Gentoo Archives: gentoo-dev

From: Kent Fredric <kentnl@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] Anti-spam for goose
Date: Thu, 21 May 2020 13:38:18
Message-Id: 20200522013802.09970797@katipo2.lan
In Reply to: [gentoo-dev] [RFC] Anti-spam for goose by "Michał Górny"
1 On Thu, 21 May 2020 10:47:07 +0200
2 Michał Górny <mgorny@g.o> wrote:
4 > An alternative of using a proof-of-work algorithm was suggested to me
5 > yesterday. The idea is that every submission has to be accompanied with
6 > the result of some cumbersome calculation that can't be trivially run
7 > in parallel or optimized out to dedicated hardware.
9 If the proof of work mechanism was restricted to ID generation, then
10 the amoritized cost would be acceptable.
12 So instead of the ID being generated locally, you'd send a request
13 asking for an ID, it would send you the challenge math, you'd send the
14 answer, and then you'd get your ID.
16 And their ID would be an encoded copy of their input vectors and
17 responses, a random chunk, and chunk representing the signature of
20 Or something like that.
22 But the gist is it would be impossible to use ID's not generated by the
23 server.
25 Then the spam factor to monitor wouldn't be submission rates, it would
26 be "New ID request" rates, as these should never be needed to be
27 generated in large volumes.
29 _And_ taking 5 minutes for ID generation wouldn't be a terrible thing.
31 ( We could possibly collect anonymous stats on ID generation rates, and
32 average times to generate a response to a challenge, and use that to
33 determine what our challenge complexity should be )


Subject Author
Re: [gentoo-dev] [RFC] Anti-spam for goose Kent Fredric <kentnl@g.o>