Mastodon Is DDoSing Me
 

Whenever I, or someone else, posts a link to this blog on Mastodon, it DDoS's me and brings the site down for a couple minutes.

Over the last few months, I've noticed that whenever I (or someone else) posts a link to this blog on Mastodon, the decentralised nature of the platforms effectively DDoS's me.

A DDoS is a Distributed Denial of Service, where multiple remote servers all send traffic at the same time, which overwhelms the target. The "target", in this case, is my server. 😒

Why is this happening?

So when you post a link to an external source to pretty much any social media site, the social site pulls some meta data from the remote site and creates a little card that makes the link look pretty. For this site, it looks something like this:

Mastodon post card example

The social site attempts to pull things like the feature image, post title, description and blog name. If the link is posted to a centralised service, like Facebook or Twitter, it's not a problem as there's only one source requesting that meta data.

But Mastodon is different.

As many of us know, Mastodon is decentralised, which means that the network is spread among multiple servers, or instances. So when a link is posted, every instance where you have a follower requests this meta data independently.

Problem is, I have around 26,000 followers on Mastodon. According to FediDB, there are around 27,000 instances on the Fediverse.

So let's say, conservatively, my 26k followers are spread across 1/4 of the instances that are out there. That's still 6,750 servers that request that meta data, every time I post a link to this site, at the same time.

The result is a DDoS that takes down my site for a couple minutes.

Brilliant.

What can I do about it?

In short, not much. I've tried serving the feature image from a CDN to take some of the load off my server, but that hasn't worked.

I'm considering putting this site behind Cloudflare to see if that helps, but that makes me feel really icky. So I'd only do that as a last resort.

What can Mastodon do about it?

This problem is on them to fix, really. It's a bad look that as users become more popular, they're effectively DDoS'd. At this point, I'm very reluctant to post links direct to people's blogs, as it will likely bring their site down. Instead, I create link posts so this site feels that pain, not the site owners.

The Mastodon team have apparently implemented a temporary solution where instances will wait a random time between 0 and 60 seconds before they fetch the meta data, but I'm yet to see that work for me.

They're also working on a long-term solution, apparently. Renaud Chaput, the Mastodon CTO was quoted in this post on The Register saying:

We have a mitigation in place as servers are waiting a random time between zero and 60 seconds before generating the preview to avoid sending all the requests at the same time, but a proper fix would be to have the link preview information shared between servers (federated) so each server does not need to fetch it. We have several ideas on how this could work, but we also need to ensure that this will not cause other issues, like allowing those to be spoofed.

We do not consider this as a critical issue because you need accounts on thousand of servers to follow an account for this to generate a non-trivial amount of requests, especially now that they are spread over 60 seconds, and there are much easier ways available to achieve the same result than using the Fediverse.

Well that's bullshit. I'm far from the largest account on Mastodon. Yes, I have a lot of followers, but I'm not really an anomaly. Mastodon is effectively DDoSing lots of sites across the internet, if that's not a critical issue, I don't know what is.

Drew DeVault said this in a GitHub issue on the topic:

It is the responsibility of software like Mastodon to be a good neighbor on the internet. DDoSing others is not being a good neighbor! It's important to figure out how to prevent this issue from occurring.

Couldn't have said it better myself, thanks Drew.

I've thought about the scalability of Mastodon a number of times. As the co-admin of a fairly large instance, and knowing what it costs to run that instance, scalability on Mastodon is an issue, I think.

These kind of issues are a fundamental challenge of any decentralised network. And I totally get that they're not a simple problem to fix. But the fact is, for something to be decentralised, scalability is a challenge. I don't know how the Mastodon team plan to fix these issues, but if the network is going to continue to grow, they need to come up with some solutions.

Please, Mastodon, stop DDoSing your users.

Reply to this post by email

Kev Quirk

07 May 2024 at 16:00

The Bum Gun
 

My wife and I recently discovered a bum gun in one of our bathrooms at home. It gave me quite the shock!

So this weekend, the kids went to their nan's to stay for a few days while my wife and I sorted some stuff out at home. We moved them into their new bedrooms, and moved us from the spare room, into what was their shared bedroom.

Nextdoor to our new bedroom is a bathroom that was converted by the previous owner to a disabled bathroom for her elderly mum. At some point we will re-do this bathroom, and it will become the en-suite for our bedroom, but for now, it will do.

Anyway, in that bathroom is this massive toilet:

Our disabled toilet

The toilet has power going to it and I've never understood why. I just assumed that it was some kind of power assisted flush system, as it's really easy to flush, for obvious reasons. But while we were moving the room around, we noticed a fused spur on the other side of the bathroom wall, in our bedroom.

It was switched off, so I decided to switch it on to see if we could work out what it was connected to. Nothing beeped. No lights came on, and nothing exploded. So I forgot about it and went about the rest of my day.

That was until my wife went to the toilet later on. You see, when she got up off the toilet and flushed, what can only be described as the bathroom equivalent of the Alien mouth popped out and squirted a jet of water right into my wife's face.

Alien mouth
The Alien mouth (not my toilet)

She screamed. I ran into the bathroom, thinking something bad had happened, then quickly fell about laughing. It seems we had worked out what the fused spur was for. 🀣

Here's a video of The Bum Gun in action:

Testing it out

I mean, we had to, right? I was eager as a beaver to get on that toilet and experience The Bum Gun for myself. Can't say I've had my bum jet washed before, so I sat down, prepared myself, and hit the flush.

Boy was it strange! That thing must have some kind of heat-seeking targeting system, because that cold jet of water hit right on the bloody bullseye!

Shocked, I let out a little yelp and then, to my astonishment, it started blow drying my arse!

Yes, that's right. Not only is The Bum Gun a heat-seeking bum cleaner, it dries it for you too! Intrigued, I wanted to work out why the drier hadn't come on before, and it seems there's a pressure switch on the toilet seat that activates it.

Like, seriously. Fuck AI, or your smart toaster, my toilet is smart as fuck! Someone should give my toilet a PhD.

It's fair to say, people, I don't think I'll ever use toilet paper again. This thing has changed my life.

Reply to this post by email

Kev Quirk

06 May 2024 at 15:10



Refresh complete

ReloadX
Home
(252) All feeds
Last 24 hours
Download OPML
*
A Very Good Blog by Keenan
A Working Library
Alastair Johnston
*
Andy Sylvester's Web
Anna Havron
annie mueller
*
Annie Mueller
*
Apple Annie's Weblog
Artcasting test feed
*
Articles – Dan Q
Austin Kleon
*
Baty.net posts
bgfay
Bix Dot Blog
*
Brandon's Journal
*
Chris Coyier
Chris Lovie-Tyler
Chris McLeod's blog
CJ Chilvers
CJ Eller
Colin Devroe
*
Colin Walker – Daily Feed
Content on Kwon.nyc
*
Dave's famous linkblog
*
daverupert.com
Dino's Journal πŸ“–
dispatches
E L S U A ~ A blog by Luis Suarez
Excursions
Flashing Palely in the Margins
Floating Flinders
For You
*
Frank Meeuwsen
frittiert.es
Hello! on Alan Ralph
*
Human Stuff from Lisa Olivera
inessential.com
*
Interconnected
Into the Book
*
jabel
*
Jake LaCaze
*
James Van Dyne
*
Jan-Lukas Else
*
Jim Nielsen's Blog
Jo's Blog
*
Kev Quirk
lili's musings
*
Live & Learn
Lucy Bellwood
Maggie Appleton
*
Manton Reece
*
Manu's Feed
maya.land
*
Meadow 🌱
*
Minutes to Midnight RSS feed
Nicky's Blog
*
Notes – Dan Q
*
On my Om
One Man & His Blog
Own Your Web
Paul's Dev Notes
*
QC RSS
*
rebeccatoh.co
reverie v. reality
*
Rhoneisms
*
ribbonfarm
Robin Rendle
Robin Rendle
Sara Joy
*
Scripting News
*
Scripting News for email
Sentiers – Blog
Simon Collison | Articles & Stream
*
strandlines
text/plain blog
the dream machine
*
The Homebound Symphony
*
The Marginalian
*
thejaymo
*
theunderground.blog
tomcritchlow.com
*
Tracy Durnell
*
Winnie Lim
wiwi blog
*
yours, tiramisu
Žan Černe's Blog

About Reader


Reader is a public/private RSS & Atom feed reader.


The page is publicly available but all admin and post actions are gated behind login checks. Anyone is welcome to come and have a look at what feeds are listed β€” the posts visible will be everything within the last week and be unaffected by my read/unread status.


Reader currently updates every six hours.


Close

Search




x
Colin Walker Colin Walker colin@colinwalker.blog