Apparently one of the lemmy.ml admins was overzealous in banning all User-Agent strings that contained the word “bot”. Bans were entered for all of the individual strings containing that word which were observed in their webserver logs, which impacted kbin’s reported agent of “kbinBot”.
The issue has been fixed, and I observed that one of my kbin posts to a lemmy.ml community was successfully pushed to the original instance.
Edit:
Here are all the links that I’ve found with the lemmy.ml admins discussing the issue:
- https://lemmy.world/comment/1082149 (appears to have been where they first noticed and fixed the issue)
- https://lemmy.ml/post/1920972 (posted a few hours later, provides additional context for what happened)
@blightbow Thanks. I appreciate the work that the admins here do. Kbin-social is a nice landing pad for this reddit refugee. That said, I don’t have an interest in posting to lemmy.ml because they seem to be a bunch of tankies, which is being generous. The question in my mind is why kbin-social hasn’t returned the favor and banned them as well as their gulag archipelago instance?
You’re thinking of lemmygrad.ml
Lemmy.ml is pretty diverse as far as I’m aware.
I think you all conflate the admins with the userbase. Lemmy.ml has a lot of regular users & communities. In that sense you would have to blanket block all Lemmy instances in general.
Browsing any Lemmy instance is like swimming in a public pool and saying only the other half of it is filled with piss and this part is fine…
Lemmygrad and lemmy.ml are both run by the same developers and occupied by the same users: tankies and people who are pro CCP apologists.
Pretty much this. It still gets a lot of flack for being operated by the developers of Lemmy, but there are a large number of users and communities that exist on lemmy.ml for no other reason than it being one of the larger original instances. Most operators of high-volume instances are unlikely to take action against lemmy.ml unless a situation develops that gives them no other choice.
That’s the rumour.
It’s technically the domain for Malawi, who operate a free domain name scheme.
But apparently those devs picked it because of Marx Lenin.
I too tried to flee reddit for lemmy.ml, over a year ago now - and found it to be a far worse clusterfucked shitstorm than reddit ever was, and I mean that ideologically, philosophically, politically, and morally.
I just didn’t go back until the current exodus, mainly because I was trying to see if the account still worked, and it had been lost/purged/banned whatever
fuck those guys and the horse they rode in on, then far as I’m concerned, they can ride it back out of here wet.
Might as well federate with facebook.
…then far as I’m concerned, they can ride it back out of here wet.
This was the most anachronistic American Southwestern burn I’ve yet seen on any internet comment thread to date. I can nearly hear the spitoon at the end.
I know it sounds like I’m making fun of it, but I genuinely am not. Marvelous
@sparseMatrix Agree 100%
@blightbow
Kinda crazy that the lemmy admins only heard about it 12 hours ago. This situation went on for many days.
Umm what?
I remember people doing tests and other variations of words featuring “bot” went through no problem, even changing the spelling of KBin was enough to get in.
I’m gonna have to call BS on their excuse.
That assumes they were using an expression based filter in the webserver config itself. If they were extracting user agent strings containing the word “bot” from their webserver logs and adding them to a static list of user agents to deny (particularly if it’s an external file referenced by the config that strings can be easily dumped into), it’s a plausible explanation. I can especially see this happening if they did a blind sort by log volume and only inserted the 20 biggest results or somesuch.
Even if this was the case, was someone in a position to observe that one of those strings contained “kbin”? Yes. Was it possible they still didn’t notice? Yes, especially if shell pipelines are involved. Was it possible for someone to notice but assume that this wasn’t the kbin software itself, but a third-party tool that someone else wrote? Also yes. Still possible that all of this is bullshit? Still yes!
Full disclosure: I’ve worked in the webserver and webapp adjacent spaces for a long time, and I have a lot of appreciation for how much damage one person’s stupid change without peer review can do in massive production environments. :) I am admittedly biased toward applying Hanlon’s razor in these situations.
If they were doing that, others with bot in the name would have been caught, no?
Yet the people who tested it said that wasn’t the case.
Like I said, a blind sort by volume of the top n user agents in their logs containing the word bot would be enough to do it. Drop the output of that sort into a text file or a hash table, then create a user agent filter in the nginx config that blocks the specific strings seen in that file.
It is very much the sort of thing that a single admin can do by accident, and the exact sort of problem I would expect to see with rapidly growing instances operated by a very small number of tech enthusiasts.
From the response it is likely that many other specifically identified phrases which do contain the word ‘bot’ have indeed been blocked (presumably still are).
The slight variations in kbinBot which were subsequently tried wouldn’t previously have shown up in the logs and so wouldn’t have been added to the blacklist.
If I have understood correctly they actually did block „kbinBot“. They did not use a regex like „*bot“ but have looked through the protocols and manually blocked each one that looked like a bot to them.
So the people using other variations of „bot“ would have had to catch exactly another blocked term for this and not just a fairly similar one.
I’m not saying there isn’t more to it, but what they wrote is within the realm of possibility.
Took way too long to get this addressed. But thanks you for solving this issue. There were the strangest stories going around on why kbin was blocked.
Hopefully, that will stick. Also hopefully, our differing cultures won’t end up in a lot of users being banned the moment they mention anything more eastern than Norway. I don’t think it would typically be an issue, except that Russia and the surrounding area will remain a newsworthy topic for a great while.
I’ve been giggling over it a bit. You probably already saw, Blight, but I made one single comment in the latest .ml thread inquiring about this where I just frustratedly put forth defederating them back and building over here, rather than have over a hundred communities that only look like they exist from kbin’s point of view. Which some helpful user copied over to a non-blocked instance for me, just in case. And then less than half an hour later, we were back. That comment and that comment alone is the ONLY thing I have ever gotten to federate over there, and of course it was the one where I was outwardly threatening them 😂
Whatever the reason, I’d just be happy to be able to participate.
Yeah, your original comment came up when I did my research immediately prior to leaving a note on a niche lemmy.ml community that I subscribe to. …Which immediately federated over to the original instance, because I missed this developer comment and the other admin didn’t reply to the thread you were quoted in until several hours later. Based on the timing of the older comment I don’t think it has anything to do with your post, but you can pretend you didn’t see this. ;)
In any event, it’s dealt with. I think it reinforces the need for proper backchannels between the highest population ActivityPub instances, but I wouldn’t be surprised if some of the politics is acting as a barrier to this since both lemmy.ml and kbin.social are directly run by their respective software developers.
I’ve seen a few offhanded references to how kbin originated as an alternative to lemmy without the tankie implications, but I haven’t found any links to posts from ernest himself that support this. By actions alone I would say that he strongly favors interoperability over politics, but who’s to say what thoughts the developers have for each other. :)
Yeah, I figured I wasn’t exactly gonna try to claim credit for it. I already have enough egg on my face without begging for more. Talk about perfection in timing, though. When I wrote that, I went back and forth between instances just to make sure. All relevant communities almost or totally empty. No other kbin comment in that thread crossing over. But mine…mine was the lucky one. Of course. Now I just look really mean for no reason.
I wouldn’t be entirely surprised to see some fallout of inter-platform politics either. Though I’ve seen fairly little of the lemmy devs, what I have seen has tended towards being political and heavy-handed and while that’s their right, it’s also the reason such a bug on their side appeared fairly likely to be intentional. I would be depressed to see creators here still kneecapping each other like the companies do, but I wouldn’t necessarily be shocked.
I’ve gotten the sense from Ernest’s general behavior that he’d most likely opt for the good of the community and keep whatever personal problems he holds under wraps until forced. He’s been shockingly sweet and humble, and goes out of his way to be transparent even over screw-ups he could just as easily keep quiet about.
This is a guy who had to be badgered to set up donations he clearly didn’t expect to actually receive. He’s squishy. I don’t see him setting out to dethrone Lemmy specifically unless one or the other falls under an evil witch’s curse and there are no remaining options. None of us really lose out by having competitors here and trying to murder lemmy would be far more trouble without much gain.
After pausing for a minute to dig up a half-remembered comment of his, it seems like there’s truth to both: he respects them as developers, sees continued federation and input as healthy, and is polite enough to make only a very small nod to the differences that led to kbin. Maybe they won’t be going out for beers with one another, but hopefully, they can keep each other more apprised if they’re to work together at all effectively.
PS. This is apropos of nothing, but I’ve seen you around and never stopped to tell you. You have just the coolest username and I love it.
Thanks for the link! Your take is pretty much the same as mine. Nothing for me to expand on, you’ve pretty much nailed it.
PS. This is apropos of nothing, but I’ve seen you around and never stopped to tell you. You have just the coolest username and I love it.
lol! It’s borrowed from the name of a character I made for Guild Wars 1. As the internet got bigger my older nicks became more hotly contested, but somehow this edgelordy one is never taken. :) The downside is that I can’t easily feign ignorance about stupid things I’ve said in the past, but at least most of the evidence got nuked along with my entire Reddit history.
Funny thing - I experimented yesterday with posting from and to various instances and verified that the ONLY case that was problematic was from kbin to lemmy.ml, and posted about that from one of my lemmy accounts, then after thinking about it and poking around a bit more, I wrote a post from my kbin account to this very magazine arguing for defederating from lemmy.ml. I ended up deciding to not post it though, so I just copied it and saved it and was planning to wait a bit longer. So it was particularly fitting to see that someone else actually did broach the topic.
And if I’m honest, I think that defederating from them should still be on the table. I think there’s no question that this was deliberate and malicious (and driven by petty jealousy of a not only competing but arguably superior piece of software), and it indicates that they shouldn’t be trusted.
I would think that the most sensible approach would be to consider them on probation. If they can demonstrate that they actually can be trusted to act in good faith, fine. If, on the other hand, they pull another shady move like this one, defederation should be the immediate response.
Though Ernest likely wouldn’t agree…
I think that would be a terrible idea, respectfully.
Many reddit refugees made communities on .ml. I did. I didn’t know about all the tankie junk.
That would kneecap my small (but growing) community.
Perhaps a solution to all this would be a community migration tool or a "community’ instance that holds them.
A community migration tool would 100% make sense for both Kbin and Lemmy, especially if there were an option to link the old, read-only community to the new location, redirect users to the new location from the old. That would also facilitate consolidating communities who want to consolidate.
Nobody is talking about banning users “the moment they mention anything more eastern than Norway.”
From a cursory search, I’d read this post from about a month ago asking for orientalism to be added to the rules as an example of racism/bigotry, on the basis that it was a regular and highly-bannable offense without being at all clear that it was an offense to a lot of newbies. Most people understand racism and xenophobia to mean race and country, and wouldn’t necessarily qualify criticizing any country’s government to fall under that, while the admins and some of the comments disagree.
This comment seems to be the only real notice either of the admins took of that request, and it was only to say, “Yep, western outlets reporting on the east are bigoted, what about the US?” Which is disappointingly unhelpful in clearing up what the rule actually covers beyond implying that it covers everything about the east coming out of the west, and that would be insane. Beyond that, they spent the majority of their time in the comments with everyone else, deleting stuff and fighting about the genocide thing instead of addressing the topic.
Checking the current rules, nothing beyond that has been done. Glancing at the modlog shows a recent article talking about the US supplying Ukraine with cluster bombs that has indeed been removed for bigotry, same as I expected they would be. Not locked for a shitty comment section, just removed. Really irate that I haven’t got a screenshot like the thorough documentation Pineapple’s, but it seems (I assume for traffick reasons) that the modlog is having trouble loading and keeps erroring out on me now.
Suffice to say, yes, there are those that appear to believe this through word and action, and they aren’t clearing up what they do believe like they really should if they don’t mean to be so hilariously heavy-handed with it. All Dessalines really accomplished was shutting down the conversation without explaining.