-
anhydrous
Ellenor Bjornsd.: Please don't spam operator muc. Thank you.
-
Ellenor Bjornsd.
rob: oh dear.. did i do a bad
-
rob
No not you
-
Ellenor Bjornsd.
mew
-
muhammmad12
thanks
-
MattJ
Cut out the personal remarks you two
-
rozzin
I wonder if I should add XMPP service to my "social networking for dogs on the Internet" service. Do you guys suppose there's a ‘market’ for that?
-
Licaon_Kter
rozzin: they can woof at eachother via voice messages?
-
rozzin
Licaon_Kter: if I added XMPP, I guess they could.
-
Ellenor Bjornsd.
rozzin: Do your dogs use calls and stuff?
-
rozzin
Ellenor Bjornsd.: I guess that's basically what I'm asking, is "if I build it, will they come".... There's no XMPP service on wherethedogsare.com so far....
-
Ellenor Bjornsd.
=)
-
mjk
rozzin: not to answer your inquiry, but fyi your site seems to lack http->https redirect
-
neox
Hi fellow operators! As you may know, I am an operator of the chapril.org service. We are currently experiencing difficulties with some sporadic users using Blabber.im: unwanted invitations to private chat rooms. Have you ever noticed this? Does anyone have any idea what's causing the problem? (We use ejabberd on chapril.org)
-
neox
Precisely : they are invited again in a room where they were already.
-
rozzin
mjk: yeah, I guess it's been "finally time to do that" for maybe a couple of years now.... All of the `important parts' have been https-only since the beginning, but I initially left off the HTTP-level wholesale redirect because it made sites like that look _less secure_ and even resulted in people telling me "your website is _broken_" due to how browsers of the era all handled mixed-content warnings.
-
rozzin
Similar reasoning for why ejabberd made their example configuration block OMEMO....
-
mjk
So it's more complicated than I imagined :)
-
rozzin
Now, some day I might even make my XMPP server refuse s2s without TLS....
-
MattJ
Only 8 years late... https://xmpp.org/2013/11/xmpp-ubiquitous-encryption-a-manifesto/ :)
-
rozzin
mjk: This article gives some insight into how big (and longstanding) the issue was, and how the situation finally _started_ getting better in late 2015: https://arstechnica.com/information-technology/2015/10/chrome-finally-kills-off-the-http-https-mixed-content-warning/ (IIRC there was a more in-depth article titled something like "HTTPS is great, you should start using now so that we can eventually use it"... which I can't find right now. That was an important part of making Let's Encrypt actually viable/appealing when it finally launched the year after that.
-
rozzin
MattJ: *I know*... 😣️
-
rozzin
MattJ: the thing that I should really be ashamed of is that forcing TLS all the time was in actuality probably close to _infinitely more viable_ for XMPP in the 2013-2016 timeframe than it was for websites; but it was hard for me to let myself _believe that_ as while looking at the extent of the "trying to secure things just makes them look broken and more scary" breakage on the WWW.
-
rozzin
MattJ: having found this MUC actually goes a long way toward allaying those fears.
-
Licaon_Kter
neox: pitchum already posted in ejabberd right?
-
mjk
rozzin: ah yes, now I remember those half-suspicious, half-working https+http abominations. I was in 2013-2016 too! It just all seems _so far in the past_. Gotta read your link for perverse nostalgia
-
neox
Licaon_Kter: yes probably, didn't see
-
neox
We try to collect a maximum amount of information everywhere lol
-
Licaon_Kter
neox: let's wait for ejabberd devs thoughts
-
Licaon_Kter
MattJ: care to update https://prosody.im/security/advisory_20210722/ from "no release" to "latest fixes it"?