What's going on with the matrix server?

I popped in the other day for help on an issue. A user, whose name I will not mention (I feel like giving him more attention is what he wants. It starts with x and ends with 0.) immediately DM’ed me telling me to configure my iptables configuration to open a certain port, which was completely irrelevant to my issue. He also sent me to his github page, which looked incredibly suspicious.

I was told by others that he is banned on the forums, but then why is he still on the matrix server?

I also noticed a thread where he’s selling some sort of service for a ridiculous price, and it seems as though some people are actually buying it (it could be alts of him trying to make it look more legitimate). He’s using alternate accounts, pretending to be other people, sneakily advertising his services. And just today I notice talk about a Qubes vulnerability, whose source is…of course, the same person.

The matrix server is a complete mess seemingly caused by a single person, probably trying to either hack people or earn money. Maybe both. Where are the mods, and why aren’t they cracking down on this person? Banning him from the forums but not the matrix server isn’t going to help much.

Probably the same person: Thank You for Helping with the Spam! 🙏

The matrix server is an unofficial venue. Therefore, there is no connection between the forum and matrix server. Read more here: Help, support, mailing lists, and forum | Qubes OS.

I am not on the matrix server, but I’d encourage users you to reach out to the mods of the server there and explain them about how problematic this user has been to the community here.

Yes, we’re talking about the same one.

1 Like

I’m not sure about that matrix channel, but the #qubes IRC channel on libera works just fine via matrix bridge too (#qubes:libera.chat), and it’s quite friendly place. Maybe we should replace it on the list?

3 Likes

I would blacklist every venue that that user has created, or where they
are active, and mark it, not just as “unofficial” but “toxic”.
Asking you to open an inbound port, and asking probing but unrelated
questions, (as this user does), are red flags, indicating malicious
intent. This should be made clear to users.

I would advice mods of unofficial venues of this and leave it to them to
decide how they want to deal with things.

We should not promote in any way venues where users will be spammed or
scammed. This user, and others like him, do both.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes

True. I would agree with that assessment.

Here’s what we currently have listed under “Unofficial venues”:

https://www.qubes-os.org/support/#unofficial-venues

Please let me know if it needs to be updated (and, if so, how).

In the Matrix Channel an admin warned today:

@room
Upgrade your Qubes system to the 6.x kernel ASAP. There’s an RCE+VM escape vuln in the wild because a jackass decided to sell their 0day instead of responsibly disclosing

and said things like:

Being realistic, that vuln will be weaponized within hours. And that is, if it hasn’t already been exploited in the wild

The only source for this is, that the person told the admin so in a pm. No proof, no details, but spreading panic.
Yes, the person is still active on the channel. Muted with the main account, but trolls under obviously other fake accounts and via pn.

For me, this (channel) definitely has become a toxic taste.

2 Likes

What if we adopted a new policy if not listing any unofficial venues? If we don’t try to maintain such a list, then there won’t be any disputes over favoritism, giving a platform to “toxic” venues, or, in general, which unofficial venues should or shouldn’t be included on the list. There also won’t be problems with the list going out of date or people mistaking them as official venues “because they were listed in an official place.”

Any objections, @marmarek?

1 Like

Generally sounds like a good idea. But also, I’d consider promoting #qubes IRC channel (and/or its matrix bridge #qubes:libera.chat) to official channel - a few core developers and regular contributors are there anyway, and we do have channel op there in case it’s needed.

3 Likes

Okay. Here’s a PR for your consideration:

1 Like

not sure if you are also on the qubes matrix channel (also seems like im on a different one because i never saw x0 there)

but im in one where a person met x0.
the person told us that x0 showed him messages from you where you are “planning” to release / reveal some information about x0.

this person also told “us” that x0 should be real and he got a team.

im still in the opinion this all is fake.

also because he was planning to teach us qubes and i were in his livestream and he was like doing anything.
he showed the people things networkchuck showed on youtube like beef and talked about it but never showed anything.

but i was also wondering why he was showing us beef - this is team red stuff, i thought we are learning about qubes?!?

so all in all, i got the feeling i didnt really learned anything in this “course”.

This post was flagged by the community and is temporarily hidden.

just watched it by the way i was doing some others stuff like i do it everywhere - if theres something interesting then i watch it actively but… yeah watched only ~3h passively
wasnt really interesting

I have become very interested in your expertise @knightmare (especially after reading 2023::not offered anymore have Andrew teach you! - #49 by unman) Obviously I’m confused but did you take “his course”? If you are not that person that “starts with x and ends with 0” what did you think of the “course”? Please tell me more.

Agreed @ConoRZ (looks like a scammer, at best, to me). Thanks for confirming.

*Best

After reviewing your statements, I see many inconsistencies.

Choose your words wisely.

You don’t know the whole story, and for starters, I saw the stream was canceled, and it was stopped under an hour.

Also what part of hacking with qubes didn’t you get?

Where are you expecting a course on how to use qubes?

Also, keep in consideration that if X is banned from the official community is he obligated to disclose to the core team his findings?

When all of you keep picking on the wrong autistic kid that can’t even defend himself.

I donno what’s going on there, because a power tripping commie loser mod banned me after I said I think capitalism is fine.

Maybe ignore this

@unman received this “personal” message from @knightmare today

I am @confused but also amused. :laughing:

@knightmare, as a nym, is funny in itself … but comments like

Peace is not an option in this community.

and

I am currently working on this chain of events.
Don’t be surprised when this happens

makes me wonder if this idiot should not be dealt with (sorry @deeplow and other forum mods, but this fool @knightmare has rekindled my old-school tendencies).

@Rudd-O

Commie loser mods? Tell us more

Of course I am @Confused

I will try but it is hard while :rofl:

Certainly

Must have been interesting. Shame I missed it. Did you save it? Please post a link.

Evidence?

No. But if you have something to contribute please share.

@marmarek ?

Sorry.

@Confused

Thank you for telling me the contents of the “personal” message -
unfortunately knightmare did not send that to me at all.
But that is of a piece with the misinformation and deceit being propagated
by what seems to be an army of fake accounts.

I originally drafted this in reply to @ConoRZ - I was not clear to whom
his message was addressed, but I guessed that it was one of the mods.
Again oblique claims had been made about messages to be sent or
disclosures that were to be made. I doubt that any thing came of that.

I have always thought that security is best achieved through what one
can call right thinking. And a useful path to that is by looking at what
one may call the madness of crowds, and the history of scams.

There are certain behaviours that seem to me to mark out some con and
scam artists. You can see these markers evident in everything from the
Rosicrucians, to QAnon, taking in the Priory of Sion on the way.

One is the suggestion that they have knowledge that they want to
keep hidden from you, but the noble scammer will share with you,
(Sometimes for free, but usually at a cost). It doesn’t matter if the
knowledge is really hidden - the scammer will tell you it is.

Another feature is the use of unsubstantiated claims that there are
efforts to silence the scammer. Sometimes they will produce “evidence”
of this - more often, the claim by itself is enough.

Often, there will be a claim that the scammer has particular skills or
special knowledge. Again, this is rarely backed by anything, but the simple
assertion is enough to make it so.

Sometimes scammer will make claims about things they have done - usually
in secret, so that they cannot be produced in evidence. Again, the claim
by itself is sufficient to bolster the mystery surrounding scammer, and
to enhance the purported special skills or knowledge.

And then there is confirmation from others that scammer is who they
say they are, or that they have done special things. Those others may be
part of the con, or dupes, or the scammer under another name. On the
internet it’s trivially easy to generate other personas to fill this
role. Often the confirmation comes in the form of messages apparently
sent or received, or reports from some 3rd party.

I have no idea if x0 is the real deal. Every aspect of their behaviour
makes me think that they are a scheister of the highest order.
I listened to the first link that was posted, and it did not seem to me
to be a good introduction to Qubes, as I said at the time. Nor did it
seem consistent with someone who had 10 years experience with Qubes.

What we have seen so far, from a team of $1M 1337 h4x0r Xen wizards,
is a shaky video showing a window in the installer being dragged
about until the progress bar stops. That looks like a known issue,
where the progress bar appears to halt, but the installer continues
in the background. Maybe the wizards have found something else - it’s
impossible to say, on the basis of that video.

It’s not the first time we’ve seen shaky videos purporting to undermine
Qubes with major hacks. Last time there was almost nothing underlying the
grandiose claims. Perhaps this time things will be different.

By their fruits shall ye know them.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
3 Likes

Such is my intuition too (as well as their nyms/dupes).

Perhaps…

(Wish I had more time atm to further discuss this)

Best Regards