A place to cache linked articles (think custom and personal wayback machine)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.html 22KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
  1. <!doctype html><!-- This is a valid HTML5 document. -->
  2. <!-- Screen readers, SEO, extensions and so on. -->
  3. <html lang="fr">
  4. <!-- Has to be within the first 1024 bytes, hence before the `title` element
  5. See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
  6. <meta charset="utf-8">
  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
  8. <!-- The viewport meta is quite crowded and we are responsible for that.
  9. See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
  10. <meta name="viewport" content="width=device-width,initial-scale=1">
  11. <!-- Required to make a valid HTML5 document. -->
  12. <title>Is the fediverse about to get Fryed? (Or, “Why every toot is also a potential denial of service attack”) (archive) — David Larlet</title>
  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">
  14. <!-- That good ol' feed, subscribe :). -->
  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">
  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
  23. <meta name="msapplication-TileColor" content="#f7f7f7">
  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
  25. <meta name="theme-color" content="#f7f7f7" media="(prefers-color-scheme: light)">
  26. <meta name="theme-color" content="#272727" media="(prefers-color-scheme: dark)">
  27. <!-- Documented, feel free to shoot an email. -->
  28. <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">
  29. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
  30. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  31. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  32. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  35. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  36. <script>
  37. function toggleTheme(themeName) {
  38. document.documentElement.classList.toggle(
  39. 'forced-dark',
  40. themeName === 'dark'
  41. )
  42. document.documentElement.classList.toggle(
  43. 'forced-light',
  44. themeName === 'light'
  45. )
  46. }
  47. const selectedTheme = localStorage.getItem('theme')
  48. if (selectedTheme !== 'undefined') {
  49. toggleTheme(selectedTheme)
  50. }
  51. </script>
  52. <meta name="robots" content="noindex, nofollow">
  53. <meta content="origin-when-cross-origin" name="referrer">
  54. <!-- Canonical URL for SEO purposes -->
  55. <link rel="canonical" href="https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/">
  56. <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick" data-instant-intensity="viewport-all">
  57. <article>
  58. <header>
  59. <h1>Is the fediverse about to get Fryed? (Or, “Why every toot is also a potential denial of service attack”)</h1>
  60. </header>
  61. <nav>
  62. <p class="center">
  63. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  64. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  65. </svg> Accueil</a> •
  66. <a href="https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/" title="Lien vers le contenu original">Source originale</a>
  67. </p>
  68. </nav>
  69. <hr>
  70. <h1>Is the fediverse about to get Fryed? (Or, “Why every toot is also a potential denial of service attack”)</h1>
  71. <p><time class="single" datetime="2022-11-09T19:00:00Z">09 Nov 2022</time></p>
  72. <figure>
  73. <img src="https://ar.al/2022/11/09/stephen-fry-mastodon-banner.png" alt="Screenshot of Stephen Fry’s Mastodon account banner on mastodonapp.uk"> <figcaption>
  74. <p>Stephen is a big fish to fry. (I’m here all week.)</p>
  75. </figcaption>
  76. </figure>
  77. <p>Warning: the fediverse is about to get Fryed.</p>
  78. <p><a href="https://www.stephenfry.com/">Stephen Fry</a>ed, that is.</p>
  79. <p>Following the recent takeover of Twitter by a proto-fascist billionaire man-baby, people have been fleeing<sup id="fnref:1"></sup> to the fediverse<sup id="fnref:2"></sup>. Among them are folks who, on Twitter, at least, had millions of followers like <a href="https://mastodon.nu/@gretathunberg">Greta Thunberg</a> and, more recently, <a href="https://mastodonapp.uk/@stephenfry">Stephen Fry.</a><sup id="fnref:3"></sup></p>
  80. <p>“Well, surely that’s a good thing? It’ll get everyone talking about the fediverse, decentralisation, and maybe even that <a href="">Small Web</a> thing you keep harping on about all the time, Aral, no?”</p>
  81. <p>Well, yes and no… you see, there is such a thing as <strong>too much of a good thing.</strong> And, on the fediverse today, that appears to be “engagement when you’re popular.” In fact, it could be deadly (to Mastodon instances, that is).</p>
  82. <p>Read on and I’ll try to explain what I mean by using my own account as an example.</p>
  83. <h2 id="how-to-kill-a-mastodon-hint-by-being-chatty-when-youre-popular">How to kill a Mastodon (hint: by being chatty when you’re popular)</h2>
  84. <p>Needless to say, I’m not a celebrity.</p>
  85. <p>And yet, on the fediverse, I find myself in a somewhat unique situation where:</p>
  86. <ol>
  87. <li>
  88. <p><strong>I have my own personal Mastodon instance, just for me.</strong><sup id="fnref:4"></sup></p>
  89. </li>
  90. <li>
  91. <p><strong>I’m followed by quite a number of people.</strong> Over 22,000, to be exact.<sup id="fnref:5"></sup></p>
  92. </li>
  93. <li>
  94. <p><strong>I follow a lot of people and I genuinely enjoy having conversations with them.</strong> (I believe this is what the cool kids call “engagement”.)</p>
  95. </li>
  96. </ol>
  97. <p>Unfortunately, the combination of these three factors creates a perfect storm<sup id="fnref:6"></sup> which means that now, every time I post something that gets lots of engagement, I essentially end up carrying out a <a href="https://en.wikipedia.org/wiki/Denial-of-service_attack">denial of service attack</a> on myself.</p>
  98. <h2 id="mastodon-denial-of-service-as-a-service">Mastodon: denial-of-service as a service?</h2>
  99. <p>Yesterday was my birthday.</p>
  100. <p>So, of course, I posted about it on my Mastodon instance.</p>
  101. <p>It got quite a few replies. And, because it’s only polite, I started replying to everyone with thank-you messages.</p>
  102. <p>Oh, no, you poor, naïve man, you. What were you thinking?!…</p>
  103. <p>I’ll let my friend <a href="https://hugo.gameiro.pt/">Hugo Gameiro</a>, who runs <a href="https://masto.host">masto.host</a> and hosts my instance, explain what happened next:<sup id="fnref:7"></sup></p>
  104. <blockquote>
  105. <p>You just get a lot of engagement and that requires a ton of <a href="https://sidekiq.org/">Sidekiq</a> power to process.</p>
  106. <p>For example, let’s look at your birthday post …  besides requiring thousands of Sidekiq jobs to spread your post through all their servers (you have 23K followers, let’s assume 3K different servers<sup id="fnref:8"></sup>), as soon as you create the post 3K Sidekiq jobs are created. At your current plan you have 12 Sidekiq threads, so to process 3K jobs it will take a while because it can only deal with 12 at a time.</p>
  107. <p>Then, for each reply you receive to that post, 3K jobs are created, so your
  108. followers can see that reply without leaving their server or looking at
  109. your profile. Then you reply to the reply you got, another 3K jobs are
  110. created and so on. </p>
  111. <p>If you replied to the 100 replies you got on that post in 10 minutes (and assuming my 3K servers math is right). You created 300K jobs in Sidekiq. That’s why you get those queues.</p>
  112. </blockquote>
  113. <p>So what does that mean if you’re not into the technical mumbo-jumbo?</p>
  114. <p>It means I was too chatty while being somewhat popular.</p>
  115. <figure>
  116. <img src="https://ar.al/2022/11/09/sidekiq-stats-during-my-birthday-post.png" alt="Screenshot of my Sidekiq stats, showing 175,082 enqueued tasks as I was replying to folks on my birthday post"> <figcaption>
  117. <p>What a traffic jam looks like in Mastodon.</p>
  118. </figcaption>
  119. </figure>
  120. <p>So, what’s the solution?</p>
  121. <p>Well, there’s only one thing you can do when you find yourself in such a pickle: scale up your Mastodon instance.<sup id="fnref:9"></sup> The problem with that? It starts getting expensive.</p>
  122. <p>Prior to the latest Twitter migration<sup id="fnref:10"></sup>, I was paying around €280/year (or a little over €20/month) for my Mastodon instance on a custom plan I had with Hugo from the early days. This week, I upped that to a roughly €50/month plan. And that’s still not enough as my birthday post just showed so Hugo, kindly, has suggested he might have to come up with a custom plan for me.</p>
  123. <p>And yet, the problem is not one that will go away. We can only kick the ball down the road, as it were.</p>
  124. <p>(Unless I piss everyone off with this post, that is.)</p>
  125. <p>Thankfully, by running my own instance, the only person I’m burdening with this additional expense is me. But what if I’d been on a public instance run by someone else instead?</p>
  126. <h2 id="musk-you">Musk you?</h2>
  127. <p>If Elon Musk wanted to destroy <a href="https://mastodon.social">mastodon.social</a>, the flagship Mastodon instance, all he’d have to do is join it.<sup id="fnref:11"></sup></p>
  128. <p>Thank goodness Elon isn’t that smart.</p>
  129. <p>I jest, of course… <a href="https://en.wikipedia.org/wiki/Eugen_Rochko">Eugen</a> would likely ban his account the moment he saw it. But it does illustrate a problem: Elon’s easy to ban. Stephen, not so much. He’s a national treasure for goodness’ sake. One does not simply ban Stephen Fry.</p>
  130. <p>And yet Stephen can similarly (yet unwittingly) cause untold expense to the folks running Mastodon instances just by joining one.<sup id="fnref:12"></sup></p>
  131. <p>The solution, for Stephen at least, is simple: <a href="https://mastodon.ar.al/@aral/109311046067489334">he should run his own personal instance.</a></p>
  132. <p>(Or get someone else to run it for him, like I do.)<sup id="fnref:13"></sup></p>
  133. <p>Running his own instance would also give Stephen one additional benefit: he’d automatically get verified.</p>
  134. <p>After all, if you’re talking to, say, <em>@stephen@social.stephenfry.com</em>, you can be sure it’s really him because you know he owns the domain.</p>
  135. <h2 id="personal-instances-to-the-rescue">Personal instances to the rescue</h2>
  136. <figure>
  137. <p class="videoWrapper">
  138. </p>
  139. <figcaption><p>My speech at the European Parliament on the problem with Big Tech and the different approaches provided by Mastodon, the fediverse, and Small Web.</p></figcaption>
  140. </figure>
  141. <p>Wait, I’m confused… didn’t you say that personal instances were part of the problem?</p>
  142. <p>Yes and no: they are and they shouldn’t be.</p>
  143. <p>If ActivityPub (the protocol) and Mastodon (a server that adheres to that protocol) were designed to incentivise decentralisation, having more instances in the network would not be a problem. In fact, it would be the sign of a healthy, decentralised network.</p>
  144. <p>However, ActivityPub and Mastodon are designed the same way Big Tech/Big Web is: to encourage services that host as many “users”<sup id="fnref:14"></sup> as they can.</p>
  145. <p>This design is both complex (which makes it difficult and expensive to self-host) and works beautifully for Big Tech (where things are centralised and scale vertically and where the goal is to get/own/control/exploit as many users as possible).</p>
  146. <p>In Big Tech, the initial cost of obtaining such scale is subsidised by vast amounts of venture capital (rich people investing in exploitative and extractive new businesses – which Silicon Valley calls Startups™ – in an effort to get even richer) and it leads to the amassing of the centres<sup id="fnref:15"></sup> we know today as the Googles, Facebooks, and Twitters of the world.</p>
  147. <p>However, unlike Big Tech, the stated goal of the fediverse is to decentralise things, not centralise them. Yet how likely is it we can achieve the opposite of Big Tech’s goals while adopting its same fundamental design?</p>
  148. <p>When you adopt the design of a thing, you also inherit the success criteria that led to the evolution of that design. If that success criteria does not align with your own goals, you have a problem on your hands.</p>
  149. <p>What I’m trying to say is:</p>
  150. <p><a href="https://mastodon.ar.al/@aral/109274437122830092">Do not adopt the success criteria of Big Tech lest you should become Big Tech.</a></p>
  151. <h2 id="bigger-is-not-better">Bigger is not better</h2>
  152. <p>Today, we equate the size of mastodon.social (the instance run by Eugen) with how successful Mastodon (the software created by Eugen) is. This is very dangerous. The larger mastodon.social gets, the more it will become like Twitter.</p>
  153. <p>I can almost hear you shout, “But Aral, it’s federated! At least there’s no lock-in to mastodon.social!”</p>
  154. <p>This is true.</p>
  155. <p>You know what else is federated? Email.</p>
  156. <p>Have you ever heard of a little old email instance called Gmail? (Or perhaps the term <a href="https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish">“embrace, extend, extinguish?”</a>)</p>
  157. <p>Do you know what happens to your email if Google says (rightly or wrongly) that you’re spam? No one sees your email.</p>
  158. <p>You know what happens if mastodon.social blocks your instance? Hundreds of thousands of people (soon, millions?) do not get a choice in whether they see your posts or not.</p>
  159. <p>What happens when your instance of one blocks mastodon.social? Nothing, really.</p>
  160. <p>That’s quite a power imbalance.</p>
  161. <h2 id="decentralisation-begins-at-decentring-yourself">Decentralisation begins at decentring yourself</h2>
  162. <p>Mastodon is a not-for-profit, and I have no reason to believe that Eugen has anything but the best of intentions.</p>
  163. <p>However, <a href="https://ar.al/2022/02/16/decentralisation-begins-at-decentring-yourself/">decentralisation begins at decentring yourself</a>.</p>
  164. <p>It’s in the interests of the fediverse that mastodon.social sets a good example by limiting its size voluntarily.</p>
  165. <p>In fact, this should be built right into the software. Mastodon instances should be limited from growing beyond a certain size. Instances that are already too large should have ways of encouraging people to migrate to smaller ones.</p>
  166. <p>As a community we should approach large instances as tumours: how do we break them up so they are no longer a threat to the organism?</p>
  167. <p>If you take this approach to its logical conclusion, you will arrive at the concept of the <a href="https://ar.al/2020/08/07/what-is-the-small-web/">Small Web</a>; a web where we each own and control our own place (or places).</p>
  168. <figure>
  169. <video id="small-is-beautiful" controls="" preload="none" src="https://player.vimeo.com/progressive_redirect/playback/762676594/rendition/1080p/file.mp4?loc=external&amp;signature=6f327f42324b157a97add4fd4c532c69e0cdd29b206ff93f79f4cdae570ed922#t=185" poster="https://small-tech.org/videos/small-is-beautiful-23/poster.jpg">
  170. <img src="https://small-tech.org/videos/small-is-beautiful-23/poster.jpg" alt="">
  171. <p>Sorry, your browser doesn't support embedded videos. But that doesn’t mean you can’t watch it! You can <a href="https://player.vimeo.com/progressive_redirect/playback/762676594/rendition/1080p/file.mp4?loc=external&amp;signature=6f327f42324b157a97add4fd4c532c69e0cdd29b206ff93f79f4cdae570ed922#t=27">download
  172. Small Is Beautiful #23 directly</a>, and watch it with your favourite video player.</p>
  173. </video>
  174. <figcaption><p><a href="https://owncast.small-web.org">Small Is Beautiful</a> (Oct, 2022): What is the Small Web and why do we need it?</p>
  175. </figcaption>
  176. </figure>
  177. <p>I’m not saying that the current fediverse protocols and apps can, will, or even necessarily <em>should</em> evolve into the Small Web.<sup id="fnref:16"></sup> In the here and now, the fediverse is an invaluable stopgap that provides a safer haven than the centralised cesspits of Silicon Valley.</p>
  178. <p>How long the stopgap lasts will depend on how successful we are at resisting centralisation. Protocol and server designs that incentivise vertical scale will not necessarily make this easy. However, there are social pressures we can use to counter their effects.</p>
  179. <p>The last thing you want is a handful of mini Zuckerbergs running the fediverse. Or worse, to find yourself having become one of those mini Zuckerbergs.</p>
  180. <p>I love that the fediverse exists. And I have the utmost respect for the gargantuan effort that’s going into it.</p>
  181. <p>And yet, I am also very concerned<sup id="fnref:17"></sup> that the design decisions that have been made incentivise centralisation, not decentralisation. I implore us to acknowledge this, to mitigate the risks as best we can, to strive to learn from our mistakes, and to do even better going forward.</p>
  182. <p>So to the ActivityPub and Mastodon folks, I say:</p>
  183. <p>Consider me your canary in the coal mine…</p>
  184. <p><strong>«Chirp! Chirp! Chirp!»</strong></p>
  185. </article>
  186. <hr>
  187. <footer>
  188. <p>
  189. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  190. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  191. </svg> Accueil</a> •
  192. <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">
  193. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-rss2"></use>
  194. </svg> Suivre</a> •
  195. <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">
  196. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-user-tie"></use>
  197. </svg> Pro</a> •
  198. <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">
  199. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-mail"></use>
  200. </svg> Email</a> •
  201. <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">
  202. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-hammer2"></use>
  203. </svg> Légal</abbr>
  204. </p>
  205. <template id="theme-selector">
  206. <form>
  207. <fieldset>
  208. <legend><svg class="icon icon-brightness-contrast">
  209. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-brightness-contrast"></use>
  210. </svg> Thème</legend>
  211. <label>
  212. <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
  213. </label>
  214. <label>
  215. <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
  216. </label>
  217. <label>
  218. <input type="radio" value="light" name="chosen-color-scheme"> Clair
  219. </label>
  220. </fieldset>
  221. </form>
  222. </template>
  223. </footer>
  224. <script src="/static/david/js/instantpage-5.1.0.min.js" type="module"></script>
  225. <script>
  226. function loadThemeForm(templateName) {
  227. const themeSelectorTemplate = document.querySelector(templateName)
  228. const form = themeSelectorTemplate.content.firstElementChild
  229. themeSelectorTemplate.replaceWith(form)
  230. form.addEventListener('change', (e) => {
  231. const chosenColorScheme = e.target.value
  232. localStorage.setItem('theme', chosenColorScheme)
  233. toggleTheme(chosenColorScheme)
  234. })
  235. const selectedTheme = localStorage.getItem('theme')
  236. if (selectedTheme && selectedTheme !== 'undefined') {
  237. form.querySelector(`[value="${selectedTheme}"]`).checked = true
  238. }
  239. }
  240. const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
  241. window.addEventListener('load', () => {
  242. let hasDarkRules = false
  243. for (const styleSheet of Array.from(document.styleSheets)) {
  244. let mediaRules = []
  245. for (const cssRule of styleSheet.cssRules) {
  246. if (cssRule.type !== CSSRule.MEDIA_RULE) {
  247. continue
  248. }
  249. // WARNING: Safari does not have/supports `conditionText`.
  250. if (cssRule.conditionText) {
  251. if (cssRule.conditionText !== prefersColorSchemeDark) {
  252. continue
  253. }
  254. } else {
  255. if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
  256. continue
  257. }
  258. }
  259. mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
  260. }
  261. // WARNING: do not try to insert a Rule to a styleSheet you are
  262. // currently iterating on, otherwise the browser will be stuck
  263. // in a infinite loop…
  264. for (const mediaRule of mediaRules) {
  265. styleSheet.insertRule(mediaRule.cssText)
  266. hasDarkRules = true
  267. }
  268. }
  269. if (hasDarkRules) {
  270. loadThemeForm('#theme-selector')
  271. }
  272. })
  273. </script>
  274. </body>
  275. </html>