The XSF as a Fiscal Host
Managing funds is easy when you’re a large project owned by an incorporated entity with accountants at your disposal, or when you’re a small project run by one person who accepts and uses all donations. When you’re in between, however, it can be difficult to handle. If you’re a project with a few regular contributors but no bank account, who handles the money? For many projects the answer is a fiscal host. [Read More]
Instant Messaging: It's not about the app
Translations: Deutsch Español Française Română Several people have recently reached out to me asking what kind of messenger they should be using now - they said that they actually do not understand what they should be concerned about and whether they should switch from one of the commonly known messengers to another. I wondered how to answer this. Obviously, I could simply have advocated for XMPP (Extensible Messaging and Presence Protocol), but then I thought this might not be a helpful answer by itself. [Read More]
New XMPP Software Listing Rules
The XSF provides a public list of XMPP implementations on its website. For this list to be useful, it should contain up-to-date information about up-to-date software. To achieve this, the XSF Board has decided that all implementations have to reapply once per year, to ensure that they are still actively maintained and that the listed info is accurate. This is a purely formal process, though we encourage implementors to follow the current compliance suites. [Read More]
Eyeball Networks become an XSF Sponsor
We’re happy to announce that Eyeball Networks are the latest organisation to become an XSF Sponsor. Eyeball Networks pioneered the STUN/TURN/ICE device-to-device connection technologies adopted by communications standards including SIP, XMPP, IMS, PacketCable, IBM Sametime, Microsoft Lync, and now WebRTC. You can read more about them here. Sponsors are vital to the ability of the XSF to continue to fulfil its mission to build an open, secure, feature-rich, decentralized infrastructure for real-time communication and collaboration over the Internet. [Read More]
An introduction to xmppresearch.org
At the recent Summit 17, we were very happy to welcome Dominik Renzel and István Koren from the recently launched site xmppresearch.org. The declared mission of the project is to: "collect and to present scientific research work based on XMPP" The site, which is a collaboration between RWTH Aachen University and Technische Universität Dresden, contains articles on recent XMPP-related research, demos and a comprehensive bibliography. They’ve recently blogged about their experiences at Summit 17. [Read More]
No, it's not the end of XMPP for Google Talk
There’s some recent discussion about the sky falling for XMPP at Google. See this blog post by Dan York for example. In reality, we don’t know the state of XMPP inside Google because they don’t share their use of XMPP with the XSF. We do know Android’s Google Cloud Messaging uses it. We know Hangouts Videochat uses it. We know Google Talk still (insecurely) federates with (some) XMPP services. But from an outside perspective, Google has made no major recent changes in terms of how they’re using XMPP from what we can observe. [Read More]
Thank you to new and returning XSF sponsors
We’d like to say a big “thank you” to two companies who have recently signed up as sponsors of the XMPP Standards Foundation. Erlang Solutions are a new XSF sponsor who specialise in providing businesses with scalable solutions via the creation, integration, delivery and lifetime support of products and services based on the Erlang and Elixir programming languages. ProcessOne, a returning sponsor, are a leading provider in messaging platforms designed for scale and robustness. [Read More]
It’s all about choices and control
“Why should I use XMPP?” is a question we get asked a lot. Our answer is often technically-focussed, as there are plenty of reasons XMPP might be the right choice, or we might explain about the benefits of a federated approach - where everyone can run their own server and control their own data. Either way, the fact it is an ‘open standard’ never ceases to be mentioned. Open standards have many advantages over proprietary formats (too many to list in one blog post) but one in particular is that it gives you the choices and control about how you access your data and services. [Read More]
Happy Encrypted Network!
Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections (there’s a fine summary here).
This is the first step toward making the XMPP network more secure for all users.
Stay tuned for more updates as we work on ubiquitous authentication, secure DNS, end-to-end encryption, and other improvements.
Security Notice: Uncontrolled Resource Consumption with Highly-Compressed XMPP Stanzas
The XMPP Standards Foundation has published a security notice describing an uncontrolled resource consumption vulnerability in several XMPP server implementations that support application-layer compression. Details can be found at https://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/.