GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Teri Kanefield (teri_kanefield@mastodon.social)'s status on Friday, 12-Jan-2024 01:30:11 JST Teri Kanefield Teri Kanefield

    Okay techies: Every time I post a link to my website on Mastodon, everyone (including me) is shut out of my website for about 5 mintutes with an "error 500" message.

    This doesn't happen when I post anywhere else, and I get 10 time the traffic from other sources.

    People have offered me and my tech support staff (my husband) solutions. None of them worked.

    In conversation Friday, 12-Jan-2024 01:30:11 JST from mastodon.social permalink
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Friday, 12-Jan-2024 01:30:08 JST Evan Prodromou Evan Prodromou
      in reply to
      • Renaud Chaput

      @renchap can we collaborate on a spec for this? /cc @Teri_Kanefield

      In conversation Friday, 12-Jan-2024 01:30:08 JST permalink
    • Embed this notice
      Renaud Chaput (renchap@oisaur.com)'s status on Friday, 12-Jan-2024 01:30:10 JST Renaud Chaput Renaud Chaput
      in reply to

      @Teri_Kanefield I am sorry for this, this is a known Mastodon issue. Basically, when you post a link, every Mastodon instance receiving your post will try to download the page to generate the link preview, and for popular accounts like yours this might be a few thousand of requests.
      We have plans to improve this in the near future, in the meantime having some basic HTTP caching on your blog should help.

      In conversation Friday, 12-Jan-2024 01:30:10 JST permalink
    • Embed this notice
      Wary Jerry (jerry@infosec.exchange)'s status on Friday, 12-Jan-2024 02:19:20 JST Wary Jerry Wary Jerry
      in reply to
      • tw000
      • SteveO ✅ - For Harris 🇺🇸
      • David Gerhart

      @gearhead I can't find the issue right now, but there is a githb issue in the mastodon issue list to generate the preview card for a link on the instance the link is posted from - and have the preview card distributed with the post, rather than expecting each instance to create their own card.
      @steveo1049 @tw000 @Teri_Kanefield

      In conversation Friday, 12-Jan-2024 02:19:20 JST permalink
      feld likes this.
    • Embed this notice
      David Gerhart (gearhead@fosstodon.org)'s status on Friday, 12-Jan-2024 02:19:21 JST David Gerhart David Gerhart
      in reply to
      • Wary Jerry
      • tw000
      • SteveO ✅ - For Harris 🇺🇸

      @steveo1049 @tw000 @Teri_Kanefield @jerry

      I wouldn't agree that it's a fedi-bug. But a consequence of equal access over the internet.

      Hosting on a platform that is dynamically responsive (AWS, Azure, GHS) and designing for high requester peaks seems appropriate.

      In conversation Friday, 12-Jan-2024 02:19:21 JST permalink
    • Embed this notice
      David Gerhart (gearhead@fosstodon.org)'s status on Friday, 12-Jan-2024 02:19:21 JST David Gerhart David Gerhart
      in reply to
      • Wary Jerry
      • tw000
      • SteveO ✅ - For Harris 🇺🇸

      @steveo1049 @tw000 @Teri_Kanefield @jerry

      Another method, is to post via a separate server instance - to serve the toot requests, leaving the primary to serve 'normal' traffic. Let the 'mirror' server grind out serving the excess traffic.

      I'm probably way off on the assessment tho...

      In conversation Friday, 12-Jan-2024 02:19:21 JST permalink
    • Embed this notice
      SteveO ✅ - For Harris 🇺🇸 (steveo1049@mastodon.sdf.org)'s status on Friday, 12-Jan-2024 02:19:22 JST SteveO ✅ - For Harris 🇺🇸 SteveO ✅ - For Harris 🇺🇸
      in reply to
      • Wary Jerry
      • tw000

      @tw000 @Teri_Kanefield @jerry - so, it’s a Fedi-bug!

      In conversation Friday, 12-Jan-2024 02:19:22 JST permalink
    • Embed this notice
      tw000 (tw000@infosec.exchange)'s status on Friday, 12-Jan-2024 02:19:23 JST tw000 tw000
      in reply to
      • Wary Jerry

      @Teri_Kanefield It's my understanding that this is the link-preview function bombarding your server as the link spreads across the fediverse.

      @jerry might have some helpful thoughts on this.

      In conversation Friday, 12-Jan-2024 02:19:23 JST permalink
    • Embed this notice
      feld (feld@bikeshed.party)'s status on Friday, 12-Jan-2024 02:21:02 JST feld feld
      in reply to
      • Wary Jerry
      • tw000
      • SteveO ✅ - For Harris 🇺🇸
      • David Gerhart
      @jerry @gearhead @steveo1049 @tw000 @Teri_Kanefield this genuinely makes me mad because I suggested this to Garg way back when the original "mastodon causes DDoS" panic happened and I was told NO this would not be allowed because people will tamper with it and make fake link previews
      In conversation Friday, 12-Jan-2024 02:21:02 JST permalink
    • Embed this notice
      tw000 (tw000@infosec.exchange)'s status on Friday, 12-Jan-2024 02:25:31 JST tw000 tw000
      in reply to
      • feld
      • Wary Jerry
      • Marcus Hutchins :verified:
      • SteveO ✅ - For Harris 🇺🇸
      • David Gerhart

      @feld @gearhead @jerry @steveo1049 @Teri_Kanefield As @malwaretech demonstrated a while back, the current system can be manipulated. It's a choice and I wouldn't be opposed to it being a setting available to each instance to make that choice.

      In conversation Friday, 12-Jan-2024 02:25:31 JST permalink
    • Embed this notice
      feld (feld@bikeshed.party)'s status on Friday, 12-Jan-2024 02:25:31 JST feld feld
      in reply to
      • Wary Jerry
      • Marcus Hutchins :verified:
      • tw000
      • SteveO ✅ - For Harris 🇺🇸
      • David Gerhart
      @tw000 @gearhead @jerry @steveo1049 @Teri_Kanefield @malwaretech it's just additional metadata on an activity. The client signature verification would fail if it was tampered with.

      The only abuse case that really exists is if the client hand-crafts a false link preview but this is no more dangerous a situation that the classic "embed a fake thumbnail into the JPEG" prank we saw 10 years ago
      In conversation Friday, 12-Jan-2024 02:25:31 JST permalink
    • Embed this notice
      Wary Jerry (jerry@infosec.exchange)'s status on Friday, 12-Jan-2024 02:36:42 JST Wary Jerry Wary Jerry
      in reply to
      • feld
      • tw000
      • SteveO ✅ - For Harris 🇺🇸
      • David Gerhart

      @feld I think we’ve likely crossed a threshold where it’s not a hypothetical concern any longer, now that we have 20k instances. @gearhead @tw000 @steveo1049 @Teri_Kanefield

      In conversation Friday, 12-Jan-2024 02:36:42 JST permalink
      feld likes this.
    • Embed this notice
      Evan Prodromou (evan@cosocial.ca)'s status on Friday, 12-Jan-2024 07:42:23 JST Evan Prodromou Evan Prodromou
      in reply to
      • Renaud Chaput

      @renchap awesome, thanks. Ive been talking about the issue with some other folks so I'd love to compare notes.

      In conversation Friday, 12-Jan-2024 07:42:23 JST permalink
    • Embed this notice
      Renaud Chaput (renchap@oisaur.com)'s status on Friday, 12-Jan-2024 07:42:24 JST Renaud Chaput Renaud Chaput
      in reply to
      • Evan Prodromou

      @evan Sure. This is on the 4.3 roadmap but I am not sure we will be able to deliver it, it has many implications, both in term of protocol and implementation, mostly because preview generation must be an async process.
      I will try to write down our thoughts on this topic (we have been discussing this for many months), and share it to you

      In conversation Friday, 12-Jan-2024 07:42:24 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.