Modern XMPP Server

I've published a new HOWTO on my website:

Enrico already wrote about the Why (and the What, Who and When), so I'll just quote his conclusion and move on to the How.

I now have an XMPP setup which has all the features of the recent fancy chat systems, and on top of that it runs, client and server, on Free Software, which can be audited, it is federated and I can self-host my own server in my own VPS if I want to, with packages supported in Debian.


I've decided to install prosody, mostly because it was recommended by the RTC QuickStart Guide; I've heard that similar results can be reached with ejabberd and other servers.

I'm also targeting Debian stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I'm using prosody 0.9 (and that's probably also the version that will be available in stretch).

Installation and prerequisites

You will need to enable the backports repository and then install the packages prosody and prosody-modules.

You also need to setup some TLS certificates (I used Let's Encrypt); and make them readable by the prosody user; you can see Chapter 12 of the RTC QuickStart Guide for more details.

On your firewall, you'll need to open the following TCP ports:

  • 5222 (client2server)

  • 5269 (server2server)

  • 5280 (default http port for prosody)

  • 5281 (default https port for prosody)

The latter two are needed to enable some services provided via http(s), including rich media transfers.

With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:

prosodyctl adduser

In-band registration is disabled by default (and I've left it that way, to prevent my server from being used to send spim).

prosody configuration

You can then start configuring prosody by editing /etc/prosody/prosody.cfg.lua and changing a few values from the distribution defaults.

First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:

c2s_require_encryption = true
s2s_secure_auth = true

and then, sadly, add to the whitelist any server that you want to talk to and doesn't support the above:

s2s_insecure_domains = { "" }


For each virtualhost you want to configure, create a file /etc/prosody/conf.avail/ with contents like the following:

VirtualHost ""
enabled = true
ssl = {
key = "/etc/ssl/private/";
certificate = "/etc/ssl/public/";

For the domains where you also want to enable MUCs, add the follwing lines:

Component "" "muc"
restrict_room_creation = "local"

the "local" configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.

You can also add the following line to enable rich media transfers via http uploads (XEP-0363):

Component "" "http_upload"

The defaults are pretty sane, but see for details on what knobs you can configure for this module

Don't forget to enable the virtualhost by linking the file inside /etc/prosody/conf.d/.

additional modules

Most of the other interesting XEPs are enabled by loading additional modules inside /etc/prosody/prosody.cfg.lua (under modules_enabled); to enable mod_something just add a line like:


Most of these come from the prosody-modules package (and thus from ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.

  • mod_carbons (XEP-0280)
    To keep conversations syncronized while using multiple devices at the same time.

    This will be included by default in prosody 0.10.

  • mod_privacy + mod_blocking (XEP-0191)
    To allow user-controlled blocking of users, including as an anti-spim measure.

    In prosody 0.10 these two modules will be replaced by mod_privacy.

  • mod_smacks (XEP-0198)
    Allow clients to resume a disconnected session before a customizable timeout and prevent message loss.

  • mod_mam (XEP-0313)
    Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to syncronize message history between multiple clients.

    With prosody 0.9 only an in-memory storage backend is available, which may make this module problematic on servers with many users. prosody 0.10 will fix this by adding support for an SQL backed storage with archiving capabilities.

  • mod_throttle_presence + mod_filter_chatstates (XEP-0352)
    Filter out presence updates and chat states when the client announces (via Client State Indication) that the user isn't looking. This is useful to reduce power and bandwidth usage for "useless" traffic.

@Gruppo Linux Como @LIFO

Modern and secure instant messaging

Conversations is a really nice, actively developed, up to date XMPP client for Android that has the nice feature of telling you what XEPs are supported by the server one is using: Some days ago, me and Valhalla played the game of trying to see what happens when one turns them all on: I would send her screenshots from my Conversations, and she would...
Amazon n'a vraiment aucune pitié pour les pauvres consommateurs américains!

amazon echo - How can I stop Alexa from ordering things if it hears a voice on TV? - Internet of Things Stack Exchange

#amazon #alexa

How can I stop Alexa from ordering things if it hears a voice on TV?

According to The Register, lots of Amazon Echo devices were accidentally triggered by a presenter saying 'Alexa ordered me a dollhouse'.
Telly station CW-6 said the blunder happened during a Thu...

Federated XMPP chat (and more) with Movim: A success story

Some fundamental information about the XMPP based movim social network.

#xmpp #jabber #movim #federation #freesoftware #socialnetwork #php

Federated XMPP chat (and more) with Movim: A success story

There are many reasons to be unhappy with current social media sites and chat applications. For a long time, there was no viable alternative, especially not, if you wanted usability and integration. Now there is hope, with Movim.
The downsides of OSNs
Online Social Networks, such as Facebook or Go

Campaign Extension

To make a long story short, we're extending the Open-V campaign by 45
days and hope to release some exciting news very soon to justify this
Hopefully, they will find an agreement with the orgs they are talking with and they will manage to have a successful project even if the crowdfunding wasn't enought.

(I did notice that the HiFive1 did raise a similar amount of money - and possibly the bit more the got came from when people were losing any hope that Open-V could make it.)

Writing for others

What your users want the software to do is only one aspect of their needs when it comes to any programming you do. In addition there's the aspect of where they want it to work. Now, I'm not going to suggest that you must make your software work everywhere. But I am going to suggest that you need to consider where your users live in terms of their software environment.
(btw, all of the yakking blog is quite a recommended read if you are interested in writing Free Software)
Andfrnd Uploader Beta

URI: file:///sdcard/Android/data/
File name: /sdcard/Android/data/


$89 Pinebook Linux Laptop To Go On Sale Next Month - OMG! Ubuntu!

Have you been patiently waiting for further information on that cheap and cheerful (if not hugely powerful) $89 Linux ARM laptop we mentioned last year?

At the time of our article we shared the specifications of the notebooks, their price, and their potential performace.

But that aside we didn’t know anything else, like when the device might actually go on sale.

Well, now we do.

Read the rest:

#pinebook #arm #gnu #pine64

@Gruppo Linux Como

Happy Public Domain Day!

Seventy years after their respective deaths, the works of - Alfred Stieglitz, US-American photographer, see here- Alfred Rosenberg, Baltic German philosopher, ideologue of the Nazi Party - Gerhart Hauptmann, German dramatist and novelist, Nobel Prize winner in Literature in 1912 - Gertrude Stein, US-American novelist, poet, playwright, wrote one of the first "coming out stories" - H. G. Wells, Engish "father of science fiction" (The Time Machine, The War of the Worlds) - John Maynard Keynes, British economist, co-inventor of the Bretton Woods system - László Moholy-Nagy, Hungarian painter and photographer - Manuel de Falla, Spanish composer - Patty Hill, co-composer "Happy Birthday to You", which led to a lot of copyright issues- Paul Lincke, German composer and theater conductor, "father" of the Berlin operetta and composer of the (unofficial) Berlin anthem

and many more finally became public domain today.

Public Domain Day also reminds us of the over-extended copyright periods that harm culture in favour of benefit for few. Copyright should, similar to patents, term 20 years after publication instead of 70 years (rounded, so this can go up to almost 71 years) after creators death.

#publicdomainday #freeculture #cc0

Alfred Stieglitz

Open True Random Number Generator

The Open-V has the potential to greatly boost and democratize hardware security. As a concrete step toward realizing this potential, we’re happy to announce today that the Open-V will include, at no additional cost, a fully open, state-of-the-art, thermal noise-based true random number generator (TRNG) peripheral.

Tumblr: mad-dame-zou (Just rockin' and rollin')

/me fully agrees on what MadameZou is saying on the topic.

(except for her ideas on pizza kebab (not my favourite, but it isn't so bad) and pineapple on pizza (YKINMKBYKIO, as long as you don't get near me with that thing). I do agree however that the pizza speck and mascarpone from her town is delicious. And I am partial to apples and gorgonzola, which is quite widespread in the north and considered blasphemous in the south.)

On an hopefully more useful note, bad pizza is widespread in Italy, even in the traditional pizza areas, especially (but not only) in the more touristic restaurants where they think they can get away with it because their customers aren't coming back anyway. If you can ask some local for recommendations you have higher hopes to get a good one, but it has to be a pizza-lover local and remember that different parts of Italy have quite different ideas on how pizza should be (It can vary between very thin (~1mm) and crunchy to 4-5 cm high and quite soft), and the results will vary because of that.

Mailpile: Too Cool for PGP

Some kids are just too cool for school.

And some security experts are too cool for OpenPGP.

It's almost become a rite of passage for security folks: work in the trenches, build a reputation, climb the ivory tower, write a detailed epiphany about why you've given up on PGP. Suggest we all buy an iPhone and use Signal, start giving people phone numbers instead of e-mail addresses......

xmpp web client

Dear lazyweb,

I'm setting up an xmpp server for myself and my family, and that's the easy part.

Now my problem is that some of my relatives can't install a real client everywhere, because reasons, and would need a web interface to be able to connect at least some of the time, and this is where I'm having problems.

Does anybody know of such a client that is still under development (even in mostly maintenance mode, but not completely abandoned), and has a decent chance to work?

Of course it has to be free software, and installing it on my own server shouldn't be a nightmare (lots of bonus points if it is already in Debian, a bonus point or two if at least it is reasonably easy to package).

Mining for Education

How would you feel if all the food in your child’s school canteen were provided by one manufacturer of packaged snacks and soft drinks? How would you feel if your child’s diet were limited to crisps, cheese-flavoured tortilla chips, and sugary, carbonated beverages, with no chance of a healthier alternative?
I *cough* may have played minetest *sometime*, but I didn't know that there were also some education-oriented mods.
My fight against CDN libraries

A very nice writeup and awesome work by David Revoy of the Pepper & Carrot webcomic:

A CDN ( acronym for Content Delivery Network ) library is often a single line of code proposed "generously" by an external service to let you link and embed a complex features, the easy way. A common example is Google Web Fonts:

<link href="" rel="stylesheet">

Paste this line in the header of your website and 'tadaaa!', you can use the font 'Lobster' to decorate all your texts. Easy, quick, efficient and fast to load. Merci Google. So, what's the problem?

Well a big one: Privacy of the readers of Pepper&Carrot. In our example, users of Google Web Fonts are bound by Google's privacy policy. It allows Google to collect a large amount of data about readers: log data (e.g. browser version), location data (the IP address of your site's visitors) and more because they can track your path or history threw all the website using their other networks of CDN.

... And I didn't had a CDN only for Google Web Font. I had also a CDN for Addthis (easy social-networks buttons), Gravatar (easy avatars), Font-awesome (easy icons), etc... As many, many website around!

Read the full post at his blog!

#privacy #web #openculture #comics

My fight against CDN libraries

Official homepage of Pepper&Carrot, a free/libre and open-source webcomic about Pepper, a young witch and her cat, Carrot. They live in a fantasy universe of potions, magic, and creatures.

No more debugging (for today)

This afternoon my SO asked me to help him use kicad, because he was having issues understanding how it was working.

I was a bit surprised but said "ok, sure", and found out that it has been having serious rendering issues and spent the rest of the afternoon and the evening trying to reproduce it around.

In the meanwhile, he was trying to understand issues with a firewall that wasn't working properly.

Then we were getting ready to go to sleep, turned the alarm clock on and... it didn't. Then the led blinked a few times. So I grabbed the multimeter and checked the power supply (it gives 4.something V instead of the 7 it is supposed to).

Then my SO and me looked each other, laughed, and we said "no. we're NOT debugging our alarm clock this evening".

This looks like an excellent time for a dead tree book (no, I'm not going to trust the ebook reader not to break, not this evening) and then a good night of sleep.


The World's First Open Source RISC-V-based 32-bit μC
On a first glance it doesn't look that impressive, as yet another micro with an expensive devboard, but it's a huge step forward for the availability of RISC-V and Open Hardware down to the chip level.

Petter Reinholdtsen: Quicker Debian installations using eatmydata

Two years ago, I did some experiments with eatmydata and the Debian installation system, observing how using eatmydata could speed up the installation quite a bit. My testing measured speedup around 20-40 percent for Debian Edu, where we install around 1000 packages from within the installer. The eatmydata package provide a way to disable/delay fil...

Impostami la data

Siete collegati alla vostra schedina preferita via seriale? La data e' sbagliata, ma non avete la rete collegata?

Non crederete ai vostri occhi, un mirabolante trucco per impostarla:

1) controllate di essere loggati sulla scheda, come root, e di avere un prompt della shell.
2) da un terminale del pc date questo comando:

echo "date -Iseconds --set $(date -Iseconds)" >/dev/ttyUSB0

Et voila!

There is no Free Software company - But!

Since the start of the FSFE 15 years ago, the people involved were certain that companies are a crucial part to reach our goal of software freedom. For many years we have explained to companies – IT as well as non-IT – what benefits they have from Free Software. We encourage individuals and companie...

Installing Debian Stretch on an Omnia Turris

Debian Developer Uwe Kleine-König writes about installing Debian 9 (stretch) on the open hardware Turris Omnia router, replacing the default TurrisOS/OpenWRT.

#openhardware #freesoftware #turrisomnia #debian #openwrt

Installing Debian Stretch on an Omnia Turris


Erba Elettronica

Il Gruppo Linux Como sarà presente anche quest'anno alla fiera Erba Elettronica al Centro Lario Fiere.

Inizia: Sabato 12 Novembre 2016 @ 9:00

Finisce: Domenica 13 Novembre 2016 @ 20:00



Early Edwardian Outfit

I will do another post later with the sources[esc]bdwapattern of the skirt (the shirtwaist is adapted from a commercial pattern) and more details, but this is the outfit I wore at Lucca Comics this year.


And this post is completely SFW *even* in an Edwardian workplace!

Wooden Train Parenting - Charlie's Diary

By M Harold Page

I laughed at the mother who's bringing up her kids without electronic toys, but has a social media feed to boast about it... until I remembered the Red Train of Doom. A relative once bought our son Kurtzhau a traditional wooden ridealong steam train. It was big and red and he was tiny and a boy and he...
trAInsported - a game that teaches you programming

Just stumbled upon this game, where the aim is to program a simple AI to control trains to finish different levels as quickly and efficiently as possible. You write the AI using the Lua programming language. A simple interactive tutorial get's you started and teaches you the basics of Lua and how the game works. You can make different AI's compete on a given track, and you can even upload your AI's to their website and have it compete with AI's others have uploaded. (Or you can run your own server and have your friends upload AI's to compete!)

Looks like quite a neat way to learn the basics of programming if you have a child that shows some interest in this direction.

The game is released under the wtfpl.

#programming #lua #game #floss

The Programming Language Lua

Official web site of the Lua language

The link to the game (missing from the official post, but added as a comment) is

Apparently, it's not in @Debian yet, nor I could find it among the packages being worked on. Maybe somebody would like to solve this :)

24 ore di adiesseelle che non funzia...sto pensando di andare a Cagliari con una cintura esplosiva...sono NERO.

Andfrnd Uploader Beta

URI: file:///sdcard/Android/data/
File name: /sdcard/Android/data/


Modificare il genere topologico di Piergiorgio O.

Perché il “teorema” di Odifreddi non regge. Con un’introduzione alla pratica matematica come attività intellettuale, corroborata da esempi…

The Weird Geonames Tour (the Bizzarrone edition)

I was chatting with friends about the weirdness of some village names in Lombardy and came up with a proposal for an *international* tour of some of them.

Malnate, Cantello, Ligurno, Stabio, Ligornetto, Genestrerio, Bizzarrone, Uggiate Trevano, Beregazzo con Figliaro, Castelnuovo Bozzente, Tradate, Torba, Gornate, Lozza, Gurone, Malnate.

An estimate made with OSRM would place it at some 50 km.

I'm not sure I'll ever do anything about it, but it looked like it was worth posting.

(Bizzarrone is the name of a border passing between Italy and Switzerland, and the settings of a series of sketches on the swiss TV, Frontaliers)
Associazione LibreItalia: Appuntamento A Torino Il 5 Novembre

Perugia, 18 ottobre 2016 - Associazione LibreItalia ONLUS annuncia la propria conferenza annuale, che si terrà a Torino il 5 novembre 2016 presso gli spazi di SocialFare | Centro per l’Innovazione Sociale, in Via Maria Vittoria 38.

La conferenza si aprirà alle 9:30 con il benvenuto delle istituzioni, seguito dagli interventi di Sonia Montegiove sulle attività dell’associazione, di Marina Latini e Italo Vignoli sulle novità di LibreOffice, del Generale Camillo Sileo sul progetto LibreDifesa, di Dora Pietrafesa, Manuel Muzzurru, Osvaldo Gervasi e Gabriele Ponzo sul progetto con ISSR (Istituto Statale Sordi Roma), e di Alessandro Mocellin sulla localizzazione di LibreOffice in lingua Veneta.

La mattinata si concluderà con LibreTalk: una sessione su “LibreItalia che verrà”, con presentazione delle proposte sulle prossime attività con metodo ignite (5 slide x 5 minuti), un confronto aperto con i soci e l’approvazione del bilancio preventivo per il 2017.

Nel pomeriggio, due sessioni parallele:

1. Una “hackfest” - coordinata da Marina Latini, Chairwoman di The Document Foundation, Jan Iversen, tutor dei nuovi sviluppatori, e Riccardo Magliocchetti, sviluppatore - di introduzione allo sviluppo di LibreOffice;

2. Un seminario per le scuole sul progetto “crescere a pane e software libero”, durante il quale verranno presentati i progetti già in corso e le metodologie per la migrazione dei laboratori scolastici da software proprietario a libero, e verranno affrontati i temi della consapevolezza, della formazione e della comunicazione per migliorare l’efficacia degli interventi. I relatori: Giordano Alborghetti, Marco Alici, Antonio Faccioli, Fabio Fusili, Enio Gemmo, Emma Pietrafesa ed Emiliano Vavassori.

Nell’ottica di un’apertura della comunità a tutti, l’intera conferenza verrà tradotta nella Lingua Italiana dei Segni, per cui potrà essere seguita anche dalle persone sorde segnanti.

La conferenza si concluderà alle 17:30.

Per l’iscrizione all’evento, indispensabile per motivi logistici, è disponibile una pagina su Eventbrite:

Linux Day

Come di consueto, il LIFO collabora coi LUG della zona per l'organizzazione del Linux Day, giornata nazionale per il software libero.

Quest'anno siamo a Tradate presso il FaberLab in viale Europa 4/A con una mattinata dedicata alle scuole ed un pomeriggio adatto per tutti.

Ulteriori dettagli e il programma si trovano sul sito del LinuxVar
@Gruppo Linux Como

Talos Secure Workstation

The world's first ATX-compatible, workstation-class mainboard for the IBM POWER8 processor.

anarcat/blog/Managing good bug reports

Bug reporting is an art form that is too often neglected in software projects. Bug reports allow contributors to participate without deep technical knowledge and at the same time provide a crucial space for developers to be made aware of issues with their software that they could not have foreseen or found themselves, for lack of resources, variety...
Somebody needed to say that the famous “How To Ask Questions The Smart Way” is just not adequate to its task.

Tails - Why we need donations

Today we are starting a donation campaign to fund our work in 2017. Unlike most other tools on the Internet, Tails comes for free as in freedom. We are not selling your data, sending you targeted advertising, nor will ever sell our project to a big company. We give out Tails for free simply because everybody deserves to be protected from surveillance and censorship. But also because being free software is a necessary requirement for our tools to be safe, and protect you as intended. If our source code was closed, there would be no way of actually verifying that our software is trustworthy.

DVD-based Clean Room for PGP and PKI |

Back in April, I started discussing the PGP Clean Room idea (debian-devel discussion and gnupg-users discussion), created a wiki page and started development of a script to build the clean room ISO using live-build on Debian.

Keeping the master keys completely offline and putting subkeys onto smart cards and other devices dramatically lowers the risk of mistakes and security breaches. Using a read-only DVD to operate the clean-room makes it convenient and harder to tamper with.
#gnupg #crypto

Re: Is missing SysV-init support a bug?

systemd muddled this considerably because it's not only an init system
project, it's an operating system plumbing project whose contributors
are very excited to fix what they view as a wide variety of historical
warts and suboptimal solutions to a ton of various low-level plumbing
and integration issues. This is simultaneously exciting and scary.
(And I'm going to go out on a limb here and say that if you find it
only exciting, or if you find it only scary, you are not thinking
enough about it, are missing significant components of this effort, and
should really think about it some more until you can recognize both
halves of that reaction and why they both make sense.)

Gajim plugins packaged for Debian

Wolfgang Borgert started to package some of the available Gajim plugins for Debian. At the time of writing, the OMEMO, HTTP Upload and URL Image Preview plugins are available in testing and unstable. More plugins will follow.
/me is happy about this even if she doesn't use gajim because if the software is packaged, but to use you have to download plugins from 3rd parties, there *is* a problem.

Stretch Artwork Survey

This survery is to determine the default artwork for Debian Stretch. You can find the proposed artwork at: ...

Pubblicati i video dell'End Summer Camp

I video dell'End Summer Camp sono stati pubblicati:


@Gruppo Linux Como consiglio caldamente la visione di ESC1605 PANDA A New Development Attitude (sul divano, ma miraccomando niente pop corn a meno che non abbiate qualcuno accanto a salvarvi se vi va di traverso)
nuovi vecchi