Planet Jabber

December 09, 2018

Monal IM

Gmail Fixes and Hardening

It seems the last release’s changes to strictly check domains on SSL certs broke gmail compatibility when you host your domain there.  There is now a Mac beta of 2.3 with this fix available. The version number has increased because this is also the first release running in  the MacOS hardened runtime.  Let me know if you see any oddities. It’s an added layer of security  for users that I would like to take advantage of.  This is the first beta trying it out but going forward Monal builds not in the App Store will also be notarized.

by Anu at December 09, 2018 18:34

December 07, 2018

Monal IM

iOS and Mac releases and the future

Both releases are waiting for Apple’s review.  Mac clients usually get reviewed and approved in an hour or so (barring any issues).   Looking towards the future, I am curious to hear about your experiences. Are there are any particular issues you or people you have shown Monal to felt were lacking. Often times these are minor issues that can be resolved quickly  but are annoyances that prevent people from adopting Monal. I know a major one is OMEMO, which is coming,  but what else?

So, an open question either reply here, message or email . I’m looking for low hanging fruit I can prioritize to help adoption and grow the xmpp user base. 

by Anu at December 07, 2018 15:15


ejabberd 18.12

This new ejabberd 18.12 release includes new major features, but also several improvements and bug fixes.

New features

XML Compression in message archive storage

Message Archive Management is a very nice features of XMPP. It allows your users to store their message history directly on the XMPP server. It is pretty handy, but as the feature set used by clients grows, the overhead of the message in the data store grow as well. This is due to the various XML flags that are added to the message, serving both as metadata for the server or the message recipient.

We have added a custom compression to ejabberd to reduce the message size in the database. This mechanism uses custom compression algorithm operating on xml trees, which knows about most common tags used by xmpp, and allows better compression ratios that generic compression algorithms like zlib.

For example, we will compress this:

<message to="" from="" type="chat">
  <body>Hello there!</body>
  <request xmlns='urn:xmpp:receipts'/>

to: (everything represented as […] is actually encoded as single byte)

[jabber:client message]["to"=recipient with suffix]test["from"=sender]["type"="chat"][children list]
[jabber:client body]Hello there![end of a tag]
[urn:xmpp:receipts request][end of a tag]
[jabber:client thread]thread1[end of tag]
[end of tag]

This feature can be enabled by adding compress_xml: true option inside mod_mam module options. With this feature enabled, new messages added to archives are compressed. Depending on message pattern, the gain can vary. Your storage space can take between 35% of the original database size in the best case for typical standard message. In the worst case, the storage was still 80% of the original size, which is already an interesting saving. The worst case is typically triggered on large messages body, for example when the client use end-to-end encryption storage like OMemo (Encryption adds a significant data chunk that cannot be compressed).

Proxy protocol support

Ejabberd now supports version 1 and 2 of the proxy protocol.

This feature allows ejabberd to get clients real ip addresses and ports when running behind a proxy server which supports this protocol. It means that real IP addresses can be used for access control directly inside ejabberd, even when running behind a proxy.

That feature can be enabled by adding option use_proxy_protocol: true in listeners sections which use ejabberd_c2s or ejabberd_http module. It’s important to make sure that this option is enabled on listeners that are used ONLY by proxy server which supports this protocol, otherwise connections will be closed due to protocol mismatch.

MUC Self-Ping server optimisation (XEP-0410)

When using Multi-User Chat across XMPP federated servers, the client view about its MUC rooms status is not always properly in sync with the server view (for various reason like server-to-server connection loss, crashes, restart, etc.).

It is then recommended that the client sends periodically a ping probe to know if he is actually a participant in the remote server chat room or if it should rejoin the room. To make that feature totally reliable, proper collaboration of the server is required to skip a roundtrip in the self-ping flow and reply directly on behalf of the client. That way, you can expect to get a proper error reply or a ping response, making the features more predictable and easier to support on the client. It is also more efficient for the server.

The server optimisation is automatically enabled on ejabberd 18.12.

This self-ping packet is supposed to be send from the client to room that are hosted on remote servers, not on his own server.

This kind of probe is not required in the context of MucSub, as the goal of MucSub is to provide a way to interact with MUC rooms that is not based on presence.

We hope you will update your client to improve the reliability of your chat session in remote chat room.

Bookmarks Conversion (XEP-0411)

Ejabberd now supports a new extension which allows migrating to PEP-based bookmarks while keeping compatibility with clients that still use private XML storage by syncing both mechanisms. The synchronisation is performed whenever a client updates one of the two bookmark stores. However, until this happens for the first time, the bookmark stores of a given user won’t be synced automatically. A new command can be used to export the contents of the private XML storage to PEP manually.

In order to do this for all users of all XMPP domains, a shell loop such as the following could be executed:

$ for host in $(ejabberdctl registered-vhosts); do
      ejabberdctl registered-users "$host" | while read user; do
          ejabberdctl bookmarks-to-pep "$user" "$host"

Note that this might take a while if the number of users is large. Also note that this will overwrite any preexisting PEP bookmarks. However, if this is not performed, users might end up with empty bookmark lists after upgrading to the new ejabberd version, as clients might rely on PEP bookmarks once they detect that ejabberd’s XEP-0411 support.

Changes overview

Important changes to web access

ejabberd now supports a TLS-secured access to its web and admin panels on a new port 5443 (previously, 5280).

This means the new URL to log into the admin dashboard is https://localhost:5443/admin, if installed on localhost, of course.

This is only relevant for new installation. The config file is not modified and it will not change anything for existing users.

Configuration changes

Since ejabberd 18.12, the option ca_path is deprecated and has no effect anymore. If needed, you MUST use the option ca_file instead.

Database changes

The MySQL database schema has changed for the pubsub_item table: the ‘payload’ field has changed from TEXT to MEDIUMTEXT. Upgrade process is described in the documentation.

Download and install ejabberd 18.12

The source package and binary installers are available at ProcessOne.

As usual, the release is tagged in the Git source code repository on Github. If you suspect that you’ve found a bug, please search or fill a bug report in Issues.


– Add new command unban_ip
– Enable mod_proxy65 in default config
– Avoid using * in ‘certfiles’ option in default config
– Remove references in default config to http_poll; it was removed long ago
– Report available options in lexical order
– Fix missing file priv/lua/redis_sm.lua
– Fix push_roster description and provide UTF8 example

– New file
– New file
– Rename README to as the markdown version is the preferred one now

Multi-User Chat

– Get rid of ‘catch-all’ statements
– Replace dict with maps to improve performance and memory consumptions of large MUCs
– Recover logging of user joining room, lost in 32de9a56
– Affiliations other than admin and owner cannot invite to members_only rooms
– mod_mam: Archive messages with type=normal and pubsub payload (like MucSub messages)
– Advertise disco#info and disco#items by MUC room

PubSub and PEP

– Only advertise conversion feature when mod_pubsub is loaded
– Don’t suppress notifications on PEP node removal
– Fix explanation in configuration file for enabling OMEMO support
– MySQL: Use MEDIUMTEXT for PubSub payload, so it supports up to 16 MiB


– Improve tests for mod_private
– Fix test case for invalid language
– Fix mod_http_apt_test


– Add ejabberd_stopping hook, which allows modules to detect when ejabberd is stopping
– Use newer fast_tls that fixes some issues with tls1.3
– ejabberd_captcha: Add specific Var names to CAPTCHA fallback form fields
– ejabberd_http: Handle some malformed URL requests
– ejabberd_http: Do no add address to trusted_proxies list by default
– ejabberd_logger: Disable debug logging of xmpp properly
– ejabberd_pkix: Move certificates processing code to pkix application
– ejabberd_regexp: Support Unicode
– ejabberd_stun: Add forgotten TURN options to validator
– ejabberd_sql: Relax result matching to fix pgsql keepalive
– mod_avatar: Reduce log level for too large avatars
– mod_http_api: Don’t preprocess arguments, format_args verifies and prepares them
– mod_http_api: Recognize not_exists error in http_api
– mod_multicast: Local stanzas are routed one by one, not by multicast
– mod_multicast: Track presences sent via a multicast service
– mod_private: Add support for XEP-0411: Bookmarks Conversion
– mod_offline_sql: Fix PostgreSQL compatibility in remove_old_messages
web access with TLS security on new port 5443

by Christophe Romain at December 07, 2018 08:13

December 06, 2018

Monal IM

Mac Link Previews

Macs now have link previews just like iOS.  I will be rolling this out into the next beta today.  The iOS app should be going into the App Store today.  I will disable OMEMO and roll out an update to the Mac App Store as I continue to work on OMEMO, I don’t want to hold up the many security updates. 

by Anu at December 06, 2018 15:54

December 05, 2018

Monal IM

iOS and OSX SSL improvements

There were a couple of bugs filed on the latest release regarding SSL issues. In particular there is an issue where the domain/cert isn’t being validated properly.  I am pushing out an update to resolve this.  There are new Mac and iOS betas. Please test them and let me know if you have connectivity issues before I roll this out to everyone this week.

by Anu at December 05, 2018 02:09

December 03, 2018

Daniel Pocock

Smart home: where to start?

My home automation plans have been progressing and I'd like to share some observations I've made about planning a project like this, especially for those with larger houses.

With so many products and technologies, it can be hard to know where to start. Some things have become straightforward, for example, Domoticz can soon be installed from a package on some distributions. Yet this simply leaves people contemplating what to do next.

The quickstart

For a small home, like an apartment, you can simply buy something like the Zigate, a single motion and temperature sensor, a couple of smart bulbs and expand from there.

For a large home, you can also get your feet wet with exactly the same approach in a single room. Once you are familiar with the products, use a more structured approach to plan a complete solution for every other space.

The Debian wiki has started gathering some notes on things that work easily on GNU/Linux systems like Debian as well as Fedora and others.


What is your first goal? For example, are you excited about having smart lights or are you more concerned with improving your heating system efficiency with zoned logic?

Trying to do everything at once may be overwhelming. Make each of these things into a separate sub-project or milestone.

Technology choices

There are many technology choices:

  • Zigbee, Z-Wave or another protocol? I'm starting out with a preference for Zigbee but may try some Z-Wave devices along the way.
  • E27 or B22 (Bayonet) light bulbs? People in the UK and former colonies may have B22 light sockets and lamps. For new deployments, you may want to standardize on E27. Amongst other things, E27 is used by all the Ikea lamp stands and if you want to be able to move your expensive new smart bulbs between different holders in your house at will, you may want to standardize on E27 for all of them and avoid buying any Bayonet / B22 products in future.
  • Wired or wireless? Whenever you take up floorboards, it is a good idea to add some new wiring. For example, CAT6 can carry both power and data for a diverse range of devices.
  • Battery or mains power? In an apartment with two rooms and less than five devices, batteries may be fine but in a house, you may end up with more than a hundred sensors, radiator valves, buttons, and switches and you may find yourself changing a battery in one of them every week. If you have lodgers or tenants and you are not there to change the batteries then this may cause further complications. Some of the sensors have a socket for an optional power supply, battery eliminators may also be an option.

Making an inventory

Creating a spreadsheet table is extremely useful.

This helps estimate the correct quantity of sensors, bulbs, radiator valves and switches and it also helps to budget. Simply print it out, leave it under the Christmas tree and hope Santa will do the rest for you.

Looking at my own house, these are the things I counted in a first pass:

Don't forget to include all those unusual spaces like walk-in pantries, a large cupboard under the stairs, cellar, en-suite or enclosed porch. Each deserves a row in the table.

Sensors help make good decisions

Whatever the aim of the project, sensors are likely to help obtain useful data about the space and this can help to choose and use other products more effectively.

Therefore, it is often a good idea to choose and deploy sensors through the home before choosing other products like radiator valves and smart bulbs.

The smartest place to put those smart sensors

When placing motion sensors, it is important to avoid putting them too close to doorways where they might detect motion in adjacent rooms or hallways. It is also a good idea to avoid putting the sensor too close to any light bulb: if the bulb attracts an insect, it will trigger the motion sensor repeatedly. Temperature sensors shouldn't be too close to heaters or potential draughts around doorways and windows.

There are a range of all-in-one sensors available, some have up to six features in one device smaller than an apple. In some rooms this is a convenient solution but in other rooms, it may be desirable to have separate motion and temperature sensors in different locations.

Consider the dining and sitting rooms in my own house, illustrated in the floorplan below. The sitting room is also a potential 6th bedroom or guest room with sofa bed, the downstairs shower room conveniently located across the hall. The dining room is joined to the sitting room by a sliding double door. When the sliding door is open, a 360 degree motion sensor in the ceiling of the sitting room may detect motion in the dining room and vice-versa. It appears that 180 degree motion sensors located at the points "1" and "2" in the floorplan may be a better solution.

These rooms have wall mounted radiators and fireplaces. To avoid any of these potential heat sources the temperature sensors should probably be in the middle of the room.

This photo shows the proposed location for the 180 degree motion sensor "2" on the wall above the double door:


To summarize, buy a Zigate and a small number of products to start experimenting with. Make an inventory of all the products potentially needed for your home. Try to mark sensor locations on a floorplan, thinking about the type of sensor (or multiple sensors) you need for each space.

by Daniel.Pocock at December 03, 2018 08:44

Monal IM

Compose Screen

I realized recently that there was a need to send messages to people not in your roster list. I’m not sure why I never thought of this before. I have added a compose screen and placed the button on the right to match every other chat app.  This is of course a work in progress. I hope to add the QR reader here and in the add contacts screen in the future. 

by Anu at December 03, 2018 04:29

November 30, 2018

Ignite Realtime Blog

Openfire 4.3.0 Beta Release

@akrherz wrote:

The Ignite Realtime Community is happy to announce the availability of Openfire 4.3.0 Beta. The changelog contains an extensive list of enhancements and bugs fixed for this release. We hope you are able to test this release and let us know in the Openfire Dev Forum your findings. We hope to turn around a full 4.3.0 release within a few weeks after community testing.

You can download the release from our Beta Downloads page. Please note that the MacOS-X dmg distribution has a bug where the preference pane will crash. The crash has us baffled and could use interested OS-X folks chipping in to fix it.

The sha1sum checksums for the release artifacts is as follows.

eae4138076ad913979830b6f60d08de069a0cbb5  openfire-4.3.0-0.2.beta.i686.rpm
99a4dcec2b2974d5e84cb77c7371dcd5654553e8  openfire-4.3.0-0.2.beta.noarch.rpm
e3c584d6224f3d4b5267f598e07adcb18672383a  openfire-4.3.0-0.2.beta.x86_64.rpm
f0ff14e59e9d7f6a901da6d3faa38499aa13e541  openfire_4.3.0.beta_all.deb
9d208caf825981051d7667adeece509e5198672b  openfire_4_3_0-beta_bundledJRE.exe
00e4add6ce0e00f9da327a3518a26c67a19ccee8  openfire_4_3_0-beta_bundledJRE_x64.exe
6779702d73cc34ebfb6e91670ad3126a4a477774  openfire_4_3_0_beta.dmg
d42684526bff723468e36b020c2aa1f43333cb6f  openfire_4_3_0-beta.exe
02fc337b5831b552136366105e70dd8870dc4105  openfire_4_3_0-beta.tar.gz
85a1b551551430c71e7aec66d232e3e77bee7074  openfire_4_3_0-beta_x64.exe
9787a34ed405ba8d1b19518847a492e20831d9d9  openfire_src_4_3_0_beta.tar.gz

Thanks for your interest and please test the beta!

Posts: 2

Participants: 2

Read full topic

by @akrherz daryl herzmann at November 30, 2018 18:58

Monal IM

iOS 3.2 in the works

As usual I am looking at the issues coming in after a release and am preparing the first patch that will go out.  I am addressing all of the crashes I have seen come in as well as improvements to connectivity based on user feedback. Expect to see 3.2 next week along with the new sounds functionality.  

by Anu at November 30, 2018 03:04

November 29, 2018

The XMPP Standards Foundation

The XMPP Newsletter, 30 November 2018

Welcome to the XMPP newsletter.

If you have an article, tutorial or blog post you'd like us to include in the newsletter, please submit it on the XMPP wiki.


In the Netherlands a commercial chat service based on XMPP and a modified version of the open-source Xabber client for Android was compromised when the Dutch police gained access to the server and implemented a man-in-the-middle (MITM) attack on encrypted conversations that used Off-The-Record (OTR) encryption.

OTR and other encryption technologies such as OMEMO only guarantee end-to-end security if you are able to verify the fingerprints of your contacts' encryption keys. In this case it appears users did not verify and ignored warnings (which were too small and easily missed), and this opened the door to a MITM attack by anyone with access to the server.

The attack in this instance was for law enforcement. However it serves to highlight the importance of designing user interfaces that encourage good security practices, and educating users. It also highlights problems with centralized services - all IronChat users were on a single XMPP server, which meant a single place to compromise and access all IronChat conversations. A federated network does not have a single point through which all messages pass.

It seems the service was popular with criminals, which is why the police got involved, and various arrests were made. Here's the original article in Dutch and here's a Google machine-translated version.

Paul Schaub has written about a QR-code generator for OMEMO which he has been working on. It encodes the Jabber-ID of the owner as well as any OMEMO fingerprints they choose to include.

JC Brand has written about the recent XMPP sprint held in Dusseldorf. Featuring sushi, ramen, whiskey, protocol discussions, translations, bugfixes, documentation, releases, hacks and coding.

The Monal iOS and MacOS client now shows a simple introduction to XMPP with lovely illustrations of Peter rabbit, as he enters and escapes Mr McGregor's garden. There are also new empty state screens with similar illustrations.

The well-known Kuketz blog in Germany wrote an article XMPP is not the savior - but a solution (Google machine-translated version). Here's the original German version. It's in part a response to XMPP: Admin-in-the-middle, written by the InfoSec Handbook which details how XMPP server administrators have access to user's metadata and other sensitive information.

The German email provider, has unveiled a revamped website with new features, including migration to a new XMPP chat server (Ejabberd) and deployment of Converse.js as webchat.

German IT website has written about Daniel Gultsch's new free Android app Quicksy which allows users to sign up with their cellphone number. Here's the Google machine-translated version and the original German article.

This Stardust blog post explains how you can Write an XMPP bot in half an hour

Andrea Schäfer provided a technical update and demo of Chatty, the XMPP-capable chat client that is being developed for the upcoming Purism phone. This was posted already a while ago, but only came to my attention recently.

Upcoming Events

The 23rd XMPP Summit has been announced. It will be held on the 31st of January and 1st of February 2019 in Brussels, Belgium. These are the two days preceding FOSDEM 2019.

Software releases




Other software

  • xmpp-websocket-proxy - A new XMPP websocket connection manager using using DotNetty and MatriX vNext.
  • Movim 0.14 - Movim is 10 years old this month and this release has been 9 months in the making.


The Public MUC search tool Muclumbus now lives at

by jcbrand at November 29, 2018 23:00

JC Brand

Report on the Dusseldorf XMPP sprint

Recently we held another XMPP sprint, this time in Dusseldorf at the Chaosdorf clubhouse.

We had 10 participants and an ambitious agenda with a long list of proposed topics to sprint on. We didn't get to work on everything, and we spent a considerable amount of time discussing and prioritizing the agenda. Some of the things not worked on can however easily be moved to future sprints.

After the sprint, iNPUTmice suggested that we consider having more focused sprints, for example focusing only on implementing XEP-369 MIX in clients and servers.

I think having a more focused, single-topic sprint is a great idea, and MIX is a good topic to tackle. AFAIK there's currently no FOSS MIX implementation for either clients or servers. IMO this can partly be attributed to a stalemate situation where everyone is waiting for someone else to make the first move. By organizing a sprint around it we can break the deadlock by starting to work on it together.


XEP-0283 <moved/> (pep., Ge0rG)

XEP-0283 provides a mechanism for informing your contacts that you're changed your account and now have a new JID.

pep. and Ge0rG had a discussion on how to automate the operation entirely.

Currently the security considerations contain a clause which to them defeats the point of the XEP:

"In order to prevent other users from maliciously altering contacts the client SHOULD NOT automatically subscribe to a <moved/> JID when it receives an unsubscribe and SHOULD NOT automatically unsubscribe to a <moved/> JID when it receives a subscribe."

Also the XEP uses presence stanza only, which makes the whole operation rather ephemeral.

The plan is to change the XEP to use PEP mostly.

Programming, documentation and various other tasks

iNPUTmice added two new tests to the compliance tester, one for MUC Avatars and a check for CORS Headers on HTTP Upload, which is especially important for webchat clients like Converse.

He also tried to fix a bug in Conversations that happens intermittently on Android 9.

MattJ worked on the 0.11 release of Prosody. He also worked on adding support for CORS in mod_http_upload.

pep. registered an XMPP assembly for 35C3. He also worked on the slixmpp OMEMO plugin and got decryption working. Additionally he and Link Mauve worked on a French translation of the Prosody release announcement.

Link Mauve worked on implementing Jingle in Converse, fixing bugs and updating strophe.jingle.js to not use jQuery. As part of this, he and I looked at better exception handling in Converse.

He also helped pep. and syndace with the slixmpp plugin interface and spent some time trying to deploy JSXC.

Roel worked on the article on how to configure a modern XMPP server. MattJ helped out on Sunday as well and AFAIK their collaboration also caused MattJ to add some clarifications and simplifications to the Prosody config file.

Roel and rtq3 also worked on a Spanish translation of the article.

Syndace worked on resurrecting a non-merged PR from Andy Straub for the OMEMO XEP which adds various changes to the XEP, including using an XML-based wire format. By choosing our own wire format, we also make permissive OSS licensed OMEMO implementations possible. Such a change will however not be backwards compatible with current OMEMO implementations.

Andy joined us on Sunday and participated in discussions around the PR and OMEMO in general with iNPUTmice, pep and Syndace.

Haeckse showed us a demo of Chatty, the chat (and SMS) client that she is working on for the upcoming Purism phone.

I worked on adding support for XEP-0156 to Converse, based on a PR from Link Mauve. The original PR was closed, due to being very old and difficult to merge, and work is now continuing in a branch with a new PR #1340.

I also made smaller fixes and changes, for example only rendering image URLs inline if they use HTTPS (to avoid mixed-content warnings in the browser).



Much thanks to Chaosdorf, for generously making their clubhouse available for the sprint.

Kuro even made some chilli for lunch and baked a cake!

In the evenings we went out to dinner. Dusseldorf has a large Japanese population, so we were quite keen to try out some Japanese food.

I had proper Ramen for the first time on Sunday night and on Saturday we had some great sushi.

Future sprints

A sprint can be measured by its output in the form of code, documentation, translations and so forth, but this only tells part of the story.

Much of what makes sprints valuable is the social aspect of making friends and working together on something you all care about.

One way to judge the success of the sprint, is to consider how excited the participants are about organising and attending future sprints.

Roel intends to organize a sprint in Brussels, around the time of the XMPP summit and FOSDEM. This sprint will focus on UI/UX issues and on finding a common user-facing terminology for XMPP clients. Roel comes from a design background and will be inviting some fellow like-minded designers to join.

Link Mauve indicated that he'd like to organize a sprint in Paris in 2019 and pep. thinks we should go to Sweden.

During our sprint we also found out that the Berlin XMPP Meetup group is considering organizing a sprint there soon.

Then there's also the upcoming 35C3, where there will be an XMPP assembly and the opportunity to hack together.

Thanks to everyone who joined the Dusseldorf sprint, some of whom spent a considerable sum of money in order to be there. I had a great time and am looking forward to more such events coming in 2019.

Come chat with us

We hang out in the XMPP-Sprint groupchat and this is also where upcoming XMPP sprints will be discussed and planned.

You can visit the webchat at or click on to open it in an installed client.


Dusseldorf XMPP Sprint, 16 and 17 January 2018

November 29, 2018 16:30

November 28, 2018

Prosodical Thoughts

Prosody 0.10.3 released

<p>Three releases in less than a week! I think it&rsquo;s a record. This one is a minor security and bugfix release from our 0.10.x branch, for users and packagers who are not quite ready to make the jump to 0.11 just yet. We will continue to maintain the 0.10 branch in this way with security and major bugfixes until further notice.</p> <p></p>

by The Prosody Team at November 28, 2018 17:24

Prosody 0.11.1 released

<p>We are pleased to announce a new minor release from our stable branch.</p> <p>This is a small bugfix release for some issues that were identified since the release, mainly for the CSI and traffic optimisations.</p> <p></p>

by The Prosody Team at November 28, 2018 15:58

Monal IM

Notification Sounds

If you are tired of Monal using the default notification sound, iOS 3.2 will make you happy. 

by Anu at November 28, 2018 04:17

November 26, 2018

Prosodical Thoughts

Lua 5.2-compatible package backports

<p>After the release of 0.11.0 last week, it became apparent that a lot of people have been affected by some of our optional dependencies not being packaged for Lua 5.2 in most current Debian and Ubuntu versions.</p> <p>We just published backports of the two most requested libraries, lua-dbi and lua-event, to our <a href="">package repository</a>.</p> <p></p>

by The Prosody Team at November 26, 2018 16:30

November 25, 2018

Monal IM

iOS & Mac release schedule

I am not finished with a working UI for OMEMO so I will not include it in the next iOS and Mac releases.  It will continue in the beta channels but the next App Store releases will not include it. There are some stability and UI/UX overhauls that I would like to get into production asap and would prefer not blocking fixes on a new feature. 

by Anu at November 25, 2018 14:21

November 24, 2018

Monal IM

The Welcome Screen

Upon first launch users are now shown a simple introduction to XMPP.   I thought about what the purpose of this screen was and decided explaining XMPP was a better than  trying to present features of Monal (something better suited for a what’s new screen).  Some apps use this as a means of on boarding, explaining what each feature does before asking permission. Monal is a chat app, you get notifications, I think everyone expects that, so seeing a prompt for notifications doesn’t need further explanation. 

Instead you see the story of Peter rabbit as he enters and escapes Mr McGregor’s garden.  

by Anu at November 24, 2018 04:47

November 23, 2018

Monal IM

The Empty State

We have all had this happen. You login to a new app and then are presented with a blank screen and no idea  what to do. The next step is usually to uninstall the app.  It’s not something I gave much thought to in Monal the past decade because I made certain assumptions about the people using the app.  In particular, I assumed that someone who installed something called “an XMPP client” would know their way around a new app that used familiar terminology from the desktop XMPP clients of yore.  This thought process was also a reason why I never had welcome screens.  In the interest of making things easier I’ve decided to add an easy welcome screen and some empty state screens.  There isn’t a lot of value here for the technically inclined but for many others uses what is otherwise dead space as a place to educate and possibly delight.

Some of the new empty state screens are below. 

by Anu at November 23, 2018 03:21

November 21, 2018

Prosodical Thoughts

Prosody 0.11.0 released

<p>We are pleased to announce the eagerly anticipated release of Prosody 0.11.0!</p> <p>This is the first release in the 0.11 series, which will now be considered the stable series. With over 2000 commits this release couldn&rsquo;t have been achieved without the help from our many contributors, testers and other community members. Thanks!</p> <p></p>

by The Prosody Team at November 21, 2018 17:26

Erlang Solutions

MongooseIM 3.2 - Meet our Inbox

Since the last release of our enterprise-ready, highly scalable IM platform: MongooseIM 3.1, the team has been working at full speed on the expanded set of features and improvements aimed to bring MongooseIM to the next level. What comes as a result is MongooseIM 3.2. With its highlights such as full-featured Inbox, worker pool unification, PKI for BOSH and Websockets and multi-aspect TLS integration, this release becomes a big step in the evolution of our server!

What we love about MongooseIM 3.2 ?!

The latest iteration of MongooseIM not only introduces exclusive and uncommon solutions, such as the advanced inbox or multi-aspect TLS integration, it also becomes more and more open to new angles in providing a full-fledged messaging solution, that responds to global market demands.

Among the highlights of the 3.2 release, there is another bundle of Inbox improvements. The most significant one is the possibility to attach unread messages count to push notifications so application badge may be updated appropriately. Our full-featured Inbox now gets more and more mature, becoming a complete extension for virtually every chat application!

We also added PKI for BOSH and Websockets, allowing web XMPP clients to authenticate with TLS certificate.

This version certainly makes devops’ life easier. Unified worker pools, provided in 3.2, enable much more convenient and consistent configuration of outgoing connections (e.g. to databases). They also grant better stability, predictability, and inspection of their behavior.

Meet our Inbox

Inbox in MongooseIM 3.2 received a couple of nice improvements but one of them is particularly important: integration with the Event Pusher. Among other things, this component is responsible for delivering push notifications data to MongoosePush and other services, and using it with inbox opens up some new possibilities. One example would be simplifying incrementing the unread count (the “badge”) which up until now was hardcoded to “1” and required extra effort from the frontend team when trying to display the real number of notifications. Push notifications implementation was unable to access this information at the moment of event delivery and the client application had to work around this and risk being inaccurate.

With the new update, a valid number is always attached to push notifications so the applications may display it in a simple, natural and precise manner. MongooseIM 3.2 introduces a number of updates that should make your client development team much happier. All inbox query results include total unread messages count and the number of “active” (with at least one unread message) conversations. A client may also filter explicitly for active conversations only.

We would like to present our new Inbox demo, showcasing three of the newly added features:

  1. Unread messages counter implemented for push notifications
  2. New filtering option - a user may choose to query for conversations with unread messages only
  3. Extended error description - error messages readability is improved.

Examples in the demo are prepared with the Forward application.

Worker pools - unite!

When you take a look at MongooseIM 3.1 - Inbox got better, testing got easier you may notice an inconspicuous paragraph “Worker pool unification”. This small internal improvement expanded into one of the most satisfying cleanups in MongooseIM in recent history. It affects not only the server’s inner workings but also changes the way pools are configured.

Until 3.1.x (included) the config schema varied between multiple connection types:

  1. For RDBMS there was an odbc_server key (misleading, right?) with several unlabeled elements (you had to remember their order or use docs). Pool size was defined under separate key. Oh, right, there was yet another key to define the pool names alone. And you couldn’t define common pool for all XMPP domains.
  2. For HTTP, we had an http_connections key. Pool size was provided as one of key-value pairs.
  3. For Cassandra you could specify the pool size as well. As one of cassandra_servers tuple elements. And so on…

You can clearly see that various aspects of configuration (how pool size was provided, was the pool global or per-host) were inconsistent and could lead to confusion.

In 3.2 these connections are governed by a dedicated server logic, which in future will allow us to expose generic metrics or implement extra debugging tools. Configuration-wise, all of these tuples have been replaced with outgoing_pools list, where every element follow simple convention: {Type, Host, Tag, PoolOpts, ConnectionOpts}. Type resolves to one of implemented pool specifications, such as rdbms, riak or http. Host indicates if there should be only one pool for all XMPP domains, separate pools for every XMPP domain or just one pool for one of the domains. Tag is a name that can be referenced in specific extensions. It allows to e.g. have separate RDBMS pools for write and read operations. PoolOpts are pool-centric options, such as worker count or worker selection strategy. ConnectionOpts are items specific to the chosen connection driver.

Our work here is still not finished. We would like to leverage the common logic even further. It is possible to create more interesting metrics. We also plan to make existing extensions more flexible, as currently many of them use hardcoded pool tags or even hosts. It is a temporary state so you may expect it to improve in future releases!

Certificates everywhere

Security is paramount whether we are talking enterprise or not. SASL EXTERNAL authentication mechanism was introduced in MongooseIM 2.2. As a reminder: it allows XMPP clients to authenticate with TLS certificates (without extra password). It was originally implemented only for raw TCP connections so web clients could not benefit from this feature. MongooseIM 3.2 extends this method’s capabilities and now it may be used with Websocket (wss://) and BOSH (https://) connections.

PKI authentication is the current industry standard in terms of secure authentication, so MongooseIM 3.2 brings this feature to a whole new audience.

Other improvements

MongooseIM 3.2, just like previous releases, includes many (non-)technical improvements. A large part of them is purely internal or developer-focused. See the changelog to read about all of them. Here are some highlights!

Migration guide

We all know that it’s a good idea to always keep your software up to date. One exception is a certain OS which may suddenly remove all of your data after the automatic upgrade. In our effort to steadily improve MongooseIM’s quality, intuitiveness and feature set, sometimes bold changes have to be made. We are aware that sometimes adjusting config file or custom code base may not be that straightforward.

For all of these users, who always stick to the most recent release of MongooseIM, we’ve created a Migration Guide section in our documentation. Each page will describe what needs to be changed to migrate between subsequent versions. The current chapter is “3.1.1 to 3.2” and it may be found here:


As a part of our effort to improve consistency in our source code and the repository, we have changed the name of MongooseIM’s main config file from ejabberd.cfg to mongooseim.cfg. It is definitely more intuitive. However, existing projects, which deploy MongooseIM releases with custom scripts, may need to have their pipelines updated.


Please feel free to read the detailed changelog. Here, you can find a full list of source code changes and useful links.


Special thanks to our contributors: @getong @igors @justinba1010

Test our work on MongooseIM 3.2 and share your feedback

Help us improve the MongooseIM platform:

  1. Star our repo: esl/MongooseIM
  2. Report issues: esl/MongooseIM/issues
  3. Share your thoughts via Twitter: @MongooseIM
  4. Download Docker image with new release
  5. Sign up to our dedicated mailing list to stay up to date about MongooseIM, messaging innovations and industry news.
  6. Check out our MongooseIM product page for more information on the MongooseIM platform.

November 21, 2018 12:17

November 20, 2018

Monal IM

Mac beta crash

The last Mac beta I uploaded yesterday will crash if you select a contact. Please re-download as I have fixed the binary. 

by Anu at November 20, 2018 22:00

New iOS and Mac betas

There are new iOS and Mac betas. This is trying to address some of the roster synch issues people have pointed out.  I have further tweaked the ui on iOS including the background toggle in settings. 

by Anu at November 20, 2018 05:06

November 19, 2018

Alexander Gnauck

XMPP websocket connection manager

For a new project I am working on (more to be announced) I was looking for a standalone websocket connection manager. Because still many public and private XMPP servers offer only the TCP transport or BOSH.

There are already existing projects websocket connection managers. But I ran into some issues with them for my current use case. Usually I am not trying to re-invent the wheels ;-)

After WebSocket support came to DotNetty which one of the latest releases, and MatriX vNext of course having full support for XMPP XML streams and clients I was considering creating my own proxy.

So it took only a 90 minute flight to come up with a working solution. I would not consider this solution as production ready yet. But the current design using DotNetty and MatriX vNext can support this at high scale.

When you are interested you can checkout the project on GitHub here:

by gnauck at November 19, 2018 16:59

November 17, 2018

Peter Saint-Andre

Investing in Life

Recently I got to talking with my friend Dave Jilk about happiness, flourishing, and my future book The Art of Living. While relating my ideas about the goals of life (as captured in a recent blog post), I described the importance of taking a balanced approach and including all or most of these goals in one's life pursuits. He likened this to portfolio management in investing, which is a great analogy. This spurred me to thinking further about the value that each area of life brings to one's overall success in life. Consider a few somewhat fanciful extensions of this analogy:...

November 17, 2018 00:00

November 15, 2018

The XMPP Standards Foundation

XMPP Summit 23

The XMPP Standards Foundation (XSF) will hold its 23th XMPP Summit in Brussels, Belgium, on Thursday January 31st and Friday February 1st 2019. These are the two days preceding FOSDEM 2019.

The XSF invites you all to attend, and discuss all things XMPP!

If you're interested in attending, please make yourself known by filling out your details on the wiki page for Summit 23 (to edit the page, you'll need a wiki account, which we'll happily provide for you. Find us either in the chatroom, or via the Summit mailling list).

Please note that, although we welcome everyone to join, you must announce your attendance beforehand, as the venue is not publicly accessible (and we need badges printed for you).

If you haven't already, make sure that you're signed up to the Summit mailling list, which is where you can expect most updates to be announced.

See you there!

by Guus at November 15, 2018 21:14