UPDATE: For anyone who comes back to this, or any new readers -- I have added a MUC (chat room) on my XMPP server for discussion of any tech-related things, akin to the subject-matter of this blog. Hope to see you there!
starkzarn
joined 2 years ago
I have experimented with Simplex, but it feels less tuned toward hosting federated infrastructure and more tuned toward participation with the greater network in a pseudo-anonymous fashion.
Adoption is also always a hurdle with any ecosystem like this, and XMPP is certainly ahead of Simplex in that avenue.
It has a long healthy life ahead! Come join the party, the proof is in the pudding.
😆 +1 for reading enough to see that! Thank you!
I'm one of those people that ends up using the vocabulary I once learned to get the most value out of it. Would hate to waste all that. Haha.
This is also a great article! Thanks for the link.
One cool point in favor of XMPP is that in a public setting (MUCs), there's community. Moparisbest is an active participant in several of the MUCs that I'm in. Very cool!
Yeah they just redid their container image pipeline and these containers are the result!
This is great, I have not seen this post before. Thank you for sharing.
You make an excellent point here, that the burden of security and privacy is put on the user, and that means that the other party in which you're engaged in conversation with can mess it up for the both of you. It's far from perfect, absolutely. Ideally you can educate those that are willing to chat with you on XMPP and kill two birds with one stone, good E2EE, and security and privacy training for a friend. XMPP doesn't tick the same box as Signal though, certainly. I still rely heavily on Signal, but that data resides on and transits a lot of things that I don't control. There's a time and a place for concerns with both, but I wanted to share my strategy for an internal chat server that also meets some of those privacy and security wickets.
Yes, absolutely. It all depends on implementation. I am using VLANs for L2 isolation. I have a specific DMZ VLAN that has my XMPP server and only my XMPP server on it. My network core applies ACLs that prevent any inter-VLAN traffic from there, so even if STUN/TURN pokes holes, the most that is accessible is that single VLAN, which happens to contain only the single host that I want to be accessible.
Great question.
Just updated my original comment, but that XMPP blog post I mentioned is live: https://roguesecurity.dev/blog/xmpp
Agreed! Runtime environment management is so much nicer with modern containerization. You or ally can't overstate how much better it is to have app stack state be entirely divorced from OS state. I'm very pleased they're back on the bandwagon as well.
Stand up a server and come join our MUC!