yaypie - Network
Content warning:Mastodon security anxietySooner or later someone will find a critical security vulnerability in Mastodon. I’m worried...
https://mastodon.social/@yaypie/...Content warning:Mastodon security anxiety
Sooner or later someone will find a critical security vulnerability in Mastodon. I’m worried about what will happen when every instance has to scramble to update or mitigate before someone targets them.
Even worse if it’s a passive exploit in something like the link preview generation code, which could cause servers to get “infected” as a post spreads.
11.11.2022 17:52Content warning:Mastodon security anxietySooner or later someone will find a critical security vulnerability in Mastodon. I’m worried...https://mastodon.social/@yaypie/...
Solved the x-forwarded-for spoofing problem with a Caddy reverse proxy, which seems to be working well.
https://mastodon.social/@yaypie/...Solved the x-forwarded-for spoofing problem with a Caddy reverse proxy, which seems to be working well.
11.11.2022 07:55Solved the x-forwarded-for spoofing problem with a Caddy reverse proxy, which seems to be working well.https://mastodon.social/@yaypie/...
One problem with hosting Mastodon on Fly that I haven't solved yet: Mastodon expects to be able to get a user's IP address (which is...
https://mastodon.social/@yaypie/...One problem with hosting Mastodon on Fly that I haven't solved yet: Mastodon expects to be able to get a user's IP address (which is used for rate limiting) from the x-forwarded-for header, but Fly lets clients spoof this header so it can't be trusted.
Fly supplies a fly-client-ip header, but Mastodon doesn't support it. Seems like my options are to either fork Mastodon and add support or run a reverse proxy and rewrite the x-forwarded-for header to use the value of fly-client-ip.
10.11.2022 17:38One problem with hosting Mastodon on Fly that I haven't solved yet: Mastodon expects to be able to get a user's IP address (which is...https://mastodon.social/@yaypie/...
I've been experimenting with a private Mastodon instance hosted on fly.io for about 24 hours now and it has apparently cost me $0.02...
https://mastodon.social/@yaypie/...I've been experimenting with a private Mastodon instance hosted on fly.io for about 24 hours now and it has apparently cost me $0.02 thanks to the generous free allowance. I'm looking forward to discovering whether the final monthly invoice ends up being less than $8 (to choose a number completely at random).
10.11.2022 02:03I've been experimenting with a private Mastodon instance hosted on fly.io for about 24 hours now and it has apparently cost me $0.02...https://mastodon.social/@yaypie/...
I was pleasantly surprised to learn that Mastodon uses my Sanitize library to sanitize HTML in federated posts by passing them through...
https://mastodon.social/@yaypie/...I was pleasantly surprised to learn that Mastodon uses my Sanitize library to sanitize HTML in federated posts by passing them through several custom transformers.
Ironically, I implemented transformers on the plane while flying to San Francisco to interview at Twitter back in 2010 (I didn't get the job).
8.11.2022 05:09I was pleasantly surprised to learn that Mastodon uses my Sanitize library to sanitize HTML in federated posts by passing them through...https://mastodon.social/@yaypie/...
I might try running a personal Mastodon server just to have more control over the experience. If I do, which of my domains should I use for...
https://mastodon.social/@yaypie/...I might try running a personal Mastodon server just to have more control over the experience. If I do, which of my domains should I use for it?
https://mastodon.social/@yaypie/...
