this post was submitted on 07 Jul 2024
8 points (78.6% liked)

Is this Instance Down?

80 readers
1 users here now

Discuss which Lemmy instances are online or offline. Problems with federation may also be discussed.

Visit lemmy-status.org for an overview.

Equivalent communities exist on other instances:
/c/isitdown@lemmy.ml
/c/isitdown@feddit.de
/c/isitdown@kbin.social

Please be civil and stay on topic. Posts and comments referencing NSFW content must start with the word "NSFW".

founded 10 months ago
MODERATORS
 

These are Lemmy instances with a “Sign Up” link which present you with a form to fill out to register. Then after you fill out the form and supply information like email address to the server, they respond with “registration closed”:

  • lemmy.escapebigtech.info (dead node now, but got instant reg. closed msg when they were alive)
  • expats.zone
  • hackertalks.com
  • lemmie.be
  • lemmy.killtime.online
  • lemmy.kmoneyserver.com
  • lemmy.sarcasticdeveloper.com
  • level-up.zone
  • zoo.splitlinux.org

I suppose it’s unlikely to be malice considering how many there are. It’s likely a case of shitty software design. There should be a toggle for open/closed registration and when it’s closed there should be no “Sign Up” button in the first place. And if someone visits the registration URL despite a lack of Sign Up link, it should show a reg. closed announcement.

Guess it’s worth mentioning there are some instances that accept your application for review (often with interview field) but then either let your application rot (“pending application” forever) or they silently reject it (you only discover non-acceptance when you make a login attempt and either get “login failed” or even more rudely it just re-renders the login form with no msg). These nodes fall into the selective non-acceptance category:

  • lemmy.cringecollective.io
  • lemmy.techtriage.guru
  • lemmy.hacktheplanet.be (pretends to send confirmation email then silently neglects to)
  • links.esq.social
  • dubvee.org

To be fair, I use a disposable email address which could be a reason the 5 above to reject my application. And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software. That is, when a login attempt is made, the server could present the rationale for refusal. Another software defect would be failing to instantly reject an unacceptible email address.

you are viewing a single comment's thread
view the rest of the comments
[–] Darkassassin07@lemmy.ca 13 points 4 months ago (6 children)

And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software.

No, that ones entirely on you. Don't provide a false means of communication then blame them for using it.

[–] debanqued@beehaw.org -2 points 4 months ago* (last edited 4 months ago) (2 children)

I’m not seeing how this is a good justification for login refusals to lack information and transparency. When you are denied a login, a well designed system tells you why you are denied and the rationale the server gives you should either include enough info to imply a remedial course of action (e.g. “re-apply and tell us more detail about why you like our node”), or at least make it clear that the refusal is final for reasons that are non-remedial. Users should not have to guess about why they are denied a login when countless things can go wrong with email at any moment. The denial rationale should be emailed and also copied into the server records to present upon login attempts.

The only exception to this would be if they really believe they are blocking a malicious user. Then there is some merit to being non-transparent to threat agents. But the status quo is to treat apps rejected for any arbitrary reason as they would an attacker.

[–] Darkassassin07@lemmy.ca 8 points 4 months ago (1 children)

I could understand that if you had been granted an account you'd successfully logged into, and then started receiving login refusal afterwards; but to have not actually had an account yet makes it pretty obvious when you try to login and fail that the application has not been accepted. Whether that's an explicit refusal, or just an idle queue that's being ignored, doesn't really make a difference. If the instance admins wanted to talk about it, they'd have emailed you; or published some means of contacting them outside lemmy.

I wouldn't expect to receive the reason for refusing the application via any other means than the email I'd provided in that application. That's the entire purpose of providing an email; so you could be contacted when/if there are updates to your applications status.

If you're going to provide false contact info, you can't be all that surprised when you don't receive communication(s).

[–] debanqued@beehaw.org -1 points 4 months ago* (last edited 4 months ago)

to have not actually had an account yet makes it pretty obvious when you try to login and fail that the application has not been accepted.

That would be a blunt non-transparent/non-specific message to send. It’s not obvious /why/ the reg was denied.

If the instance admins wanted to talk about it, they’d have emailed you; or published some means of contacting them outside lemmy.

Lemmy software is designed as comms software itself with email address disclosure optional. An admin can make it mandatory, but Lemmy’s design should cater for the email-free option regardless of how an admin toggles that setting.

I wouldn’t expect to receive the reason for refusing the application via any other means than the email I’d provided in that application.

I get that. People are accustomed to relying on email. But this is not an excuse for software deficiencies.

That’s the entire purpose of providing an email; so you could be contacted when/if there are updates to your applications status.

That can be accomplished without email. Email is a convenience at best. Some users have decided email is an inconvenience and do not use it. And Lemmy supports that -- partially.

Let’s be clear about who the software is expected to serve. The comms feature of giving feedback to users without an email account is not to directly serve the end user. Software should serve its user (the Lemmy admin in this case). A Lemmy admin does not want to take the time to express themselves on their decision only to have their msg blackholed. They don’t necessarily know that an email address is disposable. The end user benefits by extension, but it’s about creating software that serves the direct user of the s/w. If you’re an admin who makes email optional, you might still want to be able to get a msg to a user.

The core purpose of the Lemmy platform is communication. So relying on out-of-band tech is kind of embarrassing. Think of it from the dog food angle. An in-band msg has the advantage that the admin has more control (e.g. they can edit a msg later and they can know whether the msg has been fetched). Lemmy relying on email as a primary means of comms is a dog food problem.

The only sensible concession I would see to make is that there are a hell of a lot more important things for Lemmy devs to work on because the software has a lot of relatively serious defects. I’m talking about how great software would be coded, but extra diligent handling of denials should have a low triage in the big scheme of the state of where Lemmy is right now.

[–] stevedidwhat_infosec@infosec.pub 7 points 4 months ago (1 children)

The cognitive dissonance in this Jesus Christ

You don’t think providing an email from a throw away service would strike the software as a malicious user/spam bot???

You keep talking like you know everything and then step onto rakes and start screaming about how it’s the gardeners fault (you live alone and do the gardening, naturally)

[–] debanqued@beehaw.org -3 points 4 months ago* (last edited 4 months ago) (1 children)

The cognitive dissonance in this

It seems you don’t know what that phrase means. It doesn’t follow from anything else you wrote why you think that.

You don’t think providing an email from a throw away service would strike the software as a malicious user/spam bot???

You don’t think that legitimate streetwise users secure themselves by supplying disposable email addresses???

You keep talking like you know everything

The post intends to solicit intelligent and civil discourse with logical reasoning, not the sort of ego-charged emotional hot-headed pissing contest you’re trying to bring here.

[–] stevedidwhat_infosec@infosec.pub 1 points 4 months ago* (last edited 4 months ago)

Your post and subsequent comments say quite the opposite - they’re oozing ego-charged.

Try coming from a place of genuine curiosity and not “this is wrong and stupid”

I’m not interested in bickering with you about semantics of social conduct. Black boxing applications from disposable/abusable mechanisms is absolutely a-okay in cybersecurity terms.

load more comments (3 replies)