Conversation

Notices

1. Embed this notice
   OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 19:25:01 JST OCTADE

   • The Real Grunfink
   @grunfink@comam.es
   
   Is there any internal method for preventing a snac2 server from federating? I don't mean blocking. I mean prohibiting all federation and contact with other activitypub instances. The goal is the local users don't see anything from the fediverse and the fediverse won't see anything from the local server.
   
   I realize there are brute ways to hack nginx and IPtables to block ports and things like that. I'm just wondering if there is an internal method that is more sensible, or if perhaps some blocks of code could be removed before compilation.
   
   #snac2 #fediverse #servers #activitypub
   
   • stigatle likes this.
   • Embed this notice
     The Real Grunfink (grunfink@comam.es)'s status on Tuesday, 07-Jan-2025 19:32:09 JST The Real Grunfink

     in reply to
     Hi. No, not at this moment. You mean, as a standalone, isolated server, with communication only available between users of the same server, right?
     
   • Embed this notice
     OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 19:47:24 JST OCTADE

     in reply to

     • The Real Grunfink
     Yes, that is correct. I suppose 'isolated instance' is the term I am reaching for.
     
     If I configure my web server proxy to block snac2 from sending and receiving connections from other instances would this break snac or cause some kind of dump or race condition? I suppose I could just try it and see.
     
   • Embed this notice
     OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 22:17:45 JST OCTADE

     in reply to

     • The Real Grunfink
     • Happy Jack
     @grunfink@comam.es
     
     Why not?
     
   • Embed this notice
     Happy Jack (twitloyalist@twit.social)'s status on Tuesday, 07-Jan-2025 22:17:47 JST Happy Jack

     in reply to

     • The Real Grunfink

     @octade @grunfink Why?

   • Embed this notice
     Giacomo Tesio (giacomo@snac.tesio.it)'s status on Tuesday, 07-Jan-2025 22:27:29 JST Giacomo Tesio

     in reply to

     • The Real Grunfink
     @grunfink@comam.es
     
     Actually that would enable #snac usage in a specific educational use case: schools.
     
     I think kids and teens might be able to learn how to use social-networks in a defederated #fediverse instance, being able to do their typical errors in a protected environment.
     
     However I know no school so brave to experiment on this, because of all kind of issues they might have to face, from sexting to bulling.
     
     Yet, I think that it might help kids grow more aware of the risks and implication (and maybe even more #privacy aware).
     
     On the technical side: you could have a defederated Snac if you make it available over a VPN or local network only. Also, I suppose that messing crypto keys would isolate the instance's inbox. All hacks, though.
     
     @octade@soc.octade.net
     
     stigatle likes this.
   • Embed this notice
     OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 22:28:44 JST OCTADE

     in reply to

     • The Real Grunfink
     • Giacomo Tesio
     @grunfink@comam.es
     
     It is a convenient way to have a local portal that runs like a social media platform.
     
   • Embed this notice
     OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 22:48:19 JST OCTADE

     in reply to

     • Big Diggity
     • The Real Grunfink
     @grunfink@comam.es
     
     I recall that friendica has the option disable_federation in the config settings.
     
     I realized that with snac, I can run a script daemon:
     
     1. Use inotifywatch to check incoming objects;
     2. Dump the new object JSON to detect requests from foreign domains;
     3. run the 'snack block' command on the found domain;
     4. Delete the incoming object;
     5. Sanitize any generated notifications.
     
     This should all happen so quickly that local users should never notice it.
     
     So any attempt to communicate in either direction can be automatically detected on first blush, then the remote domain blocked.
     
     It's a hack, but it should work.
     
     Another question: what about a wildcard character in the 'snac block' command?
     
     I'm not going to try it on this public instance because I'm afraid of some kind of expansion wrecking things. Does anyone know if that would do anything weird?
     
   • Embed this notice
     Big Diggity (big_diggity@theres.life)'s status on Tuesday, 07-Jan-2025 22:48:20 JST Big Diggity

     in reply to

     • The Real Grunfink

     @octade
     I looked into having a non federating mastodon instance a long time ago. It was a doable from the settings, but things could have changed. Might have been on Glitchsoc fork. If I find it again, I'll let you know.

     Side note: Hubzilla has a plugin that creates a stand alone server.

     @grunfink

   • Embed this notice
     OCTADE (octade@soc.octade.net)'s status on Tuesday, 07-Jan-2025 23:08:36 JST OCTADE

     in reply to

     • StarkRG
     Just like shell ... worth a try.
     
   • Embed this notice
     starkrg@myside-yourside.net's status on Tuesday, 07-Jan-2025 23:08:37 JST StarkRG

     in reply to

     @octade I give it a low chance of working, but it's simple enough to be worth trying to block the domain name *