Nicoco

2 years ago

Nicoco
2 years ago

As a hobby, I hack instant messaging gateways from various chat "apps" to XMPP (XMPP is to Whatsapp what the fediverse is to Twitter). Slidge (the name I gave to my hobby software thingy) has been mostly usable for me for a few weeks, so I decided to talk about it a little in my blog, by pretending some milestone has been reached and calling it a "release candidate".

nicoco.fr/blog/2023/01/08/slid…

A screenshot of poezio, a TUI chat app. Image shows this conversation:

13:52:04 Carabistrot changed: status: Last seen Sunday 12:52 GMT, show: away 13:52:45 « nicoco> Some people like to use terminal-based chat apps. 13:53:03 Carabistrot changed: show: available
13:53:08 Carabistrot> Mais TG
13:53:47 Carabistrot changed: status: Last seen Sunday 12:53 GMT, show: away

The same conversations, in Conversations, a chat app for android.

The same conversation, in whatsapp on Android.

Breaking news: Slidge v0.1.0 RC1 is out! — nicoco.fr

^{www.nicoco.fr}

Peter Vágner reshared this.

Unknown parent

Nicoco

Unknown parent 2 years ago

@daniel That's really nice to read, thanks! Slidge tries to XEP-comply as much as it can and I'm happy to fix stuff if it doesn't. Bridged contacts and groups should not be differentiable from other #XMPP entities; it seems to be the case as it (mostly) just works with #Conversations (for me, at least).

Unknown parent

Nicoco

Unknown parent 2 years ago

@aenea Yes it does!
Telegram is actually the walled garden that is the most OK with third party clients: they provide a rather easy to use open source lib: core.telegram.org/tdlib/

They still are a walled garden though, don't be fooled!

Telegram Database Library

TDLib (Telegram Database Library) is a cross-platform, fully functional Telegram client. We designed it to help third-party…

^{core.telegram.org}

@Aenea

in reply to Nicoco

res_integra

in reply to Nicoco 2 years ago

Congrats on the release candidate!
I follow the code since the `spectrum2_signald` era.
Wishes for the easiest path to a release version.

in reply to res_integra

Nicoco

in reply to res_integra 2 years ago

Ooohh spectrum2_signald, fun times! I remember trying to make sense of the (hum, "minimalist"?) dev docs of spectrum2. Thanks for the reminder, I need to keep the docs up-to-date and well written; it is a very important part of making a cool piece of code. 🙃

in reply to Nicoco

res_integra

in reply to Nicoco 2 years ago

I remember fighting with the purple shade of lib and custom builds from source...
Concise documentation and an introduction/summary to fresh eyes is a key feature.

in reply to Nicoco

Ercan Erdem Ardal

in reply to Nicoco 2 years ago

Any Suggestions for a Nice
#XMPP client?
Preferably available on PC and Android.
Thnx
#Chat

#xmpp #chat

This entry was edited (2 years ago)

in reply to Ercan Erdem Ardal

Nicoco

in reply to Ercan Erdem Ardal 2 years ago

I forgot to mention #quicksy for android, which is a #conversations version with "whatsapp-like' onboarding on their server (you receive an SMS code that acts as a one-time-password). I'm not fond of "your phone number is your username" *but* I'm grateful that quicky exists, since a lot of non tech savvy folks really like this. It's still federated XMPP underneath.

This entry was edited (2 years ago)

in reply to Nicoco

Ercan Erdem Ardal

in reply to Nicoco 2 years ago

All SMS codes are archived by the operator.
is it possible to track the account associated with an sms code?
Does server record my #phone number?
I am concerned about the way accounts are stored / logged on the server. If my phone number is stored somehow then I am not interested with that solution.
Thankx,
#XMPP #Android

#xmpp #android #phone

in reply to Ercan Erdem Ardal

Nicoco

in reply to Ercan Erdem Ardal 2 years ago

@ErcanErdemArdal Yes, credentials are stored server side with slidge. Although, just to clarify, I am not administrating a public slidge instance. Slidge is a software meant to be installed by XMPP server admins. #selfhosting an #XMPP server is relatively easy and cheap, and that's the option I recommend to anyone that wants to try slidge. Maybe some XMPP servers admins will propose this to their users one day, but right now, all slidge users that I know of are self-hosters.

#xmpp #selfhosting @Ercan Erdem Ardal

in reply to Ercan Erdem Ardal

Nicoco

in reply to Ercan Erdem Ardal 2 years ago

@ErcanErdemArdal Oh, I realise you were probably talking about #quicksy and not slidge in this toot, sorry about that. Yes, Quicksy JIDs (#XMPP addresses) look like +555123456@quicksy.im, so if you want an XMPP account not linked to your phone number, do not use Quicksy but rather #conversations or forks like cheogram or blabber.
I also don't like to see my phone number in my JID *but* a lot of users appreciate it. It makes the user experience closer to whatsapp, signal, telegram, etc.

#xmpp #conversations #quicksy @Ercan Erdem Ardal

Unknown parent

0 (shadowbanned)

Unknown parent 2 years ago

@daniel

Care to expand on what was your objection to gateways?

@Daniel Gultsch

Unknown parent

Nicoco

Unknown parent 2 years ago

@0 @ErcanErdemArdal

It could be nice indeed. I guess we could ~sortof maintain e2ee with omemo. Probably the first step would be to have a "xep0114 with encryption" somehow. Prosody is probably a good playground for attempting to implement some experimental server-side module like that. I am unsure of the security implications behind letting users run a whole namespace@some-custom-domain.example.com

@Ercan Erdem Ardal

Unknown parent

Nicoco

Unknown parent 2 years ago

@0 @ErcanErdemArdal

The main "objection" I see: if you're able to run a component, why not run the xmpp server too? I see some little benefits, like not needing a static IP, possibly no need to worry about dns and certificates... but overall running prosody alongside gateway components is not much overhead. Who would be interested by such deployment option?

@Ercan Erdem Ardal

Unknown parent

Nicoco

Unknown parent 2 years ago

@nels Haaa, quelqu'un a remarqué l'humour glacé et sophistiqué qui se glissait dans les screenshots, merci ;)

@Nels

in reply to Nicoco

Chartrux

in reply to Nicoco 2 years ago

Hi, thanks a lot for sharing this !
I recently gave a try to matrix/WhatsApp. Could you tell if you have a different philosophy or if it is "just" a xmpp/matrix difference ?
Thanks :)
Sinon je ne prendrais pas mal de recevoir un TG

in reply to Chartrux

Nicoco

in reply to Chartrux 2 years ago

@Chartrux
The "technical" philosophy of the bridge part is very similar. In fact, both for whatsapp and messenger slidge relies on (reverse engineered) libs from the mautrix project. I even had a one-line pull request merged in maufbabi (the facebook lib), wow!
One difference though, I don't plan to run a large-scale paid instance like beeper.com. Slidge's amateurism is a feature

@Chartrux

in reply to Chartrux

Nicoco

in reply to Chartrux 2 years ago

@Chartrux pas de TG sur le fediverse, on est bienveillants ici, je vois pas pourquoi tu dis des gros mots comme ça... je suis choqué 😋

@Chartrux

Unknown parent

Nicoco

Unknown parent 2 years ago

@0
For what it's worth, the maintenance effort of an XMPP server is waaaaay smaller than an email server, especially if you don't allow account creation.

Unknown parent

0 (shadowbanned)

Unknown parent 2 years ago

@ErcanErdemArdal

That said, perhaps the real issue is with services that don't support authorisation grants (e.g., #OAuth2). It's more acceptable to store a limited grant on someone else's component than to share your actual login details with them.

Not perfect, mind, just better.

#oauth2 @Ercan Erdem Ardal

in reply to 0 (shadowbanned)

0 (shadowbanned)

in reply to 0 (shadowbanned) 2 years ago

@ErcanErdemArdal

> Facebook, Mattermost, Signal, Skype, Steam, Telegram, and Whatsapp

Out of curiosity, how many of those do #OAUTH2, API tokens or similar? I don't use any of those services & don't even know what steam is.

#oauth2 @Ercan Erdem Ardal

in reply to 0 (shadowbanned)

Nicoco

in reply to 0 (shadowbanned) 2 years ago

- signal, telegram, whatsapp: revokable, "per device" access ~token
- discord, mattermost: slidge login process = "get your access token from the web UI via dev browser dev tools" 🤡
- facebook, steam: optional 2FA (but right now, password is stored slidge-side anyway, possible area of improvement). they used to have "revokable application password" but I've had less success with them recently
Steam is the largest game store for PC, with social network-like features.

⇧

Nicoco 2 years ago • •

Nicoco
2 years ago