-
Kev
Good morning, good morning, good morning, good morning, good morning.
-
Kev
Ok, so, is everyone ok with the plan for today?
-
Kev
Set all the test machines to require TLS, check the pings again.
-
Kev
And I'll set up the machines with invalid certs, ready for tomorrow.
-
Kev
That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted.
-
remko
all: can i get an account swift / swift on all servers?
-
Kev
The idea of not putting the account details on that page was so we didn't have public records of the logins.
-
remko
*sigh*
-
remko
seriously, for an interop of one week?
-
remko
ok then :)
-
Kev
They're all openly federating.
-
Kev
If they weren't, it wouldn't be a problem.
-
remko
ah, i was assuming they weren't
-
Kev
That would mean quite some effort for the server vendors.
-
remko
true
-
remko
client certificates are the future :)
-
Kev
Yes, I considered adding those to the test plan, but I don't think anyone other than M-Link supports them. If any other servers do, I'm happy to add it to the plan.
-
remko
it would be handy to have MUC nicks on the page to know who to ask for logins :)
-
Kev
fippo is psyced (no C2S, I believe), badlop is ejabberd, MattJ/waqas are Prosody, Dave Cridland is M-Link, Florian is Tigase.
-
badlop
remko: ejabberd21 has IBR with CAPTCHA
-
remko
badlop: swift doesn't do IBR yet :)
-
badlop
i'll create now, but you should use an alternative client for the features your client doesn't yet support
-
badlop
is Test 2 right now, or are we still in Test 1? Test 2 (Thursday). Requiring TLS on all s2s connections on all servers
-
Kev
badlop: Test 2 would be good, please.
-
Kev
badlop: Ok, so, is everyone ok with the plan for today? Kev @ 9:15 Set all the test machines to require TLS, check the pings again. 9:15 And I'll set up the machines with invalid certs, ready for tomorrow. 9:15 That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted. 9:16
-
badlop
remko: account created
-
remko
badlop: super, thanks a lot!
-
badlop
ejabberd21 s2s requires TLS, with a preliminary patch i wrote yesterday, let's hope it works
-
badlop
set the topic to
XMPP Interop Event | 6th - 11th December 2010 | http://wiki.xmpp.org/web/Interop | right now: Test 2 (s2s require TLS)
-
badlop
oh, no room admin here to add to the room subject: | right now: Test 2 (s2s require TLS)
-
Dave Cridland
badlop, Yes, PSA mentioned that.
-
Dave Cridland
Morning all, BTW.
-
Dave Cridland
So, mlinkrelease can't require TLS. It can require a valid cert (ie, one that the chain terminates in a trust anchor), but that's it.
-
Tobias
Dave Cridland: what's the difference? meaning you can't require TLS with an invalid cert or what?
-
Dave Cridland
Well, if you don't do TLS at all, that's still fine. :-)
-
Tobias
ah, right :)
-
Kev
Ok, I've put up the results stubs for today's tests for severs.
-
Dave Cridland
Anyone desperate to go first?
-
Kev
You started the trend yesterday.
-
Dave Cridland
'kay
-
Dave Cridland
SO let's go.
-
Dave Cridland
So am I even attempting to test mlinkrelease?
-
Kev
Testing against it, but not testing it, according to the wiki page :)
-
Dave Cridland
Kev, Is notls up and running?
-
Kev
Matt was going to do that yesterday, I don't know if he did.
-
Kev
Shouldn't be hard to work out, should it?
-
Dave Cridland
Well, I get an error from mlinkrelease.
-
Dave Cridland
host-unknown.
-
Dave Cridland
So that needs to be up later. The problem is that unless this is running, we can't really test that we're unable to connect to it.
-
Kev
This is true.
-
Dave Cridland
Well. Not up later, up now, really. But we'll all have to do the negative testing against it later, I suppose.
-
Dave Cridland
But anyway, my first lot of results are (unsuprisingly) that mlinkrelease can still connect to everyone.
-
Kev
The telnet says: <stream:stream id='' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xmlns='jabber:server'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This host does not serve notls.xmpptest.com</text></stream:error></stream:stream>
-
Kev
So yes, not up.
-
Dave Cridland
OK, mlinktrunk connects to everyone except tigasetrunk - which is expected, as tigasetrunk is actually the same as notls is meant to be.
-
Dave Cridland
So I suggest folk test against the full suite anyway.
-
Kev
Well, Tigase isn't quite what notls is meant to be.
-
Kev
notls is supposed to be XMPP, but not supporting starttls.
-
Kev
Tigase is doing jabber/0.9 only, isn't it?
-
Dave Cridland
It has the same effect.
-
Kev
It has the same effect for M-Link :)
-
Dave Cridland
OK, so I'm done anyway. Wiki updated.
-
Kev
I've updated the testing blurb to indicate that failure against tigasetrunk is required.
-
Dave Cridland
Anyone else having a go?
-
badlop
me, ejabberd21 works with all except tigase, as expected
-
Dave Cridland
badlop, Cool, so that patch you did yesterday works?
-
badlop
well, at least it doesn't break s2s
-
Kev
\o/
-
steve.kille
Should test 2 be including a server which does not support TLS, and tries to connect to the other servers. It should be required (of the other servers) that they refuse the connection#
-
Kev
Yes, and it does.
-
badlop
you mean, if tigase were able to connect to any other now, then there's a bug in that other
-
Kev
notls (to be set up later when Matt gets up) will be XMPP 1.0 without TLS, and tigasetrunk is XMPP 0.9/Jabber without TLS.
-
badlop
i think steve.kille refers to testing s2s from notls-server --> supposedly-tls-required
-
Kev
Right, but that's required to get the iq result.
-
Kev
Doing an ping from one server to another requires the setup of streams both ways.
-
steve.kille
Kev: I think it would be helpful to clarify thing shojuld not work wiht notls, irrespective of wo initiates.
-
Dave Cridland
This is true, unless bidi is involved.
-
Dave Cridland
We can do that one notls is actually up.
-
Dave Cridland
once.
-
Kev
steve.kille: Both parties always initiate (unless bidi is involved).
-
Dave Cridland
Kev, Yes, but it won't hurt to test.
-
Dave Cridland
Kev, At least one implementation supports bidi, after all.
-
fippo
btw: I tested ssl2 this morning
-
fippo
mlinktrunk, mlinkrelease, prosody and psyced kill the connection, ejabberd does not (yet?) work with that s_client version
-
Dave Cridland
Really? I thought we accepted it on inbound, still.
-
fippo
the v2 client hello probably is
-
Dave Cridland
fippo, Oh, for sure. But I thought we allowed the protocol inbound too.
- fippo checks again
-
fippo
indeed, it fails differently - but still fails
-
Dave Cridland
Well, no SSLv2 in my logs, certainly.
-
Florian
remko: In-Band Registration is enabled :)
-
Dave Cridland
Florian, Want to see if you can reach anyone from tigasetrunk?
-
wjt
so, does anyone have a xep-0055 directory set up on their interop test-y server?
-
Kev
Well, he probably can still reach Prosody, because Matt / waqas aren't about yet.
-
badlop
like vjud.ejabberd21.xmpptest.com ? but s2s to it doesn't work
-
Kev
badlop: Just because of DNS? I don't mind putting up a record.
-
wjt
badlop: for instance! i've not been keeping up with this week—have some kind of plague—but presumably we could also register test accounts on ejabberd21.x.c
-
Kev
I expect Dave Cridland could also be persuaded to enable -55 on mlinktrunk
-
Dave Cridland
Kev, I think it is, actually.
-
Dave Cridland
Kev, But probably defaulting to local-searches only.
-
Kev
I expect Dave Cridland will have enabled -55 on mlinktrunk.
-
wjt
well, that's grand. let's see if i can get pochu in here... :)
-
Dave Cridland
wjt, Our '55 basically allows users to opt-in or opt-out - there's three settings (never visible, visible in local searches, and visible in all searches) plus a default if they don't express a preference.
-
wjt
how do you choose this setting?
-
Dave Cridland
wjt, Ad-Hoc.
-
wjt
my very favourite xep
-
Florian
why wouldn't I be able to reach people?
-
wjt
which we might actually implement support for in the new year
-
Kev
Florian: Because today's tests require TLS for s2s.
-
Dave Cridland
wjt, M-Link's had ad-hoc controlled user preferences for ages, we use them currently to alloow auto-subscribe, control offline message settings, etc.
-
Florian
ah
-
Kev
See the test plan :)
-
wjt
Dave Cridland: Oh, I'm sure lots of servers do
-
Florian
we have a test plan?
-
wjt
Dave Cridland: doesn't mean I like it very much ;-)
-
Dave Cridland
Florian, So if you can reach anyone, then they're broken.
-
Kev
Yes, it's on the wiki page.
-
wjt
but I've softened in my opinion on these matters in recent months
-
Kev
Dave Cridland: Broken, or haven't changet their config for today yet.
-
Florian
ok :)
-
Kev
wjt: Ad-hoc as a concept is great, as a protocol is fine, and as a XEP is lacking.
-
Kev
You're free to disagree with me, of course, everyone has the right to be wrong :)
-
Florian
mlinktrunk is broken
-
Kev
Florian: See the note that says that mlinktrunk isn't participating today :)
-
Dave Cridland
Kev, I think wjt doesn't like the lack of i18ness.
-
wjt
Kev: I think it's hard to make UIs for ad-hoc-style random-dialog-boxes-from-the-server beautiful
-
Kev
wjt: Yes, that's right. For things that aren't really ad-hoc, we have profiles so you can know what to expect (RC, Server admin, for example).
-
wjt
i18n is a secondary concern, but this one i really don't mind that much about: in practice, if you're using a server, you probably speak (one of the) same language(s) as its administrator
-
Florian
it says mlinkrelease isn't participating?!
-
Florian
mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.
-
Kev
Right :)
-
Kev
So that'll participate again tomorrow when we require TLS and full cert checking for s2s.
-
Florian
because I can connect to mlinktrunk
-
wjt
Kev, sure, and that's one of the reasons I've softened my opinion on them :)
-
Kev
Oh, mlink*trunk*
-
Florian
yes :)
-
Florian
[11:59:00] <Florian> mlinktrunk is broken :)
-
Kev
Dave Cridland: !
-
wjt
Kev: for the common cases, we can do something nice; for uncommon cases, whatever, it's your own fault for doing weird stuff
-
Kev
Sorry, I just read mlinkrelease without paying attention, my bad.
-
Florian
:)
-
Florian
I guess service discovery shouldn't work
-
Florian
as that's S2S
-
Kev
Correct.
-
Florian
right :)
-
Florian
so yeah ... trunk is broken :)
-
Kev
Although you may need to bounce the server to cancel any existing s2s sessions first, possibly.
-
Florian
ah
-
Kev
Dave Cridland will know if he already did that with mlinktrunk, it's his test server.
-
Florian
interesting ...
-
Florian
Prosody8 gives me a disco title (Server name)
-
Florian
but no contents
-
Florian
right .. the rest fails
-
fippo
florian: it's trying to reconnect rather often (every five seconds)
-
Florian
still now?
-
fippo
yes... let's see if closing the port on my side will stop that
-
Dave Cridland
Oh. So I read Florian's message as saying mlinktrunk was *correctly* broken, but what he meant was it's working.
-
Dave Cridland
Florian, Ah. WHat server were you connecting *from*?
-
Florian
fippo: it tries to reconnect for a few minutes and then gives up
-
Florian
jabber.me
-
Florian
same host as tigasetrunk
-
Dave Cridland
Right, but different domain.
-
Florian
right
-
Florian
ah ... domain limited?
-
Dave Cridland
I'd configured mlinktrunk to require TLS from *.xmpptest.com
-
Florian
ok
-
Florian
let me test it from there :)
-
Dave Cridland
(Because mlinktrunk is also a vhost)
-
Florian
:)
-
Florian
Tigase might have S2S TLS by the end of the week
-
Kev
Perhaps it can pass tomorrow's tests then :)
-
Dave Cridland
Given that we all fail tomorrow's tests...
-
Florian
yup ... mlinktrunk now fails too :)
-
Dave Cridland
\o/
-
Kev
Dave Cridland: We all fail *some* of tomorrow's tests, I don't think that stops it being worth testing that everyone passes the bits they think they do.
-
Florian
so the expected result :)
-
Dave Cridland
Kev, Right. Or our X.509 team might fix the interesting bug we have. (Which is actually in Sodium CA).
-
emilio.pozuelo@collabora.co.uk
hi! I'm implementing contact search in empathy (a client using the Telepathy framework) and wanted to test if it's working... can anybody tell me a server I can test it? thanks!
-
Dave Cridland
mlinktrunk.xmpptest.com has '55 available on the IM domain.
-
wjt
emilio.pozuelo@collabora.co.uk: there's a big list o' servers on the wiki page
-
Dave Cridland
emilio.pozuelo@collabora.co.uk, Want to use gabble with password gabble?
-
emilio.pozuelo@collabora.co.uk
Dave Cridland: gabble, yes. No idea about the password :)
-
emilio.pozuelo@collabora.co.uk
wjt: thanks, checking
-
wjt
emilio.pozuelo@collabora.co.uk: (also, if you set an alias in Edit → Personal Information in Empathy, you'll get a nicer nickname in this room next time you join, and look better on people's rosters, too :) )
-
emilio.pozuelo@collabora.co.uk
wjt: I've actually done that twice I think... I wonder why it's not saving it :(
-
wjt
oh, yeah... there's a bug where sometimes the aliases get lost and i don't know why :'(
- emilio.pozuelo@collabora.co.uk restarts empathy to test contact search
-
Dave Cridland
emilio.pozuelo, I'll restart that server in a moment, just to warn you.
-
Dave Cridland
Well, that's interesting. I seem to be failing against ejabberd21
-
Dave Cridland
Ah! In fact, I failed this morning, when I look closer. Must have misread.
-
Dave Cridland
No features, so no TLS: (13:26:35) Send (214) <?xml version='1.0'?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='ejabberd21.xmpptest.com' from='mlinktrunk.xmpptest.com' version='1.0'> (13:26:35) Recv (155) <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='855227178'>
-
Dave Cridland
I get TLS inbound, but not outbound.
-
Kev
badlop: ^
-
fippo
while wondering why I did not fail I found a bug :-)
-
Dave Cridland
Wow, you get bugs too?
-
fippo
I did not assume that tls would be only used in one direction and not in the other
-
fippo
we should get rid of this unidirectional nonsense, that just makes life harder :-)
-
Dave Cridland
Okay, so my CRL checking is now working.
-
emilio.pozuelo
o/
-
zash
\o
-
emilio.pozuelo
so I'm testing contact search (XMPP 055) on mlinktrunk.xmpptest.com, but I get this error from telepathy-gabble
-
emilio.pozuelo
server is broken: <x> not type='form'
-
Kev
If anyone wants to test against the 'bad' servers, (mismatchcert|revokedcert|selfcert).xmpptest.com are all up. selfcert isn't yet.
-
Dave Cridland
emilio.pozuelo, Ah, okay... Can you tell me what XML you're seeing?
-
emilio.pozuelo
Dave Cridland: http://people.collabora.co.uk/~pochu/gabble-log-mlinktrunk.xmpptest.com.log
-
emilio.pozuelo
Dave Cridland: with our server I didn't get that error (though I got no results): http://people.collabora.co.uk/~pochu/gabble-search-debug.log
-
fippo
Kev: what are we supposed to do with in todays setup?
-
fippo
with those
-
Kev
Nothing.
-
Kev
That was purely for if people wanted to have a play in advance of tomorrow.
-
fippo
Kev: I wondered if they should fail for todays test, too
-
Kev
No, they should all pass for today's tests.
-
Kev
Or, rather.
-
Kev
With today's configuration, they should all connect. I don't think it's important to test that they do, though.
-
fippo
I tend to disagree when it comes to the mismatched cert :-)
-
Kev
fippo: Right, the point of today was to check that all servers 'can do TLS', and the point of tomorrow is to check that they 'can do TLS right'.
-
Kev
The point of today wasn't really to test that the 'can do TLS wrong'.
-
emilio.pozuelo
Dave Cridland: do you see anything wrong on the server side, or do you think the client is wrong when reporting that error?
-
wjt
the type='' attribute is missing from the <x xmlns='...data'/> element returned by the server
-
Dave Cridland
emilio.pozuelo, Hang on, be with you in a sec.
-
emilio.pozuelo
wjt: aha, I see
-
wjt
<xs:attribute name='type' use='required'>
-
wjt
so mlink is violating XEP-0004
-
Dave Cridland
I am the violator. Muahahaha. Etc.
-
fippo
Kev: aye. That reminds me that next time i'll bring a server which will fail unless you send a tlsv1 client hello (good for making sure we don't have servers that do not get s2s-tls-compression)
-
wjt
how many of the test servers support in-band registration (as opposed to Dave-creates-an-account registration)? maybe emilio.pozuelo could try some others :)
-
Dave Cridland
fippo, You get compression with SSLv3 Hello, too.
-
fippo
dave: :-p
-
Dave Cridland
emilio.pozuelo, Yeah wjt's right, I'm not sending a type on that form.
-
emilio.pozuelo
Dave Cridland: ok. glad to have contributed my part to find a bug :)
-
Dave Cridland
emilio.pozuelo, Should be fixed now. I think. :-)
-
emilio.pozuelo
cool
- emilio.pozuelo tries again
-
emilio.pozuelo
Dave Cridland: yay
-
emilio.pozuelo
:D
-
Dave Cridland
emilio.pozuelo, Works now?
-
emilio.pozuelo
Dave Cridland: I get the form correctly now, not getting any results though
-
Dave Cridland
emilio.pozuelo, Ah... I thought it should be working. One sec, let me check the settings,
-
emilio.pozuelo
I'm searching for "a"
-
emilio.pozuelo
maybe it's not doing substring searches?
-
emilio.pozuelo
thanks
-
Kev
You need a wildcard for a substring search.
-
Dave Cridland
It's not, actually. That was intentional, but everyone seems to disagree with me. :-)
-
emilio.pozuelo
heh
-
Kev
Including me.
-
Dave Cridland
Also searchability default was set to off. So let's change that.
-
Kev
I'm dubious of the value of search systems that require you to know what the result will be before you can find it.
-
Dave Cridland
OK, that should have updated. Try searching for yourself.
-
Kev
:)
-
zash
for char in {a..z}; do search $char*; done # userdb acquired
-
Kev
zash: There's an assumption that server admins aren't likely to be enabling this for global search on the Internet :)
-
Dave Cridland
zash, Nah, wouldn't find all the Russians.
-
emilio.pozuelo
Dave Cridland: I cannot find myself, heh :)
-
Dave Cridland
emilio.pozuelo, Oh, bugger. I'll look after I've done the school run.
-
emilio.pozuelo
Dave Cridland: sure. thanks!
-
Dave Cridland
Oh, that's annoying, sorry. It's finding people as an operator, so it';s a permissioning issue. I'll look into this properly in about an hour.
-
emilio.pozuelo
argh, none of the other servers seem to support XEP-0055
-
emilio.pozuelo
Dave Cridland: ok. ping me when you've looked at it and I'll be happy to test again :)
-
Dave Cridland
emilio.pozuelo, THey may do on a different service domain, though? M-Link's unusual in putting it on the actual IM domain.
-
emilio.pozuelo
Dave Cridland: no idea... I'm trying the servers mentioned in http://wiki.xmpp.org/web/Interop#2010_Server_Interop_Participation
-
zash
at least ejabberd usualy has it on a subdomain, and prosody doesnt have it at all
-
badlop
vjud.ejabberd21 works for local users, it has at least vcard of user "badlop", but fails over s2s due to missing dns i think
-
badlop
Dave Cridland: I seem to be failing against ejabberd21 <-- fixed that problem, now it advertizes 1.0 and starttls feature
-
fippo
badlop: works for me with tls on both connections
-
fippo
and fails with ssl2 :-)
-
Dave Cridland
badlop, Brilliant, I'll retest in a sec.
-
Dave Cridland
[15:47:57] Ping? [15:47:59] Pong! (2.39 s.)
-
Dave Cridland
\o/ ejabberd21 works. Now have a clean sweep.
-
Kev
So that's everyone except Prosody, and I see we have a MattJ now, so hopefully that will follow.
-
MattJ
Indeed
-
MattJ
Sorry my presence is a bit sporadic, family member ill
-
Kev
Sorry to hear it.
-
MattJ
As long as I'm not coming down with it, I'll get the tests done shortly... :)
-
steve.kille
Did we hear back from any other servers (I was thinking specifically of Openfire and Coversant)
-
sjoerd.simons@collabora.co.uk
steve.kille: i was unrelatedly talking to an openfire developer last week, he said they unfortunatly didn't have time to join the interop event this week
-
steve.kille
pity
-
Dave Cridland
emilio.pozuelo, So, you can now find things in XEP-0055. SEarching for, for example "collabora" as the surname will find your account. Or search for "cridland", or "*a*" or whatever.
-
Dave Cridland
emilio.pozuelo, But FWIW, there's a surname on every account in the system, thanks to the X.500 DSA that requires every person to have a surname.
-
wjt
I know someone who doesn't have a surname. :P
-
Dave Cridland
wjt, They cannot exist. X.500 is all-knowing.
-
zash
Haha
-
Dave Cridland
wjt, emilio.pozuelo - Can Gabble/Telepathy/Empathy do strong authentication, by the way?
-
wjt
Dave Cridland: pass. I assume “strong” is a mechanism? :p
-
Dave Cridland
wjt, emilio.pozuelo - As in, can I give it a client certificate for use with TLS?
-
wjt
Sjoerd: ^^ you had a cunning plan for something related to this?
-
wjt
Dave Cridland: I don't thing so currently
-
Dave Cridland
wjt, Sorry, being all X.509y. X.509 defined two kinds of authentication "Simple" - username and password - and "Strong" - certificates.
-
Sjoerd
client certificates for autentication ? no we don't do that
-
emilio.pozuelo
Dave Cridland: hmm, doesn't seem to be working yet :( http://fpaste.org/f3Dp/
-
emilio.pozuelo
this looks suspicious:
-
Dave Cridland
Does anyone else? (I know Swift does, and Gajim might)
-
emilio.pozuelo
gabble/connection-DEBUG: 09/12/10 17:07:01.372524: connection_iq_unknown_cb: got unknown iq:
-
fippo
dave: iirc, exodus supports it too
-
wjt
emilio.pozuelo: now that sounds like a gabble bug :)
-
emilio.pozuelo
wjt: will you look at it for me? :)
-
Sjoerd
mlink doesn't set type=result in the iq
-
wjt
nor it does. okay, not our bug again :D
-
Dave Cridland
Wow. Okay, that's fun. I wonder why nothing else has spotted that one?
-
emilio.pozuelo
oh
-
Sjoerd
* x xmlns='jabber:x:data' type='result'
-
Sjoerd
seems like the attribute is added to the wrong node... ?
-
wjt
no, that's correct
-
Dave Cridland
Sjoerd, No, that's a form type. Meant to be there.
-
Sjoerd
ah ok
- Sjoerd doesn't know data forms
-
Sjoerd
just seemed suspicious
-
Sjoerd
I'm gonna guess nobody noticed it because we're the only ones pedantic enough to both check type=result and the id matching instead of just matching the id?
- wjt is out of here to do some anti-plague sleeping
-
Dave Cridland
emilio.pozuelo, Ah! You're doing this from a remote account, right.
-
emilio.pozuelo
Dave Cridland: yes, from a collabora.co.uk one
-
Dave Cridland
emilio.pozuelo, Not tried that much. So yes, you won't find much (because it's local-only by default) and yes, there is indeed a bug there. Use gabble@mlinktrunk.xmpptest.com password gabble
-
Kev
Sjoerd: Do you check the from= as well as type= and id=? I'm guessing you do, but just checking because you didn't mention it...
-
Sjoerd
Kev: we do
-
Kev
Jolly good :)
-
Dave Cridland
Sjoerd, It's because I think you're the first people to seriously use my '55 code remotely.
-
Sjoerd
fair enough ;)
-
emilio.pozuelo
Dave Cridland: if you want you can open it for remote connections and I'll find all the bugs ;)
-
Dave Cridland
emilio.pozuelo, Oh, it's certainly opened, but the problem is that the accounts aren't searchable by default from remote connections (ie, they won't appear in results)
-
Dave Cridland
emilio.pozuelo, It's done this way so that in an enterprise setting, everyone can be searchable locally, but some people (sales staff, perhaps) can be searchable remotely. Or so that a large public server could have a purely opt-in search.
-
emilio.pozuelo
Dave Cridland: oh, I see
-
emilio.pozuelo
so you can make people be searchable from the outside on a case by case basis?
-
Dave Cridland
Yes.
-
Dave Cridland
emilio.pozuelo, Controlled by an ad-hoc they can use.
- Dave Cridland thinks standardizing the user prefs ad-hoc would actually be rather useful.
-
zash
Dave Cridland: nice
-
emilio.pozuelo
Dave Cridland: so perhaps you can set a couple of test accounts to be searchable from the outside?
-
Dave Cridland
Try now.
-
emilio.pozuelo
with emilio.pozuelo ?
-
Dave Cridland
Actually, hang on, and I'll fix that bug.
-
Dave Cridland
OK. Remote searching should now work *and* have results. Search for a Family Name of *a*, for instance.
- emilio.pozuelo tries
-
MattJ
Dave Cridland, I agree re. user prefs - I plan to do the same thing in Prosody
-
Dave Cridland
MattJ, XEP-tastic, then. I'll draft something up.
-
emilio.pozuelo
\o/ it works! :D
-
Dave Cridland
emilio.pozuelo, Thanks for the help.
-
Kev
MattJ / Dave Cridland: The vague problem here is that user prefs really are ad-hoc, all servers are going to support different ones, I'd have thought.
-
Kev
Unless you're intending some 'more defined than ad-hoc, but still undefined' thing.
-
MattJ
Indeed, I don't think Prosody would define /any/ in core, it would depend on loaded modules
-
zash
Just a registry so people can use the name var-names ?
-
zash
for the same functions *
-
zash
(like muc config forms)
-
MattJ
That might work - for many of them
-
Dave Cridland
Kev, I'm not so sure. We can have a specific well-known command, so that clients can place it into the UI, much like vCard editing. And well-known field-names allow common options, even if servers also support others (and may not support those)
-
Kev
Just having the user config commands on a different node from server admin commands would be fairly nice.
-
Dave Cridland
MattJ, Oh, forgot to ask - prosody8 - S2S 198 enabled?
-
MattJ
eh, no - dare I? I wonder :)
-
Dave Cridland
MattJ, Worth a go, I think. mlinktrunk should work with it.
-
Dave Cridland
MattJ, And if we spin up a Swift on both prosody8 and mlinktrunk, that'd mean we could have an end-to-end 198 chat.
-
MattJ
:)
-
Dave Cridland
Simon Josefsson, You about?
-
MattJ
Bouncing prosody8
-
MattJ
Should have 198 now
-
MattJ
Signing in with Swift
- Kev cheers
-
MattJ
Actually I think I ought to update it first
-
MattJ
Locked up on sign-in :)
-
MattJ
Oh no, it's back
-
MattJ
Just acting oddly
-
MattJ
Aye, HEAD pre beta7 :)
-
Kev
Are you on something Ubuntuy?
-
Kev
If so, there are nightlies you could use.
-
Kev
Saves the effort of compiling it.
-
MattJ
Ooh, that would be nice
-
Kev
Lucid or Maverick?
-
MattJ
It does take an age to compile on here
-
MattJ
Lucid
-
Kev
deb http://swift.im/packages/ubuntu/lucid development main
-
Kev
https://www.swift.im/keys/packages.key
-
Dave Cridland
For the record, Simon Josefsson and I have just successfully interop tested SCRAM-SHA1-PLUS with channel bindings.
-
MattJ
Nice :)
-
Dave Cridland
remko, Kev - time to update Swift to do Channel bindings too?
-
MattJ
Tobias is working on channel binding, but not ready yet
-
MattJ
!slap Kev
- Kanchil slaps Kev with large trout
-
remko
btw, swift beta8 will not do the tls checking
-
MattJ
I have terminals in one workspace, and chat clients on another
-
remko
neither do the development versions btw, i commented the check, because we need a gui for trusting a cert
-
MattJ
when I start any client from the terminal, I hit enter and switch to the right workspace
-
MattJ
Swift is the only one that appears before I can switch
-
Simon Josefsson
Thanks Dave. I'm going to do a stable GNU SASL release with SCRAM-SHA-1-PLUS in it now.
-
remko
MattJ: heh :)
-
zash
MattJ: dmenu!
-
remko
Dave Cridland: as soon as i understand what channel bindings are ;-)
-
MattJ
Dave Cridland, ok, matthew@prosody8.xmpptest.com is c2s and s2s 198-enabled
-
Dave Cridland
remko, They're little leather straps to hold the channel in place.
-
Dave Cridland
remko, Very fashionable.
-
remko
oo, sounds compelling
-
remko
will this require us to use GNU SASL?
-
remko
or cyrus or whatever
-
zash
GNU SASL?
-
remko
any external SASL library
-
Dave Cridland
remko, No, Polymer implements its own, for instance.
-
remko
ic
-
Dave Cridland
remko, You just need to get the channel binding name for the TLS channel, which you do by getting the Finished messages from OpenSSL, basically.
-
remko
*nod*
-
Dave Cridland
http://tools.ietf.org/html/rfc5929#section-3 <- that's the channel binding code. SSL_get_finished() will do it if you're not doing session resumption.
-
Dave Cridland
MattJ, OK, so admin@mlinktrunk.xmpptest.com sent you a subscription request. I see 198 enabling on S2S, and an ack coming back.
-
remko
Dave Cridland: cool, thanks
- MattJ frowns
-
MattJ
Swift stopped repainting for some reason, works again now
-
MattJ
198 is nice, makes me want to use it for my main account...
-
Flo
+1
-
Kev
MattJ: You'll have to switch to Swift. Like you promised :)
-
Asterix
ho! Are you going to do infidelity to Gajim? ;)
-
Dave Cridland
Asterix, We'll just add 198 to Gajim, don't worry.
-
Asterix
:)
-
Dave Cridland
MattJ, Right, so I know what the issue was with our last test, now. M-Link doesn't request acks with every stanza, only when the link is idle - it's really hoping that you'll proactively ack stanzas, to reduce bandwidth.
-
MattJ
Dave Cridland, well I won't :)
-
Dave Cridland
MattJ, So in our original tests, we simply never left the link idle for longer than a minute for M-Link to decide to requst an ack. The strategy works well for C2S links where there's traffic in both directions, but not so well on unidirectional S2S links.
-
MattJ
Right
-
Dave Cridland
MattJ, Right - on unidirectional links there's little benefit, since you're never "writing anyway".
-
MattJ
and if you did resumption, this wouldn't be an issue
-
Dave Cridland
MattJ, No, it'd still be an issue - we're building up a massive stash of unacked stanzas. :-)
-
MattJ
Not a protocol issue :)
-
Dave Cridland
Right.
-
Dave Cridland
So, let me test that we are *ever* asking for acks...
-
Dave Cridland
There, we are. So I can fix this behaviour simply.
-
Dave Cridland
OK, so that fix works.
-
Dave Cridland
So, Me <-- 198/C2S --> mlinktrunk <-- 198/S2S --> prosody8 <-- 198/C2S --> MattJ
-
Dave Cridland
Mission accomplished. :-)
-
MattJ
I'd reply if Swift was responding :)
-
MattJ
I can't work out what it's up to
-
Dave Cridland
MattJ, Oh. Kill it and make it work, otherwise it's a little tricky to describe this as an actual success.
-
stpeter
hmph, I love it how certain services don't let you have passwords longer than 20 characters
-
Dave Cridland
stpeter, My gripes are usually the exact opposite.
-
stpeter
I create 28-character passwords
-
Dave Cridland
stpeter, "Please supply an unusual password that you cannot remember and will have to write down somewhere."
-
stpeter
well, all for naught -- I can't log into Skype from my current location anyway ;-)
-
stpeter
how's the 198 interop?
-
zash
stpeter: \o/ skype must die! ;)
-
stpeter
I need to review the list threads and the submitted patch for that one
-
stpeter
zash: indeed
-
Dave Cridland
stpeter, Getting there.
-
zash
Is there tools for killing a TCP from under the server/client[s]?
-
Dave Cridland
zash, I used to have some. They were fun. I suppose I still could use those, by sitting on the router. In the good old days, people trusted RST packets wherever they actually came from, as long as the addresses looks okay.
-
Dave Cridland
Of course, when I say "good"...
-
remko
right, let's see what this interop thing is all about
-
MattJ
remko, you need an account on prosody8?
-
remko
yes please
-
MattJ
k
-
remko
well
-
remko
whatever prosody you want me to test against :)
-
MattJ
Done
-
remko
prosody and mlink = success
-
remko
seeing some interesting problems with notls and ejabberd, the interop is already a success :)
-
steve.kille
Is someone going to write up the client results so far?
-
steve.kille
The client Wiki looks very blank
-
remko
i just started with swift
-
remko
i'm going to write it up when i'm done
-
steve.kille
lovely
-
steve.kille
Are you the only client?
-
zash
Asterix with Gajim too
-
remko
many others are subscribed at least
-
remko
the client stuff was only published today i think
-
remko
brb
-
zash
and telepathy, and some other
-
Kev
remko: I put the up client tests yesterday morning at the same time as the server ones :)
-
badlop
fippo: you asked yesterday: [2010-12-08 22:30:30]<fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from ejabberd21.xmpptest.com?
-
badlop
that works for me now, can you verify?
-
fippo
badlop: works
-
badlop
ok, thanks
-
remko
what's this notls.xmpptest.com about?
-
remko
is this a server, or are the servers in the subdomain?
-
Florob
remko, that's a server AFAIK.
-
remko
it's not serving the domain though
-
Kev
It's a server that MattJ hasn't set up yet.
-
remko
if i connect to notls.xmpptest.com, it says that it's not serving that domain
-
remko
ok
-
remko
interesting enough, this is triggering a bug :)
-
remko
so, anyone from psyced or tigase around?
-
fippo
remko: yep
-
remko
fippo: could i get an account on psyced?
-
fippo
remko: sure, but unless swift does irc it won't be very useful :-)
-
remko
oh, is that an irc server
-
remko
my bad :)
-
remko
i was wonderng why i hadn't heard of it :)