@aral Hello Aral, rate limits are hardcoded in Mastodon: https://github.com/mastodon/mastodon/search?q=rate+limit
There are no other rate limits applied on my end.
So, I can't really do much on my end without forking and changing the Mastodon code. Sorry :|
@jwildeboer @aral There are others, example: https://github.com/mastodon/mastodon/blob/main/app/lib/rate_limiter.rb#L6-L21
@mastohost Thanks! And no worries, I understand. You don’t want to maintain a fork of that beast, trust me :)
Seems I have to devote some time in the future to swapping out Mastodon with a fediverse server designed for a single person. I believe there are a couple of projects in that area.
It’s ridiculous to host something designed to hold a million people for just one person. It’s like living in a skyscraper by yourself: not good for you, not good for the environment, or for anyone :)
@aral oh yeah, I don't want to fork that beast :)
Still, I don't think that the public APIs rate limit should be removed. That would open the door to all sorts of attacks or abuses.
But I agree that rate limits should not affect regular usage of the web interface. For me, is more why does this happen/how to fix it and less on how to disable it.
About the single user software, 100%. I can think of so many way to make that software much simpler and less resource intensive.
@roblen @mastohost @c3po Sadly, ActivityPub itself makes this difficult but it’s not impossible by any means. But it’s not what ActivityPub was designed for. (So we are somewhat trying to stuff a square peg into a round hole.)
The small web stuff, on the other hand, is being designed with specifically this use case in mind. (But isn’t usable yet. Which means there’s lots of value in exploring these solutions on the fediverse and getting folks thinking in this direction as soon as possible.)
@Gargron Because it’s built for you (the moderator/administrator), not for the person with the account.
Don’t get me wrong, I’m hugely thankful for Mastodon. Without it we wouldn’t have the fediverse. But the level of centralisation is a problem.
You’re designing for 800,000 in one place (because that’s what you have to moderate – a task I do not envy you), not 800,000 separate instances.
This is the Achilles' heel of Mastodon/the fediverse.
And, again, I’m hugely grateful it exists.
@aral looks like there has been a feature request to make this configurable, open since early 2021
@aral What's this rate limit that a single person hosting his own instance can cross? Number/frequency of posts? Or follows?
@aral I'm a little confused. Are you against rate limiting in general? If so, how would you deal with increased server load due to the actions of a few, that could also impact the experience of others? An attacker could target compute intensive tasks and spam them to negatively affect server capacity
And how would you deal with password guessing if there were no rate limits? I could write a script that brute forces not just one password but those of as many users as possible.
@loveisgrief Rate limiting password retries is a security property. Rate limiting message sending (beyond what would remove automated flooding) is a property of designing a system for 1-800,000 people (which means designing for 800,000 people instead of for instances of 1).
This is my personal Mastodon.