"Security" category
Meta
6
Posts
3
Posters
29
Views
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
@julian It would be great to have a collection of these that I could look through, to make sure I'm not making easily preventable mistakes myself.
Of course, potential bad guys would be able to look through it too...
-
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
thisismissem@hachyderm.io how so? In the sense that discussed vulnerabilities might be exploitable cross-implementation?
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
thisismissem@hachyderm.io hmm that's fair. I don't think it precludes interested parties from having these discussions though.
I'm not sure what the right solution is.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
31 January 2026
Added categories for FediCon and FediMTL (listening to those hashtags as well)
-
30 January 2026
Added a new subsection for conferences and meetups, with a new category for FOSDEM Any topics tagged #fosdem, #fosdem26, and #socialwebfosdem and found by this forum or the FediBuzz relay will be automatically categorized there (the category will boost those topics) Additional categories for FediMTL (Montreal; @paige@masto.canadiancivil.com) and FediCon (Vancouver; @reiver@mastodon.social) to follow
-
26 January 2026
I will be out of the country until 2 February. Don't spam my forum kthxbai.
-
Can you guess when I turned Anubis back on?
Grey line (left-hand; y-axis) tracks page views Blue line (right-hand; y-axis) tracks unique users
You can even see the spike in traffic that brought down the site hard enough that I got my butt in gear to tune Anubis and turn it back on.
Based on the numbers here, there is a thirteen-fold decrease in activity (or a ~92% drop in traffic), all identified by Anubis as bots and blocked.
Selective adjustments were made to the nginx config and anubis bot policy to allow certain bits of traffic through (for unimpeded federation, etc.), but otherwise the site is now quite stable, on a small potato server. :potato:
Default bot policy does let search engine crawlers though (I think), so that is win-win.
Thank you so much @cadey@pony.social, my next stop is your GitHub Sponsors page.
-
16 January 2026
Re-enabled Anubis after adjusting some rules. After the last update 17 Nov, I actually disabled Anubis again because it was interfering with logins (perhaps this is a known issue? Anyhow, proxying POST requests directly to NodeBB fixed the issue)
-
17 November 2025
Re-enabled Anubis with a blanket rule that allows requests to /inbox; hopefully that should resolve any issues.
-
12 November 2025
Per report trwnh@mastodon.social about some content missing from mastodon.social, I have disabled anubis temporarily as it may have been inadvertently blocked by it.
-
7 November 2025
Enabled Anubis in response to AI scrapers overwhelming the server multiple times a dayPlease let me know if you experience any federation delays or other oddities!
