Massive npm supply chain attack

This did not hit Exquisite.social nor Exquisite.tube - but instance owners should definitely check if they upgraded their instance in september! 🚨

#MastoAdmin #PeertubeAdmin

HEY LOCALS!

Are you in any a.gup.pe groups?

Because you aren't anymore. The domain got snatched BEFORE expiration, surprising everyone.

(DO NOT USE .PE DOMAINS, they ALLOW this. It's insane.)

Here are more details:

https://social.growyourown.services/@FediTips/115164282623836102

You should find your people and set up a replacement group. People who know are suggesting:

https://about.fedigroups.social/home

...as one possible replacement, but there are others as well.

Also, see announcements for our limit and suspend schedule, I'm not waiting for the buyer to set up a better spam engine, because they will.

#MastoAdmin #FediAdmin #groups #aguppe #OhNo #HeyLocals

If you are a #MastoAdmin, you may want to purge a.gup.pe from your server.

In Mastodon, go into administration > Moderation > Federation > Add new domain block. Create one for the domain name "gup.pe" (subdomains are included) with "suspend" severity. Once added, go into the details for the newly added block and you'll find the "Purge" button right at the bottom of the page.

@FediTips

Question for Mastodon Admins/moderators:
If someone has unconventionally reported a large number of accounts, by simply providing their Mastodon handles via a textual DM, rather than using the usual report function within the web interface, and I search these remote accounts from the accounts page of the moderation section, every search comes up with "nothing here". I then cannot take any further action on the search, as my instance is not seeing any accounts to take action on. Is there something else I can/should be doing to be able to suspend these accounts?
Thanks everyone.
#MastoAdmin #FediBlock

🚀 Running a Mastodon instance? Keeping it healthy can be a hassle — but this can help!

Check out:
https://github.com/johndotpub/mastodon-maintenance/

- Clean up inactive/non-existent accounts
- Remove old/orphaned media files
- Export, purge, and audit blocks
- Rebuild feeds for optimal performance

Save time and prevent headaches. Contributions, feedback, and ideas are welcome — let’s make self-hosting Mastodon more reliable for everyone in the Fediverse ✨

#Admin #Fediverse #Mastodon #MastoAdmin #Selfhosting

Buenas noches pues es de noche aquí en esta tierra #salvadoreña , #info #viral #toot #actualidad #fediverse #fediverso #mastodon para #tooters muy inteligentes ⬇️ #mastoadmin

I'm curious about something while upgrading #glitchsoc

I keep getting this, or similar, during every upgrade. I've gone through the depends lists and tried to resolve this, but for some reason, these warnings will not clear.

What am I missing?

#mastoadmin #mastodon #selfhosting

➤ YN0000: · Yarn 4.9.4
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed in 1s 543ms
➤ YN0000: ┌ Post-resolution validation
➤ YN0060: │ react is listed by your project with version 18.3.1 (p68bdc1), which doesn't satisfy what emoji-mart-lazyload and other dependencies request (but they have non-overlapping ranges!).
➤ YN0060: │ react-dom is listed by your project with version 18.3.1 (p9d1adc), which doesn't satisfy what react-router-scroll-4 and other dependencies request (but they have non-overlapping ranges!).
➤ YN0060: │ react-router-dom is listed by your project with version 5.3.4 (p7a2e69), which doesn't satisfy what react-router-scroll-4 requests (^4.0.0).
➤ YN0002: │ @mastodon/mastodon@workspace:. doesn't provide postcss (pfe5f4d), requested by postcss-preset-env and other dependencies.
➤ YN0002: │ @mastodon/mastodon@workspace:. doesn't provide redux (p7bebfc), requested by react-redux-loading-bar and other dependencies.
➤ YN0002: │ @mastodon/mastodon@workspace:. doesn't provide rollup (p04c650), requested by @optimize-lodash/rollup-plugin and other dependencies.
➤ YN0002: │ @mastodon/mastodon@workspace:. doesn't provide terser (pf7324a), requested by @vitejs/plugin-legacy and other dependencies.
➤ YN0002: │ @mastodon/streaming@workspace:streaming doesn't provide eslint (p627553), requested by typescript-eslint.
➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0013: │ 2 packages were added to the project (+ 2.27 MiB).
➤ YN0000: └ Completed in 58s 943ms
➤ YN0000: ┌ Link step
➤ YN0008: │ core-js@npm:3.45.1 must be rebuilt because its dependency tree changed
➤ YN0008: │ msw@npm:2.10.5 [15ffb] must be rebuilt because its dependency tree changed
➤ YN0008: │ tesseract.js@npm:6.0.1 must be rebuilt because its dependency tree changed
➤ YN0008: │ core-js@npm:2.6.12 must be rebuilt because its dependency tree changed
➤ YN0008: │ esbuild@npm:0.25.9 must be rebuilt because its dependency tree changed
➤ YN0008: │ @parcel/watcher@npm:2.5.1 must be rebuilt because its dependency tree changed
➤ YN0008: │ unrs-resolver@npm:1.11.1 must be rebuilt because its dependency tree changed
➤ YN0008: │ bufferutil@npm:4.0.9 must be rebuilt because its dependency tree changed
➤ YN0008: │ utf-8-validate@npm:6.0.5 must be rebuilt because its dependency tree changed
➤ YN0008: │ @mastodon/mastodon@workspace:. must be rebuilt because its dependency tree changed
➤ YN0000: └ Completed in 27s 507ms
➤ YN0000: · Done with warnings in 1m 29s

Mantendo o banco de dados sempre em ótimo estado
@fediadminbr@lemmy.eco.br

Esses são comandos que executo semanalmente para manter o banco de dados tinindo:

```
# vacuumdb -v -z -j 4 -P 4 -d mastodon_production

# pg_repack --no-kill-backend -j 4 -d mastodon_production
```

O `vacuumdb` vai limpar o banco de dados e gerar estatísticas internas usadas pelo PostgreSQL para otimizar consultas.

Já o `pg_repack` permite remover o excesso de dados (bloat) e restaurar a ordem das tabelas e índices.

Isso ajuda a manter a instância rápida e bem azeitada, já que o banco de dados está bem azeitado também.

```
-j define o número de trabalhos, eu uso o mesmo número de CPUs.
-P define os workers paralelos.
```

Documentação:
- pg_repack: https://reorg.github.io/pg_repack/
- vacuumdb: https://www.postgresql.org/docs/current/app-vacuumdb.html

cc @fediadminbr@a.gup.pe

#FediAdminBR #MastoAdmin

Weird behaviour in mastodon web client (v4.4.3) that I've noticed happening fairly often:

When I turn my laptop on in the morning and fire up the browser, I see my last post sitting in the compose box. This is not a draft, it's something that's already been sent and replied to.

Bug?

#mastodon #MastoAdmin

Ω🪬Ω
#FediAlgo v1.1.19 is deployed. Minor bugfixes and improvements to the customizable timeline algorithm / filtering system for your Mastodon feed.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Alt...

screenshot of fedialgo demo app