Agregador de noticias

Peter Saint-Andre: Going Deep

Planet Jabber - 19 February, 2017 - 00:00
Three months ago, in a post entitled "Below the Surface", I started a habit of posting in my weblog at least once a week. Although it's been a good run, I've cleared out my backlog of topics to write about. More importantly, I have a big project to finish (The Upland Farm, my forthcoming book on Thoreau) and another one to restart (more on that in the coming weeks), not to mention the need to focus intently on building the team at Filament and bringing our products to market. Because all of these initiatives will require a lot of deep work, my weblog will likely be fairly quiet until mid-summer. See you then....

Ignite Realtime Blog: Openfire 4.1.2 Release

Planet Jabber - 18 February, 2017 - 17:16

The Ignite Realtime Community is pleased to announce the availability of version 4.1.2 of Openfire. This release signifies our ongoing effort to produce a stable 4.1 series while effort is made on new features and functionality in Openfire 4.2.  You can find a release changelog denoting the 13 Jira issues resolved in this release.  If you had issues with inconsistent appearance of groups, do please test this release to see if those issues are now resolved. You can download the release from our website here and the sha1sum's for the available artifacts are as follows.


OSsha1sumFilenameVersion 4.1.1 Downloads [1]Linux RPM (32bit JRE bundled)c2f12c3ec6ba2f64388279f106f2749272c9504copenfire-4.1.2-1.i686.rpm1290Linux RPM (no JRE)226a7f1138fda7c456523bf80e6140e020fd5a74openfire-4.1.2-1.noarch.rpm965Linux RPM (64bit JRE bundled)6892ec82e1435b6cbf23da1ba1efb9d94122d8a6openfire-4.1.2-1.x86_64.rpm3805Linux .debc205eefe136fe0481e498668f258a0bc724a7080openfire_4.1.2_all.deb7311Mac OS dmgb9570c78854c226714c23001997119e503e0aaabopenfire_4_1_2.dmg1207Windows EXEdba34e78456f03bbd0de5a5cf94730c433d75c20openfire_4_1_2.exe19798Binary (tar.tgz)cf4676f1e8c8a04999f6e9c97d859c8bbff35c4eopenfire_4_1_2.tar.gz2622Binary (zip)0f4624f2c387c00373c717a52ed442741ceb0e93openfire_4_1_2.zip3058Source (tar.gz)9b1efd5090ff37e4faca6d460b20ec40a4c40a53openfire_src_4_1_2.tar.gz408Source (zip)b32c39ec84ad04acf46881b682919ef41fab3be4openfire_src_4_1_2.zip1371


[1] We recently migrated to storing our release artifacts on Github and thanks to their API, we can get metrics on how many times the artifact was downloaded.


As a reminder, our development of Openfire happens on Github and we have an active MUC development chat hosted at . We are always looking for more folks interested in helping out, so please consider pitching in!


As always, please report any issues in the Community Forums and thanks for using Openfire!

Peter Saint-Andre: Limited Liability

Planet Jabber - 12 February, 2017 - 00:00
Someone I know who is an avowed socialist told me he'd be much more sympathetic to libertarian views if we didn't need big government to protect us from big business....

Peter Saint-Andre: Forever Jung

Planet Jabber - 12 February, 2017 - 00:00
Recently I got to talking with a friend about personality assessments, especially in relation to hiring and talent development. It took me awhile to figure out why we were not in agreement: he was thinking about the Myers-Briggs Type Indicator (MBTI) whereas I was thinking about assessments based on the five-factor model (also called the "big five") of personality traits....

Christian Schudt: Babbler Version 0.7.3 released

Planet Jabber - 11 February, 2017 - 21:44
I've released version 0.7.3 of the Java XMPP library. This is primarily a "bug fix and improvements" release and is compatible with previous 0.7.x releases. Here's the changelog:
  • Use single equals sign (“=”) for zero-length data in SASL, as per RFC 6120 § 6.4.2
  • Allow configuring a custom stream host and skip proxy discovery then for SI file transfer.
  • Implement WebSocket pings/pongs.
  • Fix WebSocket’s proxy URI construction.
  • Use connect timeout for WebSocket connections.
  • XEP-0198: Send an ack right before gracefully closing the stream (i.e. update to version 1.5.2).
  • MUC Room “enter” events should fire for oneself entering the room as well.
  • Use java.text.Collator for String-based default comparison.
  • XEP-0066: Use URI instead of URL.
  • Fix XMPP Ping in External Components, which broke the connection.
  • Jid.asBareJid returns this if it is already bare, reducing GC pressure.
  • connect() method should not throw CancellationException
  • Check if the connection has been secured (if configured) before starting to authenticate.
Maven coordinates


Ignite Realtime Blog: Smack 4.2.0-rc3 released

Planet Jabber - 11 February, 2017 - 20:09

I've just released Smack 4.2.0-rc3 to Maven Central. Smack 4.2.0 is scheduled to be released early Q2 2017, according to Smack's release life cycle. And right now, it looks like the train is right on time.

Peter Saint-Andre: Why Do I Think What I Think?

Planet Jabber - 11 February, 2017 - 00:00
Most people seem to believe that their thoughts are right, and that this is so because they are righteous people. Those who disagree with them are wrong and have bad intentions; those who agree with them have the truth on their side and have good intentions....

Arnaud Joset: Authentication without password using XMPP on a Django website

Planet Jabber - 9 February, 2017 - 18:00

This article describes the authentication with XMPP on a Django powered website.

Authentication without password

When you authenticate on a website, the domain validate your identity before letting you access confidential information. They are several ways perform this validation and the use of passwords is the most popular. Another method is the use of a token generator i.e. a small device that generate a secret passphrase that you copy on a website. Today I will present you another authentication method without password using XMPP.

XMPP authentication

XMPP has a nice authentication mechanism. It is normalized in the XMPP extension XEP-0070. It may be used on website. There are 4 steps.

  1. The user visits its favorite website and go to the login section.
  2. The user enter its jid (XMPP address) in a form and click on a button to authenticate.
  3. The website send a XMPP request to the user asking if he wants to login on the website. The request display also a code that must be identical on the website and the XMPP client in order to validate the request.
  4. The user validate the request on its XMPP client and therefore he is login on the website.

There are plenty XMPP clients: Gajim, Salut-à-toi, Movim, Conversation, Poezio, Pidgin, Psi etc. Several of them work on mobile, on webpage or on Desktop. Therefore, it is possible to authenticate easily on a website using your smartphone, Desktop or another platform easily without password.

Note: if the client does not support the XEP-0070, there is a fallback mechanism where the user send back the validation code in a chat window. Therefore, it is possible to authenticate with all XMPP clients.

Examples Gajim

Salut à toi (Primitivus)

The following section presents the implementation of this mechanism on a Django website.

Use XMPP authentification mechanism with Django Make it easy with HTTPAuthenticationOverXMPP

In this section, the XMPP part is managed by a component written by "Chteufleur‎". This component is easy to use. It manage the XMPP session and the web developeur just have to make a request to the component and it sends a return code:

  • 200 : User accepts the request
  • 400 : One or more mandatory parameter(s) is missing
  • 401 : User denies the request or timeout
  • 520 : Unknown error appends
  • 523 : Server is unreachable

The installation procedure is described in the Readme file of the project (

Django files

The view manage the form fields and send the jid and validation code (transaction_id) to a module called XmppBackend. The transaction_id is generated when the form is accessed. Its value is kept in memory by using the session mechanism of Django (see section

Several files are needed to obtained the desired result. The following sections describes them. from django import forms class AuthForm(forms.Form): username = forms.CharField(max_length=100, help_text="(XMPP jid)") HTML template {% extends "base.html" %} {% block content %} {% if form.errors %} <p>Your username is invalid. Please try again.</p> {% endif %} <form method="post" action="{% url 'login' %}"> {% csrf_token %} <table> {{form.as_p}} </table> <input type="submit" value="Login" id="Login" name="login"/> </form> Your validation code: {{ transaction_id|linebreaks }} <strong>{{ status_msg|linebreaks }}</strong> {% endblock %} reads the content of the POST and sends the result to xmpp_auth. It also handles the session and the transaction_id generation.

from django.shortcuts import render from django.contrib.auth import login from django.http import HttpResponse from . import xmpp_auth from .forms import AuthForm def index(request): return render(request, 'index.html') def xmpp_authentification(request): xb = xmpp_auth.XmppBackend() transaction_id = None status_msg = "" if request.method == 'POST': try: transaction_id = request.session.get('transaction_id') except KeyError: request.session['user_logged_in'] = False return render(request, 'fail.html') form = AuthForm(request.POST) # check whether it's valid: if form.is_valid(): username = form.cleaned_data['username'] user, status_code = xb.authenticate(username=username, password=None, transaction_id=transaction_id) if user is not None: login(request, user) # Redirect to a success page. request.session['user_logged_in'] = True return render(request, 'success.html') if status_code == 401: request.session['user_logged_in'] = False status_msg = "User {} refused to authenticate.".format(username) else: request.session['user_logged_in'] = False return render(request, 'fail.html') else: request.session['user_logged_in'] = False transaction_id = xb.id_generator(6) request.session['transaction_id'] = transaction_id form = AuthForm() return render(request, 'registration/login.html', {'form': form , 'transaction_id' : transaction_id, 'status_msg': status_msg})

This module makes the following request to the component:

GET /auth?jid=user%40host%2fresource;;method=POST;transaction_id=what_you_want;timeout=120 HTTP/1.1

The component send back a return code. In case of success, the system try to find the user in the database. If this user does not exist, it is created. The system described here is simple and the code must be adapted for more complex website (profile creation, additionnal data etc).

id_generator is called by and by default, it send a code made of 8 characters (both letters and digits) but it is possible to adapt easily this behavior.

import sys import requests import string import random from django.contrib.auth.models import User class XmppBackend(object): """ Authenticate with the XMPP 00-70 XEP """ def __init__(self): self.transaction_id = None def get_transaction_id(self): return self.transaction_id def set_transaction_id(self, transaction_id): self.transaction_id = transaction_id def authenticate(self, username=None, password=None, transaction_id = None): # Check the token and return a user. timeout = 300 payload = {'jid': username, 'domain': '', 'method': 'POST', 'timeout': timeout, 'transaction_id': transaction_id} r = requests.get('', params=payload) if r.status_code == 200: try: user = User.objects.get(username=username) except User.DoesNotExist: # Create a new user. There's no need to set a password user = User(username=username) user.is_staff = False user.is_superuser = False return user, r.status_code if r.status_code == 401: print("User {} refused to authenticate".format(username), file=sys.stdout) return None, r.status_code return None, r.status_code def id_generator(self, size=8, chars=string.ascii_letters + string.digits): self.transaction_id = ''.join(random.choice(chars) for _ in range(size)) return self.transaction_id

The setting of the website must be adapted to your needs. In this simple example, the sessions must be enabled (it is the case by default). Our example use cached session but you can use cookies or even databases. See the excellent documentation of Django for additional information.

LOGIN_URL = '/path/to/login/' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'unix:/tmp/memcached.sock', } } Links Credits
  • The image comes from the post on Linuxfr (by Chteufleur).
  • The description of the XMPP component coms from its repository (by Chteufleur).

Tigase Blog: Tigase JaXMPP Client v3.1.5 Release

Planet Jabber - 6 February, 2017 - 16:43
A small bugfix has been published with the following fixes & changes included below.

Ignite Realtime Blog: Revival of the Asterisk-IM project!

Planet Jabber - 6 February, 2017 - 09:29

I am happy to announce that we are bringing back one of our older projects from the grave: the Asterisk-IM project! This project was started in 2005 by Jive Software, and can be used to integrate the Asterisk platform in Openfire. Due to a lack of manpower over the last few years, development stalled. No longer!


We have found the most excellent Marcelo Terres willing and able to take on the reigns as project lead for the project! Simultaneously a code contribution by Ron Arts brought back compatibility of the Asterisk-IM source code with both recent versions of Openfire, as well as Asterisk 13 - but more on that later, from Marcelo.


I am more than confident that the project is in good hands with Marcelo. Not only has Marcelo been a active manager of the primarily Brazilian-based Openfire community, he is heavily involved in the Asterisk project, going as far as to speaking on AstriCon 2016.


As of now, we restored references to the project in our Ignite Realtime community. There is some more work to be done: downloads still point to an older release, and we might be lacking a bit of project infrastructure (such as an issue tracker, dedicated community forum, etc), but I'll leave that to Marcelo to put in place as he sees fit.


Marcelo, thanks for doing this! I'm excited to have you on board (as far as you weren't already)!

The XMPP Standards Foundation: Google Summer of Code 2017

Planet Jabber - 5 February, 2017 - 17:47

As before, the XSF has applied to this year's Google Summer of Code.

The XSF is intending to act as an umbrella organisation for any XMPP-related project that wishes to join the GSoC. If you are a member of such a project and would like your project to be involved, get in touch!

A fresh page of project ideas has been created on the XSF wiki. If you'd like to mentor for your project, please get in touch with us in the XSF GSoC MUC Room.

Stefan Strigler: Dockered kaiwa image

Planet Jabber - 5 February, 2017 - 13:55

Kaiwa is a modern web based client for XMPP, forked from the original O-Talk project and rebranded. I’ve created a docker image from the fork at which is used at amongst others.

The docker image can be found at

I’ve also created a docker image of the node-xmpp-bosh component that can easily be bundled with kaiwa to create a standalone application. You can use docker-compose and a docker-compose.yml like this:

version: '2'
image: sstrigler/node-xmpp-bosh
- 5280:5280
restart: always

image: sstrigler/kaiwa
- bosh
- 8000:8000
restart: always

The existing images for node-xmpp-bosh are based on rather large images, that’s why I created my own and based it on node:alpine to save a bit of disc space.

Adhish Singla (GSoC 2015): Java smack tutorial

Planet Jabber - 5 February, 2017 - 00:00

This tutorial will be created during the Google summer of code 2017. You who starts with the teaser tasks are encouraged to help out in finishing this tutorial in how to get smack up and running togheter with the extensions. TIP you could use the other tutorials as inputs or outputs


  • start with the smack XMPP library
  • look at the other tutorials
  • create two clients that reads and writes values to eachother
Read a value

To be added

Write a value

To be added

Peter Saint-Andre: Thoreau on Genius

Planet Jabber - 4 February, 2017 - 00:00
Someone who knows that I'm writing a book on Thoreau sent me a link from about Thoreau's views on the topic of genius. Drawing on the "Thursday" and "Friday" chapters of A Week on the Concord and Merrimack Rivers, the author focuses her brief essay on the difference between an artisan, an artist, and a genius....

Peter Saint-Andre: HTTPS No More

Planet Jabber - 2 February, 2017 - 00:00
One unfortunate byproduct of shutting down my VPS and moving my websites to GitHub Pages is that I'm no longer hosting the domain via HTTPS. Although I'm not overjoyed about this, I'm also not deeply disturbed by it given that my personal website isn't exactly the kind of information that needs to be encrypted in transit (and someone could retrieve it over HTTPS from if they really wanted to). Mike Linksvayer helpfully pointed out to me that there are some solutions, and I'll look into those soon. In the meantime I've modified all the cross-links within my websites so that they use http instead of https URLs....

ProcessOne: XMPP Radar Newsletter #19: Privacy, Security and Encryption of Instant Messaging

Planet Jabber - 1 February, 2017 - 22:01

Welcome to 2017! As crazy as this year begins, let’s start with hot topics: privacy, security, encryption and XMPP. We look into clients, configurations, servers and spam like it’s 1984. Or 2049?

ejabberd 17.01 Released!

We’re pleased to announce the first version of ejabberd for 2017. This new ejabberd 17.01 follows closely the previous release. It includes mostly bug fixes over all the previous refactors. ejabberd 17.01 is a rock-solid stable base for upcoming improvements. It will give you the best experience you ever had with ejabberd.

Encrypted Instant Messaging Recommendations for January 2017

Encrypt all your online (IM) communication, there is no good reason anymore to not doing it. Use a XMPP+Omemo client (Conversations on Android and ChatSecure on iOS) or a Matrix+Olm client (Riot).

Jackline: a Secure Terminal-based XMPP Client

The goal was from the beginning to write a “minimalistic graphical user interface for a secure (fail hard) and trustworthy XMPP client”. Fail hard means exactly that: if it can’t authenticate the server, don’t send the password. If there is no end-to-end encrypted session, don’t send the message.

XSender: The Source of All the Recent XMPP Spam

In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. At the bottom of the vast majority of these messages is a service named XSender (XSNDR) that provides rentable XMPP spam slots for anyone looking to peddle legal or illegal products.

Configure ejabberd with Modern XMPP and TLS Features

Admins of recently put some effort into enabling many modern XMPP and TLS features on their ejabberd server, for example making it fully compatible with Conversations client. Now they are sharing their config publicly!

DuckDuckGo Public XMPP Server

Did you know that DuckDuckGo, the decentralized non-tracking search engine, operates its own public XMPP server?

List of XMPP Servers on the Onion Network

Here’s a list of XMPP servers available as hidden services for use with the Prosody server and mod_onions.

Daniel Pocock: Going to FOSDEM, Brussels this weekend

Planet Jabber - 1 February, 2017 - 09:07

This weekend I'm going to FOSDEM, one of the largest gatherings of free software developers in the world. It is an extraordinary event, also preceded by the XSF / XMPP Summit

For those who haven't been to FOSDEM before and haven't yet made travel plans, it is not too late. FOSDEM is a free event and no registration is required. Many Brussels hotels don't get a lot of bookings on weekends during the winter so there are plenty of last minute offers available, often cheaper than what is available on AirBNB. I was speaking to somebody in London on Sunday who commutes through St Pancras (the Eurostar terminal) every day and didn't realize it goes to Brussels and only takes 2 hours to get there. One year I booked a mini-van at the last minute and made the drive from the UK with a stop in Lille for dinner on the way back, for 5 people that was a lot cheaper than the train. In other years I've taken trains from Switzerland through Paris or Luxembourg.

Real-time Communication (RTC) dev-room on Saturday, 4 February

On Saturday, we have a series of 23 talks about RTC topics in the RTC dev-room, including SIP, XMPP, WebRTC, peer-to-peer (with Ring) and presentations from previous GSoC students and developers coming from far and wide.

The possibilities of RTC with free software will also be demonstrated and discussed at the RTC lounge in the K building, near the dev-room, over both Saturday and Sunday. Please come and say hello.

Please come and subscribe to the Free-RTC-Announce mailing list for important announcements on the RTC theme and join the Free-RTC discussion list if you have any questions about the activities at FOSDEM, dinners for RTC developers on Saturday night or RTC in general.

Software Defined Radio (SDR) and the Debian Hams project

At 11:30 on Saturday I'll be over at the SDR dev-room to meet other developers of SDR projects such as GNU Radio and give a brief talk about the Debian Hams project and the relationship between our diverse communities. Debian Hams (also on the Debian Ham wiki) provides a ready-to-run solution for ham radio and SDR is just one of its many capabilities.

If you've ever wondered about trying the RTL-SDR dongle or similar projects Debian Hams provides a great way to get started quickly.

I've previously given talks on this topic at the Vienna and Cambridge mini-DebConfs (video).

Ham Radio (also known as amateur radio) offers the possibility to gain exposure to every aspect of technology from the physical antennas and power systems through to software for a range of analog and digital communications purposes. Ham Radio and the huge community around it is a great fit with the principles and philosophy of free software development. In a world where hardware vendors are constantly exploring ways to limit their users with closed and proprietary architectures, such as DRM, a broad-based awareness of the entire technology stack empowers society to remain in control of the technology we are increasingly coming to depend on in our every day lives.

Peter Saint-Andre: VPS No More

Planet Jabber - 1 February, 2017 - 00:00
A few weeks ago I spent most of a Sunday trying, and failing, to upgrade the Debian Linux distribution on my virtual private server (VPS). After the Linux experts at my hosting company also failed after 90 minutes of fighting with the thing, I realized that the time had come to shut down my VPS and find simpler solutions. For me, that turned out to be FastMail for my email addresses and GitHub Pages for my websites (I was also hosting a few WordPress sites for friends, which I've moved to The only things I miss at this point are HTTPS for one of my websites, and the personal XMPP server I was running. Yet the HTTPS wasn't really all that critical (I know, HTTPS Everywhere and all that, but in practice I'm not running transactional websites and in fact all of my sites are even free of JavaScript - I guess I'm a Web 1.0 kind of person). And although the XMPP server was a fine thing, I do run and I've had a few addresses there forever, so I might as well use them. Simplify, simplify!...

yaxim: yaxim 0.9 - Security Update, Easy XMPP

Planet Jabber - 31 January, 2017 - 10:14

There is a new yaxim release, fixing a yet undisclosed security vulnerability. PLEASE UPGRADE NOW!

The release also provides a number of long-awaited improvements like Easy XMPP, Group chats, Android Auto, a new design and much much more.


Most XMPP clients are impossible to use for normal people. Usability is a hard problem, and making a federated protocol from the early 2000ies usable is even more so. Now, yaxim provides significant improvements:

  1. Install the app and create an account by just typing your desired user name. A secure password will be auto-generated (and you can overwrite it in the prefs):

  2. You can invite friends using the new “Create Invitation” feature:

    You can share the invitation link via QR-code, e-mail, SMS or any other means, and your friend will either see a friendly landing page (source), or immediately get the link opened in yaxim:

    Because yaxim is the first client to support XEP-0379: Pre-Authenticated Roster Subscription, it will automatically approve and add your friend.

    You can also directly use Android Beam™ to share your own or any contact’s address, by touching your devices back-to-back.

  3. It comes with technical foundation to support Easy Group Chats:

Group Chats

Support for Group Chats (also known as XEP-0045: Multi-User Chat or MUC) has been wished for for a long time, and it was in the works for multiple years, culminating in something that is finally usable.

The recommended way to participate is to get invited into a Group Chat by a friend (unfortunately, inviting friends isn’t yet supported directly in yaxim). You will get an invitation notification and can participate:

Of course it is also possible to manually join a known MUC, however this behavior is frowned upon, because typing JIDs is boring:

A future release will provide a “seamless” flow to create groups for Cat Pictures, Christmas planning or Business Matters, and help you invite all the right people, as outlined in Easy Group Chats.

Android Auto (and Wear)

To improve the usability of yaxim in more-mobile-than-mobile scenarios, we have added support for Android Auto and Android Wear. If you connect your Auto/Wear enabled device to your smartphone and install the appropriate companion app, you will be able to receive message notifications from yaxim and respond accordingly.

Android Auto will display the sender and read aloud the message content, allowing to dictate a response or send back “I’m driving”:

On Wear, you can read the actual message, dictate the response or jump into the app:

P.S: Starting with Android 5 and Auto 2, you can run AA directly on your phone screen when using an appropriate phone mount.

New Design

Consistent with the new look featuring Yaks, we have redesigned the app logo and branding:

Notifications also include the new icon, so the time of the red-white-yellow ninja chicken is over:

What’s Next

It might be a bit pathetic to outline the future plans in a release that has taken over two years to complete, but still, it’s important to share our thoughts and ideas.

Let’s first recapitulate our past promises from 0.8.6 and 0.8.7:

  • We have finally tackled MUCs (as asked in 2011 and promised in 2013) \o/

  • It looks like Android tablets aren’t much of a thing, and neither is Android TV. There hasn’t been much demand regarding big screen support, and there are no current plans.

  • End-to-end encryption is now called XEP-0384: OMEMO (#197), we will address it in a future release. Hopefully. Just run your own private and trusted server already!

The XMPP world has changed in the last two years. The most important plans now are:

  • Make XMPP even easier (and improve yaxim accordingly)!

  • Implement XEP-0363: HTTP File Upload: #196 - high priority!

  • Implement XEP-0313: Message Archive Management: #98 - medium priority

  • Implement User Avatars - maybe…

  • Boring maintenance work (Currently yaxim uses content providers and databases for everything, including user presence. This makes for a very laggy experience when connecting, and needs to be cleaned up. This will be a major redesign of the internals, but it will make future improvements much easier and faster).

Peter Saint-Andre: Poets' Paradox

Planet Jabber - 31 January, 2017 - 00:00
Here's another draft poem for my far-future book Songs of Zarathustra:...
Distribuir contenido