XMPP Service Operators - 2018-11-21

  1. marc0s has joined
  2. jjrh has left
  3. kmq has joined
  4. carlos has joined
  5. carlos has joined
  6. carlos has left
  7. vanitasvitae has left
  8. andrey.utkin has joined
  9. carlos has joined
  10. tyler has left
  11. andrey.utkin has left
  12. andrey.utkin has joined
  13. vanitasvitae has left
  14. vanitasvitae has joined
  15. mrDoctorWho has joined
  16. kmq has left
  17. kmq has left
  18. kmq has left
  19. andrey.utkin has joined
  20. mrDoctorWho has left
  21. holger has left
  22. vanitasvitae has left
  23. vanitasvitae has joined
  24. mrDoctorWho has left
  25. mrDoctorWho has left
  26. Maranda has joined
  27. ivucica has left
  28. tyler has joined
  29. kmq has joined
  30. Neustradamus has left
  31. yon has left
  32. yon has left
  33. holger has joined
  34. kmq has left
  35. info-screen has joined
  36. yon has left
  37. Licaon_Kter has left
  38. Licaon_Kter has joined
  39. ibikk has joined
  40. qwertz has joined
  41. kmq has left
  42. (-: has joined
  43. ibikk has joined
  44. mike has left
  45. yon has left
  46. kmq has left
  47. kmq has left
  48. Licaon_Kter has left
  49. marc0s has left
  50. qwertz has left
  51. lorddavidiii has left
  52. lorddavidiii has joined
  53. Licaon_Kter has joined
  54. kmq has joined
  55. holger has left
  56. blabla has left
  57. fp-tester has left
  58. fp-tester has joined
  59. yon has left
  60. Licaon_Kter has left
  61. kmq has left
  62. geofferey has left
  63. kmq has joined
  64. kmq has left
  65. kmq has joined
  66. probably has left
  67. probably has joined
  68. Maranda has solved that issue long ago.
  69. Maranda rate == still 0.
  70. info-screen has joined
  71. pep. has left
  72. blabla has joined
  73. Ge0rG Maranda: you solved Jabber spam?
  74. edhelas he disabled s2s
  75. Maranda Ge0rG, I'm not sure how appropriate that "solved" acceptation is, but receive rate is 0, it doesn't manage to get through.
  76. Ge0rG Maranda: there are two relevant metrics in a filter, false acceptance rate and false rejection rate. The former is 0, which is good, but what about the latter?
  77. Maranda edhelas dunno about you, you may need to do that, but I'm reknowingly a tid smarter than a monkey ;)
  78. yon has left
  79. Maranda Ge0rG, it's 0.
  80. Ge0rG Maranda: you have a spam filter that doesn't block any legitimate messages, but all spam? You should be a billionnaire by now.
  81. edhelas maybe he's the one generating all this spam 🤔
  82. Maranda Ge0rG, I should? Good to know.
  83. Maranda edhelas, maybe you should just focus on getting Movim to work decently on all platform instead of making stupid statements ;).
  84. Ge0rG Maranda: you can rent your spam filter out, to desperate people like me, who maintain complex spam filter lists and still end up with dozens of false positives every day
  85. Ge0rG Maranda: maybe edhelas is not the one making stupid statements ;)
  86. Maranda He for sure is Ge0rG, but that's the late fashion, pick every statement Maranda makes for how truthful it may be isn't it?
  87. Maranda Alas like what I use and its concept wasn't published and available already.
  88. Ge0rG Maranda: see, I'm doing some work on blocking XMPP spam, and I have a feeling for the complexity and the trade-offs, and there is no 100% solution to it.
  89. Maranda Ge0rG, currently there's a 100% solution for it as bots on XMPP are very dumb, the fact that you or your users may not like the trade-offs for it is *yet* another matter.
  90. Ge0rG Maranda: so either your solution is not generally applicable or you must be cheating your numbers.
  91. Ge0rG yes, the bots are dumb.
  92. Ge0rG At least most of them.
  93. Ge0rG Maranda: so where can I read up on your solution?
  94. Maranda If I use it on lightwitch.org it's very applicable
  95. Maranda just look at mod_spim_block Ge0rG it's no secret or rocket science, and I don't see why I should cheat on numbers if I say it reduced my spim rate (lightwitch.org's) to 0 why should I be lying? The only complaint you could make is that my numbers are a bit limited to make a valid sample, not that I'm cheating on 'em.
  96. Ge0rG Maranda: is there documentation for how mod_spim_block works?
  97. Ge0rG Maranda: I'm not saying you cheat on the false negative rate, I'm saying you cheat on the false positive rate.
  98. Ge0rG How many people don't see the spim blacklist bounce? Or don't bother jumping through the hoops?
  99. Ge0rG Maranda: if you block s2s on excessive spim, how do you know that no legitimate users on that blocked server want to talk to your users?
  100. Ge0rG all of that goes into the false positive rate.
  101. Maranda Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban hit of 1h, I have a rather large allowance for spim hits (and you could disable that)
  102. Maranda Ge0rG but that "didn't" currently happen on lightwitch.org...? ;) that's a 95% presumption but spim only source triggers the ban for 1h, I have a rather large allowance for spim hits (and you could disable that)
  103. Ge0rG Maranda: so you don't know.
  104. Ge0rG Maranda: so you don't know for sure.
  105. Maranda 100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. they're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.
  106. Maranda 100% I can't if a ban triggers Ge0rG, I can only make an assumption on what gets banned the servers involved and the number I can gather from logs (in conformance with my privacy policy), but since it's months and months of data. They're very accurate, I sort of know the rate of remote messaging traffic and to which servers they usually go and come from on my *small* server. And when I see spim originating from a remote server which usually carries legit traffic I can act accordingly.
  107. Ge0rG Maranda: all I wanted to say is that your solution isn't perfect either.
  108. Ge0rG it's just making different trade-offs.
  109. Maranda Ge0rG, I never said it is, I said that the rate I get is 0, if you want I can change that the false positive is *very likely* 0 but that doesn't change the fact that if you disabled the s2s ban that would really turn into 0.
  110. Maranda at least for the moment.
  111. Maranda and for the area of coverage of mod_spim_block.
  112. Ge0rG Maranda: the false positive rate is about legitimate messages blocked as spam. So disabling s2s would turn that to 100%
  113. Maranda erm "how disabling the s2s ban" equates to "disabling s2s" Ge0rG..?
  114. Ge0rG oh, sorry. Misread you on that.
  115. Ge0rG Maranda: you need to also account for all the legitimate remote users who tried to contact one of your users, got rejected and gave up at that moment.
  116. Ge0rG or didn't manage to click the link / do the captcha / whatever you have there.
  117. Ge0rG or didn't receive the error.
  118. vanitasvitae has left
  119. vanitasvitae has joined
  120. Maranda Ge0rG, the server will send a readable message with instructions to the user, if I have to take in account for "literal monkeys" or people not willing to solve the challenge then that number can never be zero, but that's stupid imho, I made it so that even as annoying as it may be humans will always be able to solve the challenge.
  121. Ge0rG Maranda: I'd like to test that, what do I need to do?
  122. Ge0rG Maranda: will it be triggered by a subscription request or a message? do you have a JID I can test it on?
  123. Maranda send me a message or presence sub to maranda@lightwitch.org
  124. Ge0rG > Greetings, this is the lightwitch.org server before sending a message or presence subscription to this user, please visit https://meaveen.lightwitch.org/spim/ and input the following code in the form: jB6v1S/+rm/GklakBaPHvcYX7Rg= Is that a one or an L?
  125. Ge0rG Maranda: so you just lost all people who don't know how to copy&paste base64 blobs. Also people using a client without partial copy&paste
  126. Maranda do you want me to add "copy & paste", I wondering are you just arguing for the heck of it :P?
  127. Ge0rG > What's the result of the following operation, 3 multiplicated by 21: Also rather high requirements on math skills
  128. Ge0rG Maranda: I'm saying that what you've made is a nerd filter
  129. Maranda Ge0rG, high requirements :P?
  130. Ge0rG Maranda: multiplication of numbers >10 is a high requirement, unfortunately
  131. Maranda Ge0rG, tbh the only high requirement I knew of was division or any value not addition, subtraction, multiplication of upto 2 digits values
  132. Maranda Ge0rG, tbh the only high requirement I knew of was division of any value not addition, subtraction, multiplication of upto 2 digits values
  133. Ge0rG Maranda: you could at least put the token into the URL parameter and let the user only fill out the math.
  134. Ge0rG Maranda: you also lost everybody who doesn't speak english
  135. Maranda Ge0rG, that removes a step, so it's not possible.
  136. Ge0rG Maranda: it removes what step?
  137. Maranda Ge0rG, challenge step, not that it's really a step but it's enough for most dumb XMPP bots, and xmpp spammers currently do not wish to add a custom parser for my challenges apparently (except some russians who did after like a year or so)
  138. Ge0rG Maranda: it remains a nerd filter, not a spam filter.
  139. Maranda Ge0rG, whatever.
  140. Ge0rG Maranda: does the filter apply if you contact me first and I respond?
  141. Marzanna has left
  142. Maranda Ge0rG, if I send you a message you get whitelisted automatically
  143. Ge0rG Maranda: also if you send a subscription request?
  144. Maranda Hmm only a subscription no, but usually I noticed most clients sending a message together with the subscription so in that case it's covered.
  145. Ge0rG Maranda: it's generally a good idea, but I think you are not hitting the right usability trade-off.
  146. Maranda I guess that's a bug.
  147. Ge0rG Maranda: if I were to implement it, I'd use a URL with a token parameter (no need to copy-paste), maybe even skip out the math filter, just "click here to unlock", and maybe do some User-Agent / IP testing
  148. Maranda Ge0rG, my users are satisfied with the "nerd filter", I got some complaints here and there but by most they all satisfied by not getting SPIM.
  149. Ge0rG and I'd only apply the filter on bad-reputation domains and messages with suspected spam content.
  150. Ge0rG Maranda: because they don't know anything better :P
  151. Maranda Ge0rG, possibly, but there're no tools, like a centralised bad reputantion domain/ip list mantained by the XSF. So I offer what I can and have the time to mantain the offer of.
  152. Ge0rG I'm automatically blocking almost all incoming spam (plus some legitimate traffic) without legitimate users needing to do anything
  153. Ge0rG Maranda: https://github.com/ge0rg/jabber-spam-fighting-manifesto/blob/blacklist/blacklist.md
  154. Maranda ... ;)
  155. Ge0rG Maranda: ??? ;)
  156. Maranda (empty)
  157. Maranda :P
  158. Ge0rG Maranda: the list? yeah.
  159. Ge0rG Maranda: still polishing the rules.
  160. Ge0rG Maranda: also reporting abuse to server admins is real work™
  161. Ge0rG Maranda: I'd be glad if you would like to participate in that effort
  162. yon has left
  163. yon has left
  164. Maranda Ge0rG, if it's not too time taking to partecipate, like sending a PR everytime (e.g. like having a proper RESTful API for submission, checking)
  165. Ge0rG Maranda: we've got an internal ticket system to track progress when talking to ISPs
  166. Maranda Ge0rG, yes but I meant the *how to submit entries* before they're evaluated, *I'd* like to do that automatically after x violations rather than having to do manual aggregation and then sending.
  167. andrey.utkin has joined
  168. Ge0rG Maranda: how to submit entries to the blacklist? That needs to be manual.
  169. Maranda I mean that's how it mostly (without the evaluation part) work with the e-mail blacklists.
  170. Ge0rG Maranda: so you volunteer to develop the required tooling?
  171. yon has left
  172. yon has left
  173. Maranda Ge0rG, I barely have time and will for Metronome atm, so I guess that gives you a hint :P
  174. yon has left
  175. yon has left
  176. yon has left
  177. yon has left
  178. yon has left
  179. Maranda ‎[11:27:05] ‎Ge0rG‎: Maranda: also if you send a subscription request? --> nm, also if a contact is pending that's covered.
  180. yon has left
  181. geofferey has left
  182. yon has left
  183. valo has left
  184. valo has joined
  185. yon has left
  186. yon has left
  187. holger has joined
  188. kmq has joined
  189. yon has left
  190. yon has left
  191. css has joined
  192. yon has left
  193. mike has left
  194. mike has joined
  195. yon has left
  196. blabla has left
  197. blabla has joined
  198. yon has left
  199. yon has left
  200. yon has left
  201. (-: has left
  202. mightyBroccoli has left
  203. mightyBroccoli has joined
  204. yon has left
  205. Ge0rG Maranda: it would be great to have all that written in the docs for that module.
  206. Ge0rG Maranda: and if you insist on copy&pasting tokens, please encode the JID or a hash of it or some other token into the URL and reduce the thing that actually needs to be typed / copy-pasted to six digits numeric
  207. Maranda Documentation is yet time dependant and also english skills dependant. Two things I'm not very proficent on.
  208. Maranda has joined
  209. Maranda Ge0rG: I could though change digest method / reduce entropy fetched to make the token shorter.
  210. Ge0rG generate TOTP tokens!
  211. yon has left
  212. yon has left
  213. yon has left
  214. yon has left
  215. yon has left
  216. ivucica has joined
  217. yon has left
  218. mightyBroccoli has left
  219. andrey.utkin has joined
  220. mightyBroccoli has joined
  221. yon has left
  222. ivucica has joined
  223. Maranda TOTP is a bit too much hassle to do correctly, safely and avoiding collisions for what I'm doing for now
  224. Ge0rG I'm just saying.
  225. Maranda Ge0rG, but I can reduce the token to 12 characters and make it use uppercase letters only without issues (on uniqueness and collisions also)
  226. Maranda just tested.
  227. Ge0rG Maranda: you could just append it to the URL.
  228. Ge0rG with only uppercase letters, you probably also get rid of the 1/l/I issue.
  229. yon has left
  230. yon has left
  231. css has joined
  232. ivucica has joined
  233. mightyBroccoli has left
  234. SamWhited has left
  235. SamWhited has joined
  236. css has left
  237. kmq has joined
  238. kmq has left
  239. Maranda has joined
  240. (-: has joined
  241. css has joined
  242. holger has left
  243. holger has joined
  244. marc0s has left
  245. yon has left
  246. yon has left
  247. Neustradamus A new server: deshalbfrei.org
  248. holger has left
  249. holger has joined
  250. Ge0rG Neustradamus: reported to the owner
  251. ivucica has left
  252. ivucica has joined
  253. ivucica has left
  254. ivucica has joined
  255. ivucica has left
  256. ivucica has joined
  257. ivucica has left
  258. jjrh has left
  259. ivucica has joined
  260. Holger has left
  261. yon has left
  262. yon has left
  263. ThibG has joined
  264. jjrh has left
  265. Holger has left
  266. jjrh has left
  267. Martin has joined
  268. yon has left
  269. kmq has left
  270. peter has joined
  271. tyler has joined
  272. vanitasvitae has left
  273. vanitasvitae has joined
  274. tyler has joined
  275. kmq has left
  276. kmq has left
  277. kmq has left
  278. kmq has left
  279. tyler has left
  280. tyler has joined
  281. Licaon_Kter has joined
  282. ThibG has left
  283. ThibG has joined
  284. pod has left
  285. Licaon_Kter has left
  286. vanitasvitae has left
  287. vanitasvitae has joined
  288. Licaon_Kter has joined
  289. Holger has left
  290. marc0s has joined
  291. Brandensittich has joined
  292. ThibG has left
  293. ThibG has joined
  294. Brandensittich has left
  295. mimi89999 has left
  296. mimi89999 has left
  297. vanitasvitae has left
  298. ThibG has joined
  299. ThibG has joined
  300. holger has left
  301. holger has joined
  302. Maranda has joined
  303. holger has left
  304. fp-tester has left
  305. marc0s has left
  306. fp-tester has joined
  307. holger has joined
  308. probably has left
  309. probably has joined
  310. mightyBroccoli has left
  311. mightyBroccoli has left
  312. ibikk has joined
  313. 404.city has joined
  314. 404.city has left
  315. kmq has joined
  316. probably has left
  317. probably has joined
  318. probably has left
  319. probably has joined
  320. probably has left
  321. probably has joined
  322. pep. has left
  323. pep. has left
  324. Neustradamus A good news: https://twitter.com/neustradamus/status/1065328474922061825
  325. peter has left
  326. blabla has left
  327. Odin has left
  328. Odin has joined
  329. peter has joined
  330. (-: has left
  331. Maranda @uptime lightwitch.org
  332. Echo1 Maranda: lightwitch.org has been running for 13 days, 21 hours and 26 minutes
  333. Licaon_Kter Neustradamus: you da bot :))
  334. Maranda has left
  335. fp-tester has joined
  336. SamWhited has left
  337. info-screen has left
  338. seantodd has joined
  339. css has joined
  340. Maranda has left
  341. ivucica has joined
  342. Maranda has left
  343. Licaon_Kter Neustradamus: do the PEP changes mean that Daniel's omemo_all_access is integrated?
  344. Link Mauve Licaon_Kter, it was a hack, and is not needed anymore.
  345. Licaon_Kter Link Mauve: great
  346. mightyBroccoli has left
  347. Holger has left
  348. css has left
  349. Martin has left
  350. Holger has left
  351. probably has left
  352. probably has joined
  353. ThibG has left
  354. probably has left
  355. ThibG has joined
  356. probably has joined
  357. probably has left
  358. probably has joined
  359. probably has left
  360. probably has joined
  361. naw has joined
  362. lorddavidiii has left
  363. probably has left
  364. probably has joined
  365. holger has left
  366. ibikk has joined
  367. ibikk has joined
  368. peter has left
  369. tyler has left
  370. tyler has joined
  371. ThibG has left
  372. tyler has left
  373. carlos has joined
  374. carlos has joined
  375. vanitasvitae has left
  376. andrey.utkin has joined
  377. tyler has joined
  378. jjrh has left
  379. jjrh has left
  380. ibikk has joined
  381. naw has left
  382. fp-tester has joined
  383. css has left
  384. blabla has joined
  385. fp-tester has left
  386. tyler has left
  387. fp-tester has joined
  388. pod has left
  389. blabla has left
  390. tyler has joined
  391. jjrh has left
  392. Licaon_Kter has left
  393. mightyBroccoli has left
  394. mightyBroccoli has joined
  395. kmq has joined
  396. Licaon_Kter has joined