Re: Whitelisting?
On 2017-01-03, 16:59 GMT, Matěj Cepl wrote: > Yeah, thanks ... that example particularly is too tight for me > (I am willing to accept communication from the reasonable > servers), but that gives me a logic how to do it. Thanks. Wrote a blog about the experience https://matej.ceplovi.cz/blog/harry-potter-and-the-jabber-spam.html Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Give a man a regular expression and he’ll match a string… teach him to make his own regular expressions and you’ve got a man with problems. -- yakugo in http://regex.info/blog/2006-09-15/247#comment-3022
Server-side archiving ... XEP-0136 ???
Is there anywhere a plugin or something to make jabberd2 support XEP-0136? Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Give a man a regular expression and he’ll match a string… teach him to make his own regular expressions and you’ve got a man with problems. -- yakugo in http://regex.info/blog/2006-09-15/247#comment-3022
Re: jabberd-2.5.0 release
On Thu, 2017-01-05 at 19:54 +0100, Tomasz Sterna wrote: > It is about time for next jabberd2 release. > > Get 2.5.0 release at GitHub: > https://github.com/jabberd2/jabberd2/releases 0day (well, almost) upgrade in Fedora Rawhide, https://koji.fedoraproject.org/koji/buildinfo?buildID=831477 Best, Matěj -- http://matej.ceplovi.cz/blog/, Jabber: mceplceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Scouts are saving aluminum cans, bottles and other items to be recycled. Proceeds will be used to cripple children. -- from a church bulletin signature.asc Description: This is a digitally signed message part
Re: Whitelisting?
On 03/01/17 09:30, Tomasz Sterna wrote: > W dniu 02.01.2017, pon o godzinie 23∶33 +0100, użytkownik Matěj Cepl > napisał: >> It is possible to allow messages from contacts on roster only. >> [...] I wondered whether you (or anybody else) could point me to >> some HOWTOs or examples? > > http://xmpp.org/extensions/xep-0016.html#protocol-all Example 47. Yeah, thanks ... that example particularly is too tight for me (I am willing to accept communication from the reasonable servers), but that gives me a logic how to do it. Thanks. Happy New Year! Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 [...] a superior pilot uses his superior judgment to avoid having to exercise his superior skill. -- http://www.jwz.org/blog/2009/09/that-duct-tape-silliness/#comment-10653 signature.asc Description: OpenPGP digital signature
Re: Whitelisting?
On 02/01/17 21:19, Tomasz Sterna wrote: > You should rather use standard privacy lists. XEP-0016 > It is possible to allow messages from contacts on roster only. Of course, I use XEP-0016 (it should be a subset of XEP-0191, shouldn't it?), but I wondered whether you (or anybody else) could point me to some HOWTOs or examples? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Economics is the only discipline where two people can win a Nobel Prize for saying exactly the opposite thing! -- Eamonn Butler of Adam Smith Institute on Nobel Prize awards for year 2001 signature.asc Description: OpenPGP digital signature
Whitelisting?
Hi, is it possible to use XEP-0191 to setup whitelist (i.e., default blocking, and whitelisting domains)? Does jabberd 2.4.0 support it? The amount of spim I am getting is quite horrible these days. Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 signature.asc Description: OpenPGP digital signature
Re: Future of jabberd
On 2016-05-30, 08:31 GMT, Tomasz Sterna wrote: > But it is far from modern too... > There are some changes I would like to introduce in the near future and > I would like to hear your thoughts about: I completely agree with these comments: 1. It would be probably wise to maintain stable jabberd2 branch as long as the new jabberd2 (or dare I say jabberd3?) is being developed. One of the nice things about jabberd2 is that it is rather stable, so I would prefer if we still have some enteprise-production-stable version of jabberd2 until the jabberd3 gets to the same level of stability/maturity. 2. I really like the idea of JavaScript plugins/components, but I agree with other commenter that it should be made optional (or even it could be XEP-0114 external components itself?). Also, I would love if this functionality was in addition not as a replacement of XEP-0114 external components. 3. I guess you know https://metajack.wordpress.com/2008/08/26/choosing-an-xmpp-server/ by heart, don't you? When doing large changes in the codebase, it would be probably prudent to take those objections into considertaion, especially database transaction “abuse”. Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 The politician attempts to remedy the evil by increasing the very thing that caused the evil in the first place: legal plunder. -- Frederick Bastiat
Re: jabberd-2.4.0 release
On 2016-05-27, 07:09 GMT, li...@lazygranch.com wrote: > I get this error message: > -- > checking for XML_ParserCreate in -lexpat... no > configure: error: Expat not found > -- > I have expat, so it is a matter of configure not finding it. Do you have appropriate -dev (for Debian), or -devel (for Fedora/SUSE) package installed? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Less is more or less more. -- Y_Plentyn on #LinuxGER (from fortunes -- I cannot resist :-)
Re: Questions...
On 2016-04-14, 10:26 GMT, Adrian Reber wrote: > In the configuration I am running jabberd2 on Fedora I did not > have many (maybe any) upgrading the last few versions. EPEL-7 > would be an upgrade from 2.3.2 to 2.3.6. It probably depends > on the installation and which backends are used if the > upgrade. Looking at > > https://github.com/jabberd2/jabberd2/blob/master/NEWS > > it seems upgrading from 2.3.4 to 2.3.5 can require database > changes. Not sure how to handle this. But we can try. # mod_verify requires CREATE TABLE "verify" in DB. Make sure # you created it before enabling the module in sm.xml. However, the mod_verify is new in 2.3.5, so we don't have to care about its migration, right? Or what am I missing? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC [...] sleep is no substitute for caffeine. -- Robert Storey in review of Debian (when describing re-compilation of kernel :-)
Re: Questions...
On 2016-04-14, 10:38 GMT, Tomasz Sterna wrote: > W dniu 14.04.2016, czw o godzinie 10∶49 +0200, użytkownik Matěj Cepl > napisał: >> Do we know what is the upgrade story? Does the latest jabberd2 >> just takes over the original configuration? > > Upgrade path is documented: > https://github.com/jabberd2/jabberd2/blob/master/NEWS We have 2.3.2 in EPEL-7 (https://bodhi.fedoraproject.org/updates/?packages=jabberd) so hopefully it wouldn't be that difficult to get to 2.3.6 everywere. Adrian, what do you think? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC If we rise from prayer better persons, our prayers have been answered. -- a Jewish prayer book
Re: Questions...
On 2016-04-14, 06:27 GMT, Adrian Reber wrote: > On Wed, Apr 13, 2016 at 09:19:45AM -0700, John Oliver wrote: >> 1) Is this project the 'jabberd' that's available in EPEL? > > I can answer that one. jabberd in EPEL is jabberd2. As it is EPEL it > will not see as many updates as the upstream package I agree that I would keep EPEL-6 (or even EPEL-5) untouched just with possible security patches, but it seems to me that rebase in EPEL-7 would not be the worst idea. What do you think? I am willing to help with patching. Do we know what is the upgrade story? Does the latest jabberd2 just takes over the original configuration? Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC SCSI is *not* magic. There are *fundamental* *technical* reasons why you have to sacrifice a young goat to your SCSI chain every now and then. -- John F. Woods
Re: Configuration of SSL?
On 2015-11-19, 22:58 GMT, Tomasz Sterna wrote: > I have builds for recent Fedora versions on OBS [1], but > RHEL/Centos are missing on crucial dependencies, so I cannot > build for these. I prefer to help with maintaining true Fedora/EPEL packages. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Less is more or less more. -- Y_Plentyn on #LinuxGER (from fortunes -- I cannot resist :-)
Re: Configuration of SSL?
On 2015-11-18, 16:39 GMT, Tomasz Sterna wrote: > You need 2.3.4 minimum. OK, then I doomed. :) Don't worry, I can live with a C mark pretty well. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Do not long for the night, when people vanish in their place. Be careful, do not turn to evil; for you have preferred this to affliction. -- Job 36:20f (NASB)
Re: Configuration of SSL?
On 2015-11-18, 13:07 GMT, Tomasz Sterna wrote: > W dniu 18.11.2015, śro o godzinie 11∶30 +0100, użytkownik Matěj Cepl > napisał: >> So, I would like to switch off RC4 which is really an obsolete >> nosense. With Apache I can do it in its configuration, is it >> possible to do it somehow for jabberd2? > > in c2s.xml in section set: > > ciphers='ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES12 > 8:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS' > >ceplovi.cz > > to get A score. Which version of jabberd2 is required? With jabberd-2.3.2-3.el7.x86_64 (what we have in RHEL-7) it seems like one of the most succesful ways how to kill my server ;). Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Besides, the determined Real Programmer can write Fortran programs in any language. -- Ed Post, Real Programmers Don't Use Pascal
Configuration of SSL?
Hi, can somebody tell me how to configure SSL used by jabberd2? When running XMPP Observatory tests against my jabberd2 server I get https://xmpp.net/result.php?domain=ceplovi.cz&type=client So, I would like to switch off RC4 which is really an obsolete nosense. With Apache I can do it in its configuration, is it possible to do it somehow for jabberd2? Thank you, Matěj Cepl -- https://matej.ceplovi.cz/blog/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC в чужой монастырь со своим уставом не ходят. -- Russian proverb (this time actually checked by a native Russian)
Loqui IM doesn’t work with the XEP-198 by jabberd2
Hi, (a follow-up to the issue https://github.com/loqui/im/issues/732#issuecomment-105519240) I have a jabberd2 XMPP server on domain ceplovi.cz and I would like to connect to it with Loqui. It works perfectly well with pidgin, bitlbee, empathy, displays well on IM Observatory, but Loqui just ALWAYS ends with “Authentication failed” (it is not a temporary failure). The strange thing is that jabberd2 logs on the server don’t show any activity when I try to login. Loqui IM people do think that it is because of discrepancy between the implementation of XEP-198 by jabberd2 and (they say) more recent version of it expected by Loqui IM. Does anybody here understand what’s the problem? Would it be possible somehow to make jabberd2 compatible with Loqui? Best, Matěj -- http://www.ceplovi.cz/matej/, Jabber: mceplceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be any virtue, and if there be any praise, think on these things. -- Philipians 4:8 KJV
Re: jabberd-2.3.3 release
On 2015-04-13, 09:17 GMT, Tomasz Sterna wrote: > Next jabberd2 release is available. > > Get 2.3.3 release at GitHub: https://github.com/jabberd2/jabberd2/releases Are there any release notes? Are there any changes, upgrade path? Should the packagers in Linux distros be concerned about something? Matěj -- http://www.ceplovi.cz/matej/, Jabber: mceplceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC The law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread. -- Anatole France
Re: XEP-0138 uncontrolled resource consumption ???
On 26/02/15 11:32, Tomasz Sterna wrote: > Dnia 2015-02-26, czw o godzinie 01:38 +0100, Matěj Cepl pisze: >> could anybody confirm that >> http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/ >> > > As you can see at > https://github.com/jabberd2/jabberd2/blob/f6225f9cc5af93835285a0a788479978d271ee38/sx/io.c#L64 > stanza_size_limit is enforced on unencrypted/uncompressed bare stanza data. > So if the lower layer (sx compress plugin) feeds too much data, the > connection is torn down. Thanks. Bugs have been closed. Matěj -- http://www.ceplovi.cz/matej/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC If Patrick Henry thought that taxation without representation was bad, he should see how bad it is with representation.
Re: STARTTLS connection on jabberd2
On 26/02/15 11:23, Tomasz Sterna wrote: > Dnia 2015-02-26, czw o godzinie 01:09 +0100, Matěj Cepl pisze: >> pemfile="/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt" > > .crt suggests that this is certificate only. > You need a .pem with full chain of all certificates from the CA, to your > certificate (if not present in global ca-certificates) and a private > key, concatenated together in one file. Yes, I forgot to add the key, thank you. Also, on the similar note. I have started to look at our Fedora/RHEL bugs for jabberd2 (and some of them are shamefully old) and I have found https://bugzilla.redhat.com/show_bug.cgi?id=1179229. What do you think about my comment 3 and the attached patch? Best, Matěj -- http://www.ceplovi.cz/matej/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC If Patrick Henry thought that taxation without representation was bad, he should see how bad it is with representation.
XEP-0138 uncontrolled resource consumption ???
Hi, could anybody confirm that http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/ doesn’t affect jabberd2? I would like to get rid of the bug in the Red Hat bugzilla (https://bugzilla.redhat.com/1184157 and https://bugzilla.redhat.com/1184158). Thank you, Matěj
STARTTLS connection on jabberd2
Hi, I am installing jabberd2 from RHEL-6 package and the configuration seems to be bit broken (yes, I do need jabberd2, persuading me to switch to another server doesn't help me). I am now getting connection from the remote client, but unfortunately only without TLS and over unencrypted sessions. Server doesn't seem to offer secured communication at all (at least pidgin claims that "You require encryption, but it is not available on this server."). Here is the element of my c2s.xml file (or is anything else relevant?): redcrew.org ceplovi.cz 0.0.0.0 5222 /etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt Does anybody see anything missing? Could anybody see from outside what's wrong with XMPP server for ceplovi.cz, please? Thank you in advance for any responses, Matěj
XEP-0227 to Jabberd2 migration scripts?
Hi, did anybody created %subj%? Looking at https://bugs.launchpad.net/jabberd2/+bug/1080828 doesn’t give me much hope, so I have started https://gitlab.com/mcepl/xep227-to-jabberd2, but if anybody has something working I am all ears! Best, Matěj