Prosodical Thoughts

Prosody nightly builds

2010-07-13T17:36:59Z

For quite a while we have made it easy to get snapshots of the latest Prosody source, and also provided a 64-bit Debian package (prosody-dev) that tracks Prosody's main development branch.

We just completed the last pieces of a new system for building regular nightly builds for each of our active branches. Produced every day at 5AM UTC are builds of a source tarball and Debian/Ubuntu 32-bit and 64-bit packages.

Eventually we plan to extend this system to building for various other platforms (including Windows).

You can find all the builds at http://prosody.im/nightly/.

The Debian packages are automatically uploaded every night to our package repository, and the packages are named according to the branch they are built from. Currently available are: prosody-0.6, prosody-0.7, and prosody-trunk (this last is always following the very latest development code).

The build server is generously donated by Florian Thießen, who also runs a public service running Prosody, thiessen.im.

Prosody 0.7.0 released

2010-06-14T18:19:56Z

We did it! We are very pleased to announce the release of Prosody 0.7.0.

Download links are below, but first let's take a look at some of the new features...

Efficient connection handling

One of the most significant changes in Prosody 0.7 is the added support for libevent, meaning Prosody can efficiently handle very large numbers of connections on a variety of platforms using epoll, kqueue, and a range of other mechanisms.

For more information see our libevent documentation.

Cyrus SASL authentication

There is also now support for Cyrus SASL to handle authentication, allowing the use of LDAP, PAM, SQL or a range of other authentication methods such as GSSAPI.

For more information see our Cyrus SASL backend documentation.

SCRAM authentication

Tobias Markmann has also added support for SCRAM, a new authentication mechanism that solves a lot of the problems and weaknesses found in the current and widely-used mechanisms. Prosody's SCRAM support has been successfully tested against development versions of Pidgin, Pandion, Gajim, Psi, Telepathy and the newcomer Swift.

Also in the area of authentication and security, we have decided to make Prosody advertise the 'PLAIN' SASL mechanism by default only when the client's connection to the server is encrypted. This means that even when encryption isn't enforced, clients will never be transmitting passwords in a form that can easily be reversed.

Privacy lists

For a while Thilo Cestonaro has been busy contributing plugins to our prosody-modules project. Finally this release pulls in two of his plugins, mod_privacy and mod_proxy65.

Privacy lists allow users to configure custom filters for messages, presence and queries. This is already supported by most clients, which allow you to create very flexible rule-based filters.

Sometimes privacy lists are far more powerful than you need though, so we also have a plugin (currently experimental) for a protocol known as "Simple Communications Blocking", which allows you to simply configure a list of JIDs you wish to block all communications with.

File transfer proxying

File transfer in XMPP has been notoriously unreliable. This is in large part due to ever-increasing presence of firewalls and NAT routers between users, preventing connections directly between clients.

Using mod_proxy65, a client can request that Prosody acts as an intermediary in a file transfer - both clients connect to the server, and the server will relay data between them.

Most clients already support this protocol (XEP-0065, as the name suggests), and so once configured on the server it should work with any modern client out of the box.

Setting up the file transfer proxy is described in our mod_proxy65 documentation.

Port multiplexing

An experimental new feature allows you to configure Prosody to run more than one kind of service on a single port. As an example you can handle both client-to-server and server-to-server connections on a single port, in fact, it even supports HTTP and BOSH! This means that you could serve XMPP clients on port 80, and still serve files over HTTP and allow BOSH connections on that port.

To try it out, simply set the list of ports in the config, for example: "ports = { 5222, 80 }" - no need to specify which service(s) each port is for.

Further port configuration is described in our documentation.

Error notification

Another relatively minor, but very useful change is that when Prosody fails to deliver a message over a server-to-server connection, it includes in the generated error message what caused the failure. The feature is probably best described with a screenshot (this is of Gajim):

By providing this information we can allow client developers to provide better user interfaces. Error handling and reporting is in our experience one area where all the major clients have a lot of room for improvement. Hopefully this can help them on their way to more explanatory errors.

Proxy-less BOSH

BOSH is a great technology which allows XMPP to be used from web pages. However it has traditionally been rather restricted by Javascript's "same-origin" policy, which prevents a page from connecting to the XMPP server unless it is on the same domain and port.

Until now this has been solved by using a server proxy on the page's domain to forward requests to the XMPP server, or to use Flash to make the requests, via flxhr.

However browsers now are beginning to support a new specification known as Cross-Origin Resource Sharing (CORS). This allows a browser to ask for permission from the remote domain to send requests there.

Support for CORS is now implemented in Prosody, and a browser also supporting CORS can connect to Prosody via BOSH without using a proxy, and without using Flash. CORS works out of the box with Strophe.js.

Details on configuring CORS support to suit your setup can be found in our BOSH documentation.

Other changes

This release includes many other changes, features and improvements. These include compression for server-to-server streams, disabling support for the insecure SSLv2 protocol, fixes to make PEP support compatible with User Avatar, and non-anonymous rooms and room destruction for MUC.

There have also been numerous changes to improve performance, and compliance with the latest XMPP specifications.

As always, you can reach us in any of the usual places for feedback, bug reports or words of thanks :-)

Download

Windows: Installer | Zip

OS X: Installer (requires OS X 10.5 or newer, Intel (32bit/64bit) and PowerPC (32bit))

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.7.0.tar.gz

Prosody 0.7.0RC2 available for testing

2010-05-26T18:18:36Z

It's been a while, but we're back with a new release candidate for Prosody 0.7.0! The last one gave us valuable feedback and caught issues we'd never have caught without all our users who helped with the testing. Thanks!

So, now for RC2. The links to download are below. There have been quite a few fixes and improvements, here is the list of changes since RC1:

SASL SCRAM updated for the latest specifications.
More robust handling of running out of file descriptors.
Replaced broadcast_message_policy with ignore_presence_priority for compatibility with the new XMPP specifications.
Option consider_bosh_secure for those using HTTPS->HTTP proxies and Prosody's encryption enforcement.
Fixes and optimisations for mod_privacy.
Support for canonicalizing credentials sent to Cyrus SASL.
Fix for HTTPS server handling of large client->server payloads.
Fix for ghost BOSH users triggered by using Apache for proxying, Firefox as a browser or a range of other random variables :)
mod_proxy65 now works with libevent backend.
Fix MUC issue preventing role changes by non-owners.
Fix timers not firing when using libevent.
Fix namespacing of stanzas sent over s2s connections.
Don't re-send data when connection closes, causing high CPU usage.
Add s2s_allow_encryption option to allow disabling encryption for s2s.
Improve error reporting when using Cyrus SASL.
Make mod_groups (shared rosters) work with roster versioning clients.
Fix compression to work with Pandion, and clients which negotiate it immediately after SASL and before resource binding.
Handle multiple IPs per nameserver statement in resolv.conf
Improve the handling of errors received from OpenSSL when loading certificates.

If you want to give 0.7.0 a try before the final release, download it below, and let us know how you get on. If all goes well then we'll be releasing 0.7.0 final shortly!

Download

Windows: Installer | Zip

OS X: Installer (requires OS X 10.5 or newer, Intel (32bit/64bit) and PowerPC (32bit))

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.7.0rc2.tar.gz

Prosody 0.6.2 released

2010-04-28T14:05:48Z

We are pleased to announce the release of Prosody 0.6.2.

This release fixes a bucketful of issues, some big, some small. The most notable changes include:

Disable SSLv2 by default, as it is insecure
Fix a bug that could cause invalid XML to be sent to clients
In some cases data sent immediately before socket close could be lost
c2s/s2s require_encryption options now do what they say on the tin
Improved detection of already-running Prosody instances
Fixed a small memory leak in HTTP/BOSH
Ensure that the namespace on sent s2s stanzas is always jabber:server
Fix to correct the algorithm used in selecting SRV targets from DNS

In addition we have slightly reformatted the default configuration file, in an attempt to make first-time configuration easier, based on feedback received from users. All existing configuration files work with no changes required.

Thanks to everyone who has helped find and report bugs, and help test the fixes for this release. We couldn't have done it without you :)

Download

Windows: Installer |Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.6.2.tar.gz

Google Summer of Code 2010

2010-03-25T11:57:43Z

The XMPP Standards Foundation learnt this week that it has been accepted to participate in Google's Summer of Code programme for 2010.

This programme, occurring each summer since 2005, encourages students to spend their summer working on open-source software, sponsored by Google.

If you're a student and want to work on XMPP software over the summer, apply! You may apply to work on anything XMPP-related, and if you're not sure what would make a good project then check out the XMPP GSoC ideas page for this year. Although student applications are not being submitted until next week now is a good time to plan what you're going to work on and discuss it with the relevant project(s).

The Prosody community also had a brainstorming session and came up with some Prosody-related GSoC projects that would be interesting to work on. Again, remember that you're free to come up with your own project ideas too.

If you're interested in working on Prosody then get talking to us now!

If you're looking for other XMPP software projects participating in GSoC then take a peek at their sites listed on this page or join the jdev@conference.jabber.org chatroom. If you're still lost you can join #jabber on Freenode and someone can point you in the right direction.

Good luck!

Prosody 0.7.0rc1 available for testing

2010-03-02T03:43:37Z

This is a release candidate for the upcoming (and long-awaited) Prosody 0.7.0. With some testing and user feedback we hope that this will become the official 0.7.0 release in a week or two.

The main new feature of the 0.7 branch is support for libevent, meaning Prosody can efficiently handle large numbers of connections on a variety of platforms (expect benchmarks soon...). There is now also support for Cyrus SASL to handle authentication, allowing the use of LDAP, PAM, SQL or a range of other authentication methods such as GSSAPI.

For a while Thilo Cestonaro has been busy contributing plugins to our prosody-modules project. Finally this release pulls in two of his plugins, mod_privacy and mod_proxy65.

A summary of changes since 0.6.1 (a more detailed post will accompany the final release):

libevent: Better connection scaling
mod_proxy65: XEP-0065: SOCKS5 Bytestreams proxy
SASL: Support for Cyrus SASL backend
SASL: Support for SCRAM-SHA-1 mechanism
SASL: Allow insecure PLAIN authentication on encrypted connections only by default
Compression: Support stream compression between servers now, as well as clients
SSL: Disable SSLv2 protocol by default as it is insecure
PEP: Support for on-demand item retrieval to allow User Avatar support
Port multiplexing: Allow multiple services (c2s, s2s, HTTP/BOSH) on a single port
Errors: Return the exact reason when server-to-server connections fail
MUC: Add support for non-anonymous rooms (real JIDs visible to all)
MUC: Allow destruction of rooms by owners
BOSH: Cross-domain request support, avoiding the need for proxies
mod_privacy: XEP-0016: Privacy Lists
MUC: Show precise error when users are kicked from rooms

Known issues: For now the proxy65 module does not work with libevent enabled. Depending on the time taken to develop the fix it will either go into 0.7.0 final or 0.7.1 when ready - but we decided it shouldn't delay the release.

As always, please report any issues to any of the usual places, see http://prosody.im/bugs/ and http://prosody.im/discuss/.

Download

Windows: Installer | Zip

OS X: Installer (requires OS X 10.5 or newer, Intel (32bit/64bit) and PowerPC (32bit))

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.7.0rc1.tar.gz

Proxy-less BOSH with Prosody

2010-01-22T15:17:46Z

Prompted by Jack Moffitt's post on cross-domain BOSH I have added support for the necessary HTTP headers to Prosody. This means that providing the user has a modern browser, no proxy is required to connect to the BOSH URL (usually running on a separate port to the normal web server) via (for example) Strophe.js or JSJaC.

In Prosody trunk (to become the 0.7 version) simply add to your config:

cross_domain_bosh = true

This allows a script on any website to connect to your BOSH URLs. Alternatively you can restrict requests only to certain domains (such as your own), for example:

cross_domain_bosh = { "http://prosody.im", "http://jabber.org" }

would allow a script on either of those sites to connect.

Have fun playing with this new feature - I know I shall. Feedback welcome as always.

Prosody at FOSDEM

2010-01-20T03:21:59Z

Just a quick note to say that at least one half of the Prosody dev team will be attending FOSDEM, Brussels in February. We'll also be at the surrounding XMPP hackfest and summit.

Speaking of hackfest... we were wondering what we should develop on the day. I'm after something fun, and different... if you have any interesting ideas for what we could do with XMPP in a day, shout now.

If you want to join in and find out how to develop modules and components for Prosody, you're welcome to join us, just make sure you get added to the attendance list by posting to the summit mailing list. See you there!

One year ago today

2009-12-03T21:38:50Z

Grab a few enthusiastic XMPP developers, a neat lightweight scripting language and put them together, what do you get?

One year ago today we released the first version of Prosody. The early versions worked (kind of), and were quite feature-packed for initial releases now that I look back. The second release was made before the month's end, and fixed a range of open issues. By the third release we had switched licenses from GPL to MIT, to give less restriction on what could be done with our code.

Fast-forward to today and we've just made our 11th release, are hard working on the 12th, and are very excited about the coming months.

I'd like to thank everyone who has contributed to Prosody, both with source code and with a voice in our (very busy) community.

In particular thanks to albert, our unofficial release driver (and whom we have to thank for making sure we supported IDNA correctly in our first release). Also to Florian Thießen (no, I can't pronounce that either), who became the first person to run a public XMPP service using Prosody.

Thanks to Enrico Tassi and Sergei Golovan who helped with Debian packaging and getting Prosody into Debian, as well as all our packagers for other platforms.

Also deserving a special mention are Paul Aurich, who we have to thank for giving the s2s TLS code his magic touch, and Thilo Cestonaro and Florian Zeitz who both work hard developing plugins in our prosody-modules project.

Ohloh, the open-source software tracker, shows some interesting statistics from our first year of development. Take a look at these graphs to see our activity over the months, and optionally compare to other open-source projects.

Finally, the moment it all began, captured in a screenshot:

Here's to another fruitful year of Prosody development, happy birthday Prosody!

Prosody 0.6.1 Released

2009-11-26T00:51:54Z

Wow, that was quick. Unfortunately some users identified a critical bug in the roster storage in our 0.6.0 release. We've identified and fixed the problem as soon as we can, and strongly recommend that everyone running 0.6.0 back up their data directory (as always!) and upgrade to 0.6.1 at the earliest opportunity.

For the original 0.6.0 announcement detailing the new features in this branch, see Prosody 0.6.0 Released.

Download

Windows: Installer |Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.6.1.tar.gz

Prosody 0.6.0 Released

2009-11-25T03:01:00Z

Yay! After what turned into a rather long testing period, we're ready to announce the release of Prosody 0.6.0.

Below you will find the download links, right after a round-up of the new features in this version.

Telnet console

While the console is nothing new, 0.6 sees some new commands added. You can now easily reload the configuration file, and add/remove virtual hosts without restarting. We've also added a command to shut down the server gracefully, closing all connections with a specified message first.

Multi-session support in MUC

Multi-user chatrooms are great, but ever since IRC they've always been plagued by people with multiple nicknames like "MattJ_work" and "MattJ_laptop". This new feature in Prosody allows multiple connections from the same account to all share the same nickname in the chatroom. To other users in the room it simply looks like a single ordinary user.

This feature is brand new, and still under development... for example changing nickname while part of a multi-session group is disabled for now while we work on making it function smoothly (it's not trivial!). Feedback is always welcome, of course.

Other improvements in MUC include support for persistent rooms, configuration and other admin controls. Room creation can also now be restricted to service admins.

Stream compression

Prosody now has a mod_compression to enable compression of client-to-server streams. Combined with the automatic roster versioning, this makes for some very desirable bandwidth savings, very useful for mobile connections.

More info on enabling compression can be found in the Prosody documentation.

Encryption for server-to-server connections

Prosody can now make encrypted connections to other servers that support TLS for server-to-server connections. If you and your contact are both using secure connections between your client and server, and the link between the servers is encrypted, this means your messages will never pass over the network in the clear.

Per-host SSL/TLS certificates

Up until now Prosody only accepted configuration of a single certificate for all connections, though now you can configure a certificate for each virtual host the server is hosting.

Importer for ejabberd MySQL dumps

For some time we have had an ejabberd2prosody tool available to help convert ejabberd database dumps to Prosody's own format. The trouble for some people was that this only worked with ejabberd's built-in database, 'Mnesia'.

Available now is a new tool, ejabberdsql2prosody, that takes a MySQL dump file and converts it to Prosody's own file format.

In the works is a fully-fledged XEP-0227 convertor, which Matthew has been developing as part of the jabber.org migration.

Compatibility with ejabberd's vcard behaviour

A few users complained to us that when they join chatrooms hosted on an ejabberd server that other users are unable to see their vcard or avatar. This is caused by the fact that ejabberd's MUC implementation sends vcard requests to the user's client, instead of their server (where it is stored). This didn't affect ejabberd users because ejabberd intercepts the requests and replies, however this behaviour is non-standard and doesn't conform to XMPP's routing rules.

The new Prosody configuration option 'vcard_compatibility' can be used to enable this non-standard behaviour in Prosody. Hopefully this option can be removed in the future when ejabberd is fixed.

Download

Update: This version has been replaced by 0.6.1, please see Prosody 0.6.1 Released for more information.

Windows: Installer | Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.6.0.tar.gz