Thoughts

Short thoughts, notes, links, and musings by . RSS

Hosting Ozone behind nginx

Bluesky has released Ozone, a community moderation tool for the network. Although all Bluesky users get the default moderation out of the box, they can also subscribe to any of a number of user-created and run "labelers" (which you can see in this Bluesky list, or on this website).

Some of them label posts with content that could trigger various phobias, some label posts from Twitter, some label AI generated images, some hide spoilers, and some label... posts of beans. Others build an additional entire moderation layer on top of the defaults.

Honestly, I think it's a pretty cool approach to moderation.

So, of course, I wanted to try it out for myself. I've created a labeler to mark crypto spam: @cryptolabeler.w3igg.com. If you subscribe to the labeler, you'll see some blatant cryptospam posts marked with labels (or hidden, if you choose). You'll also see an option in the reporting screen to report posts to my labeler service:

Select moderator To whom would you like to send this report?  Bluesky Moderation Service @moderation.bsky.app   Crypto Labeler @cryptolabeler.w3igg.com

The setup guide is pretty straightforward, but because it's so new, it doesn't have much detail about running Ozone with different infrastructure. Because I'm running the labeler service on a VPS I use for a few different things, and because I already have nginx running there, I didn't want to stand up Caddy alongside it. So, in case it's helpful to others, here's how I got Ozone running behind nginx:

  1. Follow the HOSTING.md instructions, but skip the "Create the Caddyfile" step.
  2. After copying the compose.yaml file, delete the entire caddy: block.
  3. Configure nginx as a reverse proxy. Here's the relevant block in my configuration:
server {
    server_name ozone.w3igg.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ozone.w3igg.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ozone.w3igg.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass http://127.0.0.1:3000;
    }
}

Lines 4–8 are autogenerated by Certbot and shouldn't be added manually. If you want to use Certbot/Let's Encrypt for your SSL certificates, the command is: sudo certbot --nginx -d ozone.w3igg.com (obviously replacing ozone.w3igg.com with your own domain).

For more detail on labelers, check out this great blog post by Kairi !

"How web bloat impacts users with slow devices"

Dan Luu benchmarked a bunch of different web platforms to illustrate the bloat that makes some of them completely unusable on lower-end mobile devices. His analysis was incredibly illuminating, and I thought his comments on CPU vs. bandwidth were interesting:

It's still the case that many users don't have broadband speeds, both inside and outside of the U.S. and that much of the modern web isn't usable for people with slow internet, but the exponential increase in bandwidth (Nielsen suggests this is 50% per year for high-end connections) has outpaced web bloat for typical sites, making this less of a problem than it was in 2017, although it's still a serious problem for people with poor connections.
CPU performance for web apps hasn't scaled nearly as quickly as bandwidth so, while more of the web is becoming accessible to people with low-end connections, more of the web is becoming inaccessible to people with low-end devices even if they have high-end connections.

I also liked his callout on LCP, which fits well with some of my recent complaining about web animations:

As sites have optimized for LCP, it's not uncommon to have a large paint (update) that's completely useless to the user, with the actual content of the page appearing well after the LCP. In cases where that happens, I've used the timestamp when useful content appears, not the LCP as defined by when a large but useless update occurs.

He rightfully points out some of the issues with "Core Web Vitals", such as its omission of CPU time: "if a page has great numbers for all other metrics but uses a ton of CPU time, the page is not going to be usable on a slow device". Perhaps it ought to be added, given that it is considerably more challenging to teach to the test when it comes to CPU — that is, optimize for the metrics rather than make meaningful improvements to the end user experience.

This is also incredible:

While reviews note that you can run PUBG and other 3D games with decent performance on a Tecno Spark 8C, this doesn't mean that the device is fast enough to read posts on modern text-centric social media platforms or modern text-centric web forums. While 40fps is achievable in PUBG, we can easily see less than 0.4fps when scrolling on these sites.

I liked his notes about how attempts to optimize for slow devices through lazy-loading are often counterproductive:

Sites that use modern techniques like partially loading the page and then dynamically loading the rest of it, such as Discourse, Reddit, and Substack, tend to be less usable than the scores in the table indicate. Although, in principle, you could build such a site in a simple way that works well with cheap devices but, in practice sites that use dynamic loading tend to be complex enough that the sites are extremely janky on low-end devices. It's generally difficult or impossible to scroll a predictable distance, which means that users will sometimes accidentally trigger more loading by scrolling too far, causing the page to lock up. Many pages actually remove the parts of the page you scrolled past as you scroll; all such pages are essentially unusable. Other basic web features, like page search, also generally stop working. Pages with this kind of dynamic loading can't rely on the simple and fast ctrl/command+F search and have to build their own search.

Some other excellent points:

There are two attitudes on display here which I see in a lot of software folks. First, that CPU speed is infinite and one shouldn't worry about CPU optimization. And second, that gigantic speedups from hardware should be expected and the only reason hardware engineers wouldn't achieve them is due to spectacular incompetence, so the slow software should be blamed on hardware engineers, not software engineers. ... 
Another common attitude on display above is the idea that users who aren't wealthy don't matter. When asked if 100% of users are on iOS, the founder of Discourse says "The influential users who spend money tend to be, I’ll tell you that". 
CPU performance for web apps hasn't scaled nearly as quickly as bandwidth so, while more of the web is becoming accessible to people with low-end connections, more of the web is becoming inaccessible to people with low-end devices even if they have high-end connections.

finally, the runes project has brought memecoins to the bitcoin blockchain. at long last, we can finally buy PEPE•WIT•HONKERS

List of Runes tokens: UNCOMMON•GOODS Z•Z•Z•Z•Z•FEHU•Z•Z•Z•Z•Z DEGENS•WIF•HATS MASSIVE•PILE•OF•SHIT PEPE•WIT•HONKERS RUNESTONE•PUPS HODL•DIAMOND•DICK

The SEC is asking the judge in the Terra lawsuit to order $4.2 billion in disgorgement, a $420 million penalty against Terraform Labs, and a $100 million penalty against Do Kwon.

PLAINTIFF’S MOTION FOR FINAL JUDGMENT AGAINST DEFENDANTS Plaintiff Securities and Exchange Commission (“SEC”) respectfully moves the Court to enter final judgment against Defendants Terraform Labs PTE LTD. and Do Hyeong Kwon (collectively, “the Defendants”). On April 5, 2024, the jury returned a verdict against the Defendants on all counts. For the reasons set forth in the SEC’s memorandum of law and the accompanying declarations of Avron Elbaum and Donald Battle, submitted herewith, the Court should (1) enjoin Defendants from further violation of Sections 5 and 17(a) of the Securities Act of 1933, and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder; (2) jointly and severally order them to pay disgorgement of $4,192,147,847 plus $545,748,909 in prejudgment interest; (3) ordering Terraform and Kwon to pay a $420 million and a $100 million civil penalty, respectively; (4) imposing a conduct-based injunction on Defendants, and an officer-and-director bar on and a sworn accounting from Kwon; and (5) holding that the fraud- related monetary remedies imposed on Terraform are non-dischargeable in bankruptcy, and enter final judgment.

They also want Kwon banned from serving as an officer or director of a publicly traded company.

Kwon has opposed any injunction or disgorgement against him, and says that the potential penalties should be somewhere around $250,000–$300,000.

it is extremely funny to me that a lot of the people who want to slash or repeal Section 230 are the same people condemning NPR's Katherine Maher for her past comments they think are "anti-First Amendment"

in those comments she is actually describing the free speech protections afforded by Section 230 (although Rufo et al have ignored where she said those protections were "very important" and instead spun her comments as though she was criticizing it)

slashing or repealing 230 is the real anti-free speech issue here; certainly not Maher's comments supporting it

A campaign against NPR's new CEO, ex-Wikimedia Foundation Katherine Maher, is trying to portray her as "anti-truth" and "anti-First Amendment" by taking quotes out of context from her past talks about Wikimedia. As a longtime Wikipedian, I think I can give a little more context about these statements — but I recognize that the people behind this campaign are, ironically, not looking for the facts.

In this video, I also go into the idea of "verifiability, not truth" — a Wikipedia philosophy that is controversial both on- and off-wiki.

just dug up a book i made when i was five. not too much has changed.

A page in a book: "About the Author / This book was written and illustrated by Molly Allen White, age 5. Molly lives in Rockport, Maine. For fun, Molly likes to play the computer."<br>
A pink hardcover book with an inset chid's illustration of a book called "Molly's Life". Below that is printed "Molly's Life by Molly Allen White"

was briefly baffled by this CAPTCHA until i realized it was asking me to identify the animal that was bigger in real life than the other animals in the picture, not the animal that, in real life, is bigger than roughly 1cm

A CAPTCHA with the instructions "Please click on the thing that is bigger in real life". The image is a multicolored backgrounds with square patterns, with small photos of crabs, birds, and a panda superimposed.

we are rapidly approaching the point at which CAPTCHAs clever enough to keep the bots out are too confusing for the humans

really upsetting to see former Wikimedia Foundation director and CEO Katherine Maher getting targeted by the rightwing outrage machine in her new role as NPR CEO. she's wonderful, and NPR is lucky to have her. i hope they stand behind her.