XSF Discussion - 2014-02-07

  1. simon

    Does the XSF have an official twitter account?

  2. Kev

    I believe that the answer is No, but I couldn't swear to it.

  3. simon

    @xmpp looks rather dead

  4. simon

    might nudge him and ask if we could use it.

  5. Steffen Larsen

    can we ask if we can have it from the given person?

  6. Steffen Larsen

    is @xsf taken?

  7. bear

    yes, Donnet Yatsko has it

  8. bear

    with all of zero tweets

  9. Steffen Larsen


  10. simon

    Should I know who he is?

  11. bear


  12. bear

    we could send twitter a letter asking them to take over the xsf account because it's our brand

  13. ralphm


  14. simon

    Nice friendly note sent.

  15. simon

    Will follow up if/when I hear anything back.

  16. bear


  17. Lloyd

    Who runs the facebook xmpp page?

  18. ralphm

    Lloyd: I'm pretty sure that's Neustradamus

  19. ralphm

    there's also one for the foundation

  20. Alex

    I thnk thats the most active on Facebook: https://www.facebook.com/jabber

  21. dwd

    xnyhps, So your own tests don't use a valid certificate? Have to score you an F, then. :-P

  22. xnyhps

    It doesn't even listen on a socket for incoming connections, it's completely fake. :P

  23. simon

    xnyhps - do you plan on testing that sites reject invalid certs.

  24. Zash

    That would be one interesting data point.

  25. simon

    Zash: My thinking too. Basically check whether servers blindly trust peers.

  26. Zash

    Well, most servers will fall back to dialback, but there are some who reject

  27. simon

    Zash: good point.

  28. Zash

    I have a bot running on a server with a self-signed cert, which is useful partly for that reason.

  29. simon

    I personally run with s2s_secure_auth = true (on prosody) so that I don't have to trust DNS too much.

  30. dwd

    simon, Trouble is, I think the different combinations of security options yield some surprising results. Accepting dialback with self-signed certs is probably (I think) fine in combination with DNSSEC.

  31. Zash

    Bunneh, ping acc.umu.se

  32. Bunneh

    Zash: Ping failed (remote-server-not-found): Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by acc.umu.se)

  33. Zash

    Like that :)

  34. dwd

    simon, I think that "classic" TLS auth is better than DNSSEC+dialback+unauth-TLS. But it's not by much.

  35. simon

    dwd: does one need to use a CA for DANE to work?

  36. simon

    my thinking was that DANE + a signed TLD, invalidated the need to use CAs - a good thing imho

  37. Zash

    DNSSEC removes some attack vectors from dialback. Attacks on IP routing could still work, but that ought to be harder.

  38. Zash

    simon: There are a few variants in DANE. You can say something like 'only this CA is allowed here and you must trust it already'

  39. Zash

    or you can point to your own CA and specify that as a root, or point to the actual cert or public key used by the server

  40. simon likes giving the middle finger to CAs.

  41. Zash

    If you use the non-PKI variants of DANE, you'll still have your TLD as CA :)

  42. ralphm likes his middlefingers. Keeping them.

  43. simon

    Would be really nice if someone could write up a basic guide for the wiki. I'd really like to get this deployed on some of my own domains.

  44. simon

    (with or without middle-finger-donations)

  45. ralphm

    Chromebox for Meetings. Wonder how much XMPP is in there.

  46. ralphm


  47. fippo

    ralphm: the thing formerly known as libjingle is inside ;-)

  48. ralphm

    well, yeah, of course

  49. Ge0rG

    dwd: NebuK is asking about your MUC merge progress. come back to yaxim@chat.yax.im please :)

  50. simon

    Yaxim + muc would be nice.

  51. Ge0rG

    simon: indeed. there is some old code for that, but it needs to be polished and brought forward into current master.

  52. Ge0rG

    simon: Dave did some progress with that, but forgot to tell us where to find his code ;)

  53. dwd

    Ge0rG, Actual work is a bit busy, sorry. But I've merged to about June, so far.

  54. Ge0rG

    dwd: thats ok, but please coordinate more with NebuK on the yaxim MUC.

  55. Ge0rG

    dwd: he is starting to merge stuff as well... :)

  56. Ge0rG is a bit busy with staying away from work... and from the laptop. so must delegate this

  57. NebuK

    hi there

  58. NebuK

    dwd, and here is the MUC guy ;) i'm currently trying to merge my own horrible code into current master -- how is you progress with that? (even though offtopic -- and/or do you want to come over to yaxims MUC?)

  59. dwd

    NebuK, I've merged to about June or so. WOrking through slowly. I'll get there, but I'm busy with work etc right now.

  60. NebuK

    oh, ok

  61. NebuK

    so ... what exactly are you merging? simply muc into master, or anything else? also, do you have your current state in a git somewhere, so i can start off from there?

  62. dwd

    NebuK, No, it's halfway through a massive rebase. :-) Not something I can push anywhere.

  63. NebuK


  64. NebuK

    what are you doing, if i might ask?

  65. Neustradamus

    I sent an email on the members ML because I have not email since November 2013.

  66. stpeter

    Neustradamus: you can send but not receive?

  67. Neustradamus


  68. Zash

    Nothing in a spam folder?

  69. Neustradamus

    like I have already said, jabber.org/xmpp.org are on blacklists

  70. Neustradamus

    there were discussions on iteam room, but the problem is not really resolved :/

  71. Zash

    What blacklists?

  72. stpeter

    Neustradamus: I am going to send you a test message from stpeter@jabber.org - please let me know if you receive it

  73. Neustradamus

    stpeter: I will inform you if I have

  74. stpeter

    Neustradamus: you won't receive it

  75. Neustradamus


  76. stpeter

    mail.log says: Feb 7 20:21:32 atlas postfix/smtp[24019]: 3EE4E219EA8: to=<lbxmpp@live.com>, relay=mx2.hotmail.com[]:25, delay=0.49, delays=0.08/0/0.37/0.04, dsn=4.0.0, status=deferred (host mx2.hotmail.com[] said: 421 RP-001 (SNT0-MC4-F52) Unfortunately, some messages from weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))

  77. Neustradamus

    intosi said me it is same for AOL and others companies

  78. stpeter

    well, for instance, the operators@xmpp.org list has 25 @hotmail.com addresses subscribed, and if we have a lot of traffic on the list then hotmail might consider that spammy

  79. fippo

    if only mail servers knew about their users subscriptions and could apply that to "karma" limits ;-)

  80. Neustradamus

    hotmail.* live.* outlook.* for ML (not only operators)

  81. Neustradamus

    stpeter: DKIM and SPF are easy no?

  82. Zash

    SPF is there already

  83. Zash

    DKIM is anything but easy

  84. stpeter

    the last time I tried to install DKIM I hosed my VPS

  85. Zash

    DKIM and mailing lists are not friends

  86. waqas

    A lot of the ML emails used to end up in spam, because of DKIM

  87. Neustradamus

    what will be the best solution for you?

  88. stpeter

    Neustradamus: use a different email service?

  89. Neustradamus

    But I am not alone

  90. stpeter

    Neustradamus: do you know what hotmail's policy is? how many email messages are too many?

  91. Kev

    No, but if your provider is blocking mail because it's from mailing lists, your choices are limited.

  92. Neustradamus

    stpeter: no :/

  93. Kev

    As I understand it, this isn't a blacklisting issues, it's just that your provider doesn't like receiving several mails at once, which is always going to happen with mailing list traffic.

  94. Neustradamus

    the server is really secure?

  95. Kev

    No server is really secure if it's attached to the internet.

  96. stpeter


  97. stpeter

    true day

  98. stpeter

    dat even

  99. Neustradamus


  100. stpeter

    Kev: that's my understanding, too -- they just don't like to receive a burst of messages or "too many messages" (not sure if that's in any particular time frame)

  101. Zash

    "Reason for rate limitation is related to IP/domain reputation."

  102. Neustradamus

    There are not sender bot on the server?

  103. waqas

    Mailing lists used to work fine on hotmail when I used to use it, but that was a long time ago

  104. intosi

    hotmail loves rate limitjng servers

  105. stpeter

    less for them to do :-)

  106. intosi

    phps mailgun can help out? ralphm?

  107. Neustradamus

    intosi: same for AOL?

  108. intosi


  109. Neustradamus

    but it is really strange, I had never problem before

  110. ralphm

    intosi: didn't you mention we've been blacklisted and that you have been fixing things recently?

  111. dwd

    .sdrawkcab tuo emoc segassem ym semitemoS

  112. dwd

    ?detaler eb siht dluoC

  113. Kev

    Mr. Cridland, please to try to behave.

  114. intosi

    i did

  115. Zash

    ‏.gnibrutsid kram LTR fo kcal ruoy dnif I :dwd

  116. intosi

    spent many hours on fuxing tjings

  117. intosi

    hacker kbd on a phone screen is.. less ideal

  118. dwd

    Zash, Back before the dawn of time, I used to be able to type backwards fairly fluently. I used to tell people on IRC that I'd changed some setting in my client, and please could they help me.

  119. Zash


  120. Kev

    /part and /quit are sitting on a wall. /part falls off. Who's left?

  121. Kev

    As the old one goes.

  122. intosi


  123. dwd

    Hey, that was cruel.

  124. Kev

    Or, slightly more amusingly, Hey this is really cool - see what happens if you type `/disco lights/` in your client!

  125. Zash


  126. dwd

    Come to think of it, Gajim actually has /commands, for all I know it has /quit.

  127. Zash

    I think it even has /exce -o

  128. intosi

    now my home lugting is blinking

  129. Zash

    I think it even has /exec -o

  130. intosi


  131. Zash

    Pro-tip: Don't /exec -o yes

  132. Zash

    Unless you /exec -o yes otters!

  133. waqas


  134. Zash


  135. ralphm

    intosi: so I think that taint could last some time

  136. Zash

    They didn't forsee that in StarTrek ^^

  137. ralphm

    intosi: I'd be happy to see if we can help out, just not right now

  138. intosi

    we ll chat abput it l8r

  139. ralphm


  140. dwd

    Zash, Hello, my name is Computer End Program?