Toots for daniel@gultsch.social account

Written by Daniel Gultsch on 2025-01-21 at 18:38

Personally, I don’t think the impact of the "which Cloudflare server is this Signal user closest to" attack is that bad. However, it highlights yet another quirky side effect of #Signal being built on cloud infrastructure.

https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/ (by @404mediaco, paywall)

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 (original post)

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-19 at 12:45

I love open source, and I want young people to know there’s a career path outside of #FAANG. Open source can be financially sustainable—it just gets super hard if one of your key goals is making your investors even richer. #Conversations_im is about the same age as #Matrix. I never took VC funding, and I’m doing fine.

[#]OpenSource

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-18 at 15:02

The Matrix.org/Element saga isn’t about sustaining Open Source development—it’s a tale of venture capital and corporate greed playing out exactly as foretold.

[#]Matrix

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-14 at 14:29

11 years into the development of #Conversations_im, I’m still working to enhance its security. Most recently, I’ve added support for XEP-0474: SASL SCRAM Downgrade Protection.

To take advantage of our continued commitment to security, make sure to:

· Use Conversations rather than a (soon-to-be-abandoned) fork

· Install Conversations through a source that provides automatic updates (F-Droid for Android 12+ or Google Play)

[#]XMPP

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-13 at 16:29

Statt mehr Milei oder Musk könnte Deutschland ja auch mal mehr Lina Khan wagen.

Monopole zerschlagen und Wettbewerb fördern – das müsste doch eigentlich ein Kernthema für eine liberale Partei wie die #FDP sein.

https://www.youtube.com/watch?v=enHn9R_T2R8

[#]BTW25

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-12 at 14:50

Gerade ein sehr angenehmes Interview von Tilo Jung mit Jan van Aken zu Ende gehört.

Bei dem, was Jan van Aken über Wirtschafts-, Sozial- und Verkehrspolitik zu sagen hat, gibt es von mir ja viel Zustimmung.

Ich würde mir wünschen, @dielinke hätte mehr Bewusstsein dafür, dass, wenn ein Autokrat in ein wehrloses Europa einfällt, wir die ganze schöne Sozialpolitik auch nicht mehr umsetzen können.

https://www.youtube.com/watch?v=ls0tBHgy_xI

[#]BTW25

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-12 at 07:48

One of the most important things I consider when choosing a social media platform is whether people can read what I post without being nagged or forced to create an account. For many of my friends who don’t really care about #Mastodon, https://gultsch.social is just a website they can drop by occasionally to see what I’m up to.

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2025-01-08 at 09:25

Just over three weeks remain until the 27th #XMPP Summit takes place in Brussels. If you’re planning to attend but haven’t registered yet, please make sure to add your name to the wiki by the end of this week: https://wiki.xmpp.org/web/Conferences/Summit_27

If you’re an XMPP developer or spec author and weren’t planning to attend, I’d strongly encourage you to reconsider

For those who can’t make it to Brussels but will be in Berlin on Wednesday, February 12th, we’ll be discussing the Summit at that week’s XMPP Meetup

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-26 at 13:56

If you run a public #XMPP server can you look up what percentage of connected clients are Blabber? I’m wondering if the 15% reported by jabberfr.org is a weird outlier. On our server (conversations.im) the number is closer to 4-5% but we are obviously biased towards Conversations users.

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-26 at 08:56

The same security issue is likely to be found in some of the crazier forks of Conversations like c0nnect. As mentioned earlier¹ I’ve reached out to the developers a month ago and they didn’t care.

¹: https://gultsch.social/@daniel/113521011923491030

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-26 at 08:52

[#]Conversations_im and #BlabberIm traditionally had compatible backup formats. However the backup format has changed in the two years since Blabber has been abandoned. To migrate to Conversations and keep your history do the following:

· Create Backup on Blabber

· Install version 2.12.7 of Conversations from F-Droid and restore backup. Do not activate the account!

· Upgrade to latest Conversations.

· Optionally: Create another backup and migrate to the Play Store version.

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-26 at 08:45

⚠️ 🚨 It’s time to stop using Blabber.im 🚨⚠️

The abandoned fork of #Conversations_im has a critical security issue: attackers can bypass STARTTLS negotiation, resulting in an unencrypted connection to a fake server. This vulnerability is similar to the STARTLS attack discovered in various email clients¹

✅ Fixed in Conversations 2.13.1 (Feb 2024)

📢 Please migrate to Conversations immediately! It's free on Google Play until the end of the year and always free on #fdroid

¹: https://archive.fosdem.org/2024/schedule/event/fosdem-2024-2179--protocols-security-of-starttls-in-the-e-mail-context/

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-24 at 10:26

Continuing a decade-long tradition #Conversations_im is currently available for free on Google Play.

https://play.google.com/store/apps/details?id=eu.siacs.conversations

Merry Christmas 🎄 Happy Holidays ☃️ and have fun at #38C3

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-23 at 17:02

Did you know that you can configure custom notification sounds per contact or group chat in #Conversations_im?

Apparently not many people knew that so the next version will make, what essentially is a native Android feature, easier to access via the overflow menu of contact or group chat details.

https://gultsch.video/w/8wZSkoad1bv4VHmuSPZWsV

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-09 at 15:18

It is pretty cool that #Conversations_im sales have been paying my rent for the last 10 years.

Not everything needs to be a subscription.

[#]XMPP #OpenSource

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-12-06 at 13:48

After the next #Conversations_im update have a look at our new Chat Bubble Settings. We are now providing a few customization options that, among other things, allow you to render all message bubbles left aligned.

In combination with the setting that turns off the background color, this is relatively close to what Dino or other team messengers look like.

=> View attached media | View attached media | View attached media

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-11-29 at 13:43

In 2015 I spent a couple of weeks in Singapore and I still remember sitting at a café and implementing the feature that merges multiple messages into the same bubble.

Today this feature has been removed from #Conversations_im in favor of moving the bubbles closer together. This gives better control over per messages actions such as sharing, quoting or adding a reaction.

=> View attached media

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-11-28 at 09:17

I’m slowing starting to think about what a 10 year anniversary update to my "The State of Mobile XMPP in 2016"¹ would look like.

It’s interesting what parts of the article are still relevant today (mostly how push works and how that impacts battery drain) while other parts are seemingly irrelevant. Yes, #XMPP works on mobile phones. Obviously. That’s how the overwhelming majority (⅔) of users uses XMPP².

¹: https://gultsch.de/xmpp_2016.html

²: https://stats.jabberfr.org/d/000000002/jabberfr?orgId=1&refresh=1m&viewPanel=32

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-11-26 at 11:29

I installed #Signal and #Conversations_im on a clean install of #GrapheneOS on my Pixel 4a and measured the battery impact. The results are shocking!

Both messengers had only one contact: my regular phone.

I used my regular phone to send messages to the Pixel 4a (which was not used for anything else over the course of the experiment).

I always sent the same message via Signal and #XMPP (mixing up which app went first). In total I sent ~32 messages in intervals of 10mins to a few hours.

=> View attached media

=> More informations about this toot | View the thread

Written by Daniel Gultsch on 2024-11-24 at 08:45

I love me Kindle Paperwhite. I bought it 6 years ago for under 80 Euro and I'm getting so much value out of it. 😍

Unfortunately it and my Di2 charger are the last remaining items in my possession that use Micro USB. 😡

=> View attached media

=> More informations about this toot | View the thread

=> This profile with reblog | Go to daniel@gultsch.social account