FilterHN

XMPP and Metadata

73 points

by todsacerdoti

5 days ago

| past

| 3 comments

| blog.mathieui.net

| HN

▲

buttocks

15 hours ago

[-]

I always liked XMPP and SIP as messaging protocols. So easy to read and understand and implement. Both are extensible and can be made secure.

▲

rootnod3

13 hours ago

[-]

Yes. Unfortunately it seems that Matrix is the winner, but I think Matrix is over-engineered.

XMPP was nice. Especially in the old times when Google Hangouts and Facebook Chat were also XMPP based. Being able to talk to people on another service without needing an account there was a nice thing to have for a few months.

▲

ge0rg

13 hours ago

[-]

The interop was a nice feature implemented by their engineers, but it violated the lock-in operational principles of the gatekeeper services, so it had to be abandoned. Let's see if the EU Digital Markets Act will bring back XMPP interfaces to the big ones... ;)

▲

tcfhgj

12 hours ago

[-]

So far it looks more like walled gardens are the real winners.

What you maybe see as overengineering, I see as a prerequisite for wider adoption.

These days aren't the old days any more, when you only ever used a native app without e2ee on a computer.

▲

RadiozRadioz

3 hours ago

[-]

What are the reasons Matrix is the winner? Are they inherent to the protocol itself or something else?

▲

Arathorn

3 hours ago

[-]

Matrix has a pretty comprehensive featureset with clients across a broad range of platforms.

The accusations of it being overengineered come typically due to the Synapse server implementation being slow. This is basically an artefact of Matrix being quite complicated to provide a byzantine fault tolerant decentralised equivalent to WhatsApp or Slack etc - and time has gone into fixing stability and usability rather than performance. Meanwhile performance is getting better, but progress is slow due to tragedy-of-the-commons related funding challenges. We will get there in the end, though.

▲

RadiozRadioz

3 hours ago

[-]

Thanks for the response Matthew! But please go to sleep!

Yes it's unfortunate how much Synapse's unperformant implementation has decreased general confidence in the protocol itself. I'm confident it will get better

▲

rootnod3

3 hours ago

[-]

Just by what people seem to use.

▲

Lammy

7 hours ago

[-]

Pardon my pedantry, but Facebook Chat was never XMPP-based. They ran an XMPP gateway into their proprietary messaging system, but there was no S2S.

▲

syhol

12 hours ago

[-]

My main problem with matrix is that it feels sluggish. I'm told the experience can be improved by running your own homeserver so I'll be trying that sometime this year.

▲

jszymborski

9 hours ago

[-]

In my limited experience, running a homeserver sucked. Really hard to do on limited resources. Then again, that was a long time ago so maybe things have improved and perhaps Dendrite has come along. But Synapse sucked to run IME.

▲

Arathorn

9 hours ago

[-]

Synapse has improved; Dendrite has stagnated due to lack of funding; meanwhile there are also rust-native homeservers like Conduit which are beta but smaller footprint. The plan on the Element side is to keep optimising Synapse - the main win to be had is https://docs.google.com/presentation/d/1pKtLl4vCV3-8xz8crvxW...

▲

jszymborski

8 hours ago

[-]

Those slides were interesting! And I use Claude similarly... kinda like Rubber Duck debugging except it's like Rubber Human debugging.

▲

ekjhgkejhgk

9 hours ago

[-]

LOL if using a chat app requires running a server maybe better just use something that doesn't suck like XMPP?

▲

ekjhgkejhgk

13 hours ago

[-]

Watch the most popular clients[1] gain traction as countries (e.g. UK) pass laws mandating that tech companies backdoor their apps/encryption.

[1] Conversations for Android and Gajim for Debian.

▲

giancarlostoro

12 hours ago

[-]

I'm slowly building my own XMPP client, one key thing I'm running into trouble with is there seems to be no standard library for End to End Encryption other than Signal's own, I don't want to have to relicense my entire project for one dependency, I would rather keep my project Apache licensed. The other problem is voice and video options seem to be married to some Java specific library (Jingle) which is fine if you're using Java, but I'm not, seems nobody has implemented a solution to this in other languages that I'm interested in as well.

For the End to End I could try my best to implement it using existing libraries as pieces I can use, but I'm not comfortable doing that.

▲

MarsIronPI

11 hours ago

[-]

Maybe someday the Snikket SDK[0] will be ready for use. I suppose you could look at it now anyway. Honeybee[1] is already using it for voice.

[0]: https://github.com/snikket-im/snikket-sdk [1]: https://git.sr.ht/~anjan/honeybee

▲

giancarlostoro

11 hours ago

[-]

Funnily enough honeybee is AGPL, but snikket is not, I will take a peek at Snikket, its interesting that it is in fact coded in Haxe. I am always fascinated with the capabilities of Haxe.

▲

singpolyma3

11 hours ago

[-]

Let me know if you have any questions about the SDK (now called https://borogove.dev )

It doesn't have OMEMO in the native builds yet, but that will be happening this year.

We do have voice in the native builds but not video yet.

▲

giancarlostoro

10 hours ago

[-]

Honestly getting voice first would be a good stand out feature, even the glorious Pidgin struggles with it.

▲

rlpb

4 hours ago

[-]

It’s your choice of course, but in the messaging world of gatekeepers and walled gardens, I think AGPL makes the most sense. It’s a key tool we’re going to need if we want to be successful at having a federated network.

▲

jszymborski

9 hours ago

[-]

You might be interested in this article by soatok [0] which discusses OMEMO and XMPP. Soatok has many reservations but I think if you use the most recent OMEMO version I think it should probably be fine.

Also of interest, OpenMLS [1]

[0] https://soatok.blog/2024/08/04/against-xmppomemo/

[1] https://github.com/openmls/openmls

▲

tcfhgj

11 hours ago

[-]

https://github.com/matrix-org/vodozemac

seems like to contain a reimplementation of the Signal Protocol in Rust - apache licensed.

▲

giancarlostoro

10 hours ago

[-]

Curious how they managed that, if its 'clean room' its fine, if they're looking at the source for Signal, that could be bad. Funnily enough, my client is in Rust.

▲

Arathorn

9 hours ago

[-]

it's clean room.

▲

F3nd0

12 hours ago

[-]

I’m not 100% sure on this in the case of AGPL, but I think you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).

So your own code would still be under Apache, and people could follow only the Apache conditions if they only use your code. But combined with the APGL part, the project as a whole would of course have to follow the APGL conditions.

▲

singpolyma3

11 hours ago

[-]

> you don’t need to relicense your project if you include AGPL code; you only need to make sure your project respects all the freedoms the AGPL requires it to (in a suitable way).

correct

▲

giancarlostoro

11 hours ago

[-]

GPL and AGPL typically imply that your entire project is licensed under those conditions is my understanding. I find it silly to licensed something MIT or BSD but pull in some GPL code, since now the entire thing needs to comply. GPL is about end-user freedom by force against the developer. Don't get me wrong I love the GPL, but if I want to use a specific license I rather stick to that license.