-
Martin
edhelas: > Establishing a secure connection from mdosch.de to movim.eu failed. Certificate hash: a4fe17a41ff7da2c00332647fbc96fb82d42f1f1e4be504fe01456253c76c9cf. Error with certificate 0: certificate has expired.
-
Sam
Hi all! Reminder that the XMPP office hours are tomorrow! I'll be showing off the new Open Collective and talking about the XSF's new role as a fiscal host if anyone is interested (I think this sort of fiscal hosting may be of particular interest to server operators who have to pay for equipment and what not): https://wiki.xmpp.org/web/XMPP_Office_Hours
-
ernst.on.tour
OMG... :shock: Harden your servers, WA/FB/Insta are down, where will all the lost souls take down ? Sorry for german: https://www.n-tv.de/22846205 😂😂😂
-
Licaon_Kter
ernst.on.tour: the last paragraph is so wierdly put there... whisleblower blew away their servers?
-
ernst.on.tour
Whisleblower was offer information that profit is more important then security
-
ernst.on.tour
Have nothing todo with breakdown
-
ernst.on.tour
Seems to be a DNS-problem/missconfigure
-
Licaon_Kter
Yes, but "a day ago" seems important' but WaPo files are weeks old...so?
-
Licaon_Kter
Exactly
-
rozzin
So is Let's Encrypt going to just stop producing chains that reference the expired DST Root CA X3 at some point?
-
ru_maniac
don't think so they've left it there for a specific reason: to keep devices on Android running versions lower than 7.1.1 supported
-
rozzin
Except... it's expired, so... how does that work at this point?
-
ru_maniac
it's a "feature" of Android -- its old versions, to be exact
-
rozzin
I guess I need to actually read https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
-
ru_maniac
old versions are not checking validity of a root CA
-
ru_maniac
so until the intermediate CA is valid, end-user certs will be as well
-
rozzin
> This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors.
-
ru_maniac
correct
-
rozzin
Wild--I was definitely not expecting that.
-
ru_maniac
well, this has no effect on most of the OSes out there, since they are actually checking for "notAfter" validity of a trust anchor
-
ru_maniac
and Android versions lower than 7.1.1, I would imagine, are out of the scope of any kind of certificate tampering attacs
-
ru_maniac
*attacks
-
zp1.net
Facebook.com is for sale.
-
Licaon_Kter
How cheap?
-
Finn
Pointing that domain to some IP would be like a huge ddos attack I guess..
-
Martin
https://arstechnica.com/information-technology/2021/10/facebook-instagram-whatsapp-and-oculus-are-down-heres-what-we-know/#p3 > Many Internet commenters also mistakenly believe that the Facebook.com domain itself is "up for sale by a private third party"—but this is only due to poorly coded online tools designed for domain buyers and speculators. Facebook is its own domain name registrar—and Registrarsafe.com is also offline, as it shares infrastructure with the rest of Facebook.
-
sam
g'day folks. if im in canada,should renting a vps in europe be avoided due to latency or is that something that doesn't matter with modern internet connections?
-
sam
I plan on making frequent voice/video calls with my xmpp server.
-
zp1.net
Martin: boring :))))
-
zp1.net
sam: calls are phone to phone.
-
sam
Ah, neat.
-
rob
I use a server in the states for ingres to my server at home in Canada, and another on the opposite cost for turn/stun. All with no issue
-
rob
I would wager Europe won't have a huge difference, especially with most vps having gigabit
-
Licaon_Kter
> sam: calls are phone to phone. If phones have external IPs But, they might not, so you'll need a TURN server anyway.
-
sam
I'm just using snikket, and I believe it has a TURN server integrated. I could be wrong.
-
Licaon_Kter
Check yo' docker :)
-
rob
Snicket is great
-
rob
I'd be running it if I wasnt such a dork
-
sam
I was gonna run prosody, but a bunch of friends recommended snikket. why tinker and configure when snikket is setup with every feature i want out of the box. :)
-
Menel
But phone to europes turnserver to phone might be with a huge delay. Im from Europe, and talking to my brother in south America via conversations was not so easy.
-
zp1.net
sam: i was gonna run prosody ... but then i got high
-
sam
😂️
-
rob
Exactly
-
rob
I only run it because I wanted multiple vhosts and I like to control all the things
-
sam
Menel, ah see this is what I'm looking for
-
arcseconds
I am also pretty sure Snikket has a TURN server incorporated - the firewall page definiteoy says to open ports for it, anyway...
-
Menel
It has
-
rob
I'd share mine with a fellow Canadian 😊
-
sam
how does that work?
-
rob
I can give you the domain, port and secret. You can configure your instance to use it instead
-
zp1.net
My room is still messed up and i know why.. Cuz i got snicket cuz i got snikket
-
rob
If you find there too much lag
-
rob
Want to test?
-
sam
At the moment the server is in the united states
-
sam
and honestly i dont want to touch snikket :/
-
rob
Oh I see, just looking at future options
-
sam
future options, exactly. :)
-
rob
Ya it works great as is
-
sam
as much as I'm comfortable playing around with my server, I hate docker and prosody scares me
-
rob
I put everything in docker, why I don't know
-
rob
But I find it easier
-
arcseconds
Snikket is trying to be a turn-key system, with minimal configuration.
-
rob
I do run a lot of services in one machine though, not sure how many. But dozens at least
-
sam
I love docker as a concept, but I've never sat down to learn it, so whenever I use it I just run the command and close my eyes, pretend it doesn't exist
-
sam
whatever is happening in that container is somebody elses issue
-
Ellenor Bjornsd.
mmm
-
arcseconds
sam: that's kind of the idea with Snikket as far as I understand it. If you want to care about what's happening in the Snikket container Snikket isn't for you, probably.
-
Ellenor Bjornsd.
I just install things in the root jail
-
arcseconds
sam: but then you're back with the complexity of scary Prosody :-)
-
arcseconds
(other xmpp servers are available)
-
Ellenor Bjornsd.
ejabberd is explosively complex ;-;
-
Ellenor Bjornsd.
just use prosody if you don't have performance requirements
-
arcseconds
for my fairly basic requirements I have found them both about as bewildering as one another.
-
arcseconds
which isn't too terribly bewildering, I've found other things far more so... perhaps I'm getting better at this stuff though
-
sam
I'm just hearing "use snikket" :P
-
rob
Ya, use it. If you ever need to use prosody you will know.
-
sam
👍️
-
Link Mauve
rob, Canada-France still amounts to 70~90ms, it isn’t negligeable.