We just released Mastodon 4.3.1!

It contains some bug fixes and a few small features, like (optional) grouping of follow notifications and improvements the fediverse:creator setup instructions.

Upgrading requires re-compiling frontend assets (if not using Docker), instructions are in the release notes : github.com/mastodon/mastodon/r…

#mastodev #mastoadmin

Release v4.3.1 · mastodon/mastodon

Changelog Added Add more explicit explanations about author attribution and fediverse:creator (#32383 by @ClearlyClaire) Add ability to group follow notifications in WebUI, can be disabled in the ...

^GitHub

If you're wondering where the "Mark images as sensitive" option went in Mastodon v4.3.0, it's now hidden behind a cheat code.

You need to turn the Content Warning option on, but leave the warning text box itself blank. This will cause the images in your post to be marked as sensitive, without marking the whole post with a content warning.

#MastoAdmin #SunnyGardenAdmin

All you #Mastodon sysadmins who upgraded to Mastodon 4.3.0: Have you noticed that after you dutifully upgraded the #Yarn dependency to version 4, a message like this scrolled by:

$ yarn install --immutable<br>➤ YN0065: Yarn will periodically gather anonymous telemetry: https://yarnpkg.com/advanced/telemetry<br>➤ YN0065: Run yarn config set --home enableTelemetry 0 to disable<br>

yarn config set --home enableTelemetry 0<br>

#MastoAdmin #telemetry

A so-called "AI-powered social network start-up" has started cloning posts from across the Fediverse without asking permission. You can find out more in this discussion thread:

social.wake.st/@liaizon/112603…

You might want to defederate from Maven, the domains to suspend are:

maven.ly
heymaven.com

This defederation will be much more effective if you have "authorized fetch" switched on, more info about it at fedi.tips/authorized-fetch

(via @liaizon)

#FediAdmin #MastoAdmin #Fediverse

Adding user safety through Authorized Fetch on Mastodon | Fedi.Tips – An Unofficial Guide to Mastodon and the Fediverse

An unofficial guide to using Mastodon and the Fediverse

^fedi.tips

Woha, this is unexpected: in a future update mastodon will automatically turn off open registration if no mod has logged in for a week or longer:

github.com/mastodon/mastodon/p…

This is great news, and should hopefully significantly cut down on abandoned servers being used to send spam!

(And this is in addition to also having open registrations off by default on new servers.)

Great news!

#mastoadmin #spam

Automatically switch from open to approved registrations in absence of moderators by ClearlyClaire · Pull Request #29318 · mastodon/mastodon

This is not meant to replace #29280, but supplement it to avoid unmonitored servers keeping open registrations indefinitely. Automatically switch away from open registrations if no user with the pe...

^GitHub

im getting really tired... -w-

summary of today:

someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)

A Discord bot. I can't make this shit up man.

The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.

This shit is ridiculous.

The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.

The forum admins didn't even stop this. Why? lulz apparently. #fediblockmeta#fediadmins#fediadmin#mastoadmin#mastoadmins#spam#cybercrime#cybersec#infosec#drama#discord

Oh, look at that.

I don't know who mentioned this the other day, but I'm happy to see this is actually a thing now.

When an admin tries to block another whole instance it gives a summary of how many connections will be severed, which is good because domain blocks are a nuclear option. In this case it was warranted though since that instance openly allowed harassment.

#mastoadmin

I recently discovered a feature for moderators where you can help with accessibility. When moderating a hashtag, you can change its display name to replace lower-case with upper-case letters. This will help both dyslexics and vision impaired people.

If you can afford an extra minute or two to fix these while moderating trends, it will make them easier to read for everybody, especially the really long tags in hashtag games.

#MastoAdmin #MastoMod #Inklusion #BarriereFreiheit #Accessibility #a11y

Mastodon 4.2.1 is here! 🥳 github.com/mastodon/mastodon/r…

I have two fixes in there, including the #MastoAdmin retention dashboard not working for anyone who lives in the western hemisphere 🌐

I had another one that adds Elasticsearch storage size to the admin dashboard, that didn't make it in here, but it's on main so it'll make its way to you eventually. 🤷

Release v4.2.1 · mastodon/mastodon

This is a bugfix release for the 4.2.0 version, if you're installing from an earlier version, please check the 4.2.0 release notes as they contain important information on how to update. ⚠️ We rec...

^GitHub

Just a heads up that there will be update is coming to the Mastodon Auto-installer script in just a few days.

It'll be fully interactive, meaning no more code modifications in the script! 🎉 Simply respond to the server prompts during script execution.

And guess what's next? We're considering a GUI installation wizard! 🔮

Check it out here:
github.com/Honeytree-Technolog…

Happy installing

#Mastodon #MastoAdmin #MastoAdmins #MastoDev 🐘✨

Good News #mastoadmins! 📣

Here is an automation script for #Mastodon 🐘 to simplify and facilitate the installation, configuration, & hardening of Mastodon on a new server.

Dive into the script at github.com/Honeytree-Technolog….

Tailor it to your needs. If you appreciate the effort, give it a star and spread the word!

Feedback and ideas are always welcome, so please reach out.

Wishing you smooth #mastodon deployments! 🛠️

#Mastoadmin #Mastodon #Automation #Orchestration

🚀 The Mastodon Auto-installer script has just been UPDATED! 🚀

Gone are the days of modifying code in the script. It's now fully interactive! 🎊 Just follow the server prompts during script execution, & you're all set.

PLUS, for an even smoother experience, we now have ONE-COMMAND installs! 🎉

But there's more... A GUI installation wizard might be on the horizon! Stay tuned. 🔮

Dive in & give it a try:
github.com/Honeytree-Technolog…

Happy MastoAdmining!

#Mastodon #MastoAdmin #MastoAdmins #MastoDev

GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.

This script installs and hardens a one server mastodon install. - GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.

^GitHub

Apparently Mastodon is dropping support for StatsD I the process of moving to Rails 7, as seen in this PR on glitch-soc which brings in recent changes from mainline Mastodon. github.com/glitch-soc/mastodon…

Anyone got infos on what we can use for instrumentation after that?
#MastoAdmin

Merge upstream changes by ClearlyClaire · Pull Request #2246 · glitch-soc/mastodon

⚠️ Upstream updated some dependencies, in particular react-intl, modernizing the code but at the cost of changing how locales are generated and loaded. Expect bugs. This also drops statsd support b...

^GitHub

oh, here's some JUICY rumored details about meta's plans for the fediverse

tl;dr "Meta will only federate with select larger instances from the beginning. There will be contracts which also provide for financial compensation for the instance owners."

can't entirely verify their validity but it's still worth posting just in case

#FediPact #barcelona #project92 #p92 #meta #facebook #fediverse #fediblockmeta #FediAdmin #MastoAdmin #threads

PSA: It looks like mastodon.social has implemented hCAPTCHA on their signups yesterday.

So, if you have limited / suspended mastodon.social because of the spam issue, you may wish to reconsider this.

This will also likely mean that spammers will move to different instances (already seeing them targeting mastodon.world).

You may wish to consider implementing hCAPTCHA yourself to protect your own instance, and here is the relevant PR:

github.com/mastodon/mastodon/p…

The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.

But do note this comment on the PR:

“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”

#MastoAdmin #FediAdmin #fediblock

Add hCaptcha support by ClearlyClaire · Pull Request #25019 · mastodon/mastodon

Add optional hCaptcha support. Whenever the environment variables HCAPTCHA_SECRET_KEY and HCAPTCHA_SITE_KEY are set, the admin can enable hCaptcha: When enabled, users are shown a captcha when con...

^GitHub

One of the main challenges for new servers on here is discovering content to interact with.

Relays speed up the discovery process, and allow even a single user server to automatically see a large part of the Fediverse.

There's a new relay service by @astro­@c3d2.social called FediBuzz Relay:

➡️ relay.fedi.buzz

It allows servers to subscribe to custom relays based on tags or instances. (If you use this, can you let us know your experiences in the replies?)

#FediAdmin #MastoAdmin

We have reached 100 members on datasci.social! 🥳

Since opening registrations in Jan with 50 members we have doubled in size, following a nice pace of growth. We are now also steadily posting over 100 new posts/week.

With ample capacity to grow, we encourage everyone interested in #DataScience, #NetworkScience, #ComputationalSocialScience, and related fields to join us, or to spread the word about our place. #MastoAdmin

community.datasci.social/blog/…

Several Mastodon instances (including Newsie) have come under cyber-attack recently by state-level actors.

If you are the admin of a Mastodon Instance that overlaps arts, human rights, civil society, journalism, or democracy and would like FREE cyber security protection from Cloudflare as part of Project Galileo please reach out as Fourth Estate is a long-time Project Galileo partner

See: cloudflare.com/galileo/

#mastoadmin #mastodon

Project Galileo

Through Project Galileo, Cloudflare provides free cyber security services to organizations supporting the arts, human rights, journalism, and democracy.

^Cloudflare

It's trivial to determine the real IP of a Mastodon server behind Cloudflare. All it takes is one well-crafted request:

gist.github.com/cutiful/4f36da…

I wonder how many instance admins using Cloudflare know about this? My hunch is most do not, because the primary justification I see for using Cloudflare here is DDoS protection.

Cloudflare won't help if the attacker knows your origin IP, and you can't hide that with Cloudflare alone, due to the nature of ActivityPub.

#MastoAdmin #InfoSec

Detecting the real IP of a Cloudflare'd Mastodon instance

Detecting the real IP of a Cloudflare'd Mastodon instance - mastodon-ip.md

^Gist

The domain zwezo.o-k-i.net automatically creates mirroring #Mastodon #bot accounts upon any #Twitter handles put into their search field, without authorization by the original Twitter profile owners.

I doubt, this is #legal, under EU law at least & find it highly #disturbing, that anybody can create bot accounts referring to others, who are neither aware of this nor authorized this in person.

BIG FLAW!

Please boost, so mastoadmins can take action.

#mastoadmin #followerpower #boost
@rysiek

#mastoAdmin

jortage.com/ takes the "duplicate every image across every fedi server" model and deduplicates as possible at the media storage level

self-hosting an instance and outsourcing media storage has been for me a nice balance

i just upped my contribution a bit

thought you should all know about #jortage

I wrote a bot that parses the current #Mastodon instances and assigns them to the respective #ASN (de.wikipedia.org/wiki/ASN).

Interesting is the concentration on a few top ASN. Here for example the 10 most frequent ASNs as Pie Chart (as of 11/25/2022).

❤️ Thanks to @TheKinrar for the nice API for receiving the current mastodon instances.

#networking #network #mastoadmin #mastoadmins #research #bot #instance

Concerning to see #MastoAdmin comments from instances with many tens of thousands of users admitting they still don't know a lot of very basic concepts around how the software works.

If you're going to let your instance become "too big to fail" (which you shouldn't) at the very least you owe it to the larger network to please get up to speed on all of the aspects of administering & moderating the software.

We are here and in matrix.to/#/#mastodon_admin:ma… for support.

Matrix - Decentralised and secure communication

You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversation

^matrix.to

Here's a #mastoadmin tip: Use your powers of custom CSS to make Mastodon more accessible. The default link highlight colour (both 3.x blue and 4.x purple) contrasts are not WCAG compliant.

Illustrated below – we also highlight mentions and hashtags like links to make them easier to see – I find the default of "usernames are not quite white, but it's hard to see the difference" pretty distracting.

I'm a little surprised to see a lot of people posting domains in #FediBlock that any competent admin should have blocked on day 1.

Start with the weirder.earth suggested instance blocks, which are generally bigger/more active ones: github.com/weirderearth/weirde…

Tenforward.social has a much longer list with links to admin announcements, with reasons: wiki.tenforward.social/doku.ph…

Here's the current flipping.rocks list: flipping.rocks/about/more#unav…

#FediBlock #MastoAdmin

flipping.rocks

A cozy online home for arthropod enthusiasts, fungi fans, herpers, and other lovers of weird little creatures. [Donate]

^{Hometown hosted on flipping.rocks}

#MastoAdmin #FediBlock

The admin of journa.host is publicly using and linking a scraping utility to track what instances have silenced or suspended his own.

This scraping utility is using code created by Kiwi Farms, and is hosted on the same domain as an instance he himself has suspended. So he'll suspend the instance because others have - but he's happy to use something they host.

In my opinion, this information has destroyed any good will he might have had left.

Yes, running single-user instances of Mastodon is resource-intensive.

I don't think hosting costs scale with followers though. My single-person instance with 1500 accounts has tripled its followers in a week and it's comfortably within the resources available to it with 25 €/month of expenses. Load has barely changed.
respublicae.eu/@praetor/109295…

Moderation and other #MastoAdmin costs however scale with the number of eyeballs, I suppose.