What a weekend! Ended up #1 on HackerNews, a dozen sub-reddits and GitHub Trending.
So exhausted, but also so proud of everything we do at @charm!
RT:
Linux Emoji Fork Bomb 💣
https://www.reddit.com/r/Hacking_Tutorials/comments/r4pg3b/linux_emoji_fork_bomb/
@s31bz Fedora
#Mastodon is getting opt-in (off by default) automatic toot deletion built in:
https://github.com/mastodon/mastodon/pull/16529
Not something I plan to use, but I know others use third-party services for this feature and it's cool to have it as an option.
So it turns out it just didn't like the Facebook sandboxing add-on I was using. Because of course.
@haskal another option for connecting to an sql database which I have used before is desiel (tho its an ORM so maybe not what you’re looking for)
trans stuff
@alexandra dress go spinny
hardening mastodon against scraping
fellow masto instance admins of the fediverse:
by default, mastodon is leaky as fuck and there are a bunch of ways that data can be scraped and indexed from a mastodon instance
there are a few steps you can take to harden your instance against this; since there's an ongoing harassment campaign against trans masto users, now is a good time to review this
the following is not exhaustive, but it's a good start
1. Enable 'Secure Mode' on your instance. Without secure mode turned on, any of the activitypub endpoints of your instance can be scraped without http authentication -- this includes user profiles and users' public posts. This makes it ***absolutely trivial*** for a scripter to scrape all of the profiles of your instance denizens and look for keywords.
From the mastodon docs: 'When secure mode is enabled, all GET requests require HTTP signatures as well.'
It's insane to me that this isn't enabled by default. To enable it, see the 'AUTHORIZED_FETCH' parameter here: https://docs.joinmastodon.org/admin/config/#basic
This makes it more complicated to scrape, since scraping traffic now has to come from an instance that uses http signatures, and not just from some random asshole's computer.
2. Toggle some config options in preferences => administration => site settings. Here you can turn off the profile directory, disallow unauthenticated access to public pages, etc. See the screenshot below this post for the settings I use. You can make up your own mind about how strict you want to be here, but I think turning off the profile directory and the public timeline is a great idea.
3. Recommend your users disable DMs from people they don't follow. This is under preferences => notifications.
Any stuff I've missed, stuff you'd like to add, feel free to reply to this post.
Thanks for reading!
Dude gets fired.
Recruiter gets him an interview... with the firm that fired him.
He goes. And interviews.
Delightful.
@doomedkangaroo currently no but that is something I’ve been meaning to look into for a while
@Linux_in_a_Bit I rather like (and use) pass.
Hey I'm Hayley. I'm a derpy fox who likes messing with computers and electronics.
I don't post often but I do like sharing interesting things I find.
PFP by @FlurryThePuff