As a hobby, I hack instant messaging gateways from various chat "apps" to XMPP (XMPP is to Whatsapp what the fediverse is to Twitter). Slidge (the name I gave to my hobby software thingy) has been mostly usable for me for a few weeks, so I decided to talk about it a little in my blog, by pretending some milestone has been reached and calling it a "release candidate".
@daniel That's really nice to read, thanks! Slidge tries to XEP-comply as much as it can and I'm happy to fix stuff if it doesn't. Bridged contacts and groups should not be differentiable from other #XMPP entities; it seems to be the case as it (mostly) just works with #Conversations (for me, at least).
@aenea Yes it does! Telegram is actually the walled garden that is the most OK with third party clients: they provide a rather easy to use open source lib: https://core.telegram.org/tdlib/
They still are a walled garden though, don't be fooled!
Ooohh spectrum2_signald, fun times! I remember trying to make sense of the (hum, "minimalist"?) dev docs of spectrum2. Thanks for the reminder, I need to keep the docs up-to-date and well written; it is a very important part of making a cool piece of code. 🙃
I remember fighting with the purple shade of lib and custom builds from source... Concise documentation and an introduction/summary to fresh eyes is a key feature.
I forgot to mention #quicksy for android, which is a #conversations version with "whatsapp-like' onboarding on their server (you receive an SMS code that acts as a one-time-password). I'm not fond of "your phone number is your username" *but* I'm grateful that quicky exists, since a lot of non tech savvy folks really like this. It's still federated XMPP underneath.
All SMS codes are archived by the operator. is it possible to track the account associated with an sms code? Does server record my #phone number? I am concerned about the way accounts are stored / logged on the server. If my phone number is stored somehow then I am not interested with that solution. Thankx, #XMPP #Android
@ErcanErdemArdal Yes, credentials are stored server side with slidge. Although, just to clarify, I am not administrating a public slidge instance. Slidge is a software meant to be installed by XMPP server admins. #selfhosting an #XMPP server is relatively easy and cheap, and that's the option I recommend to anyone that wants to try slidge. Maybe some XMPP servers admins will propose this to their users one day, but right now, all slidge users that I know of are self-hosters.
@ErcanErdemArdal Oh, I realise you were probably talking about #quicksy and not slidge in this toot, sorry about that. Yes, Quicksy JIDs (#XMPP addresses) look like +555123456@quicksy.im, so if you want an XMPP account not linked to your phone number, do not use Quicksy but rather #conversations or forks like cheogram or blabber. I also don't like to see my phone number in my JID *but* a lot of users appreciate it. It makes the user experience closer to whatsapp, signal, telegram, etc.
It could be nice indeed. I guess we could ~sortof maintain e2ee with omemo. Probably the first step would be to have a "xep0114 with encryption" somehow. Prosody is probably a good playground for attempting to implement some experimental server-side module like that. I am unsure of the security implications behind letting users run a whole namespace@some-custom-domain.example.com
The main "objection" I see: if you're able to run a component, why not run the xmpp server too? I see some little benefits, like not needing a static IP, possibly no need to worry about dns and certificates... but overall running prosody alongside gateway components is not much overhead. Who would be interested by such deployment option?
Hi, thanks a lot for sharing this ! I recently gave a try to matrix/WhatsApp. Could you tell if you have a different philosophy or if it is "just" a xmpp/matrix difference ? Thanks :) Sinon je ne prendrais pas mal de recevoir un TG
@Chartrux The "technical" philosophy of the bridge part is very similar. In fact, both for whatsapp and messenger slidge relies on (reverse engineered) libs from the mautrix project. I even had a one-line pull request merged in maufbabi (the facebook lib), wow! One difference though, I don't plan to run a large-scale paid instance like beeper.com. Slidge's amateurism is a feature .
@0 For what it's worth, the maintenance effort of an XMPP server is waaaaay smaller than an email server, especially if you don't allow account creation.
That said, perhaps the real issue is with services that don't support authorisation grants (e.g., #OAuth2). It's more acceptable to store a limited grant on someone else's component than to share your actual login details with them.
- signal, telegram, whatsapp: revokable, "per device" access ~token - discord, mattermost: slidge login process = "get your access token from the web UI via dev browser dev tools" 🤡 - facebook, steam: optional 2FA (but right now, password is stored slidge-side anyway, possible area of improvement). they used to have "revokable application password" but I've had less success with them recently Steam is the largest game store for PC, with social network-like features.
Nicoco
Unknown parent • • •Nicoco
Unknown parent • • •Telegram is actually the walled garden that is the most OK with third party clients: they provide a rather easy to use open source lib: https://core.telegram.org/tdlib/
They still are a walled garden though, don't be fooled!
Telegram Database Library
core.telegram.orgres_integra
in reply to Nicoco • • •I follow the code since the `spectrum2_signald` era.
Wishes for the easiest path to a release version.
Nicoco
in reply to res_integra • • •res_integra
in reply to Nicoco • • •Concise documentation and an introduction/summary to fresh eyes is a key feature.
Ercan Erdem Ardal
in reply to Nicoco • • •#XMPP client?
Preferably available on PC and Android.
Thnx
#Chat
Nicoco
in reply to Ercan Erdem Ardal • • •Ercan Erdem Ardal
in reply to Nicoco • • •is it possible to track the account associated with an sms code?
Does server record my #phone number?
I am concerned about the way accounts are stored / logged on the server. If my phone number is stored somehow then I am not interested with that solution.
Thankx,
#XMPP #Android
Nicoco
in reply to Ercan Erdem Ardal • • •Nicoco
in reply to Ercan Erdem Ardal • • •I also don't like to see my phone number in my JID *but* a lot of users appreciate it. It makes the user experience closer to whatsapp, signal, telegram, etc.
0 (shadowbanned)
Unknown parent • • •Care to expand on what was your objection to gateways?
Nicoco
Unknown parent • • •It could be nice indeed. I guess we could ~sortof maintain e2ee with omemo. Probably the first step would be to have a "xep0114 with encryption" somehow. Prosody is probably a good playground for attempting to implement some experimental server-side module like that. I am unsure of the security implications behind letting users run a whole namespace@some-custom-domain.example.com
Nicoco
Unknown parent • • •The main "objection" I see: if you're able to run a component, why not run the xmpp server too? I see some little benefits, like not needing a static IP, possibly no need to worry about dns and certificates... but overall running prosody alongside gateway components is not much overhead. Who would be interested by such deployment option?
Nicoco
Unknown parent • • •Chartrux
in reply to Nicoco • • •I recently gave a try to matrix/WhatsApp. Could you tell if you have a different philosophy or if it is "just" a xmpp/matrix difference ?
Thanks :)
Sinon je ne prendrais pas mal de recevoir un TG
Nicoco
in reply to Chartrux • • •The "technical" philosophy of the bridge part is very similar. In fact, both for whatsapp and messenger slidge relies on (reverse engineered) libs from the mautrix project. I even had a one-line pull request merged in maufbabi (the facebook lib), wow!
One difference though, I don't plan to run a large-scale paid instance like beeper.com. Slidge's amateurism is a feature
Nicoco
in reply to Chartrux • • •Nicoco
Unknown parent • • •For what it's worth, the maintenance effort of an XMPP server is waaaaay smaller than an email server, especially if you don't allow account creation.
0 (shadowbanned)
Unknown parent • • •That said, perhaps the real issue is with services that don't support authorisation grants (e.g., #OAuth2). It's more acceptable to store a limited grant on someone else's component than to share your actual login details with them.
Not perfect, mind, just better.
0 (shadowbanned)
in reply to 0 (shadowbanned) • • •> Facebook, Mattermost, Signal, Skype, Steam, Telegram, and Whatsapp
Out of curiosity, how many of those do #OAUTH2, API tokens or similar? I don't use any of those services & don't even know what steam is.
Nicoco
in reply to 0 (shadowbanned) • • •- signal, telegram, whatsapp: revokable, "per device" access ~token
- discord, mattermost: slidge login process = "get your access token from the web UI via dev browser dev tools" 🤡
- facebook, steam: optional 2FA (but right now, password is stored slidge-side anyway, possible area of improvement). they used to have "revokable application password" but I've had less success with them recently
Steam is the largest game store for PC, with social network-like features.