close
  • edit rss_feed

    Timothée Jaussoin’s feed

    Please talk with me before sending me an invitation :) If you have any questions about Movim, XMPP or something related, please ask it in the official chatroom : movim@conference.movim.eu. If you have any questions about the state of the environment and the climate change, please ask yourself what you can do.

    Blog

  • chevron_right

    Pratique pour ceux qui voudraient calculer leur empreinte carbone actuelle et voir comment la réduire au mieux GRINNING FACE WITH SMILING EYES #ecologie

    Timothée Jaussoin · Tuesday, 8 September - 12:08 edit

Je suis à 3T (je pense plutôt être à 4-5T), et vous ?

Voir les détails ici

  • favorite

    2 Like

    Gotowab , rodp

  • favorite

    2 Like

    Marzanna , mathias poujol-rost ✅



  • reply chevron_right

    RPi4: Installing Movim

    A little bit of history... My RPi4 already has an XMPP server running with Prosody, an everything is running great. But I wanted more functionality and Movim seemed to be a great fit. Pretty interface, great place for news feeds, and even has blogging included. Neat! As usual with my RPi4 I have to build my own images due to its ARM architecture, but that did not quite work with Movim. It loaded, but was unstable and many things did not work. I had a hunch it was something with the database, and many eons ago I had read something about bad Postgres performance or something when running in 32-bit mode… anyway, luckily Postgres has an image for both armhf (32-bit, default for RPi4) and arm64v8 (64-bit) architectures, so would be quite easy to test as long as Docker supported running arm64v8 in the RPi4 on Raspbian. Last time I looked it did not work, maybe something changed since then? Enabling 64-bit support And it did! Someone discovered how to run and build the 64-bit images that I needed, I described how to do it here in my other blog post here. After configuring Docker to run 64-bit images, it was quite easy afterwards. I tested Postgres in 64-bit mode and Movim in 32-bit mode, almost everything was working! But some cards were not showing… By looking at Movim's output I saw the following message: Warning: unpack(): 64-bit format codes are not available for 32-bit versions of PHP in /var/www/html/vendor/ratchet/rfc6455/src/Messaging/MessageBuffer.php on line 122 Uhm… So let's make everything 64-bit! And so I did, and now everything is working as they should :) And finally... Building the image Clone Movim Docker repository with git somewhere: git clone https://github.com/movim/movim_docker Edit the file Dockerfile inside the repository as follows: -FROM php:7.3-fpm +FROM arm64v8/php:7.3-fpm Run sudo docker build --no-cache --pull --rm=true -t movim/movim:latest . Done! You can now run your own Movim pod with this image :) Here is a docker-compose.yml file based on my own for those interested: version: '3.6' services: movim: restart: unless-stopped environment: MOVIM_ADMIN: admin MOVIM_PASSWORD: CHANGEME MOVIM_DOMAIN: https://YOURMOVIM.DOMAIN MOVIM_PORT: 8080 MOVIM_INTERFACE: 0.0.0.0 POSTGRES_DB: movim POSTGRES_HOST: postgresql POSTGRES_PORT: 5432 POSTGRES_USER: movim POSTGRES_PASSWORD: CHANGEME_POSTGRES image: movim/movim:latest volumes: - ./movim:/var/www/html:rw nginx: restart: unless-stopped image: arm64v8/nginx:mainline-alpine ports: - "443:443" volumes: - ./movim:/var/www/html:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro - ./nginx/certs:/etc/ssl/certs/:ro postgresql: restart: unless-stopped environment: POSTGRES_DB: movim POSTGRES_PASSWORD: CHANGEME_POSTGRES POSTGRES_USER: movim image: arm64v8/postgres:11.4-alpine volumes: - ./postgres/data:/var/lib/postgresql/data:rw And config file for nginx: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name YOUR_SERVER.DOMAIN; ssl_certificate YOUR_SERVER.DOMAIN.crt; ssl_certificate_key YOUR_SERVER.DOMAIN.key; location / { alias /var/www/html/public/; index index.html index.htm index.php; add_header Access-Control-Allow-Origin *; location ~ \.php$ { fastcgi_pass movim:9000; fastcgi_index index.php; fastcgi_intercept_errors on; fastcgi_param SCRIPT_FILENAME $request_filename; include fastcgi_params; } location /ws/ { proxy_pass http://movim:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } I hope this can also help someone else have a good time with their RPi4! 🙂

    people Felipe 22 March, 2020

  • favorite

    4 Like

    rodp , preptorrent , Precurz , Marco Cirillo

  • 1 Comments

  • 2 May preptorrent

    It would be cool to see a debian SDCard image (dot img) of Movim for raspberry-pi (especially the pi3B +) which has an icon on the desktop so you can click through a simple wizard to set it up. So like, as easy as setting up qbittorrent, or that sort of thing. That way total noobs could do it. Also, then Debian could still be used (presumably with mate desktop) in the background so that the pi is still generally useful as a desktop PC for humble online usage and pidgin IM etc. There is a limit to how many raspberry-pi computers a person can buy. Also their warehouse got robbed, thereby limiting supply. It would also be very cool to have an option in that "wizard" that allowed an external (even just usb2) HDD drive to become the boot OS so that a swap file can be added and a decent 2TB of storage (avoiding the problem a SDCard breaking from usage). The 3D graphics ability of the pi3bplus could also be used with that draw tool movim has. EDIT: I just replaced this comment because it had a typo. A "print-preview" icon would be cool so as to see how a comment on a post looks before finishing it.

  • chevron_right

    Contact publication

    Timothée Jaussoin · Sunday, 23 February, 2020 - 21:43

10 years ago I bought this 1Tb LaCie external hard drive to backup my files (the HDD is a Hitachi HCS5C1010CLA382). It only started to show some failures recently after being up 24/7 through all those years. It was connected to my RPi to handle all the home backups.

I choose to transfer everything to a new (but second-hand) Samsung T5 SSD. No need to use an extra power plug, the SSD only takes 0.4W. I hope that I'll be able to use it for another 10 years!

#hdd #ssd #hardware #backup
  • favorite

    5 Like

    Marco Cirillo , Look , Orbifx , ericbuijs , Marzanna

  • 1 Comments

  • 19 March, 2020 Look

    Recently I discovered an old 120GB WD from 2007 that still works! Some HDs really just keep going.

  • chevron_right

    Paul Schaub: Re: The Ecosystem is Moving

    Timothée Jaussoin · Tuesday, 31 December, 2019 - 08:16

A really nice response to Moxie Marlinspike conference 😃



  • reply chevron_right

    Paul Schaub: Re: The Ecosystem is Moving

    Moxie Marlinspike, the creator of Signal gave a talk at 36C3 on Saturday titled “The ecosystem is moving” . The Fahrplan description of that talk reads as follows: Considerations for distributed and decentralized technologies from the perspective of a product that many would like to see decentralize. Amongst an environment of enthusiasm for blockchain-based technologies, efforts to decentralize the internet, and tremendous investment in distributed systems, there has been relatively little product movement in this area from the mobile and consumer internet spaces. This is an exploration of challenges for distributed technologies, as well as some considerations for what they do and don’t provide, from the perspective of someone working on user-focused mobile communication. This also includes a look at how Signal addresses some of the same problems that decentralized and distributed technologies hope to solve. https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11086.html Basically the talk is a reiteration of some arguments from a blog post with the same title he posted back in 2016. In his presentation, Marlinspike basically states that federated systems have the issue of being frozen in time while centralized systems are flexible and easy to change. As an example, Marlinspike names HTTP/1.1, which was released in 1999 and on which we are stuck on ever since. While it is true, that a huge part of the internet is currently running on HTTP 1.0 and 1.1, one has to consider that its successor HTTP/2.0 was only released in 2015. 4 / 5 years are not a long time to update the entirety of the internet, especially if you consider the fact that the big browser vendors announced to only make their browsers work with HTTP/2.0 sites when they are TLS encrypted. Marlinspike then goes on listing 4 expectations that advocates of federated systems have, namely privacy, censorship resistance, availability and control. This is pretty accurate and matches my personal expectations pretty well. He then argues, that Signal as a centralized application can fulfill those expectations as well, if not better than a decentralized system. Privacy Privacy is often expected to be provided by the means of data ownership, says Marlinspike. As an example he mentions email. He argues that even though he is self-hosting his emails, “each and every mail has GMail at the other end”. I agree with this observation and think that this is a real problem. But the answer to this problem would logically be that we need to increase our efforts to change that by reducing the number of GMail accounts and increasing the number of self-hosted email servers, right? This is not really an argument for centralization, where each and every message is guaranteed to have the same service at the other end. I also agree with his opinion that a more effective tool to gain privacy is good encryption. He obviously brings the point that email encryption is unusable, (hinting to PGP probably), totally ignoring modern approaches to email encryption like autocrypt . Censorship resistance Federated systems are censorship resistant. At least that is the expectation that advocates of federated systems have. Every time a server gets blocked, the user just simply switches to another server. The issue that Marlinspike points out is, that every time this happens, the user loses his entire social graph. While this is and issue, there are solutions to this problem, one being nomadic identities . If some server goes down the user simply migrates to another server, taking his contacts with him. Hubzilla does this for example. There are also import/export features present in most services nowadays thanks to the GDPR. XMPP offers such a solution using XEP-0277 . But lets take a look at how Signal circumvents censorship according to Marlinspike. He proudly presents Domain Fronting as the solution. With domain fronting, the client connects to some big service which is costly to block for a censor and uses that as a proxy to connect to the actual server. While this appears to be a very elegant solution, Marlinspike conceals the fact that Google and Amazon pretty quickly intervened and stopped Signal from using their domains. With Google Cloud and AWS out of the picture, it seems that domain fronting as a censorship circumvention technique is now largely non-viable in the countries where Signal had enabled this feature. https://signal.org/blog/looking-back-on-the-front/ Notice that above quote was posted by Marlinspike himself more than one and a half years ago. Why exactly he brings this as an argument remains a mystery to me. And even if domain fronting was an effective way to circumvent censorship, it could also be applied to federated servers as well, adding an additional layer of protection instead of solely relying on it. But what if the censor is not a foreign nation, but instead the nation where your servers are located? What if the US decides to shutdown signal.org for some reason? No amount of domain fronting can protect you from police raiding your server center. Police confiscating each and every server of a federated system (or even a considerable fraction of it) on the other hand is unlikely. Availability This brings us nicely to the next point on the agenda, availability. If you have a centralized service than you want to move that centralized service into two different data centers. And the way you did that was by splitting the data up between those data centers and you just halved your availability, because the mean time between failures goes up since you have two different data centers which means that it is more likely to have an outage in one of those data centers in any given moment. Moxie Marlinspike in his 36c3 talk “The Ecosystem is Moving” For some reason Marlinspike confuses a decentralized system with a centralized , but distributed system. It even reads “Centralized Service” on his slides… Decentralization does not equal distribution. A federated system would obviously not be fault free, as servers naturally tend to go down, but an outage only causes a small fraction of the network to collapse, contrary to a total outage of centralized systems. There even are techniques to minimize the loss of functionality further, for example distributed chat rooms in the matrix protocol . Control The advocates argument of control says that if a service provider behaves undesirably, you simply switch to another service provider. Marlinspike rightfully asks the question how it then can be that many people still use Yahoo as their mail provider. Indeed that is a good question. I guess the only answer I can come up with is that most people probably don’t care enough about their email to make the switch. To be honest, email is kind of boring anyways XMPP Next Marlinspike talks about XMPP. He (rightfully) notes that due to XMPPs extensibility there is a morass of XEPs and that those don’t really feel consistent. The XMPP community already recognized the problem that comes with having that many XEPs and tries to solve this issue by introducing so called compliance suits. These are annually published documents that contain a list of XEPs that are considered vitally important for clients or servers. These suits act as maps that point a way through the XEP jungle. Next Marlinspike states that the XMPP protocol still fails to be a suitable option for mobile devices. This statement is plain wrong and was already debunked in a blog post by Daniel Gultsch back in 2016. Gultsch develops an XMPP client for Android which is totally usable and generally has lower battery consumption than Signal has. Conversations implements all of the XEPs listed in the compliance suits to be reuquired for mobile clients. This shows that implementing a decent mobile client for a federated system can be done and there is a recipe for it. What Marlinspike could have pointed out instead is that the XMPP community struggles to come up with a decent iOS client. That would have been a fair argument, but spreading FUD about the XMPP protocol as a whole is unfair and dishonest. Luckily the audience of the talk didn’t fully buy into Marlinspikes weaker arguments as demonstrated by some entertaining questions during the QA afterwards. What Marlinspike is right about though is that developing a federated system is harder than doing a centralized service. You as the developer have control over the whole system and subsequently over the users. However this is actually the reason why we, the community of decentralized systems and federated protocols do what we do. In the words of J.F. Kennedy, we do these things… …not because they are easy, but because they are hard…

    group_work PlanetJabber 29 December, 2019

  • favorite

    5 Like

    dumb bird , mirabilos , debacle , Marzanna , rydroid