Ge0rG, I'm not sure how appropriate that "solved" acceptation is, but receive rate is 0, it doesn't manage to get through.
Ge0rG
Maranda: there are two relevant metrics in a filter, false acceptance rate and false rejection rate. The former is 0, which is good, but what about the latter?
Maranda
edhelas dunno about you, you may need to do that, but I'm reknowingly a tid smarter than a monkey ;)
yonhas left
Maranda
Ge0rG, it's 0.
Ge0rG
Maranda: you have a spam filter that doesn't block any legitimate messages, but all spam? You should be a billionnaire by now.
edhelas
maybe he's the one generating all this spam 🤔
Maranda
Ge0rG, I should? Good to know.
Maranda
edhelas, maybe you should just focus on getting Movim to work decently on all platform instead of making stupid statements ;).
Ge0rG
Maranda: you can rent your spam filter out, to desperate people like me, who maintain complex spam filter lists and still end up with dozens of false positives every day
Ge0rG
Maranda: maybe edhelas is not the one making stupid statements ;)
Maranda
He for sure is Ge0rG, but that's the late fashion, pick every statement Maranda makes for how truthful it may be isn't it?
Maranda
Alas like what I use and its concept wasn't published and available already.
Ge0rG
Maranda: see, I'm doing some work on blocking XMPP spam, and I have a feeling for the complexity and the trade-offs, and there is no 100% solution to it.
Maranda
Ge0rG, currently there's a 100% solution for it as bots on XMPP are very dumb, the fact that you or your users may not like the trade-offs for it is *yet* another matter.
Ge0rG
Maranda: so either your solution is not generally applicable or you must be cheating your numbers.
Ge0rG
yes, the bots are dumb.
Ge0rG
At least most of them.
Ge0rG
Maranda: so where can I read up on your solution?
Maranda
If I use it on lightwitch.org it's very applicable
Maranda
just look at mod_spim_block Ge0rG it's no secret or rocket science, and I don't see why I should cheat on numbers if I say it reduced my spim rate (lightwitch.org's) to 0 why should I be lying? The only complaint you could make is that my numbers are a bit limited to make a valid sample, not that I'm cheating on 'em.
Ge0rG
Maranda: is there documentation for how mod_spim_block works?
Ge0rG
Maranda: I'm not saying you cheat on the false negative rate, I'm saying you cheat on the false positive rate.
Ge0rG
How many people don't see the spim blacklist bounce? Or don't bother jumping through the hoops?
Ge0rG
Maranda: if you block s2s on excessive spim, how do you know that no legitimate users on that blocked server want to talk to your users?
Ge0rG
all of that goes into the false positive rate.
Maranda
Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban hit of 1h, I have a rather large allowance for spim hits (and you could disable that)✎
Maranda
Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban for 1h, I have a rather large allowance for spim hits (and you could disable that) ✏
100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. they're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.✎
Maranda
100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. They're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly. ✏
Ge0rG
Maranda: all I wanted to say is that your solution isn't perfect either.
Ge0rG
it's just making different trade-offs.
Maranda
Ge0rG, I never said it is, I said that the rate I get is 0, if you want I can change that the false positive is *very likely* 0 but that doesn't change the fact that if you disabled the s2s ban that would really turn into 0.
Maranda
at least for the moment.
Maranda
and for the area of coverage of mod_spim_block.
Ge0rG
Maranda: the false positive rate is about legitimate messages blocked as spam. So disabling s2s would turn that to 100%
Maranda
erm "how disabling the s2s ban" equates to "disabling s2s" Ge0rG..?
Ge0rG
oh, sorry. Misread you on that.
Ge0rG
Maranda: you need to also account for all the legitimate remote users who tried to contact one of your users, got rejected and gave up at that moment.
Ge0rG
or didn't manage to click the link / do the captcha / whatever you have there.
Ge0rG
or didn't receive the error.
vanitasvitaehas left
vanitasvitaehas joined
Maranda
Ge0rG, the server will send a readable message with instructions to the user, if I have to take in account for "literal monkeys" or people not willing to solve the challenge then that number can never be zero, but that's stupid imho, I made it so that even as annoying as it may be humans will always be able to solve the challenge.
Ge0rG
Maranda: I'd like to test that, what do I need to do?
Ge0rG
Maranda: will it be triggered by a subscription request or a message? do you have a JID I can test it on?
Maranda
send me a message or presence sub to maranda@lightwitch.org
Ge0rG
> Greetings, this is the lightwitch.org server before sending a message or presence subscription to this user, please visit https://meaveen.lightwitch.org/spim/ and input the following code in the form: jB6v1S/+rm/GklakBaPHvcYX7Rg=
Is that a one or an L?
Ge0rG
Maranda: so you just lost all people who don't know how to copy&paste base64 blobs. Also people using a client without partial copy&paste
Maranda
do you want me to add "copy & paste", I wondering are you just arguing for the heck of it :P?
Ge0rG
> What's the result of the following operation, 3 multiplicated by 21:
Also rather high requirements on math skills
Ge0rG
Maranda: I'm saying that what you've made is a nerd filter
Maranda
Ge0rG, high requirements :P?
Ge0rG
Maranda: multiplication of numbers >10 is a high requirement, unfortunately
Maranda
Ge0rG, tbh the only high requirement I knew of was division or any value not addition, subtraction, multiplication of upto 2 digits values✎
Maranda
Ge0rG, tbh the only high requirement I knew of was division of any value not addition, subtraction, multiplication of upto 2 digits values ✏
Ge0rG
Maranda: you could at least put the token into the URL parameter and let the user only fill out the math.
Ge0rG
Maranda: you also lost everybody who doesn't speak english
Maranda
Ge0rG, that removes a step, so it's not possible.
Ge0rG
Maranda: it removes what step?
Maranda
Ge0rG, challenge step, not that it's really a step but it's enough for most dumb XMPP bots, and xmpp spammers currently do not wish to add a custom parser for my challenges apparently (except some russians who did after like a year or so)
Ge0rG
Maranda: it remains a nerd filter, not a spam filter.
Maranda
Ge0rG, whatever.
Ge0rG
Maranda: does the filter apply if you contact me first and I respond?
Marzannahas left
Maranda
Ge0rG, if I send you a message you get whitelisted automatically
Ge0rG
Maranda: also if you send a subscription request?
Maranda
Hmm only a subscription no, but usually I noticed most clients sending a message together with the subscription so in that case it's covered.
Ge0rG
Maranda: it's generally a good idea, but I think you are not hitting the right usability trade-off.
Maranda
I guess that's a bug.
Ge0rG
Maranda: if I were to implement it, I'd use a URL with a token parameter (no need to copy-paste), maybe even skip out the math filter, just "click here to unlock", and maybe do some User-Agent / IP testing
Maranda
Ge0rG, my users are satisfied with the "nerd filter", I got some complaints here and there but by most they all satisfied by not getting SPIM.
Ge0rG
and I'd only apply the filter on bad-reputation domains and messages with suspected spam content.
Ge0rG
Maranda: because they don't know anything better :P
Maranda
Ge0rG, possibly, but there're no tools, like a centralised bad reputantion domain/ip list mantained by the XSF. So I offer what I can and have the time to mantain the offer of.
Ge0rG
I'm automatically blocking almost all incoming spam (plus some legitimate traffic) without legitimate users needing to do anything
Maranda: also reporting abuse to server admins is real workâ„¢
Ge0rG
Maranda: I'd be glad if you would like to participate in that effort
yonhas left
yonhas left
Maranda
Ge0rG, if it's not too time taking to partecipate, like sending a PR everytime (e.g. like having a proper RESTful API for submission, checking)
Ge0rG
Maranda: we've got an internal ticket system to track progress when talking to ISPs
Maranda
Ge0rG, yes but I meant the *how to submit entries* before they're evaluated, *I'd* like to do that automatically after x violations rather than having to do manual aggregation and then sending.
andrey.utkinhas joined
Ge0rG
Maranda: how to submit entries to the blacklist? That needs to be manual.
Maranda
I mean that's how it mostly (without the evaluation part) work with the e-mail blacklists.
Ge0rG
Maranda: so you volunteer to develop the required tooling?
yonhas left
yonhas left
Maranda
Ge0rG, I barely have time and will for Metronome atm, so I guess that gives you a hint :P
yonhas left
yonhas left
yonhas left
yonhas left
yonhas left
Maranda
‎[11:27:05] ‎Ge0rG‎: Maranda: also if you send a subscription request? --> nm, also if a contact is pending that's covered.
yonhas left
geoffereyhas left
yonhas left
valohas left
valohas joined
yonhas left
yonhas left
holgerhas joined
kmqhas joined
yonhas left
yonhas left
csshas joined
yonhas left
mikehas left
mikehas joined
yonhas left
blablahas left
blablahas joined
yonhas left
yonhas left
yonhas left
(-:has left
mightyBroccolihas left
mightyBroccolihas joined
yonhas left
Ge0rG
Maranda: it would be great to have all that written in the docs for that module.
Ge0rG
Maranda: and if you insist on copy&pasting tokens, please encode the JID or a hash of it or some other token into the URL and reduce the thing that actually needs to be typed / copy-pasted to six digits numeric
Maranda
Documentation is yet time dependant and also english skills dependant. Two things I'm not very proficent on.
Marandahas joined
Maranda
Ge0rG: I could though change digest method / reduce entropy fetched to make the token shorter.
Ge0rG
generate TOTP tokens!
yonhas left
yonhas left
yonhas left
yonhas left
yonhas left
ivucicahas joined
yonhas left
mightyBroccolihas left
andrey.utkinhas joined
mightyBroccolihas joined
yonhas left
ivucicahas joined
Maranda
TOTP is a bit too much hassle to do correctly, safely and avoiding collisions for what I'm doing for now
Ge0rG
I'm just saying.
Maranda
Ge0rG, but I can reduce the token to 12 characters and make it use uppercase letters only without issues (on uniqueness and collisions also)
Marandajust tested.
Ge0rG
Maranda: you could just append it to the URL.
Ge0rG
with only uppercase letters, you probably also get rid of the 1/l/I issue.
yonhas left
yonhas left
csshas joined
ivucicahas joined
mightyBroccolihas left
SamWhitedhas left
SamWhitedhas joined
csshas left
kmqhas joined
kmqhas left
Marandahas joined
(-:has joined
csshas joined
holgerhas left
holgerhas joined
marc0shas left
yonhas left
yonhas left
Neustradamus
A new server: deshalbfrei.org
holgerhas left
holgerhas joined
Ge0rG
Neustradamus: reported to the owner
ivucicahas left
ivucicahas joined
ivucicahas left
ivucicahas joined
ivucicahas left
ivucicahas joined
ivucicahas left
jjrhhas left
ivucicahas joined
Holgerhas left
yonhas left
yonhas left
ThibGhas joined
jjrhhas left
Holgerhas left
jjrhhas left
Martinhas joined
yonhas left
kmqhas left
peterhas joined
tylerhas joined
vanitasvitaehas left
vanitasvitaehas joined
tylerhas joined
kmqhas left
kmqhas left
kmqhas left
kmqhas left
tylerhas left
tylerhas joined
Licaon_Kterhas joined
ThibGhas left
ThibGhas joined
podhas left
Licaon_Kterhas left
vanitasvitaehas left
vanitasvitaehas joined
Licaon_Kterhas joined
Holgerhas left
marc0shas joined
Brandensittichhas joined
ThibGhas left
ThibGhas joined
Brandensittichhas left
mimi89999has left
mimi89999has left
vanitasvitaehas left
ThibGhas joined
ThibGhas joined
holgerhas left
holgerhas joined
Marandahas joined
holgerhas left
fp-testerhas left
marc0shas left
fp-testerhas joined
holgerhas joined
probablyhas left
probablyhas joined
mightyBroccolihas left
mightyBroccolihas left
ibikkhas joined
404.cityhas joined
404.cityhas left
kmqhas joined
probablyhas left
probablyhas joined
probablyhas left
probablyhas joined
probablyhas left
probablyhas joined
pep.has left
pep.has left
Neustradamus
A good news: https://twitter.com/neustradamus/status/1065328474922061825
peterhas left
blablahas left
Odinhas left
Odinhas joined
peterhas joined
(-:has left
Maranda
@uptime lightwitch.org
Echo1
Maranda: lightwitch.org has been running for 13 days, 21 hours and 26 minutes
Licaon_Kter
Neustradamus: you da bot :))
Marandahas left
fp-testerhas joined
SamWhitedhas left
info-screenhas left
seantoddhas joined
csshas joined
Marandahas left
ivucicahas joined
Marandahas left
Licaon_Kter
Neustradamus: do the PEP changes mean that Daniel's omemo_all_access is integrated?
Link Mauve
Licaon_Kter, it was a hack, and is not needed anymore.