04:49:22 <hv-bridge> <\\ Hamed //> here?
19:19:31 <ErCiccione[m]> Updates about the spam situation? I still cannot write in -dev and -community and i think most bridges are either gone or partially working.
19:25:04 <selsta> we can make voice only an requirement for e.g. tor
19:25:11 <selsta> a
19:25:36 <kinghat[m]> should just move it all to matrix
19:26:08 <selsta> is matrix spam proof
19:26:14 <ErCiccione[m]> selsta: That's a good compromise imo
19:26:25 <ErCiccione[m]> kinda
19:26:38 <selsta> how? lol
19:26:59 <ErCiccione[m]> It's the future bro
19:27:18 <ErCiccione[m]> Jokes aside. Afaik it's not really used for spam
19:27:49 <ErCiccione[m]> but in case thhey can be shut down quickly. One good side is that the messages can be removed, so that's a deterrent
19:28:54 <ErCiccione[m]> but yeah, still waiting for the spam proof protocol to be announced :P
19:30:44 <ErCiccione[m]> Btw, would be good to do the "tor users only with voice" thing asap. I'm feeling cut out, i miss you guys :(
19:31:15 <selsta> fluffypony: ^
19:33:00 <dEBRUYNE> Not sure why you are able to talk here but not in -dev or -community
19:33:04 <dEBRUYNE> Same permissions as far as I can see
19:33:45 <kinghat[m]> selsta: can you ELI5: if you guys are making a ban list, why cant the software make the ban list?
19:34:01 <selsta> because these nodes are following what we are doing
19:34:08 <selsta> and if we add software detection they will change behaviour
19:34:58 <kinghat[m]> which is good because it shows us more holes?
19:35:07 <selsta> yep
19:35:18 <selsta> they did reveal a lot of bugs already that we fixed now
19:35:56 <selsta> free audit w0w
19:35:58 <kinghat[m]> we just need to change the behavior until its no longer relevant?
19:38:09 <kinghat[m]> > I don't know about how spam prevention works on IRC, but there are a number of ways spam can be prevented on Matrix. For example, Synapse supports adding a custom spam prevention plugin to your server, which lets that plugin decide whether or not an action (such as sending a message) is spam, and allow or block it based on that
19:38:09 <kinghat[m]> Then there's shared ban lists and ignore lists that can be used by multiple people to automatically share blocks with a group of different people for example
19:38:09 <kinghat[m]> and moderation bots such as Mjölnir that can automate room moderation to certain extents
19:38:55 <kinghat[m]> <selsta "how? lol"> > I don't know about how spam prevention works on IRC, but there are a number of ways spam can be prevented on Matrix. For example, Synapse supports adding a custom spam prevention plugin to your server, which lets that plugin decide whether or not an action (such as sending a message) is spam, and allow or block it based on that
19:39:36 <kinghat[m]> > regular old bans allow you to ban individual users from a room, but there is also a server ACL setting that lets you ban entire servers from interacting with a room if you want
19:39:49 <kinghat[m]> that probably looks terrible on irc 🤷‍♂️
19:44:29 <kinghat[m]> > Some links to check out: https://github.com/matrix-org/mjolnir https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors
19:44:52 <kinghat[m]> > https://github.com/matrix-org/synapse/blob/master/docs/spam_checker.md
19:48:12 <ErCiccione[m]> dEBRUYNE: Then could be a problem of the matrix bridge.
19:56:22 <kinghat[m]> > One thing to keep in mind is that Matrix has no expectation of trust between the different servers, so anything you can do as a server admin (abuse management bots, room shutdowns for example) can only affect what is done on your own server, and anything you can do as a room admin (room bans, server ACLs) can only affect that specific room, but you still have no way to control what the greater Matrix network (other
19:56:22 <kinghat[m]> servers, other rooms) does
19:56:22 <kinghat[m]> That's one major difference to IRC networks, where the network assumes some level of trust between the different server operators that are part of the same network
20:50:37 <selsta> kinghat[m]: right, but I meant all of this is not going to stop someone from trolling with spam messages
20:50:54 <selsta> though hiding messages sounds useful in these situations
22:47:46 <d4ndo[m]> Are you guys using github Actions?
22:48:06 <d4ndo[m]> https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
22:48:32 <d4ndo[m]> quote: "The big problem with this feature is that it is highly vulnerable to injection attacks. As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed."
22:57:45 <d4ndo[m]> n8
22:59:19 <asymptotically> d4ndo[m]: yes but none of them take any user input from places like github issues
22:59:55 <d4ndo[m]> asymptotically: good to know.