

I got banned from Reddit for mentioning my Mastodon server in a post. You have a lot of company.
Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)
I also own these publicly available applications:
Mastodon: https://hear-me.social/
Alternative Mastodon UI: https://phanpy.hear-me.social/
Peertube: https://my-sunshine.video/
Friendica: https://my-place.social/
Matrix: https://element.secure-channel.net/
XMPP/Jabber: https://between-us.online/
Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social)
Mobilizon (Facebook Events Alt): https://my-group.events/
and more…


I got banned from Reddit for mentioning my Mastodon server in a post. You have a lot of company.


I’ve always believed, until this week, that if I posted something and it got upvotes, it was because people liked that I posted it. I’ve learned this week that because of some, it’s become a much less meaningful indicator. It’s been co-opted for unrelated purposes. I no longer trust it has any meaning. This is a letdown. Let’s add it then to the list of meaningless metrics like lines of code, story points, and StatCounter statistics.
If it remains an admin choice, I will keep it enabled for the two reasons that the behavior makes vote counts meaningless, which is unfair to the community, and that these empty votes add a ton of unnecessary traffic for every instance. I wonder what percentage of my server is used just to process meaningless votes. Each vote sends me a request to update the database. Each meaningless vote here requires me to send out a ton of requests to other servers. Why should I pay for this? Why should users see lower performance because of this behavior?
Please leave the setting, Rimu.
And I completely like the proposal.


There are two answers to this depending on what the reason is for asking.
If you are asking because you are concerned about scrapers reading your posts and violating your privacy and your rights, then understand that even if an instance is 100% effective at blocking them, the post is sent all over the place in clear text anyway. It doesn’t matter for them which of the federated servers your post is read from. They will read your post many times over. For this case, then, there is little incentive for a server owner to block bots if it’s just to protect your posts from ingestion.
If you are asking because you are concerned about scrapers sucking the life out of a server because there are multiple different AI companies trying to read every single post in the database multiple times over for training, which ends up causing gateway timeout errors and poor performance, then admins, for this reason, should take action.
On my PieFed server, feddit.online, as of yesterday, the firewall discarded 99K requests it deemed were for AI scraping while processing the remaining 300K requests. Those 99K requests would have been expensive requests, not just upvotes and such, but requests asking for huge amounts of text, and so the impact on the server and infrastructure would have been much more than a 25% tax on the system.
And if the bots realize your server is not well protected, it gets worse. 3 months ago I peaked at 1.2 million requests in one day, of which over 700K were AI bots. Now it’s down to consistently under 100K from bots because many of them have given up, I like to believe.


Statcounter is worse than a guess. There are numerous articles, but here’s a good one: Statcounter claims millions of people stopped using iphones and switched to Windows 7


Lemmy is t-i-m-eless.


This is supposed to be a gifted article and so no paywall.


So many companies claim “collaboration” is a prime reason for Return To Office and yet these same companies gladly use offshore teams for development work if they believe they can save money, proving that collaboration as a goal is a lie. A short overlap in time, if any, between onshore and offshore teams proves the claim is gaslighting.


It’s still listed by Proton: https://protonvpn.com/download-firefox-extension
This is probably temporary. It happened before when Mozilla wanted some changes, and until they were made, Firefox delisted it. So maybe it’s the same. But it is actively developed and maintained as you can see from Proton’s site.


You’re reading the wrong stuff: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e


They are doing no such thing. https://www.reddit.com/r/ProtonMail/comments/1u05xs2/comment/oqgihvq/
" You’re right to raise this, and we want to address it directly and provide you important context on how this happened.
Vincent Lapierre’s channel should never have been part of our affiliate and sponsorship program, because we intentionally avoid association with channels whose content could distract from our message and divide our community. "


Apparently this is a false alarm.
For all those going off on being negative about Proton based on an ambiguous post, this is the best explanation of Proton’s political position: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e


If you’re able to connect to other websites, then I doubt it’s you.


Both the client and the server machines must have reasonably accurate system clocks for an SSL/TLS handshake to succeed. Either your machine or their machine probably needs a time adjustment.


If successfully attacked and the hacker has elevated rights on your Pi, they are now in your local network and can potentially cause all sorts of grief in the router and on other connected devices. Or it can become part of a DDoS device farm.


Things like this that play games scare me. This itself opens a wider attack vector on your server. I’m thinking of possibilities:
In Linux, each TCP connection is a file descriptor. PortTripper holds connections to waste scanner threads, which means it’s holding file descriptors. This could be a good DDOS attack vector. Hit every port with connection requests, requiring a slew of file descriptor creations, and boom, you cause the server to hit the server ulimit cap. New connections cannot be made. The server is half dead.
Memory and CPU consumption. Maintaining thousands of open TCP states takes RAM and CPU. A massive flood can consume all memory. And for what? To annoy a hacker?
Interestingly enough, just these 2 things can make PortTripper a hacker’s tool.
If a service crashes or reboots, is down for maintenance, or is slow to come up, PortTripper might grab the port before the application comes back up. And then it can’t come back up.
Who’s to say there won’t be vulnerabilities in PortTripper that can cause a buffer overflow, memory leak, or parsing vulnerability in PortTripper’s code or a library it uses? Playing this game opens another attack vector into your server.
If PortTripper can bind to ports 1 through 1023, then it’s running as root or has elevated capabilities. If an attacker exploits a bug in PortTripper or a library it uses, they can get high-level control of the server.
While PortTripper “discards datagrams without replying” in a reflected DDOS attack, millions of discarded packets come in, which means millions of CPU interrupts at the kernel level. This can choke the NIC.
I think PortTripper is too risky to run just to become a nuisance to someone, IMHO.


This should be fixed now. It was an nginx configuration change.
Test post here: https://feddit.online/post/1667899


I fixed this on feddit.online. It was a firewall issue.

Does anyone know why it’s been put on serverHold?