I like posting.
I like commenting.
I like reading people's posts.
I like reading people's comments.
I can't fucking do that here because the site is only working 1/3 of the time and halfway operational another 1/3 of the time, and finally, flat out broke the last 1/3 of the time.
Even when it's working, you have to wait, sometimes up to ten minutes, sometime more, before you can even view your own posts.
Icing on the cake is that it just keeps getting worse and worse.
Please tell me there's another Voat out there, somewhere.
view the rest of the comments →
go1dfish ago
You're all welcome at https://notabug.io I started it when Voat was having downtime issues a couple years back and have been working to make it reliable and fast since then.
Glory_Beckons ago
USERS MUST BE WARNED: This website hijacks your browser!
It constantly downloads and uploads data in the background. It begins doing this immediately upon visiting the site, without asking or telling the user about it. Most unnervingly, it continues to do this even after you close all tabs of the website. The only way to get it to stop is to completely shut down the browser. Check your network usage.
I'm not even sure how you managed to achieve that. I would have expected any JavaScript running in the background to terminate when the tab is closed.
Presumably this is some sort of p2p distribution scheme to serve content. But that is really just a guess, and giving you undue benefit of the doubt. The user has no way of knowing or controlling what you send and receive using their computer and internet connection. You don't even tell them that you're doing it. The fact that it doesn't stop until they shut down the browser doesn't really inspire trust.
I understand the benefits of distributed hosting, and applaud every effort to prevent censorship, but:
That trifecta makes your site shady as fuck.
Tagging the people who commented since they likely visited your site and may still have this running without their knowledge:
@blumen4alles @Wahaha @lord_nougat @ggolemg
Of course, there are many who clicked your link but never commented. They'll probably never know, unless they happen to come back and see this comment.
Wahaha ago
How did you monitor the network? Just doing network inspection via Firefox tools doesn't show shady traffic for me. (Firefox, Linux)
Glory_Beckons ago
I used bmon and arm (Linux terminal tools).
blumen4alles ago
Thanks for looking out for us! I read all of that, and go1dfish's reply (and your reply to that) - that is quite spooky to have a site still sending & receiving data after you close its tab, or even to suspect it.
I have not noticed anything like that, though I don't monitor my traffic that closely. I do however disconnect from the internet when I am not using it, and monitor my cpu load constantly. As well as now decades of experience going on sites that may be malicious (usually to pirate stuff).
If you are able to duplicate this happening please do ping me.
For now, I will keep an eye out for this, but I don't think there is anything malicious with go1dfish's sites. They seem like a good goat who is just trying to provide alternatives for our community should Voat go down. They people behind Poal are/were also Voaters. I applaud their efforts, which usually get funded out of their own pockets, and they spend long hours making things better.
It does work differently than other sites, you can tell by the way it loads content. I won't pretend to understand exactly how it works, but I don't think any of my using those sites has harmed me or my machine in any way.
Still I love a good conspiracy, and what you described if really happening - oh my. If this is really happening can we please not call it "XXXX-gate"? I hate when they do that shit, so gay.
Glory_Beckons ago
No worries man. It was really freaky. Especially the continued traffic after closing the tab, I don't know how that's possible.
I'm really kicking myself for not taking screenshots or looking further into what exactly was being sent. I'm really curious what was actually going on now. But didn't have much time then, and prioritized posting the warning. Oh well, better a false alarm than no alarm.
Wahaha ago
Since browsers adopted the "tabs-are-their-own-thing" philosophy, I could imagine closing a tab without really stopping the process. Like the old firefox error where you can't start it, since it detects an old instance running, even though you closed it. And then it maybe had a page open with the chat and since lots of goats went over there yesterday, they generated traffic, which isn't reproducible now that the site doesn't experience lots of goats fooling around with it.
That's my try at explaining it without assuming malicious intent from anyone.
Glory_Beckons ago
Yeah, I was thinking about that too. The additional traffic might also have triggered Cloudflare to be more aggressive, and maybe block Tor traffic, causing infinite retries and slow loading.
Whatever it was, I can't reproduce it now.
go1dfish ago
If you could explain a bit more about what you are seeing here I could help you diagnose it.
Notabug does not attempt to, and as you mention has no real means to communicate in the background after you close all tabs.
It uses websockets (socketcluster specifically) for data transfer, and is entirely realtime so it's normal for it to maintain a persistent data connection, but not normal for that to persist after you close it. The only site it talks to this way is notabug.io itself.
It's also not engaging in distributed hosting from your browser yet though this is planned in the future as an opt-in feature.
Glory_Beckons ago
It's not happening now. It was when I posted that comment.
The site as a whole is also much more responsive now. It was very slow opening posts to read comments before. Sometimes it would just hang on "waiting for data", showing the matrix of 9 blinking dots forever. Now, it often doesn't show that at all and just loads comments right away.
At first I figured it was just a buggy and slow site. Noting that @ggolemg also commented that it was slow reinforced this. I closed the tabs I had open, and moved on thinking nothing more of it.
Hours later, I happened to notice my network usage fluctuating at around 300 - 500 kB/s both up and down stream, even though I wasn't expecting any network traffic. I investigated, ultimately tracking it down to the browser I was using for Voat, in which I also opened your site (though those tabs were long gone). Closing the browser made network traffic drop to 0 instantly.
Having a hunch it was your site, since it was the only new thing I visited, but doubting myself since the tabs had been closed hours ago, I set about reproducing the condition. I tested it twice, in a clean VM, with nothing else running. Both times I was able to reproduce it. This is what I did and observed:
Again, I repeated this twice with nothing else running. Browser was up to date and auto-updates are off anyway. Strange traffic started immediately upon loading your site, and stopped immediately upon closing the browser. But no effect closing the tab.
The steady rate was notably lower in my tests than when I first noticed the phenomenon "in the wild". I assume this is either because the tab wasn't open as long or, more likely, because I only had one tab open. I didn't bother investigating further, since it was clear your site was causing the strange traffic and, from my perspective, the obvious fix is to simply not visit your site anymore.
Attempting to reproduce it now, I'm not seeing anything unusual at all. Only a ~100 Byte blip every 10 seconds. Probably keep-alive for the websockets.
If this isn't you, and you haven't changed anything in the last 9 hours, I would be concerned about a potential breach or injection of malicious code.
If I happen to encounter it again, I'll have a closer look and maybe take some screenshots or a video to show you.
go1dfish ago
Thanks for the response.
A much older version of the site used service workers (as is default with create-react-app) I wonder if perhaps that was related. If you were testing in a clean vm there is no way you would have gotten that old code though; and even then there was nothing there that should be causing traffic after closing tabs.
While a tab is open, it's normal for notabug to continue using traffic, there are periodic keep-alive pings and also any changes on the site are live broadcast so you see the changes (most commonly chat) If you open a browser inspector you can see this in the /socketcluster request
The only thing it should be connecting to is notabug.io (through cloudflare) Under no circumstances to visitors connect directly to each other or anything like that right now.
Currently notabug.io and nab.cx are running slightly different frontend versions but talking to the same backend.
Glory_Beckons ago
I've played around with it some more and cannot reproduce it. I'm kicking myself for not taking screenshots or digging more earlier.
Have you really no changed anything since I posted my original comment? It was behaving very differently... the whole site was sluggish, and now is perfectly responsive.
I didn't check what it was connecting to, just the amount of traffic. The p2p hypothesis was based on your GitHub saying:
I think I only ran the tests with notabug, but I had opened nab as well before that.
One possible explanation might be a combination of my using Tor, your server using Cloudflare, and your client attempting to fetch live updates. Cloudflare sometimes decides to intercept Tor traffic and either block outright or replace the response with a captcha challenge.
What would happen your update attempts were blocked, or received a CloudFlare "Attention Required!" captcha challenge as the response, instead of the expected response data? Would they retry? Would they retry instantly? Is the retry implemented as a callback of sorts, that might persist after closing the tab as long as it keeps looping? That might explain the constant inbound traffic.
Looking at your normal traffic though, it looks like any inbound update is accompanied by a smaller, but simultaneous and more or less proportional outbound spike. Like this or this. Maybe that would explain the similar constant outbound traffic?
Not sure why I can't reproduce it now though. Maybe down to CloudFlare being extra aggressive yesterday?
This is a lot of speculation though.
Wahaha ago
I tried the site yesterday, but it didn't feel sluggish to me. (Ryzen 7 1800x)
Thanks for the heads up, btw.
go1dfish ago
Haven't touched anything since sunday, and even that wasn't live.
It would retry the websocket connection this is handled by socketcluster.io
That still wouldn't explain behavior after closing the tab, it might cause weirdness if the tab was left open and cloudflare blocked you though.
What happens is your browser is subscribed to one or more lists of ids for whatever you're looking at. When a new item comes in you get the id. Your client has to request the data for that new content though and this causes some outbound traffic. I think there may be some cases where it does this unnecessarily for data you already have though.
This is why I suggested looking at the browser inspector. All of the traffic (other than fetching the js/images) happens over the /socketcluster connection and you can watch all the incoming and outgoing messages and they are largely readable and understandable.
blumen4alles ago
It is a great site, especially for seeing what reddit censors, doesn't load the comments on my Firefox based browsers though, so I have to use Brave or Opera usually. I try to mention it in comments here when appropriate so more goats know about it. Thanks for creating/maintaining it!
go1dfish ago
You're thinking of https://snew.notabug.io which is different. Your issues are likely due to content blockers disliking snew.notabug.io making offsite access to oauth.reddit.com and api.pushshift.io if you whitelist that stuff you should be fine.
https://notabug.io is newer, and totally separate from reddit, though it does reuse the UI style/code. The backend is all new and maintained by me and designed for eventual decentralization.
blumen4alles ago
Huh, I will try whitelisting those. Thanks for the tip! I keep my main browsers locked down, only use the others when I have to.
I really dig the nab.cx appearance. What is firehose, does that just display any recent site input?
go1dfish ago
Yeah the firehose is all submissions comments and chat as it happens
Wahaha ago
Where is the light offs button?
lord_nougat ago
Oh, that's the one that says "Delete account" on it.
go1dfish ago
https://nab.cx
Alternate frontends and configs, same backend.
Eventually, the plan is to allow anyone to point their domain to my service and customize the config for it. That way you can build your community at a url you own and if I become a tyrant you can take your ball to some other home.
Wahaha ago
I like the idea. Thanks for sharing, will check this out.
I also read you want to make this easy for others to set up. Are you familiar with containers and stuff, like Docker? That could make setup pretty easy, while allowing you to keep the necessary complexities.
go1dfish ago
Yeah I'm familiar with docker, and would like to offer docker setup eventually but dont want it to be a requirement.
I want you to be able to clone the repo, yarn build, yarn start (answer some config questions at some point) and have a running peer.
This doesn't preclude more advanced multi-machine setups; but that's what I want to be the default. This is another reason I moved away from redis; I can embed lmbd in node as just a npm install.
It's not there yet, but getting quite a bit closer.
SearchVoatBot ago
This comment was linked from this anonymous v/NiggersAnonymous comment.
Posted automatically (#70416) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here. (@go1dfish: Click here to suppress your anonymous crosslink notifications)
ggolemg ago
Thank you for it, I just wish it wasn't so slow. What would help the situation? Can we look at running the gun.db on redis maybe? Let me know how I can help.
go1dfish ago
It's slow for you now? Is it overusage of CPU, network latency etc...?
I did run things on redis for a a while but moved to lmdb.
Part of the slowness is inherent to the model, the idea is to let the client have end say over filtering and end view so it gets sent more data than it would get otherwise. Things are designed so the server can be relatively dumb and scalable.
The next stage of it is for me to return the site to doing http requests for gets rather than using websockets and this will potentially allow for more cdn cacheing etc...
Once I finish that up (probably next weekend) I'll do another writeup over the state of nab's design and try to get more devs involved.
This design will be amenable to moving the db back to redis, but that gets potentially quite expensive as data grows.
A goal of my design is for it to be cheap to operate and ideally easy to setup. Still working on the easy setup bit but getting closer. The newer design should allow for easy setups using lmdb, or more advanced setups using redis on the same codebase.
Code is at:
https://github.com/notabugio/ and https://github.com/chain-gun