XMPP Service Operators - 2021-05-16

Is there something I could buy or make and plug into a small UNIX computer that would give me a like 4+ real serial and parallel UARTs?

Something that works properly

Doesn't have weird current or voltage things being out of spec

As seems to be the case with just plugging a bunch of usb serial converters in

And the FULL rs232 and parallel spec

DTR, FC, CTS, OL not just RX, TX, and VCC

Also let me know if there's some integrated circuit i could get as well

Blah, matricks.

What happened an

Anhydrous:

?

Bloated database, slow speeds, subpar user experience. I set up a prosody server instead of matrix, on a temporary basis and it just whips matrix' arse.

Oh

I thought you were going to complain about matrix.org coming on one of your mucs and barfing control codes and malformed xml all over your chats

Which happens

They also inject advertisements into nicks

And route everything through clownflare

> I am, although I'm not exactly sure why it I'm having trouble. > The clients negotiate fine but fail during connection. Does anybody know why this would happen during a videocall on a server that has turn/stun?

» <Anhydrous> Bloated database, slow speeds, subpar user experience. typical of webshit

just throw cloudflare on it. make it go real fast (sarcasm)

tom: > Does anybody know why this would happen during a videocall on a server that has turn/stun? Your client and server logs should know?

the quality oft the logs is the difference between good software and excellent software.

> I thought you were going to complain about matrix.org coming on one of your mucs and barfing control codes and malformed xml all over your chats > Which happens > They also inject advertisements into nicks > And route everything through clownflare I wanted to keep things xmpp oriented. My hate of matrix is beyond a healthy level

Matrix Hate / Warnings) They will send DDoS attacks to your servers and block social media accounts) I'm NOT saying that these are specifically "THESE DEVELOPERS". I say that harsh criticism of The Matrix in general is as easy to get DDoS similarly as may rain tomorrow. Incidents like these are common occurrences. Overall, I have about 9 incidents ( 6 Blocks and 3 DDoS attacks.) when discussing about Matrix

The same idiotic guys the same idiotic harassment , nothing changed in 30 years? but 30 years ago they called it iirc, now they call it matrix

Overall, I was more critical of the Matrix earlier when they lobbied the Matrix "like an enhanced XMPP".

today they have avatars with covid masks. :)))

😳

Covid is real. It is horrible. Wear a mask and get vaccinated.

(And then, wear a mask some more)

Yep

Use xmpp to communicate with family and friends

>Overall, I was more critical of the Matrix earlier when they lobbied the Matrix "like an enhanced XMPP". The "advanced XMPP 2.0"(Matrix) at that time used 9 GB of RAM for 50 online users. Thanks for recommendation, but better without such improvements. Now The Matrix has does not use the "Strategy comparison with XMPP" therefore, less often have to answer questions.

Hmmm, at least Matrix seems to track coverage of social media and felt to have Matthew answer to my blog post: https://blog.windfluechter.net/2021/05/01/the-fediverse-what-about-ressources/#comment-2159

That's cool that mail cow includes ejabberd now ✏

yup

ij: Matthew monitors the entire world wide web for Matrix comments, I think 🙂

Holger, yeah… and a colleague seems to be a friend of him (at least they seem to know each other)

small world

Is everyone ok? https://njal.la/blog/hijack/

That's part of the risks when you choose not to be the owner of your own domain > These situations are unfortunately more or less out of our hands. So what's their job? Covering 100% of risks is not always possible but not anticipating such scenarios show how serious it is.

(this could also happen directly to your registrar, but internal audit _should_ be better than managing different external entities)

Thankyou 404.city

» <404.city> >Overall, I was more critical of the Matrix earlier when they lobbied the Matrix "like an enhanced XMPP". » The "advanced XMPP 2.0"(Matrix) at that time used 9 GB of RAM for 50 online users. Thanks for recommendation, but better without such improvements. Now The Matrix has » does not use the "Strategy comparison with XMPP" therefore, less often have to answer questions. I remember their website having a whole list about how they were so much better than XMPP instead of just hunkering down and implementing things like stream management

» <Holger> ij: Matthew monitors the entire world wide web for Matrix comments, I think 🙂 how do you do that?

tom: #hashtags

When you say word wide web, do you really just mean your fediverse instance then?

Fedi, Twitter, HN

Well

There's at least two reasons why your getting ddoses

The twatter and hn crowd are pretty toxic

If you absolutely need hn, maybe look at lobste.rs

> twatter my fucking god, im copying that LOL

Old

but gold

(reminding gently about on-topicness)

on topic, if you haven't upgraded your prosody's, reminder that on thursday I'll release my trivial tool to bring them all down

but don't let that make you wait, I can't stress enough that anyone could write it, it's trivial

do you folks also get frequent hits on the STUN port?

xorman, yes

move to a different port, that seems to be good enough against this type of attack for now

thx. good old security thru obscurity never fails

also remember to take the secondary port (3479)

I guess it will fail at some point, unless it is important to the attacker that the response comes from 3478

3479 for what?

STUN is 3478 and 3479

make sure to change both, and to set them to be adjacent again

... and TURN?

TURN-the-negotiation-stuff happens over 3478/3479, actual data transfer happens over dynamically allocated ports

I don't have any 3479 set up

coturn does it by default

> on topic, if you haven't upgraded your prosody's, reminder that on thursday I'll release my trivial tool to bring them all down 😳

so if I change it to say 7777 will it use (7777 & 3479) or (7777 & 7778)?

I'm not using coturn so forget it

it's mod_stun_disco from ejabberd

rob: sorry but bad people likely already have their own

Ya I know, I'm actually going to create a new alpine based docker image just to use the edge repo and up to 0.11.9

Also upgrade that SSL lua package so cloud_notify_encrypted works again

rob: could use an Arch Linux docker base

Oh, is it more up to date?

I hadn't looked

working on it now 🙂

if debian gets the upgrade on the main repos then i will upgrade np

qrpnxz: main backports? Main main? Main security?

by main i mean the debian project repos

i happen to be on 11, but obv i hope that 10 users also gets such an important fix

alright i'm going to test my new image, wish me luck

gl

I'm trying to get ejabberd set up with multiple domains but I must have misconfigured something and I'm not sure how to correct it. At the moment, when a user registers with one domain, they receive accounts on all of them with the same username, password, profile, and roster. Is anyone able to point me in the right direction?

Voice and video chat also seem to be broken and the logs mention something about auth_realm being unset for STUN and falling back to one of the domains for auth but I'm not sure what to do about that either

am i alive?

nice

yes

new image is up at robjloranger/prosody for any who want it, repo with config notes is at gitea.loranger.xyz/rob/docker-prosody

Amolith: registers how? IBR? Web?

Licaon_Kter, either and both

and using ejabberdctl register etc

Amolith: not sure how is it that it gets account on all...

I can paste a redacted config if that would help

Amolith: the turn thing, you can ignore that realm thing afaik

Amolith: compare with mine, https://gist.github.com/df2af81dbd341837999a38502de79b89

qrpnxz: already in Sid so, soon™ :)

Epic 😎️

Licaon_Kter, why is this block included twice? Is it necessary for one to use TCP and the other to use UDP? https://gist.github.com/licaon-kter/df2af81dbd341837999a38502de79b89#file-ejabberd-yml-L70-L86

Yup, dunno the details now

One for UDP, one for TCP and one for tls

Well TLS is not used by webrtc for now, iirc

I don't think you need to add them again in mod_stun_disco if you are using the internal stun/turn server

ahh so many damn ports i need to forward in lxc

Licaon_Kter, it looks like you're using Mnesia and I'm trying to use MySQL. Do you know if that difference requires using a different database per-host or something?

Amolith: see `host_config` per host, separate your DBs there

Oh, not what you meant...

so they *do* need separate databases?

No, they can live in the same, using new_sql_schema

Which one did you use to setup the DB?

I would swear I used the new schema but it may have been the old one. Aside from going through command history, is there a good way to check?

https://docs.ejabberd.im/admin/configuration/database-ldap/#default-and-new-schemas

Look at the tables, you have `host` ?

I do not. Lovely

> Right now, only PostgreSQL database can be upgraded. time to drop some databases and redo things ;~;

If I'm successful, I'll be back shortly o/

Amolith: https://docs.ejabberd.im/tutorials/mysql/#title