Follow

Excuse me, did my own Mastodon instance that I own and control just rate limit me?

@mastohost Hey Hugo, can we please remove any rate limiting from my server? Thanks :)

@aral Hello Aral, rate limits are hardcoded in Mastodon: github.com/mastodon/mastodon/s

There are no other rate limits applied on my end.

So, I can't really do much on my end without forking and changing the Mastodon code. Sorry :|

@mastohost @aral I do regularly check the sidekiq dashboard and delete dead jobs and retries, but I've never seen a page that shows me stats on API access or other rate limited things. Feature request?

@jwildeboer @aral I don't recall seeing a place where one can see the rate limits that have been triggered.

The only way I know one could see that is by doing a grep in the Mastodon logs.

@mastohost Thanks! And no worries, I understand. You don’t want to maintain a fork of that beast, trust me :)

Seems I have to devote some time in the future to swapping out Mastodon with a fediverse server designed for a single person. I believe there are a couple of projects in that area.

It’s ridiculous to host something designed to hold a million people for just one person. It’s like living in a skyscraper by yourself: not good for you, not good for the environment, or for anyone :)

@aral oh yeah, I don't want to fork that beast :)

Still, I don't think that the public APIs rate limit should be removed. That would open the door to all sorts of attacks or abuses.

But I agree that rate limits should not affect regular usage of the web interface. For me, is more why does this happen/how to fix it and less on how to disable it.

About the single user software, 100%. I can think of so many way to make that software much simpler and less resource intensive.

CC @c3po

@mastohost @aral @c3po I would like to see a one person microblog „server“ for the #fediverse which I could install on my share webspace. As much easy as implementing WordPress and co.

@roblen @mastohost @c3po Sadly, ActivityPub itself makes this difficult but it’s not impossible by any means. But it’s not what ActivityPub was designed for. (So we are somewhat trying to stuff a square peg into a round hole.)

The small web stuff, on the other hand, is being designed with specifically this use case in mind. (But isn’t usable yet. Which means there’s lots of value in exploring these solutions on the fediverse and getting folks thinking in this direction as soon as possible.)

@aral @mastohost Exactly. I agree that most people should switch to single user fediverse instance like @dev I am also considering same thing

@aral Yes, there are rate limits in the software.

@Gargron Because it’s built for you (the moderator/administrator), not for the person with the account.

Don’t get me wrong, I’m hugely thankful for Mastodon. Without it we wouldn’t have the fediverse. But the level of centralisation is a problem.

You’re designing for 800,000 in one place (because that’s what you have to moderate – a task I do not envy you), not 800,000 separate instances.

This is the Achilles' heel of Mastodon/the fediverse.

And, again, I’m hugely grateful it exists.

@Gargron @aral

It does seem like rate limiting should probably *not* apply to the admin! haha.

@vega @Gargron to reduce server load, and keep hosting affordable probably.

@aral What's this rate limit that a single person hosting his own instance can cross? Number/frequency of posts? Or follows?

@aral @amit @aral @loveisgrief Weird, I use Pleroma for my instance and my limits are 10,000 status actions every 15 seconds... that's enough for me 😆 I'm sure Mastodon would be similar so maybe it was a glitch somewhere (web browser/mobile app sending too many erroring requests perhaps?)

@aral I'm a little confused. Are you against rate limiting in general? If so, how would you deal with increased server load due to the actions of a few, that could also impact the experience of others? An attacker could target compute intensive tasks and spam them to negatively affect server capacity

And how would you deal with password guessing if there were no rate limits? I could write a script that brute forces not just one password but those of as many users as possible.

@loveisgrief Rate limiting password retries is a security property. Rate limiting message sending (beyond what would remove automated flooding) is a property of designing a system for 1-800,000 people (which means designing for 800,000 people instead of for instances of 1).

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.