interop - 2010-12-06

  1. Kev


  2. Dave Cridland


  3. Tobias set the topic to

    Interop Stuff

  4. Dave Cridland

    Anyone know if there's a mailing list for this as well?

  5. Tobias this one maybe? but i don't know who is subscribed there

  6. Kev

    Well, interestingly, I don't have the password for that list.

  7. Kev

    This suggests it's not been used recently.

  8. Tobias

    but there're messages in the archive

  9. Tobias

    though one year idle

  10. Dave Cridland

    Kev, I assume you're wearing an iteam/XSF hat for this?

  11. Kev


  12. Kev

    I have other hats available if it gets cold.

  13. Kev

    Ok, I've mangled control of the interop mailing list as well, now.

  14. Kev

    I suggest that people who aren't on that list yet make it so.

  15. Dave Cridland

  16. Kev


  17. Kev

  18. Dave Cridland

    So what do we need in terms of client accounts, DNS, and certificates, then?

  19. Dave Cridland

    Aside from someone to run the CA?

  20. Kev

    You tell me, I'm just here to do what I'm told.

  21. Kev

    (Or, rather to ask the iteam to)

  22. Dave Cridland

    OK, updated the wiki page with this and the mailing list.

  23. Tobias

    something in the topic would be nice too, maybe a pointer to the wiki page

  24. fippo

    ok... how do we get certs? Shall we send CSRs or is it easier if you generate privkeys and certs for a given hostname?

  25. Kev

    fippo: Matt's volunteered to run the CA for the week, so I think we need him to appear first :)

  26. remko

    will the certificates used in the interop be made available somewhere for later use (or regression testing?)

  27. remko


  28. Dave Cridland

    fippo, Given what Isode is giving Matt, I don't think it makes any difference whether he generates the CSR/PKEY pair you you do.

  29. remko

    scary green man: will there be 'meeting minutes' of this week? I.e. what was tested etc.

  30. Florian

    morning gents.

  31. Morning!

  32. Florian

    soo ... I'm ready to add the vhosts ...

  33. dbanes

    surprise - I'm in the UK for a while now so time zones a bit easier than when I was in Sydney

  34. Dave Cridland

    remko, Should do that, shouldn't we?

  35. remko

    should yes

  36. Florian

    dbanes: so you're also freezing to death?

  37. dbanes

    yes, that's the down side

  38. dbanes

    arriving at Heathrow in shorts was not a good idea :)

  39. Florian


  40. Kev

    On the upside, it's a once in a lifetime experience.

  41. Flo

    Hopefully, anyway.

  42. Kev

    Freezing to death? The odds are good, I'd say.

  43. Florian

    indeed. I froze on my way up the hill to campus

  44. Flo

    arriving at Heathrow in shorts :)

  45. Florian

    well ... on the other hand... the Finns jump into snow after the sauna too

  46. Dave Cridland

    Client folk - any of you have SCRAM-SHA1-PLUS coded?

  47. Florian

    lol ... I think that's a no :)

  48. Dave Cridland

    Well... Server folk, then? (I've two clients and a server).

  49. Dave Cridland

    Aw... Ah, well.

  50. Florian


  51. waqas

    Dave Cridland: Which is the other client?

  52. Dave Cridland

    waqas, Well, We-Isode has a CMU SASL fork which now has channel binding. I also have Polymer, which has had it since, erm, last year or something silly.

  53. Dave Cridland

    waqas, And yes, Polymer *is* a mail client, and quite why it happens to have a small XMPP library in it really is anyone's guess.

  54. waqas

    Dave Cridland: Perhaps we need a new version of Zawinski's Law.

  55. Dave Cridland

    waqas, This is Zawinski is reverse, though.

  56. Dave Cridland

    in reverse.

  57. Florian

    what's Zawinski's law?

  58. Florian

    (sorry ... can't access the web for some reason atm :/)

  59. Florian

    actually .. DNS is down

  60. Dave Cridland

    As I recall, every software project grows until it can read mail.

  61. waqas

    Florian: All software evolves until it can real mail

  62. Kev

    Every application will continue to expand until it has a mail reader, or such, I think.

  63. waqas


  64. Florian

    right :)

  65. Florian

    thanks for that :)

  66. waqas

    Hmm, Prosody has a mail sending extension, though not a reading one :)

  67. Kev

    That's ok, just run it backwards.

  68. Kev

    Reverse the polarity!

  69. Dave Cridland

    Kev, Do you have access to the domain name's DNS , BTW?

  70. waqas

    How many server projects have shown interest in the interop event? The last I remember was three.

  71. Dave Cridland

    Kev, If so, we could start setting up that.

  72. Dave Cridland

    waqas, Wiki page has 5.

  73. Kev

    I have access to everything. I may not have the inclination to touch it, but I have access. I can also poke appropriate people.

  74. waqas finds the wiki page

  75. Dave Cridland

  76. waqas


  77. Dave Cridland set the topic to

    XSF Interop 2010 -

  78. Dave Cridland

    Ah. I was going to change the subject, but that seems not to work.

  79. Florian


  80. Kev

    I thought I was an admin on this service, but I'm not sure with which account :)

  81. Dave Cridland

    Florian, Well, I think it might count as an interop failure, but I don't know if Gajim normally disables that control if it detects it can't change the subject.

  82. Florian


  83. Kev

    Ah, with this account, even. It just doesn't make me a superuser in MUCs :(

  84. Florian

    don't tell me :)

  85. Florian

    I use Psi

  86. waqas

    Kev: Server admins don't automatically become room moderators in the version of Prosody running here sadly

  87. waqas

    Florian: Did Tigase support SASL EXTERNAL for s2s?

  88. Florian

    not sure ... inquiring ...

  89. Florian

    don't think so though

  90. Florian

    at least it didn't a while back

  91. Dave Cridland

    So, we need domains first of all. What's the domain we're using again?

  92. Kev

    xmpptest.something, I believe.

  93. Kev

    I'll look into this now.

  94. bear

    I was just sending email about that?

  95. Dave Cridland

    bear, Ah, morning!

  96. bear

    I am up late (or very early - either works)

  97. bear

    I can give kev my service password if that speeds things up

  98. Kev

    bear: You've already transferred the DNS server entries over to the XSF haven't you?

  99. bear

    you mean nameserver entry?

  100. Kev

    I've not been following this, but I'm aware the XSF nameservers are willing to answer for it now.

  101. Kev

    I do.

  102. bear

    let me double check

  103. bear

    poo - style showing wrong - what is ns1 and ns2 for xmpp?

  104. bear

    i'll change it now

  105. Kev

    bear: I need intosi to reappear before I can answer that.

  106. Florian

    i only run ns3

  107. bear

    let me dig it up (/me brushes off his ops toolset)

  108. Florian

    we need to change it on ns1

  109. Florian

  110. Kev

    Oh, I can tell you what the NS are (ns1/ns2/ns3) and, I'm just wondering what it makes most sense for you to add :)

  111. Kev

    Florian: Are you sure? I didn't believe that was true.

  112. Florian


  113. Florian

    ns1 is athena. ns2 is ds0039 ns3 is sdns1

  114. Kev


  115. Kev

    I believe, however, that we have a hidden master.

  116. Florian

    ooh, right

  117. Florian

    where was that though?

  118. Kev

    That's what I'm trying to work out at the moment.

  119. Kev

    Unless Edwin reappears before I find it :)

  120. Kev

    Ok, gottit.

  121. bear

    so and ns? ??

  122. Florian

    ns2 and ns3 are slaves

  123. bear

    or be patient and let kev work?

  124. Kev

    As is ns1

  125. Florian

    right ... but ns3 is a slave off ns2

  126. Kev

    bear: I believe just duplicating the entry for is fine.

  127. Kev

    i.e. and

  128. bear


  129. Florian

    brb ...

  130. Florian

    no MUC on the N900 :(

  131. bear


  132. Kev

    Thanks bear.

  133. bear

    np - i'll be online after I handover last weeks work to my team

  134. bear

    technically I have today and tomorrow off

  135. bear goes to take a nap

  136. Kev

    Thanks bear, nn.

  137. bear

    please do call my cell if anything is urgent +1 215 680 1747

  138. bear relurks

  139. Kev

    Ok, so, anyone have a machine ready that they'd like to tell me about?

  140. Dave Cridland

    Kev, You can setup M-Link trunk on p.d.c.n if you want.

  141. Kev

    Ok, I'm setting up r146 at teh moment.

  142. Dave Cridland

    Kev, Most details for twhat's needed are on the Wiki page, but not what domains we'll be using.

  143. Dave Cridland

    Kev, So if you can pick those, I can update the wiki page with them as we can get our servers setup and ready.

  144. Kev

    Well, keep in mind that I'm configuring bind on a domain for the first time ever, so this may go badly wrong :)

  145. Dave Cridland

    Unless anyone has objections, I'm going to run through the clients and assign them each a username and password pair, that the server guys can then put in for each of their supported domains (when we get those).

  146. Kev


  147. Dave Cridland


  148. Dave Cridland

    Simon Josefsson, Hey. We have SCRAM-SHA1-PLUS, if you want to interop test yours while we're here.

  149. Tobias

    Simon Josefsson: you know of a XMPP client using gsasl and that support scram-sha1-plus?

  150. Dave Cridland

    Tobias, (FWIW, I can do both server and both clients on IMAP at least, as well)

  151. Florian

    ok ... I seem to be missing the participant list

  152. Dave Cridland

    Florian, In the MUC?

  153. Florian


  154. Florian

    after the reconnect

  155. Florian

    switch to useless paranoia mode

  156. Tobias

    Dave Cridland: but i'm not active in IMAP server projects ;)

  157. Dave Cridland

    Tobias, Yeah, but it means I can do interop tests with Simon's implementation.

  158. Kev

    Florian: Which machine is ns3, did you think?

  159. Florian

    ns3 is

  160. Florian

    it's slaved off of ns2

  161. Kev

    ns1,ns2 and ns1.mons all seem to be fine, but ns3 doesn't seem to be set up for

  162. Florian


  163. Florian

    let me check

  164. Tobias

    Dave Cridland: good ;)

  165. Florian 2010-11-12 16:31:24 ACTIVE

  166. Florian

    it might take a bit to propagate

  167. Florian

    it's not on ns2 either?

  168. Florian

    Homer:~ florian$ dig A ; <<>> DiG 9.6.0-APPLE-P2 <<>> A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40305 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ; IN A ;; AUTHORITY SECTION: 3600 IN SOA 2010120602 14400 3600 604800 43200 ;; Query time: 16 msec ;; SERVER: ;; WHEN: Mon Dec 6 12:30:20 2010 ;; MSG SIZE rcvd: 85

  169. Florian

    nor on ns1?

  170. Kev

    We don't want an A record, do we?

  171. Kev

    dig -t srv

  172. Florian

    yeah, in that case ... ns3 needs some more time

  173. Florian


  174. Florian


  175. Florian

    it's not in the authority section

  176. Florian

    ;; AUTHORITY SECTION: 3600 IN NS 3600 IN NS 3600 IN NS

  177. Kev

    Ah, fine then :)

  178. Kev

    Florian: You're running the Tigase server aren't you?

  179. Kev

    If so, what machine is it running on, and what ports, please?

  180. Kev

    Then I'll set up and to point to you.

  181. Florian


  182. Dave Cridland

    Kev, Have you done Prosody and ejabberd?

  183. Kev

    waqas: Similar question for you and Prosody - is it you want?

  184. Florian

    here's a guide :D

  185. Florian

  186. Florian

  187. Florian

    is the host

  188. Kev

    Dave Cridland: No, I'm working on them now.

  189. Kev

    Patience, patience.

  190. fippo

    weren't we supposed to do dns on our own? (at least i've already done that :-)

  191. waqas

    Kev: dev, not idev

  192. Florian

    Operation successful. There is no DNS settings for given host:

  193. Florian

    that's quite cool ... the vhost manager now even tests DNS :)

  194. Kev

    waqas: Is this prosody trunk or prosody release?

  195. Dave Cridland


  196. Florian

    I guess no DNS yet :)

  197. waqas

    Kev: unreleased 0.8, which is an older trunk

  198. Kev

    Ok, I think that's prosody (prosody8/rooms.prosody8), ejabberd (ejabberd21/rooms.ejabberd21) and tigase (tigasetrunk/rooms.tigasetrunk) set up.

  199. Kev

    That just leaves psyced, I think.

  200. Kev

    fippo: What host do you want to point to?

  201. Kev

    Florian / badlop / waqas: There you go, you have domains pointing to you. Please check they look right with e.g. dig -t srv so we can avoid getting incorrect entries cached all over the place :)

  202. Florian

    looks fine to me

  203. waqas

    Looks fine

  204. Kev looks fine, doesn't.

  205. Florian

    I need to get access to the domain first

  206. fippo

    kev: I need psyced-db (port 5266), psyced-sasl (port 5267) and psyced-dwd (port 5268) each pointing to

  207. Kev

    Is that for both the domain and the rooms subdomain?

  208. Florian


  209. Florian


  210. fippo

    no rooms subdomain - we are old irc people, we love prefixes :-)

  211. Florian

    need to see if I can change that ...

  212. Florian


  213. Kanchil

    Florian: is running Tigase version 5.1.0-b2452 on Linux-amd64-, Java HotSpot(TM) 64-Bit Server VM-16.3-b01-Sun Microsystems Inc.

  214. Dave Cridland looks at mlinktrunk.

  215. Dave Cridland

    I didn't actually mean to include that patch. Harrumph.

  216. Kev

    Florian: Tigase doesn't work unless it's got a 'muc' subdomain?

  217. Florian

    it works ... but this isn't that kind of tigase

  218. Florian

    it's the new one

  219. Florian

    with the massive vhost tools

  220. Florian

    as we run 40 or so hosts off of it

  221. Florian

    so the tool automatically sets it up with muc.domain

  222. Kev

    You now have muc instead.

  223. Kev

    fippo: you may have what you asked for, please check.

  224. Florian

    ah cool :)

  225. Florian

    was just browsing the config

  226. Kev

    fippo: No you don't, let me fix.

  227. Kev

    fippo: Now you should.

  228. Kev

    Florian: If it's an easy fix, I'd rather have rooms. for everyone with a conference component, just because it shows they're not hardcoded to the usual muc. or conference.

  229. Florian


  230. Kev

    (Yes, I know of clients that hard-code to only support conference.domain, for example)

  231. Florian

    I'll inquire :)

  232. fippo

    kev: works - thanks

  233. Kev


  234. Kev

    Florian: I've set up both muc. and rooms. now, so if you get it working, it should just work.

  235. Florian

    cools :)

  236. Kev

    Ok, so I think everyone who was offering a server has the server in DNS now.

  237. Kev

    Next jobs will be getting certs for them all, when Matt appears :)

  238. Florian


  239. Kanchil

    Dave Cridland: can't be reached via XMPP

  240. Dave Cridland

    Kanchil, Speedy response, there. :-)

  241. Florian

    soo ... currently has 238 users

  242. Dave Cridland


  243. Florian

    let's break 10k :)

  244. Kanchil

    Dave Cridland: is running Isode M-Link version 15.0a0 on ZX Spectrum 48K

  245. Dave Cridland


  246. Dave Cridland


  247. Kanchil

    Dave Cridland: is running Isode M-Link version 14.6v4 on an unknown platform

  248. Kev

    Maybe I should upgrade this to the newest release :)

  249. Dave Cridland

    Kev, No significant changes, are there?

  250. Kev

    I don't remember.

  251. Florian

    what kind of platform is a ZX Spectrum 48K?

  252. Dave Cridland

    All client accounts are (or should be) setup ready on mlinktrunk, if people want to give those a try.

  253. Dave Cridland

    Florian, It's actually a 16K, but I didn't want to brag.

  254. Florian


  255. Florian

    the only bragging tool I have:

  256. Florian

    yellow being

  257. Dave Cridland

    Righty. I can see everything on mlinkrelease from mlinktrunk. So yay, Isode M-Link trunk interops with Isode M-Link release.

  258. Dave Cridland

    Florian, Tigase is up too, right?

  259. Florian


  260. Florian

    it's up

  261. vt100


  262. vt100


  263. Kanchil

    vt100: is running ejabberd version 2.1.5 on unix/linux 2.6.32

  264. Kev

    I've taken down mlinkrelease for a bit.

  265. fippo

    kev: can I have another dns record please? psyced6 pointing to port 5269 (thanks vt100 :-)

  266. Kev

    Should be done.

  267. fippo


  268. Dave Cridland

    12/ 6 13:43:14 xmppd 11021 (root ) D-MBOX-Auth closed originating s2s connection to domain [] (host-unknown)

  269. Dave Cridland

    badlop, is this one set up yet?

  270. Kev

    mlinkrelease is back up

  271. Dave Cridland

    After a chat with Kev, I've dropped the usernames and passwords off the Interop wiki page, we'll just have to ask as required.

  272. Dave Cridland

    In any case, server folk may need accounts on other people's servers anyway for testing.

  273. fippo

    just ping the other server

  274. fippo

    even though that does not work when you want the other server to initiate the connection

  275. Dave Cridland

    Yes, I suppose I ought to consider bidi, if you've got that up.

  276. MattJ


  277. Dave Cridland

    MattJ, Indeed. Although nice and sunny, now. No sign of the ice melting, though.

  278. fippo

    depends on how fast mattj is :-)

  279. MattJ

    When I've defrosted, I'm fast - at what? :)

  280. Kev

    MattJ: CA duty :)

  281. Kev

    If server devs want accounts on mlinkrelease as well, just poke me. I've created accounts for the clients, just waiting to be asked for details :)

  282. MattJ

    Where do I start with CA duty?

  283. Dave Cridland

    MattJ, Probably getting the CA software. One sec, I'll sort that out.

  284. MattJ


  285. MattJ

    do we have SRV records yet?

  286. Dave Cridland

    We do. And you do.

  287. MattJ

    Oh good

  288. Dave Cridland for you.

  289. Kev

    We explicitly only have SRV records, not A.

  290. Dave Cridland

    Not sure your end's set up yet. (Although I've not checked in a long while)

  291. Kev

    Perhaps I should set incorrect A records for each domain as well :)

  292. MattJ


  293. fippo

    Kev: on friday :-)

  294. Dave Cridland

    Yeah... Outright attempts to break things are fun, but let's get things working in sane environments first.

  295. Dave Cridland

    We will, however, need a small website somewhere, for the CRL DP.

  296. Kev

    Is it easiest if Matt runs that site, if he's controlling the CRL?

  297. Dave Cridland


  298. Kev

    MattJ: Are you capable of easily hosting a vhost to do this?

  299. Dave Cridland

    Although IIRC, Matt has access to XSF webservers, so I doubt it makes much difference.

  300. MattJ

    Sure, I don't mind

  301. Dave Cridland

    It's just a file to copy about, anyway.

  302. Kev

    Other than me remembering to do cleanup after.

  303. Kev

    Yes, but doing it to the XSF machines requires him uploading, sudoing etc.

  304. MattJ

    point it to $(host if you like

  305. Kev

    MattJ: Up to you, I'll set up a vhost on athena if you'd rather.

  306. Kev

    I'm on my zonefile serial number 8 for the day.

  307. Kev

    MattJ: A record set up.

  308. MattJ


  309. badlop

    Dave Cridland: vhost added, now ejabberd21 should work

  310. Kev

    badlop: Thanks.

  311. Kev

    Hmm, mlinkrelease isn't happy.

  312. Kev

    Oh, because I'm stupid.

  313. Dave Cridland

    Kev, No? I may well have broken things. It is *very* trunk.

  314. Kev

    It's not :)

  315. Kev

    So mlinkrelease and ejabberd21 are happily chatting.

  316. Dave Cridland

    Right, bit of trouble, had to restart Gajim for that.

  317. Dave Cridland

    But ejabberd21 and mlinktrunk are good.

  318. Dave Cridland

    MattJ, Is prosody8 up?

  319. MattJ


  320. MattJ

    Compiling OpenSSL, don't ask...

  321. Dave Cridland

    MattJ, I had to recompile pyOpenSSL this morning, after porting some patches from one hacked version to another, then kicking the Ubuntu packages violently out of the way.

  322. MattJ

    Sounds familiar

  323. MattJ

    Oh, 1.0.0c is out

  324. MattJ

    let's see if this builds any easier than 1.0.0b

  325. Dave Cridland

    I just love the way they encrypt their own documentation.

  326. fippo

    dave: would be interesting how they document their verify callback behaviour :-)

  327. MattJ

    woohoo, they must have broken the build for 1.0.0b, a and c both work :/

  328. fippo

    dave: mlinktrunk is not showing a cert currently?

  329. Dave Cridland

    fippo, No cert at all?

  330. fippo

    ah no... problem on my side (at least it works with openssl)

  331. Dave Cridland

    fippo, I'd expect it to have the one.

  332. Kev

    mlinkrelease should have the (expired) one.

  333. Florian

    and I'm back ... the OpenJDK VM decided to die

  334. MattJ


  335. Florian


  336. Kanchil

    Florian: can't be reached via XMPP

  337. Florian

    great :)

  338. MattJ

    Dave Cridland, does M-Link cache s2s failures?

  339. Dave Cridland

    MattJ, Nope, shouldn't do.

  340. Florian

    Dave Cridland: <Artur Hefczyc> unfortunately I am unable to spare any time for the interop week, still working hard on the tls for s2s, (no sasl external support yet and it is not planned soon)

  341. MattJ


  342. Kanchil

    MattJ: is running Prosody version hg:c8fcd63e9526 on Linux

  343. MattJ

    No idea what certs, but I'll hopefully be able to generate some soon

  344. fippo

    looks like a self-signed one

  345. Florian


  346. Kanchil

    Florian: is running Tigase version 5.1.0-b2457 on Linux-i386-, OpenJDK Server VM-16.0-b13-Sun Microsystems Inc.

  347. Florian


  348. Kanchil

    Florian: can't be reached via XMPP

  349. Florian

    that's not right :/

  350. vt100


  351. Dave Cridland


  352. Kanchil

    Dave Cridland: is running Tigase version 5.1.0-b2452 on Linux-amd64-, Java HotSpot(TM) 64-Bit Server VM-16.3-b01-Sun Microsystems Inc.

  353. vt100

    quite verbose

  354. Dave Cridland

    vt100, And not nearly as cool as a ZX Spectrum, either.

  355. vt100


  356. fippo

    mattj: do you keep plaintext logs on prosody8? I just spotted an interesting failure, removed the rawlog and now I can not reproduce it :-/

  357. vt100

    Hm, speaking of Prosody, how's the v6 implementation of lua going?

  358. MattJ

    vt100, not yet begun - unless you want /only/ IPv6 :)

  359. fippo

    mattj: we might test /only/ IPv6 - then we know that it works at least and can take care of the 4/6 issues later :-)

  360. MattJ

    fippo, me? keep logs? I have several GB of them :)

  361. vt100

    MattJ: Bah. :)

  362. Florian


  363. MattJ

    vt100, I can't do everything at once :)

  364. Florian

    well, has an IPv6

  365. MattJ

    I judged s2s TLS as higher priority

  366. vt100

    MattJ: No offence :)

  367. MattJ

    which was the other thing the relevant Lua library was missing

  368. MattJ

    IPv6 should be a breeze in comparison

  369. Dave Cridland

    Florian, Might want to note that Tigase is serving IPv6, too.

  370. Dave Cridland

    Florian, I mean on the Wiki page.

  371. remko

    oo, ipv6, i'ld like to test that too

  372. Dave Cridland

    remko, mlinktrunk does it as well.

  373. remko

    yeah, but it requires an ipv6 network i'm told

  374. remko

    i was hoping someone could test that for me :)

  375. Dave Cridland

    remko, Ah not got IPv6 at your end?

  376. remko


  377. remko

    and i haven't the slightest clue how to set it up :)

  378. Dave Cridland

    remko, Hang on, I'll give it a spin. Assuming I can find a Swift build.

  379. Dave Cridland

    remko, Pretty easy - I'm using's tunnel server.

  380. remko

  381. Dave Cridland

    remko, `cd ~/src/swift; git pull`

  382. remko

    that works :)

  383. remko, huh

  384. remko

    interesting, i'll look into that

  385. vt100

    he or sixxs

  386. MattJ

    OT, but "muahahaha" - Highways Agency alerts delivered via pubsub to desktop notifications (and no, I still don't drive)

  387. Dave Cridland

    vt100, sixxs if you happen to enjoy random firewalling.

  388. vt100

    Dave Cridland: Or Theo de Rant like support.

  389. Dave Cridland

    vt100, I dropped sixxs and suffered the renumber when I discovered I could no longer talk to Gajim's servers.

  390. Dave Cridland

    vt100, I looked at the small print and figured that it was technically against the sixxs T&C to run an XMPP service.

  391. vt100

    Dave Cridland: I've got a sixxs tunnel at home, no problems so far.

  392. vt100

    Eh? Well, one of their admins is not too far from here, we share some mailing lists, I could ask him if there's trouble.

  393. MattJ

    Are the xmpptest records mirrored across all of,,

  394. Dave Cridland

    MattJ, That was certainlt the intention.

  395. MattJ

    Just had a random DNS failure here, no records returned for a SRV query

  396. fippo

    mattj: technically, you want to send a dialback error instead of a stream error - but even I don't do that yet :-)

  397. MattJ

    Agreed, it's added to my todo :)

  398. Dave Cridland thinks we do.

  399. Dave Cridland

    Oh. No I've desynced when crashed. (It's running a different "trunk" too at the moment)

  400. fippo

    dave: if you do, you don't announce it in stream features (at least not on release)

  401. MattJ

  402. MattJ

    getsrv is just a dig-wrapping script

  403. MattJ

    At least this makes things a little more "interesting"

  404. fippo

    I get the correct response from all three dns servers

  405. Kev

    MattJ: All of's nameserver's should be mirroring.

  406. Kev

    MattJ: Can you tell me which on you think isn't?

  407. MattJ

    Nope, they all seem to respond when queried individually

  408. Kev

    So, do we need some sort of checklist of things we'd like to check between servers? I'm assuming just basic XMPP like "Can s2s without using dialback for auth if there are trusted certs", "Can reject all connections not presenting a trusted cert", "Doesn't send junk over s2s in jabber:client" etc.

  409. Dave Cridland

    We probably do. Seeing if anyone does dialback errors, too. (Which we don't I just checked. But easy to change)

  410. MattJ

    We do dialback errors when the token doesn't validate

  411. fippo

    I think we do - at least the host-unkonwn variant

  412. MattJ

    but not when the dialbacking connection fails

  413. fippo

    oh... we could test piggybacking - even though I am sure that googlemail/gmail does a pretty good job at enforcing it :-)

  414. Kev

    fippo: I'm happy to test stuff like that, but I'm not sure it's worth it as a baseline for interop testing.

  415. Dave Cridland

    fippo, Oh, that's interesting - what's the right error condition for "Yes, I know who you are, but I kjust don't want to talk to you" - the ones I'd expect to use are all specified for TLS/X.509 usage.

  416. Dave Cridland

    I'll go for forbidden.

  417. Dave Cridland

    Right, done and updated.

  418. fippo


  419. Dave Cridland

    fippo, XEP-0220 specifies that as meaning requiring TLS. forbidden seemed to be reasonable.

  420. Dave Cridland

    fippo, I was tempted to go for payment-required just to irritate. :-)

  421. stpeter


  422. stpeter

    you would :P

  423. fippo


  424. remko


  425. fippo

    dave: I think you would send a policy violation stream error in response to the initial stream header in that case

  426. Dave Cridland

    fippo, Yeah, except that if you receive it as a pggybacked request, you don't want to kill the other multiplexed pairs.

  427. fippo

    so if you know that you don't like domain X you still like domain Y hosted on the same server?

  428. Dave Cridland

    fippo, Yes, yes, it's astonishingly unlikely.

  429. fippo

    btw... we should start making a list of things that are known to work - first item are srv-lookups and ports other than 5269

  430. Kev

    fippo: Sonuds like a good plan.

  431. Dave Cridland

    What we should also do is make a blog post about how wonderfully successful each day has been.

  432. Kev

    Monday: Success, Kev played with bind9 for the first time, and managed to not break the XSF infrastructure.

  433. zash


  434. MattJ

    Ok, I guess I'm now accepting CSRs to

  435. fippo

    CSRs? geee!

  436. MattJ


  437. MattJ

  438. stpeter

    Dave Cridland: do you mind if I forward your email to the list?

  439. Dave Cridland

    stpeter, Which one? Interop one? Go for it.

  440. stpeter


  441. stpeter

    yeah even

  442. Dave Cridland wondered why you asked, but then remembered the IPR issues.

  443. stpeter

    yeah, usually I'm not so courteous :P

  444. Dave Cridland

    WOw, libjingle now speaking XEP-0166. Does that have implication that the GTalk client might also do so?

  445. stpeter

    libjingle was the first step, as I understand it from having chatted with Harald in Beijin

  446. darkrain

    Have they officially released such a version? I heard/saw they were actively updating the code repo on

  447. stpeter

    darkrain: yes

  448. stpeter

    darkrain: well, a version of the library, not of the client yet

  449. darkrain


  450. darkrain

    Nice :)

  451. stpeter


  452. zash

    Did the ditchabillity of legacy pre-xep jingle code increase? :)

  453. Sjoerd hopes that will go together with introducing VP8 as a video codec

  454. stpeter dents it

  455. Sjoerd

    do you doubt it as well ? :p

  456. stpeter


  457. stpeter

    doubt VP8 support?

  458. stpeter

    or their support for the XEPs?

  459. Sjoerd


  460. stpeter

    the folks I've talked with on the Talk team are committed to supporting the XEPs

  461. stpeter

    and the folks I've talked with are in a position to make that happen

  462. Sjoerd


  463. stpeter does say: What XEPs does libjingle support?¶ Libjingle has basic support for XEP-166 and XEP-167. It also supports the pre-standard versions of those protocols that Google Talk currently uses (web-based Google Talk will be updated to speak jingle soon). Libjingle does not yet have support for XEP-176 because it uses a pre-standard version of ICE-UDP. We're looking at how we can fully implement XEP-176 and ICE-UDP.

  464. Sjoerd


  465. MattJ

    Ok, prosody8 restarted with certs signed by

  466. bear waves

  467. MattJ

    Hey bear

  468. Kev

    MattJ: Can you issue for mlinkrelease and rooms.mlinkrelease please?

  469. bear

    looks like things are moving nicely

  470. Kev

    Or do you need me to work out how to get a CSR generated? :)

  471. MattJ

    Kev, I think I did, for Dave

  472. bear

    i'm going to go over the wiki page and the log scrollback later this afternoon and whack up a "day 1 summary"

  473. MattJ

    Ah no, that was mlinktrunk

  474. MattJ

    Kev, then I need a CSR, but I guess I can make one for you :)

  475. bear

    if anyone is inclined, patches accepted for any text snippets :)

  476. Kev

    MattJ: That'd be nice please.

  477. MattJ


  478. MattJ

    fippo, I don't know how you did it, but congratulations

  479. MattJ

    Your CSR crashes the Isode CA software :)

  480. vt100


  481. MattJ

    Hopefully Dave will reappear with a solution

  482. vt100

    MattJ: You wrote some CA implementation?

  483. MattJ

    No, Isode did

  484. fippo


  485. fippo

    mattj: they were elmex'ed

  486. MattJ

    Thanks to Zash Prosody can generate OpenSSL configurations to feed into OpenSSL to generate a self-signed cert or CSR

  487. MattJ

    but a bit short of a CA

  488. fippo

    mattj: if it's easier for you, you can make me a cert instead of using that cert

  489. vt100

    .o0( I wonder if this bot here will count karma points for people crashing other people servers in interop test )

  490. vt100


  491. MattJ

    No crashed /servers/, yet anyway :)

  492. Kev

    MattJ: Received, thanks.

  493. fippo

    mattj: prosody8 doesn't show me starttls - and does not attempt it either

  494. Nÿco

    hi all

  495. Nÿco planning interop teset Gajim and OneTeam on Jingle voice

  496. Kev

    That'll be interesting.

  497. Asterix

    Nÿco: just in time! I'm here

  498. Kev

    If client devs want passwords for the servers, please poke the server admins. I've got accounts created for each of the clients on the interop page, ready.

  499. Asterix

    Kev: ok thanks, maybe later during the week

  500. Kev

    Not that it's all that interesting.

  501. darkrain

    Is it the same password as my luggage?

  502. Kev

    We know Gajim works with M-Link, and Prosody, and ejabberd anyway :)

  503. Asterix

    no but testing how clients behaves with all servers, all cert things (is it only s2s certs that has been generated?)

  504. Kev

    Certs are good for both s2s and c2s.

  505. Kev

    Not that I've installed the one for mlinkrelease yet, I intend doing that tomorrow morning.

  506. Zash

    *Client* certs?

  507. Kev

    Oh, we don't have certs for the clients.

  508. Kev

    Although we could get them.

  509. Kev

    I'm happy to set up certs on mlinkrelease for strong auth for clients.

  510. Kev

    Although MattJ would probably have to provide them so they're from the same CA.

  511. Dave Cridland

    Kev, Not, actually. You could setup your own CA for that.

  512. Kev

    Yes, but that would mean me setting up a CA.

  513. Kev

    Although I actually have one somewhere.

  514. prefiks

    apropos gajim on ejabberd compatibility, i just can't login using latest version from hg, it authentication, bind, and session worked ok, i guess it failed when ejabberd returned error when gajim tried to delete some pep node

  515. prefiks

    i can send log if someone is interested

  516. Asterix

    I use gajim on ejabberd without problem. ejabberd replies with errors when deleting pep things, that's normal and it's not a problem

  517. Asterix


  518. darkrain

    prefiks: What stanza are you sending, and what's the error response you get back?

  519. darkrain

    (or is the server uncleanly terminating the connection?)

  520. prefiks

    one moment let me consult ejabberd logs

  521. Dave Cridland

    prefiks, Gajim doesn't delete a PEP node, but it does publish empty Activity and Mood on connect.

  522. Dave Cridland

    (Which mildly annoys me, although I only noticed when I was trying to test persistent PEP)

  523. Kev

    I'm not convinced that's the Right Thing to do, fwiw.

  524. prefiks

    ups, sorry looks like this is fault of my ejabberd (it's not vanilla one, it's quite heavy patched)

  525. Zash

    Kev: But, if you set a status like "I'm going to sleep now", and then shuts down the client, it won't make that much sence when restarting

  526. Dave Cridland

    Kev, I understand why - it's because Gajim's presence system regards the status message, activity, and mood as a three-tuple that gets set together, so when it comes online and sets its status message it sets all three.

  527. Dave Cridland

    Zash, It's slightly more annoying if you set PEPness in another client then spin up the laptop briefly...

  528. Kev

    Zash: Yes, but that's an argument for removing it at logout, not at login :)

  529. Kev

    (And only if you set it)

  530. Kev

    For the reasons Dave says.

  531. Dave Cridland

    I think on login you just see what's there, unless you've been explicitly told to set something else.

  532. Asterix

    as wash said, there are also cases when that doesn't mean anything to keep last pep informatio...

  533. Asterix


  534. Asterix

    prefiks: is it you there:

  535. Asterix

    Nÿco: ping?

  536. prefiks

    Asterix: no

  537. Nÿco


  538. Asterix

    Nÿco: nice, we go in pm?

  539. Dave Cridland

    Whoops. Seems my "IPv6" claim was a little exaggerated. Now told my router to route IPv6 instead of looking at it blankly.

  540. Nÿco


  541. Florian

    did the certs get sorted?

  542. darkrain

    Asterix: The one you linked to looks like

  543. Nÿco talking with Asterix

  544. Nÿco

    on the phone

  545. Nÿco


  546. Nÿco

    over Jingle

  547. Nÿco

    quality quite ok

  548. Zash


  549. Asterix

    and works the first time (when I use a non-buggy Gajim ;) )

  550. Nÿco!/nyconyco/status/11891978551693312

  551. Asterix


  552. Nÿco

    OneTeam also works against an N900 client

  553. Dave Cridland

    That sounds pretty cool.

  554. Dave Cridland

    I can see the headline - "Jingle interoperability proven! Even works in French!"

  555. Zash


  556. Nÿco

    to be honest, I don't use often the voice calls... I will... more than before

  557. Dave Cridland

    I've tried it once or twice with Florian, occasionally with some success.

  558. Nÿco

    Dave Cridland: to be completely sure, and test at 100 % the Jingle calls, I need to test 'Humor over Jingle'

  559. Florian


  560. Dave Cridland

    See? Interop failure right there.

  561. Florian

    just testing with Nyco

  562. Dave Cridland

    It's "humour". ;-)

  563. Florian

    do you remember the noise?

  564. Dave Cridland

    Florian, The background noise, or that ghastly sound you make when you speak?

  565. Nÿco has made it, spelling mistakes always work ;-)

  566. Florian

    background noise :p

  567. darkrain

    Dave Cridland: Surely that's an interop issue for written communication, but not verbal?

  568. Florian

    just sending the recording via mail

  569. Florian

    and then sharing

  570. Florian


  571. Florian

    listen to this

  572. Florian

  573. Florian

    when nyco talks (5s in) there is a noise

  574. Nÿco

    voice qualities differ

  575. Dave Cridland

    "Backlog too deep"

  576. Dave Cridland

    Ace. Nice debug message from the heroku developers.

  577. Dave Cridland

    Florian, Sounds like Nÿco's speaking through a sock. One that's clicking, too.

  578. Florian


  579. Florian

    right ... the clicking

  580. Dave Cridland

    I assume it's recording you locally, which doesn't help - the contrast between the sound quality makes it more apparent.

  581. Florian


  582. Florian

    it's a small app on the N900 that allows you to record phone conversations :)

  583. Dave Cridland


  584. Florian

    great if you borrow someone your phone to make a "private call" :)

  585. Dave Cridland


  586. Florian

    i'd call it genious :)

  587. Dave Cridland

    But only if you can't spell "genius".

  588. Florian


  589. sjoerd.simons likes when other people test interop for us

  590. Zash

    sjoerd.simons: Isn't that called "customers"? ;)

  591. sjoerd.simons


  592. sjoerd.simons

    indirectly i guess :)

  593. Zash

    anyone tested N900, Gajim and video? Me and a friend tested a while ago, but I don't remember if it worked

  594. Florian

    just testing audio N900 <-> OneTeam

  595. Dave Cridland

    Zash, I've tried that with Florian. I can't remember if I could see him but not hear him, or something else.

  596. Florian

    it was weird

  597. Florian

    it was or audio or video worked

  598. Florian

    but not both :)

  599. Dave Cridland

    Zash, I do remember writing things down on my whiteboard in order to communicate, actually.

  600. Dave Cridland

    Zash, Which was quite funny.

  601. Zash


  602. Dave Cridland

    Zash, And, of course, demonstrated that there's no need for a dedicated whiteboarding protocol in XMPP after all.

  603. Florian

    he then realized that XMPP has this thing that allows you to send text :)

  604. Florian

    haha :D

  605. Florian

    just in: VodafoneUK blocks Jingle

  606. Zash

    Why not just go straight ahead to svg-sxe.. aw

  607. Florian

    doesn't block SIP though

  608. Florian

    I think we found the problem

  609. Florian

    Vodafone has some nifty routing: N900 -> -> -> -> -> Internet

  610. Nÿco

    bye all

  611. Dave Cridland

    Florian, How many of those are NATs?

  612. Florian

    I guess all of them

  613. Florian

    or none

  614. Dave Cridland

    Nÿco, See you tomorrow.

  615. Florian

    I dunno tbh

  616. Florian

    SIP works

  617. Florian

    Jingle doesn't

  618. Florian


  619. Florian

    SIP goes to a public server IP

  620. Florian

    jingle was to Nÿco behind a NAT

  621. Florian

    single nat worked ... i.e. N900 on WiFi

  622. Zash

    Jingle nodes?

  623. Florian


  624. Florian

    where ?

  625. Zash

    Iduno, but I guess that's what would be needed :/

  626. Dave Cridland

    Asterix, Have you looked into IGD/UPnP at all in Gajim?

  627. Asterix

    doesn't gstreamer handle that for us?

  628. Dave Cridland

    Asterix, I don't know, actually.

  629. sjoerd.simons

    Asterix: depends, are you using farsight and nice ?

  630. Asterix

    yes we are

  631. sjoerd.simons

    then it should do upnp automagically assume your distro compiled things properly

  632. Dave Cridland

    So running up a upnpd on ym router might help. Interesting.

  633. Zash

    Mmmm.. UPnP IGD ..

  634. Dave Cridland

    Zash, I think it needs a clearer name, though.

  635. Dave Cridland

    Zash, Maybe UFMP.

  636. Dave Cridland

    Zash, "Unauthenticated Firewall Manipulation Protocol".

  637. Zash

    Universal Forward My Port!

  638. Zash

    Dave Cridland: It needs more 'X'-es, since it uses SOAP, and therefore XML

  639. Dave Cridland

    I wish I wrote a SOAP server. Then I could make loads of gags about how clean the code was.

  640. Florian


  641. Florian

    I'd actually love to have an XMPP2SOAP gateway :)

  642. Dave Cridland

    Florian, There's a gag there somewhere, I just can't see it.

  643. Zash

    XMPP over SOAP over HTTP over UDP?

  644. Zash

    .. over IP over avian carrier

  645. Florian


  646. Dave Cridland

    Zash, Reminds me of that time in Brussels a couple of years ago, when Dirk Meyer had HTTP over Jingle over XMPP working, and everyone who heard suggested running BOSH over it.

  647. Florian


  648. Zash

    haha, awesome

  649. Florian

    well ... that's where I heard about: Jingle over TCP over UDP over ICE

  650. Florian

    or something like that

  651. Florian

    that was 200

  652. Florian


  653. Florob

    Hmm... + mod_tcpproxy = TCP over XMPP over BOSH over HTTP over Jingle over XMPP orver TCP over IP...

  654. Zash

    And then you do all of it over that again!

  655. Florian

    ok ... wtf ... why does iPlayer recommend BBC Wales Today?!

  656. Florian

    I'm not in Wales

  657. Florian

    I'm in London

  658. Florian

    and I guess the chick from my Uni finally got fired in the Apprentice

  659. stpeter

    y'know, I'm getting a bit tired of the RFC revision process :)

  660. Florian


  661. stpeter

    ok, bbl

  662. Florian

    looks like I'll be joining the Hackday too :)