XSF Discussion - 2016-01-13


  1. boothj5 has joined
  2. soul has joined
  3. tim@boese-ban.de has joined
  4. tim@boese-ban.de has joined
  5. soul has left
  6. soul has joined
  7. narcode has left
  8. stpeter has left
  9. boothj5 has left
  10. stpeter has joined
  11. soul has left
  12. soul has joined
  13. narcode has joined
  14. boothj5 has joined
  15. soul has left
  16. soul has joined
  17. stpeter has left
  18. boothj5 has left
  19. stpeter has joined
  20. stpeter has left
  21. soul has left
  22. soul has joined
  23. soul has left
  24. soul has joined
  25. Lance has joined
  26. boothj5 has joined
  27. soul has left
  28. soul has joined
  29. boothj5 has left
  30. stpeter has joined
  31. Lance has joined
  32. arty has left
  33. arty has joined
  34. Tobias has joined
  35. soul has left
  36. soul has joined
  37. soul has left
  38. soul has joined
  39. Lance has joined
  40. soul has left
  41. soul has joined
  42. stpeter has left
  43. soul has left
  44. soul has joined
  45. soul has left
  46. soul has joined
  47. Zash has left
  48. foss81405971 has joined
  49. Zash has joined
  50. soul has left
  51. daurnimator has left
  52. soul has joined
  53. soul has left
  54. soul has joined
  55. intosi has joined
  56. soul has left
  57. soul has joined
  58. foss81405971 has joined
  59. foss81405971 has joined
  60. soul has left
  61. soul has joined
  62. intosi has left
  63. intosi has joined
  64. soul has left
  65. soul has joined
  66. soul has left
  67. soul has joined
  68. Lance has joined
  69. soul has left
  70. soul has joined
  71. intosi has left
  72. intosi has joined
  73. soul has left
  74. soul has joined
  75. soul has left
  76. soul has joined
  77. soul has left
  78. soul has joined
  79. daurnimator has joined
  80. foss81405971 has joined
  81. soul has left
  82. soul has joined
  83. thorsten has left
  84. mark.erd has joined
  85. thorsten has joined
  86. foss81405971 has joined
  87. Lance has joined
  88. waqas has joined
  89. dwd has left
  90. thorsten has left
  91. soul has left
  92. soul has joined
  93. thorsten has joined
  94. daurnimator has left
  95. soul has left
  96. soul has joined
  97. soul has left
  98. soul has joined
  99. winfried has left
  100. winfried has joined
  101. soul has left
  102. daurnimator has joined
  103. winfried has left
  104. winfried has joined
  105. soul has joined
  106. winfried has left
  107. winfried has joined
  108. soul has left
  109. soul has joined
  110. soul has left
  111. soul has joined
  112. SamWhited has left
  113. ralphm has left
  114. winfried has left
  115. winfried has joined
  116. winfried has left
  117. winfried has joined
  118. ThUnD3r|Gr33n has joined
  119. foss81405971 has joined
  120. arty has left
  121. intosi has joined
  122. waqas has left
  123. waqas has joined
  124. intosi has left
  125. Steffen Larsen has joined
  126. mark.erd has left
  127. arty has joined
  128. Lance has joined
  129. goffi has joined
  130. mark.erd has joined
  131. Steffen Larsen has left
  132. Flow has joined
  133. Tobias has left
  134. thorsten has left
  135. waqas has left
  136. waqas has joined
  137. thorsten has joined
  138. Ashley Ward has joined
  139. winfried has left
  140. Alex has joined
  141. winfried has left
  142. winfried has joined
  143. Steffen Larsen has left
  144. Steffen Larsen has left
  145. daniel has left
  146. waqas has left
  147. waqas has joined
  148. daurnimator has left
  149. Steffen Larsen has left
  150. Lance has joined
  151. waqas has left
  152. waqas has joined
  153. ralphm has left
  154. xnyhps has left
  155. foss81405971 has joined
  156. Jake1984 has left
  157. ThUnD3r|Gr33n has left
  158. Steffen Larsen has left
  159. ThUnD3r|Gr33n has joined
  160. mark.erd has left
  161. foss81405971 has joined
  162. andy has left
  163. andy has left
  164. daniel has left
  165. daniel has left
  166. Jake1984 has joined
  167. Steffen Larsen has left
  168. daurnimator has joined
  169. foss81405971 has joined
  170. andy has left
  171. waqas has left
  172. daniel has joined
  173. ralphm has left
  174. Jake1984 has left
  175. ralphm has left
  176. foss81405971 has joined
  177. Jake1984 has joined
  178. Flow has left
  179. Flow has joined
  180. waqas has joined
  181. waqas has left
  182. ralphm has left
  183. daniel has left
  184. ralphm has left
  185. Holger has left
  186. Holger has joined
  187. Holger has left
  188. Holger has joined
  189. waqas has joined
  190. daniel has left
  191. daniel has left
  192. Holger has left
  193. Holger has joined
  194. soul has left
  195. soul has joined
  196. foss81405971 has joined
  197. daniel has left
  198. daniel has joined
  199. Holger has left
  200. Holger has joined
  201. mark.erd has joined
  202. foss81405971 has joined
  203. soul has left
  204. winfried has left
  205. winfried has joined
  206. soul has joined
  207. soul has left
  208. soul has joined
  209. Zash has joined
  210. Neustradamus has left
  211. Jake1984 has left
  212. foss81405971 has joined
  213. bjc has left
  214. boothj5 has joined
  215. Jake1984 has joined
  216. soul has left
  217. soul has joined
  218. waqas has left
  219. Zash has joined
  220. waqas has joined
  221. mark.erd has left
  222. waqas has left
  223. mark.erd has joined
  224. mark.erd has left
  225. mark.erd has joined
  226. boothj5 has left
  227. Kev has left
  228. Zash has left
  229. daurnimator has left
  230. bjc has joined
  231. stpeter has joined
  232. Zash has joined
  233. waqas has joined
  234. bjc has left
  235. ThUnD3r|Gr33n has left
  236. thorsten has left
  237. stpeter has left
  238. thorsten has joined
  239. ThUnD3r|Gr33n has joined
  240. bjc has joined
  241. kalkin has left
  242. narcode has left
  243. narcode has joined
  244. mark.erd has left
  245. stpeter has joined
  246. andy has joined
  247. arty has left
  248. bjc has left
  249. waqas has left
  250. Lance has joined
  251. waqas has joined
  252. mark.erd has joined
  253. stpeter has left
  254. waqas has left
  255. Martin has joined
  256. stpeter has joined
  257. stpeter has left
  258. stpeter has joined
  259. ThUnD3r|Gr33n has left
  260. intosi has left
  261. intosi has joined
  262. Zash has joined
  263. mark.erd has left
  264. arty has joined
  265. Flow has left
  266. soul has left
  267. daniel has joined
  268. Martin has left
  269. Martin has joined
  270. soul has joined
  271. soul has left
  272. soul has joined
  273. mark.erd has joined
  274. mark.erd has left
  275. dwd Board, anyone? I think Laura is still in a meeting that's running over.
  276. ralphm hi
  277. tim@boese-ban.de has joined
  278. dwd Just us, then.
  279. dwd bear, ?
  280. dwd Oh, well. ralphm - anything happening with the Summit? And anything you need help with?
  281. ralphm nothing I can think of
  282. ralphm Just got some stickers delivered
  283. Kev Excellent. We like stickers
  284. daniel has left
  285. ralphm They look great
  286. andy http://upload.strb.org:8081/bOdqEobC58xhgApH2NtkknvDG9s/uAzVHRT6YH8q4/97f14f1b7506484fa57532112ca25509.jpg
  287. andy is bringing stickers, too
  288. andy :)
  289. andy I'll be at FOSDEM on saturday, if anybody wants an OMEMO fish sticker :P
  290. SamWhited andy: Now I'm really sad I won't be there!
  291. bjc has joined
  292. andy SamWhited, give me your address and I'll mail you some
  293. SamWhited andy: Appreciated, but that's okay, probably not worth it to mail them all the way from the other side of the pond :)
  294. SamWhited (and I'm moving this weekend and am not entirely sure what my new address is anyways…)
  295. kalkin andy: they look awesome!
  296. ralphm SamWhited: never to late to book a ticket
  297. ralphm too late
  298. SamWhited tries to decide if an OMEMO sticker and some ribs are worth ~900 USD…
  299. kalkin SamWhited: Yeah we all could share a beer in bruessel on saturday :)
  300. kalkin SamWhited: let your company pay it. It's hmm .... an educational trip!
  301. kalkin :)
  302. SamWhited kalkin: They might, I haven't asked; I'm actually just really busy right now. I probably should have asked at least a month in advance though
  303. arty has left
  304. ralphm SamWhited: so no hipchat people at all?
  305. SamWhited ralphm: I don't think so; I was hoping the Jitsi guys were going to go, but I think they said something about doing something else that week too
  306. SamWhited We'll see; I'll ask my boss about it.
  307. kalkin SamWhited: 👍
  308. ralphm Jitsi used to do the Lounge with us, really sad they cancelled for this year
  309. SamWhited ralphm: Yah, I think they were pretty upset about that too. I know Emil was looking forward to it.
  310. ralphm nods
  311. winfried ralphm: who will be contacting aloft?
  312. thorsten Is here a party planning?
  313. ralphm I'd be happy to do that, but the list on the wiki isn't really filling up. Unless this is all, which would be disappointing
  314. winfried last call on the mailing list?
  315. stpeter has joined
  316. ralphm winfried: yeah
  317. ralphm I'll try to do that today
  318. intosi has left
  319. andy SamWhited, international postage is literally under 1 euro. I don't mind. It would probably just take a while to get there. But I've printed up way more stickers than I can possibly use anyway ;)
  320. SamWhited andy: Awesome! Sounds good then.
  321. thorsten andy: omemo stickers? ;)
  322. intosi has joined
  323. Lance has joined
  324. intosi has left
  325. intosi has joined
  326. Lance has joined
  327. dwd has left
  328. winfried has left
  329. foss81405971 has joined
  330. foss81405971 has joined
  331. Flow dwd: how are PEP nodes with access-model roster related to privacy lists? Or did I get your comment in council@ wrong?
  332. daniel has left
  333. Lance Flow: servers generally already have an implementation for doing access controls based on roster groups, because of pep/pubsub. so it shouldn't be too much additional complexity for a server to also implement roster group blocking if that is added to the blocking xep
  334. Flow Lance: I see, the question still is if we want that
  335. Lance nods
  336. Flow I'd like the idea of an ad-hoc based blocking xep
  337. Flow so servers can implement what they want
  338. Flow and the client UI would be more or less similar, no matter which client is used
  339. Flow that, and remove the "list" from privacy lists and then most people would be happy I believe
  340. Jake1984 has left
  341. Jake1984 has joined
  342. soul has left
  343. soul has joined
  344. Flow What I wonder is, if we need a mechanism to inform the user about blocked stanzas/messages, and if so, how it should look like
  345. Flow has left
  346. Zash Flow: What direction?
  347. Lance that is already in the blocking xep, iirc, for outgoing things that are to blocked users
  348. Lance i would not expect to be informed that someone blocked you, if you try sending a stanza to them
  349. Flow Zash: incoming
  350. Flow i.e. a blocked entity send you a message
  351. Lance oh, that direction
  352. Zash That ... that's weird
  353. Flow but I always believe that the solution should be similar to what we do with email these days
  354. Flow i.e. a spam folder
  355. Flow and that's most likely not related to blocking
  356. Zash Did y'all see my post to the list?
  357. Flow because if you block someone you usually really do not want to receive anything from him/her
  358. Flow Zash: hard to tell :)
  359. Zash well, it was to operators becasue I replied to stpeter who posted to operators
  360. Zash Probably would have made sense to reply to standards@ too
  361. Lance Zash: +1, the current reporting mechanisms are not really aimed for use by end users
  362. Zash XEP-0287 which was mentioned seems to assume we already have the filtering in place
  363. waqas has joined
  364. Flow Zash: I do believe you can use xep287 without filtering
  365. Flow a server could always add <report/> and let the client report spim
  366. Flow or maybe even report spim over s2s
  367. Flow isn't that what you wanted? an easy way to report spim?
  368. Zash I'm a bit tired but it is not obvious to me how that would work
  369. Zash I was thinking something simple like this https://www.zash.se/simply-report-spam.html
  370. Lance +1. Add a user enterable description/reason, and maybe allow forwarding the original stanza
  371. Flow or use the stanza-id to link the original stanza
  372. Flow Zash: that does look similar to xep287 spim report
  373. Zash I wrote this before I saw 287
  374. Flow (which should also use xep359 IDs to link the spim stanza)
  375. Ashley Ward has left
  376. Zash Flow: IDs assume that the server has those stored.
  377. Zash I don't want to assume that
  378. dwd has left
  379. Zash I also don't want to attach more data to every stanza if it can be avoided
  380. Flow optional
  381. dwd has left
  382. Lance The main thing lacking from 287 is optional user provided feedback, and ability to send a report without requiring a server to stamp additional data into stanzas for that purpose.
  383. Lance Its about more than just spam, we need a way for users to report harassment and other policy violations that aren't strictly spim
  384. Lance Which might not be the result of a single, particular stanza
  385. Zash Yeah
  386. Lance Arguably covered by http://xmpp.org/extensions/xep-0157.html
  387. dwd has left
  388. Lance but it would be nice to have a more structured query, to ensure that the abuser jid is included correctly
  389. Zash Sounds like what I had in mind for the thing above :)
  390. Lance yep! just add a user comment field and i'd +1 it
  391. Lance the remaining question would be where to send it
  392. Lance has left
  393. soul has left
  394. Lance has joined
  395. Zash To something that supports it
  396. Zash Either the bare server jid, your own account or maybe a remote thing that accepts reports
  397. intosi has joined
  398. dwd Flow, You've got to do group-lookup by jid to do the access-model anyway, so the privacy list additions in terms of code would not be huge.
  399. winfried has left
  400. dwd Zash, Lance - I'd seriously look at STIX/IODEF for the reporting. I really don't like reinventing the wheel, and given they're both XML anyway it makes sense.
  401. Flow has joined
  402. Zash dwd: But NIH!! And huge XML spec
  403. fippo dwd: but isn't xml out of fashion?
  404. Lance yeah, i'd prefer to keep things simpler for clients to implement / users to use. use iodef/stix for inter-server reporting
  405. Zash You could write an informational spec that describes the absolute minimum of IODEF you would need as a client
  406. SouL has left
  407. SouL has joined
  408. tim@boese-ban.de has joined
  409. tim@boese-ban.de has left
  410. hexa- has left
  411. foss81405971 has joined
  412. thorsten has left
  413. thorsten has joined
  414. foss81405971 has joined
  415. intosi has joined
  416. Lance has joined
  417. Lance has joined
  418. foss81405971 has joined
  419. Martin has left
  420. Lance has joined
  421. Lance has joined
  422. goffi has left
  423. dwd has left
  424. thorsten has left
  425. Lance has joined
  426. Lance has joined
  427. thorsten has joined
  428. boothj5 has joined
  429. intosi has left
  430. Flow I guess that absolut minimum would be something like xep287 reporting or simply-report-spam.
  431. intosi has joined
  432. Alex has left
  433. ralphm and/or creating a mapping to it from a custom protocol you define. We did something similar with things like geoloc
  434. Jake1984 has joined
  435. stpeter I'll note that we did have a bespoke format for the inter-server reporting earlier on and I changed it to IODEF because of standards compliance & existing code libraries. Zash is right that we could define a slimmed down profile of IODEF for client-to-server reporting, although a simple command that forwards a message and flags it as abusive doesn't seem completely wrong.
  436. ralphm nods
  437. Flow don't forget about the use case where you just want to report a malicious jid
  438. Lance has joined
  439. Lance Given the importance of the feature, I'm in favor of whatever will lead to clients and servers actually implementing it, and a simpler spec seems best for that.
  440. Flow such report should come optionally with a stanza in question (or a link to it's id) and a more detailed reason (spam, harrasment, fraud, ...)
  441. Flow Lance: exactly my thought
  442. sezuan has left
  443. stpeter sure, I don't disagree
  444. stpeter Flow: don't we know that a JID is malicious based on a particular stanza? (message, presence invite, etc.)
  445. Flow stpeter: not sure, if there is always a stanza to report at hand
  446. Zash has joined
  447. Flow but anyway the information that matters most is the JID, all other information (stanza, exact reason, ...) should be optional IMHO
  448. stpeter Sure.
  449. dwd has left
  450. arty has joined
  451. Ashley Ward has joined
  452. sezuan has joined
  453. SamWhited has left
  454. daniel has left
  455. intosi has joined
  456. stpeter Flow: yes, I think you're right - and let's keep the reporting as simple as possible
  457. moparisthebest has left
  458. Kev > Flow: don't we know that a JID is malicious based on a particular stanza? (message, presence invite, etc.) Not really. <body>Hi there!</body> isn't malicious. Once. By the hundredth time they probably are as a set.
  459. SamWhited has left
  460. daniel has joined
  461. Flow has left
  462. daniel has joined
  463. moparisthebest has joined
  464. tim@boese-ban.de has joined
  465. tim@boese-ban.de has joined
  466. daniel has joined
  467. intosi has joined
  468. boothj5 has left
  469. Lance I've started some conversations with people working on abuse handling problems on various social media, and have gotten some useful feedback that I'll write up and send to standards@
  470. daniel has left
  471. Lance One of the interesting points is that blocking really needs a sharing component to really do the job of mitigating/preventing abuse. otherwise the user has to receive & react to everything. (Which could be a substantial amount on other networks)
  472. Lance So at minimum, opening up my blocklist to let people on my roster see it would be a big help. Even better would be a way to make incorporating friends' block lists automatic (subscriptions?)
  473. foss81405971 has joined
  474. stpeter huh interesting
  475. Lance federation makes things harder, of course :/, but there are other things to automatically filter on, such as age of accounts
  476. Lance most of that information would only be available inside each service, though
  477. fippo age of account... we tried that in psyc ~2003 lance :-)
  478. Lance fippo: as is tradition
  479. fippo it is still somewhat useful if the remote server is not evil. e.g. the case of a "public server" that gets abused
  480. daniel has joined
  481. stpeter I don't think that most XMPP servers have kept track of that
  482. intosi has joined
  483. stpeter although this account I'm using goes back to 1999 :P
  484. daniel has left
  485. daniel has joined
  486. narcode :D
  487. narcode nice
  488. stpeter I'm still intrigued by reputation systems but I don't know if they're truly useful in practice ... http://xmpp.org/extensions/xep-0275.html
  489. SamWhited has left
  490. narcode look complicated but could be really accurate“>For each room in which the user is banned (XEP-0045 "outcast"), divide the room's reputation by 10 and decrement the user's score by the result”
  491. Lance my server always returns a score of 100 for me, naturally :p
  492. moparisthebest has joined
  493. tim@boese-ban.de has left
  494. Lance but I think that aside from 1) making it easy for users to report and 2) making it easier to populate block lists based on my network of friends, its a service operations problem, and not a protocol one
  495. Lance as in, new protocols won't solve things. operational work is needed
  496. fippo so apparently i've been logged in five years with one account and four years with the other since that feature was implemented. but that is way too little, probably there is a bug in t he counting!
  497. fippo reputation systems can make sense if we assume that it is evil clients abusing an open server
  498. stpeter fippo: I think we have a mix of evil servers (less common) and evil clients abusing open servers
  499. stpeter e.g., I'm pretty sure that buycc.me was/is an evil server
  500. boothj5 has joined
  501. boothj5 has left
  502. foss81405971 has joined
  503. stpeter has left
  504. boothj5 has joined
  505. goffi has left
  506. goffi has left
  507. fippo right. but there is quite some value in "public servers" (I have a hard time avoiding the term "open relay") coordinating against spam from evil clients
  508. intosi has joined
  509. stpeter has joined
  510. waqas has left
  511. foss81405971 has joined
  512. waqas has joined
  513. Ashley Ward has left
  514. stpeter yes
  515. stpeter by public server you mean a server that allows essentially anyone to register an account?
  516. foss81405971 has joined
  517. boothj5 has left
  518. foss81405971 has joined
  519. fippo yeah.
  520. stpeter nod
  521. intosi has joined