altq.net (PDS)

👋 Hello neighbors

Short outage in the last hour due to a regular kernel update reboot somehow breaking my hand crafted docker networking for the PDS.

It is now reverted to host mode and everything is working again.

FYI ->

I will continue to monitor this.

Network traffic/packets per second graph with spikes

After checking that I could access Bluesky with a different browser without login, I resorted to trying to restart the PDS and see if that helps.

And it did, apparently. Unclear what happened exactly or what caused it.

The graphs for this server do show a significant spike around that time ->

About 20 minutes ago I had to restart the PDS docker service manually, as all requests to the Bluesky infrastructure ended up in 5xx replies, according to the logs.

This was the first time I had to do this.

I noticed that my feed was not working anymore (timeout error).

->

Screenshot of a map showing various PDS servers in Southern Germany, including altq.net with 9 users.

Oh, I am on this map too -> arewedecentralizedyet.online/map/?source=at

javascript:alert("Does a javascript: URL exploit this guestbook?")

Nope.

javascript:alert("Does a javascript: URL exploit this guestbook?")

PDSls CAR explorer

PDSls CAR explorer (it's Jerry's repo archive)

1.3.0 introduces a CAR explorer to PDSls
pdsls.dev/car

Hello and welcome 👋

See ->

Hi there! 👋

If you use PDS Gatekeeper you will want to make this change manually to your /pds/composer.yaml instead of using pdsadmin update. Using pdsadmin update clears out your current compose with the one from the PDS repo. Should be a oneliner change

@baileytownsend.dev/pds-gatekeeper Microservice to bring 2FA to self hosted PDSes

This PDS server now supports two factor authentication via email. You can now activate 2FA in your account settings.

Thanks to tangled.org/@baileytowns... by @baileytownsend.dev

Hint for other PDS admins: When using Postfix as your mail server add ?tls=required at the end of the SMTP URL.

FYI #atproto: To use this new goat tool on the PDS server, create a shell alias like this:

$ alias goat="docker exec -it pds goat"

$ goat --version
goat version v0.1.2-rev-c43d54a

$ goat account --help
NAME:
goat account - commands for auth session and account management
[...]

Screenshot of the properly escaped and non-functional attempt to trigger an alert via <script> tag.

It does not work, as in this does not trigger an alert box in this "guestbook" on altq.net ->

Script test:

<script>alert('This should not work.')</script>

A tiny scriptlet or web component will do the trick, see the "guestbook" on the altq.net page for inspiration -> github.com/fry69/altq.n...

Grafana dashboard showing billions of records written to the database

Diagram of backfill process

FTR the app-view is up and has been for a few weeks.
Ingesting terabytes of social media data is not trivial.
I've worked to re-implement some experimental work by Divy into rsky-ingester, rsky-backfiller, and rsky-indexer

When it's production ready, it'll move off of staging.blacksky.community

🫡

I'm still in Nuremberg, Germany 📍

Good to know that my datacenter has not moved.

AT service operators and moderation thinkers: I put together an early proposal around infra abuse notices across organizational boundaries.

really looking for feedback on this one, it is bait for counter-proposals and references to prior work!

FYI: Lexicon names are reverse DNS:

The lexicon app.mbdio.uk schema gets looked up via DNS as uk.mbdio.app

Details are here ->

The moment self-hosted PDS with exploitable plugins will become popular, the HTTP request log on servers will gain a few new entries in the top 20 -> fry69.dev/_php_log

Anyone can run a WordPress server, but few can maintain it and most will choose a managed solution for this reason (incl. "trusted" plugins through the hoster/service provider/etc).

Well, I think you cited WordPress as an example in another thread part.

That is fitting in a way, as click & install plugins without further maintenance will lead to similar problems. E.g. compromising PDS and accounts through highjacked or intentionally malicious plugins.