XSF Discussion - 2016-01-13

  1. boothj5 has joined

  2. soul has joined

  3. tim@boese-ban.de has joined

  4. tim@boese-ban.de has joined

  5. soul has left

  6. soul has joined

  7. narcode has left

  8. stpeter has left

  9. boothj5 has left

  10. stpeter has joined

  11. soul has left

  12. soul has joined

  13. narcode has joined

  14. boothj5 has joined

  15. soul has left

  16. soul has joined

  17. stpeter has left

  18. boothj5 has left

  19. stpeter has joined

  20. stpeter has left

  21. soul has left

  22. soul has joined

  23. soul has left

  24. soul has joined

  25. Lance has joined

  26. boothj5 has joined

  27. soul has left

  28. soul has joined

  29. boothj5 has left

  30. stpeter has joined

  31. Lance has joined

  32. arty has left

  33. arty has joined

  34. Tobias has joined

  35. soul has left

  36. soul has joined

  37. soul has left

  38. soul has joined

  39. Lance has joined

  40. soul has left

  41. soul has joined

  42. stpeter has left

  43. soul has left

  44. soul has joined

  45. soul has left

  46. soul has joined

  47. Zash has left

  48. foss81405971 has joined

  49. Zash has joined

  50. soul has left

  51. daurnimator has left

  52. soul has joined

  53. soul has left

  54. soul has joined

  55. intosi has joined

  56. soul has left

  57. soul has joined

  58. foss81405971 has joined

  59. foss81405971 has joined

  60. soul has left

  61. soul has joined

  62. intosi has left

  63. intosi has joined

  64. soul has left

  65. soul has joined

  66. soul has left

  67. soul has joined

  68. Lance has joined

  69. soul has left

  70. soul has joined

  71. intosi has left

  72. intosi has joined

  73. soul has left

  74. soul has joined

  75. soul has left

  76. soul has joined

  77. soul has left

  78. soul has joined

  79. daurnimator has joined

  80. foss81405971 has joined

  81. soul has left

  82. soul has joined

  83. thorsten has left

  84. mark.erd has joined

  85. thorsten has joined

  86. foss81405971 has joined

  87. Lance has joined

  88. waqas has joined

  89. dwd has left

  90. thorsten has left

  91. soul has left

  92. soul has joined

  93. thorsten has joined

  94. daurnimator has left

  95. soul has left

  96. soul has joined

  97. soul has left

  98. soul has joined

  99. winfried has left

  100. winfried has joined

  101. soul has left

  102. daurnimator has joined

  103. winfried has left

  104. winfried has joined

  105. soul has joined

  106. winfried has left

  107. winfried has joined

  108. soul has left

  109. soul has joined

  110. soul has left

  111. soul has joined

  112. SamWhited has left

  113. ralphm has left

  114. winfried has left

  115. winfried has joined

  116. winfried has left

  117. winfried has joined

  118. ThUnD3r|Gr33n has joined

  119. foss81405971 has joined

  120. arty has left

  121. intosi has joined

  122. waqas has left

  123. waqas has joined

  124. intosi has left

  125. Steffen Larsen has joined

  126. mark.erd has left

  127. arty has joined

  128. Lance has joined

  129. goffi has joined

  130. mark.erd has joined

  131. Steffen Larsen has left

  132. Flow has joined

  133. Tobias has left

  134. thorsten has left

  135. waqas has left

  136. waqas has joined

  137. thorsten has joined

  138. Ashley Ward has joined

  139. winfried has left

  140. Alex has joined

  141. winfried has left

  142. winfried has joined

  143. Steffen Larsen has left

  144. Steffen Larsen has left

  145. daniel has left

  146. waqas has left

  147. waqas has joined

  148. daurnimator has left

  149. Steffen Larsen has left

  150. Lance has joined

  151. waqas has left

  152. waqas has joined

  153. ralphm has left

  154. xnyhps has left

  155. foss81405971 has joined

  156. Jake1984 has left

  157. ThUnD3r|Gr33n has left

  158. Steffen Larsen has left

  159. ThUnD3r|Gr33n has joined

  160. mark.erd has left

  161. foss81405971 has joined

  162. andy has left

  163. andy has left

  164. daniel has left

  165. daniel has left

  166. Jake1984 has joined

  167. Steffen Larsen has left

  168. daurnimator has joined

  169. foss81405971 has joined

  170. andy has left

  171. waqas has left

  172. daniel has joined

  173. ralphm has left

  174. Jake1984 has left

  175. ralphm has left

  176. foss81405971 has joined

  177. Jake1984 has joined

  178. Flow has left

  179. Flow has joined

  180. waqas has joined

  181. waqas has left

  182. ralphm has left

  183. daniel has left

  184. ralphm has left

  185. Holger has left

  186. Holger has joined

  187. Holger has left

  188. Holger has joined

  189. waqas has joined

  190. daniel has left

  191. daniel has left

  192. Holger has left

  193. Holger has joined

  194. soul has left

  195. soul has joined

  196. foss81405971 has joined

  197. daniel has left

  198. daniel has joined

  199. Holger has left

  200. Holger has joined

  201. mark.erd has joined

  202. foss81405971 has joined

  203. soul has left

  204. winfried has left

  205. winfried has joined

  206. soul has joined

  207. soul has left

  208. soul has joined

  209. Zash has joined

  210. Neustradamus has left

  211. Jake1984 has left

  212. foss81405971 has joined

  213. bjc has left

  214. boothj5 has joined

  215. Jake1984 has joined

  216. soul has left

  217. soul has joined

  218. waqas has left

  219. Zash has joined

  220. waqas has joined

  221. mark.erd has left

  222. waqas has left

  223. mark.erd has joined

  224. mark.erd has left

  225. mark.erd has joined

  226. boothj5 has left

  227. Kev has left

  228. Zash has left

  229. daurnimator has left

  230. bjc has joined

  231. stpeter has joined

  232. Zash has joined

  233. waqas has joined

  234. bjc has left

  235. ThUnD3r|Gr33n has left

  236. thorsten has left

  237. stpeter has left

  238. thorsten has joined

  239. ThUnD3r|Gr33n has joined

  240. bjc has joined

  241. kalkin has left

  242. narcode has left

  243. narcode has joined

  244. mark.erd has left

  245. stpeter has joined

  246. andy has joined

  247. arty has left

  248. bjc has left

  249. waqas has left

  250. Lance has joined

  251. waqas has joined

  252. mark.erd has joined

  253. stpeter has left

  254. waqas has left

  255. Martin has joined

  256. stpeter has joined

  257. stpeter has left

  258. stpeter has joined

  259. ThUnD3r|Gr33n has left

  260. intosi has left

  261. intosi has joined

  262. Zash has joined

  263. mark.erd has left

  264. arty has joined

  265. Flow has left

  266. soul has left

  267. daniel has joined

  268. Martin has left

  269. Martin has joined

  270. soul has joined

  271. soul has left

  272. soul has joined

  273. mark.erd has joined

  274. mark.erd has left

  275. dwd

    Board, anyone? I think Laura is still in a meeting that's running over.

  276. ralphm


  277. tim@boese-ban.de has joined

  278. dwd

    Just us, then.

  279. dwd

    bear, ?

  280. dwd

    Oh, well. ralphm - anything happening with the Summit? And anything you need help with?

  281. ralphm

    nothing I can think of

  282. ralphm

    Just got some stickers delivered

  283. Kev

    Excellent. We like stickers

  284. daniel has left

  285. ralphm

    They look great

  286. andy


  287. andy is bringing stickers, too

  288. andy


  289. andy

    I'll be at FOSDEM on saturday, if anybody wants an OMEMO fish sticker :P

  290. SamWhited

    andy: Now I'm really sad I won't be there!

  291. bjc has joined

  292. andy

    SamWhited, give me your address and I'll mail you some

  293. SamWhited

    andy: Appreciated, but that's okay, probably not worth it to mail them all the way from the other side of the pond :)

  294. SamWhited

    (and I'm moving this weekend and am not entirely sure what my new address is anyways…)

  295. kalkin

    andy: they look awesome!

  296. ralphm

    SamWhited: never to late to book a ticket

  297. ralphm

    too late

  298. SamWhited tries to decide if an OMEMO sticker and some ribs are worth ~900 USD…

  299. kalkin

    SamWhited: Yeah we all could share a beer in bruessel on saturday :)

  300. kalkin

    SamWhited: let your company pay it. It's hmm .... an educational trip!

  301. kalkin


  302. SamWhited

    kalkin: They might, I haven't asked; I'm actually just really busy right now. I probably should have asked at least a month in advance though

  303. arty has left

  304. ralphm

    SamWhited: so no hipchat people at all?

  305. SamWhited

    ralphm: I don't think so; I was hoping the Jitsi guys were going to go, but I think they said something about doing something else that week too

  306. SamWhited

    We'll see; I'll ask my boss about it.

  307. kalkin

    SamWhited: 👍

  308. ralphm

    Jitsi used to do the Lounge with us, really sad they cancelled for this year

  309. SamWhited

    ralphm: Yah, I think they were pretty upset about that too. I know Emil was looking forward to it.

  310. ralphm nods

  311. winfried

    ralphm: who will be contacting aloft?

  312. thorsten

    Is here a party planning?

  313. ralphm

    I'd be happy to do that, but the list on the wiki isn't really filling up. Unless this is all, which would be disappointing

  314. winfried

    last call on the mailing list?

  315. stpeter has joined

  316. ralphm

    winfried: yeah

  317. ralphm

    I'll try to do that today

  318. intosi has left

  319. andy

    SamWhited, international postage is literally under 1 euro. I don't mind. It would probably just take a while to get there. But I've printed up way more stickers than I can possibly use anyway ;)

  320. SamWhited

    andy: Awesome! Sounds good then.

  321. thorsten

    andy: omemo stickers? ;)

  322. intosi has joined

  323. Lance has joined

  324. intosi has left

  325. intosi has joined

  326. Lance has joined

  327. dwd has left

  328. winfried has left

  329. foss81405971 has joined

  330. foss81405971 has joined

  331. Flow

    dwd: how are PEP nodes with access-model roster related to privacy lists? Or did I get your comment in council@ wrong?

  332. daniel has left

  333. Lance

    Flow: servers generally already have an implementation for doing access controls based on roster groups, because of pep/pubsub. so it shouldn't be too much additional complexity for a server to also implement roster group blocking if that is added to the blocking xep

  334. Flow

    Lance: I see, the question still is if we want that

  335. Lance nods

  336. Flow

    I'd like the idea of an ad-hoc based blocking xep

  337. Flow

    so servers can implement what they want

  338. Flow

    and the client UI would be more or less similar, no matter which client is used

  339. Flow

    that, and remove the "list" from privacy lists and then most people would be happy I believe

  340. Jake1984 has left

  341. Jake1984 has joined

  342. soul has left

  343. soul has joined

  344. Flow

    What I wonder is, if we need a mechanism to inform the user about blocked stanzas/messages, and if so, how it should look like

  345. Flow has left

  346. Zash

    Flow: What direction?

  347. Lance

    that is already in the blocking xep, iirc, for outgoing things that are to blocked users

  348. Lance

    i would not expect to be informed that someone blocked you, if you try sending a stanza to them

  349. Flow

    Zash: incoming

  350. Flow

    i.e. a blocked entity send you a message

  351. Lance

    oh, that direction

  352. Zash

    That ... that's weird

  353. Flow

    but I always believe that the solution should be similar to what we do with email these days

  354. Flow

    i.e. a spam folder

  355. Flow

    and that's most likely not related to blocking

  356. Zash

    Did y'all see my post to the list?

  357. Flow

    because if you block someone you usually really do not want to receive anything from him/her

  358. Flow

    Zash: hard to tell :)

  359. Zash

    well, it was to operators becasue I replied to stpeter who posted to operators

  360. Zash

    Probably would have made sense to reply to standards@ too

  361. Lance

    Zash: +1, the current reporting mechanisms are not really aimed for use by end users

  362. Zash

    XEP-0287 which was mentioned seems to assume we already have the filtering in place

  363. waqas has joined

  364. Flow

    Zash: I do believe you can use xep287 without filtering

  365. Flow

    a server could always add <report/> and let the client report spim

  366. Flow

    or maybe even report spim over s2s

  367. Flow

    isn't that what you wanted? an easy way to report spim?

  368. Zash

    I'm a bit tired but it is not obvious to me how that would work

  369. Zash

    I was thinking something simple like this https://www.zash.se/simply-report-spam.html

  370. Lance

    +1. Add a user enterable description/reason, and maybe allow forwarding the original stanza

  371. Flow

    or use the stanza-id to link the original stanza

  372. Flow

    Zash: that does look similar to xep287 spim report

  373. Zash

    I wrote this before I saw 287

  374. Flow

    (which should also use xep359 IDs to link the spim stanza)

  375. Ashley Ward has left

  376. Zash

    Flow: IDs assume that the server has those stored.

  377. Zash

    I don't want to assume that

  378. dwd has left

  379. Zash

    I also don't want to attach more data to every stanza if it can be avoided

  380. Flow


  381. dwd has left

  382. Lance

    The main thing lacking from 287 is optional user provided feedback, and ability to send a report without requiring a server to stamp additional data into stanzas for that purpose.

  383. Lance

    Its about more than just spam, we need a way for users to report harassment and other policy violations that aren't strictly spim

  384. Lance

    Which might not be the result of a single, particular stanza

  385. Zash


  386. Lance

    Arguably covered by http://xmpp.org/extensions/xep-0157.html

  387. dwd has left

  388. Lance

    but it would be nice to have a more structured query, to ensure that the abuser jid is included correctly

  389. Zash

    Sounds like what I had in mind for the thing above :)

  390. Lance

    yep! just add a user comment field and i'd +1 it

  391. Lance

    the remaining question would be where to send it

  392. Lance has left

  393. soul has left

  394. Lance has joined

  395. Zash

    To something that supports it

  396. Zash

    Either the bare server jid, your own account or maybe a remote thing that accepts reports

  397. intosi has joined

  398. dwd

    Flow, You've got to do group-lookup by jid to do the access-model anyway, so the privacy list additions in terms of code would not be huge.

  399. winfried has left

  400. dwd

    Zash, Lance - I'd seriously look at STIX/IODEF for the reporting. I really don't like reinventing the wheel, and given they're both XML anyway it makes sense.

  401. Flow has joined

  402. Zash

    dwd: But NIH!! And huge XML spec

  403. fippo

    dwd: but isn't xml out of fashion?

  404. Lance

    yeah, i'd prefer to keep things simpler for clients to implement / users to use. use iodef/stix for inter-server reporting

  405. Zash

    You could write an informational spec that describes the absolute minimum of IODEF you would need as a client

  406. SouL has left

  407. SouL has joined

  408. tim@boese-ban.de has joined

  409. tim@boese-ban.de has left

  410. hexa- has left

  411. foss81405971 has joined

  412. thorsten has left

  413. thorsten has joined

  414. foss81405971 has joined

  415. intosi has joined

  416. Lance has joined

  417. Lance has joined

  418. foss81405971 has joined

  419. Martin has left

  420. Lance has joined

  421. Lance has joined

  422. goffi has left

  423. dwd has left

  424. thorsten has left

  425. Lance has joined

  426. Lance has joined

  427. thorsten has joined

  428. boothj5 has joined

  429. intosi has left

  430. Flow

    I guess that absolut minimum would be something like xep287 reporting or simply-report-spam.

  431. intosi has joined

  432. Alex has left

  433. ralphm

    and/or creating a mapping to it from a custom protocol you define. We did something similar with things like geoloc

  434. Jake1984 has joined

  435. stpeter

    I'll note that we did have a bespoke format for the inter-server reporting earlier on and I changed it to IODEF because of standards compliance & existing code libraries. Zash is right that we could define a slimmed down profile of IODEF for client-to-server reporting, although a simple command that forwards a message and flags it as abusive doesn't seem completely wrong.

  436. ralphm nods

  437. Flow

    don't forget about the use case where you just want to report a malicious jid

  438. Lance has joined

  439. Lance

    Given the importance of the feature, I'm in favor of whatever will lead to clients and servers actually implementing it, and a simpler spec seems best for that.

  440. Flow

    such report should come optionally with a stanza in question (or a link to it's id) and a more detailed reason (spam, harrasment, fraud, ...)

  441. Flow

    Lance: exactly my thought

  442. sezuan has left

  443. stpeter

    sure, I don't disagree

  444. stpeter

    Flow: don't we know that a JID is malicious based on a particular stanza? (message, presence invite, etc.)

  445. Flow

    stpeter: not sure, if there is always a stanza to report at hand

  446. Zash has joined

  447. Flow

    but anyway the information that matters most is the JID, all other information (stanza, exact reason, ...) should be optional IMHO

  448. stpeter


  449. dwd has left

  450. arty has joined

  451. Ashley Ward has joined

  452. sezuan has joined

  453. SamWhited has left

  454. daniel has left

  455. intosi has joined

  456. stpeter

    Flow: yes, I think you're right - and let's keep the reporting as simple as possible

  457. moparisthebest has left

  458. Kev

    > Flow: don't we know that a JID is malicious based on a particular stanza? (message, presence invite, etc.) Not really. <body>Hi there!</body> isn't malicious. Once. By the hundredth time they probably are as a set.

  459. SamWhited has left

  460. daniel has joined

  461. Flow has left

  462. daniel has joined

  463. moparisthebest has joined

  464. tim@boese-ban.de has joined

  465. tim@boese-ban.de has joined

  466. daniel has joined

  467. intosi has joined

  468. boothj5 has left

  469. Lance

    I've started some conversations with people working on abuse handling problems on various social media, and have gotten some useful feedback that I'll write up and send to standards@

  470. daniel has left

  471. Lance

    One of the interesting points is that blocking really needs a sharing component to really do the job of mitigating/preventing abuse. otherwise the user has to receive & react to everything. (Which could be a substantial amount on other networks)

  472. Lance

    So at minimum, opening up my blocklist to let people on my roster see it would be a big help. Even better would be a way to make incorporating friends' block lists automatic (subscriptions?)

  473. foss81405971 has joined

  474. stpeter

    huh interesting

  475. Lance

    federation makes things harder, of course :/, but there are other things to automatically filter on, such as age of accounts

  476. Lance

    most of that information would only be available inside each service, though

  477. fippo

    age of account... we tried that in psyc ~2003 lance :-)

  478. Lance

    fippo: as is tradition

  479. fippo

    it is still somewhat useful if the remote server is not evil. e.g. the case of a "public server" that gets abused

  480. daniel has joined

  481. stpeter

    I don't think that most XMPP servers have kept track of that

  482. intosi has joined

  483. stpeter

    although this account I'm using goes back to 1999 :P

  484. daniel has left

  485. daniel has joined

  486. narcode


  487. narcode


  488. stpeter

    I'm still intrigued by reputation systems but I don't know if they're truly useful in practice ... http://xmpp.org/extensions/xep-0275.html

  489. SamWhited has left

  490. narcode

    look complicated but could be really accurate“>For each room in which the user is banned (XEP-0045 "outcast"), divide the room's reputation by 10 and decrement the user's score by the result”

  491. Lance

    my server always returns a score of 100 for me, naturally :p

  492. moparisthebest has joined

  493. tim@boese-ban.de has left

  494. Lance

    but I think that aside from 1) making it easy for users to report and 2) making it easier to populate block lists based on my network of friends, its a service operations problem, and not a protocol one

  495. Lance

    as in, new protocols won't solve things. operational work is needed

  496. fippo

    so apparently i've been logged in five years with one account and four years with the other since that feature was implemented. but that is way too little, probably there is a bug in t he counting!

  497. fippo

    reputation systems can make sense if we assume that it is evil clients abusing an open server

  498. stpeter

    fippo: I think we have a mix of evil servers (less common) and evil clients abusing open servers

  499. stpeter

    e.g., I'm pretty sure that buycc.me was/is an evil server

  500. boothj5 has joined

  501. boothj5 has left

  502. foss81405971 has joined

  503. stpeter has left

  504. boothj5 has joined

  505. goffi has left

  506. goffi has left

  507. fippo

    right. but there is quite some value in "public servers" (I have a hard time avoiding the term "open relay") coordinating against spam from evil clients

  508. intosi has joined

  509. stpeter has joined

  510. waqas has left

  511. foss81405971 has joined

  512. waqas has joined

  513. Ashley Ward has left

  514. stpeter


  515. stpeter

    by public server you mean a server that allows essentially anyone to register an account?

  516. foss81405971 has joined

  517. boothj5 has left

  518. foss81405971 has joined

  519. fippo


  520. stpeter


  521. intosi has joined