XMPP Service Operators - 2014-02-22

Hi, I hope today goes well.

I've just opened my server to full federation (allow all). It has required ssl on c2s and s2s, only problem is I've got a self-sighned cert.

Also I have ejabberd stuns required.

Also, I was at a rave last night!

but that's irrelevant.

What do you all expect from today?

Is this where things will be co-ordinated?

and tested?

and reported?

OK, I'll be back

later

.

Hi again, am looking at the various results from https://xmpp.net/list.php

Some servers, respect client cipher ordering.. How to avoid this?

The server I operate, ejabberd, unfortunately respects client cipher ordering.

Anybody from ejabberd devs who can help with this?

Yeah, I was hoping ejabberd might release some new software for today.

I think the respect of client cipher ordering has to do with open ssl. Is this correct?

Well, I hope things will liven up later today.

Ejabberd 13.12 has cipher odering options. Unfortunately I am using the freebsd current port, ejabberd 2.1.13.

I see jabber.calyxinstitute.org use Prosody to enforce OTR. Can this be done with ejabberd? See https://xmpp.net/result.php?domain=jabber.calyxinstitute.org&type=client and https://twitter.com/search?q=xmpp&src=typd

opps

Previous 2 messages here not showing

I didn't know that jitsi.org is part of google. Did you?

https://xmpp.net/result.php?domain=jitsi.org&type=client

gio@jit.si, no, ejabberd cannot do this

well, if someone were to write a module for it, maybe

Hi mathiuei, you use ejabberd?

My messages are not visible to me unless I quit adium and restart.

weird

and no, I use prosody

Were you around at the first encrypt all xmpp connections day?

yes

not specifically here, but yes

I've been scanning the various mailing lists but I haven't seen any particular plan or co-ordinated plan of action for today. I wasn't around on day1.

well, the plan is here http://xmpp.org/2014/02/second-security-test-day/

there isn’t much to do except wait & see

Ok, maybe its early..

and yes, US isn’t awake yet

zzz, I think I'll go for a rest and come back later. Nice to speak to you. Catch you later in the day.

see ya

I'm in GMT, London. You? France?

yes, france

Cool, yeah, I just checked your xmpp profile.

I don't know this "Poezio" client. Sounds good.

Looks ok for command line access. I've been using irssi-xmpp plugin, but not otr available there for now.

Anyhow, only dependency on US is DNS.

zzz.

How is everyone's XMPP security testing going?

So so. I can't force OTR on the ejabberd server. I can't force server based cipher ordering via current openssl on freebsd, so not so good for me.

Well, my @gmail.com xmpp contacts still breaks :) By the way, are we testing enforcing proper certs too today?

I haven't tried xmpp to gmail/google chat. I read google weren't using s2s ssl encryption. I think part of the plan is to test valid certs, thought I haven;t got one. A big F for me.

gio: which xmpp server are you using?

ejabberd.

have you tried ejabberd to gmail/google chat gateway?

nope - tried working on Ejabberd a lot a long time ago.

used it for buddycloud stuff for about a year.

and your favorite now? Prosidy?

Prosody for smaller sites.

and for bigger sites?

Tigase for larger sites.

ok.

I know Ejabberd claims amazing scalability etc, but Tigase really delivers it.

I am looking at tigase.org website now. It promotes it's ability to handle large-scale use. Though if general federation works not so important for small scale servers.

What I like is the possibilty of enforced OTR.

which my ejabberd server does not do.

As I have very few users of my xmpp server, at what point does clustering become relevant, in terms of quantity of users? Sure I would set up a second or third xmpp back server, but on a signe server (I have never tried to stress test)

but on a single server at how many users start to slow things down, in general?

gio - user counts really only influence memory use. It's what the users are doing.

gio@jit.si, clustering becomes relevant when you start hittling more than thousands of concurrent users that do things, on a decent server

hitting*

Well, for now I don't need to worry!

Tigase and their clustering components will get you up to the 10M user mark

Although there is a plan to setup new open xmpp service with provisioning for jitsi client.

I'd really like to include a hosted version of jitsi on the buddycloud hosted servers

"sign-up for buddycloud, get hosted jitsi on your domain too."

I see, but I don't yet understand all the advantages of provisioning.

basically it's a "just add these dns records and you will have XMPP+buddycloud+oTalk(+jitsi)."

I see, but can;t that be done on "first connection"?

it would be - but it needs to be running and working for any domain that signs up.

that's the provisioning bit.

I see.

Offering xmpp to any domain.

yes

Simon: is that "provisioning" thing possible?

aryo: we've built it and are working to get it deployed now. If you are interested, here's the code: https://github.com/buddycloud/hosting

actually buddycloud is too much for me

offering XMPP to any registered domain, that is good idea

aRyo - for sure - some will use it. Some not. Nobody is forcing anyone.

yes, it can be an option for them

Hi. I have a server that wanted to test for this test day, but the test service in xmpp.net is giving me " "" is not a valid domain name. "

I tried with another xmpp server and its the same. Is there any problem with the tester?

Now its back.