npub1u27r9h3j9pvrplaffsmpn698e8xhmuqhdgcxldv67ammql9pumnqha3qfq (npub1u27…3qfq) Those issues are very interesting but I also think "allow listing" has merits on an even simpler level. Like just scaling up fedi alone might require more of a locked down approach.
If you were affected by the recent spam wave at all, you might have noticed how many "dead" instances are still floating around. Over time, there will be more and more abandoned servers, not applying security patches, with open signups...
Also, the whole attack was apparently orchestrated by only one or two script kids - so spamming/botting all of fedi is clearly not hard...
So admins will have to decide if they want to play whack-a-mole every day and keep open federation...or take the easy path and lock themselves down, only federating with vetted servers who comply with certain expectations (like staying current with security updates)
Kern /
npub1ph…hq5su
2024-02-20 20:06:16
in reply to nevent1q…lw3a
Author Public Key
npub1ph9rrtwyv5ey7t4jgsv2rvq09r0ez3kvm2vgwyqgt6fvh8jfmawsmhq5suPublished at
2024-02-20 20:06:16Event JSON
{
"id": "4009c117e9cbd3cc2e4f28e111222498e815d01708a700e32b4adc3d81947be3",
"pubkey": "0dca31adc465324f2eb24418a1b00f28df9146ccda988710085e92cb9e49df5d",
"created_at": 1708459576,
"kind": 1,
"tags": [
[
"p",
"e2bc32de32285830ffa94c3619e8a7c9cd7df0176a306fb59af777b07ca1e6e6",
"wss://relay.mostr.pub"
],
[
"p",
"ec55841e6b607007a0167bd7e8d844705669336aef56485b48f4d38f51e5f68d",
"wss://relay.mostr.pub"
],
[
"e",
"426573a26a30b34065bc01b434c62e1587f4818008d73666d0812742fb75fb7b",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://hol.ogra.ph/notes/9pyd17begq250cq8",
"activitypub"
]
],
"content": "nostr:npub1u27r9h3j9pvrplaffsmpn698e8xhmuqhdgcxldv67ammql9pumnqha3qfq Those issues are very interesting but I also think \"allow listing\" has merits on an even simpler level. Like just scaling up fedi alone might require more of a locked down approach. \nIf you were affected by the recent spam wave at all, you might have noticed how many \"dead\" instances are still floating around. Over time, there will be more and more abandoned servers, not applying security patches, with open signups... \nAlso, the whole attack was apparently orchestrated by only one or two script kids - so spamming/botting all of fedi is clearly not hard... \nSo admins will have to decide if they want to play whack-a-mole every day and keep open federation...or take the easy path and lock themselves down, only federating with vetted servers who comply with certain expectations (like staying current with security updates)",
"sig": "971e56c77f66f5603bb957095a328caffef1bd21836bb6cd64e7430bf6d9f5b0e7d6fc409bbe81554b87bdd5ef8a79c6c9ceb453f33b7fd3fc5efd89c02fb825"
}