April 9th, 2014
OpenSSL Heartbleed Vulnerability Update
This past Monday, April 7th, the OpenSSL Project released an update to address a serious security issue – CVE-2014-0160 – nicknamed “Heartbleed“. Any server or client application that depends on impacted versions of OpenSSL is vulnerable to a leak of encrypted secrets to a remote attacker.
Trillian Cloud Infrastructure.
As of Tuesday, April 8th at 23:00 UTC, all of Trillian’s infrastructure has been updated and is no longer vulnerable. This includes our general-purpose web servers, the servers used to facilitate our web and mobile clients, and the IMPP servers that power our actual IM network. Because this attack could have exposed our TLS certificate, we’ve also generated a new private key and obtained a new certificate as a precaution.
Trillian for Windows versions 5.3.x.x to 184.108.40.206 are vulnerable to heartbleed. Although exploiting a client is a few orders of magnitude more difficult than exploiting a server, exploitation is still technically possible and we urge everyone to upgrade their clients as well. A new version, 220.127.116.11, is now available via auto-update and direct download. Other versions of Trillian, including Trillian for Mac, are not impacted by this vulnerability.
In-House Trillian Servers.
All versions of in-house Trillian Servers are vulnerable to heartbleed. An updated version, 18.104.22.168, has been released and all in-house customers will be sent additional information directly via email shortly. If you’re not sure if your company has updated its server and need assistance or clarification, please get in touch.
Because the surface area of this vulnerability is so large and impacts thousands of different companies, we recommend that all Trillian users change their passwords as a precautionary measure. The recommended way to change your password is from within Trillian itself, in preferences. This is also a good opportunity to review your overall password strategy: make sure you don’t share passwords between sites and that your passwords are as strong as possible!
Posted in Cerulean News |
March 5th, 2014
This week, a competitor of ours (imo.im) decided to drop support for third-party IM networks and focus on building out their own platform instead. This got us thinking: reverse engineering other IM protocols is a thankless task and Facebook just acquired WhatsApp for ~19 billion dollars, so what the heck are we still doing here?
Interoperability is difficult.
To be perfectly clear, everything the imo team said is true: supporting third-party messaging networks is awful. Not only can it be frustrating technically, but you’re often left with a half-broken implementation for reasons completely outside of your control. Why isn’t AIM connecting today? Dunno. Why do half of your Facebook messages not show up on all of your devices? Blame feature gaps in their XMPP gateway. At some point, the temptation to punt and focus your company’s energy on building its own reliable messaging network is almost unbearable.
We’ve been there.
In fact, we’ve been running our own messaging network since 2006 in the form of what some of you know as Astra and others just as Trillian. Running our own messaging network has given us the opportunity to build our own awesome IM protocol, work on things like audio and video calls, reliable file transfers, native support for TLS, our “continuous client” dream, and generally learn all of the ins and outs of running a service. It’s been great, and we obviously believe our service is fantastic!
Trillian was started because Kevin and I had a problem: we were tired of having to load mIRC and AIM at the same time just to stay in touch with all of our contacts. Millions of people still rely on “legacy” networks like AIM, Yahoo, and Google Talk to get their jobs done and stay in touch with (ok, perhaps slightly older!) members of their families. We therefore believe it remains important that we keep up our efforts at providing interoperability in Trillian even as we continue to invest in our own network. Still, it’s important to remember that Trillian is not immune to industry change, and the day may come when we’re no longer able to provide interoperability for reasons outside of our control: Microsoft’s decision to shut down SkypeKit, for example, will eventually be the end of Skype in Trillian. That’s why we encourage everyone to use Trillian’s messaging network: share your Trillian username with your other Trillian-using friends and add each other to get started!
We wish the entire imo team the best of luck, and are obviously a little jealous of their newfound freedom from nights buried in assembly and network dumps. We hope that when they make their first billion that they remember our shared struggle send over a box of Cristal.
Posted in Cerulean News |
October 31st, 2013
Trillian for Linux: Debian, Fedora, dependency improvements, fixes! (1.0 Build 2)
Build 2 of Trillian for Linux is now available. By popular request, we’ve been spending time improving some of the dependencies Trillian requires and have also made clean Debian and Fedora builds. While we still support Ubuntu extensions, they are now optional instead of required, which should make using Trillian on your favorite Linux distribution much easier! A handful of bugs have been tackled in this build as well, and we’ve tried to improve Trillian’s resilience in the face of many different theme and color configurations.
Posted in Trillian for Linux | Changelog |
October 17th, 2013
Trillian 5.4 for Windows!
Today we’re taking Trillian 5.4 for Windows out of beta and making it available to everyone. As we mentioned during beta, this release is primarily focused on improving existing functionality and fixing bugs. We thought the time was right to take a break from building new features to step back and address some common bugs and complaints. Some of the important bits in 5.4:
A change on the Facebook side meant that international users suddenly started seeing junk characters in their chat messages instead of properly encoded characters. This has been fixed in 5.4!
With Outlook.com now supporting the popular IMAP protocol, Trillian’s ability to monitor these email accounts has improved leaps and bounds. See your full mail preview, mark messages as spam, delete messages, etc. In addition, we’ve fixed bugs specific to Yahoo mail, improved our bandwidth consumption when dealing with large messages, and tweaked a few other mail-specific bugs as well.
As more and more of our customers adopt our Trillian Server in-house business solution, we’re also making sure all of our client software can properly connect to an in-house server. Trillian 5.4 accomplishes this for the Windows side, making it possible to connect to servers with self-signed TLS certificates and more.
A few long-standing bugs have been addressed in 5.4, including a few very rare corner cases with message window flashing, improvements to group chat windows, fixes to spellcheck, and a few other great tweaks that long-time users will appreciate – including the removal of the tooltip in the edit area that annoyed so many of you!
Last but not least, our Twitter engine gets a few nice enhancements in 5.4: see user displaynames and usernames in your stream, fixes for direct messaging, fixes for RTs being cut off, and more.
We hope you enjoy the new release!
UPDATE: Build 13 has been released to address some reported bugs with MSN mail, XMPP connectivity, and a crash.
UPDATE: Build 15 has been released to address a recent Twitter-related crash.
Posted in Trillian for Windows |
October 8th, 2013
Trillian for Linux: Early access for Pro customers!
Good news, Linux fans: we’ve been quietly building Trillian for your favorite operating system and today we’re ready to release an early access version into the wild for Trillian Pro customers only. Download it here while you read the announcement!
What is Trillian for Linux?
Trillian for Linux represents the next leap forward for Cerulean Studios and desktop messaging applications on Linux. We’ve rolled up our sleeves and dived into the world of GTK+, building the purest and most native version of Trillian that we can – this is not just a gussied up web browser control! – with an initial eye on strong suport for Ubuntu. Trillian for Linux boasts a beautiful contact list with searching, tabbed message windows with inline image support, emoticons, screen capture!, a rich activity history viewer, file transfers, group chats, integration with Ubuntu’s messaging menu and much more.
Why an early access program for Pro customers only?
The honest reason is pretty straightforward: we’ve spent years of time and money building Trillian for Linux so far, starting as early as 2011, and we need to ensure that enough of you are serious about supporting the project financially for us to continue with it. Here’s your chance to help us prove that a healthy and vibrant market for Linux applications exists for smaller software shops like Cerulean: go Pro and support our efforts on Linux!
Will Trillian for Linux be free upon final release?
Yes. The early access program will eventually end and the product will be free for everyone to use and enjoy, so if you’re unable to purchase Pro today you can rest assured that Trillian for Linux will make its way to you in the future.
We plan to follow up in the coming weeks with an additional behind-the-scenes look at what went into building Trilian for Linux: we think you’ll be surprised how much effort goes into a project like this and how many minor details we fret about behind the scenes. Thank you for your support!