Freedombone Blog

Freedom in the Cloud

Blogging in Epicyon

Very basic blogging functionality has been added to Epicyon. There's now a blog timeline and you can select "blog" as a category when creating a new post. Blog entries are entirely public and at present they're not editable after being published, although that may change in future.

The maximum content length in terms of raw text has been increased to 32K, so that's easily enough to allow very long ranty blog posts with lots of meandering.

Blogs are published using the "Article" ActivityStreams type, and that seems to be the way that other fediverse blogging software does it too. As usual it's possible to reply to blog posts as if they were any other fediverse post, and the usual moderation settings also apply. There's an upper limit on the number of replies per post in order to avoid hellthreads and replyguys.

Once published your blog is visible under https://yourdomain/blog/yournick. Replies will only be visible if you are logged in. This isn't really a privacy feature in the familiar sense, it's more intended to avoid marketers scraping everything and trying to build profiles of how people interact.

For now I expect to continue blogging here on Bludit. Fediverse blogging is in its infancy and might become a bigger thing in future. As it stands right now Mastodon - the most popular fediverse server - doesn't appear to have the capability to display Article type posts other than showing them as a link.

DMs and Emoji

There are some recent major fixes for sending DMs and posts including emoji within Epicyon. Formerly if you were not running in debug mode then DMs just wouldn't send. It was a minor bug in the code, but with large effects.

Emojis may still not federate perfectly - especially custom ones which aren't in the standard set - but they should work more reliably than before.

Bird Control

Epicyon now has an option on the edit profile screen to remove posts arriving from Twitter.

Posts from Twitter have always been a feature of the fediverse. In the early GNU Social times bots mirroring accounts on Twitter helped to increase the amount of interesting content, since there were not many users. But if you have been pushed out of Twitter, or ragequit, or just stopped using it for ethical reasons then it's quite understandable that you might not want to be seeing any more Twitter content. Now if you prefer it then you can have the authentic fediverse experience, without the Silicon Valley pollution.

Mitigating Google Tracking

Epicyon now replaces YouTube links with invidio.us automatically. This doesn't eliminate Google's tracking, but reduces the amount of it such that by watching a video you're sending less data about yourself to Google. invidio.us is just an alternative free software interface to YouTube.

The history of these sorts of workarounds is that eventually the company finds some way to block the alternative interface, but for now at least this is a kind of practical harm reduction. The less data the surveillance companies get, the better.

Epicyon and Spam Mitigation

I notice that the Pleroma project (another ActivityPub server) has been having trouble with spam, and there have also been earlier spam problems with Mastodon instances. They've mitigated it by having a captcha by default. Personally, I don't like captchas. I don't like them mainly because I can't solve them (the ones with heavily distorted text). As far as captcha systems are concerned I am a robot. Beep boop.

So how does Epicyon deal with spam?

In its design ActivityPub is quite similar to email, and that means it can potentially suffer from similar problems. There are a few ways that fediverse instances in the last couple of years have dealt with this.

The main one is http signatures. Without getting into the details of http signatures as a cryptographic mechanism this basically gives a reasonable assurance about which account a post is coming from when it gets delivered. But that on its own isn't enough. An adversary can potentially generate arbitrary numbers of separate accounts at electronic speeds.

An additional mitigation commonly used has been registration limits. On a public instance you might open new registrations for a limited time or for a limited number of new accounts and then close it again and allow time for the newcomers to settle. The settling time tends to avoid admins becoming overwhelmed by newbie questions, trolls or spam floods. This seems to have worked quite well, and Epicyon also has this available. You can set registrations to be open and then also specify the maximum number of new registrations. By default new registrations are allowed and the maximum is set to 10. In a Freedombone installation with the Epicyon app installed new registrations are closed and only created via a command in the background when new members are added from the admin screen.

Epicyon also has quotas, with a maximum limit on the number of posts which can be received from an account or a domain per day. So if there's a rogue instance sending out a lot of spam or if one of your friends accounts gets hijacked then the maximum rate at which posts can arrive is contained.

Then there is the infamous DDoS scenario. Suppose that there are a million bad instances out there on different domains and they all send one spam per day. In this case it's down to the firewall, and Freedombone only allows a limited number of simultaneous connections on the https port.

Epicyon also does things in a way which makes life difficult for spammers. As a general rule you only see posts from people that you're following. There is no public or federated timeline. And there is no relaying of posts going on either. To a large extent what you see is what you get, with no additional stuff from random accounts you're not interested in. So unless you are following a spam account they may have difficulty getting into your timeline. An extra feature which is off by default but which can be turned on if you need it is to only receive DMs from people that you are following.

It should also be said that Epicyon isn't designed to run large public instances with thousands of accounts. It's intended to support about ten accounts at the upper limit, for self-hosting or small groups. At large scale Epicyon would probably perform poorly, and this is another reason why it would be unattractive for use by spammers. A Small Tech approach has advantages which would otherwise become headaches for projects fixated upon scaleability.

Epicyon Scheduled Posts

In Epicyon you can now schedule posts to be delivered at some time in the future. This can be useful for creating reminders to yourself to do things (eg. don't forget the milk) by posting a DM to yourself in the future. It could be used to promote an event by scheduling information posts leading up to it. Or it could also be used to handle time zone issues where you'd like a post to be seen but the expected recipients may not be awake if you post it right now.

With this type of feature there is the potential for spam, so the number of posts which can be scheduled at any point in time is quite small. Also spammers would have much easier methods for generating and sending a lot of posts, and the signature checking tends to mitigate against the kinds of spamming which happens with email.