Fediseer: A Fediverse Chain of Trust

Recently I’ve started running my own lemmy instance, as part of my decoupling from Reddit, due to them speed-running enshittification.

The instance has been growing nicely and holding up very well indeed. but there’s dark clouds forming on the horizon, as more of more of the early adopters and people with principles are leaving that service and are looking for alternatives.

The first signs of trouble appeared when I noticed that the top instances in the Fediverse Observer were growing by thousands of users per day, but had very little activity to speak of, with few threads and barely any comments. This was a clear sign of botted accounts being generated by the thousands.

My initial reaction was to cook up a quick REST API and a complementing script which would allow instance admins to quickly de-federate from instances with this amount of botted accounts, as it would point to an instance with insufficient protection, and those account could easily be used in the future to spam others. A small pre-emptive measure. It’s not particularly sophisticated, but I wanted to get something out before trouble occurs.

The Fediverse Fediseer was born, but I wanted something more. I feel like a big issue with the Fediverse as it stands right now is the same as email. It’s trivial for someone to set up hundreds or thousands fake fediverse domains and start spamming other instances. All it requires is that any account on those instances to follow their spam domains, to open the door. Sure, instances with manual user approval are somewhat more protected, but this approach does not scale well, and will lose us the opportunity to capture the people looking for alternatives outside of corporate control. Likewise any place with open registrations is available to botters to inject their fake accounts in order to follow their spam instances. In general, it’s a big problem to solve through de-federation alone.

My thoughts then was to find a way utilize the “whitelisting” capabilities of lemmy and the fediverse to ensure that only trusted instances are federated. But this has it’s own share of problems. Particularly, it’s also difficult to scale, and it easily excludes people running their own instances.

However the main benefit of whitelists, is that one does not have to be constantly vigilant. A dedicated bot network can spawn thousands of new domains and sleeper accounts to flood the fediverse and de-federation lists would easily grow exponentially to try and fruitlessly fight against this. A whitelist should theoretically remain relatively short and there’s natively protects against domain flooding.

So I wanted to come up with something that would both make it easy to compile and maintain whitelists, but also not lock out people from individual accounts.

After a day of work, I’m excited to unveil the new Fediseer functionality which works around a Chain of Trust!

This all works via a REST API (which I hope some enterprising people will make a fancy UI for it)

The first step is to use the Fediseer API to register your instance’s domain. You can do it from the provided interface, or use a curl call, But I hope in the future the community will develop way fancier UIs to handle this. You will need to provide a username which is an admin on the instance you want to claim (preferably yours).

If all goes well, the user you provided will then receive an API key via Private Message on their own instance, which they can then use to guarantee or endorse other instances.

A new account on the Fediseer however is not visible on the whitelist API by default. This is because only accounts which are “Guaranteed” by other instances are visible. The Fediseer starts with an core instance, the fediverse.com, which functions as the root for the Chain of Trust. Either this account, or another account previously guaranteed, will have to guarantee your instance, before it is available for the whitelist.

Using the Guarantee API endpoint you can now guarantee other instances with your own instance.

Once your instance is guaranteed, it also get its first endorsement from its guarantor, and now will be displayed on the whitelist using the default settings

This list can be exported also in csv format, for easy injection into lemmy whitelists

This naturally forms a network of trust with instances guaranteeing each other down the chain. The purpose of this guarantee is to prevent bad actors from sneaking in. So let’s pretend that a spam instance sneaks in, and starts causing trouble. What do we do?

Very easy, instead of having to waste time going around asking everyone to defederate that instance, and reminding new users to do likewise, we simply withdraw our guarantee for that instance. Once a guarantee is withdrawn, that instance is not anymore visible in the whitelist. Which means any servers which automatically pull and deploy the whitelist from the Fediseer, will automatically reject such instances.

But this goes even further. Let’s say someone pretend to be nice in order to start letting spam instances into the whitelist. When people shout about it, they say the right words and withdraw their guarantees, but keep adding new ones in. Eventually, we’re going to notice that all guarantees for spam seem to be coming from the same instance. When that happens, we just withdraw our guarantee for that instance which does 3 things. A) It prevents that instance from being in the whitelist. B) It prevents that instance from guaranteeing or endorsing others C) It removes the instances lower in the chain branch of that instance as well! So if instance A faked being nice, then guaranteed for 20 spam instances once in, all it would take for those 20 spam instances to be removed from thew whitelist, for the guarantor of instance A, to withdraw their guarantee! If they don’t want to do that, then whoever guaranteed them might withdraw it, until we find someone who does.

Now, I won’t claim that this system is perfect. Human nature being what it is, I expect power groups will form which might not agree with who else is guaranteed. This is where the fediseer being FOSS helps. If there’s a core disagreement between big groups of fediverse projects about who should be guaranteed in the first place, I expect other Fediseers to spawn with their own Chains of Trust which are more or less strict than other. An instance could very well be registered to multiple Overseers and thus be part of different whitelists. I am perfectly aware that I will not be able to satisfy everyone limits but I hope to provide a tool that can!

The main point here is to create the system which can start building Chains of Trust, which have a manual human control but are easy to adjust as the environment changes.

There’s more here that I haven’t mentioned yet, such as the endorsements, where guaranteed instances can endorse others, and anyone can set their whitelist to require more of less endorsements. Or being able to whitelist only instances with endorsements from another instance. Or how the Fediseer will PM you with changes to endorsements and guarantees etc

There’s plenty of ideas to add. This is merely the first step. And I’d love you all to help me take more of them!

AI Horde’s AGPL3 hordelib receives DMCA take-down from hlky

I have tried to avoid writing about hlky drama for the sake of the AI Horde ecosystem. I don’t want to delve into negative situations and I was hoping by ignoring this person our community can focus on constructive matters in improving the Open Source Generative AI tools.

However recent developments have forced my hand, and I feel I need to write and inform the larger community about this. I will attempt to stick to the facts.

The AI Horde Worker includes a customized library: hordelib.This library is completely based on ComfyUI.

Yesterday we were forwarded 2 DMCA take-down requests from GitHub originating from hlky requesting to take down hordelib because of claims against a couple of files I ported from the previous library I was co-authoring with hlky, nataili.

Nataili was developed as AGPL3 from the start. This is the main reason I chose it as the backend to the AI Horde Worker instead of using a bigger player like Automatic1111 WebUI (which, back then, did not have a license.)

Unfortunately a big reason we abandoned nataili, is because hlky attempted to sabotage the AI Horde ecosystem and demanded that we stop using the nataili free software source library, going against everything the Open Source movement stands for. There is more drama pertaining to this behind the scenes, but as I said, I want to stick to the public facts in this post.

Nevertheless, eventually we couldn’t maintain nataili so we decided to create hordelib instead which would also insulate us from hlky. However some critical components we needed for supporting our image alchemy and anti-CSAM capabilities were not available natively in comfyUI, so I ported over the necessary files from nataili for those purposes. Remember, these are files licensed under the AGPL3, so this is completely and irrevocably allowed.

In the process I stripped out the explicit license mention in those files, because our whole repository is licensed under AGPL3, and it goes against our style to add unnecessary licenses to each file. As far as I understood, this was allowed by the license terms.

The DMCA take-down claims that removing those copyright and license strings from those files is a sufficient reason to request the whole repository to be taken down!

I have since attempted to get some clarify on this issue on my own. The only relevant part from the license I can see is this

Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

[…]
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or

AGPL3 License

And I mean, fair enough, this seems clear enough, but I need to point out that the original licenses put in those files by hlky did not require preservation of author attributions!

Nevertheless in the interest of expediency and in the spirit of open source I have since re-added the attributions to those files.

Unfortunately, once you send official DMCA notices, things start becoming serious and you never know which way the dice roll will go on this. I feel we have a pretty clear-cut case that we did nothing wrong here and certainly nothing that would require a whole FOSS library to be taken down!

I have sent a counterclaim to GitHub in an attempt to ensure they don’t take any take-down steps.

However, given the numerous bad faith acts by hlky to this day, the most prudent option would be to excise these files completely. I would rather not have any mention or contribution of this person in our library, as they go against everything the Free Software movement stands for!

If you have the skills to contribute an alternative code for a clip and blip interrogation modules, please contact me ASAP!

Likewise if you have any advice you can give on this issue I’d appreciate it.

Hypnagonia in the news!

GamingOnLinux recently wrote a small article about Hypnagonia! This served to drive an order of magnitude more people to the game than before. This was driven by a new member of the community who discovered Hypnagonia through matrix.

This in turn made hundreds of people discover the game, and we already had multiple people hitting me for collaboration. We even got a new piece of art and it’s really good!

We also have other members of the community helping me generate Artbreeder journal art, which some really disturbing results. They are also frequently suggesting random ideas which I take twist them into horrible Torments ūüėÄ

These ideas have driven the creation of the new new Torments. One of which I wrote about here and the other I’ll et you experience yourselves.

I’m really happy that the community is picking up. The General discussion channel is now fairly busy with interesting discussions, (and bug reports ūüôā ) banter, and frequent mentions of cockroaches for some reason.

I also have tripled the amount of people following the game on itch.io which is great.

Why ‘noob’ is my favourite insult

‘Noob’ has its origins in the word ‘newbie’ which in turn simply means someone who is new to (usually) an online game and therefore has a fairly low skill at its gameplay. ‘Noob’ or ‘n00b’ in turn is ¬†a slang term/insult to signify someone who is both a newbie at something, but at the same time has a very inflated sense of their prowess and capabilities at that task. Often that would be coupled with a bad-attitude as such people seem to be prime victims of the Dunning-Kruger effect.

The reason why I like to use it as an insult in most appropriate situations is that it connotes a lack of experience¬†with an implied false sense of superiority/knowledge in one 4-letter word. It big advantage is that it’s not relying of ableism, whereas the insult is effectively comparing the accused to people with lower mental capacity or non-neurotypicality, which is something I’ve been trying to actively avoid doing.

Rather, being a noob is something entirely within one’s control; one merely has to recognize their lack of experience/ability and act¬†accordingly. Therefore being¬†compared¬†to a noob is merely a one-two hit to one’s sense of skill and their attitude, which for many immature man-babies online, can sting even further.

To make matters even better, noob is the kind of word that can easily be used both playfully towards a friend, as well a more seriously towards someone who’s feelings you might want to hurt. Of course, it’s not appropriate in all contexts, but you’d be surprised in how many it can fit.

 

The equivocation of ‘censorship’

There is a common discussion that I see popping up whenever activists succeed in shutting down an event from some sort of reactionary, recent example being the cancelling of talk by notorious right-wing troll Milo Yannopoulos.

Among other arguments on the morality of events, I see people bringing up the idea that shutting down such events is censorship. As soon as this happens, usually an argument starts on whether it really is such. One side claiming that it is not because it’s not a state actor that is suppressing free speech, while the other is claiming that in the absolute technical terms, it totally is:

censorship
ňąs…õns…ô É…™p/
noun
1.
the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security.
“the regulation imposes censorship on all media”

However what seems to me is happening is rather some kind of equivocation. An equivocation in fact, between two meanings which on a word that don’t appear to be formalized yet as distinct in dictionaries.

Specifically, it there’s the popular concept of censorship which takes the above definition and adds “by state actors” in the end. Not only that, but more often than not, one will imagine also brutality involved and 1984-like images might come to mind. As a concept, this is the one that makes people icky. ¬†In fact, this is the concept one attempts to invoke when they use it as the basis of the¬†argument: “But it’s censorship!”

What is happening specifically is that all the unwritten baggage of “censorship”- which do not belong to its official definition but are attached to it anyway due to many years or red scare propaganda – are being used to undermine an act which does not share those characteristics at all!

The actual “censorship” currently happening, let’s call it censorship-lite for reference, might be technically accurate as a term to describe the effect, but if seen without relying on defining it, is quite a mild effect. In the case above it effectively involved people exerting peer (or sometimes market) pressure on some venues to not provide a platform to known reactionaries.

One would think, if such censorship-lite is not a big deal, why does it keep coming up from such valiant defenders of free speech (/s)? There is a further unspoken argument being packed in the accusations of censorship, in the form of the slippery slope fallacy. The point being made in subtext is: “This is how it starts, today you stop Milo Yannopoulos’ speech and tomorrow a boot is stomping a human face – forever.”

Please forgive my exaggeration but I hope it makes my point clear what is actually happening and why such arguments on the definition of the word never seem to lead anywhere.

 

Every 4 years

When you rely on one vote every 4 years to be the epitome of all your democratic power, it’s¬†expected to become depressed when your choice doesn’t make it.

Organize and attempt democratic control in all aspects of your life: Work, Neighborhoods, Online Communities etc. Then not only will losing that 4-year vote not make you quite so sad, but you’ll see it doesn’t matter anyway.

PS: Holy shit the drama today is overflowing.

How I got involved in the design posse of Doomtown:Reloaded

I don’t know how many remember from my posting about it in the past, but I’ve been a huge Doomtown fan ever since I first started playing it back in 1998, in episode 5 of the first cycle, using common cards gifted to me from the FLGS clerk and a starter-home (literally. It was a starter box with the home card printed on the back).

My love for Doomtown is in fact what led me to start developing an OCTGN plugin to play it online, which was my first involvement with OCTGN around 3 years ago which eventually led me to develop my most popular creation plugin for it, Android: Netrunner.

Ye Ole Snakebite - Reloaded. This is one of the cards I helped tweak to be more universally useful in the new meta.
Ye ole Snakebite – Reloaded. This is one of the cards I helped tweak to be more universally useful in the new meta.

It was that renewed interest around that time which made me try to get the original Doomtown storyline in order. Because of this effort I was approached by Tim Meyer, and invited to help implement a Doomtown revival project working under the fan label of Harrowed Entertainment Group. We worked together for a while on story and design for that project even even though ultimately that effort didn’t pan out, it was not a bad experience and we worked well together. Tim went on to continue with more Doomtown-related projects while I went to continue coding more AEG, and later on FFG, games for OCTGN.

Then, around 2 years later, at around the summer of 2013 a certain Mark Wootton contacts me out of the blue with an offer I could never refuse:  Becoming part of the rebooting of Doomtown as an ECG!

It seems Mark had heard my name from Tim from our previous work together and told him I would be an asset, so I was asked to come on board voluntarily as one of the “old faithful” players :). I couldn’t believe it! Not only was one of the best card games ever coming back to life in the format everyone had been asking for, for years, but I was being asked to part of that effort. Christmas had come early!

I cannot be sure what exactly Mark saw in me, but after the first tumultuous months of early initial design planning, there was a definite split in the roles each volunteer would take, and myself along with Eric Jome were assigned to the Design team, to work alongside Mark in figuring out which mechanical elements of the original game to keep, which to tweak and which to drop altogether ((I won’t go into details on those aspects as this is a subject for a completely different post)).

And thus is comes to be that a year after that, not only is Doomtown: Reloaded finally announced like a wish-come-true, but beyond my wildest dreams, I’m sitting in the actual design team of my most favourite of games, actually crafting future cards and having a say in current and new mechanics!

Who woulda thunk it!?

“Why I am no longer a skeptic”

English: Skeptics descend on Hollywood Blvd Ma...I can’t help but agree with most of what is written on this post. Lately I do not really feel that the label of “Atheist” or “Skeptic” is enough to make me align with another person, not only because we might not be sharing any ideology, but because very often, the outspoken skeptic and atheists online are just capitalism-worshiping right-libertarians or state-praising social democrats, none of whom proposing direct action solutions that might actually help people in the here and now, which is effectively why so few people from the marginalized feel the need to take up such labels for themselves. Which in turn is why the atheist and skeptic circles are dominated by pretty much the usual young middle-class white straight cis-male demographic and too often further dominated by reactionaries such as MRAs and right-libertarians.

Most other people prefer to fly the flag of an actually progressive ideology such as feminism or anarchism, or all too often, no label at all (Because there’s shitlords everywhere and is easy to burn out.)

Some choice quotes

On failing to convert people:

To convert their followers to skepticism, there’s no use in preaching, like Dawkins and Phil Plait, about the wonders of objective reality, however eloquently they may do it. Objective reality in a liberal democracy might well be wonderful if you’re a media personality or a tenured professor in a leafy college town. But for most people, reality sucks. And if they choose to reject it, I can’t blame them. Proselytising skeptics certainly offer them no incentive to change their minds. Skeptics ask society’s castaways to leave a reality in which they are good and valued people, and enter one in which they are pieces of warm garbage. Little wonder that so few take up the offer.

on being sexist bastards:

Skepticism, of course, is only one of the many online interests which attract barely-closeted sexists. But the particular attraction of skepticism is also its particular problem: it allows the sexist to disguise his prejudice as rationality and “common sense”. You can spot guys like this easily on skeptic forums: the word “feminism” brings them crawling out, like slugs after a downpour. For them, feminism is an unscientific discipline (but how could it be otherwise?), as nonsensical as astrology or Roman Catholicism, and as ripe and essential for debunking. They’re okay with women’s lib, within reason; but now it’s gone too far, and the firm hand of reason must rein it in. Reason, weirdly enough, never seems to disrupt their own grip on power. It’s always on the side of the patriarchy.

On elitism:

About ten years ago there was a short-lived movement to rebrand skeptics as “brights”. This proposal was widely derided within the community, perhaps because it revealed too much about the skeptic mindset. Many skeptics indeed see themselves as “brights” in a world of “dims”. And rather than illuminate the world, they prefer to gather on skeptic forums and try to outshine each other.

And other good stuff. It’s a long read, but worth it.

 

So, it turns out that Francois Tremblay is a shameless transphobe.

[trigger warning for transphobia]

The recent rants against trans-women made me raise an eyebrow about the sheer level irrationality displayed here, but then I folloeda link to a discussion and found out this quote

I don’t want your fucking sympathy, trans-lover.

What the actual fuck Francois? When did  you become a bigoted scumfuck?

Sorry, but this sentence, along with recent peppering of “bitch”, “retard” and “faggot” as slurs in your posts makes me think you’re a very confused individual. Let me make that very very clear to you: You can’t go using misogynistic, ableist or homophobic slurs and¬† then claim that you “do not impose harm”.

Your laughably misguided “antinatalist” tirades are one thing, but outright bigotry it quite another. Sorry to say but the left-libertarian forum was right to treat you like shit.

Work on your shit dude.

PS: If anyone wants to see the extent of Francois’ transbashing, start reading from this comment (after which he calls the poster a “gender traitor”). Big trigger warning though.