Email or username:

Password:

Forgot your password?
42 posts total
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Answer: “zero trust”

Question: “how much confidence do you have in people sticking crap straight on the internet and hoping that access controls work effectively?”

DELETED

@jerry my answer would be : Damn too many.

It’s why i quite like tailscale ACL that actually allow to write test, so the ACL changes are ignored if the ACL fail the test.

You are not directly link to internet and it’s also preventing accidental opening to any people you may have invited with those ACL test.

Kacper Potoczny

@jerry please, don't remind me about my services. Some day I'll put everything in a tunnel.

...
Just give me a bit more time so set the IPsec some day...

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Years ago, I created a bot that posted Sun Tzu quotes, if Sun Tzu had written about cyber war. When X closed up API access that bot broke, and it never was high on my list of priorities to bring here. Well, I just fixed that. May I introduce you to @SunTzuCyber, which posts every 6 hours. The posts are set up as unlisted/quiet public, so they won't show up in timelines unless you follow it.

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

@SunTzuCyber I should add: I created it at a time when I thought it ridiculous that everyone was including (real) Sun Tzu quotes in their security conference presentations.

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

I've been participating in the fediverse for about 8.5 years now, and have run infosec.exchange as well as a growing number of other fediverse services for about 7.5 of those years. While I am generally not the target of harassment, as an instance administrator and moderator, I've had to deal with a very, very large amount of it. Most commonly that harassment is racism, but to be honest we get the full spectrum of bigotry here in different proportions at different times. I am writing this because I'm tired of watching the cycle repeat itself, I'm tired of watching good people get harassed, and I'm tired of the same trove of responses that inevitably follows. If you're just in it to be mad, I recommend chalking this up to "just another white guy's opinion" and move on to your next read.

The situation nearly always plays out like this:

A black person posts something that gets attention. The post and/or person's account clearly designates them as being black.

A horrific torrent of vile racist responses ensues.

The victim expresses frustration with the amount of harrassment they receive on Mastodon/the Fediverse, often pointing out that they never had such a problem on the big, toxic commercial social media platforms. There is usually a demand for Mastodon to "fix the racism problem".

A small army of "helpful" fedi-experts jumps in with replies to point out how Mastodon provides all the tools one needs to block bad actors.

Now, more exasperated, the victim exclaims that it's not their job to keep racists in check - this was (usually) cited as a central reason for joining the fediverse in the first place!

About this time, the sea lions show up in replies to the victim, accusing them of embracing the victim role, trying to cause racial drama, and so on. After all, these sea lions are just asking questions since they don't see anything of what the victim is complaining about anywhere on the fediverse.

Lots of well-meaning white folk usually turn up about this time to shout down the seal lions and encouraging people to believe the victim.

Then time passes... People forget... A few months later, the entire cycle repeats with a new victim.

Let me say that the fediverse has a both a bigotry problem that tracks with what exists in society at large as well as a troll problem. The trolls will manifest themselves as racist when the opportunity presents itself, anti-trans, anti-gay, anti-women, anti-furry, and whatever else suits their fancy at the time. The trolls coordinate, cooperate, and feed off each other.

What has emerged, in my view, on the fediverse is a concentration of trolls onto a certain subset of instances. Most instances do not tolerate trolls, and with some notable exceptions, trolls don't even bother joining "normal" instances any longer. There is no central authority that can prevent trolls from spinning up fediverse software of their own servers using their own domains names and doing their thing on the fringes. On centralized social media, people can be ejected, suspended, banned, and unless they keep trying to make new accounts, that is the end of it.

The tools for preventing harassment on the fediverse are quite limited, and the specifics vary between type of software - for example, some software like Pleroma/Akkoma, lets administrators filter out certain words, while Mastodon, which is what the vast majority of the fediverse uses, allows both instance administrators and users to block accounts and block entire domains, along with some things in the middle like "muting" and "limiting". These are blunt instruments.

To some extent, the concentration of trolls works in the favor of instance administrators. We can block a few dozen/hundred domains and solve 98% of the problem. There have been some solutions implemented, such as block lists for "problematic" instances that people can use, however many times those block lists become polluted with the politics of the maintainers, or at least that is the perception among some administrators. Other administrators come into this with a view that people should be free to connect with whomever on the fediverse and delegate the responsibility for deciding who and who not to block to the user.

For this and many other reasons, we find ourselves with a very unevenly federated network of instances.

Wit this in mind, if we take a big step back and look at the cycle of harassment I described from above, it looks like this:

A black person joins an instance that does not block m/any of the troll instances.

That black person makes a post that gets some traction.

Trolls on some of the problematic instances see the post, since they are not blocked by the victim's instance, and begin sending extremely offensive and harassing replies. A horrific torrent of vile racist responses ensues.

The victim expresses frustration with the amount of harassment they receive on Mastodon/the Fediverse, often pointing out that they never had such a problem on the big, toxic commercial social media platforms. There is usually a demand for Mastodon to "fix the racism problem".

Cue the sea lions. The sea lions are almost never on the same instance as the victim. And they are almost always on an instance that blocks those troll instances I mentioned earlier. As a result, the sea lions do not see the harassment. All they see is what they perceive to be someone trying to stir up trouble.

...and so on.

A major factor in your experience on the fediverse has to do with the instance you sign up to. Despite what the folks on /r/mastodon will tell you, you won't get the same experience on every instance. Some instances are much better keeping the garden weeded than others. If a person signs up to an instance that is not proactive about blocking trolls, they will almost certainly be exposed to the wrath of trolls. Is that the Mastodon developers' fault for not figuring out a way to more effectively block trolls through their software? Is it the instance administrator's fault for not blocking troll instances/troll accounts? Is it the victim's fault for joining an instance that doesn't block troll instances/troll accounts?

I think the ambiguity here is why we continue to see the problem repeat itself over and over - there is no obvious owner nor solution to the problem. At every step, things are working as designed. The Mastodon software allows people to participate in a federated network and gives both administrators and users tools to control and moderate who they interact with. Administrators are empowered to run their instances as they see fit, with rules of their choosing. Users can join any instance they choose. We collectively shake our fists at the sky, tacitly blame the victim, and go about our days again.

It's quite maddening to watch it happen. The fediverse prides itself as a much more civilized social media experience, providing all manner of control to the user and instance administrators, yet here we are once again wrapping up the "shaking our fist at the sky and tacitly blaming the victim" stage in this most recent episode, having learned nothing and solved nothing.

I've been participating in the fediverse for about 8.5 years now, and have run infosec.exchange as well as a growing number of other fediverse services for about 7.5 of those years. While I am generally not the target of harassment, as an instance administrator and moderator, I've had to deal with a very, very large amount of it. Most commonly that harassment is racism, but to be honest we get the full spectrum of bigotry here in different proportions at different times. I am writing this because...

Show previous comments
Mark T. Tomczak

@jerry The endgame is likely that we start seeing Fediverse servers spin up with an allow-list that auto-ignores / auto-blocks all other servers until and unless an admin explicitly admits them.

We saw a similar pattern with email when the spam problem began to tilt towards intractable (in that while you can spin up your own email server, good luck getting Google or Microsoft's servers to accept and transmit your messages if you have no history at all).

(What's that Gibson quote? "It started with an inverted killfile...")

@jerry The endgame is likely that we start seeing Fediverse servers spin up with an allow-list that auto-ignores / auto-blocks all other servers until and unless an admin explicitly admits them.

We saw a similar pattern with email when the spam problem began to tilt towards intractable (in that while you can spin up your own email server, good luck getting Google or Microsoft's servers to accept and transmit your messages if you have no history at all).

Zvonimir Stanecic

@pixelate @jerry just the american problem. Why we don't have problems with it?

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

I haven’t posted many pictures of Cruzan, but now that he lives with me, you’ll be seeing him more on #caturday

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

I am visiting eevee’s new house this evening. Well, my son and his fiancé are here too.

#caturday

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Thor is ugly sleeping in his favorite chair facing the sliding door out to the gulf.
#caturday

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

>

I can’t tell you how angry this makes me feel for this maintainer.

I don’t know who Jigar Kumar is, or what the motivation was behind the emails that the author is referencing, but I can tell you if I was trying to get a bad actor in as a trusted developer, this is how I would approach it.

Good post.

robmensching.com/blog/posts/20

Show previous comments
BlueBee

@jerry

We need a system that pays people based on adoption of their project. A system that moves us towards an honest to God meritocracy.

This getting paid to sell other people's stuff, pollute, and steal others effort thing sucks.

If only it was so simple.

Nick Selby :donor:

@jerry Wow. That is a great piece. Thanks for sharing, which I will, now, as well.

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

This is by far the worst spam campaign I’ve seen in my 7 years here on the fediverse

Show previous comments
Fabrice Roux :verified: :donor:

@jerry *Homer from the back of the room* Worst spam campaign so far. 😬

jenbanim

@jerry spending my Friday evening just hanging out in the "other servers" feed banning spam accounts as they pop up

There are worse hobbies I suppose

You might be interested in following the mod tools discussion promoted by this here:

github.com/mastodon/mastodon/i

Cassander

@jerry If it helps, I've seen way more discussion about how terrible this spam wave is than any actual spam 🤷🏻‍♂️

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Hello everyone. I know that these are tough times for many people. If you derive value from the fediverse and have the means to do so, please consider donating to support your instance. Most instances rely on donations to pay the bills (infosec.exchange and friends cost over $3000/month to host).

Instructions on how to donate are generally available on your instance's "about" page (for example: infosec.exchange/about)

Also, I firmly believe that access to the fediverse should not be tied to one's ability to pay, and I think it's even more important for those in difficult situations to maintain the social connections that the fediverse provides, so (at least in my view) donations are welcome, but not required in any way.

And for those people who already donate, my hats off to you. You make the fediverse possible. :blobheartcat:​

Hello everyone. I know that these are tough times for many people. If you derive value from the fediverse and have the means to do so, please consider donating to support your instance. Most instances rely on donations to pay the bills (infosec.exchange and friends cost over $3000/month to host).

Instructions on how to donate are generally available on your instance's "about" page (for example: infosec.exchange/about)

Show previous comments
Taig McNab

@jerry do you have a preference / get a better cut from any of your payment processors?


@jerry instances should accept donations of cryptocurrency. For philosophical consistency.

Christoff :stealie: 🌈⃤👁️

@jerry what are the metrics, assuming if 1% of users donated $1/month, it would more than cover everything?

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Hey, @trending_bot is pretty cool. It boosts the trending posts from a some top instances. I know some people have asked for algorithmic feeds - it's certainly not the same, but it will help get trending things in your home timeline that might not otherwise land there.

Show previous comments
Joe

@jerry @trending_bot I already look at "trending" occasionally so I don't think this would add anything (unless something is trending on "some top instances" but not my instance).

Andrew Starr :donor:

@jerry my Android client @Tusky has something similar, and from a brief look they're surfacing a similar set of posts (note it's an option within settings to enable both this and trending hashtags).

Screenshot of Tusky home bar showing trending posts option.
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

I would like to take a moment to orient people to a brand new and highly innovative feature that was recently introduced in mastodon and many other fedi-apps. This feature enables you to not have to see posts from or interact with people whose posts you don’t like, don’t agree with, or are otherwise offended by.

I like to call it the “block button”.

Does someone on the fedi support the “other side” in the Israel/Hamas conflict? Instead of asking your moderators to figure out which side is objectively right in a no win situation, BLOCK! It’s amazing!

Did someone just say that they are frustrated that they got Covid after having gotten all the vaccines? That’s not disinformation, it’s an opinion and you can block them!

Does someone seem a little too happy that one of Biden’s staff got in trouble or that a democrat is getting charged? BLOCK! It’s amazing!

Did someone use the word Nazi in a way that offends you? Yep, you guessed it! BLOCK!

I have no idea what the median age of people on the fediverse are, but it’s disappointing that moderators are effectively having to act as camp counselors for 13 year olds who are having a disagreement. Yes, the substance of these disagreements tend to be much more consequential, but the pettiness is about the same or perhaps worse.

If someone is harassing you or otherwise violating your instances rules, please do report them, but try to apply some perspective.

I would like to take a moment to orient people to a brand new and highly innovative feature that was recently introduced in mastodon and many other fedi-apps. This feature enables you to not have to see posts from or interact with people whose posts you don’t like, don’t agree with, or are otherwise offended by.

Show previous comments
SoapyFMF

@jerry

The point you are missing is that many Mastodonians WANT the drama.

It is a powerful distraction. It gets them away from things they don't want to do, it gets them away from boredom. If they are rageaholics it makes them feel temporarily powerful too.

Martin Wüthrich

@jerry fully agree. i think "be like bill" is still accurate these days?
knowyourmeme.com/memes/be-like
thank you for your work!

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

Apparently unlike the leader of another social media network, I have never turned off satellites to thwart the military operations of one of my country’s allies in their attempt to defend themselves against an aggressor.

Show previous comments
INPC

@jerry Same here, it’s not the sort of thing my social media company is into.

Greg Bell

@jerry I keep telling people you're one of the good ones

Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

“Is mastodon like twitter?”

“No, not at all. Mastodon is still a thing.”

Show previous comments
Nile A. Crownis

@jerry Mastodon is not Twitter, but I think we need to add some UX/UI solution of Twitter for apps and web version

Go Up