XSF Discussion - 2014-02-07

Does the XSF have an official twitter account?

I believe that the answer is No, but I couldn't swear to it.

@xmpp looks rather dead

might nudge him and ask if we could use it.

can we ask if we can have it from the given person?

is @xsf taken?

yes, Donnet Yatsko has it

with all of zero tweets

:-)

Should I know who he is?

doubtful

we could send twitter a letter asking them to take over the xsf account because it's our brand

https://support.twitter.com/articles/15362-inactive-account-policy

Nice friendly note sent.

Will follow up if/when I hear anything back.

k

Who runs the facebook xmpp page?

Lloyd: I'm pretty sure that's Neustradamus

there's also one for the foundation

I thnk thats the most active on Facebook: https://www.facebook.com/jabber

xnyhps, So your own tests don't use a valid certificate? Have to score you an F, then. :-P

It doesn't even listen on a socket for incoming connections, it's completely fake. :P

xnyhps - do you plan on testing that sites reject invalid certs.

That would be one interesting data point.

Zash: My thinking too. Basically check whether servers blindly trust peers.

Well, most servers will fall back to dialback, but there are some who reject

Zash: good point.

I have a bot running on a server with a self-signed cert, which is useful partly for that reason.

I personally run with s2s_secure_auth = true (on prosody) so that I don't have to trust DNS too much.

simon, Trouble is, I think the different combinations of security options yield some surprising results. Accepting dialback with self-signed certs is probably (I think) fine in combination with DNSSEC.

Bunneh, ping acc.umu.se

Zash: Ping failed (remote-server-not-found): Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by acc.umu.se)

Like that :)

simon, I think that "classic" TLS auth is better than DNSSEC+dialback+unauth-TLS. But it's not by much.

dwd: does one need to use a CA for DANE to work?

my thinking was that DANE + a signed TLD, invalidated the need to use CAs - a good thing imho

DNSSEC removes some attack vectors from dialback. Attacks on IP routing could still work, but that ought to be harder.

simon: There are a few variants in DANE. You can say something like 'only this CA is allowed here and you must trust it already'

or you can point to your own CA and specify that as a root, or point to the actual cert or public key used by the server

If you use the non-PKI variants of DANE, you'll still have your TLD as CA :)

Would be really nice if someone could write up a basic guide for the wiki. I'd really like to get this deployed on some of my own domains.

(with or without middle-finger-donations)

Chromebox for Meetings. Wonder how much XMPP is in there.

(https://www.google.com/intl/en/chrome/business/solutions/for-meetings.html)

ralphm: the thing formerly known as libjingle is inside ;-)

well, yeah, of course

dwd: NebuK is asking about your MUC merge progress. come back to yaxim@chat.yax.im please :)

Yaxim + muc would be nice.

simon: indeed. there is some old code for that, but it needs to be polished and brought forward into current master.

simon: Dave did some progress with that, but forgot to tell us where to find his code ;)

Ge0rG, Actual work is a bit busy, sorry. But I've merged to about June, so far.

dwd: thats ok, but please coordinate more with NebuK on the yaxim MUC.

dwd: he is starting to merge stuff as well... :)

hi there

dwd, and here is the MUC guy ;) i'm currently trying to merge my own horrible code into current master -- how is you progress with that? (even though offtopic -- and/or do you want to come over to yaxims MUC?)

NebuK, I've merged to about June or so. WOrking through slowly. I'll get there, but I'm busy with work etc right now.

oh, ok

so ... what exactly are you merging? simply muc into master, or anything else? also, do you have your current state in a git somewhere, so i can start off from there?

NebuK, No, it's halfway through a massive rebase. :-) Not something I can push anywhere.

uh

what are you doing, if i might ask?

I sent an email on the members ML because I have not email since November 2013.

Neustradamus: you can send but not receive?

yes

Nothing in a spam folder?

like I have already said, jabber.org/xmpp.org are on blacklists

there were discussions on iteam room, but the problem is not really resolved :/

What blacklists?

Neustradamus: I am going to send you a test message from stpeter@jabber.org - please let me know if you receive it

stpeter: I will inform you if I have

Neustradamus: you won't receive it

no

mail.log says: Feb 7 20:21:32 atlas postfix/smtp[24019]: 3EE4E219EA8: to=<lbxmpp@live.com>, relay=mx2.hotmail.com[65.55.92.184]:25, delay=0.49, delays=0.08/0/0.37/0.04, dsn=4.0.0, status=deferred (host mx2.hotmail.com[65.55.92.184] said: 421 RP-001 (SNT0-MC4-F52) Unfortunately, some messages from 208.68.163.215 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))

intosi said me it is same for AOL and others companies

well, for instance, the operators@xmpp.org list has 25 @hotmail.com addresses subscribed, and if we have a lot of traffic on the list then hotmail might consider that spammy

if only mail servers knew about their users subscriptions and could apply that to "karma" limits ;-)

hotmail.* live.* outlook.* for ML (not only operators)

stpeter: DKIM and SPF are easy no?

SPF is there already

DKIM is anything but easy

the last time I tried to install DKIM I hosed my VPS

DKIM and mailing lists are not friends

A lot of the ML emails used to end up in spam, because of DKIM

what will be the best solution for you?

Neustradamus: use a different email service?

But I am not alone

Neustradamus: do you know what hotmail's policy is? how many email messages are too many?

No, but if your provider is blocking mail because it's from mailing lists, your choices are limited.

stpeter: no :/

As I understand it, this isn't a blacklisting issues, it's just that your provider doesn't like receiving several mails at once, which is always going to happen with mailing list traffic.

the server is really secure?

No server is really secure if it's attached to the internet.

:)

true day

dat even

correct

Kev: that's my understanding, too -- they just don't like to receive a burst of messages or "too many messages" (not sure if that's in any particular time frame)

"Reason for rate limitation is related to IP/domain reputation."

There are not sender bot on the server?

Mailing lists used to work fine on hotmail when I used to use it, but that was a long time ago

hotmail loves rate limitjng servers

less for them to do :-)

phps mailgun can help out? ralphm?

intosi: same for AOL?

yes

but it is really strange, I had never problem before

intosi: didn't you mention we've been blacklisted and that you have been fixing things recently?

.sdrawkcab tuo emoc segassem ym semitemoS

?detaler eb siht dluoC

Mr. Cridland, please to try to behave.

i did

‏.gnibrutsid kram LTR fo kcal ruoy dnif I :dwd

spent many hours on fuxing tjings

hacker kbd on a phone screen is.. less ideal

Zash, Back before the dawn of time, I used to be able to type backwards fairly fluently. I used to tell people on IRC that I'd changed some setting in my client, and please could they help me.

Haha

/part and /quit are sitting on a wall. /part falls off. Who's left?

As the old one goes.

heh

Hey, that was cruel.

Or, slightly more amusingly, Hey this is really cool - see what happens if you type `/disco lights/` in your client!

Hahaaaaa

Come to think of it, Gajim actually has /commands, for all I know it has /quit.

now my home lugting is blinking

I think it even has /exec -o ✏

lighting

Pro-tip: Don't /exec -o yes

Unless you /exec -o yes otters!

http://www.youtube.com/watch?v=mWZLa4AnN5k

lolwut

intosi: so I think that taint could last some time

They didn't forsee that in StarTrek ^^

intosi: I'd be happy to see if we can help out, just not right now

we ll chat abput it l8r

k

Zash, Hello, my name is Computer End Program?