| 14 Apr 2025 |
 scrush | Thank you ❤️ | 19:32:39 |
| 15 Apr 2025 |
|  sorrel joined the room. | 10:44:50 |
|  allrealmsoflife joined the room. | 20:41:18 |
 @magic_rb:matrix.redalder.org | @uep:matrix.org to not ping in the moderation room, maybe mjolnir could DM the person they ban, to let them know whats up? The spammers will end up with a room that mjolnir can leave immediately after, while a actual user will know what happened | 21:45:21 |
| @magic_rb:matrix.redalder.org | But i dont know if mjolnir can do that actually | 21:45:32 |
 uep | i don't think it can, or at least don't know how | 21:46:27 |
| @magic_rb:matrix.redalder.org | Sad, im trying to bring some of the discord mod wisdom. I used to be a mod on a rather large 20k people server and the moderation there was extremely easy because of the tooling | 21:47:12 |
| @magic_rb:matrix.redalder.org | The bot they used is opensource, but its strictly for discord | 21:47:24 |
| uep | we have to work with the tools we have on the day (with apologies for channelling Rumsfeld) | 21:55:14 |
| @magic_rb:matrix.redalder.org | Ofc ofc, im just suggesting for the case of one day :) | 21:57:40 |
| @magic_rb:matrix.redalder.org | I appreciate all the amazing work youre doing | 21:57:53 |
| uep | yeah, we have plenty of ideas of what might be done, and of course it's good to draw on ideas that have worked elsewhere | 22:09:48 |
|  amadaluzia[tde] joined the room. | 22:14:42 |
| amadaluzia[tde] | Hey! | 22:15:12 |
| amadaluzia[tde] | Okay, as I was saying earlier | 22:15:31 |
| amadaluzia[tde] | Is there no feature in mjolnir to catch messages with regex? | 22:16:01 |
| uep | there is globbing, but not regex, without writing custom code. Draupnir is the same, but has a plugin system to make writing custom rules easier. | 22:17:53 |
| uep | yes, i know where you're going on matching the username format | 22:18:08 |
| uep | we can certainly write something to match those, and respond. If that response is a ban, we run into the same race condition problems I talked about a moment ago in the other channel. | 22:19:31 |
| amadaluzia[tde] | Oh. | 22:21:13 |
| amadaluzia[tde] | So it would work but it causes other iddues' | 22:21:33 |
 dgrig | Keep in mind that the default element notification settings also ping people on just mentioning their username, so you can't detect pings easily | 22:21:38 |
| amadaluzia[tde] | * | 22:21:44 |
| uep | The truly awful thing about the matrix model is that (because bans don't make the server automatically redact messages in the same transaction) the only way to remove all the messages automatically is to let them propagate until the bot can see them and redact them. | 22:22:15 |
| uep | the spammers know this, we're all discovering this; i've had this conversation several times in the last few days, including with myself | 22:22:58 |
 emily | my strong impression of Matrix is that it was not really designed with much thinking about even the kinds of abuse that have been common on the internet for decades and I keep getting more information to confirm this feeling :/ | 22:25:07 |
 @joepie91:pixie.town | (this is correct) | 22:26:53 |
| emily | repeating the email mistake of letting you have entirely different attacker-controlled content in plain and rich text forms of a message… 😬 | 22:27:51 |
| amadaluzia[tde] | They had to just make better IRC and years later we are still working on it | 22:27:52 |
| @joepie91:pixie.town | there's generally been a lack of threat modelling in the design process. I have attempted to track down the design rationale and threat modelling behind stateres, an enumeration of specific types of attacks and how it would defend against it, and after many vague answers and a fruitless search by other folks for old internal docs, the conclusion seemed to be "nobody ever actually did this at any point" | 22:27:58 |
