krypticis this where i can come to learn about hostiing an xmpp server?
kryptichas left
maineshas left
madmalkavhas left
sakhmatdhas left
stpeterhas joined
sakhmatdhas joined
Ellenor MalikYeah sure
stpeterhas left
SouLhas left
maineshas joined
Viktor Lindberghas left
Viktor Lindberghas joined
andrey.utkinhas joined
brilliancehas joined
karimhas left
seandreashas left
seandreashas joined
stpeterhas joined
lobodelrayohas left
tomhas left
tomhas joined
stpeterhas left
stpeterhas joined
Melhas left
Melhas joined
stpeterhas left
dropshas left
dropshas joined
sonnyhas left
sonnyhas joined
stpeterhas joined
maineshas left
stpeterhas left
maineshas joined
andrey.utkinhas left
holgerhas joined
derventiohas joined
SouLhas joined
podhas joined
maineshas left
insanityhas joined
Huxxhas joined
insanityhas left
jayteeukhas left
jayteeukhas joined
ibikkhas joined
sonnyhas left
sonnyhas joined
insanityhas joined
Licaon_Kterhas joined
maineshas joined
stpeterhas joined
Pingu from Woodquarterhas joined
jayteeukhas left
jayteeukhas joined
perflysthas joined
Melhas left
stpeterhas left
maineshas left
Melhas joined
kryptichas joined
perflysthas left
maineshas joined
Marandahas left
kryptichas left
maineshas left
maineshas joined
kryptichas joined
kryptichas left
Marandahas joined
madmalkavhas joined
kryptichas joined
solhas joined
Beherithas left
Beherithas joined
kryptichas left
kryptichas joined
colochonhas joined
kryptichas left
kryptichas joined
kryptichas left
Vaughanhas left
kryptichas joined
Licaon_Kterhas left
10rokitahas joined
stpeterhas joined
kryptichas left
kryptichas joined
derventiohas left
derventiohas joined
derventiohas left
karimhas joined
stpeterhas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
ahas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
ahas joined
Marandahas left
Marandahas joined
dropshas left
dropshas joined
kryptichas left
kryptichas joined
vu764hd68fxthas joined
insanityhas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
dropshas left
abidal3has left
Viktor Lindberghas left
Viktor Lindberghas joined
ahas left
ibikkhas left
kryptichas left
kryptichas joined
ahas joined
vaughanhas joined
kryptichas left
kryptichas joined
Marandahas left
Marandahas joined
edhelashas left
edhelashas joined
kryptichas left
kryptichas joined
Nils (10rokita)has left
Nils (10rokita)has joined
Nils (10rokita)has left
Nils (10rokita)has joined
Nils (10rokita)has left
Nils (10rokita)has joined
kryptichas left
kryptichas joined
vaughanhas left
vaughanhas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
robertooohas left
robertooohas joined
mikeThere are worse places you could have come to, for sure.
mehdihas joined
Ge0rGkryptic: don't run a public xmpp server.
krypticGe0rG: what do you mean?
Lilyhas left
adon't run a public XMPP server, destroy the federation
tomWhy not? Spam?
jonas’kryptic, do not run an XMPP server with open registration.
jonas’but of course, you should federate :)
SouLhas left
mikeOr do run one if you're really feeling the call, but be aware of what you're in for.
Lilyhas joined
ado not run an XMPP server with open registration, destroy the accessibility
SouLhas joined
brilliancehas left
jonas’mike, that, exactly
jonas’if you are deterred by a person saying "don’t" then you probably are not up for it :)
jonas’(and if you don’t ask "why", then we already know we need to be on the watch for a new spam source)
mikeheh yeah
jonas’however, I agree that the term "public" is ambiguous and may be taken as referring to federation
Ge0rGa: I run a server with IBR, and I have deleted tens thousands of spam accounts.
tomTens of thousands!?
mikethat's not hard to rack up.
Ge0rGtom: yes
aon the other hand, spam problem is easily mitigated on the receiver server's side
abut that is very hard
asince you have to enable additional plugin in the configuration
tomHow?
tomAre there guides on metigating xmpp spam like there is for smtp?
DjangoTens of thousands sounds like a lot of work?
jonas’Django, hence he goes around and tell everyone to not do it ;)
jonas’(unless they know what they’re in for)
krypticGe0rG: I wanted a private one, not public
DjangoAnd I guess not taking care of spam accounts might lead to other servers stopping federating with me?
atom: mod_block_strangers exists for ejabberd, for example
mikespam detection is easy - just need one rule. did user send a contact request followed by "privet!"? block, done. 😀
tomThat's not a real solution
anice piece of xenophobia
tomThat's a reactionary response
acongratulations
jonas’a, mod_block_strangers is an excellent example of breaking accessibility :)
mikeit's a joke. it's an extremely common bot.
jonas’Django, yes: see https://github.com/JabberSPAM/blacklist and https://github.com/JabberSPAM/jabber-spam-fighting-manifesto
mikeI noticed the last wave was mixing up the greeting now though
tomA, block_strangers is the nuclear option
jonas’Django, but you’ll receive a gentle warning first, if we find a way to contact you ;)
stpeterhas joined
mikeblocking strangers is something best left as a per-user pref, honestly.
tomI tell people not to make an account on 404.city because of that
jonas’mike, agreed
ajonas’: if you have better ideas or suggestions, you are very welcome to contribute to some open source project. ejabberd awaits.
just introducing more hurdles to mitigate spam is a lazy man's approach
jonas’a, :-)
jonas’a, emitting servers should handle the spam, not receiving.
jonas’and if they can’t, they should close IBR
ibikkhas joined
jonas’and if they don’t, they’ll be stopped from federating.
asays who?
jonas’I do
jonas’and a few others do, too, see that manifesto
athanks for your opinion
jonas’a, you’re welcome! I’m glad you like to hear it!
anever seen this manifesto
jonas’it was sent to various mailing lists I think
jonas’back when it was started
Djangojonas’: thanks, my server is private, but this is very interesting should I consider creating a public one. But since legislation in the EU does not promise a great future for communication service providers, I might abstain from this idea anyway.
Ge0rGDjango: I'm not sure what part of EU legislation you see as problematic
tomDjango: mod_darknet
Ge0rGmaybe the part about not spying on your users?
tomIf your local regulation sucks just install mod_darknet
Ge0rGtom: rent a box in the CyberBunker?
tomNo
tomTor and I2P is enough
jonas’talk about accessiblity, eh?
tomRegarding spam though, is there anything more nuanced than an XMPP equivalent of RBLs
tomLike is there an xmpp spamassasin?
Ge0rGtom: XMPP spam is like the first generation of email spam, can be filtered by simple pattern matching
tomDcc (distributed checksum clearinghouse)
tomOh
tomIn that case I think a DCC would be very helpful
tomWe can share fuzzy-hashes automaticity and block if we spot too many of the same showing up across the world
Beherithas left
tomhttps://www.rhyolite.com/dcc/
Ge0rGtom: you'll end up blocking all short greetings and emoji responses
vanitasvitaeI was about to say
vanitasvitae"Hi" would be blocked pretty soon 😛
tomHi isn't blocked in email
vanitasvitaeyou'd probably have to limit this to longer messages
jonas’longer messages are practically gone now
jonas’those are dealt with
jonas’the current fun part is subscription request + one-line greeting
vanitasvitaeis that so?
jonas’it is so
tomOh those are annoying
vanitasvitaethe spam that I receive is mostly ~30 lines or so
vanitasvitaebut I use a personal server, so I probably only receive a limited subset of all the spam 😀
vanitasvitaejonas’, never received something of that sort *knock on wood*
jonas’vanitasvitae, I get it occasionally.
tomAre just thought those are people with very buggy clients that kept re-sending
vanitasvitaeI rarely get subscriptions without any text
jonas’tom, nope, once you react you get a wall of spam
tomBecause i don't accept rosters from people i don't know
jonas’which is then not filtered by some filters because you have a roster subscription ...
tomWould it make sense to make a proof-of-work XEP?
Ge0rGtom: no
tomLike we have a captcha xep
Melhas left
Melhas joined
kikuchiyohas joined
kikuchiyohas left
Beherithas joined
kikuchiyohas joined
kikuchiyohas left
jonas’https://craphound.com/spamsolutions.txt
/me ticks:
[x] technical
[x] It will stop spam for two weeks and then we'll be stuck with it
[x] Extreme profitability of spam
[x] Sending xmpp messages should be free
[x] Sorry dude, but I don't think it would work.
jonas’plus my custom: Mobile users will kill you for that
tom https://upload.nuegia.net/ceb50d7f-dda6-46cd-abf8-d519a8504959/censorshipbill.jpeg
kikuchiyohas joined
kikuchiyohas left
stpeterhas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kryptichas left
ahas left
Beherithas left
mehdihas left
Melhas left
mehdihas joined
Melhas joined
Beherithas joined
Beherithas left
brilliancehas joined
ahas joined
mehdihas left
Beherithas joined
Vaughanhas joined
tomjonas’:
yes it's a technical solution to a technical problem
not if you use a memory access heavy hash like Argon2id so that ASICs and FPGAs can't be used leveling the playing field. We learned a lot of bitcoin & friends
it hopefully will be too costly the do all the proof of work to setup messages to random people than the reword for mass spamming
why wouldn't it be? If your on xmpp you got a computer of some kind
care to elaborate on that?
If you only did it to setup connections between new people or first time joining a muc I don't think they would care
insanityhas joined
ksuxat.has joined
Ge0rGtom: PoW is much cheaper at scale than on individual systems. Any kind of PoW that works on my smartphone so that I can send a message to my GF will be ridiculously cheap for spammers, especially if they use botnets to outsource the hashing to infected PCs
mehdihas joined
vaughanhas left
DjangoGe0rG: sorry, this is the document I actually meant https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/20200724_com-2020-607-commission-communication_en.pdf
tomI think it'd still be useful when used in combination with other techniques
tomJust like how spamass workds
Ge0rGDjango: yes, the paranoid police nazis are asking for this shit all the time; so far we were able to avert the worst things
DjangoI remember the ripe meeting were Europol wanted direct access to customer data and got 'get a fucking warrant' as response.
colochonhas left
Django I just hope, that we will be able to avoid this in the future as well.
404.city> tom: I tell people not to make an account on 404.city because of that
If you think spam is the only XMPP problem you are greatly mistaken. There is still a lot of flood abuse. I think you have never received a flood attack, since you offer do not value protection from this.
tomNo, I do not receive floods (yet)
perflysthas joined
404.cityA flood attack is when you receive millions of messages from thousands of strangers
tomWhy don't you think a PoW would prevent that?
tom*metigate
tomIf they are strangers to you, then each stranger would have to compute a challenge first
tomThere is a similar thing in email where new combinations of receivers and senders are differed to 'try again later' as legit senders will try to send later but spammers won't
Beherithas left
tomAll within spek
ruetyhas left
Beherithas joined
404.cityIf the server allows you to receive a message without approving the subscription, then you can flood the user with the message until the client fails.
404.cityhas left
Beherithas left
Beherithas joined
aseems like mod_block_strangers is incredibly useful nowadays
HolgerMaybe as a workaround to cope with emergency until you have a better solution. It breaks legitimate communication.
Pingu from Woodquarterhas left
maineshas left
maineshas joined
Beherithas left
brilliancehas joined
ksuxat.has joined
aexactly. a better standardized solution is vitally needed. we just cannot rely on all servers to use this mod. most are even unaware of its existence I guess
Beherithas joined
seandreashas joined
brilliancehas left
ajeremiashas left
insanityhas left
perflysthas left
Licaon_Ktera: not unaware, just that it makes onboarding new users a pain :((
awell, in all honesty, I don't see entering a captcha a too painful process... but yeah, it could be a lot better if you just enter JID of recipient and start talking. like in the good old days
insanityhas joined
ajeremiashas joined
Licaon_Ktera: in theory not hard, in practice I had to reach you and point you to this room when someone tried to contact you because the damn captcha somehow failed....
afair point
abut I can only pray that someone eventually comes up with a better solution
Licaon_KterTrue
athe lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and register roll out new features, but it somehow it's still not enough
athe lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and roll out new features, but it somehow it's still not enough
athe lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and roll out new features, but somehow it's still not enough
Licaon_KterThat's just one server and one client on one platform, we need an least one *dedicated* dev for each or the others...
Licaon_Kter...if we think the XEPs are perfect I mean, if not...
athe big companies like Slack and Google are just ripping XMPP off and run away without giving anything back
Licaon_KterSlack has no xmpp
Maybe Whatsapp or Google indeed
Maybe Zoom, JitsiMeet
aI heard Slack started as an XMPP client
aXEPs are great in practice, PEPs in Python work great. but I feel there are not a lot of people pushing XEPs forward
aXEPs are great in theory, PEPs in Python work great. but I feel there are not a lot of people pushing XEPs forward