Welcome to the first installment of what we hope will be a continuing series of reports on XMPP technologies and the XMPP community (you can think of this series is a replacement for the old Jabber Journal). This report is authored by Peter Saint-Andre, Florian Jensen, and Jack Moffitt. Future reports might involve different authors just to keep things interesting; let us know if you’d like to help.
Secure Communications Week
The first Secure Communications Week is coming soon: October 4-11, 2008. For an entire week all participating XMPP-based IM services, led by the jabber.org IM team, will require channel encryption (SSL / TLS) for stronger security. During the first week, we will focus on client-to-server encryption, but in future weeks, participating servers may also test encryption of server-to-server connections.
Why are we doing this? Isn’t this just annoying for people whose IM clients don’t support SSL/TLS? There are two reasons:
- Privacy matters. The Internet isn’t a secure place, and we think it’s in your interest to keep IM conversations private. By using SSL or TLS encryption, you ensure that everything sent through Jabber is encrypted and unreadable by a “man in the middle”. As a result, only your server and the person you chat with can read your messages.
- Many of the volunteers and organizations who run IM services on the federated XMPP network are aiming to require encryption of all traffic on the network. Therefore, we plan to hold real-life security tests on the network over the next few months, with the goal of requiring encryption among some of the existing IM services in time for the 10th anniversary of Jabber on January 4, 2009.
IM users can prepare for Secure Communications Week by making sure that they have an up-to-date IM client. If you notice that you can’t log on to your server, you can find help on the Jabber Community Forums.
Have a secure week!
Jabber.org Gets Peppy
The Personal Eventing Protocol, also known as PEP, is the next-generation transport for advertising moods, activities, geolocation, music tunes, microblogging, and more. It turns each user’s IM account into a flexible publish-subscribe service. The XMPP community has been working on these technologies for several years, and now they are mature enough for deployment by large IM service providers like jabber.org.
How do you get it? The good thing is, you probably don’t need to do anything! Recent releases of popular Jabber clients like Psi, Gajim, and Coccinella support PEP, so you don’t need to download anything new to use this feature. You will automatically see new options like “Publish Tune” appear in your client interface.
The Jabber/XMPP community has a large number of communication venues — multiple email lists, chat rooms, web forums, blogs, microblogs, wikis, and project websites. It is difficult for any one person to keep track of all these conversations, and it gets harder all the time. In the XMPP Report we’ll try to summarize those discussion threads so you don’t have to read them all.
One of the hot topics right now is the integration of XMPP into microblogging services like Twitter, Jaiku, identi.ca, and Yammer. Many of these services are turning to XMPP for two reasons. First, it’s natural to offer an XMPP interface into microblogging streams because the conversation between participants happens in real time, and also because XMPP’s push mechanisms like the core message stanza and advanced publish-subscribe extension can save such services from the heavy load of HTTP polling.
Last week, several members of the XMPP community participated in BearHugCamp in San Francisco along with others from the microblogging community. Jack Moffitt provides some background here and a report on the conference here. Expect more discussion about this in the coming weeks and months, especially on the email@example.com email list.
Well, that’s it for this report. We’ll try to write another one soon!