Upgraded to v2.1.2

Free Radical is now on Mastodon v2.1.2.

That's what I log about you

I deliberately log as little as possible about my users. My nginx logrotate config is configured to store one week’s worth of access and error logs:

/var/log/nginx/*.log {
    ...
    rotate 7
    ...
}

As of this moment, that looks like:

-rw-r-----  1 www-data adm     443615 Jan  5 08:29 freeradical.zone-access.log
-rw-r-----  1 www-data adm    5405613 Jan  5 06:25 freeradical.zone-access.log.1
-rw-r-----  1 www-data adm     395094 Jan  4 06:24 freeradical.zone-access.log.2.gz
-rw-r-----  1 www-data adm     407455 Jan  3 06:24 freeradical.zone-access.log.3.gz
-rw-r-----  1 www-data adm     375444 Jan  2 06:24 freeradical.zone-access.log.4.gz
-rw-r-----  1 www-data adm     474143 Jan  1 06:24 freeradical.zone-access.log.5.gz
-rw-r-----  1 www-data adm     344550 Dec 31 06:25 freeradical.zone-access.log.6.gz
-rw-r-----  1 www-data adm     452215 Dec 30 06:25 freeradical.zone-access.log.7.gz
-rw-r-----  1 www-data adm          0 Jan  5 06:25 freeradical.zone-error.log
-rw-r-----  1 www-data adm       1461 Jan  4 23:10 freeradical.zone-error.log.1
-rw-r-----  1 www-data adm        349 Jan  3 18:43 freeradical.zone-error.log.2.gz
-rw-r-----  1 www-data adm        458 Jan  3 03:35 freeradical.zone-error.log.3.gz
-rw-r-----  1 www-data adm        314 Jan  1 13:49 freeradical.zone-error.log.4.gz
-rw-r-----  1 www-data adm        428 Dec 30 16:01 freeradical.zone-error.log.5.gz
-rw-r-----  1 www-data adm        409 Dec 29 18:01 freeradical.zone-error.log.6.gz
-rw-r-----  1 www-data adm        387 Dec 29 05:47 freeradical.zone-error.log.7.gz

To be explicit: these are not usually processed in any way and are never used for analytics or tracking. I’ll occasionally (but rarely) use standard local Unix commands (grep, awk, etc.) to examine them directly on the server for troubleshooting, but that is their sole use and the only time they’re ever accessed.

Free Radical Ansible supports new CSP URLs

The Free Radical Ansible
repo commit 5d91a34 now supports both pre-Mastodon 2.1 and Mastodon 2.1+ S3 media URLs in CSP headers.

Suspending domain 2.distsn.org

One of my users complained that they received spam from @mastodon_user_matching@2.distsn.org, whose timeline currently looks like:

@mastodon_user_matching@2.distsn.org spam

It turns out this whole instance is screaming with spam red flags:

  • It doesn’t verify email addresses1,
  • The site that the spambot is advertising, MastodonUserMatching.tk, is a redirect to vinayaka.distsn.org (which is on the same domain as the Mastodon instance2), and
  • The bot’s source has the same name (“vinayaka”) as the subdomain it’s spamming ads for.

I conclude that this instance is specifically deployed to allow and assist spamming, and as such, I’m suspending the 2.distsn.org domain effective immediately.

When good people disagree

I kind of fell into a heated argument between well-intentioned people. While I actively do not want to become involved in every disagreement in the fediverse, enough people ended up participating that I wanted to offer my outsider’s take on events.

What happened

A new user, Pat, joined Free Radical a few days ago. They were active on birdsite but had heard about our growing community and wanted to check it out. I had a few chats with Pat about what makes the two networks different, and they were eager to get started exploring.

Mastodon makes the internet feel like home again | The Outline

Mastodon makes the internet feel like home again, by @srol@mellified.men

Having been on the service for nine months myself, I can confirm Mastodon is not a replacement for Twitter. It’s much better. It is the first place on the internet where I have felt comfortable in a long time.

S3 URLs have changed; update your Content-Security-Policy

I’m serving Free Radical’s images etc. from S3. When I updated to Mastodon v2.1.0, I noticed that all the page’s images were missing. Safari’s Show JavaScript Console menu revealed a lot of errors like:

[Error] Refused to load https://s3-us-west-2.amazonaws.com/freeradical-system/accounts/avatars/000/014/309/static/91f9782fad3f6284.png because it does not appear in the img-src directive of the Content Security Policy.

Turns out that some time between the releases of v2.0.0 and v2.1.0, the Mastodon switched from generating S3 URLs like:

Upgraded to v2.1.0

Free Radical is now on Mastodon v2.1.0.

Our harassment policy

The Free Radical policy on harassment is pretty simple: I will not allow anyone – local or federated – to let a guest feel unsafe. This is my living room and no one can come here and harass my friends.

My general guideline is to take the minimum action necessary to address a problem. If a guest can themselves silence an annoying person and that fixes it, awesome. If the problem escalates and requires dropping the banhammer on a whole instance, then so be it.

Thoughts on logo commission

I want to have a cool logo but I can’t really justify paying to commission one to my family. Conversely, I’m not going to ask an artist to work for free, because I value their work and don’t want to imply that I don’t. So, how I can I reconcile these seemingly incompatible requirements? I’m not sure, but I’ve been tossing this around:

  • One or more artists submit rough drafts of their ideas,
  • I select one that resonates with me and help the artist develop it,
  • That artist gives me exclusive rights to the design so that there aren’t 43 instances with “my” branding, but
  • The artist keeps all merchandising rights, and I help them advertise stickers, t-shirts, etc.

Releastically, that probably wouldn’t generate a lot of revenue (although I’d certainly buy some stuff for myself). However, the artist would get 100% of all income from it. If I’m the only one who buys a t-shirt, it’s not that great a deal for them. If I help them sell a hundred shirts or somehow become Internet famous, that could be a nice chunk of change, of which my cut would be $0.00.