Free Radical is now on Mastodon v2.3.1.

Free Radical is now on Mastodon v2.3.0.

Admin tip: if you’ve set UID and/or GID in your .env.production, be sure to update Dockerfile with ARG UID=... and ARG GID=.... If you don’t, you’re going to get lots of permission errors in the docker-compose run --rm web rails assets:precompile part of the upgrade process. Don’t be me.

Free Radical is now on Mastodon v2.2.0.

Free Radical is now on Mastodon v2.1.2.

I deliberately log as little as possible about my users. My nginx logrotate config is configured to store one week’s worth of access and error logs:

/var/log/nginx/*.log {
    ...
    rotate 7
    ...
}

As of this moment, that looks like:

-rw-r-----  1 www-data adm     443615 Jan  5 08:29 freeradical.zone-access.log
-rw-r-----  1 www-data adm    5405613 Jan  5 06:25 freeradical.zone-access.log.1
-rw-r-----  1 www-data adm     395094 Jan  4 06:24 freeradical.zone-access.log.2.gz
-rw-r-----  1 www-data adm     407455 Jan  3 06:24 freeradical.zone-access.log.3.gz
-rw-r-----  1 www-data adm     375444 Jan  2 06:24 freeradical.zone-access.log.4.gz
-rw-r-----  1 www-data adm     474143 Jan  1 06:24 freeradical.zone-access.log.5.gz
-rw-r-----  1 www-data adm     344550 Dec 31 06:25 freeradical.zone-access.log.6.gz
-rw-r-----  1 www-data adm     452215 Dec 30 06:25 freeradical.zone-access.log.7.gz
-rw-r-----  1 www-data adm          0 Jan  5 06:25 freeradical.zone-error.log
-rw-r-----  1 www-data adm       1461 Jan  4 23:10 freeradical.zone-error.log.1
-rw-r-----  1 www-data adm        349 Jan  3 18:43 freeradical.zone-error.log.2.gz
-rw-r-----  1 www-data adm        458 Jan  3 03:35 freeradical.zone-error.log.3.gz
-rw-r-----  1 www-data adm        314 Jan  1 13:49 freeradical.zone-error.log.4.gz
-rw-r-----  1 www-data adm        428 Dec 30 16:01 freeradical.zone-error.log.5.gz
-rw-r-----  1 www-data adm        409 Dec 29 18:01 freeradical.zone-error.log.6.gz
-rw-r-----  1 www-data adm        387 Dec 29 05:47 freeradical.zone-error.log.7.gz

To be explicit: these are not usually processed in any way and are never used for analytics or tracking. I’ll occasionally (but rarely) use standard local Unix commands (grep, awk, etc.) to examine them directly on the server for troubleshooting, but that is their sole use and the only time they’re ever accessed.

The Free Radical Ansible
repo commit 5d91a34 now supports both pre-Mastodon 2.1 and Mastodon 2.1+ S3 media URLs in CSP headers.

One of my users complained that they received spam from @mastodon_user_matching@2.distsn.org, whose timeline currently looks like:

It turns out this whole instance is screaming with spam red flags:

• It doesn’t verify email addresses¹,
• The site that the spambot is advertising, MastodonUserMatching.tk, is a redirect to vinayaka.distsn.org (which is on the same domain as the Mastodon instance²), and
• The bot’s source has the same name (“vinayaka”) as the subdomain it’s spamming ads for.

I conclude that this instance is specifically deployed to allow and assist spamming, and as such, I’m suspending the 2.distsn.org domain effective immediately.

I kind of fell into a heated argument between well-intentioned people. While I actively do not want to become involved in every disagreement in the fediverse, enough people ended up participating that I wanted to offer my outsider’s take on events.

What happened

A new user, Pat, joined Free Radical a few days ago. They were active on birdsite but had heard about our growing community and wanted to check it out. I had a few chats with Pat about what makes the two networks different, and they were eager to get started exploring.

Mastodon makes the internet feel like home again, by @srol@mellified.men

Having been on the service for nine months myself, I can confirm Mastodon is not a replacement for Twitter. It’s much better. It is the first place on the internet where I have felt comfortable in a long time.

I’m serving Free Radical’s images etc. from S3. When I updated to Mastodon v2.1.0, I noticed that all the page’s images were missing. Safari’s Show JavaScript Console menu revealed a lot of errors like:

[Error] Refused to load https://s3-us-west-2.amazonaws.com/freeradical-system/accounts/avatars/000/014/309/static/91f9782fad3f6284.png because it does not appear in the img-src directive of the Content Security Policy.

Turns out that some time between the releases of v2.0.0 and v2.1.0, the Mastodon switched from generating S3 URLs like: