close
  • Mo chevron_right

    Movim 0.17 – Catalina

    Timothée Jaussoin · pubsub.movim.eu / Movim · Friday, 14 February - 14:58 edit · 2 minutes

Here comes a new exciting Movim release. Two months after Cesco, here comes Catalina.

In this releases, many fixes but also some nice new features, both for the social and messaging sections of Movim.

New features

Global chatroom search

From the chatrooms widget, you can now directly search rooms globaly and join them in a click. This new feature relies on the search.jabber.network service, that is also implemented in Conversations and Gajim.

Global search

New design for the XMPP forms

The XMPP forms handling and display has been fully redesigned. With nice icons and proper labels it will now be simpler to configure Communities, chatrooms and other XMPP items.

XMPP Form redesigned

Disable social features

Pod admins can now disable all the social features in one click in the admin panel. This is useful for those that only wants to use Movim as a chat frontend for their XMPP services.

Messages retractation

After ConverseJS Movim is the second XMPP client that implements the message retractation feature. This allow you to delete any published messages from the history. Be careful, this only works if the contact is also using a compatible client.

Retracted message

New night theme colors and design adjustments

Some small design adjustments were made to improve user experience. Some useless paddings were also removed to give more space to the content (like around the chat bubbles).

The night theme is now having darker, bluer colors, strongly inspired by the Aritim-Dark KDE/GTK theme.

New dark theme

Fixes and improvements

Beside those changes, many things were fixed in this release, regarding chatroom presences handling, notification counters or complex JID handling (especially if you're using transport services such as IRC or Telegram).

But the biggest internal change was to bring a new request type to the frontend. Now the current Movim UI (HTML + Javascript + CSS) can request the backend in 3 different ways regarding the usage.

  1. Pure WebSocket requests: the request and the response are not linked together. This is the default case for the Movim requests.
  2. Ajax requests to the daemon: this is useful when the UI needs to know if the message was handled by the server (useful when you publish articles or send chat messages) and if those messages needs to be processed by the daemon (to trigger XMPP requests for example)
  3. And, since this version, some good ol' pure Ajax requests. They directly requests the HTTP backend, without even touching the daemon internaly. This is useful to load pieces of the UI and allows parallelisation. With this changes you'll see that parts of the UI (especially on the chat page) are now loaded way faster, without disturbing the daemon.

Requests

What's next?

In the upcoming weeks we're planning to do some maintenance on the XMPP services. Add some new features and do some administration. On Movim side, nothing really planned for now.

That's all folks!

#movim #ajax #http #release #xmpp

  • image
  • favorite

    7 Like

    ericbuijs , debacle , Angelica , DebXWoody , Adrien Dorsaz , Christian Gimenez , arie

  • 2 Comments

  • person

    16 February mathias poujol-rost ✅

    Thanks for the improvements.

  • 16 February Timothée Jaussoin

    You're welcome SMILING FACE WITH OPEN MOUTH

  • Ar chevron_right

    Ring patches total lack of password security during setup

    news.movim.eu / ArsTechnica · Friday, 8 November - 15:59 · 1 minute

Ring

Enlarge / Ring's configuration app sent Wi-Fi setup information unencrypted to some doorbell devices, exposing customers' home networks. (credit: Smith Collection/Gado / Getty Images)

Ring has pushed out a fix to a security issue in the configuration code for its Internet-connected home security products. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras' software that made it possible for wireless eavesdroppers to grab the Wi-Fi credentials of customers during the device's setup—because those credentials were sent over an unsecured Wi-Fi connection to the device using unencrypted HTTP.

In a report on the bug issued yesterday as part of a coordinated disclosure with Ring, Bitdefender researchers explained that when customers configured a Ring Video Doorbell Pro out of the box:

…the smartphone app [for Ring] must send the wireless network credentials. When entering configuration mode, the device creates an access point without a password (the SSID contains the last three bytes from the MAC address). Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network. All these exchanges are performed through plain HTTP. This means the credentials are exposed to any nearby eavesdroppers.

An attacker could take advantage of this bug by forcing a victim to reconfigure the doorbell. The attacker could use a Wi-Fi deauthorization ("deauth") attack against the device to make it re-enter configuration mode and could use a malicious Wi-Fi device to make the Ring doorbell drop off its network.

Read 3 remaining paragraphs | Comments

index?i=af_7pKjtj90:55_GZpFhzzQ:V_sGLiPBpWUindex?i=af_7pKjtj90:55_GZpFhzzQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA