Google Hangouts and XMPP

Hands on with Hangouts, Google’s new text and video chat architecture | Ars Technica

The announcement of the improved Google Hangouts the other day worried many of us who use Google Talk (through third-party clients like Adium). Were they completely killing Jabber/XMPP? I tested some this morning, and found that I can chat between Hangouts and Adium. Then I found this article, which explains in a little more detail what’s going on:

There’s some bad news that comes with the new Hangout architecture, at least for others who want to have interoperability with Google chat users on the server side via XMPP. Google will not allow server-to-server connections. Chee Chew said that “we haven’t seen significant uptake” in federation with Google Talk via server-to-server connections. The majority of the uptake Google did see was from organizations or individuals looking to bombard Google Talk users with chat spam, Chew said. As a result, server-to-server XMPP has been left out of the consolidated Hangout environment.

That means that users of Jabber, OpenFire, and other open-source XMPP-based instant messaging servers won’t be able to tie into Hangouts through their own systems and will have to have separate Google credentials to chat with Google users. But it doesn’t mean that Google has euthanized XMPP completely, as some have reported.

The good news is that Hangouts will still support client-to-server connections via XMPP, though only for one-to-one text chat. That means that Web and client-side chat applications that have used XMPP to connect to Google Talk will still be able to see presence information about their contacts in Google+ and chat with them via text in Hangouts.

So the grand, federated world where all kinds of chat services interoperated is dead. At least, it’s not happening through google. Which I think we knew anyway — I think they killed at least some degree of XMPP federation some time ago. And I’m not sure anyone ever really tried to make it work anyway.

Shame, though, that these companies can’t just try to get along. Remember when Apple promised that FaceTime would be an open, interporable standard?

Use bcrypt

How To Safely Store A Password | codahale.com.

This is a few years old, but worth reposting, as the question comes up regularly (like it did a couple minutes ago in my Twitter stream). The goal, it reminds us, is to pick an algorithm that’s “slow as hell”:

So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I’d be cracking them every 12 years or so.

Note also that scrypt and PBKDF2 are generally recognized as valid substitutes, as the basic logic of this post still applies to those algorithms.

Recovering iPhone Restrictions Passcode

How to Recover Forgotten iPhone Restrictions Passcode | The iPhone and iPad Blog.

Interesting find.

Look for the file called com.apple.springboard.plist and open it in Property List Editor.

The file should have a key titled SBParentalControlsPin and the Value for this item is exactly what we were looking for. Our missing 4 digit Restrictions Passcode.

To carry off this hack, you need to be using unencrypted backups of the device (otherwise, you won’t be able to read the file). Or, naturally, it’s very easy if you have a jailbroken device.

Social Share Privacy

A nice way to take back some control over unintential browser history leakage:

More and more websites use like-buttons from Facebook, Google+ and Twitter. However, these buttons send information to these social networks even if the user doesn’t click them, but even if they are just present on a webpage. This way these networks are able to track which websites users are visiting and are able to build fairly complete browser histories of their users. Because this is neither what a user might expect nor what many website operators that embed like-buttons want, this alternative way of using these social services was developed.

Though one wonders why this sort of feature isn’t built-in to browsers to begin with.