Skip to main content


As a hobby, I hack instant messaging gateways from various chat "apps" to XMPP (XMPP is to Whatsapp what the fediverse is to Twitter). Slidge (the name I gave to my hobby software thingy) has been mostly usable for me for a few weeks, so I decided to talk about it a little in my blog, by pretending some milestone has been reached and calling it a "release candidate".

nicoco.fr/blog/2023/01/08/slid…

Peter Vágner reshared this.

Unknown parent

mastodon - Link to source
Nicoco
@daniel That's really nice to read, thanks! Slidge tries to XEP-comply as much as it can and I'm happy to fix stuff if it doesn't. Bridged contacts and groups should not be differentiable from other #XMPP entities; it seems to be the case as it (mostly) just works with #Conversations (for me, at least).
Unknown parent

mastodon - Link to source
Nicoco

@aenea Yes it does!
Telegram is actually the walled garden that is the most OK with third party clients: they provide a rather easy to use open source lib: core.telegram.org/tdlib/

They still are a walled garden though, don't be fooled! ;-)

in reply to Nicoco

Congrats on the release candidate!
I follow the code since the `spectrum2_signald` era.
Wishes for the easiest path to a release version.
in reply to res_integra

Ooohh spectrum2_signald, fun times! I remember trying to make sense of the (hum, "minimalist"?) dev docs of spectrum2. Thanks for the reminder, I need to keep the docs up-to-date and well written; it is a very important part of making a cool piece of code. 🙃
in reply to Nicoco

I remember fighting with the purple shade of lib and custom builds from source...
Concise documentation and an introduction/summary to fresh eyes is a key feature.
in reply to Nicoco

Any Suggestions for a Nice
#XMPP client?
Preferably available on PC and Android.
Thnx
#Chat
This entry was edited (1 year ago)
in reply to Ercan Erdem Ardal

I forgot to mention #quicksy for android, which is a #conversations version with "whatsapp-like' onboarding on their server (you receive an SMS code that acts as a one-time-password). I'm not fond of "your phone number is your username" *but* I'm grateful that quicky exists, since a lot of non tech savvy folks really like this. It's still federated XMPP underneath.
This entry was edited (1 year ago)
in reply to Nicoco

All SMS codes are archived by the operator.
is it possible to track the account associated with an sms code?
Does server record my #phone number?
I am concerned about the way accounts are stored / logged on the server. If my phone number is stored somehow then I am not interested with that solution.
Thankx,
#XMPP #Android
in reply to Ercan Erdem Ardal

@ErcanErdemArdal Yes, credentials are stored server side with slidge. Although, just to clarify, I am not administrating a public slidge instance. Slidge is a software meant to be installed by XMPP server admins. #selfhosting an #XMPP server is relatively easy and cheap, and that's the option I recommend to anyone that wants to try slidge. Maybe some XMPP servers admins will propose this to their users one day, but right now, all slidge users that I know of are self-hosters.
in reply to Ercan Erdem Ardal

@ErcanErdemArdal Oh, I realise you were probably talking about #quicksy and not slidge in this toot, sorry about that. Yes, Quicksy JIDs (#XMPP addresses) look like +555123456@quicksy.im, so if you want an XMPP account not linked to your phone number, do not use Quicksy but rather #conversations or forks like cheogram or blabber.
I also don't like to see my phone number in my JID *but* a lot of users appreciate it. It makes the user experience closer to whatsapp, signal, telegram, etc.
Unknown parent

mastodon - Link to source
0 (shadowbanned)

@daniel

Care to expand on what was your objection to gateways?

Unknown parent

mastodon - Link to source
Nicoco

@0 @ErcanErdemArdal

It could be nice indeed. I guess we could ~sortof maintain e2ee with omemo. Probably the first step would be to have a "xep0114 with encryption" somehow. Prosody is probably a good playground for attempting to implement some experimental server-side module like that. I am unsure of the security implications behind letting users run a whole namespace@some-custom-domain.example.com

Unknown parent

mastodon - Link to source
Nicoco

@0 @ErcanErdemArdal

The main "objection" I see: if you're able to run a component, why not run the xmpp server too? I see some little benefits, like not needing a static IP, possibly no need to worry about dns and certificates... but overall running prosody alongside gateway components is not much overhead. Who would be interested by such deployment option?

Unknown parent

mastodon - Link to source
Nicoco
@nels Haaa, quelqu'un a remarqué l'humour glacé et sophistiqué qui se glissait dans les screenshots, merci ;)
@Nels
in reply to Nicoco

Hi, thanks a lot for sharing this !
I recently gave a try to matrix/WhatsApp. Could you tell if you have a different philosophy or if it is "just" a xmpp/matrix difference ?
Thanks :)
Sinon je ne prendrais pas mal de recevoir un TG
in reply to Chartrux

@Chartrux
The "technical" philosophy of the bridge part is very similar. In fact, both for whatsapp and messenger slidge relies on (reverse engineered) libs from the mautrix project. I even had a one-line pull request merged in maufbabi (the facebook lib), wow!
One difference though, I don't plan to run a large-scale paid instance like beeper.com. Slidge's amateurism is a feature ;-).
in reply to Chartrux

@Chartrux pas de TG sur le fediverse, on est bienveillants ici, je vois pas pourquoi tu dis des gros mots comme ça... je suis choqué 😋
Unknown parent

mastodon - Link to source
Nicoco
@0
For what it's worth, the maintenance effort of an XMPP server is waaaaay smaller than an email server, especially if you don't allow account creation.
Unknown parent

mastodon - Link to source
0 (shadowbanned)

@ErcanErdemArdal

That said, perhaps the real issue is with services that don't support authorisation grants (e.g., #OAuth2). It's more acceptable to store a limited grant on someone else's component than to share your actual login details with them.

Not perfect, mind, just better.

in reply to 0 (shadowbanned)

@ErcanErdemArdal

> Facebook, Mattermost, Signal, Skype, Steam, Telegram, and Whatsapp

Out of curiosity, how many of those do #OAUTH2, API tokens or similar? I don't use any of those services & don't even know what steam is.

in reply to 0 (shadowbanned)

@0

- signal, telegram, whatsapp: revokable, "per device" access ~token
- discord, mattermost: slidge login process = "get your access token from the web UI via dev browser dev tools" 🤡
- facebook, steam: optional 2FA (but right now, password is stored slidge-side anyway, possible area of improvement). they used to have "revokable application password" but I've had less success with them recently
Steam is the largest game store for PC, with social network-like features.