XMPP Service Operators - 2018-11-21

  1. marc0s has joined

  2. jjrh has left

  3. kmq has joined

  4. carlos has joined

  5. carlos has joined

  6. carlos has left

  7. vanitasvitae has left

  8. andrey.utkin has joined

  9. carlos has joined

  10. tyler has left

  11. andrey.utkin has left

  12. andrey.utkin has joined

  13. vanitasvitae has left

  14. vanitasvitae has joined

  15. mrDoctorWho has joined

  16. kmq has left

  17. kmq has left

  18. kmq has left

  19. andrey.utkin has joined

  20. mrDoctorWho has left

  21. holger has left

  22. vanitasvitae has left

  23. vanitasvitae has joined

  24. mrDoctorWho has left

  25. mrDoctorWho has left

  26. Maranda has joined

  27. ivucica has left

  28. tyler has joined

  29. kmq has joined

  30. Neustradamus has left

  31. yon has left

  32. yon has left

  33. holger has joined

  34. kmq has left

  35. info-screen has joined

  36. yon has left

  37. Licaon_Kter has left

  38. Licaon_Kter has joined

  39. ibikk has joined

  40. qwertz has joined

  41. kmq has left

  42. (-: has joined

  43. ibikk has joined

  44. mike has left

  45. yon has left

  46. kmq has left

  47. kmq has left

  48. Licaon_Kter has left

  49. marc0s has left

  50. qwertz has left

  51. lorddavidiii has left

  52. lorddavidiii has joined

  53. Licaon_Kter has joined

  54. kmq has joined

  55. holger has left

  56. blabla has left

  57. fp-tester has left

  58. fp-tester has joined

  59. yon has left

  60. Licaon_Kter has left

  61. kmq has left

  62. geofferey has left

  63. kmq has joined

  64. kmq has left

  65. kmq has joined

  66. probably has left

  67. probably has joined

  68. Maranda has solved that issue long ago.

  69. Maranda

    rate == still 0.

  70. info-screen has joined

  71. pep. has left

  72. blabla has joined

  73. Ge0rG

    Maranda: you solved Jabber spam?

  74. edhelas

    he disabled s2s

  75. Maranda

    Ge0rG, I'm not sure how appropriate that "solved" acceptation is, but receive rate is 0, it doesn't manage to get through.

  76. Ge0rG

    Maranda: there are two relevant metrics in a filter, false acceptance rate and false rejection rate. The former is 0, which is good, but what about the latter?

  77. Maranda

    edhelas dunno about you, you may need to do that, but I'm reknowingly a tid smarter than a monkey ;)

  78. yon has left

  79. Maranda

    Ge0rG, it's 0.

  80. Ge0rG

    Maranda: you have a spam filter that doesn't block any legitimate messages, but all spam? You should be a billionnaire by now.

  81. edhelas

    maybe he's the one generating all this spam 🤔

  82. Maranda

    Ge0rG, I should? Good to know.

  83. Maranda

    edhelas, maybe you should just focus on getting Movim to work decently on all platform instead of making stupid statements ;).

  84. Ge0rG

    Maranda: you can rent your spam filter out, to desperate people like me, who maintain complex spam filter lists and still end up with dozens of false positives every day

  85. Ge0rG

    Maranda: maybe edhelas is not the one making stupid statements ;)

  86. Maranda

    He for sure is Ge0rG, but that's the late fashion, pick every statement Maranda makes for how truthful it may be isn't it?

  87. Maranda

    Alas like what I use and its concept wasn't published and available already.

  88. Ge0rG

    Maranda: see, I'm doing some work on blocking XMPP spam, and I have a feeling for the complexity and the trade-offs, and there is no 100% solution to it.

  89. Maranda

    Ge0rG, currently there's a 100% solution for it as bots on XMPP are very dumb, the fact that you or your users may not like the trade-offs for it is *yet* another matter.

  90. Ge0rG

    Maranda: so either your solution is not generally applicable or you must be cheating your numbers.

  91. Ge0rG

    yes, the bots are dumb.

  92. Ge0rG

    At least most of them.

  93. Ge0rG

    Maranda: so where can I read up on your solution?

  94. Maranda

    If I use it on lightwitch.org it's very applicable

  95. Maranda

    just look at mod_spim_block Ge0rG it's no secret or rocket science, and I don't see why I should cheat on numbers if I say it reduced my spim rate (lightwitch.org's) to 0 why should I be lying? The only complaint you could make is that my numbers are a bit limited to make a valid sample, not that I'm cheating on 'em.

  96. Ge0rG

    Maranda: is there documentation for how mod_spim_block works?

  97. Ge0rG

    Maranda: I'm not saying you cheat on the false negative rate, I'm saying you cheat on the false positive rate.

  98. Ge0rG

    How many people don't see the spim blacklist bounce? Or don't bother jumping through the hoops?

  99. Ge0rG

    Maranda: if you block s2s on excessive spim, how do you know that no legitimate users on that blocked server want to talk to your users?

  100. Ge0rG

    all of that goes into the false positive rate.

  101. Maranda

    Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban hit of 1h, I have a rather large allowance for spim hits (and you could disable that)

  102. Maranda

    Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban for 1h, I have a rather large allowance for spim hits (and you could disable that)

  103. Ge0rG

    Maranda: so you don't know.

  104. Ge0rG

    Maranda: so you don't know for sure.

  105. Maranda

    100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. they're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.

  106. Maranda

    100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. They're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.

  107. Ge0rG

    Maranda: all I wanted to say is that your solution isn't perfect either.

  108. Ge0rG

    it's just making different trade-offs.

  109. Maranda

    Ge0rG, I never said it is, I said that the rate I get is 0, if you want I can change that the false positive is *very likely* 0 but that doesn't change the fact that if you disabled the s2s ban that would really turn into 0.

  110. Maranda

    at least for the moment.

  111. Maranda

    and for the area of coverage of mod_spim_block.

  112. Ge0rG

    Maranda: the false positive rate is about legitimate messages blocked as spam. So disabling s2s would turn that to 100%

  113. Maranda

    erm "how disabling the s2s ban" equates to "disabling s2s" Ge0rG..?

  114. Ge0rG

    oh, sorry. Misread you on that.

  115. Ge0rG

    Maranda: you need to also account for all the legitimate remote users who tried to contact one of your users, got rejected and gave up at that moment.

  116. Ge0rG

    or didn't manage to click the link / do the captcha / whatever you have there.

  117. Ge0rG

    or didn't receive the error.

  118. vanitasvitae has left

  119. vanitasvitae has joined

  120. Maranda

    Ge0rG, the server will send a readable message with instructions to the user, if I have to take in account for "literal monkeys" or people not willing to solve the challenge then that number can never be zero, but that's stupid imho, I made it so that even as annoying as it may be humans will always be able to solve the challenge.

  121. Ge0rG

    Maranda: I'd like to test that, what do I need to do?

  122. Ge0rG

    Maranda: will it be triggered by a subscription request or a message? do you have a JID I can test it on?

  123. Maranda

    send me a message or presence sub to maranda@lightwitch.org

  124. Ge0rG

    > Greetings, this is the lightwitch.org server before sending a message or presence subscription to this user, please visit https://meaveen.lightwitch.org/spim/ and input the following code in the form: jB6v1S/+rm/GklakBaPHvcYX7Rg= Is that a one or an L?

  125. Ge0rG

    Maranda: so you just lost all people who don't know how to copy&paste base64 blobs. Also people using a client without partial copy&paste

  126. Maranda

    do you want me to add "copy & paste", I wondering are you just arguing for the heck of it :P?

  127. Ge0rG

    > What's the result of the following operation, 3 multiplicated by 21: Also rather high requirements on math skills

  128. Ge0rG

    Maranda: I'm saying that what you've made is a nerd filter

  129. Maranda

    Ge0rG, high requirements :P?

  130. Ge0rG

    Maranda: multiplication of numbers >10 is a high requirement, unfortunately

  131. Maranda

    Ge0rG, tbh the only high requirement I knew of was division or any value not addition, subtraction, multiplication of upto 2 digits values

  132. Maranda

    Ge0rG, tbh the only high requirement I knew of was division of any value not addition, subtraction, multiplication of upto 2 digits values

  133. Ge0rG

    Maranda: you could at least put the token into the URL parameter and let the user only fill out the math.

  134. Ge0rG

    Maranda: you also lost everybody who doesn't speak english

  135. Maranda

    Ge0rG, that removes a step, so it's not possible.

  136. Ge0rG

    Maranda: it removes what step?

  137. Maranda

    Ge0rG, challenge step, not that it's really a step but it's enough for most dumb XMPP bots, and xmpp spammers currently do not wish to add a custom parser for my challenges apparently (except some russians who did after like a year or so)

  138. Ge0rG

    Maranda: it remains a nerd filter, not a spam filter.

  139. Maranda

    Ge0rG, whatever.

  140. Ge0rG

    Maranda: does the filter apply if you contact me first and I respond?

  141. Marzanna has left

  142. Maranda

    Ge0rG, if I send you a message you get whitelisted automatically

  143. Ge0rG

    Maranda: also if you send a subscription request?

  144. Maranda

    Hmm only a subscription no, but usually I noticed most clients sending a message together with the subscription so in that case it's covered.

  145. Ge0rG

    Maranda: it's generally a good idea, but I think you are not hitting the right usability trade-off.

  146. Maranda

    I guess that's a bug.

  147. Ge0rG

    Maranda: if I were to implement it, I'd use a URL with a token parameter (no need to copy-paste), maybe even skip out the math filter, just "click here to unlock", and maybe do some User-Agent / IP testing

  148. Maranda

    Ge0rG, my users are satisfied with the "nerd filter", I got some complaints here and there but by most they all satisfied by not getting SPIM.

  149. Ge0rG

    and I'd only apply the filter on bad-reputation domains and messages with suspected spam content.

  150. Ge0rG

    Maranda: because they don't know anything better :P

  151. Maranda

    Ge0rG, possibly, but there're no tools, like a centralised bad reputantion domain/ip list mantained by the XSF. So I offer what I can and have the time to mantain the offer of.

  152. Ge0rG

    I'm automatically blocking almost all incoming spam (plus some legitimate traffic) without legitimate users needing to do anything

  153. Ge0rG

    Maranda: https://github.com/ge0rg/jabber-spam-fighting-manifesto/blob/blacklist/blacklist.md

  154. Maranda

    ... ;)

  155. Ge0rG

    Maranda: ??? ;)

  156. Maranda


  157. Maranda


  158. Ge0rG

    Maranda: the list? yeah.

  159. Ge0rG

    Maranda: still polishing the rules.

  160. Ge0rG

    Maranda: also reporting abuse to server admins is real work™

  161. Ge0rG

    Maranda: I'd be glad if you would like to participate in that effort

  162. yon has left

  163. yon has left

  164. Maranda

    Ge0rG, if it's not too time taking to partecipate, like sending a PR everytime (e.g. like having a proper RESTful API for submission, checking)

  165. Ge0rG

    Maranda: we've got an internal ticket system to track progress when talking to ISPs

  166. Maranda

    Ge0rG, yes but I meant the *how to submit entries* before they're evaluated, *I'd* like to do that automatically after x violations rather than having to do manual aggregation and then sending.

  167. andrey.utkin has joined

  168. Ge0rG

    Maranda: how to submit entries to the blacklist? That needs to be manual.

  169. Maranda

    I mean that's how it mostly (without the evaluation part) work with the e-mail blacklists.

  170. Ge0rG

    Maranda: so you volunteer to develop the required tooling?

  171. yon has left

  172. yon has left

  173. Maranda

    Ge0rG, I barely have time and will for Metronome atm, so I guess that gives you a hint :P

  174. yon has left

  175. yon has left

  176. yon has left

  177. yon has left

  178. yon has left

  179. Maranda

    ‎[11:27:05] ‎Ge0rG‎: Maranda: also if you send a subscription request? --> nm, also if a contact is pending that's covered.

  180. yon has left

  181. geofferey has left

  182. yon has left

  183. valo has left

  184. valo has joined

  185. yon has left

  186. yon has left

  187. holger has joined

  188. kmq has joined

  189. yon has left

  190. yon has left

  191. css has joined

  192. yon has left

  193. mike has left

  194. mike has joined

  195. yon has left

  196. blabla has left

  197. blabla has joined

  198. yon has left

  199. yon has left

  200. yon has left

  201. (-: has left

  202. mightyBroccoli has left

  203. mightyBroccoli has joined

  204. yon has left

  205. Ge0rG

    Maranda: it would be great to have all that written in the docs for that module.

  206. Ge0rG

    Maranda: and if you insist on copy&pasting tokens, please encode the JID or a hash of it or some other token into the URL and reduce the thing that actually needs to be typed / copy-pasted to six digits numeric

  207. Maranda

    Documentation is yet time dependant and also english skills dependant. Two things I'm not very proficent on.

  208. Maranda has joined

  209. Maranda

    Ge0rG: I could though change digest method / reduce entropy fetched to make the token shorter.

  210. Ge0rG

    generate TOTP tokens!

  211. yon has left

  212. yon has left

  213. yon has left

  214. yon has left

  215. yon has left

  216. ivucica has joined

  217. yon has left

  218. mightyBroccoli has left

  219. andrey.utkin has joined

  220. mightyBroccoli has joined

  221. yon has left

  222. ivucica has joined

  223. Maranda

    TOTP is a bit too much hassle to do correctly, safely and avoiding collisions for what I'm doing for now

  224. Ge0rG

    I'm just saying.

  225. Maranda

    Ge0rG, but I can reduce the token to 12 characters and make it use uppercase letters only without issues (on uniqueness and collisions also)

  226. Maranda just tested.

  227. Ge0rG

    Maranda: you could just append it to the URL.

  228. Ge0rG

    with only uppercase letters, you probably also get rid of the 1/l/I issue.

  229. yon has left

  230. yon has left

  231. css has joined

  232. ivucica has joined

  233. mightyBroccoli has left

  234. SamWhited has left

  235. SamWhited has joined

  236. css has left

  237. kmq has joined

  238. kmq has left

  239. Maranda has joined

  240. (-: has joined

  241. css has joined

  242. holger has left

  243. holger has joined

  244. marc0s has left

  245. yon has left

  246. yon has left

  247. Neustradamus

    A new server: deshalbfrei.org

  248. holger has left

  249. holger has joined

  250. Ge0rG

    Neustradamus: reported to the owner

  251. ivucica has left

  252. ivucica has joined

  253. ivucica has left

  254. ivucica has joined

  255. ivucica has left

  256. ivucica has joined

  257. ivucica has left

  258. jjrh has left

  259. ivucica has joined

  260. Holger has left

  261. yon has left

  262. yon has left

  263. ThibG has joined

  264. jjrh has left

  265. Holger has left

  266. jjrh has left

  267. Martin has joined

  268. yon has left

  269. kmq has left

  270. peter has joined

  271. tyler has joined

  272. vanitasvitae has left

  273. vanitasvitae has joined

  274. tyler has joined

  275. kmq has left

  276. kmq has left

  277. kmq has left

  278. kmq has left

  279. tyler has left

  280. tyler has joined

  281. Licaon_Kter has joined

  282. ThibG has left

  283. ThibG has joined

  284. pod has left

  285. Licaon_Kter has left

  286. vanitasvitae has left

  287. vanitasvitae has joined

  288. Licaon_Kter has joined

  289. Holger has left

  290. marc0s has joined

  291. Brandensittich has joined

  292. ThibG has left

  293. ThibG has joined

  294. Brandensittich has left

  295. mimi89999 has left

  296. mimi89999 has left

  297. vanitasvitae has left

  298. ThibG has joined

  299. ThibG has joined

  300. holger has left

  301. holger has joined

  302. Maranda has joined

  303. holger has left

  304. fp-tester has left

  305. marc0s has left

  306. fp-tester has joined

  307. holger has joined

  308. probably has left

  309. probably has joined

  310. mightyBroccoli has left

  311. mightyBroccoli has left

  312. ibikk has joined

  313. 404.city has joined

  314. 404.city has left

  315. kmq has joined

  316. probably has left

  317. probably has joined

  318. probably has left

  319. probably has joined

  320. probably has left

  321. probably has joined

  322. pep. has left

  323. pep. has left

  324. Neustradamus

    A good news: https://twitter.com/neustradamus/status/1065328474922061825

  325. peter has left

  326. blabla has left

  327. Odin has left

  328. Odin has joined

  329. peter has joined

  330. (-: has left

  331. Maranda

    @uptime lightwitch.org

  332. Echo1

    Maranda: lightwitch.org has been running for 13 days, 21 hours and 26 minutes

  333. Licaon_Kter

    Neustradamus: you da bot :))

  334. Maranda has left

  335. fp-tester has joined

  336. SamWhited has left

  337. info-screen has left

  338. seantodd has joined

  339. css has joined

  340. Maranda has left

  341. ivucica has joined

  342. Maranda has left

  343. Licaon_Kter

    Neustradamus: do the PEP changes mean that Daniel's omemo_all_access is integrated?

  344. Link Mauve

    Licaon_Kter, it was a hack, and is not needed anymore.

  345. Licaon_Kter

    Link Mauve: great

  346. mightyBroccoli has left

  347. Holger has left

  348. css has left

  349. Martin has left

  350. Holger has left

  351. probably has left

  352. probably has joined

  353. ThibG has left

  354. probably has left

  355. ThibG has joined

  356. probably has joined

  357. probably has left

  358. probably has joined

  359. probably has left

  360. probably has joined

  361. naw has joined

  362. lorddavidiii has left

  363. probably has left

  364. probably has joined

  365. holger has left

  366. ibikk has joined

  367. ibikk has joined

  368. peter has left

  369. tyler has left

  370. tyler has joined

  371. ThibG has left

  372. tyler has left

  373. carlos has joined

  374. carlos has joined

  375. vanitasvitae has left

  376. andrey.utkin has joined

  377. tyler has joined

  378. jjrh has left

  379. jjrh has left

  380. ibikk has joined

  381. naw has left

  382. fp-tester has joined

  383. css has left

  384. blabla has joined

  385. fp-tester has left

  386. tyler has left

  387. fp-tester has joined

  388. pod has left

  389. blabla has left

  390. tyler has joined

  391. jjrh has left

  392. Licaon_Kter has left

  393. mightyBroccoli has left

  394. mightyBroccoli has joined

  395. kmq has joined

  396. Licaon_Kter has joined