interop - 2010-12-09

  1. Kev

    Good morning, good morning, good morning, good morning, good morning.

  2. Kev

    Ok, so, is everyone ok with the plan for today?

  3. Kev

    Set all the test machines to require TLS, check the pings again.

  4. Kev

    And I'll set up the machines with invalid certs, ready for tomorrow.

  5. Kev

    That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted.

  6. remko

    all: can i get an account swift / swift on all servers?

  7. Kev

    The idea of not putting the account details on that page was so we didn't have public records of the logins.

  8. remko


  9. remko

    seriously, for an interop of one week?

  10. remko

    ok then :)

  11. Kev

    They're all openly federating.

  12. Kev

    If they weren't, it wouldn't be a problem.

  13. remko

    ah, i was assuming they weren't

  14. Kev

    That would mean quite some effort for the server vendors.

  15. remko


  16. remko

    client certificates are the future :)

  17. Kev

    Yes, I considered adding those to the test plan, but I don't think anyone other than M-Link supports them. If any other servers do, I'm happy to add it to the plan.

  18. remko

    it would be handy to have MUC nicks on the page to know who to ask for logins :)

  19. Kev

    fippo is psyced (no C2S, I believe), badlop is ejabberd, MattJ/waqas are Prosody, Dave Cridland is M-Link, Florian is Tigase.

  20. badlop

    remko: ejabberd21 has IBR with CAPTCHA

  21. remko

    badlop: swift doesn't do IBR yet :)

  22. badlop

    i'll create now, but you should use an alternative client for the features your client doesn't yet support

  23. badlop

    is Test 2 right now, or are we still in Test 1? Test 2 (Thursday). Requiring TLS on all s2s connections on all servers

  24. Kev

    badlop: Test 2 would be good, please.

  25. Kev

    badlop: Ok, so, is everyone ok with the plan for today? Kev @ 9:15 Set all the test machines to require TLS, check the pings again. 9:15 And I'll set up the machines with invalid certs, ready for tomorrow. 9:15 That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted. 9:16

  26. badlop

    remko: account created

  27. remko

    badlop: super, thanks a lot!

  28. badlop

    ejabberd21 s2s requires TLS, with a preliminary patch i wrote yesterday, let's hope it works

  29. badlop set the topic to

    XMPP Interop Event | 6th - 11th December 2010 | | right now: Test 2 (s2s require TLS)

  30. badlop

    oh, no room admin here to add to the room subject: | right now: Test 2 (s2s require TLS)

  31. Dave Cridland

    badlop, Yes, PSA mentioned that.

  32. Dave Cridland

    Morning all, BTW.

  33. Dave Cridland

    So, mlinkrelease can't require TLS. It can require a valid cert (ie, one that the chain terminates in a trust anchor), but that's it.

  34. Tobias

    Dave Cridland: what's the difference? meaning you can't require TLS with an invalid cert or what?

  35. Dave Cridland

    Well, if you don't do TLS at all, that's still fine. :-)

  36. Tobias

    ah, right :)

  37. Kev

    Ok, I've put up the results stubs for today's tests for severs.

  38. Dave Cridland

    Anyone desperate to go first?

  39. Kev

    You started the trend yesterday.

  40. Dave Cridland


  41. Dave Cridland

    SO let's go.

  42. Dave Cridland

    So am I even attempting to test mlinkrelease?

  43. Kev

    Testing against it, but not testing it, according to the wiki page :)

  44. Dave Cridland

    Kev, Is notls up and running?

  45. Kev

    Matt was going to do that yesterday, I don't know if he did.

  46. Kev

    Shouldn't be hard to work out, should it?

  47. Dave Cridland

    Well, I get an error from mlinkrelease.

  48. Dave Cridland


  49. Dave Cridland

    So that needs to be up later. The problem is that unless this is running, we can't really test that we're unable to connect to it.

  50. Kev

    This is true.

  51. Dave Cridland

    Well. Not up later, up now, really. But we'll all have to do the negative testing against it later, I suppose.

  52. Dave Cridland

    But anyway, my first lot of results are (unsuprisingly) that mlinkrelease can still connect to everyone.

  53. Kev

    The telnet says: <stream:stream id='' xmlns:stream='' version='1.0' xmlns='jabber:server'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This host does not serve</text></stream:error></stream:stream>

  54. Kev

    So yes, not up.

  55. Dave Cridland

    OK, mlinktrunk connects to everyone except tigasetrunk - which is expected, as tigasetrunk is actually the same as notls is meant to be.

  56. Dave Cridland

    So I suggest folk test against the full suite anyway.

  57. Kev

    Well, Tigase isn't quite what notls is meant to be.

  58. Kev

    notls is supposed to be XMPP, but not supporting starttls.

  59. Kev

    Tigase is doing jabber/0.9 only, isn't it?

  60. Dave Cridland

    It has the same effect.

  61. Kev

    It has the same effect for M-Link :)

  62. Dave Cridland

    OK, so I'm done anyway. Wiki updated.

  63. Kev

    I've updated the testing blurb to indicate that failure against tigasetrunk is required.

  64. Dave Cridland

    Anyone else having a go?

  65. badlop

    me, ejabberd21 works with all except tigase, as expected

  66. Dave Cridland

    badlop, Cool, so that patch you did yesterday works?

  67. badlop

    well, at least it doesn't break s2s

  68. Kev


  69. steve.kille

    Should test 2 be including a server which does not support TLS, and tries to connect to the other servers. It should be required (of the other servers) that they refuse the connection#

  70. Kev

    Yes, and it does.

  71. badlop

    you mean, if tigase were able to connect to any other now, then there's a bug in that other

  72. Kev

    notls (to be set up later when Matt gets up) will be XMPP 1.0 without TLS, and tigasetrunk is XMPP 0.9/Jabber without TLS.

  73. badlop

    i think steve.kille refers to testing s2s from notls-server --> supposedly-tls-required

  74. Kev

    Right, but that's required to get the iq result.

  75. Kev

    Doing an ping from one server to another requires the setup of streams both ways.

  76. steve.kille

    Kev: I think it would be helpful to clarify thing shojuld not work wiht notls, irrespective of wo initiates.

  77. Dave Cridland

    This is true, unless bidi is involved.

  78. Dave Cridland

    We can do that one notls is actually up.

  79. Dave Cridland


  80. Kev

    steve.kille: Both parties always initiate (unless bidi is involved).

  81. Dave Cridland

    Kev, Yes, but it won't hurt to test.

  82. Dave Cridland

    Kev, At least one implementation supports bidi, after all.

  83. fippo

    btw: I tested ssl2 this morning

  84. fippo

    mlinktrunk, mlinkrelease, prosody and psyced kill the connection, ejabberd does not (yet?) work with that s_client version

  85. Dave Cridland

    Really? I thought we accepted it on inbound, still.

  86. fippo

    the v2 client hello probably is

  87. Dave Cridland

    fippo, Oh, for sure. But I thought we allowed the protocol inbound too.

  88. fippo checks again

  89. fippo

    indeed, it fails differently - but still fails

  90. Dave Cridland

    Well, no SSLv2 in my logs, certainly.

  91. Florian

    remko: In-Band Registration is enabled :)

  92. Dave Cridland

    Florian, Want to see if you can reach anyone from tigasetrunk?

  93. wjt

    so, does anyone have a xep-0055 directory set up on their interop test-y server?

  94. Kev

    Well, he probably can still reach Prosody, because Matt / waqas aren't about yet.

  95. badlop

    like ? but s2s to it doesn't work

  96. Kev

    badlop: Just because of DNS? I don't mind putting up a record.

  97. wjt

    badlop: for instance! i've not been keeping up with this week—have some kind of plague—but presumably we could also register test accounts on ejabberd21.x.c

  98. Kev

    I expect Dave Cridland could also be persuaded to enable -55 on mlinktrunk

  99. Dave Cridland

    Kev, I think it is, actually.

  100. Dave Cridland

    Kev, But probably defaulting to local-searches only.

  101. Kev

    I expect Dave Cridland will have enabled -55 on mlinktrunk.

  102. wjt

    well, that's grand. let's see if i can get pochu in here... :)

  103. Dave Cridland

    wjt, Our '55 basically allows users to opt-in or opt-out - there's three settings (never visible, visible in local searches, and visible in all searches) plus a default if they don't express a preference.

  104. wjt

    how do you choose this setting?

  105. Dave Cridland

    wjt, Ad-Hoc.

  106. wjt

    my very favourite xep

  107. Florian

    why wouldn't I be able to reach people?

  108. wjt

    which we might actually implement support for in the new year

  109. Kev

    Florian: Because today's tests require TLS for s2s.

  110. Dave Cridland

    wjt, M-Link's had ad-hoc controlled user preferences for ages, we use them currently to alloow auto-subscribe, control offline message settings, etc.

  111. Florian


  112. Kev

    See the test plan :)

  113. wjt

    Dave Cridland: Oh, I'm sure lots of servers do

  114. Florian

    we have a test plan?

  115. wjt

    Dave Cridland: doesn't mean I like it very much ;-)

  116. Dave Cridland

    Florian, So if you can reach anyone, then they're broken.

  117. Kev

    Yes, it's on the wiki page.

  118. wjt

    but I've softened in my opinion on these matters in recent months

  119. Kev

    Dave Cridland: Broken, or haven't changet their config for today yet.

  120. Florian

    ok :)

  121. Kev

    wjt: Ad-hoc as a concept is great, as a protocol is fine, and as a XEP is lacking.

  122. Kev

    You're free to disagree with me, of course, everyone has the right to be wrong :)

  123. Florian

    mlinktrunk is broken

  124. Kev

    Florian: See the note that says that mlinktrunk isn't participating today :)

  125. Dave Cridland

    Kev, I think wjt doesn't like the lack of i18ness.

  126. wjt

    Kev: I think it's hard to make UIs for ad-hoc-style random-dialog-boxes-from-the-server beautiful

  127. Kev

    wjt: Yes, that's right. For things that aren't really ad-hoc, we have profiles so you can know what to expect (RC, Server admin, for example).

  128. wjt

    i18n is a secondary concern, but this one i really don't mind that much about: in practice, if you're using a server, you probably speak (one of the) same language(s) as its administrator

  129. Florian

    it says mlinkrelease isn't participating?!

  130. Florian

    mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.

  131. Kev

    Right :)

  132. Kev

    So that'll participate again tomorrow when we require TLS and full cert checking for s2s.

  133. Florian

    because I can connect to mlinktrunk

  134. wjt

    Kev, sure, and that's one of the reasons I've softened my opinion on them :)

  135. Kev

    Oh, mlink*trunk*

  136. Florian

    yes :)

  137. Florian

    [11:59:00] <Florian> mlinktrunk is broken :)

  138. Kev

    Dave Cridland: !

  139. wjt

    Kev: for the common cases, we can do something nice; for uncommon cases, whatever, it's your own fault for doing weird stuff

  140. Kev

    Sorry, I just read mlinkrelease without paying attention, my bad.

  141. Florian


  142. Florian

    I guess service discovery shouldn't work

  143. Florian

    as that's S2S

  144. Kev


  145. Florian

    right :)

  146. Florian

    so yeah ... trunk is broken :)

  147. Kev

    Although you may need to bounce the server to cancel any existing s2s sessions first, possibly.

  148. Florian


  149. Kev

    Dave Cridland will know if he already did that with mlinktrunk, it's his test server.

  150. Florian

    interesting ...

  151. Florian

    Prosody8 gives me a disco title (Server name)

  152. Florian

    but no contents

  153. Florian

    right .. the rest fails

  154. fippo

    florian: it's trying to reconnect rather often (every five seconds)

  155. Florian

    still now?

  156. fippo

    yes... let's see if closing the port on my side will stop that

  157. Dave Cridland

    Oh. So I read Florian's message as saying mlinktrunk was *correctly* broken, but what he meant was it's working.

  158. Dave Cridland

    Florian, Ah. WHat server were you connecting *from*?

  159. Florian

    fippo: it tries to reconnect for a few minutes and then gives up

  160. Florian

  161. Florian

    same host as tigasetrunk

  162. Dave Cridland

    Right, but different domain.

  163. Florian


  164. Florian

    ah ... domain limited?

  165. Dave Cridland

    I'd configured mlinktrunk to require TLS from *

  166. Florian


  167. Florian

    let me test it from there :)

  168. Dave Cridland

    (Because mlinktrunk is also a vhost)

  169. Florian


  170. Florian

    Tigase might have S2S TLS by the end of the week

  171. Kev

    Perhaps it can pass tomorrow's tests then :)

  172. Dave Cridland

    Given that we all fail tomorrow's tests...

  173. Florian

    yup ... mlinktrunk now fails too :)

  174. Dave Cridland


  175. Kev

    Dave Cridland: We all fail *some* of tomorrow's tests, I don't think that stops it being worth testing that everyone passes the bits they think they do.

  176. Florian

    so the expected result :)

  177. Dave Cridland

    Kev, Right. Or our X.509 team might fix the interesting bug we have. (Which is actually in Sodium CA).


    hi! I'm implementing contact search in empathy (a client using the Telepathy framework) and wanted to test if it's working... can anybody tell me a server I can test it? thanks!

  179. Dave Cridland has '55 available on the IM domain.

  180. wjt there's a big list o' servers on the wiki page

  181. Dave Cridland, Want to use gabble with password gabble?


    Dave Cridland: gabble, yes. No idea about the password :)


    wjt: thanks, checking

  184. wjt (also, if you set an alias in Edit → Personal Information in Empathy, you'll get a nicer nickname in this room next time you join, and look better on people's rosters, too :) )


    wjt: I've actually done that twice I think... I wonder why it's not saving it :(

  186. wjt

    oh, yeah... there's a bug where sometimes the aliases get lost and i don't know why :'(

  187. restarts empathy to test contact search

  188. Dave Cridland

    emilio.pozuelo, I'll restart that server in a moment, just to warn you.

  189. Dave Cridland

    Well, that's interesting. I seem to be failing against ejabberd21

  190. Dave Cridland

    Ah! In fact, I failed this morning, when I look closer. Must have misread.

  191. Dave Cridland

    No features, so no TLS: (13:26:35) Send (214) <?xml version='1.0'?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='' to='' from='' version='1.0'> (13:26:35) Recv (155) <?xml version='1.0'?><stream:stream xmlns:stream='' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='855227178'>

  192. Dave Cridland

    I get TLS inbound, but not outbound.

  193. Kev

    badlop: ^

  194. fippo

    while wondering why I did not fail I found a bug :-)

  195. Dave Cridland

    Wow, you get bugs too?

  196. fippo

    I did not assume that tls would be only used in one direction and not in the other

  197. fippo

    we should get rid of this unidirectional nonsense, that just makes life harder :-)

  198. Dave Cridland

    Okay, so my CRL checking is now working.

  199. emilio.pozuelo


  200. zash


  201. emilio.pozuelo

    so I'm testing contact search (XMPP 055) on, but I get this error from telepathy-gabble

  202. emilio.pozuelo

    server is broken: <x> not type='form'

  203. Kev

    If anyone wants to test against the 'bad' servers, (mismatchcert|revokedcert|selfcert) are all up. selfcert isn't yet.

  204. Dave Cridland

    emilio.pozuelo, Ah, okay... Can you tell me what XML you're seeing?

  205. emilio.pozuelo

    Dave Cridland:

  206. emilio.pozuelo

    Dave Cridland: with our server I didn't get that error (though I got no results):

  207. fippo

    Kev: what are we supposed to do with in todays setup?

  208. fippo

    with those

  209. Kev


  210. Kev

    That was purely for if people wanted to have a play in advance of tomorrow.

  211. fippo

    Kev: I wondered if they should fail for todays test, too

  212. Kev

    No, they should all pass for today's tests.

  213. Kev

    Or, rather.

  214. Kev

    With today's configuration, they should all connect. I don't think it's important to test that they do, though.

  215. fippo

    I tend to disagree when it comes to the mismatched cert :-)

  216. Kev

    fippo: Right, the point of today was to check that all servers 'can do TLS', and the point of tomorrow is to check that they 'can do TLS right'.

  217. Kev

    The point of today wasn't really to test that the 'can do TLS wrong'.

  218. emilio.pozuelo

    Dave Cridland: do you see anything wrong on the server side, or do you think the client is wrong when reporting that error?

  219. wjt

    the type='' attribute is missing from the <x xmlns=''/> element returned by the server

  220. Dave Cridland

    emilio.pozuelo, Hang on, be with you in a sec.

  221. emilio.pozuelo

    wjt: aha, I see

  222. wjt

    <xs:attribute name='type' use='required'>

  223. wjt

    so mlink is violating XEP-0004

  224. Dave Cridland

    I am the violator. Muahahaha. Etc.

  225. fippo

    Kev: aye. That reminds me that next time i'll bring a server which will fail unless you send a tlsv1 client hello (good for making sure we don't have servers that do not get s2s-tls-compression)

  226. wjt

    how many of the test servers support in-band registration (as opposed to Dave-creates-an-account registration)? maybe emilio.pozuelo could try some others :)

  227. Dave Cridland

    fippo, You get compression with SSLv3 Hello, too.

  228. fippo

    dave: :-p

  229. Dave Cridland

    emilio.pozuelo, Yeah wjt's right, I'm not sending a type on that form.

  230. emilio.pozuelo

    Dave Cridland: ok. glad to have contributed my part to find a bug :)

  231. Dave Cridland

    emilio.pozuelo, Should be fixed now. I think. :-)

  232. emilio.pozuelo


  233. emilio.pozuelo tries again

  234. emilio.pozuelo

    Dave Cridland: yay

  235. emilio.pozuelo


  236. Dave Cridland

    emilio.pozuelo, Works now?

  237. emilio.pozuelo

    Dave Cridland: I get the form correctly now, not getting any results though

  238. Dave Cridland

    emilio.pozuelo, Ah... I thought it should be working. One sec, let me check the settings,

  239. emilio.pozuelo

    I'm searching for "a"

  240. emilio.pozuelo

    maybe it's not doing substring searches?

  241. emilio.pozuelo


  242. Kev

    You need a wildcard for a substring search.

  243. Dave Cridland

    It's not, actually. That was intentional, but everyone seems to disagree with me. :-)

  244. emilio.pozuelo


  245. Kev

    Including me.

  246. Dave Cridland

    Also searchability default was set to off. So let's change that.

  247. Kev

    I'm dubious of the value of search systems that require you to know what the result will be before you can find it.

  248. Dave Cridland

    OK, that should have updated. Try searching for yourself.

  249. Kev


  250. zash

    for char in {a..z}; do search $char*; done # userdb acquired

  251. Kev

    zash: There's an assumption that server admins aren't likely to be enabling this for global search on the Internet :)

  252. Dave Cridland

    zash, Nah, wouldn't find all the Russians.

  253. emilio.pozuelo

    Dave Cridland: I cannot find myself, heh :)

  254. Dave Cridland

    emilio.pozuelo, Oh, bugger. I'll look after I've done the school run.

  255. emilio.pozuelo

    Dave Cridland: sure. thanks!

  256. Dave Cridland

    Oh, that's annoying, sorry. It's finding people as an operator, so it';s a permissioning issue. I'll look into this properly in about an hour.

  257. emilio.pozuelo

    argh, none of the other servers seem to support XEP-0055

  258. emilio.pozuelo

    Dave Cridland: ok. ping me when you've looked at it and I'll be happy to test again :)

  259. Dave Cridland

    emilio.pozuelo, THey may do on a different service domain, though? M-Link's unusual in putting it on the actual IM domain.

  260. emilio.pozuelo

    Dave Cridland: no idea... I'm trying the servers mentioned in

  261. zash

    at least ejabberd usualy has it on a subdomain, and prosody doesnt have it at all

  262. badlop

    vjud.ejabberd21 works for local users, it has at least vcard of user "badlop", but fails over s2s due to missing dns i think

  263. badlop

    Dave Cridland: I seem to be failing against ejabberd21 <-- fixed that problem, now it advertizes 1.0 and starttls feature

  264. fippo

    badlop: works for me with tls on both connections

  265. fippo

    and fails with ssl2 :-)

  266. Dave Cridland

    badlop, Brilliant, I'll retest in a sec.

  267. Dave Cridland

    [15:47:57] Ping? [15:47:59] Pong! (2.39 s.)

  268. Dave Cridland

    \o/ ejabberd21 works. Now have a clean sweep.

  269. Kev

    So that's everyone except Prosody, and I see we have a MattJ now, so hopefully that will follow.

  270. MattJ


  271. MattJ

    Sorry my presence is a bit sporadic, family member ill

  272. Kev

    Sorry to hear it.

  273. MattJ

    As long as I'm not coming down with it, I'll get the tests done shortly... :)

  274. steve.kille

    Did we hear back from any other servers (I was thinking specifically of Openfire and Coversant)


    steve.kille: i was unrelatedly talking to an openfire developer last week, he said they unfortunatly didn't have time to join the interop event this week

  276. steve.kille


  277. Dave Cridland

    emilio.pozuelo, So, you can now find things in XEP-0055. SEarching for, for example "collabora" as the surname will find your account. Or search for "cridland", or "*a*" or whatever.

  278. Dave Cridland

    emilio.pozuelo, But FWIW, there's a surname on every account in the system, thanks to the X.500 DSA that requires every person to have a surname.

  279. wjt

    I know someone who doesn't have a surname. :P

  280. Dave Cridland

    wjt, They cannot exist. X.500 is all-knowing.

  281. zash


  282. Dave Cridland

    wjt, emilio.pozuelo - Can Gabble/Telepathy/Empathy do strong authentication, by the way?

  283. wjt

    Dave Cridland: pass. I assume “strong” is a mechanism? :p

  284. Dave Cridland

    wjt, emilio.pozuelo - As in, can I give it a client certificate for use with TLS?

  285. wjt

    Sjoerd: ^^ you had a cunning plan for something related to this?

  286. wjt

    Dave Cridland: I don't thing so currently

  287. Dave Cridland

    wjt, Sorry, being all X.509y. X.509 defined two kinds of authentication "Simple" - username and password - and "Strong" - certificates.

  288. Sjoerd

    client certificates for autentication ? no we don't do that

  289. emilio.pozuelo

    Dave Cridland: hmm, doesn't seem to be working yet :(

  290. emilio.pozuelo

    this looks suspicious:

  291. Dave Cridland

    Does anyone else? (I know Swift does, and Gajim might)

  292. emilio.pozuelo

    gabble/connection-DEBUG: 09/12/10 17:07:01.372524: connection_iq_unknown_cb: got unknown iq:

  293. fippo

    dave: iirc, exodus supports it too

  294. wjt

    emilio.pozuelo: now that sounds like a gabble bug :)

  295. emilio.pozuelo

    wjt: will you look at it for me? :)

  296. Sjoerd

    mlink doesn't set type=result in the iq

  297. wjt

    nor it does. okay, not our bug again :D

  298. Dave Cridland

    Wow. Okay, that's fun. I wonder why nothing else has spotted that one?

  299. emilio.pozuelo


  300. Sjoerd

    * x xmlns='jabber:x:data' type='result'

  301. Sjoerd

    seems like the attribute is added to the wrong node... ?

  302. wjt

    no, that's correct

  303. Dave Cridland

    Sjoerd, No, that's a form type. Meant to be there.

  304. Sjoerd

    ah ok

  305. Sjoerd doesn't know data forms

  306. Sjoerd

    just seemed suspicious

  307. Sjoerd

    I'm gonna guess nobody noticed it because we're the only ones pedantic enough to both check type=result and the id matching instead of just matching the id?

  308. wjt is out of here to do some anti-plague sleeping

  309. Dave Cridland

    emilio.pozuelo, Ah! You're doing this from a remote account, right.

  310. emilio.pozuelo

    Dave Cridland: yes, from a one

  311. Dave Cridland

    emilio.pozuelo, Not tried that much. So yes, you won't find much (because it's local-only by default) and yes, there is indeed a bug there. Use password gabble

  312. Kev

    Sjoerd: Do you check the from= as well as type= and id=? I'm guessing you do, but just checking because you didn't mention it...

  313. Sjoerd

    Kev: we do

  314. Kev

    Jolly good :)

  315. Dave Cridland

    Sjoerd, It's because I think you're the first people to seriously use my '55 code remotely.

  316. Sjoerd

    fair enough ;)

  317. emilio.pozuelo

    Dave Cridland: if you want you can open it for remote connections and I'll find all the bugs ;)

  318. Dave Cridland

    emilio.pozuelo, Oh, it's certainly opened, but the problem is that the accounts aren't searchable by default from remote connections (ie, they won't appear in results)

  319. Dave Cridland

    emilio.pozuelo, It's done this way so that in an enterprise setting, everyone can be searchable locally, but some people (sales staff, perhaps) can be searchable remotely. Or so that a large public server could have a purely opt-in search.

  320. emilio.pozuelo

    Dave Cridland: oh, I see

  321. emilio.pozuelo

    so you can make people be searchable from the outside on a case by case basis?

  322. Dave Cridland


  323. Dave Cridland

    emilio.pozuelo, Controlled by an ad-hoc they can use.

  324. Dave Cridland thinks standardizing the user prefs ad-hoc would actually be rather useful.

  325. zash

    Dave Cridland: nice

  326. emilio.pozuelo

    Dave Cridland: so perhaps you can set a couple of test accounts to be searchable from the outside?

  327. Dave Cridland

    Try now.

  328. emilio.pozuelo

    with emilio.pozuelo ?

  329. Dave Cridland

    Actually, hang on, and I'll fix that bug.

  330. Dave Cridland

    OK. Remote searching should now work *and* have results. Search for a Family Name of *a*, for instance.

  331. emilio.pozuelo tries

  332. MattJ

    Dave Cridland, I agree re. user prefs - I plan to do the same thing in Prosody

  333. Dave Cridland

    MattJ, XEP-tastic, then. I'll draft something up.

  334. emilio.pozuelo

    \o/ it works! :D

  335. Dave Cridland

    emilio.pozuelo, Thanks for the help.

  336. Kev

    MattJ / Dave Cridland: The vague problem here is that user prefs really are ad-hoc, all servers are going to support different ones, I'd have thought.

  337. Kev

    Unless you're intending some 'more defined than ad-hoc, but still undefined' thing.

  338. MattJ

    Indeed, I don't think Prosody would define /any/ in core, it would depend on loaded modules

  339. zash

    Just a registry so people can use the name var-names ?

  340. zash

    for the same functions *

  341. zash

    (like muc config forms)

  342. MattJ

    That might work - for many of them

  343. Dave Cridland

    Kev, I'm not so sure. We can have a specific well-known command, so that clients can place it into the UI, much like vCard editing. And well-known field-names allow common options, even if servers also support others (and may not support those)

  344. Kev

    Just having the user config commands on a different node from server admin commands would be fairly nice.

  345. Dave Cridland

    MattJ, Oh, forgot to ask - prosody8 - S2S 198 enabled?

  346. MattJ

    eh, no - dare I? I wonder :)

  347. Dave Cridland

    MattJ, Worth a go, I think. mlinktrunk should work with it.

  348. Dave Cridland

    MattJ, And if we spin up a Swift on both prosody8 and mlinktrunk, that'd mean we could have an end-to-end 198 chat.

  349. MattJ


  350. Dave Cridland

    Simon Josefsson, You about?

  351. MattJ

    Bouncing prosody8

  352. MattJ

    Should have 198 now

  353. MattJ

    Signing in with Swift

  354. Kev cheers

  355. MattJ

    Actually I think I ought to update it first

  356. MattJ

    Locked up on sign-in :)

  357. MattJ

    Oh no, it's back

  358. MattJ

    Just acting oddly

  359. MattJ

    Aye, HEAD pre beta7 :)

  360. Kev

    Are you on something Ubuntuy?

  361. Kev

    If so, there are nightlies you could use.

  362. Kev

    Saves the effort of compiling it.

  363. MattJ

    Ooh, that would be nice

  364. Kev

    Lucid or Maverick?

  365. MattJ

    It does take an age to compile on here

  366. MattJ


  367. Kev

    deb development main

  368. Kev

  369. Dave Cridland

    For the record, Simon Josefsson and I have just successfully interop tested SCRAM-SHA1-PLUS with channel bindings.

  370. MattJ

    Nice :)

  371. Dave Cridland

    remko, Kev - time to update Swift to do Channel bindings too?

  372. MattJ

    Tobias is working on channel binding, but not ready yet

  373. MattJ

    !slap Kev

  374. Kanchil slaps Kev with large trout

  375. remko

    btw, swift beta8 will not do the tls checking

  376. MattJ

    I have terminals in one workspace, and chat clients on another

  377. remko

    neither do the development versions btw, i commented the check, because we need a gui for trusting a cert

  378. MattJ

    when I start any client from the terminal, I hit enter and switch to the right workspace

  379. MattJ

    Swift is the only one that appears before I can switch

  380. Simon Josefsson

    Thanks Dave. I'm going to do a stable GNU SASL release with SCRAM-SHA-1-PLUS in it now.

  381. remko

    MattJ: heh :)

  382. zash

    MattJ: dmenu!

  383. remko

    Dave Cridland: as soon as i understand what channel bindings are ;-)

  384. MattJ

    Dave Cridland, ok, is c2s and s2s 198-enabled

  385. Dave Cridland

    remko, They're little leather straps to hold the channel in place.

  386. Dave Cridland

    remko, Very fashionable.

  387. remko

    oo, sounds compelling

  388. remko

    will this require us to use GNU SASL?

  389. remko

    or cyrus or whatever

  390. zash


  391. remko

    any external SASL library

  392. Dave Cridland

    remko, No, Polymer implements its own, for instance.

  393. remko


  394. Dave Cridland

    remko, You just need to get the channel binding name for the TLS channel, which you do by getting the Finished messages from OpenSSL, basically.

  395. remko


  396. Dave Cridland <- that's the channel binding code. SSL_get_finished() will do it if you're not doing session resumption.

  397. Dave Cridland

    MattJ, OK, so sent you a subscription request. I see 198 enabling on S2S, and an ack coming back.

  398. remko

    Dave Cridland: cool, thanks

  399. MattJ frowns

  400. MattJ

    Swift stopped repainting for some reason, works again now

  401. MattJ

    198 is nice, makes me want to use it for my main account...

  402. Flo


  403. Kev

    MattJ: You'll have to switch to Swift. Like you promised :)

  404. Asterix

    ho! Are you going to do infidelity to Gajim? ;)

  405. Dave Cridland

    Asterix, We'll just add 198 to Gajim, don't worry.

  406. Asterix


  407. Dave Cridland

    MattJ, Right, so I know what the issue was with our last test, now. M-Link doesn't request acks with every stanza, only when the link is idle - it's really hoping that you'll proactively ack stanzas, to reduce bandwidth.

  408. MattJ

    Dave Cridland, well I won't :)

  409. Dave Cridland

    MattJ, So in our original tests, we simply never left the link idle for longer than a minute for M-Link to decide to requst an ack. The strategy works well for C2S links where there's traffic in both directions, but not so well on unidirectional S2S links.

  410. MattJ


  411. Dave Cridland

    MattJ, Right - on unidirectional links there's little benefit, since you're never "writing anyway".

  412. MattJ

    and if you did resumption, this wouldn't be an issue

  413. Dave Cridland

    MattJ, No, it'd still be an issue - we're building up a massive stash of unacked stanzas. :-)

  414. MattJ

    Not a protocol issue :)

  415. Dave Cridland


  416. Dave Cridland

    So, let me test that we are *ever* asking for acks...

  417. Dave Cridland

    There, we are. So I can fix this behaviour simply.

  418. Dave Cridland

    OK, so that fix works.

  419. Dave Cridland

    So, Me <-- 198/C2S --> mlinktrunk <-- 198/S2S --> prosody8 <-- 198/C2S --> MattJ

  420. Dave Cridland

    Mission accomplished. :-)

  421. MattJ

    I'd reply if Swift was responding :)

  422. MattJ

    I can't work out what it's up to

  423. Dave Cridland

    MattJ, Oh. Kill it and make it work, otherwise it's a little tricky to describe this as an actual success.

  424. stpeter

    hmph, I love it how certain services don't let you have passwords longer than 20 characters

  425. Dave Cridland

    stpeter, My gripes are usually the exact opposite.

  426. stpeter

    I create 28-character passwords

  427. Dave Cridland

    stpeter, "Please supply an unusual password that you cannot remember and will have to write down somewhere."

  428. stpeter

    well, all for naught -- I can't log into Skype from my current location anyway ;-)

  429. stpeter

    how's the 198 interop?

  430. zash

    stpeter: \o/ skype must die! ;)

  431. stpeter

    I need to review the list threads and the submitted patch for that one

  432. stpeter

    zash: indeed

  433. Dave Cridland

    stpeter, Getting there.

  434. zash

    Is there tools for killing a TCP from under the server/client[s]?

  435. Dave Cridland

    zash, I used to have some. They were fun. I suppose I still could use those, by sitting on the router. In the good old days, people trusted RST packets wherever they actually came from, as long as the addresses looks okay.

  436. Dave Cridland

    Of course, when I say "good"...

  437. remko

    right, let's see what this interop thing is all about

  438. MattJ

    remko, you need an account on prosody8?

  439. remko

    yes please

  440. MattJ


  441. remko


  442. remko

    whatever prosody you want me to test against :)

  443. MattJ


  444. remko

    prosody and mlink = success

  445. remko

    seeing some interesting problems with notls and ejabberd, the interop is already a success :)

  446. steve.kille

    Is someone going to write up the client results so far?

  447. steve.kille

    The client Wiki looks very blank

  448. remko

    i just started with swift

  449. remko

    i'm going to write it up when i'm done

  450. steve.kille


  451. steve.kille

    Are you the only client?

  452. zash

    Asterix with Gajim too

  453. remko

    many others are subscribed at least

  454. remko

    the client stuff was only published today i think

  455. remko


  456. zash

    and telepathy, and some other

  457. Kev

    remko: I put the up client tests yesterday morning at the same time as the server ones :)

  458. badlop

    fippo: you asked yesterday: [2010-12-08 22:30:30]<fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from

  459. badlop

    that works for me now, can you verify?

  460. fippo

    badlop: works

  461. badlop

    ok, thanks

  462. remko

    what's this about?

  463. remko

    is this a server, or are the servers in the subdomain?

  464. Florob

    remko, that's a server AFAIK.

  465. remko

    it's not serving the domain though

  466. Kev

    It's a server that MattJ hasn't set up yet.

  467. remko

    if i connect to, it says that it's not serving that domain

  468. remko


  469. remko

    interesting enough, this is triggering a bug :)

  470. remko

    so, anyone from psyced or tigase around?

  471. fippo

    remko: yep

  472. remko

    fippo: could i get an account on psyced?

  473. fippo

    remko: sure, but unless swift does irc it won't be very useful :-)

  474. remko

    oh, is that an irc server

  475. remko

    my bad :)

  476. remko

    i was wonderng why i hadn't heard of it :)