interop - 2010-12-09


  1. Florob has left

  2. badlop has left

  3. stpeter has left

  4. steve.kille has left

  5. steve.kille has joined

  6. MattJ has left

  7. steve.kille has left

  8. steve.kille has joined

  9. steve.kille has left

  10. steve.kille has joined

  11. steve.kille has left

  12. steve.kille has joined

  13. steve.kille has left

  14. steve.kille has joined

  15. steve.kille has left

  16. steve.kille has joined

  17. steve.kille has left

  18. steve.kille has joined

  19. steve.kille has left

  20. steve.kille has joined

  21. Florian has left

  22. steve.kille has left

  23. steve.kille has joined

  24. steve.kille has left

  25. steve.kille has joined

  26. steve.kille has left

  27. steve.kille has joined

  28. steve.kille has left

  29. steve.kille has joined

  30. steve.kille has left

  31. steve.kille has joined

  32. steve.kille has left

  33. steve.kille has joined

  34. steve.kille has left

  35. steve.kille has joined

  36. Florian has joined

  37. Florob has joined

  38. Florob has left

  39. Kev has joined

  40. Kev

    Good morning, good morning, good morning, good morning, good morning.

  41. remko has joined

  42. steve.kille has left

  43. Kev

    Ok, so, is everyone ok with the plan for today?

  44. Kev

    Set all the test machines to require TLS, check the pings again.

  45. Kev

    And I'll set up the machines with invalid certs, ready for tomorrow.

  46. Kev

    That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted.

  47. steve.kille has joined

  48. Tobias has joined

  49. remko

    all: can i get an account swift / swift on all servers?

  50. Kev

    The idea of not putting the account details on that page was so we didn't have public records of the logins.

  51. remko

    *sigh*

  52. remko

    seriously, for an interop of one week?

  53. remko

    ok then :)

  54. Kev

    They're all openly federating.

  55. Kev

    If they weren't, it wouldn't be a problem.

  56. remko

    ah, i was assuming they weren't

  57. Kev

    That would mean quite some effort for the server vendors.

  58. remko

    true

  59. remko

    client certificates are the future :)

  60. Kev

    Yes, I considered adding those to the test plan, but I don't think anyone other than M-Link supports them. If any other servers do, I'm happy to add it to the plan.

  61. remko

    it would be handy to have MUC nicks on the page to know who to ask for logins :)

  62. Kev

    fippo is psyced (no C2S, I believe), badlop is ejabberd, MattJ/waqas are Prosody, Dave Cridland is M-Link, Florian is Tigase.

  63. badlop has joined

  64. badlop

    remko: ejabberd21 has IBR with CAPTCHA

  65. remko

    badlop: swift doesn't do IBR yet :)

  66. badlop

    i'll create now, but you should use an alternative client for the features your client doesn't yet support

  67. badlop

    is Test 2 right now, or are we still in Test 1? Test 2 (Thursday). Requiring TLS on all s2s connections on all servers

  68. Kev

    badlop: Test 2 would be good, please.

  69. Kev

    badlop: Ok, so, is everyone ok with the plan for today? Kev @ 9:15 Set all the test machines to require TLS, check the pings again. 9:15 And I'll set up the machines with invalid certs, ready for tomorrow. 9:15 That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted. 9:16

  70. badlop

    remko: account created

  71. remko

    badlop: super, thanks a lot!

  72. badlop

    ejabberd21 s2s requires TLS, with a preliminary patch i wrote yesterday, let's hope it works

  73. badlop set the topic to

    XMPP Interop Event | 6th - 11th December 2010 | http://wiki.xmpp.org/web/Interop | right now: Test 2 (s2s require TLS)

  74. badlop

    oh, no room admin here to add to the room subject: | right now: Test 2 (s2s require TLS)

  75. sjoerd.simons has left

  76. remko has left

  77. Dave Cridland

    badlop, Yes, PSA mentioned that.

  78. Dave Cridland

    Morning all, BTW.

  79. Dave Cridland

    So, mlinkrelease can't require TLS. It can require a valid cert (ie, one that the chain terminates in a trust anchor), but that's it.

  80. remko has joined

  81. Tobias

    Dave Cridland: what's the difference? meaning you can't require TLS with an invalid cert or what?

  82. Dave Cridland

    Well, if you don't do TLS at all, that's still fine. :-)

  83. Tobias

    ah, right :)

  84. Kev

    Ok, I've put up the results stubs for today's tests for severs.

  85. Dave Cridland

    Anyone desperate to go first?

  86. Kev

    You started the trend yesterday.

  87. Dave Cridland

    'kay

  88. Dave Cridland

    SO let's go.

  89. Dave Cridland

    So am I even attempting to test mlinkrelease?

  90. Kev

    Testing against it, but not testing it, according to the wiki page :)

  91. Dave Cridland

    Kev, Is notls up and running?

  92. Kev

    Matt was going to do that yesterday, I don't know if he did.

  93. Kev

    Shouldn't be hard to work out, should it?

  94. Dave Cridland

    Well, I get an error from mlinkrelease.

  95. Dave Cridland

    host-unknown.

  96. Dave Cridland

    So that needs to be up later. The problem is that unless this is running, we can't really test that we're unable to connect to it.

  97. Kev

    This is true.

  98. Dave Cridland

    Well. Not up later, up now, really. But we'll all have to do the negative testing against it later, I suppose.

  99. Dave Cridland

    But anyway, my first lot of results are (unsuprisingly) that mlinkrelease can still connect to everyone.

  100. Kev

    The telnet says: <stream:stream id='' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xmlns='jabber:server'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This host does not serve notls.xmpptest.com</text></stream:error></stream:stream>

  101. Kev

    So yes, not up.

  102. Dave Cridland

    OK, mlinktrunk connects to everyone except tigasetrunk - which is expected, as tigasetrunk is actually the same as notls is meant to be.

  103. Dave Cridland

    So I suggest folk test against the full suite anyway.

  104. Kev

    Well, Tigase isn't quite what notls is meant to be.

  105. Kev

    notls is supposed to be XMPP, but not supporting starttls.

  106. Kev

    Tigase is doing jabber/0.9 only, isn't it?

  107. Dave Cridland

    It has the same effect.

  108. Kev

    It has the same effect for M-Link :)

  109. Dave Cridland

    OK, so I'm done anyway. Wiki updated.

  110. Tobias has left

  111. Kev

    I've updated the testing blurb to indicate that failure against tigasetrunk is required.

  112. Dave Cridland

    Anyone else having a go?

  113. badlop

    me, ejabberd21 works with all except tigase, as expected

  114. Dave Cridland

    badlop, Cool, so that patch you did yesterday works?

  115. badlop

    well, at least it doesn't break s2s

  116. Kev

    \o/

  117. louiz’ has left

  118. steve.kille

    Should test 2 be including a server which does not support TLS, and tries to connect to the other servers. It should be required (of the other servers) that they refuse the connection#

  119. Kev

    Yes, and it does.

  120. badlop

    you mean, if tigase were able to connect to any other now, then there's a bug in that other

  121. Kev

    notls (to be set up later when Matt gets up) will be XMPP 1.0 without TLS, and tigasetrunk is XMPP 0.9/Jabber without TLS.

  122. badlop

    i think steve.kille refers to testing s2s from notls-server --> supposedly-tls-required

  123. Kev

    Right, but that's required to get the iq result.

  124. Kev

    Doing an ping from one server to another requires the setup of streams both ways.

  125. steve.kille

    Kev: I think it would be helpful to clarify thing shojuld not work wiht notls, irrespective of wo initiates.

  126. Dave Cridland

    This is true, unless bidi is involved.

  127. Dave Cridland

    We can do that one notls is actually up.

  128. Dave Cridland

    once.

  129. Kev

    steve.kille: Both parties always initiate (unless bidi is involved).

  130. Dave Cridland

    Kev, Yes, but it won't hurt to test.

  131. Dave Cridland

    Kev, At least one implementation supports bidi, after all.

  132. fippo

    btw: I tested ssl2 this morning

  133. fippo

    mlinktrunk, mlinkrelease, prosody and psyced kill the connection, ejabberd does not (yet?) work with that s_client version

  134. Dave Cridland

    Really? I thought we accepted it on inbound, still.

  135. wjt has joined

  136. fippo

    the v2 client hello probably is

  137. Dave Cridland

    fippo, Oh, for sure. But I thought we allowed the protocol inbound too.

  138. fippo checks again

  139. fippo

    indeed, it fails differently - but still fails

  140. Dave Cridland

    Well, no SSLv2 in my logs, certainly.

  141. Florian

    remko: In-Band Registration is enabled :)

  142. Dave Cridland

    Florian, Want to see if you can reach anyone from tigasetrunk?

  143. wjt

    so, does anyone have a xep-0055 directory set up on their interop test-y server?

  144. Kev

    Well, he probably can still reach Prosody, because Matt / waqas aren't about yet.

  145. badlop

    like vjud.ejabberd21.xmpptest.com ? but s2s to it doesn't work

  146. Kev

    badlop: Just because of DNS? I don't mind putting up a record.

  147. wjt

    badlop: for instance! i've not been keeping up with this week—have some kind of plague—but presumably we could also register test accounts on ejabberd21.x.c

  148. Kev

    I expect Dave Cridland could also be persuaded to enable -55 on mlinktrunk

  149. Dave Cridland

    Kev, I think it is, actually.

  150. Dave Cridland

    Kev, But probably defaulting to local-searches only.

  151. Kev

    I expect Dave Cridland will have enabled -55 on mlinktrunk.

  152. wjt

    well, that's grand. let's see if i can get pochu in here... :)

  153. Dave Cridland

    wjt, Our '55 basically allows users to opt-in or opt-out - there's three settings (never visible, visible in local searches, and visible in all searches) plus a default if they don't express a preference.

  154. wjt

    how do you choose this setting?

  155. Dave Cridland

    wjt, Ad-Hoc.

  156. wjt

    my very favourite xep

  157. Florian

    why wouldn't I be able to reach people?

  158. wjt

    which we might actually implement support for in the new year

  159. Kev

    Florian: Because today's tests require TLS for s2s.

  160. Dave Cridland

    wjt, M-Link's had ad-hoc controlled user preferences for ages, we use them currently to alloow auto-subscribe, control offline message settings, etc.

  161. Florian

    ah

  162. Kev

    See the test plan :)

  163. wjt

    Dave Cridland: Oh, I'm sure lots of servers do

  164. Florian

    we have a test plan?

  165. wjt

    Dave Cridland: doesn't mean I like it very much ;-)

  166. Dave Cridland

    Florian, So if you can reach anyone, then they're broken.

  167. Kev

    Yes, it's on the wiki page.

  168. wjt

    but I've softened in my opinion on these matters in recent months

  169. Kev

    Dave Cridland: Broken, or haven't changet their config for today yet.

  170. Florian

    ok :)

  171. Kev

    wjt: Ad-hoc as a concept is great, as a protocol is fine, and as a XEP is lacking.

  172. Kev

    You're free to disagree with me, of course, everyone has the right to be wrong :)

  173. Florian

    mlinktrunk is broken

  174. Kev

    Florian: See the note that says that mlinktrunk isn't participating today :)

  175. Dave Cridland

    Kev, I think wjt doesn't like the lack of i18ness.

  176. wjt

    Kev: I think it's hard to make UIs for ad-hoc-style random-dialog-boxes-from-the-server beautiful

  177. Kev

    wjt: Yes, that's right. For things that aren't really ad-hoc, we have profiles so you can know what to expect (RC, Server admin, for example).

  178. wjt

    i18n is a secondary concern, but this one i really don't mind that much about: in practice, if you're using a server, you probably speak (one of the) same language(s) as its administrator

  179. Florian

    it says mlinkrelease isn't participating?!

  180. Florian

    mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.

  181. Kev

    Right :)

  182. Kev

    So that'll participate again tomorrow when we require TLS and full cert checking for s2s.

  183. Florian

    because I can connect to mlinktrunk

  184. wjt

    Kev, sure, and that's one of the reasons I've softened my opinion on them :)

  185. Kev

    Oh, mlink*trunk*

  186. Florian

    yes :)

  187. Florian

    [11:59:00] <Florian> mlinktrunk is broken :)

  188. Kev

    Dave Cridland: !

  189. wjt

    Kev: for the common cases, we can do something nice; for uncommon cases, whatever, it's your own fault for doing weird stuff

  190. Kev

    Sorry, I just read mlinkrelease without paying attention, my bad.

  191. Florian

    :)

  192. Florian

    I guess service discovery shouldn't work

  193. Florian

    as that's S2S

  194. Kev

    Correct.

  195. Florian

    right :)

  196. Florian

    so yeah ... trunk is broken :)

  197. Kev

    Although you may need to bounce the server to cancel any existing s2s sessions first, possibly.

  198. Florian

    ah

  199. Kev

    Dave Cridland will know if he already did that with mlinktrunk, it's his test server.

  200. Florian

    interesting ...

  201. Florian

    Prosody8 gives me a disco title (Server name)

  202. Florian

    but no contents

  203. Florian

    right .. the rest fails

  204. fippo

    florian: it's trying to reconnect rather often (every five seconds)

  205. Florian

    still now?

  206. fippo

    yes... let's see if closing the port on my side will stop that

  207. sjoerd.simons@collabora.co.uk has joined

  208. Dave Cridland

    Oh. So I read Florian's message as saying mlinktrunk was *correctly* broken, but what he meant was it's working.

  209. Dave Cridland

    Florian, Ah. WHat server were you connecting *from*?

  210. Florian

    fippo: it tries to reconnect for a few minutes and then gives up

  211. Florian

    jabber.me

  212. Florian

    same host as tigasetrunk

  213. Dave Cridland

    Right, but different domain.

  214. Florian

    right

  215. Florian

    ah ... domain limited?

  216. Dave Cridland

    I'd configured mlinktrunk to require TLS from *.xmpptest.com

  217. Florian

    ok

  218. Florian

    let me test it from there :)

  219. Dave Cridland

    (Because mlinktrunk is also a vhost)

  220. Florian

    :)

  221. Florian

    Tigase might have S2S TLS by the end of the week

  222. Kev

    Perhaps it can pass tomorrow's tests then :)

  223. Dave Cridland

    Given that we all fail tomorrow's tests...

  224. Florian

    yup ... mlinktrunk now fails too :)

  225. Dave Cridland

    \o/

  226. Kev

    Dave Cridland: We all fail *some* of tomorrow's tests, I don't think that stops it being worth testing that everyone passes the bits they think they do.

  227. Florian

    so the expected result :)

  228. Dave Cridland

    Kev, Right. Or our X.509 team might fix the interesting bug we have. (Which is actually in Sodium CA).

  229. emilio.pozuelo@collabora.co.uk has joined

  230. emilio.pozuelo@collabora.co.uk

    hi! I'm implementing contact search in empathy (a client using the Telepathy framework) and wanted to test if it's working... can anybody tell me a server I can test it? thanks!

  231. Dave Cridland

    mlinktrunk.xmpptest.com has '55 available on the IM domain.

  232. wjt

    emilio.pozuelo@collabora.co.uk: there's a big list o' servers on the wiki page

  233. Dave Cridland

    emilio.pozuelo@collabora.co.uk, Want to use gabble with password gabble?

  234. emilio.pozuelo@collabora.co.uk

    Dave Cridland: gabble, yes. No idea about the password :)

  235. emilio.pozuelo@collabora.co.uk

    wjt: thanks, checking

  236. wjt

    emilio.pozuelo@collabora.co.uk: (also, if you set an alias in Edit → Personal Information in Empathy, you'll get a nicer nickname in this room next time you join, and look better on people's rosters, too :) )

  237. emilio.pozuelo@collabora.co.uk

    wjt: I've actually done that twice I think... I wonder why it's not saving it :(

  238. wjt

    oh, yeah... there's a bug where sometimes the aliases get lost and i don't know why :'(

  239. emilio.pozuelo@collabora.co.uk restarts empathy to test contact search

  240. emilio.pozuelo@collabora.co.uk has left

  241. emilio.pozuelo has joined

  242. Dave Cridland

    emilio.pozuelo, I'll restart that server in a moment, just to warn you.

  243. Florian has left

  244. Florian has joined

  245. Dave Cridland

    Well, that's interesting. I seem to be failing against ejabberd21

  246. Dave Cridland

    Ah! In fact, I failed this morning, when I look closer. Must have misread.

  247. Dave Cridland

    No features, so no TLS: (13:26:35) Send (214) <?xml version='1.0'?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='ejabberd21.xmpptest.com' from='mlinktrunk.xmpptest.com' version='1.0'> (13:26:35) Recv (155) <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='855227178'>

  248. Dave Cridland

    I get TLS inbound, but not outbound.

  249. Kev

    badlop: ^

  250. fippo

    while wondering why I did not fail I found a bug :-)

  251. Dave Cridland

    Wow, you get bugs too?

  252. fippo

    I did not assume that tls would be only used in one direction and not in the other

  253. fippo

    we should get rid of this unidirectional nonsense, that just makes life harder :-)

  254. Florian has left

  255. Dave Cridland

    Okay, so my CRL checking is now working.

  256. zash has joined

  257. emilio.pozuelo has left

  258. emilio.pozuelo has joined

  259. emilio.pozuelo

    o/

  260. zash

    \o

  261. emilio.pozuelo

    so I'm testing contact search (XMPP 055) on mlinktrunk.xmpptest.com, but I get this error from telepathy-gabble

  262. emilio.pozuelo

    server is broken: <x> not type='form'

  263. Kev

    If anyone wants to test against the 'bad' servers, (mismatchcert|revokedcert|selfcert).xmpptest.com are all up. selfcert isn't yet.

  264. Dave Cridland

    emilio.pozuelo, Ah, okay... Can you tell me what XML you're seeing?

  265. emilio.pozuelo

    Dave Cridland: http://people.collabora.co.uk/~pochu/gabble-log-mlinktrunk.xmpptest.com.log

  266. emilio.pozuelo

    Dave Cridland: with our server I didn't get that error (though I got no results): http://people.collabora.co.uk/~pochu/gabble-search-debug.log

  267. fippo

    Kev: what are we supposed to do with in todays setup?

  268. fippo

    with those

  269. Kev

    Nothing.

  270. Kev

    That was purely for if people wanted to have a play in advance of tomorrow.

  271. fippo

    Kev: I wondered if they should fail for todays test, too

  272. Kev

    No, they should all pass for today's tests.

  273. Kev

    Or, rather.

  274. Kev

    With today's configuration, they should all connect. I don't think it's important to test that they do, though.

  275. fippo

    I tend to disagree when it comes to the mismatched cert :-)

  276. Kev

    fippo: Right, the point of today was to check that all servers 'can do TLS', and the point of tomorrow is to check that they 'can do TLS right'.

  277. Kev

    The point of today wasn't really to test that the 'can do TLS wrong'.

  278. emilio.pozuelo

    Dave Cridland: do you see anything wrong on the server side, or do you think the client is wrong when reporting that error?

  279. wjt

    the type='' attribute is missing from the <x xmlns='...data'/> element returned by the server

  280. Dave Cridland

    emilio.pozuelo, Hang on, be with you in a sec.

  281. emilio.pozuelo

    wjt: aha, I see

  282. wjt

    <xs:attribute name='type' use='required'>

  283. wjt

    so mlink is violating XEP-0004

  284. Dave Cridland

    I am the violator. Muahahaha. Etc.

  285. sjoerd.simons@collabora.co.uk has left

  286. sjoerd.simons has joined

  287. fippo

    Kev: aye. That reminds me that next time i'll bring a server which will fail unless you send a tlsv1 client hello (good for making sure we don't have servers that do not get s2s-tls-compression)

  288. wjt

    how many of the test servers support in-band registration (as opposed to Dave-creates-an-account registration)? maybe emilio.pozuelo could try some others :)

  289. Dave Cridland

    fippo, You get compression with SSLv3 Hello, too.

  290. fippo

    dave: :-p

  291. Dave Cridland

    emilio.pozuelo, Yeah wjt's right, I'm not sending a type on that form.

  292. emilio.pozuelo

    Dave Cridland: ok. glad to have contributed my part to find a bug :)

  293. sjoerd.simons@collabora.co.uk has joined

  294. sjoerd.simons@collabora.co.uk has left

  295. sjoerd.simons@collabora.co.uk has joined

  296. Dave Cridland

    emilio.pozuelo, Should be fixed now. I think. :-)

  297. emilio.pozuelo

    cool

  298. emilio.pozuelo tries again

  299. emilio.pozuelo

    Dave Cridland: yay

  300. emilio.pozuelo

    :D

  301. Dave Cridland

    emilio.pozuelo, Works now?

  302. emilio.pozuelo

    Dave Cridland: I get the form correctly now, not getting any results though

  303. Dave Cridland

    emilio.pozuelo, Ah... I thought it should be working. One sec, let me check the settings,

  304. emilio.pozuelo

    I'm searching for "a"

  305. emilio.pozuelo

    maybe it's not doing substring searches?

  306. emilio.pozuelo

    thanks

  307. Kev

    You need a wildcard for a substring search.

  308. Dave Cridland

    It's not, actually. That was intentional, but everyone seems to disagree with me. :-)

  309. emilio.pozuelo

    heh

  310. Kev

    Including me.

  311. Dave Cridland

    Also searchability default was set to off. So let's change that.

  312. Kev

    I'm dubious of the value of search systems that require you to know what the result will be before you can find it.

  313. Dave Cridland

    OK, that should have updated. Try searching for yourself.

  314. Kev

    :)

  315. zash

    for char in {a..z}; do search $char*; done # userdb acquired

  316. Kev

    zash: There's an assumption that server admins aren't likely to be enabling this for global search on the Internet :)

  317. Dave Cridland

    zash, Nah, wouldn't find all the Russians.

  318. emilio.pozuelo

    Dave Cridland: I cannot find myself, heh :)

  319. Dave Cridland

    emilio.pozuelo, Oh, bugger. I'll look after I've done the school run.

  320. emilio.pozuelo

    Dave Cridland: sure. thanks!

  321. Dave Cridland

    Oh, that's annoying, sorry. It's finding people as an operator, so it';s a permissioning issue. I'll look into this properly in about an hour.

  322. emilio.pozuelo

    argh, none of the other servers seem to support XEP-0055

  323. emilio.pozuelo

    Dave Cridland: ok. ping me when you've looked at it and I'll be happy to test again :)

  324. Dave Cridland

    emilio.pozuelo, THey may do on a different service domain, though? M-Link's unusual in putting it on the actual IM domain.

  325. emilio.pozuelo

    Dave Cridland: no idea... I'm trying the servers mentioned in http://wiki.xmpp.org/web/Interop#2010_Server_Interop_Participation

  326. zash

    at least ejabberd usualy has it on a subdomain, and prosody doesnt have it at all

  327. Florian has joined

  328. badlop

    vjud.ejabberd21 works for local users, it has at least vcard of user "badlop", but fails over s2s due to missing dns i think

  329. badlop

    Dave Cridland: I seem to be failing against ejabberd21 <-- fixed that problem, now it advertizes 1.0 and starttls feature

  330. fippo

    badlop: works for me with tls on both connections

  331. fippo

    and fails with ssl2 :-)

  332. MattJ has joined

  333. Flo has joined

  334. Dave Cridland

    badlop, Brilliant, I'll retest in a sec.

  335. Dave Cridland

    [15:47:57] Ping? [15:47:59] Pong! (2.39 s.)

  336. Dave Cridland

    \o/ ejabberd21 works. Now have a clean sweep.

  337. Kev

    So that's everyone except Prosody, and I see we have a MattJ now, so hopefully that will follow.

  338. MattJ

    Indeed

  339. MattJ

    Sorry my presence is a bit sporadic, family member ill

  340. Kev

    Sorry to hear it.

  341. MattJ

    As long as I'm not coming down with it, I'll get the tests done shortly... :)

  342. steve.kille

    Did we hear back from any other servers (I was thinking specifically of Openfire and Coversant)

  343. sjoerd.simons@collabora.co.uk

    steve.kille: i was unrelatedly talking to an openfire developer last week, he said they unfortunatly didn't have time to join the interop event this week

  344. steve.kille

    pity

  345. Dave Cridland

    emilio.pozuelo, So, you can now find things in XEP-0055. SEarching for, for example "collabora" as the surname will find your account. Or search for "cridland", or "*a*" or whatever.

  346. Dave Cridland

    emilio.pozuelo, But FWIW, there's a surname on every account in the system, thanks to the X.500 DSA that requires every person to have a surname.

  347. wjt

    I know someone who doesn't have a surname. :P

  348. Dave Cridland

    wjt, They cannot exist. X.500 is all-knowing.

  349. zash

    Haha

  350. sjoerd.simons@collabora.co.uk has left

  351. Dave Cridland

    wjt, emilio.pozuelo - Can Gabble/Telepathy/Empathy do strong authentication, by the way?

  352. Sjoerd has joined

  353. wjt

    Dave Cridland: pass. I assume “strong” is a mechanism? :p

  354. Dave Cridland

    wjt, emilio.pozuelo - As in, can I give it a client certificate for use with TLS?

  355. wjt

    Sjoerd: ^^ you had a cunning plan for something related to this?

  356. wjt

    Dave Cridland: I don't thing so currently

  357. Dave Cridland

    wjt, Sorry, being all X.509y. X.509 defined two kinds of authentication "Simple" - username and password - and "Strong" - certificates.

  358. Sjoerd

    client certificates for autentication ? no we don't do that

  359. emilio.pozuelo

    Dave Cridland: hmm, doesn't seem to be working yet :( http://fpaste.org/f3Dp/

  360. emilio.pozuelo

    this looks suspicious:

  361. Dave Cridland

    Does anyone else? (I know Swift does, and Gajim might)

  362. emilio.pozuelo

    gabble/connection-DEBUG: 09/12/10 17:07:01.372524: connection_iq_unknown_cb: got unknown iq:

  363. fippo

    dave: iirc, exodus supports it too

  364. wjt

    emilio.pozuelo: now that sounds like a gabble bug :)

  365. emilio.pozuelo

    wjt: will you look at it for me? :)

  366. Sjoerd

    mlink doesn't set type=result in the iq

  367. wjt

    nor it does. okay, not our bug again :D

  368. Dave Cridland

    Wow. Okay, that's fun. I wonder why nothing else has spotted that one?

  369. emilio.pozuelo

    oh

  370. Sjoerd

    * x xmlns='jabber:x:data' type='result'

  371. Sjoerd

    seems like the attribute is added to the wrong node... ?

  372. wjt

    no, that's correct

  373. Dave Cridland

    Sjoerd, No, that's a form type. Meant to be there.

  374. Sjoerd

    ah ok

  375. Sjoerd doesn't know data forms

  376. Sjoerd

    just seemed suspicious

  377. Sjoerd

    I'm gonna guess nobody noticed it because we're the only ones pedantic enough to both check type=result and the id matching instead of just matching the id?

  378. wjt is out of here to do some anti-plague sleeping

  379. wjt has left

  380. Dave Cridland

    emilio.pozuelo, Ah! You're doing this from a remote account, right.

  381. emilio.pozuelo

    Dave Cridland: yes, from a collabora.co.uk one

  382. Dave Cridland

    emilio.pozuelo, Not tried that much. So yes, you won't find much (because it's local-only by default) and yes, there is indeed a bug there. Use gabble@mlinktrunk.xmpptest.com password gabble

  383. Kev

    Sjoerd: Do you check the from= as well as type= and id=? I'm guessing you do, but just checking because you didn't mention it...

  384. Sjoerd

    Kev: we do

  385. Kev

    Jolly good :)

  386. Dave Cridland

    Sjoerd, It's because I think you're the first people to seriously use my '55 code remotely.

  387. Sjoerd

    fair enough ;)

  388. emilio.pozuelo

    Dave Cridland: if you want you can open it for remote connections and I'll find all the bugs ;)

  389. Dave Cridland

    emilio.pozuelo, Oh, it's certainly opened, but the problem is that the accounts aren't searchable by default from remote connections (ie, they won't appear in results)

  390. Dave Cridland

    emilio.pozuelo, It's done this way so that in an enterprise setting, everyone can be searchable locally, but some people (sales staff, perhaps) can be searchable remotely. Or so that a large public server could have a purely opt-in search.

  391. Asterix has joined

  392. emilio.pozuelo

    Dave Cridland: oh, I see

  393. emilio.pozuelo

    so you can make people be searchable from the outside on a case by case basis?

  394. Dave Cridland

    Yes.

  395. Dave Cridland

    emilio.pozuelo, Controlled by an ad-hoc they can use.

  396. Dave Cridland thinks standardizing the user prefs ad-hoc would actually be rather useful.

  397. zash

    Dave Cridland: nice

  398. emilio.pozuelo

    Dave Cridland: so perhaps you can set a couple of test accounts to be searchable from the outside?

  399. Dave Cridland

    Try now.

  400. emilio.pozuelo

    with emilio.pozuelo ?

  401. Dave Cridland

    Actually, hang on, and I'll fix that bug.

  402. Dave Cridland

    OK. Remote searching should now work *and* have results. Search for a Family Name of *a*, for instance.

  403. emilio.pozuelo tries

  404. emilio.pozuelo has left

  405. MattJ

    Dave Cridland, I agree re. user prefs - I plan to do the same thing in Prosody

  406. Dave Cridland

    MattJ, XEP-tastic, then. I'll draft something up.

  407. emilio.pozuelo has joined

  408. emilio.pozuelo

    \o/ it works! :D

  409. Dave Cridland

    emilio.pozuelo, Thanks for the help.

  410. Kev

    MattJ / Dave Cridland: The vague problem here is that user prefs really are ad-hoc, all servers are going to support different ones, I'd have thought.

  411. Kev

    Unless you're intending some 'more defined than ad-hoc, but still undefined' thing.

  412. MattJ

    Indeed, I don't think Prosody would define /any/ in core, it would depend on loaded modules

  413. zash

    Just a registry so people can use the name var-names ?

  414. zash

    for the same functions *

  415. zash

    (like muc config forms)

  416. MattJ

    That might work - for many of them

  417. Dave Cridland

    Kev, I'm not so sure. We can have a specific well-known command, so that clients can place it into the UI, much like vCard editing. And well-known field-names allow common options, even if servers also support others (and may not support those)

  418. Kev

    Just having the user config commands on a different node from server admin commands would be fairly nice.

  419. Dave Cridland

    MattJ, Oh, forgot to ask - prosody8 - S2S 198 enabled?

  420. MattJ

    eh, no - dare I? I wonder :)

  421. Dave Cridland

    MattJ, Worth a go, I think. mlinktrunk should work with it.

  422. Dave Cridland

    MattJ, And if we spin up a Swift on both prosody8 and mlinktrunk, that'd mean we could have an end-to-end 198 chat.

  423. MattJ

    :)

  424. Dave Cridland

    Simon Josefsson, You about?

  425. MattJ

    Bouncing prosody8

  426. MattJ

    Should have 198 now

  427. MattJ

    Signing in with Swift

  428. Kev cheers

  429. MattJ

    Actually I think I ought to update it first

  430. MattJ

    Locked up on sign-in :)

  431. MattJ

    Oh no, it's back

  432. MattJ

    Just acting oddly

  433. MattJ

    Aye, HEAD pre beta7 :)

  434. Kev

    Are you on something Ubuntuy?

  435. Kev

    If so, there are nightlies you could use.

  436. Kev

    Saves the effort of compiling it.

  437. MattJ

    Ooh, that would be nice

  438. Kev

    Lucid or Maverick?

  439. MattJ

    It does take an age to compile on here

  440. MattJ

    Lucid

  441. Kev

    deb http://swift.im/packages/ubuntu/lucid development main

  442. Kev

    https://www.swift.im/keys/packages.key

  443. Florian has left

  444. Dave Cridland

    For the record, Simon Josefsson and I have just successfully interop tested SCRAM-SHA1-PLUS with channel bindings.

  445. MattJ

    Nice :)

  446. Dave Cridland

    remko, Kev - time to update Swift to do Channel bindings too?

  447. MattJ

    Tobias is working on channel binding, but not ready yet

  448. MattJ

    !slap Kev

  449. Kanchil slaps Kev with large trout

  450. remko

    btw, swift beta8 will not do the tls checking

  451. MattJ

    I have terminals in one workspace, and chat clients on another

  452. remko

    neither do the development versions btw, i commented the check, because we need a gui for trusting a cert

  453. MattJ

    when I start any client from the terminal, I hit enter and switch to the right workspace

  454. MattJ

    Swift is the only one that appears before I can switch

  455. Simon Josefsson

    Thanks Dave. I'm going to do a stable GNU SASL release with SCRAM-SHA-1-PLUS in it now.

  456. remko

    MattJ: heh :)

  457. zash

    MattJ: dmenu!

  458. remko

    Dave Cridland: as soon as i understand what channel bindings are ;-)

  459. MattJ

    Dave Cridland, ok, matthew@prosody8.xmpptest.com is c2s and s2s 198-enabled

  460. stpeter has joined

  461. Dave Cridland

    remko, They're little leather straps to hold the channel in place.

  462. Dave Cridland

    remko, Very fashionable.

  463. remko

    oo, sounds compelling

  464. remko

    will this require us to use GNU SASL?

  465. remko

    or cyrus or whatever

  466. zash

    GNU SASL?

  467. remko

    any external SASL library

  468. Dave Cridland

    remko, No, Polymer implements its own, for instance.

  469. remko

    ic

  470. Dave Cridland

    remko, You just need to get the channel binding name for the TLS channel, which you do by getting the Finished messages from OpenSSL, basically.

  471. remko

    *nod*

  472. Dave Cridland

    http://tools.ietf.org/html/rfc5929#section-3 <- that's the channel binding code. SSL_get_finished() will do it if you're not doing session resumption.

  473. Dave Cridland

    MattJ, OK, so admin@mlinktrunk.xmpptest.com sent you a subscription request. I see 198 enabling on S2S, and an ack coming back.

  474. remko

    Dave Cridland: cool, thanks

  475. MattJ frowns

  476. MattJ

    Swift stopped repainting for some reason, works again now

  477. MattJ

    198 is nice, makes me want to use it for my main account...

  478. emilio.pozuelo has left

  479. Flo

    +1

  480. Kev

    MattJ: You'll have to switch to Swift. Like you promised :)

  481. Asterix

    ho! Are you going to do infidelity to Gajim? ;)

  482. Dave Cridland

    Asterix, We'll just add 198 to Gajim, don't worry.

  483. remko has left

  484. Asterix

    :)

  485. emilio.pozuelo has joined

  486. Dave Cridland

    MattJ, Right, so I know what the issue was with our last test, now. M-Link doesn't request acks with every stanza, only when the link is idle - it's really hoping that you'll proactively ack stanzas, to reduce bandwidth.

  487. emilio.pozuelo has left

  488. emilio.pozuelo has joined

  489. emilio.pozuelo has left

  490. MattJ

    Dave Cridland, well I won't :)

  491. Dave Cridland

    MattJ, So in our original tests, we simply never left the link idle for longer than a minute for M-Link to decide to requst an ack. The strategy works well for C2S links where there's traffic in both directions, but not so well on unidirectional S2S links.

  492. MattJ

    Right

  493. Dave Cridland

    MattJ, Right - on unidirectional links there's little benefit, since you're never "writing anyway".

  494. MattJ

    and if you did resumption, this wouldn't be an issue

  495. emilio.pozuelo has joined

  496. Dave Cridland

    MattJ, No, it'd still be an issue - we're building up a massive stash of unacked stanzas. :-)

  497. MattJ

    Not a protocol issue :)

  498. Dave Cridland

    Right.

  499. Dave Cridland

    So, let me test that we are *ever* asking for acks...

  500. Dave Cridland

    There, we are. So I can fix this behaviour simply.

  501. emilio.pozuelo has left

  502. Sjoerd has left

  503. sjoerd.simons has joined

  504. Dave Cridland

    OK, so that fix works.

  505. Dave Cridland

    So, Me <-- 198/C2S --> mlinktrunk <-- 198/S2S --> prosody8 <-- 198/C2S --> MattJ

  506. Dave Cridland

    Mission accomplished. :-)

  507. MattJ

    I'd reply if Swift was responding :)

  508. MattJ

    I can't work out what it's up to

  509. Dave Cridland

    MattJ, Oh. Kill it and make it work, otherwise it's a little tricky to describe this as an actual success.

  510. emilio.pozuelo has joined

  511. emilio.pozuelo has left

  512. stpeter

    hmph, I love it how certain services don't let you have passwords longer than 20 characters

  513. Dave Cridland

    stpeter, My gripes are usually the exact opposite.

  514. stpeter

    I create 28-character passwords

  515. Dave Cridland

    stpeter, "Please supply an unusual password that you cannot remember and will have to write down somewhere."

  516. steve.kille has left

  517. stpeter

    well, all for naught -- I can't log into Skype from my current location anyway ;-)

  518. stpeter

    how's the 198 interop?

  519. zash

    stpeter: \o/ skype must die! ;)

  520. stpeter

    I need to review the list threads and the submitted patch for that one

  521. stpeter

    zash: indeed

  522. Dave Cridland

    stpeter, Getting there.

  523. zash

    Is there tools for killing a TCP from under the server/client[s]?

  524. Dave Cridland

    zash, I used to have some. They were fun. I suppose I still could use those, by sitting on the router. In the good old days, people trusted RST packets wherever they actually came from, as long as the addresses looks okay.

  525. Dave Cridland

    Of course, when I say "good"...

  526. steve.kille has joined

  527. emilio.pozuelo has joined

  528. emilio.pozuelo has left

  529. emilio.pozuelo has joined

  530. emilio.pozuelo has left

  531. emilio.pozuelo has joined

  532. emilio.pozuelo has left

  533. remko has joined

  534. remko

    right, let's see what this interop thing is all about

  535. emilio.pozuelo has joined

  536. MattJ

    remko, you need an account on prosody8?

  537. remko

    yes please

  538. MattJ

    k

  539. remko

    well

  540. remko

    whatever prosody you want me to test against :)

  541. MattJ

    Done

  542. Flo has left

  543. emilio.pozuelo has left

  544. remko

    prosody and mlink = success

  545. emilio.pozuelo has joined

  546. remko

    seeing some interesting problems with notls and ejabberd, the interop is already a success :)

  547. emilio.pozuelo has left

  548. emilio.pozuelo has joined

  549. steve.kille

    Is someone going to write up the client results so far?

  550. steve.kille

    The client Wiki looks very blank

  551. remko

    i just started with swift

  552. remko

    i'm going to write it up when i'm done

  553. steve.kille

    lovely

  554. steve.kille

    Are you the only client?

  555. zash

    Asterix with Gajim too

  556. remko

    many others are subscribed at least

  557. remko

    the client stuff was only published today i think

  558. remko

    brb

  559. remko has left

  560. zash

    and telepathy, and some other

  561. Kev

    remko: I put the up client tests yesterday morning at the same time as the server ones :)

  562. emilio.pozuelo has left

  563. emilio.pozuelo has joined

  564. remko has joined

  565. emilio.pozuelo has left

  566. badlop

    fippo: you asked yesterday: [2010-12-08 22:30:30]<fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from ejabberd21.xmpptest.com?

  567. badlop

    that works for me now, can you verify?

  568. fippo

    badlop: works

  569. badlop

    ok, thanks

  570. sjoerd.simons has left

  571. sjoerd.simons has joined

  572. remko has left

  573. remko has joined

  574. sjoerd.simons has left

  575. Florob has joined

  576. remko

    what's this notls.xmpptest.com about?

  577. remko

    is this a server, or are the servers in the subdomain?

  578. Florob

    remko, that's a server AFAIK.

  579. remko

    it's not serving the domain though

  580. Kev

    It's a server that MattJ hasn't set up yet.

  581. remko

    if i connect to notls.xmpptest.com, it says that it's not serving that domain

  582. remko

    ok

  583. remko

    interesting enough, this is triggering a bug :)

  584. remko

    so, anyone from psyced or tigase around?

  585. fippo

    remko: yep

  586. remko

    fippo: could i get an account on psyced?

  587. fippo

    remko: sure, but unless swift does irc it won't be very useful :-)

  588. remko

    oh, is that an irc server

  589. remko

    my bad :)

  590. remko

    i was wonderng why i hadn't heard of it :)

  591. remko has left

  592. remko has joined

  593. zash has left

  594. Zash has joined

  595. Tobias has joined

  596. Florian has joined

  597. remko has left

  598. Florob has left

  599. Florob has joined

  600. Florob has left

  601. Tobias has left

  602. stpeter has left

  603. badlop has left