yes, you should put a cache in front of a blog. nginx and wp-supercache do well. but.
mastodon's auto-DDOS feature is still obnoxious. and in a social network, technically designed in obnoxiousness is incompetent.
i realise it'd need extension of activitypub, but is anyone working on sending prerendered cards with the URL? just to save 1000 servers hammering the URL to generate their own cards locally.
@davidgerard I'm writing up a proposal which looks something like this.
Big problem is trusting the cache of other servers.
You have to. Mastodon's model of use would not want signatures on messages, which is the only way to keep things straight with actual assurance.
Failing that, you want to only fetch an image who's hash is provided by the poster's home instance.
@ncweaver @davidgerard you. I'll publish a blog post in the next few days.
@ncweaver @davidgerard as promised.
Here's a vague proposal to reduce DDoS while preserving privacy.
https://shkspr.mobi/blog/2022/11/webmentions-privacy-and-ddos-oh-my/
@Edent @ncweaver @davidgerard Interesting, but.. having a site implement WebMentions feels much like saying a site has to implement a CDN - how many sites have this enabled by default? I know mine doesn't...
I'd be concerned about the '0-day' impact of a bad actor sharing a link with a spoofed, defamatory card - imagine if this happened to a politician, for example. OK, that Mastodon instance would get defederated quite quickly but the damage might already be done.
@keefmarshall @Edent @ncweaver the alternative is heading toward Mastodon becoming commonly known as badly behaved software that upstream won't fix
@davidgerard @Edent @ncweaver In the longer term, I suspect we need some kind of 'signed' OG data card that can be validated as belonging to the originating website, without requiring a website fetch. Much like a JWT or similar can be verified without a callback.
But that would, presumably need a new W3C or similar standard of some kind, and web server support.
@keefmarshall @Edent @ncweaver i still think if you're trusting a Mastodon instance to send you a post, its card is not going to be less trustworthy than the post it's for
@davidgerard @Edent @ncweaver I suppose the issue is, if it's "just" a post, then it can be traced back to the Mastodon user and instance quite easily.
However, if it's a link to e.g. a public figure's website with "added" defamatory content, they may not even see it to report it at first. Perhaps this is no different from the user just writing the defamatory content but it will look different.
Still, this may remain the only sensible option if we get an order-of-magnitude growth in Mastodon.
@keefmarshall @davidgerard @Edent @ncweaver the Raspberry Pi handling the Raspberry Pi instance handles 40 static content requests/second and ~10 post requests/second. So a thousand servers requesting content completes in a couple of minutes. I think sidekiq retries happily so a random delay of up to 2 minutes should make this fairly easy to work with.