XSF Discussion - 2018-01-09


  1. Ge0rG

    Everytime I'm on mobile, my desktop client fills the (fortunately invisible to others) log with dozens of those: <--- You (Ge0rG) left the room (the MUC server is not responding)

  2. Ge0rG

    It would be great to have an XMPP prober that, given a domain name, verifies that all advertised SRV records work.

  3. Ge0rG

    jonasw: ^

  4. moparisthebest

    xmpp.net just needs 368 support right?

  5. Ge0rG

    moparisthebest: except I want it to be a lean thing I can integrate into my monitoring.

  6. Ge0rG

    And not a full-fledged security tester

  7. moparisthebest

    ah right

  8. Ge0rG

    not saying it wouldn't be good to have that in xmpp.net

  9. moparisthebest

    that wouldn't be too hard I guess

  10. moparisthebest

    define 'work', like you can fully log in?

  11. Ge0rG

    moparisthebest: yes, that should be sufficient.

  12. Ge0rG

    So it can send me an XMPP message when the server is down. Oh. Wait.

  13. moparisthebest

    well, you interpret the lack of a message as a problem

  14. moparisthebest

    I've set that kind of thing up before, but it always results in me going, wait a second, I don't think I've gotten a message in 3 days!

  15. Ge0rG

    No, I was just kidding. It should send me an email, obviously.

  16. Ge0rG

    Meh. Some retarded client set all my bookmarks to autojoin=true and deleted the MUC passwords.

  17. Ge0rG

    It must've been ChatSecure, because Monal didn't join any MUCs

  18. Ge0rG

    It also deleted all the nicknames. Sigh.

  19. Ge0rG

    You can't beta test a client properly without a production account, but sometimes it just f***s up everything.

  20. moparisthebest

    and if you are like me, you could recover that from database backups, but it's harder to do that than to fix things manually 😛

  21. Ge0rG

    moparisthebest: actually it's not harder.

  22. Ge0rG

    `borg extract prosody-backup::yaxim.boerde.de-2018-01-08 var/lib/prosody/yax%2eim/private/georg.dat` and done

  23. moparisthebest

    ah not bad

  24. moparisthebest

    mines all in mysql I think, someplace

  25. Ge0rG

    Except I would need to log out all my clients, it seems.

  26. Ge0rG

    I'm sure there is some prosodyctl magic for reloading my bookmarks.

  27. Ge0rG

    Ah, much better now.

  28. moparisthebest

    looking over that SRV email looks like someone accidentally hit my --verbose flag, ouch...

  29. Ge0rG

    So I've mirrored my domains to afraid.org/secondary. Now all that's missing is updated NS records.

  30. jonasw

    Ge0rG, I thought about such a check, it’s somewhere on my todo list

  31. Ge0rG

    jonasw: can I bother you enough to push it higher on the list? ;)

  32. jonasw

    Ge0rG, currently, the topmost item is "pass the two exam-like things today". that’s kinda pinned.

  33. jonasw

    I also don’t like checks which require credentials

  34. Ge0rG

    jonasw: good luck with the exams, then! :)

  35. jonasw

    thanks

  36. jonasw

    those types of checks escalate quickly. you’d want one which checks the certificate and one which proceeds even if the certificate check fails to see if and which SASL is offered; a third check would try the login, but only if the certificate check passes. and maybe more things I didn’t think of, such as "test that a message can be sent" or so.

  37. Ge0rG

    jonasw: I already have a sophisticated shell-script doing the cert checking ;)

  38. jonasw

    for all SRV records? ;-)

  39. jonasw

    also, wanna have

  40. Ge0rG

    jonasw: no, for hardcoded domain:host:port n-tuples

  41. jonasw

    aww

  42. jonasw

    so no nagios-compatible check?

  43. Ge0rG

    jonasw: https://op-co.de/tmp/certwatch.sh

  44. Ge0rG

    jonasw: it's a daily cron job. Sufficient to remind me two weeks in advance.

  45. jonasw

    hm

  46. jonasw

    oh dear, no mailing, you exploit the cronjob error handling? :D

  47. jonasw

    that wouldn’t wrok at all for me, I only glance over my cronjobs because LE is so verbose

  48. jonasw

    will look into something more nagiostic

  49. Ge0rG

    jonasw: wait, that's how cron is supposed to work! If something unexpected happens, generate a mail

  50. jonasw

    yeah.

  51. jonasw

    tell that to LE

  52. jonasw

    ------------------------------------------------------------------------------- Certificate not yet due for renewal; no action taken. -------------------------------------------------------------------------------

  53. jonasw

    super-useful and not-at-all-noisy

  54. Ge0rG

    LE: you suck!

  55. Ge0rG

    jonasw: done.

  56. jonasw

    did you give the finger?

  57. jonasw

    in the classic torvalds-move?

  58. Ge0rG

    No, I merely wrote a 'groupchat' message

  59. Ge0rG

    I like the server name of https://podupti.me/ - Somebody should grab `jabberupti.me`.

  60. Guus

    (go for it?)

  61. Zash

    Go forth and registert it

  62. Zash

    But allow me to scoff at the sillyness of domain hacks.

  63. Guus

    thou shall be allowed.

  64. SouL

    `xmppupti.me`

  65. Guus

    register upti.me and use subdomains?

  66. Kev

    myupti.me

  67. Guus

    Kev, I'm assuming that you'd hook that into a sensor that detects when you last left your bed?

  68. Ge0rG

    .me domains are 5Ł per year with my registrar.

  69. Guus

    that's 1.19 euro?

  70. SouL

    Guus, damn, I would love to do that haha

  71. Guus

    and you have not registered all of them, why?

  72. Ge0rG

    Damn Unicode. I meant £.

  73. intosi

    Pardon my ignorance, but what's an Ł?

  74. Guus

    zloty

  75. intosi

    Google tells me Litecoin, but surely 1000 for a domain is quite expensive ;)

  76. Guus

    (which I had to google)

  77. intosi

    Glad Ge0rG cleared it up though :)

  78. Ge0rG

    I think I still own some LTC, though.

  79. Guus

    ah, actually, zloty is supposed to be zł. My Google powers suck.

  80. Ge0rG

    wow, it's actually worth 170€.

  81. tux

    Ltc has 170€? I need to find my Ltc!

  82. Ge0rG

    tux: beyond 200€ actually, I just only have 0.8Ł

  83. tux

    Uah

  84. Ge0rG

    I wonder if there'll be another BTC peak. I still need to sell my bits.

  85. SouL

    Lucky guys

  86. Alex

    I will never understand that bitcoin hype. We are fighting global worming, and wasting tons of energy for mining dome virtual coins :(

  87. Guus

    Alex: when I suggested that, someone retorted with: "bitcoin is supposed to replace, not add to, something." I'm not saying that I agree, but it's an interesting thought.

  88. Guus

    (the implication being that the financial sector uses a _lot_ of energy too)

  89. Alex

    Guus: ya agree

  90. Guus

    that said: I don't own any :)

  91. Ge0rG

    I only own BTC because I mined some during a cold winter

  92. jonasw

    Alex, +1

  93. edhelas

    yup same here

  94. moparisthebest

    what is the other web xmpp thing like movim but not movim?

  95. Zash

    how much like movim is that?

  96. Zash

    jappix? (also php xmpp web thing)

  97. daniel

    moparisthebest: Salut a toi?

  98. daniel

    Possible spelling mistakes included because u don't speak French

  99. moparisthebest

    I think it was jappix, which turns out it's abandoned so that makes choosing easy

  100. moparisthebest

    Other one looks interesting though

  101. moparisthebest

    Thanks!

  102. mathieuii

    yeah, jappix was abandoned and edhelas is currently hosting both the jappix.org and movim.eu servers

  103. edhelas

    yup

  104. edhelas

    still in contact with Vanaryon, the creator of Jappix as well :)

  105. moparisthebest

    yea I was looking into that and remembered there was another but couldn't remember the name 🙂

  106. Alex

    you are looking for a webclient?

  107. moparisthebest

    got any suggestions?

  108. Alex

    candy, opentalk

  109. Guus

    inverse?

  110. Alex

    jabber.ru is running a fork of opentalk which is pretty nice

  111. Guus

    or did JC eventually _not_ brand the full-page converse variant?

  112. moparisthebest

    I thought inverse was just an instance of converse

  113. Guus

    converse.js is typically a client in some corner of a website. inverse (using the same code as converse.js) transforms that to a full-page client.

  114. Guus

    https://xmpp.org/software/clients.html doesn't list opentalk :(

  115. edhelas

    neither Movim

  116. mathieuii

    edhelas, make PR then

  117. Alex

    ya, many projects killed by our policy which forces an annuial update

  118. Guus

    'the culling'

  119. moparisthebest

    Dave Cridland, re council agenda, no vote on last call of XEP-0387: XMPP Compliance Suites 2018 ?

  120. Dave Cridland

    moparisthebest, Hmmm.

  121. moparisthebest

    Dave Cridland, looking at trello it's in the 'awaiting list votes', tab thing

  122. moparisthebest

    except Kev I think said it needed new votes from new council

  123. SouL

    Alex, opentalk? Do you have a link, please? Seems I cannot find any client named like that.

  124. Alex

    SouL: https://github.com/otalk/otalk-im-client http://getkaiwa.com/

  125. moparisthebest

    oh didn't realize that was kaiwa

  126. moparisthebest

    super old and abandoned and does terrible stuff like send your entire roster to gravatar.com

  127. moparisthebest

    wrote a patch over 2 years ago to allow toggling off roster leak https://github.com/digicoop/kaiwa/pull/74

  128. Alex

    moparisthebest: its a pretty good base, would love to see people improving and forking it

  129. Zash

    Wasnt kaiwa exactly that, a fork?

  130. Alex

    yes, fork of otalk

  131. moparisthebest

    I recall it being painful to set up, then the sending roster to remote server kind of turned me off 🙂

  132. moparisthebest

    it's not like xmpp doesn't have 2 avatar standards, you don't need to ask 3rd parties instead hehe

  133. Zash

    A/B test them! :)

  134. Zash

    If you have something larger than a single user server, you could to some extent anonymize by proxying gravatar requests trough the server.

  135. Zash

    Or even better, use some library to generate randomized default avatars locally.

  136. moparisthebest

    yep some things do that, I think discourse?

  137. moparisthebest

    clicking around on forks it looks like https://github.com/ForNeVeR/Kaiwa is maintained

  138. moparisthebest

    last commit in develop branch was oct 2017

  139. Ge0rG

    marc: your proto-xep, how is it doing?

  140. marc

    Ge0rG, I did good progress today even though I had headache :D

  141. marc

    I sent Ge0rG my current draft via PM

  142. zinid

    marc, you said you have an implementation already, is it a client or a server part?

  143. marc

    zinid, both

  144. zinid

    kewl

  145. edhelas

    https://status.slack.com/

  146. moparisthebest

    yea people in an IRC channel were complaining

  147. moparisthebest

    I told them to have their sysadmin just reboot it, oops 😛

  148. edhelas

    hopefully they got a couple of billions from investors to proove that they can scale just fine :-°

  149. Zash

    Is it down, or what's the relevance?

  150. moparisthebest

    it's down

  151. edhelas

    yup down

  152. moparisthebest

    I thought THE CLOUD solved everything, hehehehehe

  153. edhelas

    also Bitbucket was down most of the afternoon :p

  154. jonasw

    CVE-2017-5754? :)