this post was submitted on 24 Jul 2024
-2 points (46.2% liked)
Asklemmy
43746 readers
1310 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well, there's also IP address. If you're savvy you might be able to get around that as well, but it's deliberately difficult to do sustainably for exactly that reason.
To my knowledge, there is no coordinated sharing of IP addresses between instances. Different instances are run by different people, so it's very unlikely the IP address will matter.
A new username on a new instance is likely enough that no one will ever know, so long as your posts or comments don't give you away.
Well, if you're not a dick you theoretically shouldn't get banned the first time.
If you are a dick, I imagine you'll run out of instances pretty quickly, using that strategy. You could keep it up for a while, though. I do worry about the reckoning with spammers that will eventually have to happen on here.
There are already spammers all over Lemmy. There's a coordinated effort to remove spam, it just doesn't include IP addresses (which aren't that helpful because they change and with CG-NAT entire neighbourhoods can share them, and with VPNs people not near each other can - plus if you have a dynamic IP then restarting your router can give you a new one).
Ah, so you do know how it all works.
During the Reddit exodus, at least, there were a lot of instances that required very little for you to make a new user. I've put down the lack of mass abuse (that I've seen) to the small level of traffic, but that won't last. The standard thing is to require an email address, and for email providers to require either another email address or something like a phone number with a meatspace papertrail. That way, they can bother an abuse department which can bother other abuse departments.
Of course, there's still ways around it, as you probably know, but they're not free, and so a Nash equilibrium is achieved where stuff is usable.
You can buy valid gmail address by the thousands. Email validation is one part of a multilayered approach. It cuts some out, but you need more layers. Captchas work, they cut some proportion out, but not all.
Probably the most effective is registration applications, but this is a huge barrier to entry. If we want Lemmy to grow, we are going to have to change the current state (most instances require an application to join), or change peoples expectations. You can sign up for a reddit account just like that, and start using it without waiting for approval. Why would people choose Lemmy? On our instance we had a drop in registrations to about 1/10 of what we had with open registrations.
Unfortunately I don't know the answer. It probably involves taking on strategies like reddit if we are going to scale that big (auto-mod, karma, etc). Unfortunately we will have even more trouble, because in the users host instance doesn't ban them then an admin on every other instance has to ban them for that instance. So we probably need to be able to follow ban lists to auto-ban users that have been banned on other trusted instances or something like that. As we grow, I'm sure we will have more pain before it gets better, but I'm hopeful that we will solve issues as they arise.
Yep, although the economics of that depend on what you're doing. I'm trying not to mention too many details, because internet hooliganism is one of the few things I think I could make worse just by publicly and accessibly explaining, haha.
I know of people with similar mechanisms who had problems with very sincere-sounding bad actors before ChatGPT. Best of luck with it, though. It's how I got into my instance.
Hey, unrelated, but do you know if they ever got the database code cleaned up? One of these days that's actually going to start to bite; my instance already had to do a hardware upgrade once.
I should try and figure out how a list of bad IPs would best fit into ActivityPub. It sounds like it would be easy enough to add.
It's been done, we can do it again!
There are many ChatGPT answers, but I think this more affects instances like Beehaw who ask for an essay and have to pick the AI out from the others. My instance has a short and specific question and works to weed out a lot of this, though I'm confident some spammers still get through (and are sitting on accounts waiting for them to age up a bit).
I'm not familiar with that specific code, but it probably depends on the last time you looked at it. In the early reddit migration days a lot of optimisation changes were made in a hurry, but there were issues that arose as instances scaled. These were patched up by various releases but on my instance the average CPU usage of the 0.19 versions is 30% or more up on the 0.18s.
Being in NZ we were also hit hard by the issue of federation being concurrent. To this day we are running an extra VM in Finland to batch up activities and send them in bulk to be replayed on the Lemmy server. I'm pretty sure I saw a pull request for that recently though so it might be fixed in the next version (but we'll have to wait until Lemmy.world updates if I understand it correctly).
Perhaps such a thing exists for Mastodon and could be applied to Lemmy?
Fascinating, I didn't realise the latency down there was that bad. How hard was it to get the process working across two distant servers like that?
Hmm, doesn't look like it. The relevant source doesn't mention anything, and a GitHub question from 2022 doesn't mention a devoted feature, although there's some publicly posted lists shared.
Lemmy servers don't send the next activity until the first is received. From memory it was something like 150-200ms for the round trip to Finland and back. That means a maximum of about 5 or 6 activities per second at the best of times. However, when Lemmy receives say a new comment, it then sends a request to retrieve the user details from the user's instance, and the whole pipeline is held up. The worst I saw was occasional activities taking 8 seconds to complete (I guess whatever data was being fetched was on a slow instance).
At one point, kbin.Social hammered Lemmy.world with duplicate requests which then tried to federate out, and that was when the problem was noticed (though Lemmy.world does average more than 5 a second so even after kbin issues stopped we couldn't recover). A guy on matrix Nothing4You (I'm not sure of Lemmy username ) built a pre-fetcher to trigger Lemmy to retrieve details of posts before Lemmy.world tried to federate them out, thus helping those situations where it was taking multiple seconds to retrieve all details. It helped but was not enough to turn the tide, and we were still getting further and further behind. Nothing4You was meanwhile building a complete batching solution, which you can see on github.
So for me? It was easy, I just signed up for a server and ran an ansible playbook to set it up, then added a docker container to the Lemmy stack, all the while getting personalised help 🙂. I'm not sure how hard it was to conceptualise a solution, build it, test it, and make sure it was fault tolerant, because I didn't have to!
Exactly.