Libervia progress note 2023-W22

goffi 31/05/2023, 20:39 jabber-xmpp-en SàT Libervia project libre Libervia progress SàT progress XMPP

Hello,

It's been a while since my last progress note. I've been immersed in work on Libervia, with many tasks to accomplish. I'll keep this update brief.

A/V Implementation in Libervia

I'm thrilled to announce a new development that I haven't yet officially shared on this blog: Libervia has once again received a grant from NLnet, this time via the NGI Assure Fund. This funding will facilitate the implementation of A/V calls with Jingle across several frontends: Web, Desktop, and CLI. In addition to one-on-one calls, multi-party calls are in the plans. The first approach will be using XEP-0272: Multiparty Jingle (Muji), which supports Peer-to-Peer (P2P) connections between participants without the need for a specific service—ideal for a small number of participants. For larger groups, a Selective Forwarding Unit (SFU) will be used, mirroring the technology used in platforms such as Jitsi Meet.

Alongside calls, we plan to offer Desktop Sharing, and even a specification and implementation for Remote Desktop Control atop XMPP!

Progress is well underway; one-on-one calls are already functional within the web frontend. However, there is still substantial work ahead.

To gain insight into the related tasks and what we've accomplished so far, you can check the associated tickets.

ActivityPub Gateway

I realize the high level of anticipation surrounding this gateway. While the gateway is operational (this blog utilizes it), it is yet to stabilize. I had hoped early adopters would install it and provide bug reports or other feedback. Unfortunately, this was not the case, with only one person (to my knowledge) having used it and provided prior feedback. This is understandable considering the requirement of an existing XMPP server, installation of a dev version of Libervia, and setting everything up. If you wish to try it out, you're welcome to join our official chat at libervia@chat.jabberfr.org (http link).

Nonetheless, I've decided to adjust my strategy. At some point, I plan to open a test instance. Due to limited resources for moderation, it will likely be invitation-only initially. The ultimate aim is to gather sufficient feedback to ensure stability.

Official Website and Test Instance

There have been several changes to the website:

  • The Flatpak and Docker images appeared to be malfunctioning. I've temporarily removed them and plan to rectify this issue later. If you wish to test Libervia in the meantime, the sources remain available.

  • I've added a roadmap at https://libervia.org/roadmap. Many had requested this, so here you go.

I've discontinued the libervia.org test instance, after years of service, as I've relocated the official website there to align with the project's new name (Libervia versus formerly Salut à Toi). As mentioned above, I have plans for a new instance, but it will likely be invite-only initially. I'm also considering a local-only demo for a quick overview of the web frontend—a non-federated feature that self-resets every few hours. We'll see if I can make the time to set it up.

Talks

I'll be delivering two talks next month in Paris:

I would be delighted to engage in a conversation if you happen to be there.

Other

In addition to these projects, I've been focusing on parallel tasks like code refactoring, work on calendar events, and the web frontend. However, I'll delve into these topics in more detail at a later date.

That's all for this note.

Libervia progress note 2022-W45

goffi 24/11/2022, 11:58 jabber-xmpp-en SàT Libervia project libre Libervia progress SàT progress XMPP

Hello, it's time for a long overdue progress note.

I'll talk here about the work made on ActivityPub (AP) gateway and on end-to-end encryption around pubsub.

Oh, and if everything goes well, this blog post should be accessible from XMPP and ActivityPub (and HTTP and ATOM feed), using the same identifier goffi@goffi.org.

Forewords

The work made on the AP gateway has been possible thanks to a NLnet/NGI0 grant (with financial support from the European Commission's Next Generation Internet programme).

I especially appreciated that the team was really there to help bring the ideas to life, and not once did they get in the way: little paperwork, no unnecessary pressure, caring, contacts when help was needed, etc.

I wish there were more organizations like this one that really help develop libre projects for the common good.

So once again I want to thank them for all that.

XMPP ⬌ ActivityPub Gateway

There is probably no need to explain here what is ActivityPub, we can simply write that it is an open protocol that allows to do things that XMPP also allows doing, and that until now these 2 protocols could not communicate together. The work on the ActivityPub gateway aims to allow software implementing one of these 2 protocols to communicate as easily as possible. I firmly believe that all open protocols should be able to communicate which each other, to avoid creating more silos, proprietary software is already good enough at that.

To be useful, a gateway must use the full potential of both protocols. A simple bot transcribing messages as we see too often, using unsuitable features (such as instant messaging for blog posts), or using a very limited set of features to ensure compatibility are flaws that I have tried to avoid. Building a good gateway is a difficult and time-consuming task. If done right, the gateway should be as invisible as possible to the end user.

XMPP is featuring blogging since long before AP, however the set of features is not exactly the same. Current use of AP is clearly inspired from commercial "social" networks, and metadata such as subscribers/subscribed nodes (or followers/following in AP terms) are highlighted, feature such as like/favourite were missing in XMPP, and some implementation such as Pleroma do implement reactions. To integrate that in the gateway, I've been working on new specifications:

  • Pubsub Public Subscriptions: a way to publicly announce subscriptions, in an opt-in way. With this it's possible to implement followers/following features in a way respectful of privacy.

  • Pubsub Attachments: a generic way to attach any kind of data to a pubsub item. It's notably used to implements noticed/favourite button (see here and reactions.

  • Calendar Events: handling of events and all the RSVP mechanism. Libervia was handling events for years, but it was an experimental implementation, this specification is a next step in the effort to make it a standard.

Note that this XEP and the others linked below have been accepted but are not yet visible in official list.

You may wonder why there is a specification for Calendar Events… It's because the AP gateway also handles them, making it compatible with Mobilizon. The gateway may evolve in the future to support other non (micro)blogging use cases.

The gateway is now finished in terms of functionalities, however the code is clearly of an alpha quality for the moment. Now the goal in the coming months will be to stabilize and possibly implement other features if there is a demand for it.

Early adopters are encouraged to try and test it as long as they keep in mind that it's not stable. So if you do try it, I recommend keeping a separate ActivityPub account in whatever stable implementation you use at the moment, this way you can check if messages or media are missing, if there is any inconsistency or other bugs, and report them to me. If you test it, please join the XMPP room libervia@chat.jabberfr.org (click here to connect from your browser) for help and feedback. Stabilization will probably take weeks, but I hope to have it done by early 2023.

Installation instructions and details on how the conversion between protocols is done is available in the documentation and notably here

A question I've been asked a lot: yes, you can use the same identifier for XMPP (JID) and AP (WebFinger actor handle) as long as you use "simple" characters (i.e. alphanumeric ASCII chars, _, . and -). If you use something more complicated, you'll have to use the escaping mechanism explained in the doc (this is due to constraints with some AP implementations).

As for blogs on pubsub nodes (what Movim calls "communities"), I made it simple: you can use directly the name of the node that holds the blog in the local part (i.e. before the "@") of your actor handle: a blog named community_bog at the XMPP pubsub service pubsub.example.org can thus be addressed with the AP actor community_blog@pubsub.example.org. This way you can use a rather user-friendly identifier to share your blog with people who are only on ActivityPub.

This gateway should work with any XMPP server, and any client that implement blogging features (Only Libervia itself and Movim implement it for now, but I have heard that other clients are planning support for it). To enjoy the whole feature set of the gateway, the new specifications need to be implemented by the clients, so you can start to fill feature requests…

With this gateway, the door is open to have a client able to talk to the ActivityPub network, while having the feature of XMPP, including e2e encrypted private messages (e2e encrypted only if you communicate with an XMPP account, not with an AP one).

Oh, and please update your graphics, drawing and other texts to include XMPP in the fediverse ;)

End-to-End Encryption

Much effort has also gone into end-to-end encryption.

OMEMO implementation has been updated (OMEMO:2 is now used), including Stanza Content Encryption which allows encrypting arbitrary elements instead of only the \<body/> of the message, I believe that Libervia is the first XMPP client to implement it. OpenPGP for XMPP (or "OX") has also been implemented, all that thanks to the work of Tim Henkes "Syndace", the author of python-omemo.

Beside instant messaging, end-to-end encryption has also been introduced to pubsub. I've made specifications for two methods:

  • An OpenPGP profile for pubsub which is thought to encrypt a whole node, with a system of secret sharing/rotation/revocation. With it, it is easy to give access to new entities after publication, and to retrieve old items for newcomers. This specification can be used to encrypt any pubsub based features: (micro)blogging, calendar events, lists, etc.

  • Pubsub Targeted Encryption which is a way to apply the same cryptographic system used in instant messaging to pubsub. This way, OMEMO can be used with its forward secrecy property. It is not a good option to use this specification to encrypt a whole node, as archive is then not accessible to newcomers, and to add access to a new entity you have to re-encrypt all items, but it's an interesting option to encrypt an element occasionally, for instance to restrict access of a specific post in an otherwise public blog.

Specifications have also been written to sign a pubsub item in a backward compatible way (client which don't implement those specifications can still work normally):

All those specifications are already implemented in Libervia, but they are only usable from CLI frontend at the moment. All you have to do is to use the --encrypt and/or --sign options from pubsub or blog commands (check documentation for details).

Uploaded files were already encrypted with OMEMO Media Sharing which is what is commonly used these days, but this method has not been accepted as a standard as it was a workaround for limitation of legacy OMEMO implementation. The proper way is now specified with Stateless File Sharing and is encrypted with Encryption For Stateless File Sharing. Those methods are currently only usable when OMEMO:2 is implemented in the peer client, and with them metadata on the shared file can be attached, including thumbnails.

Encryption has also been implemented for Jingle (XEP-0391 and XEP-0396), which is notably used for Jingle File Transfer (specially useful for large files transfers).

So to summarize, nearly everything (instant messaging, files uploaded, large file transfers, all pubsub related features) can now be e2e encrypted with Libervia.

Possible Future

With the AP gateway permitting to reach the whole AP network, all the new features implemented, and the work done on e2e encryption, Libervia has everything to be a solid option for communication. After the recent events regarding a famous commercial network, we see a breakthrough of ActivityPub that will hopefully last over time. We can now access AP from XMPP, while having the possibility to have e2e encrypted private conversations or even blogs or calendar events.

As far as I know this is, so far, something unique for a Libre decentralized software. However, there is still work to do on stabilization on UI/UX update before this is really usable.

Those feature were planned for very long (years), but the lack of resources made them slow to come. The grant has made it possible to greatly accelerate the pace of development, and I doubt that it would have been possible to have all that without it.

Regarding how large the project is, and my family life, it's not possible any more to develop seriously this project on my free time alone (and I would like to do other things, sometimes, of my free time).

In other words, I need to find a way to sustain the development of Libervia for the years to come, so I can work full-time on it, and with some luck, build a team. I'm thinking very seriously about it these days, I'll probably write on this topic in a little while. If you are willing to help in any way, please contact me (on the Libervia room linked above for instance).

That's all for this progress note. I'm now working on stabilization and UI/UX update on the web frontend.

Libervia v0.8 « La Cecília »

goffi 30/11/2021, 22:51 jabber-xmpp-en SàT Libervia project libre release

I'm proud to announce the release of Libervia 0.8 « La Cecília » (formerly known as « Salut à Toi »), after more than 2 years of development.

This version is a big milestone preparing the future of the project. Let's have an overview of some major changes.

Project Renaming

In the interest of simplicity, the project has been renamed to " Libervia " (with was formerly the name of the web frontend), and all official frontends have now a straightforward name such as Libervia Web , Libervia Desktop / Mobile (same frontend for both), Libervia CLI for Command-Line Interface , and Libervia TUI for Terminal User Interface. The backend is, as you can guess, Libervia Backend. The former names are for now still used as aliases.

Beside simplicity, the name change was also due to concerns with international audience: some people were thinking that "Salut à Toi" was dedicated to French-speaking people only. Hopefully, it will be easier for everybody, and people won't get confused any more by all the names which were previously used.

Note that the renaming has implications on your configuration file which is now named libervia.conf (sat.conf is still working for now). The sections have been updated with new names (to configure the CLI frontend you now use [cli] section instead of [jp], for the web frontend it's now [web] instead of [libervia]). Please check documentation in case of doubt.

Technical Changes

Libervia has been ported to Python 3, which has opened the door to other changes.

Brython has been integrated to Libervia Web, to replace the unmaintained "Pyjamas" (which was a Python port of GWT).

Nunjucks is also now integrated in Libervia Web, making it possible to share some templates with Jinja. This is notably useful to make some pages working with or without JavaScript.

OMEMO implementation has been completed with support for MUCs (group chats) and files (via XEP-0454: OMEMO Media Sharing).

Many other changes are not explained in this note to avoid it being indigestible, you can check the CHANGELOG for more information.

Libervia Web New Default Theme

A new theme for Libervia Web based on the nice Bulma CSS framework has been made and is now the default one. Thanks to it the interface is clearer and more pleasant to use.

Events list with the new theme

Invitations

An easy to use invitation system has been implemented in Web frontend, and can be used either to give access to something to somebody with an existing XMPP account, or to invite somebody by email. The goal is to be able to share things (e.g. photo album, event) with family or friends without having to expect them to install a software or create an account.

Inviting people to see a photo album

Lists

A decentralised issue tracking system was implemented since version 0.7, which was notably used to manage Libervia's own tickets. It was using a non-standard feature available only in Libervia Pubsub (formerly "SàT Pubsub", server independent Pubsub/PEP component, a side project).

This feature has been renamed to "Lists" and now uses XEP-0346: Form Discovery and Publishing which makes it usable with a generic Pubsub service.

Any kind of list can be created, from project tickets to keep track of bug report of feature requests, to To-do list, grocery list, etc. Being based on XMPP pubsub, lists can be federated, and permissions can be managed easily (for instance to allow various family members to modify a shopping list).

Grocery List on Libervia Web

For the moment 3 kinds of lists are available (generic tickets, To-Do, grocery), but more are expected to come in future versions.

Photo albums

Lots of improvements have been made on the photo albums in the web frontend. They can now be created or deleted from Libervia Web, photos or videos can be uploaded, a touch/mobile-friendly slideshow is available, ogv.js has been integrated to make possible the viewing of videos in Ogg Vorbis/Opus/Theora ans WebM VP8/VP9/AV1 on platforms not supporting them natively, and the invitation system mentioned above has been integrated.

you can now use a slideshow to see your photos and videos

Desktop

Libervia Desktop UI has also been updated, the top menu has been removed, file dropping is now possible on suitable platforms, chat has infinite scrolling, a new "chat selector" screen makes it easier to select entity to chat with or room to join, message attachments are show in a more user-friendly way, and several other improvements has been done.

Chat Selector on Libervia Desktop

Work has also been done on Libervia Mobile (which is Android only for now), but this frontend is not user-friendly enough yet for end-user.

Attachment on Libervia Mobile

CLI

The CLI frontend is now fully documented and following the renaming can now be accessed either by libervia-cli or the shorter li (legacy jp is still working for now). Among new commands we can highlight li file get which retrieve a file with support of aesgcm scheme (i.e. OMEMO Media Sharing), which makes it a kind of OMEMO enabled wget like. li file upload also handle end-to-end encryption, it's thus easy to share an encrypted file from command-line or a script.

Background colour is now automatically detected on compatible terminal emulator, and theme is adapted consequently.

But Also…

File Sharing Component

Libervia can act as a component (which can be seen as generic XMPP server plugins), and it includes a File Sharing Component.

This component store files which can be retrieved either according to given permissions or publicly.

Files can be uploaded or downloaded via XEP-0234: Jingle File Transfer and XEP-0363: HTTP File Upload is now also implemented, making it possible to share files via HTTPS link.

This component can now be used to replace internal XMPP servers HTTP File Upload implementations. In addition to the fine permission management, it does not have a size limit and user quotas can be set, check the documentation to see how to set them. Files uploaded can be retrieved using XEP-0329: File Information Sharing and deleted with XEP-0050: Ad-Hoc Commands.

This component is necessary to use the Photo Album feature.

Libervia Pubsub

A Pubsub/PEP component (formerly named "SàT Pubsub") is developed next to Libervia. It aims to provide a server independent feature-full implementation.

Libervia Pubsub is released at the same time as the Libervia XMPP client, and has also been ported to Python 3.

Among novelties, Full-Text Search has been implemented (XEP-0431: Full Text Search in MAM), as well as XEP-0346: Form Discovery and Publishing which replaces the former non-standard node schema, and PEP is now working for the server itself, making it usable for XEP-0455: Service Outage Status.

Docker Images

Docker images have been updated and moved directly to libervia-backend repository (in docker subdirectory).

Official Website

The Official Website has been updated with a new theme (based on Libervia Web new theme).

Installation

Libervia is available on several GNU/Linux distributions (at least Debian and derivative and Arch Linux). Unfortunately, the current Debian version is outdated (due to incompatible Debian and Libervia release dates), hopefully the new version will be available as a backport soon.

You can easily install Libervia on any distribution by using pipx:

$ pipx install libervia-backend
$ pipx install libervia-desktop

Then launch libervia-backend, and a frontend (e.g. libervia-cli or libervia-desktop). Check the documentation for details.

Docker images are available, and notably a web-demo.yml file can be used with docker-compose to quickly try a local demo:

$ hg clone https://repos.goffi.org/libervia-backend 
$ cd libervia-backend/docker
$ docker-compose -f web-demo.yml up

Then open your browser on http://localhost:8880 and use the login demo with password demo.

What's Next

A Libervia based project has been selected by NLnet for a grant. This project is in 2 parts: working on an XMPP ⟺ ActivityPub gateway, then on pubsub and files end-to-end encryption. You'll find more information on this blog post and on NLnet project page. The project has already well started, and you can follow the progress on my blog (which is Libervia/XMPP powered) or on the ticket tracker (which is also Libervia/XMPP powered). A huge thanks to NLnet/NGI0 Discovery Fund!

Besides, work is planned to improve user experience and instant messaging feature (notably on Web frontend). Libervia aims to be a good fit for private networks for family and friends.

Last but not least, I've been pleased to see that Libervia Web is used to power jmp.chat blog. JMP is a company which give you a real phone number which can be used with XMPP and SIP (you can call this number from a traditional phone and get the voice call from a XMPP client).

This concludes this release post. Stay tuned!

debacle 01/12/2021, 01:07

S

sthaan 02/12/2021, 16:52

Libervia progress note 2021-W38

goffi 27/09/2021, 06:54 jabber-xmpp-en SàT Libervia project libre Libervia progress SàT progress

Hello,

it's time for a new progress note. The work is currently focused on ActivityPub Gateway, and progress has been done on pubsub cache search and the base component.

Pubsub Cache Full-Text Search

Next to the pubsub cache implementation, it was necessary to have a good way to search among items.

So far, Libervia was doing pubsub search using pubsub service's capabilities, and notably the XEP-0431(Full Text Search in MAM) implementation. This is working well (it's what is currently used on this very blog when you do use the search box), but has some pitfalls: the pubsub service must implement this XEP (and as far as I know, Libervia Pubsub is the only one which does it at the moment), the search can be done in a single node at a time only, each search request imply a new XMPP request to the pubsub service, and pubsub items must be in plain text (which is currently always the case, but pubsub end-to-end encryption is planned as second part of the granted NLNet project on which I'm working).

In regard to that, a local search is necessary. SQLAlchemy doesn't really have Full-Text Search (or FTS) support for SQLite out of the box, but it allows to use any SQL directly, thus I could use the really nice FTS engine available within it (FTS5). This is an extension, but in practice it is already installed most of the time (it is part of the SQLite amalgamation).

Thanks to the JSON support in SQLite, it is also possible to filter search requests on parsed data. That's really useful for features like blogs where you often want to do that (e.g. filtering on tags).

The cache search can be operated on all data in cache, that means that you can do search on items coming from multiple nodes and even multiple services. That opens the door to features like hashtags or blog suggestions.

Last but not least, search requests can be ordered by any parsed field. In other terms it will be possible to order a blog by declared publication date — which may be important if you want to import a blog —, or events by location.

To have an idea of the possibilities, you can check the documentation of the CLI search command.

Base ActivityPub Component

Once the preparatory steps have been done, the ActivityPub component itself could be started. In short, for people not used to XMPP, a "component" is a kind of generic plugin to server. You declare it in your server configuration, choose a JID and a "shared secret" (a password), run it with those parameters, and voilà.

For the AP gateway, Libervia runs the component. There is documentation to explain how to launch it, don't worry it's simple.

As I've got questions about this, here is a small schema giving an overview on how the whole thing is working:

global overview of Libervia ActivityPub Gateway

I hope that it makes the whole thing more clear, otherwise don't hesitate to ask me for clarification.

As you can see, the gateway includes an HTTP server to communicate with AP software, but in many cases there will already be an HTTP server (website, XMPP web client, etc.). In this case, you'll have to redirect /.well-known/webfinger and /_ap requests to the gateway server.

For the development, I'm using Prosody as reference XMPP server implementation, and Mastodon as reference ActivityPub server implementation. I've set a local Mastodon installation, and I've chosen to use Docker for that, as it makes things easy to have a reproducible environment and to save and restore a specific state. It was not as trivial as I would expect to find the right configuration to use, I've found outdated tutorials, but I could manage to run the thing relatively easily.

Because we work with HTTPS, I've made a custom docker image with locale certification authority, so Mastodon could validate my gateway HTTP server certificate. I'm already doing that for docker image used for end-to-end tests of Libervia, nothing difficult. Surprisingly though, Mastodon could not resolve my instance, when HTTPie running from the same container could do it flawlessly. I've quickly realised that Mastodon was not respecting hosts declared in /etc/hosts (and added via extra_hosts in Compose file) and found a relevant bug report on Mastodon tracker. That was annoying, and I had to find a way to work around that. I've done it by running a local DNS Server, and Twisted offers a nice built-in one. Twisted DNS can easily use /etc/hosts to direct my local domains to my local IP, it's just a one liner such as twistd3 -n dns --hosts-file=/etc/hosts -r.

After that the domain was resolving, but to my surprise, Mastodon was still not able to communicate with my gateway, and even more bizarre my server was receiving no request at all. After a quick round of tcpdump/wireshark, I saw that indeed nothing was sent to my server.

Thanks to the Libre nature of Mastodon, I could resolve this by reading the source code, the Mastodon::HostValidationError
led me to a section that made the whole picture clear: my server is on a local IP and Mastodon by default refuses to reach it (to avoid the confused deputy attack). With the ALLOWED_PRIVATE_ADDRESSES setting I could finally make Mastodon communicate with my server.

The How to implement a basic ActivityPub server tutorial made by Eugen Rochko (Mastodon original developer) is a nice article to start an ActivityPub implementation, it has been useful to build the base component (despite being a bit outdated, notably regarding signature).

I have to rant a bit, though, as the ActivityPub specification are not available in EPUB or PDF, making it difficult to read on an e-book reader. I could overcome that thanks to pandoc (git clone https://github.com/w3c/activitypub.git then pandoc index.html --pdf-engine=xelatex -o activitypub.pdf), it's really more comfortable to keep the reference like this.

So the base component is now available but only usable by developers (and only capable of sending message to ActivityPub for now). Things will be really exiting with the next 2 steps, as bidirectional communications will be available, and the gateway will be usable for early adopters. I don't expect those steps to be really long.

test message sent with Libervia AP Gateway

Oh, and to answer another question that I've had, yes you can use the same ActivityPub actor identifier as your XMPP JID. I'll explain next time how everything is accessed.

That's all for today.

debacle 27/09/2021, 08:02

M

matlag 28/09/2021, 00:30

S

sthaan 14/11/2021, 19:48