Prosodical Thoughts

We like Pie

2013-06-19T18:23:58Z

We have just added another target to our package builder, namely armhf packages sutable for Raspian on the Raspberry Pi. The first package available is trunk nightly 391.

To try it, simply add our package repository to /etc/apt/sources.list:

 deb http://packages.prosody.im/debian wheezy main

and then run sudo apt-get install prosody-trunk

Prosody 0.9.0rc3 available for testing

2013-06-18T23:15:53Z

After everyone's wonderful help at finding bugs (cheer), we've another release candidate for you from our 0.9 branch.

The primary reason for this RC is to keep compatibility with the just-released LuaSocket 3.0rc1. The new LuaSocket is now available from our package repository, and we have updated our IPv6 documentation accordingly. If you have previously installed lua-socket-prosody, it is now recommended to install the lua-socket package instead.

Summary of changes made since rc2:

Ensure select() backend acts correctly when reaching its limits.
PEP: Reflect generated id back to the client.
Pubsub: Check whether node exists, when deleting.
Add missing SSL options for Diffie-Hellman and Elliptic-Curve parameters, with the latter enabled by default
Moved function for listing local IP addresses from LuaSocket to util.net.
Add server:memory() command to view details of Prosody's memory usage in the telnet console.
A couple of input validation fixes in the telnet console.
MUC: Small variable name fix.
BOSH: Remove various unused headers.

Don't forget to keep your feedback on the release coming to us!

Download

Debian/Ubuntu

If you are using our package repository then you can simply install the prosody-0.9 package, which automatically tracks our 0.9 branch. This release is build 142.

Alternatively you can download packages manually from here.

Windows

Windows builds are coming soon!

Source

Source tarball: prosody-0.9.0rc3.tar.gz

Prosody 0.9.0rc2 available for testing

2013-06-05T10:15:11Z

After a very successful beta, we decided it's time for a release candidate. We have made only a few small changes since beta1:

With s2s_secure_auth enabled, we required encryption for domains listed in s2s_insecure_domains, even if s2s_require_encryption was not set.
Some minor fixes to commands in the telnet console.
Automatically disable SSL compression if luasec-prosody is installed.
Fix a traceback in mod_bosh when used in combination with some plugins.
Fix pubsub "get subscriptions" action.

As always, we depend very much on your feedback. If you give 0.9.0rc2 a try, let us know how you get on, even if it's only to tell us it's a complete success!

Download

Debian/Ubuntu

If you are using our package repository then you can simply install the prosody-0.9 package, which automatically tracks our 0.9 branch.

Alternatively you can download packages manually from here.

Windows

Source

Source tarball: prosody-0.9.0rc2.tar.gz

Prosody 0.9.0beta1 available for testing

2013-05-13T11:46:22Z

It's the news you've all been waiting for! We present the first beta of our upcoming 0.9.0 release. For those of you not already following our development and nightly builds, here are a few of the major changes in this development branch (codenamed 'Prosody Everyone Edition') since 0.8:

Full IPv6 support for all services (c2s, s2s, HTTP, etc.)
Server-to-server authentication using certificates (SASL EXTERNAL)
A new and improved HTTP subsystem, supporting virtual hosts and fully-reloadable modules
Basic pubsub service
Many other fixes and improvements, see our release notes for more information.

Important: This release introduces some changes that require attention from people who upgrade from previous releases. Please read the upgrading section of our release notes to avoid any surprises.

We expect there to be one or two more betas before rc1, and then the final release soon after that.

As always, we appreciate all the help that we get testing Prosody. If you find any issues, please report them.

Download

Debian/Ubuntu

If you are using our package repository then you can simply install the prosody-0.9 package, which automatically tracks our 0.9 branch.

Alternatively you can download packages manually from here.

Windows

Source

Finally, for you old-school folks...

Source tarball: prosody-0.9.0beta1.tar.gz

XMPP summit #12

2012-09-28T20:40:19Z

As usual for this time of year, the XMPP Standards Foundation is holding a summit in the US. I'm excited to say that, for the first time, we'll be there!

The summit shall be held just after the 2012 Realtime conference in Portland, Oregon - which I'll also be attending.

For more information on the summit, including how to attend if you are interested, hop over to the XMPP summit #12 wiki page.

Finally, if you're on the east coast and can't make it to Portland, I'll be attending events in NYC too a couple of weeks prior to the summit. Drop me a note to matthew (at) prosody.im if you want to say hi!

"Tiiiiiiimber!"

2012-04-29T00:58:00Z

A while back we realised that some of the changes we needed to make for the Prosody 0.9 release were not trivial, and involved breaking some established core APIs. We have traditionally kept our trunk repository "stable" for everyday testers who aren't worried about the occasional bug, so we decided to open up a new branch for in-progress, and potentially broken, work. This branch gained the name 'timber' (broken trunk) - timber also happens to be the Old English term for a building, and more appropriately the act of building.

And that's exactly what we've been doing. We have revamped a bunch of APIs in Prosody, from port management to our built-in HTTP server (used for BOSH, among other things). We've also moved the bulk of our c2s and s2s code into modules, which makes them fully reloadable without a server restart.

Some of our important new features destined for 0.9.0 landed or improved in timber. These include our much-requested IPv6 support, as well as certificate authentication for server-to-server streams.

Of course one of the primary goals of Prosody is to remain small and simple. All the while we have continued actively looking for unused code, especially in small features which were added that never took off,or could be replaced by less code, and removing it. This means that despite all the new features we have added, our code has only grown from the previous release by around 40KB. This means we still fit comfortably on a floppy disk alongside a copy of Lua, panic over!

Well, as announced on the Prosody mailing list, we merged timber into trunk today. This means for the first time the new code is available in our nightly builds, in trunk build #271.

Since all this code has had limited testing (a brave (read: 'crazy') group of us have been running our servers on timber for some time). Now that it's out in the open we expect more bugs to be uncovered, if you run into any then please let us know so we can squash them in preparation for the release.

I finally leave you with the obligatory picture of a piece of timber. Oh, and of course a cat. On a sawmill.

Prosody 0.8.2 released

2011-06-20T14:38:43Z

Hi all. Just a small release for you this time, with a handful of bugfixes. Thanks to '@eoranged' and the other PostgreSQL users who helped with feedback and testing of the SQL fixes (the PostgreSQL server we use for testing is now behaving properly!).

A summary of changes in this release:

mod_storage_sql: Fix compatibility with PostgreSQL databases (0.8.1 issue)
mod_bosh: Fix for sessions not timing out after inactivity in some cases
mod_dialback: Fix multiple concurrent dialback requests for the same domain (was sometimes causing s2s failure with certain ejabberds)

Download

Windows: Installer | Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.8.2.tar.gz

Prosody 0.8.1 released

2011-06-04T18:55:19Z

This is a security and bugfix release for the 0.8 branch. This release contains fixes for a couple of major issues, and it is strongly recommended that you upgrade.

Some of you may already be aware of the "billion laughs" denial-of-service attack which was discovered to work against a number of XMPP servers recently. Due to accidental oversight the Prosody team was not notified ahead of the issue being made public, so we have worked hard the past few days to prepare this release as soon as we could.

In addition to upgrading Prosody, you MUST also upgrade the LuaExpat library to 1.2.0 to prevent the attack - this should hopefully be arriving in your distribution shortly, alternatively it can be installed using luarocks. See our dependencies page for details.

If you are a packager and are looking for backported patches to older Prosody versions, please see the 0.8.1 release notes.

A summary of changes in this release:

Reject XML DTDs, comments and processing instructions, preventing the "billion laughs" attack
Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating large data (such as large avatars) Prosody automatically upgrades the table in-place if possible, see our MySQL documentation for more information.
Fix for endless loop when parsing certain invalid JSON
Fix PostgreSQL compatibility in prosody-migrator
Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
mod_legacyauth now correctly disabled for unencrypted connections by default
Components properly inherit SSL settings and certificates from their 'parent' hosts
Prevent startup with no VirtualHost entries in the config file

As usual if you need help or have any questions about installing/upgrading, feel free to ask.

Download

Windows: Installer | Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.8.1.tar.gz

An Introduction to Lua - London

2011-04-18T01:43:25Z

A heads-up for those in the London area and looking for something to do on Tuesday evening. Matthew is going to be giving a talk introducing the basics of Lua, and talking a bit about why we chose Lua for Prosody, and how it has benefited the project.

Anyone is welcome, space permitting, and registration is free via Lanyrd (Twitter account required) or Superdevs (OpenID required).

Prosody 0.8.0 released!

2011-04-07T14:37:04Z

Hurrah! We're very pleased to announce the release of Prosody 0.8.0.

This release includes a number of anticipated new features, which we'll take a tour of below. But before that we would like to thank everyone who has helped with this release - our strong community makes Prosody what it is.

In particular I'd like to thank Florian Zeitz, Kim Alvefur, Jeff Mitchell, Robert Hoelz, Paul Aurich, Dwayne Bent, Tobias Tom and Brian Cully for their contributions to this release.

And a quick word about 0.9, which is already underway. As always we're looking for testers and contributors to help shape the next release. We currently have pubsub, secure federation using certificate authentication and IPv6 support in various stages of development in trunk.

So, now to what's new in 0.8. Let's see...

Pluggable authentication

Prosody already supported various authentication mechanisms via Cyrus SASL. However Cyrus SASL is, as anyone who has used it will agree, not the easiest piece of kit to configure.

Prosody 0.8 brings us the option of authentication modules, which handle the validation of credentials for a given domain.

The primary two authentication modules provide plaintext and hashed password storage. The hashed storage module was originally developed by Jeff Mitchell, and made to use the SCRAM standard format for storing the hashed passwords. As far as we are aware Prosody is the only open-source XMPP server to support this secure format for password storage.

It's worth noting that both plain and hashed storage have different advantages and drawbacks, which we discuss in our article "Plain or hashed password storage?".

In addition there are beta and community modules for authenticating against LDAP, an external process/script, and even two-factor authentication using YubiKey devices. This list is set to grow, and we encourage anyone to suggest or contribute new authentication modules.

Pluggable storage

Authentication wasn't the only area to gain some extensibility. The number of requests we received to link Prosody up with different storage systems, ranging from stock MySQL and PostgreSQL setups to Mongo and CouchDB encouraged us to develop our storage API to allow any plugin to provide storage drivers.

Prosody's beloved file-based driver remains the default, but we have added an SQL storage plugin for those who need something more powerful, or who need to easily share the data with other applications such as web services. This module currently supports MySQL, PostgreSQL and SQLite3.

If you have a favourite database that you want Prosody to support, now is the time to get hacking!

Ad-hoc commands

Florian Zeitz developed ad-hoc command support for Prosody a while back, but 0.8 is the first release to include it as standard. Ad-hoc commands allow you to control and configure the server from within your XMPP client, using a form-driven interface.

Multi-user conference improvements

Our MUC module was missing a number of useful features that we have added in 0.8. These include members-only and invite-only rooms, and restricting room creation to local users as well as admins.

Other features

As usual we've added a large number of other small features and enhancements that are too numerous to list here. You'll just have to download the release and be surprised!

Download

Windows: Installer | Zip

Debian/Ubuntu: 32-bit | 64-bit

Source tarball: prosody-0.8.0.tar.gz

JSON Encodings for XMPP

2011-04-01T19:00:52Z

By popular demand from some parts of the web community the XSF published a new XMPP extension today - XEP-0295. At long last this XEP brings us a standard for XMPP streams that employ the standard lightweight data interchange format known as JSON.

We all know that JSON is simple, light and fast - and of course these properties align very well with the Prosody project. For that reason, we have been working hard all day to provide the first implementation of this new stream format... and are happy to announce the immediate release of mod_json_streams!

Simply install mod_json_streams as you would any other plugin (requires Prosody 0.8) and you can start using JSON streams right away! More documentation can be found on the prosody-modules wiki page for mod_json_streams.

While client developers can now rally to implement XEP-0295 in their software, we have already developed a plugin for the popular Strophe JS library to allow web developers to incorporate this into their projects right away. After loading this Strophe connection plugin simply point Strophe at http://your-server:5280/jsonstreams and watch the JSON fly!

Those interested will be glad to know that we are already at work on our next big interface - HTML(5) based streams, complete with support for optional closing tags in stanzas, and an embedded scripting language for manipulating them once they reach clients.