Conversation
Notices
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 10:36:59 JST 
Alex Gleason
This is mildly annoying and very easy to prevent, but I don't feel like writing the MRF for it. Anyway, enable rate limiting on your server and use "by approval" registration mode or you're gonna be on Fediblock for a dumb reason.
RT: https://social.selfprivacy.org/objects/71532636-b085-473d-b3c7-554eecadde90-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 10:58:43 JST
Alex Gleason
@graf Approval mode solves the problem. You're wrong. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 10:58:44 JST 
anime graf mays ?️?
@alex alex come on. you know closing registrations or forcing by approval isn't the way to solve this. different captcha that requires user input beyond basic OCR, rate limiting the registration API endpoint and basic security fixes (that should be in the default nginx shipped with rebased and pleroma) are the way to solve it. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:01:02 JST
anime graf mays ?️?
@alex it solves the problem for platforms trying to stagnate, you're right. im trying to grow poast not sit around clicking 'approve' on everyone. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:01:02 JST
Alex Gleason
@graf Was your server getting mass registrations or just getting mentions? These are different problems. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:03:13 JST
Alex Gleason
@graf What I'm saying is that pleroma.nobodyhasthe.biz and social.selfprivacy.org should be enabling "by approval" mode, not poast. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:03:14 JST
anime graf mays ?️?
@alex no, because we took steps to prevent it. and we are taking steps to prevent the spam even federating to us. the proper solution. not locking down -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:14:07 JST
Alex Gleason
@graf This is an open source project provided to the community for free. Pay my salary, or submit a pull request with your suggested changes. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:14:08 JST
anime graf mays ?️?
@alex NHTB has my fix in place, so do several other servers. what I'm saying is basic ratelimiting should be included in the pleroma nginx default config. we can lead this change instead of relying on others to solve it for us -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:14:08 JST
anime graf mays ?️?
@alex dont make me call you to bro out. im not trying to fight i want to fix this and ive been working all day to fix this and most of the afternoon yesterday -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:24:24 JST
Alex Gleason
@graf The actual solution is an MRF. But I do not have the time to implement it. Pleroma already has a built-in rate limiter on the registrations endpoint, so an nginx patch should not be needed. The built-in rate limiter is enabled by default, but could be misconfigured depending on the setup. In other words, we're already doing all the things we're supposed to be doing by default, but this is still happening to some servers. I'm not sure the nginx approach is the right solution. It's a bandaid. Configuring the built-in rate limiter will fix it, and a new MRF could stop duplication spam. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:24:25 JST
anime graf mays ?️?
@alex this is actually really petty -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:26:50 JST
Alex Gleason
@graf https://docs.soapbox.pub/backend/configuration/cheatsheet/#pleromawebplugsremoteip -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:28:59 JST
Alex Gleason
@p @graf I agree with you. -
Embed this notice
pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 17-May-2023 11:29:01 JST 
pistolero :thispersondoesnotexist:
@alex @graf
> What I'm saying is that pleroma.nobodyhasthe.biz and social.selfprivacy.org should be enabling "by approval" mode, not poast.
If only it were possible to rely on other nodes in the network not being negligent or malicious. "We don't need filtering! We just need other servers to stop doing anything malicious!"
This is like that "Pleroma doesn't force email confirmation! Make the software make people verify their email addresses!" bug you filed when you were using Mastodon.
All this other software on the internet has been built with the expectation that you cannot control other nodes on the network and they might be buggy or actively malicious, and it was all built that way because you cannot control other nodes on the network and they might be buggy or actively malicious. You have to plan around that instead of just wishing that other people ran their nodes the way you want. This is the same approach that got that stupid spammy blockbot merged into your shitty excuse for a fork, and you said "Oh, it's all Pete's fault! He shouldn't do that!" instead of saying "A random person on the internet can abuse this, so someone on the internet will abuse it, so I should fix it to prevent that problem." -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:29:27 JST
anime graf mays ?️?
@alex and im working on an MRF right now Alex Gleason likes this. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 11:32:45 JST 
Fediverse Contractor
Maybe if you weren’t so autistic, you would’ve actually fixed it instead of annoying ppl by spamming their instances. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:38:48 JST
Alex Gleason
@matty @graf I built the registration microservice on Truth Social, and it involves configurable "challenges" including email verification and SMS verification. Captcha could be a challenge. "I am not a robot" could be a challenge. Etc. Admins can enable and order the challenges however they want.
But for a Fediverse server, IP rate limiting is good enough. "By approval" mode is also a good default unless you have a reason not to be, such as wanting to be a public square. To those who say "then you'll get a flood of approval requests": first of all, enable rate limiting. Second, this is significantly less damage, as it is only an inconvenience to you as an admin rather than an inconvenience to your users and potentially the whole network. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Wednesday, 17-May-2023 11:38:49 JST 
Matty
Well, approval mode solves the problem of people being able to get in without any moderation but it doesn't necessarily stop the issue of being spammed with signups. I think adding a different kind of Captcha (the more interactive one) for signups would help mitigate this issue. It seems that most of the accounts come in bursts, all at the same time so they're obviously using some sort of software to read the image and then pass it.
Would rate limiting help mitigate this, or a stronger bot mitigation at signup? I think it's something that can be discussed especially if this becomes more of an issue in the future. -
Embed this notice
flappypaddle (flappypaddle@hijacked.download)'s status on Wednesday, 17-May-2023 11:42:49 JST 
flappypaddle
If you only had a little protein in your diet.. several of us got hit overnight and you're just going to throw your hands in the air and say yeah who cares? Are you only capable of writing a pretty front end and a socket between protocols? Stand beside your shit or deprecate it. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:42:49 JST
Alex Gleason
@flappypaddle @graf Why do I always have to be the one that solves it? I gave you so much, and you demand more. I'm not the Giving Tree. There are solutions, and I even made several recommendations in this thread. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 11:43:04 JST
Fediverse Contractor
Omg stop crying. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:43:32 JST
Alex Gleason
@flappypaddle @graf Write an MRF, retard. That's my answer. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:43:33 JST
anime graf mays ?️?
@flappypaddle @alex hostility isnt the answer friend, like i helped you and others we all need to work together to solve this, not fling shit at eachother -
Embed this notice
flappypaddle (flappypaddle@hijacked.download)'s status on Wednesday, 17-May-2023 11:43:33 JST
flappypaddle
Alex's solution is not one. I am a little annoyed as anyone who was hit deserves to be. Especially you. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:45:46 JST
Alex Gleason
@flappypaddle @graf Are you going to speak to my manager? 🤣 -
Embed this notice
flappypaddle (flappypaddle@hijacked.download)'s status on Wednesday, 17-May-2023 11:45:47 JST
flappypaddle
You're right. Your integration of a service which doesn't work is not your problem. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 11:46:43 JST
Fediverse Contractor
But things change over time, no? So I don’t think that’ll work. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Wednesday, 17-May-2023 11:46:44 JST
Matty
But that's cheating... -
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Wednesday, 17-May-2023 11:46:44 JST 
Hoss Delgado
That's what all the dweebs with no other marketable skills are going to say when the robot takes their job for real. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Wednesday, 17-May-2023 11:46:45 JST
Matty
This is true. I'm just trying to help as much as I can - normally it's via ideas since I can't do coding. -
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Wednesday, 17-May-2023 11:46:45 JST
Hoss Delgado
Give it a year and you'll be able to tell a robot to code whatever ideas you want in their entirety. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:47:06 JST
Alex Gleason
@flappypaddle @graf Did you pay me? If you have ever given me so much as even $10, I apologize. But you do understand we live in a capitalist world, right? I am suffering constantly. -
Embed this notice
flappypaddle (flappypaddle@hijacked.download)'s status on Wednesday, 17-May-2023 11:47:07 JST
flappypaddle
If I can't trust your code or for you to fix it, I can't trust you. Thank you. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:48:52 JST
anime graf mays ?️?
@flappypaddle @alex alex isnt responsible for the captcha options available in upstream pleroma. i think they are very poor implementations and they haven't been resolved since this particular spam script was used in 2020, 2021, early 2022
i am looking into options and if i can find one just as good without use of an API I will try it on poast and upstream it to rebased if it's functional for us.
getting upset at alex for someone choosing to use your instance to spam others isn't the way. we need to work together not ostricize eachother. help me help everyoneAlex Gleason likes this. -
Embed this notice
flappypaddle (flappypaddle@hijacked.download)'s status on Wednesday, 17-May-2023 11:49:52 JST
flappypaddle
Thanks for taking a ton of shit in the name of free speech, however, I am no longer interested in your product. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Wednesday, 17-May-2023 11:49:52 JST
Alex Gleason
@flappypaddle @graf Oh no!! I'm going to lose a $0.00 customer -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 11:51:11 JST
Fediverse Contractor
No, I mean that coding changes over time. Isn’t rust a new tranny thing? An AI can’t just learn to use it without examples. -
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Wednesday, 17-May-2023 11:51:12 JST
Hoss Delgado
If by "things change over time" you mean "tens of thousands of people who had six-figure jobs working functionally 10-20 hour weeks will be totally unemployed and lucky to find work as Walmart greeters" then yes, things change over time. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 11:51:22 JST
Fediverse Contractor
I don’t think anyway, maybe it can. -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Wednesday, 17-May-2023 11:58:25 JST
anime graf mays ?️?
@alex @flappypaddle that means you too alex, stop instigating fights with people we desperately need to work together toward a resolution. shitflinging isnt going to solve anything even if he's being a piece of shit to you. you are the one who instilled this value in me two years ago. dont forget we are in this together Alex Gleason likes this. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:01:20 JST 
KitlerIs6"
You are far too impressed by modern AI. The level of adaptability you are talking about requires actual thinking and understanding, two things which are far beyond current AI's ability. Fediverse Contractor likes this. -
Embed this notice
Mr. Bacon (tony@clew.lol)'s status on Wednesday, 17-May-2023 12:01:21 JST 
Mr. Bacon
The "challenge" of coding is mostly syntax. Otherwise, an AI should be able to figure out just about any language as long as it has access to the syntax library. At the core it's just the computer's way of telling it's components to do stuff.
Since AI is a computer, as long as it has the syntax, it should be able to figure out how to get itself to do whatever you want. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:01:21 JST
KitlerIs6"
That's not true though, at least of modern gpt AIs. Even when you provide them the exact definitions of the syntax and an example of the code they fail even hello world examples on novel languages. -
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Wednesday, 17-May-2023 12:01:21 JST
Hoss Delgado
I really don't think this is a problem that's going to take long to be overcome. Barely a speedbump. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 12:02:37 JST
Fediverse Contractor
You’ve tried? -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:10:47 JST
KitlerIs6"
It was when I had kronor ask gpt 4 to do something with pancake stack. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 12:10:47 JST
Fediverse Contractor
I have zero recollection of that. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:10:48 JST
KitlerIs6"
You were there lol. -
Embed this notice
Hoss Delgado (hoss@shitpost.cloud)'s status on Wednesday, 17-May-2023 12:12:54 JST
Hoss Delgado
You could've said the same shit about things GPT wasn't capable of a couple years ago that it does now with ease. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 12:12:54 JST
Fediverse Contractor
I’m not an AI expert obv but I think its basic limitation is that it can’t just come up with new things on its own. It needs example work to base it off of. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:48:05 JST
KitlerIs6"
https://seal.cafe/@kroner/posts/ATeyC4oSO3CVI150yG Fediverse Contractor likes this. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 17-May-2023 12:48:06 JST
KitlerIs6"
I swear you were in that thread. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 17-May-2023 12:49:19 JST
Fediverse Contractor
Hmm well, I dunno.
-
Embed this notice
All GNU social JP content and data are available under the