| 15 Apr 2025 |
 uep | we have to work with the tools we have on the day (with apologies for channelling Rumsfeld) | 21:55:14 |
 @magic_rb:matrix.redalder.org | Ofc ofc, im just suggesting for the case of one day :) | 21:57:40 |
| @magic_rb:matrix.redalder.org | I appreciate all the amazing work youre doing | 21:57:53 |
| uep | yeah, we have plenty of ideas of what might be done, and of course it's good to draw on ideas that have worked elsewhere | 22:09:48 |
|  amadaluzia[tde] joined the room. | 22:14:42 |
| amadaluzia[tde] | Hey! | 22:15:12 |
| amadaluzia[tde] | Okay, as I was saying earlier | 22:15:31 |
| amadaluzia[tde] | Is there no feature in mjolnir to catch messages with regex? | 22:16:01 |
| uep | there is globbing, but not regex, without writing custom code. Draupnir is the same, but has a plugin system to make writing custom rules easier. | 22:17:53 |
| uep | yes, i know where you're going on matching the username format | 22:18:08 |
| uep | we can certainly write something to match those, and respond. If that response is a ban, we run into the same race condition problems I talked about a moment ago in the other channel. | 22:19:31 |
| amadaluzia[tde] | Oh. | 22:21:13 |
| amadaluzia[tde] | So it would work but it causes other iddues' | 22:21:33 |
 dgrig | Keep in mind that the default element notification settings also ping people on just mentioning their username, so you can't detect pings easily | 22:21:38 |
| amadaluzia[tde] | * | 22:21:44 |
| uep | The truly awful thing about the matrix model is that (because bans don't make the server automatically redact messages in the same transaction) the only way to remove all the messages automatically is to let them propagate until the bot can see them and redact them. | 22:22:15 |
| uep | the spammers know this, we're all discovering this; i've had this conversation several times in the last few days, including with myself | 22:22:58 |
 emily | my strong impression of Matrix is that it was not really designed with much thinking about even the kinds of abuse that have been common on the internet for decades and I keep getting more information to confirm this feeling :/ | 22:25:07 |
 @joepie91:pixie.town | (this is correct) | 22:26:53 |
| emily | repeating the email mistake of letting you have entirely different attacker-controlled content in plain and rich text forms of a messageā¦ š¬ | 22:27:51 |
| amadaluzia[tde] | They had to just make better IRC and years later we are still working on it | 22:27:52 |
| @joepie91:pixie.town | there's generally been a lack of threat modelling in the design process. I have attempted to track down the design rationale and threat modelling behind stateres, an enumeration of specific types of attacks and how it would defend against it, and after many vague answers and a fruitless search by other folks for old internal docs, the conclusion seemed to be "nobody ever actually did this at any point" | 22:27:58 |
| uep | In reply to @emilazy:matrix.org
my strong impression of Matrix is that it was not really designed with much thinking about even the kinds of abuse that have been common on the internet for decades and I keep getting more information to confirm this feeling :/ yeah. it's a clever system for eventual consistency relying on reliable message delivery as the main focus, which seems like a good idea for a base transport layer, but it turns out that in ignoring the actual abuse cases and deferring to reactive bots, you get race conditions like the above, and wind up without reliable message delivery sometimes too somehow | 22:28:08 |
| emily | so it's perfectly possible to create a message that looks benign to mods or bots but very much isn't for other viewers | 22:28:09 |
| amadaluzia[tde] | * | 22:28:34 |
 Dandellion | This was all going to be solved by an even more complicated reputation layer :) | 22:30:38 |
| emily | do we get to do key signing parties again??? | 22:31:42 |
 @emma:rory.gay | no it cant leave before the other user joins | 22:32:44 |
| @emma:rory.gay | otherwise the room becomes orphaned, and you might aswell not create a room at all | 22:33:07 |
| Dandellion | Publishing reputation was actually part of the thoughts back then so maybe lol. But as most matrix things only 5% of the feature was ever implemented, then the whole thing is shelved for "funding" | 22:33:46 |
