jdev - 2023-09-26

  1. moparisthebest

    imagine "permanently bricking your rooms" being a thing that exists in a protocol lol https://grapheneos.social/@GrapheneOS/111123792907620861

  2. moparisthebest

    good to know we are ahead of the curve on moderation tooling too, and sadly not the only one that needs it

  3. meson

    moparisthebest: there's actually a good blog posts which summarizes the flaws in the matrix protocol, like the one mentioned in the toot, in a bit more detail: https://telegra.ph/why-not-matrix-08-07

  4. meson

    moparisthebest: there's actually a good blog post which summarizes the flaws in the matrix protocol, like the one mentioned in the toot, in a bit more detail: https://telegra.ph/why-not-matrix-08-07

  5. deuton

    > another fun way to attack a room is just to join hundreds or thousands of bots to the room ... > the only way to discard all of this spam complexity is to recreate the room. Sounds like effectively a way to brick rooms.

  6. lovetox

    What xmpp Server would prevent 100.000 Bots Form joining a mich?

  7. lovetox

    What xmpp Server would prevent 100.000 Bots Form joining a muc?

  8. lovetox

    Of course one could think of measures, but i doubt any Server has them now

  9. Ge0rG

    most servers will probably just collapse ;)

  10. jonas’

    lovetox, but it won't render the room useless forever

  11. jonas’

    and countermeasures like not broadcasting presence do exist

  12. jonas’

    (in some implementations anyway)

  13. lovetox

    True we don't need to destroy a room to get rid of the problem

  14. lovetox

    What I wanted to say is ddos measures could be better on most servers

  15. jonas’

    sure

  16. jonas’

    there is always room for improvement

  17. Link Mauve

    lovetox, Prosody comes with mod_limits built-in, which would effectively prevent such an attack.

  18. jonas’

    mod_limits prevents joins?

  19. Link Mauve

    It prevents 100k joins at the same time, by preventing that s2s from delivering such traffic.

  20. jonas’

    assuming they're all from the same domain

  21. jonas’

    Link Mauve, actually, mod_limits may make things much worse in reality

  22. jonas’

    a join request is just a few dozen bytes. the response to a join fans out to multiple s2s links typically, and typically more than once on each s2s link. mod_limits will thus cause a massive backlog of outbound stanzas eventually (assuming other servers also use mod_limits)

  23. Zash

    Application aware multipliers for response size?

  24. moparisthebest

    > lovetox, but it won't render the room useless forever This is the point

  25. MSavoritias (fae,ve)

    Plus no json and split brain problems. Matrix has said: > In future we can and will switch to a canonical binary format (eg the MIMI IETF work is rather quaintly fixated on using TLS Presentation Layer as a binary format).

  26. MSavoritias (fae,ve)

    Which mimi btw seems to adopt. Matrix is out of the picture it seems

  27. singpolyma

    good. let's create yet another standard. what could go wrong

  28. moparisthebest

    Obligatory https://xkcd.com/927/

  29. Zash

    What.

  30. lissine

    > Obligatory https://xkcd.com/927/ xmpp is the universal messaging standard, with it's focus on gateways