On Friday, September 26, the system hackers team discovered a misconfiguration in the wiki setup. The error, if discovered, would have enabled an unauthorised party to read protected pages and user configurations.

It was possible to read the encrypted password hashes of guest users. Registered Fellows, who log in using their Fellowship password were not affected by this. To all others we recommend changing their wiki password as a precaution.

XMPP

Fellowship XMPP server

Each Fellow has an account on our public XMPP (formerly known as "jabber") server for instant messaging.

Connecting to the server

In order to use the Jabber service, you will need a Jabber client, such as:

Configuration is simple:

  • Username: your usual Fellowship username
  • Domain: jabber.fsfe.org (so your complete jabber account will be: USERNAME@jabber.fsfe.org)

  • Password: your usual Fellowship password
  • Jabber server: jabber.fsfe.org

  • Port: you can use the standard XMPP port 5222, or the (deprecated) port 5223; if you are behind a blocking firewall/proxy, you can also use port 80 or 443 (the latter is more likely to work, since some ISPs filter traffic on port 80). In any case, the server will enforce a secure SSL/TLS connection.

Notes for specific clients

  • Kopete When creating the account in Kopete, switch to the "connection" tab in the settings and check "Use protocol encryption (SSL)" and also make sure that "Allow plain-text password authentication" is enabled. The default server information should be ok. Cut-and-paste into the configuration dialog seems to be problematic: type the server name and your password by hand (and double check this if you are getting "host not found" errors).

  • Pidgin If you have problems with upgrading to versions > 2.6, it might be unavoidable to delete the account in pidgin and recreate it.

  • Pidgin + GnuTLS: SSL certificate problem Some users reported SSL connection problems while using Pidgin with the GnuTLS library (you can learn something more about this problem here and here). To fix this, you can manually add the jabber.fsfe.org SSL certificate to your pidgin client, as suggested in this blog post; note that downloading the server certificate directly from the jabber server using the "openssl" command won't work, instead you can download the certificate here: jabber.fsfe.org.pem

Contacting other Fellows

To find other Fellows, you can either check their login on the Fellow listing at http://wiki.fsfe.org/fellows and try to contact them directly at USERNAME@jabber.fsfe.org, or use the Jabber User Directory on the server.

The Jabber User Directory is located at vjud.jabber.fsfe.org and you can use it to register yourself (so others can find you) and look for other Fellows on the server. Please see the documentation of your Jabber client on how to use this service.

Chat conferences

If you wish to talk with others, there is also a multi user chat (MUC) server at conference.jabber.fsfe.org on which you can join existing chat rooms or open new ones for you and other Fellows. The fellowship chat room is a general meeting point for all Fellows, so feel free to join it!

Notes for specific clients

  • Kopete MUCs are available as "group chats" only from the context menu for an account; use the right mouse button on the systray icon, pick an account and choose "Join Groupchat...". Do not attempt to add a group chat as a contact, since that will just get you loads of domain-not-found errors.

  • Bitlbee MUCs are available as "chat room". You should add a chat entry with

       chat add N fellowship@conference.jabber.fsfe.org fellowship

    where N is the account number for you connection to jabber.fsfe.org. Then you can join the conference room by

     /join &fellowship
  • Pidgin MUCs: Join via 'Buddies' -> 'Join a chat'. If you right-click the channel in your budyy list, you can make it 'Persistent' and 'Auto-Join'. These enable you to close the chat window without leaving the channel and to auto-join the channel when starting up / connecting the client.


If you have problems with your Jabber account, you can contact <fellowship-hackers AT fsfeurope DOT org>


CategoryFellowshipServices