ejabberd - Monday, July 2, 2018

ejabberd

Monday, July 2, 2018< ^ >

zinid has set the subject to: ejabberd discussions: https://docs.ejabberd.im

Room Configuration

Room Occupants

GMT+0
[00:01:52] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[00:05:35] cippaciong leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[00:06:46] lorddavidiii leaves the room: Connection failed: connection closed
[00:11:00] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[00:19:09] lorddavidiii leaves the room: Connection failed: host is unreachable
[00:21:42] UsL leaves the room
[00:34:30] Odin leaves the room: Stream closed by us: Replaced by new connection (conflict)
[00:40:57] 4223 leaves the room
[00:59:51] beri leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[01:03:53] ingolf leaves the room
[01:27:50] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[01:28:12] holst leaves the room
[01:39:10] xinit leaves the room
[01:54:40] ata2001 leaves the room: Disconnected: closed
[02:11:20] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[02:21:55] xinit leaves the room
[02:28:00] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[02:32:48] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[03:06:43] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[03:13:26] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[03:17:45] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[04:05:31] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[04:06:04] Odin leaves the room: Stream closed by us: Replaced by new connection (conflict)
[04:29:59] adrien leaves the room: Stream closed by us: Replaced by new connection (conflict)
[04:30:05] Odin leaves the room: Stream closed by us: Replaced by new connection (conflict)
[04:30:33] Odin leaves the room: Stream closed by us: Replaced by new connection (conflict)
[04:30:41] Odin leaves the room
[04:33:13] ChaosKid42 leaves the room: Stream closed by us: Replaced by new connection (conflict)
[04:45:57] xinit leaves the room
[04:53:59] ChaosKid42 leaves the room
[04:54:57] ChaosKid42 leaves the room
[04:56:44] robert_mobil leaves the room: Stream closed by us: Replaced by new connection (conflict)
[05:04:10] xinit leaves the room
[05:08:39] <prezident> can anyone shed some light on how ejabberd distributes its memory? on our nodes ejabberd uses considerbly less memory on a system thats actually having largest ram size likewise its jusing more memory on systems with less ram configered...
[05:14:23] <zinid> It relies on how Erlang "distributes" the memory
[05:14:40] <prezident> the nodes are supposed to be identical
[05:14:55] <prezident> and its especially the ejabberd process using more memory
[05:16:19] <prezident> 1/10/20mb
[05:17:31] <zinid> There are tools for memory inspection
[05:18:59] <prezident> the erlang console is a nice feature
[05:19:07] <zinid> And I don't understand what those numbers mean
[05:19:41] <prezident> the numbers i posted?
[05:19:59] <zinid> prezident: you can use it? Then run `memory()` on all nodes and check the difference
[05:20:13] <zinid> prezident: yes, the ones posted
[05:20:17] <prezident> i am monitoring it all
[05:20:28] <prezident> its ejabberd memory consumption on each node average over the last 3 hours
[05:20:40] <prezident> only the ejabberd process
[05:20:45] <zinid> prezident: 1mb? 😂
[05:21:53] <prezident> i am using the logic from the system monitor
[05:22:40] jere leaves the room
[05:22:57] <zinid> Okay, I'm now totally lost
[05:23:19] <prezident> ejabberd_system_monitor.erl
[05:23:38] <prezident> it relates memory() and processes() and sums it up
[05:23:56] <zinid> From what ejabberd version?
[05:24:03] <prezident> so i suppose the numbers should be accurate
[05:24:19] <prezident> well its in trunk
[05:24:45] <prezident> but i've build myself a nice statsd module
[05:25:18] <zinid> Ok, have fun with that
[05:25:43] <prezident> i do :)
[05:27:15] <prezident> basicly it is something to share, but there are still some questions left before that
[05:27:16] ThUnD3r|Gr33n® leaves the room
[05:27:53] <prezident> and i like the way metrics are implemented in mongoose, maybe there is some inspiration of that
[05:29:09] zinid leaves the room
[05:29:26] <prezident> you can see some of it on our server-status page
[05:32:45] <zinid> blabber.im?
[05:32:52] <zinid> https://blabber.im/en/server-status/
[05:32:54] <zinid> this?
[05:32:57] <prezident> sure
[05:33:05] <zinid> for the record, no IPv6
[05:33:05] <prezident> did not want to advertise :)
[05:33:11] <prezident> planned
[05:33:21] <zinid> good
[05:33:30] <prezident> ejabberd is listening on :: :)
[05:33:46] <prezident> but yeah no ipv6 connection yet
[05:34:06] <prezident> somehow everyone still has ips left...
[05:34:52] <zinid> 3 nodes for 200 users? 🙂
[05:35:15] <prezident> why not :)
[05:35:28] <prezident> more like 25% of it
[05:35:47] <prezident> so we know what that means for 1 billions registered users...
[05:35:52] <prezident> -s
[05:38:38] <prezident> the basic idea is just that it should scale horizontal
[05:38:48] <prezident> so 3 is just for starters
[05:38:59] <prezident> horizontally..
[05:41:40] <zinid> it won't
[05:41:50] <prezident> we will see how erlang does
[05:41:50] <zinid> it will stop somewhere around 10 nodes
[05:42:00] <prezident> how?
[05:43:01] <zinid> if you use Mnesia for RAM tables it replicates everything on all nodes
[05:44:28] <zinid> also, you're optimistic 🙂
[05:44:34] <zinid> where will you get so many nodes? 🙂
[05:44:54] <zinid> oops
[05:44:57] <zinid> so many users
[05:45:09] <prezident> all for fun
[05:45:20] <prezident> and because we can :)
[05:46:23] <prezident> for years the biggest issue where missing xmpp clients
[05:46:26] <prezident> that got a lot better
[05:46:32] <prezident> so the userbase might grow over time
[05:46:42] ThUnD3r|Gr33n® leaves the room
[05:47:20] <prezident> and while stuff like omemo and http upload might be controversial there are also a step into the right direction
[05:47:54] <prezident> you can find me on jabber.org too, so i can tell a bit :)
[05:50:03] <prezident> they are
[05:50:08] <prezident> damn keys ;)
[05:51:35] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[05:53:55] <prezident> to be fair, not all mnesia tables are replicated
[05:54:01] <prezident> and there is of coure some sql behind
[05:55:23] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[05:58:48] Alacer leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:00:54] rom1dep leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:05:15] ta leaves the room
[06:07:02] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:10:16] mrDoctorWho leaves the room
[06:22:21] debalance leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[06:23:03] erik leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:25:56] sindrake leaves the room
[06:33:08] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:34:31] Andrew Nenakhov leaves the room: Connection failed: connection closed
[06:35:14] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:35:47] Andrew Nenakhov leaves the room: Connection failed: connection closed
[06:36:17] Andrew Nenakhov leaves the room: Connection failed: connection closed
[06:36:49] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:39:37] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:40:11] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:41:44] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:41:57] nekit leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:42:21] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[06:42:32] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[06:53:06] debalance leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[06:59:20] <ChaosKid42> zinid, After updating my server (Raspberry Pi 2 running arch linux) I repeatedly experience "stale" outgoing connections to other servers (don't know how to actually describe it in a better way). It seems that ejabberd is not able to send any stanzas on that connection. After restarting ejabberd, everything is fine, but after some hours some connections seem to become stale. E.g. I query for room information using the following stanza in gajim XML-console:
<iq from='christoph@scholzbande.de'
    id='ik3vs716'
    to='conversations@conference.siacs.eu'
    type='get'>
  <query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
The server however does not return anything. The relevant output from ejabberd.log is here:
https://gist.github.com/ChaosKid42/ceeea97b0c0ac1c9aa98cc27ab59a4d0
[06:59:50] <ChaosKid42> ... updating my server to ejabberd 18.06 ... Had no issues with 18.04.
[07:00:28] <ChaosKid42> Any clue what could be going on?
[07:00:39] <zinid> no clue, but that can be debugged
[07:00:46] <zinid> via `ejabberdctl debug`
[07:00:55] <zinid> if you have such connection already we can try
[07:01:27] <ChaosKid42> Yes. Im AFK. But will return in about 30 minutes ...
[07:01:54] <zinid> ok, ping me
[07:02:04] <zinid> but first check `ejabberdctl debug` works for you
[07:14:45] rom1dep leaves the room: Machine going to sleep
[07:15:49] <prezident> is there any interest in ocsp stapling?
[07:17:14] <zinid> there is a feature request in github issues
[07:18:00] fp leaves the room
[07:19:14] ThUnD3r|Gr33n® leaves the room
[07:19:59] <prezident> i do have a basic implementation ready
[07:20:49] <zinid> show
[07:20:49] frainz leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[07:21:16] <prezident> its running on our dev server
[07:21:25] <prezident>     Cert Status: good
    This Update: Jun 29 08:00:00 2018 GMT
    Next Update: Jul  6 08:00:00 2018 GMT
[07:22:39] <prezident> not as nice as apaches or nginxs stuff but its based on that
[07:23:42] <prezident> but are there even clients supporting it?
[07:25:59] beri leaves the room
[07:26:55] <prezident> i would have to merge the changes made inbetween first i think
[07:26:55] <zinid> I don't think so
[07:26:59] <zinid> I meant show the implementation
[07:29:26] <prezident> when i find some time to merge
[07:31:25] <zinid> ok, what files are affected?
[07:31:27] Marzanna leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[07:31:30] <prezident> the reformatting might be a problem
[07:34:00] <prezident> all the magic happens in fast_tls.c
[07:34:14] sindrake leaves the room
[07:34:53] bammes leaves the room: Rechner geht in den Ruhezustand
[07:36:07] <prezident> i only tested it against openssl 1.1
[07:36:20] <prezident> but it "should" work for lower versions :)
[07:36:41] <ChaosKid42> zinid, `ejabberdctl debug` works
[07:37:51] sindrake leaves the room
[07:38:08] <zinid> do you know the connection with what domain is affected?
[07:38:26] <ChaosKid42> yes
[07:38:48] <ChaosKid42> conference.siacs.eu
[07:38:54] <zinid> ets:lookup(s2s, {<<"your.domain">>, <<"remote.domain">>}).
[07:39:13] lukas leaves the room
[07:39:38] <ChaosKid42> [{s2s,{<<"scholzbande.de">>,<<"conference.siacs.eu">>},
      <0.740.0>}]
[07:39:50] <zinid> is_process_alive(pid(0,740,0)).
[07:40:19] <ChaosKid42> true
[07:40:40] <zinid> rp(sys:get_state(pid(0,740,0))).
[07:40:48] <zinid> post the result on some pastebin
[07:41:06] <zinid> also:
process_info(pid(0,740,0)).
[07:41:42] <ChaosKid42> It's quite short. Exception.
[07:41:52] <ChaosKid42> ** exception exit: {timeout,{sys,get_state,[<0.740.0>]}}
     in function  sys:send_system_msg/2 (sys.erl, line 305)
     in call from sys:get_state/1 (sys.erl, line 114)
[07:42:03] <zinid> ha
[07:42:10] <zinid> try process_info then
[07:43:35] sindrake leaves the room
[07:43:37] <ChaosKid42> https://gist.github.com/ChaosKid42/4e72886732a7372ea6b043592de34d67
[07:44:09] <zinid> `{current_function,{prim_inet,connect0,3}}`
[07:44:11] <zinid> that sucks
[07:44:23] <zinid> what Erlang version?
[07:44:34] <zinid> did you change any s2s timeouts?
[07:45:07] <ChaosKid42> Erlang/OTP 20 [erts-9.3.3] [source] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:true]
Eshell V9.3.3  (abort with ^G)
[07:45:31] <ChaosKid42> I will look up ejabberd.yml...
[07:46:46] <zinid> check for outgoing_s2s_timeout
[07:47:41] <ChaosKid42> It's commented out.
[07:48:03] <zinid> then:
ejabberd_config:get_option({outgoing_s2s_timeout, <<"scholzbande.de">>}).
[07:48:19] <ChaosKid42> Erlang/OTP 20 [erts-9.3.3] [source] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:true]
Eshell V9.3.3  (abort with ^G)
[07:48:24] <ChaosKid42> Sorry!
[07:49:05] <ChaosKid42> s2s_shaper: fast
[07:49:15] 4223 leaves the room
[07:49:27] <ChaosKid42> fast: 50000
[07:49:35] <zinid> shaper is irrelevant
[07:49:43] <zinid> I didn't ask you for the shaper at all
[07:50:01] rom1dep leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[07:50:08] <ChaosKid42> Yes. It's the only thing I could find about s2s :-)
[07:50:18] <zinid> ejabberd_config:get_option({outgoing_s2s_timeout, <<"scholzbande.de">>}).
[07:50:46] <ChaosKid42> undefined
[07:51:06] <zinid> try again: is_process_alive(pid(0,740,0)).
[07:51:10] <zinid> is it still alive?
[07:51:27] <ChaosKid42> true
[07:51:49] <zinid> did you upgrade Erlang with 18.06?
[07:52:02] <zinid> sounds like Erlang bug to me
[07:52:28] <ChaosKid42> Well. I use the packages from arch. I believe erlang is not upgraded. Its version 20.
[07:53:05] <ChaosKid42> arch-Package is called erlang-nox 20.3.8-1
[07:55:11] <ChaosKid42> I guess I will do the following: I will upgrade to latest erlang and recompile ejabberd on my own and then I'll try again if theh error reoccurs. What do you think?
[07:55:21] <zinid> sounds fine
[07:55:47] <ChaosKid42> Ok. Thanks for helping! I will report in a couple of days ...
[07:56:19] <zinid> s2s_out connection timeout code didn't change at all between 18.04 and 18.06
[07:56:29] <zinid> so something has been changed in other places
[07:57:32] <ChaosKid42> Yes. Arch linux is constantly updating all the time in all places. (That's why I use it in the first place). But can make debugging hard of course.
[07:57:56] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[07:57:58] beri leaves the room
[07:58:25] Marzanna leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[08:01:39] sindrake leaves the room
[08:05:30] zuglufttier leaves the room
[08:07:27] ChaosKid42 leaves the room
[08:11:26] Alacer leaves the room
[08:12:01] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[08:13:02] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[08:27:43] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[08:38:53] holst leaves the room
[08:39:41] spicewiesel leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[08:54:19] Alacer leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[08:56:09] bammes leaves the room: Rechner geht in den Ruhezustand
[09:01:12] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:02:51] frainz leaves the room: Stream closed by us: Replaced by new connection (conflict)
[09:03:59] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[09:04:34] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[09:06:32] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[09:09:31] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:11:06] 404 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:14:36] <zinid> Holger, mod_http_upload really sucks:
> p1_prof:q(1).
** pid(0,52,0)
** registered name: file_server_2
** memory: 9154416
** reductions: 2261733170
** message queue len: 13435
** current_function: {prim_file,drv_get_response,1}
** dictionary: [{'$initial_call',{file_server,init,1}},
                {'$ancestors',[kernel_sup,<7014.36.0>]}]
[09:14:53] <zinid> should be offloaded to nginx/haproxy completely for highloaded servers
[09:16:51] vogt leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:18:16] <Holger> file_server sucks :-)
[09:18:29] <Holger> > should be offloaded to nginx/haproxy completely for highloaded servers
+1
[09:19:04] <zinid> GETs are trivial to offload, the only question is PUTs
[09:19:11] <Link Mauve> You could do the same as Prosody’s mod_http_upload_external, which is using HMAC with a shared secret and some of the upload parameters given by the client to avoid requiring any negociation between the XMPP server and the HTTP one.
[09:19:29] <zinid> Link Mauve, and what http server supports that?
[09:19:31] <Link Mauve> And still only allow people to upload to slots they were given.
[09:19:35] <Holger> Yup I mentioned that as well, and zinid mentioned some Nginx thing.
[09:19:46] <Holger> zinid: Well you'd have to write some service.
[09:19:52] <Link Mauve> zinid, there are a PHP script and a Flask server, I’m sure nginx could be scripted to do that.
[09:20:02] <zinid> Licaon_Kter, do haproxy/nginx support that *without* adhock PHP crap?
[09:20:10] <zinid> that was to Link Mauve , sorry
[09:20:22] <Holger> It's not like you have to use PHP :-)
[09:20:39] <Licaon_Kter> zinid: dunno but I'm watching this 👍
[09:20:50] <Link Mauve> nginx has nice C and Lua extensions, with some little amount of work it could be done.
[09:21:22] <Holger> (I use Perl with Nginx!)
[09:22:01] <Holger> But yes, for highloaded servers I'd just do it in C.  Should be simple enough to implement.
[09:22:19] <zinid> are there anything ready to sue?
[09:22:22] <zinid> *use
[09:22:35] <zinid> also, haproxy is relevant too, a lot of people use haproxy instead
[09:22:37] <Holger> zinid: Didn't you mention some Nginx feature (that I'm not aware of)?
[09:22:58] <zinid> Holger, it will make a request on ejabberd, with HMACs we can avoid this
[09:23:17] <Holger> Ah.
[09:24:25] <zinid> ** message queue len: 77259
[09:24:48] <Holger> zinid: Why is file_server even involved BTW?  ejabberd_http:recv_file/1 opens the file in 'raw' mode, I thought that would circumvent file_server?
[09:25:03] <Holger> recev_file/2, whatever
[09:25:07] <zinid> HTTP failure: connection timed out: 53266
Connection failed: connection closed: 1507
Connection failed: timeout: 2
Resumption failed: Previous session timed out (item-not-found): 65
HTTP failure: connection closed: 23
[09:25:36] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:25:41] <zinid> Holger, it only bypasses an intermediate process holding the fd
[09:25:48] <Holger> Oh.
[09:26:25] <Holger> .oO( p1_file )
[09:27:07] <zinid> dead: http://52.22.32.97:8091/
[09:27:28] <zinid> barely can connect 250k
[09:27:37] <zinid> this just sucks
[09:27:46] <zinid> without TLS, Carl!!!
[09:28:23] <Link Mauve> zinid, is your bench tool public btw?
[09:28:29] <zinid> no
[09:28:33] <Link Mauve> Oh. :(
[09:29:03] <Link Mauve> Someday I’d like to reproduce on Prosody on an (if possible) identical machine, to see at which point it’ll be mandatory to switch.
[09:29:36] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:29:38] <zinid> I can test Prosody
[09:29:44] <Holger> Haha I was searching for some fast_file module, first Google hit: https://github.com/processone/bfile (never seen this)
[09:30:07] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:30:11] <zinid> but what to test? we tested metronome and it failed at 3k on a moderate machine, without HTTP Upload even
[09:30:21] <Link Mauve> Heh. ^^
[09:30:47] <zinid> Prosody is single core, you don't need a huge machine
[09:30:56] <zinid> cores are more or less equal
[09:31:00] <Link Mauve> We currently have about 4k connections and still a huge lot of resources to spare.
[09:31:09] <Link Mauve> On a 16€/month server.
[09:31:21] <zinid> Link Mauve, depends on a usage, I have quite aggressive settings
[09:31:39] <Link Mauve> Oh, you mean how fast c2s get established?
[09:32:02] <zinid> yes, and also how fast a client is performing an action (like messag/presence/file send)
[09:32:03] <Link Mauve> TLS handshake is something which doing single-threaded is suicide, in that situation.
[09:32:10] <Link Mauve> Ok.
[09:32:30] <zinid> ha, try to use openssl in multi-threaded 😀
[09:32:32] <Link Mauve> I’ve been planning to test the new haproxy integration for legacy SSL, but haven’t tried it yet.
[09:33:03] <zinid> frankly, I don't see the point in using single-core server, that's just pathetic
[09:33:04] <Link Mauve> It delegates TLS handshake and encryption to the proxy, which is multi-threaded.
[09:33:13] <zinid> it's clear that it won't handle a lot of connections
[09:33:46] <Link Mauve> In our case, at JabberFR, it’s only using about 5~10% of one core at all times, so we don’t really have to care.
[09:34:03] <Link Mauve> And TLS handshakes represent the most of that.
[09:34:22] <zinid> Licaon_Kter, create 5k account for me there, I will destroy it in 1 minute 😀
[09:34:34] <Holger> zinid:
> also, haproxy is relevant too
I never used it, doesn't it really just proxy and hence not interfere with whatever solution?
[09:34:44] <Link Mauve> zinid, not in production, sorry. :)
[09:35:06] <zinid> Link Mauve, you can set up the machine, I can bench it
[09:35:15] <Link Mauve> Ok, I’ll do that at some point, thanks!
[09:35:35] <zinid> for example, Maranda found some bugs already and is working to fix them
[09:35:42] <Link Mauve> Nice. :)
[09:36:51] <Link Mauve> When I evaluated the move from Ejabberd (2.13 IIRC) to Prosody, I tested with 10k c2s connections exchanging messages at random interval on my father’s laptop and it was working fine.
[09:37:10] <Link Mauve> It was a totally synthetic benchmark though, since back then I didn’t have any clue how our users were using the service.
[09:38:18] xinit leaves the room
[09:39:02] <Licaon_Kter> zinid:
> Licaon_Kter, create 5k account for me there, I will destroy it in 1 minute 😀
Another miss type? I don't think you need 5k to take down my RPi,  you'll get bored until I create the account I guess 🤣
[09:43:56] <zinid> Licaon_Kter, ah, sorry again!
[09:47:51] <zinid> https://github.com/zareenc/haproxy-lua-examples/blob/master/lua_scripts/code_vsn.lua
[09:47:52] ChaosKid42 leaves the room
[09:47:52] ChaosKid42 leaves the room
[09:47:56] <zinid> haproxy supports this too
[09:47:59] <zinid> via lua
[09:56:48] rom1dep leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[09:59:56] ChaosKid42 leaves the room
[10:07:38] vogt leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[10:18:23] Marzanna leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[10:18:43] rom1dep leaves the room: Stream closed by us: Replaced by new connection (conflict)
[10:19:28] vanitasvitae leaves the room
[10:20:56] rom1dep leaves the room: Stream closed by us: Replaced by new connection (conflict)
[10:27:45] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[10:30:00] <ChaosKid42> zinid: Now running ejabberd 18.06 compiled under erlang 21. See if this misbehaves again ...
[10:30:52] <zinid> ChaosKid42, let me know
[10:31:27] <zinid> this also can be some weird kernel configuration, take a look at systcl.conf
[10:32:15] <ChaosKid42> I'll let it run for 2 or 3 days if no error occurs.
[10:36:44] <ChaosKid42> The only thing I activated in sysctl.d is IP forwarding which probably is not harmful.
[10:37:14] <zinid> nah, IP forwarding is okay
[10:37:54] <zinid> btw, do you have any errors/warnings in the log?
[10:38:02] <zinid> grep 'error\|warning' ejabberd.log
[10:41:13] <ChaosKid42> Currently no. But in the log from this morning I found this: 2018-07-02 08:36:13.002 [warning]  lager_file_backend dropped 175 messages in the last second that exceeded the limit of 100 messages/sec
2018-07-02 08:36:17.311 [warning]  lager_file_backend dropped 9 messages in the last second that exceeded the limit of 100 messages/sec
[10:41:42] vanitasvitae leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[10:44:53] <ChaosKid42> But this was 18.04 btw
[10:47:36] <zinid> argh
[10:47:36] bammes leaves the room
[10:48:13] alexis leaves the room
[10:49:59] lorddavidiii leaves the room: Stream closed by us: Replaced by new connection (conflict)
[10:52:09] <vanitasvitae> My Server went down in the weekend and I couldnt geht it running again until an hour ago. For some reason, erlang tools like ERL and erlc were segfaulting when called. I fixed the problem by reinstalling Erlang packages. Any idea, what may have caused this?
I'm running ejabberd 18.06 on rapbian testing
[10:54:37] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[10:54:56] <zinid> broken binaries?
[10:56:43] ThUnD3r|Gr33n® leaves the room
[11:01:18] <zinid> also, when you have segfaults, you do `gdb -c`
[11:04:15] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:04:29] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[11:05:35] <Licaon_Kter> vanitasvitae: there was a firmware/kernel update this weekend
No issues on my RPi1 though
[11:05:55] <vanitasvitae> Hm
[11:06:06] <vanitasvitae> I wonder how the binaries got broken
[11:06:06] alexis leaves the room
[11:06:30] <vanitasvitae> Maybe my SD card is getting old :/
[11:06:36] Andrew Nenakhov leaves the room: Connection failed: connection closed
[11:06:38] <edhelas> ejabberd on a RPi 🤔
[11:06:53] <vanitasvitae> edhelas: sure 🤓
[11:07:23] ata2001 leaves the room: Disconnected: Replaced by new connection
[11:07:38] <vanitasvitae> It is a little slow when logging in and dino seems to timeout every now and then, but all in all it works quite well
[11:07:40] sindrake leaves the room
[11:12:16] <ThUnD3r|Gr33n®> edhelas: of course pi
[11:12:25] <ThUnD3r|Gr33n®> Même 🍊 pi
[11:17:14] ata2001 leaves the room: Disconnected: closed
[11:18:13] badlop leaves the room: unknown reason
[11:18:17] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:20:40] mimi89999 leaves the room
[11:27:53] ulrich leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:37:02] ulrich leaves the room
[11:41:06] ChaosKid42 leaves the room
[11:42:38] ChaosKid42 leaves the room
[11:44:36] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[11:44:36] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[11:44:48] fp leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:44:48] ChaosKid42 leaves the room
[11:44:56] mightyBroccoli leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:48:09] cippaciong leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[11:55:38] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[11:55:38] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[12:12:18] <Holger> zinid: HiPE-compiling 'xmpp' works for me, by the way.
[12:12:32] <Holger> I didn't yet try running the result, though :-)
[12:13:19] <jonasw> cromain, your rebuild does not seem to help. I still have the same issue with the image ejabberd/ecs:18.04 b21910ffc578
[12:20:27] <MattJ> zinid, Link Mauve said you were interested in getting signed URLs for HTTP  upload into nginx/haproxy?
[12:21:06] <zinid> yes, haproxy is preferred, because our sysadmin likes it
[12:21:42] <Holger> HAProxy handles (some) requests on its own?
[12:21:57] <MattJ> I also like it, though I hadn't investigated it for this purpose (only nginx)
[12:22:22] <MattJ> haproxy doesn't serve files (though does support Lua scripting these days, I don't know the extent of that)
[12:22:43] <zinid> ah, if it doesn't serve files then nginx is ok
[12:22:46] <cromain> jonasw: is 18.06 OK for you anyway ?
[12:22:51] <zinid> do you have lua scripts for nginx?
[12:23:01] <MattJ> zinid, no, but it's on my todo list
[12:23:16] <zinid> MattJ, ok, then I will implement it in ejabberd
[12:23:30] <MattJ> My main problem with that solution is that I don't think the Lua scripting is packaged in Debian/Ubuntu by default
[12:23:32] <MattJ> which is sad
[12:24:10] <zinid> yeah, that's pretty bad
[12:24:38] <Holger> As I said I think this is so simple that we could simply create a C module.
[12:24:49] <MattJ> That is true
[12:24:59] <jonasw> cromain, yes
[12:25:07] <MattJ> and it's generic, I don't see why more people don't use this (I was surprised nothing already existed)
[12:25:08] <Holger> One for Nginx, one for Apache --> 90% happy.
[12:26:26] <Holger> And the rest can use Matt's PHP script.
[12:26:29] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[12:26:29] Andrew Nenakhov leaves the room
[12:27:31] <MattJ> I don't think nginx supports dynamically-loaded C modules, does it?
[12:27:39] <MattJ> So this would be upstream-or-nothing
[12:27:48] <Holger> It does these days.
[12:28:11] <MattJ> It looks like Lua scripting actually is available in Debian and Ubuntu, there are multiple versions: https://www.cambus.net/nginx-packages-in-debian-stable/
[12:28:46] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:29:00] <Holger> MattJ: http://nginx.org/en/docs/ngx_core_module.html#load_module
[12:29:16] <Holger> https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/
[12:29:28] <MattJ> So there's a chance that even if it's not upstreamed we could get it into Debian and Ubuntu
[12:29:56] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:31:31] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:35:12] <MattJ> btw, I recently made a v2 of the algorithm that includes the mime type
[12:35:26] <MattJ> I haven't documented it yet, but it's mostly the same
[12:36:25] <MattJ> The main difference is that it allows you to carry the mime type from the client, do filtering if you want, and preserve the mime type in the download with no sniffing
[12:36:58] fp leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:38:56] <zinid> how does this work? when Prosody is processing the slot request it appends some http headers to the response?
[12:39:11] <zinid> I'm not quite able to read Lua 😉
[12:40:02] <zinid> ah, there is a description
[12:40:13] <MattJ> Yeah
[12:41:07] Alacer leaves the room
[12:41:09] <zinid> Then you need to validate the auth token. This will be in the URL query parameter ‘v’.
[12:41:13] <zinid> why not headers?
[12:41:36] <MattJ> Because the older HTTP upload XEP didn't support headers
[12:41:44] <MattJ> The new one does, and I almost moved it to a header instead
[12:41:55] <MattJ> But then I decided it doesn't really matter, and just complicates things
[12:42:04] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:42:08] <zinid> okay
[12:42:21] <Holger> The newest one only supports a restricted set of headers right?
[12:42:26] <MattJ> Holger, it does
[12:42:27] <Holger> So we'd probably have to abuse one of those.
[12:42:46] <MattJ> Holger, indeed
[12:42:55] <Holger> > Only the following header names are allowed: Authorization, Cookie, Expires.
[12:44:53] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:45:54] <zinid> so which one to implement? with 'v' query parameter?
[12:51:45] <Holger> Query parameter as opposed to a header you mean?
[12:51:52] <zinid> yep
[12:52:07] ata2001 leaves the room: Disconnected: closed
[12:52:22] <Holger> Yes I'd go for the query parameter.  Slightly uglier but that's a cosmetic issue, and who knows what the next 0363 revision will support.
[12:53:32] <zinid> right
[12:53:33] <Holger> Hm then again Daniel almost got it into Draft it seems.
[12:53:58] <zinid> MattJ, can you please tell me the result of hmac_sha256("foo/bar.jpg 1048576", "secret string") in your implementation?
[12:54:05] <Holger> Whatever.  Query parameter and call it a day.
[12:54:08] <zinid> just to check this as a test vector 🙂
[12:54:32] ta leaves the room
[12:56:14] <zinid> Holger, except that in your code it's much easier to use headers
[12:56:18] fp leaves the room: Stream closed by us: Replaced by new connection (conflict)
[12:56:31] <Holger> Hrm.
[12:57:07] <Holger> We also still support those old revisions BTW.
[12:57:19] <Holger> No idea how many clients still use them.
[12:57:45] zinid leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[12:58:22] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[12:59:32] <zinid> Holger, what is going on here: https://github.com/processone/ejabberd/blob/master/src/mod_http_upload.erl#L594
[13:00:24] <Holger> zinid: Ah heh another ad-hoc protocol to query an external service for PUT/GET URLs.
[13:00:26] <zinid> is this even used by someone?
[13:00:35] <zinid> I don't like it, it scales badly
[13:00:54] <zinid> you also perform synchronous call from inside a gen_server, bad idea
[13:01:18] <zinid> the same reason file_server sucks 🙂
[13:01:19] <Holger> Quite a few asked on GitHub but no idea whether someone implemented it.
[13:01:28] <Holger> Jabber.at uses it.
[13:01:44] <Holger> https://github.com/mathiasertl/django-xmpp-http-upload
[13:01:54] <zinid> I think what they wanted is what we're going to implement now
[13:01:55] <Holger> But if we have a better alternative that should be fine I guess.
[13:02:02] <Holger> Yup.
[13:02:15] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[13:02:34] ata2001 leaves the room: Disconnected: Replaced by new connection
[13:02:57] <zinid> ok, nevermind, I won't just touch that code
[13:04:00] <MattJ> zinid, 4dc65ae6bf18515c4775ae8f2100a444f5d8a8317cd643c9c93d39609d630fdf
[13:04:23] <zinid> MattJ, thanks
[13:05:00] fp leaves the room: Stream closed by us: Replaced by new connection (conflict)
[13:10:24] lorddavidiii leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[13:11:50] ata2001 leaves the room: Disconnected: Replaced by new connection
[13:14:09] 404 leaves the room
[13:21:51] adrien leaves the room
[13:22:05] robert_mobil leaves the room: Stream closed by us: Replaced by new connection (conflict)
[13:22:07] adrien leaves the room
[13:28:40] <zinid> MattJ, once again, please:
hmac_sha256("f6ae5a1f55b14fa8935475006c6e3dece3ca8b52/KZeXCJr2vDfkrvpHUcHNRNB9mL3FaAlixvqkS2Cn/1660559471173551133 10", "foo bar")
[13:29:16] <MattJ> 3a1c28735134f039210a9c49283c63ff3cb1c378fb61986d3cfb7cc3ab936bea
[13:29:31] <zinid> http://zinid.ddns.net:5280/upload/f6ae5a1f55b14fa8935475006c6e3dece3ca8b52/KZeXCJr2vDfkrvpHUcHNRNB9mL3FaAlixvqkS2Cn/1660559471173551133?v=3a1c28735134f039210a9c49283c63ff3cb1c378fb61986d3cfb7cc3ab936bea
[13:29:33] <zinid> nice
[13:29:41] <zinid> thanks a lot, seems working
[13:29:47] <MattJ> Great! :)
[13:30:01] <Holger> 👍
[13:30:23] <Holger> Short URLs are overrated.
[13:30:27] <zinid> 😀
[13:30:57] <MattJ> The token is never shown to the user though, at least
[13:31:05] <Holger> Ah right :-)
[13:35:35] <Holger> zinid: That was the only change required to make --enable-hipe work again for me.
[13:35:48] <zinid> Holger, where do you use hipe?
[13:36:00] <Holger> Well "work" == "it compiles" :-)
[13:36:08] <zinid> I cannot even compile it on my machine 🙁
[13:36:24] <zinid> whatever, that's good you fixed things, thanks a lot
[13:36:43] <Holger> Gonna try it on my production servers purely out of curiosity.
[13:36:58] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[13:38:05] <Holger> (But I won't stick to HiPE either way.)
[13:38:07] fp leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[13:38:15] <zinid> note that you won't be able to reload the code in runtime
[13:38:19] ata2001 leaves the room: Disconnected: Replaced by new connection
[13:38:28] <zinid> this is a very huge drawback
[13:38:40] <Holger> Oh I thought that works but 'just' leaks memory?
[13:39:52] <Holger> But either way e.g. stack traces are weirdo.  If a HiPE function crashes you only see HiPE functions in the trace and vice versa.  And no line numbers.
[13:40:55] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[13:41:11] <Holger> I see a bit CPU load and am just curious whether HiPE makes any difference.  But the load is not a problem at all so I'll revert either way.
[13:44:27] robert_mobil leaves the room
[13:46:07] Alacer leaves the room: Stream closed by us: Replaced by new connection (conflict)
[13:47:03] <zinid> where do you see CPU load? at conversations.im?
[13:47:15] <Holger> Yes.
[13:47:21] <zinid> how much?
[13:53:57] <Holger> zinid: BEAM usually eats somewhere between 10 and 50% CPU time on each of the 4 cores.
[13:54:03] ata2001 leaves the room: Disconnected: closed
[13:54:58] <Holger> "etop -sort reductions" doesn't really come up with a culprit.
[13:56:33] <Holger> ejabberd@localhost                                                        13:56:23
Load:  cpu         2               Memory:  total      466295    binary      56269
        procs   12828                        processes  124436    code        22870
        runq        0                        atom         1089    ets         64630
Pid            Name or Initial Func    Time    Reds  Memory    MsgQ Current Function
----------------------------------------------------------------------------------------
<7050.10761.39>xmpp_stream_in:init/   49111  661778  427272       0 p1_server:collect_me
<7050.10194.39>xmpp_stream_in:init/   46949  607808  176312       0 p1_server:collect_me
<7050.9573.39> mod_muc_room:init/1     9083   43690  109256       0 p1_fsm:collect_messa
<7050.2748.39> xmpp_stream_in:init/   26949   30497   88832       0 p1_server:collect_me
<7050.60.0>    lager_event             9351   30420   42456       0 gen_event:fetch_msg/
<7050.305.0>   ejabberd_listener:in    5706   23617    8880       0 prim_inet:accept0/2
<7050.6327.39> xmpp_stream_in:init/   13128   21143  142824       0 p1_server:collect_me
<7050.17468.0> ejabberd_sql:init/1     2502   18185   42368       0 p1_fsm:collect_messa
<7050.10771.39>xmpp_stream_in:init/   27691   17453   89608       0 p1_server:collect_me
<7050.9587.39> xmpp_stream_in:init/   27020   16514   68760       0 p1_server:collect_me
[14:01:18] <zinid> Holger, you will not find anything in etop
[14:01:34] <zinid> I don't think you will find something even in the profiler like eprof
[14:01:54] <zinid> the load is evenly distributed between a lot of functions which eventually sums up
[14:02:15] <zinid> in my benchmarking I didn't find any bottle-neck 😕
[14:02:26] <zinid> but maybe your usage is different
[14:03:06] <zinid> still looks a bit weird consuming half of the all processing power at your user load
[14:03:43] <zinid> > 10 and 50% CPU time on each of the 4 cores
that means you have 40%-200% total load?
[14:05:36] ata2001 leaves the room: Disconnected: Replaced by new connection
[14:06:34] Alacer leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:07:36] vogt leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:09:28] <Holger> Ah sorry no, I keep confusing Irix mode on/off in top.  Seems it's 10-50% of a single core, so way below 10% total.
[14:10:17] <Holger> > Once inserted into the runtime system, native code is never freed. Even if a newer version of the code is loaded, the old code is also kept around.
http://user.it.uu.se/~kostis/Papers/erlang03.pdf
[14:10:18] <zinid> hell of a load!
[14:10:23] <Holger> That's the sentence I had in mind.
[14:10:31] <zinid> https://github.com/processone/ejabberd/commit/fface33d54f24c777dbec96fda6bd00e665327fe
[14:10:52] <prezident> Holger: I am sure thats not correct, when you hard replace the so file ejabberd crashes
[14:11:18] <Holger> prezident: This is about .beam files.
[14:11:25] <prezident> ok sorry :)
[14:11:30] <Holger> zinid: Yay.
[14:12:01] <Holger> zinid: As I said I'm not worried about my load, just interested in whether HiPE has any impact.
[14:12:06] <prezident> but isnt that supposed to happen when the code no longer runs?
[14:12:30] <Holger> prezident: What?
[14:12:43] <prezident> Holger: remvoing the old code from memory
[14:12:44] <zinid> Holger, there are rumors that HiPE can even perform slower 😉
[14:13:10] <Holger> zinid: Yup, it depends.  Which is why I'm interested :-)
[14:13:24] <Holger> I never tried it with ejabberd.
[14:14:54] <Holger> prezident: Not sure I understand the question :-)  Normally, if you reload a module, the BEAM VM keeps the current and the previous version of that module in memory, older versions are ditched.  According to that (old) paper from the HiPE people, ditching of older versions doesn't work when they were HiPE-compiled.
[14:14:57] <prezident> Holger: what is code:purge good for?
[14:15:13] <prezident> ah ok, sorry missed the context
[14:15:55] <Holger> So if you reload modules all day long you'll eventually run out of memory.  I.e. not a problem in practice.
[14:17:05] <prezident> isnt that what ejabberdctl reload_config does?
[14:17:18] cippaciong leaves the room
[14:17:25] <Holger> ejabberdctl update $module
[14:17:41] <Holger> reload_config reloads the ... configuration :-)
[14:17:50] <Holger> And also starts/stops modules and stuff as necessary.
[14:18:03] <Holger> Lots of zinid-magic.
[14:18:43] <zinid> prezident, reload-config doesn't reload code, only the configuration, as the name suggests 😉
[14:19:30] <zinid> Holger, do you find a lot of magic there? I think it's straightforward, hum
[14:19:41] <zinid> Holger, a hook and a gen_mod callback
[14:19:44] <prezident> "Module mod_vcard doesn't support reloading and will be restarted"
[14:19:47] <prezident> whats with that?
[14:20:00] <prezident> thats fine than?
[14:20:04] <zinid> prezident, nobody wrote reload/3 callback for that module
[14:20:24] <prezident> yeah i know, but its not suspect of having old code sticking around?
[14:20:29] <zinid> NO
[14:20:32] <prezident> ok thx
[14:21:50] <Holger> zinid: Checking for new or removed listeners and/or vhosts and/or modules and handling changed settings does sum up to a lot of code, no?  It's nice magic but it's magic.
[14:22:11] <zinid> ah, that
[14:22:20] <zinid> well, at least that's hidden from a developer
[14:22:51] <Holger> It's awesome.
[14:23:45] <zinid> certificate manager - all magic is in there!
[14:23:46] <zinid> 😀
[14:24:03] vogt leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:24:15] <MattJ> Scary, the same is true of Prosody :/
[14:24:43] <zinid> but that's because of PKIX, it's magic in itself
[14:25:28] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:26:20] <prezident> lua for nginx in debian is part of nginx-extras
[14:26:32] ata2001 leaves the room: Disconnected: closed
[14:27:00] <zinid> ok, so someone with lua knowledge should write the module for nginx
[14:27:04] <zinid> meaning: not me 😛
[14:27:18] <zinid> I'll be waiting patiently, plz ping me
[14:27:57] <prezident> module doing what?
[14:28:17] <prezident> didnt get then from reading over#
[14:28:51] cippaciong leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:29:06] <zinid> prezident, https://modules.prosody.im/mod_http_upload_external.html
[14:29:19] <zinid> prezident, see Implementation section
[14:29:43] <prezident> we are using nginx
[14:29:48] <prezident> with service url...
[14:29:53] <Holger> Heh.
[14:30:04] <Holger> prezident: Did you write your own thing?
[14:30:08] <prezident> php
[14:30:15] <Holger> prezident: Or using that Django thing from jabber.at?
[14:30:17] <Holger> Ah.
[14:30:41] ata2001 leaves the room: Disconnected: Replaced by new connection
[14:30:43] <zinid> But prosody's approach is more efficient
[14:30:44] tester leaves the room
[14:31:04] <prezident> one thing that remains, ejabberd does not know when the upload finishes
[14:31:15] <Holger> Why would it care?
[14:31:44] <prezident> then ejabberd could change permissions afterwards
[14:31:50] <prezident> which nginx cant do without hacking
[14:31:59] robert_mobil leaves the room
[14:32:16] <prezident> permissions is the only real deal when using an external service
[14:32:20] <Holger> Well that sounds wrong.  The process handling the PUT request should handle permissions.
[14:32:35] <Holger> Why can't your PHP script do that?
[14:33:27] <prezident> its basiclly nginxs webdav module
[14:33:30] ata2001 leaves the room: Disconnected: closed
[14:33:47] <prezident> the idea is to let the service url create the matching folder
[14:33:56] <prezident> and changing permissions after upload finishes
[14:34:12] <prezident> but there is not mechanism to let anyhing know when upload finishes
[14:34:16] <prezident> -t
[14:34:43] <prezident> this way native nginx webdav can be abused for http uploading
[14:34:52] <Holger> I have a Perl script that monitors a directory and sets permissions on any Inotify events but this is all totally wrong solutions :-)
[14:35:12] <prezident> anything else requires changes to the nginx base
[14:35:15] <prezident> so its out of scope
[14:35:31] <prezident> i dont see how lua is anyhing better or worse than php
[14:35:56] <prezident> for prosody it might be, as there are some native ways of sharing information
[14:36:10] <Holger> This is a new unrelated topic, right?
[14:36:23] <prezident> it is related to http upload
[14:36:26] Neustradamus leaves the room
[14:36:36] <prezident> but it will never replace some own implementation
[14:37:05] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:38:01] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[14:39:02] <prezident> so actually missing is the part where nginx and ejabberd can share information
[14:39:14] <prezident> or any other webbrowser
[14:39:17] <prezident> how about an api for that?
[14:39:23] <prezident> webserver
[14:39:52] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:40:10] <Holger> Did you read <https://modules.prosody.im/mod_http_upload_external.html>?  That avoids any API, you just need a shared secret.
[14:40:20] spicewiesel leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[14:41:57] <prezident> its handling upload in php
[14:42:05] <prezident> not the smartest way
[14:42:15] <Holger> I'm talking about the concept not the implementation.
[14:42:30] <prezident> there is no other way of implementing it
[14:42:37] <Holger> What?!
[14:42:57] <prezident> no matter what language you choose, it will be slower than the webdav module from nginx
[14:43:08] <Holger> Why??
[14:43:14] <prezident> as changing the nginx base is out of scope, or maybe not, i would prefer some other way
[14:43:18] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[14:43:22] <prezident> nginx is native c
[14:43:25] <prezident> always fastest
[14:43:36] <prezident> php is quite fast, but its ugly c
[14:43:40] <Holger> <Holger> As I said I think this is so simple that we could simply create a C module.
[14:43:51] <jonasw> > nginx is native c always fastest
this is so wrong I’m not even going to comment on that
[14:43:55] <prezident> nginx does not support modules without recompiling
[14:44:10] <prezident> using c correctly is always fastest
[14:44:13] <Holger> <Holger> It does these days.
[14:44:16] <prezident> feel free to prove me wrong
[14:44:20] <Holger> Assembly is way faster.
[14:44:26] <jonasw> prezident, no, using assembly correctly is always fastest
[14:44:26] <Holger> <Holger> MattJ: http://nginx.org/en/docs/ngx_core_module.html#load_module
[14:44:28] <prezident> higher languages please
[14:44:42] <Holger> prezident: PHP
[14:44:45] <jonasw> prezident, by that argument, I could be saying "using python correctly is always fastest" and when you say "C" I say "higher languages please"
[14:45:02] <prezident> by definition c is a higher language, assembler not
[14:45:12] <jonasw> by which definition?
[14:45:22] <jonasw> also, there’s a Go implementation which should be pretty fast, too. and less segfaulty.
[14:45:40] <jonasw> (not to mention: who the f* cares, it is going to be I/O and network-bound anyways)
[14:45:45] <prezident> why should go be faster than nginx?
[14:45:55] <MattJ> zinid, let me know if you publish your code somewhere, it would be nice to link to it from a blog post I'm writing
[14:46:38] <prezident> A low-level programming language is a programming language that provides little or no abstraction from a computer's instruction set architecture
[14:46:43] <prezident> that is assembler
[14:46:51] <prezident> c is high-level
[14:47:59] <Holger> prezident: This discussion is not going anywhere :-)  The HMAC-based approach is way nicer than some API, even more so if you're actually interested in scalability.
[14:48:35] <prezident> Holger: i will try at least :)
[14:48:36] <Holger> The only downside I see is that you can't query stuff such as the file size limits from the web service.
[14:48:39] <zinid> MattJ: I already gave a link above 😁
[14:49:06] <MattJ> zinid, aha, thanks!
[14:49:12] <prezident> Holger: yeah well, i put some thoughts into it already
[14:49:23] <prezident> nothing making me feel too happy
[14:49:23] <zinid> MattJ: it's just the latest commit in GitHub repo, you can find it easy, I'm AFK ATM
[14:49:53] <prezident> http_upload should also provide some mechanism for the user to delete the files as needed
[14:50:04] <prezident> thats just missing in the xeps
[14:50:22] <tyler> Prezident: Why? Once a file is "sent" in any other file transfer method, it's out there.
[14:51:10] <prezident> tyler: anyway, file upload services usually provide a way of deleting a file if wanted
[14:51:54] <tyler> prezident, it's not a file upload service like bitbucket or something, it's for sending a file directly to people.
[14:52:09] <tyler> prezident, how do you delete a file you've already sent to me? what purpose does that serve?
[14:52:14] <prezident> its called http upload not http send file to anyone
[14:52:37] <prezident> if i force it via implementation there is at least some sort of trust i can come up with
[14:53:20] <prezident> who knows if eu law requires such functionality...
[14:53:25] <tyler> prezident, perhaps it's unread of me to assume that the whole reason http upload exists is so that i can do file transfers with standard protocols.
[14:54:36] <tyler> prezident, the only use I've seen for it is to send specific people a file. Not for use in creating something imgur-like etc.
[14:54:38] <prezident> well we need some sort of evolution for xmpp
[14:54:55] ta leaves the room
[14:55:07] <zinid> MattJ, https://github.com/processone/ejabberd/commit/fface33d54f24c777dbec96fda6bd00e665327fe
[14:55:08] <prezident> but the idea is to share the same file to a larger user base without sending it to everyone individually
[14:55:21] <MattJ> Thanks
[14:55:21] <zinid> MattJ, tl;dr: it will just go into 18.08 (August)
[14:55:32] <prezident> sharing a file to one party worked great before http upload existed
[14:55:42] <Holger> "great"
[14:55:51] <tyler> It really didn't.
[14:55:52] <prezident> totally great :P
[14:55:58] <MattJ> prezident, then you were one of the lucky few, believe me
[14:55:59] <zinid> prezident, especially in MUCs
[14:56:15] <prezident> i know how to manage my ports :)
[14:56:27] <prezident> as stated, evolution wanted
[14:58:22] ata2001 leaves the room: Disconnected: Replaced by new connection
[14:59:35] zuglufttier leaves the room
[15:00:16] zuglufttier leaves the room
[15:02:35] avb leaves the room
[15:03:34] <prezident> Holger: one last thing to consider besides scalability is security, i would always prefer a real webserver where possible to serve http
[15:05:49] sindrake leaves the room
[15:06:05] <cromain> zinid: i had to move 18.08 to 18.09, which should be released before mid september
[15:06:19] <zinid> okay
[15:06:21] ata2001 leaves the room: Disconnected: closed
[15:06:51] <zinid> due to vacation?
[15:07:25] <Holger> prezident: This "real webserver" talk makes no sense to me.  I understand you're using some WebDAV module, we're suggesting to use another module, that's all.
[15:07:56] <cromain> we'll have less ressources un august, and yes i'll be on vacation 2nd part of august. have a release in 1st week of august is not reasonable for now
[15:08:04] <prezident> Holger: its part of nginx
[15:08:14] <zinid> cromain, sure, no problem 😉
[15:08:55] <prezident> and apache does have a module for webdav too
[15:10:34] <Holger> prezident: That's not worth maintaining a suboptimal solution, sorry.  And I doubt you're able to implement e.g. file size checks with your hack.
[15:12:31] ata2001 leaves the room: Disconnected: Replaced by new connection
[15:12:32] <prezident> i know there are issues
[15:13:33] <prezident> Holger: still it would be nice to have a choice to offload the http stuff from the xmpp server
[15:13:53] <Holger> ...
[15:14:50] <zinid> 😁
[15:15:00] <MattJ> That choice already exists, so now you can be satisfied :)
[15:15:03] <zinid> And what did I just do?
[15:15:39] <zinid> prezident: write a module in C for nginx 😀
[15:15:39] <prezident> MattJ: maybe never satisfied :)
[15:15:49] <MattJ> So I suspected
[15:15:55] <prezident> nginx is cray stuff
[15:15:59] <prezident> crazy
[15:16:09] <prezident> far more crazy than apache
[15:16:23] <zinid> Write for Apache?
[15:16:52] <prezident> its a matter of time
[15:17:17] <zinid> Ok, so I am running out of arguments
[15:17:35] <zinid> Everything is bad, nothing can be done
[15:17:46] <prezident> question would be how to interact with ejabberd?
[15:17:59] <prezident> im not that familiar with erlang
[15:18:03] <zinid> prezident: I gave you an URL already
[15:18:37] <zinid> prezident: ejabberd will just answer to an IQ request
[15:18:40] <zinid> That's it
[15:20:07] <prezident> thats the same stuff we get out of the service url
[15:20:10] ata2001 leaves the room: Disconnected: closed
[15:20:18] <prezident> honestly, its just protecting with some sort of hash
[15:20:21] <prezident> there is no interaction
[15:20:32] <Holger> prezident: It's not the same.  It avoids the interaction.  That's *good*.
[15:21:07] <zinid> prezident: the only interaction is a shared secret
[15:21:12] <prezident> i see
[15:21:22] <prezident> its hasing some details and they are supposed to be the same
[15:21:29] <MattJ> Yes
[15:21:30] <zinid> prezident: yes
[15:21:31] sindrake leaves the room
[15:21:40] ata2001 leaves the room: Disconnected: Replaced by new connection
[15:21:52] <Holger> prezident: You wanted *SPEED*.  Interaction is *BAD* for speed.  Even much moah badderer than using Lua instead of C!!!
[15:22:13] <zinid> There is a lot of ways in ejabberd where I do this in order to avoid excessive state accumulation
[15:22:45] <zinid> Iq routing for example
[15:23:25] ata2001 leaves the room: Disconnected: Replaced by new connection
[15:23:31] <zinid> But I don't use hmac, just sha1
[15:23:43] <zinid> Shame on me 🤣
[15:23:53] <prezident> but thats no real access protection
[15:24:11] <MattJ> prezident, what kind of protection do you want?
[15:24:43] <zinid> prezident: nginx is unable to set permission on the file uploaded? Neither Apache?
[15:24:47] <prezident> there is quite some checks in the other module to ensure uploaded files belongs to user that requested the slot
[15:25:17] <zinid> Wut?
[15:26:42] <zinid> prezident: ok, here are at least 3 person who don't understand your requirement, could elaborate please?
[15:27:00] <zinid> *could you
[15:27:00] <Holger> prezident: If mod_http_upload handles the PUT request itself, it checks the file name and size match the requested values, just like the external solution.
[15:27:06] <prezident> oh sorry checks only for existing slot in array
[15:27:33] <prezident> zinid: just an open discussion
[15:28:22] <zinid> prezident: well from the discussion seems like we have misunderstanding, to say the least 😂
[15:28:56] ChaosKid42 leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[15:29:10] Akasch leaves the room
[15:31:13] <prezident> might be the right approach
[15:31:35] <prezident> but still i dont see nginx loading a custom module without recompiling
[15:31:58] <prezident> even load_module needs them to be included in configure
[15:33:27] spicewiesel leaves the room: Stream closed by us: Replaced by new connection (conflict)
[15:34:31] <prezident> zinid: its just something i spent some thoughts on already, and nothing reallys is the best solution
[15:34:58] <zinid> prezident: Lua?
[15:35:14] <prezident> might not be available everywhere
[15:35:30] <prezident> and i didnt switch from prosody to ejabberd to stick to lua :)
[15:35:40] <zinid> Gosh
[15:35:49] <zinid> I hate this type of arguments
[15:36:03] <prezident> its sarcasm
[15:36:08] <prezident> i dont care about the language
[15:36:08] <zinid> Okay
[15:36:19] <prezident> erlang is still new for me
[15:36:39] <prezident> its a lot easier to read than lua...
[15:37:02] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[15:37:07] <zinid> prezident: so you're finding a solution for yourself, why do you even care that Lua is not available somewhere?
[15:37:45] <zinid> Not sure where Lua can be missing though...
[15:38:01] <zinid> On some handmade compiled distros?
[15:39:31] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[15:40:03] <prezident> hacking everything means also taking care of it
[15:40:17] Andrew Nenakhov leaves the room
[15:40:43] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[15:40:51] Andrew Nenakhov leaves the room: Connection failed: connection closed
[15:42:00] <zinid> prezident: you don't need to hack, we discussed this already, someone just need to write it once and it will be reused by everyone
[15:42:15] <zinid> Both for prosody and ejabberd
[15:42:43] 4223 leaves the room
[15:43:37] <zinid> So you're better off writing such module and make it public instead in order to help the community, or just wait for someone to write
[15:43:51] <zinid> I really don't see more elegant solution
[15:44:52] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[15:45:31] <prezident> i imagine it to be quite intense
[15:46:17] <zinid> And what's not intense?
[15:47:06] <zinid> When everyone creates their own hacks around webdav and shit like that?
[15:47:23] ata2001 leaves the room: Disconnected: Replaced by new connection
[15:48:42] ata2001 leaves the room: Disconnected: closed
[15:49:06] <prezident> maybe lua for starters :)
[15:49:31] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[15:49:52] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[15:52:06] alexis leaves the room
[15:53:59] <prezident> apaches dav module is even more complex
[15:54:34] lukas leaves the room
[15:55:11] newbie leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:00:27] joekokker leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:00:51] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:01:04] ata2001 leaves the room: Disconnected: Replaced by new connection
[16:04:08] pod leaves the room
[16:05:59] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:06:34] ata2001 leaves the room: Disconnected: closed
[16:08:50] newbie leaves the room
[16:11:09] rom1dep leaves the room
[16:11:25] cromain leaves the room
[16:12:19] ata2001 leaves the room: Disconnected: Replaced by new connection
[16:13:09] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[16:13:09] ChaosKid42 leaves the room: Stream closed by us: system-shutdown
[16:17:04] jonasw leaves the room
[16:17:43] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:18:18] ata2001 leaves the room: Disconnected: closed
[16:24:33] <Holger> prezident, MattJ: Ah yes to compile an Nginx module, it seems you still need to throw it into the Nginx source tree and recompile that using the same source and ./configure flags. I wasn't aware sorry. Not sure that's a show stopper but a Lua/Perl/whatever module will be easier to deploy if it's not included by the distro of course.
[16:25:57] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:26:49] ludo leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:32:13] ChaosKid42 leaves the room
[16:32:28] UsL leaves the room: gone
[16:33:12] <zinid> > it seems you still need to throw it into the Nginx source tree and recompile that using the same source and ./configure flags.
[16:33:17] <zinid> WTF...
[16:33:29] ata2001 leaves the room: Disconnected: Replaced by new connection
[16:34:21] <zinid> I already started to investigate how to write such a module...
[16:36:26] jeremy leaves the room
[16:38:14] secret_agent leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:39:06] ThUnD3r|Gr33n® leaves the room
[16:42:00] adrien leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:54:50] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:55:57] nekit leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[16:58:09] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[16:59:32] ulrich leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:01:14] vanitasvitae leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:03:00] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:06:57] spicewiesel leaves the room: Machine going to sleep
[17:08:16] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:12:12] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:13:26] <prezident> how does the external upload protect from arbitrary uploaders?
[17:13:40] <prezident> couldnt i send any correct hash?
[17:13:47] <prezident> and upload any file then?
[17:14:07] ulrich leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:14:15] <prezident> thats why i leave the creation of folders up to the service url
[17:14:17] lukas leaves the room
[17:14:31] <prezident> than only someone who knows the correct folder can use put
[17:14:47] <prezident> then
[17:15:53] <Licaon_Kter> prezident: you know the *secret*?
[17:16:44] <prezident> from enough urls maybe?
[17:16:49] ata2001 leaves the room: Disconnected: closed
[17:17:22] lukas leaves the room
[17:18:14] ludo leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:19:40] marc leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:25:48] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:27:01] bammes leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:27:49] <zinid> prezident: good luck
[17:31:31] <Licaon_Kter> zinid: you're aware of this, right?
https://github.com/ThomasLeister/prosody-filer/blob/master/README.md
[17:32:27] <zinid> Licaon_Kter: no
[17:32:54] <Licaon_Kter> That's the trashserver.net admin BTW
[17:33:08] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:33:22] <zinid> NIH
[17:33:24] marc leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:33:34] <Licaon_Kter> 🤷
[17:33:57] <zinid> Yet another HTTP server, really?
[17:35:04] vogt leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:36:53] <prezident> and we want to be nice to firewalls, so https on port 443 is always a sane choice
[17:37:38] ChaosKid42 leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:37:53] <zinid> prezident: except when you need performance
[17:38:55] <prezident> in what sense?
[17:39:17] <zinid> In direct
[17:39:32] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:40:02] <prezident> what i mean is, 443 is usually alread in use
[17:40:13] <zinid> If we talk about serving files http is like 10 times faster because you can use sendfile(2)
[17:40:23] <zinid> Ah, ok
[17:41:16] <prezident> while sslh works i am not sure if it can distingiush between different vhosts
[17:44:55] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:49:35] jannic leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:50:06] Marzanna leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:50:11] <prezident> zinid: regarding ocsp stapling, thats actually no priority when there are no clients supporting it. but what would be nice if fast_tls supported certificate chains
[17:50:19] <prezident> so we can combine rsa and ecc certs
[17:50:40] <prezident> thats also something i am experimenting with
[17:51:09] <prezident> and configurable curves
[17:52:25] <prezident> auto curve selection isnt enough for that, that selects the curve from the certificate first
[17:53:25] <prezident> then i think it would make sense to have it configurable from within ejabberd
[17:56:05] <tyler> prezident, I just poke into the chat periodically, but which of the things you've discussed so far do you think are most important for your version of the "evolution" of XMPP?
[17:56:12] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:56:28] <prezident> certificate chains und curves
[17:56:35] <prezident> curve25519 is important for mobile devices
[17:56:49] frainz leaves the room
[17:56:54] <prezident> ecc is the better choice, but there are too many servers using rsa out there
[17:57:28] ulrich leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[17:57:47] <zinid> tyler: this
[17:58:14] Andrew Nenakhov leaves the room
[17:58:16] <tyler> zinid: That's kind of what I was wondering.
[17:58:23] <tyler> about
[17:58:49] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[17:59:07] <zinid> tyler: I mean this rsa vs ecc is a stupid thing
[17:59:29] <prezident> its about saving processor cycles
[17:59:35] Andrew Nenakhov leaves the room
[18:00:03] <tyler> zinid: It seems like it's currently kind of low prio, but then I run a tiny server.
[18:00:09] Andrew Nenakhov leaves the room: Connection failed: connection closed
[18:01:18] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[18:02:17] <prezident> ECDHE-ECDSA-CHACHA20-POLY1305 that would be nice to offer for mobile devices
[18:02:29] mightyBroccoli leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[18:03:28] Andrew Nenakhov leaves the room: Stream closed by us: Replaced by new connection (conflict)
[18:03:34] rom1dep leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[18:03:50] <zinid> So offer
[18:03:58] <prezident> https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
[18:04:17] <prezident> you have to choose currently
[18:04:21] <prezident> ecc or rsa
[18:04:35] <prezident> "For example: decrypting a 1MB file on the Galaxy Nexus (OMAP 4460 chip):
AES-128-GCM:         41.6ms
ChaCha20-Poly1305:     13.2ms"
[18:04:45] <prezident> its not a mystery
[18:05:19] <prezident> so if we offer ecc to clients we cant talk to rsa servers anymore
[18:06:14] <prezident> if i pass both certs to ejabberd pkix can only save one of with fast_tls
[18:06:23] <prezident> which one depends on the hash
[18:07:45] <zinid> prezident: prove the performance in a typical xmpp mobile usage scenario, synthetic tests are irrelevant
[18:08:12] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[18:08:14] ThUnD3r|Gr33n® leaves the room
[18:26:42] zuglufttier leaves the room
[18:27:13] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[18:28:11] badlop leaves the room: Stream reset by peer
[18:36:14] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[18:37:55] Akasch leaves the room: Rechner geht in den Ruhezustand
[18:38:04] <tyler> Unrelated: I hate that search engines try to do me favors. Sick of searching for stuff and not having the terms anywhere in the page.
[18:38:21] ata2001 leaves the room: Disconnected: closed
[18:39:05] <tyler> cd /.com ; grep -Ri 'cat' | grep -Ri 'pictures'
[18:39:14] <tyler> Missed a *. Oh well.
[18:43:01] ata2001 leaves the room: Disconnected: Replaced by new connection
[18:46:36] ata2001 leaves the room: Disconnected: Replaced by new connection
[18:47:52] ata2001 leaves the room: Disconnected: Replaced by new connection
[18:48:25] zuglufttier leaves the room
[18:49:04] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[18:49:34] <prezident> zinid: it saves battery
[18:49:50] <prezident> as it eats less cpu cycles
[18:50:36] <prezident> specially for login, which should be one of the heaviest parts
[18:51:56] <zinid> proofs?
[18:52:18] <prezident> besides isnt it just good practice to have that supported? all good software does out of the box
[18:52:29] <prezident> just to avoid issues with combinations of ecc and rsa
[18:53:03] <prezident> zinid: its the whole idea behind curve25519
[18:53:15] <prezident> being stronger with less cycles
[18:53:17] <zinid> just disable tls if you want battery saving then
[18:53:29] <prezident> how is that an option?
[18:54:10] <zinid> prezident, ok, you might be unfamilar with my opinion on crypto
[18:54:39] <zinid> crypto is the latest thing we need to solve in xmpp
[18:54:42] <zinid> there are priorities
[18:55:22] <zinid> also, cryptowhores cannot prove any of their statements
[18:55:41] <zinid> only blah-blah, faster, blah-blah, it's best practice, blah-blah good software
[18:55:42] <prezident> why not being modern and do it like the big do?
[18:55:53] <zinid> blah-blah being modern
[18:56:06] <zinid> that's all your arguments?
[18:56:22] sindrake leaves the room
[18:56:24] <prezident> rsa is broken
[18:56:40] <prezident> ecc is not
[18:56:41] <zinid> prezident, zinid.ru - crack it
[18:56:43] <zinid> I use RSA
[18:56:48] <zinid> prove your statement
[18:57:01] <prezident> there are enough people that did already
[18:57:07] <zinid> yeah
[18:57:17] <zinid> so you cannot crack my server?
[18:57:22] <prezident> you dont like systemd either?
[18:57:34] <zinid> furthermore, I use no TLS at one of my clients, intercept my traffic please
[18:57:41] <zinid> I don't care about systemd
[18:57:44] <prezident> ask your local government
[18:57:55] <Holger> zinid doesn't even like soccer.
[18:58:26] <zinid> prezident, ask NSA to break your server/computer
[18:58:34] <zinid> prezident, count seconds when it happens
[18:59:15] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:00:25] <zinid> also, if my government wants my data they will apply high-voltage rectal cryptoanalysis
[19:01:24] <zinid> any new arguments I'm unfamilar with?
[19:01:28] <prezident> well whats your priorities?
[19:01:48] <zinid> prezident, easy configuration, easy user unboarding, competitive clients
[19:01:48] <prezident> on the other hand can you proove me wrong?
[19:02:04] <prezident> are there any articles showing any opposites?
[19:02:13] <zinid> prezident, that's not my burden to prove you wrong, that's not how it works
[19:02:46] <prezident> well my point still stands
[19:02:55] <zinid> prezident, unicorns exist, prove me wrong
[19:03:02] <zinid> prezident, ghosts exist, prove me wrong
[19:03:10] <zinid> prezident, aliens exist, prove me wrong
[19:03:22] <prezident> thats very philosophic
[19:03:30] <prezident> aliens do exist
[19:03:40] <prezident> but they might look like us...
[19:03:43] <zinid> that's called presumption of non-existence
[19:04:06] <prezident> my status message cites albert...
[19:04:10] <zinid> that's rational thinking and you're getting into logical fallacy by asking to prove you wrong
[19:04:44] <prezident> what kind of proof you want?
[19:05:06] <zinid> prezident, I want you to prove that I need TLS
[19:05:11] <zinid> or ECC
[19:05:17] <prezident> measuring login time on a mobile?
[19:05:22] <zinid> that I need it, not agency spies, but I
[19:05:34] <prezident> you need tls at least to verify it really is the server you want to connect to
[19:05:47] <prezident> if you want it for encryption you should exchange key material outside the internet
[19:05:57] <zinid> sigh
[19:06:03] <prezident> all encryption is all to verify the content really
[19:06:18] <zinid> no
[19:06:28] <zinid> there is integrity for content verification
[19:06:34] <prezident> if you dont exchange the keys somewhere offline
[19:06:49] <prezident> they can be suspect of mitm attacks
[19:07:03] <zinid> sigh x 2
[19:07:05] <prezident> thats not possible if you verify the fingerprint of the certificate
[19:07:56] <prezident> how is it different from that?
[19:09:19] 4223 leaves the room
[19:09:37] <zinid> look, I'm really tired to discuss this in 100500nd time with yet another random internet human
[19:09:43] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:10:28] <zinid> my position is: crypto in xmpp usage is of a very low priority, just accept my opinion
[19:10:41] <zinid> you can disagree, but that's ok
[19:11:38] <prezident> how will zeroconf help to make anything better?
[19:11:51] <prezident> maybe i dont disagree, but i dont understand it yet
[19:12:01] <zinid> speaking of ejabberd: I have a long list of priorities for this year, non of them relate to crypto, except fixing bugs in ACME response processing
[19:13:18] <zinid> prezident, XMPP server is extremely hard to configure, that pisses off users
[19:13:29] <Licaon_Kter> prezident: it's better this way, let zinid do the _xmmp is easy_ part, iNPUTmice OMEMO, others desktep clients, etc 👍
[19:13:52] <zinid> this^^^
[19:14:00] <zinid> just fuck off with your crypto
[19:14:21] <prezident> he can only be pissed when he understands what i am talking about, so i am fine :)
[19:14:26] <prezident> hope zinid is too!
[19:15:15] <zinid> if you have patches and they are of a good quality, no problem, I accept the PR
[19:15:33] <Licaon_Kter> prezident: you do whatever strikes your fancy, given how low the dev count and the money is around (compared to siloed IMs of course) having devs that care about their pet peeve is the best thing ever ™
[19:16:47] <prezident> he commits changes to fast_tls, cant be that far off ;)
[19:17:16] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:17:19] <zinid> prezident, last time when I commited them I introduced memory leak and segfault
[19:17:28] <zinid> (speaking of how crypto protects you)
[19:17:28] <prezident> on purpose? :)
[19:18:02] <zinid> funny joke
[19:22:04] <prezident> so your vision of xmpp would be everony running its own server and no servers with larger userbases?
[19:22:43] <zinid> for larger userbases you just offload TLS to haproxy
[19:22:55] <zinid> what we exactly do for our customers
[19:22:56] <prezident> despite tls
[19:23:17] <zinid> it's some tricky question to get me into some trap?
[19:23:22] <prezident> no
[19:23:27] <zinid> because I don't understand the context
[19:23:38] <prezident> when you push something like zeroconf
[19:23:45] <prezident> who do you target with that?
[19:23:51] <prezident> clearly not me...
[19:23:54] <zinid> SOHO
[19:23:54] <deavmi> Z e r o  c o n f
[19:24:15] <prezident> ok
[19:24:19] <prezident> i understand that
[19:24:39] <zinid> and servers with large userbases are evil, yes
[19:25:13] <prezident> maybe, but dont we have to live with some of the evil...
[19:25:19] <zinid> not that I oppose to that, but I wish they don't exist, but reality is different and I'm paid for maintaining such servers
[19:26:39] <prezident> and isnt marketing part of the process? someone wants to hear all the buzzwords...
[19:26:48] <zinid> wut?
[19:26:56] <prezident> here they do :)
[19:28:41] <zinid> who? do what?
[19:28:53] <zinid> I really don't get what you mean
[19:29:12] <prezident> buzzword?
[19:29:32] mightyBroccoli leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:29:56] <zinid> whatever
[19:30:03] <prezident> the ones that sign the cheques often like buzzwords
[19:30:47] <deavmi> Lol
[19:30:53] <deavmi> True. B l o c k c h a i n
[19:32:48] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:32:50] Licaon_Kter leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:34:58] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:35:03] sindrake leaves the room
[19:35:53] ThUnD3r|Gr33n® leaves the room
[19:39:59] srgcdev leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:42:04] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:43:51] secret_agent leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:47:31] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:50:08] cippaciong leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:50:23] spicewiesel leaves the room: Machine going to sleep
[19:51:46] ludo leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:54:06] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[19:54:23] frainz leaves the room: Stream closed by us: Replaced by new connection (conflict)
[19:54:38] prefiks leaves the room
[19:56:11] robert_mobil leaves the room
[19:56:31] sindrake leaves the room: Rechner geht in den Ruhezustand
[19:58:02] jonasw leaves the room
[19:58:46] lukas leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:00:07] tester leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:00:31] jonasw leaves the room
[20:00:34] debalance leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:03:05] robert_mobil leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:05:03] lorddavidiii leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:05:57] robert_mobil leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:06:40] robert_mobil leaves the room
[20:09:58] bammes leaves the room
[20:09:59] bammes leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:15:51] mfoss leaves the room
[20:18:57] pod leaves the room
[20:19:26] tester leaves the room
[20:20:40] ludo leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:26:07] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:32:48] mightyBroccoli leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:33:23] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:35:03] adrien leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:37:00] Man_Life leaves the room: Logged out
[20:37:23] lorddavidiii leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:40:24] marc leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:52:13] lorddavidiii leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:52:19] alexis leaves the room: Stream closed by us: Replaced by new connection (conflict)
[20:54:15] fp leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[20:55:00] mrDoctorWho leaves the room: Disconnected: Replaced by new connection
[20:56:45] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:00:40] cippaciong leaves the room: Stream closed by us: Replaced by new connection (conflict)
[21:04:49] ata2001 leaves the room: Disconnected: Replaced by new connection
[21:05:33] marc leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:05:43] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:11:10] ulrich leaves the room
[21:13:12] debalance leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:14:51] srgcdev leaves the room
[21:18:30] tyler leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:20:12] fp leaves the room
[21:24:59] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:27:49] <rom1dep> that's… a fair daily volume of messages
[21:27:53] bammes leaves the room
[21:27:53] bammes leaves the room: Stream closed by us: Replaced by new connection (conflict)
[21:28:18] bammes leaves the room: Stream closed by us: Client acknowledged more stanzas than sent by server (undefined-condition)
[21:29:53] carlos leaves the room
[21:31:07] ata2001 leaves the room
[21:32:41] 4223 leaves the room
[21:37:01] tyler leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:37:56] jere leaves the room: Disconnected: Replaced by new connection
[21:43:13] spicewiesel leaves the room: Machine going to sleep
[21:43:34] zinid leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:49:45] mimi89999 leaves the room
[21:50:20] ata2001 leaves the room: Disconnected: Replaced by new connection
[21:50:44] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[21:51:02] 404 leaves the room
[22:07:30] cippaciong leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:07:41] nekit leaves the room
[22:07:56] jere leaves the room: Disconnected: Replaced by new connection
[22:09:17] mimi89999 leaves the room
[22:10:27] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:12:28] alexis leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:13:06] sindrake leaves the room
[22:16:35] mimi89999 leaves the room: Disconnected: Replaced by new connection
[22:18:17] mimi89999 leaves the room: Disconnected: Replaced by new connection
[22:19:57] deavmi leaves the room: Disconnected: Replaced by new connection
[22:21:06] ThUnD3r|Gr33n® leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:25:01] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:29:55] rom1dep leaves the room: Stream closed by us: Replaced by new connection (conflict)
[22:33:43] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:38:28] rom1dep leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[22:52:40] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[23:04:42] sezuan leaves the room
[23:15:00] ata2001 leaves the room: Disconnected: closed
[23:35:28] 4223 leaves the room
[23:43:39] jeremy leaves the room: Stream closed by us: Timed out waiting for stream resumption (connection-timeout)
[23:52:27] deavmi leaves the room: Disconnected: Replaced by new connection

Powered by ejabberd - robust, scalable and extensible XMPP server