XMPP Service Operators - 2024-03-01

nuegia.net is back up if you have ipv6

agris, where is nuegia.net hosted?

on a server

Hurricane electric 🤔

it takes 300ms to ping the server

from London, UK

The Ping is not great. My lastmile provider was recently aquired by another company who their network admin hasn't had the time yet to fix all the mistakes in that infrastructure.

It's going to take 1 month to reduce the latency

I'm aware of the problem

thankfully XMPP is not that latency sensitive.

it takes more than 1 nanosecond to send a message. literally unusable.

I'm encountering multiple startup ISPs with similarly bad network configurations and it's suspicious

The way i'm dealing with it is tunneling outside of the start ISP's network and dealing with network configuration there.

It's like a condom or quarantine bubble for IP networks.

The upside is I get PI address space. The downside is latency.

The reason I don't have any IPv4 right is is because their configuration is so fucked, I can't even use it for transition purposes.

the 426 proxy server is still up, just not reachable.

because of ipv4 address exhaustion.

If you are an ISP, just adding more NAT over and over again is NOT a solution.

that's how they think, and then sell out

and then someone else has to come and fix it while the community being serviced suffers

Polarian, 300ms from europe is actually pretty good.

> The Ping is not great. My lastmile provider was recently aquired by another company who their network admin hasn't had the time yet to fix all the mistakes in that infrastructure. Self hosting eh?

> it takes more than 1 nanosecond to send a message. literally unusable. unfunny

you are literally unfunny

> thankfully XMPP is not that latency sensitive. Within reason... 300ms might be noticable in audio or video chats.

> you are literally unfunny I am not the one telling jokes

the joke is you, unfunny man.

> The way i'm dealing with it is tunneling outside of the start ISP's network and dealing with network configuration there. That explains hurricane electric

Ping ain't bad. I'm glad my server supports IPv6. 250ms from my tests.

> If you are an ISP, just adding more NAT over and over again is NOT a solution. Technically is a solution... just not a pleasant one for the consumer

You tend to get what you pay for, if you pay for business networking, you will get better service

Chatting in a muc, it's not too noticable. I see the delay, but I can't tell if my ISP is the shit, or somebody elses is.

and that is why my ISP costs a fortune

there is no 'bussiness networking' here.

> Polarian, 300ms from europe is actually pretty good. London, UK --> Sidney, Australia is about 250-300ms

> Chatting in a muc, it's not too noticable. I see the delay, but I can't tell if my ISP is the shit, or somebody elses is. There is many factors: - Server getting overloaded - Client latency - server latency - Peer latency

Yes, I am well aware of how servers work and how communication can slow down. Thank you.

Why do xmpp servers have so much metadata of clients?

Is there anyway to make profile pictures and nicknames and private group chats not visible to server?

disable vcards

or don't set one

But roster and bookmarks are also still visible

Why are you so scared about them?

If you don't trust the server, move server, or self host your own

Why should I possibly be able to see what my users are doing?

because it is required for clients to function

Yes, but is there any work towards moving away from that?

no

that would defeat the purpose of federation

what you are asking would be complete decentralisation

also don't forget about chat markers, you are telling the server what you are reading

or the fact you tell the server what client you are using

Polarian: you can easily easily change or out right remove most metadata you dont want published.

/info me

lavrentiy: moving away from what? XMPP has roughly the minimal amount of metadata possible

i also dont like my client being published, i think it is a security risk. however most people dont need to be this paranoid (and i probably dont either)

> i also dont like my client being published, i think it is a security risk. however most people dont need to be this paranoid (and i probably dont either) Its useful for debugging purposes

and security via obscurity isn't security, attempting to hide the client you are using for security, is not security in the slightest

Like yes server visible rosters are a useless relic of the past, from when things like presence mattered, but it's not technically more metadata than your server already has right? You send it a message and a recipient, it's gotta have that

moparisthebest: roster, bookmarks, vcards, nicknames, muc descriptions and memberships, profile pictures are all visible to server always

Other systems like signal and threema don't do this

> Why do xmpp servers have so much metadata of clients? so we can make fun of people using inferior clients.

Yes they do

also having the clients show up also differentiates between different connections

Wirlaburla: you are using conversations. lets not get into "inferior clients"

kek

> Other systems like signal and threema don't do this Nobody is forcing you to use XMPP, don't like it, use something else.

worlio.com, you have a really cool website. thanks for putting it on the internet.

> Other systems like signal and threema don't do this I couldn't think how else they wouldn't

possibly by the client asking the other to send the avatar...

>> Other systems like signal and threema don't do this > I couldn't think how else they wouldn't They do ↺

but the issue with this is there is no device syncing

They just aren't honest about it

>> Other systems like signal and threema don't do this > Nobody is forcing you to use XMPP, don't like it, use something else. I seriously do prefer xmpp, I just feel like it is harming users at this point

harming users?

How dare the server store data to give the users a working product

they shouldn't function

there are bigger fish to fry than XMPP metadata

Anyway, I'm not trying to compare here or go offtopic, I was only asking if there were xmpp specific developments to improve the situation

there is no "situation" to improve here

The protocols can be made in a way that don't require the server complete/direct/plaintext access

Saying the others lie is dishonest

the server can already see everything you send (apart from the message payload when you enable OMEMO)

they know who you are talking to

when, and how long

Polarian: obviously, and even if entirely encrypted that can still be infered

But that doesn't mean things like roster and nicks and pictures should all be unencryptes

encryption isn't a silver bullet

how would the nicks propagate?

what about your roster?

what about pictures? how would this all propagate?

I mean JET is like 6 years old already

There is already a spec for thi

Xep-0420

JET is deferred and secondly it doesn't fix the issue

What servers or clients support SCE?

none

its experimental

Hell most clients still have OMEMO issues

the amount of times you get "this message is not encrypted for your device" because keys weren't shared or picked up

its gotten better over the past year or so, but it still happens, I had it happen yesterday

also you lost the original topic

which was the server storing data

the server stores data for various reasons

SCE would directly help achieve that goal

I can defeat that in 1 explanation: You set an avatar on your phone, your phone dies, you login to gajim on your desktop, your avatar has not propagated and there is no copy of it

meanwhile, using the current implementation, you just ask the server to send it to you

stage the picture (or encrypted blob) on the server, bump an epoch, set it into place

it doesn't have to get out of sync between clients

so your issue is simply the data is stored unencrypted

ok your roster

say you encrypted it

but oh no you lost your phone

how do you decrypt it

you can't

also OMEMO wouldn't work for that

because of forward secrecy

a new key would be generated and it wouldn't be encrypted for it

which means it would only work with a static key distributed across many devices, which then adds additional requirements such as physical transfer of private key

like I said, encryption isn't a silver bullet

> worlio.com, you have a really cool website. thanks for putting it on the internet. ty for the compliment

im probably a different nick on this device

lavrentiy, https://xmpp.org/extensions/#xep-0420-implementations

for implementations

also bare in mind that XMPP is federated, unless you are planning to make XMPP peer to peer, your plans won't work either. Peer to peer was mainly for voice and video chats, and as far as I am aware, the reasoning was because the XMPP server bandwidth could then be conserved

_maybe someone from the XSF board could correct/confirm that_ ✏

peer-to-peer is cool and I wish newer internet shit didnt screw with those times

peer to peer is difficult

now it is

it always has been

The internet was never designed for peer to peer

true peer to peer is achievable though... something cool would be a way to message a friend next to you on the train by broadcasting signals to each other

yeah it is

> The internet was never designed for peer to peer Polarian: lol the internet was always P2P with each node being equal from day 1 ↺

The Internet wasn't made for most things.

that's what ipv4 was designed for and what ipv6 was created to maintain

but its not truly peer to peer, because there is still some lookup required to find the other user

lavrentiy: join xmpp:xsf@muc.xmpp.org?join and participate in protocol development, it's easy, be the change you want to see

there is still some centralised database somewhere

> lavrentiy: join xmpp:xsf@muc.xmpp.org?join and participate in protocol development, it's easy, be the change you want to see moparisthebest do you contribute?

one example would be DNS

your should use XMPP before suggesting changing how it works

We aren't talking peer-to-peer as in hooking up our modems together. We are talking peer-to-peer as in client<->client.

There need not be lookup, you tell me your IP and we communicate directly

And that worked fine.

Polarian: yes

> Polarian: yes example?

> There need not be lookup, you tell me your IP and we communicate directly _if directly means bouncing packets around the internet_

Then we ran out of IPv4s so ISPs used one per household, then one per neighborhood, and now it's kind of difficult without getting something else involved.

and how do servers know where to send the packets? registries

IPv6 would probably fix that but not everyone has it.

the reason not everyone has it is because ARIN is not doing their job

hmm how to differentiate between true peer to peer, and client to client 🤔

charging an arm and a leg for a plentiful resource

only catering to big corporations

If you want true peer-to-peer, put a satellite dish on your house tell your peers its exact cordinates.

we need to break up ARIN and build something like RIPE to replace

> If you want true peer-to-peer, put a satellite dish on your house tell your peers its exact cordinates. that would be illegal

> only catering to big corporations It is hilarious how open source developers hate on big companies

when its the big companies which fund your projects

them same big companies you are moaning about use their position to fund open source network tools etc

~some of them at least~

» [19:35:57] <Polarian> that would be illegal only if you do it wrong

not everything is boolean unfortunately :)

Polarian: here I guess https://wiki.xmpp.org/web/Travis_Burtrum_Application_2023#My_XMPP_related_projects

ARIN is supposed to be managing a public resource, not exclusively catering to big corporations and rent-seeking ipv6 for an entire contient

Antennas are illegal????

> only if you do it wrong Broadcasting signals without the permission of the authorities and the proper clearance, and safety compliance will land you in prison

As I said, only if you are doing it wrong.

You need a license for WiFi????

> You need a license for WiFi???? technically yes

No

Over certain power limits, yes.

yes

Uh, no?

> Over certain power limits, yes. ^

Also use of the spectrum in public radio spacr

Ok what does that have to do with anything though

technically you shouldn't have your wifi outside your property, however if only radio signals were easy to control

You can still put a satellite on property and truly peer-to-peer with someone else doing the same thing LEGALLY.

but you can get in trouble for blasting high powered wifi signals

its one of the reasons you can't buy high powered APs easily

This is like you saying forks are illegal, and me saying no, and you saying stabbing someone with a fork is illegal

Wi-Fi isn't the only form of wireless communication.

moparisthebest, it's trollbait

> You can still put a satellite on property and truly peer-to-peer with someone else doing the same thing LEGALLY. Well... the satallite would then be the intermediate...

You can legally do WiFi over surprisingly long distances

> You can legally do WiFi over surprisingly long distances AFAIK if you get caught blasting your wifi signal too far, authorties will complain

No

same thing with using blockers

> No I assume it would differ by country as well :)

Only if you interfere with their shit.

Signal jammers are usually illegal and with good reason

But what is a "blocker" ? A Faraday cage/bag is and it's not illegal

> You can legally do WiFi over surprisingly long distances Thru increasing the power, and very large RX antenna?

> Signal jammers are usually illegal and with good reason I was referring to jammers yes

It would be cool to run your own wifi mesh across your local town

give out free wifi to all

_and foot the bill_

In the US, there are restrictions and limitations but if you stay within those, and do not interfere with other important signals and frequencies, they really can't and won't do shit.

So shove a satellite on your property then upload a file via the XMPP proxy65.

> You need a license for WiFi???? Yes, you do. The license is associated with the device (although there’s parts of the “wifi” bands that are actually allocated to HAMs and you need an amateur license for those, but can build your own transmitters for those parts of the spectrum). Every device you have that transmits will have an FCC certification associated with it. Wifi cantennas and yagis are technically illegal because adding high gain uncertified antennas can bring the devices out of spec.

no you don't. it's true your sharing part of a ham band but it's not exclusive use. HAMs have primary usage, and your a secondary user

> no you don't. it's true your sharing part of a ham band but it's not exclusive use. HAMs have primary usage, and your a secondary user You need to be authorised to transmit high power WiFi signals ↺

which means if you intefere with a ham they can politely request you to switch frequincies or reduce power.

at least in the UK you do

Polarian, quit trolling

O2 holds the right to transmit high powered WiFi signals

> Polarian, quit trolling I am not trolling... quit flinging mud at me ↺

The UK doesn't exist.

> The UK doesn't exist. what,? ↺

There is only the US.

what does this have to do with operating an xmpp server?

And the US says "blast the signals everywhere"

» [20:04:08] <agris> what does this have to do with operating an xmpp server? Good point.

Lets operate an XMPP on the meshnet.

> what does this have to do with operating an xmpp server? No clue... conversation got derailed ↺

Our frequencies veered out of alignment.

Our band went out of sync.

> what does this have to do with operating an xmpp server? last time I checked you don't have moderation or owner, and you constantly calling me a troll is starting to annoy me. Please stop. ↺

I will discontinue the off topic conversation

I swear you are like some AI chatbot.

funny how a conversation about xeps turns into peer to peer turns into licencing/legality of high power WiFi transmission

Gonna go get a satellite and run the first ever public satellite XMPP instance.

Not first ever, my brother's family communicates with mine over legal 60ghz mikrotek WiFi dishes from about 500 yards (meters) away

Polarian, XMPP operators generally monitor this chat to resolve federation issues and such. When you constantly derail it with non-xmpp-operation unrelated stuff it gets annoying.

> Polarian, XMPP operators generally monitor this chat to resolve federation issues and such. When you constantly derail it with non-xmpp-operation unrelated stuff it gets annoying. I'm not the one continuing the topic... yet you always single me out. ↺

it's not that i don't want to talk about those things it's just that it's not here it's appropriate

where is it?

» [20:11:45] <moparisthebest> Not first ever, my brother's family communicates with mine over legal 60ghz mikrotek WiFi dishes from about 500 yards (meters) away No way. That is pretty cool.

I'm just wondering if there is a good place for that. The real problem is that conversation tends to happen where people congregate and people congregate around places for narrow topics, so I guess it's not a soluble problem.

deport, not sure. is there a HAM muc?

As long as we're on the topic of server operation, I don't see the problem.

there's a general offtopic muc people often throw around here but i don't like the way it's moderated so i stopped going there

We veered off for a small bit, conversations tend to do that.

» [20:15:37] <agris> there's a general offtopic muc people often throw around here but i don't like the way it's moderated so i stopped going there I don't like the people in it.

i could create something if one doesn't already exist first. let me check s.j.n.

I'm sure there are plenty of general discussion mucs around.

i found a german and i think an english one

https://search.jabber.network/search?q=Amateur&f=y&sinaddr=on&sindescr=on&sinname=on

xmpp:hamradio@conference.jabber.de?join

this seems like the english one. there's a more popular one but has the language tag german

Are you not joining?

Talking about something brought up doesn't mean you are into the topic. It just came up.

Thought you were going to look for a general offtopic one.

no

agris: > there's a general offtopic muc people often throw around here but i don't like the way it's moderated so i stopped going there That's moderated? Lol

Maybe it was a complain about not enough moderation

There's none, let alone enough

:)

let's stop that here. it's been enough noise in the past 24h

I'm trying to drill down 1GB of log files. Is there a tool that lets me easily remove blobs of stack traces? Something like a regex that allows me to remove fragments that start with a timetamp, contain some kind of message, and then all lines following it until a line that starts with a timestamp again?

perl

I've been fumbling with regex101 for an hour now, but am failing :)

take a look at the perl example in this one https://unix.stackexchange.com/a/72160 Guus

it works really well for that case

Guus, depending on how standard the log format is, lnav is generally great for browsing lots of logs

Guus, that's the kind of things where you start to need sed, but only if lnav doesn't cut it.

I use regular expressions in VSCode for this, doing find/replace with empty. It's rough, but I've found nothing better.

fellow operators with interest in search.jabber.network, please observe: https://fosstodon.org/@sjn/112020911459112449

how do i do this on ejabberd?

unix.dog, like this: https://providers.xmpp.net/faq/#support-addresses

cool, thanks

Does doing this in the global configuration section for prosody do this automatically on all domains?

They told me to add the same module in the muc component

Not sure if it needs to be also configured there or the global conf is enough

You need it on the muc component too, only global doesn't load it on components

With prosody, Global generally loads it on all virtualhosts, not components

OK, thanks that clarifies it. Will it also take from global config options or should those be put under the component as well? ✏

> fellow operators with interest in search.jabber.network, please observe: https://fosstodon.org/@sjn/112020911459112449 Oh, need to check whether I have those on the muc subdomain.

aereaux: the config options can be kept globally and will be taken for the muc component too

Phew, looks like I am already settled.

Hm. Seems it's one of the modules that automatically works for components too. So never mind, just works loaded globally... (some are special)

Great, now I'm even more confused on this topic 🤔️

With prosody, _generally_ global loaded models count for all virtualhosts, not components, but the devs make some modules to be smart and also load on components. But you can assume all modules will, and it's also not desired all do.

*can't assume

aereaux: Message xmpp:magicbot@magicbroccoli.de with `!contact yourmucdomain`.

It will tell you the 0157 contact if it's set.

Thanks, that's useful

yw

!contact

Does I2Pd have any problems in a IPv6-only network? I'm testing it now because Tor seems to be unreliable. If it works I may replace all Tor federation with I2P federation. I'd also like to contact the person who maintains the mod_deepweb module for Prosody.

Hopefully this fixes federation with onion-only servers.

nuegia.net, fwiw with tor you need to configure it to allow bootstraping over ipv6 `ClientUseIPv6 1`

nvm, seems Tor finally made that a default

lavrentiy, i did that. tor bootstrapped but it still doesn't seem to work.

Any specific error it says?

$ torify nc -v ovbikg4xvmpceljba3tj2i3qyzhdfic76rvkuzpzquayiaecvydd7oid.onion 5222 1709333915 ERROR torsocks[9122]: Connection timed out (in socks5_recv_connect_reply() at socks5.c:547) nc: connect to ovbikg4xvmpceljba3tj2i3qyzhdfic76rvkuzpzquayiaecvydd7oid.onion (127.42.42.0) port 5222 (tcp) failed: Connection timed out

What does tor client log say?

And does server log say it is failing?

If you send it a sighup it should print some stats

Sigusr1* Sighup is reload

I'm using nyx to monitor the tor daemon

you might also instead try torsocks nc --proxy 127.0.0.1:9050 --proxy-type socks5 --proxy-dns remote xyz.onion

oh the client?

both server and client can tell you which end is failing