XMPP Service Operators - 2014-02-22

  1. gio@jit.si

    Hi, I hope today goes well.

  2. gio@jit.si

    I've just opened my server to full federation (allow all). It has required ssl on c2s and s2s, only problem is I've got a self-sighned cert.

  3. gio@jit.si

    Also I have ejabberd stuns required.

  4. gio@jit.si

    Also, I was at a rave last night!

  5. gio@jit.si

    but that's irrelevant.

  6. gio@jit.si

    What do you all expect from today?

  7. gio@jit.si

    Is this where things will be co-ordinated?

  8. gio@jit.si

    and tested?

  9. gio@jit.si

    and reported?

  10. gio@jit.si

    OK, I'll be back

  11. gio@jit.si


  12. gio@jit.si


  13. gio@jit.si

    Hi again, am looking at the various results from https://xmpp.net/list.php

  14. gio@jit.si

    Some servers, respect client cipher ordering.. How to avoid this?

  15. gio@jit.si

    The server I operate, ejabberd, unfortunately respects client cipher ordering.

  16. gio@jit.si

    Anybody from ejabberd devs who can help with this?

  17. gio@jit.si

    Yeah, I was hoping ejabberd might release some new software for today.

  18. gio@jit.si

    I think the respect of client cipher ordering has to do with open ssl. Is this correct?

  19. gio@jit.si

    Well, I hope things will liven up later today.

  20. gio@jit.si

    Ejabberd 13.12 has cipher odering options. Unfortunately I am using the freebsd current port, ejabberd 2.1.13.

  21. gio@jit.si

    I see jabber.calyxinstitute.org use Prosody to enforce OTR. Can this be done with ejabberd? See https://xmpp.net/result.php?domain=jabber.calyxinstitute.org&type=client and https://twitter.com/search?q=xmpp&src=typd

  22. gio@jit.si


  23. gio@jit.si

    Previous 2 messages here not showing

  24. gio@jit.si

    I didn't know that jitsi.org is part of google. Did you?

  25. gio@jit.si


  26. mathieui

    gio@jit.si, no, ejabberd cannot do this

  27. mathieui

    well, if someone were to write a module for it, maybe

  28. gio@jit.si

    Hi mathiuei, you use ejabberd?

  29. gio@jit.si

    My messages are not visible to me unless I quit adium and restart.

  30. mathieui


  31. mathieui

    and no, I use prosody

  32. gio@jit.si

    Were you around at the first encrypt all xmpp connections day?

  33. mathieui


  34. mathieui

    not specifically here, but yes

  35. gio@jit.si

    I've been scanning the various mailing lists but I haven't seen any particular plan or co-ordinated plan of action for today. I wasn't around on day1.

  36. mathieui

    well, the plan is here http://xmpp.org/2014/02/second-security-test-day/

  37. mathieui

    there isn’t much to do except wait & see

  38. gio@jit.si

    Ok, maybe its early..

  39. mathieui

    and yes, US isn’t awake yet

  40. gio@jit.si

    zzz, I think I'll go for a rest and come back later. Nice to speak to you. Catch you later in the day.

  41. mathieui

    see ya

  42. gio@jit.si

    I'm in GMT, London. You? France?

  43. mathieui

    yes, france

  44. gio@jit.si

    Cool, yeah, I just checked your xmpp profile.

  45. gio@jit.si

    I don't know this "Poezio" client. Sounds good.

  46. gio@jit.si

    Looks ok for command line access. I've been using irssi-xmpp plugin, but not otr available there for now.

  47. gio@jit.si

    Anyhow, only dependency on US is DNS.

  48. gio@jit.si


  49. Simon

    How is everyone's XMPP security testing going?

  50. gio@jit.si

    So so. I can't force OTR on the ejabberd server. I can't force server based cipher ordering via current openssl on freebsd, so not so good for me.

  51. andol

    Well, my @gmail.com xmpp contacts still breaks :) By the way, are we testing enforcing proper certs too today?

  52. gio@jit.si

    I haven't tried xmpp to gmail/google chat. I read google weren't using s2s ssl encryption. I think part of the plan is to test valid certs, thought I haven;t got one. A big F for me.

  53. Simon

    gio: which xmpp server are you using?

  54. gio@jit.si


  55. gio@jit.si

    have you tried ejabberd to gmail/google chat gateway?

  56. Simon

    nope - tried working on Ejabberd a lot a long time ago.

  57. Simon

    used it for buddycloud stuff for about a year.

  58. gio@jit.si

    and your favorite now? Prosidy?

  59. Simon

    Prosody for smaller sites.

  60. gio@jit.si

    and for bigger sites?

  61. Simon

    Tigase for larger sites.

  62. gio@jit.si


  63. Simon

    I know Ejabberd claims amazing scalability etc, but Tigase really delivers it.

  64. gio@jit.si

    I am looking at tigase.org website now. It promotes it's ability to handle large-scale use. Though if general federation works not so important for small scale servers.

  65. gio@jit.si

    What I like is the possibilty of enforced OTR.

  66. gio@jit.si

    which my ejabberd server does not do.

  67. gio@jit.si

    As I have very few users of my xmpp server, at what point does clustering become relevant, in terms of quantity of users? Sure I would set up a second or third xmpp back server, but on a signe server (I have never tried to stress test)

  68. gio@jit.si

    but on a single server at how many users start to slow things down, in general?

  69. Simon

    gio - user counts really only influence memory use. It's what the users are doing.

  70. mathieui

    gio@jit.si, clustering becomes relevant when you start hittling more than thousands of concurrent users that do things, on a decent server

  71. mathieui


  72. gio@jit.si

    Well, for now I don't need to worry!

  73. Simon

    Tigase and their clustering components will get you up to the 10M user mark

  74. gio@jit.si

    Although there is a plan to setup new open xmpp service with provisioning for jitsi client.

  75. Simon

    I'd really like to include a hosted version of jitsi on the buddycloud hosted servers

  76. Simon

    "sign-up for buddycloud, get hosted jitsi on your domain too."

  77. gio@jit.si

    I see, but I don't yet understand all the advantages of provisioning.

  78. Simon

    basically it's a "just add these dns records and you will have XMPP+buddycloud+oTalk(+jitsi)."

  79. gio@jit.si

    I see, but can;t that be done on "first connection"?

  80. Simon

    it would be - but it needs to be running and working for any domain that signs up.

  81. Simon

    that's the provisioning bit.

  82. gio@jit.si

    I see.

  83. gio@jit.si

    Offering xmpp to any domain.

  84. Simon


  85. aRyo

    Simon: is that "provisioning" thing possible?

  86. Simon

    aryo: we've built it and are working to get it deployed now. If you are interested, here's the code: https://github.com/buddycloud/hosting

  87. aRyo

    actually buddycloud is too much for me

  88. aRyo

    offering XMPP to any registered domain, that is good idea

  89. Simon

    aRyo - for sure - some will use it. Some not. Nobody is forcing anyone.

  90. aRyo

    yes, it can be an option for them

  91. hugo

    Hi. I have a server that wanted to test for this test day, but the test service in xmpp.net is giving me " "" is not a valid domain name. "

  92. hugo

    I tried with another xmpp server and its the same. Is there any problem with the tester?

  93. hugo

    Now its back.