ejabberd - Вторник, 15 августа 2017

ejabberd

ejabberd@conference.jabber.ru

Вторник, 15 августа 2017< ^ >

imarek@lczak.net установил(а) тему: ejabberd · english room · https://ejabberd.im. Logs: https://chatlogs.jabber.ru/ejabberd@conference.jabber.ru

Конфигурация комнаты

Участники комнаты

GMT+3
[00:00:09] rom1dep вышел(а) из комнаты
[00:01:49] sattellite вошёл(а) в комнату
[00:04:29] debalance вошёл(а) в комнату
[00:05:31] linus вошёл(а) в комнату
[00:06:16] caffey вышел(а) из комнаты: Replaced by new connection
[00:06:22] caffey вошёл(а) в комнату
[00:17:19] anand вошёл(а) в комнату
[00:18:43] linus вышел(а) из комнаты
[00:19:21] caffey вышел(а) из комнаты: Replaced by new connection
[00:19:24] caffey вошёл(а) в комнату
[00:26:20] erik вышел(а) из комнаты: Connection failed: connection closed
[00:26:30] erik вошёл(а) в комнату
[00:27:19] hlad вышел(а) из комнаты
[00:28:37] Holger вышел(а) из комнаты: Replaced by new connection
[00:28:47] Holger вошёл(а) в комнату
[00:30:05] sergio вышел(а) из комнаты
[00:40:55] JabAlacer вошёл(а) в комнату
[00:46:18] anand вышел(а) из комнаты
[00:49:43] JabAlacer вышел(а) из комнаты
[00:50:01] zinid вышел(а) из комнаты
[00:54:01] <Holger> SaltyBones: You configure MySQL as described here: https://docs.ejabberd.im/admin/databases/mysql/
[00:54:14] <Holger> SaltyBones: Then you run "ejabberdctl export2sql example.com /tmp/example.com.dump" for each virtual host.  Then pipe the result into mysql and restart ejabberd.
[00:58:49] debalance вышел(а) из комнаты
[01:04:20] debalance вошёл(а) в комнату
[01:13:14] jere вышел(а) из комнаты
[01:20:34] JabAlacer вошёл(а) в комнату
[01:23:22] Marzanna вышел(а) из комнаты
[01:24:55] caffey вышел(а) из комнаты
[01:25:16] linus вошёл(а) в комнату
[01:26:26] marek.w вошёл(а) в комнату
[01:31:02] marek.w вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[01:31:03] marek.w вошёл(а) в комнату
[01:31:57] JabAlacer вышел(а) из комнаты
[01:33:02] caffey вошёл(а) в комнату
[01:40:31] JabAlacer вошёл(а) в комнату
[01:44:50] Holger вышел(а) из комнаты: Replaced by new connection
[01:44:58] Holger вошёл(а) в комнату
[01:45:47] marek.w вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[01:45:54] marek.w вошёл(а) в комнату
[01:53:06] marek.w вышел(а) из комнаты: Connection failed: connection closed
[02:00:19] Holger вышел(а) из комнаты: Replaced by new connection
[02:00:28] Holger вошёл(а) в комнату
[02:06:03] Holger вышел(а) из комнаты: Replaced by new connection
[02:06:16] Holger вошёл(а) в комнату
[02:10:19] <SaltyBones> Holger, thanks, I'll let you know how it went.
[02:11:17] Holger вышел(а) из комнаты: Replaced by new connection
[02:11:39] Holger вошёл(а) в комнату
[02:16:20] debalance вышел(а) из комнаты
[02:24:30] anand вошёл(а) в комнату
[02:35:03] Holger вышел(а) из комнаты: Replaced by new connection
[02:35:18] Holger вошёл(а) в комнату
[02:35:39] Holger вышел(а) из комнаты: Replaced by new connection
[02:35:55] Holger вошёл(а) в комнату
[02:37:22] JabAlacer вышел(а) из комнаты
[02:37:22] linus вышел(а) из комнаты: Replaced by new connection
[02:37:25] linus вошёл(а) в комнату
[02:38:21] debalance вошёл(а) в комнату
[02:38:41] Holger вышел(а) из комнаты: Replaced by new connection
[02:41:29] Holger вошёл(а) в комнату
[02:43:30] Holger вышел(а) из комнаты: Replaced by new connection
[02:43:53] Holger вошёл(а) в комнату
[02:46:01] Holger вышел(а) из комнаты: Replaced by new connection
[02:46:26] Holger вошёл(а) в комнату
[02:48:14] jere вошёл(а) в комнату
[02:50:30] anand вышел(а) из комнаты
[02:52:09] Holger вышел(а) из комнаты: Replaced by new connection
[02:52:24] Holger вошёл(а) в комнату
[02:57:22] caffey вышел(а) из комнаты
[02:57:50] hlad вышел(а) из комнаты: Replaced by new connection
[02:57:55] hlad вошёл(а) в комнату
[02:58:06] caffey вошёл(а) в комнату
[02:58:53] cippaciong вышел(а) из комнаты
[03:06:37] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[03:06:42] jere вошёл(а) в комнату
[03:14:59] jannic вышел(а) из комнаты: Replaced by new connection
[03:15:14] jannic вошёл(а) в комнату
[03:22:24] anand вошёл(а) в комнату
[03:25:13] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[03:25:18] jere вошёл(а) в комнату
[03:27:04] SaltyBones вышел(а) из комнаты: Stream closed by us: system-shutdown
[03:27:56] SaltyBones вошёл(а) в комнату
[03:28:59] <SaltyBones> Holger, Problem 'error undef' occurred executing the command.
Stacktrace: [{mod_announce_mnesia,expo...
[03:29:42] <SaltyBones> https://pastebin.com/JRXX7PMK
[03:30:32] JabAlacer вошёл(а) в комнату
[03:41:37] marek.w вошёл(а) в комнату
[03:46:27] caffey вышел(а) из комнаты: Replaced by new connection
[03:46:30] caffey вошёл(а) в комнату
[03:46:37] SaltyBones вышел(а) из комнаты
[03:55:51] caffey вышел(а) из комнаты: Replaced by new connection
[03:55:53] caffey вошёл(а) в комнату
[04:01:27] SaltyBones вошёл(а) в комнату
[04:01:42] <SaltyBones> Okay, apparently I have to change the settings first and then restart and then run the export.
[04:01:52] <SaltyBones> But now I get invalid sql syntax for the dump file.
[04:04:54] <SaltyBones> I don't understand why, though the line looks fine: delete from rosterusers where username='someuser' and jid='somebody@somehost.org';
[04:05:09] <SaltyBones> Not that I would understand why it wants to delete something, anyway.
[04:06:03] Neustradamus вышел(а) из комнаты
[04:06:20] SaltyBones вышел(а) из комнаты: Machine going to sleep
[04:06:32] Neustradamus вошёл(а) в комнату
[04:07:43] debalance вышел(а) из комнаты
[04:07:43] debalance вышел(а) из комнаты
[04:10:19] debalance вошёл(а) в комнату
[04:10:50] debalance вошёл(а) в комнату
[04:23:30] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[04:23:31] erik вошёл(а) в комнату
[04:23:38] JabAlacer вышел(а) из комнаты
[04:26:26] marek.w вышел(а) из комнаты: Connection failed: connection closed
[04:27:00] marek.w вошёл(а) в комнату
[04:30:31] JabAlacer вошёл(а) в комнату
[04:35:18] jere вышел(а) из комнаты
[04:42:55] JabAlacer вышел(а) из комнаты: Disconnected: Replaced by new connection
[04:42:56] JabAlacer вошёл(а) в комнату
[04:44:45] jere вошёл(а) в комнату
[04:46:37] marek.w вышел(а) из комнаты: Connection failed: connection closed
[04:55:19] JabAlacer вышел(а) из комнаты
[05:00:16] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[05:00:21] stian вошёл(а) в комнату
[05:01:02] JabAlacer вошёл(а) в комнату
[05:05:11] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[05:05:16] stian вошёл(а) в комнату
[05:08:21] andrey.g вошёл(а) в комнату
[05:11:00] andrey.g вышел(а) из комнаты
[05:15:57] jeremy вошёл(а) в комнату
[05:19:40] de-facto вошёл(а) в комнату
[05:19:55] Psi-Jack вошёл(а) в комнату
[05:20:04] de-facto вышел(а) из комнаты
[05:22:39] Psi-Jack вышел(а) из комнаты: unknown reason
[05:26:59] jeremy вышел(а) из комнаты: Machine going to sleep
[05:35:25] JabAlacer вышел(а) из комнаты
[05:49:56] jere вышел(а) из комнаты
[05:57:08] jere вошёл(а) в комнату
[06:12:50] caffey вышел(а) из комнаты: Replaced by new connection
[06:16:59] caffey вошёл(а) в комнату
[06:20:38] Psi-Jack вошёл(а) в комнату
[06:21:43] debalance вышел(а) из комнаты: Replaced by new connection
[06:22:28] caffey вышел(а) из комнаты: Replaced by new connection
[06:22:32] debalance вошёл(а) в комнату
[06:23:13] caffey вошёл(а) в комнату
[06:23:28] Psi-Jack вышел(а) из комнаты: unknown reason
[06:59:22] debalance вышел(а) из комнаты
[06:59:31] andrey.g вошёл(а) в комнату
[07:05:32] JabAlacer вошёл(а) в комнату
[07:12:51] pod вошёл(а) в комнату
[07:21:27] Psi-Jack вошёл(а) в комнату
[07:25:28] pod вошёл(а) в комнату
[07:26:28] Psi-Jack вышел(а) из комнаты: unknown reason
[07:34:25] JabAlacer вышел(а) из комнаты
[07:36:39] pod вышел(а) из комнаты
[07:40:06] rom1dep вошёл(а) в комнату
[07:42:31] pod вошёл(а) в комнату
[07:43:15] ileh вышел(а) из комнаты: Replaced by new connection
[07:43:24] rom1dep вышел(а) из комнаты
[07:43:29] ileh вошёл(а) в комнату
[07:45:33] JabAlacer вошёл(а) в комнату
[07:46:17] sattellite вышел(а) из комнаты
[07:46:26] sattellite вошёл(а) в комнату
[07:47:59] rom1dep вошёл(а) в комнату
[07:53:27] sattellite вышел(а) из комнаты
[07:58:47] zinid вошёл(а) в комнату
[08:07:52] sattellite вошёл(а) в комнату
[08:10:18] pod вышел(а) из комнаты: Replaced by new connection
[08:10:21] pod вошёл(а) в комнату
[08:11:02] jere вышел(а) из комнаты
[08:11:59] sattellite вышел(а) из комнаты
[08:17:55] sattellite вошёл(а) в комнату
[08:23:18] hlad вышел(а) из комнаты: Replaced by new connection
[08:23:24] debalance вошёл(а) в комнату
[08:23:27] hlad вошёл(а) в комнату
[08:23:48] Psi-Jack вошёл(а) в комнату
[08:28:39] Psi-Jack вышел(а) из комнаты: unknown reason
[08:28:48] cippaciong вошёл(а) в комнату
[08:29:10] sezuan вошёл(а) в комнату
[08:30:32] sattellite вышел(а) из комнаты
[08:49:31] debalance вошёл(а) в комнату
[08:49:43] sattellite вошёл(а) в комнату
[08:54:31] debalance вышел(а) из комнаты
[08:58:13] sattellite вышел(а) из комнаты
[08:58:40] sattellite вошёл(а) в комнату
[09:04:32] sezuan вошёл(а) в комнату
[09:13:56] sattellite вышел(а) из комнаты
[09:14:46] debalance вошёл(а) в комнату
[09:15:28] sattellite вошёл(а) в комнату
[09:18:41] debalance вышел(а) из комнаты
[09:24:18] debalance вышел(а) из комнаты: Replaced by new connection
[09:24:34] Psi-Jack вошёл(а) в комнату
[09:26:03] sattellite вышел(а) из комнаты
[09:30:27] JabAlacer вышел(а) из комнаты
[09:31:15] Psi-Jack вышел(а) из комнаты: unknown reason
[09:37:42] JabAlacer вошёл(а) в комнату
[09:39:50] sattellite вошёл(а) в комнату
[09:42:47] hlad вошёл(а) в комнату
[09:53:39] sattellite вышел(а) из комнаты
[10:00:34] edhelas вошёл(а) в комнату
[10:00:56] sattellite вошёл(а) в комнату
[10:01:05] <edhelas> congrats for the 17.08 release :) nothing in https://docs.ejabberd.im/admin/upgrade/#specific-version-upgrade-notes ?
[10:01:21] <edhelas> I'll migrate movim.eu to the 17.08 soon
[10:02:24] <zinid> I think no
[10:02:54] <zinid> ah, you already migraged?
[10:05:40] <edhelas> not yet
[10:06:05] <zinid> I just disco'ed movim.eu and there is ejabberd running ;)
[10:06:44] <edhelas> ah yes to 17.07 :)
[10:07:05] linus вышел(а) из комнаты
[10:07:05] debalance вышел(а) из комнаты
[10:07:06] cippaciong вышел(а) из комнаты
[10:07:52] sattellite вышел(а) из комнаты
[10:08:45] JabAlacer вышел(а) из комнаты
[10:12:28] rozzin вышел(а) из комнаты: Machine going to sleep
[10:12:48] debalance вошёл(а) в комнату
[10:15:31] JabAlacer вошёл(а) в комнату
[10:16:49] debalance вошёл(а) в комнату
[10:21:05] SaltyBones вошёл(а) в комнату
[10:21:17] sattellite вошёл(а) в комнату
[10:21:20] linus вошёл(а) в комнату
[10:23:05] debalance вышел(а) из комнаты
[10:28:20] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[10:28:24] stian вошёл(а) в комнату
[10:30:24] sergio вошёл(а) в комнату
[10:35:47] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[10:35:50] erik вошёл(а) в комнату
[10:36:00] Marzanna вошёл(а) в комнату
[10:38:58] sattellite вышел(а) из комнаты
[10:41:34] sattellite вошёл(а) в комнату
[10:41:37] SaltyBones вышел(а) из комнаты: Connection failed: connection closed
[10:41:52] cippaciong вошёл(а) в комнату
[10:44:15] mimi89999 вышел(а) из комнаты
[10:45:32] sattellite вышел(а) из комнаты
[10:49:34] SaltyBones вошёл(а) в комнату
[10:51:11] hlad вошёл(а) в комнату
[10:51:18] andrey.g вышел(а) из комнаты
[10:52:06] sattellite вошёл(а) в комнату
[10:52:52] SaltyBones вошёл(а) в комнату
[10:56:32] hlad вышел(а) из комнаты
[10:57:04] hlad вышел(а) из комнаты
[10:58:19] hlad вошёл(а) в комнату
[11:00:15] caffey вышел(а) из комнаты: Replaced by new connection
[11:00:16] sattellite вышел(а) из комнаты
[11:00:18] caffey вошёл(а) в комнату
[11:00:52] Holger вышел(а) из комнаты: Replaced by new connection
[11:01:03] Holger вошёл(а) в комнату
[11:02:34] sattellite вошёл(а) в комнату
[11:03:12] SaltyBones вышел(а) из комнаты: Connection failed: connection closed
[11:05:51] sattellite вышел(а) из комнаты
[11:12:56] Psi-Jack вошёл(а) в комнату
[11:15:03] debalance вошёл(а) в комнату
[11:16:03] Psi-Jack вышел(а) из комнаты: unknown reason
[11:21:27] debalance вышел(а) из комнаты
[11:23:43] debalance вошёл(а) в комнату
[11:24:59] jeremy вышел(а) из комнаты
[11:25:26] sergio вошёл(а) в комнату
[11:28:12] jeremy вошёл(а) в комнату
[11:30:26] JabAlacer вышел(а) из комнаты
[11:39:06] <sergio> Hello guys, congratulations for the new 17.08 version.
is there any place where I can see how configure the new module mod_push?
[11:39:08] stian вышел(а) из комнаты: Connection failed: connection closed
[11:40:22] <zinid> put any unknown option and see the warning message which includes all available options ;)
[11:40:33] <zinid> hint: db_type, cache_life_time, cache_size, use_cache, cache_missed, iqdisc
[11:41:35] <sergio> but you don't need to configure anything related with gcm or apn?
[11:41:49] <zinid> no, no need
[11:42:01] <sergio> ah, ok, thanks
[11:42:02] <zinid> those services are hosted by client devs
[11:42:14] mimi89999 вошёл(а) в комнату
[11:42:25] <zinid> so, just mod_push: {}
[11:42:33] <sergio> perfect!
[11:43:11] sattellite вошёл(а) в комнату
[11:45:07] debalance вышел(а) из комнаты
[11:46:11] sattellite вышел(а) из комнаты
[11:46:22] sattellite вошёл(а) в комнату
[11:46:59] sergio вошёл(а) в комнату
[11:51:37] sergio вышел(а) из комнаты
[11:55:43] sergio вышел(а) из комнаты: Replaced by new connection
[11:57:30] sezuan вышел(а) из комнаты
[11:57:57] JabAlacer вошёл(а) в комнату
[12:00:15] sergio вышел(а) из комнаты
[12:02:00] sergio вошёл(а) в комнату
[12:02:03] linus вышел(а) из комнаты
[12:02:10] sergio вышел(а) из комнаты
[12:02:42] sattellite вышел(а) из комнаты
[12:03:22] debalance вошёл(а) в комнату
[12:03:39] sergio вошёл(а) в комнату
[12:04:02] sergio вошёл(а) в комнату
[12:05:19] pod вышел(а) из комнаты
[12:06:43] sattellite вошёл(а) в комнату
[12:07:49] sattellite вышел(а) из комнаты
[12:14:33] Psi-Jack вошёл(а) в комнату
[12:14:45] erik вошёл(а) в комнату
[12:19:22] Psi-Jack вышел(а) из комнаты: unknown reason
[12:19:33] caffey вышел(а) из комнаты
[12:24:31] hlad вышел(а) из комнаты
[12:24:42] hlad вошёл(а) в комнату
[12:27:57] vingausaid вышел(а) из комнаты: Replaced by new connection
[12:28:00] vingausaid вошёл(а) в комнату
[12:30:13] Holger вышел(а) из комнаты: Replaced by new connection
[12:30:21] Holger вошёл(а) в комнату
[12:36:33] <edhelas> it seems that I have some s2s connectivity issues with Prosody servers
[12:37:00] <edhelas> is there some related bugs about that topic ? then I can investigate
[12:37:04] linus вошёл(а) в комнату
[12:37:39] <zinid> there was a bug when prosody gets stuck if sasl external fails
[12:38:01] <zinid> edhelas: can you give some example domain you have troubles with?
[12:38:14] <edhelas> is there a magical command to list the current status of s2s connections in ejabberd ?
[12:38:22] <edhelas> jabber.fr
[12:38:59] <zinid> I have no problems with this domain
[12:39:06] <zinid> let me upgrade to recent version
[12:40:00] <edhelas> okay
[12:40:10] <edhelas> maybe it's a configuration issue on my side
[12:40:20] <zinid> what error do you see in the log?
[12:41:21] caffey вошёл(а) в комнату
[12:41:34] <edhelas> I just enabled logLevel: 4 to get a bit more infos
[12:42:34] debalance вышел(а) из комнаты
[12:42:40] <edhelas> I have those kind of things for now
[12:42:43] <edhelas> 2017-08-15 11:41:59.440 [info] <0.4371.119>@ejabberd_s2s_out:handle_auth_failure:229 (tls|<0.30427.120>) Failed outbound s2s EXTERNAL authentication movim.eu -> jabberpulsa.com (182.253.1.245): Authentication failed: Peer provided no SASL mechanisms
[12:42:50] <edhelas> but not sure if it's related to my error
[12:42:51] anand вышел(а) из комнаты
[12:43:22] <zinid> why doesn't it accept your certfile?
[12:43:45] <edhelas> dunno yet
[12:43:59] <zinid> do you have several certfiles configured?
[12:44:05] debalance вошёл(а) в комнату
[12:44:10] <edhelas> nope
[12:44:12] <edhelas> https://check.messaging.one/result.php?domain=movim.eu&type=server
[12:44:48] kahlb вышел(а) из комнаты: Replaced by new connection
[12:44:52] kahlb вошёл(а) в комнату
[12:45:14] <zinid> Accepted inbound s2s EXTERNAL authentication movim.eu -> zinid.ru
[12:45:18] <zinid> your certfile is just fine
[12:46:17] <zinid> jabberpulsa.com is indeed rejecting my certfile too
[12:46:23] <zinid> but works via dialback
[12:46:27] <edhelas> mhhh
[12:47:17] <zinid> jabber.fr works
[12:47:22] <zinid> for me with recent ejabberd version
[12:48:12] <edhelas> is there a way to list s2s status in ejabberd ?
[12:48:20] <zinid> dunno ;)
[12:48:35] sergio вышел(а) из комнаты
[12:49:20] JabAlacer вышел(а) из комнаты
[12:50:46] <zinid> no, seems not
[12:51:38] <edhelas> erf
[12:52:03] badlop вошёл(а) в комнату
[12:52:33] <zinid> this won't help to debug connectivity problems anyway
[12:52:42] andrey.g вошёл(а) в комнату
[12:52:46] <zinid> there will be "disconnected" status or something, how does this help?
[12:53:47] <edhelas> still looking at the logs
[12:54:12] ileh вышел(а) из комнаты
[12:54:17] <zinid> grep 'jabber.fr', no? :)
[12:54:21] cippaciong вышел(а) из комнаты
[12:55:00] <zinid> ah, you have ecdh
[12:55:46] <edhelas> Aug 14 18:02:44 mod_s2s warn    s2s connect() to movim.eu (2a01:7c8:aab8:6b9:5054:ff:fec9:fd84:5269) failed: Network is unreachable
Aug 14 18:02:44 s2sout5635f4762ae0      info    Failed in all attempts to connect to movim.eu
Aug 14 18:02:44 s2sout5635f4762ae0      info    Sending error replies for 1 queued stanzas because of failed outgoing connection to movim.eu
Aug 14 18:02:44 s2sin5635f1ae8a30       info    Stream encrypted (TLSv1.2 with AES128-GCM-SHA256)
[12:56:14] <zinid> what is it?
[12:56:46] <zinid> ipv6 connectivity issue?
[12:56:46] linus вышел(а) из комнаты
[12:57:01] <edhelas> a part of log from goffi.org, one of the servers that have connectivity issue
[12:57:43] ileh вошёл(а) в комнату
[12:58:12] <zinid> I have no problems with it ;)
[12:59:08] sattellite вошёл(а) в комнату
[12:59:30] <zinid> does goffi.org support ipv6?
[12:59:47] <zinid> > telnet -6 2a01:7c8:aab8:6b9:5054:ff:fec9:fd84 5269
Trying 2a01:7c8:aab8:6b9:5054:ff:fec9:fd84...
telnet: Unable to connect to remote host: Network is unreachable
[13:00:07] <zinid> this happens when ipv6 is not configured
[13:01:00] <edhelas> yes but it should fallback to ipv4 no ?
[13:01:06] <zinid> yes
[13:01:17] <zinid> but it doesn't
[13:01:53] stian вошёл(а) в комнату
[13:03:41] sezuan вышел(а) из комнаты
[13:04:04] sezuan вошёл(а) в комнату
[13:05:31] JabAlacer вошёл(а) в комнату
[13:07:05] linus вошёл(а) в комнату
[13:07:38] <Holger> That's this Curve negotiation issue no?
[13:07:46] <Holger> edhelas: Why on earth do you *only* allow ECDHE?
[13:08:09] <edhelas> Holger, dunno
[13:08:12] <zinid> because quantum computers can break DH easily
[13:08:15] sattellite вышел(а) из комнаты
[13:08:20] <Holger> edhelas: I mean you configure super-strict TLS settings and then wonder that they're super-strict? :-)
[13:08:41] <edhelas> 'CERT_FILE': "/opt/ejabberd-17.07/conf/movim.includesprivatekey.pem"
  'DH_FILE': "/home/edhelas/dhparams.pem"
  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
  'TLS_OPTIONS':
    - "no_sslv2"
    - "no_sslv3"
    - "no_tlsv1"
    - "no_tlsv1_1"
    - "cipher_server_preference"
    - "no_compression"
[13:08:56] <Holger> zinid: Then again DH doesn't help in practice because Prosody doesn't enable that by default.
[13:09:03] <Holger> A sane set of ciphers helps :-)
[13:09:06] <Holger> edhelas: WTF.
[13:09:22] sattellite вошёл(а) в комнату
[13:09:27] <Holger> "HIGH:!aNULL:!3DES:@STRENGTH"
[13:09:30] <Holger> ... or something.
[13:09:40] <edhelas> O_o
[13:09:43] anand вошёл(а) в комнату
[13:10:07] <Holger> edhelas: 17.08 should fix the Curve negotiation issue.  But I'd still not use such a strict cipher set if I cared about communicating with others.
[13:11:32] <zinid> Holger: I read mod_push code, it's decent, thanks
[13:11:59] <zinid> Holger: the only thing I usually do is setting "Database failure" in err_internal_server_error()
[13:12:37] sattellite вышел(а) из комнаты
[13:13:26] <zinid> so, when a user reports this, the support guys know where to look at
[13:13:28] <Holger> I had proper error messages and then ditched them when I added caching support.
[13:13:37] <zinid> ah
[13:13:37] <Holger> I think I bugged you in 1:1 chat back then :-)
[13:13:39] kahlb вышел(а) из комнаты
[13:14:06] <Holger> I'm not sure how exactly I'm supposed to do that with ets_cache.
[13:14:20] <Holger> It seems to expect {ok, Result} | error.
[13:14:48] <Holger> Or maybe I misunderstood the idea.
[13:15:44] jere вошёл(а) в комнату
[13:16:22] <zinid> I usually return {ok, Result} | error | {error, db_failure}
[13:16:47] <zinid> in the case when {error, db_failure} is return, ets_cache does nothing, just returns this
[13:16:53] <Holger> Hm I must have another look.  I somehow got the impression that {error, db_failure} is unexpected.
[13:16:53] <zinid> *is returned
[13:16:54] <Holger> Ah.
[13:17:27] rom1dep вошёл(а) в комнату
[13:17:39] <zinid> always check mod_private :)
[13:17:43] <edhelas> zinid, Holger, was that, moved to lighter TLS_CIPHERS and everything works now
[13:18:26] <zinid> Holger: do you know if it's safe to have EC certificate?
[13:18:39] <zinid> will it work with legacy servers? like ejabberd 2.x or something
[13:18:56] <zinid> or legacy clients
[13:19:26] linus вышел(а) из комнаты
[13:19:40] <Holger> zinid: This is what triggered me to ditch error reasons: https://github.com/processone/cache_tab/blob/master/src/ets_cache.erl#L58
[13:19:45] <Holger> -type update_fun() :: fun(() -> ok | {ok, any()} | error).
[13:20:11] <zinid> well, yes, sorry for this ;)
[13:20:23] <zinid> but otherwise what should I write? -> any() ? :)
[13:20:33] <Holger> zinid: Not sure about EC certificates, sorry.
[13:20:45] <zinid> {ok, any()} | error | any() yields to just any()
[13:20:48] debalance вышел(а) из комнаты
[13:21:15] <Holger> zinid: Yes I think that's fine.  It doesn't help dialyzer but it documents usage.
[13:21:25] <Holger> OTP has such type specs as well.
[13:21:29] sattellite вошёл(а) в комнату
[13:21:56] linus вошёл(а) в комнату
[13:22:10] <Holger> zinid: And a type spec which I'm supposed to break is bad because dialyzer, no?
[13:22:42] <zinid> good question
[13:23:04] JabAlacer вышел(а) из комнаты
[13:23:11] sattellite вышел(а) из комнаты
[13:24:22] stian вышел(а) из комнаты: Connection failed: connection closed
[13:25:38] kahlb вошёл(а) в комнату
[13:38:40] SaltyBones вошёл(а) в комнату
[13:41:18] <SaltyBones> Holger, any ideas about the SQL errors?
[13:42:10] sattellite вошёл(а) в комнату
[13:42:24] <SaltyBones> edhelas: those cipher suites look fine, no clue why jabber.fr wouldn't accept one of those. :P
[13:44:07] <Holger> SouL: Sorry I missed them, what SQL errors?
[13:44:11] <Holger> (But I'm away for a while.)
[13:45:10] <SaltyBones> When I tried importing the ejabberdctl dump into sql I got syntax errors.
[13:45:42] <SaltyBones> "I don't understand why, though the line looks fine: delete from rosterusers where username='someuser' and jid='somebody@somehost.org';
Not that I would understand why it wants to delete something, anyway."
[13:46:53] sattellite вышел(а) из комнаты
[13:47:19] linus вышел(а) из комнаты
[13:48:24] ileh вышел(а) из комнаты
[13:48:39] debalance вошёл(а) в комнату
[13:48:54] ileh вошёл(а) в комнату
[13:55:30] linus вошёл(а) в комнату
[13:55:50] <zinid> SaltyBones: what database?
[13:56:50] sergio вошёл(а) в комнату
[13:59:03] <SaltyBones> I tried to convert mnesia to mysql.
[13:59:18] <zinid> how do you load sql file then?
[13:59:40] <SaltyBones> SaltyBones: You configure MySQL as described here: https://docs.ejabberd.im/admin/databases/mysql/
SaltyBones: Then you run "ejabberdctl export2sql example.com /tmp/example.com.dump" for each virtual host.  Then pipe the result into mysql and restart ejabberd.
[13:59:54] <SaltyBones> Those were Holger's instructions.
[14:00:22] <zinid> well there shouldn't be any syntax errors, maybe you're piping wrong
[14:00:33] <SaltyBones> just a second I'll show you
[14:00:35] sergio вышел(а) из комнаты
[14:00:57] <SaltyBones> mysql -h localhost -D ejabberd -u ejabberd -p < /tmp/jabbermnesiasql2.dump
[14:02:53] Psi-Jack вошёл(а) в комнату
[14:04:12] <zinid> I just checked, I have it working
[14:06:27] <SaltyBones> well, any ideas on how to debug this?
[14:07:22] Psi-Jack вышел(а) из комнаты
[14:08:39] linus вышел(а) из комнаты
[14:10:24] <zinid> by sequentially reducing the content of the SQL dump?
[14:10:50] <zinid> for example, leave only this line:
delete from rosterusers where username='someuser' and jid='somebody@somehost.org';
[14:10:56] <zinid> does it work?
[14:11:06] <zinid> if it doesn't then something is wrong is mysql probably
[14:13:21] <SaltyBones> looking at the file the line before that is not terminated by a semicolon
[14:14:04] SaltyBones adds one.
[14:14:10] sattellite вошёл(а) в комнату
[14:15:29] <zinid> how does this line look like?
[14:18:09] JabAlacer вошёл(а) в комнату
[14:19:33] <SaltyBones> insert into rostergroups(username, jid, grp) values ('nick', 'some@jid.org', 'Buddies');
[14:19:40] <SaltyBones> after I added the ;
[14:20:29] linus вошёл(а) в комнату
[14:21:22] <SouL> Holger :)
[14:22:49] <zinid> SaltyBones: I recall there was a bug with non-terminated SQL lines
[14:22:54] <zinid> SaltyBones: what ejabberd version?
[14:23:49] <SaltyBones> 17.04
[14:25:34] debalance вышел(а) из комнаты
[14:26:42] <zinid> ah
[14:26:46] <zinid> well, it's probably fixed
[14:28:52] sattellite вышел(а) из комнаты
[14:28:55] sattellite вошёл(а) в комнату
[14:31:41] <rom1dep> hi there, I'm trying to configure bosh,
I can reach https://myserver:5280/bosh, I get the greetings page,
because firewall, I'd like to proxify this access, so I added this to my apache24 conf:
```ProxyPass "/bosh/" "https://myserver.tld:5280/bosh/"
ProxyPassReverse "/bosh/" "https://myserver.tld:5280/bosh/"```
If I try to access https://myserver.tld/bosh/ I get an error 500.
On the ejabberd-side, I get this log entry:
[info] <0.4840.1>@ejabberd_http:init:149 started: {fast_tls,{tlssock,#Port<0.63620>,<<>>}}
[14:32:43] linus вышел(а) из комнаты
[14:33:06] <rom1dep> so, I guess, the proxy works, but something gets in the way?
I'm not so good at that and I can't even tell if it's on apache or ejabberd's side
[14:34:31] sattellite вышел(а) из комнаты
[14:37:43] <zinid> oh, bosh...
[14:39:26] jannic вышел(а) из комнаты: Replaced by new connection
[14:39:35] jannic вошёл(а) в комнату
[14:39:38] <rom1dep> btw, what's the difference between tls: true and starttls: true ?
[14:40:02] <zinid> tls is like https
[14:40:18] <zinid> while in starttls you first start an xmpp session then convert it to tls
[14:40:46] <SaltyBones> meaning that for starttls you use the same port as for an unencrypted connection
[14:40:56] SaltyBones вышел(а) из комнаты
[14:41:02] <zinid> yes
[14:41:31] <rom1dep> that was my guess, great
[14:43:03] <rom1dep> so, it does make sense to have such a configuration if I want my bosh kosher and ssl, does it?
https://code.tamytro.org/_admin/gists/Ves2f6jbLqZluKB4QVqx
[14:43:44] sattellite вошёл(а) в комнату
[14:44:20] debalance вошёл(а) в комнату
[14:44:31] <zinid> probably, I don't know if ejabberd_http works over ssl
[14:45:09] <Holger> It does, but not sure you need/want it on localhost.
[14:45:15] <rom1dep> from somewhere in the xep 206 , maybe not
Note: The client SHOULD ignore any Transport Layer Security (TLS) feature since BOSH channel encryption SHOULD be negotiated at the HTTP layer.
[14:45:41] <Holger> Huh.
[14:45:41] <zinid> rom1dep: you can configure TLS on apache
[14:46:31] stian вошёл(а) в комнату
[14:47:23] <rom1dep> I hate my life already…
[14:48:08] <Holger> rom1dep: Ah that sentence means you shouldn't do STARTTLS.
[14:48:16] <Holger> rom1dep: Plain HTTPS should work just fine.
[14:48:28] <Holger> rom1dep: But as I said I'd disable TLS for ejabberd's localhost listener.
[14:49:06] <Holger> It just burns a few CPU cycles for no reason.
[14:49:13] <zinid> memory mostly
[14:49:26] <zinid> 64k per connection, if you're lucky
[14:49:48] <rom1dep> Holger: so I should remove line5 in my gist, and proxify (from apache) only the incoming ssl?
[14:50:02] <Holger> rom1dep: Yes.
[14:50:09] <rom1dep> ok
[14:53:41] <zinid> Holger: could you please remind me the link to your PLAN about caps?
[14:53:49] sattellite вышел(а) из комнаты
[14:53:52] sattellite вошёл(а) в комнату
[14:53:56] <Holger> https://userpage.fu-berlin.de/holger/archive/pep.txt
[14:54:52] sattellite вышел(а) из комнаты
[14:56:00] <rom1dep> :/ I get the same 500 error
ejabberd's side: <0.5589.1>@ejabberd_http:init:149 started: {gen_tcp,#Port<0.64202>}
[14:56:44] <Holger> Apache's error log should tell you more.
[14:58:24] sergio вошёл(а) в комнату
[14:59:02] <zinid> Holger: still sucks
[14:59:04] jere вышел(а) из комнаты
[14:59:05] linus вошёл(а) в комнату
[14:59:17] jere вошёл(а) в комнату
[14:59:26] <zinid> Holger: having presence tracks per contact sucks
[14:59:47] <Holger> Yeah.  I'm not saying we want that, I'm just saying I see no other way to implement the XEP.
[15:00:06] <SaltyBones> zinid: so I should just update to a newer version?
[15:00:13] <zinid> SaltyBones: yes
[15:00:14] <Holger> And I'm a bit annoyed of how stuff breaks due to us not doing this.
[15:01:39] <zinid> can't we keep this gb_set inside c2s state?
[15:01:41] <rom1dep> gotcha, my ProxyPass rule redirected to https://<ejabberd> still after I removed tls support for it
[15:02:06] <Holger> zinid: Then my contacts won't get my avatar while I'm offline.
[15:02:48] <Holger> And can't send me OMEMO messages while I'm offline.  And I don't know.  This keeps popping up here and there.
[15:03:19] <zinid> why, can't you describe?
[15:05:12] <Holger> I thought you suggest keeping track of whether my contact already received my avatar in my c2s session?
[15:05:32] <Holger> So when there is no c2s session, we can't do that, no?
[15:06:07] <zinid> ah
[15:06:24] stian вышел(а) из комнаты: Connection failed: connection closed
[15:07:37] <zinid> but then the contact goes offline, we delete this record from the table, then (s)he goes online again and we resend avatars again? :)
[15:07:46] <Holger> Yes.
[15:07:48] <zinid> lol
[15:07:50] <Holger> That's what the XEP says.
[15:08:17] <zinid> so, on every reconnect I will receive all avatars from my contact?
[15:08:20] <zinid> *contacts
[15:08:30] <Holger> Nah well well we send filtered PEP notifications.  The avatar XEP avoids that traffic.
[15:08:48] <Holger> The avatar XEP defines two nodes.
[15:09:02] <Holger> One for the actual avatar and another one with metadata to check whether the avatar changed.
[15:09:20] <Holger> Clients would only auto-subscribe the latter.
[15:09:28] <Holger> And that's what they'd receive whenever they go online.
[15:09:38] <Holger> But that foo is avatar-specific :-)
[15:09:47] <zinid> still some traffic
[15:09:51] <Holger> Yes.
[15:10:04] <Holger> That's okay IMO.
[15:10:21] <Holger> It's just state you want to be up-to-date with when going online.
[15:10:30] <Holger> Like presence traffic or whatever.
[15:10:54] <Holger> I only disagree with keeping track of this on the sender's side.
[15:11:09] <Holger> But whatever.
[15:12:36] <zinid> this new caps table will be brutally loaded even with cache, hehe
[15:12:58] <zinid> you need to read on every presence
[15:13:40] <Holger> Yeah.
[15:13:48] <Holger> Make it optional?  If disabled you don't register the hook.
[15:14:06] <zinid> I think it doesn't make sense to make it optional
[15:14:11] sattellite вошёл(а) в комнату
[15:14:12] <zinid> we end up with it always enabled
[15:14:27] <zinid> avatars, omemo, then they invent something else
[15:14:37] <Holger> I thought for closed solutions.
[15:14:43] <Holger> Where you know that you don't do PEP.
[15:14:51] <Holger> Then again it won't be expensive there.
[15:16:04] debalance вышел(а) из комнаты
[15:17:07] <zinid> on the other hand, this new table looks like just a table for some pubsub node
[15:17:26] sattellite вышел(а) из комнаты
[15:17:27] <zinid> but only active one
[15:20:07] <Holger> Hmmm.  You mean we could just subscribe the contact to the desired PEP nodes on initial presence and unsubscribe him on unavailable?
[15:20:20] <Holger> Which is quite verbatim what the XEP says?
[15:20:36] <zinid> yes, I mean logically it looks like this
[15:21:11] SaltyBones вошёл(а) в комнату
[15:21:18] <zinid> I mean this is mostly pubsub's responsibility to track this table
[15:21:19] <zinid> not caps
[15:21:21] <Holger> The PubSub-subscribe event should already trigger sending the last item I think.
[15:21:28] <Holger> True.
[15:21:30] <Holger> Good point.
[15:22:03] <Holger> Never thought of this despite the XEP actually saying this quite clearly :-)
[15:22:05] <Holger> Might work.
[15:22:10] sergio вышел(а) из комнаты
[15:22:20] jeremy вошёл(а) в комнату
[15:22:59] <Holger> In practice it'll probably end up being more expensive though?
[15:23:09] <Holger> I mean you put load on SQL/whatever ...
[15:23:20] <Holger> And contacts remain subscribed when shutting down the server.
[15:23:30] <SaltyBones> is there any way to check which ciphers conference.siacs.eu allows?
[15:23:57] JabAlacer вышел(а) из комнаты
[15:24:09] <Holger> SaltyBones: https://check.messaging.one/result.php?domain=conference.siacs.eu&type=server will tell you (in 10 minutes or so).
[15:24:25] <SaltyBones> :)
[15:24:28] <SaltyBones> good idea
[15:24:40] <SaltyBones> although I think the server might be down somehow
[15:24:51] <Holger> Yes I think it's struggling.
[15:25:02] <SaltyBones> I can't even find a dns entry.
[15:25:26] <zinid> Holger: yes, but then we need to optimize it there, probably, dunno
[15:25:30] Holger установил(а) тему: .
[15:26:10] <zinid> and there is a problem with restarts, indeed
[15:26:18] <Holger> zinid: Yes I wouldn't avoid that because of DB load.  Not sure sure about how dangling subscriptions on server shutdown.
[15:26:19] <Holger> Yah.
[15:26:55] <zinid> but probably this is how pubsub's code should handle PEP in the first place, no?
[15:27:29] <zinid> I just don't know how it's implemented at the moment
[15:28:24] <zinid> I just see that utter trash in mod_pubsub and cry with bloody tears :)
[15:28:54] <zinid> where Host can be an LJID, lol, suggesting the code is shit
[15:28:55] <Holger> Sounds like an obvious solution yes.  Except that those implicit subscriptions are non-persistent per design so storing them to disk is somewhat wrong not only due to practical issues.
[15:29:26] <zinid> but still mod_pubsub's responsiblity, nothing prevents it from keeping RAM tables
[15:29:30] <Holger> Yes.
[15:30:24] Psi-Jack вошёл(а) в комнату
[15:30:25] linus вышел(а) из комнаты
[15:31:34] debalance вошёл(а) в комнату
[15:32:39] SaltyBones вошёл(а) в комнату
[15:33:16] SaltyBones вышел(а) из комнаты
[15:33:39] Psi-Jack вышел(а) из комнаты: unknown reason
[15:34:09] <zinid> probably mod_pubsub should keep a additional table for nodes with auto-subscriptions, like Node => SubscriberList
[15:34:24] vingausaid вышел(а) из комнаты
[15:34:44] <Holger> Sounds right.
[15:35:09] sattellite вошёл(а) в комнату
[15:36:29] <zinid> dunno how it's doable
[15:38:38] vingausaid вошёл(а) в комнату
[15:38:42] kahlb вышел(а) из комнаты
[15:39:09] kahlb вошёл(а) в комнату
[15:46:46] <SaltyBones> Which elliptic curves does ejabberd allow for ECDHE?
[15:47:18] SaltyBones вышел(а) из комнаты: Stream closed by us: system-shutdown
[15:48:00] SaltyBones вошёл(а) в комнату
[15:48:43] <Holger> 17.08 lets OpenSSL choose freely.
[15:48:43] SaltyBones вышел(а) из комнаты
[15:49:00] <Holger> This wasn't possible with old OpenSSL versions so we hard-coded a curve up until 17.07.
[15:49:10] <SaltyBones> hm
[15:49:34] <Holger> Now with 17.08 ECDH will just not work with those old OpenSSL versions.
[15:49:43] SaltyBones вошёл(а) в комнату
[15:49:51] <Holger> Just don't insist on ECDH.
[15:50:50] <SaltyBones> yeah, i don't anyway
[15:51:07] <SaltyBones> I do insist on (EC)DHE
[15:51:56] <SaltyBones> I suppose after switching to mysql I can delete the old mnesia db somehow, right?
[15:52:42] <Holger> Problem is that Prosody doesn't enable DH by default.
[15:52:47] <Holger> (DHE in OpenSSL-speak.)
[15:52:54] <debalance> Holger, so if I backport 17.08 to Jessie, where people can happily use ECDH atm with 16.09, I have a regression because it won't work anymore?
[15:53:00] <Holger> SaltyBones: Yes.
[15:53:12] <SaltyBones> Holger, which ones?
[15:53:41] <SaltyBones> Holger, that's just sad. But I'm not entirely convinced that's the problem with conference.siacs.eu
[15:53:55] <SaltyBones> according to
[15:53:59] <SaltyBones> https://check.messaging.one/result.php?domain=conference.siacs.eu&type=server
[15:54:10] <zinid> debalance: they can happily use ECDH until first prosody server is met with ECDH ;)
[15:54:11] <Holger> debalance: I think it will work with Jessie's OpenSSL.  Not 100% sure though.  Can check later.
[15:54:11] cippaciong вошёл(а) в комнату
[15:54:11] <SaltyBones> it has some ECDHE suites
[15:54:21] jeremy вышел(а) из комнаты: Machine going to sleep
[15:54:45] <Holger> SaltyBones: But it's using a different curve.  Won't work unless you're on 17.08.
[15:55:01] <Holger> SaltyBones: Don't insist on DHE/ECDHE :-)
[15:55:30] <Holger> Or upgrade.  But I'm not 100% convinced we'll all die whn using AES256-GCM-SHA384.
[15:55:43] Psi-Jack вошёл(а) в комнату
[15:55:59] <SaltyBones> I don't want to upgrade beyond package management. It's too annoying.
[15:56:58] <Holger> SaltyBones: Regarding Mnesia, if *everything* is in SQL now you can stop ejabberd, move the contents of the Mnesia directory elsewhere, and start ejabberd.
[15:57:20] <Holger> ejabberd will re-create the runtime tables it needs.
[15:57:56] <SaltyBones> that s /var/spool/jabber, right?
[15:58:04] <Holger> grep SPOOL_DIR=/ `which ejabberdctl`
[16:00:30] sattellite вышел(а) из комнаты
[16:00:30] SaltyBones вышел(а) из комнаты
[16:00:30] SaltyBones вышел(а) из комнаты
[16:00:58] <rom1dep> still in the middle of proxifying everything so it can work behind a bumb firewall, can I get the captcha negociation (for account registration) to work behind the web server as well? How to tell the client about the URL to be used?
[16:01:32] <Holger> You can proxy everything because neither the client nor ejabberd will notice.
[16:01:58] linus вошёл(а) в комнату
[16:01:59] <Holger> There's an option to specify the URL prefix ...
[16:02:23] <rom1dep> I see captcha_host
[16:02:33] <Holger> Sounds right.
[16:02:56] <Holger> It's called 'host' but it's an URL.
[16:03:03] <Holger> Just to confuse you.
[16:03:07] <rom1dep> hehe
[16:03:29] SaltyBones вошёл(а) в комнату
[16:04:16] SaltyBones вошёл(а) в комнату
[16:05:51] <SaltyBones> well, more lax cipher suites didn't help with the conversations muc
[16:05:54] <SaltyBones> ah well...
[16:06:32] <Holger> What ciphers have you tried?
[16:06:50] <SaltyBones>     ciphers:
      - "HIGH:!aNULL:!3DES:@STRENGTH"
[16:06:55] <Holger> Hm.
[16:06:55] <SaltyBones>     protocol_options:
      - "no_sslv3"
      - "no_sslv2"
      - "no_tlsv1"
      - "cipher_server_preference"
[16:07:27] <SaltyBones> although this might be c2s only
[16:07:37] <SaltyBones> I don't understand the syntax in the ejabberd.yml
[16:08:07] <SaltyBones> but then I have no specific ssl options for s2s anyway
[16:08:23] debalance вышел(а) из комнаты
[16:08:29] <Holger> s2s_ciphers: "HIGH:!aNULL:!3DES:@STRENGTH"
[16:08:46] <SaltyBones> ah there it is
[16:08:53] <SaltyBones> somewhere else in the config
[16:08:59] <SaltyBones> *sigh*
[16:11:09] <SaltyBones> well, still didn't help
[16:11:24] <Holger> Did you check your server on check.messaging.org?
[16:11:36] <rom1dep> Holger: so if I put "https://@@DOMAIN@@/captcha" instead of the current "@@DOMAIN@@:5280" that will tell the client to download the captcha from that URL?
But how/where do I tell ejabberd's server to still serve at 5280 so there is something behind the reverse when knocking at /captcha ?
[16:12:21] <rom1dep> wah, gajim absolutely destroyed my message, did you get something ?
[16:12:36] <Holger> You define a listener on port 5280.
[16:12:58] <rom1dep> ok, let's try it
[16:13:28] linus вышел(а) из комнаты
[16:13:45] <Holger> SaltyBones: Is there at least one cipher common with <https://check.messaging.one/result.php?domain=conference.siacs.eu&type=server#ciphers>?
[16:14:01] kahlb вышел(а) из комнаты
[16:14:07] cippaciong вышел(а) из комнаты
[16:14:14] <SaltyBones> oh, yeah there have been the entire time
[16:14:30] <Holger> No.
[16:14:44] <Holger> You said you only had ECDHE and DHE.
[16:15:01] <SaltyBones> it has ECDHE
[16:15:01] kahlb вошёл(а) в комнату
[16:15:02] <Holger> conference.siacs.eu doesn't do DHE, and the ECDHE curve is incompatible.
[16:15:09] <Holger> I told you twice by now.
[16:15:24] <SaltyBones> well, you didn't specifically say their curve is incompatible
[16:15:33] JabAlacer вошёл(а) в комнату
[16:15:39] <SaltyBones> but fine let me check again for non EC suites
[16:15:40] <Holger> 20170815T12:54:45Z 000 <Holger> SaltyBones: But it's using a different curve.  Won't work unless you're on 17.08.
[16:17:29] <SaltyBones> yes, AES256-GCM-SHA384 (0x9d) is in HIGH:!aNULL:!3DES:@STRENGTH and in their list
[16:17:47] <rom1dep> that seems to do the job, thanks!
[16:19:36] <Holger> debalance: Ah maybe you're right.  Seems you need OpenSSL 1.0.2.
[16:20:59] <Holger> debalance: The change is only in fast_tls.  Do you update that in backports?
[16:21:21] <debalance> yes I do
[16:21:27] linus вошёл(а) в комнату
[16:21:38] <debalance> but there's https://packages.debian.org/jessie-backports/openssl which I can depend upon
[16:21:45] <Holger> Ah.
[16:22:52] <debalance> are there any hard-compiled dependencies between fast_tls and opentls, or can it deal with different openssl versions at runtime?
[16:22:59] <Holger> SaltyBones: check.messaging.org verified that you're supporting that suite?
[16:22:59] tyu вышел(а) из комнаты
[16:22:59] mimi89999 вышел(а) из комнаты
[16:23:06] <debalance> *openssl
[16:23:31] <zinid> debalance: it can deal with any openssl >= 1.0.0
[16:23:45] <Holger> Not sure that's true.
[16:23:52] <zinid> well, in theory ;)
[16:23:56] <debalance> no matter which one was present at compile time?
[16:24:05] <zinid> I know there are only macro checks in the code
[16:24:08] <Holger> https://github.com/processone/fast_tls/blob/master/c_src/fast_tls.c#L60
[16:24:30] <Holger> If those boundaries are crossed it won't work.
[16:24:52] <zinid> why?
[16:24:56] <zinid> there is if-def
[16:24:59] <Holger> Simply because the OpenSSL versions aren't source-compatible ...
[16:25:09] <Holger> zinid: Yes that's evaluated at compile-time.
[16:25:30] <zinid> ah
[16:25:36] <zinid> sorry, I misread about runtime
[16:25:56] <zinid> yes, you cannot change runtime versions
[16:26:34] <zinid> I don't even think how to make it possible
[16:26:41] <zinid> *don't even know
[16:27:01] kahlb вышел(а) из комнаты
[16:27:25] <debalance> It's alright, just wanted to know. So when I get around to backporting 17.08 to jessie-backports-sloppy I will (Build-)Depend on openssl ( >=1.0.2) from jessie-backports and all is well.
[16:27:26] <Holger> You can't.
[16:28:41] <Holger> Well or if you can figure out the version you can dlopen() libssl (rather than linking against it) and do different things depending on the version :-)
[16:33:19] cippaciong вошёл(а) в комнату
[16:33:59] debalance вошёл(а) в комнату
[16:35:18] kahlb вошёл(а) в комнату
[16:37:04] ileh вышел(а) из комнаты
[16:37:29] sattellite вошёл(а) в комнату
[16:40:51] <rom1dep> alright, now I'm struggling a little bit with mod_http_upload, I've set up a virtualhost for upload.myhost.tld. Before, the put_url was set to https://host:5443/upload
If I proceed with changing put_url: "https://upload.@HOST@" , and get_url: "https://upload.@HOST@" , what should I set, and where, so that the former urls like https://host:5443/upload/covfefe.jpg are still served?
[16:41:01] sattellite вышел(а) из комнаты
[16:41:08] stian вошёл(а) в комнату
[16:41:13] sattellite вошёл(а) в комнату
[16:41:47] <Holger> Just configure either ejabberd_http or your webserver to serve the files under that URL :-)
[16:42:52] <Holger> If your Apache has access to the uploaded files I'd just configure Apache that way.
[16:43:24] <rom1dep> well, ejabberd's listening to 5443, not apache, so I'll go for option 1
[16:43:58] <Holger> I'd tell ejabberd to only listen on localhost (and/or a different port) and Apache to listen on the external interface.
[16:44:03] <Holger> But whatever you like.
[16:44:04] <zinid> I have an impression that rom1dep every day configures his ejabberd server :)
[16:44:05] <rom1dep>     port: 5443
    request_handlers:
      "/upload": ejabberd_http_ws
→ something like that?
[16:45:08] <rom1dep> zinid, well, if you could make a new release every day, I would !
[16:45:37] <zinid> but why you configure http upload only today? :)
[16:45:46] <zinid> it's several years old
[16:45:58] <rom1dep> I'm just now preparing for the worst, it was on my plate for too long to have http_upload proxified for stupid firewalls
[16:47:41] <zinid> Holger: do you know if Daniel has any intentions to change UI in conversations?
[16:47:49] <rom1dep> zinid: it's been working since day one, but now I would rather stop generating URLs like https://host:5443 because that just don't work reliably for my family when traveling
[16:48:00] <zinid> rom1dep: ah, ok
[16:48:53] kahlb вышел(а) из комнаты
[16:51:31] <Holger> zinid: Not sure.  I guess you have something specific in mind?
[16:51:38] debalance вошёл(а) в комнату
[16:52:01] <Holger> He planned getting rid of that ... how do you call it ... swipe-in-the-conversation thing.
[16:52:11] <zinid> Holger: well, yes, better UI is definitely needed :)
[16:52:27] <Holger> That's one thing normal users stumble over.
[16:52:34] <Holger> (I like it personally though :-/)
[16:52:43] <zinid> swipe-in-the-conversation?
[16:53:28] <Holger> In the list of conversations, you see that corner of the last opened conversation on the right.
[16:53:36] <Holger> That confuses people.
[16:54:21] <Holger> There's a German fork which tries to improve a few things.
[16:54:49] <Holger> Inline videos/maps/whatnot, people can enlarge the avatars, everything more WhatsApp-like.
[16:55:07] <Holger> https://jabber.pix-art.de/ but the screenshots are old.
[16:55:15] <Holger> But it's not in the Play Store so doesn't help.
[16:55:34] <Holger> And the code is crap according to Daniel.
[16:57:43] <Holger> So I don't know.  He's probably open to suggestions but I feel he doesn't have a strong drive to apply major changes himself.
[16:58:04] sattellite вышел(а) из комнаты
[16:58:07] rozzin вошёл(а) в комнату
[16:59:54] <SouL> Users don't know if the code is crap :P
[17:00:09] <Holger> Yeah so they love that fork.
[17:00:18] <Holger> zinid: So is there specific things you hate?
[17:00:45] <Holger> I think _vt complained a lot too :-)
[17:03:39] <zinid> Holger: well, I was thinking to be more whatsapp'ish, yes, something which is more trendy, with better design, not only navigation
[17:03:44] linus вышел(а) из комнаты
[17:04:07] <zinid> even if we leave navigation alone, probably design can be improved, i.e. a "skin"
[17:04:29] ileh вошёл(а) в комнату
[17:04:48] <zinid> SouL: crappy code to degrade software eventually
[17:04:54] <zinid> *tends to degrade
[17:05:25] <zinid> and users will notice that, typically like lack of new features, because those are harder and harder to add
[17:05:55] debalance вышел(а) из комнаты
[17:09:36] <SouL> zinid, I totally agree with you.
[17:09:40] debalance вышел(а) из комнаты
[17:10:49] linus вошёл(а) в комнату
[17:11:54] debalance вошёл(а) в комнату
[17:14:45] <rom1dep> Holger: IIRC you had a gist somewhere with a config for apache?
[17:15:27] anand вышел(а) из комнаты
[17:16:38] sergio вошёл(а) в комнату
[17:16:48] <rom1dep> I think the best/cleanest way forwad would be to leave https://host:5443/upload be served by ejabberd for the leggacy stuff (=content which has been uploaded until today), and have https://upload.host be entirely managed by apache, for upload & serve
[17:17:19] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[17:17:24] stian вошёл(а) в комнату
[17:19:52] <Holger> rom1dep: As I said I think it's cleaner to use a web server for web server things :-)
[17:19:55] <Holger> But either way will work.
[17:20:00] <Holger> rom1dep: I'm using Nginx sorry.
[17:20:13] <Holger> ... for this proxying stuff.
[17:20:44] <zinid> Holger: will I benefit from mod_push when using conversations?
[17:20:52] <zinid> I don't see any problems right now
[17:23:29] <Holger> zinid: Conversations tries to keep a persistent connection open.  If it succeeds it won't use push notifications.  If it fails it will.
[17:23:39] <rom1dep> > As I said I think it's cleaner to use a web server for web server things :-)
Yup that's what I'm up to right now, I used to have ejabberd for that, I'll keep it for the legacy content, and then get rid of it. Apache will be the front for everything else
> I'm using Nginx sorry.
Too bad, I was sure I had seen a gist for apache, maybe not from you
[17:23:57] <Holger> zinid: It can fail on Android 6/7 (unless you put the app on some "battery optimization" whitelist).
[17:24:12] <Holger> And then push notifications will fix that, yes.
[17:24:18] <zinid> ok
[17:24:44] <Holger> And yes I agree regarding a new 'skin'.
[17:26:22] sezuan вышел(а) из комнаты
[17:27:04] <zinid> even though he's ok with the current one, skin needs to be updated from time to time, to be "refreshed", that's what everybody does ;)
[17:28:43] <zinid> hiring a qualified designer maybe? :) this can be fund-raised
[17:29:05] <zinid> whatever
[17:29:50] <Holger> Yes you need a designer to get something sane.
[17:29:56] <Holger> I'll go on his nerves and ask him :-)
[17:30:00] <zinid> thanks ;)
[17:30:14] <zinid> I think he will collect needed amount easily
[17:30:51] <Holger> I dunno we never explicitly talked about it but my feeling is that he was interested in UI stuff initially, then he was happy with it at some point and since then focusses on protocol stuff because that's more fun to work on.
[17:31:10] <zinid> ha, no surprise ;)
[17:31:13] <Holger> But no idea, just my impression.
[17:31:24] <zinid> protocol is a geeky stuff, and UI is for pussies :P
[17:31:55] <zinid> that's why I'm talking about fund-raised designer
[17:32:16] <Holger> Well his initial motivation to was to create a client with a proper UI.
[17:32:25] <Holger> But now the focus seems more geeky yes.
[17:32:37] <zinid> yes, I have understood that ;)
[17:34:00] <Holger> I don't think fund-raising works well though.
[17:34:18] <zinid> why?
[17:34:31] <Holger> People don't pay :-)
[17:34:34] <zinid> the software is quite popular in narrow circles :)
[17:34:57] <Holger> I guess this is the most successful bounty: https://www.bountysource.com/issues/18153806-support-audio-video-calls-encryption
[17:35:03] <Holger> Everyone wants A/V.
[17:35:10] <Holger> $565
[17:35:22] <Holger> Not sure a designer will even install the app for that money.
[17:35:23] <zinid> ah
[17:36:52] cippaciong вышел(а) из комнаты
[17:37:02] <rom1dep> my family isn't exactly geek, but they seem to like it as it is :)
[17:37:36] <zinid> my wife doesn't like it :(
[17:37:45] <zinid> no stickers, no push-to-talk
[17:37:57] <Holger> push-to-talk?
[17:38:01] <Holger> Doesn't it have that?
[17:38:07] <Holger> Or it's something else.
[17:38:16] <zinid> well, last time I checked it looked like shit
[17:38:27] <Holger> Ah.
[17:38:31] <zinid> you need to press like 10 buttons
[17:38:41] <Holger> Hm nah.
[17:40:06] <zinid> I'm looking at it right now and I don't see it
[17:40:18] linus вышел(а) из комнаты
[17:40:24] <Holger> But you have HTTP upload?
[17:40:36] <zinid> yes, I can send images
[17:41:07] <Holger> It's this paperclip knob and then "record audio" or something.
[17:41:08] rom1dep вышел(а) из комнаты
[17:41:33] <Holger> Or if that's the last thing you did you can press the send knob instead of typing a message.
[17:41:36] <Holger> Oh wait.
[17:42:14] <Holger> It uses the default Android audio recording thing / whatever.  If you don't have that plugin.  On some vendors no such recorder was available.
[17:42:19] <Holger> That's geeky I guess :-/
[17:42:26] <Holger> I think that fork I mentioned has it built-in.
[17:42:33] vingausaid вышел(а) из комнаты
[17:42:49] <zinid> in whatsapp you just press the button on the left of "input form", then talk, then release the button
[17:42:58] <Holger> "If you don't have that plugin."
[17:43:20] <Holger> I mean there's a Conversations plugin for that, and if you don't have it it falls back to the Android thing.
[17:43:20] <zinid> *on the right, sorry
[17:43:25] <JabAlacer> Holger, zinid: well I have used it with plugin but faced issues with family in playback even they had plugin...
[17:43:54] <Holger> zinid: Yes you're right WA is better.
[17:44:05] <SouL> Yeah, the voice plugin works really well
[17:44:13] <zinid> yeah, having that my wife talks with almost every contact using PTT, I think this is quite popular for non-geeks
[17:44:14] linus вошёл(а) в комнату
[17:44:38] <Holger> My kid does that all day with Conversations ;-)  But he has that plugin.
[17:45:05] <JabAlacer> debalance: when r u planning to backport to Jessie...???
[17:45:07] <Holger> And that costs $$$ again so not an option for 99% of people anyway.
[17:45:09] <zinid> yeah, installing plugins is very user friendly ;)
[17:45:22] <Holger> zinid: Yes yes it's unusable agreed.
[17:45:39] <Holger> zinid: He's motivation was splitting up permissions.  But who cares.
[17:45:55] <debalance> JabAlacer‎: first 18.08 must go to unstable, then migrate to testing, and then I can backport
[17:45:59] <debalance> *17.08
[17:46:06] <zinid> for example, for me: I don't even know where to get that plugin, I need to google a lot first, no regular user will do that
[17:46:10] vingausaid вошёл(а) в комнату
[17:46:20] <Holger> This is what I meant: https://play.google.com/store/apps/details?id=eu.siacs.conversations.voicerecorder
[17:46:38] <Holger> Yes users just won't know it exists.
[17:47:04] <zinid> well I have that "plugin" then
[17:47:08] <Holger> I mean on most devices there is the Android recorder.  But "most" ...
[17:47:19] <JabAlacer> debalance: so in a couple of months...??? As in testing it needs sime time...
[17:47:49] <debalance> a few weeks
[17:48:18] <JabAlacer> debalance: thanks... Awaiting then... :)
[17:48:27] <zinid> what's the difference between unstable and testing? were there cases when a package was not transitioned to testing?
[17:48:30] JabAlacer вышел(а) из комнаты
[17:48:33] JabAlacer вошёл(а) в комнату
[17:48:49] <debalance> once uploaded with medium priority, a package usually migrates to testing after 5 days if no bugs with severity > important have been found and it has been built for all architectures it was previously available for
[17:49:26] <debalance> low priority is 10 days, high prio is 3
[17:50:15] linus вышел(а) из комнаты
[17:51:22] cippaciong вошёл(а) в комнату
[17:51:49] <debalance> e.g. this package of mine is currently stuck in unstable, you see the reasons on the page: https://tracker.debian.org/pkg/ceres-solver
[17:52:12] <Holger> https://jabber.fu-berlin.de/share/holger/zs7mQHf46sUVDuN4/9VrgtNN7SwO4A1GMuA6h_Q.jpg
[17:52:35] <Holger> zinid: The second knob in that dropdown.
[17:52:47] <zinid> Holger: yes, I have that button too, I mean to say it's still not as usable as in whatsapp
[17:52:47] <Holger> zinid: You have it?  Just to understand the issue.
[17:52:49] <Holger> Ok.
[17:52:51] <Holger> Yeah.
[17:53:06] <Holger> Also see the same knob next to the text input in my screenshot :-)
[17:53:09] <Holger> But that's cheating.
[17:53:23] <zinid> so if you show it to someone who is using whatsapp, well, he won't accept it ;)
[17:53:30] <Holger> Yes.
[17:54:03] <zinid> that knob next to input starts google voice search for me
[17:54:07] <zinid> ah
[17:54:12] <zinid> voice recognition
[17:54:14] <Holger> Depends on settings.
[17:54:28] <zinid> yeah, settings...
[17:54:32] <Holger> I think by default it will be the last thing you did.
[17:54:40] <Holger> Take a photo, choose a photo, audio recording, ...
[17:54:54] <zinid> and voice recognition works terrible, at least for Russian
[17:54:57] <Holger> I changed it to always be 'audio recording' in the settings.
[17:55:08] <Holger> But that'
[17:55:14] <Holger> s a generic Android thing no?
[17:55:18] <Holger> I never do that.
[17:55:19] <zinid> yes, it is
[17:55:28] <Holger> But seems to work well for my wife.
[17:55:37] <Holger> She talks to her phone all day.
[17:55:52] <zinid> maybe German is better recognized, dunno
[17:56:18] <zinid> for example, google.translate tranlsates languages to English much better than to russian
[17:56:24] <zinid> I think it's the case here as well
[17:56:52] <Holger> Yeah though English is obviously always best-supported.  I translate stuff to English rather than German in Google translate as well.
[17:56:58] <Holger> Of course Russian might be worse, no idea.
[17:56:59] <zinid> yep
[17:58:06] sattellite вошёл(а) в комнату
[17:58:12] debalance вышел(а) из комнаты
[17:58:32] <zinid> your wife's name is Edna? :)
[17:58:45] <zinid> what's your kid's name?
[18:00:18] <Holger> Hah the screenshot.
[18:00:23] <Holger> Was wondering for a second :-)
[18:00:24] <Holger> Yes.
[18:00:27] JabAlacer вышел(а) из комнаты
[18:00:28] <Holger> His name is Béla.
[18:01:02] JabAlacer вошёл(а) в комнату
[18:01:06] <zinid> I hear this name first time ;)
[18:01:18] cippaciong вышел(а) из комнаты
[18:01:35] <Holger> Béla?  Hungarian.  Not too common in Germany either.
[18:01:35] <rom1dep> OK, I must be doing something extremely stupid here, but can't figure out what:
https://code.tamytro.org/_admin/gists/vRpUv2JKe7AULdEDtdng
[18:01:40] <zinid> ah
[18:02:06] <Holger> The first Dracula!
[18:02:08] <Holger> https://en.wikipedia.org/wiki/Bela_Lugosi
[18:02:47] <Holger> (Not the reason for our name choice ;-))
[18:03:18] debalance вошёл(а) в комнату
[18:03:37] rozzin вышел(а) из комнаты: Machine going to sleep
[18:04:02] <Holger> rom1dep: Teach Apache to forward the original Host: header.
[18:04:41] <JabAlacer> Holger: cute girl name... :)
[18:04:41] cippaciong вошёл(а) в комнату
[18:04:44] erik вышел(а) из комнаты: Connection failed: connection closed
[18:05:50] <Holger> JabAlacer: Not too common in Germany either.  Apart from my wife I mostly know it from US series where that name is commonly used old/ugly/frustrated women :-)
[18:05:59] erik вошёл(а) в комнату
[18:05:59] <zinid> yeah, sounds like a girl's name :P
[18:06:06] <Holger> Oh Béla?
[18:06:09] <zinid> yep
[18:06:10] <Holger> Yeah.
[18:06:13] kahlb вошёл(а) в комнату
[18:06:17] <Holger> Trailing "a" ...
[18:06:21] <zinid> yep
[18:06:44] <zinid> on the other hand, we have very popular men's name "Nikita"
[18:06:47] <rom1dep> https://upload.tamytro.org/a3849b367f4dd4cedd5ad6f64afa7645b7d4f834/ZXEq5IbNx3TqGZFY4fsdEQhMSE4903NnpAdJkGWE/nV8uw65xScOuTbmDbvsUnQ.jpg
[18:07:16] <JabAlacer> Holger: ya.. for sure not seems like a europeon name... ;)
[18:07:16] <Holger> And we have "Sascha" and a few others, but trailing "a" is girl-ish here too.
[18:07:23] <Holger> JabAlacer: Which one? :-)
[18:07:26] <Holger> Edna is Jewish.
[18:07:29] <rom1dep> are you guys seein' this?
[18:07:37] <zinid> rom1dep: a pen?
[18:07:39] <rom1dep> can I dance now ?
[18:07:47] <Holger> rom1dep: Ssssh we're talking about my family's names!!!!
[18:07:51] <rom1dep> zinid: happiest pen ever.
[18:08:05] <Holger> rom1dep: So problem solved?
[18:08:08] <zinid> rom1dep: I can imagine ;)
[18:08:10] <rom1dep> Holger: sorry, I'm 100 lines above
[18:08:11] sattellite вышел(а) из комнаты
[18:08:16] <Holger> :-)
[18:08:23] sattellite вошёл(а) в комнату
[18:09:05] <zinid> and how popular is Holger?
[18:09:13] <zinid> we *need* to finish the topic
[18:09:16] vingausaid вышел(а) из комнаты: Replaced by new connection
[18:09:17] <Holger> More popular but horrible :-)
[18:09:19] vingausaid вошёл(а) в комнату
[18:09:31] <JabAlacer> Holger: Bela doesnt seems be name of a europen girl... by the way my daughter is also Nabira... so 'a' is there...
[18:10:04] JabAlacer вышел(а) из комнаты
[18:10:22] <zinid> the conference full of old farts with kids and responsibilities, meh
[18:10:25] jeremy вошёл(а) в комнату
[18:11:22] <zinid> but probably rom1dep doesn't have kids, he spent half a day configuring apache ;)
[18:11:28] linus вошёл(а) в комнату
[18:11:50] cippaciong вышел(а) из комнаты
[18:11:53] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:11:55] erik вошёл(а) в комнату
[18:12:28] JabAlacer вошёл(а) в комнату
[18:13:33] sattellite вышел(а) из комнаты
[18:13:57] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:14:00] erik вошёл(а) в комнату
[18:14:31] <JabAlacer> rom1dep: I am traveling back to Pakistan for a couple of weeks. Let if know if u need something from there...
[18:14:52] <rom1dep> OK, caught-up. Béla would rather sound like a female name in France :)
[18:15:18] <rom1dep> zinid: yeah, I have a really messy life
[18:16:07] <Holger> rom1dep: Hehe "female name" seems to be the consensus.
[18:16:09] <Holger> Too late.
[18:16:33] <rom1dep> the worst being configuring Apache, of course, is there a stronger sign of decadence?!
[18:16:35] vingausaid вышел(а) из комнаты
[18:16:43] <Holger> He has a second name though, Quentin.  I think you have that in France as well.
[18:17:09] <Holger> And my first name is actually "Jeremy".  Can continue the name talk all day.
[18:17:35] <rom1dep> JabAlacer: I'll fly over your head towards China this weekend, let me know if you need something from there ^^
[18:18:10] sattellite вошёл(а) в комнату
[18:18:10] <Holger> I'm flying to Iceland!
[18:18:14] <rom1dep> Yeah, Quentin is a nice common name
[18:18:39] <Holger> rom1dep: Pronounced quite differently over here though :-)
[18:18:46] <JabAlacer> rom1dep: Thaks man we already have alot of chinese back home these days due to projects etc.
[18:18:48] <rom1dep> you can hide your nationality quite well with such a name, using Holger, not so much ^^
[18:19:27] JabAlacer вышел(а) из комнаты
[18:19:34] JabAlacer вошёл(а) в комнату
[18:19:52] sattellite вышел(а) из комнаты: Replaced by new connection
[18:19:55] sattellite вошёл(а) в комнату
[18:20:01] caffey вышел(а) из комнаты
[18:20:32] kahlb вышел(а) из комнаты
[18:20:41] JabAlacer вышел(а) из комнаты
[18:20:45] <Holger> Indeed.  My full name (Jeremy Holger Weiß) works for confusing people though.  (English mother, German dad, and they chose names people totally fail at pronouncing in the other country.)
[18:20:48] JabAlacer вошёл(а) в комнату
[18:23:25] <zinid> that's why I prefer popular names and named my son with a popular russian name (Dmitry)
[18:23:31] <rom1dep> yeah, don't tell me…, my name can't be pronounced correctly by neither English, Germans, Italians, Arabs, Indians, Filippinos and Chinese (for what I care about in my current work environment), at least you have a fallback
[18:23:50] <rom1dep> I forgot Russians, also
[18:24:11] linus вышел(а) из комнаты
[18:24:14] <Holger> zinid: So what's the name of your wife!
[18:24:23] <zinid> Elena
[18:24:46] <zinid> popular too
[18:24:47] <rom1dep> zinid: Dimitri ← [fr_FR Approved]
[18:25:03] <zinid> https://en.wikipedia.org/wiki/Dmitry
[18:25:04] <Holger> Hehe yes would be Dimitri here as well :-)
[18:25:07] <JabAlacer> zinid: Dmitry is used in every 3rd Hollywood Movie..  ;)
[18:25:12] <Holger> rom1dep: And what's your name!
[18:25:16] <Holger> Names names names.
[18:25:32] <Holger> zinid: And is your name Evgeny or Evgeniy?
[18:25:36] <zinid> JabAlacer: I think Hollywood guys read wikipedia ;)
[18:25:41] <zinid> Holger: ha
[18:25:55] <zinid> from wikipedia:
Евгений (transliterated as Evgeni, Evgeniy, Evgeny, Evgenii, Evgueni, Eugeny, Eugeniy, Ievgeny, Jevgeni, Jevgeny, Yevgeny, Yevgeni, Yevgeniy, in German often as Jewgenij or Jewgeni)
[18:25:59] <zinid> so go figure :/
[18:26:06] <Holger> Haha.
[18:26:17] sattellite вышел(а) из комнаты
[18:26:18] hlad вышел(а) из комнаты
[18:26:19] <Holger> "in German often as Jewgenij" WTF?
[18:26:21] <Holger> Never seen that.
[18:26:40] <rom1dep> Holger: https://fr.wikipedia.org/wiki/Romain_(pr%C3%A9nom)
[18:26:49] JabAlacer вышел(а) из комнаты
[18:26:58] JabAlacer вошёл(а) в комнату
[18:27:01] <Holger> The first three transliterations feel familiar.
[18:27:09] mimi89999 вошёл(а) в комнату
[18:27:25] <rom1dep> I was hoping the wiki page to have a button where one could listen to the proper pronunciation, but noes
[18:28:29] sattellite вошёл(а) в комнату
[18:29:03] <mimi89999> Holger: What happened to the subject?
[18:29:09] <zinid> Holger: I used to us Evgeniy, but people messed i with y: Evgenyi, so I dropped "i" (wikipedia approved)
[18:29:17] <zinid> *used to use
[18:29:17] caffey вошёл(а) в комнату
[18:29:50] <Holger> rom1dep: Ah! Roman is common here but yes pronunciation will be totally different of course.  Then again I guess absolutely everything is pronunced completely wrong by non-French people :-)
[18:30:01] <Holger> zinid: Ah.  I'll fix my roster then :-)
[18:30:09] <Holger> mimi89999: Dunno.
[18:30:19] sattellite вышел(а) из комнаты
[18:30:22] <zinid> Holger: choose wisely (from that wikipedia's list) :D
[18:30:33] sattellite вошёл(а) в комнату
[18:30:36] <zinid> Jewgenij probably :D
[18:31:03] <Holger> Yevgeniy looks nice as well.
[18:31:55] <mimi89999> Holger: Why is it "."!
[18:31:56] <zinid> Евгений looks better :P
[18:32:00] mimi89999 вышел(а) из комнаты
[18:32:01] Holger вошёл(а) в комнату
[18:32:11] mimi89999 вошёл(а) в комнату
[18:32:21] <zinid> not sure if you have fonts to display this :D
[18:32:33] <Holger> > ??????? looks better :P
[18:32:41] <zinid> :(
[18:32:46] Holger should really switch to UTF-8 one day.
[18:33:00] <Holger> Yeah that's just my ancient Latin-9 terminal.  Would be fine in a GUI client.
[18:33:32] Holger вышел(а) из комнаты: offline
[18:33:37] Holger вошёл(а) в комнату
[18:33:51] <Holger> > Holger has set the subject to .
[18:33:52] <Holger> Wat.
[18:34:08] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:34:10] erik вошёл(а) в комнату
[18:34:18] <mimi89999> 😂😂😂😂
[18:34:20] Holger установил(а) тему: Names, names, names, ...
[18:34:24] <edhelas> you made a point here
[18:34:27] <Holger> !
[18:34:33] <mimi89999> Best subject I ever saw
[18:34:40] <edhelas> straight to the point
[18:34:47] caffey вышел(а) из комнаты
[18:35:03] <rom1dep> ^^
[18:35:06] JabAlacer вышел(а) из комнаты
[18:35:09] JabAlacer вошёл(а) в комнату
[18:35:57] <edhelas> maybe it's to say that erlang is finished
[18:36:08] <edhelas> no new releases, we've reached the final 1.0 version
[18:36:13] vingausaid вошёл(а) в комнату
[18:36:35] Holger вышел(а) из комнаты
[18:36:47] vingausaid вышел(а) из комнаты
[18:37:00] <zinid> ejabberd != erlang :)
[18:37:31] <Holger> syntax error before: '='
[18:37:49] vingausaid вошёл(а) в комнату
[18:38:24] <edhelas> oh yeah
[18:39:00] debalance вышел(а) из комнаты
[18:40:07] caffey вошёл(а) в комнату
[18:40:09] sattellite вышел(а) из комнаты
[18:40:29] sattellite вошёл(а) в комнату
[18:40:36] <zinid> what, lua is not much more popular btw ;)
[18:40:45] <zinid> also, lua as a server-side language? wtf?
[18:41:36] <mimi89999> Lua is great! Ash MattJ or Zash.
[18:41:38] <Holger> edhelas would implement a server in PHP, of course.
[18:41:49] debalance вошёл(а) в комнату
[18:41:57] jannic вышел(а) из комнаты
[18:41:58] <zinid> ah, you take the lovely language and write in it
[18:42:03] <zinid> that's not how it works ;)
[18:42:30] <zinid> you have a task and choose a language for this task
[18:42:32] <Holger> mimi89999: I think it's great indeed, as long as you don't start writing internet servers using Lua :-)
[18:42:35] <zinid> but whatever ;)
[18:42:49] <mimi89999> Names, names, names... ?
[18:42:58] <mimi89999> What's that subject?
[18:43:02] <zinid> mimi89999: Erlang, Lua, PHP
[18:43:20] <zinid> I bet there are people with such names ;)
[18:43:22] <mimi89999> I like Lua
[18:43:32] <zinid> nobody says lua is bad
[18:43:32] <Holger> Me too.
[18:43:40] <rom1dep> oh, funny it seems my python bot running on top of sleexmpp can't do much anymore after the update
ERROR    sleekxmpp.xmlstream.xmlst CERT: Invalid certificate trust chain.
[18:43:41] <Holger> I wrote stuff in Lua long before Prosody existed :-)
[18:43:43] <zinid> lua is bad for writing server-side software
[18:43:50] jannic вошёл(а) в комнату
[18:43:56] <Holger> It's just not designed for internet services.
[18:44:17] sattellite вышел(а) из комнаты: Replaced by new connection
[18:44:19] sattellite вошёл(а) в комнату
[18:44:26] Holger вошёл(а) в комнату
[18:44:58] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:45:00] <mimi89999> And Erlang?
[18:45:01] erik вошёл(а) в комнату
[18:45:35] <Holger> I don't think Prosody people will disagree.  They just like it so much that they accept the additional cost of working around the limitations for this use case (e.g. coping with non-parallelism, fixing socket libraries, ...).  While I wouldn't accept that trade-off.
[18:46:00] <Holger> Erlang is precisely done for this sort of use-case of course.
[18:46:07] <Holger> While it sucks at everything else :-)
[18:46:36] <mimi89999> 😂
[18:46:38] <zinid> yes, nobody writes GUI in erlang for example (except server configurators)
[18:47:06] <Holger> Using Lua for a chat server is a bit like using Erlang for a web browser.
[18:48:14] <zinid> I would also say that Erlang has even more narrow niche: where you need to keep a lot of connections with complex logic
[18:48:21] linus вошёл(а) в комнату
[18:48:28] <zinid> so for example not very well designed for http proxies or something
[18:49:36] <zinid> but still it's better to use Erlang for http proxy than Lua ;)
[18:50:04] <Holger> Yeah.
[18:51:19] <zinid> I'm actually a fan of highly specialized languages
[18:51:46] <zinid> the problem everybody wants to concurr the world, so we have mostly general-purpose languages
[18:52:21] <Holger> Lua's niche is also quite narrow in practice.  It really shines as an extension/scripting language for your C/C++ application.  For non-trivial standalone apps I'd usually prefer Python or whatever due to being more powerful and having way more/better-tested libraries available.
[18:53:02] erik вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:53:05] erik вошёл(а) в комнату
[18:53:48] <Holger> Or e.g. NetBSD is supporting Lua in the kernel, for packet filter rules and stuff.
[18:53:56] <zinid> yep
[18:55:35] <rom1dep> I had Lua on my calculator 10 years ago
[18:55:37] <rom1dep> it was brilliant
[18:56:24] XEP_Translator вошёл(а) в комнату
[18:56:50] edhelas is sarting to rewrite ejabberd, the fork is called pjabberd
[18:56:58] <edhelas> *starting
[18:57:16] <zinid> p* ?
[18:57:19] <Holger> PHP
[18:57:22] <zinid> ah
[18:57:31] <zinid> phabberp
[18:57:51] <edhelas> phrosody
[19:02:16] sattellite вышел(а) из комнаты
[19:02:38] <zinid> btw, is prosody under active development?
[19:02:46] <zinid> last commit in trunk is 2 weeks ago
[19:03:16] linus вышел(а) из комнаты
[19:03:32] <Holger> I think development is declining for quite a while now.
[19:03:36] <rom1dep> dude, it's summer, people are tannig on the beach, not coding nor configuring apache!
[19:04:14] <Holger> Matt seems to be distracted, waqas too(?), Zash is still committing.
[19:04:22] <Holger> Nah it's been that way before this summer.
[19:04:31] <zinid> Holger: looks like a couple of commits per week or so
[19:04:40] <zinid> ejabberd has several commits per day
[19:04:49] <rom1dep> it seems I can't join conversations@conference.siacs.eu, am I the only one ?
[19:05:13] <zinid> ciphers again?
[19:05:34] <rom1dep> 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
[19:05:40] <Holger> Sigh.
[19:05:52] <zinid> :D
[19:05:55] <edhelas> EDH!DES!LAS
[19:06:16] Holger установил(а) тему: Use this: "HIGH:!aNULL:!3DES:@STRENGTH"
[19:06:28] <edhelas> Holger, is there some official XSF statement regarding thos ciphers by the way ?
[19:06:41] <edhelas> looks like I'm not the only one to have messed up the config
[19:06:44] <edhelas> *those
[19:06:57] <zinid> I think the statement would be "ECDH"
[19:07:13] <zinid> other things can be broken by quantum computers
[19:07:54] <zinid> very risky
[19:08:05] <zinid> every kid has a quantum computer at home nowdays
[19:08:12] <edhelas> are you planning to release ejabberd Quantum Edition ?
[19:08:32] <zinid> edhelas: yes, very expensive
[19:08:45] <edhelas> TAKE MAH MONY §§§
[19:09:02] <zinid> I would suggest to provide TLS only in commercial edition :)
[19:09:15] <zinid> but nobody will buy that :(
[19:09:17] <edhelas> SSLv3
[19:10:14] <rom1dep> https://upload.tamytro.org/a3849b367f4dd4cedd5ad6f64afa7645b7d4f834/rEJxK4jH8xzVm6AtlSduXx9KmcVBHvPBhioRGLsg/ciphers.png
[19:10:17] cippaciong вошёл(а) в комнату
[19:10:37] <Holger> rom1dep: See the topic.
[19:10:39] <rom1dep> that's my bible for configuring ejabberd, just keep it up to date!
[19:10:45] <Holger> I only communicate via the topic these days.
[19:10:49] <rom1dep> hahaha
[19:11:39] <Holger> Oh you meant the left windows not the right one? :-)
[19:11:46] <Holger> s/windows/window/
[19:12:36] <zinid> hg?
[19:14:12] <rom1dep> Holger: I mean, ejabberd.yml.example was modified twice between 17.07 and 17.08 and it was you, and I trusted you! ^^
[19:14:15] <zinid> Holger: however, we probably need to fix cipers in ejabberd.yml
[19:14:33] <zinid> somebody, please create a PR, I'm lazy as fuck
[19:14:35] <rom1dep> the real point being, I'm just using the default config
[19:14:49] <rom1dep> zinid: yep, hg
[19:15:01] <zinid> rom1dep: because of better GUI?
[19:15:05] <Holger> zinid: Or just use a sane default in the code?
[19:15:20] <Holger> Then again this ECDH issue is gone with 17.08.
[19:15:52] <Holger> #define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"
[19:15:54] <rom1dep> zinid: better GUI, better CLI for sure, and revsets
[19:16:02] <Holger> This won't make crypto-nerds happy :-)
[19:16:05] <zinid> Holger: but guys have issues with 17.08 here, no?
[19:16:11] <Holger> Really?
[19:16:24] <zinid> dunno, I thought everybody is on 17.08 here
[19:16:24] <Holger> rom1dep: Are you running 17.08 already?
[19:16:34] <Holger> rom1dep: And failing to join the Conversations room?
[19:16:37] <rom1dep> https://check.messaging.one/result.php?domain=tamytro.org&type=server#protocols
[19:16:49] cippaciong вышел(а) из комнаты
[19:16:50] <Holger> Ah!
[19:16:55] <zinid> lol
[19:16:56] <Holger> 17.08 and old OpenSSL.
[19:16:57] <Holger> Sigh.
[19:17:30] <zinid> BOGUS DNSSEC
[19:17:32] <zinid> lol
[19:17:38] <Holger> Okay the issue only goes away with 17.08 and a newer OpenSSL.
[19:17:40] <zinid> when you tried hard to secure but failed ;
[19:17:42] <zinid> :)
[19:18:35] <Holger> And TLS is not enforced for s2s.  So remote servers can choose between super-secure TLS ciphers or just not using TLS at all :-)
[19:19:02] <zinid> yeah, that's funny too
[19:19:26] <zinid> and also having dialback, but what if dns poisoning?
[19:19:40] sattellite вошёл(а) в комнату
[19:20:13] debalance вышел(а) из комнаты
[19:20:38] linus вошёл(а) в комнату
[19:21:15] <rom1dep> strange, I have Accepted outbound s2s EXTERNAL authentication tamytro.org -> conference.siacs.eu (78.47.217.197) but I'm still not in there
[19:21:30] rozzin вошёл(а) в комнату
[19:21:32] <zinid> inbound is failing
[19:22:52] <rom1dep> maybe it didn't timeout yet?
[19:23:04] <rom1dep> still not showing up in the log
[19:23:08] <zinid> do you have something in the log?
[19:23:24] <zinid> you can drop all s2s and retry
[19:23:37] <zinid> `ejabberdctl stop_s2s_connections` or something
[19:24:05] <rom1dep> byebye, then, I guess
[19:24:15] <zinid> no, why
[19:24:27] <zinid> it will be re-established
[19:24:47] sattellite вышел(а) из комнаты
[19:25:15] jere вышел(а) из комнаты
[19:26:46] <rom1dep> same thing
connection started, then 5s → accepted outbound → nothing
[19:27:12] kahlb вошёл(а) в комнату
[19:27:42] <zinid> do you have `Accepted connection IP1 -> IP2`?
[19:28:39] <zinid> I have everything working with this conference ;)
[19:30:00] rom1dep вышел(а) из комнаты: offline
[19:30:00] JabAlacer вышел(а) из комнаты
[19:30:06] JabAlacer вошёл(а) в комнату
[19:30:45] rom1dep вошёл(а) в комнату
[19:31:38] <zinid> rom1dep: btw, you don't have subdomains (*.tamytro.org) defined in your certfile ;)
[19:31:46] <zinid> but this is unrelated, jfyi
[19:31:53] XEP_Translator вышел(а) из комнаты: Stream closed by us: system-shutdown
[19:31:53] rom1dep вышел(а) из комнаты: Stream closed by us: system-shutdown
[19:31:53] rom1dep вышел(а) из комнаты: Stream closed by us: system-shutdown
[19:32:38] rom1dep вошёл(а) в комнату
[19:33:32] rom1dep вошёл(а) в комнату
[19:35:38] <rom1dep> it seems I only have outbonds showing-up in the logs
[19:35:53] <zinid> you should see my connections
[19:35:54] <zinid> zinid.ru
[19:36:29] <rom1dep> yep zinid.ru (198.211.126.52)
[19:38:55] <zinid> if you don't even have "Accepted connection", then probably the remote server doesn't even try to connect to you
[19:41:38] linus вышел(а) из комнаты
[19:43:18] <rom1dep> https://code.tamytro.org/_admin/gists/mfu9rVzKwLmeZu4S3EfM ← grep of my logs for siacs.eu
[19:44:10] hlad вышел(а) из комнаты: Replaced by new connection
[19:44:11] linus вошёл(а) в комнату
[19:44:16] hlad вошёл(а) в комнату
[19:46:15] SouL вошёл(а) в комнату
[19:46:33] <zinid> try to drop all s2s, then try to connect to conference.siacs.eu only and then grep for 78.47.217.197
[19:46:41] andrey.g вышел(а) из комнаты
[19:46:48] <rom1dep> OTOH it seems I'm S2S-ing just fine with jabberfr.org, so maybe it's something else?
[19:47:03] <zinid> and what about jabber.fr?
[19:47:30] <rom1dep> any muc to recommand?
[19:47:42] <zinid> not muc
[19:47:46] <rom1dep> oh
[19:47:58] <zinid> people with ciphers problems failed to connect to jabber.fr entirely
[19:48:19] <zinid> just disco it
[19:48:40] <rom1dep> https://upload.tamytro.org/a3849b367f4dd4cedd5ad6f64afa7645b7d4f834/e6gfJxInVOqSIFRnxWrlslpcymfAdtLpbf9Xlrwf/s2s.png
[19:49:07] debalance вошёл(а) в комнату
[19:49:09] SouL вышел(а) из комнаты
[19:49:27] <zinid> so it works?
[19:49:50] <rom1dep> iif it's listed, it does, isn't it?
[19:50:03] <zinid> dunno
[19:50:13] <zinid> I don't know what list it is ;)
[19:50:20] kahlb вышел(а) из комнаты
[19:50:38] <rom1dep> the list of ongoing s2s ?
[19:50:48] <rom1dep> I can disco jabber.fr
[19:50:57] <zinid> ok, if you can disco it, then it's fine
[19:51:00] <Holger> But Conversations room still doesn't work?
[19:51:05] <zinid> Holger: yep
[19:51:10] sattellite вошёл(а) в комнату
[19:51:15] <rom1dep> conversations room still doesn't work
[19:51:17] kahlb вошёл(а) в комнату
[19:51:18] <Holger> Maybe the crap Prosody bug.
[19:51:19] <rom1dep> and I can't disco siacs.eu
[19:51:47] <zinid> me too actually
[19:51:51] <Holger> Where it's hanging in an old connection attempt and fails to recover from that.
[19:52:19] <Holger> Hm I'm in the room.
[19:52:21] sergio вышел(а) из комнаты
[19:52:46] <zinid> Holger: well the conference works for me too
[19:52:46] sattellite вышел(а) из комнаты
[19:52:55] <zinid> (from zinid.ru)
[19:53:10] <zinid> ah
[19:53:15] <zinid> and now it doesn't, lol
[19:53:30] <rom1dep> [info] <0.13924.1>@ejabberd_s2s_out:process_closed:161 Failed to establish outbound s2s connection tamytro.org -> push.siacs.eu: Connection failed: connection closed; bouncing for 226 seconds
[19:53:41] SouL вошёл(а) в комнату
[19:53:44] <rom1dep> seems flaky?
[19:53:58] <zinid> it doesn't work for me anymore too ;)
[19:53:59] <Holger> D'oh.
[19:54:05] <Holger> I'll ask Daniel.
[19:54:23] <rom1dep> [info] <0.14047.1>@ejabberd_s2s_out:process_closed:161 Failed to establish outbound s2s connection tamytro.org -> conference.siacs.eu: Connection failed: connection closed; bouncing for 43 seconds
[19:54:23] mimi89999 вышел(а) из комнаты
[19:54:31] <zinid> dropping s2s connections doesn't help
[19:54:43] <zinid> the prosody doesn't even attempt to TCP me
[19:54:56] <rom1dep> great, I'll grab a sandwich
[19:55:25] <rom1dep> and I changed my lovely ciphers for no good reason, THANK YOU
[19:55:27] mimi89999 вошёл(а) в комнату
[19:55:28] <rom1dep> ^^
[19:55:29] <Holger> push.siacs.eu is a standalone thing though.
[19:55:30] <zinid> The Prosody Bug (R)(TM)
[19:55:52] rom1dep вышел(а) из комнаты: Machine going to sleep
[19:56:03] debalance вышел(а) из комнаты
[19:56:08] JabAlacer вышел(а) из комнаты
[19:56:11] JabAlacer вошёл(а) в комнату
[19:56:30] <Holger> I mean conference.siacs.eu is Prosody, push.siacs.eu is a standalone server written in Java.
[19:56:48] SaltyBones вышел(а) из комнаты
[19:56:50] <Holger> So if both are broken that's weird :-)
[19:57:18] <zinid> now I cannot establish even outbound s2s
[19:57:39] <zinid> Failed to establish outbound s2s connection zinid.ru -> conference.siacs.eu: Connection failed: connection closed
[19:57:47] kahlb вышел(а) из комнаты
[19:57:49] <Holger> And Daniel is offline :-)
[19:58:06] kahlb вошёл(а) в комнату
[19:58:06] <zinid> just tell him to install ejabberd ;)
[19:58:39] <Holger> Yeah the plan is to move the room to conversations.im one day.
[19:59:06] debalance вошёл(а) в комнату
[20:00:12] jere вошёл(а) в комнату
[20:01:39] Eelco вышел(а) из комнаты
[20:01:48] <zinid> Holger: ah, and regarding that voip feature request: I cannot believe there are no SIP libraries in Java
[20:02:22] sergio вышел(а) из комнаты
[20:02:31] sergio вошёл(а) в комнату
[20:02:34] <zinid> but if you choose Jingle, then yeah, this will take eternity ;)
[20:02:39] <Holger> I'm sure there are.  But isn't it still a PITA to integrate this with XMPP in a robust way?
[20:02:42] <Holger> Yes :-)
[20:03:21] <Holger> For Conversations only Jingle makes sense I think.  I mean you want to call your roster contacts.
[20:04:06] <zinid> I recall @vt added SIP to tkabber in a few days or so
[20:04:09] <zinid> yeah, it was ugly, but worked
[20:04:22] <zinid> in Tcl/Tk, Carl
[20:04:40] rom1dep вышел(а) из комнаты: unknown reason
[20:06:10] rozzin вышел(а) из комнаты: Machine going to sleep
[20:06:55] rom1dep вошёл(а) в комнату
[20:08:15] <JabAlacer> Holger, zinid: Guys WhatsApp uses pjSip Libraries and ejabberd has the eSip plugin
[20:08:25] ileh вышел(а) из комнаты
[20:08:44] JabAlacer вышел(а) из комнаты
[20:08:51] JabAlacer вошёл(а) в комнату
[20:09:30] <zinid> no, we *NEED* Jingle
[20:10:10] ileh вошёл(а) в комнату
[20:11:08] rom1dep вошёл(а) в комнату
[20:11:26] sattellite вошёл(а) в комнату
[20:12:06] <zinid> I recall, back in the days, everybody were inventing their voip stacks
[20:12:20] <zinid> especially nat traversing
[20:12:27] <zinid> then they ended up with ICE
[20:12:29] <zinid> and then with SIP
[20:13:05] <JabAlacer> zinid: ok then we can take a look at the signal implementatiom by Moxie...as well as Jitsi.... the only xmpp client I know that does.VOIP using Jingle is AstraChat and it does it Peer to Peer...
[20:13:13] <zinid> modified of course (for example, with uPnP candidates for ICE), but still the base is standard
[20:13:38] <zinid> JabAlacer: I'm joking ;)
[20:13:51] <zinid> JabAlacer: hardcode xmpp nerds want Jingle
[20:13:53] <zinid> dunno why
[20:14:15] SaltyBones вышел(а) из комнаты
[20:14:16] <zinid> sip is much more well designed, scales better and has a tons of decent libraries
[20:14:19] <JabAlacer> zinid: But the Libs are not maintained anymore..
[20:14:28] Eelco вошёл(а) в комнату
[20:15:01] <zinid> and SIP is also an IETF standard, so wtf?
[20:15:07] <JabAlacer> Google has more or less abondoned the project and the next natural user need would be SRTP or ZRTP based encryption
[20:15:37] <zinid> I really don't know who needs zrtp, but whatever ;)
[20:15:42] <rom1dep> daniel's server seems to be down
[20:16:05] <JabAlacer> zinid: ya ... even the Vampires like C...co use SIP...
[20:16:33] ileh вышел(а) из комнаты: Replaced by new connection
[20:16:54] ileh вошёл(а) в комнату
[20:17:01] <zinid> because if you want standards, you use XMPP for chat and SIP for voip, as simple as that
[20:17:17] <zinid> SIP has failed as IM, XMPP has failed as voip, so what
[20:17:26] <JabAlacer> zinid: yup if its conversations OMEMO could work that way... but VOICE encryp through SRTP
[20:17:41] <Holger> zinid: Both have failed at both :-)
[20:17:57] <zinid> Holger: I mean RFC wise :)
[20:18:06] rom1dep вышел(а) из комнаты: unknown reason
[20:18:18] <Holger> So I add both your JID and your SIP number in my client?
[20:18:26] <Holger> That's horrible no?
[20:18:27] <zinid> no
[20:18:34] <Holger> *SIP address
[20:18:39] <Holger> Same address as JID you mean?
[20:18:42] <zinid> JID == SIP address
[20:18:45] <Holger> Hm ok.
[20:18:53] <zinid> there is CUSAX
[20:19:03] <zinid> https://tools.ietf.org/html/rfc7081
[20:19:15] rom1dep вошёл(а) в комнату
[20:19:27] <Holger> Ah.  Yeah I dunno maybe that's better.
[20:19:41] <zinid> actually ejabberd supports this RFC \m/
[20:19:46] <zinid> we need to document that!
[20:19:50] <Holger> I think nobody will implement any of that so it doesn't matter :-)
[20:19:56] <Holger> Cewl.
[20:20:04] <zinid> yea...
[20:20:57] <Holger> Yeah if JID == SIP address and auth/credentials are all integrated (also for STUN/TURN) then SIP is probably just fine.
[20:21:26] <Holger> Probably all quite easy to integrate if your XMPP server supports SIP + STUN + TURN ;-)
[20:21:46] <zinid> like ejabberd \m/
[20:23:11] <rom1dep> Well, wasn't stun/turn removed from the packages and default build a few months back?
[20:23:28] <zinid> it was
[20:23:43] <zinid> but mysql is not built by default, so what/
[20:23:44] <zinid> ?
[20:24:33] <zinid> if xmpp+sip+stun+turn was a standard deployment, nobody would remove them from default
[20:24:41] <rom1dep> if it's not distributed by default, some would come to the conclusion that it's not for people to use anymore
[20:24:59] <zinid> but it never used :)
[20:25:04] linus вышел(а) из комнаты
[20:25:56] <zinid> also, even if you compile it, default config didn't have it, so nobody knew about it anyway
[20:28:29] sattellite вышел(а) из комнаты
[20:28:36] cippaciong вошёл(а) в комнату
[20:30:04] <Holger> STUN/TURN/SIP auth won't work with SCRAM password storage so people go nuts again.
[20:30:06] mimi89999 вышел(а) из комнаты
[20:30:50] <zinid> Yeah
[20:30:57] <JabAlacer> zinid: well I think a lot of closed Source r uaing xmpp+stun+turn+sip... look at the "pryate messenger" they may be using ejabberd at backend or openfire... by the way Mogoneese is alsi ejabberd derriavate.. correct me if I am wring and our good friends at whatsapp use same..
[20:32:47] <zinid> Whatsapp started with ejabberd, no there is something very customized
[20:34:14] <Holger> https://mail.jabber.org/pipermail/jdev/2009-June/087710.html
[20:34:38] cippaciong вышел(а) из комнаты
[20:42:47] nabeel вышел(а) из комнаты
[20:43:18] <Holger> zinid: push.siacs.eu should look better now?
[20:51:16] linus вошёл(а) в комнату
[20:53:32] sattellite вошёл(а) в комнату
[20:53:40] sattellite вышел(а) из комнаты
[20:55:06] kahlb вышел(а) из комнаты
[20:56:13] Holger вышел(а) из комнаты: Replaced by new connection
[20:56:26] Holger вошёл(а) в комнату
[20:56:57] kahlb вошёл(а) в комнату
[20:56:57] rozzin вошёл(а) в комнату
[20:57:20] linus вышел(а) из комнаты
[20:58:52] <rom1dep> Holger: can join :)
[21:00:35] <rom1dep> is there a way to administrate user's subscriptions ?
[21:02:45] <Holger> Presence subscriptions?
[21:02:49] <JabAlacer> zinid: how movim has planned VOIP... are they using SIP or WebRTC...
[21:02:51] <Holger> ejabberdctl help add-rosteritem
[21:02:55] <rom1dep> yes
[21:03:14] JabAlacer вышел(а) из комнаты
[21:03:20] <rom1dep> the web admin would be perfect for that, if only it were consistent. I have users with rosters with pending=out, but when you look from the other side you can't aprove anything
[21:03:21] JabAlacer вошёл(а) в комнату
[21:03:22] <Holger> ejabberdctl help | grep roster t
[21:03:27] <Holger> ... to see the other commands.
[21:03:46] <Holger> Both on the same server?
[21:03:50] <rom1dep> yep
[21:04:31] nabeel вошёл(а) в комнату
[21:04:46] jere вышел(а) из комнаты
[21:05:24] <rom1dep> I've put my family members in a share roster group
[21:05:57] <rom1dep> maybe that adds another layer of bugs
[21:07:40] vingausaid вышел(а) из комнаты: Replaced by new connection
[21:07:41] vingausaid вошёл(а) в комнату
[21:09:26] <rom1dep> I have duplicates there
[21:09:53] andrey.g вошёл(а) в комнату
[21:10:12] <rom1dep> ejabberdctl get_roster g s
…
b both none F
b both none F
…
[21:10:53] <zinid> Holger: cannot check it, i'm afk
[21:11:08] <rom1dep> also, what is returned in the CLI is different form what is shown in the web UI
[21:12:07] <zinid> Mod_shared_roster is broken 😀
[21:12:48] <rom1dep> zinid: I will only be surprised the day you tell me something isn't broken :)
[21:13:18] <rom1dep> I just hope my fiddlin' in there didn't break too much
[21:13:26] jodok вышел(а) из комнаты: Replaced by new connection
[21:13:28] jodok вошёл(а) в комнату
[21:13:47] kahlb вышел(а) из комнаты
[21:14:39] sattellite вошёл(а) в комнату
[21:14:40] kahlb вошёл(а) в комнату
[21:15:33] <zinid> rom1dep: you just use some weird shit, like shared roster or pep😁
[21:15:47] <rom1dep> wait, do I use pep ?
[21:15:58] <rom1dep> the weidest shit I use is XMPP, I'd say
[21:16:29] <zinid> Yeah
[21:16:30] <rom1dep> tell me how I use pep, please, I'd like to know more and have more reasons to take my head in my hand!
[21:17:49] <zinid> Ah, that was sm - another weird shit 😊
[21:18:06] <zinid> Or carbons...
[21:18:50] <rom1dep> carbons is definitely weird shit
[21:19:04] <rom1dep> who would use more than one client in 2001, heh
[21:25:29] JabAlacer вышел(а) из комнаты
[21:25:47] debalance вышел(а) из комнаты
[21:27:23] <zinid> Like, almost everyone?
[21:27:53] <zinid> Whatsapp works on a single device only
[21:28:10] <rom1dep> I've seen it being used through a web UI
[21:28:41] <zinid> Is anybody using it? 😀
[21:28:45] <Holger> How often?  I think almost nobody is using the web thing.
[21:28:47] <Holger> Heh.
[21:29:07] JabAlacer вошёл(а) в комнату
[21:32:23] <rom1dep> I've seen a few colleagues using it at work
[21:32:38] <rom1dep> it seems people actually prefer a keyboard for typing, who would have known
[21:32:39] JabAlacer вышел(а) из комнаты
[21:32:46] JabAlacer вошёл(а) в комнату
[21:35:39] hlad вышел(а) из комнаты: Replaced by new connection
[21:35:45] JabAlacer вышел(а) из комнаты
[21:35:46] hlad вошёл(а) в комнату
[21:35:53] JabAlacer вошёл(а) в комнату
[21:38:59] JabAlacer вышел(а) из комнаты
[21:39:05] JabAlacer вошёл(а) в комнату
[21:39:30] JabAlacer вышел(а) из комнаты: Disconnected: Replaced by new connection
[21:39:33] JabAlacer вошёл(а) в комнату
[21:40:58] sattellite вышел(а) из комнаты
[21:42:43] <zinid> I actually use viber instead of whatsapp because it has decent desktop client
[21:42:50] Holger вышел(а) из комнаты: Replaced by new connection
[21:42:59] Holger вошёл(а) в комнату
[21:43:12] <Holger> Is it popular in Russia?
[21:43:29] <Holger> In Germany your contact list would be about as empty as with XMPP I think.
[21:44:25] <zinid> Not much, my wife has 100+ roster in whatsapp and only me in viber 😀
[21:44:33] <Holger> Hehe ok.
[21:46:15] <zinid> I could easily chat with her in xmpp, but i dont want her to suffer with conversations 😁
[21:46:56] <Holger> Heh I understand.
[21:47:06] <Holger> "Viber lost a little ground giving up its place as the number one messaging app in Albania, Iraq and Macedonia" -- https://www.similarweb.com/blog/popular-messaging-apps-by-country
[21:49:47] jodok вышел(а) из комнаты: Replaced by new connection
[21:49:51] jodok вошёл(а) в комнату
[21:50:45] Holger вышел(а) из комнаты
[21:50:54] debalance вошёл(а) в комнату
[21:51:58] <zinid> Like it had something to lose? 😁
[21:56:38] sattellite вошёл(а) в комнату
[22:00:02] linus вошёл(а) в комнату
[22:02:42] sattellite вышел(а) из комнаты
[22:06:14] mimi89999 вышел(а) из комнаты: Disconnected: Replaced by new connection
[22:06:17] mimi89999 вошёл(а) в комнату
[22:09:15] hlad вышел(а) из комнаты: Replaced by new connection
[22:09:22] hlad вошёл(а) в комнату
[22:10:29] JabAlacer вышел(а) из комнаты: Disconnected: Replaced by new connection
[22:10:32] JabAlacer вошёл(а) в комнату
[22:11:01] mimi89999 вошёл(а) в комнату
[22:13:34] cippaciong вошёл(а) в комнату
[22:17:04] rom1dep вошёл(а) в комнату
[22:17:38] <rom1dep> and now I'm playing with jsxc
[22:18:43] cippaciong вышел(а) из комнаты
[22:18:44] <rom1dep> it has MAM, and isn't terribly ugly
[22:20:34] <zinid> being not terribly ugly is indeed an achievement in XMPP ;)
[22:20:58] <zinid> just being slightly ugly is ok
[22:21:00] <rom1dep> :beer:
[22:21:06] cippaciong вошёл(а) в комнату
[22:21:08] <rom1dep> huhu, it has a beer sticker
[22:21:12] <rom1dep> the most wanted feature
[22:21:37] <zinid> this is just ":" + "beer" + ":"
[22:21:38] SouL вышел(а) из комнаты: offline
[22:21:56] <rom1dep> because you have a crap client, that's why. Don't be jealous.
[22:22:23] <zinid> test for crappiness
[22:22:31] <zinid> post the beer again plz
[22:22:41] <rom1dep> :coffee:
[22:23:07] debalance вышел(а) из комнаты
[22:23:14] <zinid> <message>
  <active xmlns='http://jabber.org/protocol/chatstates'/>
  <body>:coffee:</body>
</message>
[22:23:22] <zinid> yeah, "sticker"
[22:23:39] linus вышел(а) из комнаты
[22:23:47] <zinid> I have a personal sticker then
[22:23:49] <rom1dep> I see that you sent me a coffee back
[22:23:49] <zinid> :zinid:
[22:27:37] cippaciong вышел(а) из комнаты
[22:28:01] debalance вошёл(а) в комнату
[22:28:11] <rom1dep> that thing does phone calls over webrtc with STUN/TURN
[22:28:25] <zinid> nice
[22:28:31] cippaciong вошёл(а) в комнату
[22:28:43] <rom1dep> it be nice if ejabberd had it!
[22:29:19] <zinid> webrtc?
[22:29:35] <zinid> sip.js
[22:29:42] <zinid> it converts SIP to webrtc
[22:31:09] <zinid> can I try this jsxc?
[22:31:27] <zinid> ah, there is online demo
[22:35:36] kahlb вышел(а) из комнаты
[22:35:42] JabAlacer вышел(а) из комнаты
[22:35:48] JabAlacer вошёл(а) в комнату
[22:39:05] mimi89999 вышел(а) из комнаты: Disconnected: Received SIGTERM
[22:39:23] mimi89999 вошёл(а) в комнату
[22:40:45] mimi89999 вышел(а) из комнаты
[22:40:45] mimi89999 вышел(а) из комнаты
[22:40:49] <rom1dep> so, impressed?
[22:42:49] mimi89999 вошёл(а) в комнату
[22:44:49] mimi89999 вошёл(а) в комнату
[22:45:33] linus вошёл(а) в комнату
[22:45:56] <zinid> no ;)
[22:46:38] <rom1dep> I'd like to have enough webrtc stuff set up so I can try to have a phone call
[22:48:55] <zinid> I was checking my turn server using their tool
[22:49:00] <zinid> it worked
[22:49:04] <zinid> Time    Component    Type    Foundation     Protocol    Address    Port    Priority
0.004    1    host    0    UDP    192.168.1.1    38988    126 | 32512 | 255
0.005    2    host    0    UDP    192.168.1.1    58063    126 | 32512 | 254
0.166    1    srflx    1    UDP    31.181.95.173    38988    100 | 32543 | 255
0.168    1    relay    2    UDP    198.211.126.52    49707    5 | 32543 | 255
0.169    2    srflx    1    UDP    31.181.95.173    58063    100 | 32543 | 254
0.170    2    relay    2    UDP    198.211.126.52    55922    5 | 32543 | 254
0.170    Done
[22:49:30] sattellite вошёл(а) в комнату
[22:49:35] kahlb вошёл(а) в комнату
[22:50:32] <zinid> 170ms, not that bad
[22:51:05] cippaciong вышел(а) из комнаты
[22:51:07] <Holger> How is ejabberd involved with WebRTC?
[22:51:20] <zinid> is it involved?
[22:51:34] linus вышел(а) из комнаты
[22:51:42] <Holger> > it be nice if ejabberd had it!
[22:52:19] <Holger> I didn't get what ejabberd should "have".
[22:52:56] <rom1dep> pun regarding stun/turn being removed from the package
[22:52:59] <zinid> some javascript interface as I understand
[22:53:07] <Holger> Ah.
[22:53:11] <rom1dep> but apparently it's back
[22:53:13] <zinid> dunno actually
[22:53:49] <zinid> I know there is "sip.js" which converts a sip server into webrtc one
[22:53:57] <zinid> and now I repeat this :)
[22:54:18] <JabAlacer> https://www.html5rocks.com/en/tutorials/webrtc/infrastructure/
[22:54:46] <zinid> anyway, this test is passed by ejabberd: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
[22:55:33] <zinid> you can remove all servers, add "turn:xmpp.zinid.ru:3478", user: "stun", password: "stun" and check ;)
[22:55:42] mimi89999 вышел(а) из комнаты: Disconnected: Received SIGTERM
[22:56:08] mimi89999 вошёл(а) в комнату
[22:56:40] <Holger> Ah nice. I had a hard time finding usable ICE test suites a (long) while ago.
[22:56:47] mimi89999 вышел(а) из комнаты
[22:56:47] mimi89999 вышел(а) из комнаты
[22:58:42] mimi89999 вошёл(а) в комнату
[22:59:32] mimi89999 вошёл(а) в комнату
[22:59:45] <rom1dep> ok, so now my server answers to stun, time to read about turn, then ice, then webrtc
[23:01:30] <zinid>   -
    port: 3478
    module: ejabberd_stun
    transport: udp
    use_turn: true
    auth_type: user
    turn_ip: "public.ip.goes.here"
[23:01:58] <rom1dep> public.ip.of.what?
[23:02:09] <zinid> your ejabberd server
[23:03:59] JabAlacer вышел(а) из комнаты
[23:04:13] JabAlacer вошёл(а) в комнату
[23:04:45] <zinid> and you don't need to read about ice
[23:04:53] <zinid> it's pure client stuff
[23:04:54] sattellite вышел(а) из комнаты
[23:05:35] mimi89999 вышел(а) из комнаты
[23:05:44] mimi89999 вошёл(а) в комнату
[23:06:38] <rom1dep> auth_type: user
is there a need to have that?
[23:06:59] mimi89999 вышел(а) из комнаты
[23:07:05] <zinid> otherwise you can be exploited as a relay
[23:07:11] mimi89999 вошёл(а) в комнату
[23:07:26] <zinid> not very risky, but who knows
[23:07:31] kahlb вышел(а) из комнаты
[23:07:41] <rom1dep> I mean, IIUC, the whole idea is to knock at the server and for it to answer with your public IP, how can that be abused?
[23:07:50] <zinid> no
[23:07:56] linus вошёл(а) в комнату
[23:07:59] <zinid> TURN is about to relay voip stream data
[23:08:14] <zinid> quite a bit of traffic
[23:08:42] <zinid> but it's only used if you are behind retarded nat
[23:08:54] <zinid> "full cone" or something
[23:09:13] <zinid> modern routers all have good nat
[23:09:26] <rom1dep> so I could want to have STUN auth-less, and TURN with auth?
[23:09:32] <zinid> yep
[23:09:39] <rom1dep> how do I do that?
[23:09:58] <zinid> I think this is by default, no?
[23:09:59] sattellite вошёл(а) в комнату
[23:10:25] <zinid> I mean stun binding requests don't require authentication, even if auth_type: user is set
[23:10:35] mimi89999 вышел(а) из комнаты
[23:10:53] mimi89999 вошёл(а) в комнату
[23:11:10] <rom1dep> ok
[23:12:53] <rom1dep> nothing comes out of stun:xmpp.zinid.ru:5349 on your ICE testing page
[23:14:18] JabAlacer вышел(а) из комнаты
[23:15:21] SaltyBones вошёл(а) в комнату
[23:15:50] <zinid> 3478
[23:15:59] <zinid> not 5349
[23:17:08] SaltyBones вошёл(а) в комнату
[23:17:42] <rom1dep> 5349 is the same with tls, no?
[23:17:54] sattellite вышел(а) из комнаты
[23:20:22] sattellite вошёл(а) в комнату
[23:20:59] <rom1dep> also, turn:server:3478 should return something with any of my user's unsername+password?
[23:23:14] Marzanna вышел(а) из комнаты
[23:24:00] badlop вышел(а) из комнаты
[23:25:36] <zinid> rom1dep: yes
[23:28:55] <rom1dep> the auth seems to pass but the logs show an error
[23:29:37] sattellite вышел(а) из комнаты
[23:30:08] <rom1dep> 2017-08-15 22:29:17.833 [error] <0.15096.1>@ejabberd_listener:udp_recv:321 failed to process UDP packet:
** Source: {{2,50,19,11}, 56506}
** Reason: {badarg,[{erlang,iolist_to_binary,[[<<"user">>,58,<<"server">>,58,{scram,<<"stuff">>,<<"stuff">>,<<"stuff">>,4096}]],[]},{crypto,hash,2,[{file,"crypto.erl"},{line,225}]},{stun_codec,check_integrity,2,[{file,"src/stun_codec.erl"},{line,124}]},{stun,process,2,[{file,"src/stun.erl"},{line,241}]},{ejabberd_listener,udp_recv,3,[{file,"src/ejabberd_listener.erl"},{line,319}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
[23:30:16] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[23:30:22] stian вошёл(а) в комнату
[23:30:55] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[23:31:01] stian вошёл(а) в комнату
[23:36:01] sezuan вышел(а) из комнаты: Replaced by new connection
[23:36:07] sezuan вошёл(а) в комнату
[23:40:00] <zinid> scram
[23:40:02] <zinid> won't work
[23:40:49] sattellite вошёл(а) в комнату
[23:40:57] <rom1dep> what are the options ?
[23:41:08] <zinid> not using scram
[23:41:12] <zinid> or use anonymous
[23:41:19] jere вошёл(а) в комнату
[23:43:11] <rom1dep> what is recommended if not scram? sql ?
[23:43:19] <zinid> plain
[23:43:42] <zinid> this is auth_type global parameter or something
[23:44:02] <zinid> but since you already have scrammed passwords you have no way back
[23:44:19] <rom1dep> plain is openbar, I'd rather avoid that
[23:45:08] <zinid> then use anonymous auth type for turn
[23:46:01] debalance вышел(а) из комнаты
[23:46:17] <rom1dep> in theory, it should be possible to use the same type of hashing/xoring/whatevering that could make scram work with it, no ?
[23:46:25] <rom1dep> (hypothetically)
[23:46:32] <zinid> hypothetically? yes
[23:46:48] <zinid> if you write another auth scheme for turn and write an RFC for this ;)
[23:47:22] <zinid> currenty http-digest like authentication is used in stun/turn
[23:48:28] <rom1dep> so you only get a hash and you can't hash that to compare against your scram
[23:48:29] <rom1dep> gotcha
[23:48:36] <zinid> the main problem with scram is that you cannot share userbase with other applications
[23:50:01] <rom1dep> which is true for every service that has an auth but only stores a hash+salt of your password
[23:51:21] <zinid> yes
[23:52:01] <zinid> acutally, plain stored passwords is not a problem for you if you have different passwords per service (which you should)
[23:52:07] Holger вошёл(а) в комнату
[23:52:41] <rom1dep> me it's fine, but I can't control what my users put in there
[23:52:53] <zinid> you can
[23:53:01] <rom1dep> how?
[23:53:12] <zinid> you can bump required password entropy during registration
[23:53:55] <rom1dep> you mean, ask them to provide a long and complex password? How does that ensure that it's not the same as their main email?
[23:54:00] <zinid> yes
[23:54:36] <zinid> depending on entropy, if you require 160 bits... :D
[23:54:41] <Holger> You need a good password recovery service then though :-)
[23:54:44] <rom1dep> maybe I can also try to log into a few email providers and block the registration in case it works ^^
[23:55:05] <zinid> Holger: true
[23:55:27] <zinid> I personally use pwsafe, so I give a shit ;)
[23:55:47] <Holger> Hehe I use the same tool.
[23:55:50] <rom1dep> there is nothing that I hate more than receiving these emails:
Congratulations for creating a profile with us. As a memo here is your username, and this is the password you typed: username ; password
[23:55:52] <Holger> (And hate it.)
[23:55:52] <zinid> you can store my password as you wish, it's 160 bit unique piece of /dev/urandom :)
[23:56:26] kahlb вошёл(а) в комнату
[23:57:00] <rom1dep> is this a non-fancy version of keepass?
[23:57:09] <zinid> all those confirmation emails are really annoying when you use pwsafe
[23:57:20] <Holger> rom1dep: Yeah.
[23:57:24] <zinid> rom1dep: this is same shit, yes
[23:58:10] <rom1dep> k. Anyway, no service should be storing passwords in clear text
[23:58:33] <rom1dep> not before someone creates a mind-reading machine that ensures that no password is ever reused
[23:58:41] <zinid> then there should be a solution on using different applications on top of userbase
[23:58:47] <rom1dep> which, at this point, defeats the purpose of passwords as a whole

Powered by ejabberd - robust, scalable and extensible XMPP server