phone

    • chevron_right

      Sam Whited: Software is Political

      news.movim.eu / PlanetJabber • 17 November, 2023 • 5 minutes

    Introduction

    I recently attended the inaugural Free and Open Source Software Yearly ( FOSSY ) conference where I gave a talk in the XMPP track. Though my talk was just a brief technical overview of the XMPP protocol, I also gave some quick ending remarks about why I think it’s the correct choice to use as a universal standardized chat protocol. The closing remarks were written about the XMPP protocol in particular, but they are also a reflection on free and open source software more generally. This post is an adapted form of that closing statement. If you’d like to see the original talk instead, it can be found on the Internet Archive .

    Closing Remarks

    Before we end, I’d like to take a little detour and make a brief observation on our role and our responsibilities as open source developers, advocates, and users. It may sound, at first, like I’ve veered off the tracks, but bear with me and it will all come back around to Open Source and XMPP in the end.

    I recently read Becky Chamber’s “A Psalm for the Wild-Built”. Among the many beautiful and healing observations in the book, one phrase, stood out to me. It was possibly said in jest to make folks like us laugh, and maybe cry in equal measure. It was little more than a brief description of the main character’s mobile phone, but it resonated with me in a powerful way and I hope it will for you too:

    “A reliable device, built to last a lifetime, as all computers were.”

    Of course, this is clearly not how computers are designed today. Most of the time, I wouldn’t even go so far as to apply the adjective “reliable” to any of the software I use, open source or otherwise. But Utopian thinking isn’t about showing us where we are, or even portraying the world as it could be: it’s about inspiring us to apply our progressive ideals to create change.

    Writing software is an inherently political act. While others choose to form hierarchical corporations that restrict access to the products of their workers labor, we choose to share our work freely and build cooperatively with others. That’s why we’re here at FOSSY. Being here is a statement of our values. Even the small, personal project thrown up on a code hosting website and built for no one but the author puts that person in a position of political power: when others use the software, the authors choices affect them. Whether its the choice to support or not support a screen reader, or the choice to use or not use a large framework that will only run on the latest-and-greatest (read: “expensive, unattainable for many”) machines. The author may not have made these choices consciously, but, over time, their effects will be felt by many never the less.

    Therefore our primary responsibility as open source developers isn’t to shareholders or board members, or just to our current users and contributors: it’s to all the people who will use it tomorrow (and tomorrow, and tomorrow). Proprietary software stops working when the company behind it goes out of business, or when the operating system or architecture it was designed for becomes to expensive to maintain and starts affecting the bottom line, or when the VC money dries up. Meanwhile, the open source project, even once abandoned, can be updated and re-built a generation from now. It can be made more inclusive, it can be made more reliable, it can be made more portable. Unlike its closed-source alternatives, it’s repairable. When we chose to use or build closed-source software we are choosing convenience over repairability. It’s an understandable and powerful draw, whether we’re a user or a developer. However, when we choose to provide our software freely and build it cooperatively, we are choosing to support the future, and to reject convenience culture and disposable software.

    It may be that you disagree with me and think that all software should be, as your license likely states, “provided as-is” without any responsibility on the part of the developer, and that’s fine. However you feel though, by writing the software you are sending a message to many people. Whether you like it or not, some will interpret it one way, some will interpret it another. The next time you open your laptop I hope you’ll think about what message you intend to send, and how it will be perceived. This is the essence of communication.

    This is why I choose to use XMPP over the many proprietary or venture capital funded alternatives that come and go every day. However, as someone reminded me in the bar last night, being open source is itself necessary, but not sufficient . Our software will last far longer than its proprietary, or open-source but VC funded counterparts, and the decisions we make will reach much further into the future than even the largest companies can ever hope to achieve. Take pride in that, and build your software to reflect your values: build it to last.

    Thank you for your time, and enjoy the rest of the XMPP track, and the rest of the conference.

    Special Thanks

    Unfortunately I was running over time and ended up skipping the Q&A portion and my last few slides. Unrealized by me at the time, this included a thank you to the organization that sponsored me to be there: Cheogram . Cheogram is a bridge between the XMPP network and the telephone network, allowing you to send text messages and make calls from any XMPP client. They also run the phone company jmp.chat where you can get a phone number or SIM card and associate it with your XMPP account without doing all the work of setting it up yourself. If you end up using them, please consider using my registration code so we can both get a free month, and thanks again to Cheogram for sending me to the conference!

    For one free month, my referral code for jmp.chat is BC6ZHFMA

    • wifi_tethering open_in_new

      This post is public

      blog.samwhited.com /2023/11/software-is-political/

    • chevron_right

      Erlang Solutions: The Future Trends of Sustainability in Programming Software

      news.movim.eu / PlanetJabber • 2 November, 2023 • 5 minutes

    As sustainable programming practices continue to become the norm across the software development industry, we take a look at the future sustainability trends all businesses should be aware of.

    Future sustainability changes are now impacting almost every sector worldwide, and both the wider tech sector and programming as a profession aren’t exempt from this trend. As everyone continues to work towards greener practices, a number of increasingly important trends in sustainable programming are emerging.
    Below, we’ve highlighted some of the most significant future sustainability trends to help programmers, and businesses reliant on new or existing software, better understand how coding with languages like Erlang will evolve in the coming years.

    1. Increased Awareness of Sustainable Programming and Implementation of Greener Strategies

    The first main future sustainability trend in programming is an important one, as it both cements and justifies the importance of all the following trends. Programmers are all now acutely aware of the impacts of their code on the environment, and sustainable strategies are no longer simply a consideration – they’re increasingly becoming a requirement for anyone working with tech or code.

    Green coding is now promoted by major global institutions like IBM , who continue to push for the standardisation of these practices. Meanwhile, significant international regulatory bodies, like the IPSASB, whose standards govern public sector accounting practices worldwide, have begun to publish guidance on using sustainability programs to report future sustainability information.

    The below table hosted on MDPI also shows the huge increase in ScienceDirect publications focused on “sustainable development” in universities and other higher education institutions over the past decade. These are just three of hundreds of examples of sustainable programming becoming the norm.

    a_k2brWeKAcTb2yLHV3aab6WAUzvp25LD_T-s7BbU3BfIp9UyclEz5qywFKV9-2buLdxubSbbXaprqbTwDh1B9HFLOmg9sqyijcqApLlCdCu0G32pZBmMPxgBSTszS4jMLdOmXz-fijwrfVX6qtb6vM

    It’s this increased awareness, driven by the ongoing climate crisis and significant environmental concerns across the planet, that means green programming goals aren’t just a future sustainability trend that will pass. They’re fast becoming the standard for the industry, and will continue to do so as both governments and private sectors work towards strict sustainability targets.

    2. Clean, Lean and Efficient Coding: The 3 Green Coding Principles For Future Sustainability

    A key shift towards future sustainability considerations in programming is what’s known as green coding. Green coding involves using reliable languages like Erlang in a way that considers the environmental impacts of processing code.

    This involves 3 key approaches: Lean Code, Clean Code and Efficient Code. Though they all share similarities, each can be defined in the following way:

    Lean Code. This involves making sure that code doesn’t include unnecessary elements. Each line should be functional, as this minimalism reduces the processing power needed to run code effectively.

    Clean Code. Clean code should be easy for other programmers to understand. This makes collaboration between several programmers easier, which can then allow for more sustainable development.

    Efficient Code. This involves optimising code so that it operates as efficiently as possible, with minimal processing. Efficient code, as well as the other two main green coding principles, are possible in part thanks to concurrent programming languages like Erlang.

    If you’d like to learn more about green coding, as well as the value and business sense behind it, have a read through our previous blog post .

    3. More Sustainable Blockchain Technology

    Blockchain has long been a talking point in sustainable programming, as in the past these networks consumed huge amounts of energy to operate effectively. Today, updates in sustainable blockchain technology have reduced this energy consumption significantly.

    Innovations will likely continue to ensure blockchain becomes a greener and more efficient form of technology for businesses, particularly those in certain sectors like fintech. Blockchain will also play its own important role in creating more sustainable infrastructure, as well as in more detailed reporting.

    You can read more about these evolutions in blockchain’s future sustainability potential in our previous blog post .

    4. Green Computing Tools

    The following two major trends involve both the tools used by programmers, as well as the software they create. Green computing tools designed to monitor energy efficiency are becoming increasingly popular, as development teams need to create more efficient solutions for clients.

    These future sustainability tools are sometimes created with specific programming languages in mind, like this example designed to monitor Erlang software, whilst others target specific equipment, like data centres.

    Tools like these have been in development for at least a decade, as shown by the 2014 book “Green Computing: Tools and Techniques for Saving Energy, Money, and Resources”. But the number of tools available today, as well as their progressively standardised usage by programmers, makes them an important future sustainability trend for programming as a whole.

    5. Future Sustainability Through Software Design

    Programmers are now using languages like Erlang to contribute towards a wider initiative known as the “Greening of IT” . This is a comprehensive approach to future sustainability in tech, and a large part of its mission involves creating green software.

    The initiative was started by the Green Software Foundation, which has published and maintains a training program to encourage developers to adopt greener practices.

    This training also includes a list of green software engineering principles , taking into account energy efficiency, hardware efficiency and carbon awareness as well as other future sustainability concerns.

    infe8c5bPbbAsh-r1Lv1UhSvBIRiW_oQ7XWMV92feeqLpsyxiHmrWjAsWqaV33s-kG8J2hxCfgpFFJFm7KLDBK7dwAYgmyKB4iVNH2reMaKB0LtO9dcBEjlfPIFelKInbYmfsOceBK36yN5kLkByThQ

    These climate considerations in programming play a key role in the profession, and will only continue to grow in importance in the years to come. With net zero by 2050 serving as a clear (and for some countries, legally binding) goal for global emissions reduction, green coding and software must continue to become more efficient.

    Working Towards Future Sustainability Today With Erlang Solutions

    Future sustainability isn’t tomorrow’s concern; programmers are adapting their processes right now to better support a greener future.

    At Erlang Solutions, our expert team of Erlang programmers continue to modify and create new ways of working that ensure more efficient green software solutions across multiple sectors.
    Thanks to its versatility, Erlang is the ideal language to support the continued shift towards future sustainability goals. If you’d like to learn more about what our team’s doing for sustainable programming, or how our Erlang support could help your business, please consider contacting our team today .

    The post The Future Trends of Sustainability in Programming Software appeared first on Erlang Solutions .

    • wifi_tethering open_in_new

      This post is public

      www.erlang-solutions.com /blog/the-future-trends-of-sustainability-in-programming-software/

    • chevron_right

      Erlang Solutions: The Power of Green Coding: Erlang and Elixir Leading the Charge

      news.movim.eu / PlanetJabber • 27 October, 2023 • 2 minutes

    In the era of the green revolution, industries across the board are gravitating towards sustainable solutions. The software realm is no exception, striving for efficient code that optimizes resource utilisation. This not only conserves energy but also minimises the environmental impact of server farms and data centers. Leading the charge in this green coding initiative are Erlang and Elixir.

    These two languages, both running on the BEAM virtual machine, are renowned for:

    – Superior concurrency

    – Fault tolerance

    – Real-time system capabilities

    By leveraging these features, numerous companies have successfully reduced server consumption, paving the way for green coding solutions.

    However, it’s worth noting that some existing literature doesn’t place Erlang and Elixir at the top in terms of energy efficiency. Such research often measures programming language efficiency in running various algorithms such as binary-trees or fannkuch-redux, which may not accurately represent industry usage patterns. We anticipate future studies will employ simulated environments that better mirror real-world scenarios, aligning more closely with the data we observe in practice.

    In this post, we will delve into industry examples showcasing how the adoption of Erlang and Elixir has effectively cut down server usage.

    WhatsApp

    This globally recognised messaging app used Erlang to achieve high scalability. The power of Erlang allowed WhatsApp to handle millions of concurrent connections with a surprisingly small server cluster back in 2012.

    Pinterest

    Harnessing the power of Elixir, Pinterest efficiently manages around 30 thousand events every second from its 200 million active users. Thanks to the BEAM VM, they’ve streamlined their code, reducing server needs by 50% to only 15 .

    Bleacher Report

    Originally built on Ruby on Rails, the sports news site Bleacher Report transitioned to Elixir, resulting in substantial server reduction. From 150 servers down to just 5 , Bleacher Report achieved greater efficiency to the benefit of their profits and the environment.

    Discord

    Discord, the favorite communication hub for gamers, opted for Elixir to manage its real-time communication layer from day one . This strategic choice allowed Discord to serve millions of users, reducing the need for a larger server infrastructure.

    AdRoll

    In the world of real-time bidding where speed and efficiency are paramount, AdRoll utilized Erlang. This enabled them to handle a staggering 1.5 million bid actions per second , processing thousands of bid requests per machine. Reducing the number of servers needed with more efficient software is a prime example of green coding.

    Bet365

    As one of the globe’s most significant online gambling companies, Bet365 faced the herculean task of managing countless live betting scenarios. Their green solution? Erlang. This allowed them to support ten times the number of users on a single node – a win-win for the company and our planet.

    In conclusion

    Green coding is about harnessing technology responsibly, ensuring we make efficient use of our planet’s resources without sacrificing speed or scalability. With languages like Erlang and Elixir, we’ve seen numerous companies demonstrate that it’s possible to “have one’s cake and eat it too” in the realm of coding.

    In a world grappling with climate change, every step towards sustainability counts. So the next time you embark on a coding project, remember: code not just for function, but also for the environment.

    The post The Power of Green Coding: Erlang and Elixir Leading the Charge appeared first on Erlang Solutions .

    • chevron_right

      JMP: CertWatch

      news.movim.eu / PlanetJabber • 24 October, 2023 • 3 minutes

    As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected . The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done by getting a valid certificate from Let’s Encrypt.

    When it comes to mitigation strategies for client-to-server connections, luckily there is already an excellent option called channel binding . Most XMPP clients and servers already have some amount of support for this technique, and in the wake of this attack, most are scrambling to make sure their implementations are complete. Many service providers have also added CAA DNS records which can prevent the very specific way this attack was executed from succeeding.

    We’ve been hard at work on a different tool that can also help with defense-in-depth for this kind of situation. Ultimately, a MITM will use a different public key from the one the server uses, even if it is wrapped in a signed certificate declared as valid by a trustworthy authority (like Let’s Encrypt). If we know what key is seen when trying to connect, and we know what key the server administrator expects us to see , we can detect an ongoing MITM of this variety even when the certificate presented is valid. The tool we have developed is in early testing now. We call it CertWatch .

    The premise is simple. The server administrator knows exactly what public/private keypair they are using (or can easily find out) and publishes this in DNSSEC -signed DNS records for our tool to find. The tool then periodically polls the XMPP server over Tor to see what certificate is presented. If the key in the certificate matches the key in the DNS zone, we know the session is not MITM’d (some caveats below). CertWatch checks the current setup of any domain entered, and if not yet declaring any keys, it displays setup instructions. It will either tell you to enable DNSSEC or it will tell you which DNS records to add. Note that these records are additive, so it is safe to add multiple sets when serving multiple domains from one host through SRV records. Once everything looks good, running a domain through CertWatch will display a success message and instructions for getting notified of any issues. It will then poll the domain periodically, and if any key mismatches are found, those subscribing to notifications will receive an alert.

    Some tools change your key on every certificate renewal, which means you would have to update your zone setup every time your certificates renew. Other tools allow you to reuse existing keys and save some hassle, such as certbot with the --reuse-key option.

    Caveats

    If we did our polls from our main server IPs, it would be easy for any attacker to detect our probes and selectively disable the MITM attack for us, making themselves invisible. Probing over Tor gives CertWatch a different IP for every request and a traffic profile almost certainly consistent with the sort that many MITM attackers are going to want to inspect. This is not perfect, however, and it may be possible to fingerprint our probes in other ways to selectively MITM some traffic and ignore others. Just because our tool’s sessions were not MITM’d does not prove that no sessions are.

    Anyone with physical access to the server may also scrape the actual certificates and keys off the disk, or use similar techniques in order to execute a MITM with exactly the same key the server operator expects and would use . The particular mitigation technique CertWatch helps administrators implement is ineffective against this. Rotating the key occasionally may help, but it really depends on the sophistication of the attacker and how much access they have.

    Check it Out

    So head over to CertWatch , enter your service domain, and let us know what you think .

    • wifi_tethering open_in_new

      This post is public

      blog.jmp.chat /b/certwatch/certwatch

    • chevron_right

      Snikket: On the jabber.ru MITM attack

      news.movim.eu / PlanetJabber • 21 October, 2023 • 5 minutes

    This post is about a recent security incident on a public XMPP service, which provides jabber.ru and xmpp.ru. We have received a few questions from Snikket users about whether they should be concerned about the security of their own servers (Snikket also uses XMPP).

    The good news is that Snikket was not affected by this incident - this was a targeted attack against the jabber.ru/xmpp.ru service specifically. Later in the post we’ll share more information about what we’ve done, and what we have planned, to ensure our systems our secure from such attacks.

    What happened with jabber.ru?

    It transpired yesterday that jabber.ru and xmpp.ru public XMPP services have likely been subjected to interception of their encrypted traffic for at least 90 days, and possibly up to 6 months. It is not clear who performed the interception, or why. Possibilities include law enforcement, or a compromise of the infrastructure of two hosting providers (Hetzner and Linode) used by the services.

    This post won’t go into too many technical details, for which we would refer to the original write-up published here .

    The “machine in the middle” (MITM) attack targeted the jabber.ru and xmpp.ru domains, and ended shortly after its discovery. We’re not aware of any documented attacks of this nature on the XMPP network before, nor indeed other internet services at this time.

    Why is this news?

    Although traffic interception is nothing new, previously it has mostly been performed by passively observing traffic as it passed through network devices on the internet. Snowden revealed how widespread this practice was back in 2013, prompting a large shift towards TLS encryption by default across the internet. TLS protects traffic from observers, and today it is used to protect everything you do online, from chatting, to checking your email, to online banking.

    What makes this attack notable, is that it was an “active” attack - not just passing traffic through, but modifying it. Specifically, they were decrypting and re-encrypting traffic as it passed through a network device (the “machine in the middle”) that had been placed between the jabber.ru server and the rest of the internet.

    Usually TLS prevents such an attack from succeeding, as long as you verify certificates. However in this case the attacker was able to obtain valid certificates for the targeted domains, making all connections look like they were genuine.

    With the advent of ACME-based certificate authorities such as Let’s Encrypt, obtaining certificates is not at all hard for someone able to intercept and respond to traffic that is sent to your server, and in this case that’s exactly what happened.

    How is this related to Snikket?

    It’s not, mostly. However, one thing we have in common is our hosting provider - we use Hetzner for a number of our servers, including those that power Snikket Hosting .

    In response to the news of this attack, we have audited all our servers and verified that none demonstrate the anomalous characteristics reported by the jabber.ru team, confirming our belief that this was targeted only at their services.

    We will be taking additional steps to safeguard our systems from similar attacks, as a preventative measure. This includes:

    • Deploying a strict CAA record , ensuring only our Let’s Encrypt account will be authorized to issue certificates for our hosted domains (we already have DNSSEC in place to help secure this). Update: The CAA record is now deployed.

    • Setting up monitoring to alert on any suspicious certificates issued for our hosted domains. We are not currently aware of suitable tooling that would meet our needs (though there are some existing efforts in this area, such as certspotter ). If we develop anything new, we will share it with the community.

    We are also currently working hard on the next Snikket Server release, which coincidentally supports the “channel binding” security feature. Channel binding is the ultimate protection against these kinds of attacks, and works even if the attacker is able to obtain a valid TLS certificate. The protection will be enabled by default on both hosted and self-hosted instances. This feature was part of our modern authentication and account security work in Prosody, funded by NGI Assure via NLnet.

    Custom domains with Snikket

    If you use a custom domain with your hosted Snikket instance, or if you are entirely self-hosting Snikket, you can also add a CAA record to increase security. You need to do this with your DNS provider - we cannot do it for you. We recommend using a relatively low TTL in case you make any mistakes.

    Note that although it helps improve the security of your instance, setting a CAA record is entirely optional.

    Custom domains on our hosting platform

    If you are using our hosting platform, your CAA record contents should look like this exactly :

    128 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/75887657"
    

    You only need to set it for the main domain of your Snikket instance. If you use your domain for other things, do not add this CAA record on your root domain! E.g. If your Snikket instance is at ‘chat.example.com’, your CAA record should also be at ‘chat.example.com’. Otherwise it will prevent you from obtaining certificates for your other services.

    Self-hosted instances

    If you are self-hosting Snikket, you can also set a CAA record, but you will need to use your own account URI. You can run the following command in your snikket directory to find the right URI to use:

    docker-compose exec snikket_server find /snikket/letsencrypt -name regr.json -exec grep uri {} +
    

    Remember to set the CAA only on the domain or subdomain you use for Snikket. Put the URI (the part beginning with https:// ) into the record, replacing URI-GOES-HERE in the example below:

    128 issue "letsencrypt.org;accounturi=URI-GOES-HERE"
    

    After putting the CAA record in place, keep a close watch on Snikket and any other services on your domain over the following weeks, to ensure they successfully renew their certificates.


    We hope this post has been helpful! If you have any questions about your Snikket setup, we have a helpful community chat . If you are using our hosted platform, you can also contact us via email at support@snikket.org .

    • wifi_tethering open_in_new

      This post is public

      snikket.org /blog/on-the-jabber-ru-mitm/

    • chevron_right

      ProcessOne: ejabberd 23.10

      news.movim.eu / PlanetJabber • 18 October, 2023 • 14 minutes

    A new ejabberd release, ejabberd 23.10, is now published with more than 150 commits since the previous 23.04. It includes many new features and improvements, and also many more bugfixes.

    • Support for XEP-0402: PEP Native Bookmarks
    • Support for XEP-0421: Occupant Id
    • Many new options and features

    A more detailed explanation of improvements and features:

    Added support for XEP-0402: PEP Native Bookmarks

    XEP-0402: PEP Native Bookmarks describes how to keep a list of chatroom bookmarks as PEP nodes on the PubSub service. That’s an improvement over XEP-0048: Bookmark Storage which described how to store in a single Private XML Storage or a single PEP node.

    mod_private now supports the bookmark conversion described in XEP-0402:
    ejabberd synchronizes XEP-0402 bookmarks, private storage bookmarks and XEP-0048 bookmarks.

    In this sense, the bookmarks_to_pep command performs an initial synchronization of bookmarks, getting bookmarks from Private XML Storage and stores them in PEP nodes as described both in XEP-0048 and XEP-0402.

    New mod_muc_occupantid module with support for XEP-0421: Occupant Id

    XEP-0421: Anonymous unique occupant identifiers for MUCs is useful in anonymous MUC rooms, message correction and message retractions. Right now the only client found to support XEP-0421 is Dino , since version 0.4.

    ejabberd now implements XEP-0421 0.1.0 in mod_muc_occupantid . The module is quite simple and has no configurable options: just enabled it in the modules section in your ejabberd.yml configuration file and restart ejabberd or reload_config .

    New option auth_external_user_exists_check

    The new option auth_external_user_exists_check makes user_check hook work better with authentication methods that don’t have a way to determine if user exists. This happens, for example, in the case of jwt and cert based authentication. As result, enabling this option improves mod_offline and mod_mam handling of offline messages to those users. This reuses information stored by mod_last for this purpose.

    Improved offline messages handling when using authentication methods without users lists

    Authentication methods that manage users list outside of ejabberd, like for example JWT token or tls certificate authentication, had issue with processing of offline messages. Those methods didn’t have a way to tell if given user existed when user was not logged in, and that did block processing of offline messages, which were only performed for users that we know did exists. This release adds code that also consults data stored by mod_last for that purpose, and it should fix offline messages for users that were logged at least once before.

    Changes in get_roster command

    There are some changes in the result output of the get_roster command defined in mod_admin_extra :

    • ask is renamed to pending
    • group is renamed to groups
    • the new groups is a list with all the group names
    • a contact that is in several groups is now listed only once, and the groups are properly listed.

    For example, let’s say that admin@localhost has two contacts: a contact is present in two groups ( group1 and group2 ), the other contact is only present in a group ( group3 ).

    The old get_roster command in ejabberd 23.04 and previous versions was like:

    $ ejabberdctl get_roster admin localhost
    jan@localhost jan   none    subscribe       group1
    jan@localhost jan   none    subscribe       group2
    tom@localhost tom   none    subscribe       group3
    

    The new get_roster command in ejabberd 23.XX and newer versions returns as result:

    $ ejabberdctl get_roster admin localhost
    jan@localhost jan   none    subscribe       group1;group2
    tom@localhost tom   none    subscribe       group3
    

    Notice that the ejabberdctl command-line tool since now will represent list elements in results separated with ;

    New halt command

    Until now there were two API commands to stop ejabberd:

    • stop stops ejabberd gracefully, calling to stop each of its components (client sessions, modules, listeners, …)
    • stop_kindly first of all sends messages to all the online users and all the online MUC rooms, waits a few seconds, and then stops ejabberd gracefully.

    Those comands are useful when there’s an ejabberd running for many time, with many users connected, and you want to stop it.

    A new command is now added: halt , which abruptly stops the ejabberd node, without taking care to close gracefully any of its components. It also returns error code 1 . This command is useful if some problem is detected while ejabberd is starting.

    For example, it is now used in the ecs and the ejabberd container images when CTL_ON_CREATE or CTL_ON_START were provided and failed to execute correctly. See docker-ejabberd#97 for details.

    MySQL driver improvements

    MySQL driver will now use prepared statements whenever possible, this should improve database load. This feature can be disabled with sql_prepared_statement: false .

    We also added alternative implementation of upsert that doesn’t use replace .. or insert ... on conflict update , as in some versions of MySQL this can lead to excessive deadlocks. We switch between implementations based on version but it’s possible to override version check by having:

    sql_flags:
      - mysql_alternative_upsert
    

    inside config file.

    New unix_socket listener option

    When defining a listener , the port option can be a port number or a string in form "unix:/path/to/socket" to create and listen on a unix domain socket /path/to/socket .

    The new unix_socket listener option allows to customize some options of that unix socket file.

    The configurable options are:

    • mode : which should be an octal
    • owner : which should be an integer
    • group : which should be an integer

    Those values have no default: only when they are set, they are changed.

    Example configuration:

    listen:
      -
        port: "unix://tmp/asd/socket"
        unix_socket:
          mode: '0775'
          owner: 117
          group: 135
    

    New install_contrib_modules top-level option

    The new install_contrib_modules top-level option lets you declare a list of modules from ejabberd-contrib that will be installed automatically by ejabberd when it is being started. This option is read during ejabberd start or configuration reload.

    This option is equivalent to installing the module manually with the command ejabberdctl module_install whatever . It is useful when deploying ejabberd automatically with a configuration file that mentions a contrib module.

    For example, let’s enable and configure some modules from ejabberd-contrib, and use the new option to ensure they get installed, all of this the very first time ejabberd runs. Extract from ejabberd.yml :

    ...
    
    install_contrib_modules:
      - mod_statsdx
      - mod_webadmin_config
    
    modules:
      mod_statsdx:
        hooks: true
      mod_webadmin_config: {}
      ...
    

    The ejabberd.log file will show something like:

    2023-09-25 15:32:40.282446+02:00 [info] Loading configuration from _build/relive/conf/ejabberd.yml
    Module mod_statsdx has been installed and started.
    The mod_statsdx configuration in your ejabberd.yml is used.
    Module mod_webadmin_config has been installed and started.
    The mod_webadmin_config configuration in your ejabberd.yml is used.
    2023-09-25 15:32:42.201199+02:00 [info] Configuration loaded successfully
    
    ...
    2023-09-25 15:32:43.163099+02:00 [info] ejabberd 23.04.115 is started in the node ejabberd@localhost in 3.15s
    2023-09-25 15:32:47.069875+02:00 [info] Reloading configuration from _build/relive/conf/ejabberd.yml
    2023-09-25 15:32:47.100917+02:00 [info] Configuration reloaded successfully
    

    New notify_on option in mod_push

    mod_push has a new option: notify_on , which possible values:

    • all : generate a notification on any kind of XMPP stanzas. This is the default value.
    • messages : notifications are only triggered for actual chat messages with a body text (or some encrypted payload).

    Add support to register nick in a room

    A nick can be registered in the MUC service since ejabberd 13.06, this prevents anybody else to use that nick in any room of that MUC service.

    Now ejabberd gets support to register a nick in a room, as described in XEP-0045 section 7.10 Registering with a Room

    Registering a nick in the MUC service or in a room is mutually exclusive:
    – A nick that is registered in the service cannot be registered in any room, not even the original owner can register it.
    – Similarly, a nick registered in any room cannot be registered in the service.

    MUC room option allow_private_messages converted to allowpm

    Until ejabberd 23.04, MUC rooms had a configurable option called allow_private_messages with possible values true or false .

    Since ejabberd 23.10, that option is converted into allowpm , with possible values:

    • anyone : equivalent to allow_private_messages=true
    • none : equivalent to allow_private_messages=false
    • participants
    • moderators

    gen_mod API to simplify hooks and IQ handlers registration

    If you wrote some ejabberd module, you may want to update your module to the simplified gen_mod API. This is not mandatory, because the old way to do this is supported.

    Until now, erlang modules that implemented ejabberd’s gen_mod behaviour called ejabberd_hooks:add and gen_iq_handler:add_iq_handler in ther start functions. Similarly, in their stop function they called ejabberd_hooks:delete and gen_iq_hanlder:remove_iq_handler .

    Since ejabberd 23.10, there is an alternative way to do this: let your start function return {ok, List} , where List is a list of iq handlers and hooks that you want your module to register to. No need to unregister them in your stop function!

    How to change your module to the new API? See the changes done in mod_adhoc.erl in commit 60002fc .

    MS SQL requirements

    To use the Microsoft SQL Server database, the libtdsodbc library is required, as explained in the corresponding section of the ejabberd Docs: Configuration > Databases > Microsoft SQL Server

    Since this release, the ejabberd container image includes this library.

    Please notice if you install ejabberd using the binary installers and want to use MS SQL: you must install the libtdsodbc libraries on your machine. It cannot be included in the ejabberd installer due to the nature of the odbc drivers being dynamic depending on the respective odbc backend in use.

    Erlang/OTP 20.0 or higher required

    This ejabberd release requires Erlang/OTP 20.0 or newer to compile and run, support for Erlang/OTP 19.3 is deprecated. If you are still using Erlang/OTP 19.3, please update to a more recent Erlang version. For example, the ejabberd binary installers and container images are using Erlang/OTP 26.1. That requirement increase was announced almost a year ago, check more details in the ejabberd 22.10 release announcement .

    If you are still using Erlang/OTP 19.3 and cannot update it right now, there’s still a possibility to compile ejabberd 23.10 with Erlang/OTP 19.3, but please notice: there is no guarantee or support that it will compile or run correctly. If interested, revert the changed line in the file configure.ac done in commit d299b97 and recompile.

    Acknowledgments

    We would like to thank the contributions to the source code, documentation, and translation provided for this release by:

    And also to all the people contributing in the ejabberd chatroom, issue tracker…

    Improvements in ejabberd Business Edition

    Customers of the ejabberd Business Edition , in addition to all those improvements and bugfixes, also get:

    • Push:
      • Add support for Webpush
      • Various APNS & GCM fixes and optimizations
      • async calls to push backends
      • Improved error messages
      • Improve error detection and reconnection strategy
      • New mod_push_logger module to log push related events
    • Matrix :
      • Add support for Matrix v10 rooms
      • Add SRV support in mod_matrix_gw_s2s
    • Misc:
      • Add max_concurrent_connections option to webhook
      • Add module for logging chat & jingle events in a separate file
      • Add retraction handling in MAM for p1db & dynamodb databases

    ChangeLog

    This is a more detailed list of changes in this ejabberd release:

    Compilation

    • Erlang/OTP: Raise the requirement to Erlang/OTP 20.0 as a minimum
    • CI: Update tests to Erlang/OTP 26 and recent Elixir
    • Move Xref and Dialyzer options from workflows to rebar.config
    • Add sections to rebar.config to organize its content
    • Dialyzer dirty workarounds because re:mp() is not an exported type
    • When installing module already configured, keep config as example
    • Elixir 1.15 removed support for --app
    • Elixir: Improve support to stop external modules written in Elixir
    • Elixir: Update syntax of function calls as recommended by Elixir compiler
    • Elixir: When building OTP release with mix, keep ERLANG_NODE=ejabberd@localhost
    • ejabberdctl : Pass ERLANG_OPTS when calling erl to parse the INET_DIST_INTERFACE ( #4066

    Commands

    • create_room_with_opts : Fix typo and move examples to args_example ( #4080 )
    • etop : Let ejabberdctl etop work in a release (if observer application is available)
    • get_roster : Command now returns groups in a list instead of newlines ( #4088 )
    • halt : New command to halt ejabberd abruptly with an error status code
    • ejabberdctl : Fix calling ejabberdctl command with wrong number of arguments with Erlang 26
    • ejabberdctl : Improve printing lists in results
    • ejabberdctl : Support policy=user in the help and return proper arguments
    • ejabberdctl : Document how to stop a debug shell: control+g
    • ejabberdctl : Support policy=user in the help and return proper arguments
    • ejabberdctl : Improve printing lists in results

    Container

    • Dockerfile: Add missing dependency for mssql databases
    • Dockerfile: Reorder stages and steps for consistency
    • Dockerfile: Use Alpine as base for METHOD=package
    • Dockerfile: Rename packages to improve compatibility
    • Dockerfile: Provide specific OTP and elixir vsn for direct compilation
    • Halt ejabberd if a command in CTL_ON_ fails during ejabberd startup

    Core

    • auth_external_user_exists_check : New option ( #3377 )
    • gen_mod : Extend gen_mod API to simplify hooks and IQ handlers registration
    • gen_mod : Add shorter forms for gen_mod hook/ iq_handler API
    • gen_mod : Update modules to the new gen_mod API
    • install_contrib_modules : New option to define contrib modules to install automatically
    • unix_socket : New listener option, useful when setting unix socket files ( #4059 )
    • ejabberd_systemd : Add a few debug messages
    • ejabberd_systemd : Avoid using gen_server timeout ( #4054 )( #4058 )
    • ejabberd_listener : Increase default listen queue backlog value to 128, which is the default value on both Linux and FreeBSD ( #4025 )
    • OAuth: Handle badpass error message
    • When sending message on behalf of user, trigger user_send_packet ( #3990 )
    • Web Admin: In roster page move the AddJID textbox to top ( #4067 )
    • Web Admin: Show a warning when visiting webadmin with non-privileged account ( #4089 )

    Docs

    • Example configuration: clarify 5223 tls options; specify s2s shaper
    • Make sure that policy=user commands have host instead of server arg in docs
    • Improve syntax of many command descriptions for the Docs site
    • Move example Perl extauth script from ejabberd git to Docs site
    • Remove obsolete example files, and add link in Docs to the archived copies

    Installers ( make-binaries )

    • Bump Erlang/OTP version to 26.1.1, and other dependencies
    • Remove outdated workaround
    • Don’t build Linux-PAM examples
    • Fix check for current Expat version
    • Apply minor simplifications
    • Don’t duplicate config entries
    • Don’t hard-code musl version
    • Omit unnecessary glibc setting
    • Set kernel version for all builds
    • Let curl fail on HTTP errors

    Modules

    • mod_muc_log : Add trailing backslash to URLs shown in disco info
    • mod_muc_occupantid : New module with support for XEP-0421 Occupant Id ( #3397 )
    • mod_muc_rtbl : Better error handling in ( #4050 )
    • mod_private : Add support for XEP-0402 PEP Native Bookmarks
    • mod_privilege : Don’t fail to edit roster ( #3942 )
    • mod_pubsub : Fix usage of plugins option, which produced default_node_config ignore ( #4070 )
    • mod_pubsub : Add pubsub_delete_item hook
    • mod_pubsub : Report support of config-node-max in pep
    • mod_pubsub : Relay pubsub iq queries to muc members without using bare jid ( #4093 )
    • mod_pubsub : Allow pubsub node owner to overwrite items published by other persons
    • mod_push_keepalive : Delay wake_on_start
    • mod_push_keepalive : Don’t let hook crash
    • mod_push : Add notify_on option
    • mod_push : Set last-message-sender to bare JID
    • mod_register_web : Make redirect to page that end with / ( #3177 )
    • mod_shared_roster_ldap : Don’t crash in get_member_jid on empty output ( #3614 )

    MUC

    • Add support to register nick in a room ( #3455 )
    • Convert allow_private_message MUC room option to allowpm ( #3736 )
    • Update xmpp version to send roomconfig_changesubject in disco#info ( #4085 )
    • Fix crash when loading room from DB older than ffa07c6, 23.04
    • Fix support to retract a MUC room message
    • Don’t always store messages passed through muc_filter_message ( #4083 )
    • Pass also MUC room retract messages over the muc_filter_message ( #3397 )
    • Pass MUC room private messages over the muc_filter_message too ( #3397 )
    • Store the subject author JID, and run muc_filter_message when sending subject ( #3397 )
    • Remove existing role information for users that are kicked from room ( #4035 )
    • Expand rule “mucsub subscribers are members in members only rooms” to more places

    SQL

    • Add ability to force alternative upsert implementation in mysql
    • Properly parse mysql version even if it doesn’t have type tag
    • Use prepared statement with mysql
    • Add alternate version of mysql upsert
    • ejabberd_auth_sql : Reset scram fields when setting plain password
    • mod_privacy_sql : Fix return values from calculate_diff
    • mod_privacy_sql : Optimize set_list
    • mod_privacy_sql : Use more efficient way to calculate changes in set_privacy_list

    Full Changelog

    https://github.com/processone/ejabberd/compare/23.04…23.10

    ejabberd 23.10 download & feedback

    As usual, the release is tagged in the Git source code repository on GitHub .

    The source package and installers are available in ejabberd Downloads page. To check the *.asc signature files, see How to verify ProcessOne downloads integrity .

    For convenience, there are alternative download locations like the ejabberd DEB/RPM Packages Repository and the GitHub Release / Tags .

    The ecs container image is available in docker.io/ejabberd/ecs and ghcr.io/processone/ecs . The alternative ejabberd container image is available in ghcr.io/processone/ejabberd .

    If you consider that you’ve found a bug, please search or fill a bug report on GitHub Issues .

    The post ejabberd 23.10 first appeared on ProcessOne .
    • chevron_right

      Erlang Solutions: Erlang Security Audit

      news.movim.eu / PlanetJabber • 18 October, 2023 • 3 minutes

    Unlock the Power of Secure Erlang Code

    Cybersecurity is a non-negotiable aspect of business. The need for robust protection extends to all aspects of your operations, including the security of your Erlang-based code.

    At Erlang Solutions , we recognise the vital importance of safeguarding your code from potential vulnerabilities and security threats. We are thrilled to introduce our latest offering – the Erlang Security Audit, just in time for this Cybersecurity Month.

    Why Choose Erlang Security Audit?

    The Erlang Security Audit is a comprehensive service tailored to companies relying on Erlang-based code, who are resolute in fortifying their systems against vulnerabilities and security risks. Our expertise, derived from years of experience in the field, equips us to assess your code comprehensively and ensure the utmost protection.

    In-depth vulnerability assessment: The Erlang Security Audit is designed to delve deep into your code, identifying vulnerabilities and weaknesses that may make your systems susceptible to hacking and external attacks.

    Up to date guidelines: Outlining the latest vulnerabilities and, more importantly, how to avoid them Business continuity assurance: A security breach can cripple your business, disrupt operations, and damage your reputation. Our audit ensures that your systems are fortified against threats, ensuring seamless business continuity.

    How does it work?

    Our Erlang Security Audit offers numerous benefits that make it the ideal choice for safeguarding your code and ensuring the uninterrupted flow of your business operations.

    Code submission: You provide us with your Erlang code, and our team takes it from there.

    Comprehensive analysis: We run a thorough analysis of your systems, leveraging state-of-the-art software developed in collaboration with Eötvös Loránd University .
    User-friendly reporting: We transform the analysis results into a user-friendly report, making it easy for you to understand the vulnerabilities and recommended fixes.

    Who Should Consider Erlang Security Audit?

    Companies with prior security issues: If your business has encountered security problems in the past, our audit will help you pinpoint weaknesses and strengthen your defences.

    Proactive businesses: Even if you’ve had no security incidents, it’s crucial to assess your system’s vulnerabilities. Our audit uncovers potential risks before they become real threats.

    Business looking for enhanced continuity: A more secure system directly contributes to better business continuity, safeguarding your operations and customer trust.

    Why choose us?

    Our process is designed to be seamless and efficient. You submit your Erlang code, and we take it from there. Our team, equipped with state-of-the-art software developed in collaboration with the Eötvös Loránd University, conducts a comprehensive analysis of your systems. We then transform the results into a user-friendly report, making it easy for you to understand the vulnerabilities and recommended fixes.

    Collaboration with the experts: We have collaborated with the Eötvös Loránd University, a leading institution in the field, to bring you cutting-edge security analysis tools.

    Erlang experts at your service: Our team comprises Erlang experts who understand the nuances of your code, ensuring a thorough assessment.

    Additional support: We not only provide recommendations but also offer additional support. If your security issue is part of a larger problem, we can conduct a more extensive audit of your code and architecture to fix your system.

    Timely Service: We value your time. Most security audits are completed within 2-5 days, depending on the size and complexity of your systems.

    As we embrace Cybersecurity Month, remember that ensuring the security of your Erlang-based systems is a paramount concern for your business. With the Erlang Security Audit, you have a partner dedicated to fortifying your code against vulnerabilities and threats.

    Contact us today, and together, we can ensure the continuity, resilience, and trustworthiness of your business operations. Don’t wait until the threat is real – act now, and unlock the power of secure Erlang code.

    The post Erlang Security Audit appeared first on Erlang Solutions .

    • chevron_right

      Erlang Solutions: tryMongooseIM: MongooseIM is now easier than ever!

      news.movim.eu / PlanetJabber • 12 October, 2023 • 3 minutes

    Have you ever found yourself in a situation where you wanted to check the capabilities of MongooseIM , but you were overwhelmed by the sheer amount of configuration of the service itself, or how to deploy it easily?

    The world before tryMongooseIM

    Imagine you are working on a project and one of the tasks is to evaluate XMPP servers.

    You do some research and decide that MongooseIM is the tool that might suit your needs, so you start to read some documentation , check out some GitHub repositories like MongooseIM , MongooseHelm or MongooseIM ArtifactHUB and encounter the first obstacle. There are so many available options to configure that you get overwhelmed by the sheer amount of them. Then you try to determine what setup you might need to have or how to deploy them.

    Development of some of the latest versions of MongooseIM has proved helpful in simplifying the process- like introducing TOML config files or creating Helm charts for easier deployment. This made deploying on a local machine quite straightforward. Nevertheless, preparing the environment could take some time-like setting up a local Kubernetes cluster or installing Helm.

    tryMongooseIM the idea

    As the MongooseIM team, we want to make it easier for different people to check out what MongooseIM XMPP server has to offer and make the whole process as easy for new users as possible. Another goal is to be able to provide an example of both running hardware architecture and requirements that will allow MongooseIM to run smoothly.

    Together with the application, we aim to improve existing resources, like Helm charts -by introducing configurable templates.

    tryMongooseIM is born

    Now, let’s go through another real-life scenario. Before you are tasked with researching XMPP servers, you find MongooseIM and decide to check it out. Then you see tryMongooseIM website. After simple registration and onboarding, you are in possession of an XMPP dynamic domain with users that you can connect with to your application. The

    The whole process takes no more than minutes from start to finish, leaving you with time to explore how MongooseIM fits with your vision.

    tryMongooseIM features

    There are several noteworthy features that the MongooseIM team implemented to allow for such seamless integration:

    Sign up and Sign in

    We offer several ways of accessing the service which you can commonly find on other websites:

    • Use Google account to log in
    • Use GitHub account to log in
    • Register with email and password

    l7wGOFLpQEnnREKlNC-NDL5Mxq5IUuYedwcdnO-dVO5qsU0q5zuzxZk0wDcfhLjjkS6Nbv0aeweoar4Ppd9pJUGOyG16Z_i3UE7dQy2G70xPwV91uhjKlZ3rHLf1dGQ6hpGR2QYeEBbWypv3gpfHyng

    Manage dynamic XMPP domain

    Currently, each user can only have one dynamic XMPP domain at a time but can choose from several different configurations provided by MongooseIM that allow to check out multiple capabilities of the service:

    MQQNzaMT7TZ9Lmyy9kLpmm_TRTfk5-oun2AOe3GIdiASNjTXxWBK3EhdJYkasvssw-lRsIpRKLjxt0AbHz8lLqyD6QQ30YDKl7O84OSTeZMUTeEsbOOMFyIXSry1pBa6AGWP0bH6Bwv-y18p6bDxgrQ

    Manage users of  dynamic XMPP domain

    After the domain is created, you are able to start managing XMPP users who can later be used by the XMPP clients or your application to connect to MongooseIM:

    GdDVBFiPyIQK0z1wkTOtFktwCWWfToLV5Dw3eOHRLNRJm6DvYBxpzUG3_4EF3AECoZc_0W-l0qecjjtA_pLnKPWlNi2WYnwx3oKzCMlm9l6MF8CANQsPKT8A3oGFVR9DYH-CUlHsv-cJPv4QAi3G53g

    Client instructions and web client

    If you are more interested in discovering features of MongoosIM itself, we also provide instructions on how to set up and connect recommended applications for different platforms such as iOS, Android, Linux and Windows. As part of tryMongooseIM, we have integrated ConverseJS – a web-based XMPP client:

    MotSW9N2c35CrGmpt9rwR6H_ejIyjgGUwlFRufh43CP1sLQP__5AgqSbOTBY5KYLD2Qm8ltLhHHiXK4yaXNFeGwMEPsTTNXqqjstPsBSZ434vWK-yh15o7ILG12g7-QqhD3TH1vBejPlPwGZz1j9kt0

    FfOpyDE22MVTwFGYk8wQeoizgsgQFYHQBkgCqyUMf238QZOtpdx-VdWN5Tfvu8QctNIy2eVa4bc05gU35LrVPI-UwJK3qOJ8PxbkZHn4MAEn669NO5taQI9qJMGepbj5t70_h1Hqudf31ZNYImdJ6lk

    GraphQL and GraphiQL

    To communicate with MongooseIM, our application uses the provided GraphQL API which serves one more purpose: to show that it is easy to integrate with the MongooseIM instance to manage different parts of your dynamic domain. Also, to give you more insight into GraphQL API we are enabling GraphiQL instance so that you can make queries or mutations and check out available schemas via web interface:

    nETPQK9TLNM1twQd34NooWXAiwTGBLmnqZSE2dxzPeTcvwvwQMM9lUp36ypjpAwg02lTKUZl-IDXNDa6MzD6Y1UhdbmHDhUKtfS4BIdOfJNNOHhIJcM-aC4tS8cB9EXKqjXwG4MGYuMFEFaW2Vit1X8

    Summary

    tryMongooseIM service was born from our wishes to make MongooseIM more accessible for people wishing to get to know it. In my opinion, we have managed to do it in our first iteration of development. Thanks to that, the time needed to get general knowledge or time to interact with your XMPP domain is significantly shorter than before.

    We plan to continue the development of tryMongooseIM so that more and more features of MongooseIM can be used via web browsers. Should you have a special use case, high-performance requirements or want to reduce costs, don’t hesitate to contact us . We will be able to help you deploy, load test and maintain your messaging solution.

    The post tryMongooseIM: MongooseIM is now easier than ever! appeared first on Erlang Solutions .

    • wifi_tethering open_in_new

      This post is public

      www.erlang-solutions.com /blog/trymongooseim-mongooseim-is-now-easier-than-ever/

    • chevron_right

      Erlang Solutions: Type-checking Erlang and Elixir

      news.movim.eu / PlanetJabber • 5 October, 2023 • 18 minutes

    The BEAM community couldn’t be more varied when it comes to opinions about static type systems. For some they’re the most desired feature of other functional languages which we miss. Others shun them and choose our ecosystem exactly because, and not despite the fact that it doesn’t force the perceived overhead of types. Some others still worry whether static types could be successfully applied on the Erlang virtual machine at all.

    Over the years, there’s been some academic research into type checking Erlang. Even WhatsApp worked for a few years on inventing a new statically typed Erlang dialect. There were also numerous community attempts at building ML-inspired statically typed languages. However, for quite a while the only project that reached wider adoption was Dialyzer.

    Until now! The lineup of Code BEAM 2023 sports five different talks about static type systems. Is the community fed up with its long time “let it crash” adage? Or is this many talks too much of a good thing? Let’s have a closer look at the current state of type checking on the BEAM.

    Erlang, Elixir, Gleam, PureScript

    Before we begin, though, let’s get one thing out of the way. There are a few relatively new programming languages on the BEAM platform that offer static type checking from the get-go. For the sake of completeness, I’ll list them here, but as of writing they still seem to be niche – though they certainly don’t lack potential! Here comes the list:

    • Gleam – probably the best known and most actively developed one, Gleam targets both JS (browsers) and Erlang backends. The compiler is written in Rust, the language has a lively community, and, in general, it seems to have the biggest potential!
    • PureScript – a hidden gem, known either as a Haskell-dialect targeting JS and the browser, or as a more complex sibling of Elm, PureScript has a complete Erlang backend! It allows writing code with the expressiveness of Haskell, yet leveraging the legendary robustness of the BEAM.
    • Hamler – PureScript’s younger brother with some syntax modifications more closely resembling Erlang. Based on the GitHub repository, though, the development seems to have stopped some 2-3 years ago.
    • Caramel – an OCaml-inspired language compiling to Erlang. It aimed to bring OCaml’s strictness to the BEAM. Sadly, the project is discontinued with Leandro Ostera, the author, pointing at Gleam as the spiritual successor.
    • Alpaca – another attempt at bridging the gap between ML and BEAM. The project, though, was discontinued in 2019.

    With that out of the way, let’s focus on tools we can use in Erlang or Elixir. But how can we even compare programming languages and their type systems?

    Type system design 101

    I don’t want to quote too much academic material here, but I especially like the short introduction to type systems presented in “Bidirectional Typing” by Jana Dunfield and Neel Krishnaswami. If you’re already familiar with the theory, feel free to skip this section.

    > Type systems serve many purposes. They allow programming languages to reject nonsensical programs. They allow programmers to express their intent, and to use a type checker to verify that their programs are consistent with that intent. Type systems can […] even [be used] to guide program synthesis.

    On top of that, I’d add that type systems can make it significantly easier to build IDEs that provide good language support, code completion, and focused and detailed error messages, increasing development velocity.

    Dynamic or static? It doesn’t matter!

    Every programming language has some system of preventing errors. However, not all these systems are the same. A crucial property a programming language should help enforce is “program safety” (it’s certainly not the only one). It’s about whether I as a programmer can do something completely stupid, like divide by zero. Can I use a variable that was never instantiated? Can I store a number, yet later try to use it as text? Ideally programming languages should not allow any of that.

    One major distinction between such error-prevention systems is when they kick in to prevent the nonsensical operation. This might happen when the program is already running, just before the operation happens at runtime. We call programming languages using such systems “dynamically checked”, or just “dynamic”. They might also do it as soon as we run the compiler, way before a program is even deployed, not to mention being started. These are called “statically checked”, “statically typed”, or sometimes just “static”. Such an approach is called static analysis. Strictly speaking, only those latter – statically checked – programming languages use formal type systems.

    Statically typed languages historically have been more verbose and less expressive than dynamically typed ones. Dynamically typed ones have usually been easier to learn and quicker to deliver working code when starting from scratch, but also easier to shoot oneself in the foot. The latter have been on the rise since the 2000s, since when programming for the web has skyrocketed. However, with the size of computer systems growing, it’s becoming evident that building buggy systems fast is not the way to go. The question is: how can we make programming languages more expressive and more correct at the same time? It’s not dynamic vs static , it’s expressiveness vs correctness.

    Solving the equation

    In basic algebra classes we learn how to solve linear equations like:

    x + 3 = 5

    We know that with a single equation it’s possible to solve for only one variable. If x was also given, there would be nothing to solve – we could still check if the equation holds, though.

    A type system’s task is similar, but the equation it solves looks different:

    Γ ⊢ e : T

    • Γ is a typing context, that is the set of all our variables together with their types
    • e is our expression
    • T is its type

    If we know all three, we’re talking about “type checking”. It’s relatively easy, similar to checking if an equation holds.

    If we only know Γ and e , we’re talking about “type inference”. We’re trying to come up with a type of our expression e . Type inference is one of the techniques used to improve expressiveness and reduce verbosity of statically typed languages. The type system has more work to do in this case as it has to fill in the types that we, as programmers, didn’t have to provide. It saves us work at the cost of extra computation. However, that computation is hard, way harder than just type checking, and in some cases it’s just impossible. Practical type systems with inference often actually are undecidable without some type annotations provided by a programmer.

    If we know Γ and T and want to solve for e , we’re talking about program synthesis also known as code generation. This can be useful, for example, for implementing data serialization or in some cases just to save us some typing. Code generated from types usually is not complete, so it requires details to be filled in by a programmer.

    In practice, one of the common approaches to constructing type checkers is “bidirectional typing”, which means that when a checker traverses our program it alternates between “checking” and “inference” modes depending on the available type information. This approach makes inference possible in some situations where it otherwise wouldn’t be so, yet still allows programmers to omit the vast majority of tedious to write type annotations.

    Tell me the truth

    We already know that type systems aren’t all the same. They aren’t perfect either. Firstly, “they can only guarantee that well-typed programs are free from certain kinds of misbehavior.” Secondly, static analysis tools can be divided into two categories: underapproximating and overapproximating. This generally means that an underapproximating checker will not detect some bugs that exist in a given code base. An ideal checker (which cannot exist) would detect all bugs and raise no false alarms. An overapproximating checker might raise warnings even for perfectly valid code. There’s no escaping that, it’s just a matter of which side of the fence we’re on. Type systems, in general, fall in the overapproximating category.

    Type checker survey

    At the 2022 edition of Lambda Days I presented a side by side comparison of a few type checkers for Erlang. The landscape has radically changed since then! How much? Let’s take a look.

    Dialyzer

    Dialyzer is quite likely the most widely used tool in this domain. Strictly speaking it’s not a type system, but a di screpancy an alyser: a program consistency checker based on flow analysis. The theory underpinning it is described in detail in “Practical type inference based on success typings“ . It should be highlighted that it’s meant for use on existing codebases, i.e. no source code modification is necessary to start using it. It’s one of the two tools I presented at Lambda Days 2022 that are also covered in this survey.

    It’s known for the “Dialyzer is never wrong” slogan, which sounds like snake oil, but is actually true. But what does it really mean? It boils down to the distinction between under- and overapproximating checkers – Dialyzer is of the former kind. This means it never returns false positives, i.e. never reports errors that actually aren’t there in the source code.

    The other side of the coin, though, is that it might return a series of somewhat confusing non-local errors, only one of which is the root cause of the entire report – however, that one is then a real problem that needs to be fixed. Due to the underapproximating nature, it might also not warn about potential pitfalls, that do not occur 100% of the time.

    Dialyzer requires a clever approach when checking libraries meant for inclusion in other code. To deliver the best results, it requires client code to be analyzed together with main code. When writing a library, this means we need to put library API callers, not just the library implementation under analysis. Usually, including our library tests in the analysis does the trick.

    Traditionally, Dialyzer required generating a procedure lookup table (aka PLT) before running an analysis. It was quite a time consuming step, with the analyses not being very fast either. However, since Erlang OTP 26 , the situation has greatly improved thanks to the “incremental” mode implemented by Tom Davies from WhatsApp.

    A boatload of information on how to use Dialyzer effectively can be learnt from Jesper Eskilson’s “Slaying the Type Hydra”talk from Code BEAM 2022.

    Thomas Davies spoke that same year about “ Incremental Dialyzer: How we made Dialyzer 7x Faster “. At this year’s Code BEAM edition Marc Sugiyama will present “ How I grew to love Erlang Type Specs ”.

    Because of the historically slow analyses, confusing errors, and limited guarantees, even quite prominent community figures have voiced skepticism about Dialyzer’s efficacy. On the other hand, it’s a battle tested tool with integrations built into Rebar3, Mix, Erlang and Elixir language servers, and therefore practically any editor or IDE. You cannot go wrong with Dialyzer when looking for the extra bit of confidence in your codebase.

    Gradualizer

    For quite a while Dialyzer was leaving part of the BEAM community unsatisfied. One of the attempts to address this was Josef Svenningsson’s Code BEAM 2018 talk “ A gradual type system ”, where he unveiled Gradualizer. A gradual type system is one which generally behaves like a static one, but leaves some checks to be done at runtime – the fewer checks left for runtime, the more guarantees about code correctness can be offered before running it. Probably the best known example of a language with a gradual type system is TypeScript.

    Gradualizer is the other one of the two type checkers I covered in the Lambda Days 2022 talk. It’s also the one yours truly has invested the most time into, so keep in mind I might be a bit biased! I’m trying to stay level-headed, though.

    Gradualizer’s theoretical underpinnings are based on type system literature such as B. Pierce’s classic “Types and Programming Languages” or J. Siek’s and W. Taha’s “Gradual Typing for Functional Languages”, as well as some inspiration from G. Castagna’s work on set-theoretic types (which we’ll discuss separately in a while). Sadly, there’s no accompanying whitepaper describing it in detail. The project also doesn’t have dedicated funding, which means it’s developed as a community effort with – for better or worse – all its implications.

    The pros, however, are that it’s relatively fast, especially in comparison with pre-incremental-mode Dialyzer. Since Josef’s initial announcement, thanks to the community effort, it’s gained some features like partial type inference, polymorphism support and extended its syntax coverage to almost all legal Erlang constructs, including records and maps. It’s got a Rebar3 plugin as well as a Mix task. Thanks to its Elixir spinoff, Gradient , it can be used to check both Erlang and Elixir codebases. I presented a very early version of Gradient at ElixirConf EU 2021 in Warsaw – it’s still experimental, though.

    One milestone Gradualizer reached in early 2023 was cleanly passing a self-check. This means the project, while experimental in nature, can be used in practice to test a non-trivial codebase of a significant size. A caveat to keep in mind, though, is that it requires writing in a certain style, e.g. by sometimes adding inline type assertions, so it’s slightly opinionated. Another takeaway from its ability to self typecheck is that it’s a reference on how using it impacts the coding style. Gradualizer generally follows the “no spec, no check” rule, meaning that only code annotated with function specs is checked. All in all, it means it might be a bit of an effort to use in existing codebases as is, but should be easy enough to apply when starting a new project from scratch.

    Elixir Set Theoretic Types

    We’ve already mentioned “set-theoretic types” in one of the previous paragraphs. It’s a theory that’s been developed and extended by G. Castagna, a professor at CNRS – Université de Paris, and his team, for over 20 years. It’s used in CDuce, an expressive functional programming language purpose built for manipulating XML . Incidentally, its semantics match Erlang’s semantics, and therefore Elixir’s, exceptionally well.

    That’s the reason why José Valim, the creator of Elixir, has been cooperating with Giuseppe Castagna and Guillaume Duboc, a PhD student focusing on set-theoretic types for Elixir, at least since 2022, as outlined by José’s blog post, My Future with Elixir: set-theoretic types .

    As explained in Castagna’s “Programming with union, intersection, and negation types” , set-theoretic types give the programmer unparalleled freedom of expressing intent in type annotations. This is nicely captured in the Scala 3 Book chapter on Union Types – see the lengths to which one has to go if a language doesn’t have union types! Non-discriminated union types usually are not available in traditional statically typed languages like OCaml or Haskell. Scala 3 does have them, as does Erlang and Elixir, but set-theoretic types also offer the intersection and negation connectives, which together provide even more expressive power. Guillaume Duboc’s Elixir Prototype Showcase allows us to play with set-theoretic types in Elixir with an ad-hoc, prototype syntax. Please note the prototype is powered by the CDuce type checker, not the final Elixir one – that’s still a work in progress.

    However, this comes at a cost. Set-theoretic types are extremely expressive, but global type inference with set-theoretic connectives is undecidable (original result by Coppo and Dezani-Ciancaglini, 1980, here via Tommaso Petrucciani’s PhD thesis “Polymorphic set-theoretic types for functional languages”). This means that in the edge cases, a programming language with set-theoretic types requires the programmer to put in at least some type annotations. Local type inference should still allow for omitting most of them.

    This project, with José, the Elixir creator, Giuseppe, a researcher with over 20 years of experience in the field, and Guillaume, working on it full-time and writing a PhD thesis, has a huge potential! Listen to Guillaume and Giuseppe talking about “The Design Principles of the Elixir Type System” at this year’s Code BEAM in Berlin!

    However, it’s likely only going to target Elixir, with changes being gradually rolled out with new Elixir versions. Erlang is likely not going to benefit from it directly, though the research results will certainly be applicable. Another point worth mentioning is that the plan for Elixir is to abandon the traditional Erlang-inspired type and spec syntax to enable the full expressiveness of set-theoretic types. If this happens, it might mean some extra difficulties for projects trying to target or leverage both Elixir and Erlang at the same time (for example, using dependencies written in one language from a project in another). Nonetheless, the benefits seem to outweigh the costs, so let’s keep our fingers crossed for Elixir with set-theoretic types to copy (or surpass!) the success of TypeScript!

    Etylizer – Erlang Set Theoretic Types

    Since we’re at set-theoretic types and we’ve already mentioned these fit Erlang just as well as Elixir, then it makes sense to ask the question if there’s any work targeting the former. Apparently, the answer is yes!“ Set-theoretic Types for Erlang ” by Albert Schimpf, Stefan Wehr, and Anette Bieniusa is a paper announcing the development of etylizer , a new set-theoretic type checker for Erlang. The paper itself is a summary of Castagna and others’ work that best applies to Erlang and Elixir, with extensions on Erlang specific pattern-matching that doesn’t exist in CDuce.

    Etylizer is a very new project with not much user documentation and still little coverage of the Erlang language syntax. For example, features like records or maps are not implemented yet, which makes it practically impossible to use on real-world code. This makes it look paler in comparison to Gradualizer or Gradualizer. On the other hand, it’s based on a very strong theoretical underpinning, so there’s great opportunity ahead if the enthusiasm doesn’t fade. It can be set up with ease, though currently it only has a command line interface. It’s rather fast. It accepts contributions, and being written completely in Erlang, it should be quite easy to contribute to it for the BEAM community. Come listen to Anette and Albert talk about “ etylizer: Set-theoretic Types for Erlang” at Code BEAM 2023!

    eqWAlizer

    Talking about ease of contribution for the BEAM community, eqWalizer is an outlier – it’s the only tool in this comparison implemented in non-BEAM languages, namely Scala with some Rust here and there.

    ovsa4rQUd29kT8ag-vAi_qprZplSoc1chkXCy4pU3OX73NucIf-rvqnhxteK_FBfUlnt1JPGUiyHdM44DcWfrvHXLdEYZyGT2Kn0Pfz3-rCbSM2TpFcdoPYW06Y-qislfz7yiPnnC11mIk-4_1gqeWo

    With a dedicated team at WhatsApp backing it up, it’s currently the only such well polished contender to the BEAM ecosystem’s baseline, that is Dialyzer. And there’s no doubt that a strong contender it is!

    It’s fast. It’s easy to set up – it has a Rebar3 plugin, but it can be used without it on non-Rebar projects. It was announced at the ICFP Erlang Workshop keynote in late 2022 by Ilya Klyuchnikov, its main author. It seems to work just as well as Gradualizer on the latter’s test suite (more on that to come in another blog post). It’s slower when run on a single file, but still significantly faster than Dialyzer when run on an entire project. It’s a gradual type system supporting a dynamic() type. The treatment of that type depends on the mode – gradual or strict – with the gradual mode making it compatible with any type.

    On the cons side, it seems to be blind to some nuances that a set-theoretic type checker would catch. It’s also quite opinionated, not distinguishing between integers and floating point numbers, introducing concepts such as “shapes” and “dictionaries” to deal with maps, or not caring about the difference between proper and improper lists. Dialyzer and Gradualizer, in comparison, pay more attention to these aspects of the language. This might make eqWAlizer a bit hard to adopt in established codebases. Fortunately, eqWAlizer documents these design decisions well and thanks to the simplifications they bring, it seems to be a well polished and very handy tool in an Erlang programmer’s belt. Yes, just an Erlang programmer’s – there are no official plans to support Elixir.

    Roberto Aloi, Michał Muskała , and Robin Morisset from WhatsApp, as well as Alan Zimmerman from Meta, will be speaking at Code BEAM this year about various tools they develop for the Erlang ecosystem. While none of the talks is going to be about eqWAlizer directly, there’s a chance they could share some of their impressions in the “hallway track”.

    That’s the end of our survey of Erlang and Elixir type checkers available on the BEAM platform. As you can see, some of the mentioned projects change almost as we speak and we can watch their development very closely – these are truly interesting times! It’s even better that we can speak to the authors thanks to events like Code BEAM or even contribute directly since all the mentioned projects are open-source.

    Does it mean the BEAM community has grown tired of “let it crash”? Probably not, as that’s a valid mitigation strategy for errors which cannot be avoided like network links dropping, storage failing, or hardware malfunctioning.


    However, there are errors like programming mistakes, logical flaws, design shortcomings, or just simple API misuse that can be avoided or mitigated ahead of time. Moreover, such errors usually don’t go away just because of a process restart and have to be fixed in code. The sooner we realise they’re there, the sooner we can react. It would be short-sighted not to leverage approaches like static analysis or type checking if they can bring improved developer productivity, foster type-driven development, encourage better design, enable easier and more aggressive refactoring, or just make the developer experience better.

    The post Type-checking Erlang and Elixir appeared first on Erlang Solutions .