We're putting out a request to fedi admins to require manual approval of signups. Many of the issues with spam, trolls, and scam accounts the fedi has rn are because they are exploiting the well-meaning instances with open signups to behave poorly.
Our primary concerns:
1) Open signups enable harassment of everyone. But marginalized groups are disproportionately targeted.
2) Open signups create a lot of extra work for fedi moderators and admins, who end up playing "chase the ahole" instead of working on their communities.
3) Abuse of open signups leads to a less friendly fedi, driving ppl away for other services. We know that there's a double standard there, but it doesnt change the effect.
4) Abuse of open signups hurts the rep of otherwise friendly instances, especially when they're used to mass register and harass.
Requiring even a brief vibe check before people are allowed to join does a few things. First, it removes the instant gratification the ick ppl are seeking when they sign up. Second, it screens for obv troll or not behavior. And lastly, it makes the fedi a much less icky place for everyone.
Please won't you consider requiring account approvals?
#FediModerator #FediAdmin #FediMods
Things I would do to clean up Mastodon site a little.
1. First, backup the database. Better safe than sorry.
pg_dump -Fc mastodon_production > mastodon_backup_$(date +%F).dump
2. As a fail-safe, take an Elasticsearch snapshot. This might feel redundant, but if you ever need to restore the database, it will save you from having to rebuild the search index.
curl -X PUT "localhost:9200/_snapshot/my_backup/snapshot_1?wait_for_completion=true"
3. First the easy part, remove any user-deleted media. They don't want it themselves -- so why keep it?!
tootctl media remove
There was an old bug in early Mastodon that allowed people to bypass file size limits. If your site is older, it’s worth checking if anyone exploited this in the past. The command below will only list the files and if spot anything usually bigger, you know what needs to be removed.
du -sh /home/mastodon/live/public/system/media_attachments/original/*
Generally speaking, Mastodon should remove old orphaned media automatically. But if that hasn’t happened, the command below will help clean things up. First, run as a dry run:
RAILS_ENV=production bundle exec tootctl media remove --dry-run
If everything looks okay, remove the --dry-run flag to actually delete the media.
4. Remove old posts (optional):
Some Mastodon sites keep everything forever, as large growing archive. While others prune posts after a number of years. This is a personal preference. For example, to delete posts older than 5 years (1825 days):
RAILS_ENV=production bundle exec tootctl post remove --days=1825
After running this, you may want to run the orphaned media removal command again.
5. Compress large videos. If you want to maximize storage space, compress videos to reduce their size:
ffmpeg -i original.mp4 -vf scale=1280:-2 -c:v libx264 -preset slow -crf 23 compressed.mp4
6. Vacuum the database. After removing old posts and media, clean up your database to reclaim space:
RAILS_ENV=production bundle exec rake db:vacuum
7. Rebuild the search index:
RAILS_ENV=production bundle exec rake mastodon:search:rebuild
8. Double-check the value set in .env.production to ensure users can’t upload oversized files:
MAX_FILE_SIZE=
If anyone has any more tips, I am always looking to learn.
RE: https://mastodon.murkworks.net/@moira/116610968889823197
#FediBlock @LairdCulver@vivaldi.net - general assetry, they have three posts and they’re all negative in some way
🚨
Mastodon 4.5.10 out. Security fixes. Update soon.
Mastodon 4.5.10 출시. 보안 수정. 곧 업데이트하세요.
Mastodon 4.5.10 リリース。セキュリティ修正。すぐ更新してください。
Mastodon 4.5.10 draußen. Sicherheitsfixes. Bald updaten.
Mastodon 4.5.10 uitgebracht. Beveiligingsfixes. Snel updaten.
Mastodon 4.5.10 komið út. Öryggislagfæringar. Uppfærðu fljótlega.
Mastodon 4.5.10 publié. Correctifs de sécurité. Mettez à jour bientôt.
Mastodon 4.5.10 publicado. Correcciones de seguridad. Actualiza pronto.
#FediAdmin #Mastodon #Security
🚨
Mastodon 4.5.10 out. Security fixes. Update soon.
Mastodon 4.5.10 출시. 보안 수정. 곧 업데이트하세요.
Mastodon 4.5.10 リリース。セキュリティ修正。すぐ更新してください。
Mastodon 4.5.10 draußen. Sicherheitsfixes. Bald updaten.
Mastodon 4.5.10 uitgebracht. Beveiligingsfixes. Snel updaten.
Mastodon 4.5.10 komið út. Öryggislagfæringar. Uppfærðu fljótlega.
Mastodon 4.5.10 publié. Correctifs de sécurité. Mettez à jour bientôt.
Mastodon 4.5.10 publicado. Correcciones de seguridad. Actualiza pronto.
#FediAdmin #Mastodon #Security
🚨
Mastodon 4.5.10 out. Security fixes. Update soon.
Mastodon 4.5.10 출시. 보안 수정. 곧 업데이트하세요.
Mastodon 4.5.10 リリース。セキュリティ修正。すぐ更新してください。
Mastodon 4.5.10 draußen. Sicherheitsfixes. Bald updaten.
Mastodon 4.5.10 uitgebracht. Beveiligingsfixes. Snel updaten.
Mastodon 4.5.10 komið út. Öryggislagfæringar. Uppfærðu fljótlega.
Mastodon 4.5.10 publié. Correctifs de sécurité. Mettez à jour bientôt.
Mastodon 4.5.10 publicado. Correcciones de seguridad. Actualiza pronto.
#FediAdmin #Mastodon #Security
🚨
Mastodon 4.5.10 out. Security fixes. Update soon.
Mastodon 4.5.10 출시. 보안 수정. 곧 업데이트하세요.
Mastodon 4.5.10 リリース。セキュリティ修正。すぐ更新してください。
Mastodon 4.5.10 draußen. Sicherheitsfixes. Bald updaten.
Mastodon 4.5.10 uitgebracht. Beveiligingsfixes. Snel updaten.
Mastodon 4.5.10 komið út. Öryggislagfæringar. Uppfærðu fljótlega.
Mastodon 4.5.10 publié. Correctifs de sécurité. Mettez à jour bientôt.
Mastodon 4.5.10 publicado. Correcciones de seguridad. Actualiza pronto.
#FediAdmin #Mastodon #Security
I think that *meaningfully* crediting authors, artists, photographers, and other creators is just the ethical thing to do, regardless of whether intellectual property laws apply or however you feel about them. When people consistently do not do that, or consistently fail to look into the origins of what they are posting, that is a big red flag for me.
Obviously not all mods/admins feel this way, but that is the stance I take.
#FediBlock #FediAdmin #MastoAdmin
It's a really good idea to have a public list of at least some basic rules for your Fediverse server, even if it's a single-user server.
Public rules are often used by other server admins when deciding whether to federate with your server (especially if they use allowlists), and public rules are a sign of a responsibly run server. More info about including rules on single user servers:
🌱 https://fedi.tips/should-i-publish-some-server-rules-if-im-running-a-single-person-fediverse-server
fellies.social ist auf Mastodon v4.5.10 o.o
Changelog dazu: https://github.com/mastodon/mastodon/releases/tag/v4.5.10
#fediadmin #mastoupdate #fellies
(💜) Now that pretty much all of the software listed above has been patched, we plan to shift gears to boosting PSAs/status updates from fedi admins and instances.
#FediAdmin #MastoAdmin
instance is back up. it wasnt vulnerable afaik but it was a few versions behind so i decided fuck it and updated it with the others
#fediadmin #cybersyndicate