XMPP Service Operators

00:06:57 marc0s has joined
00:12:33 jjrh has left
00:25:41 kmq has joined
00:29:37 carlos has joined
00:30:03 carlos has joined
00:42:37 carlos has left
00:47:52 vanitasvitae has left
00:50:04 andrey.utkin has joined
00:53:18 carlos has joined
00:56:44 tyler has left
00:56:51 andrey.utkin has left
00:56:56 andrey.utkin has joined
01:00:54 vanitasvitae has left
01:00:55 vanitasvitae has joined
01:12:48 mrDoctorWho has joined
01:48:03 kmq has left
02:08:17 kmq has left
02:14:44 kmq has left
02:15:28 andrey.utkin has joined
02:19:51 mrDoctorWho has left
02:21:24 holger has left
02:24:19 vanitasvitae has left
02:24:21 vanitasvitae has joined
02:27:14 mrDoctorWho has left
02:34:33 mrDoctorWho has left
02:57:15 Maranda has joined
03:29:47 ivucica has left
03:37:11 tyler has joined
03:39:15 kmq has joined
04:12:53 Neustradamus has left
04:13:15 yon has left
04:16:15 yon has left
04:23:24 holger has joined
04:31:45 kmq has left
04:34:55 info-screen has joined
04:37:15 yon has left
04:42:17 Licaon_Kter has left
04:46:30 Licaon_Kter has joined
05:00:37 ibikk has joined
05:01:33 qwertz has joined
05:08:11 kmq has left
05:22:58 (-: has joined
05:43:06 ibikk has joined
05:45:38 mike has left
06:07:15 yon has left
06:12:06 kmq has left
06:12:06 kmq has left
06:18:37 Licaon_Kter has left
06:23:18 marc0s has left
07:00:15 qwertz has left
07:08:36 lorddavidiii has left
07:09:37 lorddavidiii has joined
07:15:35 Licaon_Kter has joined
07:20:06 kmq has joined
07:22:21 holger has left
07:35:42 blabla has left
07:44:47 fp-tester has left
07:45:16 fp-tester has joined
07:51:03 yon has left
08:00:07 Licaon_Kter has left
08:00:08 kmq has left
08:11:34 geofferey has left
08:18:04 kmq has joined
08:27:38 kmq has left
08:30:02 kmq has joined
08:48:23 probably has left
08:48:26 probably has joined
09:09:38 Maranda has solved that issue long ago.
09:09:57 Maranda rate == still 0.
09:10:31 info-screen has joined
09:14:27 pep. has left
09:15:22 blabla has joined
09:17:22 Ge0rG Maranda: you solved Jabber spam?
09:20:16 edhelas he disabled s2s
09:20:41 Maranda Ge0rG, I'm not sure how appropriate that "solved" acceptation is, but receive rate is 0, it doesn't manage to get through.
09:21:42 Ge0rG Maranda: there are two relevant metrics in a filter, false acceptance rate and false rejection rate. The former is 0, which is good, but what about the latter?
09:21:46 Maranda edhelas dunno about you, you may need to do that, but I'm reknowingly a tid smarter than a monkey ;)
09:22:31 yon has left
09:22:40 Maranda Ge0rG, it's 0.
09:24:41 Ge0rG Maranda: you have a spam filter that doesn't block any legitimate messages, but all spam? You should be a billionnaire by now.
09:26:06 edhelas maybe he's the one generating all this spam 🤔
09:26:26 Maranda Ge0rG, I should? Good to know.
09:27:57 Maranda edhelas, maybe you should just focus on getting Movim to work decently on all platform instead of making stupid statements ;).
09:28:06 Ge0rG Maranda: you can rent your spam filter out, to desperate people like me, who maintain complex spam filter lists and still end up with dozens of false positives every day
09:28:57 Ge0rG Maranda: maybe edhelas is not the one making stupid statements ;)
09:31:13 Maranda He for sure is Ge0rG, but that's the late fashion, pick every statement Maranda makes for how truthful it may be isn't it?
09:32:37 Maranda Alas like what I use and its concept wasn't published and available already.
09:32:57 Ge0rG Maranda: see, I'm doing some work on blocking XMPP spam, and I have a feeling for the complexity and the trade-offs, and there is no 100% solution to it.
09:34:18 Maranda Ge0rG, currently there's a 100% solution for it as bots on XMPP are very dumb, the fact that you or your users may not like the trade-offs for it is *yet* another matter.
09:34:32 Ge0rG Maranda: so either your solution is not generally applicable or you must be cheating your numbers.
09:34:45 Ge0rG yes, the bots are dumb.
09:34:50 Ge0rG At least most of them.
09:35:07 Ge0rG Maranda: so where can I read up on your solution?
09:35:12 Maranda If I use it on lightwitch.org it's very applicable
09:38:15 Maranda just look at mod_spim_block Ge0rG it's no secret or rocket science, and I don't see why I should cheat on numbers if I say it reduced my spim rate (lightwitch.org's) to 0 why should I be lying? The only complaint you could make is that my numbers are a bit limited to make a valid sample, not that I'm cheating on 'em.
09:39:37 Ge0rG Maranda: is there documentation for how mod_spim_block works?
09:40:05 Ge0rG Maranda: I'm not saying you cheat on the false negative rate, I'm saying you cheat on the false positive rate.
09:40:31 Ge0rG How many people don't see the spim blacklist bounce? Or don't bother jumping through the hoops?
09:41:41 Ge0rG Maranda: if you block s2s on excessive spim, how do you know that no legitimate users on that blocked server want to talk to your users?
09:42:26 Ge0rG all of that goes into the false positive rate.
09:47:10 Maranda Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban hit of 1h, I have a rather large allowance for spim hits (and you could disable that)
09:47:50 Maranda Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban for 1h, I have a rather large allowance for spim hits (and you could disable that)
09:48:35 Ge0rG Maranda: so you don't know.
09:48:40 Ge0rG Maranda: so you don't know for sure.
09:56:51 Maranda 100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. they're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.
09:57:12 Maranda 100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. They're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.
09:58:30 Ge0rG Maranda: all I wanted to say is that your solution isn't perfect either.
09:58:40 Ge0rG it's just making different trade-offs.
10:00:33 Maranda Ge0rG, I never said it is, I said that the rate I get is 0, if you want I can change that the false positive is *very likely* 0 but that doesn't change the fact that if you disabled the s2s ban that would really turn into 0.
10:00:51 Maranda at least for the moment.
10:01:10 Maranda and for the area of coverage of mod_spim_block.
10:01:49 Ge0rG Maranda: the false positive rate is about legitimate messages blocked as spam. So disabling s2s would turn that to 100%
10:02:43 Maranda erm "how disabling the s2s ban" equates to "disabling s2s" Ge0rG..?
10:03:21 Ge0rG oh, sorry. Misread you on that.
10:04:04 Ge0rG Maranda: you need to also account for all the legitimate remote users who tried to contact one of your users, got rejected and gave up at that moment.
10:04:25 Ge0rG or didn't manage to click the link / do the captcha / whatever you have there.
10:04:35 Ge0rG or didn't receive the error.
10:04:57 vanitasvitae has left
10:05:06 vanitasvitae has joined
10:09:13 Maranda Ge0rG, the server will send a readable message with instructions to the user, if I have to take in account for "literal monkeys" or people not willing to solve the challenge then that number can never be zero, but that's stupid imho, I made it so that even as annoying as it may be humans will always be able to solve the challenge.
10:09:42 Ge0rG Maranda: I'd like to test that, what do I need to do?
10:10:14 Ge0rG Maranda: will it be triggered by a subscription request or a message? do you have a JID I can test it on?
10:10:17 Maranda send me a message or presence sub to maranda@lightwitch.org
10:11:36 Ge0rG > Greetings, this is the lightwitch.org server before sending a message or presence subscription to this user, please visit https://meaveen.lightwitch.org/spim/ and input the following code in the form: jB6v1S/+rm/GklakBaPHvcYX7Rg= Is that a one or an L?
10:12:31 Ge0rG Maranda: so you just lost all people who don't know how to copy&paste base64 blobs. Also people using a client without partial copy&paste
10:13:07 Maranda do you want me to add "copy & paste", I wondering are you just arguing for the heck of it :P?
10:13:09 Ge0rG > What's the result of the following operation, 3 multiplicated by 21: Also rather high requirements on math skills
10:13:31 Ge0rG Maranda: I'm saying that what you've made is a nerd filter
10:13:35 Maranda Ge0rG, high requirements :P?
10:14:22 Ge0rG Maranda: multiplication of numbers >10 is a high requirement, unfortunately
10:15:23 Maranda Ge0rG, tbh the only high requirement I knew of was division or any value not addition, subtraction, multiplication of upto 2 digits values
10:15:37 Maranda Ge0rG, tbh the only high requirement I knew of was division of any value not addition, subtraction, multiplication of upto 2 digits values
10:16:09 Ge0rG Maranda: you could at least put the token into the URL parameter and let the user only fill out the math.
10:17:03 Ge0rG Maranda: you also lost everybody who doesn't speak english
10:17:54 Maranda Ge0rG, that removes a step, so it's not possible.
10:18:04 Ge0rG Maranda: it removes what step?
10:23:23 Maranda Ge0rG, challenge step, not that it's really a step but it's enough for most dumb XMPP bots, and xmpp spammers currently do not wish to add a custom parser for my challenges apparently (except some russians who did after like a year or so)
10:24:17 Ge0rG Maranda: it remains a nerd filter, not a spam filter.
10:24:59 Maranda Ge0rG, whatever.
10:25:53 Ge0rG Maranda: does the filter apply if you contact me first and I respond?
10:25:58 Marzanna has left
10:26:23 Maranda Ge0rG, if I send you a message you get whitelisted automatically
10:26:59 Ge0rG Maranda: also if you send a subscription request?
10:32:27 Maranda Hmm only a subscription no, but usually I noticed most clients sending a message together with the subscription so in that case it's covered.
10:32:29 Ge0rG Maranda: it's generally a good idea, but I think you are not hitting the right usability trade-off.
10:32:33 Maranda I guess that's a bug.
10:33:35 Ge0rG Maranda: if I were to implement it, I'd use a URL with a token parameter (no need to copy-paste), maybe even skip out the math filter, just "click here to unlock", and maybe do some User-Agent / IP testing
10:33:41 Maranda Ge0rG, my users are satisfied with the "nerd filter", I got some complaints here and there but by most they all satisfied by not getting SPIM.
10:34:15 Ge0rG and I'd only apply the filter on bad-reputation domains and messages with suspected spam content.
10:34:39 Ge0rG Maranda: because they don't know anything better :P
10:36:31 Maranda Ge0rG, possibly, but there're no tools, like a centralised bad reputantion domain/ip list mantained by the XSF. So I offer what I can and have the time to mantain the offer of.
10:36:34 Ge0rG I'm automatically blocking almost all incoming spam (plus some legitimate traffic) without legitimate users needing to do anything
10:36:52 Ge0rG Maranda: https://github.com/ge0rg/jabber-spam-fighting-manifesto/blob/blacklist/blacklist.md
10:37:53 Maranda ... ;)
10:38:02 Ge0rG Maranda: ??? ;)
10:38:04 Maranda (empty)
10:38:07 Maranda :P
10:38:15 Ge0rG Maranda: the list? yeah.
10:38:28 Ge0rG Maranda: still polishing the rules.
10:38:41 Ge0rG Maranda: also reporting abuse to server admins is real work™
10:39:22 Ge0rG Maranda: I'd be glad if you would like to participate in that effort
10:46:15 yon has left
10:46:15 yon has left
10:50:26 Maranda Ge0rG, if it's not too time taking to partecipate, like sending a PR everytime (e.g. like having a proper RESTful API for submission, checking)
10:52:17 Ge0rG Maranda: we've got an internal ticket system to track progress when talking to ISPs
10:57:15 Maranda Ge0rG, yes but I meant the *how to submit entries* before they're evaluated, *I'd* like to do that automatically after x violations rather than having to do manual aggregation and then sending.
10:57:18 andrey.utkin has joined
10:58:13 Ge0rG Maranda: how to submit entries to the blacklist? That needs to be manual.
10:59:28 Maranda I mean that's how it mostly (without the evaluation part) work with the e-mail blacklists.
11:03:05 Ge0rG Maranda: so you volunteer to develop the required tooling?
11:04:15 yon has left
11:04:15 yon has left
11:07:14 Maranda Ge0rG, I barely have time and will for Metronome atm, so I guess that gives you a hint :P
11:07:15 yon has left
11:10:15 yon has left
11:13:15 yon has left
11:19:15 yon has left
11:19:15 yon has left
11:21:12 Maranda ‎[11:27:05] ‎Ge0rG‎: Maranda: also if you send a subscription request? --> nm, also if a contact is pending that's covered.
11:22:15 yon has left
11:23:22 geofferey has left
11:25:15 yon has left
11:28:11 valo has left
11:28:39 valo has joined
11:31:15 yon has left
11:37:15 yon has left
11:39:44 holger has joined
11:40:07 kmq has joined
11:40:15 yon has left
11:43:15 yon has left
11:45:06 css has joined
11:46:15 yon has left
11:47:07 mike has left
11:47:16 mike has joined
11:49:15 yon has left
11:51:41 blabla has left
11:51:48 blabla has joined
11:55:15 yon has left
11:58:15 yon has left
11:58:15 yon has left
11:59:30 (-: has left
12:04:00 mightyBroccoli has left
12:04:01 mightyBroccoli has joined
12:04:15 yon has left
12:04:21 Ge0rG Maranda: it would be great to have all that written in the docs for that module.
12:05:33 Ge0rG Maranda: and if you insist on copy&pasting tokens, please encode the JID or a hash of it or some other token into the URL and reduce the thing that actually needs to be typed / copy-pasted to six digits numeric
12:09:05 Maranda Documentation is yet time dependant and also english skills dependant. Two things I'm not very proficent on.
12:12:31 Maranda has joined
12:12:32 Maranda Ge0rG: I could though change digest method / reduce entropy fetched to make the token shorter.
12:13:03 Ge0rG generate TOTP tokens!
12:16:15 yon has left
12:19:15 yon has left
12:22:15 yon has left
12:25:15 yon has left
12:28:15 yon has left
12:28:19 ivucica has joined
12:31:15 yon has left
12:33:20 mightyBroccoli has left
12:36:32 andrey.utkin has joined
12:39:46 mightyBroccoli has joined
12:46:15 yon has left
12:52:47 ivucica has joined
12:58:32 Maranda TOTP is a bit too much hassle to do correctly, safely and avoiding collisions for what I'm doing for now
12:59:06 Ge0rG I'm just saying.
12:59:54 Maranda Ge0rG, but I can reduce the token to 12 characters and make it use uppercase letters only without issues (on uniqueness and collisions also)
13:00:08 Maranda just tested.
13:00:10 Ge0rG Maranda: you could just append it to the URL.
13:00:43 Ge0rG with only uppercase letters, you probably also get rid of the 1/l/I issue.
13:04:15 yon has left
13:04:15 yon has left
13:07:03 css has joined
13:19:16 ivucica has joined
13:24:28 mightyBroccoli has left
13:31:18 SamWhited has left
13:31:19 SamWhited has joined
13:33:34 css has left
13:37:40 kmq has joined
13:43:05 kmq has left
13:50:59 Maranda has joined
14:03:46 (-: has joined
14:07:49 css has joined
14:10:11 holger has left
14:13:28 holger has joined
14:19:17 marc0s has left
14:34:14 yon has left
14:34:15 yon has left
14:34:41 Neustradamus A new server: deshalbfrei.org
14:40:11 holger has left
14:40:13 holger has joined
14:42:30 Ge0rG Neustradamus: reported to the owner
14:47:46 ivucica has left
14:48:32 ivucica has joined
14:48:47 ivucica has left
14:49:18 ivucica has joined
15:20:51 ivucica has left
15:21:26 ivucica has joined
15:26:48 ivucica has left
15:26:59 jjrh has left
15:27:07 ivucica has joined
15:30:59 Holger has left
15:31:14 yon has left
15:31:15 yon has left
15:33:22 ThibG has joined
15:36:56 jjrh has left
15:39:41 Holger has left
15:39:41 jjrh has left
15:39:55 Martin has joined
15:40:14 yon has left
15:53:05 kmq has left
16:01:22 peter has joined
16:06:41 tyler has joined
16:11:27 vanitasvitae has left
16:11:36 vanitasvitae has joined
16:12:47 tyler has joined
16:13:45 kmq has left
16:18:58 kmq has left
16:24:10 kmq has left
16:25:46 kmq has left
16:35:30 tyler has left
16:35:34 tyler has joined
16:35:38 Licaon_Kter has joined
16:46:23 ThibG has left
16:46:26 ThibG has joined
16:46:33 pod has left
16:50:08 Licaon_Kter has left
16:52:22 vanitasvitae has left
16:52:24 vanitasvitae has joined
17:16:40 Licaon_Kter has joined
17:24:54 Holger has left
17:25:30 marc0s has joined
17:45:54 Brandensittich has joined
17:45:59 ThibG has left
17:46:08 ThibG has joined
17:46:41 Brandensittich has left
17:47:21 mimi89999 has left
17:48:24 mimi89999 has left
17:50:58 vanitasvitae has left
17:59:09 ThibG has joined
17:59:12 ThibG has joined
18:03:28 holger has left
18:12:30 holger has joined
18:12:57 Maranda has joined
18:13:23 holger has left
18:13:37 fp-tester has left
18:14:20 marc0s has left
18:14:30 fp-tester has joined
18:16:04 holger has joined
18:23:00 probably has left
18:23:02 probably has joined
18:41:55 mightyBroccoli has left
18:50:34 mightyBroccoli has left
19:06:51 ibikk has joined
19:10:34 404.city has joined
19:19:12 404.city has left
19:21:10 kmq has joined
19:34:59 probably has left
19:35:02 probably has joined
19:35:32 probably has left
19:35:33 probably has joined
19:36:08 probably has left
19:36:10 probably has joined
19:41:09 pep. has left
19:43:18 pep. has left
19:43:27 Neustradamus A good news: https://twitter.com/neustradamus/status/1065328474922061825
19:46:56 peter has left
20:06:36 blabla has left
20:16:36 Odin has left
20:16:37 Odin has joined
20:22:22 peter has joined
20:23:53 (-: has left
20:26:04 Maranda @uptime lightwitch.org
20:26:04 Echo1 Maranda: lightwitch.org has been running for 13 days, 21 hours and 26 minutes
20:34:46 Licaon_Kter Neustradamus: you da bot :))
20:38:03 Maranda has left
20:42:41 fp-tester has joined
20:44:25 SamWhited has left
20:50:21 info-screen has left
20:50:42 seantodd has joined
20:52:49 css has joined
21:02:53 Maranda has left
21:06:05 ivucica has joined
21:10:42 Maranda has left
21:13:21 Licaon_Kter Neustradamus: do the PEP changes mean that Daniel's omemo_all_access is integrated?
21:15:32 Link Mauve Licaon_Kter, it was a hack, and is not needed anymore.
21:16:57 Licaon_Kter Link Mauve: great
21:22:47 mightyBroccoli has left
21:24:28 Holger has left
21:29:17 css has left
21:35:45 Martin has left
21:37:27 Holger has left
21:48:41 probably has left
21:48:44 probably has joined
21:49:10 ThibG has left
21:49:17 probably has left
21:49:18 ThibG has joined
21:49:19 probably has joined
21:51:44 probably has left
21:51:45 probably has joined
21:55:47 probably has left
21:55:49 probably has joined
22:02:46 naw has joined
22:05:44 lorddavidiii has left
22:06:27 probably has left
22:06:28 probably has joined
22:08:48 holger has left
22:12:11 ibikk has joined
22:13:55 ibikk has joined
22:18:56 peter has left
22:33:08 tyler has left
22:38:59 tyler has joined
22:40:46 ThibG has left
22:48:34 tyler has left
22:50:51 carlos has joined
22:51:01 carlos has joined
22:51:15 vanitasvitae has left
22:52:59 andrey.utkin has joined
22:53:35 tyler has joined
22:58:02 jjrh has left
22:58:18 jjrh has left
23:05:58 ibikk has joined
23:07:14 naw has left
23:08:56 fp-tester has joined
23:15:50 css has left
23:22:39 blabla has joined
23:23:01 fp-tester has left
23:23:05 tyler has left
23:26:06 fp-tester has joined
23:30:52 pod has left
23:35:55 blabla has left
23:40:07 tyler has joined
23:41:20 jjrh has left
23:53:47 Licaon_Kter has left
23:53:55 mightyBroccoli has left
23:53:57 mightyBroccoli has joined
23:57:42 kmq has joined
23:58:56 Licaon_Kter has joined