is this where i can come to learn about hostiing an xmpp server?
kryptichas left
maineshas left
madmalkavhas left
sakhmatdhas left
stpeterhas joined
sakhmatdhas joined
Ellenor Malik
Yeah sure
stpeterhas left
SouLhas left
maineshas joined
Viktor Lindberghas left
Viktor Lindberghas joined
andrey.utkinhas joined
brilliancehas joined
karimhas left
seandreashas left
seandreashas joined
stpeterhas joined
lobodelrayohas left
tomhas left
tomhas joined
stpeterhas left
stpeterhas joined
Melhas left
Melhas joined
stpeterhas left
dropshas left
dropshas joined
sonnyhas left
sonnyhas joined
stpeterhas joined
maineshas left
stpeterhas left
maineshas joined
andrey.utkinhas left
holgerhas joined
derventiohas joined
SouLhas joined
podhas joined
maineshas left
insanityhas joined
Huxxhas joined
insanityhas left
jayteeukhas left
jayteeukhas joined
ibikkhas joined
sonnyhas left
sonnyhas joined
insanityhas joined
Licaon_Kterhas joined
maineshas joined
stpeterhas joined
Pingu from Woodquarterhas joined
jayteeukhas left
jayteeukhas joined
perflysthas joined
Melhas left
stpeterhas left
maineshas left
Melhas joined
kryptichas joined
perflysthas left
maineshas joined
Marandahas left
kryptichas left
maineshas left
maineshas joined
kryptichas joined
kryptichas left
Marandahas joined
madmalkavhas joined
kryptichas joined
solhas joined
Beherithas left
Beherithas joined
kryptichas left
kryptichas joined
colochonhas joined
kryptichas left
kryptichas joined
kryptichas left
Vaughanhas left
kryptichas joined
Licaon_Kterhas left
10rokitahas joined
stpeterhas joined
kryptichas left
kryptichas joined
derventiohas left
derventiohas joined
derventiohas left
karimhas joined
stpeterhas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
ahas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
ahas joined
Marandahas left
Marandahas joined
dropshas left
dropshas joined
kryptichas left
kryptichas joined
vu764hd68fxthas joined
insanityhas left
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
dropshas left
abidal3has left
Viktor Lindberghas left
Viktor Lindberghas joined
ahas left
ibikkhas left
kryptichas left
kryptichas joined
ahas joined
vaughanhas joined
kryptichas left
kryptichas joined
Marandahas left
Marandahas joined
edhelashas left
edhelashas joined
kryptichas left
kryptichas joined
Nils (10rokita)has left
Nils (10rokita)has joined
Nils (10rokita)has left
Nils (10rokita)has joined
Nils (10rokita)has left
Nils (10rokita)has joined
kryptichas left
kryptichas joined
vaughanhas left
vaughanhas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
kryptichas left
kryptichas joined
robertooohas left
robertooohas joined
mike
There are worse places you could have come to, for sure.
mehdihas joined
Ge0rG
kryptic: don't run a public xmpp server.
kryptic
Ge0rG: what do you mean?
Lilyhas left
a
don't run a public XMPP server, destroy the federation
tom
Why not? Spam?
jonas’
kryptic, do not run an XMPP server with open registration.
jonas’
but of course, you should federate :)
SouLhas left
mike
Or do run one if you're really feeling the call, but be aware of what you're in for.
Lilyhas joined
a
do not run an XMPP server with open registration, destroy the accessibility
SouLhas joined
brilliancehas left
jonas’
mike, that, exactly
jonas’
if you are deterred by a person saying "don’t" then you probably are not up for it :)
jonas’
(and if you don’t ask "why", then we already know we need to be on the watch for a new spam source)
mike
heh yeah
jonas’
however, I agree that the term "public" is ambiguous and may be taken as referring to federation
Ge0rG
a: I run a server with IBR, and I have deleted tens thousands of spam accounts.
tom
Tens of thousands!?
mike
that's not hard to rack up.
Ge0rG
tom: yes
a
on the other hand, spam problem is easily mitigated on the receiver server's side
a
but that is very hard
a
since you have to enable additional plugin in the configuration
tom
How?
tom
Are there guides on metigating xmpp spam like there is for smtp?
Django
Tens of thousands sounds like a lot of work?
jonas’
Django, hence he goes around and tell everyone to not do it ;)
jonas’
(unless they know what they’re in for)
kryptic
Ge0rG: I wanted a private one, not public
Django
And I guess not taking care of spam accounts might lead to other servers stopping federating with me?
a
tom: mod_block_strangers exists for ejabberd, for example
mike
spam detection is easy - just need one rule. did user send a contact request followed by "privet!"? block, done. 😀
tom
That's not a real solution
a
nice piece of xenophobia
tom
That's a reactionary response
a
congratulations
jonas’
a, mod_block_strangers is an excellent example of breaking accessibility :)
mike
it's a joke. it's an extremely common bot.
jonas’
Django, yes: see https://github.com/JabberSPAM/blacklist and https://github.com/JabberSPAM/jabber-spam-fighting-manifesto
mike
I noticed the last wave was mixing up the greeting now though
tom
A, block_strangers is the nuclear option
jonas’
Django, but you’ll receive a gentle warning first, if we find a way to contact you ;)
stpeterhas joined
mike
blocking strangers is something best left as a per-user pref, honestly.
tom
I tell people not to make an account on 404.city because of that
jonas’
mike, agreed
a
jonas’: if you have better ideas or suggestions, you are very welcome to contribute to some open source project. ejabberd awaits.
just introducing more hurdles to mitigate spam is a lazy man's approach
jonas’
a, :-)
jonas’
a, emitting servers should handle the spam, not receiving.
jonas’
and if they can’t, they should close IBR
ibikkhas joined
jonas’
and if they don’t, they’ll be stopped from federating.
a
says who?
jonas’
I do
jonas’
and a few others do, too, see that manifesto
a
thanks for your opinion
jonas’
a, you’re welcome! I’m glad you like to hear it!
a
never seen this manifesto
jonas’
it was sent to various mailing lists I think
jonas’
back when it was started
Django
jonas’: thanks, my server is private, but this is very interesting should I consider creating a public one. But since legislation in the EU does not promise a great future for communication service providers, I might abstain from this idea anyway.
Ge0rG
Django: I'm not sure what part of EU legislation you see as problematic
tom
Django: mod_darknet
Ge0rG
maybe the part about not spying on your users?
tom
If your local regulation sucks just install mod_darknet
Ge0rG
tom: rent a box in the CyberBunker?
tom
No
tom
Tor and I2P is enough
jonas’
talk about accessiblity, eh?
tom
Regarding spam though, is there anything more nuanced than an XMPP equivalent of RBLs
tom
Like is there an xmpp spamassasin?
Ge0rG
tom: XMPP spam is like the first generation of email spam, can be filtered by simple pattern matching
tom
Dcc (distributed checksum clearinghouse)
tom
Oh
tom
In that case I think a DCC would be very helpful
tom
We can share fuzzy-hashes automaticity and block if we spot too many of the same showing up across the world
Beherithas left
tom
https://www.rhyolite.com/dcc/
Ge0rG
tom: you'll end up blocking all short greetings and emoji responses
vanitasvitae
I was about to say
vanitasvitae
"Hi" would be blocked pretty soon 😛
tom
Hi isn't blocked in email
vanitasvitae
you'd probably have to limit this to longer messages
jonas’
longer messages are practically gone now
jonas’
those are dealt with
jonas’
the current fun part is subscription request + one-line greeting
vanitasvitae
is that so?
jonas’
it is so
tom
Oh those are annoying
vanitasvitae
the spam that I receive is mostly ~30 lines or so
vanitasvitae
but I use a personal server, so I probably only receive a limited subset of all the spam 😀
vanitasvitae
jonas’, never received something of that sort *knock on wood*
jonas’
vanitasvitae, I get it occasionally.
tom
Are just thought those are people with very buggy clients that kept re-sending
vanitasvitae
I rarely get subscriptions without any text
jonas’
tom, nope, once you react you get a wall of spam
tom
Because i don't accept rosters from people i don't know
jonas’
which is then not filtered by some filters because you have a roster subscription ...
tom
Would it make sense to make a proof-of-work XEP?
Ge0rG
tom: no
tom
Like we have a captcha xep
Melhas left
Melhas joined
kikuchiyohas joined
kikuchiyohas left
Beherithas joined
kikuchiyohas joined
kikuchiyohas left
jonas’
https://craphound.com/spamsolutions.txt
/me ticks:
[x] technical
[x] It will stop spam for two weeks and then we'll be stuck with it
[x] Extreme profitability of spam
[x] Sending xmpp messages should be free
[x] Sorry dude, but I don't think it would work.
jonas’
plus my custom: Mobile users will kill you for that
jonas’:
yes it's a technical solution to a technical problem
not if you use a memory access heavy hash like Argon2id so that ASICs and FPGAs can't be used leveling the playing field. We learned a lot of bitcoin & friends
it hopefully will be too costly the do all the proof of work to setup messages to random people than the reword for mass spamming
why wouldn't it be? If your on xmpp you got a computer of some kind
care to elaborate on that?
If you only did it to setup connections between new people or first time joining a muc I don't think they would care
insanityhas joined
ksuxat.has joined
Ge0rG
tom: PoW is much cheaper at scale than on individual systems. Any kind of PoW that works on my smartphone so that I can send a message to my GF will be ridiculously cheap for spammers, especially if they use botnets to outsource the hashing to infected PCs
mehdihas joined
vaughanhas left
Django
Ge0rG: sorry, this is the document I actually meant https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/20200724_com-2020-607-commission-communication_en.pdf
tom
I think it'd still be useful when used in combination with other techniques
tom
Just like how spamass workds
Ge0rG
Django: yes, the paranoid police nazis are asking for this shit all the time; so far we were able to avert the worst things
Django
I remember the ripe meeting were Europol wanted direct access to customer data and got 'get a fucking warrant' as response.
colochonhas left
Django
I just hope, that we will be able to avoid this in the future as well.
> tom: I tell people not to make an account on 404.city because of that
If you think spam is the only XMPP problem you are greatly mistaken. There is still a lot of flood abuse. I think you have never received a flood attack, since you offer do not value protection from this.
tom
No, I do not receive floods (yet)
perflysthas joined
404.city
A flood attack is when you receive millions of messages from thousands of strangers
tom
Why don't you think a PoW would prevent that?
tom
*metigate
tom
If they are strangers to you, then each stranger would have to compute a challenge first
tom
There is a similar thing in email where new combinations of receivers and senders are differed to 'try again later' as legit senders will try to send later but spammers won't
Beherithas left
tom
All within spek
ruetyhas left
Beherithas joined
404.city
If the server allows you to receive a message without approving the subscription, then you can flood the user with the message until the client fails.
404.cityhas left
Beherithas left
Beherithas joined
a
seems like mod_block_strangers is incredibly useful nowadays
Holger
Maybe as a workaround to cope with emergency until you have a better solution. It breaks legitimate communication.
Pingu from Woodquarterhas left
maineshas left
maineshas joined
Beherithas left
brilliancehas joined
ksuxat.has joined
a
exactly. a better standardized solution is vitally needed. we just cannot rely on all servers to use this mod. most are even unaware of its existence I guess
Beherithas joined
seandreashas joined
brilliancehas left
ajeremiashas left
insanityhas left
perflysthas left
Licaon_Kter
a: not unaware, just that it makes onboarding new users a pain :((
a
well, in all honesty, I don't see entering a captcha a too painful process... but yeah, it could be a lot better if you just enter JID of recipient and start talking. like in the good old days
insanityhas joined
ajeremiashas joined
Licaon_Kter
a: in theory not hard, in practice I had to reach you and point you to this room when someone tried to contact you because the damn captcha somehow failed....
a
fair point
a
but I can only pray that someone eventually comes up with a better solution
Licaon_Kter
True
a
the lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and register roll out new features, but it somehow it's still not enough✎
a
the lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and roll out new features, but it somehow it's still not enough ✏
a
the lack of leadership in XMPP is depressing. we have ejabberd and Conversations devs (among some others) which are doing great job and roll out new features, but somehow it's still not enough ✏
Licaon_Kter
That's just one server and one client on one platform, we need an least one *dedicated* dev for each or the others...
Licaon_Kter
...if we think the XEPs are perfect I mean, if not...
a
the big companies like Slack and Google are just ripping XMPP off and run away without giving anything back
Licaon_Kter
Slack has no xmpp
Maybe Whatsapp or Google indeed
Maybe Zoom, JitsiMeet
a
I heard Slack started as an XMPP client
a
XEPs are great in practice, PEPs in Python work great. but I feel there are not a lot of people pushing XEPs forward✎
a
XEPs are great in theory, PEPs in Python work great. but I feel there are not a lot of people pushing XEPs forward ✏