PriorProject @ PriorProject @lemmy.world

Just an explorer in the threadiverse.

---

Read more

Posts

9

Comments

266

Joined

2 yr. ago

There have been other reports of this recently:

• https://sh.itjust.works/post/1984538
• https://lemmy.world/post/2343398

Downvotes on kbin are public, but kbin doesn't federate downvotes from Lemmy so unless the stalker(s) are on kbin you can't see them yourself. You profile on kbin looks significantly cleaner than your Lemmy profile... so it doesn't tell us much.

Votes in Lemmy's DB are also not anonymous, so instance admins (or people who run their own instance) could investigate this with direct db queries... it's not exposed via any user-facing API. If you think you're being stalked by a group of sock-puppeted mass-downvote accounts, you could contact the admins via one of the mechanisms listed at https://mastodon.world/about. The email there points to a ticketing system used by the admins I think. Of course, they may be too busy to investigate, but they also may be interested in banning sock-puppets before it gets out of hand.

We can see downvotes on kbin, not sure lemmy is the same.

Only from kbin, or possibly even just kbin.social (or whatever one's local instance is). If you look closely, you'll notice that every downvote you can see on kbin is from a kbin user, which is because kbin doesn't federate downvotes from Lemmy.

If you lookat OP's Lemmy profile, you can see a moderate amount of consistent downvoting: https://lemmy.world/u/Call_Me_Maple?page=1&sort=New&view=Posts

Deletions are somewhere between flaky and plain busted right now: https://github.com/LemmyNet/lemmy/issues/3588

Tests go in !test@lemmy.ml

I think you'll be ok. The comment I reported is the one I replied to, not the one in the Swartz thread. There's nothing naughty in your comments in this thread, so admin will have to read and click before even encountering your Swartz comment and will at that point be primed to investigate sockpuppeting rather than content policing. They're also pretty chill here, I haven't stumbled on anything in your history that would lead me to be concerned about them finding you to be at fault for this situation or otherwise an abusive user.

This sounds to me like sockpuppeted profile stalking and downvoting. I'm going to try reporting your comment with a note that while the comment itself is ok, the material it describes warrants an admin investigation into sockpuppeted voting. Instance admins mod this community, and hopefully they have time to take a look. Given that there are several credible reports of this kind of thing now, it seems worth an admin checking out.

I don't know the answer to this question, maybe someone else will chime it. If I were to guess though, typically things that "disable downvoting" on Lemmy simply ignore it and fail to display it, which is consistent with how blocking and defederation handle other things.

For example, Beehaw has defederated with Lemmy.world where my account is. I can still see Beehaw posts to communities on other instances though. I can reply to those posts, and people on other instances see my comments. The Beehaw commenter cannot though, it's a sort of see-no-evil-hear-no-evil situation, but the evil is still out there for everyone else. I believe blocking works the same way for comments, it's a one-way block on your side... they still see you and can interact with your stuff in ways that others can see, unless I'm mistaken.

I'd expect blocking yo interact similarly with downvotes if it interacts at all. But I'm not positive.

Admins can definitely do more though, like banning/deleting the sockpuppet accounts.

Kbin doesn't federate downvotes from Lemmy. If you look at their Lemmy profile, you can see there are many seemingly innocuous comments with 5-20 downvotes: https://sh.itjust.works/u/jballs?page=1&sort=New&view=Comments

The web-ui doesn't seem to show downvotes and upvotes separately anymore, but many of those totals around -1 or whatever are the sum of 10-20 upvotes and downvotes. There's definitely a weird amount of downvoting hitting that account on comments that seem... ok at least.

@jballs@sh.itjust.works there was another report of mass downvoting on Lemmy.world: https://lemmy.world/post/2343398 I'd say it's too early to tell if these are true cases of individuals or groups sockpuppeting many accounts to mass downvotes or if someone is just attracting random downvotes for some reason. The other poster had an annoying flashy gif profile photo and banner that might have been annoying people. If you have something about your account, or have been antagonistic to people in comments/DMs that's another likely explanation.

https://lemmy.world/modlog?page=1&actionType=ModRemoveCommunity shows it was removed by an admin as "hateful". No idea what was in there, but some admin thinks it violates instance policies.

Fwiw, lemmyverse.net is a way better community browser than the one built into a Lemmy instance, which often is missing tons of communities.

My experience is that browsing lemmyverse, I find WAY more interesting stuff than what pops up on the all/local feeds, which is generally dominated by "frontpage" style mass-appeal communities that are very general and memey. All the communities I enjoy the most are too small to make the scroll and were find explicitly by searching. I now enjoy my subscribed feed much more than all/local.

The earth and sun and milky way are temporary. Like these things, the Beehaw defederation is ongoing and has no predetermined end.

He's also listed right at the top of the page, in the screenshot where people are complaining about him not being listed. He doesn't get a snoo caricature, but this seems like a not totally unreasonable (if literally comicly simplified) representation of a complex and fairly contentious founding relationship that DOES show Swartz' involvement as one of the 3 founders.

I speculate that someone else wrote the script and they gave it to him to review/read. There's too many stats in there that he doesn't care about for him to have written the entire piece himself or spoken it extemporaneously.

Seems to me like you're thinking clearly about this. Unless someone else with hands on experience jumps in with a pro-tip I suspect you may just have to pick your poison and give it a go.

Multi-lemmy isn't a common config, though. Lemmy.world and I think lemmy.ca do it, but even lemmy.ml which was the biggest instance 2mo ago doesn't. There might be half a dozen people in the world with hands on experience at this.

I'm not running my own Lemmy, but I do run non-trivial systems elsewhere. Things I'd be looking for would be:

• Are concurrent migrations actually a problem? If Lemmy does a good job of taking out an exclusive transaction that checks if the migration is needed and then does it, it might be that several containers can race safely and you don't need to do anything. I'd want to review the schema migration code before I trusted this myself though, since few people rely on it.
• A mode in Lemmy to do nothing other than run migrations and exit. You could then execute this as a job or exit-on-terminate container during the upgrade while other Lemmy's are down.
• Create my own DB migration script based on the Lemmy schema diffs from release tag to release tag.
• Is there a config-flag on Lemmy to enable/disable db migrations? I don't have a link handy but I feel like I heard about lemmy.world having a Lemmy container just for doing async jobs, separate from the ones serving requests. It would be nice if one could run this single separate container and let it handle the migrations... but the other Lemmy's would have to be clever enough to wait until the migration is complete.
• As you note, run just one Lemmy container for "a while" when upgrading. The issue here is knowing when the migrations are complete, which feels finicky to automate. Though if you do this manually as part of your upgrade process I'm sure it can work ok.

This looks weird to me.

• Kbin downvotes are public, you can see who made them at https://kbin.social/u/@artifice@lemmy.world. Kbin doesn't federate downvotes from Lemmy though, so you can only see downvotes made there. I stalked your profile a bit on kbin and there was nothing weird. Mostly no downvotes, and in the few cases there were some there was no correlation of people across threads. The worst I saw was like three people downvoting a series of comments in a single thread, which is not weird or stalky.
• Downvotes are also not anonymous to Lemmy instance admins. They are recorded in Lemmy's DB with a link to who made them. This isn't exposed via the web-ui or app-api, so regular users cannot see them... but admins (and users with their own Lemmy instance) can.

I would consider reporting this to info@mastodon.world. If someone is actually sockpuppeting 10-20 accounts and profile stalking, that sounds to me like bannable abuse and something the admins might be interested in looking into. Now, of course, if you're the one who has been harassing people in old comments, moderated comments, deleted comments, or DMs... admins might decide to ban you all. Two wrongs don't make a right, and often result in two bans. It's also possible that admins have bigger fish to fry and won't have time to investigate... but if I were admin I'd be interested in early instances of mass-sockpuppeting so I could think about ways to detect and react to it.

Edit: As an aside, the animated profile icon is pretty annoying and it may be that people downvote just for that.

I think you probably just got unlucky with timing before. Lemmy.world had some slow/broky spots today and I'll bet you just happened to me messing with the subscribed feed during one of them, and connect just happens to be working for you now.

I doubt there's anything anyone can do, but posts are failing to replicate to lemmy.world. https://lemmy.world/c/formula1@lemmy.ml is missing both the FP1 and qualifying highlights post, which lead me to repost FP1 highlights... then try to delete it... and the deletion didn't appear to stick on lemmy.ml.

Lemmy.world had had some intermittent availability lately, maybe this is as simple as it being down when the posts were made. Worth keeping tabs on though.

is it worth starting out with podman or is this just some job requirement and docker is perfectly fine for us hobbyists

I'm doing this in my homelab, but I am a pro and so time spent learning arcane details of container ecosystems is not precisely wasted time for me. But I'm not doing it directly for some particular professional requirement, it's more curiosity.

Based on my experience, I don't think I could honestly recommend podman right now for a beginner. The people that tend to be most interested in podman tend to think:

• The best days of docker are behind it. The company hasn't achieved financial success and are going to make it worse over time to pressure companies into paying them. We've seen the start of this with docker-desktop but I'm predicting it will continue and escalate.
• Docker was the first really successful container system and is very monolithic and full of questionable technical decisions. Improving it will be hard because of its success, and also because its monolithic nature means that many changes will bottleneck at docker the company, who as noted is not incentivized to make its open source stuff "too good" such that companies use it without paying.

Podman is more modular, is supported by more successful and stable companies can have revenue strategies that don't require them to monetize podman specifically to death, and the individual pieces are small enough to be built and supported by individuals and non-commercial teams if necessary. So I'm sort of betting that over time podman will gain more traction and am willing to invest in learning my way through some bumps in the road as that happens. For beginners, I think you'll know it's time to consider a switch when projects start to ship podman configs instead of docker-compose configs. Then you'll know that those devs think that supporting podman deployments will give them less headaches than supporting docker deployments and we're reaching the inflection point where podman is starting to "win" and legit be easier/better. Right now I'm pretty clearly swimming upstream and I'm ok with that.

But relating back to OP's question, although my usage of podman is a bit bleeding edge... it still illustrates the kind of problems every self-hoster hits and how it's necessary to break those problems down into smaller parts to solve them yourself. It's just not realistic to expect every self-hosting scenario to be fully tutorialized. Tutorials help us understand how the pieces fit together, but when things go wrong we have to understand the pieces and troubleshoot them directly rather than expect the tutorial to dive into fractally complex subject in easy/brief overviews but simultaneously dive into infinitely many edge-cases in depth.

No major social media site publishes estimates on bot activity, so unless someone is citing a research paper with a reasonable bot-id technique, they're speculating. That said, there are a few useful things we can say with only modest speculation:

1. No commercial social media site has as trivial a sign up process as these instances. They had no email verification, no captcha, and no validation or gating process of any kind. Scripts created this users with a single API call, hitting it as fast as the server would respond. So on the account validation front, reddit does better than these instances of keeping bots out.
2. Every commercial social media site has a security team that attempts to monitor bots and has the capability to remove them. Some of these admins were aware of the signups, and others didn't know how to respond. So on the monitoring and response front, reddit is more sophisticated at detecting and responding to bots.
3. These instances I believe had zero or one active users vs 100k+ bot accounts. It's hard to say what the bot rates are on commercial social media sites, but I think we can confidently bound it to something lower than 100k to 1 in favor of bots.
4. The aggregate number of bots represented about half the total lemmyverse. I'm sure someone will disagree with me, but I would be pretty surprised if half the signups at commercial sites are malicious. But that's more plausible than 100k to 1.
5. But one the other hand, the activity of these bots is public, and they demonstrably didn't do anything. At least some of the malicious/clandestine bot accounts on commercial social media sites are active... so maybe here Lemmy gets the win since this massive wave of bots went unused. Now, that doesn't mean that OTHER more sophisticated and undetected bits aren't active on Lemmy just as they are on other social sites. But my bet is there is little to none because Lemmy doesn't matter enough to be worth attacking by the people who are able to run sophisticated bots. But this is hard to prove one way or another.

TLDR: This signup wave was so unsophisticated it would never have been possible on a major social site with a security team. But it also didn't do any altanfible damage, unlike clandestine bot activity on major social sites. Depending on what metrics you use to compare (and how made up your metrics are, since this is all about activity that attempts to stay hidden), either side can come out on top.