Fediverse

18153 readers

19 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

founded 5 years ago

MODERATORS

[email protected]

Why the fediverse is stuck. (keinpfusch.net)

submitted 2 years ago by [email protected] to c/[email protected]

59 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 2 years ago

malicious actors were spinning up fake instances with thousands of users to make a server send separate copies of a message to every single user’s inbox, slowing the site down. Would shared inboxes help to prevent this type of attack, or is it something else?

Indeed. Making sharedinbox a requirement would mean that a server could simply refuse to do it the other way and then be immune from that attack. But because it is optional, all servers must then be vulnerable to this attack.

It can be mitigated by batching, and delivering say only 5 copies to one server at a time, but that would have to be very carefully crafted to not cause queue backup for other messages.

The ultimate workaround is queueless delivery, but there will still always be some penalty of having to keep revisiting a particular server.

A malicious actor can also deliberately slowly respond to deliveries, forcing the sending server to keep many sockets open.