lostinlightnew regional server ⛳
https://bath.social - a local social network for #Bath, #UK (#Hometown)
🌌 Periodic #fediworld overview
🔭 Interests and hobbies
• https://screenwriting.space - a place for storytellers
• https://solarpunks.social - network for #solarpunks
• https://rocketscientists.club - community of #3D artists and performers
• https://sunny.garden - for #indie creators who draw, sculpt, write, design, sing, build
• https://craftodon.social - for everyone who plays #Minecraft
• https://introvert.country
🦈
• https://blahaj.social - for people who own at least 1 IKEA BLÅHAJ
🌌 Periodic #fediworld overview
🎨 https://artworld.social - for artists, curators, art critics, gallerists, collectors, journalists, educators, researchers, specializing in contemporary #art
⛺ https://tyrol.social - #Tyrol area
⛺ https://hameln.social - #Hameln #Germany
🎲 https://dungeons.social - #RPG and #tabletop
artworld.social
artworld.social is a federated social media for artists, curators, art critics, scholars, educators, journalists, gallerists, collectors, administrators, any kind of cultural agents involved in the art worlds across the globe, specializing in contemporary art.
🌌 Periodic #fediworld overview
🚄 https://rail.chat - discussions about long-distance, passenger and freight #rail networks, for economic, environmental and equity benefits
⛺ https://krems.social - Krems, #Austria
🎨 https://mensmaaktmooi.nl - community for creative thinkers with unconventional mindset who make beautiful things (#Dutch)
🌌 Periodic #fediworld overview
⛺ Regional
• https://bizkaia.social - #Bizkaia
• https://andalucia.social - #Andalucía
💻 Work
• https://presentadistance.social - discussions about #remote work, telecommuting, team spirit and remote collaborator experience
🌌 Periodic #fediworld overview
Some new #German ⛺ regional servers
• https://nahe.social - #Nahe region
• https://moessingen.social - Mössingen area #Moessingen
• https://odenwald.social - #Odenwald area
Welcome to all #Fediverse newcomers! 👋
Hopefully, we'll see more themed servers and communities too!
🌌 Some recent additions to the network (1/2):
• https://fediverse.co.za - South #Africa
• https://fedisabled.social - for all disabled people
• https://recht.social - focus on #legal topics
• https://sciencemastodon.com - for #science journalists and scientists
• https://dju.social - German #journalists union
🌌 Some recent additions to the network (2/2):
• https://apotheke.social - for anyone from the #pharmacy sector
• https://medic.cafe - for employees in the #medical field
• https://aircrew.rocks - for #pilots, #flight attendants, and flight enthusiasts
• https://genart.social - for #artists working in the generative, AI, and glitch spaces
• https://mastodon.tech - English language #tech and open source
🌌 New themed servers in #Fediverse network (1/3):
• https://astrodon.social - for anyone interested in #astronomy, #astrophysics, #astrophotography, and adjacent sciences
• https://sciences.social - for social #scientists
• https://mstdn.science - for #microbiologists, scientists in general, and #science enthusiasts
• https://earthlings.social - for all precious earthlings
🌌 New themed servers in Fedi network (2/3):
• https://indiepocalypse.social - for independent #creators of all sorts
• https://makerspace.social - space for makers (#CNC, #woodworking, #microcontrollers, etc)
• https://3dp.chat - #3D printing
• https://brettspiel.space - for #boardgame players
• https://podcasts.social - for #podcasters
🌌 New themed servers in #Fedi network (3/3):
• https://techspace.social - for techies and tech-curious people
• https://techhub.social - for passionate technologists
• https://k8s.social - for #Kubernetes, container and #cloud native enthusiasts
• https://urbanists.social - for people who like #bikes, transit, and walkable #cities
• https://bikejam.social - for bike and pedestrian #infrastructure
• https://bahn.social - for #rail enthusiasts
Now new themed communities appear daily. 😃
I don't want to bore you with server posts. 🤔 So I'll occasionally post only about the ones that caught my attention. For anyone interested in all updates, check the source: https://codeberg.org/fediverse/fediparty/commits/branch/main/source/en/portal/servers/index.md
Also, feel free to filter out the *fediworld* tag in your Filter settings, if you wish to mute such "server posts".
🌌 New themed servers in #Fediverse:
• https://archaeo.social - for #archaeologists, historians and lovers of all things ancient
• https://astronomy.city - for #astronomy and astronomy-adjacent users
• https://astronomy.social - astronomy, #space travel
• https://cartoonist.social - community for #cartoonists
• https://graphics.social - computer graphics community #3D #2D
• https://veterinary.education - #veterinary medicine
⛺ Some new regional servers:
• https://mastodon.boston - #Boston
• https://mastodon.miami - Miami #Florida
• https://basel.social - Basel #Switzerland
• https://lisboa.social - #Portugal
• https://mastodon.cr - Costa Rica
• https://cumbria.social - #Cumbria and the Lake District
Also, to whom it may concern - https://hackaday.social
And another server for the #hamradio community - https://hamradio.tel
Nemo_bis 🌈Sometimes we also have to remove many instances from the #FediParty list. :(
https://codeberg.org/fediverse/fediparty/commit/8c0538bf0cc55e693e5818f04e12d1ca3c9889d7
Instances behind #CloudFlare aren't listed, because there are already hundreds, and this centralises a lot of #fediverse network traffic in #AS13335.
Benjamin Oldenburg@ben Thanks for looking!
#BunnyCDN does https://bunny.net/network/ddos-protection/ (didn't test). #OVH has something too, perhaps (I only experienced the default one you get when renting a VM).
What endpoints are you trying to protect from DDoS?
@nemobis the way it works with CloudFlare is that they act as a DNS for the domain and reverse proxy to the actual web server. Thus the IP of the web server is never exposed (DNS) to the public. The CDN part happens via caching on the POPs, although this can be configured in any way one likes.
@ben Yes, but do you really need it for *all* endpoints, or do you have different priorities? Some seem to be fine with applying a CDN just for the media, while others like mastodon.social use BunnyCDN only for the static assets. The more aggressive configuration is to put it also in front of ActivityPub endpoints, Mastodon APIs and the web interface.
@nemobis if someone is going to DDoS the server, they’ll attack the AcivityPub endpoints or web interface and not the media endpoints, because only the former can cause the whole service to be unreachable. I have not heard of anything comparable to Cloudflare from Europe.
@ben Interesting, I didn't know #Serverius!
#CloudFlare is on a scale of its own, but there *might* be alternatives which are good enough for Mastodon instances. I'd love to read some real-world #MastoAdmin / #FediAdmin experience from people using them.
Unfortunately I suspect that experimentation in this field will blossom only when the first serious attack comes.
@ben For the ActivityPub and API endpoints, maybe #AuthorizedFetch aka secure mode can help protect at least the database? https://docs.joinmastodon.org/admin/config/#authorized_fetch
@nemobis well, there’s experience with Cloudflare… so, why change anything? 🤷🏼♂️
ADRIAN 
🏳️🌈
Hi I'm Sean@ben @nemobis @adrian @berkay @Demiurgo @gja @lee @lile @miket @nicdex @sayah @tudi @vxst
Hmmm. Yeah, masto.nyc is behind cloudflare. It just makes for a really convenient reverse proxy while things scale. Can you explain in more detail why cloudflare hosts are removed? Also, changing to a different CDN just for this would be a significant lift :(
Ghost of John Adams@seano Anybody who is running anything but the most minimum locked down single-user instance is going to need Cloudflare or other DDOS protetion. Sayings its "too centralized" is silly. Thats the whole point of servers.
DrMikeT@miket We don't. :D Though instances outside the EU are likely still subject to the GDPR.
https://blog.riemann.cc/projects/mastodon-privacy-policy-generator/
Even if you don't want to use an EU-based service, isn't there something other than CloudFlare?
@nemobis
I don't really see a reason to switch since Cloudflare provides everything I'm looking for including DDoS, DNS, Zero Trust, CDN, and a host of other services at minimal cost. I've had no issues with CloudFlare and my other websites are also there. I'm always willing to look at other vendors, but they'd have to be really compelling to even consider them.
I don't really see a reason to switch since Cloudflare provides everything I'm looking for including DDoS, DNS, Zero Trust, CDN, and a host of other services at minimal cost. I've had no issues with CloudFlare and my other websites are also there. I'm always willing to look at other vendors, but they'd have to be really compelling to even consider them.
@miket I see. It's convenient, no doubt. Sometimes people grow out of it:
https://ashfurrow.com/blog/mastodon-technology-shutdown/
https://ashfurrow.com/blog/mastodon-technology-shutdown/
mastodon.technology Shutdown
Dear mastodon.technology community, I have sad news that I have decided to shut down the mastodon.technology instance. In accordance with the Mastodon Server Covenant , the server will be shut down no earlier than December 1, 2022. The server is currently having problems with intermittent availability. The cause of…
@nemobis I'd like to follow up on this- the people you are seeing in this list most likely aren't using CloudFlare as a CDN- they are using it as a reverse proxy. For example, masto.nyc runs off a k8s cluster in my home but the reverse proxy is essential for ddos mitigation and hiding my home IP. I don't think this at all un-decentralizes the network (but I also don't think it would apply if I actually used their CDN).
@nemobis On another note, this stance is certainly a bit odd. Do you plan to extend this to all AWS/Google cloud owned IP space? Are you going to remove all managed MastodonAsAService companies (masto.host, toot.io,etc)?
@seano I didn't make the policy.
AWS and GCP are used very little in the fediverse. The top networks are by far CloudFlare, Hetzner and OVH (including #MastoHost).
https://framagit.org/-/snippets/6784/raw/main/2022-12_fediverse_hosters.txt
https://framagit.org/nemobis/bots/-/blob/master/fediverse_hosters.sh
Thanks for providing the script. Where is a good place for discussion on this topic? I think this policy was made with a poor understanding of how most people use CloudFlare and it should be addressed.
@seano You can open an issue at https://codeberg.org/fediverse/fediparty/issues .
Discussion is always good but I suggest to take into account that this is a volunteer service run across many years by mostly a single person, and nobody is "forced" to use it. I'd personally love to see more lists come up, with different criteria. For instance some people think that larger instances are better, or that open-registration instances should be avoided at all costs by newbies, etc.
@nemobis I understand! I'm just trying to engage in a way I'd want to be engaged with, if I ran something like this. I'll open an issue!
@nemobis @ben @gja @miket @lee @adrian Hey everyone, I saw y'all interact with this topic in one way or another. Just wanted to let everyone know I've opened an issue to discuss per nemobis: https://codeberg.org/fediverse/fediparty/issues/129#issue-217039 and I'd love to promote discussion on the matter
Allow instances behind CloudFlare IP space
Re: https://mamot.fr/@nemobis/109451228071367333 Instances behind CloudFlare are removed due to the following: >Instances behind #CloudFlare aren't listed, because there are already hundreds, and this centralises a lot of #fediverse network traffic in #AS13335. ### TL;DR: I'd like to pro...
Lile@nemobis We are not really using Cloudflare as CDN, instead we use it as reverse proxy to route traffic faster between our server in EU and our users in Chile. I don't know another provider that serve us like that and also to be in our very limited budget
@lile Yes I understand. The exclusion from the list is not a moral judgement or anything. It's wonderful that you're running an instance for Chile!
In the future you might outgrow CloudFlare's usefulness, in which case articles like https://ashfurrow.com/blog/migrating-from-cloudflare/ may turn useful.
If you want to consider alternatives I'm happy to help research them, just name your requirements and budget. I see https://gcore.com/web-security but I didn't try it.
#OpenCollective can be useful to raise funds.
Migrating From Cloudflare
Running a Mastodon instance requires at least one thing: a server somewhere to run the code and store media uploads. Since media upload storage is a common burden for servers, many solutions exist for upload storage. Mastodon can optionally be configured to upload media somewhere else. I use an AWS S3 "bucket" for…
nicdex 🇨🇦 🇺🇦@nemobis @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi @vxst
Can you explain the reasoning behind not wanting a lot of traffic behind one network? It make sense in the case of Tor (I run a Tor node), but for Mastodon I'm not sure I understand why?
My reasoning for keeping it: Cloudflare is way more than just CDN. It's a reverse proxy, DDOS and threats protection (WAF), and geo-cache (CDN) all in one. I will never find all these services for that price elsewhere.
@nicdex That's precisely the reason it's a threat. :)
@nemobis Sorry, not trying to be rude, but that answers nothing. Since you cannot provide a rationale for this, I will keep using Cloudflare.
琴春🏳️⚧️随意转出毛象@nicdex @nemobis @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
I really don't think I understand. Of course, there could be a danger of being moderated by a single point of power, but we site administrators are human beings, not scripts. If something like this happens, we can always migrate from cloudflare to another CDN, or no CDN at all. It's not something that can't be reversed.
@nicdex See lostinlight's answer at
https://codeberg.org/fediverse/fediparty/issues/129#issuecomment-713552 .
@vxst You can do something if you know about it, but being behind CloudFlare means that you're delegating to them the day-to-day decision whether your content deserves to be served to users. Sometimes users will hit walls without you knowing anything about it. (I'm sure there are workarounds but we cannot reverse engineer how people are using CloudFlare.)
@adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
Allow instances behind CloudFlare IP space
Re: https://mamot.fr/@nemobis/109451228071367333 Instances behind CloudFlare are removed due to the following: >Instances behind #CloudFlare aren't listed, because there are already hundreds, and this centralises a lot of #fediverse network traffic in #AS13335. ### TL;DR: I'd like to pro...
@nemobis @nicdex @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
The problem is that CF is the only usable route provider for us. By using page rules to turn off security, we believe it's accessible anywhere, even Tor exits. Most of our users live in China, and to maintain stable access, they have to use a VPN to bypass the GFW. Other services, like AWS GA, will route data from Tokyo to Oregon before it goes to Hong Kong, one of the most popular VPN locations.
(1/2)
@nemobis @nicdex @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
We are building this site to fight against the CHINESE GOVERNMENT's ban on free speech; we have to use the most effective way so that the people in China can actually access it. The forbidden of free speech is a fact in China. We do not have the luxury to consider "possible" tech dominance as long as we can turn off the security feature by hand.
(2/2)
@vxst Thanks. What this tells me is that probably the maintainers of the #FediParty list are not the best people to recommend instances to people behid the GFW. It would be great to see an alternative list focused on that (extremely difficult) task.
Is there any way to help test other providers to see whether they can be an alternative to CloudFlare for your needs?
@nemobis
Most VPNs are hosted in “CN2” network, which is designed for U.S. websites targeting Chinese customers. So it has excellent links to China, and, the U.S. internet.
The problem is that most routing providers treat those IPs as if they are in U.S., which they are not. CF’s Argo can get the right route(from Hong Kong to Japan), but others go around the global. We will need accelerators with CN2 IP optimization, which to my knowledge only CF has.
(1/2)
Most VPNs are hosted in “CN2” network, which is designed for U.S. websites targeting Chinese customers. So it has excellent links to China, and, the U.S. internet.
The problem is that most routing providers treat those IPs as if they are in U.S., which they are not. CF’s Argo can get the right route(from Hong Kong to Japan), but others go around the global. We will need accelerators with CN2 IP optimization, which to my knowledge only CF has.
(1/2)
Chinese government is banning medical support for transgender people last week. There is already more than one people I know suicided due to conversion therapy enforced by law enforcement. I have the duty to provide most accessible services and information to us, there are real lives behind it.
I'm escaping honor killing due to my MtF identity myself, and I know firsthand sometimes accessibility issues means life and death to us. It’s the most important thing for our site.(2/2)
@nemobis @vxst @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
I have review the github issue answers.
I know and understand the potential risks related to using CF, but IMHO the risks are outweigh by the benefits it has for my instance.
Like any decisions, I will revisit this in the future and re-assess, but for now I keep using CF.
Please do not contact me again on this subject.
@nemobis @nicdex @vxst @adrian @ben @berkay @Demiurgo @lee @lile @miket @sayah @seano @tudi
You definitely can know about it. Cloudflare isn't making decisions on "if your content deserves to be served to users" its deciding "are these users legitimate non-bot traffic" and giving you the ability to tweak thresholds and see what/who is blocked and when.
@nemobis Why would what AS fediverse traffic comes from matter at all?
@gja As a matter of general principle, some people see the fediverse as something intended to be decentralised. Routing a large part of the traffic through the same network increases centralisation.
On a practical level, in general, concentration of traffic simplifies the deployment of #TrafficAnalysis / #TrafficCorrelation de-anonymization attacks.
https://zenodo.org/record/7395561
Poster
Tor is the most popular anonymity network in the world. It relies on advanced security and obfuscation techniques to ensure the privacy of its users and free access to the Internet. However, the investigation of traffic correlation attacks against Tor Onion Services (OSes) has been relatively overlooked in the literature. In particular, determining whether it is possible to emulate a global passive adversary capable of deanonymizing the IP addresses of both the Tor OSes and of the clients accessing them has remained, so far, an open question. In this paper, we present ongoing work toward addressing this question and reveal some preliminary results on a scalable traffic correlation attack that can potentially be used to deanonymize Tor OS sessions. Our attack is based on a distributed architecture involving a group of colluding ISPs from across the world. After collecting Tor traffic samples at multiple vantage points, ISPs can run them through a pipeline where several stages of traffic classifiers employ complementary techniques that result in the deanonymization of OS sessions with high confidence (i.e., low false positives). We have responsibly disclosed our early results with the Tor Project team and are currently working not only on improving the effectiveness of our attack but also on developing countermeasures to preserve Tor users' privacy.
Omidoeee@lightone I wish that when you clicked on the links it took you through the app rather than opening a new browser window.