XMPP Service Operators - 2021-10-04


  1. Martin

    edhelas: > Establishing a secure connection from mdosch.de to movim.eu failed. Certificate hash: a4fe17a41ff7da2c00332647fbc96fb82d42f1f1e4be504fe01456253c76c9cf. Error with certificate 0: certificate has expired.

  2. Sam

    Hi all! Reminder that the XMPP office hours are tomorrow! I'll be showing off the new Open Collective and talking about the XSF's new role as a fiscal host if anyone is interested (I think this sort of fiscal hosting may be of particular interest to server operators who have to pay for equipment and what not): https://wiki.xmpp.org/web/XMPP_Office_Hours

  3. ernst.on.tour

    OMG... :shock: Harden your servers, WA/FB/Insta are down, where will all the lost souls take down ? Sorry for german: https://www.n-tv.de/22846205 😂😂😂

  4. Licaon_Kter

    ernst.on.tour: the last paragraph is so wierdly put there... whisleblower blew away their servers?

  5. ernst.on.tour

    Whisleblower was offer information that profit is more important then security

  6. ernst.on.tour

    Have nothing todo with breakdown

  7. ernst.on.tour

    Seems to be a DNS-problem/missconfigure

  8. Licaon_Kter

    Yes, but "a day ago" seems important' but WaPo files are weeks old...so?

  9. Licaon_Kter

    Exactly

  10. rozzin

    So is Let's Encrypt going to just stop producing chains that reference the expired DST Root CA X3 at some point?

  11. ru_maniac

    don't think so they've left it there for a specific reason: to keep devices on Android running versions lower than 7.1.1 supported

  12. rozzin

    Except... it's expired, so... how does that work at this point?

  13. ru_maniac

    it's a "feature" of Android -- its old versions, to be exact

  14. rozzin

    I guess I need to actually read https://letsencrypt.org/2020/12/21/extending-android-compatibility.html

  15. ru_maniac

    old versions are not checking validity of a root CA

  16. ru_maniac

    so until the intermediate CA is valid, end-user certs will be as well

  17. rozzin

    > This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors.

  18. ru_maniac

    correct

  19. rozzin

    Wild--I was definitely not expecting that.

  20. ru_maniac

    well, this has no effect on most of the OSes out there, since they are actually checking for "notAfter" validity of a trust anchor

  21. ru_maniac

    and Android versions lower than 7.1.1, I would imagine, are out of the scope of any kind of certificate tampering attacs

  22. ru_maniac

    *attacks

  23. zp1.net

    Facebook.com is for sale.

  24. Licaon_Kter

    How cheap?

  25. Finn

    Pointing that domain to some IP would be like a huge ddos attack I guess..

  26. Martin

    https://arstechnica.com/information-technology/2021/10/facebook-instagram-whatsapp-and-oculus-are-down-heres-what-we-know/#p3 > Many Internet commenters also mistakenly believe that the Facebook.com domain itself is "up for sale by a private third party"—but this is only due to poorly coded online tools designed for domain buyers and speculators. Facebook is its own domain name registrar—and Registrarsafe.com is also offline, as it shares infrastructure with the rest of Facebook.

  27. sam

    g'day folks. if im in canada,should renting a vps in europe be avoided due to latency or is that something that doesn't matter with modern internet connections?

  28. sam

    I plan on making frequent voice/video calls with my xmpp server.

  29. zp1.net

    Martin: boring :))))

  30. zp1.net

    sam: calls are phone to phone.

  31. sam

    Ah, neat.

  32. rob

    I use a server in the states for ingres to my server at home in Canada, and another on the opposite cost for turn/stun. All with no issue

  33. rob

    I would wager Europe won't have a huge difference, especially with most vps having gigabit

  34. Licaon_Kter

    > sam: calls are phone to phone. If phones have external IPs But, they might not, so you'll need a TURN server anyway.

  35. sam

    I'm just using snikket, and I believe it has a TURN server integrated. I could be wrong.

  36. Licaon_Kter

    Check yo' docker :)

  37. rob

    Snicket is great

  38. rob

    I'd be running it if I wasnt such a dork

  39. sam

    I was gonna run prosody, but a bunch of friends recommended snikket. why tinker and configure when snikket is setup with every feature i want out of the box. :)

  40. Menel

    But phone to europes turnserver to phone might be with a huge delay. Im from Europe, and talking to my brother in south America via conversations was not so easy.

  41. zp1.net

    sam: i was gonna run prosody ... but then i got high

  42. sam

    😂️

  43. rob

    Exactly

  44. rob

    I only run it because I wanted multiple vhosts and I like to control all the things

  45. sam

    Menel, ah see this is what I'm looking for

  46. arcseconds

    I am also pretty sure Snikket has a TURN server incorporated - the firewall page definiteoy says to open ports for it, anyway...

  47. Menel

    It has

  48. rob

    I'd share mine with a fellow Canadian 😊

  49. sam

    how does that work?

  50. rob

    I can give you the domain, port and secret. You can configure your instance to use it instead

  51. zp1.net

    My room is still messed up and i know why.. Cuz i got snicket cuz i got snikket

  52. rob

    If you find there too much lag

  53. rob

    Want to test?

  54. sam

    At the moment the server is in the united states

  55. sam

    and honestly i dont want to touch snikket :/

  56. rob

    Oh I see, just looking at future options

  57. sam

    future options, exactly. :)

  58. rob

    Ya it works great as is

  59. sam

    as much as I'm comfortable playing around with my server, I hate docker and prosody scares me

  60. rob

    I put everything in docker, why I don't know

  61. rob

    But I find it easier

  62. arcseconds

    Snikket is trying to be a turn-key system, with minimal configuration.

  63. rob

    I do run a lot of services in one machine though, not sure how many. But dozens at least

  64. sam

    I love docker as a concept, but I've never sat down to learn it, so whenever I use it I just run the command and close my eyes, pretend it doesn't exist

  65. sam

    whatever is happening in that container is somebody elses issue

  66. Ellenor Bjornsd.

    mmm

  67. arcseconds

    sam: that's kind of the idea with Snikket as far as I understand it. If you want to care about what's happening in the Snikket container Snikket isn't for you, probably.

  68. Ellenor Bjornsd.

    I just install things in the root jail

  69. arcseconds

    sam: but then you're back with the complexity of scary Prosody :-)

  70. arcseconds

    (other xmpp servers are available)

  71. Ellenor Bjornsd.

    ejabberd is explosively complex ;-;

  72. Ellenor Bjornsd.

    just use prosody if you don't have performance requirements

  73. arcseconds

    for my fairly basic requirements I have found them both about as bewildering as one another.

  74. arcseconds

    which isn't too terribly bewildering, I've found other things far more so... perhaps I'm getting better at this stuff though

  75. sam

    I'm just hearing "use snikket" :P

  76. rob

    Ya, use it. If you ever need to use prosody you will know.

  77. sam

    👍️

  78. Link Mauve

    rob, Canada-France still amounts to 70~90ms, it isn’t negligeable.