XMPP Service Operators - 2021-04-03

Hello! :D

For some reason it says my security cert is invalid or wrong but it's working and The Freaks Club XMPP works! I think I still have more to do but, progress is made.

What server?

https://chat.tfc.im/ ? Is not reachable from the browser.

Nah, tfc.im is down for now.

I've got a *.thefreaks.club AlphaSSL / GlobalSign cert. It's good until mid-June. Also, wth did you find tfc.im? Lol

Search engine, found a website and from there a link.

You posted > The Freaks Club XMPP works!

I have to update all of that. Nearly forgot.

I was using tfc.im for matrix but decided branding and promotion would be better to stick with thefreaks.club for everything. And, to wait until Dendrite is stable to bother with Matrix again.

Hey, does there happen to be any PSI devs in here?

PSI+ *

You defently have a cert problem with you setup: https://www.xmpp.net/result.php?domain=thefreaks.club&type=client

Dont really know what thst means.. The root ca is not trusted?

unable to verify the first certificate

My client told me the CA was unknown which I thought was odd because I've been using it on the website for nearly a year now with no problems in FF, Brave, or Epiphany. Maybe I have the config pointing to one of the wrong files?

Xmpp.net says the same but the cert chain is there.. So I don't know. Or is there another intermediate between your cert and AlphaSSL CA - SHA256 missing?

Just switched something. Checking logs

Just want to double check, X509 = key and PKCS7 = certificate, right?

Just went back to the stores site to "get certs" and those are the two text-walls it shows me.

I do believe AlphaSSL is the intermediate CA.

No idea. I thought X509 is how you get certs and PKCS7 is the storage format.. But I know nothing of it.. I just use let's encrypt 😅

Yeah... I got this wildcard for $40 last year. I figure

I figured* at the time it'd be easier to just have that one for a full year rather than play around with LE every 60-89 days or learn how to write a script to auto-renew.

Maybe because I reissued them these ones are no good? I had an issue before which is why I reissued in the first place.

Also, I'd set up DNSsec but I'm afraid I'll irrevocably mess everything up. Once I know what I'm doing or find someone who does then I'll be glad to. Heh.

> .... or learn how to write a script to auto-renew. Just a single line in crontab isn't for real a script 😉

andrey.utkin: I think xmpp.love is a crawler

Does anyone know how would I retrieve the contact addresses for XEP-0157? I want to contact some ops about spam before blocking their domains.

Amolith: XML console, eg. Gajim

Also may be relevant https://github.com/JabberSPAM/blacklist

Yep, I'm contacting the addresses not listed there before opening an issue

https://bin.nixnet.services/?430b1b01d204559c#9vkKtzT9sUY4S8kXyBBpWDnGP5hzEGrXv9VcCEXYV2F2

Now That I think about it the blacklist repo could contain instructions on how to contact

Also the name... So not 2021 now ;)

I have no idea how to use this console 😅

Amolith: put XML because that's what you do :)) ✏

Well yes but I don't know what to write :P

Ah I think I got it. There's an example query on the XEP's page

Amolith: exactly. If it doesn't work paste what you had. I was about to paste the example because that's what I do faced with this kind of problem. :)

Also, nice seeing you here, we chatted previously about openpgp social proofs (now replaced by keyoxide.org) 👋 ✏

> Does anyone know how would I retrieve the contact addresses for XEP-0157? I want to contact some ops about spam before blocking their domains. There's a bot in Schrödingers.

thndrbvr: acme.sh for renewing LE certs

Wiktor: ah I thought I recognised your display name but didn't want to assume you were the same person ;) It's nice to see you as well :)

I added info about abuse reports to my wiki here: https://docs.nixnet.services/XMPP/Hosting

great, thanks for the reference 🙂

i seem to recall there was some XMPP uptime monitor not so long ago. Is it a thing?

There was one at Conversations.im, don't know whether it's still alive.

If you mean the compliance thing it's still up

thanks to you both. No, I didn't mean the compliance tester.

does anyon know of any IM service, interoperable or siloed, free or paid, which declares any guarantees about *durability (persistence)* of your conversations archive?

https://the-federation.info/ perhaps?

About uptime and stuff I mean.

andrey.utkin, have you heard of XMPP

thndrbvr, i don't see where. also that website itself doesn't store any user data, right?

moparisthebest, sorry, i don't understand. What are you trying to say?

No user data, just data about servers.

andrey.utkin: I think conversations.im gives you unlimited history

i am interested in guarantees against corruption or loss of the history. Because shit happens over time.

my explanation to me not seeing it is currently this: in freedom-centric services there's no substantial paid services so making schemes around reimbursement don't make sense; in the walled gardens the users are the product and not the customer, so again any guarantees to them don't make sense.

If you're super concerned about archiving chats, I'd look into something like SyncThing or NextCloud or MEGA to backup your data.

What are you looking to do exactly? Host your own chat server for yourself and your peers? Or just join someone else's network?

i'm interested in LARPing an "sysop making economically sensible spending on data durability"

it's LARP because it's for engineering practice and not for real revenue; still i am looking into making up sort of SLA

Live Action Role Playing?

and what i'm seeing there's not much of a precedent for user data durability guaranteeing

yes. i am using it loosely, as in "encrypted email is LARP security"

I think the thing about libre software is that it's smaller entities with limited amounts of resources that either don't want the responsibility, don't see the need, or don't want to make promises that can't easily be kept. Users generally either want only a fairly recent amount of conversation + file history, want it to be ephemeral, or will log their own.

andrey.utkin: I'm saying you can make your XMPP server as durable as you wish and have money for

Persist it to stone tablets if you want

Mine is on a btrfs raid host with backups which is pretty overkill already

i would use own server in RAID1. text storage based. and daily backups to a cloud - storage provider if i would need that kind of security. Or 10 min btrfs snapshot backups if tinfoiling is max. 🙂

Ya, server is in my possession

Keep your data in sight

what I actually do is RAID 1 and weekly backups of stuff.(also containing the xmpp stuff) to a raspberry PI with HDD in annother house

Nice, mines all one big server right now, everything docker behind traefik. Raid 1 btrfs

But I do have an rpi sitting around. What server do you run on it?

debian stable

I mean xmpp server

prosody

Nice, I was thinking of testing Snicket on this one

Haven't checked for arm support yet

of course it has 🙂 its made for it. ...Snicket = small family server.. everything else is overkill

Very cool, I've only just noticed it

I like that prosody does multiple vhosts though

I think snikket does not yet

ARM is the 3rd most popular arch https://popcon.debian.org/

> I think snikket does not yet

it will not later

I send btrfs snapshots to a server I wol at another house nightly

more btrfs users than i thought

Raid is needed so service continues when hard drives inevitably die, but it's not a replacement for backups

*So say we all*

ok, enough spam here (sorry @all) .. ---> conversations-offtopic-reloaded@conference.trashserver.net more spam there...