Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• 2022-11-12

Hack call: 14:00 UTC

• Solution for 'Restrict console logins' (sunil)
  • Currently this feature is recommended, and enabled by default.
    • Prevents some users from login through SSH or console.
    • Login could be used to bypass Apache authentication / authorization.
    • PAM module is not widely used, not considered by other packages.
    • Causes issues with ejabberd setup, GUI login.
  • Solution using nftables
    • Mark outgoing packets.
    • Incoming packets are also marked.
    • Unmarked packets are blocked.
    • We can remove 'Restrict console logins' feature.
    • Services using UNIX sockets are already protected.
    • SSH server change to restrict who can login.

• Fixing issue with libpam-tmpdir with MariaDB for Zoph and WordPress (sunil)

  • Security measure to isolate temp files per user
  • Reported issue to upstream

  • May have to drop libpam-tmpdir from FreedomBox until problem is resolved.

  • systemd-tmpfiles protection is better than libpam-tmpdir.
• Aptsources822 augeas lens (jvalleroy)
  • Multi-line entries like Description
• tt-rss removed from testing

  • https://blends.debian.org/fbx/qa/all.html

• Build server is not set up yet (Joseph)
  • Desktop moved to another building.
  • Down until Nov 18.
• Kiwix app rewrite (Joseph)
  • Able to install, set up, enable, disable and uninstall
  • Content package management is pending
• dovecot fail2ban jail(Benedek)
  • Increase maximum retries to 20 or higher
    • 5 tries for Thunderbird user to login

• #2114 may be closed https://salsa.debian.org/freedombox-team/freedombox/-/issues/2114 (Fred)

• Mastodon
  • 1M new users in last week, 1000 new instances

    • https://mastodon.social/@Gargron/109330358838921654

  • People running it on Raspberry Pi 4

    • https://www.raspberrypi.com/news/an-escape-pod-was-jettisoned-during-the-fighting/

    • https://social.mythic-beasts.com/@beasts/109325885449394211

    • https://social.mythic-beasts.com/@beasts/109325844364238020

  • Mastodon is very inefficient
    • Processes each toot on separate Sidekiq job

    • https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

  • Mastodon RFP #859741 but that seems stuck in Ruby dependency hell right now

    • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859741

  • Compatible alternatives:
    • pleroma (Elixir)
    • epicyon
    • gotosocial
    • #1023749 snac2 RFP

      • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023749

    • Nextcloud Social

  • Wordpress ActivityPub plugin

    • https://salsa.debian.org/freedombox-team/freedombox/-/issues/2257

    • Document how to install