XSF Discussion - 2023-11-14


  1. kurisu

    Does muji support grouping?

  2. kurisu

    As in https://xmpp.org/extensions/xep-0338.xml

  3. edhelas

    Do we have some kind of statistics to show what kind of clients and servers are currently deployed on the XMPP network ?

  4. Daniel

    I don't think we can have that in a federated network.

  5. Daniel

    https://stats.jabberfr.org/

  6. Zash

    Shodan?

  7. Daniel

    But I think single server views on that are very limited

  8. Guus

    ages ago, there was this project that made a mesh of servers based on service discovery (I think) and a simple query. I'm not sure if it included that information, but could be easily adapted to do so.

  9. Guus

    I think I even have an Openfire plugin for that - looking...

  10. edhelas

    > https://stats.jabberfr.org/ Thanks ! Indeed that just a view of the network. I would be interested to see also the servers statistics.

  11. jonas’

    https://search.jabber.network/stats

    😍 1
  12. edhelas

    Thanks jonas’ !

  13. jonas’

    _probably_ the most comprehensive server software survey of the federated(!) chat(!) network.

  14. Guus

    oh, that's nice jonas’ - never seen that

  15. edhelas

    Fun to see Spectrum and biboumi in the top chart, XMPP is also about transport !

  16. Guus

    the number of unknowns surprises me

  17. jonas’

    I can also run queries for software version numbers or restricted to domains which are "User Server"s if you'd like more of a deployment overview

  18. edhelas

    jonas’ having software version detail could be interesting indeed, to see if admins are upgrating their servers or not

  19. edhelas

    jonas’ having software version detail could be interesting indeed, to see if admins are upgrating their servers or not for example

  20. Guus

    This is what I was referring to earlier: https://github.com/guusdk/openfire-serverinfo-plugin - it's dead/abandoned.

  21. Zash

    Is the-federation.info still there?

  22. Zash

    Mostly ActivityPub tho iirc

  23. Daniel

    FWIW the compliance tester says 43% ejabberd, 55% Prosody for 1200 domains where log in currently works

  24. Daniel

    but this too is obviously very biased

  25. jonas’

    but probably less biased than sjn

  26. edhelas

    Do we have users subscribed/connected in the info somehow ?

  27. jonas’

    Guus, regarding the unknowns (I just took a look): A lot are specialized components (upload, push, pubsub), but some are also main domains where people probably didn't load the plugin.

  28. Daniel

    I bet there are *a lot* of openfire servers out there

  29. Daniel

    but those are not people who use the compliance tester

  30. jonas’

    also not in the federated network probably

  31. Guus

    I know that there a lot of Openfire servers out there, but I would not expect them to be in these stats.

  32. Guus

    they're largely one-off, closed domains.

  33. Daniel

    the compliance tester has openfire at 0.5% - which I guess shows you how useless and biased that data is

  34. Guus

    biased, yes, useless, no.

  35. jonas’

    exactly

  36. Daniel

    just like jabber.fr has Conversations and forks at 50% - I don’t think that is even remotely representative of what people are really using

  37. Daniel

    (Pidgin)

  38. edhelas

    By the way, the top graph seems a bit large to my on this page https://compliance.conversations.im/server/movim.eu/ don't you think ?

  39. edhelas

    But thanks for all the links :)

  40. Daniel

    yeah the project is officially unmaintained

  41. Link Mauve

    Daniel, we had Pidgin at a surprisingly high rate for quite long, it was more popular than Conversations until just a few years ago.

  42. jonas’

    also, all data is biased

  43. Link Mauve

    Although our data is also biaised, Conversations stays open 24h a day while Pidgin is usually only open when people are on their computer.

  44. jonas’

    so a 24h max is probably what you want to look at

  45. jonas’

    (or even 7d max)

  46. edhelas

    I have some stats there as well, just counting the presences in my DB, also biaised https://mov.im/infos

  47. Daniel

    ok. 'useless' was probably not fair. but be careful with what you do with the data

  48. Guus

    edhelas is on a quest to make people ingest raw json :)

  49. edhelas

    > edhelas is on a quest to make people ingest raw json :) I can make a XML version if you prefer :p

  50. Guus

    hehehe

  51. Guus

    RFC 6120 4.7.3 states: > For initial stream headers, the initiating entity MUST NOT include the 'id' attribute Is there something as a non-initial stream header? I'm assuming that stream headers after a SASL / STARTTLS restart are again 'initial'?

  52. emus

    > edhelas: > 2023-11-14 11:36 (GMT+01:00) > Do we have some kind of statistics to show what kind of clients and servers are currently deployed on the XMPP network ? Good questions for tonight, even though it wont be a statistic

  53. emus

    > jonas’: > 2023-11-14 11:41 (GMT+01:00) > https://search.jabber.network/stats This is great!

  54. larma

    How many of us are planning to go to 37C3 in Hamburg? Do we want to register for an assembly?

  55. emus

    We are starting the workshop in about 45 minutes, lobby is officially open in 30. Everyone interested welcome. Join: https://teamjoin.de/XMPPVisionandStrategicWorkshop https://fosstodon.org/@xmpp/111405455575621613

  56. emus

    Lobby is open

  57. emus

    🙂

  58. emus

    Starting soon

  59. lbocquet

    emus: Normally, there are some guys who inform that you must not spam all MUC rooms with an announcement and the result is that you are banned. Note: I report only the situation to you, communication is important.

  60. egnun

    Is it just me or do these links to the mailing lists all return a 404? https://xmpp.org/community/mailing-lists/

  61. Zash

    egnun, known and being worked on, ever so slowly

  62. egnun

    I see. Thanks.

  63. Zash

    egnun, looking to subscribe or for something in the archives?

  64. egnun

    Yes.

  65. egnun

    No, subscribing would be enough for now.

  66. Zash

    > List-Subscribe: <mailto:standards-join@xmpp.org> E.g. that method should still work, I hope.

  67. emus

    > lbocquet: > 2023-11-14 09:08 (GMT+01:00) > emus: Normally, there are some guys who inform that you must not spam all MUC rooms with an announcement and the result is that you are banned. > Note: I report only the situation to you, communication is important. I know, but I hope in this case people forgive me

  68. lovetox

    if i read the channel binding RFC it says right at the start that there are attacks against tls-unique for TLS 1.2

  69. lovetox

    does this mean its discouraged to even implement tls-unique for 1.2

  70. lovetox

    or does this attack somehow not apply to xmpp

  71. lovetox

    https://www.rfc-editor.org/rfc/rfc9266#name-introduction

  72. Zash

    I only remember that there was some attack that involved doing renegotiation a few times

  73. lovetox

    > The "tls-unique" channel binding type defined in [RFC5929] was found to be susceptible to the "triple handshake vulnerability" [TRIPLE-HANDSHAKE] without the extended master secret extension defined in [RFC7627].

  74. Zash

    So, avoid renegotiation

  75. Zash

    It'd be handy to have that xmpp.net TLS data now, to know how widespread TLS 1.3 is.

  76. emus

    Thanks you folks! https://fosstodon.org/@xmpp/111410894859920061

  77. emus

    Haha, we really put load to the jitsi server today: https://stats.adminforge.de/d/000000022/teamjoin3a-jitsi-meet?orgId=3&refresh=30s