@Saxophone3784 KF basically needs to "win" in order for KFcc to come back. We need a real datacenter provider who will back KF 100% when it comes to these deplatforming campaigns. That doesn't exist, yet.
The semi-decentralized layer-7 anti-DDoS stuff doesn't work for protocols like the fediverse.
@Saxophone3784@NonPlayableClown not really. The problem is the need to create unsolicited outbound connections. The website stuff works because it's all inbound reverse-proxy.
Perhaps with a lot of effort something could be made but it's a situation where the forum was under existential threat and the fact the forum has returned in such a solid state is itself a big win and it may not be worth the risk to disrupt it's success by adding more shit on top of it.
@NonPlayableClown@crunklord420 Is there no other protocol besides the fediverse that can work? Is it not sensible to develop something that would work under these conditions?
>We need a real datacenter provider who will back KF 100% when it comes to these deplatforming campaigns.
You also need one that isn't going to fold when a retard from Canada calls and lies about all the harassment and non-existent CP KF has. :SeethingDanielS:
@Saxophone3784@NonPlayableClown and that's also totally ignoring the fact every fediverse server will just throw up it's hands trying trying to do the PoW check. Adding the ability for fediverse servers to do PoW as an anti-DDoS feature could become a vector for DoS attacks. Trannies would likely balk at any attempt to add such a feature, even with anti-DoS mitigations. Maybe it could potentially work given per-IP/per-domain throttles. Then again, making it easy for non-browser software to complete the hash might end up defeating the entire original purpose of the technique.
I wonder what @alex would say about the feasibility of adding such functionality.
@crunklord420@Saxophone3784 >The semi-decentralized layer-7 anti-DDoS stuff doesn't work for protocols like the fediverse. I thought about it, and it might work if you don't put the JS challenge page on ActivityPub endpoints needed for federation, but this'll probably require some middleware filtering in order to distinguish legitimate requests from forged. 1. Actors (user profiles), objects (posts) and webfinger could be aggresively cached and served statically, since their size rarely ever gets larger than the JS blob needed for PoW challenge. I do it myself to speed things up since my instance is proxied from my home in Russia to the VPS in America. 2. Inbox endpoints that are used for receiving posts from subscriptions pretty much only receive POST requests with activity json and signature header required to check whether the activity is legit. This part is rather hard, and I don't know how exactly can one handle it; I guess you could either start with IP whitelists for legitimate instances that fully federate with KFcc, or build a middleware with separate cache/database of actors public keys (maybe pulled from live database from instance itself) to check signatures against. I doubt resource constraints for checking the key are any larger than for establishing an SSL connection to begin with. 3. MastoAPI, frontend and everything else could be just left behind the challenge. This will break third-party apps like mobile clients, but maybe you could use similar approach to IP whitelist but with oauth tokens instead. 4. As for outbound requests, you can just route them through a bunch of disposable round-robin proxies.
@Saxophone3784@NonPlayableClown@alex no one on the fediverse actually gets meaningfully DDoS'd. No one is under serious attack. There isn't a serious spam problem on the fediverse.
The only reason this is true is because the fediverse is a cringe protocol that no one actually cares about. If the fediverse were actually popular the network would become much more militarized like how email works in practice. With real-time blacklists, whitelists, mail provider contact registrations, etc. Email sucks as a result of spam and now email is hardly a open protocol if you don't like being instantly marked as spam.
@crunklord420@NonPlayableClown@alex Where do you personally see all of this going? do you think fediverse does indeed have potential or will these problems outweigh any benefits in the future?
@Saxophone3784@NonPlayableClown@alex PoW is the only demonstrated solution to deal with sybil attacks. But then on the other hand, if a server can hash a token what stops a DDoS'er? Maybe only the low hanging fruit. Which might actually be the majority of attackers.
There is no good solution. The fact the fediverse is relatively small is effectively the solution. Not everything has to become the biggest. The plebs are not capable of leaving the walled gardens. They don't own computers. They have iPhones. They're one dropped phone away from losing access to their gmail account forever. The idea these people are going to hold, protect and maintain cryptographic credentials (like Nostr) is pure fantasy. The itself practically destroys the chance at any solution revolving around decentralized identities.
@crunklord420@NonPlayableClown@alex so what's your idea or let's say ideal way you'd like for the things to develop? I mean when it comes to internet communication forums/social stuff.
@crunklord420@NonPlayableClown@alex Well it's not for me about being biggest, I personally would not want that anyway. But let's say we are in our current situation, where, effectively, as you said, kfcc can't exist. So how would then the fediverse be a solution? Do I understand you correctly that you think fediverse protocol can be improved/upgraded to make that possible?
@Saxophone3784@NonPlayableClown@alex I don't think it's realistic to bolt on PoW functionality into the fediverse. I don't know if this would be an actual practical solution considering the nuances of why Josh's technique actually works (it requires an actual browser).
The solution is instances die and people migrate. It will happen over and over. You could argue that having very long running authoritative instances is bad for the decentralization of the network.
@Saxophone3784@NonPlayableClown@alex so more to this, the solution might be to integrate cryptographic identities to make migration more reputable. I think I've seen some Mastodon instances where they have like a third party signature verification using a GPG key. So this already basically exists. That's why I have a fingerprint on my bio (even though I've never actually signed anything).
@eriner@Saxophone3784@alex@NonPlayableClown at a glance, when I looked at it, Nostr had waaaay more of a spam problem than the Fediverse. Might be related to the fact it's a monolith community of bitcoin people.
@crunklord420@Saxophone3784@alex@eriner@NonPlayableClown The amount of relays is still in lower double digits, and practically everyone who can generate a private key could push to them whatever they want. Some sort of anti-spam measures via pluggable MRF-like modules only got introduced much later in the lifespan, and still aren't applied everywhere like the recent momostr.pink shenanigans show. Maybe if people were more willing to host their own private relays that, say, only permit pushes from NIP-05 verified people on their domain, the situation would be different for better.
@mint@crunklord420@NonPlayableClown@Saxophone3784@alex FEP-c390 is implemented in Mitra, along with a migration mechanism based on it (which can work even if the original instance is down). But this migration mechanism only works for followers, and it hasn't been implemented by other projects, so it is not particularly interesting. I consider FEP-c390 deprecated (though it might be useful for other things besides migrations).
FEP-ef61 is much better because it makes all objects portable and self-authenticating. I haven't implemented it fully, it is a work in progress.
Agree, there's no complete solution to resource exhaustion attacks; they're wars of attrition. Best you can do is shore up and increase *their* cost/resource consumption.
It's like a castle siege. In the end, you either have to wait for them to get bored and go away, actively mitigate and defend their current mode of attack (if resources permit), which is a Sisyphean task.