I recently discovered NodeBB can federate and started hunting for interesting instances. I’m into tech, literature, and indie games but haven’t found an instance that fits. Could anyone recommend NodeBB instances with active communities focused on those topics? Thanks!

Federation is eventually consistent, but when we're talking practical terms, how long is too long for a node to be offline?

I suffered a bit of a data loss and while I was able to recover my mastodon instance within 2 days, lemmy took me a week and I don't see anyone spamming the inboxes again.

Should I expect that other servers effectively defederated me and should I resubscribe to my communities or I should give it a few days?

There should be a Fediverse platform that makes blocking entire topics as easy as blocking a tag, not subscribing/unsubscribing dozens of communities. Firefish (antennas) and PieFed let you follow/block keywords, but that’s not the same as robust, community-wide topic blocking. Imagine collaborative, booru-style tagging across posts so blocking a tag reliably removes all content using it. Does anyone know of software that already provides topic-level blocking out of the box without needing long manual lists?

The 2nd Berlin Fediverse Day is a networking event for people in the Fediverse. With talks, workshops and networking opportunities, we want to spread knowledge about the Fediverse, promote creative solutions and strengthen the exchange between developers, administrators, academia, civil society and content creators.

Speakers include, among others: Elena Rossini, Andy Piper, Evan Prodromou, Christine Lemmer-Webber, Matthias Pfefferle…

Edit:

PeerTube Livestreams

Mainhall: https://c-tube.c-base.org/w/wKd1Zxa4848CScxurUam6T

Rooftop: https://fair.tube/w/cg39oxGaMqqgZzPiKjAdcW

Mastodon etc.

https://berlin.social/@berlinfediday

Fediwall: fediwall.social

So, if you're online poisoned like me, you may have noticed that Bluesky CEO Jay Graber has been having sort of a slow motion, low-key public meltdown for the past several weeks. Most recently, in this interaction with a user.

[…]
Even with practical technical decentralization, the vast majority of Bluesky users are on, well, Bluesky. Bluesky was never really packaged as something that was relatively easy for someone to spin up on their own servers; the network has been historically extremely centralized, and only small minorities of users have broken off.

AT Proto decentralization doesn't exist as a practical reality, and if it ever does it won't be for years. Most of the work driving effective decentralization is being done by third parties, who have limited guarantees about future compatibility with possible breaking changes on Bluesky's end.

Bluesky inc isn't really making 'a protocol', they're making Bluesky, the monolithic (to within a rounding error) social network that they operate.

I do genuinely believe that the Bluesky team set off from the start to create a decentralized protocol, but unfortunately for them they ended up running a social network. And at this point, AT Proto has become essentially a sort of ideological vaporware; a way for Jay Graber et al to run a social media platform while claiming they don't run a social media platform.

This is, of course, just another iteration of the Silicon Valley monoproduct: power without accountability. The tech industry elite are very much like Gilded Age railroad barons – buying up whole towns, breaking up strikes, imposing top-down economic policy on whole sectors – except all the while they claim that they are just technology enthusiasts playing with their little trains.

The classic

I am interested of self-hosting my own instance but one the issue I have is:

• Price for renting server and buying domain name. Mainly, I have low income.
• Unsure if it be single-user instance or if I want multiple people on my instance.
• If my instance is for multiple users, if I be the best fit for moderation as well, pitching it to non Fedizen (whatever you call people that use the Fediverse) as well as the theme of the instance as it would effect my Fedi software of choice (eg. Friendica, Mastodon/Glitch)

I just worried that I try just do it immediately without planning things out or have whatever things in mind which might otherwise help me know what's the best choice and not be upset that I wasted my time and money on something that didn't work out for me.

I panicked and shut down the instance because I thought Google Cloud wasn't free.

• Newsmast takes a new direction with a white-label app for news organisations that also offers fediverse integration
• a paper by @inquiline on targeted harassment on Mastodon
• ActivityPub Fuzzer is a new tool that helps devs with interoperability
• WordPress blog posts now can be quote posted!

I'm dealing with some health issues at the moment, and it's getting exhausting to update everybody one by one, so I'm looking for some ideas of where to host a blog in a way that might give my friends & family a small, painfree introduction to the fediverse, or at least something that's more on the FOSS side of things. A family friend used caringbridge.org a few years ago, which looks like a not so terrible fallback option, but I figured I'd see what else is out there before making a decision. The last time I really did much blogging was probably 20 years ago on livejournal, so I'm pretty out of touch with the current options.

I'm looking for federated Q&A forums specifically focused on Linux and software-related issues. I'm not referring to platforms like NodeBB, Discourse, Lemmy, Kbin, PieFed, etc. I'm asking for specific instances that focus on Q&A about Linux and other software related issues. I know of some popular non-federated platforms like Stack Exchange, AskUbuntu, Arch Linux Forum, etc. But I'm particularly interested in federated sites.

If you have any recommendations for such forums, please share them! Thank you!

cross-posted from: https://lemmy.ml/post/36940611

[Derek] When Watts dug deeper, he realized that the network structure did matter. In the more clustered networks, people were more likely
30:27 to copy each other. So if by chance someone started out cooperating, then everyone would cooperate.
30:34 But it was equally likely that someone would start out by defecting, in which case everyone else would defect.
30:40 And over all the games they played, these two effects canceled each other out, which is why it seemed like
30:46 the network structure didn't matter. - [Duncan] It's sort of on a knife edge, right? Where like one person does something selfish
30:54 and everything goes south. In another world, everybody kind of holds it together
31:00 and everything goes well. It's crazy that the world could be like on a knife edge like that, you know,
31:06 could tip one way or the other, kind of just depends on how someone gets out of bed that day.
31:11 But then Watts realized something. See, in real life, you can choose who you hang out with.
31:17 So he reran the experiment allowing players to change who they were playing with. And this time he used the prisoner's dilemma
31:23 so that players could easily identify the defectors. - [Derek] And the finding was clear, the more you allowed players
31:30 to choose who they were playing with, the more likely they were to cooperate

Arbitrary freeze frame for thumbnail purposes:.

I did some experiments over the weekend and after little polishing I think I'll keep it around for some time as a trial.

tl;dr: I process all mastodon posts I get every day on masto.kukei.eu with Ollama to try to categorize them by language and topic.

I find it quite cool and even though it's not polished, UI begs for fixes and power consumption is little too high for my liking I might keep it around for some time so feel free to check it out.

[Derek] When Watts dug deeper, he realized that the network structure did matter. In the more clustered networks, people were more likely
30:27 to copy each other. So if by chance someone started out cooperating, then everyone would cooperate.
30:34 But it was equally likely that someone would start out by defecting, in which case everyone else would defect.
30:40 And over all the games they played, these two effects canceled each other out, which is why it seemed like
30:46 the network structure didn't matter. - [Duncan] It's sort of on a knife edge, right? Where like one person does something selfish
30:54 and everything goes south. In another world, everybody kind of holds it together
31:00 and everything goes well. It's crazy that the world could be like on a knife edge like that, you know,
31:06 could tip one way or the other, kind of just depends on how someone gets out of bed that day.
31:11 But then Watts realized something. See, in real life, you can choose who you hang out with.
31:17 So he reran the experiment allowing players to change who they were playing with. And this time he used the prisoner's dilemma
31:23 so that players could easily identify the defectors. - [Derek] And the finding was clear, the more you allowed players
31:30 to choose who they were playing with, the more likely they were to cooperate

Especially Spanish or French-speaking mods since we’re going to speak those main 3 languages. It’s okay if no one moderates besides me, I’m just curious.

Twice in the past fews days, I've gotten a reply from a Mastodon user complaining that I should have put the direct link to an article.

• On Lemmy I posted the direct link to the article as usual
• On their Mastodon feed, I appear as a Mastodon user that posted a link to a Lemmy thread

It seems that threadiverse posts are being seen by more mastodon users now, which is great, but maybe the formatting could use some improvements?

Example 1:

• My post: https://lemmy.ca/comment/19153240
• How they see it: https://sfba.social/@otters_raft@lemmy.ca/115267196743748430

Example 2:

• My post: https://lemmy.ca/comment/19202083
• How they see it: https://mas.to/@otters_raft@lemmy.ca/115283224174559468

I know Mastodon got "quote posts" recently, is that related to this change?

Is Mastodon also getting a "group" view? That might be the best solution to the problem

What Fediverse software would I like if I previously was a fan of TikTok and Facebook? Friendica perhaps? What else?

I wrote a rather lenghty to reply to some guy's toot asking about if he should block mostr.pub. I thought it might be appreciated here.

Getting some reports about #mostr accounts that seem to just spew word soup, maybe to spam hashtags and links but after reading through a few profiles, I'm unsure what the deal there is. Am I right in assuming that nostr is by design more or less unmoderateable? Is that reason enough to block the bridge? #FediAdmin

NOSTR is a protocol just like ActivityPub is. Neither protocol in-and-of-itself is moderated but supports the ability to be moderated. ActivityPub does it via instances and sometimes is baked right into the platform. (I recall at one time Lemmy automatically blocked any posts that contained reactionary language unless the admin edited the source code and re-compiled it themselves). Similarly, NOSTR relays chose how to handle the reports much the same way AP servers set their own standards.

If I understand correctly, a report goes to whichever relays mostr.pub is connected to, and it's up to each relay how to handle it. Some tag you as a whinny little bitch, others take that note out immediately, others ignore, and I think some actually have a dude look at its content and make decisions whether to remove the nevent (post) or actually block the npub (user).

Same as if you were using a NOSTR "account" yourself, except you don't have control over which relays your account connects to as natives do, by specifically connecting, or specifically blocking in your client. Instead, I think, it is solely determined by which nostr users connect their client to wss://realy.mostr.pub/ and which other relays those same users are connected to. I believe a given nostr relay can choose to block any user that connects to a particular other relay.

I don't expect @alexto be making any such blocks from the mostr relay. My understanding is that one of the reasons he's shifted his focus for Soapbox from a Pleroma focused solution to a NOSTR one is one thing that always bothered him about the AP powered 'verse is some random dude can cut off communication between you and your friend unless at least one of the two of you administers your own instance or you create a new account on a different instance.

I'm uncertain if momostr.pink or the other nostr bridge, whose name I can't remember currently, have similar lax policies that mostr.pub does or not. Regardless if you want direct control over anything more than blocking particular users, you are going to have to block any of these bridges.

In my personal experience I've been on NOSTR for over a year now, but Frienidca remains my primary social media. In that time I can say I've seen way more Bitcoin propaganda than even I am interested in, but certainly a lot less fascist, TERF, and racist nonsense than I have in some corners of the AP based 'verse. But bitcoin bois can get awful annoying. In general hosting a mastodon (or other platform) instance can be a dicey legal situation because you have little control on whether someone's [potentially illegal] porn ends up being stored on your hardware . This doesn't significantly change if you choose to connect your server to a nostr bridge or not.

BTW Soapbox, including mostr, doesn't connect to lemmy. I don't know if that was a purposeful design decision or just no one has bothered to make it work. There is at least one lemmy-like NOSTR client, Zapddit if it could connect to lemmy it might make me shift from Friendica to NOSTR as my primary social media.

Similar to how the default sorting option is users per month on lemmy-ui, could I browse by post per month or comment per month somewhere?

https://ww17.lestat.org/

https://www.techradar.com/pro/security/cloudflare-says-it-has-once-again-blocked-the-largest-ever-ddos-attack-in-history

During some work with Tess, I'd notice that my test instance was running horribly slow. The CPU was spiking, Postgres was not happy and using pretty much all the available compute.

Investigating, I found the culprit to be some crawler or possibly malicious actor sending a massive number of unscoped requests to /api/v3/comment/list. What I mean by "unscoped" is without limiting it to a post ID. I'm not sure if this is a bug in Lemmy or there's a legit use for just fetching only comments outside of a post, but I digress as that's another discussion.

After disallowing unscoped requests to the comment list endpoint (see mitigation further down), no more issue.

The kicker seemed to be that this bot / jackass was searching by "Old" and was requesting thousands of pages deep.

Requests looked like this: GET /api/v3/comment/list?limit=50&sort=Old&page=16413

Since I shutdown Dubvee officially, I'm not keeping logs as long as I used to, but I saw other page numbers in the access log, but they were all above 10,000. From the logs I have available, the requests seem to be coming from these 3 IP addresses, but I have insufficient data to confirm this is all of them (probably isn't).

• 134.19.178.167
• 213.152.162.5
• 134.19.179.211

Log Excerpt

Note that I log the query string as well as the URI. I've run a custom Nginx setup for so long, I actually don't recall if the query string is logged by default or not. If you're not logging the query string, you can still look for the 3 (known) IPs above making requests to /api/v3/comment/list and see if entries similar to these show up.

2025-09-21T14:31:59-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:00-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:01-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:01-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:12-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"

Mitigation:

First, I blocked the IPs making these requests, but they would come back from a different one. Finally, I implemented a more robust solution.

My final mitigation was to simply reject requests to /api/v3/comment/list that did not have a post ID in the query parameters. I did this by creating a dedicated location block in Nginx that is an exact match for /api/v3/comment/list and doing the checks there.

I could probably add another check to see if the page number is beyond a reasonable number, but since I'm not sure what, if any, clients utilize this, I'm content just blocking unscoped comment list requests entirely. If you have more info / better suggestion, leave it in the comments.

# Basically an and/or for has post_id or has saved_only
map $has_post_id:$has_saved_only $comment_list_invalid{
  "1:0"	1;
  "0:1" 1;
  "1:1" 1;
  default 0;
}

server {

...

location = /api/v3/comment/list {

  # You'll need the standard proxy_pass headers such as Host, etc. I load those from an include file.
  include conf.d/includes/http/server/location/proxy.conf;

  # Create a variable to hold a 0/1 state
  set $has_post_id 0;

  # If the URL query string contains 'post_id' set the variable to 1
  if ($arg_post_id) {
    set $has_post_id  1;
  }
  if ($arg_saved_only) {
    set $has_saved_only 1;
  }

  # If the comment_list_invalid map resolves to 0, "send" a 444 resposne
  # 444 is an Nginx-specific return code that immediately closes the connection 
  # and wastes no further resources on the request
  if ($comment_list_invalid = 0) {
    return 444;
  }

  # Otherwise, proxy pass to the API as normal 
  # (replace this with whatever your upstream name is for the Lemmy API
  proxy_pass "http://lemmy-be/";
}

This week's fediverse news:

• Mastodon launches paid hosting service for institutions
• Gaza Verified is a grassroots initiative to verify Palestinians on Mastodon who need aid, and who have recently completed a 22k USD fundraiser

I'm using Interstellar with a PieFed account, and I've found communities quickly and easily (including many on this instance) as soon as I start typing partial words. But I just discovered that skateboarding@lemmy.world and rollerskating@lemmy.world aren't returned in searches unless I type out "!skateboarding@lemmy.world" in full. I only discovered these communities exist when I switched to Jerboa and my Lemmy account. Is this a quirk of federation, a mod setting, or something else?

I'm new to the Fediverse so please be gentle. 😂