And it's going to be encrypted end-to-end, I presume? ...No?...oh.
Open source sets sights on killing WhatsApp and Slack
The company that writes the open-source software for three-quarters of the world's Internet Message Access Protocol (IMAP) email servers has a plan that could kill off proprietary chat services like Facebook's WhatsApp. And that means you, too, Slack. German open-source software-as-a-service operation Open-Xchange acquired the …
COMMENTS
-
-
-
This post has been deleted by its author
-
-
Thursday 12th October 2017 20:09 GMT JulieM
E2E encryption
End-to-end encryption is properly a matter for the client to deal with; everything sent to the server should already be encrypted, only decryptable by the client at the far end. That way, there is no way for the operators of the service to intercept plaintext messages in transit. (It also obviates the need for TLS between client and server, so theoretically improving throughput.)
I'm not sure whether this would be more or less likely to lead to proprietary extensions being added. The first chat-enabled Open Source server versions will be picked up by the top-level distributors, Fedora and Debian, and thence spread and implemented widely. Desktop Linux users probably will get the first clients. It would not be hard to integrate GnuPG with a client. Dovecot Server is already LGPL; so it's reasonable to suppose their own reference implementation of the client would be LGPL or GPL, so no licence issues.
-
Friday 13th October 2017 07:41 GMT Dan 55
Re: E2E encryption
If they're doing it right the protocol should be XMPP perhaps with a simple IMAP extension to let the mail client know that XMPP is available and how to configure the chat client on the client side. Thunderbird has XMPP chat built-in already.
If they're really doing it right, you should be able to use your own XMPP server if you like and flick a switch on Dovecot to get the IMAP extension.
There are a lot of XMPP clients about and it'd be a shame to waste them.
-
-
Friday 13th October 2017 21:27 GMT Oh Homer
Pointless
Sorry, but it is.
Consolidating social networking is not about establishing new communication protocols, it's about convincing everyone else not to sign up to proprietary services. And the problem is that the reason they signed up to those proprietary services in the first place is because everyone else they communicate with did likewise.
Thinking that making it easy to switch, by tacking-on yet another new communications protocol to a well-established one, ignores the fact that it's already easy to switch between social networks, indeed signing up to any given social network couldn't be easier, and yet those disparate social networks have not magically consolidated into one, except perhaps in the sense that one stands out as the clear market leader (but invariably there will always be lots of people on your contact list who don't use it).
There's really only one of two ways to consolidate social networking: legislation that forces all service providers to use openly accessible APIs, or innovation in social networking that's so compelling that everyone flocks to it. The former would be an unjustifiable tortuous interference in free market economics, and the latter has already happened - it's called Facebook.
Beating that will require more than just cool and easily accessible technology, it means breaking the inertia of a well-entrenched cultural phenomenon.
-
Sunday 15th October 2017 11:13 GMT Zolko
Re: Pointless
@ Oh Homer : you didn't get it, did you ?
The point is not to consolidate the Internet social universe, but to offer an open solution for Internet chat. And one that would be easy to disseminate on a large scale. Which might or might not consolidate the social media chat services as a side-effect. Even if it's easy, many people refuse to joint proprietary data-slurping mega-corp networks.
-
-
Sunday 15th October 2017 11:34 GMT patrickstar
For group/channel chat, making it truly end-to-end encrypted is far from trivial.
It's solvable, of course, but often comes with various downsides like sacrificed usability.
Typical solutions include multi-party key agreements (gets tricky if you want to add/remove participants on the fly), meshed key agreements followed by multiple keys in each message (doesn't scale), or a common pre-shared secret (no forward secrecy).
Forward secrecy might not be your biggest concern in a collaborative setting, however, when you might very well want everything logged and searchable anyways.
-
Thursday 12th October 2017 14:29 GMT Anonymous Coward
Searching for old messages in different apps = nightmare
It is annoying having messages in loads of de-coupled systems. I have some friends who use iMessage, some who use FB Messenger, some who use Whatsapp, some on traditional text, the occasional email(!).... the list goes on.
The real problem is searchability and finding an old conversation. For example, a friend has sent me their address countless times, but every time I visit them I have to ask for it again, because I simply can't find it in whatever app I was using, assuming I can remember which app it was!
Ironically, my solution to this was to write it down on paper - something which has worked rather well. Obviously that's not practical for everything!
-
Thursday 12th October 2017 14:41 GMT Muscleguy
Re: Searching for old messages in different apps = nightmare
You could, put it in an address book, most email address books allow street addresses, phone numbers etc. Or you could save it s a favourite in Maps. I've just been to a friend's to pick up their dog in a city I don't visit too often. I know roughly how to get there and couldn't give the address, but it is there in Maps if I get lost or need the street address. IF I got dementia and forgot the route I could mount the phone on the dash and get it to direct me.
Took a wrong turn this morning and got a bit lost, sense of direction working as per normal but exactly where I was and how to get where I needed (no roads led in that direction) was problematic after I missed a turnoff. Could have used the phone but don't have a cradle for it.
-
Thursday 12th October 2017 15:04 GMT Anonymous Coward
Re: Searching for old messages in different apps = nightmare
"You could, put it in an address book"
...
"Care to elaborate why?"
You're assuming it's always an address! Unfortunately I used address as the example but that's one of literally countless examples of things people send you in messages (on any platform) that you need to be able to find easily later on. Try scrolling through 2000 Whatsapp messages to find a recipie** your friend sent you 6 months ago, and you'll understand what I mean!
** Please don't take every example I give as literally the only thing this could apply to. There are many examples of things people send you that you need to be able to find later on, and not all of them can be stored in fields of an address book.
Not all data fits into specific fields (e.g. an address book). And why would I want to duplicate that data on my phone - it's already in a message! The problem is searching for and finding old, historical messages, in an ocean of messages, in a variety of apps/platforms. Duplicating it all over the place is not the answer.
-
Thursday 12th October 2017 15:55 GMT jmch
Re: Searching for old messages in different apps = nightmare
So what's needed is something like the Blackberry message centre (I forget what it was called) that links email, sms and various chat clients in one app that is searchable in one place.
Unless some chat clients can lock external apps from getting their data, which I would not put past FB messenger etc
-
-
Friday 13th October 2017 05:32 GMT John Deeb
Re: Searching for old messages in different apps = nightmare
Andy, using any application, email or chat does not free anyone from the common sense to organize and prioritize. Chat replaces, in part, telephone conversations. Did you ever use the phone in your life the way you use chat programs? How did you store things then? On random scripts of paper? There are digital equivalents (hard btw if it's a phone app) and that's okay for pany rivate mess I suppose but not for any professional standard.
I think that we shouldn't rely on browsing through logs of conversations to extract important history. It might help but it's just as wrong as Google trying to organize random search results for you. Yes it works for many commonalities and statistics, not for the specifics and details of many particular real pressing issues.
The morals is here like in nearly every common IT project: the computer is not going to invent the organization of data for you. It can automate a few laborious process when these were already organized decently before. Big Data, yes, but this is not typically the realm of the minutes of our life.
-
-
-
Friday 13th October 2017 21:18 GMT CFWhitman
Re: Searching for old messages in different apps = nightmare
"And why would I want to duplicate that data on my phone - it's already in a message! The problem is searching for and finding old, historical messages, in an ocean of messages, in a variety of apps/platforms. Duplicating it all over the place is not the answer."
I tend to think of anything in a text message/chat message as transient, something I don't expect to necessarily have access to beyond a few days. Part of the reason for this is because it's not indexed information, and searching through it for reference doesn't seem practical. Looking at it that way, yes duplicating just the important stuff in the places I put important stuff is the answer for me.
-
-
-
Friday 13th October 2017 09:39 GMT Tim Seventh
Re: Searching for old messages in different apps = nightmare
"It is annoying having messages in loads of de-coupled systems. I have some friends who use iMessage, some who use FB Messenger, some who use Whatsapp, some on traditional text, the occasional email(!).... the list goes on."
Obligatory https://xkcd.com/1810
Oh and I am the guy who uses Wall (Bathroom) for messages. Please add that to your list.
-
-
Thursday 12th October 2017 14:31 GMT Anonymous Coward
Not too sure about this...
Granted: I don't really keep up with all the details involving every open source project I use, but mostly focus on whether I like it or not. And I couldn't help notice that recent Dovecot upgrades didn't exactly go as smoothly as I wanted to; most specific some massive changes in the configuration files for example. Instead of one you now get dozens and often have to hope that you'll pick the right one for the right setting; it's not always as logical as it could be.
For example: I used to rely on Dovecot providing Postfix with a socket for authentication. This made it quite easy to administrate one dedicated mail related user databases for all mail related software (Postfix / Dovecot). Usually found within the auth default {} structure. So here I was assuming I'd find this in conf.d/10-auth.conf but no... That would obviously be much too logical. Instead we're going to include even more config files making the whole process much too tedious than I care for.
Sure, once you realize as much it's easy, and it's also not that hard to figure out. But "figuring out" is also time wasted on something trivial which could have been better spent on actually configuring all the options I needed.
So yeah, if I read this; them planning to add even more stuff into Dovecot which I totally don't care for then I'll probably be re-evaluating my pick for POP3/IMAP really soon. Although I appreciate the integrated Postfix support, but having both environments perform lookups in a (PostgreSQL) back end database should serve my needs just as well. And then I'd rather use something small and to the point, instead of something which has dozens of options I don't need nor care for.
-
-
-
Thursday 12th October 2017 17:43 GMT Ogi
Re: XMPP?
> It never really took off so I don't understand why making another open source protocol is going to be any different (even if it is 'easy to turn on' for sys admins).
Actually, it took off well, very well. WhatsApp, FBChat, Google Talk and Viber are basically wrappers around XMPP with some customisations, and that is only the ones I am aware of.
The problem is that having an open standard does not automatically mean interoperability. All the above systems could interact with each other, but their owners deliberately don't want to allow that, because the goal is to get users onto "their" platform so they can spy on them and sell the details to whoever.
That is not a technical problem, it is a social one. Creating a new chat network will just mean yet another app to install along with the others. How would you get people to ditch their old whatsapp (for example) for this if all their friends already use whatsapp? It is a catch 22 situation.
-
Wednesday 18th October 2017 22:31 GMT Mark 65
Re: XMPP?
Genuine question here...
Even if you are using an inter-operable protocol such as XMPP can you enforce the security standards across it i.e. If people are using Signal for example they can have reasonably faith that the developer of the app has made a best endeavours effort at ensuring you have security end-to-end in transit and at rest. If you had Signal conversing with WhatsApp could you have the same level of confidence that one end of the chain wasn't poorly implemented?
-
-
Friday 13th October 2017 21:26 GMT CFWhitman
Re: XMPP?
Just as an observation. XMPP is fairly popular as an organizational chat standard. That is, there are a lot of organizations that use XMPP internally. It's ideal for that because both the standard and most of the software that implements the standard are open. It seems that the reason it's not popular as an Internet service is because there's not really any money in that.
-
-
-
Thursday 12th October 2017 15:30 GMT Arthur the cat
If I were you, I wouldn't start from here
IMAP is a bloody awful place to start from, it's been accreting kluges for years and this sounds like another one. JMAP is an attempt to produce a sane version of IMAP that works well on mobile and as others have remarked, WTF not use XMPP which is an open messaging standard.
-
Thursday 12th October 2017 16:31 GMT Bucky 2
I'm not sure I have my head around this.
They're looking for a store-and-forward messaging system. They hope to use an MTA to power this system. They want IMAP to handle push notifications.
I can see why they are looking at email for this functionality. What I don't see is what changes would need to be made on the server level. This seems like something that could be completely implemented in an email client using the standards that already exist for IMAP (i.e.: P-IMAP).
-
Thursday 12th October 2017 17:27 GMT Anonymous Coward
johnny no mates
Johnny no mates might love it but back in the real world people (even many IT folks) use Facebook and WhatsApp because their friends use it. There's not much point using a messaging system that no one you want to communicate with can be bothered to install. As such their chances of displacing WhatsApp are slim.
-
Friday 13th October 2017 08:08 GMT Anonymous Coward
It's OX. They have other things to fix first.
I have used Open Xchange a couple of years ago. It's OK and relatively easy to use even in a multi-domain situation (now there is virtualisation, as it really wants a machine for itself), but even now I have encountered it again at my ISP there is room for improvement. Carddav, for instance, doesn't like it when you set up a new user and then try to push in 1500 vcard records - it bails.
I understand why they have to give in to featuritus, and I think aggregating message data in one IMAP pool instead of it beings spread all over the place is a good idea, but I have seen other non-standard use of IMAP, and I see problems ahead. I know of one bit of software which on install shows all the guts of the mechanics to the user - or, in other words, shows them a load of folders besides the usual inbox, drafts and sent which will (a) confuse the average end user and worse, (b) gives them a chance to fiddle with it, or complain that they cannot mess with it.
Either is annoying and a drain on support (or on HR, to replace that suddenly missing user), so I hope they will prevent that from happening.
I rather like the idea and principle, though, so good luck to them.
-
Friday 13th October 2017 08:19 GMT AMBxx
Am I alone in this?
I like the separation of email, text, Slack etc etc. Means I can silo my communications between friends, business and specific customers. I certainly wouldn't want customers to know when I'm busy - my business is based around being available all the time.
First thing I do on a new phone is get rid of whatever overlay they've given me to combine everything (currently on BB so hub tweaked)
Perhaps the only time I'm happy with the current broken state of technology!
-
Friday 13th October 2017 09:16 GMT mark l 2
What is needed it a chat app that allows you to communicate on various messenger platforms all from one app. I bit like Pidgin on the desktop but one that supports these proprietary protocols.
At the moment you can't even communicate between Whatsapp and Facebook messenger and these are owned by the same company. Unfortunately I can only see this getting worse and these social media platforms want to lock users into their network so they can e harvest their data to sling ads at them.
-
Friday 13th October 2017 15:04 GMT Alistair
This application brings to mind a Tom Lehrer song about parks.
I has a little birdie on my desktop.
Now, I've seen some interesting, sometimes rather shady plugins for this little birdie. But what it ships standard with (at least in my experience) covers sufficient ground to keep me communicating with the rest of the world. Annnnnnnnd ... it does E2E where the protocol supports it....
Aaaannnnnnnnnnd I have logs. All grouped neatly together in a bunch of folders. grep suffices. Now, the E2E and logging ... .at least the *message* in flight is encrypted. I've not seen a function that will let me *log* the encrypted message in its encrypted form. And I doubt that file transfer data could be stored on disk in encrypted form...........
/wanders off to talk to someone that knows more about how to handle this ....