XMPP Service Operators - 2021-04-03

  1. thunder_

    Hello! :D

  2. thunder_

    For some reason it says my security cert is invalid or wrong but it's working and The Freaks Club XMPP works! I think I still have more to do but, progress is made.

  3. menel

    What server?

  4. menel

    https://chat.tfc.im/ ? Is not reachable from the browser.

  5. thndrbvr

    Nah, tfc.im is down for now.

  6. thndrbvr

    I've got a *.thefreaks.club AlphaSSL / GlobalSign cert. It's good until mid-June. Also, wth did you find tfc.im? Lol

  7. menel

    Search engine, found a website and from there a link.

  8. menel

    You posted > The Freaks Club XMPP works!

  9. thndrbvr

    I have to update all of that. Nearly forgot.

  10. thndrbvr

    I was using tfc.im for matrix but decided branding and promotion would be better to stick with thefreaks.club for everything. And, to wait until Dendrite is stable to bother with Matrix again.

  11. thndrbvr

    Hey, does there happen to be any PSI devs in here?

  12. thndrbvr

    PSI+ *

  13. menel

    You defently have a cert problem with you setup: https://www.xmpp.net/result.php?domain=thefreaks.club&type=client

  14. menel

    Dont really know what thst means.. The root ca is not trusted?

  15. menel

    unable to verify the first certificate

  16. thndrbvr

    My client told me the CA was unknown which I thought was odd because I've been using it on the website for nearly a year now with no problems in FF, Brave, or Epiphany. Maybe I have the config pointing to one of the wrong files?

  17. menel

    Xmpp.net says the same but the cert chain is there.. So I don't know. Or is there another intermediate between your cert and AlphaSSL CA - SHA256 missing?

  18. thndrbvr

    Just switched something. Checking logs

  19. thndrbvr

    Just want to double check, X509 = key and PKCS7 = certificate, right?

  20. thndrbvr

    Just went back to the stores site to "get certs" and those are the two text-walls it shows me.

  21. thndrbvr

    I do believe AlphaSSL is the intermediate CA.

  22. menel

    No idea. I thought X509 is how you get certs and PKCS7 is the storage format.. But I know nothing of it.. I just use let's encrypt πŸ˜…

  23. thndrbvr

    Yeah... I got this wildcard for $40 last year. I figure

  24. thndrbvr

    I figured* at the time it'd be easier to just have that one for a full year rather than play around with LE every 60-89 days or learn how to write a script to auto-renew.

  25. thndrbvr

    Maybe because I reissued them these ones are no good? I had an issue before which is why I reissued in the first place.

  26. thndrbvr

    Also, I'd set up DNSsec but I'm afraid I'll irrevocably mess everything up. Once I know what I'm doing or find someone who does then I'll be glad to. Heh.

  27. ernst.on.tour

    > .... or learn how to write a script to auto-renew. Just a single line in crontab isn't for real a script πŸ˜‰

  28. ooperator

    andrey.utkin: I think xmpp.love is a crawler

  29. Amolith

    Does anyone know how would I retrieve the contact addresses for XEP-0157? I want to contact some ops about spam before blocking their domains.

  30. Wiktor

    Amolith: XML console, eg. Gajim

  31. Wiktor

    Also may be relevant https://github.com/JabberSPAM/blacklist

  32. Amolith

    Yep, I'm contacting the addresses not listed there before opening an issue

  33. Amolith


  34. Wiktor

    Now That I think about it the blacklist repo could contain instructions on how to contact

  35. Wiktor

    Also the name... So not 2021 now ;)

  36. Amolith

    I have no idea how to use this console πŸ˜…

  37. Licaon_Kter

    Amolith: put XML because that's what youwdo :))

  38. Licaon_Kter

    Amolith: put XML because that's what you do :))

  39. Amolith

    Well yes but I don't know what to write :P

  40. Amolith

    Ah I think I got it. There's an example query on the XEP's page

  41. Wiktor

    Amolith: exactly. If it doesn't work paste what you had. I was about to paste the example because that's what I do faced with this kind of problem. :)

  42. Wiktor

    Also, nice seeing you there, we chatted previously about openpgp social proofs (now replaced by keyoxide.org) πŸ‘‹

  43. Wiktor

    Also, nice seeing you here, we chatted previously about openpgp social proofs (now replaced by keyoxide.org) πŸ‘‹

  44. Martin

    > Does anyone know how would I retrieve the contact addresses for XEP-0157? I want to contact some ops about spam before blocking their domains. There's a bot in SchrΓΆdingers.

  45. moparisthebest

    thndrbvr: acme.sh for renewing LE certs

  46. Amolith

    Wiktor: ah I thought I recognised your display name but didn't want to assume you were the same person ;) It's nice to see you as well :)

  47. Amolith

    I added info about abuse reports to my wiki here: https://docs.nixnet.services/XMPP/Hosting

  48. Wiktor

    great, thanks for the reference πŸ™‚

  49. andrey.utkin

    i seem to recall there was some XMPP uptime monitor not so long ago. Is it a thing?

  50. Martin

    There was one at Conversations.im, don't know whether it's still alive.

  51. rob

    If you mean the compliance thing it's still up

  52. andrey.utkin

    thanks to you both. No, I didn't mean the compliance tester.

  53. andrey.utkin

    does anyon know of any IM service, interoperable or siloed, free or paid, which declares any guarantees about *durability (persistence)* of your conversations archive?

  54. thndrbvr

    https://the-federation.info/ perhaps?

  55. thndrbvr

    About uptime and stuff I mean.

  56. moparisthebest

    andrey.utkin, have you heard of XMPP

  57. andrey.utkin

    thndrbvr, i don't see where. also that website itself doesn't store any user data, right?

  58. andrey.utkin

    moparisthebest, sorry, i don't understand. What are you trying to say?

  59. thndrbvr

    No user data, just data about servers.

  60. Sam

    andrey.utkin: I think conversations.im gives you unlimited history

  61. andrey.utkin

    i am interested in guarantees against corruption or loss of the history. Because shit happens over time.

  62. andrey.utkin

    my explanation to me not seeing it is currently this: in freedom-centric services there's no substantial paid services so making schemes around reimbursement don't make sense; in the walled gardens the users are the product and not the customer, so again any guarantees to them don't make sense.

  63. thndrbvr

    If you're super concerned about archiving chats, I'd look into something like SyncThing or NextCloud or MEGA to backup your data.

  64. thndrbvr

    What are you looking to do exactly? Host your own chat server for yourself and your peers? Or just join someone else's network?

  65. andrey.utkin

    i'm interested in LARPing an "sysop making economically sensible spending on data durability"

  66. andrey.utkin

    it's LARP because it's for engineering practice and not for real revenue; still i am looking into making up sort of SLA

  67. thndrbvr

    Live Action Role Playing?

  68. andrey.utkin

    and what i'm seeing there's not much of a precedent for user data durability guaranteeing

  69. andrey.utkin

    yes. i am using it loosely, as in "encrypted email is LARP security"

  70. thndrbvr

    I think the thing about libre software is that it's smaller entities with limited amounts of resources that either don't want the responsibility, don't see the need, or don't want to make promises that can't easily be kept. Users generally either want only a fairly recent amount of conversation + file history, want it to be ephemeral, or will log their own.

  71. moparisthebest

    andrey.utkin: I'm saying you can make your XMPP server as durable as you wish and have money for

  72. moparisthebest

    Persist it to stone tablets if you want

  73. rob

    Mine is on a btrfs raid host with backups which is pretty overkill already

  74. menel

    i would use own server in RAID1. text storage based. and daily backups to a cloud - storage provider if i would need that kind of security. Or 10 min btrfs snapshot backups if tinfoiling is max. πŸ™‚

  75. rob

    Ya, server is in my possession

  76. rob

    Keep your data in sight

  77. menel

    what I actually do is RAID 1 and weekly backups of stuff.(also containing the xmpp stuff) to a raspberry PI with HDD in annother house

  78. rob

    Nice, mines all one big server right now, everything docker behind traefik. Raid 1 btrfs

  79. rob

    But I do have an rpi sitting around. What server do you run on it?

  80. menel

    debian stable

  81. rob

    I mean xmpp server

  82. menel


  83. rob

    Nice, I was thinking of testing Snicket on this one

  84. rob

    Haven't checked for arm support yet

  85. menel

    of course it has πŸ™‚ its made for it. ...Snicket = small family server.. everything else is overkill

  86. rob

    Very cool, I've only just noticed it

  87. rob

    I like that prosody does multiple vhosts though

  88. rob

    I think snikket does not yet

  89. menel

    ARM is the 3rd most popular arch https://popcon.debian.org/

  90. menel

    > I think snikket does not yet

  91. menel

    it will not later

  92. moparisthebest

    I send btrfs snapshots to a server I wol at another house nightly

  93. menel

    more btrfs users than i thought

  94. moparisthebest

    Raid is needed so service continues when hard drives inevitably die, but it's not a replacement for backups

  95. menel

    *So say we all*

  96. menel

    ok, enough spam here (sorry @all) .. ---> conversations-offtopic-reloaded@conference.trashserver.net more spam there...