XSF Discussion - 2014-03-20


  1. bear has left
  2. bear has joined
  3. xnyhps has left
  4. dezant has left
  5. stpeter has joined
  6. dezant has joined
  7. Alex has joined
  8. m&m has joined
  9. Alex has left
  10. m&m has left
  11. m&m has joined
  12. m&m has left
  13. m&m has joined
  14. Tobias has left
  15. Lance has left
  16. m&m has left
  17. Lance has joined
  18. Lance has left
  19. stpeter has left
  20. bear has left
  21. emcho has joined
  22. emcho has left
  23. emcho has joined
  24. emcho has left
  25. emcho has joined
  26. emcho has left
  27. emcho has joined
  28. emcho has left
  29. emcho has joined
  30. emcho has left
  31. emcho has joined
  32. Lance has joined
  33. Simon has joined
  34. Lance has joined
  35. Lance has joined
  36. Tobias has left
  37. Lance has joined
  38. emcho has left
  39. emcho has joined
  40. Santiago26 has joined
  41. Link Mauve has joined
  42. Simon has left
  43. Santiago26 has left
  44. Santiago26 has joined
  45. Ash has joined
  46. Lance has joined
  47. Ash has left
  48. Ash has joined
  49. Lance has joined
  50. Ash has left
  51. Ash has joined
  52. Santiago26 has left
  53. simon has joined
  54. dwd has joined
  55. Santiago26 has joined
  56. Zash has joined
  57. winfried has joined
  58. Tobias has joined
  59. Lloyd has joined
  60. Ash has left
  61. Ash has joined
  62. intosi Hey guys. I'm about to migrate this XMPP server to a new machine. Expect some downtime, and see you at the other side of the switch.
  63. Zash :D
  64. intosi Ah, it has.
  65. Lance has joined
  66. Ge0rG has joined
  67. Ge0rG awsnap. now that you rebooted the server, my admin rebooted the routers :(
  68. intosi Hurrah! http://logs.xmpp.org/xsf/
  69. intosi Thanks for your help, Zash!
  70. Zash yw :)
  71. intosi I think I reenabled logging in all MUCs as well.
  72. Lance has joined
  73. intosi Owners, would appreciate if you'd check as well.
  74. intopsi has joined
  75. intopsi has left
  76. intosi heh
  77. intosi has left
  78. intosi has joined
  79. Kev has joined
  80. Ash has joined
  81. Ge0rG anyone heard of dwd recently?
  82. Ash has left
  83. Ash has joined
  84. martin.hewitt@surevine.com has joined
  85. ralphm intosi: the room being semi-anonymous is that a change?
  86. dwd Ge0rG, I have.
  87. dwd Ge0rG, I'm doing exciting MUC merging today, BTW.
  88. Ge0rG dwd: that's very exciting indeed! My MUC contributor was eagerly awaiting news from you, and asked me every some days
  89. Ge0rG in the meantime, I did some little fixes I actually wanted to be part of 0.8.7 but didn't have the time before the summit
  90. Ge0rG there will be a new fix release soon
  91. intosi ralphm: not deliberately.
  92. ralphm intosi: ok, because Gajim said that changed. I am not sure why this room would need to be semi-anonymous
  93. Zash I think it was before
  94. intosi checks old config
  95. dwd FWIW, I do wonder if the XSF room ought not to be members only and non-anonymous, but that's not something we need discuss now.
  96. ralphm dwd: my current opinion: no
  97. ralphm dwd: i.e. for the members-only part.
  98. Lloyd has joined
  99. dwd Right. I'd prefer the room to be non-anonymous, you see, but I worry about that if it's not also members-only.
  100. intosi Switching off nginx on athena. It's mostly spiders now.
  101. ralphm you worry too much
  102. dwd intosi, Spiders? Eeeek.
  103. intosi Yes. Some small, some huge ;)
  104. intosi I'm generally kind to all spiders, but no mercy today.
  105. simon has joined
  106. ralphm Is Tango still doing XMPP these days?
  107. Lance has joined
  108. ralphm http://www.forbes.com/sites/parmyolson/2014/03/20/exclusive-alibaba-sinks-250-million-into-messaging-app-tango-valuing-it-at-more-than-1-billion/
  109. Ge0rG I wonder if somebody will approach me to buy yax(.)im as well
  110. ralphm Ge0rG: you think it is good enough? Honest question, I am not currently using it because it doesn't do MUC.
  111. Zash ~$ nc -zv tango.me xmpp-client Connection to tango.me 5222 port [tcp/xmpp-client] succeeded!
  112. Zash Seems to be a HTTP server there
  113. ralphm odd
  114. ralphm they have not SRV records any way
  115. Ge0rG ralphm: bug dwd about MUC :P
  116. ralphm Ge0rG: dodging the question?
  117. Ge0rG ralphm: seriously? I am using yaxim day-to-day for my mobile needs. Never needed MUC there, so I'm really fine with it. Good enough to be bought for millions? Surely not
  118. Kev When I'm mobile, I tend to need MUC more than 1:1.
  119. Kev FWIW.
  120. Kev I suspect it's a usage pattern thing.
  121. intosi Same.
  122. ralphm +1
  123. Ge0rG well, I've polished most of the issues that floated up with 0.8.7, will make 0.8.7b soon and then look into the MUC mess. I will do a call for beta testers here if you wish so
  124. ralphm Ge0rG: I'd love to see a well-integrated client (UI wise), with MUC, that is as approachable as WhatsApp or the new Hangouts. Obviously with good battery life and all that.
  125. ralphm Ge0rG: if yaxim can be that, more power to you
  126. Kev Swift for Android!
  127. ralphm Kev: only if it is following the Android UI guidelines
  128. Ge0rG ralphm: seems like I need to actually install WhatsApp and betray my friends, just to see how it does MUC
  129. Kev ralphm: Right. If we did Swift for Android, it's not clear if Qt for Android would suffice as 'good enough'.
  130. Kev If it was, getting it running shouldn't be /too/ hard. If it wasn't, that means essentially a port, and that's not trivial.
  131. ralphm probably not, this is a generic problem
  132. Kev If only there was a straightforward way to implement the C++ interfaces in Java. As 'all' it needs is a new UI to port to other platforms.
  133. ralphm The new Hangouts UI for Android is growing on me
  134. ralphm it is pretty decent, especially now presence is more prominent (even if only boolean)
  135. Lance has joined
  136. Lance has left
  137. MattJ has joined
  138. MattJ I only use Yaxim
  139. MattJ I can't deny that there have been times I've wanted MUC (e.g. council meetings), but not often enough for me to switch to any of the alternatives (which have issues)
  140. MattJ intosi, thanks for migrating Prosody over :)
  141. MattJ It's been on my todo for a while to upgrade it
  142. intosi You're welcome :)
  143. intosi I didn't see any point in staying at 0.8
  144. Ge0rG MattJ: MUC participants still are not kicked on restart :(
  145. Tobias has joined
  146. Ge0rG hm. if I unblock the Hangouts app on my Android, I will be still a lonesome guy hanging out
  147. intosi MattJ: feel free to check the config. There is a warning in the logs about a module I didn't yet bother looking at about mod_console or something like that. Trivial to fix, but someone has to do it ;)
  148. MattJ mod_console was renamed to mod_admin_telnet, that's all
  149. intosi But yay: https://xmpp.net/result.php?id=23660
  150. Ge0rG I know I will have regrets, but now I am here, installing hangouts.
  151. intosi Compare to https://xmpp.net/result.php?id=20537
  152. Lloyd has left
  153. Ash has left
  154. Ge0rG any volunteers for a hangout?
  155. Zash Why is it not doing any DH?
  156. Zash intosi: What OS and OpenSSL versions is xmpp.net running on now?
  157. intosi Zash: Debian 7, openssl is stock deb7.
  158. intosi 1.0.1e-2+deb7u4
  159. Ash has joined
  160. Zash But https://xmpp.net/result.php?id=23660#ciphers
  161. intosi Yup.
  162. Zash Did that require a newer LuaSec?
  163. Zash (that = ECDH)
  164. intosi No idea, actually ;)
  165. intosi I'm just glad all things run and seem to work ;)
  166. xnyhps IIRC you need LuaSec 0.5
  167. intosi These details can be fixed later.
  168. intosi Ah. 0.4.1-1
  169. emcho has joined
  170. intosi Installed lua-sec-prosody
  171. intosi Can this be reloaded without restarting Prosody?
  172. Zash No
  173. intosi Bummer, dude.
  174. xnyhps Generating dhparam can.
  175. emcho has left
  176. Zash .
  177. emcho has joined
  178. Lance has joined
  179. intosi I would like to leave those details to someone of the Prosody team ;)
  180. Lloyd has joined
  181. intosi Awesome! https://xmpp.net/result.php?domain=5222.nl&type=client
  182. intosi I guess the observatory doesn't stop testing after it tries to determine encryption support, but doesn't rate ;)
  183. intosi (I reloaded the config very soon after initiating the test because I made a typo in the config)
  184. xnyhps Heh
  185. xnyhps It should stop testing when it can't determine support for any SSL or TLS version
  186. xnyhps But it will test all of them, even if the first results in "no starttls offered".
  187. Zash DANE \o/
  188. intosi Zash: yup ;)
  189. intosi I managed to convince Joker to add DNSSEC support for the .nl TLD a week or two ago.
  190. Zash Awesomeness
  191. Zash Didn't .nl have it since forever?
  192. Zash Or is Joker the registrar?
  193. intosi .nl had it forever.
  194. intosi Joker is the registrar I usually use.
  195. intosi .nl was one of the first TLDs that signed the zone, and certainly one of the domains with the highest percentage signed zones.
  196. Zash http://q.zash.se/4ea15828.txt
  197. intosi Hmm.
  198. intosi Any idea what's causing those cert validation errors?
  199. xnyhps My nearby pizza place with a webpage that looks designed in 1999 has DNSSEC. Cracks me up every time.
  200. Zash intosi: That's because I have an empty CA store.
  201. Zash In order to test DANE-only validation
  202. intosi Ah, so that is expected :)
  203. intosi In that case, w00t!
  204. m&m has joined
  205. Zash So, DANE-only test host at dane.zash.se
  206. Ge0rG btw, what can I do if my domain reseller does not support / know about DNSSEC?
  207. intosi Inform them that you want it.
  208. intosi If they are nice, they will look at it.
  209. m&m you could try to run your own nameserver, if they allow for that
  210. m&m but really, either ask them nicely and frequently, or find another
  211. m&m Zash: is that zone signed? Or is that a server that will validate someone else's DNSSEC/DANE information?
  212. m&m is trying to figure out if a middlebox is interfering, or there aren't any signed records
  213. Ge0rG right. I just can host my own DNS.
  214. Zash m&m: Both
  215. intosi But you need support from your registrar to have the DS records published in the TLD zone.
  216. intosi You cannot rely on people using dnssec lookaside.
  217. Zash xnyhps: https://xmpp.net/result.php?domain=dane.zash.se&type=server why so slow?
  218. Zash Altho, it requires DANE
  219. Zash and the test server might not have that
  220. Ge0rG stpeter wanted to get the .im registrar to support DNSSEC... I wonder if anything happened there yet :>
  221. Zash Ge0rG: There was movement IIRC
  222. simon I heard dwd has friends in high places in .im and is working on it.
  223. m&m Zash: ok, it's possible your DNS updates haven't propagated far enough for me yet
  224. m&m they've got to cross an ocean, some plains, and a start up a mountain to get to me (-:
  225. Zash m&m: What DNS updates exactly?
  226. Zash I updated DANE for that test host yesterday
  227. Ge0rG simon: dwd first needs to fix yaxim MUC :D
  228. m&m and it can take up to 48 hours for those updates to widely propagate
  229. m&m I'm seeing them *now*
  230. m&m but I wasn't a few minutes ago
  231. Zash DNS doesn't propagate, it expires.
  232. Ash has left
  233. m&m it's was an imperfect word choice (-:
  234. Ash has joined
  235. simon I can recommend http://dnsviz.net/ for inspecting ipsec records.
  236. Zash Altho I have a 24 hour TTL :)
  237. m&m but I suspect that one or more of my upstream resolvers had already cached your zone
  238. Ash has left
  239. Ash has joined
  240. m&m and not all resolvers unconditionally honor the TTL
  241. Zash Why would they have cached records about a test server?
  242. m&m I know of several that will not clear their caches for 48 hours, no exceptions
  243. m&m they cached records about your zone
  244. m&m do you really want to go down this rabbit hole? (-:
  245. m&m I fully regret ever starting to
  246. Zash .
  247. m&m let's just say that "zone transfer" doesn't always mean what you think
  248. m&m Zash: you have a not-small amount of additional info (-:
  249. xnyhps Zash: verse error Error: /opt/xmppoke/bin/xmppoke:3034: not-authorized: Your server's certificate is invalid, expired, or not trusted by dane.zash.se
  250. xnyhps Though I don't know why it gets that far, it should've closed the connection before that anyway.
  251. m&m simon: I think you're seeing a ISOC grant proposal in progress right now! (-:
  252. xnyhps Grmbl. unbound crashed, but OS X is keeping port 53 claimed.
  253. simon grabs a pen and paper. More details please m&m. "Proposal to fix permissions in xmppoke"?
  254. simon xnyhps: are we seeing this https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513 ?
  255. m&m simon: "get prosody to do just about all of dane"?
  256. m&m I'm just observing what I'm seeing Zash et al hash out
  257. xnyhps No, I don't think xmpp.net uses forwarders.
  258. xnyhps I was complaining about my own machine (which was preventing me from accessing xmpp.net to fetch that log file for Zash)
  259. simon m&m: yes. I'd like a bit of cross-platform-ness. So that we can at least build two competing[ly incorrect] DNSSEC systems.
  260. Lance has joined
  261. Zash has left
  262. Lance has joined
  263. Santiago26 has left
  264. stpeter has joined
  265. dezant has joined
  266. Tobias emcho, what are jitsi's current noise cancellation capabilities? do you use an open lib for this? or is this included in the codecs?
  267. Santiago26 has joined
  268. stpeter is it safe to edit WordPress pages?
  269. stpeter I'd like to update http://xmpp.org/participate/become-a-member/upnp-liaison-team/ when possible
  270. Kev stpeter: Should be, yes.
  271. Santiago26 has left
  272. stpeter ok thanks
  273. stpeter I might have a sponsor for a new machine, BTW
  274. Zash has joined
  275. Ash has left
  276. Ash has joined
  277. Lance has joined
  278. Ash has left
  279. simon has left
  280. simon has joined
  281. Lance has left
  282. Ash has joined
  283. Santiago26 has joined
  284. stpeter makes some edits to http://xmpp.org/about-xmpp/xsf/xsf-people/ while he's at it
  285. m&m hrm
  286. stpeter yes?
  287. m&m nevermind … I was getting gateway errors for the xeps, but a hard refresh seems to have fixed that
  288. Santiago26 has left
  289. ralphm stpeter: interesting stuff. I read that our Secretary is supposed to write minutes for Board meetings.
  290. Zash Say, who is this Secretary?
  291. xnyhps has left
  292. ralphm Alex
  293. dwd ralphm, I'd hate to scare Alex away; he does enough as it is.
  294. ralphm Oh, I forgot a smiley
  295. stpeter ralphm: theoretically, I suppose, but I've never seen that happen (I don't remember if I did that back when I was secretary)
  296. ralphm I'm happy for simon to produce minutes
  297. dwd stpeter, You probably di, but you were also probably Board Chair and Council Chair.
  298. dwd (And Editor, and Treasurer, and probably Secretary too)
  299. dwd Oh. Ha. Realised what I wrote there.
  300. m&m the circle is complete
  301. ralphm If there is no immediate need, why not use standards@ for liason discussions, if any?
  302. xnyhps has left
  303. xnyhps has left
  304. xnyhps has joined
  305. stpeter ralphm: because we're basically under NDA
  306. stpeter dwd: I have never been Board chair :-)
  307. stpeter or on the Board
  308. stpeter at least we kept that separation
  309. stpeter bbiab
  310. xnyhps has left
  311. Lloyd has left
  312. Lloyd has joined
  313. Tobias has joined
  314. Lloyd has left
  315. emcho has left
  316. emcho has joined
  317. Santiago26 has joined
  318. emcho has left
  319. Ash has left
  320. Santiago26 has left
  321. Ash has left
  322. Simon has joined
  323. martin.hewitt@surevine.com has left
  324. Neustradamus has joined
  325. dwd has joined
  326. Lance has joined
  327. fippo has joined
  328. fippo has left
  329. fippo has joined
  330. xnyhps has left
  331. Jef has joined
  332. xnyhps has joined
  333. Santiago26 has joined
  334. Santiago26 has left
  335. Alex has joined
  336. Santiago26 has joined
  337. Santiago26 has left
  338. Santiago26 has joined
  339. Simon has left
  340. Simon has joined
  341. dezant has left
  342. martin.hewitt@surevine.com has joined
  343. Lance has joined
  344. dezant has joined
  345. Zash Simon: https://www.zash.se/prosody-dane.html describes my setup
  346. Simon Zash: very nice.
  347. Simon very very nice!
  348. Simon is this the first working DANE setup in XMPP?
  349. Zash Probably
  350. Simon I feel a blog post coming up.
  351. martin.hewitt@surevine.com has left
  352. Zash That's the validation part at least
  353. Zash https://github.com/shuque/tlsa_rdata seems easy to use
  354. Zash No idea why swede doesn't let you generate TLSA records from certificate files
  355. stpeter ah, good old shuque, I haven't talked with him in ages
  356. Zash Now we just need DNSSEC deployed everywhere...
  357. Simon zash - which selectors do you recommend to use?
  358. Simon +1 on universal deployment
  359. Zash 3 0 1
  360. Zash Other usages are either unsupported or messy or both
  361. Zash Pubkey selector requires a patch to LuaSec for extracting pubkeys
  362. Zash And you don't want the entire cert in the record, so sha256
  363. xnyhps https://github.com/xnyhps/luasec/commit/2dce1adc59a1bf820e71594c1ca3756a70fb9faa
  364. Zash Actually https://github.com/brunoos/luasec/pull/12
  365. Simon no more needing to run unboud?
  366. Zash You don't strictly need to run unbound, but there has to be a validating resolver somewhere
  367. Zash lua-/libunbound can do that itself if you don't set
  368. Simon so running my own bind 9.0 server with some sensible upstream resolvers would work?
  369. Zash *don't set resolvconf
  370. Zash I'm not familiar with bind much, but if that does DNSSEC then pointing prosody at that shoul dwork
  371. m&m wants draft-ietf-precis-nickname implemented everywhere
  372. Zash Implement all the things in all the things!
  373. xnyhps Zash: EVP_PKEY_EC confuses me.
  374. Zash xnyhps: You're not alone. openssl/evp.h:#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
  375. Zash I hope that made you more confused
  376. xnyhps Or is an ECDSA key equivalent to an ECDH key?
  377. m&m they should be
  378. Zash This is the kind of thing I would ask you, xnyhps. :)
  379. xnyhps I understand DH and RSA, but DSA not at all.
  380. Zash Do you know of any ECDSA keys in the wild?
  381. xnyhps Ah, the DSA construction uses the same stuff as DH, so it makes sense.
  382. m&m right
  383. Zash IC
  384. m&m it's the same source input, just different operations
  385. m&m well, keying input
  386. xnyhps Zash: Google uses them, don't they?
  387. xnyhps "The connection is encrypted and authenticated using CHACHA20_POLY1305 and uses ECDHE_ECDSA as the key exchange mechanism."
  388. xnyhps (That was for encrypted.google.com in Chrome.)
  389. xnyhps wonders whether there are certificates with ECDH public keys out there.
  390. Zash http://q.zash.se/b80cfbb1.txt
  391. m&m EC public keys
  392. xnyhps Oh, the public key on the certificate doesn't even distinguish between whether it's for ECDSA or ECDH?
  393. m&m not the key
  394. m&m the key usage might
  395. m&m (assuming one looks at KeyUsage)
  396. Lance has joined
  397. xnyhps Ah, yeah. That google one from Zash's link has "Digital Signature", which would mean ECDSA.
  398. Santiago26 has left
  399. m&m that's the intended use, at least
  400. m&m according to the certificate
  401. m&m which makes sense for the PFS algorithms
  402. Zash has left
  403. emcho has joined
  404. xnyhps I was wondering due to the difference in Au=ECDSA and Au=ECDH in openssl ciphers
  405. MattJ Consistency? OpenSSL?
  406. m&m poppycock!
  407. martin.hewitt@surevine.com has joined
  408. Lance has joined
  409. Lance has joined
  410. martin.hewitt@surevine.com has left
  411. Santiago26 has joined
  412. Santiago26 has left
  413. martin.hewitt@surevine.com has joined
  414. martin.hewitt@surevine.com has left
  415. martin.hewitt@surevine.com has joined
  416. Lance has joined
  417. Simon has left
  418. emcho has left
  419. Alex did smth change on the webservers regarding email sending? The wiki shows errors when sending out passwords resets
  420. Alex Error sending mail: Unknown error in PHP's mail() function.
  421. Lance has joined
  422. Kev The server was migrated this morning.
  423. Kev Email is one of the things that's not done yet.
  424. Alex ah, OK
  425. stpeter has left
  426. martin.hewitt@surevine.com has left
  427. Santiago26 has joined
  428. Simon has joined
  429. Santiago26 has left
  430. martin.hewitt@surevine.com has joined
  431. martin.hewitt@surevine.com has left
  432. martin.hewitt@surevine.com has joined
  433. martin.hewitt@surevine.com has left
  434. Santiago26 has joined
  435. Santiago26 has left
  436. Alex has left
  437. Lance has left
  438. Tobias has joined
  439. dezant has left
  440. dezant has joined
  441. martin.hewitt@surevine.com has joined
  442. intosi Mail has been fixed on the new host.
  443. Simon has left
  444. ralphm has left
  445. martin.hewitt@surevine.com has left
  446. m&m has left
  447. Santiago26 has joined
  448. Santiago26 has left