LinuxReviws.org --get your your Linux knowledge
> Linux Reviews > Features >

The Future of BitlBee, the IRC Gateway for Instant Messaging protocols (MSN, ICQ, Jabber, Yahoo)

LinuxReviews.org

Interview with the BitlBee developer team: Wilmer van der Gaast, Maurits Dijkstra and Jelmer Vernooij, and a word from former developer Sjoerd Hemminga. Find out what new cool features will be available in v1.0, what features have been implemented so far and what visions these bright young men have for the future of BitlBee and the Open Source community.

  1. What is BitlBee, and what makes it so cool?
  2. What milestones has the BitlBee recently overcome, which of the great features in the new version are you most happy with?
  3. BitlBee was originally written for Linux. How much work was involved in porting it to Windows, and why did you choose to do so?
  4. What new great features can we expect in the next BitlBee version? What lies ahead?
  5. A poll on bitlbee.org showed 58.1% of your users saod file transfer was their most desired feature. When will BitlBee support file-transfer?
  6. What other open source projects are you involved in?
  7. What are your future visions for BitlBee?
  8. What are your future visions for the Open Source community?
  9. Why did you quit BitlBee?
  10. Learn More about BitlBee

1. What is BitlBee, and what makes it so cool?

  • Wilmer:
    • BitlBee allows you to talk to people on Jabber, ICQ, MSN and some other IM-networks using your favourite IRC-client. Several programs like BitlBee exist already, but most of them either only support one IRC client or only one IM-network.
    • Why is this cool? For me it's cool because I like the way my IRC client (irssi) works and because it allows me to keep all my communication stuff (mail, IRC, IM) running in one screen session and attach to it from anywhere.
    • But BitlBee seems to be popular in some other groups. For example, quite a lot of Emacs fans use Bitlbee+ERC (an IRC client for "EmacsOS") so that they can even talk to IM-buddies from their favorite editor / operating system. Also, Amiga users seem to depend on BitlBee for their ICQ chatting needs because most other ICQ clients for Amiga-OS don't support the new protocol anymore. (I might be wrong here, but this is what I understood from a web-log.)
    • And of course it's nice to abuse CGI:IRC+BitlBee to log into IM-networks no matter how closed down your company's network is.
BitlBee on a CGI-IRC Web service, browsed using the Konqueror Web Browser

  • Maurits:
    • Bitlbee is an IRC-to-IM gateway. This basically means you can use your IRC client to talk to people using MSN, ICQ, AIM and a few other IM systems. This is good because suddenly you don't have to have a separate window for Instant Messaging, you can just use your IRC client!
    • I think one of the coolest things about BitlBee is the fact you can convert any IRC bot to an IM bot in a matter of hours, without having to write any of the IM protocol-specific stuff yourself.
  • Sjoerd:
    • That's a simple question. BitlBee is hot because of it's name. It's cool because it gives people a choice. The main reason BitlBee was created in 2002 was that Wilmer got fed up with having several clients open for every <badword> IM network he was on, next to his favourite client, irssi, of course. My sympathies were about the same and I even considered writing irssi-plugins for some IM-networks. Wilmer basically told me to forget that, because he had a great idea. And he did, as you know.
    • Now, what has that to do with choice? Well, BitlBee allows you to run the client of your choice. If you wanted Jabber and you liked the console, back then, you were almost certainly forced to use one specific client. CenterICQ (which was my IM-client at the time) didn't support it yet.
    • The coolest thing about BitlBee is that it integrates all protocols and bundles them into one. The consequence is quite simply that you only need one program to do it all. In a way it's like J.R.R. Tolkien wrote: "One program to bring them all and in the darkness bind them." Of course this is a cheap reference, but very true. Now, I'll leave it to you to think about the "rule them all" bit in the complete quote and how well it applies to BitlBee.

2. What milestones has the BitlBee recently overcome, which of the great features in the new version are you most happy with?

  • Wilmer:
    • For me the biggest milestone of the last few months is that BitlBee finally seems to be reasonably stable. The last rotten piece of code left was the MSN module from Gaim 0.58. I rewrote the module from scratch for BitlBee 0.90 because I didn't see any way to fix the existing code. I don't think the author will disagree with me on this, because he did a rewrite as well some time ago.
    • Since this rewrite, the number of crashing BitlBee sessions on the main public server im.bitlbee.org (with over 200 active users anytime) went down from four a day to less than four a month. Obviously, this is still too much, so I hope to get the number down even more for version 1.0.
    • Although this new MSN module isn't really a new feature, it's certainly the thing I'm most happy about.
  • Maurits:
    • A not-so-recent milestone was my daemon-mode patch. Although it's main aim was to make Bitlbee able to run as one (daemon) process, achieving this goal required a significant reworking of the internals. This, in turn, made the networking code much more robust and added syslog support.
  • Jelmer:
    • The support for server-side buddy lists in Oscar is in my opinion one of the most important features that we added in 0.91, since it makes migrating from other clients towards BitlBee much easier.
    • Other then that, there have been some very nice cleanups of the implementations of the various IM protocols, the MSN rewrite being the most important one. Those cleanups will hopefully help making BitlBee more stable (and more secure!) and should make it easier to add new features.
  • Sjoerd:
    • Well, there's the whole MSN-rewrite. This started when Microsoft changed the protocol back in October. But since the original MSN-code was quite good at crashing, it needed to learn not to crash. Wilmer did that by replacing all code. Quite effective.
    • And then there's the ICQ server-side buddy lists. That used to be one of the most requested features of BitlBee. It is now replaced by file transfers. The server-side buddy lists was quite some work. It didn't make the 0.90 release, to my personal disappointment. I wanted to use it in the release speech.
  • Changelog

3. BitlBee was originally written for Linux. How much work was involved in porting it to Windows, and why did you choose to do so?

  • Jelmer:
    • While I was working on some stuff for work the other day (I work as a MFC developer..), I wondered how portable BitlBee's code would be, so I decided to check it out. Just for the sake of it.
    • BitlBee turned out to be more portable then I could've hoped. Most changes I had to make were replacing malloc() , free() and a couple of POSIX-specific calls by their GLib equivalents. I think the whole port was done in one or two afternoons.
    • Ensuring that the code stays portable is quite easy. I release a Windows snapshot every few weeks to make sure it still compiles and there are usually only a few lines that need to be fixed.
  • Maurits:
    • I wasn't involved in porting Bitlbee to Windows, Jelmer did this on his own. However, I spent a fair bit of time messing around with the old, cygwin-based Windows port. I can safely say Jelmer's effort improved the Win32 port _a lot_.
    • Having said that, I still think the Windows port of Bitlbee isn't a very useful thing. It does, however, show how much portability can be archieved without resorting to the the GNU auto* tools.

4. What new great features can we expect in the next BitlBee version? What lies ahead?

  • Wilmer:
    • Most important thing for now is to get a BitlBee which allows you to have normal conversations, is stable and as bug-free as possible and call it version 1.0. This is probably going to happen soon, because the program is fairly stable already.
    • What comes after that? The less essential features. Probably also a partial rewrite. Especially the IRC core will need some redesigning anyway before we can implement some of the features (buddy groups, for example) in a sane way. Also, maybe it's time to add support for some less popular protocols. Polish people might be happy with Gadu-Gadu support. Some people might like support for Sametime or Novell's company instant messengering system.
  • Jelmer:
    • Webcam support! ;-)
    • Keeping up with the features that are being added into the IM protocols and improving server maintainability tools are two things that come to my mind right now.
  • Maurits:
    • Better public server support: I want to improve this up to the point where Bitlbee has as many options as a full ircd. This includes specifying connection/user limits per hostmask/interface and having a proper in-IRC admin interface (probably through a second channel, #admin).
    • Importing/exporting profiles. This means you can export your current bitlbee buddy lists and account information to a file, which can then be imported on another server. A system like this is A Good Thing[tm], because it allows the user to keep backups of his profile when using a public server. When the public server in question goes down, the user can just connect to another one, import his profile and continue like nothing happened.
  • Sjoerd:
    • This I can't really answer, since I'm not a developer anymore. But I think other protocol stacks will be rewritten, to increase stability and maintainability.
    • I'm kind of hoping they will add MSN webcam support soon. Then I could see those "cheating housewives doing their naughty acts". That would be so cool!

BitlBee currently supports groupchats using the MSN and Yahoo! networks. Will BitlBee support Jabber groupchats any time soon? And, more interesting, will BitlBee ever support acting as a groupchat server where you can have groupchats with people using different networks, allowing you to have a shared conversation with MSN, ICQ and Jabber contacts mixed?

  • Jelmer: Well, I don't think it's technically feasible without doing it in an ugly manner. E.g. if you are talking to a ICQ user and a Jabber user using your ICQ and your jabber account, the Jabber user would see all messages from the ICQ user as coming from your Jabber account and vice versa.

Will BitlBee support creating new IM accounts on open servers? Perhaps BitlBee could check if the requested nickname is free on say a list of Jabber servers until it finds one where it is available and create a new account automatically?

  • Jelmer:
    • It is very well possible to add support to BitlBee for registering new accounts. However, one of the concerns with allowing users to register new accounts from (public) servers, are spammers. We wouldn't want people using bots to register dozens of accounts and use them for spamming.
    • So we probably need to add better anti-abuse tools before we consider adding support for registering new accounts.

5. A poll on bitlbee.org showed 58.1% of your users saod file transfer was their most desired feature. When will BitlBee support file-transfer?

(What new feature would you like to see next in BitlBee?)

  • Wilmer:
    • Not before version 1.0. I still don't consider file-transfers essential for chatting. BitlBee is never meant to be a full-featured do-everything IM-client. File-transfers are far from essential because there are numerous other ways to send and receive files to/from buddies. E-mail, FTP, HTTP...
    • After all, file transfers over IM are not exactly easy, because most IM-protocols know at least three ways to transfer files. (One in which the sender initiates the connection, one in which the receiver initiates the connection, one which goes completely through the servers... This all to get through NAT-gateways) And as you know, most IM-protocols are not very well documented. I don't expect it to be easy to find this all out, so it will probably still take some time. But it will be possible one day. Maybe quicker if some of the people who want the feature decide to help implementing it.
  • Jelmer:
    • I think this should be relatively easy to implement, if we take a couple of days to do it. There's nothing in the current architecture that has to be changed, so it should just be adding code in a few places.
    • Perhaps it would be better to wait with file transfer support until after 1.0 though or perhaps have a separate branch for it. Stability issues in file transfer support might severely delay 1.0.

6. What other open source projects are you involved in?

  • Wilmer:
    • I'm a Debian developer. Not a very active one anymore, although I do work there as an Application Manager, which means I assist people who want to become a DD as well. Apart from that, I don't do much in the open source world anymore. I used to work some of my other projects (mainly the downloader called Axel), but I lost interest in them.
  • Jelmer:
    • At the moment, I'm working mostly on Samba and Ethereal. For Samba, I'm currently working on MS DCE/RPC stuff (things like DCOM support for POSIX-compatible operating systems and remote Windows Registry).
    • In Ethereal, I work on the Oscar and DCE/RPC dissectors. I guess there's just something that attracts me to ugly proprietary protocols.
  • Maurits:
    • Not a lot, actually. I'm a big fan of the Python programming language and have written an IRC module for that. You can find that on irclib.bitlbee.org. I've also submitted a few patches to fluxbox and gaim a couple of years ago, but I'm afraid that's about it.
  • Sjoerd:
    • Nothing much, I once worked on some helper-scripts for Wilmer's axel download accelerator. And I wrote rotix, which just does some ROT-xx obfuscations. I have a new version of rotix lying about for a year or two now, just haven't got around to releasing it yet :-)

7. What are your future visions for BitlBee?

  • Maurits:
    • One thing I would like to be able to do is run Bitlbee as an IRC service. IRC networks could then just link a Bitlbee server to their network and it would be usable for all their clients instantly. Sadly, limitations due to the IRC protocol make this impractical, but one can dream, eh? :)
  • Wilmer:
    • Obviously, I still dream about a world without BitlBee, because when everyone will use IRC again BitlBee won't be necessary anymore. But I don't expect that dream to come true, and actually, I don't think I want it to. :-)
    • And what else? Well, once the stability improves a bit more, it would be nice to improve the daemon mode so that people can run big public servers without filling up their process list (and memory) completely with BitlBee processes. For now this isn't a very good plan though, because in daemon mode a crash because of a segmentation fault means a crash for all session and not just in the corrupted one.
    • And in the far, far future it would be nifty to make it possible to link public servers so that they share user accounts and settings, so that people can just switch to a different BitlBee server when one goes down.
  • Jelmer:
    • I think BitlBee has already outgrown the visions we had for it!
  • Sjoerd:
    • Like Jelmer said, BitlBee has already outgrown the visions we had. When the project just started, I wouldn't have expected it to be so popular. Not that I gave it much thought, but it was still highly unlikely so many people would use software we worked on. Many of our friends from IRC started using the Bee, which was kind of thrilling. Nowadays, a lot of people use it. And what's more important, they like it too. To me, that's one of the biggest compliment you can make. Using software I worked on, and liking it.
    • Now, my future visions for BitlBee are just a more perfect Bee. BitlBee already fulfills the needs of people chatting in an IRC-like way, which is all we were aiming for. It could support a few more protocols, it could be a bit more stable, it could use a bit better documentation et cetera ad infinitum. But that's just perfecting what's already there, nothing new.
    • If you ask me something revolutionary in a BitlBee sense, it would be that BitlBee would be more than just the IRC-over-IM-tunnel it is now. The Bee would then become a full-fledged IM-client, with just an IRC interface. You can expect things like file transfers, multiple "buddy channels", perhaps group chats over multiple IM-networks and so on and so forth.
    • Will this really happen? Well, there's certainly a demand from the users for such features. The development team usually follows user demand. They are slow about it, but that's with good cause. I wouldn't be surprised if someone would walk into #bitlbee one day and asked for a way to control his HiFi-set with BitlBee. The trend to move to such a full-fledged IM-client has already been set in, when group chats and away-states started to be implemented. Away states are there for a long time, so it's started when BitlBee started. But it won't gain momentum before 1.0. The current team wants the Bee first to be next to perfect as a IRC-over-IM-tunnel. Which is a very correct attitude towards the Bee. But I suspect version 2.0 will be near something like Gaim or Trillian in terms of features.

8. What are your future visions for the Open Source community?

  • Wilmer:
    • Well, who knows... Things might get a bit more annoying in Europe with the software patents possibly coming. I don't know if it'll be fatal though. But it's quite likely that Open Source is going to be more popular. I never expect Microsoft to open source their software, but I just hope they'll lose their monopoly one day so people will get their choice of operating system back.
    • And for me open source doesn't have to dominate the world either. As long as laws, patents and other things don't make writing open source software impossible, it's fine with me.
  • Maurits:
    • I think the Open Source community should be committed to delivering a better-than-windows-in-every-case Desktop OS (whether it's based on linux or not). Also, a trend we're recently seeing is the dumbing down of the linux desktop. I don't like this because I think things like the CLI should be tightly integrated into the Desktop, not hidden from sight. Everything you can (easily) do with a configuration GUI, you should be able to do from the command line.
  • Sjoerd:
    • That's a dangerous question to answer. No matter what you answer, people will flame you. Good. I like a good flame war :-)
    • First, let's make the distinction between Free Software and Open Source Software. This sets me up as a nice flame war victim. Now, the software basically is the same, but the communities differ. The FS community writes the software from an ideological point of view. The OSS community does it from a practical point of view. This gives OSS more growth potential than FS. There will always be ideologists, but their amount rarely grows. (Unless of course you can rise the masses to your cause, which, in the case of software, is unlikely. Now, that's gonna get my balls kicked. Nice.)
    • I think OSS will start to take a lot of the market, but will stop growing at some point. After that, it will co-exist nicely with closed source software. Both will continue to exist and both will have their own niches. Just normal market-economics, I guess.
    • Now, as to possible threats, like the European Software Patents, I'm not really afraid those will spoil anything. OSS coders are creative, they find ways around it. It will just make things interesting. (Another statement that will get me a nice hard kick in the bollox.) Of course, that doesn't mean we should not resist against such threats. They do threaten our freedom to create some programs. You need to be a part-time ideologist, to be practical.
The BitlBee developer crew:

Wilmer van der Gaast Jelmer Vernooij Maurits Dijkstra Sjoerd Hemminga (former developer)

9. Why did you quit BitlBee?

  • Sjoerd:
    • It was a very hard decision. I really like the Bee and I'm very proud I have worked on it. But my contributions to the project were very small. I helped out users in #bitlbee and watched all releases carefully, but I didn't contribute any code, except an occasional patch. I realised most of the code I remembered, was already replaced or changed significantly.
    • On top of that, things got very busy in the rest of my life, so I couldn't really correct that situation. So I weighed the options carefully. The things I still did for the project, I was able to continue doing as an user. But I just wouldn't be in the CREDITS file as an active developer anymore. That just seemed more appropriate.
    • So I didn't really quit BitlBee. It was just a title change. I still get the nightlies as if I were a developer, I still help out users, I still kick Wilmer when someone introduced compiler warnings into the code base and I still write release speeches.
    • I do like BitlBee and I do want to get back into the project. But at this time, that is not possible. I got a few things I want to work on too. So, another cheesy quote: "I'll be back." It's "when", not "if".

10. Learn More about BitlBee
Thank you for using LinuxReviews. Have a nice day!
BitlBee - News
  • The bugs we've been hunting

    With all the noise around "the bug" behind us a little bit, I guess it's now time to stop being so vague about the "account hijacking" bugs we've fixed. I didn't want to give all details right away, to give public server maintainers some time to upgrade. Only a few maintainers picked up the fixes, and I don't want to wait any longer.

    A few weeks ago, while redoing the "set" command a little bit, I discovered something I didn't really like. When you connect to a BitlBee server and immediately use "set password" to change your password, even though you haven't used identify/register yet to get yourself authenticated, BitlBee just said "Password changed successfully". Although it didn't actually create an account file yet, one could then use "save" to then get this done. While the "register" command checks if an account exists before writing to disk, the "save" command doesn't (and shouldn't). Quickly, 1.2.2 was released. Why did this happen? It turns out that this problem was with us for some time already. Previously, the "password" setting was disabled until the user registers/identifies. This was changed in this bzr revision.

    Unfortunately, this wasn't the only problem. It turned out the "register" command was also not working very well. Although it checked for the existence of an account before creating it, it did leave a password set in the BitlBee state structure. This allowed for a very similar exploit, where after failing to register an account, one could use the "save" command to get his account saved anyway. This problem was introduced somewhere in the migration to the storage abstraction layer.

    All these issues should be gone now, and I'm working on a blackbox testing system that will continuously check for bugs like this (and also test other various pieces of BitlBee functionality) to (hopefully) prevent nasty bugs in the future.

    Also, I see security advisories about this issue are often wrong about the "hijacking" part, so I have to repeat this once more: Although this exploit indeed allows one to create an account on a BitlBee, bypassing all safety checks (including AuthMode=Registered), it is not possible to use this bug to gain access to other people's accounts! When someone performs this attack, he will simply get the victim's account deleted. IM passwords in BitlBee configuration files are encrypted using the user's password. There is absolutely no way to figure out these passwords without cracking the person's BitlBee password.

  • BitlBee 1.2.3, unfortunately another important bugfix

    Unfortunately 1.2.2 did not fix all possible account hijacking loopholes. Another very similar flaw was found by Tero Marttila. In the migration to the user configuration storage abstraction layer, a few safeguards that prevent overwriting existing accounts disappeared. Over the week I went over all the related code to make sure that everything's done in a sane, safe and consistent way.

    It looks like not all public servers are up to date yet. If you own one, please update it as soon as you can to save your users any inconvenience from losing their account.

  • BitlBee 1.2.2 fixes security bug

    I just released BitlBee 1.2.2, and I advice public server maintainers to upgrade their BitlBee daemons as soon as possible, since this release fixes a security bug that was probably there for a long time already.

    It's not a serious bug, it doesn't allow anyone to compromise your server. It does allow people to hijack accounts, though. Not with gaining access to the IM accounts or settings of the existing user, it only allows people to recreate an existing account.

    Again, your machine (and for the users, your privacy) is not in danger. But please upgrade anyway to make sure this gap is closed.

    Update (2008-08-30 14:23 (UTC)): Some testing showed that the bug does not exist in any 1.0.x release or older. BitlBee 1.1dev/1.2 were the first releases with this vulnerability.

  • MSN issues - resolved

    Both testing.bitlbee.org and im.bitlbee.org are now running a bzr snapshot version of BitlBee that does MSN Passport authentication the old way. This should resolve the login problems. A 1.2.2 release will probably come soon, I want this to be stable on the public servers for a few days first.

    Update (2008-08-02 11:04 (UTC)): Actually, I rolled back in vain, just hours after I did this, Microsoft fixed their bug. 1.2.x users should be fine again.

  • MSN issues

    This is known for a few days already, but a post on the webpage still can't hurt, I think. Apparently BitlBee has issues logging into the MSN Messenger network these days, if your password contains non-alphanumeric characters or even capitals. It affects some people, others can still log in. The problem is discussed in the bug tracker.

    This seems to affect other clients too. There's one easy fix, which is reverting to the old non-SOAP authentication method. I'm trying to avoid doing that since that code was messy. If I can't find any better solution soon, I'll probably do that and roll it out to the public servers.

    If you absolutely need MSN to work, you can change your password or switch back to BitlBeee 1.1.1dev for a while.

  • Happy birthday, BitlBee 1.2.1!

    Today (on my watch this day is going to end in five minutes already, actually..) BitlBee reached the age of six years! Since it's been a while since the 1.2 release and since there are fixes for a lot of bugs in bzr by now, I decided to make this a release.

    This code is running on testing for a while already, with not too many changes, and it's extremely stable. For the first time, we're actually running BitlBee in daemon mode for all SSL connections. It's serving thirty users from just one process, running without any issues for weeks in a row. This is quite an improvement over the unstable unreliable program the Bee once used to be!

    Of course I'm not saying that the program is perfect now, please keep sending those bug reports. :-) But first, enjoy BitlBee 1.2.1!

Resources

Wikis

Package Search

Meet new people