Skip to main content

Cerca

Elementi taggati con: xmpp


 

Update on OMEMO (Monal IM)


If you happen to be on the dark side (= Apple):
I have an update on the status of OMEMO in Monal. I’ve completed my spike and have a very rough implementation working. I am able to communicate with Gajim and Chatsecure. I am actually using a lot of the same OMEMO code as Chatsecure using Chris’ cocoapods. The shared code base should reduce duplicated effort and ensure compatibility on the two main Apple platform clients going forward.

The current code isn’t anywhere near production but once I clean it up more, you should start seeing it as an option to turn on in Mac betas in the next month or so. [...]
#omemo #monal #xmpp #apple #ios #macos
Update on OMEMO

 

XMPP server in Go


Does not yet have all the features, one would need, e.g. no Stream Management (XEP-0198) etc. Far from production ready. But nice to see new developments!

#xmpp #go #golang #server #jackal

 

Gajim master available in Debian experimental


For users of Debian testing or unstable who like the smell of adventure and the taste of danger: Try$ sudo apt install -t experimental gajimand you will learn what fear is!

Seriously: Nothing to be afraid of, IMHO. Only a bunch of nice features, such as MUC avatar pictures! Still, it is called experimental for a reason, so expect rough edges here and there.

Official releases are still in unstable/testing/stable-backports, as always.

#gajim #debian #xmpp

 
Over the course of 2 months, and one Ubuntu and Debian upgrade, I came from not being impressed with #Gajim + #OMEMO to extremely satisfied with it, in a way that even mom and dad can talk to me through it.

Release 1.0.1, available natively in Bionic, is extremely well polished, highly usable and the OMEMO plugin works great when I have to talk to people using android. Great job to everyone who helped out in the project!
#privacy #xmpp

 
Over the course of 2 months, and one Ubuntu and Debian upgrade, I came from not being impressed with #Gajim + #OMEMO to extremely satisfied with it, in a way that even mom and dad can talk to me through it.

Release 1.0.1, available natively in Bionic, is extremely well polished, highly usable and the OMEMO plugin works great when I have to talk to people using android. Great job to everyone who helped out in the project!
#privacy #xmpp

 

Looking for a mom-and-pops-friendly IM solution


tl;dr: I'm looking for an alternative to #Whatsapp that is easy enough for my nontechie family to use. So far, #Matrix looks like the most complete solution, but seems pretty slow these days for some reason. Also, I have reasons on why I'm not 100% on choosing #XMPP this time.

What is the alternative you would recommend to mom and dad?

#CambridgeAnalytica leaks and #Facebook scandals apart, I've already been looking for an alternative to WhatsApp for many years, with the largest hurdle in this crusade definitely being the fact that my family hasn't been keen on leaving it for another app. On my side, I have the following requirements:
  • End-to-end #Encryption enabled by default, or at least built into the program (native implementation, no third party plugins)
  • Clients exist for at least GNU/Linux and Android platforms (more is better, but not needed)
  • Support for group chats with E2EE
  • Supports at least text and image transferring.
Matching all of these used to be very tough for a chat program, until about two years ago. With the tremendous progress that the XMPP movement has been doing for the past two or so years, I was hard-pressed to inevitably tell them to immediately download #Conversations for their phones and find true #privacy with #OMEMO encryption and their chats. However...

OMEMO isn't exactly a silver bullet (yet).


First off, allow me to clarify one thing: I love XMPP. I think it is a very mature and very reliable protocol, has a very diverse ecosystem of servers and clients around and has worked very well for me so far. With that said, though, the entire Go OMEMO! isn't exactly the magical crypto bullet that will save every one from surveillance. Or at least not yet.

First off, adoption of OMEMO in client applications has been slow. The only one that actually gets it right in my opinion is Conversations, but that's a phone app - a privacy nightmare. On the desktop, we have few options, and, from experience, none is mature to the point of surviving heavy usage:
  • Gajim - the go-to answer everyone receives - doesn't have native support, and the OMEMO plug-in requires little-tested versions that are unstable, or link to libraries whose versions some distros like Debian and Ubuntu do not offer, even if you add the development Gajim repo.
  • Profanity has at least two plug-ins for OMEMO (python and C), but they are also in the early stages of development (when I tested the python one, it didn't allow me to send messages, just receive).
  • Pidgin seems to have released an OMEMO library, but given the time of the release, I doubt it's any more stable than the above.
  • Dino appears to offer native support, but is still in alpha stage.
I know that this site indicates many other programs having some or full support for OMEMO already, but quite frankly, in my experience it's not accurate at all from the experience of a user (see my points above).

So much for requirement #2...

Enter (or not) the Matrix


So while I was busy digging for the grail, all the cool kids seemed to have switched to something called Matrix, specifically through the Riot webapp. Citing full integration over many different communication networks, I also decided to give it a try because, well, why not?

Turns out that Riot is glossy and bloated, but yes, fairly easy to use - very much like WhatsApp itself. That could be a selling point to the non-techies! And they have E2EE that apparently has been audited already. And it does fulfill all the four requirements I have. But I still am a little unsure about a few things:
  • By using the Riot web interface, you have to use Javascript to do cryptography. I know that the implementation was audited, but the whole thing about trusting Javascript still gives me the creeps. Also: RIP my RAM.
  • Desktop clients for Matrix are, very much like XMPP, lacking. Riot-desktop seems to be just a thin wrapper around the webapp. The weechat plugin last time I checked does not support encryption, etc.
  • It is mysteriously very slow these days. It seems that this is because of people overloading a few of the already few servers around and not wishing to host more, thus resulting in a very inefficient federation and network. That wasn't the case when I first tried it two years ago. This will not help convince WhatsApp users.
But even with all the above considered, I still think that Matrix, through the Riot App and Webapp is the best way to go to convince nontechies to move away from WhatsApp. I'm not praising Matrix either, though. It always sounded to me like a project that wanted to do everything, and seeing the bloat I get for what I intend to use it for, it seems to have kept going that way.

Perhaps when one day OMEMO finds its way into native or mature implementations in XMPP clients, I will revisit this post and lean towards XMPP again. But so far, no single free software IM solution has been 100% satisfactory in my case, and I'm still looking for more alternatives.

What is the alternative you would recommend to mom and dad?

 
Chat Now Enabled at Diaspora*LA

Diaspora*LA's configuration has been updated to enable XMPP chat integration. With this feature, diaspora*LA users can chat with friends on other pods via the diaspora* user interface. Additionally, we can use our diaspora* account with XMPP client applications to chat with other XMPP[...]

\#xmpp #chat #diaspora-la #diaspora
Originally posted at: https://blog.diaspora.la/2018/05/06/chat-now-enabled-at-diasporala/
Chat Now Enabled at Diaspora*LA

 
Chat Now Enabled at Diaspora*LA

Diaspora*LA's configuration has been updated to enable XMPP chat integration. With this feature, diaspora*LA users can chat with friends on other pods via the diaspora* user interface. Additionally, we can use our diaspora* account with XMPP client applications to chat with other XMPP[...]

\#xmpp #chat #diaspora-la #diaspora
Originally posted at: https://blog.diaspora.la/2018/05/06/chat-now-enabled-at-diasporala/
Chat Now Enabled at Diaspora*LA

 
Ayer con f del @Partido Interdimensional Pirata de Argentina nos* juntamos a armar esto:

Prosody Moderno @ 0xacab.org GitLab


La idea del proyecto es facilitar la tarea de levantar un servicio de #chat moderno, seguro** e interoperable.

Son dos archivos de configuración y un script que crea un container.

Detalles técnicos


Los archivos de configuración son: uno para la #monitorización incluída #Monit, y otro para el servidor de chat #Prosody.

El script es un Dockerfile: un achivo con instrucciones sobre cómo fabricar una imagen de #Docker (como los archivos Makefile de make).

El container está basado en #Alpine, y usa variables de entorno y envsubst para adaptar la configuración.

Eh! Yo quiero, también!


Quienes se den maña, están invitadxs a probarla, y colaborar o hacer su propia versión en base a esta.

Para reportar problemas, documentar o bifurcar (fork) el repositorio, se tienen que registrar en 0xacab.org.

Para clonar el repositorio, pueden tirar git clone https://0xacab.org/partido-interdimensional-pirata/prosody-moderno.git, sin necesidad de registrarse.
#XMPP #Jabber #IM
#XEPs #ComplianceTester #XEP-0387 #HTTPFileUpload #OMEMO #MAM #PushNotifications #MessageCarbons #StreamManagement
#containers #virtualización #aislamiento #automatización #orquestación
#español #ñ

*: más que nada lo armó él, en realidad :P yo fui a acompañar y a aprender (levanté un Prosody una vez, pero nunca había usado Docker)
**: a seguro se lo llevaron preso

 
Ayer con f del @Partido Interdimensional Pirata de Argentina nos* juntamos a armar esto:

Prosody Moderno @ 0xacab.org GitLab


La idea del proyecto es facilitar la tarea de levantar un servicio de #chat moderno, seguro** e interoperable.

Son dos archivos de configuración y un script que crea un container.

Detalles técnicos


Los archivos de configuración son: uno para la #monitorización incluída #Monit, y otro para el servidor de chat #Prosody.

El script es un Dockerfile: un achivo con instrucciones sobre cómo fabricar una imagen de #Docker (como los archivos Makefile de make).

El container está basado en #Alpine, y usa variables de entorno y envsubst para adaptar la configuración.

Eh! Yo quiero, también!


Quienes se den maña, están invitadxs a probarla, y colaborar o hacer su propia versión en base a esta.

Para reportar problemas, documentar o bifurcar (fork) el repositorio, se tienen que registrar en 0xacab.org.

Para clonar el repositorio, pueden tirar git clone https://0xacab.org/partido-interdimensional-pirata/prosody-moderno.git, sin necesidad de registrarse.
#XMPP #Jabber #IM
#XEPs #ComplianceTester #XEP-0387 #HTTPFileUpload #OMEMO #MAM #PushNotifications #MessageCarbons #StreamManagement
#containers #virtualización #aislamiento #automatización #orquestación
#español #ñ

*: más que nada lo armó él, en realidad :P yo fui a acompañar y a aprender (levanté un Prosody una vez, pero nunca había usado Docker)
**: a seguro se lo llevaron preso

 

Xabber for iOS alpha testing


When I still had a smartphones, long time ago, I liked Xabber more than Conversations, both installable from F-Droid.org. The Xabber UI was easier for me to understand than Conversations, esp. how to work with multiple acconts and roster groups. Nice, that they are creating an iOS client, too! (Not so nice, that people use iOS in the first place, but that's another problem.) Those who like to use OMEMO encryption on iOS, need to stay with ChatSecure, however.

#xmpp #xabber #ios #freesoftware #chatsecure

 

Summer of Code: Command Line OX Client!


vanitasvitae writes on 2018-06-01:
As I stated earlier, I am working on a small XMPP command line test client, which is capable of sending and receiving OpenPGP encrypted messages. I just published a first version :)
Creating command line clients with Smack is super easy. You basically just create a connection, instantiate the manager classes of features you want to use and create some kind of read-execute-print-loop.
Last year I demonstrated how to create an OMEMO-capable client in 200 lines of code. The new client follows pretty much the same scheme.
The client offers some basic features like adding contacts to the roster, as well as obviously OX related features like displaying fingerprints, generation, restoration and backup of key pairs and of course encryption and decryption of messages. Note that up to this point I haven’t implemented any form of trust management. For now, my implementation considers all keys whose fingerprints are published in the metadata node as trusted.
You can find the client here. Feel free to try it out, instructions on how to build it are also found in the repository.
Happy Hacking!
#smack #ox #freesoftware #xmpp #cli #fsfe #openpgp #omemo

 

XMPP mit OMEMO mit Gajim unter Fedora


Eben stand ich wie der Ochs vorm Berg. Ich hatte auf meinem Fedora System für XMPP das Programm Gajim installiert und wollte das OMEMO-Plugin zum Laufen bekommen. Also wollte ich python-axolotl installieren, aber es gibt nichts entsprechendes. Nun nach ein wenig Suchen und hin und her fand ich dann doch noch eine Lösung wie man es hin bekommt ohne das gewünschte selbst zu kompilieren. Ich hoffe das ich mit diesem kleinen Beitrag hier jenen die auch vor dem selben Problem stehen vor dem ich stand ein wenig helfen kann.

Tags: #de #fedora #linux #gajim #xmpp #omemo #axolotl #ravenbird #2018-06-06

 

XMPP mit OMEMO mit Gajim unter Fedora


Eben stand ich wie der Ochs vorm Berg. Ich hatte auf meinem Fedora System für XMPP das Programm Gajim installiert und wollte das OMEMO-Plugin zum Laufen bekommen. Also wollte ich python-axolotl installieren, aber es gibt nichts entsprechendes. Nun nach ein wenig Suchen und hin und her fand ich dann doch noch eine Lösung wie man es hin bekommt ohne das gewünschte selbst zu kompilieren. Ich hoffe das ich mit diesem kleinen Beitrag hier jenen die auch vor dem selben Problem stehen vor dem ich stand ein wenig helfen kann.

Tags: #de #fedora #linux #gajim #xmpp #omemo #axolotl #ravenbird #2018-06-06

 
Decentralized code forge, based on XMPP

If you want to see an alternative to #github which is decentralized and ethics, it's at your fingertips, you can make it real!

https://www.goffi.org/b/F4xScokjZejCYAB4NamBbc/decentralized-code-forge,-based-xmpp

#xmpp #salutatoi #SàT #code #forge #decentralization #contribution #cooperation

 
Decentralized code forge, based on XMPP

If you want to see an alternative to #github which is decentralized and ethics, it's at your fingertips, you can make it real!

https://www.goffi.org/b/F4xScokjZejCYAB4NamBbc/decentralized-code-forge,-based-xmpp

#xmpp #salutatoi #SàT #code #forge #decentralization #contribution #cooperation

 
With the announce of #microsoft buying #github, it's a good time to recall that I've started to write tools for a decentralized forge in Salut à Toi (based on #XMPP), with tickets and merge requests implemented.

It's already working, it's written in a popular language (#python) and help would be more than welcome (check our XMPP MUC room at sat@chat.jabberfr.org).

Blog post and demo at https://www.goffi.org/b/9555cc02-6a87-4b6b-af85-20f1c0736722/xmpp-based-tickets-merge-requests-with .

#salutatoi #SàT #XMPP #decentralization #forge #code

 
With the announce of #microsoft buying #github, it's a good time to recall that I've started to write tools for a decentralized forge in Salut à Toi (based on #XMPP), with tickets and merge requests implemented.

It's already working, it's written in a popular language (#python) and help would be more than welcome (check our XMPP MUC room at sat@chat.jabberfr.org).

Blog post and demo at https://www.goffi.org/b/9555cc02-6a87-4b6b-af85-20f1c0736722/xmpp-based-tickets-merge-requests-with .

#salutatoi #SàT #XMPP #decentralization #forge #code

 

Finally, I have deleted my #Google account today!


It was a long an challenging breakup. It started roughly 2 years ago, when I was not able to ignore anymore that Google started switching to the #darkside.

You can easily guess which social network I use instead of #googleplus. [Yes, I use and <3 #diaspora* ;-).]
Instead of #gmail, I use the email account provided by my workplace and #disroot for personal emails.
I chat by using #xmpp (via clients #conversations and #gajim using #omemo for #encryption).
I use #davdroid to synchronize my contact list, calendar and tasklist to my #moblie.
Instead of #chrome, I use #firefox, #torbrowser, #iceweasel, and #icecat.
Instead of #webmail, use #thundebird, #icedove and #k9 email clients.
I use #nextcloud and #syncthing, instead of #googledrive.
For #searching, I sue #duckduckgo and #searx.
Instead of #android, I use #replicant.

Instead of paying with my #privacy, I pay with #donation using #liberapay.


I'm also grateful to @Tiberiu C. Turbureanu (from #technoethical) for helping me fixing my broken replicant install.

 

Katarina Barley fordert Öffnung von WhatsApp für andere Dienste


Huch, eine Ministerin mit einer richtig guten Idee? Was ist denn da passiert?

Chat-Dienste sollten genauso wenig monopolisiert sein wie Email oder Telefonie. Menschen, die bei verschiedenen Email-Providern oder Telefonie-Anbietern sind, können trotzdem miteinander kommunizieren. Nur bei IM ist das anders: Bei Whatsapp sitzt man im rostigen Käfig. Die Politik sollte in der Tat durchsetzten, daß IM-Dienste ab einer bestimmten Größe geöffnet werden müssen. Dafür gibt es seit knapp zwanzig Jahren sogar einen offiziellen Internet-Standard. Whatsapp, Google, Facebook haben genau diesen Standard sogar jahrelang genutzt, sich von diesem aber verabschiedet um sich abzuschotten.

Auch sympathisch: Frau Barley ist weder bei Whatsapp noch bei Facebook.

#barley #katarinabarley #im #whatsapp #spd #xmpp #chat #federation

 

Public Jabber Chat rooms



Christopher Muclumbus: A listing of public XMPP/Jabber chat rooms/groups.



If you are in a public MUC, that is not yet listed, you can add it by inviting xmpp:christopher.muclumbus@dreckshal.de to the room. In Gajim, you have to type in the message field when you are in the specific chatroom: /invite christopher.muclumbus@dreckshal.de.

#xmpp #jabber #muc #federation #chatroom #freesoftware #agpl

 

XMPP-Meetup Berlin: Daniel Gultsch about good and bad client UX



Next Meeting:

Thursday, 2018-06-07, 19:00

co-up, Adalbertstr. 8, 10999 Berlin

Daniel Gultsch:
I’m going to talk about how to deal with baggage and how legacy UX (something that long time users are used to from other clients) makes it difficult to create good clients. (Which for example lead to the creation of the infamous »Expert Settings«.)
#xmpp #berlin #meeting #ux #android #conversations #federation

 

Have you considered the alternative?



Good read. The authors make clear, that end-to-end encryption, as important as it is, is not the most important tool to protect privacy. Federation or decentralization is much more important. They also see clearly, that centralized messengers have much better funding opportunities than federated ones.
While OWS provides thorough expertise in the field of cryptography, Marlinspike is currently advocating centralisation as the only answer towards user-friendly, fast and secure messaging apps. Decentralisation, according to him, has no place in the modern world and apparently hampers innovation. However, some of his arguments have not remained unchallenged. In particular, where Marlinspike accuses federation of stalling evolution, Daniel Gultsch provides a counter argument by using the Web as an example of successfully federated system. Furthermore, Gultsch states that the problem is not that federation doesn't adapt, but rather that there are problems with its implementation for a very significant reason: software developers working on federated systems mostly work for free in their spare time or with little means, given the difficulty to monetise a system which design can only succeed if it is open and can be appropriated easily beyond its original scope, and thus making its capitalisation particularly challenging. In that sense, the most interesting aspect of this debate is that while Marlinspike seems to defend his product from a technological perspective, Gultsch's counter argument moves back the discussion to the context of political economy.

Hosting your own infrastructure allows you to scale your communication in a way that is the most meaningful for the group or community you belong to. It is also a way to make sure your system matches your own threat model?, while simultaneously allowing you to deal with trust that is not mediated by an app. It also allows you to experiment with economic models other than those linked to large-scale infrastructure involving surveillance and capturing of your social graph for financial gain. Maybe you want to share the cost of the server or the responsibilities of administrating it, maybe you want to collectively learn how to run all this stuff, or maybe you want to start meetings to exchange tips, etc. However, this does not mean that you need to cut yourself off from the rest of the world and this form of localism should not be misunderstood for a hipsterist and reactionary form of escapism. Instead, such an approach is quite the opposite as it provides a possibility to actively engage with societal issues. It allows groups to collectively think, in the sense of defining questions and hypotheses themselves, acquire skills and knowledge and respond to issues that are both relevant to their own situation but that can also resonate globally, enabling others to start a similar process.
#whatsapp #facebook #signal #xmpp #conversations #gajim #chatsecure #selfhosting #federation #politics #freesoftware

 

Movim at Debian Mini DebConf in Hamburg



Movim developer Timothée “edhelas” Jaussoin writes:
Hey everyone :) I'm currently in #Hamburg for the MiniDebConf.
The goal is to work on #Movim and prepare it to be packaged for #Debian!
Lots of work has already been done as you can see on the CHANGELOG of the project.
We first worked on cleaning up and stabilizing the #dependencies of Movim. The outdated heyupdate/emoji was replaced by a wonderful pull request by mirabilos that add support of emojis directly inside Movim.
On my side I replaced ramsey/uuid with a simple internal function and worked on upgrating reactphp/http to their latest release with the help of WyrilHaximus, which also helped to release the v0.4.0 of reactphp/zmq that contains some important fixes for Movim.
The template engine of Movim, RainTpl was also stabilized to the latest release.
Natureshadow also made a really nice pull request to prepare the Debian package and fixe a couple of small bugs regarding URL handling inside the project.
All those dependencies will soon be packaged and integrated in Debian.
On top of that I worked a few hours yesterday on the optimisation of the #database requests by using some memory caching and Eloquent eager loading to prefetch some extra information when querying resources in the DB. This reduces the time spent to generate the pages and contents by more than 50 to 75% in some cases! It can especially be noticed on the Chat page and Contacts page.
The main pods were also updated with all those changes, so you can try them on nl.movim.eu, fr.movim.eu or de.movim.eu.
That's all folks!
#movim #debian #socialnetwork #minidebconf #hamburg #xmpp #php #eloquent

 

Progress report from the Movim packaging sprint at MiniDebconf



Debian developer Thorsten “mirabilos” Glaser writes:
The upstream Movim developer arrived as well — we have quite an amount of upstream developers of various projects attending MiniDebConf, to the joy of the attendees actually directly involved in Debian, and this makes things much easier, as he immediately started removing dependencies (to make our job easier) and fixing bugs and helping us understand how some of those dependencies work. (I also contributed code upstream that replaces some Unicode codepoints or sequences thereof, such as 3⃣ or ‼ or 👱🏻‍♀️, with <img…/> tags pointing to the SVG images shipped with Movim, with a description (generated from their Unicode names) in the alt attribute.)
Now, Saturday, all dependencies are packaged so far, although we’re still waiting for maintainer feedback for those two we’d need to NMU (or have them upload or us take the packages over); most are in NEW of course, but that’s no problem. Now we can tackle packaging Movim itself — I guess we’ll see whether those other packages actually work then ☺
In the meantime we’ve also had the chance to socialise, discuss, meet, etc. other Debian Developers and associates and enjoy the wonderful food and superb coffee of the “Cantina” at the venue; let me hereby express heartfelt thanks to the MiniDebConf organisation for this good location pick!
#movim #debian #socialnetwork #minidebconf #hamburg #xmpp

 

Prosody 0.10.1 released



Congratulations to the developers!



As always, the release features many improvements and bug fixes.

The package is already in Debian unstable, and will be in testing and stable backports soon.

#prosody #xmpp #debian

 

New German language XMPP developers community



Für alle, die an der Entwicklung von XMPP interessiert sind (also eher nichts für reine End-Users), gibt es eine neue Deutschsprachige XMPP-Community. Einfach mal reinschauen!
#xmpp #german #deutsch #entwicklung #developer #community

 

XMPP-Meetup in Berlin



XMPP Council member Daniel Gultsch, also known for his Android application Conversations, will explain how the XMPP Standards Foundation (XSF) works and how an XMPP Extension Protocol (XEP) emerge.

Monday, 2018-05-14 19:00 CEST, location see link

#berlin #xmpp #conversations #xsf #xep

 

XMPP with anonymous network I2P



Interesting article with configuration hints for prosody, which I should try at some point:
The idea of building decentralized messenger run by users, not corporations, is not new. But the process of building it costs a lot of money and takes a lot of time. But what if we take the old good XMPP protocol, which has everything already implemented for us?
That's not "real P2P", you may argue, for using XMPP one needs to have a server running with a registered domain name. Yes, but we can run our server software on a local host and use virtual I2P network for connecting with other servers. I2P (Invisible Internet Protocol) allows us to use virtual .i2p address instead of a real domain name, plus it gives us advanced protection against illegal dragnet surveillance.
That way we have:
* Hybrid P2P messenger, which can be run both on end-user devices and on high-performance server infrastructure.
* Features which many of "real P2P" messengers miss: offline message delivery, "cloud storage" for history and contacts, using one account on multiple devices.
* All kinds of end-user applications are available (desktop, mobile, web).
* Censorship resistance and advanced privacy protection as a bonus from using I2P.

Let's get it!
#xmpp #i2p #i2pd #decentralization #p2p #privacy #prosody

 

XMPP and GDPR



The XMPP Standards Foundation (XSF) is discussing the implications of the EU General Data Protection Regulation (GDPR). Interesting!

#xmpp #gdpr #privacy

 

Gajim 1.0.2 released



This is a bug fix release, i.e. around 20 issues have been solved.
It is already in Debian unstable ("sid").

On a side note: A colleague switched from Psi 1.3 to Gajim 1.0.1 on Windows 10 and so far, they is happy. Psi wasn’t bad, but on their machine it was not possible to restart Psi after quitting it. Only after reboot :~(

#gajim #xmpp #debian

 
Should someone of you use #Conversations 2.0+, you might want to update

Daniel Gultsch ha scritto:

“Please update to Con­ver­sa­tions 2.1.4 ASAP. Avail­able on both Google Play and F-​Droid. This fixes our first crit­ical secur­ity issue. More details will fol­low after the major­ity of people have upgraded. Con­ver­sa­tions Leg­acy and Con­ver­sa­tions prior to 2.0 are not affected.”


source (twitter)

#xmpp #jabber

 

Note to myself: How to disable OTR in ChatSecure



Some weeks ago, a colleague, who unfortunately uses an iPhone (he is not a completely bad person, though) installed ChatSecure. Immediately, I and others were annoyed by unreadable OTR garbage he sent. It took us a while, but at the end of the day (the whole day!) we found out how to disable OTR. Yesterday, a friend who unfortunately also uses an iPhone (he is not a completely bad person neither), had the same issue and it took me the help of strangers on the internet (here; the Conversations MUC), to remember what to do. For the next time and the benefit of the public:
  • One cannot disable OTR globally in ChatSecure, but only contact by contact.
  • You need to open the chat of the contact.
  • Go to the "contact details".
  • Go to "advanced encryption settings" and select "OMEMO", nothing else.
  • Close chat with the contact.
  • Repeat the last four steps for all your 511 contacts.
#xmpp #ios #iphone #otr #omemo #chatsecure #conversations

 

NIST releases IoT draft standards



Remember: XMPP is not only for Instant Messaging, but also for (micro-)blogging, social networks — and IoT!

#xmpp #iot #security #nist #tls #tigase

 

Gajim 1.0.0 in Debian unstable



Gajim 1.0 has been released on 2018-03-17 and is available in Debian unstable ("sid"). It will hopefully migrate to Debian testing ("buster", Debian 10) in some days. A backport for Debian stable ("stretch", Debian 9) will be provided then, too.

New Gajim features compared to the previous stable release 0.16:

* Ported to GTK3 / Python3
* Integrate HTTPUpload
* Improvements for HiDPI Screens
* Change password storage to python keyring package
* New Emoji support
* A lot of new design
* MAM for groupchats support
* New XEPs:
* XEP-0156 (Discovering Alternative XMPP Connection Methods),
* XEP-0319 (Last User Interaction in Presence),
* XEP-0368 (SRV records for XMPP over TLS),
* XEP-0380 (Explicit Message Encryption)

#gajim #xmpp #debian

 

The rocky road to OMEMO by default



Daniel Gultsch, developer of Android XMPP client Conversations, writes,

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0



...
The other big hurdle we had to overcome was the adoption rate in clients. If you send OMEMO encrypted messages by default you should have a reasonable expectation that your contact will be able to decrypt the message. Reasonable expectation doesn’t mean that every single client out there has to support it—In an ecosystem with hundreds of small, badly maintained clients that’s just not feasible—but the major clients should at least have a plugin available.
In March 2018 we finally reached the point where every plattform has one or more clients with OMEMO support. Conversations and Zom on Android, ChatSecure on iOS, Psi and Gajim on the desktop. The up and coming desktop client Dino—despite not having had an initial release—already has support for OMEMO as well. And even the webclient JSXC has a plugin available.
Considering the complexity of OMEMO and the fact that most of these clients are developed by people in their spare time, this is actually quite an impressive adoption rate.
...
Moxie Marlinspike, in his 2016 propaganda piece ignorantly bashing XMPP, had one valid point: Enabling end-to-end encryption in a homogenous environment is easier than introducing it in a heterogenous one like Jabber. Nobody is denying that. However, if something is hard to achieve there are two possible approaches: Either try your best and don’t give up, or put your head in the sand and create yet another walled garden that is no different from other proprietary solutions.
Admittedly it has taken us a while to get to a point where we can enable end-to-end encryption by default, but it was worth the effort in that we ended up with something that is different from WhatsApp in more than just marketing.
#xmpp #omemo #conversations #psi #gajim #zom #chatsecure #dino #jsxc #federation #encryption

 

Slack's bait and switch



The developer of the beautiful Converse.js web browser XMPP client, JC Brand, writes:

On Federation



When we talk about "federation" in networks, we mean the ability to communicate between different service providers.
For example, email is federated. You can set up your own email server, and then send emails to people with their own email servers, or to people with Gmail or Yahoo! accounts.
You can email any other email address in the world, regardless of where that email address is hosted.
If email never existed, and a company like Slack today would come out with this brand new concept of "Electronic Mail", let's call it digimail, do you think they would standardise the digimail protocol and allow you to send messages to other digimail purveyors?
We all know the answer to that. They won't, and neither would Google, Microsoft or Facebook.
Heck, Facebook is actively trying to replace email since years.
The reason email is federated, is because it was developed before surveillance capitalism was a thing and because it was established and entrenched long before these companies came around.
There's a reason why your email address is still the de facto way to sign up for any service on the web (sometimes with one or two degrees of separation), and it's because of federation.
XMPP is designed to allow federation. Think about that. Instead of having to sign up to various different chat providers, all which try to lock you in and monetize your conversations, you could instead have one chat account, and use that to chat with anybody else, regardless of which chat provider they are using.
Alas, that's the dream, but because XMPP came much later to the scene, it didn't develop the critical mass as email has, and here we are. With dozens of chat apps, all non-interoperable and closed off.
#slack #xmpp #federation #surveillancecapitalism

 

Biboumi - An XMPP-IRC Gateway



Debian maintainer Vasudeva Kamath writes in their blog:
IRC is a communication mode (technically a communication protocol) used by many Free Software projects for communication and collaboration. It is serving these projects well even 30 years after its inception. Though I'm pretty much okay with IRC I had a problem of not able to use IRC from the mobile phones. Main problem is the inconsistent network connection, where IRC needs always to be connected. This is where I came across Biboumi.
Biboumi by itself does not have anything to do with mobile phones, its just a gateway which will allow you to connect with IRC channel as if it is a XMPP MUC room from any XMPP client. Benefit of this is it allows to enjoy some of XMPP feature in your IRC channel (not all but those which can be mapped).
He then explains in detail how to configure Ejabberd with Biboumi and how to actually use Biboumi from the XMPP client, e.g. Conversations. Worth a read!

I'm using Biboumi, too. Both via the wonderful movim.eu social network site, but also at my company, where we run it behind the Prosody XMPP server.

#gateway #irc #mobile #xmpp #ejbberd #biboumi #conversations

 

On the demise of Slack's IRC / XMPP gateways



Say no to Slack.



Debian developer Gunnar Wolf writes:
I have grudgingly joined three Slack workspaces, due to me being part of proejects that use it as a communications center for their participants. Why grudgingly? Because there is very little that it adds to well-established communications standards that we have had for long ~~years~~ decades.
On this topic, I must refer you to the talk and article presented by Megan Squire, one of the clear highlights of my participation last year at the 13th International Conference on Open Source Systems (OSS2017): «Considering the Use of Walled Gardens for FLOSS Project Communication». Please do have a good read of this article.
Thing is, after several years of playing open with probably the best integration gateway I have seen, Slack is joining the Embrace, Extend and Extinguish">-minded companies. Of course, I strongly doubt they will manage to extinguish XMPP or IRC, but they want to strengthen the walls around their walled garden...
So, once they have established their presence among companies and developer groups alike, Slack is shutting down their gateways to XMPP and IRC, arguing it's impossible to achieve feature-parity via the gateway.
Of course, I guess all of us recognize and understand there has long not been feature parity. But that's a feature, not a bug! I expressly dislike the abuse of emojis and images inside what's supposed to be a work-enabling medium. Of course, connecting to Slack via IRC, I just don't see the content not meant for me.
The real motivation is they want to control the full user experience.
Well, they have lost me as a user. The day my IRC client fails to connect to Slack, I will delete my user account. They already had record of all of my interactions using their system. Maybe I won't be able to move any of the groups I am part of away from Slack – But many of us can help create a flood.
Say no to predatory tactics. Say no to Embrace, Extend and Extinguish. Say no to Slack.
See also @Carl Chenet, another Debian developer, post The Slack Threat.

Btw. I never used Slack, but some people still try to drag me into it. I stay with XMPP, and in IRC by means of the biboumi XMPP-IRC gateway.

#xmpp #slack #irc #walledgarden #federation #biboumi #debian

 

Berlin XMPP meetup a.k.a. eXciting Monday Public Powwow



Monday, 2018-02-26, 19:00 CET



co.up, Adalbertstr. 7—8, 3rd floor, 10999 Berlin-Kreuzberg

Let's talk about Movim, and about the XMPP Summit!



This time, we will talk about Movim (the "kick ass social network"!), and about the latest XMPP Summit, which took place in Brussels a few weeks ago. Hope to see you all on Monday!
Language will probably be English or German. Or Volapük. Let's see.

#xmpp #jabber #summit #movim #berlin #federation #socialnetwork

 

Help translate Movim!



If you know English plus another language, this is for you! Please help with the translation of Movim at its translation page. At the moment German and French are almost complete, no help needed now. The following languages are nearing completion (≥¾), so this might be the perfect moment to achieve 100% without having to work much:

Russian, Norwegian Bokmål (Norway), Portuguese (Brazil), Chinese (China), Polish, Italian, Dutch, Spanish, and Danish.

Of course, all other languages are welcome, too! This is your chance to participate in free software, open source, and federation, without having to be a programmer :~)

(Btw. I never worked with transifex myself, so please do not ask me about it.)

What is Movim anyway? It is a free software, federated, social network, but very differerent from Diaspora, based on the XMPP standard. You can try it e.g. here or check the more or less up-to-date pod list.

#help #translation #movim #xmpp #federation #languages #freesoftware #i18n

 

mcabber 1.1.0 in Debian unstable



mcabber is a small XMPP console client written in C. It support MUC, TLS, PGP, OTR, but not OMEMO.

For those, who prefer vi like key bindings: With the new version you can put
set vi_style = 1

in your ~/.mcabberrc and feel like home. I'll stay with the default key bindings.

If you don't like mcabber, but want a console client anyway, you might want to look into profanity, primitivus, or poezio, which are native XMPP clients. There is also finch, which is a multiple protocol clients. And irssi, which is an IRC client, but can speak XMPP via an XMPP plugin or, alternatively bitlbee. poezio is not yet in Debian, everything else is.

#mcabber #xmpp #jabber #debian #vi #console #terminal #im

 

Gajim 1.0.0 beta 1 released!



#gajim #xmpp #debian

 

IoT One: XMPP IoT no longer concept



"Tigase IoT One" is using XMPP for IoT, moving from "concept phase" to "production ready" now.

More links:
* IoT over XMPP blog post
*

Cool!

#iot #xmpp #tigase #java

 

The Jabber Spam Fighting Manifesto

Version 0.3, 2017-12-30

The Jabber network (a federated set of thousands of servers with many
tens or hundreds thousands of users) is under a continuous flood of spam
messages for multiple years. Similar to the open email relays of the
mid-1990s, public (and often abandoned) XMPP servers are being abused to
deliver those messages.

We, as the operators of public XMPP servers, commit to the following
Server Policies to fight spam on our servers, and we announce our intent
to block incoming communication from public servers that distribute spam
messages and do not adhere to the Server Policies. Furthermore, we
will inform other Public Server operators and the general public of
domains sending spam and not reacting to abuse reports.

Server Policies



A Public Server is an XMPP server that allows both the registration of
accounts by third parties (either via [In Band Registration][XEP-0077]
or by other means, like a web form), and federation to other XMPP
servers, making it possible for its users to reach out to other XMPP
domains.

The operators of a Public Server shall perform the following actions to
fight spam:

* Implement [XEP-0157: Contact Addresses for XMPP Services][XEP-0157] and
react to incoming abuse reports in a timely fashion.

* Limit the number of new user registrations per IP address and hour.

* Monitor or block registrations from IP addresses with bad reputation
(open proxy servers, Tor exit nodes), or enforce additional checks on
those users, like a CAPTCHA or a valid phone number.

* Throttle the traffic from local clients, especially unsolicited
subscription requests and messages.

[XEP-0077]: https://xmpp.org/extensions/xep-0077.html
[XEP-0157]: https://xmpp.org/extensions/xep-0157.html

Schedule



With our signature under this Manifesto, we assure that our servers are
already following the above stated Server Policies.

Starting with July 1st, 2018, we will start blocking incoming server
connections from Public Servers not following the Server Policies above,
if those are forwarding spam messages to our users. The blocking message
will contain a reference to this Manifesto.

Committment



Signed,

Georg Lukas, yax.im (https://yaxim.org/yax.im/)

...
#xmpp #jabber #spam #spim #yaxim #draft #federation #abuse #server #s2s #manifesto

 

Babbler 0.7.5 released



Babbler is an XMPP library for Java.
I'm not a Java person myself, but maybe it is interesting to others.

#xmpp #java #babbler #freesoftware

 

Converse.js 3.3.1 has been released

Converse.js is a web based XMPP/Jabber instant messaging client.
It enables you to add chat functionality to your website, independent of any specific backend. You will however need an XMPP server to connect to, either your own, or a public one.
Converse.js can be integrated into Ruby on Rails, Django, Plone, Roundcube, Wordpress, Alfresco, Friendica and many more.

Look at the changelog - there are many new features and bug fixes!
What's in the release?
Maintaining a long-term open source front-end JavaScript library almost feels like a Sisyphean task sometimes. As soon as you've rolled the big stone up the hill, the whole JS ecosystem, best practices and tooling changes and you find yourself at the bottom of the hill again.
[...]
No more jQuery
[...]
The last straw for me was when jQuery 3 came out, and half of Converse.js's ~240 tests failed once I plugged it in.

After spending some time trying to figure out what backward incompatible changes they made and how I should update the code, I decided to instead rip jQuery out entirely.
(I would not enjoy working too much in the "JS ecosystem". Ecosystem? Is this the new term for hazardous waste site?)

#conversejs #converse #xmpp #javascript #jquery #freesoftware #rubyonrails #django #plone #roundcube #wordpress #alfresco #friendica

 

biboumi 7.0 released



biboumi is an XMPP server component, that acts as a gateway to IRC. It is used e.g. by movim.eu and other public XMPP servers. But it is also very easy to install and configure on your own XMPP server, if you happen to run one.

According to the changelog, the new version supports PostgreSQL in addition to SQLite and fixes a number of bugs.

You may want to join the XMPP MUC xmpp:biboumi@muc.poez.io?join, especially if you are a C++ hacker and like to help.

#xmpp #biboumi #irc #muc #postgresql #sqlite #freesoftware #cplusplus #cpp14

 

Use IRC from XMPP with Debian



Biboumi 6.1-1~bpo9+1 and Prosody 0.10.0-1~bpo9+1 are now available in Debian 9 (stable, stretch) via backports. Biboumi is a gateway from XMPP to IRC and can be used with Prosody or any other XMPP server. It allows XMPP users to join IRC channels as if they were MUCs. Very useful!

#biboumi #prosody #xmpp #debian #freesoftware #irc #muc