July 2nd, 2014
Trillian and Skype
In order to connect to Skype, Trillian relies upon an SDK developed by Skype known as “SkypeKit”. Unfortunately, after Microsoft acquired Skype they made the decision to terminate the SkypeKit program, leaving Trillian in a state of limbo in terms of future updates and ongoing support for Skype connectivity. We’ve recently received official confirmation that the SkypeKit program will be winding down at the end of this month, July 2014. Here’s what this means for Trillian users:
1. Importantly, our legal ability to continue to distribute SkypeKit with Trillian is *not* impacted by the termination of the program itself, which means we’re allowed to continue distributing the current version of Trillian with Skype connectivity. We may decide to remove Skype support from a future version of Trillian as more and more customers move to Windows 8.1, where Skype support doesn’t work (see item #3).
2. According to Microsoft, “Key investments in Skype’s application and service architecture may cause the Skype features to stop working without notice in SkypeKit products. As a result, we encourage you to end any further distribution of SkypeKit products.”. This means SkypeKit may brick itself at some point in the future without notice to us, ending Trillian’s ability to connect to Skype.
3. The ongoing compatibility issues with SkypeKit and Windows 8.1 will not be fixed. These issues were never something we could control or address (we don’t have the source code to SkypeKit and can’t make changes or fixes to it), and with the termination of SkypeKit we don’t anticipate any additional development resources being allocated to bugfixes. Some of our more creative users have found workarounds to this issue that involve replacing SkypeKit with an older version, but unfortunately we aren’t able to do this in an official capacity for reasons relating to our legal agreement with Skype.
The bottom line: Skype support in Trillian is likely coming to a close in the (possibly near) future. This is obviously a disappointment for us and for our users and we’ll continue to explore other ways to bring Skype connectivity back to Trillian when the time comes.
In happier news, we have a large batch of updates across almost all platforms nearly ready for everyone to test. We’ll update the blog with more information once the builds are ready for testing.
Posted in Cerulean News |
April 9th, 2014
OpenSSL Heartbleed Vulnerability Update
This past Monday, April 7th, the OpenSSL Project released an update to address a serious security issue – CVE-2014-0160 – nicknamed “Heartbleed“. Any server or client application that depends on impacted versions of OpenSSL is vulnerable to a leak of encrypted secrets to a remote attacker.
Trillian Cloud Infrastructure.
As of Tuesday, April 8th at 23:00 UTC, all of Trillian’s infrastructure has been updated and is no longer vulnerable. This includes our general-purpose web servers, the servers used to facilitate our web and mobile clients, and the IMPP servers that power our actual IM network. Because this attack could have exposed our TLS certificate, we’ve also generated a new private key and obtained a new certificate as a precaution.
Trillian for Windows versions 5.3.x.x to 220.127.116.11 are vulnerable to heartbleed. Although exploiting a client is a few orders of magnitude more difficult than exploiting a server, exploitation is still technically possible and we urge everyone to upgrade their clients as well. A new version, 18.104.22.168, is now available via auto-update and direct download. Other versions of Trillian, including Trillian for Mac, are not impacted by this vulnerability.
In-House Trillian Servers.
All versions of in-house Trillian Servers are vulnerable to heartbleed. An updated version, 22.214.171.124, has been released and all in-house customers will be sent additional information directly via email shortly. If you’re not sure if your company has updated its server and need assistance or clarification, please get in touch.
Because the surface area of this vulnerability is so large and impacts thousands of different companies, we recommend that all Trillian users change their passwords as a precautionary measure. The recommended way to change your password is from within Trillian itself, in preferences. This is also a good opportunity to review your overall password strategy: make sure you don’t share passwords between sites and that your passwords are as strong as possible!
Posted in Cerulean News |
March 5th, 2014
This week, a competitor of ours (imo.im) decided to drop support for third-party IM networks and focus on building out their own platform instead. This got us thinking: reverse engineering other IM protocols is a thankless task and Facebook just acquired WhatsApp for ~19 billion dollars, so what the heck are we still doing here?
Interoperability is difficult.
To be perfectly clear, everything the imo team said is true: supporting third-party messaging networks is awful. Not only can it be frustrating technically, but you’re often left with a half-broken implementation for reasons completely outside of your control. Why isn’t AIM connecting today? Dunno. Why do half of your Facebook messages not show up on all of your devices? Blame feature gaps in their XMPP gateway. At some point, the temptation to punt and focus your company’s energy on building its own reliable messaging network is almost unbearable.
We’ve been there.
In fact, we’ve been running our own messaging network since 2006 in the form of what some of you know as Astra and others just as Trillian. Running our own messaging network has given us the opportunity to build our own awesome IM protocol, work on things like audio and video calls, reliable file transfers, native support for TLS, our “continuous client” dream, and generally learn all of the ins and outs of running a service. It’s been great, and we obviously believe our service is fantastic!
Trillian was started because Kevin and I had a problem: we were tired of having to load mIRC and AIM at the same time just to stay in touch with all of our contacts. Millions of people still rely on “legacy” networks like AIM, Yahoo, and Google Talk to get their jobs done and stay in touch with (ok, perhaps slightly older!) members of their families. We therefore believe it remains important that we keep up our efforts at providing interoperability in Trillian even as we continue to invest in our own network. Still, it’s important to remember that Trillian is not immune to industry change, and the day may come when we’re no longer able to provide interoperability for reasons outside of our control: Microsoft’s decision to shut down SkypeKit, for example, will eventually be the end of Skype in Trillian. That’s why we encourage everyone to use Trillian’s messaging network: share your Trillian username with your other Trillian-using friends and add each other to get started!
We wish the entire imo team the best of luck, and are obviously a little jealous of their newfound freedom from nights buried in assembly and network dumps. We hope that when they make their first billion that they remember our shared struggle send over a box of Cristal.
Posted in Cerulean News |
October 31st, 2013
Trillian for Linux: Debian, Fedora, dependency improvements, fixes! (1.0 Build 2)
Build 2 of Trillian for Linux is now available. By popular request, we’ve been spending time improving some of the dependencies Trillian requires and have also made clean Debian and Fedora builds. While we still support Ubuntu extensions, they are now optional instead of required, which should make using Trillian on your favorite Linux distribution much easier! A handful of bugs have been tackled in this build as well, and we’ve tried to improve Trillian’s resilience in the face of many different theme and color configurations.
Posted in Trillian for Linux | Changelog |
October 17th, 2013
Trillian 5.4 for Windows!
Today we’re taking Trillian 5.4 for Windows out of beta and making it available to everyone. As we mentioned during beta, this release is primarily focused on improving existing functionality and fixing bugs. We thought the time was right to take a break from building new features to step back and address some common bugs and complaints. Some of the important bits in 5.4:
A change on the Facebook side meant that international users suddenly started seeing junk characters in their chat messages instead of properly encoded characters. This has been fixed in 5.4!
With Outlook.com now supporting the popular IMAP protocol, Trillian’s ability to monitor these email accounts has improved leaps and bounds. See your full mail preview, mark messages as spam, delete messages, etc. In addition, we’ve fixed bugs specific to Yahoo mail, improved our bandwidth consumption when dealing with large messages, and tweaked a few other mail-specific bugs as well.
As more and more of our customers adopt our Trillian Server in-house business solution, we’re also making sure all of our client software can properly connect to an in-house server. Trillian 5.4 accomplishes this for the Windows side, making it possible to connect to servers with self-signed TLS certificates and more.
A few long-standing bugs have been addressed in 5.4, including a few very rare corner cases with message window flashing, improvements to group chat windows, fixes to spellcheck, and a few other great tweaks that long-time users will appreciate – including the removal of the tooltip in the edit area that annoyed so many of you!
Last but not least, our Twitter engine gets a few nice enhancements in 5.4: see user displaynames and usernames in your stream, fixes for direct messaging, fixes for RTs being cut off, and more.
We hope you enjoy the new release!
UPDATE: Build 13 has been released to address some reported bugs with MSN mail, XMPP connectivity, and a crash.
UPDATE: Build 15 has been released to address a recent Twitter-related crash.