A few months ago, I wrote about the relocation of our community. The bits and bolts that power our community have since been migrated, and all is running wel. During that progress, we had a couple of awkward moments along the lines of: "to whom will Jive transfer ownership of the DNS records for Ignite?" We started , and concluded that it would be good to have a legal entity to represent our community.
We've been working on a plan ever since, that today, I'd like to share with you. We're planning to start a foundation, the Ignite Realtime Foundation. Its objective: to promote, support and advance development of software in the Ignite Realtime Open Source community.
If you're interested in this effort, have questions, or want to contribute in effort or resources, please reach out. We've set up a new chat room at email@example.com that we use for discussions on the subject.
Interns, and anybody who decides to start using the project (it is already functional for command line users) need to decide about purchasing various pieces of hardware, including a smart card, a smart card reader and a suitably secure computer to run the clean room image. It may also be desirable to purchase some additional accessories, such as a hardware random number generator.
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.Choice of smart card
For standard PGP use, the OpenPGP card provides a good choice.
For X.509 use cases, such as VPN access, there are a range of choices. I recently obtained one of the SmartCard HSM cards, Card Contact were kind enough to provide me with a free sample. An interesting feature of this card is Elliptic Curve (ECC) support. More potential cards are listed on the OpenSC page here.Choice of card reader
The technical factors to consider are most easily explained with a table:On disk Smartcard reader without PIN-pad Smartcard reader with PIN-pad Software Free/open Mostly free/open, Proprietary firmware in reader Key extraction Possible Not generally possible Passphrase compromise attack vectors Hardware or software keyloggers, phishing, user error (unsophisticated attackers) Exploiting firmware bugs over USB (only sophisticated attackers) Other factors No hardware Small, USB key form-factor Largest form factor
Some are shortlisted on the GnuPG wiki and there has been recent discussion of that list on the GnuPG-users mailing list.Choice of computer to run the clean room environment
There are a wide array of devices to choose from. Here are some principles that come to mind:
The SD cards are used to store the master private key, used to sign the certificates/keys on the smart cards. Multiple copies are kept.
It is a good idea to use SD cards from different vendors, preferably not manufactured in the same batch, to minimize the risk that they all fail at the same time.
For convenience, it would be desirable to use a multi-card reader:
although the software experience will be much the same if lots of individual card readers or USB flash drives are used.Other devices
One additional idea that comes to mind is a hardware random number generator (TRNG), such as the FST-01.Can you help with ideas or donations?
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.
Here are the links we found most interesting in September:ejabberd 16.09 released
We are happy to introduce our new ejabberd release, ejabberd 16.09. As usual it includes many bug fixes and improvements. But most of all, it includes excellent student work done for Google Summer of Code program. Thanks to Anna Mukharram and Gabriel Gatu for their contributions.Designing a modern messaging service with ejabberd
In this video, Mickaël Rémond summarises important principles developers need to be aware of when building their own modern XMPP messaging platform. The video was recorded at ejabberd Advanced Erlang Workshop in Paris.Jesse Kline: Google gives the world another video conferencing app that won’t let you talk to all your friends
What if the world’s multitude of telephone networks weren’t compatible with one another — if the average Canadian household needed to have three telephone lines, one to talk to Telus customers in Western Canada, another to connect with Bell customers in the east and a third to chat with family in the U.S.?XMPP chat plugin for Unreal Engine 4
Descendent Studios announced the open-source release of several Unreal Engine 4 plugins they developed for their games, including XMPP chat support.SAP to invest $2.2B to expand its Internet of Things business
With Gartner Inc. expecting enterprise investment in connected devices and related technologies to reach $1.4 trillion per year by 2020, it’s no surprise that IT vendors are so enthusiastic about the trend.An open source approach to securing The Internet of Things
At the IoT Evolution 2016 conference in Las Vegas, a group of industry experts gathered to discuss security for the Internet of Things, with a focus on embedded devices.7 surprising facts about open rates for push notifications
Tapjoy, the mobile marketing company, has come up with seven surprising facts about the open rates for push notifications. Push notifications are a common way to get users to pay attention to an app.
Here are the links we found interesting in August:ejabberd 16.08
This new release is the culmination of several months of work to improve your experience using ejabberd. It contains as usual a lot of small bug fixes and some enhancements.Phishing Campaign Uses XMPP to Exfiltrate Compromised Data
Cyber-criminals dabbling in phishing campaigns are experimenting with a new method of exfiltrating data from phishing websites, relying on the Jabber service to send data to their XMPP accounts, according to a report shared with Softpedia by PhishLabs.Data Finds Pictures Boost Direct Response Rates for Push Notifications 56%
Ahead of the final release of Apple’s iOS 10 and its support for Rich Notifications – where images, video, audio, GIFs and interactive buttons are embedded directly within push notifications – Urban Airship revealed initial performance analysis of similar big picture style notifications on Android.The Chat Room Roots of Social Reality in VR
In an interview at Code Conference earlier this summer, Facebook CTO Mike Schroepfer took a moment to wax poetic about the possibilities of virtual reality. The prospect of virtual reality conference calls might seem incredibly futuristic, if not dystopic. But the idea of meeting in a virtual place to just, you know, hang, dates back to the early aughts.Is IoT Security a Ticking Time Bomb?
Ready or not, the Internet of Things (IoT) is here. No longer just a buzz term, it’ll continue to grow at an unprecedented pace over the next few years. History shows that most fast-growth technology solutions focus on solving business problems first; security is an afterthought.Skyscanner and Skype: world’s first group chat travel bot
Planning trips with a group of friends can sometimes be a tricky task, so to make life a little easier Skyscanner joined forces with Skype to build the first travel search chat bot for the Skype platform. This new tool is the first to offer interaction in a group chat setting.
If you are interested in helping as either an intern or mentor, please follow the instructions there to make contact.
Even if you can't participate, if you have the opportunity to promote the topic in a university or any other environment where potential interns will see it, please do so as this makes a big difference to the success of these programs.
The project could involve anything related to SIP, XMPP, WebRTC or peer-to-peer real-time communication, as long as it emphasizes a specific feature or benefit for the Debian community. If other Outreachy organizations would also like to have a Free RTC project for their community, then this could also be jointly mentored.
We are thrilled to announce the MongooseIM platform version 2.0.0beta2. MongooseIM platform 2.0.0beta2 is about one massive change: a REST API, both for backend integration, and for client/server development. This is a major step towards the game-changing version 2.0.0, which will be released in the coming weeks. MongooseIM 2.0.0 will tremendously lower the barrier of entry to our platform for most developers worldwide.REST API for backend integration
Following popular and obvious demand, MongooseIM now implements a new REST API, for backend integration.Integration problem for backend developers and DevOps
The MongooseIM platform is mostly used in very large and complex infrastructures, in various types of data centers (cloud, bare metal, or hybrid). In that context, there is always a high need for tight integration and coupling between the MongooseIM platform, and the full ecosystem in the data center.
For most backend developers, as well as for DevOps, this is very difficult as such an integration requires understanding the powerful hooks system in the core of MongooseIM server or the command line interface, and how they relate to the purpose of the infrastructure.
It was thus very difficult to develop interconnected pieces of architectures.The obvious solution: a REST API
Since most techies use modern REST APIs these days, this was the obvious and natural choice, and our customers and prospects confirmed and supported this thinking.
The MongooseIM platform now offers a very simple backend REST API:
The documentation is simply the de facto standard: Swagger. With Swagger, it is even more handy, as many code generators can help build code from scratch, with little human customisation. This doc is supporting the Open API Specification. Check out the backend REST API of MongooseIM.Ease of development and maintenance, plus consistency in infrastructure
As a result, it is now much easier for backend developers to write code against MongooseIM, and maintain it. Also it is much easier for DevOps to interconnect MongooseIM with other servers. Overall, CTOs will be thrilled to have a more consistent set of backends that all discuss over REST APIs, for a seamless infrastructure maintenance experience.Further...
The list of methods made available today is quite narrow, and it is on purpose: we will extend the MongooseIM REST API methods to answer your needs.REST API for the clients developers
This part may sound less understandable, maybe a bit “revolutionary” and unorthodox for an XMPP platform. To be honest, we thought a lot about it, and hesitated for a long time. But our customers and prospects have sent the signal loud and clear.
Putting it simply: we are not breaking out of XMPP! We are offering the power of an XMPP platform to REST API developers worldwide!
Let us walk you through this thinking.The problem with XMPP and XML
The MongooseIM platform is based on the XMPP protocol and philosophy. And XMPP is awesome. It is an open standards protocol, backed by both the XSF and the IETF, offering high flexibility and outstanding extensibility. It is always surprising in many ways, as mature features often reveal themselves as highly efficient in modern and contemporary contexts.
XMPP has evolved a lot over the years, to the point that it can look complex and too massive for a lot of developers. As a result, it might seem discouraging to learn so much for most developers.
Additionally, XMPP relies on XML, which is not very trendy, to say the least. The crowds massively prefer JSON these days. We won’t argue here.
As a result, a large audience of developers do not like XMPP nor XML anymore. The consequence for business owners and recruiters is that it has become difficult and painful to find good (and available) XMPP developers. It would be a missed opportunity, as the MongooseIM platform is highly performant and flexible.The REST API solution for client/server developers
The MongooseIM platform now implements a very simple REST API for client-side developers, with JSON format.
The current implementation covers a minimal set of use cases:
In other words, we have created a REST API interface to the MongooseIM platform, by removing all the complexities of XMPP, and by switching from XML to JSON. We have kept only the bare minimal: all you need to quickstart a highly efficient application, with a flexible and powerful backend that will scale to millions.
This client/server REST API with JSON format allows most client-side developers to access the power and massive scalability of MongooseIM, yet maintaining a very simple and efficient codebase on the client.
It is now possible to build massively scalable chat system with the MongooseIM platform, yet keeping a very fast time-to-market, with minimal initial developers investment, virtually no learning curve, and lowering the risk of developer turnover.
It is especially true for applications builders who want to add chat (instant messaging features) in their multi-screen apps, for higher and sustainable acquisition, retention, and engagement.Perspectives
Please send your needs and pain points, in order to grow further the feature set. That way it will be easier for your apps to sustain your growth.
We are even planning a custom hosting solution, and a standard SaaS. Please contact us for more information.MongooseIM = XMPP + REST API
A simple REST API with JSON format might sound antagonist to XMPP. Our client-side REST API is an addition to XMPP in MongooseIM. Messaging features will all remain available using the XMPP protocol, and more and more will be available through our REST API.
In other words, we keep the powerful XMPP protocol, we just add a simple client/server REST API for more developers and simpler coding.Documentation additions
A lot of developers, devops, sysadmins, and CTOs just have difficulties understanding how things work at a high level. As MongooseIM has quite a different architecture than the more classical web applications, there was indeed some explanations due here on the high-level architecture.
We added explanations and schemas for some key concepts, such a transient vs persistent data, nodes joining or leaving a cluster, RDBMS vs NOSQL data storage.
We also created a few new documentation pages to explain the basics on some of the clustering considerations, and also detailed to global architectures, like multi-datacenter setups for very large deployments.
Our contributions to the ecosystem (outside the scope of the MongooseIM server) were not clear, they are documented now. We contribute to both open standards, and open source software, whether we maintain it, or it is maintained by friends. For example, we contribute to XMPPFramework for iOS, and Smack for Android. We now offer a consistent set of features over MongooseIM server, Smack, and XMPPFramework: a given feature we support is available and tested on the three.
Please read our draft roadmap, offering enhanced visibility over where the MongooseIM platform is going next. Feel free to comment on it, and influence the journey!Many thanks to our contributors on the MongooseIM server
During this development cycle, we received some code contributions to server. Special thanks to our contributors: @bernardd, @igors, @arkdroOur contributions to the ecosystem
We have again contributed to XMPPFramework for iOS, Smack for Android, and Movim.
Many thanks to Florian Schmaus (Smack @Flowdalic), Chris Ballinger (XMPPFramework @chrisballinger), and Timothée Jaussoin (Movim @edhelas) for the strong support in our contributions with their kindness, availability, openness, and guidance.Call for tests and comments: REST API, PubSub, MUC light
This 2.0.0beta2 will be our last beta before 2.0.0, so this is a call for tests, all comments welcome. We encourage everyone to play with the REST API on both backend and clients, but also MongooseIM 2.0.0beta1’s PubSub and MUC light.Upcoming 2.0.0
With all your feedback, we will release the full, final 2.0.0 in the coming weeks, roughly with the same featureset, with the obvious additional bugfixes and polishing.
This is the last beta before the 2.0.0 version that will be available in the coming weeks. Please feel free to download MongooseIM 2.0.0beta2 and test it extensively. Some rough edges have already been fixed, and we encourage to report any further inconvenience.
We will not add any big new feature before our 2.1.x series, as after the 2.0.0 release we will enter maintenance mode, with bug fixing and optimisations, with probable 2.0.1 and 2.0.2 versions.Get the fresh news!
Meanwhile, get our fresh news: subscribe our announcement mailing list.
There is increasing interest in computer security these days and more and more people are using some form of PKI, whether it is signing Git tags, signing packages for a GNU/Linux distribution or just signing your emails.
Back in April, I started discussing the PGP Clean Room idea (debian-devel discussion and gnupg-users discussion), created a wiki page and started development of a script to build the clean room ISO using live-build on Debian.
Keeping the master keys completely offline and putting subkeys onto smart cards and other devices dramatically lowers the risk of mistakes and security breaches. Using a read-only DVD to operate the clean-room makes it convenient and harder to tamper with.Trying it out in VirtualBox
It is fairly easy to clone the Git repository, run the script to create the ISO and boot it in VirtualBox to see what is inside:
At the moment, it contains a number of packages likely to be useful in a PKI clean room, including GnuPG, smartcard drivers, the lightweight pki utility from StrongSWAN and OpenSSL.
More confident users will be able to build the ISO and use it immediately by operating all the utilities from the command line. For example, you should be able to fully configure PGP smart cards by following this blog from Simon Josefsson.
The ISO includes some useful scripts, for example, create-raid will quickly partition and RAID a set of SD cards to store your master key-pair offline.Getting involved
To make PGP accessible to a wider user-base and more convenient for those who don't use GnuPG frequently enough to remember all the command line options, it would be interesting to create a GUI, possibly using python-newt to create a similar look-and-feel to popular text-based installer and system administration tools.
If you are keen on this project and would like to discuss it further, please come and join the new pki-clean-room mailing list and feel free to ask questions or share your thoughts about it.
Originally the next version on the roadmap was 1.0, but I don’t feel like giving a 1.0 tag to the current state of things; so, without further ado: I am pleased to announce that poezio 0.10 has just been released!
Poezio is a terminal-based XMPP client which aims to replicate the feeling of terminal-based IRC clients such as irssi or weechat; to this end, poezio originally only supported multi-user chats.What's new Performance
Link Mauve spent a sizeable chunk of time to make poezio faster, which makes it nicer and lighter to use in low-powered environments with many contacts and many rooms with many people in it.
A lot of time was spent profiling and cursing python, then writing micro(or not-so-micro)-optimizations. His final goal is to make everything cythonizable, to get even better performance. Thanks a lot to him!Stream Management (XEP-0198)
Together with fixing the slixmpp plugin for XEP-0198, it was implemented in poezio. It is not enabled by default because it adds overhead and isn’t useful in most poezio use cases (i.e. long-running sessions in a tmux window somewhere on a server), but it can be easily enabled through a config option.
Stream Management (which requires server support) allows a client to restore a session after a disconnection, as long as the server has a sufficiently high timeout value configured. It also allows for more reliability inside a stream, by having acks and sequence numbers interlaced with the stream of normal activity. If sequence numbers don’t match, the entity which sent the missing messages will send it again.Carbons enabled
It was an oversight, but a big one; carbon copies (XEP-0280) are now enabled by default in poezio 0.10. Carbons allow for a more seamless transition in a multi-device environment by replicating messages sent and received to each device connected.Commented-out config file
A mistake again; because the options in the config file were uncommented by default, there was no way of checking if a value was there only because it was a default; so there was no way to update default values after someone ran poezio once. Well, there is still no way, but because the options are now commented out, new users will get the default values updates if they didn’t explictly set something else.
The poezio -c command is however available to see which options in your config files differ from the default.poezio_logs script
Poezio log files adopted a log format close to the mcabber one a long time ago. However, reading logs within poezio is sub-par at best; and while there are plans to remedy to this, it’s still good to be able to read logs without having the custom format cruft around.
So the poezio_logs tool takes a log file path as a parameter and outputs the cleaned-up result to stdout, with some coloration. It can take parameters to remove color, timestamps, or info messages as well.HTTP Verification (XEP-0070)
The surprise of this release is the arrival of an HTTP Verification tab, which implements XEP-0070 to authenticate HTTP requests using only your JID.
A mediawiki plugin is in the writings, and a wordpress plugin already exists. Because components such as this one talk HTTP, there is no need to add any kind of XMPP support in the application that needs an identity validation; just enter your JID, accept the request on your client, and voilà.New warning prompt
The previous way of handling a certificate change was really inconvenient, so with HTTP verification implemented, it was easy to just re-use the same tab with a different color scheme in order to have an more user-friendly way to interact (especially since we moved from SHA-1 to SHA-512, which increased the size of the hash by a lot).Fun with message corrections
It’s more abuse of the protocol than anything else, but since we like writing funny plugins, here are two new ones:
CSI (XEP-0352) is a mobile-oriented extension that requires both client and server support, and lets the client tell the server that it’s "off" (for example, a mobile client while the screen is off and the phone is in the pocket).
It surprisingly applies well to poezio, thanks to the screen_detach plugin, which is either in attached or detached state.
Toggling this active or inactive state leaves the server free to enable a number of filters to reduce data transfer between the client and server. For example, it could filter all presences received while the client was off.
A "csi" plugin was also added with explicit commands to set or unset that status.VCards
VCard-Temp (XEP-0054) support is still a desirable thing, and this version adds a plugin to view vcard information from remote entities. It’s still a little rough because it only implements a subset of the elements in a vcard, and re-uses a poezio tab that wasn’t designed for readonly data, but it’s getting there.
Of course, once vcard-temp is really done, vcard4 (XEP-0292) support is next.Bits of Binary
While we still have no real file transfer abilities, we now have a Bits of Binary (XEP-0231) plugin, which allows for small in-band file transfers between clients. Considering stream bandwidth is often limited to a few kilobytes per second for good reasons, it should be used sparingly, but it’s perfect for sending small files.And many more
Of course, there are many more commits for new features or bug fixes, with a big refactor that removed an ugly python path manipulation hack, minor UI fixes that save some screen space and provide better consistency with themes, no instant reconnect loops on specific error conditions, etc… You can check the CHANGELOG or the git history for more reasons to upgrade.Packaging
Beside myself (mathieui), louiz’, and Link Mauve, I want to thanks the other contributors, eijebong, Lasse Aagren, Frédéric Meynadier, Nicolas Braud-Santoni, Lancelot SIX, Luke Marlin, for their contributed features and fixes.
As always, if you notice an unreported bug still unfixed in latest master, please report it, thank you.Links
Exactly one year after the release of slixmpp 1.1, it is time to announce the release of slixmpp version 1.2.
slixmpp is an asyncio-based python (3.4+) library for XMPP, started from the SleekXMPP sources.Notable changes
Thanks to all the contributors (listed in the README) for this release!Links
The Ignite Realtime community has just released Spark 2.8.1 and it can be downloaded from Ignite Realtime: Downloads .
This is a bugfix release for 2.8.0, which has introduced a huge overhaul and created a few new issues. Many users had problems with login after upgrading to 2.8.0. This won't change with 2.8.1. It is not a bug, but rather an incorrect setup. Admittedly, this was introduced because of lack of security check in older Spark\Smack versions. But we can't leave Spark blind to bad or forged certificates (in the age of security breaches and moving all the web to TLS). So, if you have this problems, please read Login issues since Spark 2.8.0 . 2.8.1 is introducing an option "Disable certificate hostname verification (not recommended)" in the Advanced settings of the Login screen. If you can't fix your setup or want a temporary workaround, you can use it. But be warned, that you will make yourself (or your users) less secure. 2.8.0 also introduced new setting "Accept all certificates" in the same place. It was enabled by default for those upgrading from 2.7.7. It automatically accepts self-signed and some other incorrect certificates (expired, etc.). This was done to make 2.8.0 backwards compatible, if you were using self-signed certificates provided by Openfire. This setting will stay enabled after 2.8.1 update. But there is a plan to make it disabled by default for new installations in 2.8.2 version.
For a complete list of changes please check Spark Changelog
As usually we encourage new developers to join Spark project and provide patches. Those familiar with Smack can join the development easier, as we are now using the latest version. Patches can be attached in the forums or submitted as PRs on GitHub.
Here are the contributors to this release (besides myself):
nicoben (Nico Ben) · GitHub updated Italian translation
speedy added option to login with not matching certificate's hostname, fixed showing incorrect errors when logging in and empty profile fields issue
Alexander198961 (Aleksander Kovtunenko) · GitHub fixed links opening in KDE environment
Guus der Kinderen fixed various parts of Spark to behave correctly or log errors
Important information for SSO (Single Sign On) users, if they are using SRV records: SSO (Single Sign On) configuration changes since Spark 2.8.0
[SIP phone] SIP plugin is not working since the Smack 4 update.
[Voice Chat] Jingle (PC to PC) calls are not working at this point.
[Linux] Flashing plugin is not working on Linux systems.
Here are sha1 checksums for the downloads:
Serverless development is a hot topic lately. Development & operations of a web service can be greatly simplified by writing your application logic as short-lived functions, and relying on outside organizations for the development of all the other components in your stack (e.g. databases, gateways, container engines, etc). The term “serverless” is a bit funny because of course there are still servers in your stack, and they may even be your own servers, but the main idea is you no longer have to worry about your own long-running application code.
This all sounds great, but an issue arises: in this serverless world, how do you support long-lived connections (e.g. HTTP streaming/WebSocket connections) for realtime data push, without long-running application code? By delegating connection management to another component, of course! In this article we’ll talk about how to build a simple chat service with Pushpin, using Microcule for running the backend worker function.
The High Frequency Industry Association (HFIA) provides an “industry driven forum for the interactive exchange of technical and information in the area of High Frequency Communications.” Physical meetings of the group usually take place twice a year and in September 2014 Portsmouth was the location for the latest of these meetings. This is the first of two blog posts covering our attendance at this meeting.
As Isode has an interest in applications for constrained bandwidth communications, we often attend and occasionally present at these meetings. This year we had two presentations to share with the attendees.
Isode CEO, Steve Kille, gave a talk focusing on Isode’s proposed extensions to STANAG 5066 to improve performance of applications running over wideband HF links. The first was an update to a talk Isode gave at the February HFIA meeting, this time including hard measurements showing that Isode’s extensions (known as LFSN, Long Frame Sequence Number) result in significant performance gains.
This was followed by a live demonstration of the extensions in action, enabling co-existence of bulk and time critical applications over narrow-band and wide-band HF. The applications used were Multi-User Chat and Real-Time Military Forms (both using the XMPP protocol) and military email messaging.
PDF copies of the slide sets used during both phases of this talk can be found by following the links below:
Two whitepapers on the Isode website (Interconnecting XMPP and IRC and Deploying IRC, Federated MUC and XMPP Guards) show how Isode’s M-Link XMPP Server can be connected to and used in conjunction with chat services using IRC (Internet Relay Chat) in a range of deployment scenarios.
In order to help our customers and evaluators configure M-Link to act as an XMPP Gateway we’ve published a short configuration note which explains how to connect M-Link XMPP Multi-User Chatrooms to IRC Channels.
We’re pleased to announce the availability of Isode’s latest release, R16.3, which can be downloaded now from our website. R16.3 is a major Isode release which adds new capabilities across the entire Isode product range, including:M-Vault
We’ve introduced a multi-master capability to M-Vault, complementing the single-master approach to replication defined in the X.500 protocols around which M-Vault was developed. M-Vault is the first directory to offer both multi-master and X.500.M-Link
M-Link gains a new Archive Server for archive of all messages (including 1:1 chat, MUC and PubSub). XMPP clients can access archives using Message Archive Management (MAM) as defined in XEP-0313. M-Link also gains three new web applications:
We’ve added gateway support for text based organisational message protocols, which we’re collectively describing as “ACP127”. The first release of this capability supports ACP127 and DOI 103S, a popular US variant, and enables conversion with STANAG 4406 (compliant to STANAG 4406 Annex D) and SMTP (following the MMHS over SMTP extensions).
In addition we’ve made extensive improvements to MConsole and M-Link Console to support the new M-Switch and M-Link family capabilities. For a full run-down of new capabilities in R16.3, please see the Product Release page. We’ll be publishing further blog posts over the coming weeks focusing on some of the new R16.3 capabilities.
We have two small changes to our evaluation guide series to announce (with many more coming soon).
Our core XMPP Messaging Evaluation Guide, using our M-Link XMPP server and M-Vault LDAP directory, now includes a section on adding a Security Policy to your XMPP service. In this new section we show you how to add a the policy to your service and clearances to your users. You can additionally apply label based controls to multi-user chat, domains and peer services (all of which and more is covered in the M-Link Admin Guide).
The Security Policy we use in the evaluation guide is one of the demonstration policies we ship with M-Link but, if you want to create your own, you can now get started with the new SPIF Editor Evaluation Guide. A SPIF (Security Policy Information File) is a file representation of a Security Policy, in other words the definition of which labels are valid and how to check them against clearances. This new evaluation guide will show you how to create your own basic SPIF using the Isode SPIF editor tool.
Those of you keeping an eye on the Swift or Isode Twitter accounts will have noticed that a beta release of the new Swift 4.0 is now available for download from the Swift website .
Swift 4.0 includes a number of important functional changes compared to Swift 3.0 as well as a significant change to the look and feel of the product.
The main changes are listed in the changelog but there are two big changes that you’ll notice immediately on launching this Swift beta.Better Chat Monitoring
Swift already makes it very easy to monitor events in multiple chat rooms through the use of keyword highlighting rules. In response to requests from a number of users we’ve supplemented this with the addition of a “trellis” layout option, allowing multiple chats and rooms to be tiled instead of being exclusively displayed as tabs within a single window.
This new option (Change Layout from the View menu) allows the user to define the number and arrangement of tiles to be displayed simultaneously and then move chats or rooms into an appropriate position. The trellis layout option and the existing tabbed layout option can be flexibly combined.New Chat Design
We’ve introduced a new, cleaner chat design which we believe will enable users (especially in MUC rooms) to keep better track of their own contributions to conversations allows for better display of message receipts and better indication of unread messages.