Elementi taggati con: xmpp

Have you considered the alternative?

Good read. The authors make clear, that end-to-end encryption, as important as it is, is not the most important tool to protect privacy. Federation or decentralization is much more important. They also see clearly, that centralized messengers have much better funding opportunities than federated ones.
While OWS provides thorough expertise in the field of cryptography, Marlinspike is currently advocating centralisation as the only answer towards user-friendly, fast and secure messaging apps. Decentralisation, according to him, has no place in the modern world and apparently hampers innovation. However, some of his arguments have not remained unchallenged. In particular, where Marlinspike accuses federation of stalling evolution, Daniel Gultsch provides a counter argument by using the Web as an example of successfully federated system. Furthermore, Gultsch states that the problem is not that federation doesn't adapt, but rather that there are problems with its implementation for a very significant reason: software developers working on federated systems mostly work for free in their spare time or with little means, given the difficulty to monetise a system which design can only succeed if it is open and can be appropriated easily beyond its original scope, and thus making its capitalisation particularly challenging. In that sense, the most interesting aspect of this debate is that while Marlinspike seems to defend his product from a technological perspective, Gultsch's counter argument moves back the discussion to the context of political economy.

Hosting your own infrastructure allows you to scale your communication in a way that is the most meaningful for the group or community you belong to. It is also a way to make sure your system matches your own threat model?, while simultaneously allowing you to deal with trust that is not mediated by an app. It also allows you to experiment with economic models other than those linked to large-scale infrastructure involving surveillance and capturing of your social graph for financial gain. Maybe you want to share the cost of the server or the responsibilities of administrating it, maybe you want to collectively learn how to run all this stuff, or maybe you want to start meetings to exchange tips, etc. However, this does not mean that you need to cut yourself off from the rest of the world and this form of localism should not be misunderstood for a hipsterist and reactionary form of escapism. Instead, such an approach is quite the opposite as it provides a possibility to actively engage with societal issues. It allows groups to collectively think, in the sense of defining questions and hypotheses themselves, acquire skills and knowledge and respond to issues that are both relevant to their own situation but that can also resonate globally, enabling others to start a similar process.
#whatsapp #facebook #signal #xmpp #conversations #gajim #chatsecure #selfhosting #federation #politics #freesoftware

Movim at Debian Mini DebConf in Hamburg

Movim developer Timothée “edhelas” Jaussoin writes:
Hey everyone :) I'm currently in #Hamburg for the MiniDebConf.
The goal is to work on #Movim and prepare it to be packaged for #Debian!
Lots of work has already been done as you can see on the CHANGELOG of the project.
We first worked on cleaning up and stabilizing the #dependencies of Movim. The outdated heyupdate/emoji was replaced by a wonderful pull request by mirabilos that add support of emojis directly inside Movim.
On my side I replaced ramsey/uuid with a simple internal function and worked on upgrating reactphp/http to their latest release with the help of WyrilHaximus, which also helped to release the v0.4.0 of reactphp/zmq that contains some important fixes for Movim.
The template engine of Movim, RainTpl was also stabilized to the latest release.
Natureshadow also made a really nice pull request to prepare the Debian package and fixe a couple of small bugs regarding URL handling inside the project.
All those dependencies will soon be packaged and integrated in Debian.
On top of that I worked a few hours yesterday on the optimisation of the #database requests by using some memory caching and Eloquent eager loading to prefetch some extra information when querying resources in the DB. This reduces the time spent to generate the pages and contents by more than 50 to 75% in some cases! It can especially be noticed on the Chat page and Contacts page.
The main pods were also updated with all those changes, so you can try them on, or
That's all folks!
#movim #debian #socialnetwork #minidebconf #hamburg #xmpp #php #eloquent

Progress report from the Movim packaging sprint at MiniDebconf

Debian developer Thorsten “mirabilos” Glaser writes:
The upstream Movim developer arrived as well — we have quite an amount of upstream developers of various projects attending MiniDebConf, to the joy of the attendees actually directly involved in Debian, and this makes things much easier, as he immediately started removing dependencies (to make our job easier) and fixing bugs and helping us understand how some of those dependencies work. (I also contributed code upstream that replaces some Unicode codepoints or sequences thereof, such as 3⃣ or ‼ or 👱🏻‍♀️, with <img…/> tags pointing to the SVG images shipped with Movim, with a description (generated from their Unicode names) in the alt attribute.)
Now, Saturday, all dependencies are packaged so far, although we’re still waiting for maintainer feedback for those two we’d need to NMU (or have them upload or us take the packages over); most are in NEW of course, but that’s no problem. Now we can tackle packaging Movim itself — I guess we’ll see whether those other packages actually work then ☺
In the meantime we’ve also had the chance to socialise, discuss, meet, etc. other Debian Developers and associates and enjoy the wonderful food and superb coffee of the “Cantina” at the venue; let me hereby express heartfelt thanks to the MiniDebConf organisation for this good location pick!
#movim #debian #socialnetwork #minidebconf #hamburg #xmpp

Prosody 0.10.1 released

Congratulations to the developers!

As always, the release features many improvements and bug fixes.

The package is already in Debian unstable, and will be in testing and stable backports soon.

#prosody #xmpp #debian

New German language XMPP developers community

Für alle, die an der Entwicklung von XMPP interessiert sind (also eher nichts für reine End-Users), gibt es eine neue Deutschsprachige XMPP-Community. Einfach mal reinschauen!
#xmpp #german #deutsch #entwicklung #developer #community

XMPP-Meetup in Berlin

XMPP Council member Daniel Gultsch, also known for his Android application Conversations, will explain how the XMPP Standards Foundation (XSF) works and how an XMPP Extension Protocol (XEP) emerge.

Monday, 2018-05-14 19:00 CEST, location see link

#berlin #xmpp #conversations #xsf #xep

XMPP with anonymous network I2P

Interesting article with configuration hints for prosody, which I should try at some point:
The idea of building decentralized messenger run by users, not corporations, is not new. But the process of building it costs a lot of money and takes a lot of time. But what if we take the old good XMPP protocol, which has everything already implemented for us?
That's not "real P2P", you may argue, for using XMPP one needs to have a server running with a registered domain name. Yes, but we can run our server software on a local host and use virtual I2P network for connecting with other servers. I2P (Invisible Internet Protocol) allows us to use virtual .i2p address instead of a real domain name, plus it gives us advanced protection against illegal dragnet surveillance.
That way we have:
* Hybrid P2P messenger, which can be run both on end-user devices and on high-performance server infrastructure.
* Features which many of "real P2P" messengers miss: offline message delivery, "cloud storage" for history and contacts, using one account on multiple devices.
* All kinds of end-user applications are available (desktop, mobile, web).
* Censorship resistance and advanced privacy protection as a bonus from using I2P.

Let's get it!
#xmpp #i2p #i2pd #decentralization #p2p #privacy #prosody


The XMPP Standards Foundation (XSF) is discussing the implications of the EU General Data Protection Regulation (GDPR). Interesting!

#xmpp #gdpr #privacy

Gajim 1.0.2 released

This is a bug fix release, i.e. around 20 issues have been solved.
It is already in Debian unstable ("sid").

On a side note: A colleague switched from Psi 1.3 to Gajim 1.0.1 on Windows 10 and so far, they is happy. Psi wasn’t bad, but on their machine it was not possible to restart Psi after quitting it. Only after reboot :~(

#gajim #xmpp #debian
Should someone of you use #Conversations 2.0+, you might want to update

Daniel Gultsch ha scritto:

“Please update to Con­ver­sa­tions 2.1.4 ASAP. Avail­able on both Google Play and F-​Droid. This fixes our first crit­ical secur­ity issue. More details will fol­low after the major­ity of people have upgraded. Con­ver­sa­tions Leg­acy and Con­ver­sa­tions prior to 2.0 are not affected.”

source (twitter)

#xmpp #jabber

Note to myself: How to disable OTR in ChatSecure

Some weeks ago, a colleague, who unfortunately uses an iPhone (he is not a completely bad person, though) installed ChatSecure. Immediately, I and others were annoyed by unreadable OTR garbage he sent. It took us a while, but at the end of the day (the whole day!) we found out how to disable OTR. Yesterday, a friend who unfortunately also uses an iPhone (he is not a completely bad person neither), had the same issue and it took me the help of strangers on the internet (here; the Conversations MUC), to remember what to do. For the next time and the benefit of the public:
  • One cannot disable OTR globally in ChatSecure, but only contact by contact.
  • You need to open the chat of the contact.
  • Go to the "contact details".
  • Go to "advanced encryption settings" and select "OMEMO", nothing else.
  • Close chat with the contact.
  • Repeat the last four steps for all your 511 contacts.
#xmpp #ios #iphone #otr #omemo #chatsecure #conversations

NIST releases IoT draft standards

Remember: XMPP is not only for Instant Messaging, but also for (micro-)blogging, social networks — and IoT!

#xmpp #iot #security #nist #tls #tigase

Gajim 1.0.0 in Debian unstable

Gajim 1.0 has been released on 2018-03-17 and is available in Debian unstable ("sid"). It will hopefully migrate to Debian testing ("buster", Debian 10) in some days. A backport for Debian stable ("stretch", Debian 9) will be provided then, too.

New Gajim features compared to the previous stable release 0.16:

* Ported to GTK3 / Python3
* Integrate HTTPUpload
* Improvements for HiDPI Screens
* Change password storage to python keyring package
* New Emoji support
* A lot of new design
* MAM for groupchats support
* New XEPs:
* XEP-0156 (Discovering Alternative XMPP Connection Methods),
* XEP-0319 (Last User Interaction in Presence),
* XEP-0368 (SRV records for XMPP over TLS),
* XEP-0380 (Explicit Message Encryption)

#gajim #xmpp #debian

The rocky road to OMEMO by default

Daniel Gultsch, developer of Android XMPP client Conversations, writes,

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0

The other big hurdle we had to overcome was the adoption rate in clients. If you send OMEMO encrypted messages by default you should have a reasonable expectation that your contact will be able to decrypt the message. Reasonable expectation doesn’t mean that every single client out there has to support it—In an ecosystem with hundreds of small, badly maintained clients that’s just not feasible—but the major clients should at least have a plugin available.
In March 2018 we finally reached the point where every plattform has one or more clients with OMEMO support. Conversations and Zom on Android, ChatSecure on iOS, Psi and Gajim on the desktop. The up and coming desktop client Dino—despite not having had an initial release—already has support for OMEMO as well. And even the webclient JSXC has a plugin available.
Considering the complexity of OMEMO and the fact that most of these clients are developed by people in their spare time, this is actually quite an impressive adoption rate.
Moxie Marlinspike, in his 2016 propaganda piece ignorantly bashing XMPP, had one valid point: Enabling end-to-end encryption in a homogenous environment is easier than introducing it in a heterogenous one like Jabber. Nobody is denying that. However, if something is hard to achieve there are two possible approaches: Either try your best and don’t give up, or put your head in the sand and create yet another walled garden that is no different from other proprietary solutions.
Admittedly it has taken us a while to get to a point where we can enable end-to-end encryption by default, but it was worth the effort in that we ended up with something that is different from WhatsApp in more than just marketing.
#xmpp #omemo #conversations #psi #gajim #zom #chatsecure #dino #jsxc #federation #encryption

Slack's bait and switch

The developer of the beautiful Converse.js web browser XMPP client, JC Brand, writes:

On Federation

When we talk about "federation" in networks, we mean the ability to communicate between different service providers.
For example, email is federated. You can set up your own email server, and then send emails to people with their own email servers, or to people with Gmail or Yahoo! accounts.
You can email any other email address in the world, regardless of where that email address is hosted.
If email never existed, and a company like Slack today would come out with this brand new concept of "Electronic Mail", let's call it digimail, do you think they would standardise the digimail protocol and allow you to send messages to other digimail purveyors?
We all know the answer to that. They won't, and neither would Google, Microsoft or Facebook.
Heck, Facebook is actively trying to replace email since years.
The reason email is federated, is because it was developed before surveillance capitalism was a thing and because it was established and entrenched long before these companies came around.
There's a reason why your email address is still the de facto way to sign up for any service on the web (sometimes with one or two degrees of separation), and it's because of federation.
XMPP is designed to allow federation. Think about that. Instead of having to sign up to various different chat providers, all which try to lock you in and monetize your conversations, you could instead have one chat account, and use that to chat with anybody else, regardless of which chat provider they are using.
Alas, that's the dream, but because XMPP came much later to the scene, it didn't develop the critical mass as email has, and here we are. With dozens of chat apps, all non-interoperable and closed off.
#slack #xmpp #federation #surveillancecapitalism

Biboumi - An XMPP-IRC Gateway

Debian maintainer Vasudeva Kamath writes in their blog:
IRC is a communication mode (technically a communication protocol) used by many Free Software projects for communication and collaboration. It is serving these projects well even 30 years after its inception. Though I'm pretty much okay with IRC I had a problem of not able to use IRC from the mobile phones. Main problem is the inconsistent network connection, where IRC needs always to be connected. This is where I came across Biboumi.
Biboumi by itself does not have anything to do with mobile phones, its just a gateway which will allow you to connect with IRC channel as if it is a XMPP MUC room from any XMPP client. Benefit of this is it allows to enjoy some of XMPP feature in your IRC channel (not all but those which can be mapped).
He then explains in detail how to configure Ejabberd with Biboumi and how to actually use Biboumi from the XMPP client, e.g. Conversations. Worth a read!

I'm using Biboumi, too. Both via the wonderful social network site, but also at my company, where we run it behind the Prosody XMPP server.

#gateway #irc #mobile #xmpp #ejbberd #biboumi #conversations

On the demise of Slack's IRC / XMPP gateways

Say no to Slack.

Debian developer Gunnar Wolf writes:
I have grudgingly joined three Slack workspaces, due to me being part of proejects that use it as a communications center for their participants. Why grudgingly? Because there is very little that it adds to well-established communications standards that we have had for long ~~years~~ decades.
On this topic, I must refer you to the talk and article presented by Megan Squire, one of the clear highlights of my participation last year at the 13th International Conference on Open Source Systems (OSS2017): «Considering the Use of Walled Gardens for FLOSS Project Communication». Please do have a good read of this article.
Thing is, after several years of playing open with probably the best integration gateway I have seen, Slack is joining the Embrace, Extend and Extinguish">-minded companies. Of course, I strongly doubt they will manage to extinguish XMPP or IRC, but they want to strengthen the walls around their walled garden...
So, once they have established their presence among companies and developer groups alike, Slack is shutting down their gateways to XMPP and IRC, arguing it's impossible to achieve feature-parity via the gateway.
Of course, I guess all of us recognize and understand there has long not been feature parity. But that's a feature, not a bug! I expressly dislike the abuse of emojis and images inside what's supposed to be a work-enabling medium. Of course, connecting to Slack via IRC, I just don't see the content not meant for me.
The real motivation is they want to control the full user experience.
Well, they have lost me as a user. The day my IRC client fails to connect to Slack, I will delete my user account. They already had record of all of my interactions using their system. Maybe I won't be able to move any of the groups I am part of away from Slack – But many of us can help create a flood.
Say no to predatory tactics. Say no to Embrace, Extend and Extinguish. Say no to Slack.
See also @Carl Chenet, another Debian developer, post The Slack Threat.

Btw. I never used Slack, but some people still try to drag me into it. I stay with XMPP, and in IRC by means of the biboumi XMPP-IRC gateway.

#xmpp #slack #irc #walledgarden #federation #biboumi #debian

Berlin XMPP meetup a.k.a. eXciting Monday Public Powwow

Monday, 2018-02-26, 19:00 CET

co.up, Adalbertstr. 7—8, 3rd floor, 10999 Berlin-Kreuzberg

Let's talk about Movim, and about the XMPP Summit!

This time, we will talk about Movim (the "kick ass social network"!), and about the latest XMPP Summit, which took place in Brussels a few weeks ago. Hope to see you all on Monday!
Language will probably be English or German. Or Volapük. Let's see.

#xmpp #jabber #summit #movim #berlin #federation #socialnetwork

Help translate Movim!

If you know English plus another language, this is for you! Please help with the translation of Movim at its translation page. At the moment German and French are almost complete, no help needed now. The following languages are nearing completion (≥¾), so this might be the perfect moment to achieve 100% without having to work much:

Russian, Norwegian Bokmål (Norway), Portuguese (Brazil), Chinese (China), Polish, Italian, Dutch, Spanish, and Danish.

Of course, all other languages are welcome, too! This is your chance to participate in free software, open source, and federation, without having to be a programmer :~)

(Btw. I never worked with transifex myself, so please do not ask me about it.)

What is Movim anyway? It is a free software, federated, social network, but very differerent from Diaspora, based on the XMPP standard. You can try it e.g. here or check the more or less up-to-date pod list.

#help #translation #movim #xmpp #federation #languages #freesoftware #i18n

mcabber 1.1.0 in Debian unstable

mcabber is a small XMPP console client written in C. It support MUC, TLS, PGP, OTR, but not OMEMO.

For those, who prefer vi like key bindings: With the new version you can put
set vi_style = 1

in your ~/.mcabberrc and feel like home. I'll stay with the default key bindings.

If you don't like mcabber, but want a console client anyway, you might want to look into profanity, primitivus, or poezio, which are native XMPP clients. There is also finch, which is a multiple protocol clients. And irssi, which is an IRC client, but can speak XMPP via an XMPP plugin or, alternatively bitlbee. poezio is not yet in Debian, everything else is.

#mcabber #xmpp #jabber #debian #vi #console #terminal #im

Gajim 1.0.0 beta 1 released!

#gajim #xmpp #debian

IoT One: XMPP IoT no longer concept

"Tigase IoT One" is using XMPP for IoT, moving from "concept phase" to "production ready" now.

More links:
* IoT over XMPP blog post


#iot #xmpp #tigase #java

The Jabber Spam Fighting Manifesto

Version 0.3, 2017-12-30

The Jabber network (a federated set of thousands of servers with many
tens or hundreds thousands of users) is under a continuous flood of spam
messages for multiple years. Similar to the open email relays of the
mid-1990s, public (and often abandoned) XMPP servers are being abused to
deliver those messages.

We, as the operators of public XMPP servers, commit to the following
Server Policies to fight spam on our servers, and we announce our intent
to block incoming communication from public servers that distribute spam
messages and do not adhere to the Server Policies. Furthermore, we
will inform other Public Server operators and the general public of
domains sending spam and not reacting to abuse reports.

Server Policies

A Public Server is an XMPP server that allows both the registration of
accounts by third parties (either via [In Band Registration][XEP-0077]
or by other means, like a web form), and federation to other XMPP
servers, making it possible for its users to reach out to other XMPP

The operators of a Public Server shall perform the following actions to
fight spam:

* Implement [XEP-0157: Contact Addresses for XMPP Services][XEP-0157] and
react to incoming abuse reports in a timely fashion.

* Limit the number of new user registrations per IP address and hour.

* Monitor or block registrations from IP addresses with bad reputation
(open proxy servers, Tor exit nodes), or enforce additional checks on
those users, like a CAPTCHA or a valid phone number.

* Throttle the traffic from local clients, especially unsolicited
subscription requests and messages.



With our signature under this Manifesto, we assure that our servers are
already following the above stated Server Policies.

Starting with July 1st, 2018, we will start blocking incoming server
connections from Public Servers not following the Server Policies above,
if those are forwarding spam messages to our users. The blocking message
will contain a reference to this Manifesto.



Georg Lukas, (

#xmpp #jabber #spam #spim #yaxim #draft #federation #abuse #server #s2s #manifesto

Babbler 0.7.5 released

Babbler is an XMPP library for Java.
I'm not a Java person myself, but maybe it is interesting to others.

#xmpp #java #babbler #freesoftware

Converse.js 3.3.1 has been released

Converse.js is a web based XMPP/Jabber instant messaging client.
It enables you to add chat functionality to your website, independent of any specific backend. You will however need an XMPP server to connect to, either your own, or a public one.
Converse.js can be integrated into Ruby on Rails, Django, Plone, Roundcube, Wordpress, Alfresco, Friendica and many more.

Look at the changelog - there are many new features and bug fixes!
What's in the release?
Maintaining a long-term open source front-end JavaScript library almost feels like a Sisyphean task sometimes. As soon as you've rolled the big stone up the hill, the whole JS ecosystem, best practices and tooling changes and you find yourself at the bottom of the hill again.
No more jQuery
The last straw for me was when jQuery 3 came out, and half of Converse.js's ~240 tests failed once I plugged it in.

After spending some time trying to figure out what backward incompatible changes they made and how I should update the code, I decided to instead rip jQuery out entirely.
(I would not enjoy working too much in the "JS ecosystem". Ecosystem? Is this the new term for hazardous waste site?)

#conversejs #converse #xmpp #javascript #jquery #freesoftware #rubyonrails #django #plone #roundcube #wordpress #alfresco #friendica

biboumi 7.0 released

biboumi is an XMPP server component, that acts as a gateway to IRC. It is used e.g. by and other public XMPP servers. But it is also very easy to install and configure on your own XMPP server, if you happen to run one.

According to the changelog, the new version supports PostgreSQL in addition to SQLite and fixes a number of bugs.

You may want to join the XMPP MUC, especially if you are a C++ hacker and like to help.

#xmpp #biboumi #irc #muc #postgresql #sqlite #freesoftware #cplusplus #cpp14

Use IRC from XMPP with Debian

Biboumi 6.1-1~bpo9+1 and Prosody 0.10.0-1~bpo9+1 are now available in Debian 9 (stable, stretch) via backports. Biboumi is a gateway from XMPP to IRC and can be used with Prosody or any other XMPP server. It allows XMPP users to join IRC channels as if they were MUCs. Very useful!

#biboumi #prosody #xmpp #debian #freesoftware #irc #muc

Gajim 1.0.0-alpha2 (= 0.98.2) now in Debian 9 stable (stretch-backports)

Just sudo apt install -t stretch-backports gajim gajim-pgp gajim-omemo gajim-httpupload gajim-urlimagepreview and start chatting.

#gajim #xmpp #jabber #freesoftware #release #omemo #pgp #chat #im #federation #debian #ubuntu

Gajim 1.0.0-alpha2 (= 0.98.2) now in Debian testing and Ubuntu bionic

Just sudo apt install gajim gajim-pgp gajim-omemo gajim-httpupload gajim-urlimagepreview and start chatting.

#gajim #xmpp #jabber #freesoftware #release #omemo #pgp #chat #im #federation #debian #ubuntu

Gajim 1.0.0-alpha1 (a.k.a 0.98.1) released

The developers have put a huge amount of work into this release:
* Ported to GTK3 / Python3
* Flatpak support
* Lots of refactoring
* New Emoji support
* New Chat Window design
* New StartChat Window (Ctrl+N)
* New ServerInfo Window
* AccountWindow Redesign
* Moved some encryption code out into Plugins (see PGP Plugin, Esessions Plugin)
* OTR Plugin was not ported, use OMEMO
* Added mam:1 and mam:2 support (mam:0 was removed)
* Added MAM for MUCs support
* Added support for showing XEP-0084 Avatars
* Added xmpp URI handling directly in Gajim
* Removed Gajim-Remote
* Removed XEP-0012 (Last Activity)
* Removed XEP-0136 (Message Archiving)
* Added XEP-0156 (Discovering Alternative XMPP Connection Methods)
* Added XEP-0319 (Last User Interaction in Presence)
* Added XEP-0380 (Explicit Message Encryption)
* Added Jingle FT:5 support

Users of Debian unstable can already install the new version, as well as the plugins gajim-antispam, gajim-httpupload, gajim-omemo, gajim-pgp, gajim-rostertweaks, gajim-triggers, and gajim-urlimagepreview. Have fun!

#gajim #xmpp #jabber #freesoftware #release #omemo #pgp #otr #chat #im #federation #debian

Conversations Open Source Secure XMPP Client for Android

This article on XDA-Developers focusses on encryption features of Conversations and an interview with developer Daniel Gultsch. Nice read!
Q: What motivated you to develop Conversations?
A: I am using Jabber/XMPP for many many years. Even back in 2009 I was able to use Jabber on my Nokia e71. Sometime around the year 2012 I switched to an Android phone, so I suddenly was unable to use Jabber. [...]
Q: Can you give three reasons why Conversations protects your privacy better than Whatsapp or Threema?
A: I don’t have to give my private phone number to strangers if I want to chat with them. I could have a private and a business account. I can disable the business account after my shift, to prevent my boss from annoying me during my free time. WhatsApp allows everybody to analyze my app usage patterns any time. (My boss could stalk me to investigate if I am using WhatsApp during my working hours or if I am using WhatsApp at night instead of sleeping and coming well rested to the office.) This is different with Conversations; Conversations also doesn’t upload my entire address book to Facebook.
Q: Is it allowed to compile Conversations on your own from your Github and use it for private use?
A: Of course. Not only private, also for business and everything else you want. It is also allowed to modify the code to meet individual requirements.
#conversations #freesoftware #xmpp #android #interview #pgp #otr #omemo #forwardsecrecy #xda

Openfire 4.2.1 Release

#xmpp #java #freesoftware #release

Openfire 4.2.1 Release

The Ignite Realtime Community is thrilled to announce the availability of Openfire 4.2.1. But wait, you may wonder why Openfire 4.2.0 was not announced nor blogged about. The answer is that after a soft release of Openfire 4.2.0, we noticed a number of folks hitting a database schema issue that would cause logins to fail. We decided to turn around a fix for that issue and now fully announce the new release. So what has changed with Openfire 4.2? A lot! Some highlights: XEP-0237 Roster Ve...

Movim migrates its official server to ejabberd

Movim is a distributed social networking platform founded in 2010. It can be accessed using existing XMPP clients and Jabber accounts, and is a free and open source software licensed under the AGPL.

With version 0.12 released in October, Movim migrated its official server to ejabberd. Before, they were using Metronome, a Prosody fork. Today, we are chatting with Timothée Jaussoin, the founder of Movim, about this very complex migration.
We now have a proper packaging for our Linux distribution – Debian, which certainly makes it easier to maintain. There’s also an improved scalability and more stable CPU and memory consumption, which helps to predict hardware requirements.
Even if I see ejabberd more as a tool that needs integration and tuning to create a proper platform, ejabberd seems to be the more serious solution to build proper messaging systems using the XMPP protocol.
#movim #ejabberd #socialnetwork #federation #xmpp #agpl #prosody #debian #freesoftware
Movim migrates its official server to ejabberd
Today, we are chatting with Timothée Jaussoin, the founder of Movim, about this very complex migration.

XMPP based tickets and merge requests with SàT

Interesting idea: A distributed bug tracking system based on XMPP. It even has MRs (merge requests) for git and mercurial. The developer,, claim the following advantages:
  • it's decentralized and federated, no need to have X accounts to use X tickets handlers. You can also import tickets from third party projects (e.g. plugins for your project) into your website.
  • it's standard: we can handle or fetch tickets in third party servers easily, without proprietary API.
  • it's very flexible: any field can be used, and the mechanism can be used for any list (bug tracker, TODO list, shopping list, etc.)
  • being based on SàT, it's usable on any platform
  • it can be used with gateways, allowing to use transparently tickets from other services (think about Gitlab or Github for instance)
There is also a short demo video. Nice!

(Someone must package sat_pubsub for Debian!)

#xmpp #bugtracker #git #mercurial #freesoftware #salutatoi #python #tickets #decentralisation



Swift 4.0-rc3: Now available

A new beta of the Swift XMPP client for Linux, Windows, and Mac OSX is out.
#freesoftware #xmpp #linux #windows #macosx #swift

#Swift 4.0-rc3: Now available

A new release candidate for Swift 4.0 is now available for download.

Install Dino on Debian-based Systems

If you run Debian testing or unstable, you may install dino-im directly from Debian experimental. Easy.

If you run Debian stable, or Ubuntu, or Mint etc. there are some more steps involved. Make sure, your system has GTK3 version 3.22 at least. This is required by Dino. E.g. for Ubuntu this means 17.04 or newer. Also, you may need to install some development tools and libraries. During the build, you'll see which one are missing on your system. I did not try this myself, this is just what I hope should work - quick and dirty:Good luck!

#debian #ubuntu #mint #dino #xmpp


Dino in Debian experimental

What is Dino?

Dino is a modern IM client using XMPP (Jabber) with support for both OpenPGP and OMEMO. It looks very nice and can already be used for chatting and group conversations. It is, however, not yet stable nor feature-complete. If you are looking for something like Conversations (Android XMPP client), but for the desktop, Dino is for you. If you like to have something more stable and feature-complete, try Gajim instead. I use both! :~)

Dino is written in C and Vala, uses the GTK+ UI toolkit and looks best in Gnome, XFCE, or other GTK+ based desktops. I heard about planned versions for Windows and MacOS, too, but don't hold your breath.

How to install Dino on Debian?

Since yesterday, the Dino IM client is available in the official Debian repositories, but so far only in the "experimental" distribution. To install it, Debian users have to:
$ echo deb experimental main | sudo tee /etc/apt/sources.list.d/experimental.list
$ sudo apt update
$ sudo apt -t experimental install dino-im

This should work on nine official and five unofficial architectures for at least unstable and testing. Not sure about stable. I'm pretty sure, that oldstable will not work.

Why the "-im" suffix for Dino in Debian?

There used to be another program, an "integrated MIDI piano roll editor and sequencer engine", by the same name in Debian. Many references to the old program still exist, so it would be problematic to recycle the name for a different purpose.

Happy chatting!

#xmpp #debian #dino #jabber #openpgp #omemo #im #federation #chat

Debian Package Tracker - dino-im

Debian Package Tracker - dino-im

Dino in Debian experimental

What is Dino?

Dino is a modern IM client using XMPP (Jabber) with support for both OpenPGP and OMEMO. It looks very nice and can already be used for chatting and group conversations. It is, however, not yet stable nor feature-complete. If you are looking for something like Conversations (Android XMPP client), but for the desktop, Dino is for you. If you like to have something more stable and feature-complete, try Gajim instead. I use both! :~)

Dino is written in C and Vala, uses the GTK+ UI toolkit and looks best in Gnome, XFCE, or other GTK+ based desktops. I heard about planned versions for Windows and MacOS, too, but don't hold your breath.

How to install Dino on Debian?

Since yesterday, the Dino IM client is available in the official Debian repositories, but so far only in the "experimental" distribution. To install it, Debian users have to:
$ echo deb experimental main | sudo tee /etc/apt/sources.list.d/experimental.list
$ sudo apt update
$ sudo apt -t experimental install dino-im

This should work on nine official and five unofficial architectures for at least unstable and testing. Not sure about stable. I'm pretty sure, that oldstable will not work.

Why the "-im" suffix for Dino in Debian?

There used to be another program, an "integrated MIDI piano roll editor and sequencer engine", by the same name in Debian. Many references to the old program still exist, so it would be problematic to recycle the name for a different purpose.

Happy chatting!

#xmpp #debian #dino #jabber #openpgp #omemo #im #federation #chat

Debian Package Tracker - dino-im

Debian Package Tracker - dino-im

Prosody 0.10.0 now in Debian unstable

Users of Debian unstable can now apt install prosody prosody-modules to get the latest version. I run the packages (so far without issues) on a Debian stable system. The "clean" way would be to wait for a backport, but at the moment, it is not strictly necessary.

#debian #prosody #xmpp #federation

Like to experiment with Debian, Gajim, XMPP?

Bored? Like to play? OK, here's my offer: If you run Debian testing or unstable and you are using XMPP, why not install Gajim and some of its plugins from Debian experimental? It probably will not work as smooth as the packages from stable, testing, or unstable, but you can run the freshest stuff ever!

Just put experimental into your /etc/apt/sources.list:
deb experimental main

and install from it:
$ sudo apt install -t experimental gajim gajim-antispam gajim-httpupload gajim-omemo

So far, stuff works for me, but beware: Experimental is called experimental for a reason.

#debian #gajim #xmpp #experimental

Index of /debian

Index of /debian

Prosody 0.10.0 released

Congratulations to the developers!

Note to Debian users: You can try 0.10 now, but it is a two months old pre-release in experimental. You have to use also the prosody-modules from experimental, which are pretty recent. Works perfectly for me on a production server, but still... Expect the new release in unstable in some days.

#prosody #xmpp #debian

Prosody 0.10.0 released - Prosodical Thoughts

Prosody 0.10.0 released - Prosodical Thoughts

"How to Live Without Google" - and getting it all wrong

In a failed attempt to improve users personal privacy, DuckDuckGo jumps from the frying pan straight into the fire. With the motto
Remove Google from your life? Yes, it can be done!
they give ten advices, most of them very bad. Also, they are using inexact wording by calling things free, when they are "free as in beer", but not necessarily "free as in freedom". I comment on their three worst recommendations:
Google Search -> DuckDuckGo (free)
Let's start off with the easiest one! Switching to DuckDuckGo not only keeps your searches private but also gives you extra advantages such as our bang shortcuts, handy Instant Answers, and knowing you're not trapped in a filter bubble.
I understand, that they advertise their own service here. And while I do believe, that DuckDuckGo does not cheat and keeps your searches private, as a user, one cannot prove it. In any case, one just replaces one centralised search machine with another one. Better use a decentralised service, such as meta search engine Searx.
Android -> iOS (paid)
The most popular alternative to Android is of course iOS, which offers easy device encryption and encrypted messaging via iMessage by default. We also have tips to increase privacy protection on your iPhone or iPad.
This is certainly the worst recommendation in their list. I had to check the date of the article, when I read this. Aprils Fool's Day? I'm certainly not a fan of Android and I'm not an Android user anymore, but going for a much more restrictive jail is just stupid. Android has at least relatively free versions, e.g. Replicant. iOS, in contrast, is a carcel with beautifully painted walls. Very high walls with perfectly styled barbed wire on top. Even the most proprietary variants of Android let you at least install free software from

If you don't want to use Android anymore, like myself, better go for a free alternative, e.g. support the Librem 5 crowdfunding, or the Pyra handheld or the ZeroPhone, all three running the free Debian operating system.
Google Allo -> Signal (free)
There are several services offering private messaging but, as we've mentioned before, Signal gets our recommendation. It offers free, end-to-end encryption for both messages and private calls. It's also recommended by Edward Snowden and renowned security expert Bruce Schneier, among others.
Again, they recommend to leave one centralised service for another one. And one, that even wants your phone number, otherwise you can't use it. And one, that does not yet have a decent client for Linux. There are messengers around that are federated or completely decentralised, that do not force you give them your phone number, and that have native clients for all major operating systems. My recommendation is XMPP. If you are on Linux, use e.g. Gajim, on Android the best app is probably Conversations, for iOS there is ChatSecure and so on. Alternatives to XMPP are Ring, Matrix and more recently Wire.

Benjamin Franklin wrote in 1755:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
One should also not give up libre software, which is essential in many ways, to purchase a little perceived safety or privacy through non-free or centralised services.

#duckduckgo #google #searx #replicant #fdroid #librem5 #pyra #zerophone #debian #xmpp #gajim #conversations #chatsecure #ring #matrix #wire

How to Live Without Google

Google tracking is more pervasive than most people realize. We show you some alternatives to Google services to limit your exposure.
A comparison of the capabilities of some of the most used #XMPP clients

@Gruppo Linux Como

Reliability, the open source weakness

Beem in installed, so tried to use it. Ignoring some of the ludicous server names(!), 4 servers were chosen at random (in terms of the personally best server names) to create an account. All failed. Meanwhile, whatapp sits there...

#beem #xmpp #jabber


Et oui enfin ! L'équipe Freemind est heureuse et fier de vous annoncer la mise en ligne de son site web ! :D ####

Voici l'adresse dont vos favoris ne pourront bientôt plus se passer : ####

Vous y trouverez des informations concernant nos différents services déjà fonctionnels (IRC & XMPP), le reste étant soit en test, soit en projet en cours d'étude (Diaspora, ownCloud, Mail, serveur Minecraft pour ne citer qu'eux...).

Des tutoriels complets et en français sont également disponible sur le site !
Allez voir dans la section "Logiciels libres" et vous y trouverez des informations, des solutions alternatives, ET des tutos, notemment sur :
* Tox : l'alternative libre, sécurisée et totalement décentralisée de Skype
* XMPP : protocole libre (le même que google/facebook mais "pas en prison"...) donc alternative à Hangouts/fb messenger
* IRC : tuto complet sur les notions de bases et l'installation d'un client irc
* ANDROID : une section complète avec plein d'alternative libre et respectueuses de la vie privée (on y retrouve des clients pour Tox, XMPP et IRC aussi)

Certains sont en cours de rédaction, d'autres sont prévus et pas encore commencé.

Vous souhaitez contribuer ou vous avez besoin d'aide ?? Contactez-nous ! Toutes les informations de contact figurent maintenant sur notre site web, l'équipe Freemind vous invite à le visiter :)

À très bientôt qui que vous soyez ! une excellente fin de journée de la part du Staff Freemind !

#freemind-fr #freemind #freemind-fr-news #web #site #news #acteurdulibre #libre #solidarité #communauté #linux #respectdelavieprivée #securité #nginx #cmsimple #wiki #tox #irc #xmpp #jappix #promotiondulibre #entraide #support #supportfr #supportfrancophone #aidefrancophone #minecraft

You broke the Internet

Now let's build a GNU one

Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website:

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat


| Translate | Gitter

Why we don't publish at the Play Store

We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!


Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis


dandelion* - unofficial diaspora* android client
nuovi vecchi