Published: 2014-02-26 18:41:50 by Daniele Ricci

WARNING this post is outdated. Please refer to this page.

It's been some weeks since I've been able to use Kontalk XMPP from my notebook, using a custom Python script to remedy for the lack of client certificate authentication in Pidgin. The code was very ugly (it still is) and had hard-coded values.
So I decided to fix it a bit and release it in the public domain. You can find the script in the xmppserver repository (download link). You'll need Twisted to run it.

user@host:~/kontalk/xmppserver/test$ ./ssl_bridge.py -h
usage: ssl_bridge.py [-h] [-d] [-p PORT] --domain DOMAIN -c CERTIFICATE -k
                     PRIVATEKEY
                     address

An XMPP bridge for clients not supporting SSL client certificate
authentication.

positional arguments:
  address               forward connections to this host (host:port)

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug           enable debug output
  -p PORT, --port PORT  listen for local connections on this port (default:
                        5224)
  --domain DOMAIN       use this domain for stream initialization
  -c CERTIFICATE, --certificate CERTIFICATE
                        X.509 certificate file
  -k PRIVATEKEY, --privatekey PRIVATEKEY
                        X.509 private key file

ssl_bridge.py is basically a tunnel that masks the STARTTLS process by doing its own SSL handshake using a provided client certificate and private key.

The first thing you have to do is to export the client certificate and private key from your device. Of course you have to register to Kontalk first if you haven't done it yet. Open Kontalk, press menu > Settings > Export personal key. This will create four files on your SD card:

  • kontalk-login.crt
  • kontalk-login.key
  • kontalk-private.pgp
  • kontalk-public.pgp

Transfer the two highlighted files to your computer. Then you'll need to convert them to an appropriate format using the following commands:

openssl x509 -inform der -outform pem -in kontalk-login.crt -out kontalk-login.pem
openssl rsa -inform der -outform pem -in kontalk-login.key -out kontalk-login.rsa

Your certificate and private key are ready for use!

Start the SSL bridge script:

./ssl_bridge.py -p 5224 --domain kontalk.net -c kontalk-login.pem -k kontalk-login.rsa beta.kontalk.net:5222

This will start to listen on port 5224 which will be forwarded to beta.kontalk.net:5222 after STARTTLS have been negotiated.

Now it's time to configure your favourite XMPP client. We will take Pidgin as an example but the configuration is pretty much the same.
Create a new XMPP account using these parameters:

  • username: dummy (doesn't matter actually)
  • domain: kontalk.net
  • password: dummy (doesn't matter)
  • check Remember password
  • connection security: Use encryption if available
  • check Allow plaintext auth over unencrypted streams
  • connect port: 5224
  • connect server: localhost

And there you go!!! Connect your account and you will see buddies with strange codes. Those are your buddies hashed phone numbers. You'll have to recognize each one by talking to them, sorry. You can then rename your buddies accordingly, Pidgin will keep track of the names.

Please note that encrypted messages are not supported by Pidgin and you'll have to tell your buddies to disable encryption when they talk to you (you won't receive anything otherwise).
Also delivery confirmations are not supported, so your buddy will not see his/her messages confirmed. The only way to confirm them is to open Kontalk from Android. You will receive all the unconfirmed messages again and the app will confirm them.

The SSL bridge script is still not perfect, if you have any problem please report them to the Kontalk issue tracker.

Published: 2012-12-07 10:24:57 by Daniele Ricci

I've been using Gnome for a few years now. At the beginning there was Gnome 2, with its simplicity and lightness — even though lightness is only apparent, since Gnome is bloated with components and little daemons such as gvfs and the like. Then Gnome 3 came: the Gnome Shell. I tried Unity too, but I really preferred Gnome Shell to it because it allowed more customization and tweakability. And I was happy for a while.

Since the first day I installed Gnome Shell, it was quite slow on startup, much RAM was taken just by it being run, even if I have a good computer (4 GB RAM, 512 MB VRAM, i5 CPU). I didn't like the fact that something I was not using completely was sucking a relatively big portion of my computer memory.

Gnome 2 was not a viable option since it's not actively maintained any more — I know there are forks, but it's not the same.
So I started to seek for alternatives. Actually I did a very quick and superficial research, Xfce seemed to be a good compromise between lightweightness and number of features. It was a good alternative to Gnome 2: it has panels, a fully-capable file manager (integrated with gvfs too!), a settings application for the overall management of my desktop environment.

I'm used to Avant Window Navigator as my dock, so I left that on the bottom side of my desktop. I didn't need the activity screen, but I did need a good way of quickly starting applications and other stuff. I took Synapse for evaluation, it seems to do the job pretty well. I guess I'll stick to it for the moment.

There are indeed drawbacks by using an alternative desktop environment:

  • Many Nautilus extensions (e.g. Dropbox, Sparkleshare) don't have their Thunar counterpart
  • Evolution calendar applet is not as efficient as the Xfce one (I miss the international clock and weather even on Gnome Shell)

About the calendar applet: Xfce panel has support only for Gnome applets based on Bonobo (that is, very old ones), so it would be a problem to install it because I would have to use an old version of the applet; even if I was actually able to use a newer one, there are dependency issues because of some Gnome 2 libraries deprecated versions.

Other than that, I'm quite happy with Xfce and I guess it will be my desktop environment from now on — until something changes in the Gnome family.