<kalbasit>
gchristensen: we get quite a bit of spam on #nixos do you consider following #archlinux example by setting the flags `+rf #nixos-unregistered`?
<gchristensen>
yeah we've considered it
<gchristensen>
I'll bring it up again
<kalbasit>
that would be great
<gchristensen>
thanks, kalbasit
<kalbasit>
gchristensen: thank you! :)
<kalbasit>
gchristensen: also regarding https://github.com/NixOS/ofborg/pull/202 you want to consider it after I get a bit more experience? I can't really find info on when things like these get approved
<{^_^}>
ofborg#202 (by kalbasit, open): Add kalbasit to config.extra-known-users.json
<gchristensen>
no, its fine, I'm just ... behind on ofborg PRs sorry
pie__ has joined #nixos-chat
<samueldr>
oof!
<samueldr>
it's bad tonight
<samueldr>
(the spam)
<gchristensen>
yea :(
the has joined #nixos-chat
the has joined #nixos-chat
the has quit [Changing host]
<samueldr>
for less than 24h I would have understood not taking countermeasures
<samueldr>
but it's... concerning
<samueldr>
this *can* be dealt with transparently by a network
<gchristensen>
it can?
<samueldr>
and it's not the first time freenode has such issues :/
<samueldr>
all servers are *in a way* software controlled by freenode
<samueldr>
and nothing in the *protocols* of IRC forbids a server from doing more things
<samueldr>
like for instance they could buffer up the messages and drop them + ban with a list
<samueldr>
the list could be polled from a central instance
<samueldr>
especially for the level of sophistication here
<samueldr>
with more sophisticated attacks that would maybe try to look human~ish to remove the buffer
<samueldr>
there could be *ways* to handle it at the server-level
<gchristensen>
aye
<samueldr>
but I *DO* understand how it all entails *work*
<samueldr>
but uh, ain't there nobody working on freenode's infra?
<samueldr>
(for the record, I was involved with a small-to-medium sized IRC network over 10 years ago, very localized though)
<samueldr>
I'd love it if there was a way to explain to users why they can't join in the meantime :(
<ivan>
+m and a voicing bot might work if they get killed by freenode as they spam other channels
<samueldr>
not sure the voicing bot really would change anything, how would you recognize the legitimate users?
<gchristensen>
30s delay
<samueldr>
ah, you're still around
<samueldr>
gchristensen: yeah, not a bad idea
<samueldr>
oh no :(
<gchristensen>
hrm?
<samueldr>
a smaller nixos-related channel just got a visit :(
<gchristensen>
ah
Sonarpulse has quit [Ping timeout: 240 seconds]
<samueldr>
in the previous days it (thankfully?) seemed limited to only the bigger channels in freenode
* samueldr
sighs a whack-a-bot game
nlsun24 has joined #nixos-chat
nlsun24 has quit [Remote host closed the connection]
<samueldr>
I hate it :(
<samueldr>
[doubly plus ungood since there's basically one individual in charge]
lassulus_ has joined #nixos-chat
<ekleog>
gchristensen: the current attack is really, really low level, I'm ircop on another network, we were also receiving the same spam, and every new variant got mitigated within something like an hour… it definitely can be mitigated with inspircd as the server, at least (don't know for freenode's ircd)
<gchristensen>
aye
<gchristensen>
I setup redirects to a new chan for unregistered users
<gchristensen>
hopefully that does the business for now
lassulus has quit [Ping timeout: 240 seconds]
lassulus_ is now known as lassulus
<ekleog>
then, maybe the rate of false positives, which has been null so far for us, would be prohibitive for freenode, idk
<ekleog>
sounds good :)
<samueldr>
their attack is so low level, redirections don't register in the bots
<samueldr>
(on my irc server, I don't even mitigate the attack, we're so small all real channels are +s, they don't know where to spam)
<samueldr>
(and for connections, it auto-regulates through throttling + g-line the few times it got a bit hairy)
sir_guy_carleton has joined #nixos-chat
<ekleog>
well, for us it's just a regex on their first message that filters the first message and triggers a g-line :° we couldn't really afford moving all channels around, with a few hundreds of users
<ekleog>
(if that's actually what you meant by “redirections don't register in the bots”, I'm not sure I got that one)
sir_guy_carleton has quit [Client Quit]
sir_guy_carleton has joined #nixos-chat
<samueldr>
ah, irc "redirections" is a concept that doesn't really exist, it's how some servers allow setting options where when you join a channel you're stopped from joining and forced to join another
<samueldr>
like how #nixos acts right now, if you're not identified to nickserv, you end up in #nixos-unregistered
<ekleog>
ok, so that's indeed what I was thinking of :) and so the issue is that afaik you can't just redirect people who are already on the channel, so you can't move around people in bouncers
<ekleog>
(it's more the “register in the bots” part that I'm not sure to get, though :°)
<samueldr>
ah, they must be hard-coded to whatever they saw in /LIST, and wherever they are forced to join, they don't spam (yet)
drakonis has joined #nixos-chat
<srk>
wtf
<srk>
our channel has +ls 31337
<srk>
now I've had to add +r, looks like it didn't stop the spam oO
<samueldr>
didn't stop the spam?
* samueldr
looks up what +ls 31337 should do
<srk>
maybe it takes a while
<samueldr>
ah +l 31337 and +s to hide it
<samueldr>
yeah, not sure if they scrape /LIST or some other source
<gchristensen>
what is +l
<samueldr>
l
<samueldr>
(join limit)Takes a positive integer parameter. Limits the number of users who can be in the channel at the same time.
<makefu>
samueldr: sasl is great, thanks for the tip!
<clever>
sphalerite: havent bothered to switch to sasl
drakonis has quit [Remote host closed the connection]
drakonis has joined #nixos-chat
lopsided98 has quit [Quit: Disconnected]
__monty__ has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
__monty__ has quit [Ping timeout: 260 seconds]
drakonis has joined #nixos-chat
sir_guy_carleton has joined #nixos-chat
<infinisil>
Hah, it's our national holiday, but it's raining like cats and dogs right now haha
drakonis has quit [Read error: Connection reset by peer]
<infinisil>
Exactly today, after this week-long heat streak
<samueldr>
happy birthday $country, how old are you? 300? 400?
* samueldr
casually waves off everything european
<infinisil>
country=Switzerland
<infinisil>
No idea about the age lol
<infinisil>
Something like 500 years I think
<infinisil>
> 2018-1291
<{^_^}>
727
<infinisil>
That old ^
<infinisil>
apparently
<samueldr>
to think the city I live in is 410 this year
<samueldr>
there wasn't a (eurocentristically defined) country yet really when it was founded!
__monty__ has joined #nixos-chat
<infinisil>
Yea
* infinisil
is very bad with history
<infinisil>
The good thing about it raining is that the changes of something catching fire are pretty much 0 now :)
yurb has quit [Ping timeout: 256 seconds]
<sir_guy_carleton>
samueldr: what city is that? Quebec City?
<samueldr>
Québec is the province, Québec City being the city yeah
yurb has joined #nixos-chat
<gchristensen>
my town was settled only 250yrs ago :o
<samueldr>
(being among the few first is kind of cheathing though)
<LnL>
gchristensen: lol, Archaeological evidence shows human presence in the region of the confluence of Scheldt and Leie going back as far as the Stone Age and the Iron Age
iqubic has quit [Remote host closed the connection]
<joepie91>
can be a little difficult to read through as their writing is a bit erratic, but it's very much worth it (as is the linked article)
<joepie91>
especially for understanding 'chan culture' and all the abuse that originates from it
matthewbauer has joined #nixos-chat
<__monty__>
I really can't identify. I'm in my mid thirties and I definitely like things, lots of things.
<__monty__>
Still do.
<gchristensen>
as a person, I also like things
<__monty__>
Sounds a lot like what a non-person AI would say...
<joepie91>
__monty__: gchristensen: I unfortunately can, and I know many others who can as well
<joepie91>
it's a real issue, even if seemingly not universal
<__monty__>
It sounds very america centric.
<gchristensen>
joepie91: I believe you
<gchristensen>
I knew peole like that
<joepie91>
__monty__: many people I grew up around here in NL were the same
<joepie91>
(Netherlands)
<joepie91>
or still are, even
<gchristensen>
joepie91: I really wish that thread was in a format which can easily be shared with people who don't fully get twitter's threading
<__monty__>
I'm from belgium. 9/11 and especially columbine barely registered to us as kids. Sure it was "terrible" but you'd see it on the news then go outside and play hide and seek or something.
<gchristensen>
ohh another from Belgium!
<LnL>
huh!
<LnL>
o/
<__monty__>
I'm not sure I fully get twitter's threading, anything I should know?
<samueldr>
their developers, too, don't fully get twitter threading
<gchristensen>
__monty__: if you click various "See more"'s you'll see ... more of the htread, and its complicated
<__monty__>
gchristensen: You're not Belgian are you?
<joepie91>
[21:16] <__monty__> I'm from belgium. 9/11 and especially columbine barely registered to us as kids. Sure it was "terrible" but you'd see it on the news then go outside and play hide and seek or something.
<joepie91>
that was definitely different here
<joepie91>
wonder if that's where the difference is
pie___ has joined #nixos-chat
pie__ has quit [Read error: Connection reset by peer]
<samueldr>
oh, neat
<samueldr>
new spam message type I hadn't seen before
<samueldr>
oh, should have blanked the bitcoin address just in case, but eh
<gchristensen>
ahlol.
<samueldr>
(it's thankfully something old)
<joepie91>
samueldr: oh yeah, those ransom emails have been going around for a while now
<samueldr>
I figured, but never heard of them before
<joepie91>
it started with claims of having nudes, now they added leaked passwords to make it more believable
<samueldr>
it's highly effective by using a password
<samueldr>
well, could be
sir_guy_carleton has quit [Quit: WeeChat 2.0]
<samueldr>
AUGH, I really can't tell my opinion is unbiased now if I'm asked for my opinion about nixos :/
<gchristensen>
now that you're a RM?
<gchristensen>
or because NixOS is the best, no question about it?
<samueldr>
yes
dmc has joined #nixos-chat
<samueldr>
(both)
tertle||eltret has joined #nixos-chat
<joepie91>
samueldr: it doesn't need to be unbiased, it just needs to be accurate and transparent :)
<joepie91>
(and 'accurate' includes 'not missing the negatives' :P)
<joepie91>
samueldr: fwiw, a good way to not lose sight of the negatives of something is to continually ask yourself "if I told an absolute beginner about NixOS, what issues would I be stuck helping them with"
<joepie91>
(replace NixOS with whatever you're thinking of)
<samueldr>
yep, things I keep in mind already
<samueldr>
I was already formulating ways to explain nixos to someone
<ldlework>
in many distros, if there's no package for what you want, well, you'll probably have to do it yourself or just wait in blind hope
<ldlework>
in most distros this means a little automation of what the project's build process is, maybe a silly config format or something
<ldlework>
but in nixos you basically have to take on a whole new domain knowledge to be able to package things
<samueldr>
gchristensen: at your convenience, +s #nixos, it's *probably not* through /LIST that users find the channel
<ldlework>
domain of knowledge*
<samueldr>
hmmm, unsure if +s hides from /LIST on freenode (their doc only tells about WHO and WHOIS)
<gchristensen>
why +s?
<__monty__>
ldlework: OTOH, I've never dared touch debian packaging. With nix it's like how do I do this, let's goooo.
<ldlework>
__monty__: I have to cede I have never touched packaging before Nix so there is something there
<infinisil>
With Nix you can't break any other derivations at least :)
<samueldr>
it means you're not trying hard enough, infinisil
<samueldr>
(though, I concede its design patterns makes it harder to even have to consider doing dangerous things)
<infinisil>
What's the worst thing you can mess up with nix packaging?
<infinisil>
s/with/with with
<infinisil>
Setting the `phases` attribute directly? :P
<simpson>
You could generate some dangerous Docker images, I bet~
<samueldr>
I'm thinking more about the nixos side of things
<gchristensen>
you can do skeezie things in nixos options
<joepie91>
ldlework: I would say that packaging is much more accessible in NixOS than in other distros, modulo lacking docs; but that there is a much longer road to "knowing all there is to know" than in other distros
<joepie91>
easy to get started; difficult to master
<ldlework>
it was very hard for me to get started and seemingly the same for mastery :)
<ldlework>
lazy pure languages are very confusing, then there is nixos's module system which cleverly uses those properties
<ldlework>
then there is the whole derivation business
<ldlework>
stdenv
<infinisil>
gchristensen: samueldr: You mean how you can change pretty much the whole system in a nixos module?
<gchristensen>
yea
<ldlework>
not to mention the actual practice of writing derivations such that you can make some arbitrary software's build system use nix artifacts/dependencies
<ldlework>
the organization of nixpkgs itself
<ldlework>
there is a boatload of learning when it comes to getting started with nix
<ldlework>
i am in absolute love with nixos don't get me wrong please
<samueldr>
too late, you have been branded as a nixos and all nix-related things hater ;)
* ldlework
jumps into the ocean.
<samueldr>
gchristensen: sorry to bother you again, let's try +s for the channel
<gchristensen>
samueldr: why?
<samueldr>
if the assumption that they find channels using /LIST is right, it should stop them from finding it
<gchristensen>
ah
<gchristensen>
:( make me sad to set +s
<samueldr>
and I assume most users don't /LIST on freenode to find channels
<samueldr>
it could realistically crash some clients!
<gchristensen>
:o
<samueldr>
well, not really, but it's a lot to take in
<gchristensen>
yea
<samueldr>
what could be "right" for nixos and friend channels, if the situation never clears up, may be +s for #nixos, and +r for all other related :/
<samueldr>
(and then the attack could evolve and hair would be pulled)
<samueldr>
oh
<samueldr>
and for irc ops here, my friend that, too, manages my irc server confirmed that it's basically an open proxies attack
<infinisil>
samueldr: I occasionally use /list -re to find channels
<samueldr>
infinisil: sorry for your loss :(
<samueldr>
(I think many other channels tried it)
<gchristensen>
we'll undo it
<samueldr>
there goes the assumption
<infinisil>
IRC should support filtering messages before they even reach other clients
<samueldr>
no, it's not a protocol issue :)
<infinisil>
Freenode then?
<samueldr>
a big network like freenode should have made their implementation do this
<samueldr>
yes
<infinisil>
Ah yeah..
<infinisil>
These repetitive messages would be rather easy to block
__monty__ has quit [Quit: leaving]
<samueldr>
the level of sophistication here is so low
<samueldr>
it's literally shameful
<samueldr>
I'm really sorry, I hate going all negative like that
<samueldr>
this makes me worry for the future of freenode, since this makes it look like amateur hour
<samueldr>
when the attack started, in the 24, 48, even 72 first hour, I can see how it's hard to directly address a new attack
<infinisil>
agreed
<gchristensen>
well let's not get all doom and gloom now
<infinisil>
RIP Freenode
<infinisil>
Where should we move #nixos to?
<samueldr>
as I said, sorry, it's a bit of venting, I hate how using IRC is sometimes touted as better than locking yourself into $service
<gchristensen>
Microsoft Lync
<samueldr>
except that most forget that most projects won't self-host
<samueldr>
though, that's only about the lock-in part here.
<joepie91>
[00:35] <infinisil> IRC should support filtering messages before they even reach other clients
<joepie91>
UnrealIRCd has done this for *at least* 10 years
<joepie91>
it boggles my mind also why they haven't stopped this attack yet
<gchristensen>
> Lots of people in this thread saying "actually I switched" and other people going "that doesn't count"
<{^_^}>
error: syntax error, unexpected IN, expecting ')', at (string):162:16
<maurer>
gchristensen: There's also the bias that since most people _start_ with imperative programming, those who bothered to switch their primary language are fairly self selecting