Dnes a zítra probíhá vývojářská konference Google I/O 2025. Sledovat lze na YouTube a na síti 𝕏 (#GoogleIO).
V Bostonu probíhá konference Red Hat Summit 2025. Vybrané přednášky lze sledovat na YouTube. Dění lze sledovat na síti 𝕏 (#RHSummit).
Společnost Red Hat oficiálně oznámila vydání Red Hat Enterprise Linuxu 10. Vedle nových vlastností přináší také aktualizaci ovladačů a předběžné ukázky budoucích technologií. Podrobnosti v poznámkách k vydání.
Tuto sobotu 24. května se koná historicky první komunitní den projektu Home Assistant. Zváni jsou všichni příznivci, nadšenci a uživatelé tohoto projektu. Pro účast je potřebná registrace. Odkazy na akce v Praze a v Bratislavě.
Troy Hunt představil Have I Been Pwned 2.0, tj. nový vylepšený web služby, kde si uživatelé mohou zkontrolovat, zda se jejich hesla a osobní údaje neobjevili v únicích dat a případně se nechat na další úniky upozorňovat.
Microsoft představil open source textový editor Edit bežící v terminálu. Zdrojové kódy jsou k dispozici na GitHubu pod licencí MIT.
V Seattlu a také online probíhá konference Microsoft Build 2025. Microsoft představuje své novinky. Windows Subsystem for Linux je nově open source. Zdrojové kódy jsou k dispozici na GitHubu pod licencí MIT.
Z příspěvku Turris Sentinel – co přinesl rok 2024 na blogu CZ.NIC: "Za poslední rok (únor 2024 – únor 2025) jsme zachytili 8,3 miliardy incidentů a to z 232 zemí a z jejich závislých území. Tyto útoky přišly od 6,2 milionu útočníků (respektive unikátních adres). SMTP minipot je stále nejlákavější pastí, zhruba 79 % útoků bylo směřováno na tento minipot, 16 % útoků směřovalo na minipot Telnet, 3 % útoků směřovaly na minipot HTTP a 2 % na minipot FTP. Dále jsme zaznamenali 3,2 milionu unikátních hesel a 318 tisíc unikátních loginů, které útočníci zkoušeli."
Byla vydána (Mastodon, 𝕏) nová verze 3.0.4 svobodné aplikace pro úpravu a vytváření rastrové grafiky GIMP (GNU Image Manipulation Program). Přehled novinek v oznámení o vydání a v souboru NEWS na GitLabu. Nový GIMP je již k dispozici také na Flathubu.
Byla vydána nová stabilní verze 7.4 webového prohlížeče Vivaldi (Wikipedie). Postavena je na Chromiu 136. Přehled novinek i s náhledy v příspěvku na blogu.
$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to r (192.168.1.1). Escape character is '^]'. BCM96348 ADSL Router Login: admin Password: > sh BusyBox v1.00 (2005.04.12-18:11+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # /var/usb/usb_1/bin/jabberd Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file systemIn my setup, the jabberd ecosystem resides on a readonly filesystem, so the very first thing to do is to copy the
AbcLinuxu.cz
ITBiz.cz
HDmag.cz
AbcPráce.cz
etc/jabber.xml file to the vfat partition and make sure the files that need to be dynamically created/modified are there as well.
# mkdir /var/usb/usb_2/jabberd # cp /var/usb/usb_1/etc/jabber.xml /var/usb/usb_2/jabberd # /var/usb/usb_1/bin/vim /var/usb/usb_2/jabberd/jabber.xml
If you're not familiar with vi, here's quick help:
To quit without saving type ':q' (colon q Enter)
To save changes and quit type ':wq' (colon w q Enter)
To move around use the arrow keys
To start writing at cursor press 'i'
To get out of the writing mode (so that you can move somewhere else) press 'Esc'
To delete character at cursor press 'x'
The changes I did at first were:
1.To prevent the message
Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file systemI changed
/var/usb/usb_1/var/run/jabberd/jabber.pid to /var/usb/usb_2/jabberd/jabber.pid.
2.
Next I launched jabberd in debug mode (-D) and pointed it to the alternate config file (-c path/to/file):
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml Mon Jan 3 20:31:13 2000 mio_tls.cc:921 MIO TLS init (GNU TLS) Mon Jan 3 20:31:14 2000 log.cc:221 <log xmlns='jabber:server' type='warn' from='-internal'> Cannot open /var/usb/usb_1/etc/dhparams.pem for reading dhparams: No such file or directory</log> ...The comments in the file say:
<!-- With the <dhparams/> element right inside the <tls/> element, -->
<!-- you can configure a file containing parameters for Diffie -->
<!-- Hellmann key exchanges. If this configuration setting is not -->
<!-- present, jabberd14 will generated these parameters -->
<!-- automatically on each startup. This takes some time, therefore -->
<!-- you get a faster startup, if this setting is present. -->
So I commented out <dhparams type='pem'>/var/usb/usb_1/etc/dhparams.pem</dhparams> as I don't know how to make it properly and don't mind waiting a few seconds more at startup. To start a comment, you write "<!--", you close it with "-->".
3.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 20:47:02 2000 xdb_sql.cc:911 using the following query on SQL connection establishment: SET NAMES utf8 Mon Jan 3 20:47:02 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log> Mon Jan 3 20:47:02 2000 xdb_sql.cc:813 processing handler definition: <handler xmlns='jabber:config:xdb_sql' ns='jabber:iq:last'> ... Mon Jan 3 20:47:03 2000 deliver.cc:837 delivering to instance 'elogger.localhost' Mon Jan 3 20:47:03 2000 deliver.cc:614 DELIVER 3:xdbsql.localhost <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log>
Yes, this is true, the daemon was compiled without any sql support. I've followed the steps in README.filespool to setup jabber to store data in files - I definitely don't want to run sql server on the machine. Of course I replaced the <xdb_file>$PREFIX/lib/libjabberdxdbfile.so</xdb_file> with <xdb_file>/var/usb/usb_1/lib/libjabberdxdbfile.so</xdb_file>, and <spool><jabberd:cmdline flag='s'>$PREFIX/var/spool/jabberd</jabberd:cmdline></spool> with <spool><jabberd:cmdline flag='s'>/var/usb/usb_2/jabberd/jabberdspool</jabberd:cmdline></spool> - then made sure the directory exists:
# mkdir /var/usb/usb_2/jabberd/jabberdspool
4.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:17:58 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='inject.localhost'> could not open directory /var/usb/usb_1/var/spool/jabberd/inject.localhost for reading</log> ...
inject.localhost is a directory, where some other process can put messages. jabberd then automatically sends them. To make it working I changed
<in>/var/usb/usb_1/var/spool/jabberd/inject.localhost</in> to <in>/var/usb/usb_2/jabberd/inject.localhost</in> and created the directory with
# mkdir /var/usb/usb_2/jabberd/inject5.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:33:15 2000 jabberd.cc:336 main load check of 1.00 with 4 total threads Mon Jan 3 21:33:16 2000 users.cc:209 0 total users Mon Jan 3 21:33:17 2000 dialback.cc:1207 dialback idle checkhmm, seems to be working ..., time to launch kopete and try registering a user hajma@192.168.1.1. It failed, of course. The message I got from Kopete was definitely not helpful: "There was an error in the protocol stream: There was a conflict in the information received." and "Unable to create account on the server. The Jabber ID is probably already in use.". What a nonsense ... a brief look into the konsole shows the infamous "bouncing a routed packet" message:
Mon Jan 3 21:35:40 2000 deliver.cc:614 DELIVER 4:192.168.1.1 <route xmlns='jabber:server' type='auth' to='hajma@192.168.1.1' from='14@c2s/100E0278'><iq type='set' to='192.168.1.1' id='aab0a'> <query xmlns='jabber:iq:register'> <username>hajma</username> <password>qwertyuiop</password> </query> </iq></route> Mon Jan 3 21:35:40 2000 deliver.cc:837 delivering to instance 'dnsrv.localhost' Mon Jan 3 21:35:40 2000 deliver.cc:766 delivery failed (Internal Delivery Error) Mon Jan 3 21:35:40 2000 log.cc:221 <log xmlns='jabber:server' type='notice' from='192.168.1.1'>bouncing a routed packet to hajma@192.168.1.1 from 14@c2s/100E0278: Internal Delivery Error</log>In short, to make jabberd working correctly, you have to replace all occurences of '
localhost' by the domain or IP jabberd is listening at. Now I replaced localhost with 192.168.1.1.
6.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ...Registering with Kopete again ... This time I only got one error: "Unable to create account on the server. The Jabber ID is probably already in use.". And again it was completely unrelated - in the konsole I found this:
Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: username Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: password Mon Jan 3 21:50:03 2000 mod_register.cc:298 returned err msg: Missing data field: name ... <error code='400' type='modify'><bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Missing data field: name</text></error></iq></route>The stupid thing Kopete completely ignores XEP-0077, does not ask the server what is needed for registration and just sends username and password. To support Kopete, I had to delete
<name/> and <email/> from the <register xmlns="jabber:iq:register" notify="yes"> section.
/var/usb/usb_1/var/log/jabberd/error.log to /var/usb/usb_2/jabberd/error.log.
Off to the next level!
7.
To have it available from outside world, I replaced 192.168.1.1 with my_domain.cz.
To open a port in the AM-200g router, issue the following command:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5222 -m state --state NEW -j ACCEPT
8.
The main reason for running own jabber server is more privacy and that is impossible without encryption - let's do it. To be able to use TLS I had to generate a self-signed certificate. I've used the procedure described at http://www.vanemery.com/Linux/Jabber/jabberd.html:
$ openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out key.pem Generating a 1024 bit RSA private key ...........++++++ .........++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CZ State or Province Name (full name) [Berkshire]:Čechy Locality Name (eg, city) [Newbury]:Říčany Organization Name (eg, company) [My Company Ltd]:hajma Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:my_domain.cz Email Address []:admin@my_domain.cz $ /usr/bin/openssl rsa -in privkey.pem -out my-certificate.pem Enter pass phrase for privkey.pem: writing RSA key $ cat privkey.pem >> my-certificate.pem $ rm privkey.pem $ mv my-certificate.pem /var/usb/usb_1/etc/my-certificate.pemand changed
/var/usb/usb_1/etc/your-certificate.pem to /var/usb/usb_1/etc/my-certificate.pem in the config file.
9.
Then I uncommented the credentials section of tls.
Then I tried registering with Kopete again, this time I ticked the 'Use protocol encryption (SSL)' checkbox. I left the port as 5222. Did it fail? Of course - "There was a Transport Layer Security (TLS) error: Failed to establish a secure connection." In contrast to e.g. Pidgin, Kopete lacks support for StartTLS. Something from the konsole for the record:
Mon Jan 3 23:06:11 2000 mio.cc:783 IN (136 of max 1000, fd#13): �� Mon Jan 3 23:06:11 2000 mio.cc:803 read on socket 13: �� Mon Jan 3 23:06:11 2000 mio_xml.cc:363 [mio_xml.cc:363] XML Parsing Error: not well-formed (invalid token)10.
While pidgin can be configured to work now just by ticking the 'Force SSL/TLS' checkbox, to support Kopete I had to make jabberd run SSL on a separate port. To do so I uncommented the <tls port=... section and put there my_domain.cz instead of IP address. Of course this port has to be open as well:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5223 -m state --state NEW -j ACCEPT11.
Using a year old software with a good potential for security bugs is no fun, so I uncommented the <no_os_version/> line to at least make it more difficult for script kiddies.
12.Finally let's open also a port for server to server communication, so that also users from other servers can reach me:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5269 -m state --state NEW -j ACCEPT
# cat /var/usb/usb_2/jabberd/jabber.xml
<?xml version="1.0"?>
<jabber xmlns:jabberd="http://jabberd.org/ns/configfile/replace" xmlns="http://jabberd.org/ns/configfile" xmlns:acl="http://jabberd.org/ns/acl">
<service id="sessions.my_domain.cz">
<host><jabberd:cmdline flag="h">my_domain.cz</jabberd:cmdline></host>
<jsm xmlns="jabber:config:jsm">
<vCard xmlns="vcard-temp" xml:lang="en">
<FN>jabberd14 server</FN>
<DESC>A Jabber Server using jabberd14!</DESC>
<URL>http://jabberd.org/</URL>
</vCard>
<vCard xmlns="vcard-temp" xml:lang="de">
<FN>jabberd14-Server</FN>
<DESC>Ein Jabber-Server, der jabberd14 benutzt.</DESC>
<URL>http://jabberd.org/</URL>
</vCard>
<register xmlns="jabber:iq:register" notify="yes">
<instructions>Choose a username and password to register with this server.</instructions>
<username/>
</register>
<regtimeout timeout="15768000"/>
<welcome xmlns="jabber:server" xml:lang="en">
<subject>Welcome!</subject>
<body>Welcome to the Jabber server at localhost -- we hope you enjoy this service!</body>
</welcome>
<welcome xmlns="jabber:server" xml:lang="de">
<subject>Herzlich Willkommen!</subject>
<body>Willkommen auf dem Jabberserver auf localhost -- wir hoffen Sie mögen diesen Dienst!</body>
</welcome>
<admin>
<reply xml:lang='en' xmlns='jabber:server'>
<subject>Auto Reply</subject>
<body>This is a special administrative address. Your message was received and forwarded to server administrators.</body>
</reply>
<reply xml:lang='de' xmlns='jabber:server'>
<subject>Automatische Antwort</subject>
<body>Dies ist eine spezielle Administrationsadresse. Ihre Nachricht wurde empfangen und an die Server-Administratoren weitergeleitet.</body>
</reply>
</admin>
<vcard2jud/>
<browse xmlns="jabber:iq:browse">
<item category="directory" type="user" jid="users.jabber.org" name="Jabber User Directory">
<ns>jabber:iq:search</ns>
<ns>jabber:iq:register</ns>
</item>
<item category="component" type="s2s" jid="s2s.my_domain.cz" name="connections to other servers" acl:if="s2s"/>
</browse>
<mod_version>
<no_os_version/>
</mod_version>
<presence>
<presence2xdb/>
</presence>
<mod_useridpolicy>
<!-- usernames that are not available for registration -->
<forbidden>admin</forbidden>
<forbidden>administrator</forbidden>
<forbidden>chatmaster</forbidden>
<forbidden>hostmaster</forbidden>
<forbidden>jabbermaster</forbidden>
<forbidden>postmaster</forbidden>
<forbidden>root</forbidden>
<forbidden>support</forbidden>
<forbidden>system</forbidden>
<forbidden>webmaster</forbidden>
<forbidden>xmpp</forbidden>
<!-- minimum and maximum length of usernames -->
<minlen>3</minlen>
<maxlen>16</maxlen>
</mod_useridpolicy>
</jsm>
<load main="jsm">
<jsm>/var/usb/usb_1/lib/libjabberdsm.so</jsm>
<mod_privacy>/var/usb/usb_1/lib/libjabberdsm.so</mod_privacy>
<mod_stat>/var/usb/usb_1/lib/libjabberdsm.so</mod_stat>
<mod_echo>/var/usb/usb_1/lib/libjabberdsm.so</mod_echo>
<mod_roster>/var/usb/usb_1/lib/libjabberdsm.so</mod_roster>
<mod_time>/var/usb/usb_1/lib/libjabberdsm.so</mod_time>
<mod_vcard>/var/usb/usb_1/lib/libjabberdsm.so</mod_vcard>
<mod_last>/var/usb/usb_1/lib/libjabberdsm.so</mod_last>
<mod_version>/var/usb/usb_1/lib/libjabberdsm.so</mod_version>
<mod_announce>/var/usb/usb_1/lib/libjabberdsm.so</mod_announce>
<mod_browse>/var/usb/usb_1/lib/libjabberdsm.so</mod_browse>
<mod_disco>/var/usb/usb_1/lib/libjabberdsm.so</mod_disco>
<mod_admin>/var/usb/usb_1/lib/libjabberdsm.so</mod_admin>
<mod_offline>/var/usb/usb_1/lib/libjabberdsm.so</mod_offline>
<mod_ping>/var/usb/usb_1/lib/libjabberdsm.so</mod_ping>
<mod_presence>/var/usb/usb_1/lib/libjabberdsm.so</mod_presence>
<mod_useridpolicy>/var/usb/usb_1/lib/libjabberdsm.so</mod_useridpolicy>
<mod_auth_digest>/var/usb/usb_1/lib/libjabberdsm.so</mod_auth_digest>
<mod_auth_plain>/var/usb/usb_1/lib/libjabberdsm.so</mod_auth_plain>
<mod_log>/var/usb/usb_1/lib/libjabberdsm.so</mod_log>
<mod_register>/var/usb/usb_1/lib/libjabberdsm.so</mod_register>
<mod_xml>/var/usb/usb_1/lib/libjabberdsm.so</mod_xml>
</load>
</service>
<xdb id="xdb">
<host/>
<ns/>
<load>
<xdb_file>/var/usb/usb_1/lib/libjabberdxdbfile.so</xdb_file>
</load>
<xdb_file xmlns="jabber:config:xdb_file">
<spool><jabberd:cmdline flag='s'>/var/usb/usb_2/jabberd/jabberdspool</jabberd:cmdline></spool>
<timeout>600</timeout>
<sizelimit>5000000</sizelimit>
</xdb_file>
</xdb>
<service id="c2s">
<load>
<pthsock_client>/var/usb/usb_1/lib/libjabberdpthsock.so</pthsock_client>
</load>
<pthcsock xmlns="jabber:config:pth-csock">
<authtime>120</authtime>
<heartbeat>60</heartbeat>
<karma>
<init>10</init>
<max>10</max>
<inc>1</inc>
<dec>1</dec>
<penalty>-6</penalty>
<restore>10</restore>
</karma>
<ip port="5222"/>
<tls port='5223'>my_domain.cz</tls>
</pthcsock>
</service>
<log id="elogger.my_domain.cz">
<host/>
<logtype/>
<format>[%t] (%h): %s</format>
<syslog>local0</syslog>
</log>
<service id="dnsrv.my_domain.cz">
<host/>
<load>
<dnsrv>/var/usb/usb_1/lib/libjabberddnsrv.so</dnsrv>
</load>
<dnsrv xmlns="jabber:config:dnsrv">
<resend service="_xmpp-server._tcp">s2s.my_domain.cz</resend>
<resend service="_jabber._tcp">s2s.my_domain.cz</resend>
<resend>s2s.my_domain.cz</resend>
</dnsrv>
</service>
<service id="s2s.my_domain.cz">
<load>
<dialback>/var/usb/usb_1/lib/libjabberddialback.so</dialback>
</load>
<dialback xmlns="jabber:config:dialback">
<ip port="5269"/>
<karma>
<init>50</init>
<max>50</max>
<inc>4</inc>
<dec>1</dec>
<penalty>-5</penalty>
<restore>50</restore>
</karma>
</dialback>
</service>
<service id="inject.my_domain.cz">
<dir>
<in>/var/usb/usb_2/jabberd/inject</in>
</dir>
</service>
<service id="update.jabber.org">
<null/>
</service>
<io>
<tls>
<credentials>
<default/>
<domain>my_domain.cz</domain>
<domain>transport.my_domain.cz</domain>
<pem>/var/usb/usb_1/etc/my-certificate.pem</pem>
<ca type='pem'>/var/usb/usb_1/etc/cacerts.pem</ca>
<compression>LZO DEFLATE NULL</compression>
</credentials>
<cacertfile>/var/usb/usb_1/etc/cacerts.pem</cacertfile>
</tls>
</io>
<global>
<locales>
<locale lang="de" locale="de_DE.UTF-8"/>
<locale lang="fr" locale="fr_FR.UTF-8"/>
<locale lang="hu" locale="hu_HU.UTF-8"/>
<locale lang="it" locale="it_IT.UTF-8"/>
<locale lang="nl" locale="nl_NL.UTF-8"/>
</locales>
</global>
<pidfile>/var/usb/usb_2/jabberd/jabber.pid</pidfile>
</jabber>
#
Tiskni
Sdílej:
