this post was submitted on 08 Mar 2024
50 points (72.7% liked)

Technology

59232 readers
4455 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The author examined the distribution of instances in the fediverse. Given that many instances are hidden behind CDNs like Cloudflare or Fastly, the author employed ActivityPub's functionality to discover the actual hosting locations of servers. More than half (51%) of the fediverse is hosted within a single hosting company. The author suggests that the fediverse hosted mostly with a few major providers, deviates from its initial objectives.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 8 months ago

Anyone concerned with that threat model can host their own instance on whatever hardware they want.
They could have the middleware load balanced over aws/azure/gcp/hetzner/at-home and have load-balanced replicated postgres also running on those hosts.
They could use CDN & threat protection from those cloud providers as well as cloudflare. And really distribute the threat of that situation.
But nobody wants to fork out $$$ every month before they are even scaling to thousands of users, never mind the added complications of middleware from one provider trying to interact with a load balancer on another provider which is forwarding to postgres on a different provider, let alone geographic latencies.
Then trying to manage that, never mind the headache of an update.

But, if that is someones threat model, then they CAN work around it.

Companies owning the actual servers and infrastructure is at the level of enormous scaling (like twitter) or high risk (like banking, even then chances are they are running hardened systems that would be secure on anything).
Most companies will pass that responsibility off to a single provider, and rely on that providers skills/services for uptime