XMPP Service Operators - 2021-08-21

  1. anhydrous

    Ellenor Bjornsd.: Please don't spam operator muc. Thank you.

  2. Ellenor Bjornsd.

    rob: oh dear.. did i do a bad

  3. rob

    No not you

  4. Ellenor Bjornsd.


  5. muhammmad12


  6. MattJ

    Cut out the personal remarks you two

  7. rozzin

    I wonder if I should add XMPP service to my "social networking for dogs on the Internet" service. Do you guys suppose there's a ‘market’ for that?

  8. Licaon_Kter

    rozzin: they can woof at eachother via voice messages?

  9. rozzin

    Licaon_Kter: if I added XMPP, I guess they could.

  10. Ellenor Bjornsd.

    rozzin: Do your dogs use calls and stuff?

  11. rozzin

    Ellenor Bjornsd.: I guess that's basically what I'm asking, is "if I build it, will they come".... There's no XMPP service on wherethedogsare.com so far....

  12. Ellenor Bjornsd.


  13. mjk

    rozzin: not to answer your inquiry, but fyi your site seems to lack http->https redirect

  14. neox

    Hi fellow operators! As you may know, I am an operator of the chapril.org service. We are currently experiencing difficulties with some sporadic users using Blabber.im: unwanted invitations to private chat rooms. Have you ever noticed this? Does anyone have any idea what's causing the problem? (We use ejabberd on chapril.org)

  15. neox

    Precisely : they are invited again in a room where they were already.

  16. rozzin

    mjk: yeah, I guess it's been "finally time to do that" for maybe a couple of years now.... All of the `important parts' have been https-only since the beginning, but I initially left off the HTTP-level wholesale redirect because it made sites like that look _less secure_ and even resulted in people telling me "your website is _broken_" due to how browsers of the era all handled mixed-content warnings.

  17. rozzin

    Similar reasoning for why ejabberd made their example configuration block OMEMO....

  18. mjk

    So it's more complicated than I imagined :)

  19. rozzin

    Now, some day I might even make my XMPP server refuse s2s without TLS....

  20. MattJ

    Only 8 years late... https://xmpp.org/2013/11/xmpp-ubiquitous-encryption-a-manifesto/ :)

  21. rozzin

    mjk: This article gives some insight into how big (and longstanding) the issue was, and how the situation finally _started_ getting better in late 2015: https://arstechnica.com/information-technology/2015/10/chrome-finally-kills-off-the-http-https-mixed-content-warning/ (IIRC there was a more in-depth article titled something like "HTTPS is great, you should start using now so that we can eventually use it"... which I can't find right now. That was an important part of making Let's Encrypt actually viable/appealing when it finally launched the year after that.

  22. rozzin

    MattJ: *I know*... 😣️

  23. rozzin

    MattJ: the thing that I should really be ashamed of is that forcing TLS all the time was in actuality probably close to _infinitely more viable_ for XMPP in the 2013-2016 timeframe than it was for websites; but it was hard for me to let myself _believe that_ as while looking at the extent of the "trying to secure things just makes them look broken and more scary" breakage on the WWW.

  24. rozzin

    MattJ: having found this MUC actually goes a long way toward allaying those fears.

  25. Licaon_Kter

    neox: pitchum already posted in ejabberd right?

  26. mjk

    rozzin: ah yes, now I remember those half-suspicious, half-working https+http abominations. I was in 2013-2016 too! It just all seems _so far in the past_. Gotta read your link for perverse nostalgia

  27. neox

    Licaon_Kter: yes probably, didn't see

  28. neox

    We try to collect a maximum amount of information everywhere lol

  29. Licaon_Kter

    neox: let's wait for ejabberd devs thoughts

  30. Licaon_Kter

    MattJ: care to update https://prosody.im/security/advisory_20210722/ from "no release" to "latest fixes it"?