commit 7592a3699088b3c18739bcd80d34d5cd266e2e61 Author: RRA Date: Wed Mar 1 22:42:57 2017 +0100 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bb4d462 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +*.pyc +*~ +homebrewserver.club +pelican/plugins + diff --git a/README b/README new file mode 100644 index 0000000..f9ef3a6 --- /dev/null +++ b/README @@ -0,0 +1,6 @@ +This is the repository for the homebrewserver.club website. + +We switched to a pelican driven static website. +Read about the palican workflow [here](pelican_howto.txt) + +All the old material for the previous site is in the branch/old-website diff --git a/no_publish/template.md b/no_publish/template.md new file mode 100644 index 0000000..3f62b71 --- /dev/null +++ b/no_publish/template.md @@ -0,0 +1,46 @@ +Title: This is a template for a post +Date: 2016-5-14 +Category: log +Tags: try-out +Slug: the-template-post +Summary: Write a tweet-lenght summary for syndication across social media +featured_image: https://cdn1.nyt.com/images/2017/02/26/world/26NKOREA3/26NKOREA3-articleLarge.jpg + +This is a template you can use with a short description of some of the syntax. + +**bold** *italics* + +images: +![image description]({filename}images/myimage.png) + +urls: +[http://homebrewserver.club/](This is our webpage) + +references in text: + +hello I need to be referenced[ref] this creates a numbered list at the bottom of the page, not bad no? it can be styles in the [css](http://homebrewserver.club/theme/css/main.css) by addressing the class simple-footnotes[/ref] + +headlines +-- + +smaller headlines? +--- + +code blocks: + + :::console + echo "for general console commands" + +python + :::python + a = "python" + print "also for" + for i in a: + print i + +line numbers + + + #!python + print("line1") + diff --git a/pelican/Makefile b/pelican/Makefile new file mode 100644 index 0000000..ec654fe --- /dev/null +++ b/pelican/Makefile @@ -0,0 +1,125 @@ +PY?=python +PELICAN?=pelican +PELICANOPTS= + +BASEDIR=$(CURDIR) +INPUTDIR=$(BASEDIR)/../raw +#OUTPUTDIR=$(BASEDIR)/../homebrewserver.club +OUTPUTDIR=/var/www/html/ +PUBLISHCONF=$(BASEDIR)/publishconf.py +CONFFILE=$(BASEDIR)/pelicanconf.py + +FTP_HOST=localhost +FTP_USER=anonymous +FTP_TARGET_DIR=/ + +SSH_HOST=homebrewserver.club +SSH_PORT=9292 +SSH_USER=r +SSH_TARGET_DIR=/var/www + +S3_BUCKET=my_s3_bucket + +CLOUDFILES_USERNAME=my_rackspace_username +CLOUDFILES_API_KEY=my_rackspace_api_key +CLOUDFILES_CONTAINER=my_cloudfiles_container + +DROPBOX_DIR=~/Dropbox/Public/ + +GITHUB_PAGES_BRANCH=gh-pages + +DEBUG ?= 0 +ifeq ($(DEBUG), 1) + PELICANOPTS += -D +endif + +RELATIVE ?= 0 +ifeq ($(RELATIVE), 1) + PELICANOPTS += --relative-urls +endif + +help: + @echo 'Makefile for a pelican Web site ' + @echo ' ' + @echo 'Usage: ' + @echo ' make html (re)generate the web site ' + @echo ' make clean remove the generated files ' + @echo ' make regenerate regenerate files upon modification ' + @echo ' make publish generate using production settings ' + @echo ' make serve [PORT=8000] serve site at http://localhost:8000' + @echo ' make serve-global [SERVER=0.0.0.0] serve (as root) to $(SERVER):80 ' + @echo ' make devserver [PORT=8000] start/restart develop_server.sh ' + @echo ' make stopserver stop local server ' + @echo ' make ssh_upload upload the web site via SSH ' + @echo ' make rsync_upload upload the web site via rsync+ssh ' + @echo ' make dropbox_upload upload the web site via Dropbox ' + @echo ' make ftp_upload upload the web site via FTP ' + @echo ' make s3_upload upload the web site via S3 ' + @echo ' make cf_upload upload the web site via Cloud Files' + @echo ' make github upload the web site via gh-pages ' + @echo ' ' + @echo 'Set the DEBUG variable to 1 to enable debugging, e.g. make DEBUG=1 html ' + @echo 'Set the RELATIVE variable to 1 to enable relative urls ' + @echo ' ' + +html: + $(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS) + +clean: + [ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR) + +regenerate: + $(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS) + +serve: +ifdef PORT + cd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT) +else + cd $(OUTPUTDIR) && $(PY) -m pelican.server +endif + +serve-global: +ifdef SERVER + cd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER) +else + cd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0 +endif + + +devserver: +ifdef PORT + $(BASEDIR)/develop_server.sh restart $(PORT) +else + $(BASEDIR)/develop_server.sh restart +endif + +stopserver: + $(BASEDIR)/develop_server.sh stop + @echo 'Stopped Pelican and SimpleHTTPServer processes running in background.' + +publish: + $(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS) + +ssh_upload: publish + scp -P $(SSH_PORT) -r $(OUTPUTDIR)/* $(SSH_USER)@$(SSH_HOST):$(SSH_TARGET_DIR) + +rsync_upload: publish + rsync -e "ssh -p $(SSH_PORT)" -P -rvzc --delete $(OUTPUTDIR)/ $(SSH_USER)@$(SSH_HOST):$(SSH_TARGET_DIR) --cvs-exclude + +dropbox_upload: publish + cp -r $(OUTPUTDIR)/* $(DROPBOX_DIR) + +ftp_upload: publish + lftp ftp://$(FTP_USER)@$(FTP_HOST) -e "mirror -R $(OUTPUTDIR) $(FTP_TARGET_DIR) ; quit" + +s3_upload: publish + s3cmd sync $(OUTPUTDIR)/ s3://$(S3_BUCKET) --acl-public --delete-removed --guess-mime-type --no-mime-magic --no-preserve + +cf_upload: publish + cd $(OUTPUTDIR) && swift -v -A https://auth.api.rackspacecloud.com/v1.0 -U $(CLOUDFILES_USERNAME) -K $(CLOUDFILES_API_KEY) upload -c $(CLOUDFILES_CONTAINER) . + +github: publish + ghp-import -m "Generate Pelican site" -b $(GITHUB_PAGES_BRANCH) $(OUTPUTDIR) + git push origin $(GITHUB_PAGES_BRANCH) + +.PHONY: html help clean regenerate serve serve-global devserver stopserver publish ssh_upload rsync_upload dropbox_upload ftp_upload s3_upload cf_upload github diff --git a/pelican/develop_server.sh b/pelican/develop_server.sh new file mode 100755 index 0000000..2661df3 --- /dev/null +++ b/pelican/develop_server.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +## +# This section should match your Makefile +## +PY=${PY:-python} +PELICAN=${PELICAN:-pelican} +PELICANOPTS= + +BASEDIR=$(pwd) +INPUTDIR=$BASEDIR/content +OUTPUTDIR=$BASEDIR/output +CONFFILE=$BASEDIR/pelicanconf.py + +### +# Don't change stuff below here unless you are sure +### + +SRV_PID=$BASEDIR/srv.pid +PELICAN_PID=$BASEDIR/pelican.pid + +function usage(){ + echo "usage: $0 (stop) (start) (restart) [port]" + echo "This starts Pelican in debug and reload mode and then launches" + echo "an HTTP server to help site development. It doesn't read" + echo "your Pelican settings, so if you edit any paths in your Makefile" + echo "you will need to edit your settings as well." + exit 3 +} + +function alive() { + kill -0 $1 >/dev/null 2>&1 +} + +function shut_down(){ + PID=$(cat $SRV_PID) + if [[ $? -eq 0 ]]; then + if alive $PID; then + echo "Stopping HTTP server" + kill $PID + else + echo "Stale PID, deleting" + fi + rm $SRV_PID + else + echo "HTTP server PIDFile not found" + fi + + PID=$(cat $PELICAN_PID) + if [[ $? -eq 0 ]]; then + if alive $PID; then + echo "Killing Pelican" + kill $PID + else + echo "Stale PID, deleting" + fi + rm $PELICAN_PID + else + echo "Pelican PIDFile not found" + fi +} + +function start_up(){ + local port=$1 + echo "Starting up Pelican and HTTP server" + shift + $PELICAN --debug --autoreload -r $INPUTDIR -o $OUTPUTDIR -s $CONFFILE $PELICANOPTS & + pelican_pid=$! + echo $pelican_pid > $PELICAN_PID + mkdir -p $OUTPUTDIR && cd $OUTPUTDIR + $PY -m pelican.server $port & + srv_pid=$! + echo $srv_pid > $SRV_PID + cd $BASEDIR + sleep 1 + if ! alive $pelican_pid ; then + echo "Pelican didn't start. Is the Pelican package installed?" + return 1 + elif ! alive $srv_pid ; then + echo "The HTTP server didn't start. Is there another service using port" $port "?" + return 1 + fi + echo 'Pelican and HTTP server processes now running in background.' +} + +### +# MAIN +### +[[ ($# -eq 0) || ($# -gt 2) ]] && usage +port='' +[[ $# -eq 2 ]] && port=$2 + +if [[ $1 == "stop" ]]; then + shut_down +elif [[ $1 == "restart" ]]; then + shut_down + start_up $port +elif [[ $1 == "start" ]]; then + if ! start_up $port; then + shut_down + fi +else + usage +fi diff --git a/pelican/fabfile.py b/pelican/fabfile.py new file mode 100644 index 0000000..0e4be8f --- /dev/null +++ b/pelican/fabfile.py @@ -0,0 +1,92 @@ +from fabric.api import * +import fabric.contrib.project as project +import os +import shutil +import sys +import SocketServer + +from pelican.server import ComplexHTTPRequestHandler + +# Local path configuration (can be absolute or relative to fabfile) +env.deploy_path = 'output' +DEPLOY_PATH = env.deploy_path + +# Remote server configuration +production = 'r@homebrewserver.club:9292' +dest_path = '/var/www' + +# Rackspace Cloud Files configuration settings +env.cloudfiles_username = 'my_rackspace_username' +env.cloudfiles_api_key = 'my_rackspace_api_key' +env.cloudfiles_container = 'my_cloudfiles_container' + +# Github Pages configuration +env.github_pages_branch = "gh-pages" + +# Port for `serve` +PORT = 8000 + +def clean(): + """Remove generated files""" + if os.path.isdir(DEPLOY_PATH): + shutil.rmtree(DEPLOY_PATH) + os.makedirs(DEPLOY_PATH) + +def build(): + """Build local version of site""" + local('pelican -s pelicanconf.py') + +def rebuild(): + """`build` with the delete switch""" + local('pelican -d -s pelicanconf.py') + +def regenerate(): + """Automatically regenerate site upon file modification""" + local('pelican -r -s pelicanconf.py') + +def serve(): + """Serve site at http://localhost:8000/""" + os.chdir(env.deploy_path) + + class AddressReuseTCPServer(SocketServer.TCPServer): + allow_reuse_address = True + + server = AddressReuseTCPServer(('', PORT), ComplexHTTPRequestHandler) + + sys.stderr.write('Serving on port {0} ...\n'.format(PORT)) + server.serve_forever() + +def reserve(): + """`build`, then `serve`""" + build() + serve() + +def preview(): + """Build production version of site""" + local('pelican -s publishconf.py') + +def cf_upload(): + """Publish to Rackspace Cloud Files""" + rebuild() + with lcd(DEPLOY_PATH): + local('swift -v -A https://auth.api.rackspacecloud.com/v1.0 ' + '-U {cloudfiles_username} ' + '-K {cloudfiles_api_key} ' + 'upload -c {cloudfiles_container} .'.format(**env)) + +@hosts(production) +def publish(): + """Publish to production via rsync""" + local('pelican -s publishconf.py') + project.rsync_project( + remote_dir=dest_path, + exclude=".DS_Store", + local_dir=DEPLOY_PATH.rstrip('/') + '/', + delete=True, + extra_opts='-c', + ) + +def gh_pages(): + """Publish to GitHub Pages""" + rebuild() + local("ghp-import -b {github_pages_branch} {deploy_path} -p".format(**env)) diff --git a/pelican/make_post.py b/pelican/make_post.py new file mode 100644 index 0000000..043b892 --- /dev/null +++ b/pelican/make_post.py @@ -0,0 +1,38 @@ +import sys +from datetime import datetime + +TEMPLATE = """ +Title: {title} +Date: {year}-{month}-{day} {hour}:{minute:02d} +Tags: +Category: +Slug: {slug} +Ssummary: + + +""" + + +def make_entry(title): + today = datetime.today() + slug = title.lower().strip().replace(' ', '-') + f_create = "../raw/{}_{:0>2}_{:0>2}_{}.md".format( + today.year, today.month, today.day, slug) + t = TEMPLATE.strip().format(title=title, + year=today.year, + month=today.month, + day=today.day, + hour=today.hour, + minute=today.minute, + slug=slug) + with open(f_create, 'w') as w: + w.write(t) + print("File created -> " + f_create) + + +if __name__ == '__main__': + + if len(sys.argv) > 1: + make_entry(sys.argv[1]) + else: + print "No title given" diff --git a/pelican/pelicanconf.py b/pelican/pelicanconf.py new file mode 100644 index 0000000..baed0bf --- /dev/null +++ b/pelican/pelicanconf.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- # +from __future__ import unicode_literals + +AUTHOR = u'hbsc' +SITENAME = u'homebrewserver.club' +SITEURL = '' + + +TIMEZONE = 'Europe/Paris' + +DEFAULT_LANG = u'en' + +# Feed generation is usually not desired when developing +FEED_ALL_ATOM = None +CATEGORY_FEED_ATOM = None +TRANSLATION_FEED_ATOM = None +AUTHOR_FEED_ATOM = None +AUTHOR_FEED_RSS = None + +# Blogroll +#LINKS = (('Pelican', 'http://getpelican.com/'), +# ('Python.org', 'http://python.org/'), +# ('Jinja2', 'http://jinja.pocoo.org/'), +# ('You can modify those links in your config file', '#'),) + +# Social widget +#SOCIAL = (('You can add links in your config file', '#'), +# ('Another social link', '#'),) + +DEFAULT_PAGINATION = False + +# Uncomment following line if you want document-relative URLs when developing +#RELATIVE_URLS = True + +PLUGIN_PATHS = ['./plugins'] +PLUGINS = ['extract_toc','better_figures_and_images', 'summary', 'simple_footnotes'] # ,'pelican-open_graph'] #<-- cant get that one to work +MD_EXTENSIONS = ['codehilite', 'extra', 'smarty', 'toc'] + +PATH = '../raw' +OUTPUT_PATH = '/var/www/html/' +STATIC_PATHS = ['extra', 'fonts','images', 'pdfs', 'downloads'] +EXTRA_PATH_METADATA = { + 'extra/robots.txt': {'path': 'robots.txt'}, + 'extra/favicon.ico': {'path': 'favicon.ico'}, + 'extra/htaccess': {'path': '.htaccess'} +} + +DISPLAY_PAGES_ON_MENU = False +DISPLAY_CATEGORIES_ON_MENU = False + +MENUITEMS=( + ('HOME', '/'), + ('ABOUT', '/pages/about.html'), + ('TOPICS', '/categories.html'), + ('LINKS', '/pages/links.html') +) +THEME = 'themes/homebrewserver.club' + diff --git a/pelican/publishconf.py b/pelican/publishconf.py new file mode 100644 index 0000000..ac12fe4 --- /dev/null +++ b/pelican/publishconf.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- # +from __future__ import unicode_literals + +# This file is only used if you use `make publish` or +# explicitly specify it as your config file. + +import os +import sys +sys.path.append(os.curdir) +from pelicanconf import * + +SITEURL = 'http://homebrewserver.club/' +RELATIVE_URLS = False + +FEED_ALL_ATOM = 'feeds/all.atom.xml' +CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml' + +DELETE_OUTPUT_DIRECTORY = True + +# Following items are often useful when publishing + +#DISQUS_SITENAME = "" +#GOOGLE_ANALYTICS = "" diff --git a/pelican_howto.txt b/pelican_howto.txt new file mode 100644 index 0000000..09b01cf --- /dev/null +++ b/pelican_howto.txt @@ -0,0 +1,96 @@ +hi, + +Now that we're writing articles and all.. +this is my proposed approach to the new hbsc website, a static blog generated with pelican. +the advantages of this is that you create very fast, light websites and don't need to run any kind of CMS or other heavy stuff. Plus its a great way to over-engineer what could have been a very simple website. + +it takes some getting used to, so here are some steps to get you going: + +░█▀█░█░█░█▀▄░█░░░▀█▀░█▀▀░█░█░▀█▀░█▀█░█▀▀ +░█▀▀░█░█░█▀▄░█░░░░█░░▀▀█░█▀█░░█░░█░█░█░█ +░▀░░░▀▀▀░▀▀░░▀▀▀░▀▀▀░▀▀▀░▀░▀░▀▀▀░▀░▀░▀▀▀ + workflow: + +firstoff start by enabling the pelican virtualenv: + workon pelican + +Follow this guide for setting up the virtualenv: +https://www.notionsandnotes.org/tech/web-development/pelican-static-blog-setup.html + +If you run into any kind of problem where files / commands are missing, you're likely +not using the virtualenv. Deactive the virtualenv by running: + deactivate + +write new posts by making new .md files in the directory +/opt/hbsc_site/raw/ + +If you wish to start from a template of a post: +cp /opt/hbsc_site/no_publish/template.md /opt/hbsc_site/raw/mypost.md + +alternatively you can use make_post.py in /opt/hbsc_site/pelican to generate +a post template including dates like so: +python make_post.py hey_this_is_a_post + +to generate the website go to hbsc_site/pelican and run: + make html + +the files are written to /opt/hbsc_site/homebrewserver.club + +if you're working on the theme it might be nice to open another terminal (login again or use screen/tmux) and run: + make regenerate + +this will regenerate the website upon each file modification. very nice. + +to finally publish: + make publish + +this will copy the site to /var/www/html/ + +How to organize content: +raw/ +├── extra <-- static stuff +│   └── robots.txt +├── fonts <-- static fonts +│   └── TerminusTTF-Italic-4.40.1.ttf +├── images <-- if you want images in your posts, add them here +│   └── myimage.png +├── pages <-- static pages +│   └── about.md +├── template.md <-- your posts +└── testing.md + + + +░█▀▀░█░█░█▀█░▀█▀░█▀█░█░█ +░▀▀█░░█░░█░█░░█░░█▀█░▄▀▄ +░▀▀▀░░▀░░▀░▀░░▀░░▀░▀░▀░▀ + +You can write your posts either in markdown or restructured text. + +For Markdown here's a useful cheatsheet: +https://sourceforge.net/p/pelican-edt/wiki/markdown_syntax/ + +further examples (of enabled plugins) are in /opt/hbsc_site/no_publish/template.md + + + + +░█▀▀░█▀▄░▀█▀░▀█▀░▀█▀░█▀█░█▀▀ +░█▀▀░█░█░░█░░░█░░░█░░█░█░█░█ +░▀▀▀░▀▀░░▀▀▀░░▀░░▀▀▀░▀░▀░▀▀▀ + stuff: + +change the template and css style by editing the files in +/opt/hbsc_site/pelican/themes/homebrewserver.club/ + +for things such as enabling plugins edit the conf files in +/opt/hbsc_site/pelican/ + +░▀█▀░█▄█░█▀█░█▀▄░█▀█░█░█░█▀▀░█▄█░█▀▀░█▀█░▀█▀ +░░█░░█░█░█▀▀░█▀▄░█░█░▀▄▀░█▀▀░█░█░█▀▀░█░█░░█░ +░▀▀▀░▀░▀░▀░░░▀░▀░▀▀▀░░▀░░▀▀▀░▀░▀░▀▀▀░▀░▀░░▀░ + much room for it + +like: lets track the whole thing with git? +I've added some stuff in the theme for syndication and SEO (see also: https://github.com/talha131/onCrashReboot/blob/master/content/Elegant%20-%20Pelican%20Theme/seo-social-media-tags.md) +this syndycation stuff can be found in /opt/hbsc_site/pelican/theme/homebrewserver.club/template/syndication.html diff --git a/raw/beginners_guide_to_xmpp_speak.md b/raw/beginners_guide_to_xmpp_speak.md new file mode 100644 index 0000000..4640afb --- /dev/null +++ b/raw/beginners_guide_to_xmpp_speak.md @@ -0,0 +1,108 @@ +Title: Beginners guide to XMPP-speak +Date: 2017-2-28 +Category: xmpp +Tags: xmpp, lexicon, terminology +Slug: beginners-guide-to-xmpp-speak +Summary: placeholder +status: draft + + + +XMPP - +Extensible Messaging and Presence Protocol + + +Jabber - +The original name of the [Extensible Messaging and Presence Protocol](https://en.wikipedia.org/wiki/XMPP) (XMPP), the open technology for instant messaging and presence. [Jabber.org](https://en.wikipedia.org/wiki/Jabber.org) is the original instant messaging (IM) service based on XMPP. + + +MUC - +"Multi User Chat", a groupchat + + +ROSTER - +is your list of contacts + + + +XEP - XMPP Extension Protocol - + +* [XEP-0045 MUC](https://xmpp.org/extensions/xep-0045.html) - Multi User Conference, in other words, group chats. + +* [XEP-0163: PEP](http://xmpp.org/extensions/xep-0163.html) - Personal Eventing Protocol allows amongst others for automatically publishing avatars and OMEMO public keys + +* [XEP-0313: MAM](http://xmpp.org/extensions/xep-0313.html) - Message Archive Management, an extension that allows one to receive messages while offline) + + +federated server - +A group of decentralised servers that agreed upon certain standards to communicate with eachother. The federated XMPP protocol enables the user to select a client of preference and connect to a XMPP server of choice. + + +centralized service - +A vertical integrated service that includes both the client- and server software. + +## Software: Clients +As featured in our guide on [XMPP clients](http://homebrewserver.club/picking-modern-xmpp-clients.html): + + +[Conversations](https://conversations.im/) - Mobile client for Android + + +[Gajim](https://gajim.org/) - Desktop client for Linux distributions + + +[ChatSecure](http://chatsecure.org/) - Mobile client for Apple iOS, 'experimental', but in active development + + +[Adium](https://adium.im/) - Desktop client for Apple OSX + +[There are many more clients available](https://xmpp.org/software/clients.html). Check your local F-Droid/Google Play Store/AppStore. + +## Software: Server + + +[Prosody](http://prosody.im/) - XMPP Server software in active development (as of 2017). + +## Encyption methods + + +C2S - The connection between a client and the server + + +S2S - The conneciton between servers + + +E2E - End-to-end encryption encrypts the content of a message, so that only the sender and receiver at the ends of the communication chain can read it. + +### https/SSL/server-to-server encryption +Encrypts information while it is transfered, but the server can still read it. + +### OMEMO/end-to-end encryption +The information is encrypted, and also the server cannot read it . + + +OTR - +"off the record" + + +OMEMO - +OMEMO Multi-End Message and Object Encryption, OMEMO is the XMPP implementation of the Double Ratchett encryption algorithm developed for Signal by Moxie Marlinspike/Open Whisper Systems. + is a client2client encryption tool, it encrypts messages between two conversations. + + +TOFU - +trust on first use (Blindly assumes the received fingerprint is trusted and is therefore checked as verified. Used in ChatSecure for OTR and OMEMO, called 'Blind Trust' in Conversations + + +OpenPGP - +Pretty good Privacy, the oldest available method of end-to-end encryption which requires quite some knowledge and maintenance by users. OMEMO is designed to provide similar or better encryption with less hassle. To use OpenPGP in Conversation athird party app called OpenKeyChain is required. + + +Threat Model - +... + +This list is partly based [on this glossary](https://wiki.xmpp.org/web/Usability/Glossary) + +------------------------------------------------ + +This guide is a companion to our article [Have You Considered The Alternative?](http://homebrewserver.club/have-you-considered-the-alternative.html) on instant messaging. Also check out our guide on [configuring the self-hosted XMPP server Prosody](http://homebrewserver.club/configuring-a-modern-xmpp-server.html), and our guide on [XMPP clients](http://homebrewserver.club/picking-modern-xmpp-clients.html). diff --git a/raw/configuring_an_xmpp_server.md b/raw/configuring_an_xmpp_server.md new file mode 100644 index 0000000..974129f --- /dev/null +++ b/raw/configuring_an_xmpp_server.md @@ -0,0 +1,155 @@ +Title: Configuring an XMPP server for secure, mobile instant messaging +Date: 2017-2-10 +Category: xmpp +Tags: xmpp, chat, guide, instant messaging, prosody +Slug: configuring-a-modern-xmpp-server +status: draft + +This is a guide to set up a modern XMPP server focused on security and mobile messaging. The whole guide further assumes one is using Debian as a server and that you will end up hosting a few of your friends. It further assumes you have some basic skills working on a linux command line. + +To make your server communicate make sure following ports are open in your firewall: + + :::console + 5222 (for client to server) + 5269 (server to server) + 5280 (default http port for prosody) + 5281 (default https port for prosody) + + +Enabling HTTPS +--- + +First we acquire a signed HTTPS-certificate via Let's Encrypt: +This is among others required for Gajim plugins to work properly; self-generated certs will not work. + +Install Certbot and get new certificates for your domain (replace myserver.org with your own): + + :::console + wget https://dl.eff.org/certbot-auto + chmod a+x certbot-auto + certbot-auto certonly -d muc.placeholderdomain.org -d dump.placeholderdomain.org -d placeholderdomain.org-d placeholderdomain.org + +Should you succeed, you will be able to read something like: + + :::console + Congratulations! Your certificate and chain have been saved at + /etc/letsencrypt/live/placeholderdomain.org/fullchain.pem. Your cert will + expire on 2017-02-13. To obtain a new or tweaked version of this + certificate in the future, simply run certbot-auto again. To + non-interactively renew *all* of your certificates, run + "certbot-auto renew" + +Take note of the path where the certificate is stored as we will use it later. + +Installing and setting up MySQL as a storage back-end +--- + +First update your repositories and install MySQL + + :::console + apt-get update && apt-get install mysql-server + +Run mysql as the root user: + + :::console + mysql -u root -p + +In mysql: + + :::console + mysql> create database prosody; + mysql> show databases; + +Result should be something like: + + :::console + +--------------------+ + | Database | + +--------------------+ + | information_schema | + | mysql | + | performance_schema | + | prosody | + +--------------------+ + + 4 rows in set (0.00 sec) + +Create a database account for prosody + + :::console + mysql> create user prosody; + +Give the user prosody the rights to access the database, make sure to change the password and take note of it + + :::console + mysql> grant all on prosody.* to 'prosody'@'localhost' identified by 'userPassword'; + +Exit mysql: + + :::console + exit; + +Installing and configuring Prosody, the XMPP server +--- + +Install the newest version of Prosody and its dependencies from the official prosody repository: + + :::console + echo "deb http://packages.prosody.im/debian wheezy main" >> /etc/apt/sources.list + + wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - + + apt-get install prosody lua-dbi-mysql lua-zlib + +Add the Let's Encrypt Certificates to Prosody and make sure Prosody can use them + + :::console + cp /etc/letsencrypt/live/myserver.org/*.pem /etc/prosody/certs/ + +Make sure the certificates are owned by prosody and legible only by root: + + :::console + chown -R prosody:prosody /etc/prosody/ + chmod -R 700 /etc/prosody/certs/ + +Install the newest prosody plugins: + + :::console + apt-get install mercurial + cd /usr/src + hg clone https://hg.prosody.im/prosody-modules/ prosody-modules + +Make a backup of the default prosody configuration and install [the one by the homebrewserver.club]({filename}/downloads/prosody.cfg.lua) + + :::console + cd /etc/prosody + cp prosody.cfg.lua prosody.cfg.lua.original + wget http://homebrewserver.club/downloads/prosody.cfg.lua + +Replace all instances of the placeholder domain name and passwords in the config file with your own: + + :::console + sed -i 's/placeholderdomain.org/yourdomain.net/g' prosody.cfg.lua && sed -i 's/userPassword/yourownpassword/g' prosody.cfg.lua + +Alternatively you can change them by hand. They are on line 61, 69, 72, 75 of prosody.cfg.lua + +Finishing up +--- + +After you've set up all of the above it is time to start the server: + + :::console + /etc/init.d/prosody restart + +Users can be added from the command line, you will also be prompted for a password: + + :::console + prosodyctl adduser me@placeholderdomain.org + +Alternatively you can change "allow_registration = false;" to "allow_registration = true;" in the config (line 35) to allow users to register accounts on your server via their clients. + +Now you can try connecting to your own server by using a client like Gajim or Conversations. Login with the above configured username and password. + +If you have questions about Prosody, the project's [documentation](http://prosody.im/doc) is quite good. If you can't find answers there, try contacting prosody developers and users directly via [the Prosody XMPP chatroom](xmpp://prosody.conference.prosody.im?join) + +This guide is a companion to our article [Have You Considered The Alternative?](http://homebrewserver.club/have-you-considered-the-alternative.html) on instant messaging. Also check out our guide on [XMPP clients](http://homebrewserver.club/404). diff --git a/raw/downloads/prosody.cfg.lua b/raw/downloads/prosody.cfg.lua new file mode 100644 index 0000000..41dde41 --- /dev/null +++ b/raw/downloads/prosody.cfg.lua @@ -0,0 +1,82 @@ +-- a custom prosody config focused on high security and ease of use across (mobile) clients +-- provided to you by the homebrewserver.club +-- the original config file (prosody.cfg.lua.original) will have more information + +plugin_paths = { "/usr/src/prosody-modules" } -- non-standard plugin path so we can keep them up to date with mercurial + +modules_enabled = { + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "private"; -- Private XML storage (for room bookmarks, etc.) + "vcard"; -- Allow users to set vCards + "compression"; -- Stream compression (requires the lua-zlib package installed) + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "register"; --Allows clients to register an account on your server + "pep"; -- Enables users to publish their mood, activity, playing music and more + "carbons"; -- XEP-0280: Message Carbons, synchronize messages accross devices + "smacks"; -- XEP-0198: Stream Management, keep chatting even when the network drops for a few seconds + "mam"; -- XEP-0313: Message Archive Management, allows to retrieve chat history from server + "csi"; -- XEP-0352: Client State Indication + "http"; -- mod_http needed for XEP-363 + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + "blocking"; -- XEP-0198 blocking of users + --"cloud_notify"; -- Support for XEP-0357 Push Notifications for compatibility with ChatSecure/iOS. + -- iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. Enabling this module allows your server to do that for your contacts on iOS. + -- However we leave it commented out as it is another example of vertically integrated cloud platforms at odds with federation, with all the meta-data-based surveillance consequences that that might have. +}; + +allow_registration = false; -- Enable to allow people to register accounts on your server from their clients, for more information see http://prosody.im/doc/creating_accounts + +-- These are the SSL/TLS-related settings. +ssl = { + certificate = "/etc/prosody/certs/fullchain.pem"; + key = "/etc/prosody/certs/privkey.pem"; +} + +c2s_require_encryption = true -- Force clients to use encrypted connections + +-- Force certificate authentication for server-to-server connections? +-- This provides ideal security, but requires servers you communicate +-- with to support encryption AND present valid, trusted certificates. +-- NOTE: Your version of LuaSec must support certificate verification! +-- For more information see http://prosody.im/doc/s2s#security + +s2s_secure_auth = false + +pidfile = "/var/run/prosody/prosody.pid" + +authentication = "internal_hashed" + +storage = "sql" + +-- Make sure to change the password +sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "userPassword", host = "localhost" } + +log = { + info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging + error = "/var/log/prosody/prosody.err"; + "*syslog"; +} + +VirtualHost "placeholderdomain.org" + +-- Enable http_upload to allow image sharing across multiple devices and clients +Component "dump.placeholderdomain.org" "http_upload" + +---Set up a MUC (multi-user chat) room server on conference.example.com: +Component "muc.placeholderdomain.org" "muc" + +compression_level = 9 + +After you've set up all of the above it is time to start the server: + /etc/init.d/prosody restart + +Users can be added from the command line, you will also be prompted for a password: + prosodyctl adduser me@placeholderdomain.org diff --git a/raw/extra/favicon.ico b/raw/extra/favicon.ico new file mode 100644 index 0000000..3a89334 Binary files /dev/null and b/raw/extra/favicon.ico differ diff --git a/raw/extra/hbsc2.gif b/raw/extra/hbsc2.gif new file mode 100644 index 0000000..9e92e8f Binary files /dev/null and b/raw/extra/hbsc2.gif differ diff --git a/raw/extra/hbsc_blue.gif b/raw/extra/hbsc_blue.gif new file mode 100644 index 0000000..c2e8f59 Binary files /dev/null and b/raw/extra/hbsc_blue.gif differ diff --git a/raw/extra/omemo.png b/raw/extra/omemo.png new file mode 100644 index 0000000..12b18af Binary files /dev/null and b/raw/extra/omemo.png differ diff --git a/raw/extra/robots.txt b/raw/extra/robots.txt new file mode 100644 index 0000000..0f7cdb7 --- /dev/null +++ b/raw/extra/robots.txt @@ -0,0 +1,3 @@ +User-Agent: * +Disallow: +test diff --git a/raw/favicon.ico b/raw/favicon.ico new file mode 100644 index 0000000..3a89334 Binary files /dev/null and b/raw/favicon.ico differ diff --git a/raw/fonts/TerminusTTF-4.40.1.ttf b/raw/fonts/TerminusTTF-4.40.1.ttf new file mode 100644 index 0000000..3eb75d2 Binary files /dev/null and b/raw/fonts/TerminusTTF-4.40.1.ttf differ diff --git a/raw/fonts/TerminusTTF-Bold Italic-4.40.1.ttf b/raw/fonts/TerminusTTF-Bold Italic-4.40.1.ttf new file mode 100644 index 0000000..61318d4 Binary files /dev/null and b/raw/fonts/TerminusTTF-Bold Italic-4.40.1.ttf differ diff --git a/raw/fonts/TerminusTTF-Bold-4.40.1.ttf b/raw/fonts/TerminusTTF-Bold-4.40.1.ttf new file mode 100644 index 0000000..1ee87df Binary files /dev/null and b/raw/fonts/TerminusTTF-Bold-4.40.1.ttf differ diff --git a/raw/fonts/TerminusTTF-Italic-4.40.1.ttf b/raw/fonts/TerminusTTF-Italic-4.40.1.ttf new file mode 100644 index 0000000..317925d Binary files /dev/null and b/raw/fonts/TerminusTTF-Italic-4.40.1.ttf differ diff --git a/raw/have_you_considered.md b/raw/have_you_considered.md new file mode 100644 index 0000000..3bb0113 --- /dev/null +++ b/raw/have_you_considered.md @@ -0,0 +1,82 @@ +Title: Have you considered the alternative? +Date: 2017-2-10 +Category: xmpp +Tags: xmpp, signal, conversations, instant messaging, political economy +Slug: have-you-considered-the-alternative +status: draft + +>"Remember, when advertising is involved you the user are the product. [...] +>When people ask us why we charge for WhatsApp, we say 'Have you considered the alternative?'" + +Brian Acton and Jan Koum, June 2012[ref][https://blog.whatsapp.com/245/Why-we-dont-sell-ads](https://blog.whatsapp.com/245/Why-we-dont-sell-ads)[/ref] + +>"Facebook today announced that it has reached a definitive agreement to acquire WhatsApp, a rapidly growing cross-platform mobile messaging company, +>for a total of approximately $16 billion, including $4 billion in cash and approximately $12 billion worth of Facebook shares." + + Facebook Newsroom, February 2014[ref][http://newsroom.fb.com/news/2014/02/facebook-to-acquire-whatsapp/](http://newsroom.fb.com/news/2014/02/facebook-to-acquire-whatsapp/)[/ref] + +>"[B]y coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. +>And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them." + + Brian Acton and Jan Koum, August 2016[ref][https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsApp](https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsApp)[/ref] + + +Pattern Recognition +--- + +WhatsApp started out full of dreams: "we want WhatsApp to be the product that keeps you awake...and that you reach for in the morning. No one jumps up from a nap and runs to see an advertisement"[ref][https://blog.whatsapp.com/245/Why-we-dont-sell-ads](https://blog.whatsapp.com/245/Why-we-dont-sell-ads)[/ref] . When they thought of WhatsApp, Brian Acton and Jan Koum were very keen on *not* selling our user data for targeted advertisement purposes. So they charged a nominal rate for the use of their service, rightfully pointing out the hidden cost of using free services. + +In the year of 2014 however, WhatsApp was bought by Facebook, thus joining the social network's happy and expanding family of venture capital investments, a family including Instagram, purchased in April 2012, and Oculus VR, purchased the month before. At the time, many, and with good reason, worried about the changes this acquisition could entail for WhatsApp. Eventually, in August 2016, WhatsApp users everywhere learned about what was in fact unavoidable. The company that built its reputation upon an ad-free ethic, would now be sharing private user information with Facebook, its parent company. So we, the users, are the product after all, and as expected, this is presented in the form of an *improvement* of the user experience. Thanks to the tighter coordination between WhatsApp and Facebook, we can now more easily find our friends or see more valuable messages from the companies that truly matter to us. Of course, small footnote, these 'benefits' comes at the price of sharing our phone number and other private data with Facebook—though, trusting their word, not the content of the messages themselves. + +Facebook does this for the simple reason that it needs to increase its market share on mobile devices[ref][https://www.theguardian.com/technology/2016/aug/25/whatsapp-to-give-users-phone-number-facebook-for-targeted-ads](https://www.theguardian.com/technology/2016/aug/25/whatsapp-to-give-users-phone-number-facebook-for-targeted-ads[)[/ref]; the family of Whatsapp, Facebook and Instagram are all *different* channels leading to this same purpose. One of the consequences of this is that while Facebook's chat function can still be used on their mobile website, plans are that we will soon be forced to install Facebook Messenger should we wish to continue using it on our mobile phones[ref][https://www.theguardian.com/technology/2016/jun/06/facebook-forcing-messenger-app-explainer]([https://www.theguardian.com/technology/2016/jun/06/facebook-forcing-messenger-app-explainer)[/ref]. Once again, in a stroke of pure genius and creativity, this move is being marketed as a way to provide us with the best experience ever. And we can use it with just a phone number, we don't even need a Facebook account. That way, their user base expands along with their profits. + +Every time there is a breach of user trust—read: a change in the Terms of Service—or news regarding network surveillance, people are on the lookout for an alternative, and rightfully so. In these moments there are many also willing to promote such *alternatives*, usually in the form of yet another disruptive app. After the purchase of Whatsapp, for example, Telegram was advertised as the alternative. After it became clear that Telegram had dreadful security, people promoted Viber. Then Snapchat, then Threema, then Allo and now Signal. There is a reason why we’re falling into this pattern of needing alternatives to the alternatives. And that is because... + +There are no alternatives. +--- + +There's a tendency to oversimplify the issues related to the use of these apps as merely a privacy matter, and not even that is sufficiently addressed. While each of the aforementioned apps are alternative companies and brands, what these alternatives all have in common is that they share the same model. A model that revolves around centralized services, vendor lock-in and marketing related surveillance, and all of that within a neoliberal context of the free market. These alternatives therefore promote themselves as more than just an alternative, but also as competing products, usually highlighting a particular feature lacking in rivals' products. Remember that ill-fated, super cool, nice looking alternative to Facebook, Ello? It gained a lot of traction out of legitimate concerns with Facebook's modus operandi, promoting itself as an alternative for its nice features and its promise not to use advertising. But as Aral Balkan was quick to point out, allowing investments by venture capital firms meant the project was dead before it really began[ref][https://ar.al/notes/ello-goodbye/](https://ar.al/notes/ello-goodbye/)[/ref]. Taking these investments, which allowed them to scale as a platform, also meant that they would, at some point, *have* to make a lot of money for their investors. How? By selling ad space or information about their users. The reason the pattern keeps repeating itself is not because the makers of these apps always secretly intended to sell your data while saying they wouldn’t. The reason is that they have no choice within the economic system they choose to operate in. + +Cryptography matters, but then it also doesn’t +--- + +The latest competitive feature—one might even say, marketing trick—to make concerned users switch from one alternative to another is cryptography, the act of coding messages during communication. This strategy works well because the vast majority of people are not really informed when it comes down to the technicalities of cryptography, so this discourse mostly serves to throw bedazzling sparkles in our eyes. To be sure, cryptography is fundamental for privacy. However, the main privacy threat in the context of using these apps isn't the potential of a government eavesdropping on our communications. The privacy threat is the wholesale and increasing dependence on centralized services which revolve around the surveillance and monetization of user information. In 2016, both WhatsApp and Facebook Messenger enabled end-to-end encryption[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#e2e) to address increasing privacy concerns. Adding *crypto* to a communication app in this case merely obfuscates a concern about the hegemony of these platforms. In essence, the issue of privacy is much larger than just the lack of cryptography; the conditions that threaten privacy are structural and economic and not resolved by a *patch* or a new feature. + +This issue is further stressed when looking at the question of metadata, that is to say, data about data, which in the case of communication applications is everything but the communication data itself. When WhatsApp started sharing, among other things, its users' phone numbers with its parent company, Facebook, it went to great lengths to guarantee us that the content of our messages was still perfectly secure, impossible to be read by both WhatsApp and Facebook. The argument stating that "It's only metadata, don't worry" has been however debunked numerous times. Even though these platforms would love us to believe otherwise, metadata is neither a trivial disposable by-product, nor it is anonymous. And assuming that the crypto is sound and that the app running this crypto is not flawed, cross-referencing several databases containing metadata will always produce an array of very personal information, that in itself is much more valuable than encrypted naked selfies. Thus it should be no surprise that former NSA director Michael Hayden infamously said in 2012 "we kill based on metadata"[ref][https://www.youtube.com/watch?v=UdQiz0Vavmc](https://www.youtube.com/watch?v=UdQiz0Vavmc)[/ref] and later argued in 2015 that metadata should be the main area of focus of surveillance activities, and not the creation of backdoors within crypto, or the banning of the latter[ref][https://www.c-span.org/video/?402284-1/discussion-immigration-policy-national-security](https://www.c-span.org/video/?402284-1/discussion-immigration-policy-national-security)[/ref]. + +In short, both Whatsapp and FacebookMessenger can afford to deploy end-to-end encryption for your messages because it won’t hurt their bottom line, which is making money based on the surveillance of your behavior and your social graph. Adding crypto thus merely patches your privacy worries, but not the threat to it. + +The Wrong Signal[ref][https://it-kollektiv.com/wrong-signal-das-falsche-signal-engl/](https://it-kollektiv.com/wrong-signal-das-falsche-signal-engl/)[/ref] +--- + +The end-to-end encryption enabled in WhatsApp and Facebook Messenger has been developed by Open Whisper Systems, a non-profit run by crypto-celebrity Moxie Marlinspike. OWS also developed the algorithm for their own instant messaging application, Signal, and then open-sourced it. Signal itself is now the latest app being promoted as an alternative to WhatsApp and is hailed as the panacea of both security and usability. It even has the backing of members of the dissident elite such as Edward Snowden. + +While OWS provides thorough expertise in the field of cryptography, Marlinspike is currently advocating centralisation as the only answer towards user-friendly, fast and secure messaging apps. Decentralisation, according to him, has no place in the modern world and apparently hampers innovation. However, some of his arguments have not remained unchallenged. In particular, where Marlinspike accuses federation of stalling evolution[ref][https://whispersystems.org/blog/the-ecosystem-is-moving/](https://whispersystems.org/blog/the-ecosystem-is-moving/)[/ref], Daniel Gultsch[ref][https://gultsch.de/objection.html](https://gultsch.de/objection.html)[/ref] provides a counter argument by using the Web as an example of successful federation system[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#federated). Furthermore, Gultsch states that the problem is not that federation doesn't adapt, but rather that there are problems with its implementation for a very significant reason: software developers working on federated systems mostly work for free in their spare time or with little means, given the difficulty to moneytise a system which design can only succeed if it is open and can be appropriated easily beyond its original scope, and thus making its capitalisation particularly challenging. In that sense, the most interesting aspect of this debate is that while Marlinspike seems to defend his product from a technological perspective, Gultsch's counter argument moves back the discussion to the context of political economy. + +Daniel Gultsch is an important counter-voice because he is the main developer behind Conversations[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#conversations). This open-source instant messaging app tries to be both accessible for new users as well as provide enough flexibility for more advanced users. In that regard, Conversations itself does not manage to escape the logic of competition and the discourse around *alternative* superior apps discussed previously. However, its approach is significantly different because unlike any other apps, Conversations is not a complete solution, nor does it present itself as such. It is a client that relies on federation, which means that it allows for people to chat with each other regardless of what provider they are using. In concrete terms, there is no central server directly connected to Conversations, but Conversations can connect to different chat servers. This is possible because Conversations is built upon a long-lived messaging protocol called XMPP[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#xmpp). + +XMPP, the federated messaging protocol +--- + +Up to a few years ago XMPP and its implementations were lagging behind in terms of mobile features, usability and interface design[ref][https://op-co.de/blog/posts/mobile_xmpp_in_2014/](https://whispersystems.org/blog/the-ecosystem-is-moving/)[/ref]. That was the so-called lack of evolution Moxie pointed out. But recently Gultsch and the other contributors to Conversations have managed to bring XMPP up to speed with the functionality of well known mobile messenger applications. Not only did this demonstrate that bridging the gap could be done technically, but it also had the effect of breathing new life into the XMPP community. An example of this new energy was the initiative to create and implement OMEMO[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#omemo), an XMPP Extension Protocol[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#xep) that provides multi-user end-to-end encryption and which is based on Signal's own encryption algorithm. Ever since a growing number of clients have started implementing OMEMO, including Gajim[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#gajim) for desktops and ChatSecure[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#chatsecure) for iPhones[ref][https://omemo.top/](https://omemo.top/)[/ref]. + +Gultsch's succeeded[ref]His XMPP client Conversations has been installed between [10 and 50 thousand times](https://play.google.com/store/apps/details?id=eu.siacs.conversations&hl=en) and he is able to live off and work full-time on the project[/ref] precisely because of understanding the technical underpinnings of centralized services[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#centralized) such as WhatsApp or Signal. It is however a bitter-sweet victory, because as Gultsch articulated in his defense of decentralisation, the main difference between centralised and decentralised implementations is not only technical, but also a matter of economic sustainability. In other words, if his ongoing efforts show that it is possible to have a satisfying and safe user experience *while* using federated alternatives, this is only possible because, unlike any other XMPP client developers, he is in the position of working on this project full time. The problem has not been solved but shifted. +If economically sustainable XMPP federation were to scale to the point of being as successful as the centralised solution offered by Signal, it would have to face the consequences of doing so in the context of a free market driven competition. In that situation, each XMMP client's economic viability would depend heavily on its capacity to capture enough users that can provide income for their developers. The problem therefore is not so much a problem of the technical or economical sustainability of federation, but more a problem of the economical sustainability of open standards and protocols in a world saturated with solutionist business models. After all, many years ago, Google and Facebook did provide XMPP support in their chat applications before deciding to close its interoperability. + + +Approaches not Apps +--- + +Given the different problems mapped in this text, it becomes difficult to blindly recommend Conversations as the superior alternative, that is to say, a near drop-in replacement to Signal or any other competing secure communication software. +The reason is not technical but is linked to the fact that, as discussed earlier, Conversations' own success relies on an economic model that is quite fragile, and the success of which—and it's a paradox—could potentially undermine the cultural diversity of the XMPP ecosystem. +With that said, there are however two essential points that the Conversations case brings up. These points are not always articulated clearly in discussions on federation: scale and trust. + +Rather than having to swap one app for the other in an attempt to mitigate a large and confusing privacy problem, the XMPP federation approach allows to collectively tackle the problem based on its various discrete parts. Such an approach, rather than suggesting a singular and proprietary solution, allows for the existence of different free and open source software servers which can be combined with different free and open source software clients. That makes it possible for you and a group of friends to run your own infrastructure, whether on a rented server or on a very small home server. +The federated nature of the protocol allows you to try, play and experiment with different network infrastructures with different clients. These clients can range from custom XMMP bots to general instant messengers that you would be able recommend your friends and family to replace Whatsapp, without making a fool of yourself. As these open-source technologies continue to evolve you can make incremental changes to your server or switch clients as newer versions arrive. +Hosting your own infrastructure allows you to scale your communication in a way that is the most meaningful for the group or community you belong to. It is also a way to make sure your system matches your own threat model[?](http://homebrewserver.club/beginners-guide-to-xmpp-speak.html#threat), while simultaneously allowing you to deal with trust that is not mediated by an app. It also allows you to experiment with economic models other than those linked to large-scale infrastructure involving surveillance and capturing of your social graph for financial gain. Maybe you want to share the cost of the server or the responsibilities of administrating it, maybe you want to collectively learn how to run all this stuff, or maybe you want to start meetings to exchange tips, etc. However, this does not mean that you need to cut yourself off from the rest of the world and this form of localism should not be misunderstood for a hipsterist and reactionary form of escapism. Instead, such an approach is quite the opposite as it provides a possibility to actively engage with societal issues. It allows groups to collectively think, in the sense of defining questions and hypotheses themselves, acquire skills and knowledge and respond to issues that are both relevant to their own situation but that can also resonate globally, enabling others to start a similar process. + + +The goal of this article was to provide some tools and insights which not only allow to contextualise the technology we are using and supporting, but also help making sure that the instant-messaging you and your friends use happens in a trusted and secure environment, as much as possible outside the economies of surveillance. For this reason our motivation for writing this article was two-fold. On the one hand we wanted to show that the issue of privacy is more insidious than institutional eavesdropping and not merely solved with the use of end-to-end encryption. On the other hand, and as a consequence, we wanted to suggest not a different app, but a different approach altogether on the basis of XMPP federation and collective action. Therefore we've written two guides. [One on how to configure a server](http://homebrewserver.club/configuring-a-modern-xmpp-server.html) and [one on how to choose and use clients](http://homebrewserver.club/picking-modern-xmpp-clients.html) that can go along with it. These allow you to put a self-hosted approach, an approach that brings aspects of trust, scale and implementation to the forefront and into practice. Once again, such guides should not be perceived as definitive answers but more as tools to keep us, and hopefully you too, busy formulating the right questions and building networks of mutual help. +So while we are unable to recommend you the next big app that will solve all user surveillance and financialisation once and for all—as we are pretty sure no such app will ever even exist—we hope to at least help shed a light on the confused and confusing discourses that surround crypto-sound alternatives which may obfuscate less obvious problems. + + diff --git a/raw/images/conv_1.png b/raw/images/conv_1.png new file mode 100644 index 0000000..614fa83 Binary files /dev/null and b/raw/images/conv_1.png differ diff --git a/raw/images/conv_2.png b/raw/images/conv_2.png new file mode 100644 index 0000000..442adc9 Binary files /dev/null and b/raw/images/conv_2.png differ diff --git a/raw/images/conv_3.png b/raw/images/conv_3.png new file mode 100644 index 0000000..f04b6c4 Binary files /dev/null and b/raw/images/conv_3.png differ diff --git a/raw/images/conv_4.png b/raw/images/conv_4.png new file mode 100644 index 0000000..94a2ef2 Binary files /dev/null and b/raw/images/conv_4.png differ diff --git a/raw/images/conv_5.png b/raw/images/conv_5.png new file mode 100644 index 0000000..38f7ebf Binary files /dev/null and b/raw/images/conv_5.png differ diff --git a/raw/images/cs_1.png b/raw/images/cs_1.png new file mode 100644 index 0000000..3504377 Binary files /dev/null and b/raw/images/cs_1.png differ diff --git a/raw/images/cs_10.png b/raw/images/cs_10.png new file mode 100644 index 0000000..dcd2c8d Binary files /dev/null and b/raw/images/cs_10.png differ diff --git a/raw/images/cs_11.png b/raw/images/cs_11.png new file mode 100644 index 0000000..b93aae2 Binary files /dev/null and b/raw/images/cs_11.png differ diff --git a/raw/images/cs_12.png b/raw/images/cs_12.png new file mode 100644 index 0000000..e2149d2 Binary files /dev/null and b/raw/images/cs_12.png differ diff --git a/raw/images/cs_13.png b/raw/images/cs_13.png new file mode 100644 index 0000000..3e0b007 Binary files /dev/null and b/raw/images/cs_13.png differ diff --git a/raw/images/cs_14.png b/raw/images/cs_14.png new file mode 100644 index 0000000..9733a3b Binary files /dev/null and b/raw/images/cs_14.png differ diff --git a/raw/images/cs_15.png b/raw/images/cs_15.png new file mode 100644 index 0000000..6cb7884 Binary files /dev/null and b/raw/images/cs_15.png differ diff --git a/raw/images/cs_16.png b/raw/images/cs_16.png new file mode 100644 index 0000000..d17afa2 Binary files /dev/null and b/raw/images/cs_16.png differ diff --git a/raw/images/cs_17.png b/raw/images/cs_17.png new file mode 100644 index 0000000..72dc2cb Binary files /dev/null and b/raw/images/cs_17.png differ diff --git a/raw/images/cs_18.png b/raw/images/cs_18.png new file mode 100644 index 0000000..b0512b0 Binary files /dev/null and b/raw/images/cs_18.png differ diff --git a/raw/images/cs_19.png b/raw/images/cs_19.png new file mode 100644 index 0000000..ac9b97b Binary files /dev/null and b/raw/images/cs_19.png differ diff --git a/raw/images/cs_2.png b/raw/images/cs_2.png new file mode 100644 index 0000000..639b059 Binary files /dev/null and b/raw/images/cs_2.png differ diff --git a/raw/images/cs_20.png b/raw/images/cs_20.png new file mode 100644 index 0000000..912aa4b Binary files /dev/null and b/raw/images/cs_20.png differ diff --git a/raw/images/cs_3.png b/raw/images/cs_3.png new file mode 100644 index 0000000..3cc385e Binary files /dev/null and b/raw/images/cs_3.png differ diff --git a/raw/images/cs_4.png b/raw/images/cs_4.png new file mode 100644 index 0000000..b34bdd1 Binary files /dev/null and b/raw/images/cs_4.png differ diff --git a/raw/images/cs_5.png b/raw/images/cs_5.png new file mode 100644 index 0000000..2586b5f Binary files /dev/null and b/raw/images/cs_5.png differ diff --git a/raw/images/cs_6.png b/raw/images/cs_6.png new file mode 100644 index 0000000..92be693 Binary files /dev/null and b/raw/images/cs_6.png differ diff --git a/raw/images/cs_7.png b/raw/images/cs_7.png new file mode 100644 index 0000000..97228b1 Binary files /dev/null and b/raw/images/cs_7.png differ diff --git a/raw/images/cs_8.png b/raw/images/cs_8.png new file mode 100644 index 0000000..59cb707 Binary files /dev/null and b/raw/images/cs_8.png differ diff --git a/raw/images/cs_9.png b/raw/images/cs_9.png new file mode 100644 index 0000000..21f5539 Binary files /dev/null and b/raw/images/cs_9.png differ diff --git a/raw/images/gajim_1.png b/raw/images/gajim_1.png new file mode 100644 index 0000000..cf31323 Binary files /dev/null and b/raw/images/gajim_1.png differ diff --git a/raw/images/gajim_2.png b/raw/images/gajim_2.png new file mode 100644 index 0000000..ead9071 Binary files /dev/null and b/raw/images/gajim_2.png differ diff --git a/raw/images/gajim_3.png b/raw/images/gajim_3.png new file mode 100644 index 0000000..e04d78c Binary files /dev/null and b/raw/images/gajim_3.png differ diff --git a/raw/images/gajim_4.png b/raw/images/gajim_4.png new file mode 100644 index 0000000..c126e98 Binary files /dev/null and b/raw/images/gajim_4.png differ diff --git a/raw/images/gajim_5.png b/raw/images/gajim_5.png new file mode 100644 index 0000000..229632b Binary files /dev/null and b/raw/images/gajim_5.png differ diff --git a/raw/images/gajim_6.png b/raw/images/gajim_6.png new file mode 100644 index 0000000..cb94ae2 Binary files /dev/null and b/raw/images/gajim_6.png differ diff --git a/raw/images/myimage.png b/raw/images/myimage.png new file mode 100644 index 0000000..2d933a8 Binary files /dev/null and b/raw/images/myimage.png differ diff --git a/raw/pages/about.md b/raw/pages/about.md new file mode 100644 index 0000000..cfafe1e --- /dev/null +++ b/raw/pages/about.md @@ -0,0 +1,11 @@ +Title: About +Date: 2016-04-10 +Category: info +Subcategory: about +Tags: homebrewserver +Slug: about + + +A monthly gathering for those who (wish to) host their own online services from home, rather than using commercial and privacy unfriendly alternatives. Together we config and work on our homebrew server setups. These are low-cost, low-power, low-maintenance, high-fun computers through which we can host all of our online necessities and keep them out of the cloud. The club meetings are open for anyone, from more experienced users to interested beginners. During the homebrewserver.club meetings we exchange tips or look into particular topics together. As we gain more knowledge about a topic, we write and publish guides for others to share. + +If you have questions or would like to join check out our [mailinglist](http://lurk.org/groups/hsc/) or join us in our [XMPP chatroom](xmpp://homebrewserver.club@muc.lurk.org?join) diff --git a/raw/pages/links.md b/raw/pages/links.md new file mode 100644 index 0000000..33a6ced --- /dev/null +++ b/raw/pages/links.md @@ -0,0 +1,44 @@ +Title: Links +Date: 2016-04-10 +Category: info +Subcategory: about +Tags: homebrewserver +Slug: links + + +Good stuff +--- +Check out the homebrewserver.club online radio station featuring mostly a fine selection of memphis tapes and black metal (particularly around midnight): [radio.homebrewserver.club](http://radio.homebrewserver.club) + +Members +--- + +[joak.nospace.at](https://joak.nospace.at) + + :::console + Machine: Lenovo X61 laptop + OS: Debian + Services: xmpp server, git, a few different websites + +[roelof.info](https://roelof.info) + + :::console + Machine: Olimex A20 Micro + 1TB HDD + 3000mAh LiPo battery + OS: ARMBIAN + Services: website, xmpp server, cal/dav server + +[randomiser.info](http://randomiser.info) + + :::console + Machine: Raspberry Pi 3 Model B + OS: Raspbian Jessie + Services: website, git + +[dennisdebel.nl/blog](http://dennisdebel.nl/2017/blog/) + + :::console + Machine: iPhone 4S + OS: iOS + Services: website + + diff --git a/raw/set_up_an_xmpp_messenger.md b/raw/set_up_an_xmpp_messenger.md new file mode 100644 index 0000000..9ae63ba --- /dev/null +++ b/raw/set_up_an_xmpp_messenger.md @@ -0,0 +1,302 @@ +Title: Picking and setting up modern XMPP clients +Date: 2017-2-10 +Category: xmpp +Tags: xmpp, chat, guide, instant messaging, conversations, gajim, chatsecure +Slug: picking-modern-xmpp-clients +Summary: A guide on various modern XMPP clients. It discusses what are necessary features and how to install and use these clients. +featured_image: http://roelof.info/radio_totem.png +status: draft + +Introduction +--- +First of all, we recommend to follow this guide with a friend who also wants to use this technology. Then you can help each other out and immediately test if everything works. Aside from that, there are already enough XMPP users with empty contact lists around :'( + +Parts of this guide on are based on articles written by [Mathias Renner](http://www.mathias-renner.com/) on how to set-up [Conversations](https://medium.com/@mathiasrenner/setup-whatsapp-like-chat-messaging-with-open-source-software-complete-guide-ec7adc0d3519#.bgn6setid) and [Gajim](https://medium.com/@mathiasrenner/setup-xmpp-with-omemo-encryption-on-your-desktop-7f6accd8dc16#.cpe75u6fa). + +This is a guide for [Conversations (Android)](#conversations), [ChatSecure(iOS)](#chatsecure) and [Gajim(desktop Win/Lin)](#gajim) + +Registering an account +--- + +To begin with, you will need a XMPP account! These look like e-mail adresses (username@servername.com) and can be registered with XMPP servers. To get such an account there are a few options: + +Host your own XMPP server at home. We've written [a guide](http://homebrewserver.club/configuring-a-modern-xmpp-server.html) on how to do so, including on how to add user accounts. + +If you don't want to or can't set up your own XMPP server: + +- Find a friend who runs an XMPP server and ask her for a user account! +- Have a look at the list of [public XMPP servers](https://xmpp.net/directory.php). There are some things to look out for however. Make sure they [are compliant](https://gultsch.de/compliance_ranked.html) with all the modern server extensions or you won't get the user experience you are looking for[ref]It is also possible to test other servers yourself using [this compliance tester](https://github.com/iNPUTmice/ComplianceTester)[/ref]. Also look out for services requiring your phone number to register, it is not needed for XMPP and it would defeat the purpose of taking back the reins of your messaging horse. +- Register an account with [https://conversations.im/](https://conversations.im/), the server run by the developer of Conversations. It is well maintained and running the latest features[ref]The first six months are free, afterwards there is a monthly fee that goes to support and sustain the ongoing labour into Conversations and free open-source messaging protocols[/ref]. + +Considering XMPP clients +--- + +Then you need to pick and install a client (also known as an app or a software package). There are many clients avaible that support XMPP chats, both for mobile, desktop and web-based environments. The nice thing about using XMPP is that your account and your client are not intertwined, as is the case with Whatsapp, Telegram, Signal and the others. These applications offer a full chat service, which includes the facilitation and hosting of your messages over the network, and the interface options of your client. By separating the two, you have the option to choose. To pick from all the available clients we made a list of criteria of what we considered essential requirements and started crossing off all those applications that didn't meet them: + +- free & open source software —  the technology is open, and therefore it's possible to install use the software on your own terms. + +- works with federated servers —  servers are not all controlled by a single company or organization, but can also be run by volunteers, organizations, companies, you and me. + +- highly secure (which means support for encryption) —  the software takes security to heart and offers things like end-to-end OMEMO encryption. + +- the project is recently updated —  There are many XMPP clients available, but not all of them are still maintained. For example: many iOS clients have not been updated for a long time. + +- support for easy image sharing — Essential in order to be able to share dank memes and food pictures. + +- relative ease of use - Need we explain more? + +This (apparently) rather rigorous list of requirements left us with three applications that we will discuss in this guide: [Conversations](#conversations) for Android, [ChatSecure](#chatsecure) for iOS and [Gajim](#gajim) for the desktop computer. There are many other XMPP clients however, and while most of these did not meet our requirements for use, they might be ok for you. Have a look at [this extensive list of XMPP clients in general](https://xmpp.org/software/clients.html) and [this list of clients that (plan to) support OMEMO](http://omemo.top/). Additionally you might want to make sure your client supports some of the 'modern' XMPP Extensions[ref][XEP-0163: Personal Eventing Protocol](http://xmpp.org/extensions/xep-0163.html) (for avatars and OMEMO), [XEP-0198: Stream Management](http://xmpp.org/extensions/xep-0198.html)(for better experience using flaky mobile connections), [XEP-0280: Message Carbons](http://xmpp.org/extensions/xep-0280.html)(sync messages between your different clients), [XEP-0313: Message Archive Management](http://xmpp.org/extensions/xep-0313.html)(receive messages while offline), [XEP-0363: HTTP File Upload](http://xmpp.org/extensions/xep-0363.html)(send images, share files in groupchats and with offline contacts.)[/ref]. + + :::console + _______ + < OMEMO > + ------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + +Conversations, Android +--- + +**Download the Conversations app on your Smartphone.** + +Conversations is available via Google Play for €2,39. The sale of the app goes towards the ongoing development of te software. + +In case you don't use Google apps or want it for free, you need to install the alternative app store [f-droid](https://f-droid.org/) before. F-droid works like the app store Google Play, except that it isn't a store and only offers apps that are free and open source software. See instructions in the next paragraph how to install f-droid. + +If you decided for f-droid, open the website ([https://f-droid.org/](https://f-droid.org/)) with your phone's browser. Press the big download button on the website, which will download f-droid’s installer. After download, press the downloaded file and the installer should start. Next, start f-droid, update the repositories and search for the app Conversations. + +**Start the messenger app and register/log in** + +Now, start Conversations. If you already have an XMPP account, you can log in with your so-called JID (jabber id, username@server.com) and password. Otherwise, if your server of choice has the option for application-based registration enabled, it is also possible to register a new account in this menu, by selecting the "register new account on server" option. + +After you clicked Next, the registration process might take up to 20 seconds. + +**Start chatting.** + +To start a chat you need to add another Jabber friend under the '+' in the menu and insert your friend’s Jabber ID, e.g. your-friend@a-jabber-server.com. That’s it. You can now chat with your friend. However, this will be unencrypted! + +**Encryption** + +So let’s activate OMEMO encryption by pressing the padlock in the top menu bar: + +![selecting OMEMO encryption]({filename}images/conv_1.png) + +OMEMO is an extension to XMPP for multi-client end-to-end encryption. OMEMO only works if the fingerprint of your and your friend’s device match. To compare them, open one of your conversations and click on your profile picture next to one of your messages. At the same time, your friend clicks on your icon on his phone. + +![Checking fingerprints]({filename}images/conv_2.png) + +Now, both of you should see a fingerprint that you can check. If they match, change the slider as you see in the screenshot to the right. + +If OMEMO cannot be activated, just send a message in the chat window. This sometimes helps. Also, it may help to end a conversation by pressing the menu on the top right inside a conversation, and then re-open the conversation again. + +After you activated OMEMO, the input field at the bottom should say you can now send encrypted messages: + +![The shield or padlock indicates an encrypted message]({filename}images/conv_3.png) + + +Troubleshooting Conversations +--- +If OMEMO cannot be activated, just send a message in the chat window. This sometimes helps. Also, it may help to end a conversation by pressing the menu on the top right inside a conversation as shown in the following screenshot, and then re-open the conversation again. + +![Ending a conversation]({filename}images/conv_4.png) + +Allow presence updates, this is used by OMEMO to exchange keys: In a conversation, click on the icon/image of your chat partner. In the new screen (as shown below), make sure that all checkboxes are activated: + +![Make sure you allow presence updates so your client can exchange OMEMO keys]({filename}images/conv_5.png) + +Check fingerprints: You might be asked to trust fingerprints like this: + +![Checking fingerprints]({filename}images/conv_2.png) + +If you run into problems try asking for help in the Conversations XMPP groupchat: [conversations@conference.siacs.eu](xmpp:conversations@conference.siacs.eu?join) + +ChatSecure, iOS +--- + +**Download the ChatSecure app.** + +Get ChatSecure from the AppStore. ¯\_(ツ)_/¯ + +**Start the messenger app and register / log in.** + +Choose whether to create a new account or login with an existing one: + +![Initial screen: create or add account]({filename}images/cs_1.png) > ![Select XMPP]({filename}images/cs_2.png) > ![The login screen]({filename}images/cs_3.png) + +If you already have an XMPP account, you can log in with your username@hostname and password. After you selected "Add Existing Account" you have the option to connect with "XMPP" or with "Google Talk". Select "XMPP" and fill in your Nickname, Username (username@server.net) and password. Optionally fill in the Hostname of your XMPP server and select if you want to use Tor or not. If you're doubting about the port, 5222 is the default XMPP port and would likely be on your server as well. + +**Enabling Push** + +![Considering using push]({filename}images/cs_4.png) + +After you've logged in, the app proposes to establishe secure connections by sending an empty message to offline contacts. You have the option to "Enable push" or "skip" this part. iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. By sending empty messages ChatSecure limits the data being sent to the Apple Cloud's Push Server but obviously still provide their vertically integrated cloud platform with meta-data. Read more about the Push issues [here](https://chatsecure.org/blog/chatsecure-v32-push/) and [here](https://chatsecure.org/blog/fixing-the-xmpp-push-problem/) + + +In the next screen you can "Share invite" (let people on social media know about the app) or tap the '✓' symbol in the top right corner to continue. This takes you to the general 'Settings' menu. + +![Invite others to use ChatSecure]({filename}images/cs_5.png) > ![Settings]({filename}images/cs_6.png) > ![Logging out]({filename}images/cs_7.png) + +If you are successfully connected, the word "Connected" appears right under your username. Before you can edit your account settings, you need to log out. To do this, click your account/nickname in the settings menu and select "Log Out". + +**Create New Account** + +![advanced options]({filename}images/cs_8.png) > ![advanced options]({filename}images/cs_9.png) > ![server options]({filename}images/cs_10.png) + +Choose "Create New Account" and give your preferred nickname. Under "show advanced options" you can customize your username, generate an automatic password, enable TOR (we didn't test it) and select a server where you would like to register your account on. This is the server you will use to communicate with other people's selected servers, and depending on the server settings it will also store your (encrypted) messages. ChatSecure let's you choose between 3 built-in servers options. Default is DuckDuckGo, but when you tap on "DuckDuckGo" the app will take you to the server selection screen where you can choose between DuckDuckGo, Calyxinstitute.org and OTR.im[ref]All three of these servers score poorly on the modern XMPP [compliance test](https://gultsch.de/compliance.html)[/ref], it also offers you the option to select another, custom, server. Here you can fill in the hostname of the XMPP server of a friend. + +**Adding contacts** + +![server options]({filename}images/cs_13.png) > ![server options]({filename}images/cs_14.png) > ![friend request]({filename}images/cs_15.png) + +From the settings menu, tap 'Chats' (top left) to start chatting and adding friends. To add friends tap the 'Compose' icon, top left corner. Then tap "Add Buddy" and fill in your friends username and hostname (username@hostname) or scan their QR code. + +Click the "+" icon when you are ready. Your friend will now appear in the "Chats" list and will be available for conversation after being approved by the other side ("pending approval"). After this, tap your friends name to start chatting + +If you get a friend request, their nickname will appear in the "Chats" list. + +**Encryption** + +When in a chat, tap the information icon on the top right (i) to change your encryption settings. The information menu displays your current and past verified fingerprints and allows you to specify an encryption method by tapping "Show Advanced Encryption Sett...". + + +![friend request]({filename}images/cs_16.png) > ![friend request]({filename}images/cs_17.png) > ![friend request]({filename}images/cs_18.png) + +At the time of writing OMEMO works well with other OMEMO clients, images shared over HTTPUpload however are not displayed inline but rather as a URL. If you click that your browser will open it and fail to decrypt the OMEMO encoded image, because it has no notion of your OMEMO fingerprints. So for now the images shared over HTTPUpload have to be shared using plaintext. + +ChatSecure implements OMEMO and OTR on a TOFU or “trust on first use" basis. New "buddies" are automatically trusted. + +![friend request]({filename}images/cs_18.png) > ![friend request]({filename}images/cs_19.png) + +You can also untrust your friends devices/fingerprints by sliding the green "Verified" button and share fingerprints by tapping them and selecting a medium to share your fingerprint over. + +If OMEMO cannot be activated, just send a message in the chat window. This sometimes helps. Also, it may help to relaunch the app...If you're chatting with someone using something else than ChatSecure, for example Conversations on Android it helps when the Android side allows for receiving and sending presence updates. For specifics refer to the [Conversations](#conversations) section of this guide. + +Gajim, Desktop Windows / Linux +--- + +These instructions are for Debian / Linux. For windows it is possible to download the binaries [here](https://gajim.org/downloads.php?lang=en#windows). + + +**Getting the latest version of Gajim** + +The version that is packaged in the repositories of Debian does not support OMEMO unfortunately. As a way around, you can download and install the latest version of Gajim from the Debian backports repositories. + +In case you don't have backports on your sources.list, follow these instructions before you start: + +For wheezy add this line to your sources.list (or add a new file with the ".list" extension to /etc/apt/sources.list.d/) You can also find a list of other mirrors at https://www.debian.org/mirror/list: + + :::console + deb http://ftp.debian.org/debian wheezy-backports main + + +For jessie add this line to your sources.list: + + :::console + deb http://ftp.debian.org/debian jessie-backports main + +Afterwards + :::console + sudo apt-get update + +Now we are ready to go! + +**Installing Gajim & other dependencies from backports** + +To install gajim: + + :::console + apt-get -t jessie-backports install gajim + + +Now you'll also need to install Python-axolotl, which will allow you to setup a security layer on top of XMPP. Run: + + :::console + apt-get install python-axolotl + +Next, you have to downgrade protobuf due to a bug in python-axolotl: + + :::console + sudo pip2 install protobuf==2.6.1 + + +And now for OMEMO! There is a package gajim-omemo on Debian Backports. So run: + + :::console + apt-get -t jessie-backports install gajim-omemo + +** Starting Gajim and installing plugins** + +Next, start Gajim. After Gajim has started, wait some seconds until it requests your permission to install updates: + +![Allow Gajim to update itself]({filename}images/gajim_1.png) + +Allow this. Afterwards, a new window will open that lists all components that can be installed and updated. In this list, activate the checkbox next to the following plugins: + +**OMEMO** + +**HttpUpload** + +**Image** + +**Url image preview** + +These plugins allow for encryption (OMEMO) and the easy sharing and display of images across different clients (HttpUpload, Image, Url Image preview) + +Then, click the button **Install/Upgrade** on the bottom left on that window. + +After the update has finished, go to the other tab **Installed**. There, make sure that all components are activated via the checkbox. Afterwards, click **close** on the bottom right of the window. + +Then, you should see a wizard to setup your XMPP account. Select the option that you already have an account and follow all instructions yourself using the default settings. + +![Gajim account creation wizard]({filename}images/gajim_2.png) + + +After you finished the wizard successfully, Gajim will show your status as **Available**. Congratulations! +Now, let’s send messages to your friends. + +To do so, click on the Gajim window and move your mouse to the top of the screen. There, a menu should appear. Go to Actions -> Start chat… . In the new window, add the XMPP ID of your friend and click ok. + +![Adding contacts]({filename}images/gajim_3.png) + +Go to the main menu again and select **View -> Show offline contacts…** . In the Gajim window, you should see your friend. Right click on the name of your friend and select **Manage contact -> Add to roster.** In the pop up, just click **Add**. Now your friend is permanently added to your list of contacts. Next, right click on your friend and select **Manage contact -> Allow subscription -> Allow contact to see my status**. + +Your friend should see a request like this: + +![Friend request]({filename}images/gajim_4.png) + +Your friend should click **Authorize**, which enables her to see if you are online or not. Also, this step is necessary for activating the encryption. + +Next, make sure that your friend also allows you to see her status. + +Now, when you open the chat window to your friend, it should say OMEMO encryption enabled and show a red shield next to the input field, like this: + +![Omemo enabled]({filename}images/gajim_5.png) + +If you don’t see the OMEMO encryption enabled — just restart Gajim and have a look again. + +You might at some point be confronted with a window about trusting fingerprints. + +**Fingerprints** + +Simply put, a fingerprint is an ID of a device someone uses for the messaging. In order to make sure that you communicate with exact the devices, which your friend uses, you need to see if the fingerprints listed in this window match with the ones your friend really has. + +So, ask your friend to list her fingerprints on her desktop. On her computer, in the chat window with you, she should click on the setting symbol below the text input field (grey, with wheels). From there to **OMEMO encryption +-> Fingerprints**. She should now see the same window as you. + +She should chose the tab Own devices, while you chose the tab Contact. Now, select a fingerprint that matches with the one of your friend and press the button Trust/Revoke Fingerprint. Also press yes in the window that appears. + +Finally, all fingerprints should be green like this: + +![Omemo enabled]({filename}images/gajim_6.png) + +**Troubleshooting** + +Sometimes, a restart of Gajim just helps :) + +If OMEMO encryption or the fingerprint option is grey and cannot be activated, just send a message in the chat window. This sometimes helps. + +If you wish to know more about Gajim check out the [documentation](https://dev.gajim.org/gajim/gajim/wikis/help/home). For more advanced issues check out [Gajim's XMPP chatroom](xmpp://gajim@conference.gajim.org/?join) + diff --git a/raw/template.md b/raw/template.md new file mode 100644 index 0000000..3f62b71 --- /dev/null +++ b/raw/template.md @@ -0,0 +1,46 @@ +Title: This is a template for a post +Date: 2016-5-14 +Category: log +Tags: try-out +Slug: the-template-post +Summary: Write a tweet-lenght summary for syndication across social media +featured_image: https://cdn1.nyt.com/images/2017/02/26/world/26NKOREA3/26NKOREA3-articleLarge.jpg + +This is a template you can use with a short description of some of the syntax. + +**bold** *italics* + +images: +![image description]({filename}images/myimage.png) + +urls: +[http://homebrewserver.club/](This is our webpage) + +references in text: + +hello I need to be referenced[ref] this creates a numbered list at the bottom of the page, not bad no? it can be styles in the [css](http://homebrewserver.club/theme/css/main.css) by addressing the class simple-footnotes[/ref] + +headlines +-- + +smaller headlines? +--- + +code blocks: + + :::console + echo "for general console commands" + +python + :::python + a = "python" + print "also for" + for i in a: + print i + +line numbers + + + #!python + print("line1") +