Planet Jabber News

September 25, 2020 Notices

Migration Update

This morning's migration of the groupchat service was a success. We are now planning the migration of end-user accounts and we will post again when we are ready to complete that task.

September 25, 2020 00:00

September 22, 2020 Notices

Groupchat Migration

This Friday, 2020-09-25, starting around 14:30 UTC, your admin team plans to migrate the groupchat service to a new machine and server software. If all goes well the downtime will be limited to ~30 minutes or less. Please note that this will not affect one-to-one chats, only groupchat rooms. Thanks for your patience.

September 22, 2020 00:00

August 11, 2020 Notices

Back in Business

Quick update: we're back online!

August 11, 2020 00:00

Data Center Outage

Because of a major Internet outage caused by severe weather in the midwestern U.S., the data center that hosts the messaging service is currently offline. We'll post further details as soon as possible.

August 11, 2020 00:00

May 27, 2020 Notices

Server Software Migration

After many fine years of running Isode's M-Link server software, the admin team is currently working to migrate to the open-source Prosody server. Although we will strive to make this transition as seamless as possible, performance might suffer temporarily as we run migration scripts and the like. We apologize for any inconvenience.

May 27, 2020 00:00

January 31, 2020


yaxim 0.9.9 - FOSDEM Edition

We are proud to present to you yaxim version 0.9.9 “FOSDEM 2020 Edition”. Many things have changed under the hood (reliable messaging with MAM and Push, new UI with runtime permissions), and some exciting new features like even easier onboarding, service browsing and Matrix support. Taken together, yaxim now fulfills the Core IM and the Advanced Mobile profiles of the XMPP Compliance Suite 2020.

yaxim 0.9.9 screenshot

Material Design

Starting with this version, yaxim follows Google’s “Material Design” style. To comply with last year’s strictened Google Play publishing requirements, we had to replace the deprecated ActionBarSherlock library with Google’s own appcompat, which provides the Material style.

This also means that yaxim now requires at least an Android 4.0 device. As 4.0 was released in 2011, this only affects a single-digit number of devices. Users with a ten years old phone need to stay with older yaxim versions, which run on Android 2.3+.

Furthermore, on Android 6+ devices, the user will be asked to grant permission at the moment when they are actually needed (i.e. when sharing a file or taking a photo).

runtime permissions screenshot

On Android 8+, the new notification channels are used by yaxim. A new channel will be created for each contact with a custom ringtone. Once you receive a message from such a contact, you need to use the Android notification settings to change the ringtone, though.

Even Easier Easy Onboarding

yaxim 0.9 introduced Easy XMPP, using the purely client-side XEP-0379: Pre-Authenticated Roster Subscription, which required a server with active In-Band Registration.

The new XEP-0401: Easy User Onboarding allows you to invite new users to your server without being abused by spammers.

Here, you can see a poezio user on a prosody server creating an invitation that is used by yaxim to register and auto-add the inviter:

The invitation page in the example is making use of Google Play Install Referrers to let the newly installed yaxim know the inviter’s address, which has a privacy impact, and therefore is not rolled out to the official landing page yet.

Chat Rooms

There is a new view of your (bookmarked) rooms and a browser of public rooms powered by

room search screenshot

Your nickname (“display name”) is now synchronized to the server using XEP-0172: User Nickname, and you can change it in the account settings.

Service Discovery and Matrix Support

The room browser can also be used to discover services by entering a valid XMPP address into the search field: search screenshot browser screenshot rooms screenshot

This is not limited to servers and rooms, you can also search for users, chat with them and add them to your contact list:

ge0rg search screenshot

While initially introduced as an April Fools’ Day joke, Matrix support (using the Bifröst bridge is now actually integrated into yaxim, using the official bridge on, which has also been made ready for FOSDEM 2020.

Reliable Messaging

For users who are using yaxim in parallel to another client, the new support for XEP-0313: Message Archive Management (MAM) is good news. When connecting to the server, yaxim will now activate MAM and request all messages since the last synchronization. This will ensure that yaxim receives all messages which already were delivered to the other client.

Furthermore, when installed on devices with Google Play Services, yaxim will register for XEP-0357: Push Notifications via the server. This will ensure that the app is woken up from deep sleep or launched when somebody sends you a new message.

These important changes are also reflected in the app privacy policy.

Under the Hood Changes

The internal chat message database has been optimized by adding database indexes for all frequent operations, making yaxim much faster at loading chat windows with long histories.

Furthermore, yaxim was upgraded from the ancient Smack 3 to the Smack 4.3.x XMPP library.

Road to 1.0

This release brings significant changes, and we had hoped to be able to finalize even more to make a glamorous and exciting 1.0 release for the 10 years anniversary. However, the current code base brings some major improvements for reliability and usability and we did not want to hold them back even further.

More work is needed on the contacts view, to allow sorting by conversation age and to quickly search your contacts. Furthermore, the creation of rooms and inviting your friends into them need to be integrated.

MAM was long overdue, and for now only your private messages are queried for. Room history is still obtained using the legacy mechanism, meaning that sometimes, you might miss out on parts of room history.

The embedded image view does not have proper caching, and it will attempt to load any attachment, regardless its size and whether it can be displayed in yaxim. This needs to be restructured in a way that limits downloads to actual image files of a certain maximum size.

January 31, 2020 16:04

October 03, 2019

Maxime Buquet

Sprint in the cold north

Another episode of the XMPP sprints series happened this weekend close to Stockholm in the Nacka prefecture, in a house we rented. Significant improvements to the sprint infra this time are sauna and crêpes!

We worked together on improving a new groupchat bookmarks specification, file transfer interoperability issues, and a future landing page for new XMPP users! As usual, every developer meetup comes up with its share of bug fixes, new ideas, and improvements.

Stockholm scenery

Groupchat Bookmarks (Bookmarks 2)

Last year, Dave Cridland and JC Brand submitted a new specification titled “Bookmarks 2 (This time it’s Serious)". This XEP didn’t get much attention in the community until this weekend.

As mentioned in a previous article, there are multiple specifications for bookmarks in XMPP, one using the Private XML storage, and another one using PEP as storage. Not so long after the Cambridge sprint last year, Daniel submitted a conversion XEP to facilitate client behaviour and thus user experience.

This new specification also uses PEP as storage but it brings a few improvements to the table. It splits updates to the bookmark storage into per entry operations instead of updating the whole storage at once. This allows for finer grained handling in clients and prevents some race conditions.

The XEP came up with its share of challenges that some of us attempted to fix in a pull request that has been submitted and is now awaiting feedback from the authors.

Bookmarks 2 is now implemented in at least 5 clients, (Conversations, Dino, Gajim, Movim, Renga, and some initial work in poezio), but will not be used as long as the feature is not advertised by the server. A new prosody module is also available for adventurous services operators.

Bookmarks synchronisation

New landing page

Roel and I worked on an idea that came up at the UX sprint in Brussels in January to have a landing page for new users. This page would recommend a specific server depending on different factors that would be gathered automatically for the most part (if not all). This is more or less similar to other portals like joinmastodon, or nextcloud sign-up process.

Building up the website isn’t the hardest part. What is hard is finding ways to convey to the user what “federation” or “public network” mean. Roel teaches in Interaction Design and was a great help over the weekend. We came up with a narrative for the project and a sketch for a sign-in flow.

The project is far from being over, this is only the tip of the iceberg. Lots of work needs to be done with the “stakeholders”, that is mainly users and server operators.

To know what server to recommend to users we first need to get a list of servers we are confident about and willing to recommend. This would mandate discussing the issue with server operators to get feedback on a required “feature set” and policies. All this would then be fed into usability testing sessions for users to validate all of it. After that, we would need lots of promotion around it and that’s also going to take a significant amount of effort.

While I am excited about all this I don’t think diving in head first is a good strategy and I would rather take it slow.

And more

Pulkomando has been working on implementing IBR support in Renga, and reported with Link Mauve issues about server implementations that weren’t respecting the specification. The issue in prosody has been fixed and one has been opened for ejabberd.

Larma tackled issues with bot bridging where users of bridged networks are displayed as talking through the bot. This happens for example with matterbridge. This could be improved UI-wise but requires some groundwork and spawned discussions about the groupchat protocol in some specific cases.

Fiaxh spent some time improving the empty placeholder for no opened conversations in Dino. Here is a preview:

Dino no-conversations placeholder screen

Other people worked on Jingle File Transfer interoperability. They narrowed down the cause of a somewhat old issue in gajim, discovered an issue with the epoll backend in prosody, and another in dino.

You can contribute too!

I would like to take this opportunity to remind you that you can also contribute to sprints! If you are a developer, a translator, working on documentation, or in any other way contributing to an XMPP implementation, we encourage you to find 2-3 other people close to you and organize a sprint!

TODO: come up with a platform to show interest close to you.

The XMPP Standards Foundation (specifically the SCAM team) will be happy to help you get it all sorted, and also provide some budget for your event if necessary. Please do contact us!

by pep. ( at October 03, 2019 08:01

April 01, 2019


yaxim Enters the Matrix

yaxim enters the Matrix

Starting today, yaxim is switching its protocol foundation from the deprecated exchange of clumsy and inefficient XML streams to the modern and elegant combination of HTTP and JSON/REST, the Matrix protocol.

Protocol History and Comparison

The XMPP protocol celebrated its 20th birthday early this year. The Matrix followed two months later and is currently in the middle of its own celebration. Some fifteen years later, a small company decided to use the strong brand value of the Matrix name to reinvent XMPP with a modern facade.

Evil voices claim that MATRIX stands for Monolithic, Awefully Trendy Re-Implementation of XMPP, and there is some truth to this, if we compare the words of the respective founding fathers:

Jabber is a new project I recently started to create a complete open-source platform for Instant Messaging with transparent communication to other IM systems(ICQ, AIM, etc).

I think they missed the bit where Matrix is called Matrix because it bridges (matrixes) the existing networks (Slack, IRC, Telegram, Discord, XMPP, etc) in, rather than needing to convince everyone to join.

However, the Matrix protocol has outgrown Vector Ltd, there is a version 1.0 0.4 specification, and even a Foundation.

This is much superior to XMPP, which is based on some arcane specifications maintained by a bunch of grey beards, plus a separate organisation for protocol extensions. In addition, Matrix supports working over 100 bits per second connections, while XMPP only gives you 75 bps.

The monolithic protocol is another huge advantage compared to many hundreds of optional extensions, and the rumors of Matrix fragmentation are a blatant lie.

Enter the Matrix

Therefore, the yaxim developers have decided to take the blue pill, to move forward, and to use the better and more modern and mobile friendly polling based HTTP scheme. Starting with the current beta release, you can enter Matrix chat rooms and talk to users on the Matrix.

The legacy XMPP protocol is remaining in the release for now, but will be removed in the near future to reduce the bloat of yaxim. You will be able to migrate your contacts to your new Matrix account by using the Bifröst bridge.

In parallel, we are working on switching from prosody to Synapse. The data transition is already completed, and we are only waiting for the data center provider to add 512GB of RAM to the machine before we can switch over.

April 01, 2019 11:21

March 10, 2019

Paul Schaub

A look at’s OLM | MEGOLM encryption protocol

Everyone who knows and uses XMPP is probably aware of a new player in the game. is often recommended as a young, arising alternative to the aging protocol behind the Jabber ecosystem. However the founders do not see their product as a direct competitor to XMPP as their approach to the problem of message exchanging is quite different.

An open network for secure, decentralized communication.

During his talk at the FOSDEM in Brussels, founder Matthew Hodgson roughly compared the concept of matrix to how git works. Instead of passing single messages between devices and servers, matrix is all about synchronization of a shared state. A chat room can be seen as a repository, which is shared between all servers of the participants. As a consequence communication in a chat room can go on, even when the server on which the room was created goes down, as the room simultaneously exists on all the other servers. Once the failed server comes back online, it synchronizes its state with the others and retrieves missed messages.

Matrix in the French State

Olm, Megolm – What’s the deal?

Matrix introduced two different crypto protocols for end-to-end encryption. One is named Olm, which is used in one-to-one chats between two chat partners (this is not quite correct, see Updates for clarifying remarks). It can very well be compared to OMEMO, as it too is an adoption of the Signal Protocol by OpenWhisperSystems. However, due to some differences in the implementation Olm is not compatible with OMEMO although it shares the same cryptographic properties.

The other protocol goes by the name of Megolm and is used in group chats. Conceptually it deviates quite a bit from Olm and OMEMO, as it contains some modifications that make it more suitable for the multi-device use-case. However, those modifications alter its cryptographic properties.

Comparing Cryptographic Building Blocks

ProtocolOlmOMEMO (Signal)
Key Exchange
Triple Diffie-Hellman
Extended Triple
Diffie-Hellman (X3DH)
Ratcheting AlgoritmDouble RatchetDouble Ratchet
  1. Signal uses a Curve X25519 IdentityKey, which is capable of both encrypting, as well as creating signatures using the XEdDSA signature scheme. Therefore no separate FingerprintKey is needed. Instead the fingerprint is derived from the IdentityKey. This is mostly a cosmetic difference, as one less key pair is required.
  2. Olm does not distinguish between the concepts of signed and unsigned PreKeys like the Signal protocol does. Instead it only uses one type of PreKey. However, those may be signed with the FingerprintKey upon upload to the server.
  3. OMEMO includes the SignedPreKey, as well as an unsigned PreKey in the handshake, while Olm only uses one PreKey. As a consequence, if the senders Olm IdentityKey gets compromised at some point, the very first few messages that are sent could possibly be decrypted.

In the end Olm and OMEMO are pretty comparable, apart from some simplifications made in the Olm protocol. Those do only marginally affect its security though (as far as I can tell as a layman).


The similarities between OMEMO and Matrix’ encryption solution end when it comes to group chat encryption.

OMEMO does not treat chats with more than two parties any other than one-to-one chats. The sender simply has to manage a lot more keys and the amount of required trust decisions grows by a factor roughly equal to the number of chat participants.

Yep, this is a mess but luckily XMPP isn’t a very popular chat protocol so there are no large encrypted group chats ;P

So how does Matrix solve the issue?

When a user joins a group chat, they generate a session for that chat. This session consists of an Ed25519 SigningKey and a single ratchet which gets initialized randomly.

The public part of the signing key and the state of the ratchet are then shared with each participant of the group chat. This is done via an encrypted channel (using Olm encryption). Note, that this session is also shared between the devices of the user. Contrary to Olm, where every device has its own Olm session, there is only one Megolm session per user per group chat.

Whenever the user sends a message, the encryption key is generated by forwarding the ratchet and deriving a symmetric encryption key for the message from the ratchets output. Signing is done using the SigningKey.

Recipients of the message can decrypt it by forwarding their copy of the senders ratchet the same way the sender did, in order to retrieve the same encryption key. The signature is verified using the public SigningKey of the sender.

There are some pros and cons to this approach, which I briefly want to address.

First of all, you may find that this protocol is way less elegant compared to Olm/Omemo/Signal. It poses some obvious limitations and security issues. Most importantly, if an attacker gets access to the ratchet state of a user, they could decrypt any message that is sent from that point in time on. As there is no new randomness introduced, as is the case in the other protocols, the attacker can gain access by simply forwarding the ratchet thereby generating any decryption keys they need. The protocol defends against this by requiring the user to generate a new random session whenever a new user joins/leaves the room and/or a certain number of messages has been sent, whereby the window of possibly compromised messages gets limited to a smaller number. Still, this is equivalent to having a single key that decrypts multiple messages at once.

The Megolm specification lists a number of other caveats.

On the pro side of things, trust management has been simplified as the user basically just has to decide whether or not to trust each group member instead of each participating device – reducing the complexity from a multiple of n down to just n. Also, since there is no new randomness being introduced during ratchet forwarding, messages can be decrypted multiple times. As an effect devices do not need to store the decrypted messages. Knowledge of the session state(s) is sufficient to retrieve the message contents over and over again.

By sharing older session states with own devices it is also possible to read older messages on new devices. This is a feature that many users are missing badly from OMEMO.

On the other hand, if you really need true future secrecy on a message-by-message base and you cannot risk that an attacker may get access to more than one message at a time, you are probably better off taking the bitter pill going through the fingerprint mess and stick to normal Olm/OMEMO (see Updates for remarks on this statement).

Note: End-to-end encryption does not really make sense in big, especially public chat rooms, since an attacker could just simply join the room in order to get access to ongoing communication. Thanks to Florian Schmaus for pointing that out.

I hope I could give a good overview of the different encryption mechanisms in XMPP and Matrix. Hopefully I did not make any errors, but if you find mistakes, please let me know, so I can correct them asap 🙂

Happy Hacking!



Thanks for Matthew Hodgson for pointing out, that Olm/OMEMO is also effectively using a symmetric ratchet when multiple consecutive messages are sent without the receiving device sending an answer. This can lead to loss of future secrecy as discussed in the OMEMO protocol audit.

Also thanks to Hubert Chathi for noting, that Megolm is also used in one-to-one chats, as matrix doesn’t have the same distinction between group and single chats. He also pointed out, that the security level of Megolm (the criteria for regenerating the session) can be configured on a per-chat basis.

by vanitasvitae at March 10, 2019 03:31

February 05, 2019

Ignite Realtime Blog

Dele's FOSDEM presentation on Pàdé!

@guus wrote:

Last weekend, a number of Ignite Realtime community members attended FOSDEM (in Brussels, Belgium) the yearly free event for software developers to meet, share ideas and collaborate.

@Dele_Olajide prepared a presentation for the Real Time Communications devroom, in which he elaborated on Pade, and focused on how the plugin architecture of the Chromium web browser, ConverseJs and Openfire made it possible to quickly integrate HTTP and SIP with XMPP and create a feature-rich and very extensible unified communications solution for small and medium businesses.

For your convenience, a recording of his rather entertaining presentation:

Posts: 2

Participants: 2

Read full topic

by @guus Guus der Kinderen at February 05, 2019 09:06

December 09, 2015

Daniel Pocock

Is WebRTC one of your goals for 2016?

WebRTC continues to gather momentum around the world. Over the next week, Paris will host a TADHack event on WebRTC (12-13 December) followed by Europe's most well known meeting of the WebRTC community, the annual WebRTC Conference and Expo, 16-18 December.

2015 has been a busy year for WebRTC developers, in the browser, on the server-side and even in documentation, with the online publication of The RTC Quick Start Guide. These efforts have all come together to create a stable foundation for many implementations in 2016.


The JSCommunicator demo video shows just how convenient WebRTC can be, looking at the first customer-facing WebRTC deployment on Wall Street, a project I put together back in 2014:

This solution was implemented entirely with free, open source software integrated with a traditional corporate PBX. The project involved significant innovation to bring together a new technology like WebRTC with a very established corporate telephony infrastructure. For example, the solution makes use of the reSIProcate Python scripting to add the Avaya UUI headers to the SIP signaling, so it can integrate seamlessly with all existing Avaya customizations and desktop CRM software.

Is this something you can imagine on your organization's web site or as part of your web-based product or service?

DruCall module for Drupal - WebRTC without coding

If you run a Drupal CMS or if you would like to, the DruCall module provides a very quick way to get started with WebRTC.

On a Debian or Ubuntu server, you can automatically deploy the entire Drupal stack, Apache, MySQL and all module dependencies with

$ sudo apt-get install -t jessie-backports drupal7-mod-drucall

JSCommunicator, the generic SIP phone for web pages

If you don't want to do any JavaScript development, JSCommunicator may be the way to go.

JSCommunicator is a completely generic solution that can be completely re-branded just by tweaking the HTML and CSS. All phone features can be enabled and disabled using the configuration file.

WebRTC plugins for CRM solutions

As part of Google Summer of Code 2014, Juliana Louback created a WebRTC plugin for the xTuple enterprise CRM and ERP suite.

The source code of the DruCall and xTuple plugins provide an excellent point of reference for developing similar plugins for other web applications. Both of them are based on JSCommunicator which is designed to embed easily into any existing HTML page or templating system.

Get involved

To find out more and discuss RTC using free software and open standards, please join us on the Free-RTC mailing list.

by Daniel.Pocock at December 09, 2015 22:19

December 17, 2014


ejabberd 14.12

We're pleased to announce the last release of ejabberd for 2014! Thanks to contributors, this release includes great improvements and opens road to 2015.

ejabberd Community 14.12 includes many bugfixes, and a few new features:

  • New module mod_client_state implements XEP-0352: Client State Indication
  • New module mod_fail2ban to ban IPs that show malicious signs
  • New option store_empty_body in mod_offline

read more

by mfoss at December 17, 2014 14:36

May 13, 2014


ejabberd 14.05

Full announcement: ejabberd Community 14.05: the culmination of a year of change

ejabberd Community 14.05 has great new features, several improvements and many bugfixes over the previous 13.12 release:

ejabberd now includes support for:
- XEP-0198: Stream Management (EJAB-532)

read more

by mfoss at May 13, 2014 14:36

April 08, 2014 Notices

OpenSSL Upgrade

In response to the Heartbleed bug, upgraded the version of OpenSSL used at to help prevent information leakage.

April 08, 2014 00:00

March 19, 2014 Notices

Cipher Suite Upgrades for Improved Security

In order to improve the security of your connections to the IM service, we have upgraded the list of cipher suites that we support for Transport Layer Security (TLS). Specifically, we have removed a number of weak cipher suites that provide low levels of protection. As a result of these changes, it is possible that some client software will not able to connect (e.g., very old clients, and software exported to certain countries). Please post to the discussion list if you experience difficulties.

March 19, 2014 00:00

February 06, 2014 Notices

Distributed Denial of Service Attacks

The IM service has been under attack over the last several days. As a result, your connectivity might be intermittent and message delivery might be slow. In addition, we have temporarily blocked communication with a number of other XMPP servers on the Internet to protect the server. Please see our post at for further details.

February 06, 2014 00:00

January 03, 2014 Notices

First Encryption Test Day

On January 4, we will perform a test of requiring encrypted connections to other XMPP services on the Internet. During this test, it is possible that you will not be able to chat with friends at other domains, including Google Talk. Please visit for details.

January 03, 2014 00:00

December 18, 2013 Notices

Security Plan

We are planning a series of security improvements, including mandated encryption of client connections. Please visit for details.

December 18, 2013 00:00

December 16, 2013


ejabberd 13.12

We are pleased to announce a new stable release of ejabberd, ejabberd Community 13.12.

It has several bugfixes over the previous 13.10 release, and a few new features:

  • New OpenSSL ciphers option in c2s, s2s and s2s_out
  • mod_roster: new access rule to restrict roster modificartion
  • mod_pubsub: support for data migration from mnesia to odbc
  • ejabberd_xmlrpc included

As usual, the release is tagged in the Git source code repository on github

read more

by mfoss at December 16, 2013 16:32

October 09, 2013


ejabberd 13.10

We are pleased to announce a new stable release of ejabberd, ejabberd Community 13.10.

It has some changes, several improvements and many bugfixes over the previous (not officially announced) 13.06. It is also the first official stable release of ejabberd Community after ejabberd 2.1.13. You are now pleased to use ejabberd community as reference for stable releases of ejabberd, from the master branch. ejabberd 2.1.x support is discontinued.

The most noticeable changes since 13.03-beta and 13.06 are:

read more

by mfoss at October 09, 2013 20:44

September 24, 2013 Notices

Where We Stand

We seem to be over the worst of the upgrade issues now. Reliability appears better than before, we are supporting nearly twice as many concurrent users, and many new features have been added. Please let us know if you notice any odd behaviors, and thanks for bearing with us.

September 24, 2013 00:00

August 20, 2013 Notices

Migration Complete

The server migration was completed earlier today. Expect some residual instability as we iron out various wrinkles. Many thanks to the Isode team for all their hard work on the upgrade! And thanks to the users of for your patience. :-)

August 20, 2013 00:00

August 18, 2013 Notices

Server Migration

On Tuesday, August 20, the IM service will be migrated to a new server machine, generously donated by Isode. If all goes well, we will have a few hours of downtime. If not all goes well, we will most likely revert to the current machine and attempt the migration on another day. Please follow us on or Twitter for real-time updates.

August 18, 2013 00:00

July 03, 2013


ejabberd 2.1.13 and 13.06

We are pleased to announce the bugfix release ejabberd 2.1.13.
It includes a few bugfixes over 2.1.12:

  • Compilation: Detect correctly newer Darwin versions (EJAB-1594)
  • Guide: ejabberd_service expects a shaper_rule, not a shaper
  • MUC: Handle multiple < and > in mod_muc_log plaintext mode (EJAB-1640)
  • MUC: Handle ~ control sequence in text of mod_muc_log (EJAB-1639)
  • MUC: list_to_integer/2 only works in OTP R14 and newer
  • Pubsub: access_createnode acl also applies to auto created nodes
  • Web: Normalize HTTP path

read more

by mfoss at July 03, 2013 08:49

June 25, 2013

Movim Blog

PSES2013: Podcast of the conference

Vincent has given another conference in french this weekend, on the 22th June.

It seem that Firefox is not able to read this Webm video, tell us is it works for you.

by movim at June 25, 2013 22:40 Notices

IPv6 Restored

IPv6 support was restored today around 07:00 local time (U.S. Central Time).

June 25, 2013 00:00

Account Registration Disabled Temporarily

We have temporarily disabled account registration at the IM service while we migrate the account database to a new machine. We will enable the web registration form again as soon as possible! In the meantime, you can create an account at any other public XMPP service.

June 25, 2013 00:00

June 24, 2013 Notices

IPv6 Outage

Our hosting provider is experiencing an outage with IPv6 support. No ETA for a fix. We'll post again when we know more.

June 24, 2013 00:00

June 09, 2013

Movim Blog

Ubuntu Party Paris 13.04: Podcast of the conference

Vincent has given a conference in french last week, on the 2nd June.

Vincent at the conference

Vincent at the conference

We are also pleased to announce that the PSES2013 (Pas Sage en Seine 2013, in Paris) has invited us to present Movim at this event!
=> You can meet us on the saturday 22th June from 6.30PM to 7.30PM

by movim at June 09, 2013 10:11

March 05, 2013 Notices

Corrected Security Certificate

The security certificate that we installed in December used a SHA-256 fingerprint, which theoretically is more secure but which some existing software can't handle yet. Therefore we have installed a corrected certificate using a SHA-1 fingerprint. If you've been receiving a certificate warning for the last few months, you shouldn't receive those anymore.

March 05, 2013 00:00

February 26, 2013

Jack Moffitt

Digital Audio and Sampling Explained has just posted the second in its series of videos on digital media concepts and techniques. It’s packed with information and demonstrations, and you’re sure to learn a huge amount. As an added bonus, it’s hosted by Monty, the creator of Ogg Vorbis (and many other amazing things). You couldn’t ask for a more qualified teacher.

Watch below, or on

There is also a detailed write up.

by Jack Moffitt ( at February 26, 2013 00:00

January 15, 2013 Notices

Non-ASCII Characters Disallowed in New Accounts

In response to several recent instances of abuse, we have disallowed non-ASCII characters in new accounts registered at the IM service. This policy does not apply to existing accounts.

January 15, 2013 00:00

October 09, 2012 Notices

Registration Re-Opened

We have re-opened account registration at

October 09, 2012 00:00

September 25, 2012 Notices

Updated Service Policy

Version 1.1 of the service policy is now in effect.

September 25, 2012 00:00

September 10, 2012

Movim Blog

LSM 2012: Podcast of the conference

Timothée Jaussoin (Edhelas) and Guillaume Pasquet (Etenil) has given a conference in french on the Tuesday, 10th July.

We want to offer a transcript in the conference for the visually impaired and its translation to English. To do this, we need volunteers to make this work incredibly long and boring, that is impossible for a single person to achieve this goal.

Here is the full transcript produced by Clement, and here is the beginning of the timing of the transcription in SRT format. I advise you to open the video in Audacity, which you can listen to the soundtrack and note the time very precisely. Each sentence should be cut to stick on the sound.

The SRT file will be translated after. You could find all the others podcasts on the Wiki.

by movim at September 10, 2012 00:00

August 22, 2012 Notices

Disabled Accounts

Recently the IM service has been the victim of massive and repeated denial of service attacks. The admin team strongly suspects that these attacks are related to the widespread and abusive use of accounts by "customers" of KBot, a program for cheating at the DarkOrbit game. Even if the DoS attacks prove to be unrelated to KBot, the admin team has decided that use of to communicate with KBot violates the service policy. Although we are in the process of updating the service policy to more clearly define how this kind of usage is abusive, the dire nature of the current threat has forced us to take more immediate action. Therefore, we are disabling the accounts of every user who communicates with KBot, and we have disabled new account registration to prevent further communication between users and KBot. We do not take this step lightly, but given the current circumstances we have no other choice.

August 22, 2012 00:00

Account Registration Disabled

As part of our defensive measures against repeated DoS attacks, we have disabled new account registration until further notice.

August 22, 2012 00:00

August 21, 2012 Notices

Another Denial of Service

The previous DDoS attack has started again. As before, fallback measures are in place, but if your IM client doesn't handle DNS SRV records correctly then you might not be able to connect.

August 21, 2012 00:00

August 20, 2012 Notices

Proposed Changes to the Service Policy

We have posted proposed changes to the policy that governs use of the IM service. Details, links, and instructions for providing feedback can be found in our post to the email list, see

August 20, 2012 00:00

August 15, 2012 Notices

Service Restored

We were able to completely restore service today. However, it is quite possible that the denial of service attack could be launched again at any time. If you were unable to connect during the outage, we recommend that you consider using a different IM client or reporting a bug to the developers of the IM client you use, since standard DNS fallback and XMPP reconnection methods should have been sufficient to keep you online after the first few hours of the attack.

August 15, 2012 00:00

August 12, 2012 Notices

Denial of Service

Today we have experienced a distributed denial of service attack against the IM service. Although the web server and email server are running fine, we have been forced to take the IM service offline until your (volunteer!) admin team has time to determine appropriate countermeasures. UPDATE 2012-08-12: We've made some DNS fixes and some clients are now able to connect.

August 12, 2012 00:00

December 27, 2011


ejabberd 2.1.10, 3.0.0-alpha-5 and exmpp 0.9.9

ejabberd 2.1.10, 3.0.0-alpha-5 and exmpp 0.9.9 have been released, after several months of development. They contain a few bugfixes.

ejabberd 2.1.10

These are the major bugfixes:

  • Erlang/OTP compatibility
    • Support Erlang/OTP R15B regexp and drivers (EJAB-1521)
    • Fix modules update in R14B04 and higher
    • Fix modules update of stripped beams (EJAB-1520)
  • XMPP Core

read more

by mfoss at December 27, 2011 19:38

October 03, 2011


ejabberd 2.1.9, 3.0.0-alpha-4 and exmpp 0.9.8

ejabberd 2.1.9, ejabberd 3.0.0-alpha-4, and exmpp 0.9.8 have been released, after several months of development. They contain a lot of bugfixes, improvements and some new features.

ejabberd 2.1.9

This release includes a lot of bugfixes and improvements. This is just a short list of them:

  • New SASL SCRAM-SHA-1 authentication mechanism (EJAB-1196)
  • New option: resource_conflict (EJAB-650)

read more

by mfoss at October 03, 2011 16:04

December 14, 2010


ejabberd 2.1.6 - CAPTCHA support, Shared Rosters LDAP

ejabberd 2.1.6 has been released, after four months of development. It contains a lot of bugfixes, improvements and some new features.

This is a small list of changes:

  • BOSH: Fix rare loop, support vhosts, allow module restart
  • Config: Default configuration allows registrations only from localhost
  • Config: Support to change loglevel per module at runtime
  • Erlang/OTP: Fix compatibility from R10B-9 to R14B01
  • ODBC: Compatibility with PostgreSQL 9.0
  • Privacy lists: Fix to allow block by group and subscription again

read more

by mfoss at December 14, 2010 11:56

November 16, 2010


Happy 8th birthday, ejabberd!

ejabberd gets 8 years old. But no party yet, Yozhik is bugfixing 2.1.6 and testing 3.0.0-alpha-2.

The source and more photographs of hedgehogs pets.

read more

by mfoss at November 16, 2010 16:34

July 13, 2010

Tobias Markmann

GSoC '10: Mid-term approaching

Here comes another short update on my Google Summer of Code project.

Stanza acknowledgement is finally done, including representation in the GUI. You can see a short demonstration of the feature in the video below where I'm chatting with Matthew Wild, one of Prosody's main developers. He developed a module for Prosody that implements parts of Stream Management. This made my client side implementation much more easier to test.

The idea is simple: the status icon in the top left corner is replaced with a throbber animation, known to users from recent OSes and browsers, as long as there are messages that haven't been acked by the server.
Psi will at least request an ack after half a minute. However only if there's something to acknowledge for the server.

This week is mid-term evaluation of the Google Summer of Code projects. SCRAM support and stanza acknowledgement, which is the most important part of the Stream Management XEP, are both finished including GUI.

by Tobias Markmann at July 13, 2010 11:10

Tobias Markmann

GSoC '10: Mid-term approaching

Here comes another short update on my Google Summer of Code project.

Stanza acknowledgement is finally done, including representation in the GUI. You can see a short demonstration of the feature in the video below where I'm chatting with Matthew Wild, one of Prosody's main developers. He developed a module for Prosody that implements parts of Stream Management. This made my client side implementation much more easier to test.

The idea is simple: the status icon in the top left corner is replaced with a throbber animation, known to users from recent OSes and browsers, as long as there are messages that haven't been acked by the server.
Psi will at least request an ack after half a minute. However only if there's something to acknowledge for the server.

This week is mid-term evaluation of the Google Summer of Code projects. SCRAM support and stanza acknowledgement, which is the most important part of the Stream Management XEP, are both finished including GUI.

by Tobias Markmann at July 13, 2010 11:10

February 09, 2010


ejabberd and exmpp source code are moved from SVN to Git

After many months of planning, ejabberd and exmpp have been fully migrated to Git.

During the last 7 years, ejabberd source code was hosted at:

  • CVS at Jabber.Ru
  • CVS at
  • SVN at ProcessOne
  • Git preliminarly built with git-svn, at Github

Starting now, ejabberd source code is natively in Git, and hosted at:

The minimal instructions to start using it are mentioned in:

read more

by mfoss at February 09, 2010 16:15

November 16, 2009


Happy 7th birthday, ejabberd!

Yes, ejabberd is already 7 years old.

Let's celebrate with a timeline of ejabberd, Erlang/OTP, XMPP/Jabber protocol, and Tkabber:

If you find any mistake, please comment. I built the graph using, if you want the datafile, please comment.

read more

by mfoss at November 16, 2009 20:32

November 16, 2008


Video: 6 years of ejabberd code in 3 minutes

To celebrate that ejabberd turns 6 years old, I've prepared a video that shows the history or ejabberd trunk SVN during those years: authors, acknowledgments, type of files, dates and releases. The video was built with code_swarm.

Download ejabberd-6-years-code.avi (12.5 MB) from: Notes:

read more

by mfoss at November 16, 2008 12:10