a7d9761 openfire_4.8.2_all.deb
75c513db3c7e50fc5c28a7131aecc0c60ad2f858d7f04a9fe5d58a5de118afec openfire_4_8_2.dmg
d5af1c2012d092c7c1cd9247db4e4d8039f2617adc9f212d75e549eeca0a389a openfire_4_8_2.exe
4634e5be6314a5348e5e01413864a8ec6a7b3bbe6e2db1c051512c9bd72a199a openfire_4_8_2.tar.gz
82c5abdf917b8958311f5813960f3b545266d99d0f646eac9dddbaf0ef52c905 openfire_4_8_2_x64.exe
3327bc610af606a2df28a7077f225a68cf2d04d30a4c37592a5d17f5c22e8c07 openfire_4_8_2.zip
If you have any questions, please stop by our community forum or our live groupchat. We are always looking for volunteers interested in helping out with Openfire development!
For other release announcements and news follow us on Mastodon or X.
2 posts - 2 participants
We have just released version 1.3.0 of the Botz framework for Openfire (the real-time communications server provided by the Ignite Realtime community)!
The Botz library adds to the already rich and extensible Openfire with the ability to create internal user bots.
In this release, compatbility with Openfire 4.8.0 and later has been resolved. Thank you to Sheldon Robinson for helping us fix that!
Download the latest version of the Botz framework from its project page!
For other release announcements and news follow us on X and Mastodon.
1 post - 1 participant
Elixir allows application developers to create very parallel and very complex systems. Tools like Phoenix PubSub and LiveView thrive on this property of the language, making it very easy to develop functionality that requires continuous updates to users and clients.
But one thing that has often frustrated me is how to cleanly design an application to respond to database record updates.
A typical pattern that I’ve used is to have a dedicated function which makes a database change (e.g Shipping.insert_event). This function can contain a post-update step which sends out, for example, a PubSub broadcast. But this relies on the team using that function consistently. If there are other update functions (e.g. Shipping.insert_delivery) they also need to do the broadcast.
But the most fool-proof solution would be to have the database update the application whenever there is a change. Not only would this avoid needing to make sure all update functions send out broadcasts, but it also makes sure that the correct actions are taken whenever some external task or application updates the database directly.
While I knew that PostgreSQL had functionality to inform my applications about updates it always seemed intimidating. So I finally decided to figure out how it worked and to make a library! I’d like to introduce EctoWatch which is my attempt to implement this pattern in the simplest way possible.
Aside from the obvious case of updating LiveViews, there are a number of things you might want to do in response to record changes:
For example, if you insert a new status event for a tracked package, you may want to:
EctoWatch allows you to set up watchers in your application’s supervision tree which can track inserts, updates, and deletes on Ecto schemas which are backed by PostgreSQL tables:
{EctoWatch,
repo: MyApp.Repo,
pub_sub: MyApp.PubSub,
watchers: [
{Accounts.User, :inserted},
{Accounts.User, :updated},
{Accounts.User, :deleted},
{Shipping.Package, :inserted},
{Shipping.Package, :updated}
]}
Then processes can subscribe to the broadcasts sent by the watchers:
EctoWatch.subscribe({Accounts.User, :inserted})
EctoWatch.subscribe({Accounts.User, :updated})
EctoWatch.subscribe({Accounts.User, :deleted})
EctoWatch.subscribe({Shipping.Package, :inserted})
EctoWatch.subscribe({Shipping.Package, :updated})
If your process just needs to get updates about a specific record an ID can be given:
EctoWatch.subscribe({Accounts.Package, :updated}, package.id)
Then finally the module that implements your process (LiveView, GenServer, etc…) can handle messages about records:
# LiveView example
def handle_info({{Accounts.User, :inserted}, %{id: id}}, socket) do
user = Accounts.get_user(id)
socket = stream_insert(socket, :users, user)
{:noreply, socket}
end
def handle_info({{Accounts.User, :updated}, %{id: id}}, socket) do
user = Accounts.get_user(id)
socket = stream_insert(socket, :users, user)
{:noreply, socket}
end
def handle_info({{Accounts.User, :deleted}, %{id: id}}, socket) do
socket = stream_delete_by_dom_id(socket, :songs, "users-#{id}”)
{:noreply, socket}
end
You can also define which columns trigger messages on updates as well as which values (in addition to the ID) to send with messages. Definitely check out the repo’s README for more details on how to use EctoWatch!
I believe that EctoWatch can be a powerful new way to simplify how we deal with database changes. Allowing a quick configuration of watchers and using simple message passing with Phoenix PubSub, you can separate the concern of making a change from the concern of what happens as a result of the change. This allows your code to be more easily readable and refactorable.
If you’re in need of help with Elixir development, code and architecture reviews, and more then drop us a line.
The post Let Your Database Update You with EctoWatch appeared first on Erlang Solutions.
Earlier today, version 1.11.0 of the REST API plugin for Openfire was released!
The REST API Plugin provides the ability to manage Openfire (the real-time communications server created by the Ignite Realtime community) by sending an REST/HTTP request to the server. This plugin’s functionality is useful for applications that need to administer Openfire outside of the Openfire admin console.
This release mainly addresses compatibility issues with Openfire versions 4.8.0 and later. A big thank you to community member Anckermann for providing the bulk of the fixes!
The updated plugin should become available for download in your Openfire admin console in the course of the next few hours. Alternatively, you can download the plugin directly, from the plugin’s archive page
For other release announcements and news follow us on Mastodon or X
1 post - 1 participant
Gajim 1.9.1 introduces a menu button, adds improvements for Security Labels, and fixes some bugs. Thank you for all your contributions!
Since Gajim 1.9.0, you can toggle Gajim’s main menu bar by pressing Ctrl+M. In order to have a proper replacement for when the menu bar is hidden, we added a menu button to the top left, which contains all of the menu bar’s items.
If you are using Security Labels (XEP-0258) with Gajim, you can now correct labels on messages. Overall handling of Security Labels has been improved as well.
Last but not least, Gajim’s database migration has been improved as well.
This release also comes with many bugfixes. Have a look at the changelog for a complete list.
As always, don’t hesitate to contact us at gajim@conference.gajim.org or open an issue on our Gitlab.
Gajim is free software developed by volunteers.
If you like to support Gajim, please consider making a donation.
Donate via Liberapay:
Digital payments are essential to the global economy and have seen rapid and significant changes in recent years.
Let’s take a look at the key trends of this change and some of the emerging digital trends are broadening the payments ecosystem. We’ll look at how payments work and the broader payments ecosystem.
Evolving customer expectations and technological advances are driving innovation. They now prioritise speed, near-to-real-time payments, frictionless transactions and decentralised models. Fuelled by the pandemic, significant growth of digital commerce has led to record payment volumes in most markets. These factors make payments one of the most interesting areas of financial services. There are opportunities for innovative fintechs to provide better client experiences and for traditional players to expand their services.
Market competition is driving down fees. It is a challenge for traditional players to maintain the same levels of profitability while using existing payment infrastructure. We have seen fintech businesses launch into the payments ecosystem, offering a more diverse range of services.
Traditional payment companies are responding by leveraging the huge amounts of data at their disposal to guide a strategy of adding to their offering. These new services are in areas including loyalty, tailored offers, data insights, risk management and more.
Consumers’ shift to digital channels drives demand for seamless fulfilment and instant gratification. A recent Capgemini World Payments Report survey found an increase from 24% to 46% in respondents who had e-commerce accounts for more than half of their monthly spending. This is compared from before the pandemic to now.
Retail E-commerce sales worldwide revenue
According to Statista, 91% of the global population is expected to own a smartphone by 2026.
A majority of people have now experienced the efficiencies offered by digital payments. It is unlikely they will ever return to the older, inefficient ways of the past.
Nayapay, one of our clients in the South Asian market is using the MongooseIM chat engine. They are an example of players in the payments space seizing the opportunity to disrupt local markets.
Their chat-based payments app targets the unbanked in Pakistan. It is built around fusing the penetration of smartphone usage with people’s willingness to integrate transactions into their daily digital activities, adding ease of cashless payments to their everyday lives.
Demand for instant transactions is driving change in cross-border payments, international remittances and e-commerce. Mirroring the speed of cash transactions electronically used to be a challenge. Now, the introduction of real-time clearing and settlement facilities across markets makes processing payments almost instant.
Studies by the Federal Reserve Financial Services saw the strong growth of digital wallets in 2023, (US). Businesses increased their use by 31% from the previous year, and consumers experienced a 32% increase in this digital adoption.
Here are some more statistics on the most popular use cases for faster payments:
Source: Federal Reserve study sheet
As shown by the chart, one of the most popular cases is person-to-person, or peer-to-peer (P2P) payments.
Consumers are embracing the simplicity of peer-to-peer services. Zelle, Venmo (US), Kuflink and easyMoney (UK) are commonly used for everyday transactions. These services are important to people seeking quick, hassle-free ways to settle informal payments.
The availability of P2P services is expected to expand to meet the growing market demand.
According to Precedence Research, the global peer-to-peer (P2P) lending market size was valued at USD 110.9 billion in 2023. It is expected to hit over USD 1,168.1 billion by 2033.
From peer-to-peer services that enable informal transactions to the widespread adoption of digital payments, consumers are welcoming the future of finance. As technology continues to reshape how we conduct transactions, the prospect of a cashless society becomes more conceivable.
Lengthy checkout pages are seen as a turn-off to e-commerce customers. Using embedded payments allows you to skip the additional steps. So instead of providing just a single, clickable button on your app or website, the customer can choose their desired payment, such as Klarna, Amazon Pay, or PayPal, then click the embedded link and complete the transaction.
Amazon customers can log into their accounts that already contain stored payment details and shipping addresses. They then use the “Buy Now” button to instantly complete their purchase.
It requires only a payment confirmation and avoids the need to re-enter payment and shipping information. This quick transaction process takes just seconds and has become commonplace with apps such as Uber, GrubHub, and more.
By integrating financial products into non-financial platforms, embedded finance is enhancing the convenience and speed of digital payments.
For consumers, embedded finance offers additional benefits including:
Beyond BNPL, other financial products like lending and card issuing are also being integrated into these platforms. Major banks can reach millions of new users through Banking-as-a-Service (BaaS) APIs provided to technology businesses and platforms outside the traditional financial services industry.
The diverse range of digital touchpoints involved in a cashless payments ecosystem provides vast amounts of data.
This is important to banks and fintechs to grow client relationships based on analytics and insights. Companies that can unlock the true value of payment activity data by leveraging artificial intelligence (AI) and machine learning (ML) tools. These can offer more efficient, tailored products and a more secure, protected environment.
The implementation of the messaging standard ISO20022 is a vital part of improving the amount and quality of payment data available. As the global standard for payment messaging, ISO 20022 provides better-structured and more granular data. A shared language to be used for transactions made by anyone, anywhere.
The modern digital payments ecosystem is varied. Overall, the journey towards more digital, open and real-time operations mirrors how society at large now lives online.
We help to create digital and mobile payment solutions that enhance the customer experience and protect customer data. We work with clients who provide services, cryptocurrency, blockchain, embedded finance, payment gateways and more. To learn more about our offering, you can contact our team directly.
The post Exploring Key Trends in Digital Payments appeared first on Erlang Solutions.
Our current development iPhone 8, which we bought in 2020, is getting on in years, is not able to run iOS 17 and the battery is broken.
So it’s that time again: we are launching a new fundraising campaign for 350 EUR to finance a new development iPhone capable of running iOS 17 and several upcoming iOS versions. Currently we are aiming for an iPhone 13.
You can view our donation options over here: Donate
In an increasingly tech-driven world, the implementation of IoT for business is a given. According to the latest data, there are currently 17.08 billion connected IoT devices– and counting. A growing number of devices requires robust IoT security to maintain privacy, protect sensitive data and prevent unauthorised access to connected devices.
A single compromised device can be a threat to an entire network. For businesses, it can lead to major financial losses, operational disruptions and a major impact on brand reputation. We will be taking you through the five key considerations to ensure IoT for businesses including data encryption methods, password management, IoT audits, workplace education and the importance of disabling unused features.
Weak passwords make IoT devices susceptible to unauthorised access, leading to data breaches, privacy violations and increased security risks. When companies install devices, without changing default passwords or by creating oversimplified ones, they create a gateway entry point for attackers. Implementing strong and unique passwords can ensure the protection of these potential threats.
Each device in a business should have its own unique password that should change on a regular basis. According to the 2024 IT Trends Report by JumpCloud, 83% of organisations surveyed use password-based authentication for some IT resources.
Consider using a business-wide password manager to store your passwords securely and that allows you to use unique passwords across multiple accounts.
Password managers are also incredibly important as they:
Multi-factor authentication (MFA) adds an additional layer of security. It requires additional verification beyond just a password, such as SMS codes, biometric data or other forms of app-based authentication. You’ll find that many password managers actually offer built-in MFA features for enhanced security.
Some additional security benefits include:
As soon as an IoT device becomes connected to a new network, it is strongly recommended that you reset any settings with a secure, complex password. Using password managers allows you to generate unique passwords for each device to secure your IoT endpoints optimally.
Why is data encryption so necessary? With the increased growth of connected devices, data protection is a growing concern. In IoT, sensitive information (personal data, financial, location etc) is vulnerable to cyber-attacks if transmitted over public networks. When done correctly, data encryption renders personal data unreadable to those who don’t have outside access. Once that data is encrypted, it becomes safeguarded, mitigating unnecessary risks.
Additional benefits to data encryption
There are a few data encryption techniques available to secure IoT devices from threats. Here are some of the most popular techniques:
Triple Data Encryption Standard (Triple DES): Uses three rounds of encryption to secure data, offering a high-level of security used for mission-critical applications.
Advanced Encryption Standard (AES): A commonly used encryption standard, known for its high security and performance. This is used by the US federal government to protect classified information.
Rivest-Shamir-Adleman (RSA): This is based on public and private keys, used for secure data transfer and digital signatures.
Each encryption technique has its strengths, but it is crucial to choose what best suits the specific requirements of your business.
When implementing data encryption protocols for IoT security, Erlang and Elixir offer great support to ensure secure communication between IoT devices. We go into greater detail about IoT security with Erlang and Elixir in a previous article, but here is a reminder of the capabilities that make them ideal for IoT applications:
Erlang and Elixir can be powerful tools for businesses, enhancing the security of IoT devices and delivering high-performance systems that ensure robust encryption support for peace of mind.
Performing regular security audits of your systems can be critical in protecting against vulnerabilities. Keeping up with the pace of IoT innovation often means some IoT security considerations get pushed to the side. But identifying weaknesses in existing systems allows organisations to implement much- needed strategy.
We’ve explained how IoT audits are key in maintaining secure systems. Now let’s take a look at some of the common types of IoT security testing options available:
Firmware analysis is a key part of IoT security testing. It explores the firmware, the core software embedded into the IoT hardware of IoT products (routers, monitors etc). Examining the firmware means security tests can identify any system vulnerabilities, that might not be initially apparent. This improves the overall security of business IoT devices.
In this popular testing method, security professionals create a checklist based on potential attack methods, and then suggest ways to mitigate them. This ensures the security of systems by offering analysis of necessary security controls.
This type of security testing finds and exploits security vulnerabilities in IoT devices. IoT penetration testing is used to check the security of real-world IoT devices, including the entire ecosystem, not just the device itself.
Incorporating these testing methods is essential to help identify and mitigate system vulnerabilities. Being proactive and addressing these potential security threats can help businesses maintain secure IoT infrastructure, enhancing operational efficiency and data protection.
Employees can be an entry point for network threats in the workplace.
The time of BYOD (bring your own devices) where an employee’s work supplies would consist of their laptops, tablets and smartphones in the office to assist with their tasks, is long gone. Now, personal IoT devices are also used in the workplace. Think of your popular wearables like smartwatches, fitness trackers, e-readers and portable game consoles. Even portable appliances like smart printers and smart coffee makers are increasingly popular in office spaces.
Example of increasing IoT devices in the office. Source: House of IT
The use of various IoT devices throughout your business network is the most vulnerable target for cybercrime, using techniques such as phishing and credential hacking or malware.
Phishing attempts are among the most common. Even the most ‘tech-savvy’ person can fall victim to them. Attackers are skilled at making phishing emails seem legitimate, forging real domains and email addresses to appear like a legitimate business.
Malware is another popular technique concealed in email attachments, sometimes disguised as Microsoft documents, unassuming to the recipient.
Threat or malicious actors are increasingly targeting remote workers. Research by Global Newswire shows that remote working increases the frequency of cyber attacks by a staggering 238%.
The nature of remote employees housing sensitive data on various IoT devices makes the need for training even more important. There is now a rise in companies moving to secure personal IoT devices that are used for home working, with the same high security as they would corporate devices.
How are they doing this? IoT management solutions. They provide visibility and control over other IoT devices. Key players across the IoT landscape are creating increasingly sophisticated IoT management solutions, helping companies administer and manage relevant updates remotely.
The use of IoT devices is inevitable if your enterprise has a remote workforce.
Regular remote updates for IoT devices are essential to ensure the software is up-to-date and patched. But even with these precautions, you should be aware of IoT device security risks and take steps to mitigate them.
Getting employees involved in the security process encourages awareness and vigilance for protecting sensitive network data and devices.
Comprehensive and regularly updated education and training are vital to prepare end-users for various security threats. Remember that a business network is only as secure as its least informed or untrained employee.
Here are some key points employees need to know to maintain IoT security:
Investing the time and effort to ensure your employees are well informed and prepared for potential threats can significantly enhance your business’s overall IoT security standing.
Enterprise IoT devices come with a range of functionalities. Take a smartwatch, for example. Its main purpose as a watch is of course to tell the time, but it might also include Bluetooth, Near-Field Communication (NFC), and voice activation. If you aren’t using these features, then you’re opening yourself up for hackers to potentially breach your device. Deactivation of unused features reduces the risk of cyberattacks, as it limits the ways for hackers to breach these devices.
If these additional features are not being used, they can create unnecessary security vulnerabilities. Disabling unused features helps to ensure IoT security for businesses in several ways:
The continued adoption of IoT is not stopping anytime soon. Neither are the possible risks. Implementing even some of the five tips we have highlighted can significantly mitigate the risks associated with the growing number of devices used for business operations.
Ultimately, investing in your business’s IoT security is all about safeguarding the entire network, maintaining the continuity of day-to-day operations and preserving the reputation of your business. You can learn more about our current IoT offering by visiting our IoT page or contacting our team directly.
The post Top 5 Tips to Ensure IoT Security for Your Business appeared first on Erlang Solutions.
Planet Jabber is an aggregate of personal weblogs of Jabber/XMPP developers and contributors.
See Planet Jabber News for general and project news.
Last updated:
August 17, 2024 09:38
All times are UTC.
The maintainer of this Planet is Ralph Meijer. He can be contacted at ralphm@ik.nu (Jabber and e-mail).
Powered by:
