Post AYM2c6tRXFDlYRmNIO by maegul@hachyderm.io
(DIR) More posts by maegul@hachyderm.io
(DIR) Post #AYM2Y8ico2Om3epGHQ by ruud@mastodon.world
2023-08-03T13:06:18Z
0 likes, 0 repeats
@digitalRightsNinja @md @maegul @fediversenews Why would you think we hide that? We announced it. https://lemmy.world/post/1998212
(DIR) Post #AYM2c6tRXFDlYRmNIO by maegul@hachyderm.io
2023-07-02T04:12:52Z
0 likes, 0 repeats
#Lemmy settles on its big central instance: lemmy.world (#lemmyworld) run by @ruud Its numbers are now big enough to be counted amongst the top 5-10 masto instances! (https://fedidb.org/network/instance/lemmy.world) as #threadiverse become the “second platform” by size.Apart from running it well and keeping up to date (recent update seems to have gone well, with a nice example of instances and admins helping each other!?), some redditers seek the big instances?? Curious how communities will adapt.@fediversenews
(DIR) Post #AYM2c7dskaMrsTVSgC by md@sfba.social
2023-07-02T04:17:21Z
0 likes, 0 repeats
@maegul @ruud @fediversenews I wish they would make signups a little more complicated so people go to other instances. There shouldn't be two big instances and a bunch of smaller ones.
(DIR) Post #AYM2c8GASEzbnDQ2M4 by digitalRightsNinja@fedi.at
2023-08-03T13:04:52Z
1 likes, 0 repeats
@md @maegul @ruud @fediversenews Note as well that Lemmy World is now centralized by Cloudflare. If only they woudn’t hide that fact & inform users about the consequence, perhaps more users would be steered toward a balance.
(DIR) Post #AYM2c98PCaNUVQnLtY by ruud@mastodon.world
2023-08-03T13:07:04Z
0 likes, 0 repeats
@digitalRightsNinja @md @maegul @fediversenews By the way we’re now working on a change to our signup page so it will guide people to choose from a list of other Generic instances.
(DIR) Post #AYM2hjb53wu12Ys8cy by digitalRightsNinja@fedi.at
2023-08-03T13:08:07Z
1 likes, 0 repeats
@ruud @md @maegul @fediversenews Insufficient. It needs to be on the registration page. It’s unlikely that non-uses would have received the announcement prior to registration.
(DIR) Post #AYM2s56nwC9KeZe1ZI by ruud@mastodon.world
2023-08-03T13:10:00Z
1 likes, 0 repeats
@digitalRightsNinja @md @maegul @fediversenews That can be considered. As mentioned in the post, using CF was an emergency measure, because we knew it worked for some other instances. We’ll be looking into alternatives as soon as the script kiddies gives us some time to breathe
(DIR) Post #AYM3zqcvlSge0ewFbU by digitalRightsNinja@fedi.at
2023-08-03T13:22:36Z
1 likes, 0 repeats
@ruud Whenever a site starts using #Clouldflare as an attack response, they almost never mention it or the consequences. When pressed about it, the “I’m under attack” PR move is just an excuse/cover for action. A reluctant CF user should take the opportunity to fully inform users.. have statements like “we are using CF under protest & are exploring alternatives; plz be aware that your usernames, passwords, DMs will all be visible to Cloudflare Inc. until we recover, and some segments of readers will be unable to read your posts”.. etc.In any case, I’m grateful that it was at least announced to users & that new registrants may also get the msg. It’s a shame most users don’t really grasp the consequences.@md @maegul @fediversenews
(DIR) Post #AYM4JAwsQuTMXRU61A by ruud@mastodon.world
2023-08-03T13:26:03Z
0 likes, 0 repeats
@digitalRightsNinja @md @maegul @fediversenews If you would know any alternatives, which are less problematic, that would be appreciated. Preferrably some who are large enough to handle ddos. I only know of a few like Fastly, Bunny etc and would need to do proper investigation to find a suitable replacement. I think some others in our team know a few.
(DIR) Post #AYM5AHTIuYSa7JyTbc by digitalRightsNinja@fedi.at
2023-08-03T13:35:42Z
0 likes, 0 repeats
@ruud I had a list of competing commercial alternatives somewhere.. maybe I can dig it up. But I would certainly touch base with jerry@infosec.exchange because I think he dealt with attacks quite cleverly without having to use CF or any MitM of that kind. Part of his solution involves standing up an onion host & redirecting tor traffic there. But before that step, he has a way of tar-pitting suspicious traffic on the clearnet side. There is also a fedi user “tallship” who suggests having a few VPSs geographically spread out and load-balanced with some fancy DNS stuff that’s over my head.
(DIR) Post #AYM62I9aajbhrzVWKm by ruud@mastodon.world
2023-08-03T13:45:23Z
0 likes, 0 repeats
@digitalRightsNinja Well I think that wouldn’t work preventing a DDOS, as you’re exposing the IP when U don’t proxy, so the attacker will probably use that IP to attack, so then CF is useless. It will work when U only use it for CDN in case of high load.
(DIR) Post #AYM6GeyOXv4MhI7f5U by digitalRightsNinja@fedi.at
2023-08-03T13:48:03Z
0 likes, 0 repeats
@ruud An attacker can always get your IP from DNS history sites anyway. I guess what needs to happen is the moment the CF proxy is turned on, the firewall of the actual host would have to drop all packets from all IPs that are not CF, because only CF traffic should be coming at that point.
(DIR) Post #AYM6Q7zm0lxPJYHYES by ruud@mastodon.world
2023-08-03T13:49:47Z
0 likes, 0 repeats
@digitalRightsNinja Yes that should work. Noted.(PS we changed IP after changing to CF and will again when we’re sure it’s not leaking somewhere)But I hope we can move to an alternative soon.