The Newsletter for July '22 is out!

Read about the latest XMPP client, server & library updates, such as @Monal , @mellium & of course the latest updates on our !

Enjoy reading! 📰 ☕

What's cool in the #XMPP community:

It's a community.

Even the vendors or software developers are reboosting the release notifications of new software version from another vendor/developer to make it spread to a wider audience.

I like that community! :-)

Just merged some integration tests against the C library libgsasl! Validation feels good.

@kaip @prosodyim Let's assume, for example, that someone compromises the TLS certificate of a server you're trying to authenticate against. They MITM the connection by making a connection to the upstream server and trick you into making a connection to them. Using channel binding means that the authentication attempt won't be valid to the upstream server and the connection won't complete because their TLS session won't have the same channel binding data as yours.

The Dev Communiqué for July 2022 has been released! Major updates this month include an implementation of RFC 9266 and a new tool for finding documentation related issues:

This month in Prosody trunk development brings a new channel binding method compatible with TLS 1.3. This brings MITM-resistant authentication for modern clients. The older channel binding method was not compatible with TLS 1.3. Many thanks to @mellium for help testing and IETF work on the new RFC and generally pushing things along!

Support for running on Lua 5.1 has been removed, because the subtle differences in language and API was getting in the way of future work.

BTW: in case folks reading this have a cool FOSS project that needs funding, please be aware that we have a deadline for submitting these tomorrow (August 1st) noon.

Don't feel intimidated - it is really light-weight to submit something (you can do it in less than an hour if need be).

Have a look at -

We just ran integration tests against @prosodyim with channel binding support for TLS 1.3 using RFC 9266 for the first time and all is well! Thanks @zash for the Prosody/LuaSec patches!

We've published our first RFC in collaboration with the IETF! It was written to allow Mellium (and now anything else using TLS 1.3) to have an authenticated session that is bound to a specific TLS session. Check it out:

Gajim 1.4.7 has been released 🎉

Gajim 1.4.7 brings performance improvements 🚀, better file previews, and many bug fixes. Thanks for all your reports!

The migration to @codeberg is finally complete! If you notice anything missing or broken, please let us know. Our code can now be found at

If you were seeing errors fetching any of our libraries during the migration to Codeberg, we apologize The issue should now be fixed.

Show the world that you are now using #Codeberg, by adding a badge to your repo's README or website: 💙

We're in the process of moving the issue tracker and primary repo over to @codeberg! Please bear with us, CI is still a bit rocky over there but we'll do our best to work around the problems. The GitHub will remain for the time being and PRs will be accepted in either place until the migration is complete.

Dear Linux desktop apps, you have full authorization to create a folder in my ~/.config directory, you are even invited to stuff your data in my ~/.local/share directory, and let's not forget about that ~/.cache y'all! Wunderbar! Much freedom!

So, now, please repeat after me:


Thank you kindly

Software complaint: think about your users 

@IslandUsurper it's not just CI, every build now has an insane amount of complexity and storage requirements. We could cache in CI easily enough, but that's a bandaid that only partially covers the wound.

@thefreecollective on Android I use Cheogram (Conversations fork with netter support for phone/SMS bridging), and on Linux-y things I use Mcabber or Dino

Software complaint: think about your users 

@birnim You're missing the point. Yes, sometimes you have to depend on external things. You probably shouldn't depend on several gigs of different external things that require multiple giant systems to install though. It's just bad engineering. It's possible this really was the only way to handle things, but I very much doubt it.

Software complaint: think about your users 

@birnim I'm not trying to shame the particular dependency, especially since it's actually one of their dependencies that appears to have added the dep on both Rust and C, so it's not directly our dependencies fault.

Show older

Mellium Co-op :xmpp: :golang:'s choices:


Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.