KevGood morning, good morning, good morning, good morning, good morning.
remkohas joined
steve.killehas left
KevOk, so, is everyone ok with the plan for today?
KevSet all the test machines to require TLS, check the pings again.
KevAnd I'll set up the machines with invalid certs, ready for tomorrow.
KevThat is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted.
steve.killehas joined
Tobiashas joined
remkoall: can i get an account swift / swift on all servers?
KevThe idea of not putting the account details on that page was so we didn't have public records of the logins.
remko*sigh*
remkoseriously, for an interop of one week?
remkook then :)
KevThey're all openly federating.
KevIf they weren't, it wouldn't be a problem.
remkoah, i was assuming they weren't
KevThat would mean quite some effort for the server vendors.
remkotrue
remkoclient certificates are the future :)
KevYes, I considered adding those to the test plan, but I don't think anyone other than M-Link supports them. If any other servers do, I'm happy to add it to the plan.
remkoit would be handy to have MUC nicks on the page to know who to ask for logins :)
Kevfippo is psyced (no C2S, I believe), badlop is ejabberd, MattJ/waqas are Prosody, Dave Cridland is M-Link, Florian is Tigase.
badlophas joined
badlopremko: ejabberd21 has IBR with CAPTCHA
remkobadlop: swift doesn't do IBR yet :)
badlopi'll create now, but you should use an alternative client for the features your client doesn't yet support
badlopis Test 2 right now, or are we still in Test 1?
Test 2 (Thursday). Requiring TLS on all s2s connections on all servers
Kevbadlop: Test 2 would be good, please.
Kevbadlop:
Ok, so, is everyone ok with the plan for today? Kev @ 9:15
Set all the test machines to require TLS, check the pings again. 9:15
And I'll set up the machines with invalid certs, ready for tomorrow. 9:15
That is, for today, set all the machines to require TLS, but not to require *valid* TLS - any certificate should be accepted. 9:16
badlopremko: account created
remkobadlop: super, thanks a lot!
badlopejabberd21 s2s requires TLS, with a preliminary patch i wrote yesterday, let's hope it works
badlopset the topic toXMPP Interop Event | 6th - 11th December 2010 | http://wiki.xmpp.org/web/Interop | right now: Test 2 (s2s require TLS)
badlopoh, no room admin here to add to the room subject: | right now: Test 2 (s2s require TLS)
sjoerd.simonshas left
remkohas left
Dave Cridlandbadlop, Yes, PSA mentioned that.
Dave CridlandMorning all, BTW.
Dave CridlandSo, mlinkrelease can't require TLS. It can require a valid cert (ie, one that the chain terminates in a trust anchor), but that's it.
remkohas joined
TobiasDave Cridland: what's the difference? meaning you can't require TLS with an invalid cert or what?
Dave CridlandWell, if you don't do TLS at all, that's still fine. :-)
Tobiasah, right :)
KevOk, I've put up the results stubs for today's tests for severs.
Dave CridlandAnyone desperate to go first?
KevYou started the trend yesterday.
Dave Cridland'kay
Dave CridlandSO let's go.
Dave CridlandSo am I even attempting to test mlinkrelease?
KevTesting against it, but not testing it, according to the wiki page :)
Dave CridlandKev, Is notls up and running?
KevMatt was going to do that yesterday, I don't know if he did.
KevShouldn't be hard to work out, should it?
Dave CridlandWell, I get an error from mlinkrelease.
Dave Cridlandhost-unknown.
Dave CridlandSo that needs to be up later. The problem is that unless this is running, we can't really test that we're unable to connect to it.
KevThis is true.
Dave CridlandWell. Not up later, up now, really. But we'll all have to do the negative testing against it later, I suppose.
Dave CridlandBut anyway, my first lot of results are (unsuprisingly) that mlinkrelease can still connect to everyone.
KevThe telnet says:
<stream:stream id='' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xmlns='jabber:server'><stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>This host does not serve notls.xmpptest.com</text></stream:error></stream:stream>
KevSo yes, not up.
Dave CridlandOK, mlinktrunk connects to everyone except tigasetrunk - which is expected, as tigasetrunk is actually the same as notls is meant to be.
Dave CridlandSo I suggest folk test against the full suite anyway.
KevWell, Tigase isn't quite what notls is meant to be.
Kevnotls is supposed to be XMPP, but not supporting starttls.
KevTigase is doing jabber/0.9 only, isn't it?
Dave CridlandIt has the same effect.
KevIt has the same effect for M-Link :)
Dave CridlandOK, so I'm done anyway. Wiki updated.
Tobiashas left
KevI've updated the testing blurb to indicate that failure against tigasetrunk is required.
Dave CridlandAnyone else having a go?
badlopme, ejabberd21 works with all except tigase, as expected
Dave Cridlandbadlop, Cool, so that patch you did yesterday works?
badlopwell, at least it doesn't break s2s
Kev\o/
louiz’has left
steve.killeShould test 2 be including a server which does not support TLS, and tries to connect to the other servers. It should be required (of the other servers) that they refuse the connection#
KevYes, and it does.
badlopyou mean, if tigase were able to connect to any other now, then there's a bug in that other
Kevnotls (to be set up later when Matt gets up) will be XMPP 1.0 without TLS, and tigasetrunk is XMPP 0.9/Jabber without TLS.
badlopi think steve.kille refers to testing s2s from notls-server --> supposedly-tls-required
KevRight, but that's required to get the iq result.
KevDoing an ping from one server to another requires the setup of streams both ways.
steve.killeKev: I think it would be helpful to clarify thing shojuld not work wiht notls, irrespective of wo initiates.
Dave CridlandThis is true, unless bidi is involved.
Dave CridlandWe can do that one notls is actually up.
Dave Cridlandonce.
Kevsteve.kille: Both parties always initiate (unless bidi is involved).
Dave CridlandKev, Yes, but it won't hurt to test.
Dave CridlandKev, At least one implementation supports bidi, after all.
fippobtw: I tested ssl2 this morning
fippomlinktrunk, mlinkrelease, prosody and psyced kill the connection, ejabberd does not (yet?) work with that s_client version
Dave CridlandReally? I thought we accepted it on inbound, still.
wjthas joined
fippothe v2 client hello probably is
Dave Cridlandfippo, Oh, for sure. But I thought we allowed the protocol inbound too.
fippochecks again
fippoindeed, it fails differently - but still fails
Dave CridlandWell, no SSLv2 in my logs, certainly.
Florianremko: In-Band Registration is enabled :)
Dave CridlandFlorian, Want to see if you can reach anyone from tigasetrunk?
wjtso, does anyone have a xep-0055 directory set up on their interop test-y server?
KevWell, he probably can still reach Prosody, because Matt / waqas aren't about yet.
badloplike vjud.ejabberd21.xmpptest.com ? but s2s to it doesn't work
Kevbadlop: Just because of DNS? I don't mind putting up a record.
wjtbadlop: for instance! i've not been keeping up with this week—have some kind of plague—but presumably we could also register test accounts on ejabberd21.x.c
KevI expect Dave Cridland could also be persuaded to enable -55 on mlinktrunk
Dave CridlandKev, I think it is, actually.
Dave CridlandKev, But probably defaulting to local-searches only.
KevI expect Dave Cridland will have enabled -55 on mlinktrunk.
wjtwell, that's grand. let's see if i can get pochu in here... :)
Dave Cridlandwjt, Our '55 basically allows users to opt-in or opt-out - there's three settings (never visible, visible in local searches, and visible in all searches) plus a default if they don't express a preference.
wjthow do you choose this setting?
Dave Cridlandwjt, Ad-Hoc.
wjtmy very favourite xep
Florianwhy wouldn't I be able to reach people?
wjtwhich we might actually implement support for in the new year
KevFlorian: Because today's tests require TLS for s2s.
Dave Cridlandwjt, M-Link's had ad-hoc controlled user preferences for ages, we use them currently to alloow auto-subscribe, control offline message settings, etc.
Florianah
KevSee the test plan :)
wjtDave Cridland: Oh, I'm sure lots of servers do
Florianwe have a test plan?
wjtDave Cridland: doesn't mean I like it very much ;-)
Dave CridlandFlorian, So if you can reach anyone, then they're broken.
KevYes, it's on the wiki page.
wjtbut I've softened in my opinion on these matters in recent months
KevDave Cridland: Broken, or haven't changet their config for today yet.
Florianok :)
Kevwjt: Ad-hoc as a concept is great, as a protocol is fine, and as a XEP is lacking.
KevYou're free to disagree with me, of course, everyone has the right to be wrong :)
Florianmlinktrunk is broken
KevFlorian: See the note that says that mlinktrunk isn't participating today :)
Dave CridlandKev, I think wjt doesn't like the lack of i18ness.
wjtKev: I think it's hard to make UIs for ad-hoc-style random-dialog-boxes-from-the-server beautiful
Kevwjt: Yes, that's right. For things that aren't really ad-hoc, we have profiles so you can know what to expect (RC, Server admin, for example).
wjti18n is a secondary concern, but this one i really don't mind that much about: in practice, if you're using a server, you probably speak (one of the) same language(s) as its administrator
Florianit says mlinkrelease isn't participating?!
Florianmlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.
KevRight :)
KevSo that'll participate again tomorrow when we require TLS and full cert checking for s2s.
Florianbecause I can connect to mlinktrunk
wjtKev, sure, and that's one of the reasons I've softened my opinion on them :)
KevOh, mlink*trunk*
Florianyes :)
Florian[11:59:00] <Florian> mlinktrunk is broken :)
KevDave Cridland: !
wjtKev: for the common cases, we can do something nice; for uncommon cases, whatever, it's your own fault for doing weird stuff
KevSorry, I just read mlinkrelease without paying attention, my bad.
Florian:)
FlorianI guess service discovery shouldn't work
Florianas that's S2S
KevCorrect.
Florianright :)
Florianso yeah ... trunk is broken :)
KevAlthough you may need to bounce the server to cancel any existing s2s sessions first, possibly.
Florianah
KevDave Cridland will know if he already did that with mlinktrunk, it's his test server.
Florianinteresting ...
FlorianProsody8 gives me a disco title (Server name)
Florianbut no contents
Florianright .. the rest fails
fippoflorian: it's trying to reconnect rather often (every five seconds)
Florianstill now?
fippoyes... let's see if closing the port on my side will stop that
sjoerd.simons@collabora.co.ukhas joined
Dave CridlandOh. So I read Florian's message as saying mlinktrunk was *correctly* broken, but what he meant was it's working.
Dave CridlandFlorian, Ah. WHat server were you connecting *from*?
Florianfippo: it tries to reconnect for a few minutes and then gives up
Florianjabber.me
Floriansame host as tigasetrunk
Dave CridlandRight, but different domain.
Florianright
Florianah ... domain limited?
Dave CridlandI'd configured mlinktrunk to require TLS from *.xmpptest.com
Florianok
Florianlet me test it from there :)
Dave Cridland(Because mlinktrunk is also a vhost)
Florian:)
FlorianTigase might have S2S TLS by the end of the week
KevPerhaps it can pass tomorrow's tests then :)
Dave CridlandGiven that we all fail tomorrow's tests...
Florianyup ... mlinktrunk now fails too :)
Dave Cridland\o/
KevDave Cridland: We all fail *some* of tomorrow's tests, I don't think that stops it being worth testing that everyone passes the bits they think they do.
Florianso the expected result :)
Dave CridlandKev, Right. Or our X.509 team might fix the interesting bug we have. (Which is actually in Sodium CA).
emilio.pozuelo@collabora.co.ukhas joined
emilio.pozuelo@collabora.co.ukhi! I'm implementing contact search in empathy (a client using the Telepathy framework) and wanted to test if it's working... can anybody tell me a server I can test it? thanks!
Dave Cridlandmlinktrunk.xmpptest.com has '55 available on the IM domain.
wjtemilio.pozuelo@collabora.co.uk: there's a big list o' servers on the wiki page
Dave Cridlandemilio.pozuelo@collabora.co.uk, Want to use gabble with password gabble?
emilio.pozuelo@collabora.co.ukDave Cridland: gabble, yes. No idea about the password :)
wjtemilio.pozuelo@collabora.co.uk: (also, if you set an alias in Edit → Personal Information in Empathy, you'll get a nicer nickname in this room next time you join, and look better on people's rosters, too :) )
emilio.pozuelo@collabora.co.ukwjt: I've actually done that twice I think... I wonder why it's not saving it :(
wjtoh, yeah... there's a bug where sometimes the aliases get lost and i don't know why :'(
emilio.pozuelo@collabora.co.ukrestarts empathy to test contact search
emilio.pozuelo@collabora.co.ukhas left
emilio.pozuelohas joined
Dave Cridlandemilio.pozuelo, I'll restart that server in a moment, just to warn you.
Florianhas left
Florianhas joined
Dave CridlandWell, that's interesting. I seem to be failing against ejabberd21
Dave CridlandAh! In fact, I failed this morning, when I look closer. Must have misread.
Dave CridlandNo features, so no TLS:
(13:26:35) Send (214)
<?xml version='1.0'?><stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='ejabberd21.xmpptest.com' from='mlinktrunk.xmpptest.com' version='1.0'>
(13:26:35) Recv (155)
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='855227178'>
Dave CridlandI get TLS inbound, but not outbound.
Kevbadlop: ^
fippowhile wondering why I did not fail I found a bug :-)
Dave CridlandWow, you get bugs too?
fippoI did not assume that tls would be only used in one direction and not in the other
fippowe should get rid of this unidirectional nonsense, that just makes life harder :-)
Florianhas left
Dave CridlandOkay, so my CRL checking is now working.
zashhas joined
emilio.pozuelohas left
emilio.pozuelohas joined
emilio.pozueloo/
zash\o
emilio.pozueloso I'm testing contact search (XMPP 055) on mlinktrunk.xmpptest.com, but I get this error from telepathy-gabble
emilio.pozueloserver is broken: <x> not type='form'
KevIf anyone wants to test against the 'bad' servers, (mismatchcert|revokedcert|selfcert).xmpptest.com are all up. selfcert isn't yet.
Dave Cridlandemilio.pozuelo, Ah, okay... Can you tell me what XML you're seeing?
emilio.pozueloDave Cridland: with our server I didn't get that error (though I got no results): http://people.collabora.co.uk/~pochu/gabble-search-debug.log
fippoKev: what are we supposed to do with in todays setup?
fippowith those
KevNothing.
KevThat was purely for if people wanted to have a play in advance of tomorrow.
fippoKev: I wondered if they should fail for todays test, too
KevNo, they should all pass for today's tests.
KevOr, rather.
KevWith today's configuration, they should all connect. I don't think it's important to test that they do, though.
fippoI tend to disagree when it comes to the mismatched cert :-)
Kevfippo: Right, the point of today was to check that all servers 'can do TLS', and the point of tomorrow is to check that they 'can do TLS right'.
KevThe point of today wasn't really to test that the 'can do TLS wrong'.
emilio.pozueloDave Cridland: do you see anything wrong on the server side, or do you think the client is wrong when reporting that error?
wjtthe type='' attribute is missing from the <x xmlns='...data'/> element returned by the server
Dave Cridlandemilio.pozuelo, Hang on, be with you in a sec.
emilio.pozuelowjt: aha, I see
wjt <xs:attribute name='type' use='required'>
wjtso mlink is violating XEP-0004
Dave CridlandI am the violator. Muahahaha. Etc.
sjoerd.simons@collabora.co.ukhas left
sjoerd.simonshas joined
fippoKev: aye. That reminds me that next time i'll bring a server which will fail unless you send a tlsv1 client hello (good for making sure we don't have servers that do not get s2s-tls-compression)
wjthow many of the test servers support in-band registration (as opposed to Dave-creates-an-account registration)? maybe emilio.pozuelo could try some others :)
Dave Cridlandfippo, You get compression with SSLv3 Hello, too.
fippodave: :-p
Dave Cridlandemilio.pozuelo, Yeah wjt's right, I'm not sending a type on that form.
emilio.pozueloDave Cridland: ok. glad to have contributed my part to find a bug :)
sjoerd.simons@collabora.co.ukhas joined
sjoerd.simons@collabora.co.ukhas left
sjoerd.simons@collabora.co.ukhas joined
Dave Cridlandemilio.pozuelo, Should be fixed now. I think. :-)
emilio.pozuelocool
emilio.pozuelotries again
emilio.pozueloDave Cridland: yay
emilio.pozuelo:D
Dave Cridlandemilio.pozuelo, Works now?
emilio.pozueloDave Cridland: I get the form correctly now, not getting any results though
Dave Cridlandemilio.pozuelo, Ah... I thought it should be working. One sec, let me check the settings,
emilio.pozueloI'm searching for "a"
emilio.pozuelomaybe it's not doing substring searches?
emilio.pozuelothanks
KevYou need a wildcard for a substring search.
Dave CridlandIt's not, actually. That was intentional, but everyone seems to disagree with me. :-)
emilio.pozueloheh
KevIncluding me.
Dave CridlandAlso searchability default was set to off. So let's change that.
KevI'm dubious of the value of search systems that require you to know what the result will be before you can find it.
Dave CridlandOK, that should have updated. Try searching for yourself.
Kev:)
zashfor char in {a..z}; do search $char*; done # userdb acquired
Kevzash: There's an assumption that server admins aren't likely to be enabling this for global search on the Internet :)
Dave Cridlandzash, Nah, wouldn't find all the Russians.
emilio.pozueloDave Cridland: I cannot find myself, heh :)
Dave Cridlandemilio.pozuelo, Oh, bugger. I'll look after I've done the school run.
emilio.pozueloDave Cridland: sure. thanks!
Dave CridlandOh, that's annoying, sorry. It's finding people as an operator, so it';s a permissioning issue. I'll look into this properly in about an hour.
emilio.pozueloargh, none of the other servers seem to support XEP-0055
emilio.pozueloDave Cridland: ok. ping me when you've looked at it and I'll be happy to test again :)
Dave Cridlandemilio.pozuelo, THey may do on a different service domain, though? M-Link's unusual in putting it on the actual IM domain.
emilio.pozueloDave Cridland: no idea... I'm trying the servers mentioned in http://wiki.xmpp.org/web/Interop#2010_Server_Interop_Participation
zashat least ejabberd usualy has it on a subdomain, and prosody doesnt have it at all
Florianhas joined
badlopvjud.ejabberd21 works for local users, it has at least vcard of user "badlop", but fails over s2s due to missing dns i think
badlopDave Cridland: I seem to be failing against ejabberd21 <-- fixed that problem, now it advertizes 1.0 and starttls feature
fippobadlop: works for me with tls on both connections
fippoand fails with ssl2 :-)
MattJhas joined
Flohas joined
Dave Cridlandbadlop, Brilliant, I'll retest in a sec.
Dave Cridland[15:47:57] Ping?
[15:47:59] Pong! (2.39 s.)
Dave Cridland\o/ ejabberd21 works. Now have a clean sweep.
KevSo that's everyone except Prosody, and I see we have a MattJ now, so hopefully that will follow.
MattJIndeed
MattJSorry my presence is a bit sporadic, family member ill
KevSorry to hear it.
MattJAs long as I'm not coming down with it, I'll get the tests done shortly... :)
steve.killeDid we hear back from any other servers (I was thinking specifically of Openfire and Coversant)
sjoerd.simons@collabora.co.uksteve.kille: i was unrelatedly talking to an openfire developer last week, he said they unfortunatly didn't have time to join the interop event this week
steve.killepity
Dave Cridlandemilio.pozuelo, So, you can now find things in XEP-0055. SEarching for, for example "collabora" as the surname will find your account. Or search for "cridland", or "*a*" or whatever.
Dave Cridlandemilio.pozuelo, But FWIW, there's a surname on every account in the system, thanks to the X.500 DSA that requires every person to have a surname.
wjtI know someone who doesn't have a surname. :P
Dave Cridlandwjt, They cannot exist. X.500 is all-knowing.
zashHaha
sjoerd.simons@collabora.co.ukhas left
Dave Cridlandwjt, emilio.pozuelo - Can Gabble/Telepathy/Empathy do strong authentication, by the way?
Sjoerdhas joined
wjtDave Cridland: pass. I assume “strong” is a mechanism? :p
Dave Cridlandwjt, emilio.pozuelo - As in, can I give it a client certificate for use with TLS?
wjtSjoerd: ^^ you had a cunning plan for something related to this?
wjtDave Cridland: I don't thing so currently
Dave Cridlandwjt, Sorry, being all X.509y. X.509 defined two kinds of authentication "Simple" - username and password - and "Strong" - certificates.
Sjoerdclient certificates for autentication ? no we don't do that
emilio.pozueloDave Cridland: hmm, doesn't seem to be working yet :( http://fpaste.org/f3Dp/
emilio.pozuelothis looks suspicious:
Dave CridlandDoes anyone else? (I know Swift does, and Gajim might)
wjtemilio.pozuelo: now that sounds like a gabble bug :)
emilio.pozuelowjt: will you look at it for me? :)
Sjoerdmlink doesn't set type=result in the iq
wjtnor it does. okay, not our bug again :D
Dave CridlandWow. Okay, that's fun. I wonder why nothing else has spotted that one?
emilio.pozuelooh
Sjoerd * x xmlns='jabber:x:data' type='result'
Sjoerdseems like the attribute is added to the wrong node... ?
wjtno, that's correct
Dave CridlandSjoerd, No, that's a form type. Meant to be there.
Sjoerdah ok
Sjoerddoesn't know data forms
Sjoerdjust seemed suspicious
SjoerdI'm gonna guess nobody noticed it because we're the only ones pedantic enough to both check type=result and the id matching instead of just matching the id?
wjtis out of here to do some anti-plague sleeping
wjthas left
Dave Cridlandemilio.pozuelo, Ah! You're doing this from a remote account, right.
emilio.pozueloDave Cridland: yes, from a collabora.co.uk one
Dave Cridlandemilio.pozuelo, Not tried that much. So yes, you won't find much (because it's local-only by default) and yes, there is indeed a bug there. Use gabble@mlinktrunk.xmpptest.com password gabble
KevSjoerd: Do you check the from= as well as type= and id=? I'm guessing you do, but just checking because you didn't mention it...
SjoerdKev: we do
KevJolly good :)
Dave CridlandSjoerd, It's because I think you're the first people to seriously use my '55 code remotely.
Sjoerdfair enough ;)
emilio.pozueloDave Cridland: if you want you can open it for remote connections and I'll find all the bugs ;)
Dave Cridlandemilio.pozuelo, Oh, it's certainly opened, but the problem is that the accounts aren't searchable by default from remote connections (ie, they won't appear in results)
Dave Cridlandemilio.pozuelo, It's done this way so that in an enterprise setting, everyone can be searchable locally, but some people (sales staff, perhaps) can be searchable remotely. Or so that a large public server could have a purely opt-in search.
Asterixhas joined
emilio.pozueloDave Cridland: oh, I see
emilio.pozueloso you can make people be searchable from the outside on a case by case basis?
Dave CridlandYes.
Dave Cridlandemilio.pozuelo, Controlled by an ad-hoc they can use.
Dave Cridlandthinks standardizing the user prefs ad-hoc would actually be rather useful.
zashDave Cridland: nice
emilio.pozueloDave Cridland: so perhaps you can set a couple of test accounts to be searchable from the outside?
Dave CridlandTry now.
emilio.pozuelowith emilio.pozuelo ?
Dave CridlandActually, hang on, and I'll fix that bug.
Dave CridlandOK. Remote searching should now work *and* have results. Search for a Family Name of *a*, for instance.
emilio.pozuelotries
emilio.pozuelohas left
MattJDave Cridland, I agree re. user prefs - I plan to do the same thing in Prosody
Dave CridlandMattJ, XEP-tastic, then. I'll draft something up.
emilio.pozuelohas joined
emilio.pozuelo\o/ it works! :D
Dave Cridlandemilio.pozuelo, Thanks for the help.
KevMattJ / Dave Cridland: The vague problem here is that user prefs really are ad-hoc, all servers are going to support different ones, I'd have thought.
KevUnless you're intending some 'more defined than ad-hoc, but still undefined' thing.
MattJIndeed, I don't think Prosody would define /any/ in core, it would depend on loaded modules
zashJust a registry so people can use the name var-names ?
zashfor the same functions *
zash(like muc config forms)
MattJThat might work - for many of them
Dave CridlandKev, I'm not so sure. We can have a specific well-known command, so that clients can place it into the UI, much like vCard editing. And well-known field-names allow common options, even if servers also support others (and may not support those)
KevJust having the user config commands on a different node from server admin commands would be fairly nice.
Dave CridlandMattJ, Oh, forgot to ask - prosody8 - S2S 198 enabled?
MattJeh, no - dare I? I wonder :)
Dave CridlandMattJ, Worth a go, I think. mlinktrunk should work with it.
Dave CridlandMattJ, And if we spin up a Swift on both prosody8 and mlinktrunk, that'd mean we could have an end-to-end 198 chat.
MattJ:)
Dave CridlandSimon Josefsson, You about?
MattJBouncing prosody8
MattJShould have 198 now
MattJSigning in with Swift
Kevcheers
MattJActually I think I ought to update it first
MattJLocked up on sign-in :)
MattJOh no, it's back
MattJJust acting oddly
MattJAye, HEAD pre beta7 :)
KevAre you on something Ubuntuy?
KevIf so, there are nightlies you could use.
KevSaves the effort of compiling it.
MattJOoh, that would be nice
KevLucid or Maverick?
MattJIt does take an age to compile on here
MattJLucid
Kevdeb http://swift.im/packages/ubuntu/lucid development main
Kevhttps://www.swift.im/keys/packages.key
Florianhas left
Dave CridlandFor the record, Simon Josefsson and I have just successfully interop tested SCRAM-SHA1-PLUS with channel bindings.
MattJNice :)
Dave Cridlandremko, Kev - time to update Swift to do Channel bindings too?
MattJTobias is working on channel binding, but not ready yet
MattJ!slap Kev
Kanchilslaps Kev with large trout
remkobtw, swift beta8 will not do the tls checking
MattJI have terminals in one workspace, and chat clients on another
remkoneither do the development versions btw, i commented the check, because we need a gui for trusting a cert
MattJwhen I start any client from the terminal, I hit enter and switch to the right workspace
MattJSwift is the only one that appears before I can switch
Simon JosefssonThanks Dave. I'm going to do a stable GNU SASL release with SCRAM-SHA-1-PLUS in it now.
remkoMattJ: heh :)
zashMattJ: dmenu!
remkoDave Cridland: as soon as i understand what channel bindings are ;-)
MattJDave Cridland, ok, matthew@prosody8.xmpptest.com is c2s and s2s 198-enabled
stpeterhas joined
Dave Cridlandremko, They're little leather straps to hold the channel in place.
Dave Cridlandremko, Very fashionable.
remkooo, sounds compelling
remkowill this require us to use GNU SASL?
remkoor cyrus or whatever
zashGNU SASL?
remkoany external SASL library
Dave Cridlandremko, No, Polymer implements its own, for instance.
remkoic
Dave Cridlandremko, You just need to get the channel binding name for the TLS channel, which you do by getting the Finished messages from OpenSSL, basically.
remko*nod*
Dave Cridlandhttp://tools.ietf.org/html/rfc5929#section-3 <- that's the channel binding code. SSL_get_finished() will do it if you're not doing session resumption.
Dave CridlandMattJ, OK, so admin@mlinktrunk.xmpptest.com sent you a subscription request. I see 198 enabling on S2S, and an ack coming back.
remkoDave Cridland: cool, thanks
MattJfrowns
MattJSwift stopped repainting for some reason, works again now
MattJ198 is nice, makes me want to use it for my main account...
emilio.pozuelohas left
Flo+1
KevMattJ: You'll have to switch to Swift. Like you promised :)
Asterixho! Are you going to do infidelity to Gajim? ;)
Dave CridlandAsterix, We'll just add 198 to Gajim, don't worry.
remkohas left
Asterix:)
emilio.pozuelohas joined
Dave CridlandMattJ, Right, so I know what the issue was with our last test, now. M-Link doesn't request acks with every stanza, only when the link is idle - it's really hoping that you'll proactively ack stanzas, to reduce bandwidth.
emilio.pozuelohas left
emilio.pozuelohas joined
emilio.pozuelohas left
MattJDave Cridland, well I won't :)
Dave CridlandMattJ, So in our original tests, we simply never left the link idle for longer than a minute for M-Link to decide to requst an ack. The strategy works well for C2S links where there's traffic in both directions, but not so well on unidirectional S2S links.
MattJRight
Dave CridlandMattJ, Right - on unidirectional links there's little benefit, since you're never "writing anyway".
MattJand if you did resumption, this wouldn't be an issue
emilio.pozuelohas joined
Dave CridlandMattJ, No, it'd still be an issue - we're building up a massive stash of unacked stanzas. :-)
MattJNot a protocol issue :)
Dave CridlandRight.
Dave CridlandSo, let me test that we are *ever* asking for acks...
Dave CridlandThere, we are. So I can fix this behaviour simply.
emilio.pozuelohas left
Sjoerdhas left
sjoerd.simonshas joined
Dave CridlandOK, so that fix works.
Dave CridlandSo, Me <-- 198/C2S --> mlinktrunk <-- 198/S2S --> prosody8 <-- 198/C2S --> MattJ
Dave CridlandMission accomplished. :-)
MattJI'd reply if Swift was responding :)
MattJI can't work out what it's up to
Dave CridlandMattJ, Oh. Kill it and make it work, otherwise it's a little tricky to describe this as an actual success.
emilio.pozuelohas joined
emilio.pozuelohas left
stpeterhmph, I love it how certain services don't let you have passwords longer than 20 characters
Dave Cridlandstpeter, My gripes are usually the exact opposite.
stpeterI create 28-character passwords
Dave Cridlandstpeter, "Please supply an unusual password that you cannot remember and will have to write down somewhere."
steve.killehas left
stpeterwell, all for naught -- I can't log into Skype from my current location anyway ;-)
stpeterhow's the 198 interop?
zashstpeter: \o/ skype must die! ;)
stpeterI need to review the list threads and the submitted patch for that one
stpeterzash: indeed
Dave Cridlandstpeter, Getting there.
zashIs there tools for killing a TCP from under the server/client[s]?
Dave Cridlandzash, I used to have some. They were fun. I suppose I still could use those, by sitting on the router. In the good old days, people trusted RST packets wherever they actually came from, as long as the addresses looks okay.
Dave CridlandOf course, when I say "good"...
steve.killehas joined
emilio.pozuelohas joined
emilio.pozuelohas left
emilio.pozuelohas joined
emilio.pozuelohas left
emilio.pozuelohas joined
emilio.pozuelohas left
remkohas joined
remkoright, let's see what this interop thing is all about
emilio.pozuelohas joined
MattJremko, you need an account on prosody8?
remkoyes please
MattJk
remkowell
remkowhatever prosody you want me to test against :)
MattJDone
Flohas left
emilio.pozuelohas left
remkoprosody and mlink = success
emilio.pozuelohas joined
remkoseeing some interesting problems with notls and ejabberd, the interop is already a success :)
emilio.pozuelohas left
emilio.pozuelohas joined
steve.killeIs someone going to write up the client results so far?
steve.killeThe client Wiki looks very blank
remkoi just started with swift
remkoi'm going to write it up when i'm done
steve.killelovely
steve.killeAre you the only client?
zashAsterix with Gajim too
remkomany others are subscribed at least
remkothe client stuff was only published today i think
remkobrb
remkohas left
zashand telepathy, and some other
Kevremko: I put the up client tests yesterday morning at the same time as the server ones :)
emilio.pozuelohas left
emilio.pozuelohas joined
remkohas joined
emilio.pozuelohas left
badlopfippo: you asked yesterday:
[2010-12-08 22:30:30]<fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from ejabberd21.xmpptest.com?
badlopthat works for me now, can you verify?
fippobadlop: works
badlopok, thanks
sjoerd.simonshas left
sjoerd.simonshas joined
remkohas left
remkohas joined
sjoerd.simonshas left
Florobhas joined
remkowhat's this notls.xmpptest.com about?
remkois this a server, or are the servers in the subdomain?
Florobremko, that's a server AFAIK.
remkoit's not serving the domain though
KevIt's a server that MattJ hasn't set up yet.
remkoif i connect to notls.xmpptest.com, it says that it's not serving that domain
remkook
remkointeresting enough, this is triggering a bug :)
remkoso, anyone from psyced or tigase around?
fipporemko: yep
remkofippo: could i get an account on psyced?
fipporemko: sure, but unless swift does irc it won't be very useful :-)