XSF Discussion - 2018-01-09

Everytime I'm on mobile, my desktop client fills the (fortunately invisible to others) log with dozens of those: <--- You (Ge0rG) left the room (the MUC server is not responding)

It would be great to have an XMPP prober that, given a domain name, verifies that all advertised SRV records work.

jonasw: ^

xmpp.net just needs 368 support right?

moparisthebest: except I want it to be a lean thing I can integrate into my monitoring.

And not a full-fledged security tester

ah right

not saying it wouldn't be good to have that in xmpp.net

that wouldn't be too hard I guess

define 'work', like you can fully log in?

moparisthebest: yes, that should be sufficient.

So it can send me an XMPP message when the server is down. Oh. Wait.

well, you interpret the lack of a message as a problem

I've set that kind of thing up before, but it always results in me going, wait a second, I don't think I've gotten a message in 3 days!

No, I was just kidding. It should send me an email, obviously.

Meh. Some retarded client set all my bookmarks to autojoin=true and deleted the MUC passwords.

It must've been ChatSecure, because Monal didn't join any MUCs

It also deleted all the nicknames. Sigh.

You can't beta test a client properly without a production account, but sometimes it just f***s up everything.

and if you are like me, you could recover that from database backups, but it's harder to do that than to fix things manually 😛

moparisthebest: actually it's not harder.

`borg extract prosody-backup::yaxim.boerde.de-2018-01-08 var/lib/prosody/yax%2eim/private/georg.dat` and done

ah not bad

mines all in mysql I think, someplace

Except I would need to log out all my clients, it seems.

I'm sure there is some prosodyctl magic for reloading my bookmarks.

Ah, much better now.

looking over that SRV email looks like someone accidentally hit my --verbose flag, ouch...

So I've mirrored my domains to afraid.org/secondary. Now all that's missing is updated NS records.

Ge0rG, I thought about such a check, it’s somewhere on my todo list

jonasw: can I bother you enough to push it higher on the list? ;)

Ge0rG, currently, the topmost item is "pass the two exam-like things today". that’s kinda pinned.

I also don’t like checks which require credentials

jonasw: good luck with the exams, then! :)

thanks

those types of checks escalate quickly. you’d want one which checks the certificate and one which proceeds even if the certificate check fails to see if and which SASL is offered; a third check would try the login, but only if the certificate check passes. and maybe more things I didn’t think of, such as "test that a message can be sent" or so.

jonasw: I already have a sophisticated shell-script doing the cert checking ;)

for all SRV records? ;-)

also, wanna have

jonasw: no, for hardcoded domain:host:port n-tuples

aww

so no nagios-compatible check?

jonasw: https://op-co.de/tmp/certwatch.sh

jonasw: it's a daily cron job. Sufficient to remind me two weeks in advance.

hm

oh dear, no mailing, you exploit the cronjob error handling? :D

that wouldn’t wrok at all for me, I only glance over my cronjobs because LE is so verbose

will look into something more nagiostic

jonasw: wait, that's how cron is supposed to work! If something unexpected happens, generate a mail

yeah.

tell that to LE

------------------------------------------------------------------------------- Certificate not yet due for renewal; no action taken. -------------------------------------------------------------------------------

super-useful and not-at-all-noisy

LE: you suck!

jonasw: done.

did you give the finger?

in the classic torvalds-move?

No, I merely wrote a 'groupchat' message

I like the server name of https://podupti.me/ - Somebody should grab `jabberupti.me`.

(go for it?)

Go forth and registert it

But allow me to scoff at the sillyness of domain hacks.

thou shall be allowed.

`xmppupti.me`

register upti.me and use subdomains?

myupti.me

Kev, I'm assuming that you'd hook that into a sensor that detects when you last left your bed?

.me domains are 5Ł per year with my registrar.

that's 1.19 euro?

Guus, damn, I would love to do that haha

and you have not registered all of them, why?

Damn Unicode. I meant £.

Pardon my ignorance, but what's an Ł?

zloty

Google tells me Litecoin, but surely 1000 for a domain is quite expensive ;)

(which I had to google)

Glad Ge0rG cleared it up though :)

I think I still own some LTC, though.

ah, actually, zloty is supposed to be zł. My Google powers suck.

wow, it's actually worth 170€.

Ltc has 170€? I need to find my Ltc!

tux: beyond 200€ actually, I just only have 0.8Ł

Uah

I wonder if there'll be another BTC peak. I still need to sell my bits.

Lucky guys

I will never understand that bitcoin hype. We are fighting global worming, and wasting tons of energy for mining dome virtual coins :(

Alex: when I suggested that, someone retorted with: "bitcoin is supposed to replace, not add to, something." I'm not saying that I agree, but it's an interesting thought.

(the implication being that the financial sector uses a _lot_ of energy too)

Guus: ya agree

that said: I don't own any :)

I only own BTC because I mined some during a cold winter

Alex, +1

yup same here

what is the other web xmpp thing like movim but not movim?

how much like movim is that?

jappix? (also php xmpp web thing)

moparisthebest: Salut a toi?

Possible spelling mistakes included because u don't speak French

I think it was jappix, which turns out it's abandoned so that makes choosing easy

Other one looks interesting though

Thanks!

yeah, jappix was abandoned and edhelas is currently hosting both the jappix.org and movim.eu servers

yup

still in contact with Vanaryon, the creator of Jappix as well :)

yea I was looking into that and remembered there was another but couldn't remember the name 🙂

you are looking for a webclient?

got any suggestions?

candy, opentalk

inverse?

jabber.ru is running a fork of opentalk which is pretty nice

or did JC eventually _not_ brand the full-page converse variant?

I thought inverse was just an instance of converse

converse.js is typically a client in some corner of a website. inverse (using the same code as converse.js) transforms that to a full-page client.

https://xmpp.org/software/clients.html doesn't list opentalk :(

neither Movim

edhelas, make PR then

ya, many projects killed by our policy which forces an annuial update

'the culling'

Dave Cridland, re council agenda, no vote on last call of XEP-0387: XMPP Compliance Suites 2018 ?

moparisthebest, Hmmm.

Dave Cridland, looking at trello it's in the 'awaiting list votes', tab thing

except Kev I think said it needed new votes from new council

Alex, opentalk? Do you have a link, please? Seems I cannot find any client named like that.

SouL: https://github.com/otalk/otalk-im-client http://getkaiwa.com/

oh didn't realize that was kaiwa

super old and abandoned and does terrible stuff like send your entire roster to gravatar.com

wrote a patch over 2 years ago to allow toggling off roster leak https://github.com/digicoop/kaiwa/pull/74

moparisthebest: its a pretty good base, would love to see people improving and forking it

Wasnt kaiwa exactly that, a fork?

yes, fork of otalk

I recall it being painful to set up, then the sending roster to remote server kind of turned me off 🙂

it's not like xmpp doesn't have 2 avatar standards, you don't need to ask 3rd parties instead hehe

A/B test them! :)

If you have something larger than a single user server, you could to some extent anonymize by proxying gravatar requests trough the server.

Or even better, use some library to generate randomized default avatars locally.

yep some things do that, I think discourse?

clicking around on forks it looks like https://github.com/ForNeVeR/Kaiwa is maintained

last commit in develop branch was oct 2017

marc: your proto-xep, how is it doing?

Ge0rG, I did good progress today even though I had headache :D

I sent Ge0rG my current draft via PM

marc, you said you have an implementation already, is it a client or a server part?

zinid, both

kewl

https://status.slack.com/

yea people in an IRC channel were complaining

I told them to have their sysadmin just reboot it, oops 😛

hopefully they got a couple of billions from investors to proove that they can scale just fine :-°

Is it down, or what's the relevance?

it's down

yup down

I thought THE CLOUD solved everything, hehehehehe

also Bitbucket was down most of the afternoon :p

CVE-2017-5754? :)