Monthly Archives: May 2013

Don’t abandon XMPP, your loyal communications friend

Whilst email has always enjoyed a very decentralised approach where users can be expected to be on all manner of different systems and providers, Instant Messaging has not generally enjoyed the same level of success and freedom.

Historically many of my friends used proprietary networks such as MSN Messenger, Yahoo Messenger and Skype. These networks were never particularly good IM networks, rather what made those networks popular at the time was the massive size of their user bases forcing more and more people to join in order to chat with their friends.

This quickly lead to a situation where users would have several different chat clients installed, each with their own unique user interfaces and functionalities in order to communicate with one another.

Being an open standards and open source fan, this has never sat comfortably with me – thankfully in the last 5-10yrs, a new open standard called XMPP (also known as Jabber) has risen up and had wide spread adoption.


XMPP brought the same federated decentralised nature that we are used to in email to instant messaging, making it possible for users on different networks to communicate, including users running their own private servers.

Just like with email, discovery of servers is done entirely via DNS and there is no one centralised company, organisation or person with control over the system -each user’s server is able to run independently and talk directly to the destination user’s server.

With XMPP the need to run multiple different chat programs or connect to multiple providers was also eliminated.  For the first time I was able to chat using my own XMPP server (ejabberd) to friends using their own servers, as well as friends who just wanted something “easy” using hosted services like Google Talk which support(ed) XMPP, all from a single client.

Since Google added XMPP into Google Talk, it’s made the XMPP user base even larger thanks to the strong popularity of Gmail creating so many Google Talk users at the same time. With so many of my friends using it, is has been so easy to add them to my contacts and interact with them on their preferred platform, without violating my freedom and losing control over my server ecosystem.

Sadly this is going to change. Having gained enough critical mass, Google is now deciding to violate their “Don’t be evil” company moral and is moving to lock users into their own proprietary ecosystem, by replacing their well established Google Talk product with a new “Hangouts” product which drops XMPP support.

There’s a very good blog write up here on what Google has done and how it’s going to negatively impact users and how Google’s technical reasons are poor excuses, which I would encourage everyone to read.

The scariest issue is the fact that a user upgrading to Hangouts get silently disconnected from being able to communicate with their non-Google XMPP using friends. If you use Google Talk currently and upgrade to Hangouts, you WILL lose the ability to chat with XMPP users, who will just appear as offline and unreachable.

It’s sad that Google has taken this step and I hope long term that they decide as a company that turning away from free protocols was a mistake and make a step back in the right direction.

Meanwhile, there are a few key bits to be aware of:

  1. My recommendation currently is do not upgrade to Hangouts under any circumstance – you may be surprised to find who drops off your chat list, particularly if you have a geeky set of friends on their own domains and servers.
  2. Whilst you can hang onto Google Talk for now, I suspect long term Google will force everyone onto Hangouts. I recommend considering new options long term for when that occurs.
  3. It’s really easy to get started with setting up an XMPP server. Take a look at the powerful ejabberd or something more lightweight like Prosody. Or you could use a free hosted service such as for a free XMPP account hosted by a third party.
  4. You can use a range of IM clients for XMPP accounts, consider looking at Pidgin (GNU/Linux & Windows), Adium (MacOS) and Xabber (Android/Linux).
  5. If you don’t already, it’s a very good idea to have your email and IM behind your own domain like “”. You can point it at a provider like Google, or your own server and it gives you full control over your online identity for as long as you wish to have it.

I won’t be going down the path of using Hangouts, so if you upgrade, sorry but I won’t chat to you. Please get an XMPP account from one of the many providers online, or set up your own server, something that is generally a worth while exercise and learning experience.

If someone brings out a reliable gateway for XMPP to Hangouts, I may install it, but there’s no guarantee that this will be possible – people have been hoping for a gateway for Skype for years without much luck, so it’s not a safe assumption to have.

Be wary of some providers (Facebook and which claim XMPP support, but really only support XMPP to chat to *their* users and lack XMPP federation with external servers and networks, which defeats the whole point of a decentralised open network.

If you have an XMPP account and wish to chat with me, add me using my contact details here. Note that I tend to only accept XMPP connections from people I know – if you’re unknown to me but want to get in touch, email is best at first.

Firefox Mobile for Android CAs

I’ve been using Firefox Mobile on Android for a while (thanks to the fact that it means I can use Firefox Sync between my laptop and mobile to share data). Overall it’s pretty good and the last few releases have fixed up a lot of the past stability issues and UI problems, it’s in a pretty decent state now.

One of the unfortunate problems I’ve had with it until recently is that the application was refusing to import custom certificate authorities. Whilst Android has it’s own CA store, add on browsers (inc Firefox Mobile) can have their own CA stores and the manageability of these can vary a lot.

In the case of Firefox Mobile, the ability to manage certificates was not ported across from the desktop version, meaning that none of my web applications would validate against my custom CA.

However as a passable solution, it’s now possible to import the CA file by downloading a PEM version of the CA certificate in the browser. Just upload a copy of the PEM formatted certificate to a webserver and download the file with the browser to install.

Installing CAs into Firefox Mobile (PEM formatted file).

Installing CAs into Firefox Mobile (PEM formatted file).

Now the biggest problem left is sites and applications that have poorly written user agent detection and assume that the only mobile devices that possibly exist are devices that have the iPhone or stock Android user agent. :-( *glares at Atlassian in particular*

Android VNC

Recently I’ve been using a few of my older Android smartphones for various projects where I’ll need to have the phones in a remote location or having the phones in a non-easily accessible location.

A conventional Linux system would be remote managed via SSH, but I need access to the graphical environment of the Android phones to run standard GUI touch applications. Generally I avoid VNC due to the fact it’s an unencrypted, insecure protocol, but in my case I was able to resolve the security concerns by tunnelling all my connections via a SSL VPN, which made VNC acceptable.

A few friends have asked me about VNC solutions for Android – in my case, I’ve been using a program helpfully named “VNC server” (click here for app store) on a mix of devices including older Android 2.2 devices running Cyanogenmod.

The power is mine!

Generally it works well, but there are a few limitations with the application to be aware of:

  1. The application requires the phone to be rooted.
  2. It doesn’t always reliably resume following a reboot of the phone.
  3. Android can end up terminating the application due to low memory available, particularly on the older phones. This isn’t a fault with the application specifically, but rather an architecture and design limitation of Android. If it happens, there’s not much you can do about it.

Once the application is installed and configured, it’s easily accessed using any regular VNC application from your computer. The main commands are:

  • Touch – Left Click
  • Back Button – Right-click
  • Home Button – Home key
  • Instant Lock Screen – End key

Note that there is one confusing quirk – when the phone screen locks, VNC displays the last thing that was on the screen. This can be confusing when you login and the phone doesn’t respond to any actions.

Unfortunately lock screen status is not correctly reflected...

Something isn’t quite right here….

The fix is to press the home key which makes the lock screen display and then to swipe in the usual manner by clicking and dragging the mouse. Sometimes the lock screen can take a while to render on VNC, so I tend to end up pressing home and then dragging before it even renders the lock screen.

You will also want to disable screen rotation, otherwise if you leave the phone in a rotated state inadvertently, it makes for a very annoying user experience.

Control all the phones!

Control all the phones!

So far I’ve found it pretty useful, but because of the way the Android OS handles memory, I would hesitate before relying on it 100% – there’s always the risk that my phone may have another process wanting to consume memory and it then suspending the VNC process to allocate more. I suspect there are some tweaks/hacks I could apply to the platform to make it more robust and there may be some stuff already in the app store that will help.

Having said all this, it’s worth nothing that cheap cost and high feature set of Android phones makes them an idea hacking platform and I’m using them for a few projects already such as cheap GSM SMS gateways, as well as considering using the older phones as wireless IP cameras.