July 2nd, 2014
Trillian and Skype
In order to connect to Skype, Trillian relies upon an SDK developed by Skype known as “SkypeKit”. Unfortunately, after Microsoft acquired Skype they made the decision to terminate the SkypeKit program, leaving Trillian in a state of limbo in terms of future updates and ongoing support for Skype connectivity. We’ve recently received official confirmation that the SkypeKit program will be winding down at the end of this month, July 2014. Here’s what this means for Trillian users:
1. Importantly, our legal ability to continue to distribute SkypeKit with Trillian is *not* impacted by the termination of the program itself, which means we’re allowed to continue distributing the current version of Trillian with Skype connectivity. We may decide to remove Skype support from a future version of Trillian as more and more customers move to Windows 8.1, where Skype support doesn’t work (see item #3).
2. According to Microsoft, “Key investments in Skype’s application and service architecture may cause the Skype features to stop working without notice in SkypeKit products. As a result, we encourage you to end any further distribution of SkypeKit products.”. This means SkypeKit may brick itself at some point in the future without notice to us, ending Trillian’s ability to connect to Skype.
3. The ongoing compatibility issues with SkypeKit and Windows 8.1 will not be fixed. These issues were never something we could control or address (we don’t have the source code to SkypeKit and can’t make changes or fixes to it), and with the termination of SkypeKit we don’t anticipate any additional development resources being allocated to bugfixes. Some of our more creative users have found workarounds to this issue that involve replacing SkypeKit with an older version, but unfortunately we aren’t able to do this in an official capacity for reasons relating to our legal agreement with Skype.
The bottom line: Skype support in Trillian is likely coming to a close in the (possibly near) future. This is obviously a disappointment for us and for our users and we’ll continue to explore other ways to bring Skype connectivity back to Trillian when the time comes.
In happier news, we have a large batch of updates across almost all platforms nearly ready for everyone to test. We’ll update the blog with more information once the builds are ready for testing.
Posted in Cerulean News
April 9th, 2014
OpenSSL Heartbleed Vulnerability Update
This past Monday, April 7th, the OpenSSL Project released an update to address a serious security issue – CVE-2014-0160 – nicknamed “Heartbleed“. Any server or client application that depends on impacted versions of OpenSSL is vulnerable to a leak of encrypted secrets to a remote attacker.
Trillian Cloud Infrastructure.
As of Tuesday, April 8th at 23:00 UTC, all of Trillian’s infrastructure has been updated and is no longer vulnerable. This includes our general-purpose web servers, the servers used to facilitate our web and mobile clients, and the IMPP servers that power our actual IM network. Because this attack could have exposed our TLS certificate, we’ve also generated a new private key and obtained a new certificate as a precaution.
Trillian for Windows versions 5.3.x.x to 18.104.22.168 are vulnerable to heartbleed. Although exploiting a client is a few orders of magnitude more difficult than exploiting a server, exploitation is still technically possible and we urge everyone to upgrade their clients as well. A new version, 22.214.171.124, is now available via auto-update and direct download. Other versions of Trillian, including Trillian for Mac, are not impacted by this vulnerability.
In-House Trillian Servers.
All versions of in-house Trillian Servers are vulnerable to heartbleed. An updated version, 126.96.36.199, has been released and all in-house customers will be sent additional information directly via email shortly. If you’re not sure if your company has updated its server and need assistance or clarification, please get in touch.
Because the surface area of this vulnerability is so large and impacts thousands of different companies, we recommend that all Trillian users change their passwords as a precautionary measure. The recommended way to change your password is from within Trillian itself, in preferences. This is also a good opportunity to review your overall password strategy: make sure you don’t share passwords between sites and that your passwords are as strong as possible!
Posted in Cerulean News
March 5th, 2014
This week, a competitor of ours (imo.im) decided to drop support for third-party IM networks and focus on building out their own platform instead. This got us thinking: reverse engineering other IM protocols is a thankless task and Facebook just acquired WhatsApp for ~19 billion dollars, so what the heck are we still doing here?
Interoperability is difficult.
To be perfectly clear, everything the imo team said is true: supporting third-party messaging networks is awful. Not only can it be frustrating technically, but you’re often left with a half-broken implementation for reasons completely outside of your control. Why isn’t AIM connecting today? Dunno. Why do half of your Facebook messages not show up on all of your devices? Blame feature gaps in their XMPP gateway. At some point, the temptation to punt and focus your company’s energy on building its own reliable messaging network is almost unbearable.
We’ve been there.
In fact, we’ve been running our own messaging network since 2006 in the form of what some of you know as Astra and others just as Trillian. Running our own messaging network has given us the opportunity to build our own awesome IM protocol, work on things like audio and video calls, reliable file transfers, native support for TLS, our “continuous client” dream, and generally learn all of the ins and outs of running a service. It’s been great, and we obviously believe our service is fantastic!
Trillian was started because Kevin and I had a problem: we were tired of having to load mIRC and AIM at the same time just to stay in touch with all of our contacts. Millions of people still rely on “legacy” networks like AIM, Yahoo, and Google Talk to get their jobs done and stay in touch with (ok, perhaps slightly older!) members of their families. We therefore believe it remains important that we keep up our efforts at providing interoperability in Trillian even as we continue to invest in our own network. Still, it’s important to remember that Trillian is not immune to industry change, and the day may come when we’re no longer able to provide interoperability for reasons outside of our control: Microsoft’s decision to shut down SkypeKit, for example, will eventually be the end of Skype in Trillian. That’s why we encourage everyone to use Trillian’s messaging network: share your Trillian username with your other Trillian-using friends and add each other to get started!
We wish the entire imo team the best of luck, and are obviously a little jealous of their newfound freedom from nights buried in assembly and network dumps. We hope that when they make their first billion that they remember our shared struggle send over a box of Cristal.
Posted in Cerulean News
June 12th, 2013
Right now, you can pick up the phone and call anyone in the world regardless of the telephone company they use. Email works this way, too: Gmail users can easily send emails to Yahoo! users and so on. Instant messaging has always lacked this back end glue – what we call “interoperability” – and so we’re left signing up with multiple service providers just to ensure coverage across our social network. The result is a mess: Mom is on Facebook, Dad is on Yahoo!, and our co-workers are on Skype. We think this should change, so today we’re making our own small contribution to interoperability by publishing the technical specifications that will allow the outside world to send messages to Trillian users. 1
Why are we doing this? As much as we’re happy to continue reverse engineering IM protocols, Cerulean Studios should also be doing its part to promote open and federated communication. We just so happen to have a great IM protocol we’ve been building and operating for the better part of the past decade – Trillian users will recognize it as the protocol that powers the Trillian IM network – and think the time is right to open it. We’re also laying the foundation to open our network to federation (which means our servers will talk to other servers in the same way an AT&T customer can call a Verizon customer) and continuing our commitment to run a business whose primary focus is its communication products, not advertising. This last point is important – it means we make money when we improve instant messaging, not when we gather enough eyeballs to show them ads.
Some technical bits: while our IM protocol is in production today, it should be considered under active development and therefore subject to (sometimes sweeping!) change. The documentation is also in an early state and should be considered “informational” only. If there’s enough interest in us continuing our documentation efforts we will do so; if not, we still believe publishing our protocol and opening Trillian to future federation is the right thing to do. Feel free to get in touch if you have comments or questions or want to help out in some way, and thanks for your support!
1. Relying on monolithic service providers has other disadvantages as well.
Posted in Cerulean News
January 23rd, 2013
Trillian 5.3 for Windows, Trillian for Business!
A couple of cool announcements today. To start with, we’re taking Trillian 5.3 for Windows out of beta and making it available to everyone. We’re also announcing a special business version of Trillian that tackles most of the commonly-requested, business-oriented features that customers have been requesting over the years. Take a look at what’s new!
Group chat improvements.
Save chats to your contact list, automatically join selected chats, stay in chat rooms even when closing the window, edit topics directly from the chat window, and much more!
Trillian group chats.
In addition to beefing up group chats across the board, we’re also unveiling Trillian group chats in 5.3! Right now you’ll need to be on the Windows client to take advantage of group chats but we’ll be rolling support out for other devices soon. Trillian group chats are a great way to keep a team connected – they’re persistent and cloud-history backed, ensuring you can catch up on conversation that happened while you weren’t around.
Our new in-game plugin exposes an overlay that works inside of full screen games to keep you chatting while you play! In-game chat supports tabbed chatting, alerts, and a cool “unread badge” that sticks around even when the overlay isn’t visible so you always know how many unread messages await you. You can enable the plugin in your “Chat Windows” preferences.
Trillian for Business.
Claim your domain with Trillian for Business! Small teams looking for an easy way to communicate without managing internal IM servers and larger teams looking to control client deployment and policies can both benefit from Trillian for Business. Learn more on our FAQ page.
5.3 vastly improves the way Trillian handles SSL certificate validation. The list of root certificate authorities that Trillian trusts is now bundled in a user-configurable text file, and when talking to servers with self-signed or otherwise invalid certificates Trillian will now let you know so that you can decide how to proceed.
The small stuff.
Lots of minor visual cleanups went into 5.3 as well, including some new status icons to make it more obvious who is online and who is away. Both message windows and the contact list have received some shiny new visual upgrades and general cleanups, our Skype integration should now work correctly on Windows 8, and Trillian users can now be invited to Google Talk chat rooms. We also spent some time improving the IRC engine in minor ways for 5.3. Check out the full changelog here, and thanks for supporting Trillian!