-
Harper
has the certificate for conference.trashserver.net expired?
-
nuegia.net
you could test it with testssl.sh. it support xmpp starttls
-
Harper
indeed it is > Mon, 13 Mar 2023 23:15:49 GMT
-
Licaon_Kter
> has the certificate for conference.trashserver.net expired? _My old enemy, we meet again_
-
Trung
> Connection from trung.fun to conference.trashserver.net failed ! > Cert hash: 09b505c082bba39e68f584ba55e3518221cdafd6 > Error: Error with certificate 0: certificate has expired.
-
benk
Sad
-
Licaon_Kter
It's back already
-
benk
🎉
-
j.r (jugendhacker.de)
Looks like the admin forgot, but fixed it directly after waking up: https://metalhead.club/@thomas/110020016870184893 (sorry for strudel)
-
bkil
If only there existed a service that kept verifying acme-based volunteer ran free community services for their expiry once every and warned 30 days in advance! We run into this in many other communities regularly.✎ -
bkil
If only there existed a service that kept verifying acme-based volunteer ran free community services for their expiry weekly and warned 30 days in advance! We run into this in many other communities regularly. ✏
-
MattJ
There is: https://observe.jabber.network/
-
MattJ
It monitors connectivity as well as certificate expiry warnings
-
TheCoffeMaker
MattJ, seems to be down ... is it?
-
MattJ
It is not
-
bkil
And does it contact the owners?
-
MattJ
Yes
-
bkil
Hm. So we need a down detector for the down detector then!
-
TheCoffeMaker
> It is not I was able to reach it on the 3rd try ... weird
-
MattJ
Works fine for me on both IPv4 and v6
-
bkil
By the way, only warning _after_ the certificate is expired is way too late. If you have an ACME setup that is good for 90 days, you usually renew after every 60 days. If it is not renewed xy day 61, the cron job is already failing and there is no use in waiting until day 91. They also send an email at that time and if you don't act within a few days, you probably either don't have an email registered or it is going to spam.✎ -
bkil
By the way, only warning _after_ the certificate is expired is way too late. If you have an ACME setup that is good for 90 days, you usually renew after every 60 days. If it is not renewed by day 61, the cron job is already failing and there is no use in waiting until day 91. They also send an email at that time and if you don't act within a few days, you probably either don't have an email registered or it is going to spam. ✏
-
MattJ
I agree, that's why it warns in advance
-
MattJ
For Prosody admins, there is also https://modules.prosody.im/mod_checkcerts
-
Licaon_Kter
Had a cron cert update fail last week, randomly/luckily seen it. _It was DNS_
-
moparisthebest
Always
-
bkil
> <MattJ> I agree, that's why it warns in advance That's why _what_ warns in advance?
-
MattJ
observe.jabber.network
-
Harper
Don't y'all already get emails from LE?
-
bkil
9.42% of operators don't.
-
bkil
The problem with `observe` is that not all communities are running XMPP servers on their domain.
-
moparisthebest
> The problem with observe is that not all communities are running XMPP servers on their domain. That's ok, easy to fix
-
bkil
As they haven't published the source code, I can't tell when they are actually sending an alert relating to certificates.
-
Menel
MattJ: > For Prosody admins, there is also https://modules.prosody.im/mod_checkcerts I think that's doesn't work, last I tried.. I will try again... It also says incompatible with prosody .10 But then again. Let's encrypt also sends warning emails if one doesn't disable that.. So one _can_ be warned anyway. It is included...
-
MattJ
Yeah, I guess for me it's useful because I'm not always the contact of the LE account (e.g. for jabber.org)
-
bkil
Not everyone uses ACME. Not everyone uses Let's Encrypt for ACME. Not everyone has that email address enabled. Some email may go to spam or the specified mailbox only monitored manually instead of being forwarded to the pager/phone of a person. Some admins think that the warning is only intermittent if it was sent a single time and think it was resolved by cron on the node. Some star the incoming warning to deal with it later when they have time but forget about it due to email fatigue.
-
bkil
Some mistype their email address on the registration form (I don't think it is verified during the process).
-
Menel
bkil: nearly 100% if the expired certs just do that actually.. So you're technically correct.. But in reality it doesn't matter much.
-
Menel
If you setup something incorrectly it doesn't work yes... Also true for other checker software
-
bkil
By the way, my suggestion was a monitoring too to help monitoring the community services hosted by _others_, not your own. I.e., most volunteer operators aren't that experienced in monitoring & alerting as I would like them to be.✎ -
bkil
By the way, my suggestion was a monitoring tool to help monitoring the community services hosted by _others_, not your own. I.e., most volunteer operators aren't that experienced in monitoring & alerting as I would like them to be. ✏
-
MattJ
bkil, I'm no longer sure what point you're trying to make. The discussion started about expired XMPP server certificates, we're in the XMPP operators chat. It seems you're talking about some generic non-XMPP certificate checker? Such things exist too.
-
Menel
Like https://github.com/louislam/uptime-kuma
-
bkil
TL;DR, Could you please disclose how many days in advance observe.jabber.network will "alert" before a certificate expires?
-
MattJ
bkil, I don't know, I would strongly suspect it's a configuration parameter
-
moparisthebest
> As they haven't published the source code, I can't tell when they are actually sending an alert relating to certificates. Did you not even read the page? Lol (all source is published right there)
-
bkil
Way ahead of you. I have already read the source code of the _webpage_ before asking. But it's neither the webpage of the monitoring tool, nor its configuration, nor it's devops deployment recipe if I would like to reproduce it.✎ -
bkil
Way ahead of you. I have already read the source code of the _webpage_ before asking. But it's neither the source of the monitoring tool, nor its configuration, nor it's devops deployment recipe if I would like to reproduce it. ✏
-
bkil
Is this bridge forwarding remote message corrections (edits) towards XMPP?
-
MattJ
Looks like if, if you're using the bridge✎ -
MattJ
Looks like it, if you're using the bridge ✏
-
bkil
Excellent! The XEP provides for only editing my last message, right?
-
MattJ
Maaaybe
-
Menel
Many clients will forbit other edits and just don't show them
-
bkil
You mean only the original message will appear to them or it will be duplicated?
-
Menel
Both will be shown
-
Menel
It is a client feature clients can deside what they do
-
MattJ
The protocol isn't technically limited to the last message, but it says that implementations should only allow editing the last message. Not all implementations agree with that, and there is talk about removing this restriction from the XEP's text.
-
moparisthebest
bkil: then I'm afraid you didn't read it: > Free as in Freedom: All software components used, including this web frontend, are free and libre software. (The configuration management is currently not, and will most likely never be; this is because it is too tightly integrated in the entire other stack of services.) It also has links to everything
-
Licaon_Kter
> _It's always DNS_ The error I've got was: _"DNS problem: SERVFAIL looking up CAA"_ Don't recall what I did, restarted local resolver I guess.
-
opal
i see duplicate messages, where are you all even bridging from
-
MattJ
Most people aren't bridging from anywhere
-
opal
oh theyre individually-run bridges i see
-
MattJ
I think a couple of people are from Matrix
-
opal
i thought this chat was bridged thats all
-
Maranda
> <opal> i see duplicate messages, where are you all even bridging from Probably the duplicates you see are from LMC
-
diane
LMC last message correction?
-
Maranda
If joining from XMPP
-
opal
im guessing mam history doesnt preserve the edit flag for those messages?
-
Maranda
> <diane> LMC last message correction? ✅
-
diane
It seems to works for me, but I'm using dino. My other guess for repeated messages might be weirdness with stream resumption.
-
Maranda
MAM should opal but for example Conversation usually tramples when fetching corrected messages from history
-
Maranda
And shows duplicates
-
opal
maybe dino is doing that here too
-
opal
oh i havent updated dino in a bit either maybe i should rebuild
👍️ 1 -
diane
0.4 has got cool new stuff.
-
opal
im on... 0.3.0~git18.20220517.f25bfb00 yeah a bit old
-
diane
Now we have fancy emoji reactions
-
Licaon_Kter
opal: no MUC MAM in 0.3 anyway, but in 0.4
-
opal
ah
-
opal
explains it then
-
diane
One thing I'm curious about is one of Dino's recent screenshots in gnome-software seem to show a 3 person video call. Does that actually work?
-
Licaon_Kter
Maranda: who protects the Edit? MAM or LMC? Eg. user leaves, bad user comes w/ same nick and tries to correct
-
Licaon_Kter
diane: between Dino users, up to 4-5 etc, should be ok, afaik
-
Licaon_Kter
diane: for this and many more click xmpp:chat@dino.im?join
-
diane
https://xmpp.org/extensions/xep-0308.html says you're not supposed to allow JIDs to edit messages from before entering the room
-
opal
so, server needs to be trusted basically
-
Maranda
> <Licaon_Kter> Maranda: who protects the Edit? MAM or LMC? Eg. user leaves, bad user comes w/ same nick and tries to correct Usually both client/server should do some sanity check.
-
opal
(fair assumption to have regardless of edits)
- Maranda remembers some recent related Gajim bug...
-
opal
well i can say, im glad dino tagged a release, so i'll get that built soon
-
opal
can move back off master
-
bkil
I'm unsure why bifrost shows almost a thousand people over the XMPP MUC. I can't quite see that many active around here.
-
opal
i see ~60 but keep in mind most people lurk
-
Maranda
bkil: because sync'ing XMPP ephemeral membership state is disruptive to the room state in Matrix ™️
-
bkil
Right. We should open a PR to bifrost that it should GC members after being offline for more than a week and send in their leave events in bulk each night (or even once a week).
-
opal
there's precedent in how irc (namely libera) handles that with the matrix bridge so probably copying that as closely as possible would lead to least surprise for everyone
-
bkil
Nobody bothered to implement this in the IRC bridge either, hence the constant conflicts with all major IRC networks.
-
opal
i think they wait like a month before DCing matrix clients
-
opal
idk how it works the other way around ive seen dead irc nicks all the time so
-
opal
>Now we have fancy emoji reactions its ... just an emote menu lol, not quite reactions
-
bkil
On the contrary, matrix-org got into an agreement with many big IRC networks that it will **kick** members out of the room after 30 days if they don't say anything (regardless whether their client updated their read receipt, presence, place reactji and even sent in other messages to the same network in other channels). This is very disruptive and had resulted in a loss of huge communities. It took me almost a year to reboot the Friendica community after I noticed this
-
bkil
I proposed a much better algorithm compared to this.
-
opal
i already use ibus for emoji
-
opal
bkil, damn that sucks
-
opal
yeah its coming back to me i remember people getting confused over stuff
-
bkil
It ain't helping that it did include heuristics to detect online presence, but the matrix.org had to disable presence due to performance reasons within the Python implementation.
-
opal
e_e they still sticking with python and theyre still probably open to new registrations LOL they arent exactly calculated
-
Maranda
bkil: tbh that's already on the radar but there isn't exactly a "flawless" solution. So not sync'ing parts/technical parts for now is the best choice (otherwise kick/bans are immediatly sync'ed)
-
opal
oh wow dino 0.4.1 completely ignores my gtk theme cool and now i see the reaction popup nvm its different from the emote menu
-
bkil
Got any screenshot to show off for us outsiders?✎ -
bkil
Got any screenshots to show off for us outsiders? ✏
-
diane
Yeah I noticed I also noticed the theming changed with the jump to 0.4, and i think it's fair to call it a reaction because it replies to a post.
-
opal
bkil, no because i cant even resize the damned chats on the left to hide them now
-
opal
lmfao gtk4
-
opal
yeah diane youre right they are reactions if replies are also a thing now
-
diane
https://upload.ghic.org:5281/file_share/N2pzAQ5c1ZH6oALC9QzKqhHG/308228c5-10a8-4340-b56f-c7a71298ef42.png
-
diane
a bit of the menu
🥇️ 1 -
diane
There's more to the emoji menu but it's a popup that extends outside the dino window and I didn't feel like screenshotting the rest of my desktop
-
diane
For my messages, if I hover over them there's 3 buttons, a pencil for editing, a left turn arrow for replying, and a face with a plus for emoji reaction
-
opal
ok yeah the reactions work like any other platform
-
opal
cool
-
diane
singpolyma added stickers to cheogram (more featureful fork of conversations), and that looks like it'd be fun for kid & family members
-
diane
Though I'm still waiting for it to show up in fdroid
-
Licaon_Kter
> Right. We should open a PR to bifrost that it should Hey Maranda how many of your PRs have been merged? :))
-
bkil
Which XEP does reactji use? It doesn't seem to be bridged by bifrost.
-
Licaon_Kter
bkil: > On the contrary, matrix-org got into an agreement with many big IRC networks that it OFTC ops were not singing the same song, kinda tired and annoyed by having 3k users that are... not real
-
Licaon_Kter
opal, diane: go to Dino room, and I'll share the fix :)
-
Harper
how else are we supposed to get to the top of s.j.n?
-
Licaon_Kter
Good one...
-
opal
if you mean fix for the theme i'm already deep into the gtk4 config stuff so ill figure it out soon enough, just gnome devs keep changing everything for no good reason
-
Maranda
> <Licaon_Kter> > Right. We should open a PR to bifrost that it should > Hey Maranda how many of your PRs have been merged? :)) None, and none will
-
nuegia.net
> if you mean fix for the theme i'm already deep into the gtk4 config stuff so ill figure it out soon enough, just gnome devs keep changing everything for no good reason opal, https://www.youtube.com/watch?v=6n3pFFPSlW4
-
nuegia.net
hosting XMPP on your own hardware offers tremendous latency improvements over virtual private servers
-
nuegia.net
even when your hardware is set to use latency costing power saving like deep c-states and a lower context switching resolution, it's way more latenct then any cloud provider i've been on