Martin writes on Mastodon: “So apparently dang and the HN crowd are so upset I wrote some messages for HN visitors to our website, that they now banned my home IP address ”
I think HN has more than earned the benefit of the doubt here. I've been visiting this forum well over 10 years and have never noted heavy handed moderation[1]. When I've looked at banned users there is always a clear track record of abuse/violation of rules/spamminess. HN breaks sometimes but there's a big difference between intentional and unintentional DoS
OK let’s talk about how your shitty programming confuses someone opening too many tabs with somebody doing a DOS attack. Let’s be real you’re probably the reason why because you ban people for political speech you disagree with.
This is perfectly demonstrated by the fact you did not comment on the original post, but instead commented on the post, criticizing the original post, which then you criticize, making you the exact same hypocrite that you excoriate.
Actually I (we) don't ban people for political speech we disagree with. Politically passionate people assume we do, but this is an illusion—a total illusion, in fact. Everyone with strong feelings is certain that the mods are against them (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...) - it is a reflexive bias (no doubt hard-wired in all of us somehow) and people only ever perceive it as going in one direction: against them, their tribe, their side. Even their country. I got accused of being anti-British not long ago!
If you or anyone would like to see examples of how accurate these perceptions are, here's a list I put together a while ago: https://news.ycombinator.com/item?id=26148870. I could update it, but why? The phenomenon never changes.
The short version is that they are not accurate at all about the mods (how could they be? they're entirely contradictory). But they are highly accurate indicators of the politics of the percevier.
Bigotry is a bad look. It's not more acceptable because of your target, either. This sort of communication breaks down goodwill between groups of people.
It's easy to assume one was manually blocked when you go to use a site for the first time one day and you're not allowed to post. Doesn't require any self-centeredness, it's just the simplest answer. "Huh, I was banned... but why?"
Because they're white and male? Get your philosophy in order. If you're against bigotry, then you ought to be against prejudice against all groups or you're just a garden variety, man-hating hypocrite.
I dunno, I block people on Mastodon who are angry and a lot of them are angry at white cishet men and it takes just one post about how somebody is angry at that sort of person, is angry because they aren't comfortable in their own skin, or sees fascists everywhere (Keir Starmer!) the way John Birch Society members see communists everywhere (Eisenhower!) for me to block.
I block keywords like t3s too, not because I have a problem with the people fundamentally but because their angry toots are bad for my mental health and get in the way of enjoying all the really positive or at least neutral people.
HN has been under a botnet attack for several days. We had to lower the threshold for certain types of blocking in order to keep the site up. Unfortunately that leads to false positives, meaning some IP addresses of legit users get blocked. (It's not easy to distinguish between a legit user who is e.g. opening a bunch of tabs at once, from a distributed botnet sending a handful of requests from a massive number of IPs.)
I'm sorry! I know it's a pain and we're trying hard to avoid it. But it has nothing to do with any individual user. How would we even know who's accessing HN unless they tell us?
This sort of automatic block clears itself in 3 days, and in the meantime anyone in this situation can unban their IP as described at https://news.ycombinator.com/newsfaq.html. (You have to do that from a different IP address, of course.)
People are, of course, also welcome to email hn@ycombinator.com to get this kind of thing fixed. It's easy to take care of in specific cases and we're happy to help anyone.
Edit: I just cleared all those IP blocks from any time before 24 hours ago, so hopefully that will help.
Thank you for mentioning this! I tend to open a lot of tabs all at once and then read them one at a time. I got hit with the 403s suddenly the other day (when setting up a new laptop, terrible timing) and it flabbergasted me for about 45 minutes. When I got to the office it all worked just fine, so I never had closure.
I'd been informed of this after being caught up in the block myself yesterday, as noted in another Fediverse thread that's looking for cases of abuse in HN's moderation:
I frequently browse HN unauthenticated, both from a tablet I'm desperately trying to keep from becoming a timesuck itself (somewhat unsuccessfully), and when doing quick checks and searched on HN (something I do a lot) from a private/incognito browser session.
It's also useful to verify issues, such as I had with a submission of mine yesterday which was itself autokilled based on the domain. I'd posted an archive of the original URL from a now-dead site, using the archived version which includes the comments (Internet Archive's Wayback Machine does not, for some reason): <https://news.ycombinator.com/item?id=37732186>
Dang quickly undid the kill, but I couldn't actually validate it myself given the botnet mitigations.
(And the post has done much better than I'd expected.)
I'd forgotten the self-service IP unbanning option, though putting that outside HN's protected IP space (or at least in a different one) might be helpful.
Bots and spam are an impossibly hard problem to crack. Google had to change the digital landscape of email in order to fight spam, and even then, the job is never finished.
The worst part though is knowing that legitimate users will get caught as collateral damage.
> How would we even know who's accessing HN unless they tell us?
My browser sends a cookie telling HN it's me. More advanced tooling would let you allow-list aged accounts with > 1000 karma in, while blocking a different subset. Of course, once that becomes known, then the attacking botnet will just use aged accounts with > 1000, so it's a game of cat a mouse.
What this really speaks to though is that HN has now garnered the attention of a sufficiently motivated attacker that more advanced technology is required to block them. Fighting it yourself takes away from time spent on moderation, among other things. Maybe it's one attacker and they'll get bored after their attempts prove fruitless, but maybe they won't. Either way, this is why Cloudflare's bot shield and others like it are so popular. A recaptcha in order to submit a comment wouldn't be the worst thing, though I'm sure there will be many loud shouty voices against it, but that's the unfortunately the nature of running any popular site on the Internet these days.
Yes, that's what I mean: if people log in, then we know at least a bit about who's accessing the site. But the particular blocks I posted about above only apply to logged-out users. Logging in immunizes you from them immediately.
Or rather, presumably Hector Martin's connecting to HN via a logged in browser and experiencing the block, which shouldn't apply to logged-out users, so I'm guessing there a bug/disconnect somewhere (could be in my parsing of your original comment).
No one connecting via a logged-in browser would have been blocked by this code.
Edit: there are two exceptions—accounts we blocked because they were running crawlers that didn't respect HN's robots.txt—but both have been blocked for much longer than a few days.
Based on other posts in that thread though, he also appears to be behind CG-NAT, which is always a confounding factor for IP-based blocking. Maybe someone else on his netblock is running that crawler.
If someone wants to tell me the username, I'd be happy to look into what happened. Without the username, I don't know of any way to check this particular case—all I can say is what changed during those few days, and what changed is that we blocked more IPs that were making logged-out requests; logged-in requests would not have been affected.
Since that link refers to opening HN in an incognito window—and all those requests would be logged-out—most probably it was that activity that triggered the block. As I think I said elsewhere, it's hard to distinguish between a legit user accessing a bunch of HN links in various tabs, and a distributed botnet making similar handfuls of requests from a million different IP addresses.
What I can tell you for sure, though, is that the claim that we were targeting any individual user is quite false. Isn't that the main point?
33 comments
[ 3.6 ms ] story [ 195 ms ] thread(Hector Martin, a.k.a marcan, was also a target of the lawsuit)
[1] I don't like the shadow banning though
https://news.ycombinator.com/newsguidelines.html
This is perfectly demonstrated by the fact you did not comment on the original post, but instead commented on the post, criticizing the original post, which then you criticize, making you the exact same hypocrite that you excoriate.
Actually I (we) don't ban people for political speech we disagree with. Politically passionate people assume we do, but this is an illusion—a total illusion, in fact. Everyone with strong feelings is certain that the mods are against them (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...) - it is a reflexive bias (no doubt hard-wired in all of us somehow) and people only ever perceive it as going in one direction: against them, their tribe, their side. Even their country. I got accused of being anti-British not long ago!
If you or anyone would like to see examples of how accurate these perceptions are, here's a list I put together a while ago: https://news.ycombinator.com/item?id=26148870. I could update it, but why? The phenomenon never changes.
The short version is that they are not accurate at all about the mods (how could they be? they're entirely contradictory). But they are highly accurate indicators of the politics of the percevier.
It's easy to assume one was manually blocked when you go to use a site for the first time one day and you're not allowed to post. Doesn't require any self-centeredness, it's just the simplest answer. "Huh, I was banned... but why?"
Because they're white and male? Get your philosophy in order. If you're against bigotry, then you ought to be against prejudice against all groups or you're just a garden variety, man-hating hypocrite.
I block keywords like t3s too, not because I have a problem with the people fundamentally but because their angry toots are bad for my mental health and get in the way of enjoying all the really positive or at least neutral people.
I'm sorry! I know it's a pain and we're trying hard to avoid it. But it has nothing to do with any individual user. How would we even know who's accessing HN unless they tell us?
This sort of automatic block clears itself in 3 days, and in the meantime anyone in this situation can unban their IP as described at https://news.ycombinator.com/newsfaq.html. (You have to do that from a different IP address, of course.)
People are, of course, also welcome to email hn@ycombinator.com to get this kind of thing fixed. It's easy to take care of in specific cases and we're happy to help anyone.
Edit: I just cleared all those IP blocks from any time before 24 hours ago, so hopefully that will help.
<https://toot.cat/@dredmorbius/111161109931108606>
I frequently browse HN unauthenticated, both from a tablet I'm desperately trying to keep from becoming a timesuck itself (somewhat unsuccessfully), and when doing quick checks and searched on HN (something I do a lot) from a private/incognito browser session.
It's also useful to verify issues, such as I had with a submission of mine yesterday which was itself autokilled based on the domain. I'd posted an archive of the original URL from a now-dead site, using the archived version which includes the comments (Internet Archive's Wayback Machine does not, for some reason): <https://news.ycombinator.com/item?id=37732186>
Dang quickly undid the kill, but I couldn't actually validate it myself given the botnet mitigations.
(And the post has done much better than I'd expected.)
I'd forgotten the self-service IP unbanning option, though putting that outside HN's protected IP space (or at least in a different one) might be helpful.
The worst part though is knowing that legitimate users will get caught as collateral damage.
> How would we even know who's accessing HN unless they tell us?
My browser sends a cookie telling HN it's me. More advanced tooling would let you allow-list aged accounts with > 1000 karma in, while blocking a different subset. Of course, once that becomes known, then the attacking botnet will just use aged accounts with > 1000, so it's a game of cat a mouse.
What this really speaks to though is that HN has now garnered the attention of a sufficiently motivated attacker that more advanced technology is required to block them. Fighting it yourself takes away from time spent on moderation, among other things. Maybe it's one attacker and they'll get bored after their attempts prove fruitless, but maybe they won't. Either way, this is why Cloudflare's bot shield and others like it are so popular. A recaptcha in order to submit a comment wouldn't be the worst thing, though I'm sure there will be many loud shouty voices against it, but that's the unfortunately the nature of running any popular site on the Internet these days.
Yes, that's what I mean: if people log in, then we know at least a bit about who's accessing the site. But the particular blocks I posted about above only apply to logged-out users. Logging in immunizes you from them immediately.
Edit: there are two exceptions—accounts we blocked because they were running crawlers that didn't respect HN's robots.txt—but both have been blocked for much longer than a few days.
* https://social.treehouse.systems/@marcan/111165508206292497
Based on other posts in that thread though, he also appears to be behind CG-NAT, which is always a confounding factor for IP-based blocking. Maybe someone else on his netblock is running that crawler.
Since that link refers to opening HN in an incognito window—and all those requests would be logged-out—most probably it was that activity that triggered the block. As I think I said elsewhere, it's hard to distinguish between a legit user accessing a bunch of HN links in various tabs, and a distributed botnet making similar handfuls of requests from a million different IP addresses.
What I can tell you for sure, though, is that the claim that we were targeting any individual user is quite false. Isn't that the main point?