> nuegia.net wrote:
> they told my themself they were going to create a ton of bogus accounts on various open reg servers to spam me with
and then i didn't, although honestly that's more from fatigue and wanting to forget you existed than any change of heart.
kbt100has left
Ellenor Bjornsd.
So, have fun with your server filled with right wingers. That's all I'll say.
世界之保證has left
jgarthas left
neoxhas joined
Ellenor Bjornsd.
Mind also that you and we have about the same reputation here - nobody-knows-us essentially single-user server operators who have a bloodfeud.
Amolithhas left
Trunghas joined
xsohas left
Thomashas left
xsohas joined
Thomashas joined
Thomashas left
Thomashas joined
catchyhas left
huxxerhas left
allbombsonhas left
allbombsonhas joined
huxxerhas joined
Thomashas left
Thomashas joined
moparisthebesthas left
Dead Headhas left
Dead Headhas joined
ijhas joined
ijhas left
dominionhas joined
b43has left
froghas joined
catchyhas joined
世界之保證has joined
Dead Headhas left
Dead Headhas joined
Brithas joined
heartyhas left
msavoritiashas joined
moparisthebesthas joined
Thomashas left
Thomashas joined
dora71has left
dora71has joined
Amolithhas joined
ijhas joined
miruxhas joined
bauruinehas left
kristoffhas left
kristoffhas joined
dora71has left
resolihas joined
Thomashas left
Thomashas joined
wurstsalathas joined
nicocohas joined
dora71has joined
heartyhas joined
peterhas left
nuegia.net
crazy
karimhas joined
Menelhas joined
Thomashas left
djorzhas joined
Thomashas joined
Djangohas joined
writer77has joined
Chris Machas left
Chris Machas joined
froghas left
homebeachhas left
homebeachhas joined
xsohas left
svenhas joined
william.chatnerhas joined
Mario Sabatinohas joined
schäfchen726has joined
karmehas joined
Thomashas left
Thomashas joined
catchyhas left
schäfchen726has left
schäfchen726has joined
dora71has left
dora71has joined
patascahas left
dora71has left
dora71has joined
djorzhas left
froghas joined
timothyhas joined
schäfchen726has left
schäfchen726has joined
stefanhas left
stefanhas joined
Djangohas left
linus69has left
linus69has joined
xsohas joined
xsohas left
xsohas joined
Sirrdghas left
Sirrdghas joined
antranigvhas joined
Thomashas left
Thomashas joined
Thomas
I activated captcha in my muc. The users don't get a captcha. It's empty. What is wrong?
Harper
if you're using ejabberd be sure you enabled the listen module for it too
Licaon_Kter
Thomas: which clients?
Thomas
Harper: I have activated the captcha with Gajim. Where can I enable the listen module?
Thomas
Licaon_Kter: the captcha is in the browser
william.chatnerhas left
hshdhdhchas joined
Licaon_Kter
Thomas: captcha is usually a server feature
Ellenor Bjornsd.
Licaon_Kter: it's a server feature requiring a user to click a link to be able to speak
Harper
some will show it inline, some won't, but if the link is blank then it is broken on server side
Licaon_Kter
I know what it is...if the server has no captcha setup, not sure what Thomas thought they enabled via Gajim
wladmishas left
wladmishas joined
karmehas left
peterhas joined
Martinhas left
Martinhas joined
schäfchen726has left
schäfchen726has joined
wladmishas left
wladmishas joined
Thomas
Its a muc on the dismail server
gooyahas joined
catchyhas joined
hshdhdhchas left
gooyahas left
gooyahas joined
hshdhdhchas joined
Thomashas left
Thomashas joined
Thomashas left
Thomashas joined
RoseBytehas left
Marandahas left
Mjolnir Archonhas left
scilenshas left
redflaghas left
bkilhas left
Maranda[x]has left
abdullahhas joined
kuba_has joined
heartyhas left
kuba_has left
Maranda[x]has joined
Chris Machas left
Chris Machas joined
schäfchen726has left
schäfchen726has joined
scilenshas joined
abdullahhas left
redflaghas joined
homebeachhas left
homebeachhas joined
bkilhas joined
RoseBytehas joined
heartyhas joined
sonnyhas left
Thomashas left
Thomashas joined
sonnyhas joined
resolihas left
resolihas joined
Djangohas joined
abdullahhas joined
Marandahas joined
jgarthas joined
wladmishas left
wladmishas joined
Mjolnir Archonhas joined
hotaruhas left
hotaruhas joined
abdullahhas left
abdullahhas joined
Thomashas left
Thomashas joined
papatutuwawahas joined
froghas left
abdullahhas left
TheCoffeMakerhas left
TheCoffeMakerhas joined
schäfchen726has left
schäfchen726has joined
marevalohas left
TheCoffeMakerhas left
TheCoffeMakerhas joined
marevalohas joined
p42ityhas joined
p42ityhas left
TheCoffeMakerhas left
patascahas joined
TheCoffeMakerhas joined
kahlbhas left
xsohas left
xsohas joined
TheCoffeMakerhas left
TheCoffeMakerhas joined
xsohas left
xsohas joined
Julianhas left
Menelhas left
Menelhas joined
YHLhas joined
inkyhas left
Dead Headhas left
Dead Headhas joined
Julianhas joined
schäfchen726has left
schäfchen726has joined
froghas joined
kahlbhas joined
inkyhas joined
xsohas left
jackhas left
SJMhas left
Ray222has joined
schäfchen726has left
schäfchen726has joined
jackhas joined
Abbehas joined
JonNJhas left
schäfchen726has left
schäfchen726has joined
etaurushas left
etaurushas joined
Ray222has left
ijhas left
'has left
Abbehas left
'has joined
'has left
Abbehas joined
schäfchen726has left
schäfchen726has joined
xsohas joined
ijhas joined
'has joined
Thomashas left
Thomashas joined
karmehas joined
Ray222has joined
Calvinhas joined
Calvinhas left
Thomashas left
Thomashas joined
ewagnerhas left
ewagnerhas joined
homebeachhas left
homebeachhas joined
sonnyhas left
schäfchen726has left
schäfchen726has joined
SJMhas joined
sonnyhas joined
Thomashas left
Abbehas left
Thomashas joined
Lightning Bjornssonhas joined
snowhas joined
Thomashas left
Thomashas joined
Ray222has left
Ray222has joined
resolihas left
henrikhas left
schäfchen726has left
schäfchen726has joined
dora71has left
dora71has joined
inkyhas left
sonnyhas left
schäfchen726has left
schäfchen726has joined
inkyhas joined
sonnyhas joined
ernst.on.tourhas left
hshdhdhchas left
ernst.on.tourhas joined
Ray222has left
albertohas left
william.chatnerhas joined
Thomashas left
Thomashas joined
djorzhas joined
resolihas joined
TheCoffeMakerhas left
TheCoffeMakerhas joined
marc0shas left
marc0shas joined
Menelhas left
kuba_has joined
papatutuwawahas left
resolihas left
Menelhas joined
inkyhas left
TheCoffeMakerhas left
Thomashas left
Thomashas joined
jgarthas left
schäfchen726has left
schäfchen726has joined
TheCoffeMakerhas joined
henrikhas joined
xsohas left
xsohas joined
heartyhas left
世界之保證has left
世界之保證has joined
marc0shas left
marc0shas joined
schäfchen726has left
schäfchen726has joined
marc0shas left
marc0shas joined
savagepeanuthas left
savagepeanuthas joined
Thomashas left
Thomashas joined
snowhas left
RoseBytehas left
Marandahas left
Mjolnir Archonhas left
scilenshas left
redflaghas left
bkilhas left
TheCoffeMakerhas left
stpeterhas joined
riau.snihas left
riau.snihas joined
Thomashas left
Thomashas joined
fireburnerhas left
fireburnerhas joined
TheCoffeMakerhas joined
Ray222has joined
stpeterhas left
redflaghas joined
scilenshas joined
schäfchen726has left
schäfchen726has joined
snowhas joined
bkilhas joined
stpeterhas joined
schäfchen726has left
schäfchen726has joined
stpeterhas left
RoseBytehas joined
albertohas joined
jgarthas joined
schäfchen726has left
schäfchen726has joined
marc0shas left
marc0shas joined
sonnyhas left
sonnyhas joined
Thomashas left
snowhas left
Thomashas joined
fireburnerhas left
rozzin
> it's a server feature requiring a user to click a link to be able to speak
That's supposed to help?
marc0shas left
marc0shas joined
Licaon_Kter
rozzin: against bots...
But spammers _are human-e in xmpp_
heartyhas joined
karmehas left
rozzin
Right, that's what I mean—it sounds like it's based on a hypothesis that most XMPP spammers/trolls/griefers are automated bots and not humans doing it manually..., which AFAICT is generally incorrect.
abdullahhas joined
karmehas joined
Marandahas joined
xsohas left
Guus
I am confident that there is no single silver bullet to fix this problem. Many smaller improvements are likely needed. Not doing something because it won't fix the entire problem will leave us with _no_ fixes. That's worse.
Licaon_Kter
Guus: it's more about "threat model"
kbt100has joined
Mjolnir Archonhas joined
Maranda
Guus: there's no silver bullet but problem is that most servers that allow ibr just allow it unrestrictedly without any kind of verification or restriction
Guus
I don't think that defines a singular definition.
p42ityhas joined
schäfchen726has left
schäfchen726has joined
Maranda
Amassing the usual excuses of privacy or that mail verification (for example) doesn't solve anything
Guus
Maranda: I know - it's bad.
catchyhas left
catchyhas joined
Maranda
Which is just plain dumbness imho
rozzin
... which I guess might seem weird, because the situation in other at least passingly-similar domains of "malevolent attackers on the network" is kind of the exact opposite....
Like, how naive users expecting "oh puh-lease who's going to waste their time typing guessed passwords into login dialogs to try to get into my account" are mistaken to assume "the Internet isn't very populated, the vast majority of the population that is there is human, every attack is personal, the vast majority of people are nice and extremely unlikely to have an issue with me personally... so security is not something I need to worry about"....
alacerhas joined
abdullahhas left
Guus
Doesn't really matter if we think a particular behavior or motive is or isn't dumb - we will have to deal with the fact that these exist.
rozzin
Maranda: "enter your home address, you should receive a written correspondence within two weeks including a URL and a confirmation code. Once you've accessed that URL and entered the code there, you will be granted voice!"
stpeterhas joined
stpeterhas left
Licaon_Kter
rozzin: wait, no, not voice...you can join at first... then, after 6 months, using 3 older users refferals...then you get voice
marc0shas left
marc0shas joined
Thomashas left
Thomashas joined
ijhas left
stpeterhas joined
rozzin
"you've got to buy one
if you want to get
one free speech"
djorzhas left
stpeterhas left
benk
Freedom is not free
schäfchen726has left
schäfchen726has joined
xsohas joined
Thomashas left
Thomashas joined
Menelhas left
karmehas left
rozzin
Licaon_Kter:
> Think someone banned the admin here over their black cat pic/name, and that's not helpful
I still don't quite understand what the rationale for that ban was—AFAIK he was always well-behaved here, so it seems like if he was basically kicked out of op-club ʿfor being too uglyʾ or something that just makes it harder for people to get reach him with admin issues..., which seems counterproductive TBH.
Licaon_Kter
¯\_(ツ)_/¯
Thomashas left
albertohas left
Thomashas joined
Menelhas joined
Maranda
rozzin: I don't pick the hilarity of your statements but for sure the said statements aren't backed by facts. And since I'm a rather mean person... I'll pick the usual Matrix example, where big M months ago was plagued by constant denial of servicing drone conducted attacks abusing HomeServers with totally unsecured registration. Well from when they *imposed* servers with open registration to actually secure it or *Synapse would refuse to start* that brought the grinding to a solid halt.. Who would've told.
j.r (jugendhacker.de)has left
karmehas joined
moparisthebest
It's not like requiring email for registration would fix anything, what like spammers can't get emails?
benk
They can
Guus
Again: there is no one single silver bullet here.
moparisthebest
Maranda: walled gardens do shitty things, unsure how that's relevant
Menelhas left
Maranda
And left just a few scattered human solvers registering accounts on matrix.org to actually attempt spamming, moreover the Muppet actually plaguing XMPP with the gross spam is using all servers with unsecured registration
PingufromWoodquarter (xmpp.pingu.at)has left
Maranda
moparisthebest: your definition of Walled Garden doesn't meet mine ™️
Menelhas joined
moparisthebest
Will if a "network" is controlled by 1 company such that they can turn other people's servers off... I'm not sure what else you'd call it✎
homebeachhas left
homebeachhas joined
moparisthebest
Well if a "network" is controlled by 1 company such that they can turn other people's servers off... I'm not sure what else you'd call it ✏
benk
can't they just turn off the turn-off bit
Maranda
benk: yes securing open registration or disabling open registration (the default)
alacerhas left
benk
lot of bickering in this chat for a serious-business zone
hshdhdhchas joined
moparisthebest
Define "securing open registration" because as far as I knew that is still an unsolved problem
benk
personally I'm not a fan of open registration
Licaon_Kter
Maranda: not sure you realise that many won't be here if their first encounter back in 2015 would have asked me to use an email.
I host, yes, but why would I do that if my first impression would have been "just another silo"?✎
Licaon_Kter
Maranda: not sure you realise that many won't be here if their first encounter back in 2015 would have asked thew to use an email.
I host, yes, but why would I do that if my first impression would have been "just another silo"? ✏
Licaon_Kter
Maranda: not sure you realise that many won't be here if their first encounter back in 2015 would have asked thew to use an email.
I host, yes, but why would I do that if my first impression would have been "just another silo" collecting emails? ✏
moparisthebest
Same
benk
it looks good if you're an innocent user, so you think like, "I'm a nice person so it's nice to just sign up quickly" but as soon as you realize what is liable to go wrong then you wouldn't want risking them logging into your service
j.r (jugendhacker.de)has joined
moparisthebest
But also note that collecting emails has never stopped any spammer
benk
collecting e-mails has only enabled spam
moparisthebest
Google usually requires a physical cell phone number to register an account now, also stops 0 spammers
moparisthebest
But if anyone has great ideas for "securing registrations" that not even Google or Facebook etc has thought of, by all means share
Ellenor Bjornsd.
I run closed registration but I have a shall-issue policy. If you ask, I will give.
bkil
Telegram and WhatsApp as well. And most spam on matrix originates from those two.
bkil
moparisthebest: You have already been invited to mod-ideas and I have also linked to my quite extensive notes about it.
Maranda
> <moparisthebest> Define "securing open registration" because as far as I knew that is still an unsolved problem
Just adding (re)CAPTCHA suffices to give enough security to bar most of the automated registrations like it or lump it
moparisthebest
Also please remember anyone can spin up unlimited XMPP servers on unlimited subdomains trivially
Ellenor Bjornsd.
True
moparisthebest
They aren't automated though
kbt100has left
moparisthebest
This whole recent spam attack has been done manually by a human
Maranda
> <moparisthebest> Google usually requires a physical cell phone number to register an account now, also stops 0 spammers
And you insist in denying the obvious so that's all I have to say
bkil
Ellenor Bjornsd.: I have been rejected from multiple shall-issue mailing lists because the owner "did not like the looks of my email address" without any sane reasoning or method for appeal.
Licaon_Kter
Maranda: how many "disposable email" domains do you ban?
schäfchen726has left
schäfchen726has joined
Maranda
Licaon_Kter: all
Licaon_Kter
bkil: what does 'shall-issue' even mean?
bkil
By the way, people ban subdomains as well on mjolnir in general.
> <moparisthebest> How do you detect a disposable email
Cross reference data on multiple online databases
fireburnerhas joined
bkil
Licaon_Kter: What was meant by the OP. I.e., invite-only, but with the option to ask for joining the list by clicking a button and typing in an email address (default mailman option). It is a bit sad that they don't really give you a small textbox to introduce yourself in (similar to how it is done during tildeverse registration)
moparisthebest
Is sme.moparisthebest.com one? (Hint: it is, MX records point at mailinator)
marc0shas left
marc0shas joined
Maranda
> <moparisthebest> Is sme.moparisthebest.com one? (Hint: it is, MX records point at mailinator)
Wow I'm impressed
moparisthebest
Are you checking mx records of all domains? Also again you can set up your own unlimited email domains for free
JonNJhas joined
Maranda
Again pointless discussion
benk
^
bkil
And it was not a disposable email address, it was a well known local provider (but intentionally not gmail.com)
Maranda
Denying the obvious, over dumb reasoning not my thing
alienhas left
sonnyhas left
alienhas joined
Thomashas left
moparisthebest
There are things you can do to impede mass automated registration of course, but we are talking about a human doing things manually here, you'll never be able to block that
Thomashas joined
kbt100has joined
Maranda
moparisthebest: and said (multiple times) already that while it may not stop human solvers it slows 'em down
moparisthebest
You mean it takes them a full second to solve a captcha? Unsure that's helpful
YHLhas left
Ingolfhas joined
bkil
You can deter that via web of trust and transparent reputation systems such as used by https://lobste.rs/about#invitations But if you think this is off-topic here, I still welcome you in the MUC xmpp: mod-ideas @ conference.movim.eu
alacerhas joined
sonnyhas joined
rozzin
Martin:
> I put it up to document which servers I block. Other people can decide to follow it, but it's still my personal blocklist without any documented inclusion criteria etc.
How do you even remember then? Or does it not matter?
Martin
There's a comment for each entry.
kuba_has left
kuba_has joined
bkil
rozzin: When we maintained such a block list, we mentioned the type or schema of the abuse and the origin (room/MUC) in the textual ban reason field.
alacerhas left
Maranda
> <moparisthebest> You mean it takes them a full second to solve a captcha? Unsure that's helpful
I'm sorry but you have no arguments, and you're bickering nd trolling over the meaning of examples. *Fin*✎
Maranda
> <moparisthebest> You mean it takes them a full second to solve a captcha? Unsure that's helpful
I'm sorry but you have no arguments, and you're bickering and trolling over the meaning of examples. *Fin* ✏
p42ityhas left
kuba_has left
kuba_has joined
albertohas joined
marc0shas left
marc0shas joined
kuba_has left
kuba_has joined
Licaon_Kter
Maranda: what happens when a user that jumped through the hoops ends up beingwa spammer? Does that lower your trust in the email provider?