@liaizon An amazing number of boosts from the community! But it seems extremely difficult to find developers who are motivated to do this kind of open-source work who also have a good grasp of the iOS/Apple ecosystem.

We briefly worked with someone since this post, and they made some UI tweaks we'll roll out to the beta soon. But they have now moved to full-time work elsewhere.

Had a good meeting with a new dev last week, awaiting their initial estimate. Maybe they will be the one?! πŸ™‚ Hope so!

@yanasi
Although it often seems like secure messaging apps are popping up from every corner of the internet, beyond XMPP/Matrix very few of them are truly open and free - i.e. allowing users a choice of independent service providers (including self-hosted), and choice of software.

These things can only be achieved with open standard protocols.

@yanasi
Yes, that's the goal.

Of all the alternatives, Matrix/Element is certainly the most similar to Snikket in principles. There are various reasons we prefer XMPP - maturity, simpler technical design, and well-established governance model to name a few.

However any open protocol becoming the primary means of communication online will be a win as far as we're concerned!

@yanasi
A clarification that our *primary* purpose is more simply communication freedom for people. We believe that growing open standards and open source solutions are the way to achieve that.

@yanasi
Happy to answer! Snikket is built on top of existing open standards (XMPP is a mature IETF-approved open protocol) and is built from (and contributes back to) existing open-source projects.

The primary purpose of our project is growing and supporting that ecosystem. The only monetization is via donations and our hosted service (which you are free to migrate from at any time).

Hope this helps, happy to answer anything in more detail if you still have questions! πŸ™‚

@XxAlexXx @fdroidorg In summary: F-Droid is not an entire solution to a device free of malware, but it is a criticial part of the solution.

The point of our original post is to highlight that proprietary app stores do precisely nothing to help in this area (because they don't have a concept of requiring public code in the first place).

Backdoors and other security flaws in apps can be found far more easily with public code than without.

Hope this helps explain the ecosystem πŸ™‚

@XxAlexXx @fdroidorg
F-Droid doesn't magically protect against any malicious apps. If an app is clearly malicious, it would be seen during review. If it is more subtle (e.g. hidden back door), F-Droid certainly won't catch that. In-depth software audits require time and effort.

The purpose of an open reproducible build chain is so anyone can inspect the code, even audit it, and have trust in the result.

An audit of an app without open source and build reproducibility is practically pointless.

@XxAlexXx @fdroidorg Hi! Could you clarify your question?

This link provided in the post is a great overview of all the security-related aspects of the pipeline that F-Droid considers: f-droid.org/en/docs/Security_M (it's quite comprehensive!)

Here's a little thing that may not be obvious to many people....

When you install an open-source app from Google Play or the Apple app store, there is no guarantee that what you install actually matches the public code.

@fdroidorg are doing a great service. They independently build the public source code for apps from scratch, review for common issues, and publish their builds. Thanks to "reproducible builds" it's possible to verify they do not tamper with the code.

f-droid.org/en/docs/Security_M

@resist1984 Hi, great question! Easy answer: it doesn't need your IMEI, and it doesn't read it. You can verify this in our source code.

Unfortunately permission to read the IMEI used to be bundled with the READ_PHONE_STATE permission that Snikket uses for other things, e.g. so it can reject incoming calls if you already have one in progress.

Android 10+ has rightfully removed IMEI access from this permission anyway. Wherever you saw this info may need updating to reflect that. Hope this helps!

@GreyLinux @hund Yep, the quickstart guide on the website will get you a video-capable server right out of the box πŸ™‚

If you have any problems with it, just double-check your firewall (a list of ports is linked from the guide), and feel free to drop by our friendly community chat.

Good luck with your new setup!

Snikket boosted

The blabber.im #XMPP server shuts down tomorrow.

Although we're now in the final hours, I've been working all week towards something to help. I've put up an initial version of a web-based XMPP account migrator at migrate.modernxmpp.org/

It's rushed and still a bit rough round the edges right now, but I really hope it is useful to people who still have data and contacts to migrate before blabber.im goes offline.

If you use it, let me know how it goes! πŸ™‚

Snikket boosted

I just submitted the second XEP ("Moved 2.0") related my work on the #XMPP account migration project. Both this and the XEP-0227 update I submitted a few weeks ago are now going through the XMPP standards process.

The next stage of the project is the exciting one! Over the next couple of months I will be working on implementing these new protocols, and producing the initial software to help people migrate their data between services.

docs.modernxmpp.org/projects/p

So thankful for the support of #NGI DAPSI! ❀️

@jeroen Snikket is based on which has been around a lot longer. That was also set up to bridge to other services, but these days most projects (including Snikket) focus mainly on a first-class experience between XMPP users. However bridges do exist (such as to IRC, email and Matrix). Most of the real differences between XMPP/Matrix are in technical approach. More about that in this thread if you're interested: mastodon.technology/@mattj/106

See also snikket.org/faq/#q-why-not-the - hope this helps! πŸ™‚

The recent news of blabber.im's shutdown is unfortunate for many. This kind of event is why we are working on account migration tools for ( docs.modernxmpp.org/projects/p ). We believe it should be easy for people to move between providers.

It is also why we are working to make self-hosting easier so more people can own their communications: snikket.org/service/

Finally, if you are looking for a new XMPP service you are welcome to request a hosted instance: snikket.org/hosting/

Snikket boosted

Hey guys,

here is the (unofficial) information that the #blabber #xmpp server will be shut down soon.
It is anounced on blabber.im/

- a relocation of the server is impossible.
- Please migrate all your accounts and contacts to other servers.
You can find a list of servers e.g. here: freie-messenger.de/sys_xmpp/se

Important: The app blabber.im (formerly Pix-Art) is not affected!

Please share, because it seems there was/will be no server message!

:BoostOK:

@valhalla @tpheine

jabberfr.org and hot-chilli.net are two other (non-Snikket) XMPP hosting providers.

That said, Snikket hosting is up and running, there are just a few final things we're working on before it's officially launched, such as the billing system and working out the pricing.

Drop an email to hosting@snikket.org if you're interested in trying it out, we're not charging anything during this beta period.

@brie @Nesaijn It's disappointing for sure. "Disgusting" is probably a bit far... all their code is open-source. Most alternatives (BBB, etc.) don't even use XMPP at all.

It takes a lot of time and resources to build a good generic stable protocol and ecosystem, and it's not for everyone. Other things like improving UX are important too.

This is actually what our whole "Products vs Protocols" article was about, in particular this table summarizes some of the trade-offs: snikket.org/blog/products-vs-p

@Nesaijn Not wanting to misrepresent the situation, see here for their stance on third-party XMPP integrations: github.com/jitsi/jitsi-meet/is

@Nesaijn
It probably won't be Jitsi-compatible, as they would rather stay independent. Instead it is likely to build on top of the work currently being done by the @dino folk.

There may be additional server components required, but we will simply bundle them with the Snikket server, so there won't be any additional work for admins.

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.