#MastoAdmin folks who weren't around the #Fediverse and #Mastodon back in 2018 may not know (or those who were, may have forgotten) how unpopular trending tags were when the project leader forced it despite extensive criticism about creating abuse vectors and clawing back promises of creating an algorithm-free network.
I think it would be cool to be able to see some of the most popular hashtags of the last 24 hours. It could fit nicely at the top of the "public" panel.
We just released Mastodon 4.3.3, 4.2.15 and 4.1.22. They contain a few bug fixes as well as a security fix (medium severity, github.com/mastodon/mastodon/s…)
We recommend every instance administrator to update as soon as possible.
If you are using our nightly releases, a container image with the fix has been published with the `nightly.2025-01-17-security` tag.
Welp, first major code push to the instance in 2025 and there are somehow 0 broken pieces. Several database migrations were involved so that was a little surprising. Plus, you know, it's 4:00 AM and that's usually when I break shit. #MastoAdmin
It contains some bug fixes and a few small features, like (optional) grouping of follow notifications and improvements the fediverse:creator setup instructions.
Upgrading requires re-compiling frontend assets (if not using Docker), instructions are in the release notes : github.com/mastodon/mastodon/r…
Changelog
Added
Add more explicit explanations about author attribution and fediverse:creator (#32383 by @ClearlyClaire)
Add ability to group follow notifications in WebUI, can be disabled in the ...
If you're wondering where the "Mark images as sensitive" option went in Mastodon v4.3.0, it's now hidden behind a cheat code.
You need to turn the Content Warning option on, but leave the warning text box itself blank. This will cause the images in your post to be marked as sensitive, without marking the whole post with a content warning.
A so-called "AI-powered social network start-up" has started cloning posts from across the Fediverse without asking permission. You can find out more in this discussion thread:
This is not meant to replace #29280, but supplement it to avoid unmonitored servers keeping open registrations indefinitely.
Automatically switch away from open registrations if no user with the pe...
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
I don't know who mentioned this the other day, but I'm happy to see this is actually a thing now.
When an admin tries to block another whole instance it gives a summary of how many connections will be severed, which is good because domain blocks are a nuclear option. In this case it was warranted though since that instance openly allowed harassment.
I recently discovered a feature for moderators where you can help with accessibility. When moderating a hashtag, you can change its display name to replace lower-case with upper-case letters. This will help both dyslexics and vision impaired people.
If you can afford an extra minute or two to fix these while moderating trends, it will make them easier to read for everybody, especially the really long tags in hashtag games.
I have two fixes in there, including the #MastoAdmin retention dashboard not working for anyone who lives in the western hemisphere 🌐
I had another one that adds Elasticsearch storage size to the admin dashboard, that didn't make it in here, but it's on main so it'll make its way to you eventually. 🤷
This is a bugfix release for the 4.2.0 version, if you're installing from an earlier version, please check the 4.2.0 release notes as they contain important information on how to update.
⚠️ We rec...
This script installs and hardens a one server mastodon install. - GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.
This script installs and hardens a one server mastodon install. - GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.
🚀 The Mastodon Auto-installer script has just been UPDATED! 🚀
Gone are the days of modifying code in the script. It's now fully interactive! 🎊 Just follow the server prompts during script execution, & you're all set.
PLUS, for an even smoother experience, we now have ONE-COMMAND installs! 🎉
But there's more... A GUI installation wizard might be on the horizon! Stay tuned. 🔮
This script installs and hardens a one server mastodon install. - GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.
oh, here's some JUICY rumored details about meta's plans for the fediverse
tl;dr "Meta will only federate with select larger instances from the beginning. There will be contracts which also provide for financial compensation for the instance owners."
can't entirely verify their validity but it's still worth posting just in case
The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.
But do note this comment on the PR:
“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”
Add optional hCaptcha support.
Whenever the environment variables HCAPTCHA_SECRET_KEY and HCAPTCHA_SITE_KEY are set, the admin can enable hCaptcha:
When enabled, users are shown a captcha when con...
Since opening registrations in Jan with 50 members we have doubled in size, following a nice pace of growth. We are now also steadily posting over 100 new posts/week.
Several Mastodon instances (including Newsie) have come under cyber-attack recently by state-level actors.
If you are the admin of a Mastodon Instance that overlaps arts, human rights, civil society, journalism, or democracy and would like FREE cyber security protection from Cloudflare as part of Project Galileo please reach out as Fourth Estate is a long-time Project Galileo partner
Through Project Galileo, Cloudflare provides free cyber security services to organizations supporting the arts, human rights, journalism, and democracy.
I wonder how many instance admins using Cloudflare know about this? My hunch is most do not, because the primary justification I see for using Cloudflare here is DDoS protection.
Cloudflare won't help if the attacker knows your origin IP, and you can't hide that with Cloudflare alone, due to the nature of ActivityPub.
The domain zwezo.o-k-i.net automatically creates mirroring #Mastodon #bot accounts upon any #Twitter handles put into their search field, without authorization by the original Twitter profile owners.
I doubt, this is #legal, under EU law at least & find it highly #disturbing, that anybody can create bot accounts referring to others, who are neither aware of this nor authorized this in person.
Recently, several users expressed a desire for a way to quickly check if the images in the toot they were about to boost were described. It would be nice if Mastodon itself offered warnings for that, as well as for forgetting to describe media in your own posts, but until then, this is actually one problem admins can fix on our own! All you need to do is go into the site settings and add a bit of CSS code that will display a red border around any undescribed media. There are two examples available, depending on how subtle or noticeable you want the border to be; experiment and see what you like! gist.github.com/FiXato/3de505b… Thanks to @IngaLovinde for thinking of the starting code and @FiXato for improving on it! They did all the work here; I am just sharing this along. Open this post in a new tab and look at the image to see how this can look like. The example image is my avatar, described in another pinned post. #MastoAdmin #MastoDev
CSS user style to add a red border around media (images, audio, video and animated 'gifv') that lacks a description. Based on code by Paul: https://linernotes.club/@balrogboogie - Mastodon-...
Concerning to see #MastoAdmin comments from instances with many tens of thousands of users admitting they still don't know a lot of very basic concepts around how the software works.
If you're going to let your instance become "too big to fail" (which you shouldn't) at the very least you owe it to the larger network to please get up to speed on all of the aspects of administering & moderating the software.
You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversation
Here's a #mastoadmin tip: Use your powers of custom CSS to make Mastodon more accessible. The default link highlight colour (both 3.x blue and 4.x purple) contrasts are not WCAG compliant.
Illustrated below – we also highlight mentions and hashtags like links to make them easier to see – I find the default of "usernames are not quite white, but it's hard to see the difference" pretty distracting.
Pitch The custom emojis that are solved as pictures should have the option to enter an alternate text for screen readers. Motivation From the perspective of the accessibility the custom emojis are ...
The admin of journa.host is publicly using and linking a scraping utility to track what instances have silenced or suspended his own.
This scraping utility is using code created by Kiwi Farms, and is hosted on the same domain as an instance he himself has suspended. So he'll suspend the instance because others have - but he's happy to use something they host.
In my opinion, this information has destroyed any good will he might have had left.
Yes, running single-user instances of Mastodon is resource-intensive.
I don't think hosting costs scale with followers though. My single-person instance with 1500 accounts has tripled its followers in a week and it's comfortably within the resources available to it with 25 €/month of expenses. Load has barely changed. respublicae.eu/@praetor/109295…
Moderation and other #MastoAdmin costs however scale with the number of eyeballs, I suppose.
that's the screen I (and probably every #mastoadmin) was checking regularly in the last few days 😁 Our instance is not that big, but seems to be integrated in the network, we hit 500k 1.5 weeks ago, steering towards 1M events/day. It's really interesting when you're hosting the hardware yourself (especially as a hobby project) and can't easily scale up CPUs, but switching to nvme really payed off. We currently run 2 sidekiq processes at 10 treads each, with basically zero queue backlog.
It's fun to spin up a $5/mo cloud node and try to roll your own, but masto.host/ offers plans at the $6/mo price range that will let you focus on using your instance rather than setting it up :) #MastoAdmin
Tak šup šup, pošlete Archosovi příspěvek na provoz serveru! #MastoAdmin #SupportYourServer
