Ask HN: What should replace XMPP?
Let's assume for the sake of discussion that XMPP has died or is at least on its last legs. What could we learn from XMPP that would help us find its replacement?
There are a few key questions that need answering. What did XMPP do right and could be copied? Why did so many big players ditch XMPP? What would it take to get big players to adopt it? What are the existing resources for creating protocols similar to XMPP? Is it possible to simplify a chat protocol or is it complex in nature?
I briefly tried working on an existing XMPP server implementation but found the protocol and all the extension overbearing and very hard to grok.
58 comments
[ 4.4 ms ] story [ 138 ms ] threadThat's also something all the other established players haven't solved, so it would be a great advantage to get users.
* Federated
* Fault-tolerant
* Cryptographic attestations of messages
[1] https://github.com/ruma
But XMPP isn't dead (and doesn't have to be). New interesting XEPs are being working on:
Is it possible for XMPP to make a major come back without their support? Would big players ever come back or are they too concerned with walled gardens?
They are in XML to avoid naming clash, and they do that well. I haven't really seen a different mechanic to solve that problem.
I run my XMPP server, and IRC bouncer (weechat in relay mode) + a few other misc things all off a $5 VPS.
But you don't need good specs. I used to run prosody off a microcontroller at home; I only moved to a VPS cause my net connection wasn't stable.
XMPP as it stands provides a good test bed to find out what the minimum requirements are.
Even if you don't have full compatibility between 2 given clients; it's a hell of a lot more than two completely different protocols.
> - Federation is good
I think it actually isn't. You're locked in to one server with your account. The server might shut down totally. The server might shut down federation (just like google did). Registering is another step hindering usage, Peer to Peer should be the way to go.
There are two things you need servers for: collecting messages while you're offline and later pushing them to you, having a registration service for a nickname.
At least the first one doesn't require accounts to be bound to servers at all. A model could be that message bouncing servers are run by the app developers. Friends computers that are running could act as bouncers.
Which brings me to xmpp addresses. They're there to be able to initiate contact with someone you haven't contacted before. Nobody is using the username scheme anymore, because it really sucks. Facebook uses a) real names, where you can search somebody with the real name and more importantly uses b) the friends of your friends in suggesting who you could add. You can easily implement the latter feature also for p2p messenger protocols. Other messengers often use other verified usernames like phone numbers, that users already have in their contact book. I don't see how this is possible for a p2p messenger protocol.
> In the modern world, people are afraid of XML
It's just mapping very badly to native data structures in any programming language except xslt. This makes working with XML lots of work. Sometimes this is justified, as XML is a really good fit for the data structure of the document. That's generally the case when you have some text with markup, like HTML or for word processor files. Otherwise it's just an unneeded strain on developers.
Any files, pictures, voice, real-time streams (jingle) are all known extensions of xmpp/jabber. I'm not sure what you mean by "don't work".
> What XMPP did right:
> - Any chat protocol must be extendable
That is a theoretically desirable technical property, but there is a strong argument to be made that extensibility, and the interoperability issues that result, is the Achilles heel of XMPP.
Of course, there is risk the other way around too: by over-specifying, you constrain your use cases, which may hurt adoption.
I'm skeptical that there will (or should) ever be "one protocol to rule them all." There is such a diversity of use-cases, anything that delegates its raison d'etre across multiple specs is going to encounter the same flavor of problems that XMPP has.
> - Federation is good
Definitely another desirable property. Unfortunately, the choice whether or not to federate is often a policy decision, not a technical one. And those policy decisions are not always made simply to keep users siloed: there can be a sound technical basis for them. For example, to mitigate abuse, to immediately extend the service with new features, and to have end-to-end control of user experience without concern for interoperability. Interoperability with arbitrary network elements is often the most frustrating and most expensive part of standards implementation.
For federation to be taken as the default, you need critical mass, and no single IM service has ever achieved critical mass. While it would certainly be nice to have IM standardized like E-mail, telephone calls or IPv4, that comes at the cost of glacial progress forward, and you will be stuck supporting the lowest common denominator for a long time. So there will always be operators trying to short-circuit that baggage by introducing new (and often proprietary) services. The problems of standardization (or lack thereof), in their broadest strokes, are never going away.
> What could have been better
> - Regular users don't want to run their own server
> - Logging/history is important
Those seem like implementation details and not anything intrinsic to the protocol.
> Of course, there is risk the other way around too: by over-specifying, you constrain your use cases, which may hurt adoption.
IMO anything that doesn't have extensibility built in, will gain it after the fact whether you want it or not.
Better to have clear deliniation of duties and a standards body than a hodge-podge of uninteroperable things.
XMPP has both in spades -- that's where the theory doesn't meet the reality. And XMPP is hardly alone; this is a chronic issue with messaging, because the problem space is so ill-defined.
The most successful protocols have been extremely focused in scope. IPv4 is essentially unchanged from RFC 791. TCP has a very carefully curated set of options that has stayed small. For ~15 years, RFC 2616 was the only spec you needed for HTTP. Notice the layering here -- those protocols don't try to be everything for everyone, unlike XMPP's catch-all design.
Looking forward: metadata protection. This is a much more difficult-to-solve problem, but existing tools such as Tor are partially successful.
Edit: metadata protection, I mean. I'm not disputing the need for encryption.
Strong end-to-end encryption with perfect forward secrecy should be mandatory. Deniable authentication (https://en.wikipedia.org/wiki/Deniable_authentication), however, seems like a potentially interesting option but not one that the protocol should mandate. Sometimes you do want authentication that remains valid after the conversation ends, so you can subsequently authenticate the messages in it.
XML is amenable to extensibility, with its innate namespacing features. But this also made it difficult for beginners to use well and was easy to get wrong. The XML decision was really just a consequence of the times in which it was developed. It was a natural choice. If it were done again, it would be REST-based and use JSON as the data format.
I think to do it right, you have to build a company around it, and build it in the open. Also, no one is going to jump on a protocol just because it's open. It has to be built around a service which is compelling in its own right, and gains user traction regardless of the protocol. Geeks can get it going, but it has to be self sustaining.
I'd definitely recommend it. This is a problem I've had multiple stabs at, but I finally feel like I've got a long-term solution now. But yeah, no federation, etc. My need is single-site realtime chat.
Tox - because fully decentralized & encrypted
SIP - because rock solid for voice & video
Chat & IM is not the web. It shouldn't be running on HTTP with HTTP APIs.
Also SIP is horrible.
Any day now...
https://en.wikipedia.org/wiki/BEEP
What advantage did it have? Unless someone is sniffing unencrypted XMPP packets and finds that XML readability handy, I don't really see the point. And that's an edge case. Not to mention XML's main advantage over many other formats is having hierarchical relationships--but how does that help in a chat protocol?
I'm sure someone could very well have counter points to the above, but those are the things off the top of my head that made me question why XML was the top choice here for an IM protocol.
Extendability. Transporting Messages in other messages. Transporting hierarchical data instead of only text.
- Local Federation is great, but Global Federation doesn't benefit the big players
- Extensibility is great for domain-specific problems, but it leads to more fragmentation
- It tried to handle data streaming, but it's inherently suboptimal at it
I mean, it was a great protocol to explore the IM design space, but it was bound to be replaced once we clarified our needs (for the most part, multiple devices and media streaming).
As a side note, I often get showerthoughts about mixing IM and blockchain techs. I'm not sure where that would lead us.
There were 2 main reasons in the end:
- No way to log all messages sent to a database so that users could retrieve them on subsequent logins - No way to edit/delete messages, especially in multi-user chats.
Maybe these things are possible, but I couldn't find how to do it. Now, with socket IO on nodejs, I have a < 400 line chat server with DB integration that is much more suitable for my needs.
I guess XMPP's focus was too narrow.
This is what MAM does.
[1] https://blog.process-one.net/ejabberd-15-06/ [2] https://play.google.com/store/apps/details?id=eu.siacs.conve...
We are for decentralization, the extension of the protocol, but without harm for the users.
For web and native clients use thin client connecting to the server via websocket and CBOR. Why not JSON? This allows you not to have problems with sending binary files unlike XMPP.
Also thinking about using WebRTC for the transmission of all messages, files and audio/video, but today WebRTC is not supported everywhere.
The server has the ability to transport other protocols.
[0] https://developers.google.com/protocol-buffers/
[1] https://google.github.io/flatbuffers/