Hubzilla development: The Zot communication and authentication protocol

hzkick | tobias
 between a webserver and a browser 
Mike MacgirvinMike Macgirvin wrote the following post Thu, 08 Feb 2018 05:00:52 +0100
Finally got a chance to spend a bit more time on zot6, which has been languishing for a couple of months while I've been tied up with federation nits and registration workflows and people who can't figure out how to send email. Anyway, today I got two zot6 sites to communicate with each other and the delivery performance is pretty awesome.

In a nutshell, we're using OpenWebAuth on send to avoid a verification callback. We don't really have to verify the receiver since private messages are technically encrypted twice. Ergo, it shouldn't really matter if they get MITM'd - they still can't read the message or see anything in the metadata. I still have one additional step to encrypt the HTTPSignature - as it can leak metadata about the sender. (The folks writing specs never think of these things.) Once that's done I'll start hammering on it to try and break it, but otherwise start migrating it into the mainline code.

It basically doubles delivery performance on both ends of the connection. It will fall back to doing it the slow way, and will work all the way back to ancient redmatrix installs; but if you're using anything less than Hubzilla 3.0.1 you're being put on notice. Please upgrade.
How I learned to love the Affinity Slider

hzkick | tobias
 between a webserver and a browser last edited: Fri, 02 Feb 2018 02:59:12 +0100  
The Affinity Slider is a rather unusual but powerful sorting tool that I have not yet seen in other web applications. It took me years to finally find a use case for myself but now that I found one I believe it might be so powerful, it could be a solution to some things I always wanted to do but did not know how. Yet another example of "Hubzilla already has it, can do."
The Affinity Slider first needs to be enabled for your channel via "Additional Feature Settings / Network And Stream Filtering". /settings/features . Then you will see it on the top of your network page /network . The idea behind it: You can give each of your connections /connections an Affinity Value and then use the left and right buttons of your Affinity Slider to filter your visible stream. Don't be confused that the Affinity Slider comes with a scale of "Family" "Friends" "Acquaintances" "Me", these are just some basic descriptions. You can just filter anything, I am using it to filter RSS feeds, which currently live in a dedicated channel, which I am using as my private Hubzilla powered RSS feed reader.
The individual RSS feeds are sorted into individual Privacy Groups, such as News, IT, Music. Then there is the group "News Linux", which holds the feeds from,


Now I have given Pro Linux an affinity value of 20, Linux Daily a value of 40 andLinux.con a value of 60.
As a result I can use the Affinity Slider to narrow down, which of those feeds inside that privacy group I want to see. I could as well filter my "All channels" network feed, holding all ca. 50 connected feeds, but I went for the additional sorting tool of thematic grouping.
All in all I have now discovered the Affinity Slider as quite a useful tool. Combined with the selection power of privacy groups I am sure I will change how I use some of my channels, maybe even consolidate several into one.
There is one caveat left to mention, though: On mobile those two handlers are a little bit difficult to grab, but with some practice I found it workable anyway.  It's a great feature that I have grown to love. The basic wording and handling could need a little bit of UI/UX love, but it is usable for sure.
Hubzilla development visualized

hzkick | tobias
 between a webserver and a browser 
hzkick | tobias
 between a webserver and a browser 
Mario VavtiMario Vavti wrote the following post Sun, 14 Jan 2018 08:01:07 +0100
Hubzilla 3.0.1 Bugfix Release
  • fix remote authentication for reinstalled sites - github issue #953

This is an urgent fix. Please update your site ASAP.

@Hubzilla Announcements+ @Hubzilla Support Forum+
Out now: Hubzilla 3.0

hzkick | tobias
 between a webserver and a browser 
Mario VavtiMario Vavti wrote the following post Tue, 09 Jan 2018 09:57:06 +0100
Hubzilla 3.0 Released!
This release is dedicated to the memory of Tony Baldwin a.k.a. Tazman, a Friendica/Redmatrix/Hubzilla enthusiast and contributor, who passed away last week.

Before pointing out the notable changes in the 3.0 release, here is a summary of what we accomplished during the version 2 release cycle (2017). We released 4 shiny Hubzilla versions with about 3101 commits from 21 contributors. The main focus was on:

  • CalDAV/CardDAV integration
    In Q1 2017, we made a strong effort to merge CalDAV and CardDAV into Hubzilla as a native interface. This would allow easy federation with events and contacts amongst hundreds/thousands of existing utilities. Significant progress was made (and this led to several new features) but the effort stalled around March. We were not (at the time) able to resolve serious incompatibilities with nomadic identity, access control, server-to-server authentication, and rich-text support. Significant progress was made in all of these areas over the remaining course of the year however, and this integration effort is expected to resume in early 2018.
  • Consolidation of server roles
    Server roles were removed/merged early in the year. These were initially provided to solve incompatibilities between nomadic identity and external network federation (such as Diaspora, GNU-Social, and later Mastodon). The incompatibilities still exist. It was decided that network federation should be available to anybody who wants it; and they can decide how important channel backup and live mirroring is to them personally. If a hub administrator wishes to make that decision at a site level, they can do so by not installing the external network addons.
  • Communication protocols
    Once a resolution was reached regarding Server Roles, work proceeded in earnest upgrading and extending the external network protocol addons (Diaspora, OStatus, and later the emergent ActivityPub protocol). Each of these underwent huge development efforts. The Diaspora protocol was completely upgraded to the "new protocol". Ostatus was extended to provide better compatibility with Mastodon and "conversation fetching" added to solve known issues with the OStatus delivery model. We had one of (if not) the first available working implementations of the ActivityPub protocol some time in June or July. It wasn't officially released until Q3 2017, which was a couple of months after the first official Mastodon ActivityPub release.
    Our primary protocol (zot) has been in use for over five years. While still being well suited to its task, is starting to show signs of age. In 2016 it underwent a number of crypto improvements to help 'future-proof' it. Work began on Zot/6 in Q3 2017 to bring it up to the present state of the art. This work is ongoing and the full benefits won't be seen until Q2 2018 (projected), but pieces of the new protocol are already in place and improving things right now. The first major piece was OpenWebAuth, which builds on HTTPSignatures to provide a streamlined and standards-based cross-domain authentication layer.
  • Theme and UI
    Project navigation and the notification system were the primary focus of UI/UX development. Navigation and the pre-existing 'Apps' feature were first integrated and then extended. Then the notification system was moved from the top 'navbar' to a dedicated page widget in the base theme, integrating it more closely with the content.
  • Media/Files
    Cloud storage and media management underwent signficant development, climaxing in Q4 2017. One of the first components of this work was to provide uploads of "unlimited" size across all the existing tools; instead
    of only through WebDAV. Processing of photos was also reworked to handle the larger images from state of the art digital cameras; which were causing memory issues in the original architecture. Finally a 'tile view' was added to the cloud/file web viewer providing a more modern looking page.
  • Core
    Documenting all of the previous work and efforts required improvements in the Wiki and Webpage content features, and 'Cards' were added to provide interactive development documentation. We also provided the ability to create third-party Widgets and share them just like addons and themes, extending earlier work in this area. The project has been updated to work seamlessly with PHP7.2 and recent version of MySQL and Postgres. Many libraries have been moved to 'composer' (the PHP package manager) and the unit test system enhanced in a number of ways. Documentation has been improved dramatically (although this is a continued effort).

During the course of all of this development work, we've continued to listen to suggestions and issues which have been encountered by members, and have cleaned up and fixed many other areas that were lacking.

Notable changes in Hubzilla 3.0
  • The remote home link (the "Take me home" menu button in your personal menu on other websites of the hubzilla network) now does not bring you to channel home anymore but only to the domain root. This will bring you to the Activity app by default if you are logged in or to the login page if you are not logged in at your home hub anymore.
  • The techlevel for new accounts will be raised from 0 to 1 automatically after some active participation (connecting to other channels, creating posts, etc.).
  • We implemented chunked uploads for the photos and cloud modules in addition to wall uploads where we had this feature quite a while already.
  • A filter for notification to show new posts only has been added
  • Live updates and notifications updates have been reworked. We now first do the live update and then update the notifications.
  • We now have a system config option for minimum registration age
  • We implemented a tile view for the cloud module and added thumbnail generators for the most popular file types
  • A new experimental startpage module (hq) has been introduced. This provides a simple page with the latest toplevel post, notifications and the possibility to create a new post. You can make this your default startpage via the startpage addon.
  • We now provide the ability to pin apps to the navbar
  • Private forums have been added to the forum widget
  • We added another delivery control parameter (queue threshold) for sites which had issues with too many immediate deliveries at the same time. This parameter defaults to 300 which is quite conservative. Admins should adjust this setting according to what their hardware can handle.
  • Hubzilla is now ready for PHP 7.2
  • The js_upload addon has been removed. We now handle multiple file uploads natively.
  • We removed the Firefox social plugin - it was deprecated and removed in Firefox version 57

Hubzilla 3 release cycle preview
  • Continued integration of CalDAV/CardDAV
  • Continued implementation of Zot/6
  • E-Commerce solution

As always a big THANK YOU! to all the translators and everybody who is helping to improve Hubzilla with each release.

Get it while it's hot!

Please consider to support this project:

@Hubzilla Announcements+ @Hubzilla Support Forum+
hzkick | tobias
hzkick | tobias updated their profile photo