-
Sam
rozzin: added a screenshot to the readme; thanks for the prompt.
-
rozzin
Sam: excellent—but for bonus points you should have used a screenshot of our conversation here debating the value of screenshots 😜
-
rob
Ya that would be awesome lol
-
Sam
It's still too early for that, I'm ashamed to say. MUC support is next on my list though. Once that's done it will more or less have the features of my current daily driver (at least, the ones I use), then hopefully it will be easier to squash bugs and what not as I'll be using it full time.
-
andrath
So, any news on the Apple/iOS front, besides snikket? I've heard XMPP clients are in a bit of a miserable state on that contingent. iOS needs a client like Conversations
-
andrath
Comunique looks nice, although I like poezio better though, especially since it gives a low-treshold way to connect to XMPP
-
andrath
poezio: https://github.com/poezio/poezio
-
rob
> So, any news on the Apple/iOS front, besides snikket? I've heard XMPP clients are in a bit of a miserable state on that contingent. iOS needs a client like Conversations I hear siskin is alright
-
andrath
I heard OMEMO is terrible on Siskin
-
rob
It seems fine to me, in not using it but I've of my friends is. We use 1 to 1 and group omemo just fine✎ -
rob
It seems fine to me, I'm not using it but one of my friends is. We use 1 to 1 and group omemo just fine ✏
-
andrath
right now there's no good client on iOS that implements all the XEPs correctly, e.g. video calling etc
-
rob
I haven't tried video calling yet, but I can test and let you know
-
andrath
I've been impressed with movim though
-
andrath
had a call with a mate, he was on Conversations, and I was on movim, and all worked fine
-
andrath
(I host movim on my own server btw)
-
rob
Nice, I tried the public hosted version before. Pretty cool. I host prosody and conversejs for web chat
-
andrath
I have conversejs on my prosody as well, I have some folks that like conversejs, and I keep it for them
-
andrath
I've actually donated to the movim project because I was impressed how well their WebRTC implementation of videocalling works
-
andrath
impressive work needs to be rewarded of course
-
andrath
I used to be a complete IRC buff, but I do like XMPP a lot more. It's a mature standard, and I just love how the federation works (e-mail like)
-
Ellenor Bjornsd.
I like both
-
andrath
Oh, don't get me wrong, I love IRC. It scales so well
-
andrath
protocol simplicity is very nice as well
-
andrath
you can telnet into an IRC server and have a somewhat useable experience :P
-
andrath
I would not recommend typing out stanzas into an XMPP server ;)
-
andrath
(I've tried, with varying levels of success)
-
andrath
well, that's what clients are for :)
-
thndrbvr
> andrath wrote: > So, any news on the Apple/iOS front, besides snikket? I've heard XMPP clients are in a bit of a miserable state on that contingent. iOS needs a client like Conversations https://monal.im/ FOSS✎ -
thndrbvr
> andrath wrote: > So, any news on the Apple/iOS front, besides snikket? I've heard XMPP clients are in a bit of a miserable state on that contingent. iOS needs a client like Conversations https://monal.im/ libre licensed & found wherever iUsers find software ✏
-
andrath
I haven't heard good things about monal either. The apple ecosystem needs a client like conversations that is well implemented.
-
Licaon_Kter
andrath: you can't since Apple sets the limitations. Siskin can do OMEMO MUC and A/V calls Monal will do OMEMO MUC soon™ and A/V after that Snikket is in beta, but it's Siskin+QOL updates
-
MattJ
The big caveat for Siskin/Snikket is that push notifications are not reliable on most servers
-
MattJ
Something everyone wants to change, but it hasn't happened yet
-
andrath
That's a conundrum 😒
-
Licaon_Kter
MattJ: while I agree with the XSF CoC, I didn't agree with matrix.org's ToS and Policies, so until matrix.org bots that copy all these discussions to their server are gone from here... I'll be out...Cheers
-
Steven Roose
What's QOL stand for?
-
Trbl
quality of life?
-
Licaon_Kter
Anyone impacted? https://mattermost.com/blog/securing-xml-implementations-across-the-web/
-
Licaon_Kter
Trbl, Steven Roose: yup
-
MattJ
I still don't really understand that vulnerability
-
MattJ
The quotes shouldn't matter if the stuff between them is escaped
-
mjk
They say 'It turns out parsing XML is hard' and then the problem is the serializer that forgot to escape a " in a string?
-
MattJ
I'm wondering if entities aren't allowed in this location, hence the need to use the right surrounding quotes
-
MattJ
In any case, DTDs are forbidden in XMPP and never generated, so it seems everyone would be safe
-
Sam
That was part of this particular issue, some of the other libraries they looked at had different issues with entities being allowed in the wrong place, or extra attributes getting inserted that could potentially change the namespace, for example (which would indeed be a security vulnerability)
-
mjk
Sorry, didn't read in full and jumped to conclusions
-
Martin
Sam: > 24.08.21 17:52:38 - mdosch.de: Establishing a secure connection from mdosch.de to gopher.chat failed. Certificate hash: 8732608671bfe2b8094c30139ba1c9e67e7f912946aa6395e00c674a2720c0df. Error with certificate 0: certificate has expired.
-
Sam
*sigh* I hate servers, this is why I tell everyone that they should stop self hosting things.
-
Sam
I'll go look and see what went wrong, thanks.
-
Sam
oh, no, same as last month, prosody doesn't automatically pick up cert changes.
-
jonas’
systemctl reload?
-
Martin
Huxx: I get a timeout for jabbers.one
-
Sam
Try now?
-
Martin
Sam: works!
-
Martin
BTW, have you heard of observe.jabber.network? :D
-
Sam
Yes, I think one of my domains is signed up, but I don't think I've ever gotten any alerts from it
-
Martin
Afaik it should remind you 7 days prior to a cert expiry.
-
Sam
(well, not since early on when I got a bunch of false positives ¯\_(ツ)_/¯)
-
Huxx
Martin: yes saw it in my Monitoring. But thanks. 😉
-
Sam
Might not be one of the domains on this server, I can't remember
-
jonas’
(I can tell you if you like ;))
-
Sam
jonas’ yah, that would be great; if you wanted to add gopher.chat and mellium.chat too that would be nice
-
jonas’
mellium.chat✎ -
jonas’
mellium.chat is already added ✏
-
jonas’
I can add gopher.chat
-
Sam
huh, that should have been on the same system/schedule as far as renewing certs goes, so no idea why it's never triggered. I know last month at least it expired too
-
jonas’
I don't keep logs further than 14d unfortunately
-
Sam
This happens every month because this setup is stupid but I couldn't figure out a better way to make lets encrypt work, so it will likely happen again. I'll try to remember next time to ask you to look
-
me9
I saw monitor.chat today. How's that?
-
Huxx
Its online again. Must be something with the db. At sunday night its cleaning the db. The next 2 days always problems at the same time, when many ppl connect.
-
Huxx
Im using a free Account at uptimerobot. They also have an app which inform you when Services are down
-
Sam
Hmm, since I have no other way to do this I wonder if it's bad somehow to just call 'loop (wait_on -w "cert"; restart prosody)' in the shell, background it, and forget about it until it breaks or I find a better way to manage this machine
-
Licaon_Kter
Was watching certs renew today, everything seemed fine...but no certs... Run manually...long verbose log, no big ERROR to explain... Ok, take log line by line... was asking cert for a subdomain without DNS entry ( pubsub.mydomain.tld is not needed right?) and that was failing hence while it did not stop to try for others it didn't create the cert ofcourse.
-
Sam
Does reloading prosody reload the certs as well or just the config?
-
Martin
I have `reload_modules = { "groups", "tls", "firewall", "version" }` in my config.
-
Martin
But that is an extra module.
-
jonas’
Sam, nowadays it should reload the certs, too
-
moparisthebest
I just restart prosody on cert changes, not reload
-
moparisthebest
When in doubt: hammer 🔨
-
Licaon_Kter
moparisthebest: and that doesn't break MUC reconnections for Conversations?
-
moparisthebest
Don't think so, regardless it's 4 times a year
-
jonas’
Licaon_Kter, only affects remote clients, may be irrelevant for a friends&family server
-
jonas’
Licaon_Kter, also modern prosody persists MUC state actually
-
jonas’
so a restart won't lose anything there
-
Licaon_Kter
jonas’: ejabberd, affects remote MUCs only So I should ask for persistent things in ejabberd too? :)
-
Licaon_Kter
> Don't think so, regardless it's 4 times a year I restart mare often as I build from git :)✎ -
Sam
``` while : do wait_on -w /usr/local/etc/prosody/tls service prosody reload done ``` Welp, we'll find out next month if this is working because I'm too lazy to do anything else.
-
Licaon_Kter
> Don't think so, regardless it's 4 times a year I restart more often as I build from git :) ✏
-
rob
I just restart one a month
-
rozzin
andrath: > I haven't heard good things about monal either. The apple ecosystem needs a client like conversations that is well implemented. I have friends using Monal since the last major release, and it seems fine so far, AFAICT.
-
Sam
I just restart once a month too, except every single month where I forget :)
-
rozzin
At least they can receive messages without having to jump through hoops.
-
rob
> I just restart once a month too, except every single month where I forget :) Same lol
-
rob
I might finally just add another Cron task
-
rob
What's missing to get notifications working properly for iOS?✎ -
rob
What's missing to get push notifications working properly for iOS? ✏
-
Licaon_Kter
rob, 1:1 already should be fine, MUCs are...tricky... MattJ can tell..✎ -
MattJ
Define "properly"
-
Licaon_Kter
rob, 1:1 already should be fine, MUCs are...tricky... MattJ can tell...the Prosody side at least ✏
-
moparisthebest
Sam, rob , when I said "I restart every 3 months" I meant my cronjob, using acme.sh here :)
-
moparisthebest
I would never remember to do it myself
-
rozzin
moparisthebest: personally I'm going to remind myself to reload my Let's Encrypt certs by following Leonard Shelby's example and getting a tattoo on my hand, reading "remember Sam Whited"....
-
rozzin
Some time ago I considered just setting up a cron job to reload..., but decided against it because I was afraid of having a reload happen while I was in the middle of editing my config file...
-
rozzin
Could write the cron job to check for "config file not edited since last reload", but I just wasn't up for that at the time.
-
Sam
I don't know exactly when mine renews so I figured a cron job would just get out of sync
-
rozzin
Just run it daily..., and then you're OK until Let's Encrypt shortens their expiry period to < 24 hours?
-
rozzin
I actually should just get ejabberd hooked into Let's Encrypt directly, since apparently that's an option....
-
Sam
That's a good point
-
rozzin
Sam: I think there are some hooks on the ACME clients like certbot also, depending on which you're actually using...
-
Sam
I'm using caddy, it doesn't have one
-
Menel
I didn't follow the whoe discussion, but don't you just use a hook script after a cert renew that takes care of the reload and whatever you need?
-
Sam
The thing I'm using doesn't have one.
-
Menel
Ah. Interesting. Oups didn't read the last two messages that tell exactly that already, sorry 😀
-
rob
I think prosody will soon reload certs, might be in trunk but I forget.
-
rob
I might also be way wrong, but I seem to recall someone saying that in the prosody room
-
Holger
I don't quite get it. If you have a Cron job to run some `renew-cert` command, is it somehow problematic to turn it into `renew-cert && reload-daemons`?
-
Holger
Ahh, seems Caddy is an entire web server with built-in ACME support.
-
rob
I don't have one for renewing certs, traefik magic
-
Holger
I see.
-
Holger
So the problem is you guys are using solutions which make things easier, which makes easy things complicated 😜
-
Holger
rozzin: Would probably not be too hard to add a call for reloading certificates without reloading the configuration …
-
rob
Ya, _but_ as they renew with close to 30 days before expiry you could reload prosody twice a month or even every three weeks and always have a valid cert loaded
-
Holger
Yeah.
-
rozzin
Holger: there are... a surprisingly large number of ACME clients at this point..., and within that set there are a surprisingly large number with delusions of grandeur. And that's not even getting into the "everything that _uses certificates_ is starting to _be its own ACME client_" trend that (I guess) leads people to think "well, I have this one thing that's already doing ACME to manage certificates for itself, why not just have it also manage certificates for everything else that doesn't know how?".
-
rob
Ya like how I have to use a script to dump certs from my acme.json for mail and prosody because that came after the rest of the server