this post was submitted on 27 Jun 2023
28 points (96.7% liked)

Fediverse

17735 readers
35 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
[email protected]
[email protected]
28
Is lemmy.ml partially blocking /kbin instances? (lemmy.ca)
submitted 1 year ago by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

A post on kbinMeta states that "Lemmy.ml is blocking all inbound ActivityPub requests from /kbin instances." More details here, but the theory is that -- rather than defederating -- lemmy.ml returns a 403 'access denied' message in response to any inbound requests from a user agent with "kbinBot" in the string. Upvotes, comments, and boosts don't seem to be going through. However, it appears that lemmy.ml still federates information outbound to kbin instances.

I'm wondering if anyone here knows what is going on and why it might be happening? Federation between Lemmy instances and Kbin instances seems to be a selling point for both, so I'm sure others using both services are curious as to what's going on.

top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 1 year ago (2 children)

I don't have a specific answer to what is happening but I'll add that I have recently noticed that practically nothing that I post has been getting through to kbin. Posts that I've made onto beehaw.org, lemmy.ml, fmhy.ml, blahaj.zone, programming.dev, pawb.social, etc. etc. aren't getting through to kbin, and none of them are defederating it.

On my home instance I have 16 posts, 142 comments On kbin I have 8 posts, 67 comments

It seems like something is fundamentally broken with the connection to kbin, not specifically lemmy.ml.

[–] [email protected] 2 points 1 year ago

Could be, for sure. I may try to post some things from Lemmy.ca to Kbin later. I was successful in posting from Kbin to Lemmy.ca a few hours ago, so I wonder if there's a problem in the other direction.

[–] PriorProject 1 points 1 year ago (1 children)

The linked post dismisses the v0.18.0 upgrade as a possible cause, but appears to do so without evidence and it's by far the most likely explanation.

Whether the fix has to happen on the Lemmy or the kbin side to restore compatibility is an open question, but I don't see any evidence of anything beyond a normal upgrade that broke an untested cross-app interaction.

[–] [email protected] 2 points 1 year ago

I think 0.18 is very coincidental as well. My posts hard cut off on kbin 3-4 days ago, which is roughly the time that 0.18 came out. The problem is that I've posted things on beehaw which don't end up on kbin, and beehaw is still running 0.17.4.

As I was looking into this stuff I've noticed that edits don't seem to be federating very well between my server and beehaw. I hope there's a more deterministic way to make sure that every federated server has everything it should, instead of just getting "most of it" and calling it good. (I don't know anything about activitypub so maybe this is already baked in and we're just failing on implementation)

[–] [email protected] 6 points 1 year ago

Looking at the thread there it looks like this is just affecting the lemmy.ml instance specifically, I was worried for a sec since I follow some kbin magazines myself.

I wonder if lemmy.ml is using some kind of WAF that has started auto blocking the requests from kbin, thinking its a DoS attack/malicious bot? I can't see a reason why the devs would intentionally do this...

[–] CosmicSploogeDrizzle 6 points 1 year ago* (last edited 1 year ago) (1 children)

I'm not sure if this specifically applies, but there are federation issues happening across multiple instances.

Many issues have to do with a mismatch in Lemmy BE versions. Lemmy.ml is on 0.18, others are on 0.17.4 waiting for Capcha support to come in 0.18.1. BE 0.18 replaced websockets with http, so it's a substantial update. How this works with kbin specifically I do not know, but things are in flux.

Additionally there is this issue:

https://github.com/LemmyNet/lemmy/issues/3101

Which according to the devs is related to this other issue that has been fixed and will also likely come in 0.18.1

https://github.com/LemmyNet/activitypub-federation-rust/pull/52

So, I do not believe this is international. If lemmy.ml didn't want to federate with kbin they would just defederate. With kbin being its own distinct software that is different than Lemmy, these issues are likely due to the drastic change in the last Lemmy update. Things will have to be ironed out between kbin and Lemmy

[–] [email protected] 5 points 1 year ago

This is just pure speculation, but there was a recent DDOS against some Lemmy instances. Perhaps whoever was doing the DDOS was using "kbinbot" as their useragent, and this block was just a mitigation?

[–] [email protected] 2 points 1 year ago (2 children)

Well, in case someone has the same idea, I just checked and the string kbinBot does not appear anywhere in the lemmy git repo.

I also must say the whole conspiracy nonsense in the comments over in that kbin link you posted really doesn't look good for their user base. Most likely this is some sort of bug or compatibility problem.

[–] [email protected] 6 points 1 year ago

I'm not particularly concerned with how "the kbin user base" looks or any silly tribalism like that tbh. I'm just wondering if/why the issue might be happening. If the string doesn't appear in the git repo, that's a useful data point for sure. But plenty of people are confirming that something is going on, so the questions as to 1) what is causing it and 2) why are still out there.

[–] [email protected] 6 points 1 year ago

Well, in case someone has the same idea, I just checked and the string kbinBot does not appear anywhere in the lemmy git repo.

Web developer here. This type of blocking based on user-agent would be easier done though the server configuration than in the Lemmy code anyway.

Most likely this is some sort of bug or compatibility problem.

Returning "403 Forbidden" makes it seem like it's not a bug or compatibility problem. The lemmy.ml server only appears to return 403 when the user-agent contains the exact string "kbinbot" (not case sensitive). That makes it seem deliberate.

I'm not saying it's done with malicious intent, mind you. It could definitely be some kind of WAF or other automated blocking happening, maybe simply a misclick when blocking a flood of other bots, but that's anyone's guess until the admins respond.

[–] [email protected] 2 points 1 year ago

I think this may be related to this bug.

[–] Candelestine 1 points 1 year ago

What motive would they have? Is there any actual evidence of them making any kind of statements in this direction?

Until there's some evidence, I'm more likely to believe this is a technical issue of some sort, possibly stemming from the last update.

I would avoid latching onto this. It reeks of a misunderstanding turning into a manufactured drama.

[–] [email protected] 1 points 1 year ago

It is not a bug as it is blocking the specific user agent, it blocks all requests with that user agent even for things that cannot cause any incompatibility (like just querying user info from the command line). Also no other lemmy instance shows this 'bug', regardless of version. It is a very deliberate block either done manually or by an IDS.

Would be nice if a server admin would chime in, but it is very silent on all channels.