22
I Use This!
Activity Not Available

News

Analyzed 3 months ago. based on code collected 3 months ago.
Posted about 2 months ago by igniter...@jiveon.com
This blogpost doubles as a GSoC update, as well as a version release blog post.   OMEMO Clownfish logo (conversations.im)   I have the honour to announce the latest release of Smack! Version 4.2.1 brings among bug fixes and additional features ... [More] like Explicit Message Encryption (XEP-0380) and Message Processing Hints (XEP-0334) support for OMEMO Multi-End-Message-and-Object encryption (XEP-0384). The OMEMO protocol was developed by Andreas Straub for the Conversations messenger (also as a Google Summer of Code project) in 2015. Since then it got quite popular and drew a lot of attention for XMPP in the media. My hope is that my efforts to develop an easy to use Smack module will result in an even broader adoption.   The new Smack release is available from the Maven snapshot repository.   OMEMO is a protocol for multi-end to multi-end encrypted communication, which utilizes the so called Double Ratchet algorithm. It fulfills amongst the basic requirements of encrypted communication (confidentiality, authenticity and integrity) also the properties of deniability and forward secrecy as well as future secrecy. Smacks implementation brings support for encrypted single and group chats including identity management and session renegotiation.   Current implementations (as well as this one) are based upon the libsignal library developed by OpenWhisperSystems for their popular Signal (formerly TextSecure) messenger. Smack's OMEMO support is structured in two modules. There is smack-omemo (APL licensed), which contains the logic specified in the XEP, as well as some basic cryptographic code. The other module smack-omemo-signal (GPLv3 licensed) implements some abstract methods defined by smack-omemo and encapsulates all function calls to libsignal.   Currently smack-omemo-signal is the only module available that implements the double ratchet functionality, but there has been a lot of discussion on the XMPP Standards Foundations mailing list regarding the use of alternative (more permissively licensed) libraries for OMEMO (like for example Olm, a double ratchet implementation from our friends over at the [matrix] project). So once there is a new specification that enables the use of other libraries, it should be pretty easy to write another module for smack-omemo enabling OMEMO support for clients that are not GPLv3 compatible as well.   Smack’s OMEMO modules are my first bigger contribution to a free software project and started as part of my bachelors thesis. I’m quite happy with the outcome   Also Smack has a new Logo!   That was a lot of talking about OMEMO. Now comes the second functioning of this blog post, my GSoC update.   My project of implementing Jingle File Transfer (XEP-0234) for Smack is going relatively well. I'm stuck at some points where there are ambiguities in the XEP or things I don't know yet, but most of the time I find another construction site where I can continue my work. Currently I'm implementing stanza providers and elements needed for file transfer. Along the way I steadily create Junit tests to keep the code coverage at a high level. Already it pays off when there are fiddly changes in the element structure. I already got file transfer over Jingle IBB working.   It’s a real pleasure to learn all the tools I never used before like code coverage reports or mocking and I think Flow does a good job introducing me to them one by one.   That’s all for now. Happy hacking [Less]
Posted 4 months ago by igniter...@jiveon.com
Around two years ago, on 2015-03-29 to be precise, Smack 4.1.0 was tagged and released. A few days ago I've tagged and released Smack 4.2.0 to Maven Central. The 4.2.0 release marks a milestone for Smack, but before I got into the exciting new ... [More] features, I'd like to thank the various contributors:   $ git shortlog -sn 4.1.0..4.2.0    459  Florian Schmaus      8  Fernando Ramirez      3  Anno van Vliet      3  Tibo-lg      3  damencho      3  ramabit      2  Andrey Starodubtsev      2  Vyacheslav Blinov      2  stawny      1  Andrey Prokopenko      1  Craig      1  Daniel Hintze      1  Dave Cridland      1  David Black      1  Dmitry Deshevoy      1  Grigory Fedorov      1  Hugues Bruant      1  Ishan Khanna      1  TheHaf      1  Tomas Nosek      1  Tomáš Havlas      1  UltimateZero      1  Vaibhav      1  meisterfuu      1  rohanag12      1  vfite   I can not remember when Smack had so many contributors. Thanks everyone and keep the contributions coming.   The notable changes to Smack 4.2 include support for DNSSEC (thanks to a previous MiniDNS GSOC project), JIDs as first class citizens by using JXMPP's JID API, and tons of other improvements, new features and bug fixes. You can read more in the Smack 4.2 Readme and Upgrade Guide and the Smack's JIRA release notes.   Last but not least, thanks to Bilal Siddiq, Smack now has a logo.   Ever wanted to contribute to open source? Are you interested in XMPP/DNS/DNSSEC? Google gives students the chance to work on open source projects and get paid for it as part of Google's Summer of Code 2017. The XSF acts as umbrella organization for projects like Smack and MiniDNS [4]. Feel free to contact me in the gsoc@muc.xmpp.org if you are interested in participating or if you want to discuss your own Smack/MiniDNS related project ideas. [Less]
Posted 5 months ago by igniter...@jiveon.com
For many years now, Google is orchestrating its "Summer of Code" program. GSoC aims to bring student developers into the open source community, during the summer holidays.   As it did before, the XMPP Standards Foundation (XSF) will act as an ... [More] umbrella organisation for this years edition of GSoC. The Ignite Realtime community is open to accept students under this umbrella.   If you're a student and interested in working on one of our projects as part of GSoC, you should get in contact! We've prepared a number of teaser tasks as well as project ideas, all of which are available in the XSF wiki. [Less]
Posted 5 months ago by igniter...@jiveon.com
I've just released Smack 4.2.0-rc3 to Maven Central. Smack 4.2.0 is scheduled to be released early Q2 2017, according to Smack's release life cycle. And right now, it looks like the train is right on time.
Posted 7 months ago by igniter...@jiveon.com
The Ignite Realtime community is proud to announce that nearly 2 years after the release of Smack 4.1, the first Release Candidate (RC) of Smack 4.2 has been uploaded to Maven Central. Smack 4.2 marks another milestone in the development of Smack. ... [More] With the availability of the first RC, the API of Smack 4.2 was sealed. This means that now is the ideal time for Smack users to adopt their codebase to the new Smack 4.2 API, and eventually start using Smack 4.2 in the experimental/development branch of their codebase. Please consult the Smack 4.2 Readme and Upgrade Guide for more information.   I'd like to use this post also to draw your attention at a very important topic. The codebase of smack-core and -tcp has grown historically over the past 15 years. This is not an issue per se. Smack was well designed from the beginning, is now modular and not affected by bit rot. But especially on important class, namely XMPPTCPConnection, has come to age. It is based on threads, when it should use NIO. It uses triggers for state changes, when it should be designed as finite state machine. And some more. I know that a lot of people are affected by Smack creating at least 2 threads per connection (instead of using NIO). This all also contributed at some amount to the latest security vulnerability found in Smack (SMACK-739 / CVE 2016-10027).   The only solution to tackle this would be to re-implement the affected code from scratch. But needles to say that this also would require funding, as it is not a simple one weekend task. I hope to have the resource to do this at some point in the future. If you think you can help, or know someone who possibly would be interested support the funding, then please contact me. [Less]
Posted 8 months ago by igniter...@jiveon.com
A critical security vulnerability has been found in Smack. Please upgrade immediately to Smack 4.1.9. Like all Smack releases with the same major and minor version numbers, 4.1.9 is a drop in replacement for all Smack 4.1 releases. Smack 4.1.9 is ... [More] available on Maven Central.   The Ignite Realtime community would like to thank Sylvain Sarméjeanne for discovering and reporting the vulnerability to security@igniterealtime.org. [Less]
Posted 12 months ago by igniter...@jiveon.com
I've just uploaded Smack 4.1.8 and 4.2.0-beta2 to Maven Central.   Smack 4.1.8 fixes a few minor issues and is expected to be the last release of the 4.1 branch. As always, Smack releases with the same major and minor version numbers are drop in ... [More] replacements. Ideally you just need to change a single variable somewhere in your build system.   Smack 4.2.0-beta2 is the latest beta of Smack's current development branch. Notable additions include support for XEP-0313: Message Archive Management (MAM) and the IoT XEP series. [Less]
Posted 12 months ago by igniter...@jiveon.com
Starting with b91978dcc4ae partial support for the IoT XEPs was added to Smack. The XEPs consists, amongst other XEPs, of XEP-0323: Data XEP-0324: Provisioning XEP-0325: Control XEP-0347: Discovery The XEPs are in experimental state, which means ... [More] changes to them are possible. Smack does currently only support a partial set of the mechanisms specified, especially when it comes to Data and Control. For example only boolean and integer values can be read and written But support for more data types can be easily added.   The IoT API for those XEPs is available in the latest snapshot builds of Smack, which are available via Maven Central's snapshot repository.  A quick start guide can be found here.   The development of the API was sponsored by Clayster. Clayster creates technology to secure trust in the transactions between physical and digital entities, and strives to be that generic foundation for your physical assets digital life. Clayster has an IoT discovery and provisioning platform supporting XEP-0347 and XEP-0324. The platform is available for those who are interested to explore XMPP and IoT further.  If you don't want to run your own infrastructure, Clayster is able to provide an XMPP Server and the discovery/provisioning platform for you. Feel free to reach out to rikard at clayster.com if you are interested to learn more about using XMPP for your next IoT project. www.clayster.com [Less]
Posted over 1 year ago by igniter...@jiveon.com
Two new releases of Smack have just been pushed to Maven Central.   Smack 4.1.7 fixes a few bugs. One noteworthy bug is that on certain platforms Smack's setEnabledSSL(Protocols|Ciphers) had no effect. More information about the fixed bugs can be ... [More] found in the Release Notes.   The careful reader may noticed that this is the first beta release of Smack 4.2. Which means that Smack 4.2 just entered the beta phase. My rough timeplan is to release Smack 4.2 in 6 months: starting with 3 months long beta period now, followed by 3 months of release candidates. But as all schedules in the software industry, take it with a grain of salt. [Less]
Posted over 1 year ago by igniter...@jiveon.com
I've just released and uploaded Smack 4.1.6 and 4.2.0-alpha3 to Maven Central.   Smack 4.1.6 contains a few important bug fixes for Smack's stable branch: 4.1. The changelog can be found here: Smack Changelog   The third alpha version of Smack's ... [More] upcoming development branch contains a ton of fixes and new features. Adventurous users are encouraged to explore the API improvements. But, as the version name suggests, don't use an alpha version for production deployments. A provisional and incomplete list of Smack 4.2's highlights can be found at Smack 4.2 Readme and Upgrade Guide · igniterealtime/Smack Wiki · GitHub [Less]