XMPP Service Operators - 2021-04-23


  1. tom

    If I made a XMPP server with an OpenNIC domain, how many of you would I not be able to communicate with, and of that how many/which of you would refuse to implement/resolve OpenNIC domains?

  2. Martin

    I don't know for my server. I didn't knowingly block something related.

  3. christian

    tom: try it.

  4. christian

    I never heard before of OpenNIC. But it sounds like a funny idea :)) i will take a look.

  5. tom

    christian: thanks

  6. menel

    The question is, what does Debian and prosody do by default? --> thats what determinates it..

  7. menel

    Is it depended on my default DNS server?

  8. jonas’

    yes

  9. tom

    menel: it's nothing to do with debian or prosody

  10. tom

    it's a matter of your recursive resolver configuration and perhaps system trust

  11. Martin

    Can you give us an example domain?

  12. moparisthebest

    you'd have to configure your server to resolve opennic domains, also that's not as easy as it used to be because some formerly opennic TLDs are now gTLDs too right ?

  13. Martin

    Sounds like a huge hassle for little gain.

  14. Martin

    Are this domains widely used?

  15. Martin

    Are these domains widely used?

  16. moparisthebest

    https://en.wikipedia.org/wiki/OpenNIC#OpenNIC_namespaces

  17. Martin

    Where's Holger? > Server-to-server connection failed: connection refused fu-berlin.de

  18. Licaon_Kter

    Can't contact him because...lol

  19. Martin

    Maybe he does digital detox and switched off the whole university server. πŸ˜‚

  20. jonas’

    :)

  21. Martin

    I need to tell him about o.j.n πŸ™ƒ

  22. menel

    jabber.fu-berlin.de is online

  23. menel

    (For me)

  24. Martin

    πŸŽ‰

  25. Holger

    Heh half my roster is asking. Don't think I've ever seen near as many complaints during a downtime :-)

  26. Holger

    Moved to a new file system. More room for catpics! (I don't ever expire them on that server.)

  27. moparisthebest

    built-in alerting, nice

  28. menel

    Everyone relies on you :-D

  29. Holger

    It's Friday afternoon, everyone is bored.

  30. Licaon_Kter

    Holger: aren't you breaking the _no deploys on friday_ rule?

  31. menel

    Then you have all the weekend time to fix everything again 😁

  32. rob

    Ya Friday is the best time

  33. rob

    Unless it's work, then Monday

  34. menel

    I always do my stuff on Saturday morning. So if it breaks I have time to fix it.. Because its not work but some teachers at school rely on it nevertheless to a point ..

  35. Martin

    Holger: You don't expire uploads? OMG, how much storage did you accumulate with all your students sharing catpics?

  36. mjk

    Catpics are sacred! Once copied, they shalt not be smitten

  37. octagon

    sudo duperemove -hdr /var/lib/ejabberd/upload

  38. Wiktor

    octagon: it'd be cool if the http upload spec indicated a way for the server to return get url *after* file upload. Thus one could deduplicate files (via hashes) at upload time :)

  39. moparisthebest

    Wiktor: different URLs don't imply not deduplicated

  40. moparisthebest

    But, fair :)

  41. Wiktor

    Yeah, one could symlink to the original file after upload or sth like that :)

  42. Martin

    Server could have a mapping and serve the very same file for different URLs I guess.

  43. Martin

    Symlinking sounds ugly.

  44. mjk

    Hardlinking!!1

  45. mjk

    But yes, identifying files by an SHA is more elegant

  46. moparisthebest

    symlink, hardlink, filesystem (btrfs/zfs/?) level de-duplication, the possibilities are endless

  47. mjk

    (Until sha du jour is broken in a way MD5 is)

  48. Martin

    Sending the hash first and don't upload the file if it already exists would also be nice but maybe overengineered.

  49. octagon

    Martin, that would allow users to enumerate existing files

  50. Martin

    Hmm, what would you gain from knowing this file is already on the server?

  51. mjk

    Martin: you could report it to the authorities!

  52. xorman

    using IPFS for storage is a mixture of all these things

  53. Martin

    So the authorities will know you also have 'illegal file'.

  54. ben

    dedup by sha hash would be super useful imo

  55. mjk

    Martin: right :D

  56. octagon

    just use btrfs, compress-force for all plaintext and executables, duperemove on cron/systemd timer for everything else

  57. ben

    is it possible to convert ext4 to btrfs in-place?

  58. mjk

    Martin: seriously though, it makes it easy for copyrats to rummage through your server in search of unauthorised copies

  59. moparisthebest

    ben, yes, but I haven't tried it https://wiki.archlinux.org/index.php/Btrfs#Ext3/4_to_Btrfs_conversion

  60. moparisthebest

    I use btrfs on everything though

  61. Martin

    > Martin: seriously though, it makes it easy for copyrats to rummage through your server in search of unauthorised copies I don't give them an account. πŸ™‚

  62. ben

    interesting

  63. octagon

    do *not* attempt ext-to-btrfs, it has been broken for years, it will immediately and irrevocable corrupt your partition

  64. ben

    thanks for the head's up

  65. ben

    i've not had issues with ext4

  66. Martin

    I'm not brave enough for anything else than ext4. Btrfs already annoyed me on my Jolla.

  67. octagon

    btrfs is well worth it

  68. moparisthebest

    I don't see such a warning here https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3/4_and_ReiserFS

  69. octagon

    moparisthebest, that page hasn't been updated since august 2018

  70. moparisthebest

    I've been using btrfs since ~2011, in that time, I had 1 problem with it that caused it to go read-only, had to copy files off to another FS, and ext4 corrupted-beyond-repair for read+write twice

  71. moparisthebest

    pretty good ratio :D

  72. moparisthebest

    also both those were caused by a shoddy PSU

  73. frog

    octagon: what's the one killer btrfs feature for me with my baby server with a single 2.5" HDD?

  74. moparisthebest

    frog, snapshots+backups with btrfs send/receive

  75. octagon

    checksumming, scrubbing, compression, and dedupe

  76. ben

    i do daily vm-level backups with proxmox-backup-server

  77. ben

    incremental backups via qemu qcow2

  78. octagon

    snapshots aren't backups imo

  79. menel

    > do *not* attempt ext-to-btrfs, it has been broken for years, it will immediately and irrevocable corrupt your partition That's wrong. Its just works, I used it years ago. Its very save and stable. Because you it will not even modify your ext4 and the old ext4 will remain a snapshot that you can even revert to

  80. mjk

    Martin: > I don't give them an account. πŸ™‚ But the http upload servers are publicly and anonimously accessible, so if there was no randomization or salting in the path, anyone could ask the server "do you have the file with this hash?". And salring is another can if worms

  81. octagon

    menel "years ago" I spent an hours stress testing it in a vm on 5.8, it is broken

  82. mjk

    Martin: > I don't give them an account. πŸ™‚ But the http upload servers are publicly and anonimously accessible, so if there was no randomization or salting in the path, anyone could ask the server "do you have the file with this hash?". And salting is another can if worms

  83. menel

    I suppose you did something wrong. And snapshot you send somewhere of course are backups

  84. octagon

    btrfs snapshot you send someone is a backup, bot ben mentioned qcow2 snapshots, which I don't think you can send

  85. frog

    What do you guys use snapshots for? I haven't found a great use for them. My laptop has btrfs, and I make a snap before sysupgrade. I currently use snapraid with a second HDD, which does checksumming and scrubbing. Now compression may be interesting, but what about overhead? Like I said, small servers, dual or quad core armv7 1GHz

  86. ben

    you can send them to other proxmox servers and restore them

  87. menel

    https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3

  88. rob

    My favorite is using btrfs raid and adding new drives, even mismatched sizes. It's great for slow upgrading storage

  89. Martin

    mjk: > Martin: > But the http upload servers are publicly and anonimously accessible, so if there was no randomization or salting in the path, anyone could ask the server "do you have the file with this hash?". And salting is another can if worms No one said the server should tell everybody. While uploading you say 'I'll upload file with hash xyz' and then the server tells you to upload or just gives you the get url if it already exists. No account on that server http-upload says 'forbidden, get lost'.

  90. octagon

    menel I won't argue, my experience is that conversion is broken and it is far safer to simply do it manually, and rsync the data to a new partition I strongly recommend anyone have a backup if the want to try the inplace conversion

  91. menel

    Ok, of course I don't know what went on with your test. But its just that this feature is not considered experimental and the web is not full with that it breaks all the time... I would strongly advise that too for important data. So far for me everything worked all the time and I had no issues with btrfs ever. (14TB raid 1) and some single ..

  92. mjk

    Martin: I mean, GETting is anonimous by design, so that any chat participant can see the catpic

  93. rob

    > So far for me everything worked all the time and I had no issues with btrfs ever. (14TB raid 1) and some single .. Ya it's been solid

  94. Martin

    > Martin: I mean, GETting is anonimous by design, so that any chat participant can see the catpic Yes, but the hash is not part of the get url so it won't work

  95. mjk

    Yep, I was only pointing out a potential problem _if_ the hash was the whole path

  96. Wiktor

    > do *not* attempt ext-to-btrfs, it has been broken for years, it will immediately and irrevocable corrupt your partition I did that on a laptop 2 years ago and it worked without any issues. πŸ€·β€β™‚οΈ

  97. Licaon_Kter

    octagon: > I strongly recommend anyone have a backup if the want to try the inplace conversion That should be a given...