Notices by SolSoCoG (solsocog@ieji.de)

Hab mir mal suricata+CrowdSec combo angeguckt. Jetzt läuft auch noch suricata+rulesets neben ein paar neuer premium blocklists+threat detection die man bei CrowdSec für erschwingliche $31 pro Server mieten kann. Wenn irgendwas Richtung VPN oder proxy ging bin ich von block auf captcha (lokal) gegangen.

@LeelaTorres oh well its not COVID, dunno where to get those multitests tbh. Waiting one more day until visit at the doc as my fever already got down.

Okay so my gf stays here for the rest of the month and a week into her visit I get quite sick. Asking her to buy a COVID test and a thermometer. Been to Winterswijk with her.

@schwarz so jetzt schauts schon hübscher aus :catJAM:

Let's #review ieji.de:

Performance minmaxed with 80core server✅

IPs anonymized by scrambling it via lua script✅

Ratelimit circumvented by previous action✅

Image bucket proxied✅

libvips in use for faster image handling✅

Elasticsearch search function active✅

Libretranslate translation service active✅

No bigotry, racism, hate or spam thanks to a stellar mod team✅

Overly values freedom of speech✅

Self-sustainable❎ ~60%

Sustainable because I like to burn my money to support others✅

@martijn what's up? :schmusekadser:

Oh, someone sent over 0,1 xmr! Over a month ago, oops, thanks a bunch!

@martijn ty, im dealing with arm chips :alukat3r:

Another test, this time if after setting S3_ALIAS_HOST image stuff still works as expected. Images are now getting delivered via ftp.ieji.de proxy so you have no external connections to the s3 bucket when viewing or uploading images.

@trektor so previously I've set all ip entries to 127.0.0.1, this was the "maintenance" ip which was excluded from rate limiting. They have removed that trick a while ago because it poses a risk if you had the internal processes openly accessible which you really should not. So now there was a global request limit every user shared. I've now told the webserver to give mastodon a different ipv6 on each request. Afaik this is only for logging so it shouldnt cause issues.

If you go to the ieji.de account page you will now see a super random (i made sure it uses a considerable amount of randomness) ipv6 each time you refresh the account page. Now there should be no issues, well except if this way of switching ipv6 frequently causes unexpected issues. You surely get "login from new ip" more often. #anonymous #mastodon

Experimenting with using openresty and a lua calls on each request to send a different IP to circumvent the rate limiting. Ieji might be off for a minute while I *drop in replace* nginx with openresty.

@wilms @BlippyTheWonderSlug its an ongoing issue with the anonymization, rate limits getting triggered randomly, sorry about that. Still trying to figure it out.

@samuel huh, ok weird last time I tried i got some issues with the base domain this and that, can't recall right now, looked up the error and found a different hetzner user having the same issue.

Oh nice with the recent version, tootctl media remove just started working with hetzner storage. Yay. Takes 9 hours to delete 1.6 million unreferenced, old images.

Yeah on heavy use postgres rather goes to 40-50% max than 90% after deploying pgbouncer.

@anselmschueler i mean libvips yes :p, added libvips-dev and asked mastodon to use it. also just did the pgbouncer thing while i was at it

libvip test

Updated to v4.3.4, will enable pgbouncer from friday to saturday evening, so there will be a downtime for a couple of minutes between 10pm-2am CET

@Lu yeah. I had a Soundblaster card which just wouldn't work at all, a Bluetooth speaker with .. SBC codec which would spasm and another speaker with AAC codec which would for some reason lower the audio pitch. And don't get me started on my Wacom tablet. It nearly bricked my system when I tried adding the driver. It is what it is. But the idea of windows on servers? Not in my wildest dreams. Well I'm forced to every now and then touch a windows server for a gaming community but that's it.