Codex Library


Read the latest posts from Codex Library.

from noirscape

Oh boy... time to get writing about the Fediverse again. Well, that's gonna be fun. Let's talk about blocking instances. Or specifically, I want to help people understand what an instance block actually does, what it doesn't do and the method you can use to -completely- block an instance.

Instance blocking

So, as disappointing as it is, the internet isn't just filled with happy go lucky people who just want a casual chat. It's also filled with several bad actors. People who, if given half the chance, will actively promote hateful or inciting content.

These people also, for somewhat obvious reasons flock to decentralized software, such as Mastodon and Pleroma.

To counteract this, both Mastodon and Pleroma offer control over what instances are shown to the user. Mastodon offers domain suspensions or removal from it's global timeline, whereas Pleroma offers the “MRF”, which offers the same features as Mastodon offers, but can also be used to for example enforce CWs or marking images as NSFW on all incoming posts from an instance.

I'm not here to name any instances or what kind of block policy you should enforce. That isn't my duty. There are many blocklists and block advisories out there that you can use to see what instances are awful and which are not.

Instead, let's talk for a moment about how this affects federation.

What an instance block does.

If you block an instance through Mastodon or Pleromas interface, what you end up doing is stopping users on your instance from accessing the blocked instance through yours. In a sense, it's the equivalent of muting a user on Twitter, except it's applied to your whole instance.

This is all it does. It's essentially a firewall against incoming messages from another instance.

What an instance block doesn't do.

An instance block is not a silver bullet against stopping harassment or harassing users. While it prevents their harassment from landing in your users inboxes, it doesn't stop them at all from reading the statuses your users post on their accounts.

As a result, an instance block is entirely one-way. To illustrate this, I think it's best to give a sample situation.

Meet our three users. Alice, Bob and Caroline. Alice hosts an instance on the fediverse that Bob makes use of. Caroline is on another instance. Thanks to the power of the fediverse, Caroline can see Bobs statuses and the other way around.

Now, suddenly, Bob and Caroline have a huuuge fight, and it ends up with Caroline publishing doxxing information about Bob on her account. Alice in response blocks the instance Caroline is posting from, as Caroline's instance refuses to clean up the doxxing.

However... Caroline can still see Bobs statuses and can still keep track and find new information to harass him with.

This is an inherent failing in the way both Mastodons domain suspension and the MRF that Pleroma offers are designed, and one that is nigh impossible to counteract through how Mastodon and Pleroma are designed.

How to completely block an instance.

That said, there is still a way for Alice to completely stop Caroline from reading Bobs statuses through her instance. This is by blocking the IP address of Carolines instance.

Before I'll continue with an example on how to do this, I'll quickly explain why neither Pleroma nor Mastodon implements this in a nice frontend in a somewhat technical manner. If you don't understand it, you can safely skip this paragraph and just assume that they can't do it. It specifically has to do with how an admin is expected to set up applications that these two utilities are written in. Specifically, the intent is to reverse proxy the actual (sub)domain to the port on which Pleroma and Mastodon run on. Under normal circumstances, the IP address that is used to visit your instance is properly passed along to the reverse proxied IP, but if the webserver is improperly configured, this is not a guarantee and the server could end up sending along it's own IP, which if a UI version of this could end up blocking a server from accessing it's own instance. Then there's also the issue that there are a number of fediverse service providers that will set up a Mastodon instance for you if you fork over enough money. These instances often end up sharing IP addresses, which can result in an IP ban overreaching it's intended domain block and banning several innocuous instances.

With that out of the way, let's take a look on how Alice could stop Caroline from reading Bobs statuses. The following instructions are intended for firewalld, the default firewall that comes installed with Fedora server.

  1. Obtain the IP of Caroline's instance. There are a number of methods to do this. For example, we could use the dig command to look at the A record of Carolines instance. There are options for this, which I recommend you look up yourself.
  2. Alice logs in on her instance's VPS.
  3. Alice runs the following command: firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='IPADRESSHERE' reject", replacing IPADRESSHERE with the IP she obtained from step 1.
  4. Alice reloads firewallds config: firewall-cmd --reload
  5. Done.

Alice has now succesfully stopped Carolines instance from being able to even access Alice's instance. The firewall stops Carolines instance at the door by rejecting access instantly.


Of course, Alice, Bob and Caroline are fake in this situation, but it does illustrate that it is entirely possible to completely stop an instance from reading your statuses on the Fediverse. It's just not possible if all you're going to do is enable a domain suspension or reject them through MRF.

It takes a little more effort than that, but it's still possible.


from tn5421

After having this blogging platform recommended to me by somebody on the fediverse, I decided that it might be in my best interests to check it out. I may have a wordpress but it's not like I'm married to the platform. All I've really done is configure a theme that I like, after all.

I didn't really have anything in mind to blog about today, so I guess I'll just rant about stuff.

It took me all of about 2 hours to figure out why my steam wouldn't launch today. As it turns out, the nvidia graphics driver didn't install 100% correctly when I upgraded to Linux Mint 19. The fix was amazingly simple; change to the open source driver and back, then restart.

Then I played a bunch of casual Rocket League with a friend, which was nice. He wasn't very good at the game but I already knew that going in, so we just played for fun.

I've been procrastinating on doing anything productive since then other than some miscellaneous tinkering.


from providence


Well, well, that really didn't take long. Only 5 days!

With this release, I bring you an Existing Content logger. This completely new script aims to permit you to grab all existing data from a Guild, a Channel or a DM so that everything is properly preloaded.

There are also numerous tiny fixes to templates and a role overview on the user details page. To be able to properly use that if you're coming from 1.0, you'll need to use the existing logger to grab the entire guild.

The other big change is that all templates are now using url_for() if they are referring to other endpoints. This is in preparation of the next release (which should only take a day or so after this one), where I'll be implementing the Frozen-Flask library, which will allow you to statically deploy your archives.

Details on that will come later, but for now, enjoy this changelog!

You can grab the latest release from the git repo!


from providence


Well, hello one and all to the new Providence changelog blog.

Here I'll more or less be talking and showing off Providences features. Today? I have released 1.0! The very first release, would you look at that...

It's been 4 months since I wrote my initial thoughts on a discord logbot. Ever since then, I've opted to start writing one myself. Progress has been slow, in no small part due to motivational issues, but I really do believe that I'm currently in a state where I can release a first version of this application.

So, meet Providence.

There's a ton of features currently packed, but as of right now it can log pretty much everything aside from reactions (which have partial implementations in the frontend) and display all of it in a reasonably competent fashion using it's web UI.

You can find instructions to install in the README. Give it a glance.

As for what WSGI to use for your frontend, use whatever works for you for now. I don't have any immediate plans to lock it to one WSGI for support yet, but gunicorn would be my choice from quickly testing it.

Or just use the Flask dev server, it's not like you should be running this on a place where tons of users can access it :p

Future stuff

The most immediate feature I want to work on is importing existing messages and users into the database. This will probably not be very hard, as it is just scanning through messages.

After that, I'll probably streamline the frontend templates more, removing the hard links and making better use of jinjas templating to access endpoints, as well as implementing breadcrumbs.

Longer term, I want to look into exporting day pages into panopticon style logs and freezing the entire instance to permit sharing using flask-freeze as well as generally smoothing out the process to get stuff running.

There's tons of little UI issues that still bother me, and I want to tackle those. I also will need to move away the members and role lists from the guild details page and into their own pages and only load previews of those.

It would also be handy to move to using blueprints rather than just mapping all endpoints in, but that's something I'm not fully out yet on.

After I get importing messages done, I'll also relicense the entire thing to the AGPL, which I'm picking as it closes the server loophole the GPL itself has.

See you next time!



from noirscape

It's... that time of the year again. Time to tear something a new asshole.

No I'd prefer not to have to do this either, but here we are.


A character from the game Fortnite

To catch anyone who either has little interest in video games or somehow has been living under a rock up to speed, here's the quick tale of the Epic Games Store and how it came to be.

  • Epic Games launches the Battle Royale mode for their game Fortnite.
  • Fortnite proves to be highly popular, quickly causing a craze that is on a comparable level to games as Minecraft.
  • Fortnite was made available to consumers on the Epic Game Store, therefore meaning a large influx in their userbase.
  • Epic Games proceeds to open up their storefront for interested developers, offering an 88% cut, no licensing fees for games made in their engine, the Unreal Engine and a guaranteed minimum amount of sales.

The issue

When I first heard of the Epic Games Store, I was... curious. I had kinda dodged past most of the Fortnite stuff by the simple reasoning of having zero interest in a battle royale title, but I had heard of it's very large userbase.

In fact, when I first heard of the storefront, I was positive towards it. Steam as a platform takes a pretty severe cut from developers and is kinda stuck on it's lazy ass, due to having a near monopoly chokehold on the PC games market.

However... while Steam is absolutely worthy of criticism, the Epic Games Store is even more so. Let's dig right in shall we?


The thing is... in the summary I just gave, EGS wasn't really “created”. It was already around for a while, and games like Unreal Tournament 4 and the Save The Wold version of Fortnite were in fact sold on it. A small commodity of games, all produced by Epic.

Then when they opened up their storefront, there... was a bit of a disparity to say the least.

The Epic Games Store is as it stands, clearly an unsuitable game store for the load it tries to handle. There is no shopping cart, there is no search functionality and a number of other commodities any basic storefront that's intended to sell more than 20 products should have.

To put it somewhat fairer towards Epic, they do have a Trello board for expanding their featureset, but even then, there seems to be a massive issue in what they deem a “basic” commodity, with the shopping cart being put on the 6 months “backburner”, and the majority of nearby features more being geared to selling more products rather than improving the User Experience.

Strange downloading incident

This is a purely personal one. To put it mildly... the way Epic Games downloads stuff to your computer is TERRIBLE. Unless you have an SSD, the entirety of your download is gonna be chokeholded by how fast your hard drive is. This is because Epic Games has opted to locally verify each chunk before downloading the next one. This is a terrible system.

I once had a 180mb update for Fortnite, that took me over three hours to install.

Okay, these are the minor things. Now... let's talk about some big fish.

One Year Exclusivity

The first issue with games sold on the Epic Games Store is that if they are a launching title on the EGS, they will be locked to the platform for at least one full year, before they can be sold on other platforms such as Steam.

This is... a minor issue for me. Perphaps this might be a surprise, but this is purely a choice Epic Games has opted to make. What is less acceptable is the way this seems to have permeated within the game development community.

AAA titles

Much already has been said about Metro Exodus utter bizarre launch, with the game moving no less than a week before release date to the Epic Games Store, after preorders already had been made for the title. While Deep Silver did promise to “honor Steam preorders”, this was the first major AAA title to be announced for the platform that would receive permanent exclusivity to the platform.

This as a result has started what appears to be a worrying pattern for games on the Epic Games Store, with notably Ubisoft announcing the movement for The Division 2 to the storefront after, again, it already had been announced on Steam.

In fact, Ubisoft seems to be moving over to the Epic Games Store almost exclusively, having made a partnership with them, specifically citing the larger cut as their reasoning for moving.

As far as stuff goes, and particularly with how comparatively feature barren EGS is to Steam, this is money grubbing to the highest degree and is merely another attempt by AAA companies to keep churning out higher records to their shareholders.


Oh boy, I'm gonna end up in a minefield here. Let's preface this with one very important thing: If you are a fully independent indie title and you publish on the Epic Games Store, I have no problems with you. Whatsoever. The deal EGS offers is very appealing, especially if you're someone who is strapped for cash.

What is less acceptable is if you are crowdfunding the project.

Specifically, Epic appears to be targeting game developers on the crowdfunding site “Fig”, which notably when compared to Kickstarter or Indiegogo offers backers a part of a games revenue, provided they back enough.

Notably, the first insight we got into this behavior was with Phoenix Point, a game made by the original creator of XCOM, which took a deal with EGS after it already had been announced on Steam and GOG.

While Phoenix Point did offer refunds through Fig, the Community Manager for Phoenix Point went on record to say this:

They also notably held an AMA session on Reddit about the move, which proved to be a complete mistake, as people kept lading shit onto them.

On a similar fashion, the game Outer Wilds also went Epic Exclusive after being backed through Fig, which incidentally was the reason I started considering this blogpost.

Here's the deal though. If you are accepting money from a crowd to make a game, you are tightrope dancing. If you manage to succesfully anger this crowd, you can risk seriously losing any and all positive publicity you might ever have had and cause your sales to forever torpedo as you and your game studio will now forever be known as “the game studio who did that super bad thing x”.

For a really good example of this, look at The Odd Gentleman, who have been accused in the past of taking the million funded for Hiveswap and using it instead to produce the remake of Kings Quest, only leaving a bugged tech demo for Hiveswap.

Cutting a deal with Epic is in this case, for all intents and purposes a bad deal.

Anti-Consumer practices

So all criticism we just talked about mostly lands itself on the game developers end. Now I'm gonna take a look with you all to see how Epic treats you, the consumer!

Tim Sweeney: Professional asshole

Revenue share

If Steam committed to a permanent 88% revenue share for all developers and publishers without major strings attached, Epic would hastily organize a retreat from exclusives (while honoring our partner commitments) and consider putting our own games on Steam.


This is what we call an empty threat. In order to properly understand why there is such a massive disparity between EGS and Steams cuts, we need to specifically look at what parts EGS and Steam take their cuts and what these cuts pay for.

Basic presumed costs on both platforms:

  • CDN upkeep and client maintenance.
  • Staff payments

What the cut for Epic is used for:

  • Pay for basic costs.

What the cut for Steam is used for:

  • Pay for basic costs.
  • Pay for key activation.
  • Pay for gift cards.
  • Pay for additional CDN features such as Achievements, Guides and Community Forums.
  • Pay for transaction fees.

Steam takes no cuts for key activation (and generation), a fact which has been known for a while. It is entirely possible to buy a game on the platform Steam without ever giving Valve money by directly buying a key from the developer or from a store they partnered with (ie. Humble Bundle).

Gift cards are more interesting. While none of what I'm about to say applies to digital gift cards, physical gift cards are interesting subjects to talk about, and this is why.

When you buy a gift card from a store, let's for example say a 15$ card for the Nintendo eShop, Nintendo actually loses money. This is because in order to make stores buy gift cards, these cards are undersold from their actual value. So for example, Nintendo only gets 10$ from the 15$ gift card and the store turns over a 5$ profit.

In order to be able to properly keep this income, Nintendo instead takes this 5$ loss of theirs as a part of the developers cut, but it ensures it's thinned out over the several hundreds of publishers it has on it's store, making the industry standard 30% cut a reasonable one.

Finally, transaction fees. This is a somewhat unverified claim, as I have never bought games from the EGS directly, but apparently, if the payment provider you are using includes transaction fees, EGS dumps them on the consumer to pay.

This is in notable contrast to Steam and really, nearly every other platform with a shred of decency, which eat the transaction fees as a part of the cost and instead heightens their developers cut.

It's because Epic doesn't do what Steam does that they're able to shave off so much from their own cut.

Tim Sweeney stating that if “Steam would commit to an 88% revenue share we would stop exclusives” is a bold-faced lie and is simply a catchy statement intended to get people to shit on Steam some more and love Epic better, but really falls apart when you get down to what these revenue shares are used for.

On a similar kind, the Discord Store, a platform which has received... less luck than EGS although seemingly no shortage of good indies (seriously, I click that tab sometimes on accident and all I see pop up are indie tites that I already own on Steam and know are good), gives out a 90% revenue share and also doesn't do this stuff.

At least they don't tie their games to a 1 year exclusivity deal.

Misunderstanding Linux

Linux always has been sort of a black sheep when it comes to gaming, even more so than Apple. While most modern games typically can expect to see releases on Apple and Windows, Linux always has been treated like a third horse.

This however has been changing over the years, as notably, Steam has been doing their best to improve support for it, initially by releasing the ill-fated SteamOS, but more recently in a much more successful manner with “proton”, a version of wine specifically optimized to run video games (henceforth when using wine, assume I also mean proton).

Now... let's look at what Tim Sweeney thinks of Linux.

Installing Linux is sort of the equivalent of moving to Canada when one doesn’t like US political trends.

Nope, we’ve got to fight for the freedoms we have today, where we have them today.


This... is a basic failure to understand what Linux is. Linux isn't the equivalent of “moving to Canada because you hate US politics”. This analogy just fails to work on such a basic level that I can't even find a similarly intended analogy for it.

That said, let's quickly note a few things about why this statement matters:

  • Epic has bought up Easy Anti-Cheat. Easy Anti-Cheat notably was initially looking to support Linux and is currently the only thing holding back the ability to play Fortnite perfectly under wine. Under Epics management, EAC was told to stop Linux development.
  • The Epic client does not support Linux.

Especially that last one is relevant here. Steam is available on all major platforms, the sole exception being ARM devices (citing specifically incompatibility with the various kinds of ARM architectures out there), whereas Epic is... only available on macOS and Windows, including somehow future plans to compete with the Google Play Store on Android of all things.

To put it mildly, this alone should be something to make you wary of EGS.

No user reviews

And as the final cherry on top of the shitcake: The Epic Games Store has no user reviews. While an implementation is currently on the roadmap, the company has gone on record to state that “developers will be able to disable user reviews on their product”.

This... is a ridiculously bad concept. It's one thing to not have user reviews. I'd argue it's not a good thing to have, but that's at best me complaining.

Letting developers pick if they want user reviews on or not? That's just gonna be a recipe for disaster. Especially for modern day AAA games which have a habit of introducing anti-consumer features (such as micro-transactions, lootboxes and/or rebalancing the game to be pay2win) post-launch, user reviews are invaluable to picking apart if a game is worth your time, even moreso compared to regular outlets which are being milked like cows by AAA publishers to churn out reviews for the unpatched products so that people looking to buy these games later will end up getting mislead and misinformed.

This just gives full power to these AAA publishers to silence this stuff.

The supposed argument in favor of this is that it permits a protection against review bombing, an action in which a mob of users start leaving negative reviews on a game (this is also known as brigading), usually due to one or two direct issues with the game, rather than the merits of the full game itself.

While review bombs are indeed an issue, there are ways to counteract them without necessarily removing user reviews. An easy way to counteract a review bomb is to expand the review section to include recent reviews only. In fact, in order to counteract review bombing, this is exactly what Steam did, as well as introducing a graph that will help signify if a game had a long streak of review bombing.


Epic Games Store is... not a remotely good storefront. The store is barren, the benefits for developers are steeped in negative PR controversies and it's CEO and the platform are notoriously anti-consumer.

This is without going into claims that hold less basis and which I held off from making because I cannot be assured of their value or strength.

And want to know perphaps the saddest part? Epic has already won. It's status as a market leader thanks to Fortnite means that it'll be able to maintain it's cheap cuts, the fact that it's not putting a lot of effort into improving it's storefront also means they don't have to drive up the cuts. Small indies will see Epics deal as nothing but favorable, while big AAA titles will simply go to whatever gets them more money like bees to honey.

The only possible solution at this point will be if the negative PR towards EGS ends up reaching the breaking point at which devs will not be willing to tank the blow to their trust that associating themselves with the EGS is starting to mean and signify.

Tags: #games #epic #epicgamesstore #phoenixpoint #timsweeney #metroexodus