-
moparisthebest
rozzin: cockroachdb is just postgresql from your application's pov
-
moparisthebest
Supposed to be a drop in replacement
-
rozzin
moparisthebest: looks like "mostly drop-in" I guess https://github.com/processone/ejabberd/issues/3074
-
moparisthebest
wonder if any of those incompatibilities went away on the cockroachdb side since then, 2019 is basically the dark ages no ?
-
rozzin
I guess? Though the issue a the top looks like "cockroachdb has additional keywords that need to be quoted". I guess cockroach could have made their parser smarter about context or something? Too deep for me to dig right now ๐ซ๏ธ
- rozzin encourages Sapotaceae to try it out ๐๏ธ
-
Ellenor Bjornsd.
Huh, there's such a thing as yugabytedb? Maybe I should try it out
-
moparisthebest
the ones I know about are CockroachDB (postgresql but distributed) and TiDB (mysql/mariadb but distributed)
-
Ellenor Bjornsd.
yes, this is supposed to compete with cockroach
-
Ellenor Bjornsd.
https://github.com/yugabyte/yugabyte-db
-
rozzin
Sapotaceae: > Is there any Foss server that supports geographic failover This sounds like what you wanted? https://mongooseim.readthedocs.io/en/3.1.1/modules/mod_global_distrib/
-
rozzin
Maybe I should migrate to MongooseIM?
-
Licaon_Kter
rozzin: latest is 5 https://esl.github.io/MongooseDocs/latest/modules/mod_global_distrib/
-
zdream
Hi
-
Licaon_Kter
zdream: Hi there. What brings you to this corner of the admin ecosystem?
-
zdream
> ๆๆไธ, 21 ไบๆ, 2022 > [17:45:56] Licaon_Kter: > zdream: Hi there. What brings you to this corner of the admin ecosystem? I was looking for a tutorial on building an xmpp service on the Internet, so I found it here.
-
Licaon_Kter
There are many such tutorials. Peruse the Newsletter ;) https://xmpp.org/categories/newsletter/
-
zdream
Thank you.
-
Licaon_Kter
Do chime in zdream and ask for help if you need it. But be detailed in use case and suchp✎ -
Licaon_Kter
Do chime in zdream and ask for help if you need it. But be detailed in use case and such. ✏
-
Licaon_Kter
Stay safe and... TLSA/DANE? https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600
-
croax
Yep, that's why relying on automated CA has huge downsides... But everyone seems happy to have a big LE ruling the world. I hope we consider a better support for DANE in servers / clients
-
croax
(still relying on centralized infrastructure... but ICANN domain names are, per se)✎ -
croax
(still relying on centralized infrastructure... but like ICANN domain names, per se) ✏
-
croax
By the way, to help adoption of DANE, although lots of us are using LE, we can add the "--reuse-key" option to preserve at renewal the key associated to the LE certificate so we can publish an unchanging TLSA value in DNS zone. Otherwise it's much more complex to maintain.
-
moparisthebest
croax: yes, but how to get people to drop their .im domains?
-
croax
HTTP permanent redirection ๐ [joke]
-
savagepeanut
What's wrong with .im domains?
-
croax
No DNSSEC
-
moparisthebest
croax: did you notice the attacker didn't use LE
-
savagepeanut
Huh. I didn't know dnssec was dependent on the tld.
-
moparisthebest
savagepeanut: completely dependent on the TLD, that's basically what has held back adoption imho
-
MattJ
Especially .im in the XMPP realm
-
savagepeanut
What was the reason for that? I don't know of any technical reason to not have it as an option everywhere.
-
moparisthebest
Laziness
-
moparisthebest
It'd be more work for .im to set up and run so they just don't
-
savagepeanut
Lol I should have guessed
-
croax
moparisthebest: > did you notice the attacker didn't use LE Right, probably it was not possible to do this with LE for some reasons (while OK with ZeroSSL). But the problem remains :-) Don't forget to define CAA records in DNS zone too! It would have forbid zero SSL to provide a valid cert.
-
moparisthebest
Yep!
-
moparisthebest
LE does challenges from multiple widespread geographic locations, which is literally the best that can be done without dnssec, I don't know what zero SSL does
-
moparisthebest
But in the dark ages of manually aquiring certs this would have been easy too
-
Licaon_Kter
PSA: https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/
-
junaid
thanks Licaon_Kter!
-
moparisthebest
bigger PSA, what all servers use expat ? only prosody or ? https://www.openwall.com/lists/oss-security/2022/02/19/1
-
jonasโ
mmmmmmmmm
-
mimi89999
I started the discussion on CAs and BGP hijacking: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/lxiA7zcKLws