GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 04:17:48 JST Kevin Beaumont Kevin Beaumont

    Okay, this made me laugh.

    In conversation about a year ago from cyberplace.social permalink

    Attachments


    1. https://cyberplace.social/system/media_attachments/files/111/948/426/204/865/702/original/1af9cf09f6d33906.png
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 04:21:53 JST Kevin Beaumont Kevin Beaumont
      in reply to

      The long story short with the Mastodon spam woes this weekend is it’s a deliberate attack exploiting Fediverse and Mastodon issues.

      They’re using Tor exit nodes and everything is automated. I think they can just keep running it, as there is no barrier to stop them.

      To keep it in perspective, though, I don’t think it’s a big deal at present. People should just ignore it.

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 04:25:22 JST Kevin Beaumont Kevin Beaumont
      in reply to

      There is a bunch of technical issues it highlights, which is that Fediverse is very open to abuse at present. There’s no spam filtering at all. It’s like email from 1996. It’s wide open to abuse.

      IMHO Mastodon admins should enable CAPTCHA for registration - it’s supported out of the box - if they run open sign ups.

      Ideally Mastodon would add easy install third party plugins (a la Wordpress etc) so people could develop optional plugins for anti-spam and anti-malware.

      In conversation about a year ago permalink
    • Embed this notice
      Allan Chow (grumpasaurus@fosstodon.org)'s status on Sunday, 18-Feb-2024 04:27:33 JST Allan Chow Allan Chow
      in reply to

      @GossiTheDog how many of these instances are instances people set up but then forgot about them

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 04:33:48 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Now, it does become a bigger problem if the current spammers publish their source code and more join in.

      There’s absolutely no effective controls to stop it - here is the Wild West still - so the elephant is the room is anybody can flip the table at present.

      The good news is much of the anti spam and anti phish technologies over the years (Real time Block Lists etc) can be reworked for here. The bad news is that’s a long way off realistically.

      In conversation about a year ago permalink
    • Embed this notice
      Renaud Chaput (renchap@oisaur.com)'s status on Sunday, 18-Feb-2024 04:35:22 JST Renaud Chaput Renaud Chaput
      in reply to

      @GossiTheDog here are my plans to tackle this, hopefully we will be able to start on it soon: https://renchap.com/blog/post/evolving_mastodon_trust_and_safety/

      In conversation about a year ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        Evolving Mastodon’s Trust & Safety Features • Renaud Chaput
        Here are my personal thoughts about how we could handle Trust & Safety features in Mastodon software. This is based on my own experience in the field, my current knowledge of the source code and architecture, as well as my experience managing infrastructure for mastodon.social & mastodon.online since December 2022. Context Managing a Mastodon instance is hard work, with the most effort going to moderation and abuse, and not technical operations as one might expect.
    • Embed this notice
      Ben Royce 🇺🇦 (benroyce@mastodon.social)'s status on Sunday, 18-Feb-2024 05:24:25 JST Ben Royce 🇺🇦 Ben Royce 🇺🇦
      in reply to

      @GossiTheDog "the elephant in the room is that anyone can flip the table at present"

      it's called a mastodon

      🏃♂️

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 05:36:40 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Another knock on impact from the spam run - the pictures of spam in the posts are chewing up disk space if file system without deduping is used, and there’s extra Sidekiq load (it’s the biggest Saturday ever on cyberplace.social).

      Also a bunch of instances have gone to failing in federation admin page, presumably because smaller instance admins got annoyed and switched them off.

      In conversation about a year ago permalink
    • Embed this notice
      Renaud Chaput (renchap@oisaur.com)'s status on Sunday, 18-Feb-2024 05:43:03 JST Renaud Chaput Renaud Chaput
      in reply to

      @GossiTheDog or because they are overloaded with the spam + reports

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 20:56:28 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Mastodon has been in deep decline for months (eg active user numbers have halved), but now the metrics are turning around due to one Japanese Discord spammer 🤣

      In conversation about a year ago permalink

      Attachments


      1. https://cyberplace.social/system/media_attachments/files/111/952/353/204/947/126/original/c54dbba904648088.jpeg
    • Embed this notice
      Sofie :verified_gay: (soupglasses@hachyderm.io)'s status on Sunday, 18-Feb-2024 21:02:04 JST Sofie :verified_gay: Sofie :verified_gay:
      in reply to

      @GossiTheDog Still -6% tho :blobfoxlaughsweat:

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-Feb-2024 22:06:16 JST Kevin Beaumont Kevin Beaumont
      in reply to

      For context on the spam problem, hundreds of Mastodon servers are chucking out thousands of spam messages.

      One example instance: https://opensimsocial.com/public/local

      It’s all one dude on Discord who has realised they can script spam. Thankfully they haven’t published source code.

      In conversation about a year ago permalink

      Attachments


      AnthonyJK-Admin, Paul Cantrell and Haelwenn /элвэн/ :triskell: repeated this.
    • Embed this notice
      Jordan Biserkov (jbiserkov@mas.to)'s status on Sunday, 18-Feb-2024 22:33:20 JST Jordan Biserkov Jordan Biserkov
      in reply to

      @GossiTheDog How is CAPTCHA the solution? Isn't it trivially defeated with "AI" these days?

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 19-Feb-2024 07:49:11 JST Kevin Beaumont Kevin Beaumont
      in reply to

      An update on the Fediverse spam issue:

      - It’s not just Mastodon.

      - Most of the targets receiving the spam use Misskey, and are in Japan.

      - Most Mastodon users aren’t being targeted, so aren’t seeing it.

      - It is a dispute between two people over a social issue, after asking them about it.

      - It is fully automated.

      - The spam continues to be sent and probably won’t stop any time soon, these guys need to star in a BL drama and make up.

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and narcolepsy and alcoholism :flag: like this.
      Puniko ?, Jacek Wesołowski, Matthew Lyon and Tim Chambers repeated this.
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 19-Feb-2024 07:55:32 JST Kevin Beaumont Kevin Beaumont
      in reply to

      If anybody wants another hilarious online dispute issue, back in 2016 two teens had a dispute over Minecraft, so one DDoS’d the Minecraft server’s DNS server - that broke Dyn, which took down internet access across the US East Coast as they were such a key supplier.

      I had to do a radio show on NPR about that one and the presenter kept asking me if it was Putin — and I was like, no, it’s teenagers. Advanced Persistent Teenagers.

      In conversation about a year ago permalink
      Puniko ? likes this.
      Tim Chambers repeated this.
    • Embed this notice
      Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 19-Feb-2024 08:45:56 JST Wolf480pl Wolf480pl
      in reply to

      @GossiTheDog captchas might work for this spam bot, but I wouldn't count on them for the long term.

      Outside of fedi, I've seen captcha-solving spambots years ago. Also they took their time, slowly registering sleeper accounts over the span of a year, before using them to send any spam.

      In conversation about a year ago permalink
    • Embed this notice
      Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 19-Feb-2024 09:05:51 JST Wolf480pl Wolf480pl

      @GossiTheDog yeah what I'm saying is, my concern are the bots that we might see in a year or two.

      In conversation about a year ago permalink
    • Embed this notice
      katrintheresa (katrintheresa@cyberplace.social)'s status on Monday, 19-Feb-2024 10:56:17 JST katrintheresa katrintheresa
      in reply to

      @GossiTheDog 👀

      In conversation about a year ago permalink
    • Embed this notice
      Juno Jove (jupiter@mastodon.gamedev.place)'s status on Monday, 19-Feb-2024 19:05:43 JST Juno Jove Juno Jove
      in reply to

      @GossiTheDog

      Sooo it's not possible to just reject federation from any misskey instances?

      Do mastodon instances not have a user agent equivalent when federating content? (*goes to read the spec*)

      Again, this isn't about killing the infection, it's about getting people isolated until enough masks and vaccines are available. As a species, we should have internalized this by now.

      Oh. Wait.

      In conversation about a year ago permalink
    • Embed this notice
      Anarchic Teapot ⚧️ (anarchic_teapot@lingo.lol)'s status on Monday, 19-Feb-2024 19:44:13 JST Anarchic Teapot ⚧️ Anarchic Teapot ⚧️
      in reply to

      @GossiTheDog Typos in the last paragraph, should read:
      "To keep it in perspective, though, I don’t think. People should just ignore me."

      In conversation about a year ago permalink
    • Embed this notice
      Anarchic Teapot ⚧️ (anarchic_teapot@lingo.lol)'s status on Monday, 19-Feb-2024 19:45:42 JST Anarchic Teapot ⚧️ Anarchic Teapot ⚧️

      @GossiTheDog Statement of fact, laugh that off.

      In conversation about a year ago permalink
    • Embed this notice
      Deborah Hartmann Preuss, pcc 🇨🇦 (deborahh@mstdn.ca)'s status on Monday, 19-Feb-2024 22:12:54 JST Deborah Hartmann Preuss, pcc 🇨🇦 Deborah Hartmann Preuss, pcc 🇨🇦
      in reply to

      @GossiTheDog ok, so they are fighting.

      Why, then, are they messing with our servers?

      In conversation about a year ago permalink
    • Embed this notice
      narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Tuesday, 20-Feb-2024 03:56:43 JST narcolepsy and alcoholism :flag: narcolepsy and alcoholism :flag:
      in reply to
      @GossiTheDog - Most of the targets receiving the spam use Misskey, and are in Japan.

      I guess Finland is truly Honorary Japan. Not sure what it says about Pleroma tho...
      In conversation about a year ago permalink
    • Embed this notice
      cybik :deifirev: (root@sms.cybik.moe)'s status on Tuesday, 20-Feb-2024 03:59:41 JST cybik :deifirev: cybik :deifirev:
      in reply to

      @GossiTheDog "technology falls to the dick-measuring contest of two teenagers" is a time-honored tradition at this point.

      In conversation about a year ago permalink
    • Embed this notice
      Marie :verifiedtrans: (marie@transfem.social)'s status on Tuesday, 20-Feb-2024 04:27:49 JST Marie :verifiedtrans: Marie :verifiedtrans:
      in reply to

      @GossiTheDog@cyberplace.social Actually point two is more so

      "Most of the targets receiving the spam use Misskey or a fork of Misskey and communicated at least once with a Japanese user or mentioned a big japanese instance (mostly misskey.io)"

      In conversation about a year ago permalink

      Attachments

      1. Misskey.io
        Misskey.io は、地球で生まれた分散マイクロブログSNSです。Fediverse(様々なSNSで構成される宇宙)の中に存在するため、他のSNSと相互に繋がっています。 暫し都会の喧騒から離れて、新しいインターネットにダイブしてみませんか。 お問い合わせはこちらhttps://go.misskey.io/support Powered by Misskey
    • Embed this notice
      spv (spv@mastodon.spv.sh)'s status on Tuesday, 20-Feb-2024 17:22:04 JST spv spv
      in reply to

      @GossiTheDog THAT is why DYN went down???????

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 20-Feb-2024 20:12:19 JST Kevin Beaumont Kevin Beaumont
      in reply to

      If anybody wants an update on the Fediverse spam issue - the groups did a ceasefire 5 hours ago (3PM JST).

      In conversation about a year ago permalink
      Tim Chambers repeated this.
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 20-Feb-2024 20:40:12 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Also, yes, it was a beef over access to a Discord.

      In conversation about a year ago permalink

      Attachments


      1. https://cyberplace.social/system/media_attachments/files/111/963/613/732/929/418/original/c6eaadf7bf0cf021.png
      藤井太洋, Taiyo Fujii repeated this.
    • Embed this notice
      Jonly (jonly@mastodon.social)'s status on Tuesday, 20-Feb-2024 21:06:14 JST Jonly Jonly
      in reply to

      @GossiTheDog still fail to see how the spam aided in that?

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 21-Feb-2024 04:26:35 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Mastodon change coming where new servers have open registration disabled by default: https://github.com/mastodon/mastodon/pull/29280

      Mastodon team have been all over behind the scenes btw.

      In conversation about a year ago permalink

      Attachments


    • Embed this notice
      Luc (luc@chaos.social)'s status on Wednesday, 21-Feb-2024 06:35:57 JST Luc Luc
      in reply to

      @GossiTheDog what's a JST? Jordan? Japan? Java?
      *tries to think really hard about other geographical regions' names starting with J*

      This is why I like UTC/GMT offsets...

      In conversation about a year ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 21-Feb-2024 21:58:21 JST Kevin Beaumont Kevin Beaumont
      in reply to
      • Ivory by Tapbots :emoji_wink:

      Good news everybody, the Fediverse spammer is back! @ivory client filtering it all out for me.

      In conversation about a year ago permalink

      Attachments


      Børge repeated this.
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 22-Feb-2024 20:03:39 JST Kevin Beaumont Kevin Beaumont
      in reply to

      Mastodon change incoming in next release, if no mod logs into a server for a week open registrations will close. Will probably take a few weeks but should solve the current spam issue largely. https://github.com/mastodon/mastodon/pull/29318

      In conversation about a year ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        Automatically switch from open to approved registrations in absence of moderators by ClearlyClaire · Pull Request #29318 · mastodon/mastodon
        This is not meant to replace #29280, but supplement it to avoid unmonitored servers keeping open registrations indefinitely. Automatically switch away from open registrations if no user with the pe...
    • Embed this notice
      Børge (forteller@tutoteket.no)'s status on Thursday, 22-Feb-2024 20:24:53 JST Børge Børge
      in reply to
      • Glyn Moody

      @GossiTheDog @glynmoody Good change!

      In conversation about a year ago permalink
    • Embed this notice
      propapanda :verified: (panda@pandas.social)'s status on Thursday, 22-Feb-2024 20:34:05 JST propapanda :verified: propapanda :verified:
      in reply to

      @GossiTheDog

      I thought most of the servers of the current spam wave run outdated software, so updates will not hit these servers any time soon or at all

      In conversation about a year ago permalink
    • Embed this notice
      Cathy YesCT (yesct@mastodon.social)'s status on Thursday, 22-Feb-2024 22:06:42 JST Cathy YesCT Cathy YesCT
      • propapanda :verified:

      @GossiTheDog @panda I don't understand. How will the update effect already existing servers?

      In conversation about a year ago permalink
    • Embed this notice
      Cathy YesCT (yesct@mastodon.social)'s status on Thursday, 22-Feb-2024 22:12:50 JST Cathy YesCT Cathy YesCT
      • propapanda :verified:

      @GossiTheDog @panda ah, ok. I think that's what panda was saying.

      In conversation about a year ago permalink
    • Embed this notice
      jlo (jlo@glib.social)'s status on Friday, 23-Feb-2024 00:26:06 JST jlo jlo
      in reply to

      @GossiTheDog Now I may be a known idiot but this would require a version update yes?

      If so, that would mean whatever % don’t update would still be a possible zombie *IF* Open Registration is still open on it?

      In conversation about a year ago permalink
    • Embed this notice
      dracoling (dracoling@firetribe.org)'s status on Friday, 23-Feb-2024 00:28:01 JST dracoling dracoling
      in reply to

      @GossiTheDog@cyberplace.social While I love this change for future installations, updating to the new version with this patch requires interaction, which is exactly what's missing from the servers doing the spamming now!

      In conversation about a year ago permalink
    • Embed this notice
      Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 23-Feb-2024 18:43:34 JST Aral Balkan Aral Balkan
      in reply to
      • patter

      @patterfloof @GossiTheDog That is a very good question.

      In conversation about a year ago permalink
    • Embed this notice
      patter (patterfloof@meow.social)'s status on Friday, 23-Feb-2024 18:43:35 JST patter patter
      in reply to

      @GossiTheDog silly question, but if mods haven't logged in for a week, how are those servers going to be upgraded to the version with this feature?

      In conversation about a year ago permalink
    • Embed this notice
      patter (patterfloof@meow.social)'s status on Friday, 23-Feb-2024 20:26:55 JST patter patter
      in reply to
      • Aral Balkan

      @aral @GossiTheDog I guess there could be version numbers in the protocol & newer servers block feeds that aren't the right version

      but this is me, a programmer spitballing without info

      In conversation about a year ago permalink
    • Embed this notice
      Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 23-Feb-2024 21:59:30 JST Aral Balkan Aral Balkan
      • patter

      @GossiTheDog @patterfloof Mastodon, however, could still very easily stop accepting traffic from Mastodon servers that are X versions behind. This would be good for the health of the network in general. And when/if those servers upgraded, it could start accepting traffic from them again.

      In conversation about a year ago permalink
    • Embed this notice
      Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 23-Feb-2024 22:10:13 JST Aral Balkan Aral Balkan
      • patter

      @GossiTheDog @patterfloof Not my circus, not my monkeys. Sadly, I don’t have time in the day enough to contribute to every codebase on the planet. But I’ll keep the idea in mind as a possible feature that we could implement in Small Web apps to ensure we don’t run into the same problem. (Small Web apps auto update anyway but it’ll be a good check to have in case someone has disabled that for their server.)

      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.