XMPP Service Operators - 2023-12-05


  1. moparisthebest

    anyone else on hetzner (cloud vps) have their system time jump around like crazy for maybe 10 minutes awhile ago? wreaked havoc on my services but I don't appear to be being MITM'd yet as far as I can tell :|

  2. maike

    everyone here should be using NTS or roughtime or similar https://fedoramagazine.org/secure-ntp-with-nts/ for chrony you should also set minsources 2 authselectmode require

  3. maike

    accurate time is absolutely critical

  4. moparisthebest

    that doesn't help if your hardware clock (from the VPS perspective) is flopping all over the place though right?

  5. moparisthebest

    I've actually never seen this happen before, TLS sessions were being terminated left and right, things were logging about time jumping about, very odd

  6. godric

    a full config https://codeberg.org/divested/brace/src/branch/master/brace/etc/chrony.brace.conf

  7. godric

    you could've been simply migrated between host machines

  8. godric

    eg. if they needed to upgrade/reboot the one you were on

  9. godric

    and the kernel only saves time to the hardware rtc every 10 minutes

  10. godric

    so such drift probably is possible in qemu or whatever

  11. moparisthebest

    > everyone here should be using NTS or roughtime or similar > https://fedoramagazine.org/secure-ntp-with-nts/ > > for chrony you should also set > minsources 2 > authselectmode require a comment on the article: > For example: European countries will stop using DST from 2021. 🫠️

  12. nuegia.net

    > that doesn't help if your hardware clock (from the VPS perspective) is flopping all over the place though right? qemu supports emulated hwrtc for this reason. just enable it

  13. kwaku

    That isn't a choice on hosted vps usually

  14. kwaku

    prosody only option for easy invites?

  15. moparisthebest

    is running snikket an option for you?

  16. kwaku

    already on ejabberd

  17. moparisthebest

    Oh I just meant that Snikket is the easiest option for easy invites

  18. MattJ

    kwaku: ejabberd doesn't support invites yet, unfortunately

  19. kwaku

    ok thanks