Apparently one of the lemmy.ml admins was overzealous in banning all User-Agent strings that contained the word “bot”. Bans were entered for all of the individual strings containing that word which were observed in their webserver logs, which impacted kbin’s reported agent of “kbinBot”.

The issue has been fixed, and I observed that one of my kbin posts to a lemmy.ml community was successfully pushed to the original instance.


Edit:

Here are all the links that I’ve found with the lemmy.ml admins discussing the issue:

  • gentleman@kbin.social
    link
    fedilink
    arrow-up
    28
    ·
    1 year ago

    @blightbow Thanks. I appreciate the work that the admins here do. Kbin-social is a nice landing pad for this reddit refugee. That said, I don’t have an interest in posting to lemmy.ml because they seem to be a bunch of tankies, which is being generous. The question in my mind is why kbin-social hasn’t returned the favor and banned them as well as their gulag archipelago instance?

    • AnonTwo@kbin.social
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      Return the favor and…not ban them? Because this thread is explaining that it was a bug and has been fixed, meaning no shadowban is occurring anymore…

      • BaroqueInMind@kbin.social
        link
        fedilink
        arrow-up
        14
        ·
        edit-2
        1 year ago

        Browsing any Lemmy instance is like swimming in a public pool and saying only the other half of it is filled with piss and this part is fine…

        Lemmygrad and lemmy.ml are both run by the same developers and occupied by the same users: tankies and people who are pro CCP apologists.

        • DarkThoughts@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          I think you all conflate the admins with the userbase. Lemmy.ml has a lot of regular users & communities. In that sense you would have to blanket block all Lemmy instances in general.

          • Alexmitter@kbin.social
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            A community and its direction is though largely depending on the Admins.
            Just recently some tankie posted a “meme” on “meme” that just casually tried to claim the Rothschild Family was intertwined with western media and because of that western media bad, just the casual antisemitism. And the Admins did not care.

            • DarkThoughts@kbin.social
              link
              fedilink
              arrow-up
              4
              ·
              1 year ago

              I can guarantee you that the majority of Lemmy.ml users have absolutely no clue about the political views of their admins. There’s a reason why Lemmy.ml is so much larger than Lemmygrad.ml.

              And I’ve seen stupid conspiracy shit on kbin and lemmy.world as well.

              • Gull@kbin.social
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                The issue is not whether there is some individual occasion where some individual person posts “conspiracy shit.”

                The issue is whether admins act on user reports of blatant anti-semitism.

      • blightbow@kbin.socialOP
        link
        fedilink
        arrow-up
        13
        ·
        edit-2
        1 year ago

        Pretty much this. It still gets a lot of flack for being operated by the developers of Lemmy, but there are a large number of users and communities that exist on lemmy.ml for no other reason than it being one of the larger original instances. Most operators of high-volume instances are unlikely to take action against lemmy.ml unless a situation develops that gives them no other choice.

        • livus@kbin.social
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          That’s the rumour.

          It’s technically the domain for Malawi, who operate a free domain name scheme.

          But apparently those devs picked it because of Marx Lenin.

    • sparseMatrix@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      @gentleman

      @blightbow

      I too tried to flee reddit for lemmy.ml, over a year ago now - and found it to be a far worse clusterfucked shitstorm than reddit ever was, and I mean that ideologically, philosophically, politically, and morally.

      I just didn’t go back until the current exodus, mainly because I was trying to see if the account still worked, and it had been lost/purged/banned whatever

      fuck those guys and the horse they rode in on, then far as I’m concerned, they can ride it back out of here wet.

      Might as well federate with facebook.

      • SoSquidTaste@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        …then far as I’m concerned, they can ride it back out of here wet.

        This was the most anachronistic American Southwestern burn I’ve yet seen on any internet comment thread to date. I can nearly hear the spitoon at the end.

        I know it sounds like I’m making fun of it, but I genuinely am not. Marvelous

  • kglitch@kglitch.social
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    Kinda crazy that the lemmy admins only heard about it 12 hours ago. This situation went on for many days.

    • Melpomene@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      There were a number of people who’d claimed that they reached out, but whether the admins saw those messages is a valid question. Assuming the best seems best for now… though I do understand why people might find the entire situation a bit odd.

  • Deceptichum@kbin.social
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    Umm what?

    I remember people doing tests and other variations of words featuring “bot” went through no problem, even changing the spelling of KBin was enough to get in.

    I’m gonna have to call BS on their excuse.

    • blightbow@kbin.socialOP
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      That assumes they were using an expression based filter in the webserver config itself. If they were extracting user agent strings containing the word “bot” from their webserver logs and adding them to a static list of user agents to deny (particularly if it’s an external file referenced by the config that strings can be easily dumped into), it’s a plausible explanation. I can especially see this happening if they did a blind sort by log volume and only inserted the 20 biggest results or somesuch.

      Even if this was the case, was someone in a position to observe that one of those strings contained “kbin”? Yes. Was it possible they still didn’t notice? Yes, especially if shell pipelines are involved. Was it possible for someone to notice but assume that this wasn’t the kbin software itself, but a third-party tool that someone else wrote? Also yes. Still possible that all of this is bullshit? Still yes!

      Full disclosure: I’ve worked in the webserver and webapp adjacent spaces for a long time, and I have a lot of appreciation for how much damage one person’s stupid change without peer review can do in massive production environments. :) I am admittedly biased toward applying Hanlon’s razor in these situations.

      • Deceptichum@kbin.social
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        If they were doing that, others with bot in the name would have been caught, no?

        Yet the people who tested it said that wasn’t the case.

        • blightbow@kbin.socialOP
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          Like I said, a blind sort by volume of the top n user agents in their logs containing the word bot would be enough to do it. Drop the output of that sort into a text file or a hash table, then create a user agent filter in the nginx config that blocks the specific strings seen in that file.

          It is very much the sort of thing that a single admin can do by accident, and the exact sort of problem I would expect to see with rapidly growing instances operated by a very small number of tech enthusiasts.

        • Teppic@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          From the response it is likely that many other specifically identified phrases which do contain the word ‘bot’ have indeed been blocked (presumably still are).

          The slight variations in kbinBot which were subsequently tried wouldn’t previously have shown up in the logs and so wouldn’t have been added to the blacklist.

    • ardorhb@kbin.cafe
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      If I have understood correctly they actually did block „kbinBot“. They did not use a regex like „*bot“ but have looked through the protocols and manually blocked each one that looked like a bot to them.

      So the people using other variations of „bot“ would have had to catch exactly another blocked term for this and not just a fairly similar one.

      I’m not saying there isn’t more to it, but what they wrote is within the realm of possibility.

  • Nepenthe@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Hopefully, that will stick. Also hopefully, our differing cultures won’t end up in a lot of users being banned the moment they mention anything more eastern than Norway. I don’t think it would typically be an issue, except that Russia and the surrounding area will remain a newsworthy topic for a great while.

    I’ve been giggling over it a bit. You probably already saw, Blight, but I made one single comment in the latest .ml thread inquiring about this where I just frustratedly put forth defederating them back and building over here, rather than have over a hundred communities that only look like they exist from kbin’s point of view. Which some helpful user copied over to a non-blocked instance for me, just in case. And then less than half an hour later, we were back. That comment and that comment alone is the ONLY thing I have ever gotten to federate over there, and of course it was the one where I was outwardly threatening them 😂

    Whatever the reason, I’d just be happy to be able to participate.

    • blightbow@kbin.socialOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Yeah, your original comment came up when I did my research immediately prior to leaving a note on a niche lemmy.ml community that I subscribe to. …Which immediately federated over to the original instance, because I missed this developer comment and the other admin didn’t reply to the thread you were quoted in until several hours later. Based on the timing of the older comment I don’t think it has anything to do with your post, but you can pretend you didn’t see this. ;)

      In any event, it’s dealt with. I think it reinforces the need for proper backchannels between the highest population ActivityPub instances, but I wouldn’t be surprised if some of the politics is acting as a barrier to this since both lemmy.ml and kbin.social are directly run by their respective software developers.

      I’ve seen a few offhanded references to how kbin originated as an alternative to lemmy without the tankie implications, but I haven’t found any links to posts from ernest himself that support this. By actions alone I would say that he strongly favors interoperability over politics, but who’s to say what thoughts the developers have for each other. :)

      • Nepenthe@kbin.social
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Yeah, I figured I wasn’t exactly gonna try to claim credit for it. I already have enough egg on my face without begging for more. Talk about perfection in timing, though. When I wrote that, I went back and forth between instances just to make sure. All relevant communities almost or totally empty. No other kbin comment in that thread crossing over. But mine…mine was the lucky one. Of course. Now I just look really mean for no reason.

        I wouldn’t be entirely surprised to see some fallout of inter-platform politics either. Though I’ve seen fairly little of the lemmy devs, what I have seen has tended towards being political and heavy-handed and while that’s their right, it’s also the reason such a bug on their side appeared fairly likely to be intentional. I would be depressed to see creators here still kneecapping each other like the companies do, but I wouldn’t necessarily be shocked.

        I’ve gotten the sense from Ernest’s general behavior that he’d most likely opt for the good of the community and keep whatever personal problems he holds under wraps until forced. He’s been shockingly sweet and humble, and goes out of his way to be transparent even over screw-ups he could just as easily keep quiet about.

        This is a guy who had to be badgered to set up donations he clearly didn’t expect to actually receive. He’s squishy. I don’t see him setting out to dethrone Lemmy specifically unless one or the other falls under an evil witch’s curse and there are no remaining options. None of us really lose out by having competitors here and trying to murder lemmy would be far more trouble without much gain.

        After pausing for a minute to dig up a half-remembered comment of his, it seems like there’s truth to both: he respects them as developers, sees continued federation and input as healthy, and is polite enough to make only a very small nod to the differences that led to kbin. Maybe they won’t be going out for beers with one another, but hopefully, they can keep each other more apprised if they’re to work together at all effectively.

        PS. This is apropos of nothing, but I’ve seen you around and never stopped to tell you. You have just the coolest username and I love it.

        • blightbow@kbin.socialOP
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Thanks for the link! Your take is pretty much the same as mine. Nothing for me to expand on, you’ve pretty much nailed it.

          PS. This is apropos of nothing, but I’ve seen you around and never stopped to tell you. You have just the coolest username and I love it.

          lol! It’s borrowed from the name of a character I made for Guild Wars 1. As the internet got bigger my older nicks became more hotly contested, but somehow this edgelordy one is never taken. :) The downside is that I can’t easily feign ignorance about stupid things I’ve said in the past, but at least most of the evidence got nuked along with my entire Reddit history.

          • Nepenthe@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            Goodness, I don’t think I’ve even played an MMO since Runescape characters gained knees. I miss those days. Back when milk was delivered in little glass bottles by desaturated Andy Griffith types and everything made sense.

            Accounts being somewhat disposable will probably be more encouraged here, what with navigating the risk of ever-present bans and a web of only semi-predictable federation. I’m sure a fourth of beehaw users have at least one alt, for instance, even if they do like the atmosphere.

            I always find choosing a name to be by far the worst of it, though. I’m terrible with decisions and I’ve had to sleep on this more than once. The moment of realization? Taking all the bothersome symbols and 1337 out of my name means all anyone looking for me is going to get now are pictures of plants and moody excerpts from Poe’s The Raven. Become unsearchable.

    • Rottcodd@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Funny thing - I experimented yesterday with posting from and to various instances and verified that the ONLY case that was problematic was from kbin to lemmy.ml, and posted about that from one of my lemmy accounts, then after thinking about it and poking around a bit more, I wrote a post from my kbin account to this very magazine arguing for defederating from lemmy.ml. I ended up deciding to not post it though, so I just copied it and saved it and was planning to wait a bit longer. So it was particularly fitting to see that someone else actually did broach the topic.

      And if I’m honest, I think that defederating from them should still be on the table. I think there’s no question that this was deliberate and malicious (and driven by petty jealousy of a not only competing but arguably superior piece of software), and it indicates that they shouldn’t be trusted.

      I would think that the most sensible approach would be to consider them on probation. If they can demonstrate that they actually can be trusted to act in good faith, fine. If, on the other hand, they pull another shady move like this one, defederation should be the immediate response.

      Though Ernest likely wouldn’t agree…

      • Countmacula@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I think that would be a terrible idea, respectfully.

        Many reddit refugees made communities on .ml. I did. I didn’t know about all the tankie junk.

        That would kneecap my small (but growing) community.

        Perhaps a solution to all this would be a community migration tool or a "community’ instance that holds them.

        • Melpomene@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          A community migration tool would 100% make sense for both Kbin and Lemmy, especially if there were an option to link the old, read-only community to the new location, redirect users to the new location from the old. That would also facilitate consolidating communities who want to consolidate.

          • Gull@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            If I signed up to a mag on one instance, that doesn’t mean I want to sign up to it on a different instance.

            • Melpomene@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Fair, so perhaps just a notification that goes out if an instance moves? Community with its settings and posts moves, but the users can be invited (or not, per their settings) to migrate too?

    • Gull@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Nobody is talking about banning users “the moment they mention anything more eastern than Norway.”

      • Nepenthe@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        From a cursory search, I’d read this post from about a month ago asking for orientalism to be added to the rules as an example of racism/bigotry, on the basis that it was a regular and highly-bannable offense without being at all clear that it was an offense to a lot of newbies. Most people understand racism and xenophobia to mean race and country, and wouldn’t necessarily qualify criticizing any country’s government to fall under that, while the admins and some of the comments disagree.

        This comment seems to be the only real notice either of the admins took of that request, and it was only to say, “Yep, western outlets reporting on the east are bigoted, what about the US?” Which is disappointingly unhelpful in clearing up what the rule actually covers beyond implying that it covers everything about the east coming out of the west, and that would be insane. Beyond that, they spent the majority of their time in the comments with everyone else, deleting stuff and fighting about the genocide thing instead of addressing the topic.

        Checking the current rules, nothing beyond that has been done. Glancing at the modlog shows a recent article talking about the US supplying Ukraine with cluster bombs that has indeed been removed for bigotry, same as I expected they would be. Not locked for a shitty comment section, just removed. Really irate that I haven’t got a screenshot like the thorough documentation Pineapple’s, but it seems (I assume for traffick reasons) that the modlog is having trouble loading and keeps erroring out on me now.

        Suffice to say, yes, there are those that appear to believe this through word and action, and they aren’t clearing up what they do believe like they really should if they don’t mean to be so hilariously heavy-handed with it. All Dessalines really accomplished was shutting down the conversation without explaining.

  • melroy@kbin.melroy.org
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Took way too long to get this addressed. But thanks you for solving this issue. There were the strangest stories going around on why kbin was blocked.

  • DarkThoughts@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Reeks of competency if you do a blanket ban on that term, as if malicious bots would announce themselves as such.

    • blightbow@kbin.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      There are plenty of high volume, non-malicious bots that do. robots.txt is a thing for a reason, and we can see here that lemmy.ml has implemented it. Not all bots that ignore robots.txt are malicious though, just poorly designed. You can basically lump them into three categories:

      • Well-behaved bots that announce that they’re bots in the User-Agent header and obey robots.txt (note that they may still slam the server even if they obey it)
      • Mediocre bots that announce that they’re bots in the User-Agent header but ignore robots.txt (or vice versa)
      • Bad bots (malicious or otherwise) that announce their User-Agent as other things, often pretending to be other software.

      Their logs told them they had a lot of traffic from stuff identifying itself as bots. Throwing that traffic out wouldn’t break lemmy but would help them deal with the capacity problems that all of the mainstream lemmy/kbin instances had to deal with shortly after the Reddit exodus began. They fucked up and tagged kbin in the process, which definitely would have been one of the highest volume ActivityPub consumers matching their criteria.

  • -spam-@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    So is this what was causing posts I made to communities there via Kbin to not show up?