Re: [Server-devel] Sorting out the status of lease serving - and client side

[John Gilmore]

> If I understand things right, the possible interesting states are:
> 
>  - Never activated
>  - Activated recently (so not looking for a renewal)
>  - Activated looking for a renewal
>  - Expired lease - passive kill
>  - Found self in blacklist - active kill
> 

And "Permanently activated" (developer key obtained).

John
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] question on SSL enabling ejabberd

[Martin Langhoff]

On Tue, Nov 25, 2008 at 6:17 PM, Patrick Giagnocavo <[EMAIL PROTECTED]> wrote:
> Has anyone compared, or looked at, the performance of ejabberd with its
> builtin SSL/TLS support, versus using the "stunnel" program to run on
> the port, acting as an SSL-encrypting proxy?

Not really. However, the reason we use SSL/TLS is that the XMPP
protocol conflates compression and encryption together. That is: to
get compression, you need to negotiate with the server to use SSL/TLS
and pass 'compress' as one of the options.

So if the server is convinced it's not using encryption, it won't use
compression. Of course, an additional daemon could help with
compression too, but it's a lot of complication on the _client_ side,
as well as on the server side.

Luckily, the memory costs of SSL are getting fixed, and the last round
of testing by Douglas shows that it's the shared roster that is
costing us RAM right now.

> If no one has done this, I would offer to test it out, as I have
> configured stunnel before (for a different situation).

I'll keep stunnel in mind (and the good news that we have an expert
around :-) ). It doesn't seem to be the easiest path at the moment
(unless it can be done without changes on the client side...). On the
other hand, I could be missing something, don't let me discourage you
from trying if you want -- the key thing to check is that a vanilla XO
client can connect to ejabberd via an stunnel process running on the
server, with compression on, and that the thing takes less memory than
using the ejabberd ssl logic.

What do you think?



martin
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] Installing XS on server for School District need some help

[Josh Totoro]

Hello, I am a Tech Specialist for a school district in PA.  There are 2 of us 
in the IT dept here, but neither of us knows much about Linux.  Our network is 
all Windows based (which is where my skills are), with a few Mac's sprinkled 
about.  We are getting ready to roll out about 325 XO's in the coming weeks.  I 
was trying to set up a preliminary XS server to handle them until we can 
purchase something permanent.



First off, we have an old Dell server (to be the temporary one) with dual 
2.4ghz Xeon's 4gb RAM Raid 5 SCSI(4 drives).  Is this software able to run on 
that setup?  Windows Server 2000 is currently installed, but from what I read 
on the Wiki site, the install software is supposed to format the drives first.  
We tried to install it but had a bunch of errors, I wasn't sure if it was a 
problem with the raid 5 setup, or if we were doing something wrong.  If this 
system will not work we can purchase something with different specs.  We also 
have a couple desktops that are available with specs as follows: Core 2 Duo 
2.4ghz, 2gb RAM, 250gb SATA HD, and windows XP pro currently installed.



We plan to have 1500+ XO's on our schools network in the coming year, what 
specs would you recommend for the servers?  We were planning to have 1 server 
on each campus, and about 1100+ XO's on the West and 400 on the East.  Can 1 
server handle 1100+ XO's if it has top of the line specs?  Would you advise us 
to set up 2 servers on the West and 1 on the East, and if so what specs should 
we have on those machines?



Any advice would be greatly appreciated, and if anyone would be willing to help 
us with the first install that would be huge.



I am available by cell phone anytime at 856-343-7355 if you would like to help 
me directly, or you can simply reply to this thread.



Thanks

Josh Totoro
Chester Commuity Charter School
(610) 447-0400 x329
[EMAIL PROTECTED]
www.chestercommunitycharter.org








This e-mail is intended for the use of the addressee(s) only and may contain 
privileged, confidential, or proprietary information of Chester Community 
Charter School (CCCS). If you have received this message in error, please 
e-mail administrator at [EMAIL PROTECTED], then delete the e-mail and destroy 
any printed copy. CCCS reserves the right to retain, archive, use and disclose 
any emails that are sent from or to this email address. Thank you.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] question on SSL enabling ejabberd

[Patrick Giagnocavo]

Hi,

I am new to this, so forgive me if this has already been asked.

Has anyone compared, or looked at, the performance of ejabberd with its
builtin SSL/TLS support, versus using the "stunnel" program to run on
the port, acting as an SSL-encrypting proxy?

In such a case, you would configure stunnel to listen on the SSL port
(5223) and then pass the now-unencrypted data onto the ejabberd server.

E.g.

XO user <- Internet or LAN -> stunnel <--> ejabberd

You could thus either run stunnel on a separate machine, freeing up CPU
on the ejabberd server, or, run it on the same system, possibly reducing
the load should stunnel prove more efficient.

If no one has done this, I would offer to test it out, as I have
configured stunnel before (for a different situation).

Cordially

Patrick Giagnocavo
[EMAIL PROTECTED]
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel