-
Ge0rG
Phew. Council duties completed. Only delayed by a week and some.
-
edhelas
is there known clients that are implementing https://xmpp.org/extensions/xep-0367.html ?
-
MattJ
HipChat, and a bot I wrote
-
MattJ
*HipChat (RIP)
-
edhelas
oh really ?
-
edhelas
I'm planning to implement it in Movim
-
MattJ
Great! :)
-
Guus
I discussed XEP-0367 with Dele Olajide the other day
-
Guus
as a suggestion for Pade
-
MattJ
Yes, I really would like to see it more widely implemented
-
MattJ
Some work was started for Dino, but afaik that's about it so far
-
pep.
Reactions?
-
MattJ
Message attaching
-
MattJ
Which I think it possibly not the best name, to be honest
-
Zash
So what's the deal with attaching vs references?
-
pep.
Right, I was going to ask
-
MattJ
Exactly
-
Zash
Was this something discussed at the summit?
-
pep.
Not this specific subject iirc, or at least not this year, but we've had this discussion before on xsf@ at least
-
MattJ
References is still full of TODOs and has various open issues regarding how to count characters, etc.
-
Dele Olajide
>Guus: I discussed XEP-0367 with Dele Olajide the other day Yes Indeed. That was for emoji reactions
-
Seve
That XEP needs some work though, I wonder if it should be splitted, one for reactions and one for attachments. Problem is, you cannot decide what should go first if multiple things are attached (like reactions and images and whatnot)
-
Zash
XEP-0377: Spam Reporting https://xmpp.org/extensions/xep-0377.html Is there still interest in this or something like it?
-
Zash
IIRC someone thought it should be detached from xep-191
-
lovetox
yes i think its better
-
lovetox
otherwise you remove any chance this gets send without a blocking action
-
lovetox
which will then lead to some hacks like send blocking iq without item or stuff like that
-
lovetox
but interest must come from server operators i guess
-
lovetox
i think this is useful and most applications have a spam button
-
Zash
What comes first, XEP or server? Or client?
-
MattJ
Why would you want to report spam and *not* block the sending JID?
-
moparisthebest
honeypot?
-
MattJ
What about it?
-
jonas’
depending on the honeypot use-case, one might want not to actually populate a blocklist to further observe the spambots behaviour before termination
-
lovetox
MattJ, i dont know, but why do you want to rob us of the possibility to do so ?
-
jonas’
save all the roundtrips.
-
jonas’
also atomic operations are nice
-
lovetox
spamreporting is not a operation that happens so often that we would have to consider efficiency
-
lovetox
i would argue
-
jonas’
(I agree with you)
-
lovetox
either way, this should come in that or another form
-
MattJ
I don't really understand why people want to reject the simple solution here
-
lovetox
Whats not simple about the other solution?
-
lovetox
and nobody rejects it
-
MattJ
Sending two iqs?
-
jonas’
we all love the simple (2 IQ) solution
-
lovetox
no sending one iq to report spam
-
MattJ
and then not blocking the JID
-
MattJ
?
-
Zash
Code is probably going to be pretty simple either way
-
MattJ
The server is likely going to block it anyway
-
MattJ
So whatever, go ahead, I won't object :)
-
jonas’
hm, having it in one operation has the advantage that there’s something to lose for the user for reporting false spam
-
MattJ
jonas’, yes, that came up before. Didn't mention it now because it's easy to argue against - just send a second iq to unblock
-
jonas’
sure
-
MattJ
But I consider it a nicer UI to report+block at the same time
-
MattJ
Other systems don't have two separate buttons
-
lovetox
what if some server wants to tell another server that he blocked a server or jid?
-
MattJ
lovetox, that is not what this protocol is for
-
Zash
Does it really matter that much on the wire?
-
MattJ
lovetox, and if you want this protocol to do those kinds of things, there are many many previous XEPs that do this
-
MattJ
and they got nowhere, because they are too complex and impractical in reality
-
lovetox
MattJ but making it not dependend on blocking makes it able to easily reuse for use cases we didnt think about
-
lovetox
but ok i see there are pro and cons
-
MattJ
There are various components to consider with battling spam
-
lovetox
it doesnt matter let this get advanced
-
MattJ
One of these components is the ability for users to report spam that has slipped through the net
-
MattJ
It is unrelated to the other components, it's a feedback mechanism
-
lovetox
i understand that if executed by the user this will be 99.99% with a blocking
-
Zash
If you see it as block(jid, [reason]) then the current thing seems fine
-
lovetox
my argument was, its not reusable in other circumstances we didnt think of
-
MattJ
lovetox, that kind of argument leads to generic complex XEPs, of which we have many
-
lovetox
but yeah we can always add another XEP for that
-
MattJ
and nobody knows how to use them sensibly
-
MattJ
Because they support using them in so many different ways
-
MattJ
I'm currently fighting to tie up all those loose ends and document them, I don't want to introduce more
-
lovetox
store hints come to mind
-
lovetox
was this XEP ever put to last call or vote?
-
MattJ
https://xmpp.org/extensions/xep-0287.html
-
MattJ
https://xmpp.org/extensions/xep-0161.html
-
MattJ
Hmm, what's the other one
-
lovetox
hm ok abuse report seems exactly what i asked about
-
lovetox
ip is a bit lol
-
lovetox
but ok
-
MattJ
lovetox, but someone might need it!
-
MattJ
lovetox, for example service operators who want to report bots registering on their server
-
lovetox
we really have a problem with people adding XEPs but than dont follow through
-
Zash
> Kev: yes, XEP-268 (instant reporting), XEP-236 (Abuse), XEP-287 (SPIM markers and reports), XEP-377 (SPAM reporting).
-
Zash
https://wiki.xmpp.org/web/Minutes_of_the_2018_Summit:_Day_two#3._SPAM
-
MattJ
lovetox, because "following through" typically requires multiple interoperable implementations
-
MattJ
which a single XEP author can't do, and even if everyone in the individual projects agrees it's a good thing to do, there are other priorities...
-
lovetox
for draft status you dont need implementations or?
-
MattJ
No, but I'm assuming by "follow through" you include implementing
-
lovetox
hm no i meant the author adjusts the xep after feedback
-
MattJ
Oh right, sure
-
lovetox
it seems people maybe think experimental xeps are not changed, so they add new ones
-
lovetox
because i dont see why the first abuse report XEP 161 could not add the example to use it with blocking
- Zash creates https://wiki.xmpp.org/web/Spam
-
Zash
What XEPs are there, what's the good and bad of each? Write down there.
-
Zash
https://xmpp.org/extensions/xep-0268.html
-
MattJ
Ah, that's the one I was looking for
-
MattJ
It perfectly fits "easy to reuse for use cases we didn't think about" :)
-
MattJ
It doesn't fit "easy to use"
-
Zash
I think 377 is more in the spirit of simple clients, complex servers
-
Zash
IODEF might be fine to generate from the server and send wherever
-
MattJ
Yes, agreed
-
Ge0rG
I know that I sound like a broken record, but in the current situation, if a user needs to report spam, it essentially means the admin is a lazy bastards who doesn't do due diligence
-
Zash
Yes
-
MattJ
Ge0rG, so you filter 100% of spam?
-
MattJ
and I know you don't, so follow-up question: wouldn't you like feedback to know about stuff that slipped through your net?
-
Zash
This mostly being taken care of by server-side black box magic does reduce the apparent need of these reporting mechanisms
-
Ge0rG
the deployment of a reporting mechanism prior to a black box magic filter won't do anybody any good.
-
MattJ
The black box magic filter needs data
-
Zash
Black box 22
-
Ge0rG
I'm in the position to make use of such a reporting, because I'm filtering out 99% of spam, so I'll only receive maybe 0.1% of reports. Other server admins don't have a black box, so they are going to receive 10% of their server's spam. Based on the typical 10% engagement rate.
-
MattJ
Sure
-
Ge0rG
We need to teach everybody to walk before giving them wings.
-
MattJ
But I'd argue that it is better to have the mechanism in the server and clients, even if it isn't connected to anything more than "block this JID"
-
Ge0rG
MattJ: no. It's actually worse.
-
MattJ
Waiting until we perfect magic boxes until we deploy this is the wrong approach
-
Ge0rG
MattJ: blocking an individual JID won't have any impact on the amount of spam received by a user. But the ineffectivity of the spam report button will teach them not to use it.
-
MattJ
I'm not sure I agree with that
-
MattJ
(that they won't use it)
-
Ge0rG
MattJ: if you find out that something doesn't work, will you keep using it?
-
MattJ
If it's as easy to click "close tab" as it is to click "report and close tab"
-
MattJ
They won't find out, that's the beauty
-
Ge0rG
It's never as easy.
-
MattJ
I receive spam in my inbox, I still report it
-
Ge0rG
They report and block, half an hour later they receive the same spam from a different JID.
-
Zash
The Algoritm thanks you for the input.
-
MattJ
Ge0rG, I'm not denying that will happen
-
Ge0rG
MattJ: you also assume that your report isn't merely silently logged into prosody.log without any further action
-
MattJ
Do I?
-
MattJ
I think you're over-thinking things on behalf of users
-
MattJ
If they continue to receive spam they'll likely just stop using the service, client, protocol
-
MattJ
regardless of whether there was a report button or not
-
MattJ
So the absence of a report button is really not a fix for anything
-
MattJ
(I have actually lost contacts who stopped using XMPP entirely when they received daily spam)
-
Ge0rG
Ah, it's too late already.
-
Zash
WE'RE DOOMED
-
Ge0rG
You can do whatever you want, and you can deploy whatever you want, wherever you want. Feel free to focus your efforts on re-solving the 99% of spam problem.
-
pep.
I know many people who just continue using IRC/Freenode even with the spamwaves when server operators are almost useless.. I don't think a button would help much during these tbh
-
mathieui
freenode is kind of a specific population
-
mathieui
(and even then, spam is much easier to deal with in a single IRC network)