Epic Worlds

fediverse

A Quiet Place on the Fediverse

tags: #infosec #fediverse

It would be an understatement to say that the recent U.S. #elections didn’t exactly go smoothly, and it’s left a lot of people feeling uneasy about the next few years. Whether it’s the chaos of the results or the ongoing fallout, many are already looking for safer spaces to weather the storm. For those of us on the #fediverse, the pressure’s on to find places where we can just exist without the constant noise and toxicity that’s been so hard to avoid. As things continue to unfold, it’s likely we’ll see more people flocking to smaller, tighter-knit communities—places where moderation is strong, and the focus is on creating a space for real conversation, away from the chaos of the wider internet.

The ION Network

Right now, social media networks like #Mastodon rely on an open federation model, where servers can connect with just about anyone, and that creates some serious moderation challenges. Harmful users or groups can easily slip through the cracks by joining open-registration servers, and even if you block them, they can just pop up again on a different server. The idea behind this proposal is to switch things up with an allowlist-only system, where servers only federate with others they’ve specifically approved. This way, we create smaller, more manageable communities that are easier to keep safe and moderate. It’s all about limiting federation to trusted servers, making the whole network a lot more secure.

In this system, servers would need to mutually agree to connect, which means the network is built on trust. There’d be a published allowlist to show which servers are part of the network, and new servers could join after a provisional period. Sure, it’s still a work in progress and comes with some challenges—like how to keep the allowlist updated and how to make sure it scales—but the idea is really about giving users a safer, more controlled space. With smaller, curated communities, moderation could be more proactive, and users would have a better sense of security knowing they’re not likely to run into abusive or harmful content.

Oliphant does a good explanation with his blog on the subject

Places to Sign up as a User

If you are a user that is looking for a place to sign up for the ION network, there are already a few choices made available. There are some instances that are open to sign ups here:

Places to Join as an Instance

If you own an instance or are looking to setup an instance yourself, you can find the instructions to do so at the repo setup to help!

It is important to have tools like this available especially with the direction this might go.

Tags: #uspol #politics

Even when I wrote the title for this post, I could feel how much that the sentence failed to capture the feeling everyone who wasn't a fascist was feeling. The 2024 #election did not go the direction that a lot of people thought. I mean, look at how much the #gop was fighting to change laws, to purge voter rolls, and all the other nefarious plans to steal the election. They thought they were going to lose as much as the #Democrats thought they were going to win. Everyone was caught off guard.

Since then, I have watched the hastags on the #fediverse, followed some of the content of YouTubers that I trust and caught up on a lot of the talk on corpo social media. There is a few things I found that surprised me.

Everyone is Standing Together

I think the thing that surprised me the most is that across the internet among the communities I follow, there have been an outpouring of support for the vulnerable groups that are going to be targeted by thew new regime coming in. Support links, advice, mentions of communities they can hide in. I did not see anything like this in the 2016 election.

I'm confident it is because we know what we're getting into but instead of just fury, there is also the helping of one another. That brought me to tears more than the loss of the election.

In a country that I had thought had lost this, I was happy to see that I was wrong. I'm doing better today because of the kindness and camaraderie that I have seen.

All is Not Lost

I know I say this and it has been only three days since the election loss. But I think it is something that needs to be said. We all had a lot of hope that the healing that President Biden had been bringing to this country after the damage Trump inflicted would continue under Vice President Harris. No, she was not the best choice but she was the only choice we had in time and I think the best chance of trying to win. She ran a good campaign and I'm proud of have had a sign for her and voted for her.

The reason I say there is hope in these coming times is because of the following things:

  • Even if the GOP have a trifecta (control of the House, Senate, and White House), the cowardly Republicans are going to still play it safe when it comes to their own seats. They are still at the whim of their voters and things like Project 2025 have been detested by Americans on both sides of the line. I'm thinking that they may start small to see how much they can get away with and we have the ACLU to fight them tooth and claw. (The ACLU is always looking for donations to help the good fight).
  • We only have to wait two years before we can vote again to remove the assholes from power. The House of Representatives come up once every two years and if you remember, the Trump Economy and situation was so bad, that the GOP lost so many seats. Also in the 2026 mid terms, not only are the 435 House seats not back open, 35 Senate seats will also and more than half of them held by Republicans.
  • You are still here. I don't want this to sound hokey but you are still here. We were beaten, we are angry and disgusted at what our fellow citizens chose. But we are still here to fight for the rights of people to be safe, to be themselves, and for women to have full autonomy of their bodies. Right now there is nothing we can do but the time is coming to fight back again.

It will be dark Before it Becomes light

I won't lie to you or ramp my optimism up to 1000%. What is coming is dark and we are about to go through some bad times again. Unlike 2016, we know how bad of a leader Trump and his sycophants are but this time, we're dealing with someone who looks as if they are in the throes of dementia, who cares nothing for anyone but himself, and ready to appoint Nazis to positions of power.

Don't give up! We have been lucky that many of the fascists in Trump's circle are stupid. I mean, they wrote their entire plan out in a manifesto and published it for the world to see. They gave us the blueprint on how to block them.

But even stupid fascists are dangerous. We will need to keep putting pressure on our representatives and senators to make sure they don't stray (or give into their worst impulses if you live in a red state) and continue to point out that we are up against actual Nazis and that we will not accept a Christo-fascist theocracy. I believe in separation of Church and State and it is our right to speak, believe, and live the way we want to.

Hang in there! We'll get through this together.

A Quiet Place on the Fediverse

tags: #infosec #fediverse

It would be an understatement to say that the recent U.S. #elections didn’t exactly go smoothly, and it’s left a lot of people feeling uneasy about the next few years. Whether it’s the chaos of the results or the ongoing fallout, many are already looking for safer spaces to weather the storm. For those of us on the #fediverse, the pressure’s on to find places where we can just exist without the constant noise and toxicity that’s been so hard to avoid. As things continue to unfold, it’s likely we’ll see more people flocking to smaller, tighter-knit communities—places where moderation is strong, and the focus is on creating a space for real conversation, away from the chaos of the wider internet.

The ION Network

Right now, social media networks like #Mastodon rely on an open federation model, where servers can connect with just about anyone, and that creates some serious moderation challenges. Harmful users or groups can easily slip through the cracks by joining open-registration servers, and even if you block them, they can just pop up again on a different server. The idea behind this proposal is to switch things up with an allowlist-only system, where servers only federate with others they’ve specifically approved. This way, we create smaller, more manageable communities that are easier to keep safe and moderate. It’s all about limiting federation to trusted servers, making the whole network a lot more secure.

In this system, servers would need to mutually agree to connect, which means the network is built on trust. There’d be a published allowlist to show which servers are part of the network, and new servers could join after a provisional period. Sure, it’s still a work in progress and comes with some challenges—like how to keep the allowlist updated and how to make sure it scales—but the idea is really about giving users a safer, more controlled space. With smaller, curated communities, moderation could be more proactive, and users would have a better sense of security knowing they’re not likely to run into abusive or harmful content.

Oliphant does a good explanation with his blog on the subject

Places to Sign up as a User

If you are a user that is looking for a place to sign up for the ION network, there are already a few choices made available. There are some instances that are open to sign ups here:

Places to Join as an Instance

If you own an instance or are looking to setup an instance yourself, you can find the instructions to do so at the repo setup to help!

It is important to have tools like this available especially with the direction this might go.

Tags: #uspol #politics

Even when I wrote the title for this post, I could feel how much that the sentence failed to capture the feeling everyone who wasn't a fascist was feeling. The 2024 #election did not go the direction that a lot of people thought. I mean, look at how much the #gop was fighting to change laws, to purge voter rolls, and all the other nefarious plans to steal the election. They thought they were going to lose as much as the #Democrats thought they were going to win. Everyone was caught off guard.

Since then, I have watched the hastags on the #fediverse, followed some of the content of YouTubers that I trust and caught up on a lot of the talk on corpo social media. There is a few things I found that surprised me.

Everyone is Standing Together

I think the thing that surprised me the most is that across the internet among the communities I follow, there have been an outpouring of support for the vulnerable groups that are going to be targeted by thew new regime coming in. Support links, advice, mentions of communities they can hide in. I did not see anything like this in the 2016 election.

I'm confident it is because we know what we're getting into but instead of just fury, there is also the helping of one another. That brought me to tears more than the loss of the election.

In a country that I had thought had lost this, I was happy to see that I was wrong. I'm doing better today because of the kindness and camaraderie that I have seen.

All is Not Lost

I know I say this and it has been only three days since the election loss. But I think it is something that needs to be said. We all had a lot of hope that the healing that President Biden had been bringing to this country after the damage Trump inflicted would continue under Vice President Harris. No, she was not the best choice but she was the only choice we had in time and I think the best chance of trying to win. She ran a good campaign and I'm proud of have had a sign for her and voted for her.

The reason I say there is hope in these coming times is because of the following things:

  • Even if the GOP have a trifecta (control of the House, Senate, and White House), the cowardly Republicans are going to still play it safe when it comes to their own seats. They are still at the whim of their voters and things like Project 2025 have been detested by Americans on both sides of the line. I'm thinking that they may start small to see how much they can get away with and we have the ACLU to fight them tooth and claw. (The ACLU is always looking for donations to help the good fight).
  • We only have to wait two years before we can vote again to remove the assholes from power. The House of Representatives come up once every two years and if you remember, the Trump Economy and situation was so bad, that the GOP lost so many seats. Also in the 2026 mid terms, not only are the 435 House seats not back open, 35 Senate seats will also and more than half of them held by Republicans.
  • You are still here. I don't want this to sound hokey but you are still here. We were beaten, we are angry and disgusted at what our fellow citizens chose. But we are still here to fight for the rights of people to be safe, to be themselves, and for women to have full autonomy of their bodies. Right now there is nothing we can do but the time is coming to fight back again.

It will be dark Before it Becomes light

I won't lie to you or ramp my optimism up to 1000%. What is coming is dark and we are about to go through some bad times again. Unlike 2016, we know how bad of a leader Trump and his sycophants are but this time, we're dealing with someone who looks as if they are in the throes of dementia, who cares nothing for anyone but himself, and ready to appoint Nazis to positions of power.

Don't give up! We have been lucky that many of the fascists in Trump's circle are stupid. I mean, they wrote their entire plan out in a manifesto and published it for the world to see. They gave us the blueprint on how to block them.

But even stupid fascists are dangerous. We will need to keep putting pressure on our representatives and senators to make sure they don't stray (or give into their worst impulses if you live in a red state) and continue to point out that we are up against actual Nazis and that we will not accept a Christo-fascist theocracy. I believe in separation of Church and State and it is our right to speak, believe, and live the way we want to.

Hang in there! We'll get through this together.

Discuss...

Finally, I got my #infosec #blog up and running again. It has been so long since I accidentally took it down by messing up the A records but that’s a story for another post. I wanted to write up tips and tricks of things that I ran into while attempting to install my own #peertube #instance that was not explained well in the documentation available on the main website.

To be clear, this isn’t any sort of knocking the people who make it, it’s just not mentioned and I don’t know if that’s because for people used to this stuff it’s common knowledge or it just hasn’t been updated. Here we go!

Before we begin, a few points about what I’m going to talk about. This is not going to be a full installation tutorial but a supplement to go along with the official documentation. This also assumes that the setup you are using is having one internet-facing server that is directing traffic upstream to other machines on the network so that they are not exposed.

The server this is written for is Ubuntu 22.04 and I am using the Nginx that comes with the apt-get command. At the time of this writing, it’s Nginx 1.18.1.

Issue #1 – Default NodeJS Version Is Not High Enough

The first part of the tutorial provided by PeerTube points you to the dependencies that you will need to initially install. Do not just use the copy-paste they have to install the default. The .deb files that are available are not the right version that it needs.

When I ran sudo apt-get install nodejs, the server installed version 12.x. You need at least 16.x to install. When you go manually install NodeJS yourself so that you can run Yarn, do not install the latest version 20.x. It is NOT compatible with Yarn when you get to the install process later. I installed the latest version to be up-to-date, and the Yarn prompt in terminal stated that it was expecting between 16.x to 19.x. I had to re-do my key ring and install 19.x to work.

Issue #2 – Created PeerTube User Not Set with Correct Permissions

The dependencies portion of the installation will create the user and group that you need but will not provide the correct permissions (chmod) on the folder. One time when I was running it, it didn’t give the folder to the group. It wants the folder to be drwxr-xr-x. You will not only need to set that yourself, but I recommend chown-ing the folder to the peertube user just to be safe. If you do not, it’ll throw errors later about not owning everything and could mess up your entire install (which happened to me the first time around).

Run the command:

sudo chmod 755 /var/www/peertube
sudo chown peertube:peertube /var/www/peertube

That way, you can be absolutely sure nothing is going to get messed up with the install. Proceed from that point with the rest of the install.

Issue #3 – Prepping the production.yaml Correctly for Reverse Proxy

When you get to the point where you are to edit the production.yaml file, there are a few steps you need to take to make sure it is ready for setup and the reverse proxy.

To understand what I have set up, we’re going to assume we have two servers: one named 192.168.1.1, which is our internet-facing machine, and 192.168.1.2, which is the machine hosting the PeerTube instance. You are going to want 192.168.1.1 to be able to send all the traffic to the other machine.

Setting Up for Reverse Proxy

You will want to make sure the following is in the webserver portion of the YAML file.

webserver:
  https: true
  hostname: 'yourpeertube.instance'
  port: 443

Though with many programs you can run behind a reverse proxy, the upstream machine doesn’t have to be on 443 as the SSL and security work is being handled on the machine taking the traffic. In the case of PeerTube, you must hand the traffic from 443 to 443 and have https set to true even though you do not have any certificates on the upstream location.

If you do not do this, you will get streaming errors with your HLS.js in the PeerTube log. They will look like:

HLS.js error: networkError - fatal: true - manifestLoadError

The other symptom is that your video will play in the browser you uploaded it to but not on any other machine or browser.

In the trust proxy: section, you want to add the line - '192.168.1.1' right under - 'loopback'. Pay attention to formatting as YAML needs the proper indentation.

The last part is to go to database: and make sure the correct password for your database you set up earlier is actually there. In my last three installation attempts, the instructions did not properly set the password. You can enter it manually.

Issue #4 – Proper Reverse Proxy with Nginx

This really isn’t an issue but more to save you time figuring out what needs to be proxy_pass to the upstream machine.

Upstream Machine

On the machine hosting, strip out all the SSL certificate markers and everything, but leave it listening to 443. (This includes the SSL and http2 after the port listening entry.)

It should look something like this:

server {
  listen 443;
  listen [::]:443;
  server_name yourpeertube.instance;
  # ... THE REST OF THE CONFIGURATION.
}

Do not worry about the SSL part. As a reminder, it’s going to be handled by the internet-facing machine. We are presently setting up the hosting machine.

Setting Up Internet-Facing Machine

This is a full example of the reverse proxy that has helped my server function. Please make sure to add your information where it says yourpeertube.instance.

server {
  if ($host = yourpeertube.instance) {
    return 301 https://$host$request_uri;
  }

  listen 80;
  listen [::]:80;
  server_name yourpeertube.instance;
  return 404;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name yourpeertube.instance;

  add_header Access-Control-Allow-Origin "*";
  add_header Access-Control-Allow-Methods "*";

  ssl_certificate     /etc/letsencrypt/live/yourpeertube.instance/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/yourpeertube.instance/privkey.pem;

  location ~/ {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://192.168.4.2:443; # Make sure to change this to your actual internal IP
    client_max_body_size 0;
  }
}

Ending

There you have it. After I got this all setup, I was able to communicate with my server, upload videos, and the #fediverse portion worked to perfection. If you have any questions, you can reach out to me at my social media.

Finally, I got my #infosec #blog up and running again. It has been so long since I accidentally took it down by messing up the A records but that’s a story for another post. I wanted to write up tips and tricks of things that I ran into while attempting to install my own #peertube #instance that was not explained well in the documentation available on the main website.

To be clear, this isn’t any sort of knocking the people who make it, it’s just not mentioned and I don’t know if that’s because for people used to this stuff it’s common knowledge or it just hasn’t been updated. Here we go!

Before we begin, a few points about what I’m going to talk about. This is not going to be a full installation tutorial but a supplement to go along with the official documentation. This also assumes that the setup you are using is having one internet-facing server that is directing traffic upstream to other machines on the network so that they are not exposed.

The server this is written for is Ubuntu 22.04 and I am using the Nginx that comes with the apt-get command. At the time of this writing, it’s Nginx 1.18.1.

Issue #1 – Default NodeJS Version Is Not High Enough

The first part of the tutorial provided by PeerTube points you to the dependencies that you will need to initially install. Do not just use the copy-paste they have to install the default. The .deb files that are available are not the right version that it needs.

When I ran sudo apt-get install nodejs, the server installed version 12.x. You need at least 16.x to install. When you go manually install NodeJS yourself so that you can run Yarn, do not install the latest version 20.x. It is NOT compatible with Yarn when you get to the install process later. I installed the latest version to be up-to-date, and the Yarn prompt in terminal stated that it was expecting between 16.x to 19.x. I had to re-do my key ring and install 19.x to work.

Issue #2 – Created PeerTube User Not Set with Correct Permissions

The dependencies portion of the installation will create the user and group that you need but will not provide the correct permissions (chmod) on the folder. One time when I was running it, it didn’t give the folder to the group. It wants the folder to be drwxr-xr-x. You will not only need to set that yourself, but I recommend chown-ing the folder to the peertube user just to be safe. If you do not, it’ll throw errors later about not owning everything and could mess up your entire install (which happened to me the first time around).

Run the command:

sudo chmod 755 /var/www/peertube
sudo chown peertube:peertube /var/www/peertube

That way, you can be absolutely sure nothing is going to get messed up with the install. Proceed from that point with the rest of the install.

Issue #3 – Prepping the production.yaml Correctly for Reverse Proxy

When you get to the point where you are to edit the production.yaml file, there are a few steps you need to take to make sure it is ready for setup and the reverse proxy.

To understand what I have set up, we’re going to assume we have two servers: one named 192.168.1.1, which is our internet-facing machine, and 192.168.1.2, which is the machine hosting the PeerTube instance. You are going to want 192.168.1.1 to be able to send all the traffic to the other machine.

Setting Up for Reverse Proxy

You will want to make sure the following is in the webserver portion of the YAML file.

webserver:
  https: true
  hostname: 'yourpeertube.instance'
  port: 443

Though with many programs you can run behind a reverse proxy, the upstream machine doesn’t have to be on 443 as the SSL and security work is being handled on the machine taking the traffic. In the case of PeerTube, you must hand the traffic from 443 to 443 and have https set to true even though you do not have any certificates on the upstream location.

If you do not do this, you will get streaming errors with your HLS.js in the PeerTube log. They will look like:

HLS.js error: networkError - fatal: true - manifestLoadError

The other symptom is that your video will play in the browser you uploaded it to but not on any other machine or browser.

In the trust proxy: section, you want to add the line - '192.168.1.1' right under - 'loopback'. Pay attention to formatting as YAML needs the proper indentation.

The last part is to go to database: and make sure the correct password for your database you set up earlier is actually there. In my last three installation attempts, the instructions did not properly set the password. You can enter it manually.

Issue #4 – Proper Reverse Proxy with Nginx

This really isn’t an issue but more to save you time figuring out what needs to be proxy_pass to the upstream machine.

Upstream Machine

On the machine hosting, strip out all the SSL certificate markers and everything, but leave it listening to 443. (This includes the SSL and http2 after the port listening entry.)

It should look something like this:

server {
  listen 443;
  listen [::]:443;
  server_name yourpeertube.instance;
  # ... THE REST OF THE CONFIGURATION.
}

Do not worry about the SSL part. As a reminder, it’s going to be handled by the internet-facing machine. We are presently setting up the hosting machine.

Setting Up Internet-Facing Machine

This is a full example of the reverse proxy that has helped my server function. Please make sure to add your information where it says yourpeertube.instance.

server {
  if ($host = yourpeertube.instance) {
    return 301 https://$host$request_uri;
  }

  listen 80;
  listen [::]:80;
  server_name yourpeertube.instance;
  return 404;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name yourpeertube.instance;

  add_header Access-Control-Allow-Origin "*";
  add_header Access-Control-Allow-Methods "*";

  ssl_certificate     /etc/letsencrypt/live/yourpeertube.instance/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/yourpeertube.instance/privkey.pem;

  location ~/ {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://192.168.4.2:443; # Make sure to change this to your actual internal IP
    client_max_body_size 0;
  }
}

Ending

There you have it. After I got this all setup, I was able to communicate with my server, upload videos, and the #fediverse portion worked to perfection. If you have any questions, you can reach out to me at my social media.