XSF Discussion - 2018-02-08


  1. intosi

    We lost a few more things in /extensions, such as e.g. gps_datum.html (referenced from XEP-0080)

  2. intosi

    I'm not quite sure where we should put such files.

  3. intosi

    Being in /extensions, the xeps repo would be a logical choice, but it feels a little like pollution as well.

  4. intosi

    If anyone cares to review my minor change to the xeps repo, that would be so kind: https://github.com/xsf/xeps/pull/584

  5. jonasw

    intosi: editors are going to do a batch of work done tonight. if its fine, we'll take care of it then

  6. intosi

    FWIW, it's only adding building of refs to the Dockerfile, not editorial work really.

  7. intosi

    But tonight is fine.

  8. Ge0rG

    vanitasvitae: so you implemented 0392 in Java? https://github.com/pfleidi/yaxim/blob/master/src/org/yaxim/androidclient/util/XEP0392Helper.java

  9. vanitasvitae

    Ge0rG: yep

  10. vanitasvitae

    I'm still missing the mix-colors part and the inversion stuff

  11. Ge0rG

    vanitasvitae: feel free to steal from me, whatever you need

  12. Ge0rG

    vanitasvitae: should've asked before :D

  13. vanitasvitae

    Ge0rG: nah, I like the challenge

  14. vanitasvitae

    Also the GPL is incompatible to Apache2 ;)

  15. Flow

    well if the copyright holder gives you the permission to use his code under a different licence, then it is fine

  16. zinid

    `static final double`

  17. jonasw

    pep., I also thought about the white-male-thing when remotely participating. I have no idea how to fix that though.

  18. Ge0rG

    jonasw: apply a color filter to the webex video stream.

  19. jonasw

    given that the IM mission is kinda bringing *people* together, I’m not sure if or if not the (however true it may be) "women prefer 'people' over 'gadgets'" argument should be applicable to the situation. It could be very applicable, because communication is very much about people, but on the other hand, the XSF is a technical standards organization. The potential JSF would probably be more the realm of people who care about the effects of IM more than the means.

  20. jonasw

    also, disclaimer: if I make statements anyone finds offensive, *please* point it out to me, publicly or private.

  21. zinid

    what was that about? I'm lost

  22. zinid is reading the spam manifesto

  23. pep.

    zinid: the paste I linked yesterday

  24. zinid

    pep., ah, ok

  25. Ge0rG

    Wow. What the f***ing f***! Four server admins signed in the last 4 hours.

  26. zinid

    is it too much or too little?

  27. Ge0rG

    zinid: I'm amazed!

  28. SaltyBones

    signed in where?

  29. zinid

    SaltyBones, https://github.com/ge0rg/jabber-spam-fighting-manifesto

  30. zinid

    Ge0rG, I asked current jabber.ru admin, he should sign soon too

  31. Ge0rG

    zinid: thanks very much!

  32. SaltyBones

    Hm. I am unhappy about the Tor discrimination.

  33. SaltyBones

    I would prefer if this said everybody has to fill out a captcha and not discriminate.

  34. Ge0rG

    SaltyBones: I'm unhappy with it too. Do you have a really better proposal?

  35. SaltyBones

    What's wrong with captchas?

  36. Ge0rG

    SaltyBones: what's *not* wrong with captchas?

  37. SaltyBones

    They work?

  38. zinid

    Ge0rG, maybe write something like "care should be taken for Tor exit nodes" or something like that

  39. zinid

    Ge0rG, maybe write something like "care should be taken for Tor exit nodes"

  40. zinid not a big fan of Tor though

  41. Ge0rG

    zinid: "Monitor or block registrations from IP addresses with bad reputation (open proxy servers, Tor exit nodes)" means the same as what you wrote.

  42. zinid

    Ah,

  43. zinid

    ok, then I don't see the problem

  44. Ge0rG

    zinid: did you read the manifesto? ;)

  45. zinid

    Ge0rG, yeah, I just trusted SaltyBones :) I don't remember it word by word

  46. SaltyBones

    Well, I think this encourages blocking of Tor...

  47. zinid

    and I don't see discrimination in this case: when we say that care should be taken when using knife we don't discriminate knives

  48. SaltyBones

    It says "monitor or block" . . . . . . or do something else

  49. SaltyBones

    And I think monitoring and blocking are shitty and I only want the something else. :)

  50. Ge0rG

    SaltyBones: 99% of logins from Tor are spammers. 5% from non-Tor are spammers. What now?

  51. zinid

    I banned all exit nodes on jabber.ru (when I used to be an admin there)

  52. zinid

    just spam and flood

  53. zinid

    those, who want to stay anonymous should buy 5$ service like digitalocean

  54. Ge0rG

    zinid: you can't buy things anonymously

  55. SaltyBones

    Just say "ask for captchas or similar" and leave out the part where you suggest blocking exit nodes per se.

  56. zinid

    Ge0rG, you cannot use internet anonymously

  57. Seve/SouL

    Well, you can always use your neighbour's wifi :D

  58. SaltyBones

    As an occasional Tor user I can tell you that it makes Tor a lot less valuable if it gets blocked everywhere and I think Tor goes a long way towards online anonymity.

  59. zinid

    Seve/SouL, then you don't need Tor ;)

  60. vanitasvitae

    I'd prefer something like "apply stricter spam rule on tor users"

  61. Ge0rG

    vanitasvitae: isn't that what the manifesto says?

  62. SaltyBones

    Ge0rG, just leave out the part about blocking

  63. zinid

    drama :)

  64. SaltyBones

    No drama, just discussing

  65. Ge0rG

    -* Monitor or block registrations from IP addresses with bad reputation +* Monitor and review registrations from IP addresses with bad reputation

  66. zinid

    "Monitor and review" are virtually the same actions /bikeshedding

  67. Seve/SouL

    Ge0rG, why not Monitor and take corresponding actions?

  68. Seve/SouL

    Well, whatever.

  69. Ge0rG

    zinid: monitoring is often an automatic process, but review is manual

  70. zinid

    Ge0rG, as you wish

  71. mathieui

    11:53:27 SaltyBones> As an occasional Tor user I can tell you that it makes Tor a lot less valuable if it gets blocked everywhere and I think Tor goes a long way towards online anonymity. → as an occasional tor user, and a relay operator, but also an XMPP server operator, I think blocking registrations from tor is often necessary

  72. SaltyBones

    Or to stick with Georg's presentation: general message routing doom :)

  73. Ge0rG

    XMPP doom!

  74. edhelas

    Doom Over XMPP

  75. Ge0rG was slightly motivated to post an XHTML-IM picture of a libcaca output of Doom I

  76. edhelas

    XHTML-IM is so 2017

  77. Ge0rG

    Doom I is so 1993.

  78. jonasw

    I played Doom I a bit on a portable audio player from 2004.

  79. edhelas

    jonasw Rockbox :p

  80. jonasw

    edhelas, exactly.

  81. edhelas

    http://cdn.instructables.com/FZQ/U0RN/FAKWPHHK/FZQU0RNFAKWPHHK.MEDIUM.jpg

  82. Ge0rG

    I played Monkey Island II on an Xbox 1, when it was still cool.

  83. jonasw

    daniel, okay, so I probably wasn’t there: *my* client would do weird things at least :D

  84. jonasw

    (I’m pretty sure)

  85. jonasw

    (but that can be fixed)

  86. jonasw

    (re vcard presence avatar muc room thing)

  87. daniel

    oh really? weird

  88. zinid

    lol

  89. zinid

    anyway, I will check briefly some clients against ejabberd before commiting

  90. jonasw

    let’s give it a test…

  91. jonasw

    oh wait

  92. jonasw

    if the presence does *not* contain a MUC User element, we’re fine

  93. jonasw

    and I don’t see a reason why it should

  94. jonasw

    so that’s probably fine

  95. daniel

    what happens though?

  96. daniel

    will it create a user with a null username?

  97. jonasw

    no

  98. jonasw

    if it doesn’t contain a <x xmlns="that muc user namespace"/> thing, it is ignored entirely

  99. jonasw

    (it’ll probably log something about an unhandled presence, at worst)

  100. daniel

    i meant if it would include that tag

  101. jonasw

    oh, that would probably lead to quite a bit of breakage

  102. jonasw

    either null user name, or some crash

  103. daniel

    i see.

  104. daniel

    probably fix that no matter what :-)

  105. jonasw

    the MUC code itself would probably deal with it just fine, but everything which expects a string for a nickname down the stream/road would be... surprised

  106. jonasw

    yeah, explicitly ignoring bare-JID presences for occupant handling is probably a good idea.

  107. jonasw

    there you go: https://github.com/horazont/aioxmpp/commit/5df66eeafe24047d55d3d6b9b849538674f121e5

  108. pep.

    Ge0rG, SaltyBones, fwiw, I was talking with a freenode person at fosdem, and she said they were trying to study the "tor issue". ATM they allow tor users if they register first, with registration not via tor iiuc (which defeats the point of tor). She told me they were discussing with tor people to look for ways to solve this

  109. Ge0rG

    pep.: I'm sure there is no solution to this problem.

  110. pep.

    Yeah I'm not really optimistic either

  111. SaltyBones

    ...captchas? :)

  112. Ge0rG

    stfupchas.

  113. SaltyBones

    Be nice!

  114. SaltyBones

    Seriously, what's wrong with captchas?

  115. jonasw

    they don’t work

  116. jonasw

    they are an additional step, which always sucks when competing with WhatsDown

  117. SaltyBones

    Don't work how?

  118. jonasw

    they are not efficient is what I meant to say

  119. pep.

    SaltyBones, not fond of captchas either, or rather, google-owned captchas, which is the biggest implementation out there. (And probably not any other third-party owned impl. either anyway)

  120. jonasw

    and they are a problem with accessibility

  121. Ge0rG

    SaltyBones: https://shkspr.mobi/blog/2017/11/captchas-dont-prove-youre-human-they-prove-youre-american/

  122. pep.

    Also often out-of-band, which is annoying

  123. SaltyBones

    Their whole point is to be non-efficient and if you want to compete with whatsapp you can just use phone authentication but freenode via tor is a different use case.

  124. jonasw

    SaltyBones, no, with efficient I mean efficient at blocking spam

  125. jonasw

    or abuse in general

  126. jonasw

    when considering the cost to UX and accessibility

  127. jonasw

    (or, if you’re using google, data privacy)

  128. SaltyBones

    Yes, but if I want to use Tor from freenode I would rather fill out captchas for 3 minutes instead of just being told "no".

  129. SaltyBones

    Actually if you use Tor you get so many captchas you probably spend more than 10 minutes a day on it. :p

  130. pep.

    I'd prefer they came up with another solution

  131. SaltyBones

    pep., So would I but I would prefer this solution to statements like "a solution does not exist". :)

  132. pep.

    Maybe easy to deploy but as jonasw said, and I as well, it breaks lots of things

  133. SaltyBones

    It doesn't break them more than breaking them on purpose though...

  134. pep.

    sorry I didn't catch this

  135. SaltyBones

    I mean I currently cannot access freenode from my Tor VM, which is more broken than a captcha.

  136. zinid

    > Actually if you use Tor you get so many captchas you probably spend more than 10 minutes a day on it. :p True. I once tried to use Tor and it was funny experience, never want to repeat it again 😁

  137. SaltyBones

    Yeah, it's awful...

  138. SaltyBones

    That's why they distribute these "f*ck cloudflare" stickers. ;)

  139. Ge0rG

    SaltyBones: I can understand the position cloudflare is taking.

  140. SaltyBones

    sure, I can too :)

  141. SamWhited

    I do not speak for the company, etc. But for what it's worth they have tried really hard to ensure Tor users had a good experience by trying to get buy in from the IETF and W3C on a standard thing that could be done instead. There's an open source extension that implements it and bypasses the captchas.

  142. SamWhited

    https://blog.cloudflare.com/cloudflare-supports-privacy-pass/

  143. SaltyBones

    :o

  144. SaltyBones

    I will have to try this.

  145. jonasw

    I’ll first try to figure out how that works

  146. jonasw

    "magically identifies you without enabling tracking" sounds too good to be true

  147. SaltyBones

    Anyway, yes that's another way to solve the problem. just pay in proof-of-work would also be one.

  148. SaltyBones

    jonasw, it's pretty straightforward crypto magic ;)

  149. Ge0rG

    SaltyBones: pay in proof-of-work is still not a solution to the spam problem.

  150. jonasw

    https://craphound.com/spamsolutions.txt

  151. SaltyBones

    Ge0rG, depends I would say

  152. Ge0rG

    SaltyBones: nope.

  153. Ge0rG

    SaltyBones: the efficiency difference in PoW between mobile clients and custom ASICs is so horribly high, you can't make any sensible abuse-prevention scheme on top

  154. SaltyBones

    That's not true. There are plenty of memory-hard hashes that are hard to do in cheap ASICs and even if you assume that they exist you have to consider the expected worth of sending a message which is painfully low for most spam schemes.

  155. jonasw

    even the difference between a desktop/server CPU and a mobile CPU is enough to make it break, I think

  156. jonasw

    also, memory-hard on mobile won’t fly either, SaltyBones

  157. jonasw

    (for certain values of "memory-hard")

  158. Ge0rG

    scrypt is a memory-hard PoW scheme and there are ASICs for it.

  159. jonasw

    (but those values might be lower for ASICs than for mobile CPUs; GPUs and mobile CPUs is a different story though, now that we’ve reached GPUs with several GiB of memory)

  160. SaltyBones

    I don't want to play devil's advocate, I generally agree with you.

  161. Ge0rG

    SaltyBones: when doing PoW on my smartphone, I'm manually implementing things in Java bytecode.

  162. jonasw

    why would you do that in java bytecode?

  163. SaltyBones

    I'm just saying for many spam schemes the return on value is so low people wouldn't even bother implementing the PoW code. Maybe this assumption is wrong.

  164. jonasw

    SaltyBones, "spamsolutions.txt" seems to suggest that you’re wrong, because one of the reasons is:> ( ) Extreme profitability of spam

  165. jonasw

    SaltyBones, "spamsolutions.txt" seems to suggest that you’re wrong, because one of the reasons is: > ( ) Extreme profitability of spam

  166. Ge0rG

    MR 20171128T16:55:45Z 000 <Ge0rG>  Okay, just to get some numbers. "I managed to pull around 5.6KHash/sec on my Nexus 7 with all fou r threads." from https://rumorscity.com/2014/01/07/how-to-mine-litecoin-with-android/ MR 20171128T16:56:10Z 000 <Ge0rG>  So we are at ~20 KHashes for a first-contact MR 20171128T17:01:02Z 000 <Ge0rG>  you can rent 500MH/s for three hours for ~3USD. That accounts for 100 Millions spam messages. MR 20171128T17:01:26Z 000 <Ge0rG>  if you price a single spam message at 20KH scrypt.

  167. jonasw

    now I could sift through the spam I get to check how much they charge for 10k XMPP spam message to see if that works out ;-)

  168. Ge0rG

    jonasw: 20$ for 100k JIDs or so.

  169. jonasw

    so that’s probbaly well within their capabilities

  170. SaltyBones

    TIL...

  171. SaltyBones

    I guess I have underestimated the amount of morons who fall for spam by several orders of magnitude...

  172. jonasw

    I also love the "philosophical objection": > ( ) Killing them that way is not slow and painful enough

  173. zinid

    Ge0rG: where can I get paid for sending spam?

  174. zinid

    Sounds interesting

  175. daniel

    zinid: send spam advertising your services

  176. SaltyBones

    INDEED :D

  177. Ge0rG

    zinid: I'll tell you for 200$

  178. jonasw

    ha

  179. SaltyBones

    yeah, maybe it's a ponzi scheme

  180. SaltyBones

    send spam for money to find customers who will pay you for sending spam

  181. jonasw

    SaltyBones, actually, that’s what has been happening a few months ago for a few months, now they seem to have found customers who actually want to spam something >.>

  182. zinid

    SaltyBones: blockchain 🤔

  183. jonasw

    (aside from the carding spam which has been there forever)

  184. Ge0rG

    SaltyBones: it kind of is. "we will scan your forum for jids for $20, and use those jids to send your spam"

  185. SaltyBones

    zinid, it's about time we had a dedicated blockchain emoji ;)

  186. SaltyBones

    ⏹️⛓️

  187. jonasw

    ha.

  188. daniel

    SaltyBones: but with a zwj in between

  189. SaltyBones

    ah what? O_o

  190. Ge0rG

    a SJW.

  191. daniel

    Unicode humor

  192. Ge0rG

    or a jwz?

  193. SaltyBones

    I don't get it. :(

  194. Ge0rG

    SaltyBones: https://emojipedia.org/zero-width-joiner/

  195. daniel

    My alternative carrier path is to remake the emoji movie with more weird unicode humor

  196. daniel

    Fewer people will get it. But it will actually be funny

  197. jonasw

    "career"?

  198. Ge0rG

    daniel: did you actually watch that movie?

  199. daniel

    That one

  200. daniel

    > daniel: did you actually watch that movie? LOL no

  201. Ge0rG

    Phew, I was worried for a moment.

  202. daniel

    Apparently there is a joke about how there is no use case for the eggplant emoji. Which probably tells you a lot about the writers

  203. SaltyBones

    Ge0rG, I'm having a seizure just reading this crap.

  204. jonasw

    daniel, oh dear

  205. Ge0rG

    SaltyBones: And it's not even the worst thing about Unicode Emoji.

  206. jonasw

    I’m just sad that there’s no Hydnora visseri emoji. it’d go great with an eggplant.

  207. ralphm

    While I'm around, I am still in a company meeting and might not be able to follow the discussion here.

  208. jonasw

    ralphm, this discussion shoudl also probably be in the off-topic room, sorry.

  209. Ge0rG

    daniel: you mean the aubergine emoji?

  210. nyco

    and...

  211. nyco

    bang?

  212. Ge0rG

    SaltyBones: http://unicode.org/repos/cldr/trunk/specs/ldml/tr35-general.html#SynthesizingNames will make you puke without end.

  213. Guus

    Time for a board meeting

  214. Guus

    hi nyco

  215. nyco

    hi Guus

  216. nyco

    (got a stable network this time, we'll see with the clients)

  217. jonasw

    right, board time

  218. Guus

    Ralphm just mentioned he was busy-ish... Mattj announced that he was likely unavailable now. Martin?

  219. Guus

    Martin appears offline to me

  220. nyco

    wel...

  221. nyco

    on my side, just about the board prios meeting, we finally chose not to do it around summit/fosdem

  222. nyco

    I'll reschedule

  223. Guus

    Thanks. As it's just you and me being active now, I propose that we skip this meeting, and try again next week.

  224. nyco

    archiving: https://trello.com/c/vFYiyf9I/300-summit-sponsoring https://trello.com/c/8XwcLKzf/301-summit-dinner

  225. Dave Cridland

    Martin's on unexpected childcare duty, sorry!

  226. nyco

    thx Dave Cridland

  227. Guus

    ah, ok. A random child, or his? ;)

  228. nyco

    on the big things to do, we got the prios, but also funding/financing and survey

  229. nyco

    also bus factor on bank account

  230. Guus

    True, but I don't want to discuss that with just the two of us here.

  231. nyco

    agree

  232. nyco

    bye!

  233. nyco

    thx

  234. Guus

    see you next week :)

  235. Guus

    I'll send off a quick mail for posterity

  236. nyco

    Thx

  237. Dave Cridland

    SamWhited, I think you meant XEP-0137 is Draft, not XEP-0159.

  238. SamWhited

    err, oops, yes

  239. SamWhited

    The council card is right anyways

  240. SamWhited

    Unrelated, https://clojuriststogether.org/ just distributed its first funding round for Clojure projects that are important to the community. I wonder if a similar model would work for the XMPP community, or if we would never end up with enough people to make it sustainable.

  241. SamWhited

    /cc Ge0rG

  242. Ge0rG

    I had some trouble parsing that domain name into words.

  243. SamWhited

    Still better than expertsexchange.com (which actually used to be their domain)

  244. Ge0rG

    SamWhited: it looks like a nice thing, and I'd love to direct some money in the direction of JC (and then to you for auditing it ;))

  245. SamWhited

    I do not have the qualifications to reasonably audit code, but thanks for your confidence :)

  246. SamWhited

    They appear to be working with an existing non-profit so that people can make donations tax deductable without them having to do all the paperwork and legal nonsense, that's rather nice.

  247. Ge0rG

    SamWhited: but you have the qualifications to find XSS, which is a good first step

  248. SamWhited

    "qualifications" == "basic testing"

  249. Ge0rG

    SamWhited: is that a non-profit we can apply at as well?

  250. SamWhited

    or "copy-pasting"

  251. Ge0rG

    JabberistsTogether.com now!

  252. SamWhited

    Ge0rG: the SFC; alternatively, it could be under the XSF umbrella presumably

  253. Zash

    Go for it

  254. Ge0rG

    SamWhited: the XSF barely has the time to do its own work.

  255. SamWhited

    Ge0rG: it doesn't have to do anything but file taxes; the conservancy isn't doing work, just being the official business so that the fund can be tax exempt

  256. SamWhited

    Although, I say that, presumably they have lawyers who know this stuff and we don't, so maybe something else would be better

  257. SamWhited

    Anyways, it's an interesting structure and I think it's a cool idea… now someone else do it!

  258. Ge0rG

    SamWhited: I have no strong opinions on that, just that I have zero knowledge of US-based non-profits

  259. jonasw

    Ge0rG, to direct money to JC, you can simply use liberapay or patreon, as we learned yesterday or so

  260. Ge0rG

    jonasw: but I want to direct other people's money

  261. jonasw

    hah

  262. jonasw

    I would want that too, but I’m not sure I’d be so selfless here ;-)

  263. zinid

    Damn, I barely can follow the "manifesto discussion", yet, you guys are capable of writing a wall of text, lol

  264. Guus

    just make everyone sign up and pledge 3$ / month

  265. Guus

    it has to start somewhere, right?

  266. Guus

    heck, let everyone pledge half the amount that they spend on <luxury item x> in the same period

  267. jonasw

    Guus, okay, find an X and I’ll consider it

  268. Guus

    jonasw: coffee? fastfood? games on your smartphone? candy?

  269. Zash

    Obscure cheese only produced in a small village near where I live?

  270. jonasw

    I don’t drink coffee, I avoid fastfood, I don’t have any paid apps on my smartphone. You might’ve got me with candy though.

  271. Guus

    comics? board games? legos?

  272. jonasw

    do components for hobbyprojects count?

  273. Guus

    movie tickets? concert tickets?

  274. jonasw

    do components for hobby projects count?

  275. Zash

    Look at mr rich over here

  276. Guus

    whatever you want counts :)

  277. jonasw

    if so, I’m screwed ;-)

  278. Guus

    I'm just trying to make the point that if you're happy to spend money on <luxury item x>, spending some of it on XMPP is probably OK for you too. If it's not, it's not - that's up to you - but this logic works for myself :)

  279. Ge0rG

    a hobby is by definition something that can consume infinite money

  280. jonasw

    Guus, I have a similar opinion in general, but I like to believe that due to my own contributions to XMPP software I’m exempt from that. You’re being a counter-example here and that’s making me uncomfortable ;-)

  281. zinid

    Ge0rG, what if your job is your hobby? :)

  282. Zash

    Then you are doomed

  283. jonasw

    or lucky, depends.

  284. Ge0rG

    zinid: it's not possible. it's a job if you end up with more money than before, and a hobby if it takes money

  285. jonasw

    because then you’ve actually one of those rare hobbies which actually pay more than they cost you :<

  286. Guus

    jonasw: it's really up to you, and no-one else- to tell you if you're comfortable with donating any amount of money or time.

  287. Zash

    Ge0rG: Pretty sure the tax rules are more complicated than that

  288. Guus

    I for one am insanely grateful for all the time that you're putting in.

  289. zinid

    Ge0rG, ah, so this is a question of definition, ok

  290. jonasw

    Guus, I know that, it just starts some thought process.

  291. Ge0rG

    zinid: yes. In the end, you have a great job.

  292. Guus

    jonasw, I'm personally trying to avoid to think along the lines of: "I'm doing this so that I don't have to do that", but rather "what type/amount of resources am I willing to spend on this?"

  293. jonasw

    Guus, that makes sense

  294. jonasw

    hm

  295. jonasw

    speaking of things I do

  296. jonasw

    I put some XEP into last call and forgot to send that email

  297. jonasw

    I probably have to move the LC end date by a few days now

  298. Ge0rG urgently needs to update PARS

  299. Guus rides into the sunset (which sounds more romantic than "going to pick up the kids from daycare")

  300. Ge0rG does another half hour of web app pentesting.

  301. intosi

    *cooks some Brussels sprouts*

  302. jonasw

    cooking sounds like a great idea actually

  303. intosi

    Thought so :)

  304. Ge0rG

    jonasw: Why another LC on 280?

  305. jonasw

    Ge0rG, council switch

  306. Ge0rG -1s

  307. jonasw

    feel free :D

  308. jonasw

    I’m just the mechanic in this case

  309. edhelas

    :)

  310. zinid

    Ge0rG, so how will we blocklist spam servers?

  311. zinid

    I like the idea of test day, so we probably need some mechanism by then

  312. Holger

    blockchain

  313. Holger

    (sorry)

  314. zinid

    you're not serious :(

  315. Holger

    IIRC jonasw suggested a DNS blacklist maintained by him and ... others.

  316. zinid

    yeah, I heard about DNS blacklist, who will maintain it? :)

  317. zinid

    probably "him and others" :)

  318. Holger

    I think he was asking for volunteers but nobody responded.

  319. Holger

    Not sure.

  320. Holger hands the microphone over to jonasw.

  321. jonasw

    Holger: I will

  322. Ge0rG

    zinid: prosody can firewall all traffic from a list of domains placed in a http or local text file.

  323. Ge0rG

    zinid: tell me your domain and I'll blacklist you

  324. zinid

    yeah, because local text files is a best source of distributed data

  325. zinid

    Ge0rG, the domain is yax.im

  326. Zash

    mod_firewall can fetch lists via http (periodically)

  327. zinid

    Zash, these are details, the question is who will maintain the list?

  328. zinid

    who will add entries?

  329. zinid

    who will process deletion requests?

  330. Zash

    Someone else™

  331. Zash

    But in all seriousness, that's a thing that wound need figuring out

  332. zinid

    we haven't figured out enough yet?

  333. Zash

    I'm wondering if we could partner with any of the existing spam list orgs

  334. zinid

    last time I operated an email server a decade ago, so I don't even know how it's done now and who manages that

  335. jonasw

    Zash, spamhaus is doof, sorbs seem to be reasonable at least

  336. zinid

    doof?

  337. Ge0rG

    zinid: nice try.

  338. Zash

    Department of ooooo fffff?

  339. jonasw

    zinid, probably not an adjective which is used frequently by Till Lindemann. it means dumb or silly or something in that order.

  340. zinid

    Ge0rG, you have more stars than signers btw

  341. Ge0rG

    zinid: I feel like Donald Trump!

  342. Zash

    Something something russian bots?

  343. Ge0rG

    Zash: more stars than supporters

  344. Ge0rG

    zinid: ping

  345. zinid

    yeah, with some german bots

  346. zinid

    .

  347. zinid

    oh

  348. zinid

    it works finally

  349. zinid

    just was very slow

  350. jonasw

    zinid, I starred, but I won’t sign, because I don’t operate a public server

  351. jonasw

    I think that makes sense

  352. zinid

    jonasw, yeah, me too

  353. zinid

    I'm just joking

  354. zinid

    ping

  355. zinid

    what's wrong with this conference?

  356. jonasw

    ping

  357. jonasw

    what

  358. zinid

    who's there?

  359. Zash

    What the <--- jonasw has left the room (the MUC server is not responding)

  360. Zash

    Bunneh: ping muc.xmpp.org

  361. Bunneh

    Zash: Pong from muc.xmpp.org in 0.144 seconds

  362. jonasw

    Zash, yeah, poezio wasn’t happy

  363. SamWhited

    I sent a mail to the list with an inline image but it does not appear to have arrived. I don't see it in the pending moderation queue and it doesn't appear to match any of the content type rejection rules (it's just a png). Any idea where it might have gone?

  364. SamWhited

    nevermind, just being *really* slow today.

  365. Zash

    SamWhited: Hm, that graph could do with some colors on the nodes for states...