interop - 2010-12-09

  1. Florob has left
  2. badlop has left
  3. stpeter has left
  4. steve.kille has left
  5. steve.kille has joined
  6. MattJ has left
  7. steve.kille has left
  8. steve.kille has joined
  9. steve.kille has left
  10. steve.kille has joined
  11. steve.kille has left
  12. steve.kille has joined
  13. steve.kille has left
  14. steve.kille has joined
  15. steve.kille has left
  16. steve.kille has joined
  17. steve.kille has left
  18. steve.kille has joined
  19. steve.kille has left
  20. steve.kille has joined
  21. Florian has left
  22. steve.kille has left
  23. steve.kille has joined
  24. steve.kille has left
  25. steve.kille has joined
  26. steve.kille has left
  27. steve.kille has joined
  28. steve.kille has left
  29. steve.kille has joined
  30. steve.kille has left
  31. steve.kille has joined
  32. steve.kille has left
  33. steve.kille has joined
  34. steve.kille has left
  35. steve.kille has joined
  36. Florian has joined
  37. Florob has joined
  38. Florob has left
  39. Kev has joined
  40. Kev Good morning, good morning, good morning, good morning, good morning.
  41. remko has joined
  42. steve.kille has left
  43. Kev Ok, so, is everyone ok with the plan for today?
  44. Kev Set all the test machines to require TLS, check the pings again.
  45. Kev And I'll set up the machines with invalid certs, ready for tomorrow.
  46. Kev That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted.
  47. steve.kille has joined
  48. Tobias has joined
  49. remko all: can i get an account swift / swift on all servers?
  50. Kev The idea of not putting the account details on that page was so we didn't have public records of the logins.
  51. remko *sigh*
  52. remko seriously, for an interop of one week?
  53. remko ok then :)
  54. Kev They're all openly federating.
  55. Kev If they weren't, it wouldn't be a problem.
  56. remko ah, i was assuming they weren't
  57. Kev That would mean quite some effort for the server vendors.
  58. remko true
  59. remko client certificates are the future :)
  60. Kev Yes, I considered adding those to the test plan, but I don't think anyone other than M-Link supports them. If any other servers do, I'm happy to add it to the plan.
  61. remko it would be handy to have MUC nicks on the page to know who to ask for logins :)
  62. Kev fippo is psyced (no C2S, I believe), badlop is ejabberd, MattJ/waqas are Prosody, Dave Cridland is M-Link, Florian is Tigase.
  63. badlop has joined
  64. badlop remko: ejabberd21 has IBR with CAPTCHA
  65. remko badlop: swift doesn't do IBR yet :)
  66. badlop i'll create now, but you should use an alternative client for the features your client doesn't yet support
  67. badlop is Test 2 right now, or are we still in Test 1? Test 2 (Thursday). Requiring TLS on all s2s connections on all servers
  68. Kev badlop: Test 2 would be good, please.
  69. Kev badlop: Ok, so, is everyone ok with the plan for today? Kev @ 9:15 Set all the test machines to require TLS, check the pings again. 9:15 And I'll set up the machines with invalid certs, ready for tomorrow. 9:15 That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted. 9:16
  70. badlop remko: account created
  71. remko badlop: super, thanks a lot!
  72. badlop ejabberd21 s2s requires TLS, with a preliminary patch i wrote yesterday, let's hope it works
  73. badlop set the topic to XMPP Interop Event | 6th - 11th December 2010 | | right now: Test 2 (s2s require TLS)
  74. badlop oh, no room admin here to add to the room subject: | right now: Test 2 (s2s require TLS)
  75. sjoerd.simons has left
  76. remko has left
  77. Dave Cridland badlop, Yes, PSA mentioned that.
  78. Dave Cridland Morning all, BTW.
  79. Dave Cridland So, mlinkrelease can't require TLS. It can require a valid cert (ie, one that the chain terminates in a trust anchor), but that's it.
  80. remko has joined
  81. Tobias Dave Cridland: what's the difference? meaning you can't require TLS with an invalid cert or what?
  82. Dave Cridland Well, if you don't do TLS at all, that's still fine. :-)
  83. Tobias ah, right :)
  84. Kev Ok, I've put up the results stubs for today's tests for severs.
  85. Dave Cridland Anyone desperate to go first?
  86. Kev You started the trend yesterday.
  87. Dave Cridland 'kay
  88. Dave Cridland SO let's go.
  89. Dave Cridland So am I even attempting to test mlinkrelease?
  90. Kev Testing against it, but not testing it, according to the wiki page :)
  91. Dave Cridland Kev, Is notls up and running?
  92. Kev Matt was going to do that yesterday, I don't know if he did.
  93. Kev Shouldn't be hard to work out, should it?
  94. Dave Cridland Well, I get an error from mlinkrelease.
  95. Dave Cridland host-unknown.
  96. Dave Cridland So that needs to be up later. The problem is that unless this is running, we can't really test that we're unable to connect to it.
  97. Kev This is true.
  98. Dave Cridland Well. Not up later, up now, really. But we'll all have to do the negative testing against it later, I suppose.
  99. Dave Cridland But anyway, my first lot of results are (unsuprisingly) that mlinkrelease can still connect to everyone.
  100. Kev The telnet says: <stream:stream id='' xmlns:stream='' version='1.0' xmlns='jabber:server'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This host does not serve</text></stream:error></stream:stream>
  101. Kev So yes, not up.
  102. Dave Cridland OK, mlinktrunk connects to everyone except tigasetrunk - which is expected, as tigasetrunk is actually the same as notls is meant to be.
  103. Dave Cridland So I suggest folk test against the full suite anyway.
  104. Kev Well, Tigase isn't quite what notls is meant to be.
  105. Kev notls is supposed to be XMPP, but not supporting starttls.
  106. Kev Tigase is doing jabber/0.9 only, isn't it?
  107. Dave Cridland It has the same effect.
  108. Kev It has the same effect for M-Link :)
  109. Dave Cridland OK, so I'm done anyway. Wiki updated.
  110. Tobias has left
  111. Kev I've updated the testing blurb to indicate that failure against tigasetrunk is required.
  112. Dave Cridland Anyone else having a go?
  113. badlop me, ejabberd21 works with all except tigase, as expected
  114. Dave Cridland badlop, Cool, so that patch you did yesterday works?
  115. badlop well, at least it doesn't break s2s
  116. Kev \o/
  117. louiz’ has left
  118. steve.kille Should test 2 be including a server which does not support TLS, and tries to connect to the other servers. It should be required (of the other servers) that they refuse the connection#
  119. Kev Yes, and it does.
  120. badlop you mean, if tigase were able to connect to any other now, then there's a bug in that other
  121. Kev notls (to be set up later when Matt gets up) will be XMPP 1.0 without TLS, and tigasetrunk is XMPP 0.9/Jabber without TLS.
  122. badlop i think steve.kille refers to testing s2s from notls-server --> supposedly-tls-required
  123. Kev Right, but that's required to get the iq result.
  124. Kev Doing an ping from one server to another requires the setup of streams both ways.
  125. steve.kille Kev: I think it would be helpful to clarify thing shojuld not work wiht notls, irrespective of wo initiates.
  126. Dave Cridland This is true, unless bidi is involved.
  127. Dave Cridland We can do that one notls is actually up.
  128. Dave Cridland once.
  129. Kev steve.kille: Both parties always initiate (unless bidi is involved).
  130. Dave Cridland Kev, Yes, but it won't hurt to test.
  131. Dave Cridland Kev, At least one implementation supports bidi, after all.
  132. fippo btw: I tested ssl2 this morning
  133. fippo mlinktrunk, mlinkrelease, prosody and psyced kill the connection, ejabberd does not (yet?) work with that s_client version
  134. Dave Cridland Really? I thought we accepted it on inbound, still.
  135. wjt has joined
  136. fippo the v2 client hello probably is
  137. Dave Cridland fippo, Oh, for sure. But I thought we allowed the protocol inbound too.
  138. fippo checks again
  139. fippo indeed, it fails differently - but still fails
  140. Dave Cridland Well, no SSLv2 in my logs, certainly.
  141. Florian remko: In-Band Registration is enabled :)
  142. Dave Cridland Florian, Want to see if you can reach anyone from tigasetrunk?
  143. wjt so, does anyone have a xep-0055 directory set up on their interop test-y server?
  144. Kev Well, he probably can still reach Prosody, because Matt / waqas aren't about yet.
  145. badlop like ? but s2s to it doesn't work
  146. Kev badlop: Just because of DNS? I don't mind putting up a record.
  147. wjt badlop: for instance! i've not been keeping up with this week—have some kind of plague—but presumably we could also register test accounts on ejabberd21.x.c
  148. Kev I expect Dave Cridland could also be persuaded to enable -55 on mlinktrunk
  149. Dave Cridland Kev, I think it is, actually.
  150. Dave Cridland Kev, But probably defaulting to local-searches only.
  151. Kev I expect Dave Cridland will have enabled -55 on mlinktrunk.
  152. wjt well, that's grand. let's see if i can get pochu in here... :)
  153. Dave Cridland wjt, Our '55 basically allows users to opt-in or opt-out - there's three settings (never visible, visible in local searches, and visible in all searches) plus a default if they don't express a preference.
  154. wjt how do you choose this setting?
  155. Dave Cridland wjt, Ad-Hoc.
  156. wjt my very favourite xep
  157. Florian why wouldn't I be able to reach people?
  158. wjt which we might actually implement support for in the new year
  159. Kev Florian: Because today's tests require TLS for s2s.
  160. Dave Cridland wjt, M-Link's had ad-hoc controlled user preferences for ages, we use them currently to alloow auto-subscribe, control offline message settings, etc.
  161. Florian ah
  162. Kev See the test plan :)
  163. wjt Dave Cridland: Oh, I'm sure lots of servers do
  164. Florian we have a test plan?
  165. wjt Dave Cridland: doesn't mean I like it very much ;-)
  166. Dave Cridland Florian, So if you can reach anyone, then they're broken.
  167. Kev Yes, it's on the wiki page.
  168. wjt but I've softened in my opinion on these matters in recent months
  169. Kev Dave Cridland: Broken, or haven't changet their config for today yet.
  170. Florian ok :)
  171. Kev wjt: Ad-hoc as a concept is great, as a protocol is fine, and as a XEP is lacking.
  172. Kev You're free to disagree with me, of course, everyone has the right to be wrong :)
  173. Florian mlinktrunk is broken
  174. Kev Florian: See the note that says that mlinktrunk isn't participating today :)
  175. Dave Cridland Kev, I think wjt doesn't like the lack of i18ness.
  176. wjt Kev: I think it's hard to make UIs for ad-hoc-style random-dialog-boxes-from-the-server beautiful
  177. Kev wjt: Yes, that's right. For things that aren't really ad-hoc, we have profiles so you can know what to expect (RC, Server admin, for example).
  178. wjt i18n is a secondary concern, but this one i really don't mind that much about: in practice, if you're using a server, you probably speak (one of the) same language(s) as its administrator
  179. Florian it says mlinkrelease isn't participating?!
  180. Florian mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.
  181. Kev Right :)
  182. Kev So that'll participate again tomorrow when we require TLS and full cert checking for s2s.
  183. Florian because I can connect to mlinktrunk
  184. wjt Kev, sure, and that's one of the reasons I've softened my opinion on them :)
  185. Kev Oh, mlink*trunk*
  186. Florian yes :)
  187. Florian [11:59:00] <Florian> mlinktrunk is broken :)
  188. Kev Dave Cridland: !
  189. wjt Kev: for the common cases, we can do something nice; for uncommon cases, whatever, it's your own fault for doing weird stuff
  190. Kev Sorry, I just read mlinkrelease without paying attention, my bad.
  191. Florian :)
  192. Florian I guess service discovery shouldn't work
  193. Florian as that's S2S
  194. Kev Correct.
  195. Florian right :)
  196. Florian so yeah ... trunk is broken :)
  197. Kev Although you may need to bounce the server to cancel any existing s2s sessions first, possibly.
  198. Florian ah
  199. Kev Dave Cridland will know if he already did that with mlinktrunk, it's his test server.
  200. Florian interesting ...
  201. Florian Prosody8 gives me a disco title (Server name)
  202. Florian but no contents
  203. Florian right .. the rest fails
  204. fippo florian: it's trying to reconnect rather often (every five seconds)
  205. Florian still now?
  206. fippo yes... let's see if closing the port on my side will stop that
  207. has joined
  208. Dave Cridland Oh. So I read Florian's message as saying mlinktrunk was *correctly* broken, but what he meant was it's working.
  209. Dave Cridland Florian, Ah. WHat server were you connecting *from*?
  210. Florian fippo: it tries to reconnect for a few minutes and then gives up
  211. Florian
  212. Florian same host as tigasetrunk
  213. Dave Cridland Right, but different domain.
  214. Florian right
  215. Florian ah ... domain limited?
  216. Dave Cridland I'd configured mlinktrunk to require TLS from *
  217. Florian ok
  218. Florian let me test it from there :)
  219. Dave Cridland (Because mlinktrunk is also a vhost)
  220. Florian :)
  221. Florian Tigase might have S2S TLS by the end of the week
  222. Kev Perhaps it can pass tomorrow's tests then :)
  223. Dave Cridland Given that we all fail tomorrow's tests...
  224. Florian yup ... mlinktrunk now fails too :)
  225. Dave Cridland \o/
  226. Kev Dave Cridland: We all fail *some* of tomorrow's tests, I don't think that stops it being worth testing that everyone passes the bits they think they do.
  227. Florian so the expected result :)
  228. Dave Cridland Kev, Right. Or our X.509 team might fix the interesting bug we have. (Which is actually in Sodium CA).
  229. has joined
  230. hi! I'm implementing contact search in empathy (a client using the Telepathy framework) and wanted to test if it's working... can anybody tell me a server I can test it? thanks!
  231. Dave Cridland has '55 available on the IM domain.
  232. wjt there's a big list o' servers on the wiki page
  233. Dave Cridland, Want to use gabble with password gabble?
  234. Dave Cridland: gabble, yes. No idea about the password :)
  235. wjt: thanks, checking
  236. wjt (also, if you set an alias in Edit → Personal Information in Empathy, you'll get a nicer nickname in this room next time you join, and look better on people's rosters, too :) )
  237. wjt: I've actually done that twice I think... I wonder why it's not saving it :(
  238. wjt oh, yeah... there's a bug where sometimes the aliases get lost and i don't know why :'(
  239. restarts empathy to test contact search
  240. has left
  241. emilio.pozuelo has joined
  242. Dave Cridland emilio.pozuelo, I'll restart that server in a moment, just to warn you.
  243. Florian has left
  244. Florian has joined
  245. Dave Cridland Well, that's interesting. I seem to be failing against ejabberd21
  246. Dave Cridland Ah! In fact, I failed this morning, when I look closer. Must have misread.
  247. Dave Cridland No features, so no TLS: (13:26:35) Send (214) <?xml version='1.0'?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='' to='' from='' version='1.0'> (13:26:35) Recv (155) <?xml version='1.0'?><stream:stream xmlns:stream='' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='855227178'>
  248. Dave Cridland I get TLS inbound, but not outbound.
  249. Kev badlop: ^
  250. fippo while wondering why I did not fail I found a bug :-)
  251. Dave Cridland Wow, you get bugs too?
  252. fippo I did not assume that tls would be only used in one direction and not in the other
  253. fippo we should get rid of this unidirectional nonsense, that just makes life harder :-)
  254. Florian has left
  255. Dave Cridland Okay, so my CRL checking is now working.
  256. zash has joined
  257. emilio.pozuelo has left
  258. emilio.pozuelo has joined
  259. emilio.pozuelo o/
  260. zash \o
  261. emilio.pozuelo so I'm testing contact search (XMPP 055) on, but I get this error from telepathy-gabble
  262. emilio.pozuelo server is broken: <x> not type='form'
  263. Kev If anyone wants to test against the 'bad' servers, (mismatchcert|revokedcert|selfcert) are all up. selfcert isn't yet.
  264. Dave Cridland emilio.pozuelo, Ah, okay... Can you tell me what XML you're seeing?
  265. emilio.pozuelo Dave Cridland:
  266. emilio.pozuelo Dave Cridland: with our server I didn't get that error (though I got no results):
  267. fippo Kev: what are we supposed to do with in todays setup?
  268. fippo with those
  269. Kev Nothing.
  270. Kev That was purely for if people wanted to have a play in advance of tomorrow.
  271. fippo Kev: I wondered if they should fail for todays test, too
  272. Kev No, they should all pass for today's tests.
  273. Kev Or, rather.
  274. Kev With today's configuration, they should all connect. I don't think it's important to test that they do, though.
  275. fippo I tend to disagree when it comes to the mismatched cert :-)
  276. Kev fippo: Right, the point of today was to check that all servers 'can do TLS', and the point of tomorrow is to check that they 'can do TLS right'.
  277. Kev The point of today wasn't really to test that the 'can do TLS wrong'.
  278. emilio.pozuelo Dave Cridland: do you see anything wrong on the server side, or do you think the client is wrong when reporting that error?
  279. wjt the type='' attribute is missing from the <x xmlns=''/> element returned by the server
  280. Dave Cridland emilio.pozuelo, Hang on, be with you in a sec.
  281. emilio.pozuelo wjt: aha, I see
  282. wjt <xs:attribute name='type' use='required'>
  283. wjt so mlink is violating XEP-0004
  284. Dave Cridland I am the violator. Muahahaha. Etc.
  285. has left
  286. sjoerd.simons has joined
  287. fippo Kev: aye. That reminds me that next time i'll bring a server which will fail unless you send a tlsv1 client hello (good for making sure we don't have servers that do not get s2s-tls-compression)
  288. wjt how many of the test servers support in-band registration (as opposed to Dave-creates-an-account registration)? maybe emilio.pozuelo could try some others :)
  289. Dave Cridland fippo, You get compression with SSLv3 Hello, too.
  290. fippo dave: :-p
  291. Dave Cridland emilio.pozuelo, Yeah wjt's right, I'm not sending a type on that form.
  292. emilio.pozuelo Dave Cridland: ok. glad to have contributed my part to find a bug :)
  293. has joined
  294. has left
  295. has joined
  296. Dave Cridland emilio.pozuelo, Should be fixed now. I think. :-)
  297. emilio.pozuelo cool
  298. emilio.pozuelo tries again
  299. emilio.pozuelo Dave Cridland: yay
  300. emilio.pozuelo :D
  301. Dave Cridland emilio.pozuelo, Works now?
  302. emilio.pozuelo Dave Cridland: I get the form correctly now, not getting any results though
  303. Dave Cridland emilio.pozuelo, Ah... I thought it should be working. One sec, let me check the settings,
  304. emilio.pozuelo I'm searching for "a"
  305. emilio.pozuelo maybe it's not doing substring searches?
  306. emilio.pozuelo thanks
  307. Kev You need a wildcard for a substring search.
  308. Dave Cridland It's not, actually. That was intentional, but everyone seems to disagree with me. :-)
  309. emilio.pozuelo heh
  310. Kev Including me.
  311. Dave Cridland Also searchability default was set to off. So let's change that.
  312. Kev I'm dubious of the value of search systems that require you to know what the result will be before you can find it.
  313. Dave Cridland OK, that should have updated. Try searching for yourself.
  314. Kev :)
  315. zash for char in {a..z}; do search $char*; done # userdb acquired
  316. Kev zash: There's an assumption that server admins aren't likely to be enabling this for global search on the Internet :)
  317. Dave Cridland zash, Nah, wouldn't find all the Russians.
  318. emilio.pozuelo Dave Cridland: I cannot find myself, heh :)
  319. Dave Cridland emilio.pozuelo, Oh, bugger. I'll look after I've done the school run.
  320. emilio.pozuelo Dave Cridland: sure. thanks!
  321. Dave Cridland Oh, that's annoying, sorry. It's finding people as an operator, so it';s a permissioning issue. I'll look into this properly in about an hour.
  322. emilio.pozuelo argh, none of the other servers seem to support XEP-0055
  323. emilio.pozuelo Dave Cridland: ok. ping me when you've looked at it and I'll be happy to test again :)
  324. Dave Cridland emilio.pozuelo, THey may do on a different service domain, though? M-Link's unusual in putting it on the actual IM domain.
  325. emilio.pozuelo Dave Cridland: no idea... I'm trying the servers mentioned in
  326. zash at least ejabberd usualy has it on a subdomain, and prosody doesnt have it at all
  327. Florian has joined
  328. badlop vjud.ejabberd21 works for local users, it has at least vcard of user "badlop", but fails over s2s due to missing dns i think
  329. badlop Dave Cridland: I seem to be failing against ejabberd21 <-- fixed that problem, now it advertizes 1.0 and starttls feature
  330. fippo badlop: works for me with tls on both connections
  331. fippo and fails with ssl2 :-)
  332. MattJ has joined
  333. Flo has joined
  334. Dave Cridland badlop, Brilliant, I'll retest in a sec.
  335. Dave Cridland [15:47:57] Ping? [15:47:59] Pong! (2.39 s.)
  336. Dave Cridland \o/ ejabberd21 works. Now have a clean sweep.
  337. Kev So that's everyone except Prosody, and I see we have a MattJ now, so hopefully that will follow.
  338. MattJ Indeed
  339. MattJ Sorry my presence is a bit sporadic, family member ill
  340. Kev Sorry to hear it.
  341. MattJ As long as I'm not coming down with it, I'll get the tests done shortly... :)
  342. steve.kille Did we hear back from any other servers (I was thinking specifically of Openfire and Coversant)
  343. steve.kille: i was unrelatedly talking to an openfire developer last week, he said they unfortunatly didn't have time to join the interop event this week
  344. steve.kille pity
  345. Dave Cridland emilio.pozuelo, So, you can now find things in XEP-0055. SEarching for, for example "collabora" as the surname will find your account. Or search for "cridland", or "*a*" or whatever.
  346. Dave Cridland emilio.pozuelo, But FWIW, there's a surname on every account in the system, thanks to the X.500 DSA that requires every person to have a surname.
  347. wjt I know someone who doesn't have a surname. :P
  348. Dave Cridland wjt, They cannot exist. X.500 is all-knowing.
  349. zash Haha
  350. has left
  351. Dave Cridland wjt, emilio.pozuelo - Can Gabble/Telepathy/Empathy do strong authentication, by the way?
  352. Sjoerd has joined
  353. wjt Dave Cridland: pass. I assume “strong” is a mechanism? :p
  354. Dave Cridland wjt, emilio.pozuelo - As in, can I give it a client certificate for use with TLS?
  355. wjt Sjoerd: ^^ you had a cunning plan for something related to this?
  356. wjt Dave Cridland: I don't thing so currently
  357. Dave Cridland wjt, Sorry, being all X.509y. X.509 defined two kinds of authentication "Simple" - username and password - and "Strong" - certificates.
  358. Sjoerd client certificates for autentication ? no we don't do that
  359. emilio.pozuelo Dave Cridland: hmm, doesn't seem to be working yet :(
  360. emilio.pozuelo this looks suspicious:
  361. Dave Cridland Does anyone else? (I know Swift does, and Gajim might)
  362. emilio.pozuelo gabble/connection-DEBUG: 09/12/10 17:07:01.372524: connection_iq_unknown_cb: got unknown iq:
  363. fippo dave: iirc, exodus supports it too
  364. wjt emilio.pozuelo: now that sounds like a gabble bug :)
  365. emilio.pozuelo wjt: will you look at it for me? :)
  366. Sjoerd mlink doesn't set type=result in the iq
  367. wjt nor it does. okay, not our bug again :D
  368. Dave Cridland Wow. Okay, that's fun. I wonder why nothing else has spotted that one?
  369. emilio.pozuelo oh
  370. Sjoerd * x xmlns='jabber:x:data' type='result'
  371. Sjoerd seems like the attribute is added to the wrong node... ?
  372. wjt no, that's correct
  373. Dave Cridland Sjoerd, No, that's a form type. Meant to be there.
  374. Sjoerd ah ok
  375. Sjoerd doesn't know data forms
  376. Sjoerd just seemed suspicious
  377. Sjoerd I'm gonna guess nobody noticed it because we're the only ones pedantic enough to both check type=result and the id matching instead of just matching the id?
  378. wjt is out of here to do some anti-plague sleeping
  379. wjt has left
  380. Dave Cridland emilio.pozuelo, Ah! You're doing this from a remote account, right.
  381. emilio.pozuelo Dave Cridland: yes, from a one
  382. Dave Cridland emilio.pozuelo, Not tried that much. So yes, you won't find much (because it's local-only by default) and yes, there is indeed a bug there. Use password gabble
  383. Kev Sjoerd: Do you check the from= as well as type= and id=? I'm guessing you do, but just checking because you didn't mention it...
  384. Sjoerd Kev: we do
  385. Kev Jolly good :)
  386. Dave Cridland Sjoerd, It's because I think you're the first people to seriously use my '55 code remotely.
  387. Sjoerd fair enough ;)
  388. emilio.pozuelo Dave Cridland: if you want you can open it for remote connections and I'll find all the bugs ;)
  389. Dave Cridland emilio.pozuelo, Oh, it's certainly opened, but the problem is that the accounts aren't searchable by default from remote connections (ie, they won't appear in results)
  390. Dave Cridland emilio.pozuelo, It's done this way so that in an enterprise setting, everyone can be searchable locally, but some people (sales staff, perhaps) can be searchable remotely. Or so that a large public server could have a purely opt-in search.
  391. Asterix has joined
  392. emilio.pozuelo Dave Cridland: oh, I see
  393. emilio.pozuelo so you can make people be searchable from the outside on a case by case basis?
  394. Dave Cridland Yes.
  395. Dave Cridland emilio.pozuelo, Controlled by an ad-hoc they can use.
  396. Dave Cridland thinks standardizing the user prefs ad-hoc would actually be rather useful.
  397. zash Dave Cridland: nice
  398. emilio.pozuelo Dave Cridland: so perhaps you can set a couple of test accounts to be searchable from the outside?
  399. Dave Cridland Try now.
  400. emilio.pozuelo with emilio.pozuelo ?
  401. Dave Cridland Actually, hang on, and I'll fix that bug.
  402. Dave Cridland OK. Remote searching should now work *and* have results. Search for a Family Name of *a*, for instance.
  403. emilio.pozuelo tries
  404. emilio.pozuelo has left
  405. MattJ Dave Cridland, I agree re. user prefs - I plan to do the same thing in Prosody
  406. Dave Cridland MattJ, XEP-tastic, then. I'll draft something up.
  407. emilio.pozuelo has joined
  408. emilio.pozuelo \o/ it works! :D
  409. Dave Cridland emilio.pozuelo, Thanks for the help.
  410. Kev MattJ / Dave Cridland: The vague problem here is that user prefs really are ad-hoc, all servers are going to support different ones, I'd have thought.
  411. Kev Unless you're intending some 'more defined than ad-hoc, but still undefined' thing.
  412. MattJ Indeed, I don't think Prosody would define /any/ in core, it would depend on loaded modules
  413. zash Just a registry so people can use the name var-names ?
  414. zash for the same functions *
  415. zash (like muc config forms)
  416. MattJ That might work - for many of them
  417. Dave Cridland Kev, I'm not so sure. We can have a specific well-known command, so that clients can place it into the UI, much like vCard editing. And well-known field-names allow common options, even if servers also support others (and may not support those)
  418. Kev Just having the user config commands on a different node from server admin commands would be fairly nice.
  419. Dave Cridland MattJ, Oh, forgot to ask - prosody8 - S2S 198 enabled?
  420. MattJ eh, no - dare I? I wonder :)
  421. Dave Cridland MattJ, Worth a go, I think. mlinktrunk should work with it.
  422. Dave Cridland MattJ, And if we spin up a Swift on both prosody8 and mlinktrunk, that'd mean we could have an end-to-end 198 chat.
  423. MattJ :)
  424. Dave Cridland Simon Josefsson, You about?
  425. MattJ Bouncing prosody8
  426. MattJ Should have 198 now
  427. MattJ Signing in with Swift
  428. Kev cheers
  429. MattJ Actually I think I ought to update it first
  430. MattJ Locked up on sign-in :)
  431. MattJ Oh no, it's back
  432. MattJ Just acting oddly
  433. MattJ Aye, HEAD pre beta7 :)
  434. Kev Are you on something Ubuntuy?
  435. Kev If so, there are nightlies you could use.
  436. Kev Saves the effort of compiling it.
  437. MattJ Ooh, that would be nice
  438. Kev Lucid or Maverick?
  439. MattJ It does take an age to compile on here
  440. MattJ Lucid
  441. Kev deb development main
  442. Kev
  443. Florian has left
  444. Dave Cridland For the record, Simon Josefsson and I have just successfully interop tested SCRAM-SHA1-PLUS with channel bindings.
  445. MattJ Nice :)
  446. Dave Cridland remko, Kev - time to update Swift to do Channel bindings too?
  447. MattJ Tobias is working on channel binding, but not ready yet
  448. MattJ !slap Kev
  449. Kanchil slaps Kev with large trout
  450. remko btw, swift beta8 will not do the tls checking
  451. MattJ I have terminals in one workspace, and chat clients on another
  452. remko neither do the development versions btw, i commented the check, because we need a gui for trusting a cert
  453. MattJ when I start any client from the terminal, I hit enter and switch to the right workspace
  454. MattJ Swift is the only one that appears before I can switch
  455. Simon Josefsson Thanks Dave. I'm going to do a stable GNU SASL release with SCRAM-SHA-1-PLUS in it now.
  456. remko MattJ: heh :)
  457. zash MattJ: dmenu!
  458. remko Dave Cridland: as soon as i understand what channel bindings are ;-)
  459. MattJ Dave Cridland, ok, is c2s and s2s 198-enabled
  460. stpeter has joined
  461. Dave Cridland remko, They're little leather straps to hold the channel in place.
  462. Dave Cridland remko, Very fashionable.
  463. remko oo, sounds compelling
  464. remko will this require us to use GNU SASL?
  465. remko or cyrus or whatever
  466. zash GNU SASL?
  467. remko any external SASL library
  468. Dave Cridland remko, No, Polymer implements its own, for instance.
  469. remko ic
  470. Dave Cridland remko, You just need to get the channel binding name for the TLS channel, which you do by getting the Finished messages from OpenSSL, basically.
  471. remko *nod*
  472. Dave Cridland <- that's the channel binding code. SSL_get_finished() will do it if you're not doing session resumption.
  473. Dave Cridland MattJ, OK, so sent you a subscription request. I see 198 enabling on S2S, and an ack coming back.
  474. remko Dave Cridland: cool, thanks
  475. MattJ frowns
  476. MattJ Swift stopped repainting for some reason, works again now
  477. MattJ 198 is nice, makes me want to use it for my main account...
  478. emilio.pozuelo has left
  479. Flo +1
  480. Kev MattJ: You'll have to switch to Swift. Like you promised :)
  481. Asterix ho! Are you going to do infidelity to Gajim? ;)
  482. Dave Cridland Asterix, We'll just add 198 to Gajim, don't worry.
  483. remko has left
  484. Asterix :)
  485. emilio.pozuelo has joined
  486. Dave Cridland MattJ, Right, so I know what the issue was with our last test, now. M-Link doesn't request acks with every stanza, only when the link is idle - it's really hoping that you'll proactively ack stanzas, to reduce bandwidth.
  487. emilio.pozuelo has left
  488. emilio.pozuelo has joined
  489. emilio.pozuelo has left
  490. MattJ Dave Cridland, well I won't :)
  491. Dave Cridland MattJ, So in our original tests, we simply never left the link idle for longer than a minute for M-Link to decide to requst an ack. The strategy works well for C2S links where there's traffic in both directions, but not so well on unidirectional S2S links.
  492. MattJ Right
  493. Dave Cridland MattJ, Right - on unidirectional links there's little benefit, since you're never "writing anyway".
  494. MattJ and if you did resumption, this wouldn't be an issue
  495. emilio.pozuelo has joined
  496. Dave Cridland MattJ, No, it'd still be an issue - we're building up a massive stash of unacked stanzas. :-)
  497. MattJ Not a protocol issue :)
  498. Dave Cridland Right.
  499. Dave Cridland So, let me test that we are *ever* asking for acks...
  500. Dave Cridland There, we are. So I can fix this behaviour simply.
  501. emilio.pozuelo has left
  502. Sjoerd has left
  503. sjoerd.simons has joined
  504. Dave Cridland OK, so that fix works.
  505. Dave Cridland So, Me <-- 198/C2S --> mlinktrunk <-- 198/S2S --> prosody8 <-- 198/C2S --> MattJ
  506. Dave Cridland Mission accomplished. :-)
  507. MattJ I'd reply if Swift was responding :)
  508. MattJ I can't work out what it's up to
  509. Dave Cridland MattJ, Oh. Kill it and make it work, otherwise it's a little tricky to describe this as an actual success.
  510. emilio.pozuelo has joined
  511. emilio.pozuelo has left
  512. stpeter hmph, I love it how certain services don't let you have passwords longer than 20 characters
  513. Dave Cridland stpeter, My gripes are usually the exact opposite.
  514. stpeter I create 28-character passwords
  515. Dave Cridland stpeter, "Please supply an unusual password that you cannot remember and will have to write down somewhere."
  516. steve.kille has left
  517. stpeter well, all for naught -- I can't log into Skype from my current location anyway ;-)
  518. stpeter how's the 198 interop?
  519. zash stpeter: \o/ skype must die! ;)
  520. stpeter I need to review the list threads and the submitted patch for that one
  521. stpeter zash: indeed
  522. Dave Cridland stpeter, Getting there.
  523. zash Is there tools for killing a TCP from under the server/client[s]?
  524. Dave Cridland zash, I used to have some. They were fun. I suppose I still could use those, by sitting on the router. In the good old days, people trusted RST packets wherever they actually came from, as long as the addresses looks okay.
  525. Dave Cridland Of course, when I say "good"...
  526. steve.kille has joined
  527. emilio.pozuelo has joined
  528. emilio.pozuelo has left
  529. emilio.pozuelo has joined
  530. emilio.pozuelo has left
  531. emilio.pozuelo has joined
  532. emilio.pozuelo has left
  533. remko has joined
  534. remko right, let's see what this interop thing is all about
  535. emilio.pozuelo has joined
  536. MattJ remko, you need an account on prosody8?
  537. remko yes please
  538. MattJ k
  539. remko well
  540. remko whatever prosody you want me to test against :)
  541. MattJ Done
  542. Flo has left
  543. emilio.pozuelo has left
  544. remko prosody and mlink = success
  545. emilio.pozuelo has joined
  546. remko seeing some interesting problems with notls and ejabberd, the interop is already a success :)
  547. emilio.pozuelo has left
  548. emilio.pozuelo has joined
  549. steve.kille Is someone going to write up the client results so far?
  550. steve.kille The client Wiki looks very blank
  551. remko i just started with swift
  552. remko i'm going to write it up when i'm done
  553. steve.kille lovely
  554. steve.kille Are you the only client?
  555. zash Asterix with Gajim too
  556. remko many others are subscribed at least
  557. remko the client stuff was only published today i think
  558. remko brb
  559. remko has left
  560. zash and telepathy, and some other
  561. Kev remko: I put the up client tests yesterday morning at the same time as the server ones :)
  562. emilio.pozuelo has left
  563. emilio.pozuelo has joined
  564. remko has joined
  565. emilio.pozuelo has left
  566. badlop fippo: you asked yesterday: [2010-12-08 22:30:30]<fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from
  567. badlop that works for me now, can you verify?
  568. fippo badlop: works
  569. badlop ok, thanks
  570. sjoerd.simons has left
  571. sjoerd.simons has joined
  572. remko has left
  573. remko has joined
  574. sjoerd.simons has left
  575. Florob has joined
  576. remko what's this about?
  577. remko is this a server, or are the servers in the subdomain?
  578. Florob remko, that's a server AFAIK.
  579. remko it's not serving the domain though
  580. Kev It's a server that MattJ hasn't set up yet.
  581. remko if i connect to, it says that it's not serving that domain
  582. remko ok
  583. remko interesting enough, this is triggering a bug :)
  584. remko so, anyone from psyced or tigase around?
  585. fippo remko: yep
  586. remko fippo: could i get an account on psyced?
  587. fippo remko: sure, but unless swift does irc it won't be very useful :-)
  588. remko oh, is that an irc server
  589. remko my bad :)
  590. remko i was wonderng why i hadn't heard of it :)
  591. remko has left
  592. remko has joined
  593. zash has left
  594. Zash has joined
  595. Tobias has joined
  596. Florian has joined
  597. remko has left
  598. Florob has left
  599. Florob has joined
  600. Florob has left
  601. Tobias has left
  602. stpeter has left
  603. badlop has left