HOW TO
Set up a chat server on your Pi; make metal text effects in Photoshop; create a USB stick toolkit.
YOU’LL NEED THIS
RASPBERRY PI See www.raspberrypi.org.
MESSAGING CLIENT We’re using Pidgin, available
from www.pidgin.im. WITH FACEBOOK CHAT, GOOGLE HANGOUTS, Yahoo Messenger, and ICQ, to name but a few, there’s certainly no shortage of chat services available nowadays. The downside of all these offerings is that they’re closed-source, meaning the code used to design them is not released to the public. This makes it harder to detect security vulnerabilities—plus, you have to trust that big corporates are keeping your private conversations safe.
Federation is also definitely not supported by most proprietary chat software—for instance, someone using the official Google Hangouts app has no way of speaking directly to someone using AOL Messenger. So, how can you get around all these problems? Read on…. 1 XMPP TO THE RESCUE The solution to all of the above is XMPP (Extensible Messaging and Presence Protocol). XMPP is a communications protocol for open-source and secure messaging. Unlike chat software created by big corporations, there’s a number of programs you can use to connect to a server running XMPP, and you don’t have to share the contents of your conversation with anyone except your contacts.
>> There are thousands of public XMPP servers, some run by large companies and others by private individuals. The Raspberry Pi can easily be used to set up your own XMPP server, to allow your friends, co-workers, or family members to connect and chat together.
>> Part of this project was adapted from a guide put together by Tomas Greno, which can be viewed at http://bit.ly/2dal1Z7. 2 WHY XMPP? Before starting this project, you may be wondering why you would even want to set up your own chat server on your Raspberry Pi, given the number of alternatives available. You may also be questioning why you would choose XMPP, when you could use more familiar software, such as Facebook Messenger, or have your contacts meet you in an online chatroom. For a full technical rundown of the technologies underlying XMPP, you can visit the Overview page of the XMPP Foundation at http://bit.ly/2d7XrHV. However, in brief, one of the chief advantages of using XMPP to host your own chat server is security—your messages will never leave the server. So, provided your Raspberry Pi never leaves your home or office, it will be much more difficult for someone to read your chat history.
>> Even if you allow others to connect to your Pi chat server over the Internet, you will be using open-source software, which is regularly reviewed by a community of developers, rather than by one team at a single company. This means there is a far greater chance of vulnerabilities being discovered and fixed.
>> XMPP is also extremely flexible. Any XMPP server that is connected to the Internet can communicate with any other user registered with another XMPP server.
>> For example, if you register a chat account with the popular German XMPP server www.jabber.de, you can still communicate with someone who has an account with the British XMPP server www.xmpp.is. Usernames are written in the style of email addresses, such as “hansgruber@ jabber.de,” and you can add them as contacts in your messaging app [ Image A].
>> There’s a great many XMPP messaging programs available for both computers and mobile devices. Apple’s Messages for Mac OS X, and the program Empathy, which comes preinstalled with many versions of Linux, both support the XMPP protocol. For Windows users, it’s very easy to download a compatible client. 3 CHOOSE YOUR MESSAGING CLIENT To connect to your Pi’s server, we will be using Pidgin [ Image B], because it’s very flexible and is available for Windows, Mac, and Linux. If you’re a Mac or Windows user, head over to www.pidgin.im/download to download Pidgin Messenger. If you’re using Linux, simply install it using your OS’s package management tool.
>> Although when following the tutorial you will already have added an admin account, this shouldn’t be for daily use, so we will create a new account when starting Pidgin.
>> When the Pidgin window opens, select “XMPP” under “Protocol.” As we’re creating a new account, the username can be anything you want. In the “Domain” field, put the IP address or domain name of your Raspberry Pi, such as “192.168.1.2.” The password field can contain any value you like. It’s a good idea at this stage to check the “Remember Password” box, to save having to log in each time.
>> The “Local Alias” field is simply the name you wish to appear on your own version of Pidgin, to help you distinguish your account—for example, “Roger-Raspberry-Pi.” Check “Create a New Account on this Server,” then click “Add.”
>> Pidgin is not available for Android devices or iPhones. You can view a full list of XMPP clients for all platforms at http://bit.ly/2d1o2b1. Free apps for iPhone include ChatSecure (see below) and AstraChat. Both are available from the iTunes Store. Cost-free Android XMPP apps
include ChatSecure for Android and Beem, both of which are available in the Google Play Store. 4 PIDGIN PLUGINS As you will have seen when setting it up, Pidgin supports a number of protocols, such as AOL Instant Messenger, Google Talk, and Yahoo Messenger. It’s also highly customizable through the use of extra plugins [ Image C]. Some of these plugins, such as Theme Manager, are official, and accessed by clicking the “Tools” menu in Pidgin, then “Plugins.” Other plugins have been developed by third parties. A full list of third-party plugins, as well as instructions for installation, is available from http:// bit.ly/2cof2P1. One particular plugin of note is Off-the-Record Messaging (OTR).
>> In brief, if this plugin is installed in both your copy of Pidgin and that of your friends or colleagues, your conversations are automatically encrypted. Unlike the SSL certificate, which is stored on the Pi, OTR encryption keys never leave your computer, so even the chat server can’t keep a meaningful copy of your transcripts.
>> If you want to access the chat server securely from a mobile device, try ChatSecure. This free app is available for Android and iPhone, and supports OTR messaging without needing to install extra plugins. More information is available from the Guardian Project’s website at http://bit.ly/2cJti6A.
>> If you are considering opening your Pi chat server to the Internet, another useful plugin is Bot Sentry. This prevents you from being overwhelmed with spam messages, because you only receive messages from people on your buddy list.
>> Once Pidgin is secure, you may want to tweak its appearance, so head over to www.pidginthemes.com. 5 CHAT CHALLENGES As you’ll see in the walkthrough (on page 63), the software is very simple to set up and run. If you are having trouble installing the software in the first place, you should make sure you have the latest version of Raspbian. Open Terminal on the Raspberry Pi, or connect via SSH, and run the command sudo apt-get update then
sudo apt-get upgrade . The second command may take some time, so make sure you don’t need to use your Raspberry Pi urgently before running.
>> As you’re going through the walkthrough, you may have difficulty finding the sections you have to edit in the configuration file. Use Ctrl-W to run a search within the file for the sections you need to change—for example, “VirtualHost.” Just type your search term and press Return to be taken to the word in question.
>> If you restart the Pi for any reason, the Prosody chat service stops. You can get it running again by opening
Terminal on the Pi or connecting via SSH and running the command
sudo /etc/init.d/prosody start . 6 MORE TROUBLESHOOTING If you find the software fails to start, try running the command sudo luac -p prosody.cfg.lua to check the configuration file. If all is well, the Terminal simply goes on to the next line when you press Return. Otherwise, it tells you the line where there is an error message.
>> If you choose to enable SSL, modify the location of both the KEY and CRT file. If you used the Prosody software to generate a self-signed certificate, this is in the same folder. Some messaging clients may display a warning before connecting. This isn’t in itself a cause for concern, but it may prevent certain programs from being able to connect.
>> If you choose only to access the server from your home or office network, remember that your conversations are only secure if no one can physically access your Raspberry Pi. If you don’t use OTR messaging, anyone connected to the network may also be able to read your messages by viewing network traffic. See https://prosody.im/doc/security for a detailed rundown of possible vulnerabilities, as well as suggestions on how to solve them. If you do use OTR messaging, bear in mind that chatrooms are not currently supported. 7 VIDEO ISSUES Voice and video calls are supported by an extension to the XMPP protocol known as Jingle. Not all XMPP clients support this feature. For instance, voice and video calls are only available from the Apple Mac and Linux versions of Pidgin. Linux’s built-in messenger, Empathy, also supports Jingle out of the box, as does Jitsi, which is available for Linux, Mac, and Windows. If your contacts only use Windows, they can download a different client, such as Psi (available from http://psi-im.org), which may support video calling. Alternatively, Windows 10 users can install the Linux version of Pidgin via the Windows 10 Bash shell. See http:// bit.ly/1N3Ob2f for details.
>> If you have a number of users performing large file transfers or video calling, you may notice the chat server starts responding more slowly. You can relieve this, at least in part, by enabling data compression on your server. See the steps outlined at http://bit.ly/2cPVIJI for more information. Compression is set on a sliding scale from 1 to 9, where 9 is the highest, but uses the most system resources, which in turn could actually slow the Pi down further. We suggest you start at 7, as the Prosody website suggests, and increase as necessary. 8 SHARE THE LOVE Although XMPP software is very robust and powerful, you may find that some people are reluctant to join your server because they are more familiar with chat services such as Facebook or Google Hangouts, and/or they know how to use those clients. The best remedy is to provide your contacts with some information on the protocol, and what it can do for them. A good place to start is the XMPP Foundation’s wiki at http://bit.ly/2clH7ld.
>> If you do persuade people to use your chat server, you may want to set up a dedicated chatroom for everyone. You need to specify this in your configuration file. Visit http:// bit.ly/2ctr9ZL for details of how to do this.
>> Prosody is extremely lightweight, which makes it ideal for running on the Raspberry Pi. The downside to this is that you may need special features that aren’t available. One example would be the ability to broadcast a message to everyone who is online, which isn’t natively supported. Fortunately, there is a large number of addons for Prosody, known as modules. Head over to https:// modules.prosody.im to see a list of those available. If you see any you think would be useful, download them to your Pi, and follow the steps at http://bit.ly/2ctqpne to install them. You may need to restart the Raspberry Pi for the module(s) to take effect.