Unused accounts

September 19th, 2012 No comments

Two years and a couple of months ago Prosody’s hashed backend has been activated. Users that have logged in since automatically started using the security improvements it brought (hashed passwords on the server).

Users that haven’t logged in since still have their (old, unhashed) password file on the server and likely don’t use the service anymore. While I usually don’t see a reason to remove accounts at server level (users have the ability to delete their accounts themselves), I see one in this case as it removes the possibility for someone who gained unauthorized access to the server to gain possession of those unprotected password files.

If you haven’t logged in for more than two years and would like to keep your account, simply log in during the next ~30 days. Thank you.

Categories: Maintenance

A couple of certificates need to be renewed

April 23rd, 2011 No comments

I’m working on renewing the certificates. The new ones should be StartSSL™ Verified, which brings a couple of advantages (valid for two years, multiple domains in one cert etc.) and a slight disadvantage (they are not free anymore).

Update: The new certificate is in place. It’s valid for 2 years and has the following fingerprints:
SHA1: A8:22:15:A3:18:3D:AF:07:43:24:9C:9E:83:95:50:AC:15:17:90:53
MD5: D4:2F:D9:5F:70:BC:FD:AA:C4:EB:8F:F5:63:10:BA:3D

Categories: Maintenance, Security

New Transports

December 31st, 2010 No comments

Twitter and Identi.ca are now reachable via our transports.

Update: Removed Identica, they have an inbuilt xmpp service.

Categories: Features, Transports

Quick restart

December 25th, 2010 No comments

Just a note to let you know the server has been restarted today because we hit a connection limit. Should be fine for the forseeable future now.

Merry Christmas :-)

Categories: Downtimes, Maintenance

Planned downtime on Saturday, October 30th

October 29th, 2010 No comments

Our server is being moved to another datacenter between 22:45 and 08:00 o’clock (CEST).

Categories: Downtimes

Riddim, a neat little XMPP bot written in Lua

October 15th, 2010 No comments

The answer to IRC’s Eggdrop? Well, not quite, but much like Prosody in the beginning, it’s a solid ground to build on.
It uses Verse, an XMPP client library for Lua. This post will show (mainly for later re-reading) how to setup Riddim.

Read more…

Categories: HowTos, Uncategorized

Certificate renewal – thiessen.im

August 11th, 2010 No comments

A certificate will be replaced this week since it has been expired.

This is a list of fingerprints in order to make sure you know it’s safe to accept the new one:

thiessen.im:
SHA1 Fingerprint=9F:57:4E:D7:14:74:8B:99:C7:57:5D:DD:DF:79:DE:34:27:FF:61:8A
MD5 Fingerprint=93:B2:7E:AB:C2:6D:05:F0:50:20:89:9C:7B:FD:97:4B

This post will be updated once the new certificate is in place. As always, please let us know if you encounter any kind of problems.

Update: Done

Categories: Maintenance, Security

Prosody stores hashed passwords

July 13th, 2010 No comments

Recently Prosody gained the ability to store passwords in a hashed form.
With the upcoming upgrade next weekend this feature will be enabled.

It’s an important change as a possible attacker wouldn’t be able to look at users passwords anymore even if he gained access to the server.

This is possible due to a new authentication mechanism called SCRAM. For the best possible security use a client that supports SCRAM (such support is already being added to most of the popular clients). In the meantime Prosody will allow clients to use the standard PLAIN mechanism, and perform the SCRAM calculations on the server side.

The code has been contributed by jefferai, thanks!

Update: Done :)

Categories: Features

Certificate renewal

April 21st, 2010 No comments

A couple of certificates will be replaced today since they have been expired.

This is a list of fingerprints in order to make sure you know it’s safe to accept the new ones:

thiessen.it and im.thiessen.it:
SHA1 Fingerprint=B6:61:1A:41:6E:94:1F:11:C1:CD:53:EE:66:BB:DF:36:B9:1E:BA:01
MD5 Fingerprint=35:D0:93:20:86:89:A5:4D:FE:5F:F6:E8:7F:3F:80:B0

jabber.thiessen.it:
SHA1 Fingerprint=5D:72:1C:D2:15:5A:64:5C:73:9A:68:6A:04:4C:A0:3E:B3:BD:29:D0
MD5 Fingerprint=28:81:BD:CB:0E:68:08:1F:E9:B5:6B:1F:C2:A7:47:CB

thiessen.org:
SHA1 Fingerprint=0F:C4:17:FE:1D:CB:46:0E:39:A8:BF:69:F3:87:8D:57:4E:B8:42:EC
MD5 Fingerprint=8C:FA:B4:E8:2B:41:02:0C:61:2E:83:47:7B:7F:6A:CB

This post will be updated once the new certificates are in place. As always, please let us know if you encounter any kind of problems.

Update: The new certificates have been applied.

Categories: Maintenance, Security

Unexpected downtime Feb. 28th

February 28th, 2010 No comments

The host this service is running on hasn’t been reachable since around 4pm today. The hoster has been informed and we hope it will be available again soon. Thanks again for your patience.

Update: The machine is back up. The service wasn’t reachable for around two hours. According to our hoster it was caused by a power outage.

Categories: Downtimes