Spolek OpenAlt zve příznivce otevřených řešení a přístupu na 211. sraz, který proběhne v pátek 19. září od 18:00 ve Studentském klubu U Kachničky na Fakultě informačních technologií Vysokého učení technického na adrese Božetěchova 2/1. Na srazu proběhne přednáška Jiřího Eischmanna o nové verzi prostředí GNOME 49. Nemáte-li možnost se zúčastnit osobně, přednáškový blok bude opět streamován živě na server VHSky.cz a následně i zpřístupněn záznam.
Microsoft se vyhnul pokutě od Evropské komise za zneužívání svého dominantního postavení na trhu v souvislosti s aplikací Teams. S komisí se dohodl na závazcích, které slíbil splnit. Unijní exekutivě se nelíbilo, že firma svazuje svůj nástroj pro chatování a videohovory Teams se sadou kancelářských programů Office. Microsoft nyní slíbil jasné oddělení aplikace od kancelářských nástrojů, jako jsou Word, Excel a Outlook. Na Microsoft si
… více »Samba (Wikipedie), svobodná implementace SMB a Active Directory, byla vydána ve verzi 4.23.0. Počínaje verzí Samba 4.23 jsou unixová rozšíření SMB3 ve výchozím nastavení povolena. Přidána byla podpora SMB3 přes QUIC. Nová utilita smb_prometheus_endpoint exportuje metriky ve formátu Prometheus.
Správcovský tým repozitáře F-Droid pro Android sdílí doporučení, jak řešit žádosti o odstranění nelegálního obsahu. Základem je mít nastavené formální procesy, vyhrazenou e-mailovou adresu a být transparentní. Zdůrazňují také důležitost volby jurisdikce (F-Droid je v Nizozemsku).
Byly publikovány informace o další zranitelnosti v procesorech. Nejnovější zranitelnost byla pojmenována VMScape (CVE-2025-40300, GitHub) a v upstream Linuxech je již opravena. Jedná se o variantu Spectre. KVM host může číst data z uživatelského prostoru hypervizoru, např. QEMU.
V červenci loňského roku organizace Apache Software Foundation (ASF) oznámila, že se částečně přestane dopouštět kulturní apropriace a změní své logo. Dnes bylo nové logo představeno. "Indiánské pírko" bylo nahrazeno dubovým listem a text Apache Software Foundation zkratkou ASF. Slovo Apache se bude "zatím" dál používat. Oficiální název organizace zůstává Apache Software Foundation, stejně jako názvy projektů, například Apache HTTP Server.
Byla vydána (𝕏) srpnová aktualizace aneb nová verze 1.104 editoru zdrojových kódů Visual Studio Code (Wikipedie). Přehled novinek i s náhledy a videi v poznámkách k vydání. Ve verzi 1.104 vyjde také VSCodium, tj. komunitní sestavení Visual Studia Code bez telemetrie a licenčních podmínek Microsoftu.
Spotify spustilo přehrávání v bezztrátové kvalitě. V předplatném Spotify Premium.
Spoluzakladatel a předseda správní rady americké softwarové společnosti Oracle Larry Ellison vystřídal spoluzakladatele automobilky Tesla a dalších firem Elona Muska na postu nejbohatšího člověka světa. Hodnota Ellisonova majetku díky dnešnímu prudkému posílení ceny akcií Oraclu odpoledne vykazovala nárůst o více než 100 miliard dolarů a dosáhla 393 miliard USD (zhruba 8,2 bilionu Kč). Hodnota Muskova majetku činila zhruba 385 miliard dolarů.
Bylo vydáno Eclipse IDE 2025-09 aneb Eclipse 4.37. Představení novinek tohoto integrovaného vývojového prostředí také na YouTube.
$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to r (192.168.1.1). Escape character is '^]'. BCM96348 ADSL Router Login: admin Password: > sh BusyBox v1.00 (2005.04.12-18:11+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # /var/usb/usb_1/bin/jabberd Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file systemIn my setup, the jabberd ecosystem resides on a readonly filesystem, so the very first thing to do is to copy the
AbcLinuxu.cz
ITBiz.cz
HDmag.cz
AbcPráce.cz
etc/jabber.xml file to the vfat partition and make sure the files that need to be dynamically created/modified are there as well.
# mkdir /var/usb/usb_2/jabberd # cp /var/usb/usb_1/etc/jabber.xml /var/usb/usb_2/jabberd # /var/usb/usb_1/bin/vim /var/usb/usb_2/jabberd/jabber.xml
If you're not familiar with vi, here's quick help:
To quit without saving type ':q' (colon q Enter)
To save changes and quit type ':wq' (colon w q Enter)
To move around use the arrow keys
To start writing at cursor press 'i'
To get out of the writing mode (so that you can move somewhere else) press 'Esc'
To delete character at cursor press 'x'
The changes I did at first were:
1.To prevent the message
Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file systemI changed
/var/usb/usb_1/var/run/jabberd/jabber.pid to /var/usb/usb_2/jabberd/jabber.pid.
2.
Next I launched jabberd in debug mode (-D) and pointed it to the alternate config file (-c path/to/file):
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml Mon Jan 3 20:31:13 2000 mio_tls.cc:921 MIO TLS init (GNU TLS) Mon Jan 3 20:31:14 2000 log.cc:221 <log xmlns='jabber:server' type='warn' from='-internal'> Cannot open /var/usb/usb_1/etc/dhparams.pem for reading dhparams: No such file or directory</log> ...The comments in the file say:
<!-- With the <dhparams/> element right inside the <tls/> element, -->
<!-- you can configure a file containing parameters for Diffie -->
<!-- Hellmann key exchanges. If this configuration setting is not -->
<!-- present, jabberd14 will generated these parameters -->
<!-- automatically on each startup. This takes some time, therefore -->
<!-- you get a faster startup, if this setting is present. -->
So I commented out <dhparams type='pem'>/var/usb/usb_1/etc/dhparams.pem</dhparams> as I don't know how to make it properly and don't mind waiting a few seconds more at startup. To start a comment, you write "<!--", you close it with "-->".
3.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 20:47:02 2000 xdb_sql.cc:911 using the following query on SQL connection establishment: SET NAMES utf8 Mon Jan 3 20:47:02 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log> Mon Jan 3 20:47:02 2000 xdb_sql.cc:813 processing handler definition: <handler xmlns='jabber:config:xdb_sql' ns='jabber:iq:last'> ... Mon Jan 3 20:47:03 2000 deliver.cc:837 delivering to instance 'elogger.localhost' Mon Jan 3 20:47:03 2000 deliver.cc:614 DELIVER 3:xdbsql.localhost <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log>
Yes, this is true, the daemon was compiled without any sql support. I've followed the steps in README.filespool to setup jabber to store data in files - I definitely don't want to run sql server on the machine. Of course I replaced the <xdb_file>$PREFIX/lib/libjabberdxdbfile.so</xdb_file> with <xdb_file>/var/usb/usb_1/lib/libjabberdxdbfile.so</xdb_file>, and <spool><jabberd:cmdline flag='s'>$PREFIX/var/spool/jabberd</jabberd:cmdline></spool> with <spool><jabberd:cmdline flag='s'>/var/usb/usb_2/jabberd/jabberdspool</jabberd:cmdline></spool> - then made sure the directory exists:
# mkdir /var/usb/usb_2/jabberd/jabberdspool
4.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:17:58 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='inject.localhost'> could not open directory /var/usb/usb_1/var/spool/jabberd/inject.localhost for reading</log> ...
inject.localhost is a directory, where some other process can put messages. jabberd then automatically sends them. To make it working I changed
<in>/var/usb/usb_1/var/spool/jabberd/inject.localhost</in> to <in>/var/usb/usb_2/jabberd/inject.localhost</in> and created the directory with
# mkdir /var/usb/usb_2/jabberd/inject5.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:33:15 2000 jabberd.cc:336 main load check of 1.00 with 4 total threads Mon Jan 3 21:33:16 2000 users.cc:209 0 total users Mon Jan 3 21:33:17 2000 dialback.cc:1207 dialback idle checkhmm, seems to be working ..., time to launch kopete and try registering a user hajma@192.168.1.1. It failed, of course. The message I got from Kopete was definitely not helpful: "There was an error in the protocol stream: There was a conflict in the information received." and "Unable to create account on the server. The Jabber ID is probably already in use.". What a nonsense ... a brief look into the konsole shows the infamous "bouncing a routed packet" message:
Mon Jan 3 21:35:40 2000 deliver.cc:614 DELIVER 4:192.168.1.1 <route xmlns='jabber:server' type='auth' to='hajma@192.168.1.1' from='14@c2s/100E0278'><iq type='set' to='192.168.1.1' id='aab0a'> <query xmlns='jabber:iq:register'> <username>hajma</username> <password>qwertyuiop</password> </query> </iq></route> Mon Jan 3 21:35:40 2000 deliver.cc:837 delivering to instance 'dnsrv.localhost' Mon Jan 3 21:35:40 2000 deliver.cc:766 delivery failed (Internal Delivery Error) Mon Jan 3 21:35:40 2000 log.cc:221 <log xmlns='jabber:server' type='notice' from='192.168.1.1'>bouncing a routed packet to hajma@192.168.1.1 from 14@c2s/100E0278: Internal Delivery Error</log>In short, to make jabberd working correctly, you have to replace all occurences of '
localhost' by the domain or IP jabberd is listening at. Now I replaced localhost with 192.168.1.1.
6.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ...Registering with Kopete again ... This time I only got one error: "Unable to create account on the server. The Jabber ID is probably already in use.". And again it was completely unrelated - in the konsole I found this:
Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: username Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: password Mon Jan 3 21:50:03 2000 mod_register.cc:298 returned err msg: Missing data field: name ... <error code='400' type='modify'><bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Missing data field: name</text></error></iq></route>The stupid thing Kopete completely ignores XEP-0077, does not ask the server what is needed for registration and just sends username and password. To support Kopete, I had to delete
<name/> and <email/> from the <register xmlns="jabber:iq:register" notify="yes"> section.
/var/usb/usb_1/var/log/jabberd/error.log to /var/usb/usb_2/jabberd/error.log.
Off to the next level!
7.
To have it available from outside world, I replaced 192.168.1.1 with my_domain.cz.
To open a port in the AM-200g router, issue the following command:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5222 -m state --state NEW -j ACCEPT
8.
The main reason for running own jabber server is more privacy and that is impossible without encryption - let's do it. To be able to use TLS I had to generate a self-signed certificate. I've used the procedure described at http://www.vanemery.com/Linux/Jabber/jabberd.html:
$ openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out key.pem Generating a 1024 bit RSA private key ...........++++++ .........++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CZ State or Province Name (full name) [Berkshire]:Čechy Locality Name (eg, city) [Newbury]:Říčany Organization Name (eg, company) [My Company Ltd]:hajma Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:my_domain.cz Email Address []:admin@my_domain.cz $ /usr/bin/openssl rsa -in privkey.pem -out my-certificate.pem Enter pass phrase for privkey.pem: writing RSA key $ cat privkey.pem >> my-certificate.pem $ rm privkey.pem $ mv my-certificate.pem /var/usb/usb_1/etc/my-certificate.pemand changed
/var/usb/usb_1/etc/your-certificate.pem to /var/usb/usb_1/etc/my-certificate.pem in the config file.
9.
Then I uncommented the credentials section of tls.
Then I tried registering with Kopete again, this time I ticked the 'Use protocol encryption (SSL)' checkbox. I left the port as 5222. Did it fail? Of course - "There was a Transport Layer Security (TLS) error: Failed to establish a secure connection." In contrast to e.g. Pidgin, Kopete lacks support for StartTLS. Something from the konsole for the record:
Mon Jan 3 23:06:11 2000 mio.cc:783 IN (136 of max 1000, fd#13): �� Mon Jan 3 23:06:11 2000 mio.cc:803 read on socket 13: �� Mon Jan 3 23:06:11 2000 mio_xml.cc:363 [mio_xml.cc:363] XML Parsing Error: not well-formed (invalid token)10.
While pidgin can be configured to work now just by ticking the 'Force SSL/TLS' checkbox, to support Kopete I had to make jabberd run SSL on a separate port. To do so I uncommented the <tls port=... section and put there my_domain.cz instead of IP address. Of course this port has to be open as well:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5223 -m state --state NEW -j ACCEPT11.
Using a year old software with a good potential for security bugs is no fun, so I uncommented the <no_os_version/> line to at least make it more difficult for script kiddies.
12.Finally let's open also a port for server to server communication, so that also users from other servers can reach me:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5269 -m state --state NEW -j ACCEPT
# cat /var/usb/usb_2/jabberd/jabber.xml
<?xml version="1.0"?>
<jabber xmlns:jabberd="http://jabberd.org/ns/configfile/replace" xmlns="http://jabberd.org/ns/configfile" xmlns:acl="http://jabberd.org/ns/acl">
<service id="sessions.my_domain.cz">
<host><jabberd:cmdline flag="h">my_domain.cz</jabberd:cmdline></host>
<jsm xmlns="jabber:config:jsm">
<vCard xmlns="vcard-temp" xml:lang="en">
<FN>jabberd14 server</FN>
<DESC>A Jabber Server using jabberd14!</DESC>
<URL>http://jabberd.org/</URL>
</vCard>
<vCard xmlns="vcard-temp" xml:lang="de">
<FN>jabberd14-Server</FN>
<DESC>Ein Jabber-Server, der jabberd14 benutzt.</DESC>
<URL>http://jabberd.org/</URL>
</vCard>
<register xmlns="jabber:iq:register" notify="yes">
<instructions>Choose a username and password to register with this server.</instructions>
<username/>
</register>
<regtimeout timeout="15768000"/>
<welcome xmlns="jabber:server" xml:lang="en">
<subject>Welcome!</subject>
<body>Welcome to the Jabber server at localhost -- we hope you enjoy this service!</body>
</welcome>
<welcome xmlns="jabber:server" xml:lang="de">
<subject>Herzlich Willkommen!</subject>
<body>Willkommen auf dem Jabberserver auf localhost -- wir hoffen Sie mögen diesen Dienst!</body>
</welcome>
<admin>
<reply xml:lang='en' xmlns='jabber:server'>
<subject>Auto Reply</subject>
<body>This is a special administrative address. Your message was received and forwarded to server administrators.</body>
</reply>
<reply xml:lang='de' xmlns='jabber:server'>
<subject>Automatische Antwort</subject>
<body>Dies ist eine spezielle Administrationsadresse. Ihre Nachricht wurde empfangen und an die Server-Administratoren weitergeleitet.</body>
</reply>
</admin>
<vcard2jud/>
<browse xmlns="jabber:iq:browse">
<item category="directory" type="user" jid="users.jabber.org" name="Jabber User Directory">
<ns>jabber:iq:search</ns>
<ns>jabber:iq:register</ns>
</item>
<item category="component" type="s2s" jid="s2s.my_domain.cz" name="connections to other servers" acl:if="s2s"/>
</browse>
<mod_version>
<no_os_version/>
</mod_version>
<presence>
<presence2xdb/>
</presence>
<mod_useridpolicy>
<!-- usernames that are not available for registration -->
<forbidden>admin</forbidden>
<forbidden>administrator</forbidden>
<forbidden>chatmaster</forbidden>
<forbidden>hostmaster</forbidden>
<forbidden>jabbermaster</forbidden>
<forbidden>postmaster</forbidden>
<forbidden>root</forbidden>
<forbidden>support</forbidden>
<forbidden>system</forbidden>
<forbidden>webmaster</forbidden>
<forbidden>xmpp</forbidden>
<!-- minimum and maximum length of usernames -->
<minlen>3</minlen>
<maxlen>16</maxlen>
</mod_useridpolicy>
</jsm>
<load main="jsm">
<jsm>/var/usb/usb_1/lib/libjabberdsm.so</jsm>
<mod_privacy>/var/usb/usb_1/lib/libjabberdsm.so</mod_privacy>
<mod_stat>/var/usb/usb_1/lib/libjabberdsm.so</mod_stat>
<mod_echo>/var/usb/usb_1/lib/libjabberdsm.so</mod_echo>
<mod_roster>/var/usb/usb_1/lib/libjabberdsm.so</mod_roster>
<mod_time>/var/usb/usb_1/lib/libjabberdsm.so</mod_time>
<mod_vcard>/var/usb/usb_1/lib/libjabberdsm.so</mod_vcard>
<mod_last>/var/usb/usb_1/lib/libjabberdsm.so</mod_last>
<mod_version>/var/usb/usb_1/lib/libjabberdsm.so</mod_version>
<mod_announce>/var/usb/usb_1/lib/libjabberdsm.so</mod_announce>
<mod_browse>/var/usb/usb_1/lib/libjabberdsm.so</mod_browse>
<mod_disco>/var/usb/usb_1/lib/libjabberdsm.so</mod_disco>
<mod_admin>/var/usb/usb_1/lib/libjabberdsm.so</mod_admin>
<mod_offline>/var/usb/usb_1/lib/libjabberdsm.so</mod_offline>
<mod_ping>/var/usb/usb_1/lib/libjabberdsm.so</mod_ping>
<mod_presence>/var/usb/usb_1/lib/libjabberdsm.so</mod_presence>
<mod_useridpolicy>/var/usb/usb_1/lib/libjabberdsm.so</mod_useridpolicy>
<mod_auth_digest>/var/usb/usb_1/lib/libjabberdsm.so</mod_auth_digest>
<mod_auth_plain>/var/usb/usb_1/lib/libjabberdsm.so</mod_auth_plain>
<mod_log>/var/usb/usb_1/lib/libjabberdsm.so</mod_log>
<mod_register>/var/usb/usb_1/lib/libjabberdsm.so</mod_register>
<mod_xml>/var/usb/usb_1/lib/libjabberdsm.so</mod_xml>
</load>
</service>
<xdb id="xdb">
<host/>
<ns/>
<load>
<xdb_file>/var/usb/usb_1/lib/libjabberdxdbfile.so</xdb_file>
</load>
<xdb_file xmlns="jabber:config:xdb_file">
<spool><jabberd:cmdline flag='s'>/var/usb/usb_2/jabberd/jabberdspool</jabberd:cmdline></spool>
<timeout>600</timeout>
<sizelimit>5000000</sizelimit>
</xdb_file>
</xdb>
<service id="c2s">
<load>
<pthsock_client>/var/usb/usb_1/lib/libjabberdpthsock.so</pthsock_client>
</load>
<pthcsock xmlns="jabber:config:pth-csock">
<authtime>120</authtime>
<heartbeat>60</heartbeat>
<karma>
<init>10</init>
<max>10</max>
<inc>1</inc>
<dec>1</dec>
<penalty>-6</penalty>
<restore>10</restore>
</karma>
<ip port="5222"/>
<tls port='5223'>my_domain.cz</tls>
</pthcsock>
</service>
<log id="elogger.my_domain.cz">
<host/>
<logtype/>
<format>[%t] (%h): %s</format>
<syslog>local0</syslog>
</log>
<service id="dnsrv.my_domain.cz">
<host/>
<load>
<dnsrv>/var/usb/usb_1/lib/libjabberddnsrv.so</dnsrv>
</load>
<dnsrv xmlns="jabber:config:dnsrv">
<resend service="_xmpp-server._tcp">s2s.my_domain.cz</resend>
<resend service="_jabber._tcp">s2s.my_domain.cz</resend>
<resend>s2s.my_domain.cz</resend>
</dnsrv>
</service>
<service id="s2s.my_domain.cz">
<load>
<dialback>/var/usb/usb_1/lib/libjabberddialback.so</dialback>
</load>
<dialback xmlns="jabber:config:dialback">
<ip port="5269"/>
<karma>
<init>50</init>
<max>50</max>
<inc>4</inc>
<dec>1</dec>
<penalty>-5</penalty>
<restore>50</restore>
</karma>
</dialback>
</service>
<service id="inject.my_domain.cz">
<dir>
<in>/var/usb/usb_2/jabberd/inject</in>
</dir>
</service>
<service id="update.jabber.org">
<null/>
</service>
<io>
<tls>
<credentials>
<default/>
<domain>my_domain.cz</domain>
<domain>transport.my_domain.cz</domain>
<pem>/var/usb/usb_1/etc/my-certificate.pem</pem>
<ca type='pem'>/var/usb/usb_1/etc/cacerts.pem</ca>
<compression>LZO DEFLATE NULL</compression>
</credentials>
<cacertfile>/var/usb/usb_1/etc/cacerts.pem</cacertfile>
</tls>
</io>
<global>
<locales>
<locale lang="de" locale="de_DE.UTF-8"/>
<locale lang="fr" locale="fr_FR.UTF-8"/>
<locale lang="hu" locale="hu_HU.UTF-8"/>
<locale lang="it" locale="it_IT.UTF-8"/>
<locale lang="nl" locale="nl_NL.UTF-8"/>
</locales>
</global>
<pidfile>/var/usb/usb_2/jabberd/jabber.pid</pidfile>
</jabber>
#
Tiskni
Sdílej:
