Agregador de noticias

Fanout Blog: Building a realtime API with RethinkDB

Planet Jabber - 20 May, 2015 - 23:13

RethinkDB is a modern NoSQL database that makes it easy to build realtime web services. One of its standout features is called Changefeeds. Applications can query tables for ongoing changes, and RethinkDB will push any changes to applications as they happen. The Changefeeds feature is interesting for many reasons:

  • You don't need a separate message queue to wake up workers that operate on new data.
  • Database writes made from anywhere will propagate out as changes. Use the RethinkDB dashboard to muck with data? Run a migration script? Listeners will hear about it.
  • Filtering/squashing of change events within RethinkDB. In many cases it may be easier to filter events using ReQL than using a message queue and filtering workers.

This makes RethinkDB a compelling part of a realtime web service stack. In this article, we'll describe how to use RethinkDB to implement a leaderboard API with realtime updates. Emphasis on API. Unlike other leaderboard examples you may have seen elsewhere, the focus here will be to create a clean API definition and use RethinkDB as part of the implementation. If you're not sure what it means for an API to have realtime capabilities, check out this guide.

We'll use the following components to build the leaderboard API:

Since the server app targets Heroku, we'll be using environment variables for configuration and foreman for local testing.

Read on to see how it's done. You can also look at the source.


Peter Saint-Andre: RFC 7565: Account URIs

Planet Jabber - 19 May, 2015 - 00:00
RFC 7564 is a good example of a necessarily complex piece of work that required a long time to produce. Yet sometimes even simple things take time. Case in point: the specification of the 'acct' URI scheme, also published today as RFC 7565. In June of 2012 I split the definition of this scheme out from the WebFinger document so that it could stand on its own. Indeed, the 'acct' URI spec was approved for publication almost 2 years ago, but couldn't be published as an RFC until the PRECIS framework was published today as RFC 7564. Ah, the wonderful world of technology standardization...

Peter Saint-Andre: RFC 7564: An Internationalization Odyssey

Planet Jabber - 19 May, 2015 - 00:00
It all started in 1998 when Jeremie Miller chose XML as the basis for Jabber. Although XML seems old-fashioned now, at the time it was the cutting edge, in part because from the beginning Jabber Identifiers could include characters outside the US-ASCII range (unlike textual protocols of the time such as email or SIP). In 2002, Craig Kaes and I started to codify the Jabber address format in JEP-0029 - an effort that was superseded by activity in the IETF's XMPP Working Group, which eventually led to the core specification for XMPP in the form of RFC 3920 in October 2004.

Tigase Blog: Tigase Server 7.0.2 Release

Planet Jabber - 15 May, 2015 - 16:08
A new maintenance version of Tigase XMPP Server (7.0.2) has been released. Binaries are available for download in the files section on the project tracking system.

Daniel Baczynski (GSoC 2015): Hello World!

Planet Jabber - 15 May, 2015 - 12:27
This is my blog about my GSoC 2015 project: Multi-account support in Swift. I will be reporting my progress weekly. Now, it's community bonding time so I need to prepare to coding. Soon, you will find here my plan for this summer.

Adhish Singla (GSoC 2015): Prototyping Tools for IoT - Project Proposal

Planet Jabber - 11 May, 2015 - 11:20

Internet of Things(IoT) is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications. We aim at making Tools and create a binding between SleekXMPP and various Devices like Netatmo,intel edison, intel galileo, raspberry PI 2, beagle bone black, etc. which can be controlled by means of Client Applications. Also to check compatibility between Devices, i.e. if they can Talk(exchange Data) between each other.

Description and Research

The Project contains mainly 6 deliverables, those are:

  1. A web html/javascript based client that is used to visualise and control the devices created.
  2. Python scripts toolkit to be run on different devices like raspberry pi, Netatmo etc.
  3. An Access Rights Manager that manages what devices can talk to each other.
  4. Adding Tutorials to site for showing the wrking of above mentioned.
  5. Client-Device Logger that Logs the data of the Device.
  6. Implement a first version of the XEP-0326
1. Web Visualization Client

The web client is a html, javascript xmpp client implemented using Strophe that connect to the xmpp network and through the roster it retrieves its friendship subscriptions that it uses to access xmpp endpoints that is devices.

The Javascript is a web Client used to:

  • Visualize data with graphs.
  • Reading values on demand.
  • Sending control commands to change values in the devices.

Use of Cordova in combination makes it possible to deliver the client as an native mobile application.

It runs programs and access data that is stored on the server. Since we are working with Internet of Things(IoT), The device would act as a server for the Client Application where the Client would ask for values from the Device and can also receive Events from the Device.

2. Python Scripts Toolkit for different Devices

Develop Binding between SleekXMPP and Devices for IoT with easy to use example scripts that serves as the Prototyping Tools. When somebody starts to create a device, they can use these scripts as the base for their devices.

Functions needed by an IoT Device are :

  • Local Storage for Storage of Data and Values.
  • Easy Configurable I/O Management.
  • Type Conversions.
  • Access Security who can retrieve what Information.
3. Access Rights Manager

An application that would check for compatibility between Devices and making the exchange of Data more Secure, i.e. who can access what in which device is managed by this application. All this is according to Provisioning Things as in XEP-0324.

4. Tutorials

This would generally consist of Videos or Walkthroughs that can guide users on how to work with the Products that are being made as a part of the Project. which will be put on the XMPP-IoT site.

5. Client-Device Logs

A Network Storage that stores logs for “If you make friend with some client it will start logging data for your device”.

6. First Implementation of XEP-0326

First Implementation of Hiding legacy systems through Concentrators as given in XEP-0326.


My initial work would deal with going through XEP-0323, XEP-0325, XEP-0324 and XEP-0326 which explains how Reading of Things, Writing of Things, Provisioning of Things and Hiding Legacy systems through Concentrators respectively is done. That would form the basis of how the interaction between the devices work. The most complex task would be to create a good user interface that can be a base for others to build on and therefore i will provide more time to this. This would be my methodology of approaching the Project by learning more and more about it and making it the basis of my Implementation.

There might be need of few external Libraries and APIs like for the Client we need Apache Cordova and Strophe and for Device Toolkits, I need to make API of devices that might include some external library depending upon its functionality.

Timeline Community Bonding Period

Work on necessary documentation for understanding the Architectural and Functional requirements and design of the Deliverables and Come up with a definitive list of Devices. A primary list of Devices consists of intel edison, intel galileo, raspberry PI 2, beagle bone black.

Week 1-2( 25 May - 7 June )

Create an Interactive user interface for Web Visualisation Client using HTML, CSS.

Week 3( 8 June - 14 June )

Graph Visualiser for Web Client and extending Teaser Tasks(Relay and Make Friend Features) to the Web View.

Week 4( 15 June - 21 June )

Extending existing examples to other hardware platforms like for intel edison, intel galileo, raspberry PI 2, beagle bone black, etc.

Week 5( 22 June - 28 June )

Come up with a working HTML Client for devices and Access Rights Manager.

Week 6( 29 June - 5 July )

Catch Up for Mid Term Evaluation.

Week 7-8( 6 July - 19 July )

Make Web Client as Mobile Application using Cordova.

Week 9( 20 July - 26 July )

Create a Client-Device Logger that would log data for a device.

Week 10-11( 27 July - 8 August )

Make Tutorials and Implement XEP-0326.

Week 12( 10 August - 16 August )

Catch Up Week for all Deliverables.

Week 13( 17 August - 23 August )

Pencils Down Week, Improve Documentation for all the Products.

Project Blog

All related stuff and Updates can be found at the XMPP IoT-GSoC Blog.

Adhish Singla (GSoC 2015): Project Ideas

Planet Jabber - 11 May, 2015 - 09:32

The XMPP community is part of the Google summer of Code 2015 and for XMPP-IoT we have several projects

What is this XMPP-IoT

There are many solutions how to connect Internet of Things (IoT) devices to internet, to create services and interesting applications. on this site you find an introduction to how we mimic the world of people chatting to enable any device to any device interoperability. Supporting all usecases that IoT needs. Especially the possibility to be a way for companies to interact through federation.

The projects are:

The third IoT realted project is maintained by Process one

You can also propose others if you have an idea. post it to the chat room or mailing list

Talk to us! Teaser tasks for prototyping tools

To be able to quickly startup any project you need to have prototyping tools. Using python and javascript in combination gives you a very quick start on almost any device

  • Run the sample scripts under the Tutorials And propose better ones to understand the concepts.
  • Create a python script “makingfriends” to manage friendship subscriptions between devices when you need several JID’s to be able to talk to each other.
  • Build a one to many chat room example of a device sending values to many devices in a MUC chatroom using XEP323 message stanzas
  • Look at the scripts avaliable in the SleekXMPP IoT examples especially the PhilipsHue. Create a mapping to another open API for a device.
Teaser tasks for openHAB

OpenHAB is an opensoruce project acting as a control environment for a smart home bridging between many different physical protocols.

  • start an OpenHAB instance and trigger the XMPP module to send a plain chat message ex “Toggle” or “relay=True”. This can be sent to another OpenHAB instance recieving the message and acting on it’s local variables. It can also be sent to the python script in the tutorial triggering a relay to “Toggle”.

  • Implement a first SMACK-extension for the XEP323 basic stanzas. First a read request. Smack extensions some more info Smack docs

This is maintained by Joachim Lindborg member of the XMPP Extensions Foundation

Ishan Khanna (GSoC 2015): Who Became the Docstar today?

Planet Jabber - 10 May, 2015 - 06:20

Greetings Fellas!

Today I Hosted a quartet of developers at my place for short hackthon and a session on git. What I wanted to do was to get them acquainted with git and github. So we started hacking on a simple open source API documentation project for Mifos Initiative that did not have a big learning curve for its implementation, so that I could focus more on the Version control part of it. We used a Rails app called Slate to write our documentation.

The current Mifos Documentation is not quite appealing and responsive, it is also not searchable so you always end up with `CTRL + F` or `cmd + F` sort of stuff. Things can get worse for new developers that are new to the platform, so we thought it would be a good idea to enhance it.

Because Slate generates all the static HTML for us using the Markdown markup that we write, it doesn’t take more than 10-15 minutes to learn how to use it for the first time. (Assuming you can setup the build environment for it quickly)

Things went on pretty smooth in terms of Git, but because a few a developers were working on Windows, you can’t neglect the possibility of stupid f**k ups!

Rohan was our Rockstar (or Docstar, as we chose to call him) of the day, for he added the maximum amount of endpoints to the documentation, followed by Diksha, Ritesh and Rahul in the decreasing order.

I am happy that all of them have working knowledge of git and hope they’d keep contributing to the project they started and help fight poverty like we do at Mifos, one line at a time

Ishan Khanna (GSoC 2015): How should I flip bits and not burgers this summer?

Planet Jabber - 7 May, 2015 - 21:01

Greetings Fellas!

Since last two weeks I have been reading a lot of content regarding the questions below as a lot of engineering students are confused about what to do this summer.

  • Should I join HCL CDC this summer for training?
  • Where should I do my summer training training from?
  • How can I get an internship during this summer?

I have personally observed a paradigm shift in the mindsets of students over the three years of my college life, from “as If I care” attitude, to “I am ready to care for anything that comes my way” attitude. With so many startups coming up, good and inspiring stories flooding the internet have played a crucial role in this shift of pattern. So if you are one of those who have suddenly realised that you want to do something this summer, its perfectly okay! and you are not at all late to start with, whether you are in 1st, 2nd or 3rd year!

For people in 4th year, if you still haven’t figured out what you want to do in life with your engineering degree, skills and “so called” knowledge that you rote learned during your college life, I have an image that is worth a thousand words!

A lot of people want to get into the software industry but just can’t get past the hurdle of “Where to start”, “I have learned PHP what project do I do?”, So I have come up with some plans that you might want to take an idea from or follow as is, during summers. The idea is simple, I have created certain tracks for different roles and what all one must to do, to get a good grip in that area!

Roles related to Web Apps :
  1. Front-End Web Developer
  2. Back-End Web Developer



Front End Web Developer

Front-End web development primarily deals with the look and feel of a web app. A web app is something that people interact with and data moves back-and-forth from and into the database. Facebook, Quora, Twitter and any site that you have an account on is a web app. We don’t call them websites anymore is because people choose to use it in context of static websites, that only show content, like this Click here to see what is a website!

  • Primary Skill Set that you must have an excellent grip on:
    • HTML5
    • CSS3
    • Javascript
    • jQuery
  • Good to know CSS Frameworks (Any one – Hands on):
    • Bootstrap
    • Skeleton
    • Muller
    • Furitive
  • Good to know MVC Frameworks in Javascript (Any one – Hands on):
    • Angular.js
    • Backbone.js
    • Ember.js
    • React.js
8 Week Plan

Week 1: Learn HTML5 and CSS3 Basics

Week 2: Start a web project (For Example : Create a website for yourself, see this)

Week 3: Learn Javascript Basics

Week 4: Apply as much java script to your project as you can. Fucking fill the page with scripts!!! Just do it!!!

Week 5: Learn jQuery and side by side apply it into your project. jQuery can help you get rid of a lot of javascript that you initially wrote in the past week. Why we are doing this is to learn that how javascript works and why is jQuery needed, yes we are talking optimisation now!

Week 6:  Learn Bootstrap and apply it to your project, so now you will get rid of a lot of CSS that you initially wrote in week 2 to style your website.

Week 7 and 8: Learn any one MVC Framework, spend time doing stuff yourself and learning its features and functionalities.

By this time you are ready to join a startup as an intern and pickup stuff on the go!


Back End Web Developer

Back-end development primarily deals with content collection and delivery in a web app. For example if you were to write a backend for Facebook, you would be writing modules to store a status, record likes on a status, store comments on a status and then retrieving that stored data from a database and showing it to the users.

Now a web back end can be written in many ways using different languages and their different frameworks.

Here are some language – framework pairs that you can look into:

  • Python – Django
  • PHP – Laravel
  • Ruby – Rails
  • Java – Spring MVC
  • Javascript – Node.js
  • C# – .NET
8 week plan (I am using PHP and Laravel for reference)

Week 1: Learn PHP (Complete Syntax, basic functions and a local host setup)

Week 2 and 3: Learn Laravel (Its Features, how to do things with it)

Week 4 – 6: Do a project from Scratch. I’d suggest you come up with an idea (ANYTHING that you’ve wanted to build in your life, something like facebook, twitter, youtube or anything) Take a couple of days to write some features that you want to build, work on that using the framework you’ve learned. Try to build as many features as you can, show it to your friends and ask what improvements could you make, as you march forward you’ll face problems and when you’ll start solving them by yourself you’ll automatically get a grip on the framework.

Some points to keep in mind:
1. Spend no more than a week on a language syntax.
2. When working with a framework, treat the documentation as your bible. Read it as thoroughly as you can.
3. Make sure you try out stuff by yourself and not just skim through the code that comes your way.

What are some best places to learn web development for free online?

Peter Saint-Andre: RFC 7525: SSL/TLS Best Practices

Planet Jabber - 4 May, 2015 - 00:00
Internet security is very important to me. That's why I pushed hard last year to encrypt the XMPP network. It's also why I've been working on two specifications at the IETF that document major attacks on SSL/TLS as well as best practices for preventing those attacks on a wide range of Internet applications (websites, mobile apps, email, messaging, etc.). I'm happy to report that those best practices were published today as RFC 7525 and that before long we'll also be strengthening the use of TLS in XMPP to further enhance the security profile of the XMPP network. Is that security perfect? No, because we still need end-to-end encryption and several other improvements (indeed, our work is never over because the attacks keep getting better, too). But we're doing what we can within the confines of existing technologies to make Internet applications as secure as possible. Onward and upward!

ProcessOne: Easy installer and structure for ejabberd contributed modules

Planet Jabber - 30 April, 2015 - 16:26

Ejabberd comes with a lot of modules, but sometimes you may need an unsupported feature from the official sources or maybe you need to write your own custom implementation for your very special needs.

For many years, such contributed modules are stored on ejabberd-contrib repository.

However, these modules required manual compilation. This means having Erlang/OTP installed, a base knowledge of how to compile ejabberd modules and manual maintenance when ejabberd’s api is updated over time.

Complex operations to manage ejabberd contributed modules is now behind us. ejabberd is now able to fetch module sources by itself, compile with correct flags and install in a local repository, without any external dependencies. You now longer need to know Erlang and have it installed in order to use the contributed modules. This works with ejabberd modules written in Erlang and will also support new Elixir modules.

ejabberdctl module_install

Before getting started, you need to use ejabberd official repository on Github. We are gathering feedback before you see that command in the next stable release. It will work with ejabberd HEAD, starting from version 15.02.77 (aa1250a). Once you have an ejabberd compiled from source installed, you can start playing with the commands.

As a user, this is how it works:

First you need to get/update the list of available modules:

$ ejabberdctl modules_update_specs

Then you can list available modules

$ ejabberdctl modules_available ... mod_admin_extra Additional ejabberd commands mod_archive Supports almost all the XEP-0136 version 0.6 except otr mod_cron Execute scheduled commands mod_log_chat Logging chat messages in text files ...

Let’s give mod_cron a try:

$ ejabberdctl module_install mod_cron ok

This command installs mod_cron from ejabberd-contrib repository. An example default configuration is installed in:


All you have to do is to copy paste the module and add the values in there in the proper place in your ejabberd.yml config file. Be careful, the snippet can include ACLs, listeners and module configuration, that you have to put in the right place in your config file.

Now, check your new module is installed:

$ ejabberdctl modules_installed mod_cron

And finally, you can remove it:

$ ejabberdctl module_uninstall mod_cron ok What’s next

Please note this is provided as a beta version. We want the work in progress to be released early to gather feedback from developers and users.

For now, you need to edit the configuration snippet provided in module’s conf directory and copy it into your ejabberd’s main configuration. Then you’ll need to restart ejabberd or manually start the module.

However, our plan is to keep iterating on the tool and to make our best to make module installation as easy as possible and avoid need to change main configuration: ejabberd should be able to include module configuration snippets on the fly in a near future.

As a developer, how can you provide an ejabberd contribution ?

As a developper, you still need Erlang and Ejabberd if you install everything from sources, but you can even not need Erlang if you installed ejabberd from official ProcesOne installer. The official installer includes everything needed to build ejabberd modules on its own.

First you can work on your own module by creating a repository in $HOME/.ejabberd-modules/sources/mod_mysupermodule, and creating a specification file in YAML format as mod_mysupermodule.spec (see examples from ejabberd-contrib). From that point you should see it as available module.

Before commiting your code, you should check if your module follows the policy and if it compiles correctly:

$ ejabberdctl module_check mod_mysupermodule ok

if all is OK, your’re done ! Else, just follow the warning/error messages to fix the issues.

You can keep your repository private in this location, ejabberd see it as an available module, or you can publish it as a tgz/zip archive or git repository, and send your spec file for integration in ejabberd-contrib repository. ejabberd-contrib will only host a copy of your spec file and does not need your code to make it available to all ejabberd users.


We have a bright vision for the ejabberd modules ecosystem and this is just the first step. We are waiting to hear from you. With your feedback, your ejabberd installation with instantly become much much more powerful.

The XMPP Standards Foundation: XSF GSoC Students 2015

Planet Jabber - 28 April, 2015 - 14:43

This year, we’ve been lucky enough to have had many great applications to take part in Google Summer of Code under the XSF. We’ve selected the following six students/projects and are looking forward to working with them over an exciting summer:

Tarun Gupta: Extend Stroke Implementation

        Tarun’s going to be working on fleshing out the Stroke Java library to bring it up to feature parity with the Swiften C++ library.

Daniel Baczynski: Multi-account support in Swift

        Daniel’s going to be working with the Swift team on a strong user interface for supporting multiple concurrent accounts in the Swift client.

Ishan Khanna: Add support for XMPP Serverless Messaging (XEP-174) to Smack

        Ishan will be working with the Smack Java library developers on a modern implementation of serverless XMPP messaging over the summer.

Marvin W: Add support for DNSSEC to Smack via MiniDNS

        Marvin’s also going to be working with the Smack developers on the underlying mechanisms to support DNSSEC in Smack.

srtb: Axolotl support for Conversations

        srtb’s going to be working on end to end encryption mechanisms in the Conversations Android client.

Adhish Singla: Prototyping tools, for Internet of Things

      Adhish is going to be working on Internet of Things extensions for the SleekXMPP library.

This should be a great summer for the students, and for all the projects involved.

Ignite Realtime Blog: Spark 2.7.0 Released

Planet Jabber - 24 April, 2015 - 16:22

The Ignite Realtime community has released Spark 2.7.0 for general availability and it can be downloaded from Ignite Realtime: Downloads (Note: there are no working Mac OS X installer as our current build environment has no working setup for Mac, also Spark has lots of issues on the current Mac OS versions and the community has no active Mac OS developers willing to step in).


This release is a mandatory one to use with the recently released Openfire 3.10.0. As 2.6.3 version has issues connecting to the new server version. Though there is a not recommended workaround to revert to using Old SSL setting, which is less secure than TLS. The community strongly advises to upgrade to 2.7.0 version. Even if you are not planning to update to 3.10.0 release of Openfire yet. Spark hasn't seen a release in almost 3 years, but it was constantly evolving. Many fixes and improvements have been applied to the code since the last release. Some users have it deployed in the production environment for years and find it more stable than 2.6.3 version (as myself with 200+ user base).


We are sad that currently Spark has no Project Lead and there are no active contributors to this project. So, fixes and new features may not come up quickly. We hope open source community will embrace and improve this project in the future. You can start sharing your patches on the GitHub. If you find new issues, you can report them in the forums and we will at least file them in the bug tracker for the future developers to tackle.


Here's a list of some important fixes/changes:

[SPARK-1074] Sending part doesnt get a notification about the transfer cancellation - Jive Software Open Source

[SPARK-1362] No confirmation on the sender's part that the file transfer completed  - Jive Software Open Source

[SPARK-1397] Fix the displaying of system tray icons - Jive Software Open Source  (minor one, but not for such a picky person as i am, Spark icon now looks much nicer)

[SPARK-1414] Chat window is not flashing when receiving new message on Windows 7 64 bit - Jive Software Open Source

[SPARK-1525] Update smack - Jive Software Open Source  (huge update for Spark and this is probably the cause why 2.6.3 can't connect to newer Openfire as it uses older Smack library)

[SPARK-1524] Spark is not reconnecting automatically after connection loss - Jive Software Open Source

[SPARK-1546] Spark visually shows that a message is not sent - Jive Software Open Source  (one of the most annoying bugs in 2.6.3)


Also the Conversation history dialog has been completely reworked and should load faster and should be easier to navigate. Java has been updated to the recent 1.7.0 version, which should fix issues with some timezones. There are also numerous memory leak fixes. You can find the full changelog here: Spark Changelog


There are also some open issues. Like the still broken voice chat module. One of the past Spark maintainers cstux has started a work on fixing this, but it is moving slowly. File transfers may not work between 2.6.3 and 2.7.0 versions because of many changes to this functionality in 2.7.0. This is a somewhat frightening list of open issues (though many are minor) Spark - Jive Software Open Source So, again, we encourage Java developers to move this project forward.


Here are sha1sums for the downloads:


      sha1sum                                                              filename

1f74720be219fda89c450869291c0f15116f7c89  spark_2_7_0.deb

4f6c5b0c6ee7eb876509e724032222e1c997e8b1  spark_2_7_0.exe

db25cd5cf0871bdd3dd1ca5ed22592b99f57d37e  spark_2_7_0.tar.gz

0ab7bcfdebf6177399bf3107d0d26c22869b5795  spark-2.7.0.rpm

ab1f1e2ca5def7801d64183bfcb5d54697292e71  spark-2.7.0.src.rpm

eac98c6a9123170b52160499bfe8857c68d1d736  online/spark_2_7_0_online.exe

ProcessOne: ejabberd 15.04

Planet Jabber - 24 April, 2015 - 13:59

ejabberd 15.04 keeps the project delivering new features and improvements at the same fast pace.

The focus for this release is to consolidate and improve what was delivered in the previous release, and also to integrate contributions which had been critical for most deployments these days.

New features

We integrated usefull contributions around groupchat (mod_admin_extra and mod_muc_admin) into ejabberd core. This means ejabberd admins get a new set of powerful ejabberdctl command and API they can rely on with standard ejabberd deployments.

We also made XEP-0033 Extended Stanza Addressing a default component. This is extremely useful to build chat service that uses adhoc chat mechanisms. It brings to ejabberd the ability to send messages to multiple recipients at once without using Multi User chat or pubsub. You can see a bit like email cc or bcc features. This allows to build extremely simple and lightweight multi party chat features.

Among new features, we now have a SQLite backend that can replace Mnesia for those who prefer as basic backend for small and simple standalone deployments.


We improved a lot of modules, added some major pubsub improvements, better RFC compliance, many bug fixes and small tweaks all over the place thanks to your feedback. The cluster script helpers have been improved to work in more situations.


We are still pushing Elixir integration further: this new version of ejabberd can be embedded in any Elixir application, for example in a Phoenix Web application. Here is a tutorial showing how it works.


PubSub improvements include code refactor, bug fixes, minor optimisations and removal of old mod_pubsub_odbc. mod_pubsub now uses db_type parameter like all other ejabberd modules.
NOTE: Users of old mod_pubsub_odbc will need to alter pubsub_node table changing the type attribute: set flat when it was flat_odbc, hometree when it was hometree_odbc, and pep when it was pep_odbc. Without this manual change in your database, the new mod_pubsub will not work.

Changelog overview
  • R16B03-1 is now the minimal required Erlang/OTP version
  • SQLite support
  • Default db_type can be specified with global default_db option
  • Included mod_muc_admin, mod_admin_extra and mod_multicast modules
  • Removed ejabberd_http_poll
  • Pubsub improvements
  • Better RFC compliance
  • Several other bugfixes

ProcessOne installer now includes Erlang/OTP 17.5, with added new configuration option in ejabberd: sqlite, redis and elixir support.
The Linux 32bit installer is no longer maintained.


As usual, the release is tagged in the Git source code repository on Github.

The source package and binary installers are available at ProcessOne.

If you suspect you found a bug, please search or fill a bug report on Github.

Ignite Realtime Blog: Openfire 3.10.0 Released

Planet Jabber - 22 April, 2015 - 21:08

The Ignite Realtime community is very proud to release Openfire 3.10.0 for general availability from


The amount of energy that has gone into this release is truly impressive, and it shows no signs of slowing down - as those of your looking at the 3.11 branch will have seen. Further 3.10.X releases will be bugfix releases; 3.11 will concentrate on a path to 4.0.0.


3.10.0 itself brings new core features to Openfire (such as Message Carbons, for example, by Christian Schudt) and vital improvements (to clustering and MUC, for example, by Tom Evans), as well as some hard bugfixing (by Guus der Kinderen) and important security improvements.


As ever, we welcome pull requests (to 3.10 or master as appropriate), and the entire development team is looking forward to you joining the conversation either in the forums or in the XMPP chatroom at


Happy Chatting!




SHA-1 hashes for download artifacts




UPDATE: Spark 2.6.3 version has issues with connecting to this version of Openfire. We suggest updating to just released 2.7.0 version of Spark.

Thijs Alkemade: Validate the encoding before passing strings to libcurl or glibc

Planet Jabber - 17 April, 2015 - 18:00

Lets start with a simple example in php:


setlocale(LC_ALL, "nl_NL.UTF-8"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $_GET["url"]); curl_exec($ch);

This code is broken, can you tell how?

But it’s not just php or libcurl, lets try glibc.


#include <sys/types.h> #include <sys/socket.h> #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <locale.h> #define BUF_SIZE 500 int main(int argc, char *argv[]) { struct addrinfo hints; struct addrinfo *result, *rp; int sfd, s, j; size_t len; ssize_t nread; char buf[BUF_SIZE]; setlocale(LC_ALL, "nl_NL.UTF-8"); if (argc < 3) { fprintf(stderr, "Usage: %s host port msg…\n", argv[0]); exit(EXIT_FAILURE); } /* Obtain address(es) matching host/port */ memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */ hints.ai_flags = AI_IDN; hints.ai_protocol = 0; /* Any protocol */ s = getaddrinfo(argv[1], argv[2], &hints, &result); if (s != 0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(s)); exit(EXIT_FAILURE); } }

This is a slight modification of the example from the man page for getaddrinfo and it is broken in the exact same way.


The common factor is that both use libidn (well, glibc contains an in-tree copy of libidn, but the essence of it is the same). libidn is a library with various Unicode related funtions. For example, it can convert internationalized domain names (IDNs) to punycode. This is what converts яндекс.рф to xn--d1acpjx3f.xn--p1ai, which contains only characters that can be used safely by the DNS.

The idna_to_ascii_8z documentation states:

Convert UTF-8 domain name to ASCII string. The domain name may contain several labels, separated by dots. The output buffer must be deallocated by the caller.

The libidn docs…

As it turns out, the effect of passing a string that is not valid UTF-8 to any of the libidn functions that expects an UTF-8 string can be disastrous. If the passed in data ends with an unfinished UTF-8 codepoint, then libidn will continue reading past the terminating null-byte. There could be unrelated information just past that byte, which then gets copied into the result. This could leak private information from the server!

For example, the UTF-8 encoding of ф is, in hex:

d1 84

In fact, any valid UTF-8 sequence that starts with d1 should always consist of 2 bytes. But if we pass:

d1 00

instead, then it will instead interpret this as if it was passed:

d1 80

and it continues reading whatever is after our input.

The locale

Some applications don’t use idna_to_ascii_8z, but idna_to_ascii_lz instead. The documentation for idna_to_ascii_lz states:

Convert domain name in the locale’s encoding to ASCII string. The domain name may contain several labels, separated by dots. The output buffer must be deallocated by the caller.

The libidn docs…

However, this is no problem if the locale is already an UTF-8 locale (which is why the examples needed the setlocale calls): if the new locale and the old locale are identical, then no conversion is happening, which means the invalid data is not caught.


The effect of the php code above when passed a domain name with invalid UTF-8 is that a DNS request is started for a domain which contains extra data.

It is possible that this data contains passwords or fragments of a key, however, it has to continue to look UTF-8-like to libidn, so it is unlikely to continue on as long as Heartbleed could (for example, multiple successive null-bytes will stop the conversion). But it could easily allow an attacker to bypass ASLR.

The stringprep functions in libidn are affected by the same issue. These are used, for example, to normalize usernames and passwords. Here, it could allow an attacker to reuse parts of the password from a previous login.

Luckily, the AI_IDN flag of glibc is off by default, and I could not find many applications that ever set it.

So who should check it?

The libidn developers show little motivation to fix this, pointing the blame to applications instead:

Applications should not pass unvalidated strings to stringprep(), it
must be checked to be valid UTF-8 first. If stringprep() receives
non-UTF8 inputs, I believe there are other similar serious things that
can happen.

Simon Josefsson…

But the libcurl and glibc developers can pass on the blame to the layer above just as easily. The man page for getaddrinfo says:

AI_IDN - If this flag is specified, then the node name given in node is converted to IDN format if necessary. The source encoding is that of the current locale.

libcurl’s CURLOPT_URL says nothing about the required encoding.

This is a very messy situation, and so far nobody has shown any motivation to work on fixing it. So the best approach seems to be to fix end-applications to always validate strings to be valid in the current locale before passing them to libraries that require that. How many php developers are likely to do that? How many applications are out there that depend on getaddrinfo? Of course that’s unlikely, so I hope the glibc/libcurl/libidn developers figure something out.

Peter Saint-Andre: Purposes

Planet Jabber - 17 April, 2015 - 00:00
During a conversation not long ago with my friend Sarah, she mentioned the view of author John Maxwell that you cannot be a success in life unless you know your purpose, as in the one and only reason you are here on this earth.

ProcessOne: Embedding ejabberd into an Elixir Phoenix Web application

Planet Jabber - 14 April, 2015 - 14:59

By combining Elixir powerful web framework with ejabberd realtime messaging platform, you can build extremely powerful applications. This tutorial will help you get started.

Here is the screencast showing the whole process. Please read further for detailed step-by-step description and code.

Create a Phoenix application

The first step is to create your Phoenix application as usual.

First, you need to install Elixir 1.0.2+.

From there you can clone and build Phoenix framework:

prompt> git clone && cd phoenix && git checkout v0.10.0 && mix do deps.get, compile

Finally, you can generate your Phoenix application template:
prompt> mix /Users/mremond/demo/my_app

Please refer to Phoenix web site to learn more about it: Getting started with Phoenix.

Add ejabberd as a dependency for your application

You have two simple changes to perfom in your application mix.exs initial file:

  1. Add ejabberd as a dependency for your application:
... defp deps do [{:phoenix, "~> 0.10.0"}, {:phoenix_ecto, "~> 0.1"}, {:postgrex, ">= 0.0.0"}, {:cowboy, "~> 1.0"}, {:ejabberd, ">= 15.03.0", github: "processone/ejabberd"}] end ...
  1. Tell mix to start ejabberd when you launch your application:
... def application do [mod: {Phoenixtest, []}, applications: [:phoenix, :cowboy, :logger, :ejabberd]] end ...
  1. Download and build all dependencies:
    prompt> mix do deps.get, compile

For reference, here is the complete mix.exs

Before you can start your application, you need to configure ejabberd.

Configure your application and ejabberd

Copy ejabberd.yml example file in application config/ directory. I put that file in a gist online to make that step easier:
prompt> (cd config; wget

You can tweak ejabberd config file to adapt it to your needs. Please, refer to ejabberd operation guide to configure it properly.

You also need to configure your Elixir application to tell it how to set global ejabberd values like configuration file, log directory and Mnesia file directory. In the file config/config.exs, add specification ejabberd configuration for integration in your application:

... config :ejabberd, file: "config/ejabberd.yml", log_path: 'logs/ejabberd.log' # Customize Mnesia directory: config :mnesia, dir: 'mnesiadb/' ...

Make sure the directory where to place ejabberd log file does exist. If this is not the case, it will not be automatically created and no log file will be generated.

prompt> mkdir logs

Start your application

You can now start your application:

prompt> iex -S mix phoenix.server

As you see from the log printout, ejabberd is started along with your Elixir app.

You can create a user by entering the following command from Elixir command line:

iex(1)> :ejabberd_auth.try_register("mickael", "localhost", "mypass")
{:atomic, :ok}

You can connect with those credential from an XMPP client.

You can also connect on Elixir web server on http://localhost:4000/

Creating a page displaying ejabberd information

Let’s get started writing a Phoenix basic page that display ejabberd information.

In your project, edit the file web/router.ex and add a reference to a /ejabberd page in the my_app scope:

get "/ejabberd", EjabberdController, :index

The scope “/” block of our router.ex file should now look like this.

scope "/", MyApp do pipe_through :browser # Use the default browser stack get "/", PageController, :index get "/ejabberd", EjabberdController, :index end

Let’s then create the file web/controllers/ejabberd_controller.ex:

defmodule MyApp.EjabberdController do use MyApp.Web, :controller # This is used to import the jid record structure from ejabberd: require Record Record.defrecord :jid, Record.extract(:jid, from: "deps/ejabberd/include/jlib.hrl") plug :action def index(conn, _params) do # get online jid, parse and extract the user part. online_users = :ejabberd_sm.connected_users |> &(jid(:jlib.string_to_jid(&1), :user)) render conn, "index.html", users: online_users end end

The code doing the heavy duty job the one getting online user by JID and extracting the username. This is a couple of lines of code:

# get online jid, parse and extract the user part. online_users = :ejabberd_sm.connected_users |> &(jid(:jlib.string_to_jid(&1), :user))

We do not need anything fancy in our Phoenix view module and we will use default view placeholder web/views/ejabberd_view.ex:

defmodule MyApp.EjabberdView do use MyApp.Web, :view end

Note: I could have put some data conversion code in the view code, but as the code is short, I preferred to have all the relevant ejabberd related code in one place.

Finally, we need the template for the page, named web/templates/ejabberd/index.html.eex:

<div class="jumbotron"> <h2>Hello World, ejabberd meets Phoenix !</h2> <h3>Here is the list of online users:</h3> < %= for user <- @users do %> <p>< %= user %></p> < % end %> </div>

After starting the Phoenix server (iex -S mix phoenix.server) and connecting to the server using your XMPP client, you should see a page like the following:


Here you are. This is all for this tutorial. You should now have environment properly set to start developing amazing ejabberd and XMPP powered web applications.

As you have seen, in a matter of minutes, you were able to create a powerful web app integrating ejabberd XMPP framework. By merging Phoenix and ejabberd, a whole new set of applications can emerge. We are eager to see what amazing apps you will build with it.

Special thanks to Sonny Scroggin (@scrogson) for the discussion and inspiration for this tutorial and video :)


ProcessOne: Paris ejabberd meetup #2 is tomorrow !

Planet Jabber - 14 April, 2015 - 10:13

Our second Paris ejabberd meetup will take place tomorrow, april 15th, in ProcessOne office.

We will talk about ejabberd latest features and share our vision for ejabberd future. You are also very welcome to join to introduce your project.

You can register on Paris ejabberd Meetup page.

See you there !

Ignite Realtime Blog: Announcing Openfire 3.10.0 Release Candidate

Planet Jabber - 11 April, 2015 - 02:48

The Ignite Realtime Community is pleased to announce a release candidate build of the upcoming 3.10.0 release.  A lot of work has gone into this RC since the beta release a few months back and with your help testing, we are hoping to turn around a full 3.10.0 release very soon!  Here are some of the highlights since the beta:


  • OF-885 : Use non-blocking, async IO for BOSH connections
  • OF-893: Fix mutual authentication for BOSH
  • OF-869: Update Jetty to version 9.2
  • OF-877: BOSH connector does not properly restart after configuration change


For those of you that track our progress on Github, we are starting a new approach for development going forward.  An Openfire 3.10 branch has been created and the hope is that we will not have feature creep in this branch, but instead focus on stability and be able to make point releases when the situation warrants.  In the past, Openfire's point releases (ie 3.9.0 to 3.9.1) was a mixture of bug fixes and new features.  The new features will appear in other branches with an eye toward a future 3.11 or 4.0 release!  We are always looking for more folks to help develop Openfire, so please send us those pull requests and stop by our XMPP MUC room to say hi.


So please test this RC and report issues you find in the Openfire Support ForumDo not report issues by commenting on this blog post please!


Here is a listing of download links and md5sums for this release.  You can find these also on our beta download page.




JSopenfire-3.10.0.rc-ALL.pkg.gz747e5a890cd672883ed69677989bac6copenfire-3.10.0.rc-1.i386.rpmddf2fc93ad0a5c01e9f41860aeac90ad openfire_3.10.0.rc_all.debc090d23a5cb685ddfb01b6a1074b384aopenfire_3_10_0_rc.dmg81d05bf6e20b9f8f6a9eeab16d6b843dopenfire_3_10_0_rc.exe734b5c3085c828531bc2f3cc610941a7openfire_3_10_0_rc.tar.gz2a346d0f9b691d96978dd93e79484642 open


Happy testing!

Distribuir contenido