XSF Discussion - 2022-02-01


  1. adiaholic has left
  2. Kev has left
  3. floretta has left
  4. floretta has joined
  5. adiaholic has joined
  6. Kev has joined
  7. adiaholic has left
  8. adiaholic has joined
  9. adiaholic has left
  10. Kev has left
  11. marc0s has left
  12. marc0s has joined
  13. Kev has joined
  14. xnamed has left
  15. u70jfzo5eyeb468b9o has joined
  16. me9 has left
  17. Kev has left
  18. Kev has joined
  19. adiaholic has joined
  20. Mhdyri has left
  21. Mhdyri has joined
  22. BASSGOD has left
  23. Mhdyri has left
  24. Mhdyri has joined
  25. Mhdyri has left
  26. kurisu has joined
  27. adiaholic has left
  28. BASSGOD has joined
  29. Kev has left
  30. kurisu has left
  31. Seve has left
  32. Kev has joined
  33. adiaholic has joined
  34. adiaholic has left
  35. BASSGOD has left
  36. Kev has left
  37. Kev has joined
  38. u70jfzo5eyeb468b9o has left
  39. emus has left
  40. Kev has left
  41. Kev has joined
  42. floretta has left
  43. adiaholic has joined
  44. BASSGOD has joined
  45. Menel has joined
  46. floretta has joined
  47. BASSGOD has left
  48. pete has left
  49. pete has joined
  50. jcbrand has left
  51. phryk has left
  52. BASSGOD has joined
  53. Kev has left
  54. Kev has joined
  55. lskdjf has left
  56. adiaholic has left
  57. Maranda[x] has left
  58. gooya has left
  59. adiaholic has joined
  60. Kev has left
  61. Kev has joined
  62. Maranda[x] has joined
  63. adiaholic has left
  64. adiaholic has joined
  65. Kev has left
  66. adiaholic has left
  67. Kev has joined
  68. Menel has left
  69. BASSGOD has left
  70. floretta has left
  71. jgart has left
  72. BASSGOD has joined
  73. floretta has joined
  74. sonny has left
  75. sonny has joined
  76. BASSGOD has left
  77. BASSGOD has joined
  78. BASSGOD has left
  79. Kev has left
  80. Steve Kille has left
  81. Steve Kille has joined
  82. adiaholic has joined
  83. Alastair Hogge has left
  84. BASSGOD has joined
  85. BASSGOD has left
  86. marc0s has left
  87. marc0s has joined
  88. david has left
  89. david has joined
  90. Yagiza has joined
  91. BASSGOD has joined
  92. BASSGOD has left
  93. stp has joined
  94. adiaholic has left
  95. BASSGOD has joined
  96. qwestion has joined
  97. adiaholic has joined
  98. BASSGOD has left
  99. floretta has left
  100. floretta has joined
  101. qwestion has left
  102. qwestion has joined
  103. BASSGOD has joined
  104. TheCoffeMaker has left
  105. matkor has left
  106. adiaholic has left
  107. neshtaxmpp has left
  108. neshtaxmpp has joined
  109. adiaholic has joined
  110. Alastair Hogge has joined
  111. stp has left
  112. rocco has joined
  113. wladmis has joined
  114. wgreenhouse has left
  115. kurisu has joined
  116. wgreenhouse has joined
  117. wgreenhouse has left
  118. floretta has left
  119. floretta has joined
  120. Titi has joined
  121. adiaholic has left
  122. adiaholic has joined
  123. u70jfzo5eyeb468b9o has joined
  124. kurisu has left
  125. adiaholic has left
  126. adiaholic has joined
  127. Seve has joined
  128. adiaholic has left
  129. matkor has joined
  130. wgreenhouse has joined
  131. qwestion has left
  132. wgreenhouse has left
  133. ti_gj06 has joined
  134. marc0s has left
  135. marc0s has joined
  136. wgreenhouse has joined
  137. Titi has left
  138. wladmis has left
  139. Mikaela has joined
  140. jgart has joined
  141. wgreenhouse has left
  142. wgreenhouse has joined
  143. jcbrand has joined
  144. Mikaela has left
  145. Mikaela has joined
  146. Tobias has joined
  147. wgreenhouse has left
  148. wgreenhouse has joined
  149. wgreenhouse has left
  150. BASSGOD has left
  151. wgreenhouse has joined
  152. atomicwatch has joined
  153. wgreenhouse has left
  154. argentum has left
  155. adiaholic has joined
  156. wgreenhouse has joined
  157. daags has left
  158. wgreenhouse has left
  159. Paganini has left
  160. karoshi has left
  161. wgreenhouse has joined
  162. msavoritias has joined
  163. wgreenhouse has left
  164. adiaholic has left
  165. wurstsalat has joined
  166. floretta has left
  167. Seve has left
  168. adiaholic has joined
  169. floretta has joined
  170. Vidak has left
  171. Vidak has joined
  172. karoshi has joined
  173. rafasaurus has left
  174. adiaholic has left
  175. sonny has left
  176. sonny has joined
  177. adiaholic has joined
  178. Menel has joined
  179. rafasaurus has joined
  180. emus has joined
  181. adiaholic has left
  182. BASSGOD has joined
  183. goffi has joined
  184. wgreenhouse has joined
  185. adiaholic has joined
  186. wgreenhouse has left
  187. david has left
  188. david has joined
  189. david has left
  190. david has joined
  191. tykayn has joined
  192. wgreenhouse has joined
  193. chronosx88 has joined
  194. djorz has joined
  195. wgreenhouse has left
  196. goffi has left
  197. goffi has joined
  198. floretta has left
  199. floretta has joined
  200. alacer has left
  201. alacer has joined
  202. wgreenhouse has joined
  203. wgreenhouse has left
  204. ti_gj06 has left
  205. Kev has joined
  206. sonny has left
  207. sonny has joined
  208. Seve has joined
  209. sonny has left
  210. sonny has joined
  211. wgreenhouse has joined
  212. rafasaurus has left
  213. rafasaurus has joined
  214. wgreenhouse has left
  215. wgreenhouse has joined
  216. ti_gj06 has joined
  217. wgreenhouse has left
  218. Alex has left
  219. Alex has joined
  220. wgreenhouse has joined
  221. eevvoor has left
  222. eevvoor has joined
  223. wgreenhouse has left
  224. marc0s has left
  225. marc0s has joined
  226. Steve Kille has left
  227. Steve Kille has joined
  228. tykayn has left
  229. wgreenhouse has joined
  230. ti_gj06 has left
  231. wgreenhouse has left
  232. djorz has left
  233. mh has left
  234. tykayn has joined
  235. andrey.g has joined
  236. wgreenhouse has joined
  237. bean has joined
  238. kurisu has joined
  239. wgreenhouse has left
  240. wgreenhouse has joined
  241. wgreenhouse has left
  242. mjk has joined
  243. Titi has joined
  244. chronosx88 has left
  245. chronosx88 has joined
  246. kurisu has left
  247. Guus has joined
  248. Guus Should we take down xmpp.net until a replacement becomes available? It's hardly useful anymore. Might be doing more harm than good at this point.
  249. ti_gj06 has joined
  250. Zash Or just yolo flip over to the replacement?
  251. jonas’ Zash, if you handle the issue tracker
  252. MattJ What issue tracker? :)
  253. lovetox has left
  254. debacle has joined
  255. mathieui No issue tracker no problem
  256. jonas’ probably operators@ ;)
  257. Zash Disable it. Only patches welcome!
  258. Guus I know you're joking, but we can move that to that github repo that now holds the xmpp.net projects.
  259. Guus it goes largely unused anyway
  260. Zash xmpp.net isn't an official XSF project anyway, or?
  261. Guus no - it's sources never lived in an XSF-managed repo either.
  262. Guus of course, 100% of the people working on it are XSF-affiliated... :)
  263. Guus I'm not sure if it runs on XSF hardware - it might?
  264. MattJ It does
  265. norkki has joined
  266. Guus Is it worth trying to upgrade the root certs on that server, to at least get around the LE failures, or shouldn't we bother anymore?
  267. debacle has left
  268. Guus if the latter, I'd suggest taking it down for now.
  269. jonas’ the server isn't the problem, the docker container running the thing is
  270. Zash I actually tried upgrading the root cert package in the container but to no effect
  271. jonas’ you need to upgrade libssl
  272. jonas’ or remove the expired DST root
  273. Zash I don't _need_ to do anything!
  274. MattJ But upgrading libssl isn't going to fly
  275. Guus maybe not flog a dead horse
  276. Guus Here's a handy copy/paste maintenance message that we could put up: https://gist.github.com/pitch-gist/2999707?permalink_comment_id=3984681#gistcomment-3984681
  277. lovetox has joined
  278. Guus Does it make things easier if I replace index.php in xmppoke-frontend with that?
  279. norkki has left
  280. floretta has left
  281. lskdjf has joined
  282. MattJ I suspect that all-round "easier" would be a warning banner that allows the site to still be used
  283. MattJ Otherwise we'll be fending off "why doesn't xmpp.net work yet?" complaints endlessly
  284. floretta has joined
  285. MattJ It's quite a well-used service
  286. Guus oooh, there's a common.php that holds a header
  287. kurisu has joined
  288. Guus which doesn't include the header :/
  289. wgreenhouse has joined
  290. Yagiza has left
  291. andrey.g has left
  292. Guus What's an appropriate banner text?
  293. wgreenhouse has left
  294. Guus > This service has gone unmaintained for quite some time. Results generated by this service might not be accurate.
  295. wladmis has joined
  296. MattJ How about: > This service is unmaintained and a replacement is planned. Meanwhile, results and advice generated by this service might not be accurate.
  297. Zash :+1:
  298. wgreenhouse has joined
  299. adiaholic has left
  300. Kev Just unlurking momentarily to say "LGTM".
  301. Guus https://github.com/xmpp-observatory/xmppoke-frontend/pull/14
  302. djorz has joined
  303. Guus oh
  304. Guus search/replacing...
  305. adiaholic has joined
  306. karoshi has left
  307. Guus force-pushed
  308. karoshi has joined
  309. Apollo has joined
  310. Guus I wouldn't know how to roll this out, so I'm hoping for someone else to get to that (eventually).
  311. Guus (also, feel free to discard / completely replace - just wanted to get something tangible started).
  312. MattJ I've no idea either, which probably means nobody does :)
  313. emus Reading this: Can we discuss paying someone to do this task regarding our infrastructure and further with important projects if interference with XSF members is high (xmpp.net)
  314. Zash It was Docker hub builds before, I think
  315. wgreenhouse has left
  316. MattJ We might try building on the machine, but I don't remember what the environment is like on there these days
  317. Zash That should be doable
  318. Guus emus: I'm not categorically against that, if iteam supports that idea. Unsure if iteam has been / should be given budget for that.
  319. stp has joined
  320. gooya has joined
  321. kurisu has left
  322. Vidak has left
  323. Yagiza has joined
  324. Yagiza has left
  325. jonas’ fwiw, I built the /preview/ thing on the machine itself, and it was fine
  326. Yagiza has joined
  327. Zash Building was doable
  328. Zash Now just have to figure out how to replace the running container
  329. Zash Eh, these old scripts
  330. Zash I broke i t
  331. adiaholic has left
  332. Zash Back
  333. Zash (old version)
  334. adiaholic has joined
  335. Zash Theory: This can't actually be built at all anymore
  336. djorz has left
  337. Guus ?!
  338. Zash It reported some PHP path problem
  339. Zash I'm not someone who debugs PHP problems anymore, for the sake of my own sanity.
  340. Guus ugh. Is it doable to shell into that container and apply the changes in the PR manually to each file?
  341. adiaholic has left
  342. Vidak has joined
  343. Zash I guess
  344. marc0s has left
  345. marc0s has joined
  346. marc0s has left
  347. marc0s has joined
  348. Zash Guus: `curl | patch` done 🙂
  349. Guus Thank you.
  350. Zash Thank _you_
  351. Guus jonas` mentioned something about removing something on that machine. Would that be easy to do in the same way?
  352. jgart has left
  353. Zash 🤷️
  354. mjk ITT: modern humans trying to patch ancient alien technology
  355. Zash Hnnng
  356. Guus I'm a Java dev. Docker is futuristic mumblejumble to me.
  357. Zash https://github.com/xmpp-observatory/xmppoke/blob/master/Dockerfile#L1 I'm going to drink my coffee instead for now
  358. marc0s has left
  359. marc0s has joined
  360. kurisu has joined
  361. restive_monk has left
  362. jgart has joined
  363. restive_monk has joined
  364. mjk > FROM debian:stretch Wow, it _is_ ancient
  365. jonas’ don't look at the things it does to libssl
  366. debacle has joined
  367. jgart has left
  368. Neustradamus It is possible to look this PR: https://github.com/xmpp-observatory/xmppoke-frontend/pull/11?
  369. jonas’ Guus, it would have to be removed inside the container, not on the machine.
  370. Wojtek has joined
  371. Guus jonas’ - I know, I was overextending my ask of Zash who was already manually applying changes in the running container to get a warning banner included.
  372. jonas’ ack
  373. msavoritias has left
  374. msavoritias has joined
  375. emus Yes, would be great what iTeam would think about it
  376. gooya has left
  377. gooya has joined
  378. kurisu has left
  379. adiaholic has joined
  380. kyemxden has left
  381. marc0s has left
  382. marc0s has joined
  383. arc has left
  384. arc has joined
  385. adiaholic has left
  386. Steve Kille has left
  387. Kev has left
  388. Steve Kille has joined
  389. wgreenhouse has joined
  390. Kev has joined
  391. adiaholic has joined
  392. mh has joined
  393. wgreenhouse has left
  394. kurisu has joined
  395. wladmis has left
  396. kyemxden has joined
  397. papatutuwawa has joined
  398. Yagiza has left
  399. Yagiza has joined
  400. argentum has joined
  401. kurisu has left
  402. kyemxden has left
  403. kyemxden has joined
  404. arc has left
  405. arc has joined
  406. wgreenhouse has joined
  407. argentum has left
  408. gooya has left
  409. adiaholic has left
  410. gooya has joined
  411. arc has left
  412. krauq has left
  413. arc has joined
  414. krauq has joined
  415. adiaholic has joined
  416. wgreenhouse has left
  417. lovetox has left
  418. lovetox has joined
  419. atomicwatch has left
  420. adiaholic has left
  421. adiaholic has joined
  422. wgreenhouse has joined
  423. adiaholic has left
  424. kurisu has joined
  425. Maranda[x] has left
  426. Maranda[x] has joined
  427. adiaholic has joined
  428. Paganini has joined
  429. ti_gj06 has left
  430. Wojtek has left
  431. Wojtek has joined
  432. kurisu has left
  433. arc has left
  434. arc has joined
  435. floretta has left
  436. floretta has joined
  437. Apollo has left
  438. mjk has left
  439. bung has left
  440. kurisu has joined
  441. mjk has joined
  442. Wojtek has left
  443. Mikaela has left
  444. Mikaela has joined
  445. Apollo has joined
  446. adiaholic has left
  447. adiaholic has joined
  448. kyemxden has left
  449. adiaholic has left
  450. wgreenhouse has left
  451. adiaholic has joined
  452. adiaholic has left
  453. Maranda has left
  454. Mjolnir Archon has left
  455. adiaholic has joined
  456. wgreenhouse has joined
  457. Steve Kille has left
  458. nuron has left
  459. nuron has joined
  460. adiaholic has left
  461. wgreenhouse has left
  462. alacer has left
  463. xnamed has joined
  464. alacer has joined
  465. kurisu has left
  466. wgreenhouse has joined
  467. stp has left
  468. adiaholic has joined
  469. stp has joined
  470. harry837374884 has left
  471. wgreenhouse has left
  472. restive_monk has left
  473. ti_gj06 has joined
  474. kurisu has joined
  475. adiaholic has left
  476. papatutuwawa has left
  477. xnamed has left
  478. kyemxden has joined
  479. Alex has left
  480. Alex has joined
  481. kurisu has left
  482. restive_monk has joined
  483. wgreenhouse has joined
  484. harry837374884 has joined
  485. xecks has left
  486. xecks has joined
  487. adiaholic has joined
  488. atomicwatch has joined
  489. wgreenhouse has left
  490. wgreenhouse has joined
  491. restive_monk has left
  492. kurisu has joined
  493. djorz has joined
  494. djorz has left
  495. wgreenhouse has left
  496. restive_monk has joined
  497. floretta has left
  498. floretta has joined
  499. marc0s has left
  500. marc0s has joined
  501. ti_gj06 has left
  502. u70jfzo5eyeb468b9o has left
  503. u70jfzo5eyeb468b9o has joined
  504. wgreenhouse has joined
  505. ti_gj06 has joined
  506. adiaholic has left
  507. adiaholic has joined
  508. Calvin has joined
  509. kurisu has left
  510. floretta has left
  511. floretta has joined
  512. serge90 has joined
  513. adiaholic has left
  514. Calvin has left
  515. xnamed has joined
  516. emus any comments from iTeam on this. Would it be appreciated?
  517. moparisthebest Neustradamus, I'm not clear from that PR what the goal was or why adding an extra link is helpful ? that's probably why you got no comments
  518. Steve Kille has joined
  519. MattJ emus, the board have previously agreed to allocate <undefined> resources to iteam, but requested that the first step would be defining the scope of the work and the resources required to accomplish it
  520. MattJ Nobody has done that, and doing so is extra work compared to just doing what we're doing
  521. adiaholic has joined
  522. MattJ Which isn't going terribly IMHO
  523. Steve Kille has left
  524. Steve Kille has joined
  525. emus But for example the deployment script for the website?
  526. floretta has left
  527. Steve Kille has left
  528. MattJ As I said, I don't believe it's going too badly. From what I can tell, on average the website gets deployed within an hour or two of someone requesting a deployment.
  529. MattJ Deployment itself now only takes a minute or so of someone's time
  530. MattJ It would be nice if it was automated, but that required more than a minute of work
  531. wgreenhouse has left
  532. MattJ It would be nice if it was automated, but that requires more than a minute of work
  533. emus Yes sure, it works fine, but still. You shouldnt tdo that. right?
  534. floretta has joined
  535. Zash A rare time when there are _two_ relevant XKCD: https://xkcd.com/1319/ https://xkcd.com/1205/
  536. MattJ It doesn't bother me that much, I don't know if it bothers the other iteam members to do manual deploys
  537. emus I know. but also xmpp.net for example. taking it down is not good I think and shows our limitations dunno how many other issues are open
  538. Zash xmpp.net is not an XSF project
  539. Zash It just happens to be hosted on XSF hardware for some historical reason
  540. moparisthebest leaving it up seems far worse considering how it's totally broken ?
  541. Sam Worked on by only XSF people, running on XSF hardware… if it quacks like a duck.
  542. moparisthebest 98% of servers can only get a T right?
  543. MattJ That's the problem, it's not *totally* broken
  544. emus Zash: I know, but a certain important thing I think
  545. wgreenhouse has joined
  546. moparisthebest just broken enough to give the impression there are 0 trusted xmpp servers
  547. Sam (FWIW I agree that leaving it up feels quite bad and it should probably go away, looks really bad as is)
  548. MattJ I personally would rather the banner we have now than deal with a flood of complaints about it going away 100% until we get the replacement up
  549. Guus as an aside: outsourcing xmpp.net is probably hard/expensive because of very specific knowledge that is needed to maintain it.
  550. MattJ Of course if consensus is to take it down, and someone volunteers to be the point of contact for these complaints... :)
  551. moparisthebest dev_null@xmpp.org
  552. Zash But what's left to "get the replacement up" ?
  553. MattJ I would rather move forwards with the new one than turn off the existing one at this point
  554. Sam I know a person who specializes in fixing / maintaining old PHP stuff that the original authors have abandoned; I don't know his rates, but I'd be happy to introduce people if that's something we're considering
  555. xecks has left
  556. MattJ We're not considering that
  557. Sam oh, "replacement" not "fixing", nevermind
  558. Zash I mean, there's the secret preview. It works.
  559. MattJ PHP is not the issue
  560. xecks has joined
  561. Sam Sorry, saw a comment about that a while ago and have just been kind of sort of passively following the conversation.
  562. MattJ The whole thing is built around, for example, a patched libssl from 200something
  563. Sam goes back to idling
  564. Zash For some value of "works", which may or may not be considered production-ready
  565. Maranda has joined
  566. Mjolnir Archon has joined
  567. adiaholic has left
  568. Guus I'm not saying that this is a good idea, but if we were to want to outsource xmpp.net, we could ask the original authors for a quote. That said, having a suitable replacement is fine by me - although I do worry a bit that that replacement will eventually suffer the same fate.
  569. Guus We'd at least have had a functional service again before it does, though.
  570. wladmis has joined
  571. moparisthebest new maintainable partially-works seems better than old unmaintainable known-broken, why not just stand it up ?
  572. Zash there is still the question of what's missing from the 80% working new thing
  573. jonas’ the main bits, IIRC, missing are handling of edge cases, scoring and the badges
  574. jonas’ the main bits missing, IIRC, are handling of edge cases, scoring and the badges
  575. Guus scoring, apparently. Unless 'TBD' is an interesting acronym for a new type of score. :)
  576. jonas’ I hate the scoring
  577. arc has left
  578. arc has joined
  579. MattJ "How to score 'TBD' on xmpp.net using Prosody"
  580. Zash Is the scoring something that could be done as part of testssl.sh?
  581. jonas’ the scoring of ssllabs is underdocumented and looks sane at first, but the farther you get down the existing document, the more it becomes just a set of rules for A/B/C/D instead of the sensible percentage/weighting thing they had initially
  582. Zash comes across https://github.com/drwetter/testssl.sh/issues/1108
  583. moparisthebest well right now the only score anyone can get is T right ?
  584. jonas’ moparisthebest, if you're using LE, anyway
  585. moparisthebest ok, right now the only score 98% of people can get is T right? :)
  586. Zash Mouhahaha "Don't use LE" 👹️
  587. moparisthebest release the new thing giving everyone a T and we haven't lost anything
  588. Zash No, better that T, TBD
  589. adiaholic has joined
  590. jonas’ moparisthebest, if you wanna poke at it: https://xmpp.net/preview/
  591. jonas’ and https://xmpp.net/preview/scan/result/19 already seems to exhibit some weird edge case because there's no TLS scan for that one
  592. Zash https://github.com/drwetter/testssl.sh/issues/100 too
  593. serge90 has left
  594. papatutuwawa has joined
  595. Sam huh, glad to have this minimal replacement service available already. I thought TLS 1.0 had been disabled, but apparently not.
  596. jonas’ code is here https://github.com/horazont/testxmpp/ if anyone wants to file issues
  597. jonas’ code is here https://github.com/horazont/testxmpp/ if anyone wants to ~file issues~ send PRs
  598. wgreenhouse has left
  599. moparisthebest I mean that looks great, replace xmpp.net with it already ?
  600. moparisthebest TBD isn't any worse than T
  601. jonas’ it doesn't seem to do TLS scans on s2s currently for some reason
  602. Zash > "TBD" > "T" true
  603. jonas’ and to be honest I'd prefer if this wasn't a bus factor one thing
  604. wladmis has left
  605. wladmis has joined
  606. Zash While xmpp.net is bus factor zero?
  607. adiaholic has left
  608. jonas’ yes, but it doesn't lie on my shoulders
  609. Kev has left
  610. Kev has joined
  611. adiaholic has joined
  612. antranigv has left
  613. junaid in case anyone missed it, following the workaround gets you an A again .. https://github.com/xmpp-observatory/xmppoke/issues/10#issuecomment-932029749
  614. Zash https://xmpp.net/preview/scan/result/22 s2s seems to work?
  615. wladmis has left
  616. moparisthebest isn't that the case already jonas’ ? but at least this one is maintainable
  617. wladmis has joined
  618. moparisthebest junaid, right, but that breaks the other set, old Android iirc ?
  619. Zash mellium.chat doesn't seem to have any c2s so the result for that seems expected
  620. moparisthebest one way breaks old openssl, the other way breaks old Android
  621. Daniel has left
  622. adiaholic has left
  623. floretta has left
  624. floretta has joined
  625. Guus I don't expect us to get to any kind of ideal scenario. Can we get to an acceptable one, including functional requirements, but also things like jonas’ understandable reluctance to be the bus factor?
  626. jonas’ junaid, that workaround also locks out older androids (older than <7 IIRC)
  627. jonas’ junaid, that workaround also locks out older androids (older than 7 IIRC)
  628. jonas’ Zash, ah ok, then it just took a while. edge cases!
  629. Daniel has joined
  630. MattJ junaid, so it comes down to what the admin prefers: getting nice scores on xmpp.net, or preventing users with older phones from accessing their service :)
  631. serge90 has joined
  632. MattJ junaid, so it comes down to what the admin prefers: getting nice scores on xmpp.net, or allowing users with older phones to access their service :)
  633. junaid ic ic. not a major problem for servers that primarily will only be accessed via s2s though. but for everyone else, it's gonna be a bit painful.
  634. wladmis has left
  635. wladmis has joined
  636. floretta has left
  637. Zash I'm not sure that catering to people who run outdated OpenSSL is the wisest choice
  638. wladmis has left
  639. wladmis has joined
  640. jonas’ (or ejabberd)
  641. MattJ Then xmpp.net is not broken :)
  642. Sam (mellium.chat is just a MUC/anon auth service, so that all seems right)
  643. Wojtek has joined
  644. wladmis has left
  645. wladmis has joined
  646. me9 has joined
  647. wladmis has left
  648. wladmis has joined
  649. junaid i'm following with Zash. score according to modern SSL standards. but maybe we introduce a new section to include some notes about edge cases? e.g. On C2S, "This service certs may not be trusted on Android <7"
  650. junaid ofc the "T" problem needs to be fixed
  651. wgreenhouse has joined
  652. junaid maybe silly question, but is our actual scoring process formally documented somewhere? or is the code the single source of truth?
  653. Zash what scoring process?
  654. Zash the one used by xmpp.net?
  655. Zash based on an old version of the ssllabs scoring method
  656. Zash jonas’, it seems to choke on my ipv6-only thing
  657. Guus Zash: what didn't build for you earlier today?
  658. Zash > b37bc4b830fa Fatal error: Only IPv6 address(es) for "use.ipv6.cerdale.zash.se." available, maybe add "-6" to /usr/local/bin/testssl > b37bc4b830fa WARNING:testxmpp.testssl.daemon:coordinator rejected our result: {...}
  659. Guus xmppoke builds from scratch for me.
  660. Zash Guus: frontend
  661. Guus ah ok
  662. Zash I'm using podman, not docker, which might be why. It built something on the xmpp.net server, but it did not work correctly.
  663. jonas’ Zash, meh, it doesn't auto-detect v6ness?
  664. jonas’ > -6 also use IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
  665. jonas’ ok
  666. wgreenhouse has left
  667. jonas’ should be easy to add
  668. Zash It also spits out a HUGE reject thing in some pythonesque format that seems too big to paste here
  669. wladmis has left
  670. wladmis has joined
  671. Zash https://paste.debian.net/plain/1229197
  672. jonas’ yeah, that's ok
  673. emus MattJ: I am also worried that no task will be touched that should be done, but no one wants to spend time on it. Or ensures we keep up operation/knowledge. Maybe one day people maybe just leave
  674. MattJ I think between current iteam members there's not too much that only a single individual knows (or that can't be figured out easily enough)
  675. floretta has joined
  676. wgreenhouse has joined
  677. Sam UI nit: it would be nice if "c2s" and "s2s" were checkboxes and a single report on a single page was created if you chose both.
  678. jonas’ that's not a nit, that would be a complete data model redesign ;)
  679. Sam (if anyone is or does decide to work on this, that is)
  680. jonas’ or at least something considerable effort I suppose
  681. Sam Is the data model that tied into the UI?
  682. jonas’ the data model only knows one type per scan
  683. Sam Anyways, still a nit pick. Doesn't matter how huge the task is if it's a nit pick it's not the end of the world if it doesn't get done, just something that would be nice but doesn't really need to change.
  684. jonas’ right
  685. Sam But sure, if it's a lot of work probably not worth it for a nit.
  686. jonas’ (I double-checked, the scan type is an inherent property of the scan)
  687. jonas’ (though the UI could attempt to tie together s2s and c2s results somehow)
  688. Sam It could just start two scans and all you'd change is the report display code
  689. jonas’ yep
  690. Sam oops, yes, that
  691. jonas’ ^5
  692. jonas’ except that I don't like doing much logic in UI code ;)
  693. jonas’ Sam, feel free to dump it here: https://github.com/horazont/testxmpp/
  694. jonas’ Sam, feel free to dump it here: https://github.com/horazont/testxmpp/issues/
  695. Sam I would think the logic would just be "add an <h1>c2s</h1> and print that template, do the same for s2s below it" or something, but obviously I haven't looked at anything in here
  696. chronosx88 has left
  697. chronosx88 has joined
  698. adiaholic has joined
  699. jonas’ oh yeah that'd be simple, though I'd then rather link the other scan
  700. jonas’ (like the original xmpp.net currently does)
  701. floretta has left
  702. floretta has joined
  703. Sam yah, could be as simple as that
  704. jonas’ I thought you meant something more sophisticated
  705. jonas’ like comparison tables or somesuch
  706. jonas’ still, file an issue because I can't work on that immediately
  707. Guus I might be going against my own advice to beat a dead horse, but bear with me: I've modified the xmppoke Dockerfile to now build against the latest HEAD of Openssl's repository (instead of the outdated fork it used up until now). Openssl builds without errors, with largely the same configure arguments. Is that expected to resolve the 'we need to update libssl' requirement?
  708. Sam wilco; no pressure obviously, was just a thought because on xmpp.net and this I pretty much always immediately start both
  709. Zash Guus, but the outdated fork was intentional, to get SSL 2.0 support
  710. Sam Do we need to know exactly what versions of old SSL are supported? Maybe just show newer supported things and then say "we got an error that an old no-longer-supported thing is used too! This is bad!"?
  711. Guus How does the replacement service offer SSL 2.0 support?
  712. Zash Guus, it uses testssl.sh and I don't know how it does that check
  713. Zash testssl.sh being an active project that we can use instead of duplicate (it's similar to xmppoke in scope) seems like argument enough for the replacement
  714. adiaholic has left
  715. Guus I'm not against a replacement at all. I'm just experimenting if with less effort, we can revive aforementioned dead horse.
  716. Guus or at least make it slightly less dead.
  717. Guus If that'd only mean loosing SSL 2.0 support, then I'm with Sam. If I can get it to run at all, that is.
  718. adiaholic has joined
  719. Sam huh, my domain does not want to show up in the s2s tests list on the preview even though I'm pretty sure the scan has completed successfully twice (not that it matters, just FYI)
  720. Guus although I'm now running into issues with building luasec, I think
  721. Zash Guus, it's outdated forks all the way down I'm afraid
  722. Zash Sam, did you put your user jid in there?
  723. adiaholic has left
  724. adiaholic has joined
  725. antranigv has joined
  726. krauq has left
  727. Sam just the domain
  728. Zash https://xmpp.net/preview/scan/result/29 how did this happen then?
  729. neshtaxmpp has left
  730. neshtaxmpp has joined
  731. Sam oops, weird, maybe I typed it wrong the first time. Either way, this one worked: https://xmpp.net/preview/scan/result/30
  732. mdosch Seems the testxmpp preview doesn't like direct tls on port 80 ^^ Although I checked with a client that it works. Maybe it doesn't do ALPN? https://xmpp.net/preview/scan/result/23
  733. wgreenhouse has left
  734. adiaholic has left
  735. Rixon 👁🗨 has left
  736. uhoreg has left
  737. homebeach has left
  738. Matthew has left
  739. Half-Shot has left
  740. Half-Shot has joined
  741. Matthew has joined
  742. Rixon 👁🗨 has joined
  743. uhoreg has joined
  744. homebeach has joined
  745. adiaholic has joined
  746. Zash quite possibly
  747. Zash Is it Python or who's not rejecting '@' in domain names?
  748. Guus switched to non-forked luasec (which probably breaks more), but it now builds.
  749. wgreenhouse has joined
  750. Guus https://github.com/xmpp-observatory/xmppoke/pull/11
  751. djorz has joined
  752. krauq has joined
  753. wgreenhouse has left
  754. jgart has joined
  755. Maranda[x] has left
  756. Maranda[x] has joined
  757. wladmis has left
  758. wladmis has joined
  759. Neustradamus moparisthebest: The xmppoke PR number 11 is to have the xmpp.net at left part, client link on C2S part and server link on S2S part - https://xmpp.net/ - https://xmpp.net/result.php?domain=domain.tld&type=client - https://xmpp.net/result.php?domain=domain.tld&type=server
  760. adiaholic has left
  761. Neustradamus I have updated the description, thanks for your comment moparisthebest :)
  762. adiaholic has joined
  763. Neustradamus It is linked to: https://github.com/xmpp-observatory/xmppoke-frontend/issues/9
  764. Steve Kille has joined
  765. moparisthebest Neustradamus, but that code is abandoned and work is being done to replace it, why change the layout?
  766. matkor has left
  767. me9 has left
  768. Wojtek has left
  769. Wojtek has joined
  770. norkki has joined
  771. millesimus has left
  772. ti_gj06 has left
  773. Sam Why wouldn't the whole badge link to one place? That's just needlessly confusing.
  774. andrey.g has joined
  775. floretta has left
  776. Neustradamus has left
  777. Neustradamus has joined
  778. adiaholic has left
  779. adiaholic has joined
  780. Neustradamus has left
  781. floretta has joined
  782. millesimus has joined
  783. wgreenhouse has joined
  784. matkor has joined
  785. marc0s has left
  786. marc0s has joined
  787. marc0s has left
  788. marc0s has joined
  789. adiaholic has left
  790. norkki has left
  791. djorz has left
  792. adiaholic has joined
  793. ti_gj06 has joined
  794. adiaholic has left
  795. Guus I've got the old xmpp.net with updated openssl running on my local host, but scheduling a check won't work. Does any of the docker containers keep logfiles?
  796. serge90 has left
  797. Zash Look into `docker logs` I guess
  798. adiaholic has joined
  799. Guus that doesn't give more information other than the probe has exited with error code 1.
  800. reimar has joined
  801. Guus ah, the poker can be invoked from the command line
  802. Guus "look ma! I'm doin' LUA!"
  803. floretta has left
  804. floretta has joined
  805. me9 has joined
  806. moparisthebest oh no, he's angered the gods of capitalization...
  807. Guus which may or may not have been intentional
  808. TheCoffeMaker has joined
  809. millesimus has left
  810. Guus `lua: xmppoke.lua:5406: attempt to index field 'x509' (a nil value)`
  811. Guus that line being:
  812. Guus `local cert_load = require "ssl".x509.load;`
  813. Guus any clue?
  814. Guus meh, in over my head. Commented on the PR with findings
  815. moparisthebest the ssl module doesn't have that field anymore, but past that...
  816. benk has joined
  817. restive_monk has left
  818. papatutuwawa has left
  819. millesimus has joined
  820. restive_monk has joined
  821. Vidak has left
  822. Kev has left
  823. Vidak has joined
  824. TheCoffeMaker has left
  825. TheCoffeMaker has joined
  826. andrey.g has left
  827. rocco has left
  828. djorz has joined
  829. wladmis has left
  830. wladmis has joined
  831. dan.caseley has left
  832. dan.caseley has joined
  833. papatutuwawa has joined
  834. kyemxden has left
  835. kyemxden has joined
  836. TheCoffeMaker has left
  837. kyemxden has left
  838. kyemxden has joined
  839. dan.caseley has left
  840. dan.caseley has joined
  841. TheCoffeMaker has joined
  842. antranigv has left
  843. karoshi has left
  844. ti_gj06 has left
  845. wgreenhouse has left
  846. millesimus has left
  847. millesimus has joined
  848. antranigv has joined
  849. kyemxden has left
  850. kyemxden has joined
  851. restive_monk has left
  852. norkki has joined
  853. jonas’ run
  854. jonas’ if you're touching luasec, run
  855. Zash Remember a while back when I said it was unmaintained forks all the way down?
  856. jonas’ mdosch, it indeed does not do ALPN
  857. Guus has left
  858. Zash That may have been an evolutionary dead end, it's `require"ssl".loadcertificate` now.
  859. millesimus has left
  860. wgreenhouse has joined
  861. marc0s has left
  862. marc0s has joined
  863. ti_gj06 has joined
  864. mjk > run > if you're touching luasec, run Is that a general advice or specific to xmppoke? 'Cause I have hopes of upstreaming some stuff 'ere
  865. norkki has left
  866. guus.der.kinderen > Remember a while back when I said it was unmaintained forks all the way down? Naive me is hoping that all pertinent changes haven been merged upstream, and/or have been made irrelevant by later changes, and/or have only minor functional impact. That's why I was trying to move back to the upstream projects of the forks.
  867. karoshi has joined
  868. Zash What part of "unmaintained forks all the way down" was unclear? Forks. With API differences.
  869. antranigv has left
  870. jonas’ mjk, it takes a certain kind of person to touch libssl bindings in general or luasec in particular and not come out scarred.
  871. jonas’ look at poor Zash over there
  872. mjk Ah, it's alright then, I'm not getting into C bindings... yet... I hope
  873. Zash I have no idea what you are talking about, I must have suppressed those memories. Best not remind me if so.
  874. mjk Just some fluffy ol' Lua
  875. jonas’ and in context of xmppoke… stay away from it in general, I suppose
  876. Zash It is async, predating the async in Prosody.
  877. floretta has left
  878. floretta has joined
  879. wgreenhouse has left
  880. goffi has left
  881. goffi has joined
  882. marc0s has left
  883. marc0s has joined
  884. xnamed has left
  885. Wojtek has left
  886. adiaholic has left
  887. Wojtek has joined
  888. adiaholic has joined
  889. millesimus has joined
  890. andy has joined
  891. Mikaela has left
  892. վարյա has joined
  893. adiaholic has left
  894. kyemxden has left
  895. kyemxden has joined
  896. goffi has left
  897. goffi has joined
  898. alacer has left
  899. alacer has joined
  900. wgreenhouse has joined
  901. serge90 has joined
  902. andy has left
  903. adiaholic has joined
  904. wgreenhouse has left
  905. Ge0rG has left
  906. junaid has left
  907. goffi has left
  908. goffi has joined
  909. junaid has joined
  910. wgreenhouse has joined
  911. Ge0rG has joined
  912. ti_gj06 has left
  913. millesimus has left
  914. millesimus has joined
  915. wgreenhouse has left
  916. marc0s has left
  917. marc0s has joined
  918. Titi has left
  919. Wojtek has left
  920. inky has left
  921. inky has joined
  922. marc0s has left
  923. marc0s has joined
  924. marc0s has left
  925. marc0s has joined
  926. Titi has joined
  927. wgreenhouse has joined
  928. վարյա has left
  929. վարյա has joined
  930. floretta has left
  931. marc0s has left
  932. marc0s has joined
  933. alacer has left
  934. Calvin has joined
  935. benk has left
  936. floretta has joined
  937. alacer has joined
  938. Yagiza has left
  939. millesimus has left
  940. Calvin has left
  941. xnamed has joined
  942. jcbrand has left
  943. bean has left
  944. millesimus has joined
  945. Menel has left
  946. Menel has joined
  947. jcbrand has joined
  948. druthid has left
  949. adiaholic has left
  950. floretta has left
  951. floretta has joined
  952. floretta has left
  953. floretta has joined
  954. druthid has joined
  955. msavoritias has left
  956. neshtaxmpp has left
  957. neshtaxmpp has joined
  958. Titi has left
  959. emus has left
  960. emus has joined
  961. adiaholic has joined
  962. me9 has left
  963. adiaholic has left
  964. alacer has left
  965. alacer has joined
  966. norkki has joined
  967. floretta has left
  968. kyemxden has left
  969. kyemxden has joined
  970. papatutuwawa has left
  971. rocco has joined
  972. rocco has left
  973. goffi has left
  974. Titi has joined
  975. argentum has joined
  976. mjk > and in context of xmppoke… stay away from it in general, I suppose Yeah, I'm good
  977. floretta has joined
  978. adiaholic has joined
  979. stp has left
  980. krauq has left
  981. krauq has joined
  982. norkki has left
  983. adiaholic has left
  984. վարյա has left
  985. վարյա has joined
  986. mjk has left
  987. mdosch has left
  988. mdosch has joined
  989. qwestion has joined
  990. mjk has joined
  991. Calvin has joined
  992. pasdesushi has left
  993. phryk has joined
  994. millesimus has left
  995. adiaholic has joined
  996. Maranda[x] has left
  997. Maranda[x] has joined
  998. floretta has left
  999. marc0s has left
  1000. marc0s has joined
  1001. Calvin has left
  1002. adiaholic has left
  1003. Tobias has left
  1004. millesimus has joined
  1005. adiaholic has joined
  1006. arc has left
  1007. arc has joined
  1008. jgart has left
  1009. jgart has joined
  1010. adiaholic has left
  1011. atomicwatch has left
  1012. Titi has left
  1013. djorz has left
  1014. alacer has left
  1015. chronosx88 has left
  1016. chronosx88 has joined
  1017. alacer has joined
  1018. floretta has joined
  1019. atomicwatch has joined
  1020. wladmis has left
  1021. millesimus has left
  1022. tykayn has left
  1023. adiaholic has joined
  1024. wurstsalat has left
  1025. adiaholic has left
  1026. adiaholic has joined
  1027. Neustradamus has joined
  1028. emus has left
  1029. adiaholic has left
  1030. Titi has joined
  1031. djorz has joined
  1032. marc0s has left
  1033. marc0s has joined
  1034. Maranda[x] has left
  1035. djorz has left
  1036. Maranda[x] has joined
  1037. adiaholic has joined
  1038. wladmis has joined
  1039. robertooo has left
  1040. millesimus has joined
  1041. robertooo has joined
  1042. adiaholic has left
  1043. restive_monk has joined
  1044. rocco has joined
  1045. bung has joined
  1046. Titi has left
  1047. karoshi has left