SamePlace 0.7

Version 0.7 of SamePlace, the instant messaging client for Firefox, Flock and Thunderbird, is available.

It’s late over here, and I’m still on the lookout for subtle transition issues (who said that writing code is the hard part? Release engineers get all my respect…), so I hope you’ll forgive me if I spend some more lines at the server’s console and fewer blogging.

Packages are in the download section. In a few hours I’ll flip the switches to enable automatic update for those who are running release candidate or old stable. Uploads to addons.mozilla.org will follow shortly.

If you find any problems, post to the forum/mailing list or drop by the users’ chatroom (access it via Jabber or on the web). If you like SamePlace, consider supporting it; there’s no “Donate” button, but there are many equally precious things you can do: suggest features, report bugs, spread the word, tinker with the code.

Enjoy!

Share

Grep the web with Fresno: a command line for Firefox

Ben from Simile points me to Fresno, a tool that connects to a MozRepl-equipped Firefox and drives it from the command line.

Fresno can make a running Firefox navigate to URLs, load JavaScript files, and execute JavaScript commands. It keeps the browser as the execution context or changes it to the currently loaded web page or arbitrary objects. This example from the documentation retrieves links from a web page:


  % ./fresno -p http://simile.mit.edu/ -c \
    -j "document.getElementById('slideshow').innerHTML" \
    | grep href
            <div class="title"><a href="semantic-bank/">Semantic Bank</a></div>
            <div class="title"><a href="gadget/">Gadget</a></div>
            <div class="title"><a href="welkin/">Welkin</a></div>

            <div class="title"><a href="timeline/">Timeline</a></div>
            <div class="title"><a href="referee/">Referee</a></div>
            <div class="title"><a href="babel/">Babel</a></div>

            <div class="title"><a href="exhibit/">Exhibit</a></div>
            <div class="title"><a href="appalachian/">Appalachian</a></div>

I’m pleased to report that, despite being surrounded by nothing else than ink-black X terminals, the little red panda is starting to feel very much at home on my Unix desktop.

Update 2007-07-04: ZIGOROu also points me to his MozRepl Perl module!

Share

SamePlace: new site and release candidate available

After many, many weeks of “should be ready real soon now”, the new SamePlace web site and a release candidate of SamePlace Suite 0.7 are available.

The first thing you’ll probably notice about both is the user interface. Most of the merit for it goes to Andrea Cuius. I’ll talk more about this and the numerous other changes that happened under the hood in the release notes for 0.7.

If you find any glitch or problem in the release candidate, please take a moment to join the users’ chatroom (via web or via jabber) and tell me, or leave a message on the forum, or even file a bug.

Notice to feed subscribers: SamePlace-related announcements will be cross-posted on the usual section of the hyperstruct blog and on the SamePlace blog for a few weeks, then will move to the SamePlace blog. (I’ve also backported some past articles from the former to the latter.) Articles about the programming side of SamePlace will stay on the hyperstruct blog.

Enjoy!

Share

Literal XML in Erlang with parse_transform/2

One of the things I dislike about Erlang is that it severely impairs bragging opportunities. Yesterday I wrote a module that allows writing literal XML in the source and have it parsed into Erlang structures at compile time—sort of like E4X minus the manipulation goodies at runtime (at least for now).

You write:


Doc = '<greeting>Hello!</greeting>',
io:format("~p~n", [Doc]).

And it prints…


{xmlElement,greeting,
            greeting,
            [],
            {xmlNamespace,[],[]},
            [],
            1,
            [],
            [{xmlText,[{greeting,1}],1,[],"Hello!",text}],
            [],
            "/tmp",
            undeclared}

In most languages I’m familiar with, this would have granted the author instant Yacc-demigod status. With Erlang… it was less than 40 LOC. Hardly something you’d wear at a party.

Anyway, this code owes everything to Philip’s writings. It also uses parse_transform/2, and “programmers are strongly advised not to engage in parse transformations and no support is offered for problems encountered”. So unless you, like me, are still at the kid-in-a-candy-shop stage of Erlang experience, think twice before using this in production, ok?

The code is here.

Share

Installing the StartCom SSL certificate in ejabberd

The XMPP Software Foundation established an intermediate certification authority with StartCom. If you run a public federated XMPP server, in order to provide secure communication, you no longer need to buy an SSL certificate (or resort to a self-signed certificate): simply register an account at http://www.xmpp.net and follow the certificate request process.

At least up to ejabberd 1.1.2 1.1.4, however, there is an extra step which involves patching a file and recompiling. (Update: the patching step is no longer required in ejabberd 2.0.0.)

Here is the complete procedure I followed.

After the certificate request process, you should have these files:

Decode ssl.key. openssl will ask you for a password, provide the one you gave during the certificate request process:


$ openssl rsa -in ssl.key -out ssl.key

Concatenate your server’s certificate plus key and the intermediate certificate into a single file:


cat ssl.crt ssl.key sub.class1.xmpp.ca.crt >ejabberd.pem


Place the resulting file where the ejabberd server is able to access it.

On Debian:


chown ejabberd.ejabberd ejabberd.pem
chmod 400 ejabberd.pem
mv ejabberd.pem /etc/ejabberd

Configure ejabberd.cfg:


% Ordinary client-2-server service
 [{5222, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            starttls, {certfile, "/etc/ejabberd/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

% SSL-enabled client-2-server service
  {5223, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

% [...]

% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.

Restart the server.

At this point, the certificate is installed but ejabberd is not presenting it correctly. If you run the following:


openssl s_client -connect your.server.org:5223 -CAfile /path/to/ca.crt

You will get an incomplete certificate chain:


[...]
verify error:num=21:unable to verify the first certificate
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=Your State/L=Your Location/O=Your Name/OU=Domain validated only/CN=your@server.org/emailAddress=hostmaster@server.org
   i:/C=US/ST=Colorado/O=Jabber Software Foundation/OU=Secure Certificate Signing/CN=StartCom Class 1 Intermediate CA - Jabber Software Foundation/emailAddress=certmaster@jabber.org
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]

To fix it, you have to apply a small patch. Start by downloading ejabberd source.

On Debian:


apt-get source ejabberd

Now you could grab the patch from the ejabberd bug tracker and use the “patch” tool to apply it, however as of ejabberd 1.1.2 line numbers have shifted and it won’t apply cleanly. Since it’s a one-liner, just open the file src/tls/tls_drv.c and locate the following line:


res = SSL_CTX_use_certificate_file(d->ctx, buf, SSL_FILETYPE_PEM);

Replace it with the following:


res = SSL_CTX_use_certificate_chain_file(d->ctx, buf);

To compile it, either go to the src/ directory and type:


make

Or, on Debian, generate a new package:


fakeroot dpkg-buildpackage -uc -nc

Reinstall, and you’re done.

To verify that it’s working, run again:


$ openssl s_client -connect sameplace.cc:5223 -CAfile /path/to/ca.crt

This time you should get:


[...]
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=Your State/L=Your Location/O=Your Name/OU=Domain validated only/CN=your@server.org/emailAddress=hostmaster@server.org
   i:/C=US/ST=Colorado/O=Jabber Software Foundation/OU=Secure Certificate Signing/CN=StartCom Class 1 Intermediate CA - Jabber Software Foundation/emailAddress=certmaster@jabber.org
 1 s:/C=US/ST=Colorado/O=Jabber Software Foundation/OU=Secure Certificate Signing/CN=StartCom Class 1 Intermediate CA - Jabber Software Foundation/emailAddress=certmaster@jabber.org
   i:/C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]

Which is a complete certificate chain and openssl is able to verify it against the root certificate.

Share