| 15 Apr 2025 |
 uep | rate limits are a limited tool no matter what; you have to exceed them before reactions happen, and by that time damage is done. But you still should be able to use them and react sooner. | 23:16:51 |
 @emma:rory.gay | well, there's a very very easy bypass that i'm not even going to mention | 23:17:26 |
| @emma:rory.gay | its clearly already being abused in public, but still | 23:17:38 |
| @emma:rory.gay | im sure Cat could tell you exactly what happened here | 23:18:10 |
| @emma:rory.gay | because well, all 3 of those rooms ban you if you send more than 5 events per minute | 23:20:04 |
| uep | In reply to @dandellion:dodsorf.as
you could have a nixos-org hosted bot that processes knocks, allowlisting known-good homeservers without public registration, or requiring out of band verification through some oracle. Matrix isn't directly unsuitable for building systems like that. No one just ever did i talked a while ago about join rules on the channels that are "space members only" and then buidling whatever other mechanisms around user validation into space membership. That sounds like a good use of those features. But we still have:
- no implementation of the validation bot that we can Just Use
- no support for spaces in several clients, making it even more confusing for (especially new) end users
| 23:20:18 |
| @emma:rory.gay | on the second point, i'd just ignore that tbh | 23:20:43 |
 Dandellion | you can kind of do restricted joins on just any room | 23:21:01 |
| @emma:rory.gay | if they join it as a room, they still get access to all the other rooms | 23:21:10 |
| Dandellion | so you can have a lobby or welcome room instead of a space | 23:21:11 |
| @emma:rory.gay | and yeah, what dandelion said | 23:21:14 |
| uep | I mostly agree, but don't really have the luxury anyway because of the first | 23:21:20 |
| uep | In reply to @dandellion:dodsorf.as
so you can have a lobby or welcome room instead of a space at the conceptual level, same thing. | 23:21:45 |
| @emma:rory.gay | would it be that problematic to manually accept knocks? i dont think the join volume is that high after all | 23:22:06 |
| uep | we've set the room to knock or invite mode a bunch of times during attacks, and will continue to do so | 23:23:15 |
| Dandellion | I use his in a bot I make, the only issue is that element generally doesn't like it for some reason https://github.com/element-hq/element-web/issues/28109 | 23:23:23 |
| Dandellion | * I use this in a bot I make, the only issue is that element generally doesn't like it for some reason https://github.com/element-hq/element-web/issues/28109 | 23:23:33 |
| @emma:rory.gay | github is still down for me | 23:23:37 |
| Dandellion | if it doesn't know how to join a room, it will just try and succeed, but if it knows about the room it will try to locally understand the join rules and fails, or something like that | 23:24:22 |
| @emma:rory.gay | can someone tell me what that issue is about? | 23:24:24 |
| @emma:rory.gay | oh wait, github isnt loading because i had a single tab stuck in a spinlock... | 23:24:53 |
| @emma:rory.gay | ffs firefox | 23:24:57 |
| @emma:rory.gay | the solution is to not use element | 23:25:50 |
| Dandellion | :) | 23:25:56 |
| @emma:rory.gay | the issue is even worse with knocking btw :) | 23:26:16 |
| @emma:rory.gay | you need to enable a labs feature to knock, but it breaks joining regular rooms | 23:26:32 |
| Dandellion | I can imagine | 23:26:35 |
| @emma:rory.gay | nheko handles all 4 cases just fine /shrug | 23:26:51 |
| @emma:rory.gay | and so does element x, so that covers all the clients i personally care about | 23:27:09 |
| Dandellion | call me (lol) when nheko gets video calls :/ | 23:27:21 |
