Ge0rGI wonder if somebody will approach me to buy yax(.)im as well
ralphmGe0rG: you think it is good enough? Honest question, I am not currently using it because it doesn't do MUC.
Zash~$ nc -zv tango.me xmpp-client
Connection to tango.me 5222 port [tcp/xmpp-client] succeeded!
ZashSeems to be a HTTP server there
ralphmodd
ralphmthey have not SRV records any way
Ge0rGralphm: bug dwd about MUC :P
ralphmGe0rG: dodging the question?
Ge0rGralphm: seriously? I am using yaxim day-to-day for my mobile needs. Never needed MUC there, so I'm really fine with it. Good enough to be bought for millions? Surely not
KevWhen I'm mobile, I tend to need MUC more than 1:1.
KevFWIW.
KevI suspect it's a usage pattern thing.
intosiSame.
ralphm+1
Ge0rGwell, I've polished most of the issues that floated up with 0.8.7, will make 0.8.7b soon and then look into the MUC mess. I will do a call for beta testers here if you wish so
ralphmGe0rG: I'd love to see a well-integrated client (UI wise), with MUC, that is as approachable as WhatsApp or the new Hangouts. Obviously with good battery life and all that.
ralphmGe0rG: if yaxim can be that, more power to you
KevSwift for Android!
ralphmKev: only if it is following the Android UI guidelines
Ge0rGralphm: seems like I need to actually install WhatsApp and betray my friends, just to see how it does MUC
Kevralphm: Right. If we did Swift for Android, it's not clear if Qt for Android would suffice as 'good enough'.
KevIf it was, getting it running shouldn't be /too/ hard. If it wasn't, that means essentially a port, and that's not trivial.
ralphmprobably not, this is a generic problem
KevIf only there was a straightforward way to implement the C++ interfaces in Java. As 'all' it needs is a new UI to port to other platforms.
ralphmThe new Hangouts UI for Android is growing on me
ralphmit is pretty decent, especially now presence is more prominent (even if only boolean)
Lancehas joined
Lancehas left
MattJhas joined
MattJI only use Yaxim
MattJI can't deny that there have been times I've wanted MUC (e.g. council meetings), but not often enough for me to switch to any of the alternatives (which have issues)
MattJintosi, thanks for migrating Prosody over :)
MattJIt's been on my todo for a while to upgrade it
intosiYou're welcome :)
intosiI didn't see any point in staying at 0.8
Ge0rGMattJ: MUC participants still are not kicked on restart :(
Tobiashas joined
Ge0rGhm. if I unblock the Hangouts app on my Android, I will be still a lonesome guy hanging out
intosiMattJ: feel free to check the config. There is a warning in the logs about a module I didn't yet bother looking at about mod_console or something like that. Trivial to fix, but someone has to do it ;)
MattJmod_console was renamed to mod_admin_telnet, that's all
intosiI guess the observatory doesn't stop testing after it tries to determine encryption support, but doesn't rate ;)
intosi(I reloaded the config very soon after initiating the test because I made a typo in the config)
xnyhpsHeh
xnyhpsIt should stop testing when it can't determine support for any SSL or TLS version
xnyhpsBut it will test all of them, even if the first results in "no starttls offered".
ZashDANE \o/
intosiZash: yup ;)
intosiI managed to convince Joker to add DNSSEC support for the .nl TLD a week or two ago.
ZashAwesomeness
ZashDidn't .nl have it since forever?
ZashOr is Joker the registrar?
intosi.nl had it forever.
intosiJoker is the registrar I usually use.
intosi.nl was one of the first TLDs that signed the zone, and certainly one of the domains with the highest percentage signed zones.
Zashhttp://q.zash.se/4ea15828.txt
intosiHmm.
intosiAny idea what's causing those cert validation errors?
xnyhpsMy nearby pizza place with a webpage that looks designed in 1999 has DNSSEC. Cracks me up every time.
Zashintosi: That's because I have an empty CA store.
ZashIn order to test DANE-only validation
intosiAh, so that is expected :)
intosiIn that case, w00t!
m&mhas joined
ZashSo, DANE-only test host at dane.zash.se
Ge0rGbtw, what can I do if my domain reseller does not support / know about DNSSEC?
intosiInform them that you want it.
intosiIf they are nice, they will look at it.
m&myou could try to run your own nameserver, if they allow for that
m&mbut really, either ask them nicely and frequently, or find another
m&mZash: is that zone signed? Or is that a server that will validate someone else's DNSSEC/DANE information?
m&mis trying to figure out if a middlebox is interfering, or there aren't any signed records
Ge0rGright. I just can host my own DNS.
Zashm&m: Both
intosiBut you need support from your registrar to have the DS records published in the TLD zone.
intosiYou cannot rely on people using dnssec lookaside.
Zashxnyhps: https://xmpp.net/result.php?domain=dane.zash.se&type=server why so slow?
ZashAltho, it requires DANE
Zashand the test server might not have that
Ge0rGstpeter wanted to get the .im registrar to support DNSSEC... I wonder if anything happened there yet :>
ZashGe0rG: There was movement IIRC
simonI heard dwd has friends in high places in .im and is working on it.
m&mZash: ok, it's possible your DNS updates haven't propagated far enough for me yet
m&mthey've got to cross an ocean, some plains, and a start up a mountain to get to me (-:
Zashm&m: What DNS updates exactly?
ZashI updated DANE for that test host yesterday
Ge0rGsimon: dwd first needs to fix yaxim MUC :D
m&mand it can take up to 48 hours for those updates to widely propagate
m&mI'm seeing them *now*
m&mbut I wasn't a few minutes ago
ZashDNS doesn't propagate, it expires.
Ashhas left
m&mit's was an imperfect word choice (-:
Ashhas joined
simonI can recommend http://dnsviz.net/ for inspecting ipsec records.
ZashAltho I have a 24 hour TTL :)
m&mbut I suspect that one or more of my upstream resolvers had already cached your zone
Ashhas left
Ashhas joined
m&mand not all resolvers unconditionally honor the TTL
ZashWhy would they have cached records about a test server?
m&mI know of several that will not clear their caches for 48 hours, no exceptions
m&mthey cached records about your zone
m&mdo you really want to go down this rabbit hole? (-:
m&mI fully regret ever starting to
Zash.
m&mlet's just say that "zone transfer" doesn't always mean what you think
m&mZash: you have a not-small amount of additional info (-:
xnyhpsZash: verse error Error: /opt/xmppoke/bin/xmppoke:3034: not-authorized: Your server's certificate is invalid, expired, or not trusted by dane.zash.se
xnyhpsThough I don't know why it gets that far, it should've closed the connection before that anyway.
m&msimon: I think you're seeing a ISOC grant proposal in progress right now! (-:
xnyhpsGrmbl. unbound crashed, but OS X is keeping port 53 claimed.
simongrabs a pen and paper. More details please m&m. "Proposal to fix permissions in xmppoke"?
simonxnyhps: are we seeing this https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513 ?
m&msimon: "get prosody to do just about all of dane"?
m&mI'm just observing what I'm seeing Zash et al hash out
xnyhpsNo, I don't think xmpp.net uses forwarders.
xnyhpsI was complaining about my own machine (which was preventing me from accessing xmpp.net to fetch that log file for Zash)
simonm&m: yes. I'd like a bit of cross-platform-ness. So that we can at least build two competing[ly incorrect] DNSSEC systems.
Lancehas joined
Zashhas left
Lancehas joined
Santiago26has left
stpeterhas joined
dezanthas joined
Tobiasemcho, what are jitsi's current noise cancellation capabilities? do you use an open lib for this? or is this included in the codecs?
Santiago26has joined
stpeteris it safe to edit WordPress pages?
stpeterI'd like to update http://xmpp.org/participate/become-a-member/upnp-liaison-team/ when possible
Kevstpeter: Should be, yes.
Santiago26has left
stpeterok thanks
stpeterI might have a sponsor for a new machine, BTW
Zashhas joined
Ashhas left
Ashhas joined
Lancehas joined
Ashhas left
simonhas left
simonhas joined
Lancehas left
Ashhas joined
Santiago26has joined
stpetermakes some edits to http://xmpp.org/about-xmpp/xsf/xsf-people/ while he's at it
m&mhrm
stpeteryes?
m&mnevermind … I was getting gateway errors for the xeps, but a hard refresh seems to have fixed that
Santiago26has left
ralphmstpeter: interesting stuff. I read that our Secretary is supposed to write minutes for Board meetings.
ZashSay, who is this Secretary?
xnyhpshas left
ralphmAlex
dwdralphm, I'd hate to scare Alex away; he does enough as it is.
ralphmOh, I forgot a smiley
stpeterralphm: theoretically, I suppose, but I've never seen that happen (I don't remember if I did that back when I was secretary)
ralphmI'm happy for simon to produce minutes
dwdstpeter, You probably di, but you were also probably Board Chair and Council Chair.
dwd(And Editor, and Treasurer, and probably Secretary too)
dwdOh. Ha. Realised what I wrote there.
m&mthe circle is complete
ralphmIf there is no immediate need, why not use standards@ for liason discussions, if any?
xnyhpshas left
xnyhpshas left
xnyhpshas joined
stpeterralphm: because we're basically under NDA
stpeterdwd: I have never been Board chair :-)
stpeteror on the Board
stpeterat least we kept that separation
stpeterbbiab
xnyhpshas left
Lloydhas left
Lloydhas joined
Tobiashas joined
Lloydhas left
emchohas left
emchohas joined
Santiago26has joined
emchohas left
Ashhas left
Santiago26has left
Ashhas left
Simonhas joined
martin.hewitt@surevine.comhas left
Neustradamushas joined
dwdhas joined
Lancehas joined
fippohas joined
fippohas left
fippohas joined
xnyhpshas left
Jefhas joined
xnyhpshas joined
Santiago26has joined
Santiago26has left
Alexhas joined
Santiago26has joined
Santiago26has left
Santiago26has joined
Simonhas left
Simonhas joined
dezanthas left
martin.hewitt@surevine.comhas joined
Lancehas joined
dezanthas joined
ZashSimon: https://www.zash.se/prosody-dane.html describes my setup
SimonZash: very nice.
Simonvery very nice!
Simonis this the first working DANE setup in XMPP?
ZashProbably
SimonI feel a blog post coming up.
martin.hewitt@surevine.comhas left
ZashThat's the validation part at least
Zashhttps://github.com/shuque/tlsa_rdata seems easy to use
ZashNo idea why swede doesn't let you generate TLSA records from certificate files
stpeterah, good old shuque, I haven't talked with him in ages
ZashNow we just need DNSSEC deployed everywhere...
Simonzash - which selectors do you recommend to use?
Simon+1 on universal deployment
Zash3 0 1
ZashOther usages are either unsupported or messy or both
ZashPubkey selector requires a patch to LuaSec for extracting pubkeys
ZashAnd you don't want the entire cert in the record, so sha256
XSF Discussion - 2014-03-20