The TCP brownout - i.e. loosing messages problem

I beleive the problem is widely known by now.

That is, if a user sudenly get's disconnected of the internet - like if
the power goes out, or he suspends his laptop, his router dies, etc. - his
TCP session with the XMPP server stays lingering for a posible long time
(afaik max is up to 2hours?).

For that time the XMPP server thinks the user is online and will route
messages to him, until the TCP stack in the OS notices the problem. 

These messages will be *lost*!

So my question is two-fold,

1. what are admins doing to prevent this, or at least limit the loss of
   messages
1.1. more specifically, I'm using ejabberd on Linux, so that's what I'm
     most intereseted in
2. Is there a plan to somehow enhance the XMPP protocol to better handle
   this case? Getting a message twice would be much preferable to
   loosing it.

ps.
I have a crazy idea that a user-space TCP stack could help so that
the XMPP server will actually know what packets have reached the user,
so that it could queue the XMPP messages until all packets are ACKed.

Has anyone ever tried to do something like this?

--

-- 

Re: The TCP brownout - i.e. loosing messages problem

On 12/3/09 7:46 AM, Damjan wrote:
> I beleive the problem is widely known by now.
> 
> That is, if a user sudenly get's disconnected of the internet - like if
> the power goes out, or he suspends his laptop, his router dies, etc. - his
> TCP session with the XMPP server stays lingering for a posible long time
> (afaik max is up to 2hours?).
> 
> For that time the XMPP server thinks the user is online and will route
> messages to him, until the TCP stack in the OS notices the problem. 
> 
> These messages will be *lost*!
> 
> 
> So my question is two-fold,
> 
> 1. what are admins doing to prevent this, or at least limit the loss of
>    messages
> 1.1. more specifically, I'm using ejabberd on Linux, so that's what I'm
>      most intereseted in
> 2. Is there a plan to somehow enhance the XMPP protocol to better handle
>    this case? Getting a message twice would be much preferable to
>    loosing it.
> 
> 
> ps.
> I have a crazy idea that a user-space TCP stack could help so that
> the XMPP server will actually know what packets have reached the user,
> so that it could queue the XMPP messages until all packets are ACKed.

disable dialback on s2s connections

Hi all,

is there a way to disable dialback on s2s connections?

We are using jabberd 2.0s10.

Best Regards
Marcus

_______________________________________________
JAdmin mailing list
FAQ: http://www.jabber.org/discussion-lists/jadmin-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=19
Info: http://mail.jabber.org/mailman/listinfo/jadmin
Unsubscribe: JAdmin-unsubscribe <at> jabber.org
_______________________________________________

Re: disable dialback on s2s connections

On 12/4/09 9:11 AM, Marcus Moeller wrote:

> is there a way to disable dialback on s2s connections?

Why?

1. If you want to force the use of TLS + SASL EXTERNAL, yes you can do
that but at present you might not be able to connect to a lot of servers
because many large services don't use certificates yet (and encrypted
s2s with X.509 certificates isn't always a well-tested code path in
various server software). But by all means give it a try.

2. If you want to engage in promiscuous s2s without any identity
checking, then I have to say that won't work at all, because we disabled
that on the XMPP network back in October 2000.

> We are using jabberd 2.0s10.

About the mechanics of doing #1, you might want to ask on the jabberd2 list:

http://codex.xiaoka.com/wiki/jabberd2:start

or

mailto:jabberd2+subscribe <at> lists.xiaoka.com

Peter

--

-- 
Peter Saint-Andre

Re: XMPP server certificate

On 12/12/09 10:09 AM, Tomasz Sterna wrote:
> What is a recommended way of getting an X.509 certificate for my XMPP
> server installation today?
> 
> http://xmpp.net/ says that XMPP ICA has ceased operations.
> I tried going to http://www.startssl.com/ and creating an account there,
> but they apparently have broken registration process which borks me
> during the verification code entry with a "first_auth not callable"
> error.

That sounds like a timeout error to me. Also, what browser and OS are
you using?

I agree that the new StartSSL.com site is not as easy to navigate as the
old xmpp.net site. In part that's because their processes are more
automated (I had to do a lot of manual intervention for the xmpp.net
certs to be approved in many cases). One of these days I'll write up a
HOWTO that describes how to navigate the StartSSL process.

> Should I just forget the "XMPP Federation" thingy and proceed with
> self-signed certificate?

I hope not.

Peter

--

-- 
Peter Saint-Andre
https://stpeter.im/

Re: XMPP server certificate

Am 13.12.2009 um 04:20 schrieb Peter Saint-Andre:

> 
> I agree that the new StartSSL.com site is not as easy to navigate as the
> old xmpp.net site.

And it doesn't work for safari as I had to discover painfully some days ago. :-/

Greets, Steve

_______________________________________________
JAdmin mailing list
FAQ: http://www.jabber.org/discussion-lists/jadmin-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=19
Info: http://mail.jabber.org/mailman/listinfo/jadmin
Unsubscribe: JAdmin-unsubscribe <at> jabber.org
_______________________________________________

Re: XMPP server certificate

Dnia 2009-12-12, sob o godzinie 20:20 -0700, Peter Saint-Andre pisze:
> On 12/12/09 10:09 AM, Tomasz Sterna wrote:
> > What is a recommended way of getting an X.509 certificate for my XMPP
> > server installation today?
> > 
> > http://xmpp.net/ says that XMPP ICA has ceased operations.
> > I tried going to http://www.startssl.com/ and creating an account there,
> > but they apparently have broken registration process which borks me
> > during the verification code entry with a "first_auth not callable"
> > error.
> 
> That sounds like a timeout error to me. Also, what browser and OS are
> you using?

It pops up right after I press "Confirm" button, so I think it is not
timing related.

I am using Ubuntu Linux and I tried registering using Opera 10 and
Firefox 3.5. Same result with both.

--

-- 
Tomasz Sterna
Instant Messaging & EDI Consultant
Open Source Developer
http://tomasz.sterna.tv/  http://www.xiaoka.com/

_______________________________________________
JAdmin mailing list
FAQ: http://www.jabber.org/discussion-lists/jadmin-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=19

Re: XMPP server certificate

On 12/13/2009 10:59 AM, Tomasz Sterna wrote:
> Dnia 2009-12-12, sob o godzinie 20:20 -0700, Peter Saint-Andre pisze:
>> On 12/12/09 10:09 AM, Tomasz Sterna wrote:
>>> I tried going to http://www.startssl.com/ and creating an account there,
>>> but they apparently have broken registration process which borks me
>>> during the verification code entry with a "first_auth not callable"
>>> error.
>>
>> That sounds like a timeout error to me. Also, what browser and OS are
>> you using?
> 
> It pops up right after I press "Confirm" button, so I think it is not
> timing related.
> 
> I am using Ubuntu Linux and I tried registering using Opera 10 and
> Firefox 3.5. Same result with both.

For what it's worth I recently (two weeks ago) also renewed my
certificate (using Firefox 3.5.5) and I didn't encounter any problems.

Startcom also seems to have a JID that you can contact for help:
help <at> startcom.org

Regards,
Daniel Willmann

Re: XMPP server certificate

On 12/13/09 2:52 AM, Stefan Strigler wrote:
> Am 13.12.2009 um 04:20 schrieb Peter Saint-Andre:
> 
>> I agree that the new StartSSL.com site is not as easy to navigate as the
>> old xmpp.net site.
> 
> And it doesn't work for safari as I had to discover painfully some days ago. :-/

That's a known bug:

https://bugs.webkit.org/show_bug.cgi?id=23911

Peter

--

-- 
Peter Saint-Andre
https://stpeter.im/

_______________________________________________
JAdmin mailing list
FAQ: http://www.jabber.org/discussion-lists/jadmin-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=19
Info: http://mail.jabber.org/mailman/listinfo/jadmin
Unsubscribe: JAdmin-unsubscribe <at> jabber.org
_______________________________________________

Re: XMPP server certificate

On 12/13/09 2:59 AM, Tomasz Sterna wrote:
> Dnia 2009-12-12, sob o godzinie 20:20 -0700, Peter Saint-Andre pisze:
>> On 12/12/09 10:09 AM, Tomasz Sterna wrote:
>>> What is a recommended way of getting an X.509 certificate for my XMPP
>>> server installation today?
>>>
>>> http://xmpp.net/ says that XMPP ICA has ceased operations.
>>> I tried going to http://www.startssl.com/ and creating an account there,
>>> but they apparently have broken registration process which borks me
>>> during the verification code entry with a "first_auth not callable"
>>> error.
>> That sounds like a timeout error to me. Also, what browser and OS are
>> you using?
> 
> It pops up right after I press "Confirm" button, so I think it is not
> timing related.
> 
> I am using Ubuntu Linux and I tried registering using Opera 10 and
> Firefox 3.5. Same result with both.

Are you going through a proxy or do you have some FF extensions
installed? I have heard that can cause some problems, and I'd be happy
to follow up with StartCom about that.

Peter

--

-- 
Peter Saint-Andre
https://stpeter.im/