I deliberately omitted those two. Notice I said “in the free decentralized world”. The sh.itjust.works and lemmy.world nodes should not be promoted because they are centralized (by two factors) and antithetical to the purpose of the fedi.
factor 1: disproportionate size thus concentration of power by those admins over an unacceptably large population.
factor 2: cloudflare, who currently decides who gets access to ~20—30% of all websites in the world. CF abuses their power and they marginalize several demographics of people (including poor people who live in regions where ISPs have to use CGNAT).
So I suggest not feeding those communities. It might be interesting to replicate their content here in such a way that it doesn’t link back to them.
It’s worth noting as well that Cloudflare’s breakage proliferates when CF’d nodes crosspost outside of their walled garden. E.g. if a CF-sourced image is crossposted to slrpnk.net, the image is inaccessible to me (and everyone else CF excludes) so I get a half missing post. Many people are here in the sufficiently decentralized portion of the fedi to escape abuses of concentrated power.
I wouldn’t have known what you mean by that without context.
factor 2: cloudflare
I wonder if they would be interested in alternatives to cloudflare. I’m assuming it’s the easiest one to deploy, but they may be open to alternatives if it isn’t too much trouble to switch.
More often than not, admins are interested in alternatives. When they hear there are no gratis alternatives, they shut down. CF is deceptively gratis. That is, the gratis plan is for relatively low consumption. When a service comes under attack which then leverages the defense admins signed up for, Cloudflare taps them on the shoulder and says: hey, you’re exceeding the bandwidth of the gratis plan… time to switch to premium. So the “free” evaporates.
Slightly more clever admins will use CF DNS and maintain their site in a non-proxied state (sparing their users from Cloudflare exclusion and over-sharing). Then when an attack hits they just have to flip a switch and CF is put into play. That switch can even be scripted to happen automatically.
Even more clever admins (e.g. infosec.pub) are very knowledgeable about how to do security properly without offloading their security problems onto everyone else.
I don’t really know the guy but I’m sure he is quite busy. He also runs infosec.exchange and a Threads-defederated variant of that, and an onion mirror, and fedia.io. fedia.io is on kbin/mbin and thus very buggy and he seems to put a lot of energy into chasing those bugs. IIRC he mentioned his bills are like $3k/month for one of or all of those nodes. Wouldn’t hurt to ask but the question should probably come direct from the interested admins. Maybe they could hire him.
Naah. Their points are very valid. Unmoderated communities are easily remedied by reaching out to admins. If they didn’t have their other points, I would suggest they just try taking over an existing community.
The question would be, why bother? If they’re unmodded and nobody’s putting in any effort with them, what’s to be gained by taking them over rather than just focusing on this one?
As a user of sh.itjust.works, I was unaware of the Cloudflare issue, and I still do not fully understand it. What does Cloudflare do, and what problems does it pose to my instance and the Fediverse as a whole? Should I be petitioning my admins to move to an alternative?
As for the disproportionate size, I think that is somewhat inevitable, even with a Federated platform. There will always be a small number of large instances and a large number of small instances. I’m not sure if size alone is a reason to migrate a community, though if a more active equivalent exists on a smaller instance, that should obviously be celebrated.
It might be interesting to replicate their content here in such a way that it doesn’t link back to them.
That is an interesting idea, but I’m not sure if it would work in this case. Many posts are in a Q&A format, and if a bot were to crosspost all the content here, any answers here wouldn’t necessarily make it back to the OP. Had you considered this? In general, I think that we ought to be strengthening ties between instances rather than weakening them.
You could fill a book on the harm Cloudflare does. To describe the walled garden, they have designed Cloudflare without a login so that people in the included group don’t even know they are participating in digital exclusion and supporting a walled garden by a tech giant. The gate is invisible. Those of us in the excluded group see a deceptive block screen that says it’s doing a security check but in reality it’s doing nothing but showing a non-stop spinner. Some people get a CAPTCHA which is often broken (always broken for me).
By default, Cloudflare blocks access to the following groups of people:
users whose ISP uses CGNAT to distribute a limited range of IPv4 addresses (this generally impacts poor people in impoverished regions)
the Tor community
VPN users
users of public libraries, and generally networks where IP addresses are shared
blind people who disable images in their browsers (which triggers false positives for robots, as scripts are generally not interested in images either)
the permacomputing community and people on limited internet connections, who also disable browser images to reduce bandwidth which makes them appear as bots
people who actually run bots – Cloudflare is outspokenly anti-robot and treats beneficial bots the same as malicious bots
If you are in the included group and get access to a Cloudflare site, CF is a man in the middle who sees all the traffic. The padlock you see only means that your traffic is secure from you to Cloudflare (not to the host you think you are visiting). Cloudflare sees your userid and password, your DMs, everything. CF has grown to take ~20—30% of the web. So probably around roughly ¼ of your web activity is all seen by that one corporation which operates in a country without privacy safegards. So in addition to the above list of groups of people who Cloudflare blocks from web access, there is a group of privacy enthusiasts who block CF as they refuse to disclose ~25% of their web traffic to CF.
As for the disproportionate size, I think that is somewhat inevitable, even with a Federated platform.
It’s only inevitable to the extent that it’s inevitable that you will have admins who don’t grasp the philosophy. Admins who embrace the principles of decentralization close registration before their user count gets excessive (lemmy.ml demonstrated some restraint in this regard though some would say they should have closed reg sooner). Others will carry on, and bring in Cloudflare to supercharge the capacity which brings the problem that Cloudflare itself is centralized. They have effectively joined the centralized walled garden and brought a disproportionately large number of unwitting users into that exclusive venue. I say “unwitting” because sh.itjust.works and lemmy.world does not disclose to the users the fact that they are in a walled garden and that they share all the traffic with a US tech giant. Their greed is why there are disproportionately small nodes. It is sh.itjust.works and lemmy.world who decided to exploit all the individuals who individually decide they want to be in the same place where everyone else is, which ruins the balance and keeps small nodes overly small.
Many posts are in a Q&A format, and if a bot were to crosspost all the content here, any answers here wouldn’t necessarily make it back to the OP. Had you considered this?
I didn’t necessarily mean to imply that a bot would do the job, but indeed a bot would make sense. The purpose of copying traffic out of the centralized walled garden into a free world instance would be to feed info to those who have chosen the ethical venue. The purpose would not be to feed the giants in any way. So if it’s a personal question post that does not enrich the commons with information then the post could be removed by the bot operator. Or if the question likely provokes an interesting chat then it could be left alone. Responders who want the OP to see the response could simply mention them in the response and the OP would get a notification.
I deliberately omitted those two. Notice I said “in the free decentralized world”. The
sh.itjust.worksandlemmy.worldnodes should not be promoted because they are centralized (by two factors) and antithetical to the purpose of the fedi.So I suggest not feeding those communities. It might be interesting to replicate their content here in such a way that it doesn’t link back to them.
It’s worth noting as well that Cloudflare’s breakage proliferates when CF’d nodes crosspost outside of their walled garden. E.g. if a CF-sourced image is crossposted to slrpnk.net, the image is inaccessible to me (and everyone else CF excludes) so I get a half missing post. Many people are here in the sufficiently decentralized portion of the fedi to escape abuses of concentrated power.
I wouldn’t have known what you mean by that without context.
I wonder if they would be interested in alternatives to cloudflare. I’m assuming it’s the easiest one to deploy, but they may be open to alternatives if it isn’t too much trouble to switch.
More often than not, admins are interested in alternatives. When they hear there are no gratis alternatives, they shut down. CF is deceptively gratis. That is, the gratis plan is for relatively low consumption. When a service comes under attack which then leverages the defense admins signed up for, Cloudflare taps them on the shoulder and says: hey, you’re exceeding the bandwidth of the gratis plan… time to switch to premium. So the “free” evaporates.
Slightly more clever admins will use CF DNS and maintain their site in a non-proxied state (sparing their users from Cloudflare exclusion and over-sharing). Then when an attack hits they just have to flip a switch and CF is put into play. That switch can even be scripted to happen automatically.
Even more clever admins (e.g. infosec.pub) are very knowledgeable about how to do security properly without offloading their security problems onto everyone else.
Do you think the Infosec.pub admin would be willing to give some pointers to .World and .Works? That might be an interesting angle to persue.
I don’t really know the guy but I’m sure he is quite busy. He also runs infosec.exchange and a Threads-defederated variant of that, and an onion mirror, and fedia.io. fedia.io is on kbin/mbin and thus very buggy and he seems to put a lot of energy into chasing those bugs. IIRC he mentioned his bills are like $3k/month for one of or all of those nodes. Wouldn’t hurt to ask but the question should probably come direct from the interested admins. Maybe they could hire him.
You’re missing the main point, which is that they’re unmodded
Naah. Their points are very valid. Unmoderated communities are easily remedied by reaching out to admins. If they didn’t have their other points, I would suggest they just try taking over an existing community.
The question would be, why bother? If they’re unmodded and nobody’s putting in any effort with them, what’s to be gained by taking them over rather than just focusing on this one?
As a user of
sh.itjust.works, I was unaware of the Cloudflare issue, and I still do not fully understand it. What does Cloudflare do, and what problems does it pose to my instance and the Fediverse as a whole? Should I be petitioning my admins to move to an alternative?As for the disproportionate size, I think that is somewhat inevitable, even with a Federated platform. There will always be a small number of large instances and a large number of small instances. I’m not sure if size alone is a reason to migrate a community, though if a more active equivalent exists on a smaller instance, that should obviously be celebrated.
That is an interesting idea, but I’m not sure if it would work in this case. Many posts are in a Q&A format, and if a bot were to crosspost all the content here, any answers here wouldn’t necessarily make it back to the OP. Had you considered this? In general, I think that we ought to be strengthening ties between instances rather than weakening them.
You could fill a book on the harm Cloudflare does. To describe the walled garden, they have designed Cloudflare without a login so that people in the included group don’t even know they are participating in digital exclusion and supporting a walled garden by a tech giant. The gate is invisible. Those of us in the excluded group see a deceptive block screen that says it’s doing a security check but in reality it’s doing nothing but showing a non-stop spinner. Some people get a CAPTCHA which is often broken (always broken for me).
By default, Cloudflare blocks access to the following groups of people:
If you are in the included group and get access to a Cloudflare site, CF is a man in the middle who sees all the traffic. The padlock you see only means that your traffic is secure from you to Cloudflare (not to the host you think you are visiting). Cloudflare sees your userid and password, your DMs, everything. CF has grown to take ~20—30% of the web. So probably around roughly ¼ of your web activity is all seen by that one corporation which operates in a country without privacy safegards. So in addition to the above list of groups of people who Cloudflare blocks from web access, there is a group of privacy enthusiasts who block CF as they refuse to disclose ~25% of their web traffic to CF.
It’s only inevitable to the extent that it’s inevitable that you will have admins who don’t grasp the philosophy. Admins who embrace the principles of decentralization close registration before their user count gets excessive (lemmy.ml demonstrated some restraint in this regard though some would say they should have closed reg sooner). Others will carry on, and bring in Cloudflare to supercharge the capacity which brings the problem that Cloudflare itself is centralized. They have effectively joined the centralized walled garden and brought a disproportionately large number of unwitting users into that exclusive venue. I say “unwitting” because
sh.itjust.worksandlemmy.worlddoes not disclose to the users the fact that they are in a walled garden and that they share all the traffic with a US tech giant. Their greed is why there are disproportionately small nodes. It issh.itjust.worksandlemmy.worldwho decided to exploit all the individuals who individually decide they want to be in the same place where everyone else is, which ruins the balance and keeps small nodes overly small.I didn’t necessarily mean to imply that a bot would do the job, but indeed a bot would make sense. The purpose of copying traffic out of the centralized walled garden into a free world instance would be to feed info to those who have chosen the ethical venue. The purpose would not be to feed the giants in any way. So if it’s a personal question post that does not enrich the commons with information then the post could be removed by the bot operator. Or if the question likely provokes an interesting chat then it could be left alone. Responders who want the OP to see the response could simply mention them in the response and the OP would get a notification.