-
gio@jit.si
Hi, I hope today goes well.
-
gio@jit.si
I've just opened my server to full federation (allow all). It has required ssl on c2s and s2s, only problem is I've got a self-sighned cert.
-
gio@jit.si
Also I have ejabberd stuns required.
-
gio@jit.si
Also, I was at a rave last night!
-
gio@jit.si
but that's irrelevant.
-
gio@jit.si
What do you all expect from today?
-
gio@jit.si
Is this where things will be co-ordinated?
-
gio@jit.si
and tested?
-
gio@jit.si
and reported?
-
gio@jit.si
OK, I'll be back
-
gio@jit.si
later
-
gio@jit.si
.
-
gio@jit.si
Hi again, am looking at the various results from https://xmpp.net/list.php
-
gio@jit.si
Some servers, respect client cipher ordering.. How to avoid this?
-
gio@jit.si
The server I operate, ejabberd, unfortunately respects client cipher ordering.
-
gio@jit.si
Anybody from ejabberd devs who can help with this?
-
gio@jit.si
Yeah, I was hoping ejabberd might release some new software for today.
-
gio@jit.si
I think the respect of client cipher ordering has to do with open ssl. Is this correct?
-
gio@jit.si
Well, I hope things will liven up later today.
-
gio@jit.si
Ejabberd 13.12 has cipher odering options. Unfortunately I am using the freebsd current port, ejabberd 2.1.13.
-
gio@jit.si
I see jabber.calyxinstitute.org use Prosody to enforce OTR. Can this be done with ejabberd? See https://xmpp.net/result.php?domain=jabber.calyxinstitute.org&type=client and https://twitter.com/search?q=xmpp&src=typd
-
gio@jit.si
opps
-
gio@jit.si
Previous 2 messages here not showing
-
gio@jit.si
I didn't know that jitsi.org is part of google. Did you?
-
gio@jit.si
https://xmpp.net/result.php?domain=jitsi.org&type=client
-
mathieui
gio@jit.si, no, ejabberd cannot do this
-
mathieui
well, if someone were to write a module for it, maybe
-
gio@jit.si
Hi mathiuei, you use ejabberd?
-
gio@jit.si
My messages are not visible to me unless I quit adium and restart.
-
mathieui
weird
-
mathieui
and no, I use prosody
-
gio@jit.si
Were you around at the first encrypt all xmpp connections day?
-
mathieui
yes
-
mathieui
not specifically here, but yes
-
gio@jit.si
I've been scanning the various mailing lists but I haven't seen any particular plan or co-ordinated plan of action for today. I wasn't around on day1.
-
mathieui
well, the plan is here http://xmpp.org/2014/02/second-security-test-day/
-
mathieui
there isn’t much to do except wait & see
-
gio@jit.si
Ok, maybe its early..
-
mathieui
and yes, US isn’t awake yet
-
gio@jit.si
zzz, I think I'll go for a rest and come back later. Nice to speak to you. Catch you later in the day.
-
mathieui
see ya
-
gio@jit.si
I'm in GMT, London. You? France?
-
mathieui
yes, france
-
gio@jit.si
Cool, yeah, I just checked your xmpp profile.
-
gio@jit.si
I don't know this "Poezio" client. Sounds good.
-
gio@jit.si
Looks ok for command line access. I've been using irssi-xmpp plugin, but not otr available there for now.
-
gio@jit.si
Anyhow, only dependency on US is DNS.
-
gio@jit.si
zzz.
-
Simon
How is everyone's XMPP security testing going?
-
gio@jit.si
So so. I can't force OTR on the ejabberd server. I can't force server based cipher ordering via current openssl on freebsd, so not so good for me.
-
andol
Well, my @gmail.com xmpp contacts still breaks :) By the way, are we testing enforcing proper certs too today?
-
gio@jit.si
I haven't tried xmpp to gmail/google chat. I read google weren't using s2s ssl encryption. I think part of the plan is to test valid certs, thought I haven;t got one. A big F for me.
-
Simon
gio: which xmpp server are you using?
-
gio@jit.si
ejabberd.
-
gio@jit.si
have you tried ejabberd to gmail/google chat gateway?
-
Simon
nope - tried working on Ejabberd a lot a long time ago.
-
Simon
used it for buddycloud stuff for about a year.
-
gio@jit.si
and your favorite now? Prosidy?
-
Simon
Prosody for smaller sites.
-
gio@jit.si
and for bigger sites?
-
Simon
Tigase for larger sites.
-
gio@jit.si
ok.
-
Simon
I know Ejabberd claims amazing scalability etc, but Tigase really delivers it.
-
gio@jit.si
I am looking at tigase.org website now. It promotes it's ability to handle large-scale use. Though if general federation works not so important for small scale servers.
-
gio@jit.si
What I like is the possibilty of enforced OTR.
-
gio@jit.si
which my ejabberd server does not do.
-
gio@jit.si
As I have very few users of my xmpp server, at what point does clustering become relevant, in terms of quantity of users? Sure I would set up a second or third xmpp back server, but on a signe server (I have never tried to stress test)
-
gio@jit.si
but on a single server at how many users start to slow things down, in general?
-
Simon
gio - user counts really only influence memory use. It's what the users are doing.
-
mathieui
gio@jit.si, clustering becomes relevant when you start hittling more than thousands of concurrent users that do things, on a decent server
-
mathieui
hitting*
-
gio@jit.si
Well, for now I don't need to worry!
-
Simon
Tigase and their clustering components will get you up to the 10M user mark
-
gio@jit.si
Although there is a plan to setup new open xmpp service with provisioning for jitsi client.
-
Simon
I'd really like to include a hosted version of jitsi on the buddycloud hosted servers
-
Simon
"sign-up for buddycloud, get hosted jitsi on your domain too."
-
gio@jit.si
I see, but I don't yet understand all the advantages of provisioning.
-
Simon
basically it's a "just add these dns records and you will have XMPP+buddycloud+oTalk(+jitsi)."
-
gio@jit.si
I see, but can;t that be done on "first connection"?
-
Simon
it would be - but it needs to be running and working for any domain that signs up.
-
Simon
that's the provisioning bit.
-
gio@jit.si
I see.
-
gio@jit.si
Offering xmpp to any domain.
-
Simon
yes
-
aRyo
Simon: is that "provisioning" thing possible?
-
Simon
aryo: we've built it and are working to get it deployed now. If you are interested, here's the code: https://github.com/buddycloud/hosting
-
aRyo
actually buddycloud is too much for me
-
aRyo
offering XMPP to any registered domain, that is good idea
-
Simon
aRyo - for sure - some will use it. Some not. Nobody is forcing anyone.
-
aRyo
yes, it can be an option for them
-
hugo
Hi. I have a server that wanted to test for this test day, but the test service in xmpp.net is giving me " "" is not a valid domain name. "
-
hugo
I tried with another xmpp server and its the same. Is there any problem with the tester?
-
hugo
Now its back.