SavvyWolf

One thing that jumps out at me reading the readme is the fact that it has a built in email server. Email is hard to get right, and I’m surprised a relatively young(?) project is working on getting all the moving pieces together rather than declaring it out of scope.

It’ll be interesting to see how it develops.

For friends that I know, they can just ask me and I’ll give them a login secret. I don’t have the headspace to manage fedidrama.

The problem with tools like this is that they don’t actually check that the mail is sent correctly. You can define security keys, but they don’t mean anything if your mail server doesn’t use them correctly.

For testing, I use https://www.mail-tester.com/ which you send an email to and it does more thorough tests on the server and email itself.

Doesn’t that cause issues if a backdoor happened a few months ago and you should be updating to a recent fixed version?

I’m not sure if it’s treating “localhost” as a hostname or not, but does replacing it with 127.0.0.1 function as expected?

Is this an allegedly “high performance” reverse proxy written in NodeJS? Uh… Yeah, good luck with that.

Also, how do they intend to protect against DDos attacks in a self-hosted environment with (presumably) a limited number of devices?

So what do we call these? Cordslop?

My main desktop is Mint - I feel like most of the random pieces of software I find myself wanting to run are built for Ubuntu or at the very least a lfh distro.

My server and random devices run NixOS, and I’m acrually considering combining all the config into a monorepo…

My Raspberry PI I think runs Raspbian though. I should see if I can nixify it.

Tweaking my various Nix configs feels good and satisfying.

… When it works, that is.

For the lazy:

• Nextcloud
• Jellyfin
• Immich
• Vaultwarden / Bitwarden
• Uptime Kuma
• AdGuard Home
• Homepage
• Monica
• changedetection.io

Seems a decent selection.

I don’t think those are sufficient. We could prove that a given binary can be produced from a given repo commit, but that doesn’t actually ensure that the code itself is safe. Malicious code is malicious code even if it’s reproducible.

https://github.com/Sharkord/sharkord/issues/86 This one seems pretty bad.

Why would one use this rather than just using something like Matrix or self-hosted Stoat? I’m not sure what it being “Discord compatible” really gets this project. Bot compatibility is nice, but aren’t most Discord bots closed source anyway?

I’ve been using Hetzner boxes for my backups, although I did need to send them a copy of my id, which may or may not fit the paranoia thing.

Of course, encryption is always worth it.

In before this is a big elaborate ad for NordVPN.

(VPNs and tor allow you to mask your IP)

Why not post here when everything is all ready? Fragmenting your big marketing push is just going to hurt you.

Honest comment: Bitsocial sounds an awful lot like Truth Social.

If that comparison is unintentional and not desired, maybe reconsider the name.

If that is intentional, we are probably not your target audience.

You can (and should) just use a password manager to generate and store ~64 byte keys which have roughly the same amount of security.

If you do a port scan on your box, what services are running? Maybe something like email or diagnostics is exposed to the internet and announcing subdomains?

to the extent Tor is secure

Tor doesn’t automatically secure your app. If your social media instance has 1000 users on it, and one user gets compromised, then the other 999 users shouldn’t have any interactions outside of that user leaked.

web crypto can be utilized for group and 1-1s for an additional layer of encryption

Are file uploads encrypted?

How would you ever discover a filename?

Maybe you have a data leak. Maybe they send the filename in plaintext somewhere. Maybe they take advantage of the fact that UUIDs might be deterministic. But if I may flip the question… Why does an inaccessible post even need to return 403 anyway? It just functions as a big footgun that may cause any other exploits to behave worse.

Even if you have the correct link, if those two conditions arnt satisfied you will not be able to view.

But you can determine its existence or not through the status code.

This was a design choice to have consistency in filetypes. What’s the downside? All browsers will support displaying a jpg.

Gifs will lose any animation, pngs will lose quality. Also, as far as I can tell, there’s nothing stopping a malicious user uploading a non-image file.

Which part are you talking about?

There are two steps to making a post: Upload and store the image and add the post to the database. There’s also similar steps to deleting a post: Removing the image upload and removing the post from the database. Are both these operations atomic?

Everything except the login page, registration link will behind these two checks see (def login) where the @loginrequired logic is defined for each of the app routes.

It’s not that hard for a sufficiently motivated adversary to get an account on a sufficiently large instance. You need to ensure that one user account being compromised doesn’t result in information leakage from unrelated accounts.

This discussion stems from issues I found in just one function. You’re making a product which requires a very high level of security. You need to understand how to write secure code, and your LLM won’t be able to do it for you.

I don’t want to discourage you from programming in general, but making a very secure social media site is a rather complex undertaking for someone new to programming.