MarandaGe0rG, I'm not sure how appropriate that "solved" acceptation is, but receive rate is 0, it doesn't manage to get through.
Ge0rGMaranda: there are two relevant metrics in a filter, false acceptance rate and false rejection rate. The former is 0, which is good, but what about the latter?
Marandaedhelas dunno about you, you may need to do that, but I'm reknowingly a tid smarter than a monkey ;)
yonhas left
MarandaGe0rG, it's 0.
Ge0rGMaranda: you have a spam filter that doesn't block any legitimate messages, but all spam? You should be a billionnaire by now.
edhelasmaybe he's the one generating all this spam 🤔
MarandaGe0rG, I should? Good to know.
Marandaedhelas, maybe you should just focus on getting Movim to work decently on all platform instead of making stupid statements ;).
Ge0rGMaranda: you can rent your spam filter out, to desperate people like me, who maintain complex spam filter lists and still end up with dozens of false positives every day
Ge0rGMaranda: maybe edhelas is not the one making stupid statements ;)
MarandaHe for sure is Ge0rG, but that's the late fashion, pick every statement Maranda makes for how truthful it may be isn't it?
MarandaAlas like what I use and its concept wasn't published and available already.
Ge0rGMaranda: see, I'm doing some work on blocking XMPP spam, and I have a feeling for the complexity and the trade-offs, and there is no 100% solution to it.
MarandaGe0rG, currently there's a 100% solution for it as bots on XMPP are very dumb, the fact that you or your users may not like the trade-offs for it is *yet* another matter.
Ge0rGMaranda: so either your solution is not generally applicable or you must be cheating your numbers.
Ge0rGyes, the bots are dumb.
Ge0rGAt least most of them.
Ge0rGMaranda: so where can I read up on your solution?
MarandaIf I use it on lightwitch.org it's very applicable
Marandajust look at mod_spim_block Ge0rG it's no secret or rocket science, and I don't see why I should cheat on numbers if I say it reduced my spim rate (lightwitch.org's) to 0 why should I be lying? The only complaint you could make is that my numbers are a bit limited to make a valid sample, not that I'm cheating on 'em.
Ge0rGMaranda: is there documentation for how mod_spim_block works?
Ge0rGMaranda: I'm not saying you cheat on the false negative rate, I'm saying you cheat on the false positive rate.
Ge0rGHow many people don't see the spim blacklist bounce? Or don't bother jumping through the hoops?
Ge0rGMaranda: if you block s2s on excessive spim, how do you know that no legitimate users on that blocked server want to talk to your users?
Ge0rGall of that goes into the false positive rate.
MarandaGe0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban hit of 1h, I have a rather large allowance for spim hits (and you could disable that)✎
MarandaGe0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban for 1h, I have a rather large allowance for spim hits (and you could disable that) ✏
Maranda100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. they're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.✎
Maranda100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. They're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly. ✏
Ge0rGMaranda: all I wanted to say is that your solution isn't perfect either.
Ge0rGit's just making different trade-offs.
MarandaGe0rG, I never said it is, I said that the rate I get is 0, if you want I can change that the false positive is *very likely* 0 but that doesn't change the fact that if you disabled the s2s ban that would really turn into 0.
Marandaat least for the moment.
Marandaand for the area of coverage of mod_spim_block.
Ge0rGMaranda: the false positive rate is about legitimate messages blocked as spam. So disabling s2s would turn that to 100%
Marandaerm "how disabling the s2s ban" equates to "disabling s2s" Ge0rG..?
Ge0rGoh, sorry. Misread you on that.
Ge0rGMaranda: you need to also account for all the legitimate remote users who tried to contact one of your users, got rejected and gave up at that moment.
Ge0rGor didn't manage to click the link / do the captcha / whatever you have there.
Ge0rGor didn't receive the error.
vanitasvitaehas left
vanitasvitaehas joined
MarandaGe0rG, the server will send a readable message with instructions to the user, if I have to take in account for "literal monkeys" or people not willing to solve the challenge then that number can never be zero, but that's stupid imho, I made it so that even as annoying as it may be humans will always be able to solve the challenge.
Ge0rGMaranda: I'd like to test that, what do I need to do?
Ge0rGMaranda: will it be triggered by a subscription request or a message? do you have a JID I can test it on?
Marandasend me a message or presence sub to maranda@lightwitch.org
Ge0rG> Greetings, this is the lightwitch.org server before sending a message or presence subscription to this user, please visit https://meaveen.lightwitch.org/spim/ and input the following code in the form: jB6v1S/+rm/GklakBaPHvcYX7Rg=
Is that a one or an L?
Ge0rGMaranda: so you just lost all people who don't know how to copy&paste base64 blobs. Also people using a client without partial copy&paste
Marandado you want me to add "copy & paste", I wondering are you just arguing for the heck of it :P?
Ge0rG> What's the result of the following operation, 3 multiplicated by 21:
Also rather high requirements on math skills
Ge0rGMaranda: I'm saying that what you've made is a nerd filter
MarandaGe0rG, high requirements :P?
Ge0rGMaranda: multiplication of numbers >10 is a high requirement, unfortunately
MarandaGe0rG, tbh the only high requirement I knew of was division or any value not addition, subtraction, multiplication of upto 2 digits values✎
MarandaGe0rG, tbh the only high requirement I knew of was division of any value not addition, subtraction, multiplication of upto 2 digits values ✏
Ge0rGMaranda: you could at least put the token into the URL parameter and let the user only fill out the math.
Ge0rGMaranda: you also lost everybody who doesn't speak english
MarandaGe0rG, that removes a step, so it's not possible.
Ge0rGMaranda: it removes what step?
MarandaGe0rG, challenge step, not that it's really a step but it's enough for most dumb XMPP bots, and xmpp spammers currently do not wish to add a custom parser for my challenges apparently (except some russians who did after like a year or so)
Ge0rGMaranda: it remains a nerd filter, not a spam filter.
MarandaGe0rG, whatever.
Ge0rGMaranda: does the filter apply if you contact me first and I respond?
Marzannahas left
MarandaGe0rG, if I send you a message you get whitelisted automatically
Ge0rGMaranda: also if you send a subscription request?
MarandaHmm only a subscription no, but usually I noticed most clients sending a message together with the subscription so in that case it's covered.
Ge0rGMaranda: it's generally a good idea, but I think you are not hitting the right usability trade-off.
MarandaI guess that's a bug.
Ge0rGMaranda: if I were to implement it, I'd use a URL with a token parameter (no need to copy-paste), maybe even skip out the math filter, just "click here to unlock", and maybe do some User-Agent / IP testing
MarandaGe0rG, my users are satisfied with the "nerd filter", I got some complaints here and there but by most they all satisfied by not getting SPIM.
Ge0rGand I'd only apply the filter on bad-reputation domains and messages with suspected spam content.
Ge0rGMaranda: because they don't know anything better :P
MarandaGe0rG, possibly, but there're no tools, like a centralised bad reputantion domain/ip list mantained by the XSF. So I offer what I can and have the time to mantain the offer of.
Ge0rGI'm automatically blocking almost all incoming spam (plus some legitimate traffic) without legitimate users needing to do anything
Ge0rGMaranda: also reporting abuse to server admins is real work™
Ge0rGMaranda: I'd be glad if you would like to participate in that effort
yonhas left
yonhas left
MarandaGe0rG, if it's not too time taking to partecipate, like sending a PR everytime (e.g. like having a proper RESTful API for submission, checking)
Ge0rGMaranda: we've got an internal ticket system to track progress when talking to ISPs
MarandaGe0rG, yes but I meant the *how to submit entries* before they're evaluated, *I'd* like to do that automatically after x violations rather than having to do manual aggregation and then sending.
andrey.utkinhas joined
Ge0rGMaranda: how to submit entries to the blacklist? That needs to be manual.
MarandaI mean that's how it mostly (without the evaluation part) work with the e-mail blacklists.
Ge0rGMaranda: so you volunteer to develop the required tooling?
yonhas left
yonhas left
MarandaGe0rG, I barely have time and will for Metronome atm, so I guess that gives you a hint :P
yonhas left
yonhas left
yonhas left
yonhas left
yonhas left
Maranda[11:27:05] Ge0rG: Maranda: also if you send a subscription request? --> nm, also if a contact is pending that's covered.
yonhas left
geoffereyhas left
yonhas left
valohas left
valohas joined
yonhas left
yonhas left
holgerhas joined
kmqhas joined
yonhas left
yonhas left
csshas joined
yonhas left
mikehas left
mikehas joined
yonhas left
blablahas left
blablahas joined
yonhas left
yonhas left
yonhas left
(-:has left
mightyBroccolihas left
mightyBroccolihas joined
yonhas left
Ge0rGMaranda: it would be great to have all that written in the docs for that module.
Ge0rGMaranda: and if you insist on copy&pasting tokens, please encode the JID or a hash of it or some other token into the URL and reduce the thing that actually needs to be typed / copy-pasted to six digits numeric
MarandaDocumentation is yet time dependant and also english skills dependant. Two things I'm not very proficent on.
Marandahas joined
MarandaGe0rG: I could though change digest method / reduce entropy fetched to make the token shorter.
Ge0rGgenerate TOTP tokens!
yonhas left
yonhas left
yonhas left
yonhas left
yonhas left
ivucicahas joined
yonhas left
mightyBroccolihas left
andrey.utkinhas joined
mightyBroccolihas joined
yonhas left
ivucicahas joined
MarandaTOTP is a bit too much hassle to do correctly, safely and avoiding collisions for what I'm doing for now
Ge0rGI'm just saying.
MarandaGe0rG, but I can reduce the token to 12 characters and make it use uppercase letters only without issues (on uniqueness and collisions also)
Marandajust tested.
Ge0rGMaranda: you could just append it to the URL.
Ge0rGwith only uppercase letters, you probably also get rid of the 1/l/I issue.
yonhas left
yonhas left
csshas joined
ivucicahas joined
mightyBroccolihas left
SamWhitedhas left
SamWhitedhas joined
csshas left
kmqhas joined
kmqhas left
Marandahas joined
(-:has joined
csshas joined
holgerhas left
holgerhas joined
marc0shas left
yonhas left
yonhas left
NeustradamusA new server: deshalbfrei.org
holgerhas left
holgerhas joined
Ge0rGNeustradamus: reported to the owner
ivucicahas left
ivucicahas joined
ivucicahas left
ivucicahas joined
ivucicahas left
ivucicahas joined
ivucicahas left
jjrhhas left
ivucicahas joined
Holgerhas left
yonhas left
yonhas left
ThibGhas joined
jjrhhas left
Holgerhas left
jjrhhas left
Martinhas joined
yonhas left
kmqhas left
peterhas joined
tylerhas joined
vanitasvitaehas left
vanitasvitaehas joined
tylerhas joined
kmqhas left
kmqhas left
kmqhas left
kmqhas left
tylerhas left
tylerhas joined
Licaon_Kterhas joined
ThibGhas left
ThibGhas joined
podhas left
Licaon_Kterhas left
vanitasvitaehas left
vanitasvitaehas joined
Licaon_Kterhas joined
Holgerhas left
marc0shas joined
Brandensittichhas joined
ThibGhas left
ThibGhas joined
Brandensittichhas left
mimi89999has left
mimi89999has left
vanitasvitaehas left
ThibGhas joined
ThibGhas joined
holgerhas left
holgerhas joined
Marandahas joined
holgerhas left
fp-testerhas left
marc0shas left
fp-testerhas joined
holgerhas joined
probablyhas left
probablyhas joined
mightyBroccolihas left
mightyBroccolihas left
ibikkhas joined
404.cityhas joined
404.cityhas left
kmqhas joined
probablyhas left
probablyhas joined
probablyhas left
probablyhas joined
probablyhas left
probablyhas joined
pep.has left
pep.has left
NeustradamusA good news: https://twitter.com/neustradamus/status/1065328474922061825
peterhas left
blablahas left
Odinhas left
Odinhas joined
peterhas joined
(-:has left
Maranda@uptime lightwitch.org
Echo1Maranda: lightwitch.org has been running for 13 days, 21 hours and 26 minutes
Licaon_KterNeustradamus: you da bot :))
Marandahas left
fp-testerhas joined
SamWhitedhas left
info-screenhas left
seantoddhas joined
csshas joined
Marandahas left
ivucicahas joined
Marandahas left
Licaon_KterNeustradamus: do the PEP changes mean that Daniel's omemo_all_access is integrated?
Link MauveLicaon_Kter, it was a hack, and is not needed anymore.