Planet Jabber

February 27, 2017

The XMPP Standards Foundation

XMPP Summit 21

This year, the XMPP Standards Foundation again gathered in force to attend the summit, that traditionally precedes the FOSDEM event in Brussels, Belgium. Barely fitting in the (rather sizable) room that was made available to us by Cisco, the XSF members had a fruitful two-day meeting.

The attending members, skillfully herded by Kev, addressed an impressive number of topics, including:

  • BIND2, improving the data exchange that occurs when an XMPP entity initially connects to a server.
  • MIX, the XEP that intends to be a replacement for the existing MUC protocol, bringing an up-to-date feature set and better extensibility.
  • Addressing the annoyance of instant-messaging-based spam.
  • The application of existing, or to be developed XMPP standards, to facilitate the growing world of Internet-of-Things.
  • The XSF intention to take part in this years Google Summer of Code.
  • Improvements to the existing end-to-end encryption, as defined in the OMEMO XEP.

The full minutes are made available in the XSF wiki. If any of these topics (or others for that matter) interest you, we'd love to hear from you. Please find us at xmpp.org, use the mailinglists to contact us, or find us in one of the dedicated MUCs.

Many thanks to everyone involved in making the summit happen, including Cisco Belgium, Surevine, AG Software, Isode, Prosody, Erlang Solutions and Clayster for providing much appreciated sponsoring for the event, as well as the traditional XSF Member dinner!

Apart from the discussions, the summit proved to be an excellent opportunity for some of the newer members amongst us, myself included, to make acquaintance with the others. I, for one, am grateful to have been there, and am looking forward to the next meetup!

by Guus at February 27, 2017 17:50

February 22, 2017

Erlang Solutions

MongooseIM 2.0.1 more stability for app developers

## SSE for server to client real-time push SSE stands for [Server-Sent Events](https://www.w3.org/TR/eventsource/), it is a W3C recommendation where a browser receives automatic updates from a server via HTTP connection. It is for mobile and web developers using the MongooseIM REST API. It is not intended to be used with XMPP connections (TCP, websockets, BOSH). The problem with a simple REST API is that it is polling only: the client has to continuously poll the server at regular intervals, even when there is nothing to expect, “just in case”. This regular polling consumes a lot of battery on the client and bandwidth both on the client and server, all for nothing. Also, this introduces some delay, as data can be made available on the server between the polling interval. SSE allows a very simple and basic push from server to client, with just a tiny library to use in your app. SSE is very easy to integrate on the client, saves battery and bandwidth, and is fully real-time (no delay). ## Improved Cassandra for MAM Sysadmins and devops will love the return of support for the Cassandra database. Our support for Cassandra in versions below 2.0.0 was average. Sometimes it was slow, and it had limited support of MAM (Message Archive Management) specifications, so we decided to remove it and bring it back once it was fully production ready. Now MongooseIM supports Cassandra again, with optimised code and improved support for MAM, and it comes bundled with a migration tool. Cassandra for MAM in MongooseIM is now faster and easier to upgrade. ## HTTP file upload This will help all app makers. The file exchange in XMPP is usually and historically off chats: it is made with a synchronous user experience, with an offer and an acceptation or refusal whereby you have to wait for the other party to accept or refuse. In many cases there are failures due to timeouts. The solution is an asynchronous user experience: you send files in chats, whether your contacts are online or not, available or not. You now have a single timeline with text messages and (links to) media files. It is also compatible with archiving. ## Further improvements ### MUC hibernation All the old and inactive MUC rooms are now hibernated and eventually flushed out of memory, which saves a significant amount of memory on the cluster. ### ODBC/RDBMS backend for MUC light MUC light was only available on Mnesia, now it can also be stored in MySQL or PostgreSQL. ### Simplified MAM configuration Before, MAM had to be configured in many ways in multiple places. Now, it is done in one central place, and there is fewer things to configure. ### Changelog Please feel free to read the raw [changelog](https://github.com/esl/MongooseIM/releases/tag/2.0.1), you can even follow links and find the code changes. ## Special thanks to our contributors! Special thanks to our contributors: [@kenstir](https://github.com/kenstir), [@sstrigler](https://github.com/sstrigler), [@igors](https://github.com/igors), [@bernardd](https://github.com/bernardd), [@msantos](https://github.com/msantos)! ## Next? ### From 2.0.0 to 2.0.1: please upgrade! Version 2.0.1 will probably be the last of the 2.0.x series, unless major issues are found. As this is a massive improvement, we advise everyone to upgrade. We are now focusing on the development of the 2.1.x series. This will deliver even more value to mobile developers and sysadmins. ### Mobile clients: social and groups We are planning to release open source iOS and Android clients. Please do not expect market killer apps. The aim is very limited: we want to provide a technology and use case demonstration. Mangosta iOS and Mangosta Android will deliver very basic group chat and social network. For example, these will not be distributed on mobile app stores, they will only be available as source code on our repositories. ### Flexible push notifications You can expect more improvements on the push notifications front. We have now an existing generic mod _ http _ notification, we will add push to Amazon SNS (Simple Notification Service) and [XEP-0357: Push Notifications](http://xmpp.org/extensions/xep-0357.html). ### Peer to peer or mediated binary streaming We will deliver an ICE/STUN/TURN server, coded in Elixir, to allow peer to peer and one to one media streaming, like voice, video, screen sharing, and whiteboarding. The signalling part, named Jingle, is already available. ## Call for action Star our repo: [github.com/esl/MongooseIM](https://github.com/esl/MongooseIM) Follow us on Twitter: [twitter.com/MongooseIM](https://twitter.com/MongooseIM/) & [twitter.com/ErlangSolutions](https://twitter.com/ErlangSolutions/)

February 22, 2017 16:41

February 20, 2017

Tigase Blog

Maven repositories URL changes

For quite some time we were using the basic mean to provide access to our Maven artifacts - simply serving them as a directory view. Recently we made some changes in that area to help with the maintenance and also provide a single access point to our repositories.

This resulted in deploying Apache Archiva under new URL: http://maven-repo.tigase.org/, from where you can access both final and snapshot repositories.

by wojtek at February 20, 2017 23:11

Ignite Realtime Blog

Request for Comments: Mavenizing Spark

Most of our projects have a long history. This certainly goes for Spark, which was created over ten years ago. Although many of you are actively using Spark today, it is beginning to show its age. This is something that we have been planning to address for a while now.

 

Spark was created around the same time that the Kyoto protocol went into effect, Pluto got demoted to the status of 'dwarf planet' and Italy won the FIFA world cup in Germany. Thereabouts.

 

Comment.jpgSince then, source code development tooling has improved a lot. Today, the Spark project is struggling to find active contributors. We believe that one of the reasons for this is that it's pretty hard for developers (especially those that are used to work with modern tooling) to get started with our project. We have been working on that. First, we moved all of our projects from our old Subversion repository to Github. We have noticed that this dramatically improved the accessibility of our code. Second, Smack 4 happened, bringing the backbone of Spark back up-to-date.

 

Now, we are addressing the structure of the project itself. We will restructure the project as a Apache Maven project. This will bring a good deal of predictable structure to the project, which has many benefits. One of these is that the project will integrate easily with various development tools.

 

Moving Spark from its existent Ant-based structure to a Maven structure is no small task. There is no one right way of doing this. We have given it a shot and have created a structure that we think is very workable. Before committing to this structure, we would very much invite others to have a look, and comment on what we've done. The reasoning behind this is simple: once we've committed to a particular structure, it will be disruptive to change it. If we want to apply improvements, we should do so now.

 

Please, review our new project structure, and let us know what you think. You can find the new structure in the SPARK-1791_Maven branch on Github.

 

Ask yourselves: does this structure help me? Is it easier to compile the source code? Can I integrate it with my IDE of choice without too much trouble? Can I create new plugins? Does the new structure introduce a problem that needs to be addressed before committing? Can it be improved? We welcome all feedback!

by Ignite Realtime Blog (igniterealtime@jiveon.com) at February 20, 2017 10:02

February 19, 2017

Peter Saint-Andre

Going Deep

Three months ago, in a post entitled "Below the Surface", I started a habit of posting in my weblog at least once a week. Although it's been a good run, I've cleared out my backlog of topics to write about. More importantly, I have a big project to finish (The Upland Farm, my forthcoming book on Thoreau) and another one to restart (more on that in the coming weeks), not to mention the need to focus intently on building the team at Filament and bringing our products to market. Because all of these initiatives will require a lot of deep work, my weblog will likely be fairly quiet until mid-summer. See you then....

February 19, 2017 00:00

February 18, 2017

Ignite Realtime Blog

Openfire 4.1.2 Release

The Ignite Realtime Community is pleased to announce the availability of version 4.1.2 of Openfire. This release signifies our ongoing effort to produce a stable 4.1 series while effort is made on new features and functionality in Openfire 4.2.  You can find a release changelog denoting the 13 Jira issues resolved in this release.  If you had issues with inconsistent appearance of groups, do please test this release to see if those issues are now resolved. You can download the release from our website here and the sha1sum's for the available artifacts are as follows.

 

OSsha1sumFilenameVersion 4.1.1 Downloads [1]
Linux RPM (32bit JRE bundled)c2f12c3ec6ba2f64388279f106f2749272c9504copenfire-4.1.2-1.i686.rpm1290
Linux RPM (no JRE)226a7f1138fda7c456523bf80e6140e020fd5a74openfire-4.1.2-1.noarch.rpm965
Linux RPM (64bit JRE bundled)6892ec82e1435b6cbf23da1ba1efb9d94122d8a6openfire-4.1.2-1.x86_64.rpm3805
Linux .debc205eefe136fe0481e498668f258a0bc724a7080openfire_4.1.2_all.deb7311
Mac OS dmgb9570c78854c226714c23001997119e503e0aaabopenfire_4_1_2.dmg1207
Windows EXEdba34e78456f03bbd0de5a5cf94730c433d75c20openfire_4_1_2.exe19798
Binary (tar.tgz)cf4676f1e8c8a04999f6e9c97d859c8bbff35c4eopenfire_4_1_2.tar.gz2622
Binary (zip)0f4624f2c387c00373c717a52ed442741ceb0e93openfire_4_1_2.zip3058
Source (tar.gz)9b1efd5090ff37e4faca6d460b20ec40a4c40a53openfire_src_4_1_2.tar.gz408
Source (zip)b32c39ec84ad04acf46881b682919ef41fab3be4openfire_src_4_1_2.zip1371

 

[1] We recently migrated to storing our release artifacts on Github and thanks to their API, we can get metrics on how many times the artifact was downloaded.

 

As a reminder, our development of Openfire happens on Github and we have an active MUC development chat hosted at open_chat@conference.igniterealtime.org . We are always looking for more folks interested in helping out, so please consider pitching in!

 

As always, please report any issues in the Community Forums and thanks for using Openfire!

by Ignite Realtime Blog (igniterealtime@jiveon.com) at February 18, 2017 17:16

February 12, 2017

Peter Saint-Andre

Limited Liability

Someone I know who is an avowed socialist told me he'd be much more sympathetic to libertarian views if we didn't need big government to protect us from big business....

February 12, 2017 00:00

Forever Jung

Recently I got to talking with a friend about personality assessments, especially in relation to hiring and talent development. It took me awhile to figure out why we were not in agreement: he was thinking about the Myers-Briggs Type Indicator (MBTI) whereas I was thinking about assessments based on the five-factor model (also called the "big five") of personality traits....

February 12, 2017 00:00

February 11, 2017

Christian Schudt

Babbler Version 0.7.3 released

I've released version 0.7.3 of the Java XMPP library. This is primarily a "bug fix and improvements" release and is compatible with previous 0.7.x releases. Here's the changelog:
  • Use single equals sign (“=”) for zero-length data in SASL, as per RFC 6120 § 6.4.2
  • Allow configuring a custom stream host and skip proxy discovery then for SI file transfer.
  • Implement WebSocket pings/pongs.
  • Fix WebSocket’s proxy URI construction.
  • Use connect timeout for WebSocket connections.
  • XEP-0198: Send an ack right before gracefully closing the stream (i.e. update to version 1.5.2).
  • MUC Room “enter” events should fire for oneself entering the room as well.
  • Use java.text.Collator for String-based default comparison.
  • XEP-0066: Use URI instead of URL.
  • Fix XMPP Ping in External Components, which broke the connection.
  • Jid.asBareJid returns this if it is already bare, reducing GC pressure.
  • connect() method should not throw CancellationException
  • Check if the connection has been secured (if configured) before starting to authenticate.

Maven coordinates

<dependency>
<groupId>rocks.xmpp</groupId>
<artifactId>xmpp-core-client</artifactId>
<version>0.7.3</version>
</dependency>
<dependency>
<groupId>rocks.xmpp</groupId>
<artifactId>xmpp-extensions-client</artifactId>
<version>0.7.3</version>
</dependency>

by Christian Schudt (noreply@blogger.com) at February 11, 2017 21:44

Ignite Realtime Blog

Smack 4.2.0-rc3 released

I've just released Smack 4.2.0-rc3 to Maven Central. Smack 4.2.0 is scheduled to be released early Q2 2017, according to Smack's release life cycle. And right now, it looks like the train is right on time.

by Ignite Realtime Blog (igniterealtime@jiveon.com) at February 11, 2017 20:09

Peter Saint-Andre

Why Do I Think What I Think?

Most people seem to believe that their thoughts are right, and that this is so because they are righteous people. Those who disagree with them are wrong and have bad intentions; those who agree with them have the truth on their side and have good intentions....

February 11, 2017 00:00

February 09, 2017

Arnaud Joset

Authentication without password using XMPP on a Django website

This article describes the authentication with XMPP on a Django powered website.

Authentication without password

When you authenticate on a website, the domain validate your identity before letting you access confidential information. They are several ways perform this validation and the use of passwords is the most popular. Another method is the use of a token generator i.e. a small device that generate a secret passphrase that you copy on a website. Today I will present you another authentication method without password using XMPP.

XMPP authentication

XMPP has a nice authentication mechanism. It is normalized in the XMPP extension XEP-0070. It may be used on website. There are 4 steps.

  1. The user visits its favorite website and go to the login section.
  2. The user enter its jid (XMPP address) in a form and click on a button to authenticate.
  3. The website send a XMPP request to the user asking if he wants to login on the website. The request display also a code that must be identical on the website and the XMPP client in order to validate the request.
  4. The user validate the request on its XMPP client and therefore he is login on the website.

There are plenty XMPP clients: Gajim, Salut-à-toi, Movim, Conversation, Poezio, Pidgin, Psi etc. Several of them work on mobile, on webpage or on Desktop. Therefore, it is possible to authenticate easily on a website using your smartphone, Desktop or another platform easily without password.

Note: if the client does not support the XEP-0070, there is a fallback mechanism where the user send back the validation code in a chat window. Therefore, it is possible to authenticate with all XMPP clients.

Examples

Gajim

Gajim XEP-0070

Salut à toi (Primitivus)

Primitivus XEP-0070

The following section presents the implementation of this mechanism on a Django website.

Use XMPP authentification mechanism with Django

Make it easy with HTTPAuthenticationOverXMPP

In this section, the XMPP part is managed by a component written by "Chteufleur‎". This component is easy to use. It manage the XMPP session and the web developeur just have to make a request to the component and it sends a return code:

  • 200 : User accepts the request
  • 400 : One or more mandatory parameter(s) is missing
  • 401 : User denies the request or timeout
  • 520 : Unknown error appends
  • 523 : Server is unreachable

The installation procedure is described in the Readme file of the project (https://git.kingpenguin.tk/chteufleur/HTTPAuthentificationOverXMPP).

Django files

The view manage the form fields and send the jid and validation code (transaction_id) to a module called XmppBackend. The transaction_id is generated when the form is accessed. Its value is kept in memory by using the session mechanism of Django (see section Settings.py).

Several files are needed to obtained the desired result. The following sections describes them.

Forms.py

from django import forms

class AuthForm(forms.Form):
    username = forms.CharField(max_length=100, help_text="(XMPP jid)")

HTML template

{% extends "base.html" %}

{% block content %}

{% if form.errors %}
<p>Your username is invalid. Please try again.</p>
{% endif %}

<form method="post" action="{% url 'login' %}">
   {% csrf_token %}
   <table>
       {{form.as_p}}
    </table>
    <input type="submit" value="Login" id="Login" name="login"/>
</form>
Your validation code: {{ transaction_id|linebreaks }}
<strong>{{ status_msg|linebreaks }}</strong>
{% endblock %}

Views.py

views.py reads the content of the POST and sends the result to xmpp_auth. It also handles the session and the transaction_id generation.

from django.shortcuts import render
from django.contrib.auth import login
from django.http import HttpResponse
from . import xmpp_auth
from .forms import AuthForm


def index(request):
    return render(request, 'index.html')


def xmpp_authentification(request):
    xb = xmpp_auth.XmppBackend()
    transaction_id = None
    status_msg = ""
    if request.method == 'POST':
        try:
            transaction_id = request.session.get('transaction_id')
        except KeyError:
            request.session['user_logged_in'] = False
            return render(request, 'fail.html')
        form = AuthForm(request.POST)
        # check whether it's valid:
        if form.is_valid():
            username = form.cleaned_data['username']
            user, status_code = xb.authenticate(username=username, password=None, transaction_id=transaction_id)
            if user is not None:
                login(request, user)
                # Redirect to a success page.
                request.session['user_logged_in'] = True
                return render(request, 'success.html')
            if status_code == 401:
                request.session['user_logged_in'] = False
                status_msg = "User {} refused to authenticate.".format(username)
        else:
            request.session['user_logged_in'] = False
            return render(request, 'fail.html')
    else:
        request.session['user_logged_in'] = False
        transaction_id = xb.id_generator(6)
        request.session['transaction_id'] = transaction_id
        form = AuthForm()

    return render(request, 'registration/login.html', {'form': form , 'transaction_id' : transaction_id,
                                                       'status_msg': status_msg})

xmpp_auth.py

This module makes the following request to the component:

GET /auth?jid=user%40host%2fresource;domain=example.net;method=POST;transaction_id=what_you_want;timeout=120 HTTP/1.1

The component send back a return code. In case of success, the system try to find the user in the database. If this user does not exist, it is created. The system described here is simple and the code must be adapted for more complex website (profile creation, additionnal data etc).

id_generator is called by views.py and by default, it send a code made of 8 characters (both letters and digits) but it is possible to adapt easily this behavior.

import sys
import requests
import string
import random
from django.contrib.auth.models import User


class XmppBackend(object):
    """
    Authenticate with the XMPP 00-70 XEP
    """
    def __init__(self):
        self.transaction_id = None

    def get_transaction_id(self):
        return self.transaction_id
    def set_transaction_id(self, transaction_id):
        self.transaction_id = transaction_id


    def authenticate(self, username=None, password=None, transaction_id = None):
        # Check the token and return a user.
        timeout = 300
        payload = {'jid': username, 'domain': 'agayon.be', 'method': 'POST', 'timeout': timeout,
                   'transaction_id': transaction_id}
        r = requests.get('https://auth.agayon.be/auth', params=payload)
        if r.status_code == 200:
            try:
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                # Create a new user. There's no need to set a password
                user = User(username=username)
                user.is_staff = False
                user.is_superuser = False
                user.save()
            return user, r.status_code
        if r.status_code == 401:
            print("User {} refused to authenticate".format(username), file=sys.stdout)
            return None, r.status_code
        return None, r.status_code

    def id_generator(self, size=8, chars=string.ascii_letters + string.digits):
        self.transaction_id = ''.join(random.choice(chars) for _ in range(size))
        return self.transaction_id

Settings.py

The setting of the website must be adapted to your needs. In this simple example, the sessions must be enabled (it is the case by default). Our example use cached session but you can use cookies or even databases. See the excellent documentation of Django for additional information.

LOGIN_URL = '/path/to/login/'

CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'unix:/tmp/memcached.sock',
    }
}

Links

Credits

  • The image comes from the post on Linuxfr (by Chteufleur).
  • The description of the XMPP component coms from its repository (by Chteufleur).

by Arnaud at February 09, 2017 18:00

February 06, 2017

Tigase Blog

Tigase JaXMPP Client v3.1.5 Release

A small bugfix has been published with the following fixes & changes included below.

by wojtek at February 06, 2017 16:43

Ignite Realtime Blog

Revival of the Asterisk-IM project!

I am happy to announce that we are bringing back one of our older projects from the grave: the Asterisk-IM project! This project was started in 2005 by Jive Software, and can be used to integrate the Asterisk platform in Openfire. Due to a lack of manpower over the last few years, development stalled. No longer!

 

We have found the most excellent Marcelo Terres willing and able to take on the reigns as project lead for the project! Simultaneously a code contribution by Ron Arts brought back compatibility of the Asterisk-IM source code with both recent versions of Openfire, as well as Asterisk 13 - but more on that later, from Marcelo.

 

I am more than confident that the project is in good hands with Marcelo. Not only has Marcelo been a active manager of the primarily Brazilian-based Openfire community, he is heavily involved in the Asterisk project, going as far as to speaking on AstriCon 2016.

 

As of now, we restored references to the project in our Ignite Realtime community. There is some more work to be done: downloads still point to an older release, and we might be lacking a bit of project infrastructure (such as an issue tracker, dedicated community forum, etc), but I'll leave that to Marcelo to put in place as he sees fit.

 

Marcelo, thanks for doing this! I'm excited to have you on board (as far as you weren't already)!

by Ignite Realtime Blog (igniterealtime@jiveon.com) at February 06, 2017 09:29

February 05, 2017

The XMPP Standards Foundation

Google Summer of Code 2017

As before, the XSF has applied to this year's Google Summer of Code.

The XSF is intending to act as an umbrella organisation for any XMPP-related project that wishes to join the GSoC. If you are a member of such a project and would like your project to be involved, get in touch!

A fresh page of project ideas has been created on the XSF wiki. If you'd like to mentor for your project, please get in touch with us in the XSF GSoC MUC Room.

by Guus at February 05, 2017 17:47

Stefan Strigler

Dockered kaiwa image

Kaiwa is a modern web based client for XMPP, forked from the original O-Talk project and rebranded. I’ve created a docker image from the fork at https://github.com/ForNeVeR/Kaiwa which is used at jabber.ru amongst others.

The docker image can be found at https://hub.docker.com/r/sstrigler/kaiwa/.

I’ve also created a docker image of the node-xmpp-bosh component that can easily be bundled with kaiwa to create a standalone application. You can use docker-compose and a docker-compose.yml like this:

version: '2'
services:
bosh:
image: sstrigler/node-xmpp-bosh
ports:
- 5280:5280
restart: always

kaiwa:
image: sstrigler/kaiwa
depends:
- bosh
ports:
- 8000:8000
restart: always

The existing images for node-xmpp-bosh are based on rather large images, that’s why I created my own and based it on node:alpine to save a bit of disc space.

Flattr this!

by Steve at February 05, 2017 13:55

February 04, 2017

Peter Saint-Andre

Thoreau on Genius

Someone who knows that I'm writing a book on Thoreau sent me a link from BrainPickings.org about Thoreau's views on the topic of genius. Drawing on the "Thursday" and "Friday" chapters of A Week on the Concord and Merrimack Rivers, the author focuses her brief essay on the difference between an artisan, an artist, and a genius....

February 04, 2017 00:00

February 02, 2017

Peter Saint-Andre

HTTPS No More

One unfortunate byproduct of shutting down my VPS and moving my websites to GitHub Pages is that I'm no longer hosting the stpeter.im domain via HTTPS. Although I'm not overjoyed about this, I'm also not deeply disturbed by it given that my personal website isn't exactly the kind of information that needs to be encrypted in transit (and someone could retrieve it over HTTPS from GitHub.com if they really wanted to). Mike Linksvayer helpfully pointed out to me that there are some solutions, and I'll look into those soon. In the meantime I've modified all the cross-links within my websites so that they use http instead of https URLs....

February 02, 2017 00:00

February 01, 2017

ProcessOne

XMPP Radar Newsletter #19: Privacy, Security and Encryption of Instant Messaging

Welcome to 2017! As crazy as this year begins, let’s start with hot topics: privacy, security, encryption and XMPP. We look into clients, configurations, servers and spam like it’s 1984. Or 2049?

ejabberd 17.01 Released!

We’re pleased to announce the first version of ejabberd for 2017. This new ejabberd 17.01 follows closely the previous release. It includes mostly bug fixes over all the previous refactors. ejabberd 17.01 is a rock-solid stable base for upcoming improvements. It will give you the best experience you ever had with ejabberd.

Encrypted Instant Messaging Recommendations for January 2017

Encrypt all your online (IM) communication, there is no good reason anymore to not doing it. Use a XMPP+Omemo client (Conversations on Android and ChatSecure on iOS) or a Matrix+Olm client (Riot).

Jackline: a Secure Terminal-based XMPP Client

The goal was from the beginning to write a “minimalistic graphical user interface for a secure (fail hard) and trustworthy XMPP client”. Fail hard means exactly that: if it can’t authenticate the server, don’t send the password. If there is no end-to-end encrypted session, don’t send the message.

XSender: The Source of All the Recent XMPP Spam

In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. At the bottom of the vast majority of these messages is a service named XSender (XSNDR) that provides rentable XMPP spam slots for anyone looking to peddle legal or illegal products.

Configure ejabberd with Modern XMPP and TLS Features

Admins of schokokeks.org recently put some effort into enabling many modern XMPP and TLS features on their ejabberd server, for example making it fully compatible with Conversations client. Now they are sharing their config publicly!

DuckDuckGo Public XMPP Server

Did you know that DuckDuckGo, the decentralized non-tracking search engine, operates its own public XMPP server?

List of XMPP Servers on the Onion Network

Here’s a list of XMPP servers available as hidden services for use with the Prosody server and mod_onions.

by Marek Foss at February 01, 2017 22:01

Daniel Pocock

Going to FOSDEM, Brussels this weekend

This weekend I'm going to FOSDEM, one of the largest gatherings of free software developers in the world. It is an extraordinary event, also preceded by the XSF / XMPP Summit

For those who haven't been to FOSDEM before and haven't yet made travel plans, it is not too late. FOSDEM is a free event and no registration is required. Many Brussels hotels don't get a lot of bookings on weekends during the winter so there are plenty of last minute offers available, often cheaper than what is available on AirBNB. I was speaking to somebody in London on Sunday who commutes through St Pancras (the Eurostar terminal) every day and didn't realize it goes to Brussels and only takes 2 hours to get there. One year I booked a mini-van at the last minute and made the drive from the UK with a stop in Lille for dinner on the way back, for 5 people that was a lot cheaper than the train. In other years I've taken trains from Switzerland through Paris or Luxembourg.

Real-time Communication (RTC) dev-room on Saturday, 4 February

On Saturday, we have a series of 23 talks about RTC topics in the RTC dev-room, including SIP, XMPP, WebRTC, peer-to-peer (with Ring) and presentations from previous GSoC students and developers coming from far and wide.

The possibilities of RTC with free software will also be demonstrated and discussed at the RTC lounge in the K building, near the dev-room, over both Saturday and Sunday. Please come and say hello.

Please come and subscribe to the Free-RTC-Announce mailing list for important announcements on the RTC theme and join the Free-RTC discussion list if you have any questions about the activities at FOSDEM, dinners for RTC developers on Saturday night or RTC in general.

Software Defined Radio (SDR) and the Debian Hams project

At 11:30 on Saturday I'll be over at the SDR dev-room to meet other developers of SDR projects such as GNU Radio and give a brief talk about the Debian Hams project and the relationship between our diverse communities. Debian Hams (also on the Debian Ham wiki) provides a ready-to-run solution for ham radio and SDR is just one of its many capabilities.

If you've ever wondered about trying the RTL-SDR dongle or similar projects Debian Hams provides a great way to get started quickly.

I've previously given talks on this topic at the Vienna and Cambridge mini-DebConfs (video).

Ham Radio (also known as amateur radio) offers the possibility to gain exposure to every aspect of technology from the physical antennas and power systems through to software for a range of analog and digital communications purposes. Ham Radio and the huge community around it is a great fit with the principles and philosophy of free software development. In a world where hardware vendors are constantly exploring ways to limit their users with closed and proprietary architectures, such as DRM, a broad-based awareness of the entire technology stack empowers society to remain in control of the technology we are increasingly coming to depend on in our every day lives.

by Daniel.Pocock at February 01, 2017 09:07

Peter Saint-Andre

VPS No More

A few weeks ago I spent most of a Sunday trying, and failing, to upgrade the Debian Linux distribution on my virtual private server (VPS). After the Linux experts at my hosting company also failed after 90 minutes of fighting with the thing, I realized that the time had come to shut down my VPS and find simpler solutions. For me, that turned out to be FastMail for my email addresses and GitHub Pages for my websites (I was also hosting a few WordPress sites for friends, which I've moved to WordPress.com). The only things I miss at this point are HTTPS for one of my websites, and the personal XMPP server I was running. Yet the HTTPS wasn't really all that critical (I know, HTTPS Everywhere and all that, but in practice I'm not running transactional websites and in fact all of my sites are even free of JavaScript - I guess I'm a Web 1.0 kind of person). And although the XMPP server was a fine thing, I do run jabber.org and I've had a few addresses there forever, so I might as well use them. Simplify, simplify!...

February 01, 2017 00:00

January 31, 2017

yaxim

yaxim 0.9 - Security Update, Easy XMPP

There is a new yaxim release, fixing a yet undisclosed security vulnerability. PLEASE UPGRADE NOW!

The release also provides a number of long-awaited improvements like Easy XMPP, Group chats, Android Auto, a new design and much much more.

Easy XMPP

Most XMPP clients are impossible to use for normal people. Usability is a hard problem, and making a federated protocol from the early 2000ies usable is even more so. Now, yaxim provides significant improvements:

  1. Install the app and create an account by just typing your desired user name. A secure password will be auto-generated (and you can overwrite it in the prefs):

    Account Creation

  2. You can invite friends using the new “Create Invitation” feature:

    Menu: Create Invitation Invitation as QR Code

    You can share the invitation link via QR-code, e-mail, SMS or any other means, and your friend will either see a friendly landing page (source), or immediately get the link opened in yaxim:

    Invitation in Browser Invitation in yaxim

    Because yaxim is the first client to support XEP-0379: Pre-Authenticated Roster Subscription, it will automatically approve and add your friend.

    You can also directly use Android Beam™ to share your own or any contact’s address, by touching your devices back-to-back.

  3. It comes with technical foundation to support Easy Group Chats:

Group Chats

Support for Group Chats (also known as XEP-0045: Multi-User Chat or MUC) has been wished for for a long time, and it was in the works for multiple years, culminating in something that is finally usable.

The recommended way to participate is to get invited into a Group Chat by a friend (unfortunately, inviting friends isn’t yet supported directly in yaxim). You will get an invitation notification and can participate:

MUC Invitation and Join MUC Notification and Chat

Of course it is also possible to manually join a known MUC, however this behavior is frowned upon, because typing JIDs is boring:

MUC Add from Menu MUC Add Dialog

A future release will provide a “seamless” flow to create groups for Cat Pictures, Christmas planning or Business Matters, and help you invite all the right people, as outlined in Easy Group Chats.

Android Auto (and Wear)

To improve the usability of yaxim in more-mobile-than-mobile scenarios, we have added support for Android Auto and Android Wear. If you connect your Auto/Wear enabled device to your smartphone and install the appropriate companion app, you will be able to receive message notifications from yaxim and respond accordingly.

Android Auto will display the sender and read aloud the message content, allowing to dictate a response or send back “I’m driving”:

yaxim in Android Auto

On Wear, you can read the actual message, dictate the response or jump into the app:

yaxim in Android Wear

P.S: Starting with Android 5 and Auto 2, you can run AA directly on your phone screen when using an appropriate phone mount.

New Design

Consistent with the new yax.im look featuring Yaks, we have redesigned the app logo and branding:

New yaxim logo

Notifications also include the new icon, so the time of the red-white-yellow ninja chicken is over:

New yaxim notification

What’s Next

It might be a bit pathetic to outline the future plans in a release that has taken over two years to complete, but still, it’s important to share our thoughts and ideas.

Let’s first recapitulate our past promises from 0.8.6 and 0.8.7:

  • We have finally tackled MUCs (as asked in 2011 and promised in 2013) \o/

  • It looks like Android tablets aren’t much of a thing, and neither is Android TV. There hasn’t been much demand regarding big screen support, and there are no current plans.

  • End-to-end encryption is now called XEP-0384: OMEMO (#197), we will address it in a future release. Hopefully. Just run your own private and trusted server already!

The XMPP world has changed in the last two years. The most important plans now are:

  • Make XMPP even easier (and improve yaxim accordingly)!

  • Implement XEP-0363: HTTP File Upload: #196 - high priority!

  • Implement XEP-0313: Message Archive Management: #98 - medium priority

  • Implement User Avatars - maybe…

  • Boring maintenance work (Currently yaxim uses content providers and databases for everything, including user presence. This makes for a very laggy experience when connecting, and needs to be cleaned up. This will be a major redesign of the internals, but it will make future improvements much easier and faster).

January 31, 2017 10:14

Peter Saint-Andre

Poets' Paradox

Here's another draft poem for my far-future book Songs of Zarathustra:...

January 31, 2017 00:00

January 30, 2017

Tigase Blog

Tigase Server 7.1.0 Release

Tigase XMPP Server 7.1.0 has been released! Please review the change notes below to see what has changed since our last release.

Introducing Tigase XMPP Server 7.1.0! We have been working hard to improve and implement new features to the Tigase Seve to give you a more secure, leaner, and better working XMPP server. We have a few new features, components, and lots of fixes to share. Please note that not all issues are accessible as submitted notes may contain sensitive information. Binaries are available from the project's files section. Sources are available in our repository. Maven artifacts have been deployed to our maven repository. Test results are located on our test page.

by wojtek at January 30, 2017 21:38

January 29, 2017

Ignite Realtime Blog

Spark 2.8.3 Released

The Ignite Realtime community has just released Spark 2.8.3 and it can be downloaded from the Ignite Realtime: Downloads

 

This is a regular update. A few issues have been fixed. Bundled Java updated to the latest version. There is a new menu to view history of sent broadcasts and an option to login anonymously.

 

For a complete list of changes please check the Spark Changelog

 

We encourage developers to get involved with Spark project by providing feedback and patches in the forums or submitting pull requests to GitHub - igniterealtime/Spark: Cross-platform real-time collaboration client optimized for business and organizations.

 

Here is the list of contributors to this release (besides myself):

Michael  - fixed Advanced settings not being saved without opening that menu, always on top issue and changed behavior when Auto Login is hidden

Alexander198961 (Aleksander Kovtunenko) · GitHub  - added a feature to save broadcasts history and access it via a new menu option

Jerry  - added support for anonymous login

Guus der Kinderen  - fixed issue when joining a room with a duplicate nickname and improved build time by removing unneeded code style checks

Daryl Herzmann  - helped to clean up the code further (removing legacy CVS keywords)

speedy  - fixed issues with password not being deleted when it should and added log file rotating by size

Atalanttore (Ettore Atalan) · GitHub  - updated German translation

 

Here are sha1 checksums for the downloads:

b07a990109ec934e673e2bcb41a6be81a44e6131  spark_2_8_3.dmg

839226d42cea7778961d525a63c4a27c0f269250  spark_2_8_3.exe

526c46faafe3baf8c78bc69a024cfd752da57123  spark_2_8_3_online.exe

06542cac2db2611e3fcfcf7741fcfe242aa98d9f  spark_2_8_3.tar.gz

ea4bb09c4b55d102f69f974418a06a5c820b37c3  spark-2.8.3.rpm

9917c48e393e215c9aa1d14606b70dcb8531baf9  spark-2.8.3.src.rpm

6b6adbed00935cd01155355b796d4c504d49c18f  spark_2.8.3.deb

by Ignite Realtime Blog (igniterealtime@jiveon.com) at January 29, 2017 19:21