Mastodawn

I really want to know what brand of troll the DDoS attacker was.

An Elon stan? A MAGA nut? A re-centralist?

All of the above?

All this DDoS has done is convince millions of people that a decentralized social network is more persistent than Big Social -- and with *less* monetary investment too.

So if that's your intent, good job 👍

You sure showed everyone!

The response from the DDoS hasn't been, "Grr! Mastodon sucks!"

It's been, "Wow! It's so cool how Mastodon works!"

😆

Juraj Maťaše Jan 31, 2023

@atomicpoet Maybe I'm being overly positive, but I see it this way 😂🤣😂

Kelli 🐝🍄🍀🌈🍸🩵Jan 31, 2023

@atomicpoet And has definitely shown me how much i use this app and want it to stick around!

PiroFloydian Jan 31, 2023

@atomicpoet Yes; It's great for this very reason!
But also the paranoid part of my brain was freaking out about if there was a RCE bug in the activitypub protocol that could infect servers and spread throughout the fediverse (sending RCE requests via the protocol from server to server). Probably (hopefully!) a threat that's been modeled and accounted for in the design.

SocialistStan Jan 31, 2023

@atomicpoet There was a DDOS? Not that I noticed...

SJ Jan 31, 2023

@atomicpoet they really shit the bed with banning the third party clients.

Anthony Piraino Jan 31, 2023

@atomicpoet Hopefully it has also convinced folks that we shouldn’t all be bunched up on a huge, single instance. The decentralized nature is the biggest strength of the fediverse - spread out, people!

nickapos Jan 31, 2023

@atomicpoet there is not much difference between the first and the second.

Phil Stevens

Jan 31, 2023

@atomicpoet DDoSing a decentralised system isn't going to be a trivial undertaking.

Rufus J. Cooter Jan 31, 2023

@atomicpoet My $ is on "bored script kiddie out tagging isht becuz it makes him feel like a big man."

geo_bot Jan 31, 2023

@atomicpoet you know if you knew anything he'd pick an actually vulnerable target, or maybe a more relevant one if he wanted to say something. I think he's just a dumbass who knows how to pay a bot net

Jürgen Hubert Jan 31, 2023

@atomicpoet Russian trolls are also a possibility. They are already attacking an Ukrainian server.

Johanna Janiszewski Jan 31, 2023

@atomicpoet yeah seriously who does something like that? What is to be won here?

Riyadh Elalami🏴Jan 31, 2023

@atomicpoet arent those the same person most of the time, especially since last year. I think they have converged into a blob.

LisPi Jan 31, 2023

@atomicpoet @Gargron There might be some exploitable aspects to the protocol, but they're not so trivial to exploit and they have some fairly obvious mitigations.

kevin Jan 31, 2023

@atomicpoet @Gargron thank you, #designers. We owe you a beer or two.

GaryRLundberg Jan 31, 2023

@atomicpoet @Gargron @JenWojcik

Elon’s “friends”?

Jiva DeVoe Jan 31, 2023

@atomicpoet I’ve been thinking that the logical conclusion of the current social media state of affairs will be server wars.

Far right servers will act as rallying points of violent sentiment against far left servers and vice versa. Bad actors then will take it to DDOS and infiltrating. Etc.

It won’t take down the network.

Victor Bezrukov Jan 31, 2023

@jiva @atomicpoet Well interesting imagination but technically it's not like DDOS works. ot really server to server server point to point attack which is possible to stop in the middle.

Katanova the Sunpunk Jan 31, 2023

@atomicpoet Mastodon is a DDoDoS network

Distributed denial of denial of service.

@Gargron

Nicole Parsons Jan 31, 2023

@atomicpoet @Gargron

The wealthiest people on the planet are funding the subversion and sabotage of social media.

The wealthiest are turning into national security threats.

https://www.msspalert.com/cybersecurity-news/russia-linked-hackers-launch-ddos-attack-on-germany-threaten-canada-for-ukraine-artillery/

https://www.bankinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050

https://inthesetimes.com/article/milton-friedman-inflation-federal-reserve-ukraine-russia-brazil-neoliberalism

https://thecyberwire.com/newsletters/daily-briefing/12/18

https://www.bleepingcomputer.com/news/security/russian-ddos-attack-project-pays-contributors-for-more-firepower/

Russia-linked Hackers Launch DDoS Attacks on Germany and U.S. Hospitals, Threaten Canada - MSSP Alert

Killnet suspected in DDoS attacks on German government websites, banks and airports and U.S. hospitals.

MSSP Alert

Joy Denebeim Jan 31, 2023

@Npars01 @atomicpoet @Gargron snowcrash

@atomicpoet @Gargron I'm worried this is the first wave. Any instance over a handful of users is carrying a lot of squatter accounts many of which might simply be bot soldiers waiting to be activated. It would be a simple way to get around the proxies.
I wouldn't plan the parade just yet..

@mike @atomicpoet @Gargron Probably, but it’s a war they’ll lose. They can whack one instance. Maybe even a few. But they can’t take down all of us.

Masto.poetry Jan 31, 2023

@atomicpoet @atomicpoet @Gargron @mike
any idea who "they" are?

@Mastopoet @atomicpoet @atomicpoet @Gargron Ford executives

Masto.poetry Jan 31, 2023

@mike @atomicpoet @atomicpoet @Gargron
This looks vaguely familiar, but I can’t figure out what you’re replying to

@Mastopoet @atomicpoet @atomicpoet @Gargron I got confused myself and responded to the wrong post. Sorry my bad.

@Mastopoet @atomicpoet @atomicpoet @Gargron But to answer this post correctly "they" are most likely a bot net hired by someone who doesn't like what Mastodon is doing. Usually these people are after a pay day but Mastodon is a non profit, so it's some sort of malicious attack.

Yahia Lababidi Jan 31, 2023

@atomicpoet @Gargron Do follow oks on Social recover their account, fully, after attack?

@EgyptianAphorist @atomicpoet @Gargron I have no doubt accounts will be okay. But this is why I, personally, have redundant accounts spread across multiple instances.

Yahia Lababidi Jan 31, 2023

@atomicpoet @atomicpoet @Gargron I should do this, but I’m lazy & fatalist. Lost track of the number of times my computer crashed. Each time, past loss, I’m perversely grateful for the fresh start, unburdened of the past … a kind of rebirth 🐣

ConanTheActuarian Jan 31, 2023

@atomicpoet @Gargron That explains why I haven't been able to get on my other (older) BertL membership on mastodon.social Thank you for posting this.

naught101 Jan 31, 2023

@atomicpoet @Gargron

I'm on mastodon.social, and it's not working fully for me - notifications and explore feeds loading slow/erratically. But my home feed seems pretty fine, still lots to see and interact with.

From poking around the code a bit, I got the picture that some features are de-prioritised in the event of heavy load, so that more critical features can still function. Pretty sweet.

Samir (moved)Jan 31, 2023

@atomicpoet
to be honest, a lot of these things can be solved with changes to infrastructure and architecture.

I tried to offer @Gargron help few times but got no response, I think he is just bombarded with notifications so he misses a lot of offers for help

@albattran @Gargron It's pretty apparent that mastodon.social and mastodon.online have had it rough over the past 3 months.

Either way, we need to build scale horizontally, and that's why I'm investing in managed hosting solutions.

Samir (moved)Jan 31, 2023

@atomicpoet @Gargron
Actually at tweepsmap, we are all moving to our own instance shortly
I see Mastodon more like an email server, I think all companies will head that way.

Perhaps a managed hosting solution will be more mature and do multi-tenant setups, so companies can have turnkey installs like Google Apps, or Office 365, but for now we will stick with managing our own

@albattran @Gargron Yeah, managing your own instance is the best step if you have the means and knowledge to do it.

Honestly, I think putting Pleroma or Mastodon on a Raspberry Pi is pretty kickass.

I also really like Cloudron for its turnkey operation.

But even 1-click installs and automated updates is too much for some people.

Just got to get people over the hump!

@atomicpoet @albattran @Gargron While managing a tiny instance is quite simple from a technical perspective, kickstarting a meaningful (for regular people) federated feed without enough relays is not.
I appreciate turnkey hosting as a service, but it’s a kind of centralization.

@chris @atomicpoet @albattran @Gargron Sorry, how is managed hosting “centralization”?

@atomicpoet @albattran @Gargron
I‘d expect architecture and technical platform to be similar or identical for one provider.
There‘s nothing wrong with setting up a company that provides turn-key instances somewhere in the cloud, I guess it‘s a necessary development, but these companys will be a kind of centralization.
(And the nerd in me would love to have many tiny instances on home-DSL, too, so people have a visible representation of self-hosting; but that‘s more philosophical.)

@chris @atomicpoet @albattran @Gargron How is managed hosting a form of centralization when services like Digital Ocean already offer 1-click installs?

Further, how is it centralization when it removes a big barrier to entry for people to start their own instances?

The bulk of people use big instances like mastodon.social in part because they feel it’s too hard to set up a droplet.

More instances many less centralization.

@atomicpoet @albattran @Gargron
It‘s eg. centralized on DO‘s infrastructure. We are already experiencing the impact of downtimes of centralized infrastructure on the general Web and will do here, too.
I think it is inevitable/fine, yet it will centralize a service from a technical perspective that currently (as seen from my bubble) is not so much centralized regarding hosting but regarding instances (too-big-to-defederate problem).

@atomicpoet @albattran @Gargron
As said, nothing of this is meant to be against any of these aspects.
I am watching in awe and with lots of pleasure how Mastodon/Fediverse/us are optimizing in the space defined by these constraints.
I didn‘t have as much fun on the nets for more than a decade.

@chris @atomicpoet @albattran @Gargron DO’s infrastructure is a separate matter from fully managed hosting.

What I’m concerned about is making it possible for more people to run their own instance. And doing it as easily and painlessly as possible.

The majority of people aren’t going to set one up with a Raspberry Pi.

@atomicpoet @albattran @Gargron
I appreciate your effort. It will be good for Mastodon/the Fediverse to have more instances handled by people inclined to work on the social / organizational aspects.
I was only referring to centralization on provider level and the world will not end if some cloud provider / a bunch of instances have a hick-up for a few hours or is blocked.
I‘d still love a wall-wart like appliance for non techies, though :-)

Gareth Kitchen Jan 31, 2023

@atomicpoet Actually, isn't that a thing! A portable instance. Something like a Pi, the size of a box of matches. Something that you can just plug into a spare port on your broadband router.

Michael Jan 31, 2023

@atomicpoet @Gargron Prolly some Elon bros or the Russians.

Pseudo Nym Jan 31, 2023

@atomicpoet @Gargron they've apparently been hitting mastodon.online as well

@atomicpoet @Gargron DDoSing the head developers’ instance seems like a surefire way to make Mastodon question implementation and to develop mitigation measures most quickly :-)

Kevin RRW

Jan 31, 2023

@atomicpoet @Gargron Welcome back, #mastodonsocial

ThatAuntie Jan 31, 2023

@atomicpoet @Gargron Fail, meet your new Whale. Y'all look cute today, Fediverse.

Brit in Moldova Jan 31, 2023

@atomicpoet @Gargron

I suspect it's the other way around. The Russian troll farms like the damage Musk is doing, so attack rivals to "support" him.

Jason B 🧙‍♂️Jan 31, 2023

@atomicpoet @Gargron great work! I didn't realize it at all due to the decentralized nature of Mastodon and Fediverse in general!

sentient water Jan 31, 2023

@atomicpoet @Gargron I was mildly concerned but there was nary a flutter on this instance. Multiple servers communicating with one another was the very foundation of the interweb. Amateurs.

nitrofurano Jan 31, 2023

@atomicpoet @Gargron Elon Musk seems desperate! xD

Avi (אבי)

🪬Jan 31, 2023

@atomicpoet @Gargron who wants to bet it was a Twitter employee