@Gargron Fair, if a single client is hitting it excessively...

Fair, if a single client is hitting it excessively then it should be cached and isnt good etiquette for sure. Not quite sure I'd call it a DDoS but still, its bad design.

@mkljczk @xorowl @jimpjorps

Like 2 Jul 2021 at 19:56 | Wall-to-wall | Open on qoto.org

10 comments

Eugen Rochko

@freemo @mkljczk @xorowl @jimpjorps Again, it's distributed DoS because they release this software (a game mod) to end-users whose IPs are the ones hitting the endpoints. As far as I understand, anyway. I'm currently analyzing the log files to find out how many unique IPs the requests are coming from.

2 Jul 2021 at 19:59 | Open on mastodon.social

marcin mikołajczak • migrated replied to Eugen

@Gargron @freemo @xorowl @jimpjorps itʼs for the 'community tabʼ like this and the requests are done client-side, custom server owners using FiveM can select an ap account they want to use

2 Jul 2021 at 20:17 | Open on mstdn.io

Rysiekúr Memesson replied to Eugen

@Gargron @freemo @mkljczk @xorowl @jimpjorps or, put differently:

Is it distributed? Yes.

Does it potentially lead to denial of service (through resource exhastion)? Yes.

Sounds about right.

2 Jul 2021 at 20:21 | Open on mastodon.social

🎓 Dr. Freemo :jpf: 🇳🇱 replied to Rysiekúr Memesson

@rysiek

I cant speak to Gargron's setup but I think most setups would be able to handle 3400 RPM on the outbox without even batting an eye.

Also by that logic if too many people start using mastodon clients on their phone or desktop then that is a DDoS since enough of them are distributed and would lead to resource depletion.

@Gargron @mkljczk @xorowl @jimpjorps

2 Jul 2021 at 20:24 | Open on qoto.org

Tek say vote replied to 🎓 Dr. Freemo :jpf: 🇳🇱

@freemo @rysiek @Gargron @mkljczk @xorowl @jimpjorps According to https://github.com/citizenfx/fivem/pull/757#issuecomment-873238836 it was 4,000 requests *per second*. That would make most instances cry.

2 Jul 2021 at 20:26 | Open on freeradical.zone

Eugen Rochko replied to Tek say vote

@tek @freemo @rysiek @mkljczk @xorowl @jimpjorps Sorry, that's one zero too many from me. 400 req/s. Corrected.

2 Jul 2021 at 20:27 | Open on mastodon.social

Tek say vote replied to Eugen

@Gargron @freemo @rysiek @mkljczk @xorowl @jimpjorps Ah, OK. That's still nontrivial.

2 Jul 2021 at 20:28 | Open on freeradical.zone

🎓 Dr. Freemo :jpf: 🇳🇱 replied to Tek say vote

@tek

then I misread it, that is on the high side.. though depends how many users were doing it. I would imagine mastodon clients in general produce more requests per second than that collectively but we wouldnt call those a DDoS... I dunno we are arguing semantics though, does it even matter what we call it?

@Gargron @rysiek @mkljczk @xorowl @jimpjorps

2 Jul 2021 at 20:30 | Open on qoto.org

Eugen Rochko replied to 🎓 Dr. Freemo :jpf: 🇳🇱

@freemo @tek @rysiek @mkljczk @xorowl @jimpjorps For comparison, average mastodon.social traffic is 200 req/s. I don't think it matters what we call it though. In my view it's a denial-of-service when it impacts performance due to unintended use, though maybe you could expand that to intended use as well. While the individual endpoints are intended to be used, it is the frequency with which they are retrieved that is unintended.

2 Jul 2021 at 20:33 | Open on mastodon.social

XorOwl replied to Eugen

@Gargron @freemo@qoto.org @tek @rysiek @mkljczk @jimpjorps
Linus Tech Tips' latest video on water cooling an SSD is a good illustration of this. Just because you can do it, doesn't mean it was intended use.

2 Jul 2021 at 20:45 | Open on mastodon.technology