Conversation

Notices

1. Embed this notice
   silverpill (silverpill@mitra.social)'s status on Tuesday, 03-Sep-2024 03:31:34 JST silverpill

   How many domain names your government needs to block in order to censor an entire network?

   Bluesky: 1 domain name
   Nostr: 680 domain names, but blocking 10 most popular relays and hosted clients would probably be enough to kill it
   Fediverse: more than 20000 domain names

   #Fediverse #Censorship

   • kaia, ✙ dcc :pedomustdie: :phear_slackware: and Sick Sun like this.
   • Linux Walt (@lnxw37j1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Tuesday, 03-Sep-2024 04:57:16 JST silverpill

     in reply to

     • hamiller_friendica

     @hamiller_friendica The work is ongoing to bring these protocol features (offline-first and store-and-forward) to Fediverse: https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md

   • Embed this notice
     hamiller_friendica (hamiller_friendica@anonsys.net)'s status on Tuesday, 03-Sep-2024 04:57:17 JST hamiller_friendica

     in reply to

     @silverpill That's why I would prefer SSB in some situations. This also works without access to the Internet, and then works in store-and-forward mode.

     scuttlebutt.nz/about/

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 19:53:42 JST silverpill

     in reply to

     • ᴍᴏᴏɴ :AkibaBunny:

     @moon It's a micro-blogging server I'm building https://codeberg.org/silverpill/mitra

   • Embed this notice
     ᴍᴏᴏɴ :AkibaBunny: (moon@akiba.social)'s status on Saturday, 14-Sep-2024 19:53:46 JST ᴍᴏᴏɴ :AkibaBunny:

     in reply to

     @silverpill@mitra.social what's mitra?

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 20:01:07 JST silverpill

     in reply to

     • ᴍᴏᴏɴ :AkibaBunny:

     @moon Nostr relays are servers too. You can use multiple servers at once, but users tend to concentrate on a small number of popular servers. Hosted web clients are just regular websites and can also be blocked by domain name.

     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     ᴍᴏᴏɴ :AkibaBunny: (moon@akiba.social)'s status on Saturday, 14-Sep-2024 20:01:08 JST ᴍᴏᴏɴ :AkibaBunny:

     in reply to

     @silverpill@mitra.social but wasn't nostr easier to spread because you don't need a server?
     
     How it works with this relay / hosted client thing?

   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 14-Sep-2024 20:04:17 JST 

     in reply to

     • ᴍᴏᴏɴ :AkibaBunny:
     @silverpill @moon Also a bunch of clients have uploads hardcoded to nostr.build server, so there's also that.
     ✙ dcc :pedomustdie: :phear_slackware: and Sick Sun like this.
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 20:12:21 JST silverpill

     in reply to

     • aeris

     @aeris Bluesky is not decentralized and never will be. You have no idea what you're talking about.

     ✙ dcc :pedomustdie: :phear_slackware: and Sick Sun like this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 20:12:23 JST aeris

     in reply to

     @silverpill@mitra.social This is completly false.
     Bluesky is decentralized since beginning of 2023. And the fediverse would be very censored with less than 10 major instances censorship. Migration no more possible for old account. Tons of things just doesn't work, etc.

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 20:29:36 JST silverpill

     in reply to

     • Taylan

     @taylan Yes, in theory you can run your own relays, and switch them easily. Most users won't do that. In practice the network is smaller and easier to disrupt, that's what my post was about.

     >"admin dictatorship"

     No idea what it means. You can run your own fedi server if you want to be in charge

     >means you will be banned from interacting with half of the Fediverse or more

     If those people don't want to interact with you, I don't see any problem

     ✙ dcc :pedomustdie: :phear_slackware: and Sick Sun like this.
   • Embed this notice
     Taylan (taylan@fedi.feministwiki.org)'s status on Saturday, 14-Sep-2024 20:29:38 JST Taylan

     in reply to
     @silverpill Correct me if I'm wrong:
     
     You can put up new Nostr relays any time, and people can keep using their existing account with a new relay / app. (Identity is just a key.)
     
     On the other hand, taking down a fedi node means that accounts on it are lost. (Identity includes domain name.)
     
     And there's only that high number of fedi nodes because it's 20 years older and orders of magnitude more popular. Besides, 90% of users are on like 20-30 nodes, I think.
     
     So, Nostr is the more censorship resilient one, isn't it?
     
     Nostr also doesn't have the "admin dictatorship" problem, if I'm not mistaken. Fedi is already deeply broken due to that issue. Holding certain opinions, such as in favour of women's rights, means you will be banned from interacting with half of the Fediverse or more.
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 20:59:49 JST silverpill

     in reply to

     • ᴍᴏᴏɴ :AkibaBunny:

     @moon The value of a network depends on its size, so the total number of nodes and distribution of users are quite important. If you cut off 99% users the network will be dead no matter what.
     Censorship circumvention has a price, and most users will not pay it.

     By the way, the cheapest solution is not to deploy a new node, but to use a VPN.

     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     ᴍᴏᴏɴ :AkibaBunny: (moon@akiba.social)'s status on Saturday, 14-Sep-2024 20:59:50 JST ᴍᴏᴏɴ :AkibaBunny:

     in reply to

     @silverpill@mitra.social oh I see, but I still don't understand how the nostr works
     
     People's accounts are not limited to a single server, right? I can login with any client on any relay with my "key" and it will spread my posts as mine, right?
     
     Why blocking some clients and some relays will block the network if people can just keep creating new relays and clients (each one with a new domain to be accessible)

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 22:31:34 JST silverpill

     in reply to

     • Taylan

     @taylan

     >Is there a technical reason Nostr couldn't have as many relays as Fedi has nodes?

     There is no technical reason, but I think there's a social reason. People are not good at managing secret keys, so as the network grows, more and more people will forgo key management and will use trusted services. Basically, the same scenario that played out in cryptocurrency world. An average user don't want to think about keys and relays, so market will provide convenient but centralized solutions.

     This hasn't happened in Fediverse because of the very feature you're criticizing it for. Reputation of the server can be damaged by actions of its users, and that creates a strong incentive to split into smaller communities.

   • Embed this notice
     Taylan (taylan@fedi.feministwiki.org)'s status on Saturday, 14-Sep-2024 22:31:35 JST Taylan

     in reply to
     @silverpill
     
     > In practice the network is smaller and easier to disrupt, that's what my post was about.
     
     But presumably this is just a factor of the smaller popularity? Is there a technical reason Nostr couldn't have as many relays as Fedi has nodes?
     
     > If those people don't want to interact with you, I don't see any problem
     
     I think about 99.999% (literally) of those people have never heard of me, and will never hear of me on the Fediverse, since I've been pre-emptively blocked for them by their admins.
     
     Also, in almost all cases, even the admin blocking me doesn't do so because he or she heard of me, let alone has ever actually seen a post by me. Rather, the block is implemented by importing pre-made block lists.
     
     These block lists include massive numbers of people, who might be associated with wrongthink in some way, because at some point the Fedi node they're on was flagged by someone and put on such a list. There is no oversight of this process, or transparency about the reasons. It's just a tiny minority of people who are trusted blindly as authorities on what people you should and shouldn't interact with. And they successfully split the entire Fediverse in two halves (or even more pieces) that can't interact.
     
     This is all done "for the safety" of their users, even though it doesn't in any way prevent the "bad people" from seeing those users; it merely silences them on Fedi.
     
     It really is just straight up authoritarian censorship, pretty much as bad as on centralised platforms like Twitter and Facebook.
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 22:48:00 JST silverpill

     in reply to

     • Taylan

     @taylan I agree that instance admins are often over-reacting with instance blocks, but I don't see how moderation can work on a large scale without such mechanism.

     The situation can be improved by making identity decentralized. I've been working on it: https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md
     This solution allows full account migrations (not just followers), and multi-homing. A bit like Nostr, but "instances" still exist as moderation domains.

   • Embed this notice
     Taylan (taylan@fedi.feministwiki.org)'s status on Saturday, 14-Sep-2024 22:48:01 JST Taylan

     in reply to

     • Taylan
     @silverpill
     
     > This is all done "for the safety" of their users, even though it doesn't in any way prevent the "bad people" from seeing those users; it merely silences them on Fedi.
     
     Actually, I was unclear here. I think you know what I mean, but for the avoidance of doubt:
     
     It doesn't fully silence those people, of course. They can still talk to each other on their own nodes, and could for instance still organise harassment campaigns if that was their intention.
     
     It doesn't deal with truly harmful people in any meaningful way. It just disrupts communication on a massive scale, between thousands of people, just to make it ever so slightly more difficult for a tiny minority of actual bad actors to carry out their harassment campaigns.
     
     I think the real intention isn't even to combat harassment. It's just to silence people with views deemed unpleasant, and the "safety" thing is just the justification. (Exactly how authoritarian censorship always goes.)
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Saturday, 14-Sep-2024 22:54:54 JST silverpill

     in reply to

     • ᴍᴏᴏɴ :AkibaBunny:

     @moon Some clients make connections to relays directly from the browser, so they won't be able to connect to blocked relays. If requests are proxied by client, it won't be affected.

   • Embed this notice
     ᴍᴏᴏɴ :AkibaBunny: (moon@akiba.social)'s status on Saturday, 14-Sep-2024 22:54:55 JST ᴍᴏᴏɴ :AkibaBunny:

     in reply to

     @silverpill@mitra.social ah yeah that's how people keep accessing Twitter in Brazil, just using free vpns
     
     But I was thinking the censorship would come like that, blocking access to the client, in this case a website. If you just create another access point in another dns you're in again and the relays are not affected, are they?

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:11:29 JST aeris

     in reply to

     @silverpill@mitra.social And currently the Fediverse is doing more censorship than any government ever did in the past. Even more than Twitter.

     Sick Sun likes this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:13:41 JST aeris

     in reply to

     @silverpill@mitra.social In BlueSky, i can even say "Hey, my government censor my account domain name, but hey, you can join my PDS on my .onion address or here is alternative clearnet domain name". It's NOT possible to do on the Fediverse. Require a full operational migration.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:13:47 JST aeris

     in reply to

     @silverpill@mitra.social BlueSky is even more federated than Fediverse they federate THE MODERATION. There is no "instance moderation". The moderation is federated. You can moderate ANY content on ANY instance. Even not your.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:13:50 JST aeris

     in reply to

     @silverpill@mitra.social That's the current status of federation on BlueSky : full federated. And even more federated than the Fediverse (because of easier migration with no loss between instances)

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:13:53 JST aeris

     in reply to

     @silverpill@mitra.social Currently, BlueSky is even MORE federated than Fediverse. You can move from one PDS to another without losing a single follower or worse, content.
     If you move from one PDS to another, you lost litterally nothing. No migration to do. No content conversion.
     Fediverse just CAN'T do that. You loose at least all your previous content and need a full following/followers migration, witch is NOT possible if your starting or future instance is under censorship (both instance MUST be available from all other instances to be able to migrate)

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:13:55 JST aeris

     in reply to

     @silverpill@mitra.social Sorry, it was november 2023 for the big switch
     https://github.com/bluesky-social/atproto/discussions/1832

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:14:00 JST aeris

     in reply to

     @silverpill@mitra.social And currently BlueSky achieve something Fediverse is totally impossible to do. Migrating tons of account from one PDS to another without losing a single piece of data.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:14:04 JST aeris

     in reply to

     @silverpill@mitra.social And since january 2023 (if I remember correctly), production switch to the decentralized version, with load balancing of the main single PDS to multiple one. You can host your own PDS if you want.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Saturday, 14-Sep-2024 23:14:07 JST aeris

     in reply to

     @silverpill@mitra.social Yeah, sure… I host my PDS on test network on AT Protocol, but don't know about AT protocol
     https://github.com/bluesky-social/pds

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Saturday, 14-Sep-2024 23:52:04 JST feld

     in reply to

     • aeris
     @aeris @silverpill but it will never happen because you gotta beg for the right to run your own PDS on their discord, it's not like it's permission-less and you can just do it
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Saturday, 14-Sep-2024 23:55:24 JST feld

     in reply to

     • aeris
     @aeris @silverpill this is the most honest description. It's not federated, it's brokered
     
     https://jase.social/content/3683164/people-describe-atproto-as-federated-and-that-ha/
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 00:01:43 JST Sick Sun

     in reply to

     • aeris
     • feld
     @feld @aeris @silverpill someone questioned their interpretation and their response was "I don't know I can't read their spec because <ridiculous reason>"
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 00:08:20 JST Sick Sun

     in reply to

     • aeris
     • feld
     @aeris @silverpill @feld I agree that AP is underspecified and missing important things but I think it will eventually get those things because it has more potential. From my perspective AP development would happen faster if it wasn't for the dominance of one implementation.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:08:27 JST aeris

     in reply to

     • Sick Sun
     • feld

     @sun@shitposter.world @feld@friedcheese.us @silverpill@mitra.social People unable to migrate because loosing content if changing instance or worst, software… I litterally lost 200k post on Fediverse because switching from Mastodon to Firefish. Loosing tons of followers because migration process is botchered. Having to keep my previous software up if I want to keep my content despite migration to a new software. Forced to migrate domain to change software.

     Sick Sun likes this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:08:32 JST aeris

     in reply to

     • Sick Sun
     • feld

     @sun@shitposter.world @feld@friedcheese.us @silverpill@mitra.social ActivityPub is very hard to explain too in all cases. And some of very huge limitation of this protocol is very badly and poorly know for user. AT is perhaps hard for maintainer, but AP is hard for users…

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 00:19:41 JST Sick Sun

     in reply to

     • aeris
     • feld
     @aeris @silverpill @feld in your view does atproto fix all this
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:19:48 JST aeris

     in reply to

     • Sick Sun
     • feld

     @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us People just literally stop posting content because hammering other instance with tons of request or self-ddos-ing their servers.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:19:53 JST aeris

     in reply to

     • Sick Sun
     • feld

     @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us AP have no potential because of very serious trouble from the start. Typically, tying domain to instance and confusing frontend with backend are very strange and hard to change choice, with very tedious trouble because of that.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:36:55 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill The link previews will be getting federated likely within a year by my estimation, so it won't cause that to hammer your blog anymore.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:36:59 JST aeris

     in reply to

     • Sick Sun
     • feld

     @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us For content migration and independent handle from domain/software/instance, clearly yes. It's technically built-in by design. For self-ddos, I don't know how it's achieve in practice, but yes, posting link on bluesky with millions of people reading it it's just a no-op for my server. Posting a link to Fediverse for 3k followers just hammer my blog server…

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:41:42 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill It's going to be one hit per server and there's like less than 100k active servers, your post will only reach a few thousand on the fediverse, so if your site can't take these hits your site is badly designed; the content should be entirely served from cache.
     
     People are just bad at websites and we never made them improve
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:41:56 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social It will. A big content creator have to stop posting link on Fediverse last week because of that. I will try to find it post about this.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:42:09 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill Oh yeah these people need to suffer for the sins of their webmaster for sure
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:42:13 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social I have this one 4 month ago: https://news.itsfoss.com/mastodon-link-problem/
     Will check for the more recent story I remember.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:46:55 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill Yeah, who cares? Where is your cache? Nginx, Varnish, a CDN???
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:46:57 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social Here is a single post effect from the fediverse. Hitting a server with the power of a raspi.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:49:01 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill THATS WHY YOU CACHE THE CONTENT :laugh:
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:49:02 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social Dude, it's a RASPI SERVER on my desktop!

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:51:28 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill Ok let me explain this again. The point of a cache is to reduce the load on a slow server so it can handle larger amounts of traffic and weather sudden spikes.
     
     You have a slow server.
     
     You did not add a cache.
     
     You did it to yourself.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:51:30 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social "IT'S A RASPI DUDE"

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 00:51:39 JST Sick Sun

     in reply to

     • mr64bit
     • aeris
     • feld
     @aeris @silverpill @feld @mr64bit how is this the fault of the fediverse, if 500 people were subscribed to your blog via RSS wouldn't this same thing happen
     feld likes this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:51:48 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us That's just the result for a tiny 500 followers account. Imagine now a 1 million follower account.

   • Embed this notice
     mr64bit (mr64bit@p.mr64.net)'s status on Sunday, 15-Sep-2024 00:51:49 JST mr64bit

     in reply to

     • aeris
     • Sick Sun
     • feld
     @aeris @sun @silverpill @feld that's what, 4 whole requests a second?
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:52:37 JST feld

     in reply to

     • aeris
     • Sick Sun
     @aeris @sun @silverpill All those Pleroma HTTP HEADs need to go away though, I'm working on it. We will have to change default HTTP adapter swab from Hackney though
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:53:53 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @sun @aeris @silverpill @mr64bit Yes, indeed.
     
     Just use a cache. You don't need a worldwide CDN and you don't need a full rack of servers. Just a simple cache to store the page in memory so it doesn't have to do any heavy work to respond to those requests.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:56:02 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit Does it require a user to login? No? It's cacheable. It's always cacheable.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:56:04 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net This page is NOT cachable.

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 00:56:29 JST Sick Sun

     in reply to

     • aeris
     • feld
     @aeris @silverpill @feld did the central premise of this blog post come true, afaict those famous people all left the Fediverse lol.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:56:35 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social And for very huge account, you just FRY the server at the other side
     https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:56:41 JST aeris

     in reply to

     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social DUDE !!! THE AFNIC ITSELF WAS DDOS-ED BY MASTODON !!!
     
     RE: https://mastodon.gougere.fr/users/bortzmeyer/statuses/113112573107980587

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:57:26 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit Then cache the response for when a user isn't logged in ...
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:57:27 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net Yes, it require a login. There is a CSRF and anti-bot dynamic content on it for real usage

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 00:58:51 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit So cache it with a low TTL of like 30 seconds. Are people gonna notice if the page is 30 seconds too old? Then you do the work at max once every 30 seconds. I hope your Pi can handle that
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 00:58:53 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net It's NOT possible. Content is dynamic EVEN if not logged in.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:01:01 JST aeris

     in reply to

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net Even with 30s, it will break CSRF

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:06:39 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @mr64bit @sun @silverpill Okay why isn't it an HTTP POST instead of a GET then
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 01:06:48 JST Sick Sun

     in reply to

     • mr64bit
     • aeris
     • feld
     @feld @aeris @silverpill @mr64bit you can't cache this!
     Doughnut Lollipop 【記録係】:blobfoxgooglymlem: and feld like this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:06:49 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit you can't cache this????
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:07:38 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us Yeah, it not asking for login and password, but this is a login page.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:07:57 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social @feld@friedcheese.us This is a login page dude.

   • Embed this notice
     mr64bit (mr64bit@p.mr64.net)'s status on Sunday, 15-Sep-2024 01:07:58 JST mr64bit

     in reply to

     • aeris
     • Sick Sun
     • feld
     @aeris @sun @silverpill @feld If there's no login, then what's the point of a CSRF token?
     feld likes this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:08:06 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net I repeat : this page is NOT cachable without breaking real user authentication, anti-CSRF and anti-bot system. Not even 1ms.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:08:06 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit Normal workload includes being able to fend off bots, scrapers, and attackers. It's 2024, you make it publicly accessible this is what you're gonna get. Sounds like you should be running this on a completely private network or redesign it entirely
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:08:15 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @sun@shitposter.world @silverpill@mitra.social @mr64bit@p.mr64.net This computer is perfectly capable of handling real world workload. Fediverse workload is NOT normal.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:08:16 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit You should run such a service on a computer capable of handling a real world workload then I guess. You've done this to yourself.
   • Embed this notice
     mr64bit (mr64bit@p.mr64.net)'s status on Sunday, 15-Sep-2024 01:08:33 JST mr64bit

     in reply to

     • aeris
     • Sick Sun
     • feld
     @aeris @sun @silverpill @feld ah, now I see your problem.
     ✙ dcc :pedomustdie: :phear_slackware:, Sick Sun and feld like this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:08:33 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @mr64bit @aeris @sun @silverpill Ruby on a Pi? My god ...
     Sick Sun likes this.
   • Embed this notice
      (mint@ryona.agency)'s status on Sunday, 15-Sep-2024 01:10:43 JST 

     in reply to

     • aeris
     • Sick Sun
     • feld
     @aeris @sun @silverpill @feld Pisskey not breaking thread context challenge (impossible)
     Screenshot_20240914_190247.png
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:11:05 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @mr64bit @sun @silverpill Where's the login form? Where do I put my credentials?
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:13:58 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @mr64bit @sun @silverpill Ok, that form is not even on my page when I load it but it doesn't matter;
     
     I'm too busy to translate it, what even is this? Some "sign my petition" type thing that you're trying to stop bots from filling out?
     
     Do the anti-bot work when they POST, not when they load the page.
     
     And also you could be serving a completely different page with reduced contents, only the required <meta> tags for any User Agent with "Bot" in the name and that would solve half your problem. You could literally do that *in* Varnish or Nginx even
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:14:11 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social Here

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:17:44 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social And what I know too is trying to federate over HTTP with flooding the original source of the content without even relying on other peers already knowing the content is the strangest thing I guess it's possible to imagine for a decentralized social network.

     feld likes this.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:17:45 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social There is people knowing how to dev and deploy yes.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:19:27 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @mr64bit @sun @silverpill Gargron cried wolf about people putting fake data in link preview fields and manipulating / pranking users as the reason to not federate them but he's finally changing his mind
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Sunday, 15-Sep-2024 01:20:25 JST silverpill

     in reply to

     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     @jeffcliff I don't think blocking 20000 domains at once is a realistic scenario, because normally censors are tasked with suppressing specific sources (while minimizing collateral damage).

     However, you're right that deep dependency on DNS is not a good thing, even though DNS is necessary to maximize reach and provide good UX. I designed FEP-ef61 which addresses this issue by detaching identity from domain name.

   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Sunday, 15-Sep-2024 01:20:26 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to
     @silverpill of course it probably isn't much more difficult to block 1 domain name than it is to block 20,000 if you're ICE. Maybe some extra paperwork that's about it.
     
     That's why it's so important to remove dependency from DNS altogether and for *certain* to not have bluesky's deep dependency on DNS. It's difficult to move fediverse servers from domain name to domain name and should be easier -- but possible. Don't know about nostr i'd imagine nostr doesn't care either way
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:23:57 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social We know crypto thing since 1970 to protect from such behavior…

     feld likes this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:26:48 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @mr64bit @sun @silverpill But it is still your responsibility as the developer to make sure the computer does as little work as possible for each request so a sudden influx of unexpected traffic does not degrade the service availability.
   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:26:52 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social Perhaps running Ruby on Raspi seems strange. But running federated social network with such standard behavior is just… crazy.

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:26:58 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social Having 3000+ instances hammering a single source to fetch content without even thinking about distributing the content over the network is… a really crazy design…

   • Embed this notice
     aeris (aeris@firefish.imirhil.fr)'s status on Sunday, 15-Sep-2024 01:57:32 JST aeris

     in reply to

     • mr64bit
     • Sick Sun
     • feld

     @feld@friedcheese.us @mr64bit@p.mr64.net @sun@shitposter.world @silverpill@mitra.social A people in 2014 not able to thing about public key crypto to protect from such behavior would definitively not thinking about designing a federated social network.

     feld likes this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 15-Sep-2024 01:59:13 JST feld

     in reply to

     • mr64bit
     • aeris
     • Sick Sun
     @aeris @sun @silverpill @mr64bit the threats and concerns were different back then. Self-hosting from home was even less likely with internet connection speeds most people had at home. They'd have likely run it on a VPS with more resources than your Pi
     
     We'll get through this, it's just some growing pains
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Sunday, 15-Sep-2024 02:13:44 JST silverpill

     in reply to

     • Sick Sun
     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     @jeffcliff @sun No, but Streams can do this, and Mitra has partial support.

   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Sunday, 15-Sep-2024 02:13:45 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • Sick Sun
     @silverpill @sun does pleroma do this?
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Sunday, 15-Sep-2024 02:53:23 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • Sick Sun
     @silverpill
     
     @sun also worth considering implement on your new vonbraun server
     Sick Sun likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 02:59:36 JST Sick Sun

     in reply to

     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
     @jeffcliff @silverpill I just read it over. When I get some other things going I’ll support this
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Sunday, 15-Sep-2024 09:11:52 JST silverpill

     in reply to

     • Sick Sun
     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     @sun @jeffcliff Working on AP implementation? Have you published its source code?

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 11:44:33 JST Sick Sun

     in reply to

     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
     @silverpill @jeffcliff I have a code base where I am experimenting with ideas and when i figure out things to m taking what I learned and start a “serious” codebase. So the current codebase is embarrassing. I can share it though I’ll send it later
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 11:56:00 JST Sick Sun

     in reply to

     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
     @jeffcliff @silverpill No one should run the code! It WILL be abandoned, it's a dumpster for experiments. No one should run it.
     Another Linux Walt Alt likes this.
   • Embed this notice
     Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Sunday, 15-Sep-2024 11:56:01 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     in reply to

     • Sick Sun
     @sun @silverpill i swear this social norm of being embarrassed about code is a microsoft conspiracy somehow
   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Sunday, 15-Sep-2024 17:41:31 JST silverpill

     in reply to

     • Sick Sun
     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧

     @sun @jeffcliff Are you writing it in Rust?

   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 15-Sep-2024 18:11:41 JST Sick Sun

     in reply to

     • Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
     @silverpill @jeffcliff Elixir.
   • Embed this notice
     ✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Monday, 16-Sep-2024 09:51:51 JST ✙ dcc :pedomustdie: :phear_slackware:

     in reply to
     @silverpill Yea.... Fuck i need to make a no stir meme