Codeberg is a German organization, and I would guess that the authors are nonnative English speakers who are borrowing an infinitive construction that usually works the same way in German as it does in English but happens not to work the same way with the English verb “prevent”.
“from being centralized — and safe” has failed parallelism because you can interpret it as “from being centralized and from being safe”. “How blocklists prevent centralization and keep the Internet safe” or “How blocklists keep the Internet decentralized and safe” are both fine.
OK: I just hit some cognitive dissonance. And, scanning the article again didn’t resolve it.
Reading the title, I thought that the author meant the following:
Using blocklists is a problem, as it keeps the Internet from being decentralized
Using blocklists is also a problem because it keeps the Internet from being safe
In other words, blocklists harm both decentralization and safety.
But, reading the article, it isn’t now clear whether “decentralized implies safety” or “centralized implies safety”. In fact, all I’m getting is that “centralized blocklists are a PIA”. No idea where safety is supposed to fit into that model.
In January I left Google to focus on Bitcoin full time. My current project
is a p2p crowdfunding app I want to use as a way to fund development of
decentralised infrastructure.
It’s for these reasons that I’m interested in the overlap between Bitcoin
and E2E messaging
My reading of this situation is that Codeberg offers free code hosting, some bad actors take advantage of this to host malware there, and Codeberg would much rather that organizations that detect malware contact them to get it removed rather than placing the entire Codeberg site on a blocklist for hosting malware.
Welcome to modern email selfhosting, where microsoft blackholes entire hosting provider networks if one of them has a bad host.. (And some german state authorities use blacklists which require money to remove your IP from the “list of dynamic IPs”, from when your current IP belonged to some ISP.) On the other side I’m currently fighting a hoster that simply shuts down your whole account if they get one abuse mail (for example URL shorteners).
Sometimes this feels like a lot of companies running around and screaming, trying to fix spam and scam mails.
Something people should also be aware of us that Blocklists tend to have a lot of power ready to be abused. Spamhaus, an infamous, award winning widely used Blocklist blocked a national domain registry (Austria), Google Docs IPs and did a lot of other smaller things basically on a whim.
I don’t want to single them out though. They seem to even be one of the better ones.
The good thing is that not using them and using more generic approaches works just as well or better.
$dayjob’s proxy provider blocked Codeberg a few days ago and I got a pretty swift “meh, nah” when I asked for it to be unblocked when I noticed it while evaluating some source code for a dependency I was considering pulling in. You know, doing my job. I’ll just end up looking at that source on my personal computer until I hit enough projects that doing so is a PITA or I can say, “Well, we can’t use ${IMPORTANT_DEPENDENCY} anymore because its source is hosted on a site we block so we’re going to have to implement a replacement plan if we can’t unblock it.”
When I was still running my own email, despite having never been on an open relay or spam blocklist, I had to contend with T-Mobile and Microsoft/Hotmail who didn’t like the whole netblock I was occupying at the time. I managed to find a human at T-Mobile but Microsoft took a while, and all this presupposed that the exception they entered wouldn’t disappear with a system update or policy change.
They do like to re-blackhole too. So you don’t even get notice that your mail was rejected. t-online.de on the other hand wants a valid imprint and you need to get your IP whitelisted, while they’re actively not using DMARC and SPF.
My residential IP address was once blocked by instagram for a month or so. I tested my IP with a bunch of IP address classification sites and finally found some 3rd rate site I never heard of that classified it as a VPN and malware source. Someone in my residential netblock was doing a bad thing, or maybe just running a TOR egress node*. The problem eventually went away.
[*] I’ve noticed that lots of web sites block TOR traffic, so it sucks to use TOR, and by extension, it would suck if some widely used blocklist thought your residential IP was a TOR node.
The post title is confusing; rather than “to be centralized”, it should be “from being centralized.”
Codeberg is a German organization, and I would guess that the authors are nonnative English speakers who are borrowing an infinitive construction that usually works the same way in German as it does in English but happens not to work the same way with the English verb “prevent”.
Sounds right. And, taking a second look at my title fix and it’s still confusing. How about…
“How blocklists keep the Internet from being centralized – and safe”
… though why that last version is “better” is something I couldn’t explain…
“from being centralized — and safe” has failed parallelism because you can interpret it as “from being centralized and from being safe”. “How blocklists prevent centralization and keep the Internet safe” or “How blocklists keep the Internet decentralized and safe” are both fine.
OK: I just hit some cognitive dissonance. And, scanning the article again didn’t resolve it.
Reading the title, I thought that the author meant the following:
In other words, blocklists harm both decentralization and safety.
But, reading the article, it isn’t now clear whether “decentralized implies safety” or “centralized implies safety”. In fact, all I’m getting is that “centralized blocklists are a PIA”. No idea where safety is supposed to fit into that model.
Oops yeah, I got it backward.
… which shows even more how confusing the post is…
I know. ;)
I didn’t write the post, though, I just posted a link and I think editing it to correct its grammar would not be appropriate.
Mike Hearn noted how PageRank (eigenvector approach) won the spam war for gmail. Providers privately share their local-view of IP address reputation scores.
I keep waiting for the Internet to move past the era of secret treaties. I want to read this thesis on applied federated learning.
Well that was a throwback
My reading of this situation is that Codeberg offers free code hosting, some bad actors take advantage of this to host malware there, and Codeberg would much rather that organizations that detect malware contact them to get it removed rather than placing the entire Codeberg site on a blocklist for hosting malware.
Welcome to modern email selfhosting, where microsoft blackholes entire hosting provider networks if one of them has a bad host.. (And some german state authorities use blacklists which require money to remove your IP from the “list of dynamic IPs”, from when your current IP belonged to some ISP.) On the other side I’m currently fighting a hoster that simply shuts down your whole account if they get one abuse mail (for example URL shorteners).
Sometimes this feels like a lot of companies running around and screaming, trying to fix spam and scam mails.
In a system without any centralized form of adjudication, vigilante justice is liable to emerge as an alternative. This is what we’re seeing here.
Something people should also be aware of us that Blocklists tend to have a lot of power ready to be abused. Spamhaus, an infamous, award winning widely used Blocklist blocked a national domain registry (Austria), Google Docs IPs and did a lot of other smaller things basically on a whim.
I don’t want to single them out though. They seem to even be one of the better ones.
The good thing is that not using them and using more generic approaches works just as well or better.
$dayjob’s proxy provider blocked Codeberg a few days ago and I got a pretty swift “meh, nah” when I asked for it to be unblocked when I noticed it while evaluating some source code for a dependency I was considering pulling in. You know, doing my job. I’ll just end up looking at that source on my personal computer until I hit enough projects that doing so is a PITA or I can say, “Well, we can’t use
${IMPORTANT_DEPENDENCY}anymore because its source is hosted on a site we block so we’re going to have to implement a replacement plan if we can’t unblock it.”When I was still running my own email, despite having never been on an open relay or spam blocklist, I had to contend with T-Mobile and Microsoft/Hotmail who didn’t like the whole netblock I was occupying at the time. I managed to find a human at T-Mobile but Microsoft took a while, and all this presupposed that the exception they entered wouldn’t disappear with a system update or policy change.
They do like to re-blackhole too. So you don’t even get notice that your mail was rejected. t-online.de on the other hand wants a valid imprint and you need to get your IP whitelisted, while they’re actively not using DMARC and SPF.
My residential IP address was once blocked by instagram for a month or so. I tested my IP with a bunch of IP address classification sites and finally found some 3rd rate site I never heard of that classified it as a VPN and malware source. Someone in my residential netblock was doing a bad thing, or maybe just running a TOR egress node*. The problem eventually went away.
[*] I’ve noticed that lots of web sites block TOR traffic, so it sucks to use TOR, and by extension, it would suck if some widely used blocklist thought your residential IP was a TOR node.