XSF Discussion - 2022-02-01

  1. adiaholic has left

  2. Kev has left

  3. floretta has left

  4. floretta has joined

  5. adiaholic has joined

  6. Kev has joined

  7. adiaholic has left

  8. adiaholic has joined

  9. adiaholic has left

  10. Kev has left

  11. marc0s has left

  12. marc0s has joined

  13. Kev has joined

  14. xnamed has left

  15. u70jfzo5eyeb468b9o has joined

  16. me9 has left

  17. Kev has left

  18. Kev has joined

  19. adiaholic has joined

  20. Mhdyri has left

  21. Mhdyri has joined

  22. BASSGOD has left

  23. Mhdyri has left

  24. Mhdyri has joined

  25. Mhdyri has left

  26. kurisu has joined

  27. adiaholic has left

  28. BASSGOD has joined

  29. Kev has left

  30. kurisu has left

  31. Seve has left

  32. Kev has joined

  33. adiaholic has joined

  34. adiaholic has left

  35. BASSGOD has left

  36. Kev has left

  37. Kev has joined

  38. u70jfzo5eyeb468b9o has left

  39. emus has left

  40. Kev has left

  41. Kev has joined

  42. floretta has left

  43. adiaholic has joined

  44. BASSGOD has joined

  45. Menel has joined

  46. floretta has joined

  47. BASSGOD has left

  48. pete has left

  49. pete has joined

  50. jcbrand has left

  51. phryk has left

  52. BASSGOD has joined

  53. Kev has left

  54. Kev has joined

  55. lskdjf has left

  56. adiaholic has left

  57. Maranda[x] has left

  58. gooya has left

  59. adiaholic has joined

  60. Kev has left

  61. Kev has joined

  62. Maranda[x] has joined

  63. adiaholic has left

  64. adiaholic has joined

  65. Kev has left

  66. adiaholic has left

  67. Kev has joined

  68. Menel has left

  69. BASSGOD has left

  70. floretta has left

  71. jgart has left

  72. BASSGOD has joined

  73. floretta has joined

  74. sonny has left

  75. sonny has joined

  76. BASSGOD has left

  77. BASSGOD has joined

  78. BASSGOD has left

  79. Kev has left

  80. Steve Kille has left

  81. Steve Kille has joined

  82. adiaholic has joined

  83. Alastair Hogge has left

  84. BASSGOD has joined

  85. BASSGOD has left

  86. marc0s has left

  87. marc0s has joined

  88. david has left

  89. david has joined

  90. Yagiza has joined

  91. BASSGOD has joined

  92. BASSGOD has left

  93. stp has joined

  94. adiaholic has left

  95. BASSGOD has joined

  96. qwestion has joined

  97. adiaholic has joined

  98. BASSGOD has left

  99. floretta has left

  100. floretta has joined

  101. qwestion has left

  102. qwestion has joined

  103. BASSGOD has joined

  104. TheCoffeMaker has left

  105. matkor has left

  106. adiaholic has left

  107. neshtaxmpp has left

  108. neshtaxmpp has joined

  109. adiaholic has joined

  110. Alastair Hogge has joined

  111. stp has left

  112. rocco has joined

  113. wladmis has joined

  114. wgreenhouse has left

  115. kurisu has joined

  116. wgreenhouse has joined

  117. wgreenhouse has left

  118. floretta has left

  119. floretta has joined

  120. Titi has joined

  121. adiaholic has left

  122. adiaholic has joined

  123. u70jfzo5eyeb468b9o has joined

  124. kurisu has left

  125. adiaholic has left

  126. adiaholic has joined

  127. Seve has joined

  128. adiaholic has left

  129. matkor has joined

  130. wgreenhouse has joined

  131. qwestion has left

  132. wgreenhouse has left

  133. ti_gj06 has joined

  134. marc0s has left

  135. marc0s has joined

  136. wgreenhouse has joined

  137. Titi has left

  138. wladmis has left

  139. Mikaela has joined

  140. jgart has joined

  141. wgreenhouse has left

  142. wgreenhouse has joined

  143. jcbrand has joined

  144. Mikaela has left

  145. Mikaela has joined

  146. Tobias has joined

  147. wgreenhouse has left

  148. wgreenhouse has joined

  149. wgreenhouse has left

  150. BASSGOD has left

  151. wgreenhouse has joined

  152. atomicwatch has joined

  153. wgreenhouse has left

  154. argentum has left

  155. adiaholic has joined

  156. wgreenhouse has joined

  157. daags has left

  158. wgreenhouse has left

  159. Paganini has left

  160. karoshi has left

  161. wgreenhouse has joined

  162. msavoritias has joined

  163. wgreenhouse has left

  164. adiaholic has left

  165. wurstsalat has joined

  166. floretta has left

  167. Seve has left

  168. adiaholic has joined

  169. floretta has joined

  170. Vidak has left

  171. Vidak has joined

  172. karoshi has joined

  173. rafasaurus has left

  174. adiaholic has left

  175. sonny has left

  176. sonny has joined

  177. adiaholic has joined

  178. Menel has joined

  179. rafasaurus has joined

  180. emus has joined

  181. adiaholic has left

  182. BASSGOD has joined

  183. goffi has joined

  184. wgreenhouse has joined

  185. adiaholic has joined

  186. wgreenhouse has left

  187. david has left

  188. david has joined

  189. david has left

  190. david has joined

  191. tykayn has joined

  192. wgreenhouse has joined

  193. chronosx88 has joined

  194. djorz has joined

  195. wgreenhouse has left

  196. goffi has left

  197. goffi has joined

  198. floretta has left

  199. floretta has joined

  200. alacer has left

  201. alacer has joined

  202. wgreenhouse has joined

  203. wgreenhouse has left

  204. ti_gj06 has left

  205. Kev has joined

  206. sonny has left

  207. sonny has joined

  208. Seve has joined

  209. sonny has left

  210. sonny has joined

  211. wgreenhouse has joined

  212. rafasaurus has left

  213. rafasaurus has joined

  214. wgreenhouse has left

  215. wgreenhouse has joined

  216. ti_gj06 has joined

  217. wgreenhouse has left

  218. Alex has left

  219. Alex has joined

  220. wgreenhouse has joined

  221. eevvoor has left

  222. eevvoor has joined

  223. wgreenhouse has left

  224. marc0s has left

  225. marc0s has joined

  226. Steve Kille has left

  227. Steve Kille has joined

  228. tykayn has left

  229. wgreenhouse has joined

  230. ti_gj06 has left

  231. wgreenhouse has left

  232. djorz has left

  233. mh has left

  234. tykayn has joined

  235. andrey.g has joined

  236. wgreenhouse has joined

  237. bean has joined

  238. kurisu has joined

  239. wgreenhouse has left

  240. wgreenhouse has joined

  241. wgreenhouse has left

  242. mjk has joined

  243. Titi has joined

  244. chronosx88 has left

  245. chronosx88 has joined

  246. kurisu has left

  247. Guus has joined

  248. Guus

    Should we take down xmpp.net until a replacement becomes available? It's hardly useful anymore. Might be doing more harm than good at this point.

  249. ti_gj06 has joined

  250. Zash

    Or just yolo flip over to the replacement?

  251. jonas’

    Zash, if you handle the issue tracker

  252. MattJ

    What issue tracker? :)

  253. lovetox has left

  254. debacle has joined

  255. mathieui

    No issue tracker no problem

  256. jonas’

    probably operators@ ;)

  257. Zash

    Disable it. Only patches welcome!

  258. Guus

    I know you're joking, but we can move that to that github repo that now holds the xmpp.net projects.

  259. Guus

    it goes largely unused anyway

  260. Zash

    xmpp.net isn't an official XSF project anyway, or?

  261. Guus

    no - it's sources never lived in an XSF-managed repo either.

  262. Guus

    of course, 100% of the people working on it are XSF-affiliated... :)

  263. Guus

    I'm not sure if it runs on XSF hardware - it might?

  264. MattJ

    It does

  265. norkki has joined

  266. Guus

    Is it worth trying to upgrade the root certs on that server, to at least get around the LE failures, or shouldn't we bother anymore?

  267. debacle has left

  268. Guus

    if the latter, I'd suggest taking it down for now.

  269. jonas’

    the server isn't the problem, the docker container running the thing is

  270. Zash

    I actually tried upgrading the root cert package in the container but to no effect

  271. jonas’

    you need to upgrade libssl

  272. jonas’

    or remove the expired DST root

  273. Zash

    I don't _need_ to do anything!

  274. MattJ

    But upgrading libssl isn't going to fly

  275. Guus

    maybe not flog a dead horse

  276. Guus

    Here's a handy copy/paste maintenance message that we could put up: https://gist.github.com/pitch-gist/2999707?permalink_comment_id=3984681#gistcomment-3984681

  277. lovetox has joined

  278. Guus

    Does it make things easier if I replace index.php in xmppoke-frontend with that?

  279. norkki has left

  280. floretta has left

  281. lskdjf has joined

  282. MattJ

    I suspect that all-round "easier" would be a warning banner that allows the site to still be used

  283. MattJ

    Otherwise we'll be fending off "why doesn't xmpp.net work yet?" complaints endlessly

  284. floretta has joined

  285. MattJ

    It's quite a well-used service

  286. Guus

    oooh, there's a common.php that holds a header

  287. kurisu has joined

  288. Guus

    which doesn't include the header :/

  289. wgreenhouse has joined

  290. Yagiza has left

  291. andrey.g has left

  292. Guus

    What's an appropriate banner text?

  293. wgreenhouse has left

  294. Guus

    > This service has gone unmaintained for quite some time. Results generated by this service might not be accurate.

  295. wladmis has joined

  296. MattJ

    How about: > This service is unmaintained and a replacement is planned. Meanwhile, results and advice generated by this service might not be accurate.

  297. Zash


  298. wgreenhouse has joined

  299. adiaholic has left

  300. Kev

    Just unlurking momentarily to say "LGTM".

  301. Guus


  302. djorz has joined

  303. Guus


  304. Guus


  305. adiaholic has joined

  306. karoshi has left

  307. Guus


  308. karoshi has joined

  309. Apollo has joined

  310. Guus

    I wouldn't know how to roll this out, so I'm hoping for someone else to get to that (eventually).

  311. Guus

    (also, feel free to discard / completely replace - just wanted to get something tangible started).

  312. MattJ

    I've no idea either, which probably means nobody does :)

  313. emus

    Reading this: Can we discuss paying someone to do this task regarding our infrastructure and further with important projects if interference with XSF members is high (xmpp.net)

  314. Zash

    It was Docker hub builds before, I think

  315. wgreenhouse has left

  316. MattJ

    We might try building on the machine, but I don't remember what the environment is like on there these days

  317. Zash

    That should be doable

  318. Guus

    emus: I'm not categorically against that, if iteam supports that idea. Unsure if iteam has been / should be given budget for that.

  319. stp has joined

  320. gooya has joined

  321. kurisu has left

  322. Vidak has left

  323. Yagiza has joined

  324. Yagiza has left

  325. jonas’

    fwiw, I built the /preview/ thing on the machine itself, and it was fine

  326. Yagiza has joined

  327. Zash

    Building was doable

  328. Zash

    Now just have to figure out how to replace the running container

  329. Zash

    Eh, these old scripts

  330. Zash

    I broke i t

  331. adiaholic has left

  332. Zash


  333. Zash

    (old version)

  334. adiaholic has joined

  335. Zash

    Theory: This can't actually be built at all anymore

  336. djorz has left

  337. Guus


  338. Zash

    It reported some PHP path problem

  339. Zash

    I'm not someone who debugs PHP problems anymore, for the sake of my own sanity.

  340. Guus

    ugh. Is it doable to shell into that container and apply the changes in the PR manually to each file?

  341. adiaholic has left

  342. Vidak has joined

  343. Zash

    I guess

  344. marc0s has left

  345. marc0s has joined

  346. marc0s has left

  347. marc0s has joined

  348. Zash

    Guus: `curl | patch` done 🙂

  349. Guus

    Thank you.

  350. Zash

    Thank _you_

  351. Guus

    jonas` mentioned something about removing something on that machine. Would that be easy to do in the same way?

  352. jgart has left

  353. Zash


  354. mjk

    ITT: modern humans trying to patch ancient alien technology

  355. Zash


  356. Guus

    I'm a Java dev. Docker is futuristic mumblejumble to me.

  357. Zash

    https://github.com/xmpp-observatory/xmppoke/blob/master/Dockerfile#L1 I'm going to drink my coffee instead for now

  358. marc0s has left

  359. marc0s has joined

  360. kurisu has joined

  361. restive_monk has left

  362. jgart has joined

  363. restive_monk has joined

  364. mjk

    > FROM debian:stretch Wow, it _is_ ancient

  365. jonas’

    don't look at the things it does to libssl

  366. debacle has joined

  367. jgart has left

  368. Neustradamus

    It is possible to look this PR: https://github.com/xmpp-observatory/xmppoke-frontend/pull/11?

  369. jonas’

    Guus, it would have to be removed inside the container, not on the machine.

  370. Wojtek has joined

  371. Guus

    jonas’ - I know, I was overextending my ask of Zash who was already manually applying changes in the running container to get a warning banner included.

  372. jonas’


  373. msavoritias has left

  374. msavoritias has joined

  375. emus

    Yes, would be great what iTeam would think about it

  376. gooya has left

  377. gooya has joined

  378. kurisu has left

  379. adiaholic has joined

  380. kyemxden has left

  381. marc0s has left

  382. marc0s has joined

  383. arc has left

  384. arc has joined

  385. adiaholic has left

  386. Steve Kille has left

  387. Kev has left

  388. Steve Kille has joined

  389. wgreenhouse has joined

  390. Kev has joined

  391. adiaholic has joined

  392. mh has joined

  393. wgreenhouse has left

  394. kurisu has joined

  395. wladmis has left

  396. kyemxden has joined

  397. papatutuwawa has joined

  398. Yagiza has left

  399. Yagiza has joined

  400. argentum has joined

  401. kurisu has left

  402. kyemxden has left

  403. kyemxden has joined

  404. arc has left

  405. arc has joined

  406. wgreenhouse has joined

  407. argentum has left

  408. gooya has left

  409. adiaholic has left

  410. gooya has joined

  411. arc has left

  412. krauq has left

  413. arc has joined

  414. krauq has joined

  415. adiaholic has joined

  416. wgreenhouse has left

  417. lovetox has left

  418. lovetox has joined

  419. atomicwatch has left

  420. adiaholic has left

  421. adiaholic has joined

  422. wgreenhouse has joined

  423. adiaholic has left

  424. kurisu has joined

  425. Maranda[x] has left

  426. Maranda[x] has joined

  427. adiaholic has joined

  428. Paganini has joined

  429. ti_gj06 has left

  430. Wojtek has left

  431. Wojtek has joined

  432. kurisu has left

  433. arc has left

  434. arc has joined

  435. floretta has left

  436. floretta has joined

  437. Apollo has left

  438. mjk has left

  439. bung has left

  440. kurisu has joined

  441. mjk has joined

  442. Wojtek has left

  443. Mikaela has left

  444. Mikaela has joined

  445. Apollo has joined

  446. adiaholic has left

  447. adiaholic has joined

  448. kyemxden has left

  449. adiaholic has left

  450. wgreenhouse has left

  451. adiaholic has joined

  452. adiaholic has left

  453. Maranda has left

  454. Mjolnir Archon has left

  455. adiaholic has joined

  456. wgreenhouse has joined

  457. Steve Kille has left

  458. nuron has left

  459. nuron has joined

  460. adiaholic has left

  461. wgreenhouse has left

  462. alacer has left

  463. xnamed has joined

  464. alacer has joined

  465. kurisu has left

  466. wgreenhouse has joined

  467. stp has left

  468. adiaholic has joined

  469. stp has joined

  470. harry837374884 has left

  471. wgreenhouse has left

  472. restive_monk has left

  473. ti_gj06 has joined

  474. kurisu has joined

  475. adiaholic has left

  476. papatutuwawa has left

  477. xnamed has left

  478. kyemxden has joined

  479. Alex has left

  480. Alex has joined

  481. kurisu has left

  482. restive_monk has joined

  483. wgreenhouse has joined

  484. harry837374884 has joined

  485. xecks has left

  486. xecks has joined

  487. adiaholic has joined

  488. atomicwatch has joined

  489. wgreenhouse has left

  490. wgreenhouse has joined

  491. restive_monk has left

  492. kurisu has joined

  493. djorz has joined

  494. djorz has left

  495. wgreenhouse has left

  496. restive_monk has joined

  497. floretta has left

  498. floretta has joined

  499. marc0s has left

  500. marc0s has joined

  501. ti_gj06 has left

  502. u70jfzo5eyeb468b9o has left

  503. u70jfzo5eyeb468b9o has joined

  504. wgreenhouse has joined

  505. ti_gj06 has joined

  506. adiaholic has left

  507. adiaholic has joined

  508. Calvin has joined

  509. kurisu has left

  510. floretta has left

  511. floretta has joined

  512. serge90 has joined

  513. adiaholic has left

  514. Calvin has left

  515. xnamed has joined

  516. emus

    any comments from iTeam on this. Would it be appreciated?

  517. moparisthebest

    Neustradamus, I'm not clear from that PR what the goal was or why adding an extra link is helpful ? that's probably why you got no comments

  518. Steve Kille has joined

  519. MattJ

    emus, the board have previously agreed to allocate <undefined> resources to iteam, but requested that the first step would be defining the scope of the work and the resources required to accomplish it

  520. MattJ

    Nobody has done that, and doing so is extra work compared to just doing what we're doing

  521. adiaholic has joined

  522. MattJ

    Which isn't going terribly IMHO

  523. Steve Kille has left

  524. Steve Kille has joined

  525. emus

    But for example the deployment script for the website?

  526. floretta has left

  527. Steve Kille has left

  528. MattJ

    As I said, I don't believe it's going too badly. From what I can tell, on average the website gets deployed within an hour or two of someone requesting a deployment.

  529. MattJ

    Deployment itself now only takes a minute or so of someone's time

  530. MattJ

    It would be nice if it was automated, but that required more than a minute of work

  531. wgreenhouse has left

  532. MattJ

    It would be nice if it was automated, but that requires more than a minute of work

  533. emus

    Yes sure, it works fine, but still. You shouldnt tdo that. right?

  534. floretta has joined

  535. Zash

    A rare time when there are _two_ relevant XKCD: https://xkcd.com/1319/ https://xkcd.com/1205/

  536. MattJ

    It doesn't bother me that much, I don't know if it bothers the other iteam members to do manual deploys

  537. emus

    I know. but also xmpp.net for example. taking it down is not good I think and shows our limitations dunno how many other issues are open

  538. Zash

    xmpp.net is not an XSF project

  539. Zash

    It just happens to be hosted on XSF hardware for some historical reason

  540. moparisthebest

    leaving it up seems far worse considering how it's totally broken ?

  541. Sam

    Worked on by only XSF people, running on XSF hardware… if it quacks like a duck.

  542. moparisthebest

    98% of servers can only get a T right?

  543. MattJ

    That's the problem, it's not *totally* broken

  544. emus

    Zash: I know, but a certain important thing I think

  545. wgreenhouse has joined

  546. moparisthebest

    just broken enough to give the impression there are 0 trusted xmpp servers

  547. Sam

    (FWIW I agree that leaving it up feels quite bad and it should probably go away, looks really bad as is)

  548. MattJ

    I personally would rather the banner we have now than deal with a flood of complaints about it going away 100% until we get the replacement up

  549. Guus

    as an aside: outsourcing xmpp.net is probably hard/expensive because of very specific knowledge that is needed to maintain it.

  550. MattJ

    Of course if consensus is to take it down, and someone volunteers to be the point of contact for these complaints... :)

  551. moparisthebest


  552. Zash

    But what's left to "get the replacement up" ?

  553. MattJ

    I would rather move forwards with the new one than turn off the existing one at this point

  554. Sam

    I know a person who specializes in fixing / maintaining old PHP stuff that the original authors have abandoned; I don't know his rates, but I'd be happy to introduce people if that's something we're considering

  555. xecks has left

  556. MattJ

    We're not considering that

  557. Sam

    oh, "replacement" not "fixing", nevermind

  558. Zash

    I mean, there's the secret preview. It works.

  559. MattJ

    PHP is not the issue

  560. xecks has joined

  561. Sam

    Sorry, saw a comment about that a while ago and have just been kind of sort of passively following the conversation.

  562. MattJ

    The whole thing is built around, for example, a patched libssl from 200something

  563. Sam goes back to idling

  564. Zash

    For some value of "works", which may or may not be considered production-ready

  565. Maranda has joined

  566. Mjolnir Archon has joined

  567. adiaholic has left

  568. Guus

    I'm not saying that this is a good idea, but if we were to want to outsource xmpp.net, we could ask the original authors for a quote. That said, having a suitable replacement is fine by me - although I do worry a bit that that replacement will eventually suffer the same fate.

  569. Guus

    We'd at least have had a functional service again before it does, though.

  570. wladmis has joined

  571. moparisthebest

    new maintainable partially-works seems better than old unmaintainable known-broken, why not just stand it up ?

  572. Zash

    there is still the question of what's missing from the 80% working new thing

  573. jonas’

    the main bits, IIRC, missing are handling of edge cases, scoring and the badges

  574. jonas’

    the main bits missing, IIRC, are handling of edge cases, scoring and the badges

  575. Guus

    scoring, apparently. Unless 'TBD' is an interesting acronym for a new type of score. :)

  576. jonas’

    I hate the scoring

  577. arc has left

  578. arc has joined

  579. MattJ

    "How to score 'TBD' on xmpp.net using Prosody"

  580. Zash

    Is the scoring something that could be done as part of testssl.sh?

  581. jonas’

    the scoring of ssllabs is underdocumented and looks sane at first, but the farther you get down the existing document, the more it becomes just a set of rules for A/B/C/D instead of the sensible percentage/weighting thing they had initially

  582. Zash comes across https://github.com/drwetter/testssl.sh/issues/1108

  583. moparisthebest

    well right now the only score anyone can get is T right ?

  584. jonas’

    moparisthebest, if you're using LE, anyway

  585. moparisthebest

    ok, right now the only score 98% of people can get is T right? :)

  586. Zash

    Mouhahaha "Don't use LE" 👹️

  587. moparisthebest

    release the new thing giving everyone a T and we haven't lost anything

  588. Zash

    No, better that T, TBD

  589. adiaholic has joined

  590. jonas’

    moparisthebest, if you wanna poke at it: https://xmpp.net/preview/

  591. jonas’

    and https://xmpp.net/preview/scan/result/19 already seems to exhibit some weird edge case because there's no TLS scan for that one

  592. Zash

    https://github.com/drwetter/testssl.sh/issues/100 too

  593. serge90 has left

  594. papatutuwawa has joined

  595. Sam

    huh, glad to have this minimal replacement service available already. I thought TLS 1.0 had been disabled, but apparently not.

  596. jonas’

    code is here https://github.com/horazont/testxmpp/ if anyone wants to file issues

  597. jonas’

    code is here https://github.com/horazont/testxmpp/ if anyone wants to ~file issues~ send PRs

  598. wgreenhouse has left

  599. moparisthebest

    I mean that looks great, replace xmpp.net with it already ?

  600. moparisthebest

    TBD isn't any worse than T

  601. jonas’

    it doesn't seem to do TLS scans on s2s currently for some reason

  602. Zash

    > "TBD" > "T" true

  603. jonas’

    and to be honest I'd prefer if this wasn't a bus factor one thing

  604. wladmis has left

  605. wladmis has joined

  606. Zash

    While xmpp.net is bus factor zero?

  607. adiaholic has left

  608. jonas’

    yes, but it doesn't lie on my shoulders

  609. Kev has left

  610. Kev has joined

  611. adiaholic has joined

  612. antranigv has left

  613. junaid

    in case anyone missed it, following the workaround gets you an A again .. https://github.com/xmpp-observatory/xmppoke/issues/10#issuecomment-932029749

  614. Zash

    https://xmpp.net/preview/scan/result/22 s2s seems to work?

  615. wladmis has left

  616. moparisthebest

    isn't that the case already jonas’ ? but at least this one is maintainable

  617. wladmis has joined

  618. moparisthebest

    junaid, right, but that breaks the other set, old Android iirc ?

  619. Zash

    mellium.chat doesn't seem to have any c2s so the result for that seems expected

  620. moparisthebest

    one way breaks old openssl, the other way breaks old Android

  621. Daniel has left

  622. adiaholic has left

  623. floretta has left

  624. floretta has joined

  625. Guus

    I don't expect us to get to any kind of ideal scenario. Can we get to an acceptable one, including functional requirements, but also things like jonas’ understandable reluctance to be the bus factor?

  626. jonas’

    junaid, that workaround also locks out older androids (older than <7 IIRC)

  627. jonas’

    junaid, that workaround also locks out older androids (older than 7 IIRC)

  628. jonas’

    Zash, ah ok, then it just took a while. edge cases!

  629. Daniel has joined

  630. MattJ

    junaid, so it comes down to what the admin prefers: getting nice scores on xmpp.net, or preventing users with older phones from accessing their service :)

  631. serge90 has joined

  632. MattJ

    junaid, so it comes down to what the admin prefers: getting nice scores on xmpp.net, or allowing users with older phones to access their service :)

  633. junaid

    ic ic. not a major problem for servers that primarily will only be accessed via s2s though. but for everyone else, it's gonna be a bit painful.

  634. wladmis has left

  635. wladmis has joined

  636. floretta has left

  637. Zash

    I'm not sure that catering to people who run outdated OpenSSL is the wisest choice

  638. wladmis has left

  639. wladmis has joined

  640. jonas’

    (or ejabberd)

  641. MattJ

    Then xmpp.net is not broken :)

  642. Sam

    (mellium.chat is just a MUC/anon auth service, so that all seems right)

  643. Wojtek has joined

  644. wladmis has left

  645. wladmis has joined

  646. me9 has joined

  647. wladmis has left

  648. wladmis has joined

  649. junaid

    i'm following with Zash. score according to modern SSL standards. but maybe we introduce a new section to include some notes about edge cases? e.g. On C2S, "This service certs may not be trusted on Android <7"

  650. junaid

    ofc the "T" problem needs to be fixed

  651. wgreenhouse has joined

  652. junaid

    maybe silly question, but is our actual scoring process formally documented somewhere? or is the code the single source of truth?

  653. Zash

    what scoring process?

  654. Zash

    the one used by xmpp.net?

  655. Zash

    based on an old version of the ssllabs scoring method

  656. Zash

    jonas’, it seems to choke on my ipv6-only thing

  657. Guus

    Zash: what didn't build for you earlier today?

  658. Zash

    > b37bc4b830fa Fatal error: Only IPv6 address(es) for "use.ipv6.cerdale.zash.se." available, maybe add "-6" to /usr/local/bin/testssl > b37bc4b830fa WARNING:testxmpp.testssl.daemon:coordinator rejected our result: {...}

  659. Guus

    xmppoke builds from scratch for me.

  660. Zash

    Guus: frontend

  661. Guus

    ah ok

  662. Zash

    I'm using podman, not docker, which might be why. It built something on the xmpp.net server, but it did not work correctly.

  663. jonas’

    Zash, meh, it doesn't auto-detect v6ness?

  664. jonas’

    > -6 also use IPv6. Works only with supporting OpenSSL version and IPv6 connectivity

  665. jonas’


  666. wgreenhouse has left

  667. jonas’

    should be easy to add

  668. Zash

    It also spits out a HUGE reject thing in some pythonesque format that seems too big to paste here

  669. wladmis has left

  670. wladmis has joined

  671. Zash


  672. jonas’

    yeah, that's ok

  673. emus

    MattJ: I am also worried that no task will be touched that should be done, but no one wants to spend time on it. Or ensures we keep up operation/knowledge. Maybe one day people maybe just leave

  674. MattJ

    I think between current iteam members there's not too much that only a single individual knows (or that can't be figured out easily enough)

  675. floretta has joined

  676. wgreenhouse has joined

  677. Sam

    UI nit: it would be nice if "c2s" and "s2s" were checkboxes and a single report on a single page was created if you chose both.

  678. jonas’

    that's not a nit, that would be a complete data model redesign ;)

  679. Sam

    (if anyone is or does decide to work on this, that is)

  680. jonas’

    or at least something considerable effort I suppose

  681. Sam

    Is the data model that tied into the UI?

  682. jonas’

    the data model only knows one type per scan

  683. Sam

    Anyways, still a nit pick. Doesn't matter how huge the task is if it's a nit pick it's not the end of the world if it doesn't get done, just something that would be nice but doesn't really need to change.

  684. jonas’


  685. Sam

    But sure, if it's a lot of work probably not worth it for a nit.

  686. jonas’

    (I double-checked, the scan type is an inherent property of the scan)

  687. jonas’

    (though the UI could attempt to tie together s2s and c2s results somehow)

  688. Sam

    It could just start two scans and all you'd change is the report display code

  689. jonas’


  690. Sam

    oops, yes, that

  691. jonas’


  692. jonas’

    except that I don't like doing much logic in UI code ;)

  693. jonas’

    Sam, feel free to dump it here: https://github.com/horazont/testxmpp/

  694. jonas’

    Sam, feel free to dump it here: https://github.com/horazont/testxmpp/issues/

  695. Sam

    I would think the logic would just be "add an <h1>c2s</h1> and print that template, do the same for s2s below it" or something, but obviously I haven't looked at anything in here

  696. chronosx88 has left

  697. chronosx88 has joined

  698. adiaholic has joined

  699. jonas’

    oh yeah that'd be simple, though I'd then rather link the other scan

  700. jonas’

    (like the original xmpp.net currently does)

  701. floretta has left

  702. floretta has joined

  703. Sam

    yah, could be as simple as that

  704. jonas’

    I thought you meant something more sophisticated

  705. jonas’

    like comparison tables or somesuch

  706. jonas’

    still, file an issue because I can't work on that immediately

  707. Guus

    I might be going against my own advice to beat a dead horse, but bear with me: I've modified the xmppoke Dockerfile to now build against the latest HEAD of Openssl's repository (instead of the outdated fork it used up until now). Openssl builds without errors, with largely the same configure arguments. Is that expected to resolve the 'we need to update libssl' requirement?

  708. Sam

    wilco; no pressure obviously, was just a thought because on xmpp.net and this I pretty much always immediately start both

  709. Zash

    Guus, but the outdated fork was intentional, to get SSL 2.0 support

  710. Sam

    Do we need to know exactly what versions of old SSL are supported? Maybe just show newer supported things and then say "we got an error that an old no-longer-supported thing is used too! This is bad!"?

  711. Guus

    How does the replacement service offer SSL 2.0 support?

  712. Zash

    Guus, it uses testssl.sh and I don't know how it does that check

  713. Zash

    testssl.sh being an active project that we can use instead of duplicate (it's similar to xmppoke in scope) seems like argument enough for the replacement

  714. adiaholic has left

  715. Guus

    I'm not against a replacement at all. I'm just experimenting if with less effort, we can revive aforementioned dead horse.

  716. Guus

    or at least make it slightly less dead.

  717. Guus

    If that'd only mean loosing SSL 2.0 support, then I'm with Sam. If I can get it to run at all, that is.

  718. adiaholic has joined

  719. Sam

    huh, my domain does not want to show up in the s2s tests list on the preview even though I'm pretty sure the scan has completed successfully twice (not that it matters, just FYI)

  720. Guus

    although I'm now running into issues with building luasec, I think

  721. Zash

    Guus, it's outdated forks all the way down I'm afraid

  722. Zash

    Sam, did you put your user jid in there?

  723. adiaholic has left

  724. adiaholic has joined

  725. antranigv has joined

  726. krauq has left

  727. Sam

    just the domain

  728. Zash

    https://xmpp.net/preview/scan/result/29 how did this happen then?

  729. neshtaxmpp has left

  730. neshtaxmpp has joined

  731. Sam

    oops, weird, maybe I typed it wrong the first time. Either way, this one worked: https://xmpp.net/preview/scan/result/30

  732. mdosch

    Seems the testxmpp preview doesn't like direct tls on port 80 ^^ Although I checked with a client that it works. Maybe it doesn't do ALPN? https://xmpp.net/preview/scan/result/23

  733. wgreenhouse has left

  734. adiaholic has left

  735. Rixon 👁🗨 has left

  736. uhoreg has left

  737. homebeach has left

  738. Matthew has left

  739. Half-Shot has left

  740. Half-Shot has joined

  741. Matthew has joined

  742. Rixon 👁🗨 has joined

  743. uhoreg has joined

  744. homebeach has joined

  745. adiaholic has joined

  746. Zash

    quite possibly

  747. Zash

    Is it Python or who's not rejecting '@' in domain names?

  748. Guus

    switched to non-forked luasec (which probably breaks more), but it now builds.

  749. wgreenhouse has joined

  750. Guus


  751. djorz has joined

  752. krauq has joined

  753. wgreenhouse has left

  754. jgart has joined

  755. Maranda[x] has left

  756. Maranda[x] has joined

  757. wladmis has left

  758. wladmis has joined

  759. Neustradamus

    moparisthebest: The xmppoke PR number 11 is to have the xmpp.net at left part, client link on C2S part and server link on S2S part - https://xmpp.net/ - https://xmpp.net/result.php?domain=domain.tld&type=client - https://xmpp.net/result.php?domain=domain.tld&type=server

  760. adiaholic has left

  761. Neustradamus

    I have updated the description, thanks for your comment moparisthebest :)

  762. adiaholic has joined

  763. Neustradamus

    It is linked to: https://github.com/xmpp-observatory/xmppoke-frontend/issues/9

  764. Steve Kille has joined

  765. moparisthebest

    Neustradamus, but that code is abandoned and work is being done to replace it, why change the layout?

  766. matkor has left

  767. me9 has left

  768. Wojtek has left

  769. Wojtek has joined

  770. norkki has joined

  771. millesimus has left

  772. ti_gj06 has left

  773. Sam

    Why wouldn't the whole badge link to one place? That's just needlessly confusing.

  774. andrey.g has joined

  775. floretta has left

  776. Neustradamus has left

  777. Neustradamus has joined

  778. adiaholic has left

  779. adiaholic has joined

  780. Neustradamus has left

  781. floretta has joined

  782. millesimus has joined

  783. wgreenhouse has joined

  784. matkor has joined

  785. marc0s has left

  786. marc0s has joined

  787. marc0s has left

  788. marc0s has joined

  789. adiaholic has left

  790. norkki has left

  791. djorz has left

  792. adiaholic has joined

  793. ti_gj06 has joined

  794. adiaholic has left

  795. Guus

    I've got the old xmpp.net with updated openssl running on my local host, but scheduling a check won't work. Does any of the docker containers keep logfiles?

  796. serge90 has left

  797. Zash

    Look into `docker logs` I guess

  798. adiaholic has joined

  799. Guus

    that doesn't give more information other than the probe has exited with error code 1.

  800. reimar has joined

  801. Guus

    ah, the poker can be invoked from the command line

  802. Guus

    "look ma! I'm doin' LUA!"

  803. floretta has left

  804. floretta has joined

  805. me9 has joined

  806. moparisthebest

    oh no, he's angered the gods of capitalization...

  807. Guus

    which may or may not have been intentional

  808. TheCoffeMaker has joined

  809. millesimus has left

  810. Guus

    `lua: xmppoke.lua:5406: attempt to index field 'x509' (a nil value)`

  811. Guus

    that line being:

  812. Guus

    `local cert_load = require "ssl".x509.load;`

  813. Guus

    any clue?

  814. Guus

    meh, in over my head. Commented on the PR with findings

  815. moparisthebest

    the ssl module doesn't have that field anymore, but past that...

  816. benk has joined

  817. restive_monk has left

  818. papatutuwawa has left

  819. millesimus has joined

  820. restive_monk has joined

  821. Vidak has left

  822. Kev has left

  823. Vidak has joined

  824. TheCoffeMaker has left

  825. TheCoffeMaker has joined

  826. andrey.g has left

  827. rocco has left

  828. djorz has joined

  829. wladmis has left

  830. wladmis has joined

  831. dan.caseley has left

  832. dan.caseley has joined

  833. papatutuwawa has joined

  834. kyemxden has left

  835. kyemxden has joined

  836. TheCoffeMaker has left

  837. kyemxden has left

  838. kyemxden has joined

  839. dan.caseley has left

  840. dan.caseley has joined

  841. TheCoffeMaker has joined

  842. antranigv has left

  843. karoshi has left

  844. ti_gj06 has left

  845. wgreenhouse has left

  846. millesimus has left

  847. millesimus has joined

  848. antranigv has joined

  849. kyemxden has left

  850. kyemxden has joined

  851. restive_monk has left

  852. norkki has joined

  853. jonas’


  854. jonas’

    if you're touching luasec, run

  855. Zash

    Remember a while back when I said it was unmaintained forks all the way down?

  856. jonas’

    mdosch, it indeed does not do ALPN

  857. Guus has left

  858. Zash

    That may have been an evolutionary dead end, it's `require"ssl".loadcertificate` now.

  859. millesimus has left

  860. wgreenhouse has joined

  861. marc0s has left

  862. marc0s has joined

  863. ti_gj06 has joined

  864. mjk

    > run > if you're touching luasec, run Is that a general advice or specific to xmppoke? 'Cause I have hopes of upstreaming some stuff 'ere

  865. norkki has left

  866. guus.der.kinderen

    > Remember a while back when I said it was unmaintained forks all the way down? Naive me is hoping that all pertinent changes haven been merged upstream, and/or have been made irrelevant by later changes, and/or have only minor functional impact. That's why I was trying to move back to the upstream projects of the forks.

  867. karoshi has joined

  868. Zash

    What part of "unmaintained forks all the way down" was unclear? Forks. With API differences.

  869. antranigv has left

  870. jonas’

    mjk, it takes a certain kind of person to touch libssl bindings in general or luasec in particular and not come out scarred.

  871. jonas’

    look at poor Zash over there

  872. mjk

    Ah, it's alright then, I'm not getting into C bindings... yet... I hope

  873. Zash

    I have no idea what you are talking about, I must have suppressed those memories. Best not remind me if so.

  874. mjk

    Just some fluffy ol' Lua

  875. jonas’

    and in context of xmppoke… stay away from it in general, I suppose

  876. Zash

    It is async, predating the async in Prosody.

  877. floretta has left

  878. floretta has joined

  879. wgreenhouse has left

  880. goffi has left

  881. goffi has joined

  882. marc0s has left

  883. marc0s has joined

  884. xnamed has left

  885. Wojtek has left

  886. adiaholic has left

  887. Wojtek has joined

  888. adiaholic has joined

  889. millesimus has joined

  890. andy has joined

  891. Mikaela has left

  892. վարյա has joined

  893. adiaholic has left

  894. kyemxden has left

  895. kyemxden has joined

  896. goffi has left

  897. goffi has joined

  898. alacer has left

  899. alacer has joined

  900. wgreenhouse has joined

  901. serge90 has joined

  902. andy has left

  903. adiaholic has joined

  904. wgreenhouse has left

  905. Ge0rG has left

  906. junaid has left

  907. goffi has left

  908. goffi has joined

  909. junaid has joined

  910. wgreenhouse has joined

  911. Ge0rG has joined

  912. ti_gj06 has left

  913. millesimus has left

  914. millesimus has joined

  915. wgreenhouse has left

  916. marc0s has left

  917. marc0s has joined

  918. Titi has left

  919. Wojtek has left

  920. inky has left

  921. inky has joined

  922. marc0s has left

  923. marc0s has joined

  924. marc0s has left

  925. marc0s has joined

  926. Titi has joined

  927. wgreenhouse has joined

  928. վարյա has left

  929. վարյա has joined

  930. floretta has left

  931. marc0s has left

  932. marc0s has joined

  933. alacer has left

  934. Calvin has joined

  935. benk has left

  936. floretta has joined

  937. alacer has joined

  938. Yagiza has left

  939. millesimus has left

  940. Calvin has left

  941. xnamed has joined

  942. jcbrand has left

  943. bean has left

  944. millesimus has joined

  945. Menel has left

  946. Menel has joined

  947. jcbrand has joined

  948. druthid has left

  949. adiaholic has left

  950. floretta has left

  951. floretta has joined

  952. floretta has left

  953. floretta has joined

  954. druthid has joined

  955. msavoritias has left

  956. neshtaxmpp has left

  957. neshtaxmpp has joined

  958. Titi has left

  959. emus has left

  960. emus has joined

  961. adiaholic has joined

  962. me9 has left

  963. adiaholic has left

  964. alacer has left

  965. alacer has joined

  966. norkki has joined

  967. floretta has left

  968. kyemxden has left

  969. kyemxden has joined

  970. papatutuwawa has left

  971. rocco has joined

  972. rocco has left

  973. goffi has left

  974. Titi has joined

  975. argentum has joined

  976. mjk

    > and in context of xmppoke… stay away from it in general, I suppose Yeah, I'm good

  977. floretta has joined

  978. adiaholic has joined

  979. stp has left

  980. krauq has left

  981. krauq has joined

  982. norkki has left

  983. adiaholic has left

  984. վարյա has left

  985. վարյա has joined

  986. mjk has left

  987. mdosch has left

  988. mdosch has joined

  989. qwestion has joined

  990. mjk has joined

  991. Calvin has joined

  992. pasdesushi has left

  993. phryk has joined

  994. millesimus has left

  995. adiaholic has joined

  996. Maranda[x] has left

  997. Maranda[x] has joined

  998. floretta has left

  999. marc0s has left

  1000. marc0s has joined

  1001. Calvin has left

  1002. adiaholic has left

  1003. Tobias has left

  1004. millesimus has joined

  1005. adiaholic has joined

  1006. arc has left

  1007. arc has joined

  1008. jgart has left

  1009. jgart has joined

  1010. adiaholic has left

  1011. atomicwatch has left

  1012. Titi has left

  1013. djorz has left

  1014. alacer has left

  1015. chronosx88 has left

  1016. chronosx88 has joined

  1017. alacer has joined

  1018. floretta has joined

  1019. atomicwatch has joined

  1020. wladmis has left

  1021. millesimus has left

  1022. tykayn has left

  1023. adiaholic has joined

  1024. wurstsalat has left

  1025. adiaholic has left

  1026. adiaholic has joined

  1027. Neustradamus has joined

  1028. emus has left

  1029. adiaholic has left

  1030. Titi has joined

  1031. djorz has joined

  1032. marc0s has left

  1033. marc0s has joined

  1034. Maranda[x] has left

  1035. djorz has left

  1036. Maranda[x] has joined

  1037. adiaholic has joined

  1038. wladmis has joined

  1039. robertooo has left

  1040. millesimus has joined

  1041. robertooo has joined

  1042. adiaholic has left

  1043. restive_monk has joined

  1044. rocco has joined

  1045. bung has joined

  1046. Titi has left

  1047. karoshi has left